diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..7cb50f9 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,5 @@ +# Security + +If you discover a security vulnerability within PocketBase, please send an e-mail to **support at pocketbase.io**. + +All reports will be promptly addressed and you'll be credited in the fix release notes. diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..92db26a --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,56 @@ +name: basebuild + +on: + pull_request: + push: + +jobs: + goreleaser: + runs-on: ubuntu-latest + env: + flags: "" + steps: + # re-enable auto-snapshot from goreleaser-action@v3 + # (https://github.com/goreleaser/goreleaser-action-v4-auto-snapshot-example) + - if: ${{ !startsWith(github.ref, 'refs/tags/v') }} + run: echo "flags=--snapshot" >> $GITHUB_ENV + + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: 20.17.0 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '>=1.23.9' + + # This step usually is not needed because the /ui/dist is pregenerated locally + # but its here to ensure that each release embeds the latest admin ui artifacts. + # If the artificats differs, a "dirty error" is thrown - https://goreleaser.com/errors/dirty/ + - name: Build Admin dashboard UI + run: npm --prefix=./ui ci && npm --prefix=./ui run build + + # Temporary disable as the types can have random generated identifiers making it non-deterministic. + # + # # Similar to the above, the jsvm types are pregenerated locally + # # but its here to ensure that it wasn't forgotten to be executed. + # - name: Generate jsvm types + # run: go run ./plugins/jsvm/internal/types/types.go + + - name: Run tests + run: go test ./... + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v6 + with: + distribution: goreleaser + version: '~> v2' + args: release --clean ${{ env.flags }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9b99d92 --- /dev/null +++ b/.gitignore @@ -0,0 +1,20 @@ +/.vscode/ +.idea + +.DS_Store + +# goreleaser builds folder +/.builds/ + +# tests coverage +coverage.out + +# plaintask todo files +*.todo + +# generated markdown previews +README.html +CHANGELOG.html +CHANGELOG_16_22.html +CHANGELOG_8_15.html +LICENSE.html diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..4958bd9 --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,67 @@ +version: 2 + +project_name: pocketbase + +dist: .builds + +before: + hooks: + - go mod tidy + +builds: + - id: build_noncgo + main: ./examples/base + binary: pocketbase + ldflags: + - -s -w -X github.com/pocketbase/pocketbase.Version={{ .Version }} + env: + - CGO_ENABLED=0 + goos: + - linux + - windows + - darwin + goarch: + - amd64 + - arm64 + - arm + - s390x + - ppc64le + goarm: + - 7 + ignore: + - goos: windows + goarch: arm + - goos: windows + goarch: s390x + - goos: windows + goarch: ppc64le + - goos: darwin + goarch: arm + - goos: darwin + goarch: s390x + - goos: darwin + goarch: ppc64le + +release: + draft: true + +archives: + - id: archive_noncgo + builds: [build_noncgo] + format: zip + files: + - LICENSE.md + - CHANGELOG.md + +checksum: + name_template: 'checksums.txt' + +snapshot: + version_template: '{{ incpatch .Version }}-next' + +changelog: + sort: asc + filters: + exclude: + - '^examples:' + - '^ui:' diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..0210bf5 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,567 @@ +## v0.28.1 + +- Fixed `json_each`/`json_array_length` normalizations to properly check for array values ([#6835](https://github.com/pocketbase/pocketbase/issues/6835)). + + +## v0.28.0 + +- Write the default response body of `*Request` hooks that are wrapped in a transaction after the related transaction completes to allow propagating the transaction error ([#6462](https://github.com/pocketbase/pocketbase/discussions/6462#discussioncomment-12207818)). + +- Updated `app.DB()` to automatically routes raw write SQL statements to the nonconcurrent db pool ([#6689](https://github.com/pocketbase/pocketbase/discussions/6689)). + _For the rare cases when it is needed users still have the option to explicitly target the specific pool they want using `app.ConcurrentDB()`/`app.NonconcurrentDB()`._ + +- ⚠️ Changed the default `json` field max size to 1MB. + _Users still have the option to adjust the default limit from the collection field options but keep in mind that storing large strings/blobs in the database is known to cause performance issues and should be avoided when possible._ + +- ⚠️ Soft-deprecated and replaced `filesystem.System.GetFile(fileKey)` with `filesystem.System.GetReader(fileKey)` to avoid the confusion with `filesystem.File`. + _The old method will still continue to work for at least until v0.29.0 but you'll get a console warning to replace it with `GetReader`._ + +- Added new `filesystem.System.GetReuploadableFile(fileKey, preserveName)` method to return an existing blob as a `*filesystem.File` value ([#6792](https://github.com/pocketbase/pocketbase/discussions/6792)). + _This method could be useful in case you want to clone an existing Record file and assign it to a new Record (e.g. in a Record duplicate action)._ + +- Other minor improvements (updated the GitHub release min Go version to 1.23.9, updated npm and Go deps, etc.) + + +## v0.27.2 + +- Added workers pool when cascade deleting record files to minimize _"thread exhaustion"_ errors ([#6780](https://github.com/pocketbase/pocketbase/discussions/6780)). + +- Updated the `:excerpt` fields modifier to properly account for multibyte characters ([#6778](https://github.com/pocketbase/pocketbase/issues/6778)). + +- Use `rowid` as count column for non-view collections to minimize the need of having the id field in a covering index ([#6739](https://github.com/pocketbase/pocketbase/discussions/6739)) + + +## v0.27.1 + +- Updated example `geoPoint` API preview body data. + +- Added JSVM `new GeoPointField({ ... })` constructor. + +- Added _partial_ WebP thumbs generation (_the thumbs will be stored as PNG_; [#6744](https://github.com/pocketbase/pocketbase/pull/6744)). + +- Updated npm dev dependencies. + + +## v0.27.0 + +- ⚠️ Moved the Create and Manage API rule checks out of the `OnRecordCreateRequest` hook finalizer, **aka. now all CRUD API rules are checked BEFORE triggering their corresponding `*Request` hook**. + This was done to minimize the confusion regarding the firing order of the request operations, making it more predictable and consistent with the other record List/View/Update/Delete request actions. + It could be a minor breaking change if you are relying on the old behavior and have a Go `tests.ApiScenario` that is testing a Create API rule failure and expect `OnRecordCreateRequest` to be fired. In that case for example you may have to update your test scenario like: + ```go + tests.ApiScenario{ + Name: "Example test that checks a Create API rule failure" + Method: http.MethodPost, + URL: "/api/collections/example/records", + ... + // old: + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + }, + // new: + ExpectedEvents: map[string]int{"*": 0}, + } + ``` + If you are having difficulties adjusting your code, feel free to open a [Q&A discussion](https://github.com/pocketbase/pocketbase/discussions) with the failing/problematic code sample. + +- Added [new `geoPoint` field](https://pocketbase.io/docs/collections/#geopoint) for storing `{"lon":x,"lat":y}` geographic coordinates. + In addition, a new [`geoDistance(lonA, lotA, lonB, lotB)` function](htts://pocketbase.io/docs/api-rules-and-filters/#geodistancelona-lata-lonb-latb) was also implemented that could be used to apply an API rule or filter constraint based on the distance (in km) between 2 geo points. + +- Updated the `select` field UI to accommodate better larger lists and RTL languages ([#4674](https://github.com/pocketbase/pocketbase/issues/4674)). + +- Updated the mail attachments auto MIME type detection to use `gabriel-vasile/mimetype` for consistency and broader sniffing signatures support. + +- Forced `text/javascript` Content-Type when serving `.js`/`.mjs` collection uploaded files with the `/api/files/...` endpoint ([#6597](https://github.com/pocketbase/pocketbase/issues/6597)). + +- Added second optional JSVM `DateTime` constructor argument for specifying a default timezone as TZ identifier when parsing the date string as alternative to a fixed offset in order to better handle daylight saving time nuances ([#6688](https://github.com/pocketbase/pocketbase/discussions/6688)): + ```js + // the same as with CET offset: new DateTime("2025-10-26 03:00:00 +01:00") + new DateTime("2025-10-26 03:00:00", "Europe/Amsterdam") // 2025-10-26 02:00:00.000Z + + // the same as with CEST offset: new DateTime("2025-10-26 01:00:00 +02:00") + new DateTime("2025-10-26 01:00:00", "Europe/Amsterdam") // 2025-10-25 23:00:00.000Z + ``` + +- Soft-deprecated the `$http.send`'s `result.raw` field in favor of `result.body` that contains the response body as plain bytes slice to avoid the discrepancies between Go and the JSVM when casting binary data to string. + +- Updated `modernc.org/sqlite` to 1.37.0. + +- Other minor improvements (_removed the superuser fields from the auth record create/update body examples, allowed programmatically updating the auth record password from the create/update hooks, fixed collections import error response, etc._). + + +## v0.26.6 + +- Allow OIDC `email_verified` to be int or boolean string since some OIDC providers like AWS Cognito has non-standard userinfo response ([#6657](https://github.com/pocketbase/pocketbase/pull/6657)). + +- Updated `modernc.org/sqlite` to 1.36.3. + + +## v0.26.5 + +- Fixed canonical URI parts escaping when generating the S3 request signature ([#6654](https://github.com/pocketbase/pocketbase/issues/6654)). + + +## v0.26.4 + +- Fixed `RecordErrorEvent.Error` and `CollectionErrorEvent.Error` sync with `ModelErrorEvent.Error` ([#6639](https://github.com/pocketbase/pocketbase/issues/6639)). + +- Fixed logs details copy to clipboard action. + +- Updated `modernc.org/sqlite` to 1.36.2. + + +## v0.26.3 + +- Fixed and normalized logs error serialization across common types for more consistent logs error output ([#6631](https://github.com/pocketbase/pocketbase/issues/6631)). + + +## v0.26.2 + +- Updated `golang-jwt/jwt` dependency because it comes with a [minor security fix](https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp). + + +## v0.26.1 + +- Removed the wrapping of `io.EOF` error when reading files since currently `io.ReadAll` doesn't check for wrapped errors ([#6600](https://github.com/pocketbase/pocketbase/issues/6600)). + + +## v0.26.0 + +- ⚠️ Replaced `aws-sdk-go-v2` and `gocloud.dev/blob` with custom lighter implementation ([#6562](https://github.com/pocketbase/pocketbase/discussions/6562)). + As a side-effect of the dependency removal, the binary size has been reduced with ~10MB and builds ~30% faster. + _Although the change is expected to be backward-compatible, I'd recommend to test first locally the new version with your S3 provider (if you use S3 for files storage and backups)._ + +- ⚠️ Prioritized the user submitted non-empty `createData.email` (_it will be unverified_) when creating the PocketBase user during the first OAuth2 auth. + +- Load the request info context during password/OAuth2/OTP authentication ([#6402](https://github.com/pocketbase/pocketbase/issues/6402)). + This could be useful in case you want to target the auth method as part of the MFA and Auth API rules. + For example, to disable MFA for the OAuth2 auth could be expressed as `@request.context != "oauth2"` MFA rule. + +- Added `store.Store.SetFunc(key, func(old T) new T)` to set/update a store value with the return result of the callback in a concurrent safe manner. + +- Added `subscription.Message.WriteSSE(w, id)` for writing an SSE formatted message into the provided writer interface (_used mostly to assist with the unit testing_). + +- Added `$os.stat(file)` JSVM helper ([#6407](https://github.com/pocketbase/pocketbase/discussions/6407)). + +- Added log warning for `async` marked JSVM handlers and resolve when possible the returned `Promise` as fallback ([#6476](https://github.com/pocketbase/pocketbase/issues/6476)). + +- Allowed calling `cronAdd`, `cronRemove` from inside other JSVM handlers ([#6481](https://github.com/pocketbase/pocketbase/discussions/6481)). + +- Bumped the default request read and write timeouts to 5mins (_old 3mins_) to accommodate slower internet connections and larger file uploads/downloads. + _If you want to change them you can modify the `OnServe` hook's `ServeEvent.ReadTimeout/WriteTimeout` fields as shown in [#6550](https://github.com/pocketbase/pocketbase/discussions/6550#discussioncomment-12364515)._ + +- Normalized the `@request.auth.*` and `@request.body.*` back relations resolver to always return `null` when the relation field is pointing to a different collection ([#6590](https://github.com/pocketbase/pocketbase/discussions/6590#discussioncomment-12496581)). + +- Other minor improvements (_fixed query dev log nested parameters output, reintroduced `DynamicModel` object/array props reflect types caching, updated Go and npm deps, etc._) + + +## v0.25.9 + +- Fixed `DynamicModel` object/array props reflect type caching ([#6563](https://github.com/pocketbase/pocketbase/discussions/6563)). + + +## v0.25.8 + +- Added a default leeway of 5 minutes for the Apple/OIDC `id_token` timestamp claims check to account for clock-skew ([#6529](https://github.com/pocketbase/pocketbase/issues/6529)). + It can be further customized if needed with the `PB_ID_TOKEN_LEEWAY` env variable (_the value must be in seconds, e.g. "PB_ID_TOKEN_LEEWAY=60" for 1 minute_). + + +## v0.25.7 + +- Fixed `@request.body.jsonObjOrArr.*` values extraction ([#6493](https://github.com/pocketbase/pocketbase/discussions/6493)). + + +## v0.25.6 + +- Restore the missing `meta.isNew` field of the OAuth2 success response ([#6490](https://github.com/pocketbase/pocketbase/issues/6490)). + +- Updated npm dependencies. + + +## v0.25.5 + +- Set the current working directory as a default goja script path when executing inline JS strings to allow `require(m)` traversing parent `node_modules` directories. + +- Updated `modernc.org/sqlite` and `modernc.org/libc` dependencies. + + +## v0.25.4 + +- Downgraded `aws-sdk-go-v2` to the version before the default data integrity checks because there have been reports for non-AWS S3 providers in addition to Backblaze (IDrive, R2) that no longer or partially work with the latest AWS SDK changes. + + While we try to enforce `when_required` by default, it is not enough to disable the new AWS SDK integrity checks entirely and some providers will require additional manual adjustments to make them compatible with the latest AWS SDK (e.g. removing the `x-aws-checksum-*` headers, unsetting the checksums calculation or reinstantiating the old MD5 checksums for some of the required operations, etc.) which as a result leads to a configuration mess that I'm not sure it would be a good idea to introduce. + + This unfornuatelly is not a PocketBase or Go specific issue and the official AWS SDKs for other languages are in the same situation (even the latest aws-cli). + + For those of you that extend PocketBase with Go: if your S3 vendor doesn't support the [AWS Data integrity checks](https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html) and you are updating with `go get -u`, then make sure that the `aws-sdk-go-v2` dependencies in your `go.mod` are the same as in the repo: + ``` + // go.mod + github.com/aws/aws-sdk-go-v2 v1.36.1 + github.com/aws/aws-sdk-go-v2/config v1.28.10 + github.com/aws/aws-sdk-go-v2/credentials v1.17.51 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48 + github.com/aws/aws-sdk-go-v2/service/s3 v1.72.2 + + // after that run + go clean -modcache && go mod tidy + ``` + _The versions pinning is temporary until the non-AWS S3 vendors patch their implementation or until I manage to find time to remove/replace the `aws-sdk-go-v2` dependency (I'll consider prioritizing it for the v0.26 or v0.27 release)._ + + +## v0.25.3 + +- Added a temporary exception for Backblaze S3 endpoints to exclude the new `aws-sdk-go-v2` checksum headers ([#6440](https://github.com/pocketbase/pocketbase/discussions/6440)). + + +## v0.25.2 + +- Fixed realtime delete event not being fired for `RecordProxy`-ies and added basic realtime record resolve automated tests ([#6433](https://github.com/pocketbase/pocketbase/issues/6433)). + + +## v0.25.1 + +- Fixed the batch API Preview success sample response. + +- Bumped GitHub action min Go version to 1.23.6 as it comes with a [minor security fix](https://github.com/golang/go/issues?q=milestone%3AGo1.23.6+label%3ACherryPickApproved) for the ppc64le build. + + +## v0.25.0 + +- ⚠️ Upgraded Google OAuth2 auth, token and userinfo endpoints to their latest versions. + _For users that don't do anything custom with the Google OAuth2 data or the OAuth2 auth URL, this should be a non-breaking change. The exceptions that I could find are:_ + - `/v3/userinfo` auth response changes: + ``` + meta.rawUser.id => meta.rawUser.sub + meta.rawUser.verified_email => meta.rawUser.email_verified + ``` + - `/v2/auth` query parameters changes: + If you are specifying custom `approval_prompt=force` query parameter for the OAuth2 auth URL, you'll have to replace it with **`prompt=consent`**. + +- Added Trakt OAuth2 provider ([#6338](https://github.com/pocketbase/pocketbase/pull/6338); thanks @aidan-) + +- Added support for case-insensitive password auth based on the related UNIQUE index field collation ([#6337](https://github.com/pocketbase/pocketbase/discussions/6337)). + +- Enforced `when_required` for the new AWS SDK request and response checksum validations to allow other non-AWS vendors to catch up with new AWS SDK changes (see [#6313](https://github.com/pocketbase/pocketbase/discussions/6313) and [aws/aws-sdk-go-v2#2960](https://github.com/aws/aws-sdk-go-v2/discussions/2960)). + _You can set the environment variables `AWS_REQUEST_CHECKSUM_CALCULATION` and `AWS_RESPONSE_CHECKSUM_VALIDATION` to `when_supported` if your S3 vendor supports the [new default integrity protections](https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html)._ + +- Soft-deprecated `Record.GetUploadedFiles` in favor of `Record.GetUnsavedFiles` to minimize the ambiguities what the method do ([#6269](https://github.com/pocketbase/pocketbase/discussions/6269)). + +- Replaced archived `github.com/AlecAivazis/survey` dependency with a simpler `osutils.YesNoPrompt(message, fallback)` helper. + +- Upgraded to `golang-jwt/jwt/v5`. + +- Added JSVM `new Timezone(name)` binding for constructing `time.Location` value ([#6219](https://github.com/pocketbase/pocketbase/discussions/6219)). + +- Added `inflector.Camelize(str)` and `inflector.Singularize(str)` helper methods. + +- Use the non-transactional app instance during the realtime records delete access checks to ensure that cascade deleted records with API rules relying on the parent will be resolved. + +- Other minor improvements (_replaced all `bool` exists db scans with `int` for broader drivers compatibility, updated API Preview sample error responses, updated UI dependencies, etc._) + + +## v0.24.4 + +- Fixed fields extraction for view query with nested comments ([#6309](https://github.com/pocketbase/pocketbase/discussions/6309)). + +- Bumped GitHub action min Go version to 1.23.5 as it comes with some [minor security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.23.5). + + +## v0.24.3 + +- Fixed incorrectly reported unique validator error for fields starting with name of another field ([#6281](https://github.com/pocketbase/pocketbase/pull/6281); thanks @svobol13). + +- Reload the created/edited records data in the RecordsPicker UI. + +- Updated Go dependencies. + + +## v0.24.2 + +- Fixed display fields extraction when there are multiple "Presentable" `relation` fields in a single related collection ([#6229](https://github.com/pocketbase/pocketbase/issues/6229)). + + +## v0.24.1 + +- Added missing time macros in the UI autocomplete. + +- Fixed JSVM types for structs and functions with multiple generic parameters. + + +## v0.24.0 + +- ⚠️ Removed the "dry submit" when executing the collections Create API rule + (you can find more details why this change was introduced and how it could affect your app in https://github.com/pocketbase/pocketbase/discussions/6073). + For most users it should be non-breaking change, BUT if you have Create API rules that uses self-references or view counters you may have to adjust them manually. + With this change the "multi-match" operators are also normalized in case the targeted collection doesn't have any records + (_or in other words, `@collection.example.someField != "test"` will result to `true` if `example` collection has no records because it satisfies the condition that all available "example" records mustn't have `someField` equal to "test"_). + As a side-effect of all of the above minor changes, the record create API performance has been also improved ~4x times in high concurrent scenarios (500 concurrent clients inserting total of 50k records - [old (58.409064001s)](https://github.com/pocketbase/benchmarks/blob/54140be5fb0102f90034e1370c7f168fbcf0ddf0/results/hetzner_cax41_cgo.md#creating-50000-posts100k-reqs50000-conc500-rulerequestauthid----requestdatapublicisset--true) vs [new (13.580098262s)](https://github.com/pocketbase/benchmarks/blob/7df0466ac9bd62fe0a1056270d20ef82012f0234/results/hetzner_cax41_cgo.md#creating-50000-posts100k-reqs50000-conc500-rulerequestauthid----requestbodypublicisset--true)). + +- ⚠️ Changed the type definition of `store.Store[T any]` to `store.Store[K comparable, T any]` to allow support for custom store key types. + For most users it should be non-breaking change, BUT if you are calling `store.New[any](nil)` instances you'll have to specify the store key type, aka. `store.New[string, any](nil)`. + +- Added `@yesterday` and `@tomorrow` datetime filter macros. + +- Added `:lower` filter modifier (e.g. `title:lower = "lorem"`). + +- Added `mailer.Message.InlineAttachments` field for attaching inline files to an email (_aka. `cid` links_). + +- Added cache for the JSVM `arrayOf(m)`, `DynamicModel`, etc. dynamic `reflect` created types. + +- Added auth collection select for the settings "Send test email" popup ([#6166](https://github.com/pocketbase/pocketbase/issues/6166)). + +- Added `record.SetRandomPassword()` to simplify random password generation usually used in the OAuth2 or OTP record creation flows. + _The generated ~30 chars random password is assigned directly as bcrypt hash and ignores the `password` field plain value validators like min/max length or regex pattern._ + +- Added option to list and trigger the registered app level cron jobs via the Web API and UI. + +- Added extra validators for the collection field `int64` options (e.g. `FileField.MaxSize`) restricting them to the max safe JSON number (2^53-1). + +- Added option to unset/overwrite the default PocketBase superuser installer using `ServeEvent.InstallerFunc`. + +- Added `app.FindCachedCollectionReferences(collection, excludeIds)` to speedup records cascade delete almost twice for projects with many collections. + +- Added `tests.NewTestAppWithConfig(config)` helper if you need more control over the test configurations like `IsDev`, the number of allowed connections, etc. + +- Invalidate all record tokens when the auth record email is changed programmatically or by a superuser ([#5964](https://github.com/pocketbase/pocketbase/issues/5964)). + +- Eagerly interrupt waiting for the email alert send in case it takes longer than 15s. + +- Normalized the hidden fields filter checks and allow targetting hidden fields in the List API rule. + +- Fixed "Unique identify fields" input not refreshing on unique indexes change ([#6184](https://github.com/pocketbase/pocketbase/issues/6184)). + + +## v0.23.12 + +- Added warning logs in case of mismatched `modernc.org/sqlite` and `modernc.org/libc` versions ([#6136](https://github.com/pocketbase/pocketbase/issues/6136#issuecomment-2556336962)). + +- Skipped the default body size limit middleware for the backup upload endpoint ([#6152](https://github.com/pocketbase/pocketbase/issues/6152)). + + +## v0.23.11 + +- Upgraded `golang.org/x/net` to 0.33.0 to fix [CVE-2024-45338](https://www.cve.org/CVERecord?id=CVE-2024-45338). + _PocketBase uses the vulnerable functions primarily for the auto html->text mail generation, but most applications shouldn't be affected unless you are manually embedding unrestricted user provided value in your mail templates._ + + +## v0.23.10 + +- Renew the superuser file token cache when clicking on the thumb preview or download link ([#6137](https://github.com/pocketbase/pocketbase/discussions/6137)). + +- Upgraded `modernc.org/sqlite` to 1.34.3 to fix "disk io" error on arm64 systems. + _If you are extending PocketBase with Go and upgrading with `go get -u` make sure to manually set in your go.mod the `modernc.org/libc` indirect dependency to v1.55.3, aka. the exact same version the driver is using._ + + +## v0.23.9 + +- Replaced `strconv.Itoa` with `strconv.FormatInt` to avoid the int64->int conversion overflow on 32-bit platforms ([#6132](https://github.com/pocketbase/pocketbase/discussions/6132)). + + +## v0.23.8 + +- Fixed Model->Record and Model->Collection hook events sync for nested and/or inner-hook transactions ([#6122](https://github.com/pocketbase/pocketbase/discussions/6122)). + +- Other minor improvements (updated Go and npm deps, added extra escaping for the default mail record params in case the emails are stored as html files, fixed code comment typos, etc.). + + +## v0.23.7 + +- Fixed JSVM exception -> Go error unwrapping when throwing errors from non-request hooks ([#6102](https://github.com/pocketbase/pocketbase/discussions/6102)). + + +## v0.23.6 + +- Fixed `$filesystem.fileFromURL` documentation and generated type ([#6058](https://github.com/pocketbase/pocketbase/issues/6058)). + +- Fixed `X-Forwarded-For` header typo in the suggested UI "Common trusted proxy" headers ([#6063](https://github.com/pocketbase/pocketbase/pull/6063)). + +- Updated the `text` field max length validator error message to make it more clear ([#6066](https://github.com/pocketbase/pocketbase/issues/6066)). + +- Other minor fixes (updated Go deps, skipped unnecessary validator check when the default primary key pattern is used, updated JSVM types, etc.). + + +## v0.23.5 + +- Fixed UI logs search not properly accounting for the "Include requests by superusers" toggle when multiple search expressions are used. + +- Fixed `text` field max validation error message ([#6053](https://github.com/pocketbase/pocketbase/issues/6053)). + +- Other minor fixes (comment typos, JSVM types update). + +- Updated Go deps and the min Go release GitHub action version to 1.23.4. + + +## v0.23.4 + +- Fixed `autodate` fields not refreshing when calling `Save` multiple times on the same `Record` instance ([#6000](https://github.com/pocketbase/pocketbase/issues/6000)). + +- Added more descriptive test OTP id and failure log message ([#5982](https://github.com/pocketbase/pocketbase/discussions/5982)). + +- Moved the default UI CSP from meta tag to response header ([#5995](https://github.com/pocketbase/pocketbase/discussions/5995)). + +- Updated Go and npm dependencies. + + +## v0.23.3 + +- Fixed Gzip middleware not applying when serving static files. + +- Fixed `Record.Fresh()`/`Record.Clone()` methods not properly cloning `autodate` fields ([#5973](https://github.com/pocketbase/pocketbase/discussions/5973)). + + +## v0.23.2 + +- Fixed `RecordQuery()` custom struct scanning ([#5958](https://github.com/pocketbase/pocketbase/discussions/5958)). + +- Fixed `--dev` log query print formatting. + +- Added support for passing more than one id in the `Hook.Unbind` method for consistency with the router. + +- Added collection rules change list in the confirmation popup + (_to avoid getting anoying during development, the rules confirmation currently is enabled only when using https_). + + +## v0.23.1 + +- Added `RequestEvent.Blob(status, contentType, bytes)` response write helper ([#5940](https://github.com/pocketbase/pocketbase/discussions/5940)). + +- Added more descriptive error messages. + + +## v0.23.0 + +> [!NOTE] +> You don't have to upgrade to PocketBase v0.23.0 if you are not planning further developing +> your existing app and/or are satisfied with the v0.22.x features set. There are no identified critical issues +> with PocketBase v0.22.x yet and in the case of critical bugs and security vulnerabilities, the fixes +> will be backported for at least until Q1 of 2025 (_if not longer_). +> +> **If you don't plan upgrading make sure to pin the SDKs version to their latest PocketBase v0.22.x compatible:** +> - JS SDK: `<0.22.0` +> - Dart SDK: `<0.19.0` + +> [!CAUTION] +> This release introduces many Go/JSVM and Web APIs breaking changes! +> +> Existing `pb_data` will be automatically upgraded with the start of the new executable, +> but custom Go or JSVM (`pb_hooks`, `pb_migrations`) and JS/Dart SDK code will have to be migrated manually. +> Please refer to the below upgrade guides: +> - Go: https://pocketbase.io/v023upgrade/go/. +> - JSVM: https://pocketbase.io/v023upgrade/jsvm/. +> +> If you had already switched to some of the earlier ` - Go: https://pocketbase.io/v023upgrade/go/. +> - JSVM: https://pocketbase.io/v023upgrade/jsvm/. + +#### SDKs changes + +- [JS SDK v0.22.0](https://github.com/pocketbase/js-sdk/blob/master/CHANGELOG.md) +- [Dart SDK v0.19.0](https://github.com/pocketbase/dart-sdk/blob/master/CHANGELOG.md) + +#### Web APIs changes + +- New `POST /api/batch` endpoint. + +- New `GET /api/collections/meta/scaffolds` endpoint. + +- New `DELETE /api/collections/{collection}/truncate` endpoint. + +- New `POST /api/collections/{collection}/request-otp` endpoint. + +- New `POST /api/collections/{collection}/auth-with-otp` endpoint. + +- New `POST /api/collections/{collection}/impersonate/{id}` endpoint. + +- ⚠️ If you are constructing requests to `/api/*` routes manually remove the trailing slash (_there is no longer trailing slash removal middleware registered by default_). + +- ⚠️ Removed `/api/admins/*` endpoints because admins are converted to `_superusers` auth collection records. + +- ⚠️ Previously when uploading new files to a multiple `file` field, new files were automatically appended to the existing field values. + This behaviour has changed with v0.23+ and for consistency with the other multi-valued fields when uploading new files they will replace the old ones. If you want to prepend or append new files to an existing multiple `file` field value you can use the `+` prefix or suffix: + ```js + "documents": [file1, file2] // => [file1_name, file2_name] + "+documents": [file1, file2] // => [file1_name, file2_name, old1_name, old2_name] + "documents+": [file1, file2] // => [old1_name, old2_name, file1_name, file2_name] + ``` + +- ⚠️ Removed `GET /records/{id}/external-auths` and `DELETE /records/{id}/external-auths/{provider}` endpoints because this is now handled by sending list and delete requests to the `_externalAuths` collection. + +- ⚠️ Changes to the app settings model fields and response (+new options such as `trustedProxy`, `rateLimits`, `batch`, etc.). The app settings Web APIs are mostly used by the Dashboard UI and rarely by the end users, but if you want to check all settings changes please refer to the [Settings Go struct](https://github.com/pocketbase/pocketbase/blob/develop/core/settings_model.go#L121). + +- ⚠️ New flatten Collection model and fields structure. The Collection model Web APIs are mostly used by the Dashboard UI and rarely by the end users, but if you want to check all changes please refer to the [Collection Go struct](https://github.com/pocketbase/pocketbase/blob/develop/core/collection_model.go#L308). + +- ⚠️ The top level error response `code` key was renamed to `status` for consistency with the Go APIs. + The error field key remains `code`: + ```js + { + "status": 400, // <-- old: "code" + "message": "Failed to create record.", + "data": { + "title": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + ``` + +- ⚠️ New fields in the `GET /api/collections/{collection}/auth-methods` response. + _The old `authProviders`, `usernamePassword`, `emailPassword` fields are still returned in the response but are considered deprecated and will be removed in the future._ + ```js + { + "mfa": { + "duration": 100, + "enabled": true + }, + "otp": { + "duration": 0, + "enabled": false + }, + "password": { + "enabled": true, + "identityFields": ["email", "username"] + }, + "oauth2": { + "enabled": true, + "providers": [{"name": "gitlab", ...}, {"name": "google", ...}] + }, + // old fields... + } + ``` + +- ⚠️ Soft-deprecated the OAuth2 auth success `meta.avatarUrl` field in favour of `meta.avatarURL`. diff --git a/CHANGELOG_16_22.md b/CHANGELOG_16_22.md new file mode 100644 index 0000000..1d59187 --- /dev/null +++ b/CHANGELOG_16_22.md @@ -0,0 +1,1205 @@ +> List with changes from v0.16.x to v0.22.x. +> For the most recent versions, please refer to [CHANGELOG.md](./CHANGELOG.md) +--- + +## v0.22.34 + +- (_Backported from v0.26.6_) Allow OIDC `email_verified` to be int or boolean string since some OIDC providers like AWS Cognito has non-standard userinfo response ([#6657](https://github.com/pocketbase/pocketbase/pull/6657)). + + +## v0.22.33 + +- (_Backported from v0.26.3_) Fixed and normalized logs error serialization across common types for more consistent logs error output ([#6631](https://github.com/pocketbase/pocketbase/issues/6631)). + + +## v0.22.32 + +- (_Backported from v0.26.2_) Updated `golang-jwt/jwt` dependency because it comes with a [minor security fix](https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp). + + +## v0.22.31 + +- (_Backported from v0.25.5_) Set the current working directory as a default goja script path when executing inline JS strings to allow `require(m)` traversing parent `node_modules` directories. + + +## v0.22.30 + +- (_Backported from v0.24.4_) Fixed fields extraction for view queries with nested comments ([#6309](https://github.com/pocketbase/pocketbase/discussions/6309)). + +- Bumped GitHub action min Go version to 1.23.5 as it comes with some [minor security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.23.5). + + +## v0.22.29 + +- (_Backported from v0.23.11_) Upgraded `golang.org/x/net` to 0.33.0 to fix [CVE-2024-45338](https://www.cve.org/CVERecord?id=CVE-2024-45338). + _PocketBase uses the vulnerable functions primarily for the auto html->text mail generation, but most applications shouldn't be affected unless you are manually embedding unrestricted user provided value in your mail templates._ + + +## v0.22.28 + +- (_Backported from v0.23.10_) Renew the superuser file token cache when clicking on the thumb preview or download link ([#6137](https://github.com/pocketbase/pocketbase/discussions/6137)). + +- (_Backported from v0.23.10_) Upgraded `modernc.org/sqlite` to 1.34.3 to fix "disk io" error on arm64 systems. + _If you are extending PocketBase with Go and upgrading with `go get -u` make sure to manually set in your go.mod the `modernc.org/libc` indirect dependency to v1.55.3, aka. the exact same version the driver is using._ + + +## v0.22.27 + +- Instead of unregistering the realtime clients, we now just unset their auth state on delete of the related auth record so that the clients can receive the `delete` event ([#5898](https://github.com/pocketbase/pocketbase/issues/5898)). + + +## v0.22.26 + +- (_Backported from v0.23.0-rc_) Added manual WAL checkpoints before creating the zip backup to minimize copying unnecessary data. + + +## v0.22.25 + +- Refresh the old collections state in the Import UI after successful import submission ([#5861](https://github.com/pocketbase/pocketbase/issues/5861)). + +- Added randomized throttle on failed filter list requests as a very rudimentary measure since some security researches raised concern regarding the possibity of eventual side-channel attacks. + + +## v0.22.24 + +- Delete new uploaded record files in case of DB persist error ([#5845](https://github.com/pocketbase/pocketbase/issues/5845)). + + +## v0.22.23 + +- Updated the hooks watcher to account for the case when hooksDir is a symlink ([#5789](https://github.com/pocketbase/pocketbase/issues/5789)). + +- _(Backported from v0.23.0-rc)_ Registered a default `http.Server.ErrorLog` handler to report general server connection errors as app Debug level logs (e.g. invalid TLS handshakes caused by bots trying to access your server via its IP or other similar errors). + +- Other minor fixes (updated npm dev deps to fix the vulnerabilities warning, added more user friendly realtime topic length error, regenerated JSVM types, etc.) + + +## v0.22.22 + +- Added deprecation log in case Instagram OAuth2 is used (_related to [#5652](https://github.com/pocketbase/pocketbase/discussions/5652)_). + +- Added `update` command warning to prevent unnecessary downloading PocketBase v0.23.0 since it will contain breaking changes. + +- Added global JSVM `toString()` helper (_successor of `readerToString()`_) to stringify any value (bool, number, multi-byte array, io.Reader, etc.). + _`readerToString` is still available but it is marked as deprecated. You can also use `toString` as replacement for of `String.fromCharCode` to properly stringify multi-byte unicode characters like emojis._ + ```js + decodeURIComponent(escape(String.fromCharCode(...bytes))) -> toString(bytes) + ``` + +- Updated `aws-sdk-go-v2` and removed deprecated `WithEndpointResolverWithOptions`. + +- Backported some of the v0.23.0-rc form validators, fixes and tests. + +- Bumped GitHub action min Go version and dependencies. + + +## v0.22.21 + +- Lock the logs database during backup to prevent `database disk image is malformed` errors in case there is a log write running in the background ([#5541](https://github.com/pocketbase/pocketbase/discussions/5541)). + + +## v0.22.20 + +- Fixed the Admin UI `isEmpty` check to allow submitting zero uuid, datetime and date strings ([#5398](https://github.com/pocketbase/pocketbase/issues/5398)). + +- Updated goja and the other Go deps. + + +## v0.22.19 + +- Added additional parsing for the Apple OAuth2 `user` token response field to attempt returning the name of the authenticated user ([#5074](https://github.com/pocketbase/pocketbase/discussions/5074#discussioncomment-10317207)). + _Note that Apple only returns the user object the first time the user authorizes the app (at least based on [their docs](https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple#3331292))._ + + +## v0.22.18 + +- Improved files delete performance when using the local filesystem by adding a trailing slash to the `DeletePrefix` call to ensure that the list iterator will start "walking" from the prefix directory and not from its parent ([#5246](https://github.com/pocketbase/pocketbase/discussions/5246)). + +- Updated Go deps. + + +## v0.22.17 + +- Updated the `editor` field to use the latest TinyMCE 6.8.4 and enabled `convert_unsafe_embeds:true` by default per the security advisories. + _The Admin UI shouldn't be affected by the older TinyMCE because we don't use directly the vulnerable options/plugins and we have a default CSP, but it is recommended to update even just for silencing the CI/CD warnings._ + +- Disabled mouse selection when changing the sidebar width. + _This should also fix the reported Firefox issue when the sidebar width "resets" on mouse release out of the page window._ + +- Other minor improvements (updated the logs delete check and tests, normalized internal errors formatting, updated Go deps, etc.) + + +## v0.22.16 + +- Fixed the days calculation for triggering old logs deletion ([#5179](https://github.com/pocketbase/pocketbase/pull/5179); thanks @nehmeroumani). + _Note that the previous versions correctly delete only the logs older than the configured setting but due to the typo the delete query is invoked unnecessary on each logs batch write._ + + +## v0.22.15 + +- Added mutex to `tests.TestMailer()` to minimize tests data race warnings ([#5157](https://github.com/pocketbase/pocketbase/issues/5157)). + +- Updated goja and the other Go dependencies. + +- Bumped the min Go version in the GitHub release action to Go 1.22.5 since it comes with [`net/http` security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.22.5). + + +## v0.22.14 + +- Added OAuth2 POST redirect support (in case of `response_mode=form_post`) to allow specifying scopes for the Apple OAuth2 integration. + + Note 1: If you are using the "Manual code exchange" flow with Apple (aka. `authWithOAuth2Code()`), you need to either update your custom + redirect handler to accept POST requests OR if you want to keep the old behavior and don't need the Apple user's email - replace in the Apple authorization url `response_mode=form_post` back to `response_mode=query`. + + Note 2: Existing users that have already logged in with Apple may need to revoke their access in order to see the email sharing options as shown in [this screenshot](https://github.com/pocketbase/pocketbase/discussions/5074#discussioncomment-9801855). + If you want to force the new consent screen you could register a new Apple OAuth2 app. + +- ⚠️ Fixed a security vulnerability related to the OAuth2 email autolinking (thanks to @dalurness for reporting it). + + Just to be safe I've also published a [GitHub security advisory](https://github.com/pocketbase/pocketbase/security/advisories/GHSA-m93w-4fxv-r35v) (_may take some time to show up in the related security databases_). + + In order to be exploited you must have **both** OAuth2 and Password auth methods enabled. + + A possible attack scenario could be: + - a malicious actor register with the targeted user's email (it is unverified) + - at some later point in time the targeted user stumble on your app and decides to sign-up with OAuth2 (_this step could be also initiated by the attacker by sending an invite email to the targeted user_) + - on successful OAuth2 auth we search for an existing PocketBase user matching with the OAuth2 user's email and associate them + - because we haven't changed the password of the existing PocketBase user during the linking, the malicious actor has access to the targeted user account and will be able to login with the initially created email/password + + To prevent this for happening we now reset the password for this specific case if the previously created user wasn't verified (an exception to this is if the linking is explicit/manual, aka. when you send `Authorization:TOKEN` with the OAuth2 auth call). + + Additionally to warn users we now send an email alert in case the user has logged in with password but has at least one OAuth2 account linked. It looks something like: + + _Hello, + Just to let you know that someone has logged in to your Acme account using a password while you already have OAuth2 GitLab auth linked. + If you have recently signed in with a password, you may disregard this email. + **If you don't recognize the above action, you should immediately change your Acme account password.** + Thanks, + Acme team_ + + The flow will be further improved with the [ongoing refactoring](https://github.com/pocketbase/pocketbase/discussions/4355) and we will start sending emails for "unrecognized device" logins (OTP and MFA is already implemented and will be available with the next v0.23.0 release in the near future). + + +## v0.22.13 + +- Fixed rules inconsistency for text literals when inside parenthesis ([#5017](https://github.com/pocketbase/pocketbase/issues/5017)). + +- Updated Go deps. + + +## v0.22.12 + +- Fixed calendar picker grid layout misalignment on Firefox ([#4865](https://github.com/pocketbase/pocketbase/issues/4865)). + +- Updated Go deps and bumped the min Go version in the GitHub release action to Go 1.22.3 since it comes with [some minor security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.22.3). + + +## v0.22.11 + +- Load the full record in the relation picker edit panel ([#4857](https://github.com/pocketbase/pocketbase/issues/4857)). + + +## v0.22.10 + +- Updated the uploaded filename normalization to take double extensions in consideration ([#4824](https://github.com/pocketbase/pocketbase/issues/4824)) + +- Added Collection models cache to help speed up the common List and View requests execution with ~25%. + _This was extracted from the ongoing work on [#4355](https://github.com/pocketbase/pocketbase/discussions/4355) and there are many other small optimizations already implemented but they will have to wait for the refactoring to be finalized._ + + +## v0.22.9 + +- Fixed Admin UI OAuth2 "Clear all fields" btn action to properly unset all form fields ([#4737](https://github.com/pocketbase/pocketbase/issues/4737)). + + +## v0.22.8 + +- Fixed '~' auto wildcard wrapping when the param has escaped `%` character ([#4704](https://github.com/pocketbase/pocketbase/discussions/4704)). + +- Other minor UI improvements (added `aria-expanded=true/false` to the dropdown triggers, added contrasting border around the default mail template btn style, etc.). + +- Updated Go deps and bumped the min Go version in the GitHub release action to Go 1.22.2 since it comes with [some `net/http` security and bug fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.22.2). + + +## v0.22.7 + +- Replaced the default `s3blob` driver with a trimmed vendored version to reduce the binary size with ~10MB. + _It can be further reduced with another ~10MB once we replace entirely the `aws-sdk-go-v2` dependency but I stumbled on some edge cases related to the headers signing and for now is on hold._ + +- Other minor improvements (updated GitLab OAuth2 provider logo [#4650](https://github.com/pocketbase/pocketbase/pull/4650), normalized error messages, updated npm dependencies, etc.) + + +## v0.22.6 + +- Admin UI accessibility improvements: + - Fixed the dropdowns tab/enter/space keyboard navigation ([#4607](https://github.com/pocketbase/pocketbase/issues/4607)). + - Added `role`, `aria-label`, `aria-hidden` attributes to some of the elements in attempt to better assist screen readers. + + +## v0.22.5 + +- Minor test helpers fixes ([#4600](https://github.com/pocketbase/pocketbase/issues/4600)): + - Call the `OnTerminate` hook on `TestApp.Cleanup()`. + - Automatically run the DB migrations on initializing the test app with `tests.NewTestApp()`. + +- Added more elaborate warning message when restoring a backup explaining how the operation works. + +- Skip irregular files (symbolic links, sockets, etc.) when restoring a backup zip from the Admin UI or calling `archive.Extract(src, dst)` because they come with too many edge cases and ambiguities. +
+ More details + + This was initially reported as security issue (_thanks Harvey Spec_) but in the PocketBase context it is not something that can be exploited without an admin intervention and since the general expectations are that the PocketBase admins can do anything and they are the one who manage their server, this should be treated with the same diligence when using `scp`/`rsync`/`rclone`/etc. with untrusted file sources. + + It is not possible (_or at least I'm not aware how to do that easily_) to perform virus/malicious content scanning on the uploaded backup archive files and some caution is always required when using the Admin UI or running shell commands, hence the backup-restore warning text. + + **Or in other words, if someone sends you a file and tell you to upload it to your server (either as backup zip or manually via scp) obviously you shouldn't do that unless you really trust them.** + + PocketBase is like any other regular application that you run on your server and there is no builtin "sandbox" for what the PocketBase process can execute. This is left to the developers to restrict on application or OS level depending on their needs. If you are self-hosting PocketBase you usually don't have to do that, but if you are offering PocketBase as a service and allow strangers to run their own PocketBase instances on your server then you'll need to implement the isolation mechanisms on your own. +
+ + +## v0.22.4 + +- Removed conflicting styles causing the detailed codeblock log data preview to not visualize properly ([#4505](https://github.com/pocketbase/pocketbase/pull/4505)). + +- Minor JSVM improvements: + - Added `$filesystem.fileFromUrl(url, optSecTimeout)` helper. + - Implemented the `FormData` interface and added support for sending `multipart/form-data` requests with `$http.send()` ([#4544](https://github.com/pocketbase/pocketbase/discussions/4544)). + + +## v0.22.3 + +- Fixed the z-index of the current admin dropdown on Safari ([#4492](https://github.com/pocketbase/pocketbase/issues/4492)). + +- Fixed `OnAfterApiError` debug log `nil` error reference ([#4498](https://github.com/pocketbase/pocketbase/issues/4498)). + +- Added the field name as part of the `@request.data.someRelField.*` join to handle the case when a collection has 2 or more relation fields pointing to the same place ([#4500](https://github.com/pocketbase/pocketbase/issues/4500)). + +- Updated Go deps and bumped the min Go version in the GitHub release action to Go 1.22.1 since it comes with [some security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.22.1). + + +## v0.22.2 + +- Fixed a small regression introduced with v0.22.0 that was causing some missing unknown fields to always return an error instead of applying the specific `nullifyMisingField` resolver option to the query. + + +## v0.22.1 + +- Fixed Admin UI record and collection panels not reinitializing properly on browser back/forward navigation ([#4462](https://github.com/pocketbase/pocketbase/issues/4462)). + +- Initialize `RecordAuthWithOAuth2Event.IsNewRecord` for the `OnRecordBeforeAuthWithOAuth2Request` hook ([#4437](https://github.com/pocketbase/pocketbase/discussions/4437)). + +- Added error checks to the autogenerated Go migrations ([#4448](https://github.com/pocketbase/pocketbase/issues/4448)). + + +## v0.22.0 + +- Added Planning Center OAuth2 provider ([#4393](https://github.com/pocketbase/pocketbase/pull/4393); thanks @alxjsn). + +- Admin UI improvements: + - Autosync collection changes across multiple open browser tabs. + - Fixed vertical image popup preview scrolling. + - Added options to export a subset of collections. + - Added option to import a subset of collections without deleting the others ([#3403](https://github.com/pocketbase/pocketbase/issues/3403)). + +- Added support for back/indirect relation `filter`/`sort` (single and multiple). + The syntax to reference back relation fields is `yourCollection_via_yourRelField.*`. + ⚠️ To avoid excessive joins, the nested relations resolver is now limited to max 6 level depth (the same as `expand`). + _Note that in the future there will be also more advanced and granular options to specify a subset of the fields that are filterable/sortable._ + +- Added support for multiple back/indirect relation `expand` and updated the keys to use the `_via_` reference syntax (`yourCollection_via_yourRelField`). + _To minimize the breaking changes, the old parenthesis reference syntax (`yourCollection(yourRelField)`) will still continue to work but it is soft-deprecated and there will be a console log reminding you to change it to the new one._ + +- ⚠️ Collections and fields are no longer allowed to have `_via_` in their name to avoid collisions with the back/indirect relation reference syntax. + +- Added `jsvm.Config.OnInit` optional config function to allow registering custom Go bindings to the JSVM. + +- Added `@request.context` rule field that can be used to apply a different set of constraints based on the API rule execution context. + For example, to disallow user creation by an OAuth2 auth, you could set for the users Create API rule `@request.context != "oauth2"`. + The currently supported `@request.context` values are: + ``` + default + realtime + protectedFile + oauth2 + ``` + +- Adjusted the `cron.Start()` to start the ticker at the `00` second of the cron interval ([#4394](https://github.com/pocketbase/pocketbase/discussions/4394)). + _Note that the cron format has only minute granularity and there is still no guarantee that the scheduled job will be always executed at the `00` second._ + +- Fixed auto backups cron not reloading properly after app settings change ([#4431](https://github.com/pocketbase/pocketbase/discussions/4431)). + +- Upgraded to `aws-sdk-go-v2` and added special handling for GCS to workaround the previous [GCS headers signature issue](https://github.com/pocketbase/pocketbase/issues/2231) that we had with v2. + _This should also fix the SVG/JSON zero response when using Cloudflare R2 ([#4287](https://github.com/pocketbase/pocketbase/issues/4287#issuecomment-1925168142), [#2068](https://github.com/pocketbase/pocketbase/discussions/2068), [#2952](https://github.com/pocketbase/pocketbase/discussions/2952))._ + _⚠️ If you are using S3 for uploaded files or backups, please verify that you have a green check in the Admin UI for your S3 configuration (I've tested the new version with GCS, MinIO, Cloudflare R2 and Wasabi)._ + +- Added `:each` modifier support for `file` and `relation` type fields (_previously it was supported only for `select` type fields_). + +- Other minor improvements (updated the `ghupdate` plugin to use the configured executable name when printing to the console, fixed the error reporting of `admin update/delete` commands, etc.). + + +## v0.21.3 + +- Ignore the JS required validations for disabled OIDC providers ([#4322](https://github.com/pocketbase/pocketbase/issues/4322)). + +- Allow `HEAD` requests to the `/api/health` endpoint ([#4310](https://github.com/pocketbase/pocketbase/issues/4310)). + +- Fixed the `editor` field value when visualized inside the View collection preview panel. + +- Manually clear all TinyMCE events on editor removal (_workaround for [tinymce#9377](https://github.com/tinymce/tinymce/issues/9377)_). + + +## v0.21.2 + +- Fixed `@request.auth.*` initialization side-effect which caused the current authenticated user email to not being returned in the user auth response ([#2173](https://github.com/pocketbase/pocketbase/issues/2173#issuecomment-1932332038)). + _The current authenticated user email should be accessible always no matter of the `emailVisibility` state._ + +- Fixed `RecordUpsert.RemoveFiles` godoc example. + +- Bumped to `NumCPU()+2` the `thumbGenSem` limit as some users reported that it was too restrictive. + + +## v0.21.1 + +- Small fix for the Admin UI related to the _Settings > Sync_ menu not being visible even when the "Hide controls" toggle is off. + + +## v0.21.0 + +- Added Bitbucket OAuth2 provider ([#3948](https://github.com/pocketbase/pocketbase/pull/3948); thanks @aabajyan). + +- Mark user as verified on confirm password reset ([#4066](https://github.com/pocketbase/pocketbase/issues/4066)). + _If the user email has changed after issuing the reset token (eg. updated by an admin), then the `verified` user state remains unchanged._ + +- Added support for loading a serialized json payload for `multipart/form-data` requests using the special `@jsonPayload` key. + _This is intended to be used primarily by the SDKs to resolve [js-sdk#274](https://github.com/pocketbase/js-sdk/issues/274)._ + +- Added graceful OAuth2 redirect error handling ([#4177](https://github.com/pocketbase/pocketbase/issues/4177)). + _Previously on redirect error we were returning directly a standard json error response. Now on redirect error we'll redirect to a generic OAuth2 failure screen (similar to the success one) and will attempt to auto close the OAuth2 popup._ + _The SDKs are also updated to handle the OAuth2 redirect error and it will be returned as Promise rejection of the `authWithOAuth2()` call._ + +- Exposed `$apis.gzip()` and `$apis.bodyLimit(bytes)` middlewares to the JSVM. + +- Added `TestMailer.SentMessages` field that holds all sent test app emails until cleanup. + +- Optimized the cascade delete of records with multiple `relation` fields. + +- Updated the `serve` and `admin` commands error reporting. + +- Minor Admin UI improvements (reduced the min table row height, added option to duplicate fields, added new TinyMCE codesample plugin languages, hide the collection sync settings when the `Settings.Meta.HideControls` is enabled, etc.) + + +## v0.20.7 + +- Fixed the Admin UI auto indexes update when renaming fields with a common prefix ([#4160](https://github.com/pocketbase/pocketbase/issues/4160)). + + +## v0.20.6 + +- Fixed JSVM types generation for functions with omitted arg types ([#4145](https://github.com/pocketbase/pocketbase/issues/4145)). + +- Updated Go deps. + + +## v0.20.5 + +- Minor CSS fix for the Admin UI to prevent the searchbar within a popup from expanding too much and pushing the controls out of the visible area ([#4079](https://github.com/pocketbase/pocketbase/issues/4079#issuecomment-1876994116)). + + +## v0.20.4 + +- Small fix for a regression introduced with the recent `json` field changes that was causing View collection column expressions recognized as `json` to fail to resolve ([#4072](https://github.com/pocketbase/pocketbase/issues/4072)). + + +## v0.20.3 + +- Fixed the `json` field query comparisons to work correctly with plain JSON values like `null`, `bool` `number`, etc. ([#4068](https://github.com/pocketbase/pocketbase/issues/4068)). + Since there are plans in the future to allow custom SQLite builds and also in some situations it may be useful to be able to distinguish `NULL` from `''`, + for the `json` fields (and for any other future non-standard field) we no longer apply `COALESCE` by default, aka.: + ``` + Dataset: + 1) data: json(null) + 2) data: json('') + + For the filter "data = null" only 1) will resolve to TRUE. + For the filter "data = ''" only 2) will resolve to TRUE. + ``` + +- Minor Go tests improvements + - Sorted the record cascade delete references to ensure that the delete operation will preserve the order of the fired events when running the tests. + - Marked some of the tests as safe for parallel execution to speed up a little the GitHub action build times. + + +## v0.20.2 + +- Added `sleep(milliseconds)` JSVM binding. + _It works the same way as Go `time.Sleep()`, aka. it pauses the goroutine where the JSVM code is running._ + +- Fixed multi-line text paste in the Admin UI search bar ([#4022](https://github.com/pocketbase/pocketbase/discussions/4022)). + +- Fixed the monospace font loading in the Admin UI. + +- Fixed various reported docs and code comment typos. + + +## v0.20.1 + +- Added `--dev` flag and its accompanying `app.IsDev()` method (_in place of the previously removed `--debug`_) to assist during development ([#3918](https://github.com/pocketbase/pocketbase/discussions/3918)). + The `--dev` flag prints in the console "everything" and more specifically: + - the data DB SQL statements + - all `app.Logger().*` logs (debug, info, warning, error, etc.), no matter of the logs persistence settings in the Admin UI + +- Minor Admin UI fixes: + - Fixed the log `error` label text wrapping. + - Added the log `referer` (_when it is from a different source_) and `details` labels in the logs listing. + - Removed the blank current time entry from the logs chart because it was causing confusion when used with custom time ranges. + - Updated the SQL syntax highlighter and keywords autocompletion in the Admin UI to recognize `CAST(x as bool)` expressions. + +- Replaced the default API tests timeout with a new `ApiScenario.Timeout` option ([#3930](https://github.com/pocketbase/pocketbase/issues/3930)). + A negative or zero value means no tests timeout. + If a single API test takes more than 3s to complete it will have a log message visible when the test fails or when `go test -v` flag is used. + +- Added timestamp at the beginning of the generated JSVM types file to avoid creating it everytime with the app startup. + + +## v0.20.0 + +- Added `expand`, `filter`, `fields`, custom query and headers parameters support for the realtime subscriptions. + _Requires JS SDK v0.20.0+ or Dart SDK v0.17.0+._ + + ```js + // JS SDK v0.20.0 + pb.collection("example").subscribe("*", (e) => { + ... + }, { + expand: "someRelField", + filter: "status = 'active'", + fields: "id,expand.someRelField.*:excerpt(100)", + }) + ``` + + ```dart + // Dart SDK v0.17.0 + pb.collection("example").subscribe("*", (e) { + ... + }, + expand: "someRelField", + filter: "status = 'active'", + fields: "id,expand.someRelField.*:excerpt(100)", + ) + ``` + +- Generalized the logs to allow any kind of application logs, not just requests. + + The new `app.Logger()` implements the standard [`log/slog` interfaces](https://pkg.go.dev/log/slog) available with Go 1.21. + ``` + // Go: https://pocketbase.io/docs/go-logging/ + app.Logger().Info("Example message", "total", 123, "details", "lorem ipsum...") + + // JS: https://pocketbase.io/docs/js-logging/ + $app.logger().info("Example message", "total", 123, "details", "lorem ipsum...") + ``` + + For better performance and to minimize blocking on hot paths, logs are currently written with + debounce and on batches: + - 3 seconds after the last debounced log write + - when the batch threshold is reached (currently 200) + - right before app termination to attempt saving everything from the existing logs queue + + Some notable log related changes: + + - ⚠️ Bumped the minimum required Go version to 1.21. + + - ⚠️ Removed `_requests` table in favor of the generalized `_logs`. + _Note that existing logs will be deleted!_ + + - ⚠️ Renamed the following `Dao` log methods: + ```go + Dao.RequestQuery(...) -> Dao.LogQuery(...) + Dao.FindRequestById(...) -> Dao.FindLogById(...) + Dao.RequestsStats(...) -> Dao.LogsStats(...) + Dao.DeleteOldRequests(...) -> Dao.DeleteOldLogs(...) + Dao.SaveRequest(...) -> Dao.SaveLog(...) + ``` + - ⚠️ Removed `app.IsDebug()` and the `--debug` flag. + This was done to avoid the confusion with the new logger and its debug severity level. + If you want to store debug logs you can set `-4` as min log level from the Admin UI. + + - Refactored Admin UI Logs: + - Added new logs table listing. + - Added log settings option to toggle the IP logging for the activity logger. + - Added log settings option to specify a minimum log level. + - Added controls to export individual or bulk selected logs as json. + - Other minor improvements and fixes. + +- Added new `filesystem/System.Copy(src, dest)` method to copy existing files from one location to another. + _This is usually useful when duplicating records with `file` field(s) programmatically._ + +- Added `filesystem.NewFileFromUrl(ctx, url)` helper method to construct a `*filesystem.BytesReader` file from the specified url. + +- OAuth2 related additions: + + - Added new `PKCE()` and `SetPKCE(enable)` OAuth2 methods to indicate whether the PKCE flow is supported or not. + _The PKCE value is currently configurable from the UI only for the OIDC providers._ + _This was added to accommodate OIDC providers that may throw an error if unsupported PKCE params are submitted with the auth request (eg. LinkedIn; see [#3799](https://github.com/pocketbase/pocketbase/discussions/3799#discussioncomment-7640312))._ + + - Added new `displayName` field for each `listAuthMethods()` OAuth2 provider item. + _The value of the `displayName` property is currently configurable from the UI only for the OIDC providers._ + + - Added `expiry` field to the OAuth2 user response containing the _optional_ expiration time of the OAuth2 access token ([#3617](https://github.com/pocketbase/pocketbase/discussions/3617)). + + - Allow a single OAuth2 user to be used for authentication in multiple auth collection. + _⚠️ Because now you can have more than one external provider with `collectionId-provider-providerId` pair, `Dao.FindExternalAuthByProvider(provider, providerId)` method was removed in favour of the more generic `Dao.FindFirstExternalAuthByExpr(expr)`._ + +- Added `onlyVerified` auth collection option to globally disallow authentication requests for unverified users. + +- Added support for single line comments (ex. `// your comment`) in the API rules and filter expressions. + +- Added support for specifying a collection alias in `@collection.someCollection:alias.*`. + +- Soft-deprecated and renamed `app.Cache()` with `app.Store()`. + +- Minor JSVM updates and fixes: + + - Updated `$security.parseUnverifiedJWT(token)` and `$security.parseJWT(token, key)` to return the token payload result as plain object. + + - Added `$apis.requireGuestOnly()` middleware JSVM binding ([#3896](https://github.com/pocketbase/pocketbase/issues/3896)). + +- Use `IS NOT` instead of `!=` as not-equal SQL query operator to handle the cases when comparing with nullable columns or expressions (eg. `json_extract` over `json` field). + _Based on my local dataset I wasn't able to find a significant difference in the performance between the 2 operators, but if you stumble on a query that you think may be affected negatively by this, please report it and I'll test it further._ + +- Added `MaxSize` `json` field option to prevent storing large json data in the db ([#3790](https://github.com/pocketbase/pocketbase/issues/3790)). + _Existing `json` fields are updated with a system migration to have a ~2MB size limit (it can be adjusted from the Admin UI)._ + +- Fixed negative string number normalization support for the `json` field type. + +- Trigger the `app.OnTerminate()` hook on `app.Restart()` call. + _A new bool `IsRestart` field was also added to the `core.TerminateEvent` event._ + +- Fixed graceful shutdown handling and speed up a little the app termination time. + +- Limit the concurrent thumbs generation to avoid high CPU and memory usage in spiky scenarios ([#3794](https://github.com/pocketbase/pocketbase/pull/3794); thanks @t-muehlberger). + _Currently the max concurrent thumbs generation processes are limited to "total of logical process CPUs + 1"._ + _This is arbitrary chosen and may change in the future depending on the users feedback and usage patterns._ + _If you are experiencing OOM errors during large image thumb generations, especially in container environment, you can try defining the `GOMEMLIMIT=500MiB` env variable before starting the executable._ + +- Slightly speed up (~10%) the thumbs generation by changing from cubic (`CatmullRom`) to bilinear (`Linear`) resampling filter (_the quality difference is very little_). + +- Added a default red colored Stderr output in case of a console command error. + _You can now also silence individually custom commands errors using the `cobra.Command.SilenceErrors` field._ + +- Fixed links formatting in the autogenerated html->text mail body. + +- Removed incorrectly imported empty `local('')` font-face declarations. + + +## v0.19.4 + +- Fixed TinyMCE source code viewer textarea styles ([#3715](https://github.com/pocketbase/pocketbase/issues/3715)). + +- Fixed `text` field min/max validators to properly count multi-byte characters ([#3735](https://github.com/pocketbase/pocketbase/issues/3735)). + +- Allowed hyphens in `username` ([#3697](https://github.com/pocketbase/pocketbase/issues/3697)). + _More control over the system fields settings will be available in the future._ + +- Updated the JSVM generated types to use directly the value type instead of `* | undefined` union in functions/methods return declarations. + + +## v0.19.3 + +- Added the release notes to the console output of `./pocketbase update` ([#3685](https://github.com/pocketbase/pocketbase/discussions/3685)). + +- Added missing documentation for the JSVM `$mails.*` bindings. + +- Relaxed the OAuth2 redirect url validation to allow any string value ([#3689](https://github.com/pocketbase/pocketbase/pull/3689); thanks @sergeypdev). + _Note that the redirect url format is still bound to the accepted values by the specific OAuth2 provider._ + + +## v0.19.2 + +- Updated the JSVM generated types ([#3627](https://github.com/pocketbase/pocketbase/issues/3627), [#3662](https://github.com/pocketbase/pocketbase/issues/3662)). + + +## v0.19.1 + +- Fixed `tokenizer.Scan()/ScanAll()` to ignore the separators from the default trim cutset. + An option to return also the empty found tokens was also added via `Tokenizer.KeepEmptyTokens(true)`. + _This should fix the parsing of whitespace characters around view query column names when no quotes are used ([#3616](https://github.com/pocketbase/pocketbase/discussions/3616#discussioncomment-7398564))._ + +- Fixed the `:excerpt(max, withEllipsis?)` `fields` query param modifier to properly add space to the generated text fragment after block tags. + + +## v0.19.0 + +- Added Patreon OAuth2 provider ([#3323](https://github.com/pocketbase/pocketbase/pull/3323); thanks @ghostdevv). + +- Added mailcow OAuth2 provider ([#3364](https://github.com/pocketbase/pocketbase/pull/3364); thanks @thisni1s). + +- Added support for `:excerpt(max, withEllipsis?)` `fields` modifier that will return a short plain text version of any string value (html tags are stripped). + This could be used to minimize the downloaded json data when listing records with large `editor` html values. + ```js + await pb.collection("example").getList(1, 20, { + "fields": "*,description:excerpt(100)" + }) + ``` + +- Several Admin UI improvements: + - Count the total records separately to speed up the query execution for large datasets ([#3344](https://github.com/pocketbase/pocketbase/issues/3344)). + - Enclosed the listing scrolling area within the table so that the horizontal scrollbar and table header are always reachable ([#2505](https://github.com/pocketbase/pocketbase/issues/2505)). + - Allowed opening the record preview/update form via direct URL ([#2682](https://github.com/pocketbase/pocketbase/discussions/2682)). + - Reintroduced the local `date` field tooltip on hover. + - Speed up the listing loading times for records with large `editor` field values by initially fetching only a partial of the records data (the complete record data is loaded on record preview/update). + - Added "Media library" (collection images picker) support for the TinyMCE `editor` field. + - Added support to "pin" collections in the sidebar. + - Added support to manually resize the collections sidebar. + - More clear "Nonempty" field label style. + - Removed the legacy `.woff` and `.ttf` fonts and keep only `.woff2`. + +- Removed the explicit `Content-Type` charset from the realtime response due to compatibility issues with IIS ([#3461](https://github.com/pocketbase/pocketbase/issues/3461)). + _The `Connection:keep-alive` realtime response header was also removed as it is not really used with HTTP2 anyway._ + +- Added new JSVM bindings: + - `new Cookie({ ... })` constructor for creating `*http.Cookie` equivalent value. + - `new SubscriptionMessage({ ... })` constructor for creating a custom realtime subscription payload. + - Soft-deprecated `$os.exec()` in favour of `$os.cmd()` to make it more clear that the call only prepares the command and doesn't execute it. + +- ⚠️ Bumped the min required Go version to 1.19. + + +## v0.18.10 + +- Added global `raw` template function to allow outputting raw/verbatim HTML content in the JSVM templates ([#3476](https://github.com/pocketbase/pocketbase/discussions/3476)). + ``` + {{.description|raw}} + ``` + +- Trimmed view query semicolon and allowed single quotes for column aliases ([#3450](https://github.com/pocketbase/pocketbase/issues/3450#issuecomment-1748044641)). + _Single quotes are usually [not a valid identifier quote characters](https://www.sqlite.org/lang_keywords.html), but for resilience and compatibility reasons SQLite allows them in some contexts where only an identifier is expected._ + +- Bumped the GitHub action to use [min Go 1.21.2](https://github.com/golang/go/issues?q=milestone%3AGo1.21.2) (_the fixed issues are not critical as they are mostly related to the compiler/build tools_). + + +## v0.18.9 + +- Fixed empty thumbs directories not getting deleted on Windows after deleting a record img file ([#3382](https://github.com/pocketbase/pocketbase/issues/3382)). + +- Updated the generated JSVM typings to silent the TS warnings when trying to access a field/method in a Go->TS interface. + + +## v0.18.8 + +- Minor fix for the View collections API Preview and Admin UI listings incorrectly showing the `created` and `updated` fields as `N/A` when the view query doesn't have them. + + +## v0.18.7 + +- Fixed JS error in the Admin UI when listing records with invalid `relation` field value ([#3372](https://github.com/pocketbase/pocketbase/issues/3372)). + _This could happen usually only during custom SQL import scripts or when directly modifying the record field value without data validations._ + +- Updated Go deps and the generated JSVM types. + + +## v0.18.6 + +- Return the response headers and cookies in the `$http.send()` result ([#3310](https://github.com/pocketbase/pocketbase/discussions/3310)). + +- Added more descriptive internal error message for missing user/admin email on password reset requests. + +- Updated Go deps. + + +## v0.18.5 + +- Fixed minor Admin UI JS error in the auth collection options panel introduced with the change from v0.18.4. + + +## v0.18.4 + +- Added escape character (`\`) support in the Admin UI to allow using `select` field values with comma ([#2197](https://github.com/pocketbase/pocketbase/discussions/2197)). + + +## v0.18.3 + +- Exposed a global JSVM `readerToString(reader)` helper function to allow reading Go `io.Reader` values ([#3273](https://github.com/pocketbase/pocketbase/discussions/3273)). + +- Bumped the GitHub action to use [min Go 1.21.1](https://github.com/golang/go/issues?q=milestone%3AGo1.21.1+label%3ACherryPickApproved) for the prebuilt executable since it contains some minor `html/template` and `net/http` security fixes. + + +## v0.18.2 + +- Prevent breaking the record form in the Admin UI in case the browser's localStorage quota has been exceeded when uploading or storing large `editor` values ([#3265](https://github.com/pocketbase/pocketbase/issues/3265)). + +- Updated docs and missing JSVM typings. + +- Exposed additional crypto primitives under the `$security.*` JSVM namespace ([#3273](https://github.com/pocketbase/pocketbase/discussions/3273)): + ```js + // HMAC with SHA256 + $security.hs256("hello", "secret") + + // HMAC with SHA512 + $security.hs512("hello", "secret") + + // compare 2 strings with a constant time + $security.equal(hash1, hash2) + ``` + + +## v0.18.1 + +- Excluded the local temp dir from the backups ([#3261](https://github.com/pocketbase/pocketbase/issues/3261)). + + +## v0.18.0 + +- Simplified the `serve` command to accept domain name(s) as argument to reduce any additional manual hosts setup that sometimes previously was needed when deploying on production ([#3190](https://github.com/pocketbase/pocketbase/discussions/3190)). + ```sh + ./pocketbase serve yourdomain.com + ``` + +- Added `fields` wildcard (`*`) support. + +- Added option to upload a backup file from the Admin UI ([#2599](https://github.com/pocketbase/pocketbase/issues/2599)). + +- Registered a custom Deflate compressor to speedup (_nearly 2-3x_) the backups generation for the sake of a small zip size increase. + _Based on several local tests, `pb_data` of ~500MB (from which ~350MB+ are several hundred small files) results in a ~280MB zip generated for ~11s (previously it resulted in ~250MB zip but for ~35s)._ + +- Added the application name as part of the autogenerated backup name for easier identification ([#3066](https://github.com/pocketbase/pocketbase/issues/3066)). + +- Added new `SmtpConfig.LocalName` option to specify a custom domain name (or IP address) for the initial EHLO/HELO exchange ([#3097](https://github.com/pocketbase/pocketbase/discussions/3097)). + _This is usually required for verification purposes only by some SMTP providers, such as on-premise [Gmail SMTP-relay](https://support.google.com/a/answer/2956491)._ + +- Added `NoDecimal` `number` field option. + +- `editor` field improvements: + - Added new "Strip urls domain" option to allow controlling the default TinyMCE urls behavior (_default to `false` for new content_). + - Normalized pasted text while still preserving links, lists, tables, etc. formatting ([#3257](https://github.com/pocketbase/pocketbase/issues/3257)). + +- Added option to auto generate admin and auth record passwords from the Admin UI. + +- Added JSON validation and syntax highlight for the `json` field in the Admin UI ([#3191](https://github.com/pocketbase/pocketbase/issues/3191)). + +- Added datetime filter macros: + ``` + // all macros are UTC based + @second - @now second number (0-59) + @minute - @now minute number (0-59) + @hour - @now hour number (0-23) + @weekday - @now weekday number (0-6) + @day - @now day number + @month - @now month number + @year - @now year number + @todayStart - beginning of the current day as datetime string + @todayEnd - end of the current day as datetime string + @monthStart - beginning of the current month as datetime string + @monthEnd - end of the current month as datetime string + @yearStart - beginning of the current year as datetime string + @yearEnd - end of the current year as datetime string + ``` + +- Added cron expression macros ([#3132](https://github.com/pocketbase/pocketbase/issues/3132)): + ``` + @yearly - "0 0 1 1 *" + @annually - "0 0 1 1 *" + @monthly - "0 0 1 * *" + @weekly - "0 0 * * 0" + @daily - "0 0 * * *" + @midnight - "0 0 * * *" + @hourly - "0 * * * *" + ``` + +- ⚠️ Added offset argument `Dao.FindRecordsByFilter(collection, filter, sort, limit, offset, [params...])`. + _If you don't need an offset, you can set it to `0`._ + +- To minimize the footguns with `Dao.FindFirstRecordByFilter()` and `Dao.FindRecordsByFilter()`, the functions now supports an optional placeholder params argument that is safe to be populated with untrusted user input. + The placeholders are in the same format as when binding regular SQL parameters. + ```go + // unsanitized and untrusted filter variables + status := "..." + author := "..." + + app.Dao().FindFirstRecordByFilter("articles", "status={:status} && author={:author}", dbx.Params{ + "status": status, + "author": author, + }) + + app.Dao().FindRecordsByFilter("articles", "status={:status} && author={:author}", "-created", 10, 0, dbx.Params{ + "status": status, + "author": author, + }) + ``` + +- Added JSVM `$mails.*` binds for the corresponding Go [mails package](https://pkg.go.dev/github.com/pocketbase/pocketbase/mails) functions. + +- Added JSVM helper crypto primitives under the `$security.*` namespace: + ```js + $security.md5(text) + $security.sha256(text) + $security.sha512(text) + ``` + +- ⚠️ Deprecated `RelationOptions.DisplayFields` in favor of the new `SchemaField.Presentable` option to avoid the duplication when a single collection is referenced more than once and/or by multiple other collections. + +- ⚠️ Fill the `LastVerificationSentAt` and `LastResetSentAt` fields only after a successfull email send ([#3121](https://github.com/pocketbase/pocketbase/issues/3121)). + +- ⚠️ Skip API `fields` json transformations for non 20x responses ([#3176](https://github.com/pocketbase/pocketbase/issues/3176)). + +- ⚠️ Changes to `tests.ApiScenario` struct: + + - The `ApiScenario.AfterTestFunc` now receive as 3rd argument `*http.Response` pointer instead of `*echo.Echo` as the latter is not really useful in this context. + ```go + // old + AfterTestFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) + + // new + AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) + ``` + + - The `ApiScenario.TestAppFactory` now accept the test instance as argument and no longer expect an error as return result ([#3025](https://github.com/pocketbase/pocketbase/discussions/3025#discussioncomment-6592272)). + ```go + // old + TestAppFactory: func() (*tests.TestApp, error) + + // new + TestAppFactory: func(t *testing.T) *tests.TestApp + ``` + _Returning a `nil` app instance from the factory results in test failure. You can enforce a custom test failure by calling `t.Fatal(err)` inside the factory._ + +- Bumped the min required TLS version to 1.2 in order to improve the cert reputation score. + +- Reduced the default JSVM prewarmed pool size to 25 to reduce the initial memory consumptions (_you can manually adjust the pool size with `--hooksPool=50` if you need to, but the default should suffice for most cases_). + +- Update `gocloud.dev` dependency to v0.34 and explicitly set the new `NoTempDir` fileblob option to prevent the cross-device link error introduced with v0.33. + +- Other minor Admin UI and docs improvements. + + +## v0.17.7 + +- Fixed the autogenerated `down` migrations to properly revert the old collection rules in case a change was made in `up` ([#3192](https://github.com/pocketbase/pocketbase/pull/3192); thanks @impact-merlinmarek). + _Existing `down` migrations can't be fixed but that should be ok as usually the `down` migrations are rarely used against prod environments since they can cause data loss and, while not ideal, the previous old behavior of always setting the rules to `null/nil` is safer than not updating the rules at all._ + +- Updated some Go deps. + + +## v0.17.6 + +- Fixed JSVM `require()` file path error when using Windows-style path delimiters ([#3163](https://github.com/pocketbase/pocketbase/issues/3163#issuecomment-1685034438)). + + +## v0.17.5 + +- Added quotes around the wrapped view query columns introduced with v0.17.4. + + +## v0.17.4 + +- Fixed Views record retrieval when numeric id is used ([#3110](https://github.com/pocketbase/pocketbase/issues/3110)). + _With this fix we also now properly recognize `CAST(... as TEXT)` and `CAST(... as BOOLEAN)` as `text` and `bool` fields._ + +- Fixed `relation` "Cascade delete" tooltip message ([#3098](https://github.com/pocketbase/pocketbase/issues/3098)). + +- Fixed jsvm error message prefix on failed migrations ([#3103](https://github.com/pocketbase/pocketbase/pull/3103); thanks @nzhenev). + +- Disabled the initial Admin UI admins counter cache when there are no initial admins to allow detecting externally created accounts (eg. with the `admin` command) ([#3106](https://github.com/pocketbase/pocketbase/issues/3106)). + +- Downgraded `google/go-cloud` dependency to v0.32.0 until v0.34.0 is released to prevent the `os.TempDir` `cross-device link` errors as too many users complained about it. + + +## v0.17.3 + +- Fixed Docker `cross-device link` error when creating `pb_data` backups on a local mounted volume ([#3089](https://github.com/pocketbase/pocketbase/issues/3089)). + +- Fixed the error messages for relation to views ([#3090](https://github.com/pocketbase/pocketbase/issues/3090)). + +- Always reserve space for the scrollbar to reduce the layout shifts in the Admin UI records listing due to the deprecated `overflow: overlay`. + +- Enabled lazy loading for the Admin UI thumb images. + + +## v0.17.2 + +- Soft-deprecated `$http.send({ data: object, ... })` in favour of `$http.send({ body: rawString, ... })` + to allow sending non-JSON body with the request ([#3058](https://github.com/pocketbase/pocketbase/discussions/3058)). + The existing `data` prop will still work, but it is recommended to use `body` instead (_to send JSON you can use `JSON.stringify(...)` as body value_). + +- Added `core.RealtimeConnectEvent.IdleTimeout` field to allow specifying a different realtime idle timeout duration per client basis ([#3054](https://github.com/pocketbase/pocketbase/discussions/3054)). + +- Fixed `apis.RequestData` deprecation log note ([#3068](https://github.com/pocketbase/pocketbase/pull/3068); thanks @gungjodi). + + +## v0.17.1 + +- Use relative path when redirecting to the OAuth2 providers page in the Admin UI to support subpath deployments ([#3026](https://github.com/pocketbase/pocketbase/pull/3026); thanks @sonyarianto). + +- Manually trigger the `OnBeforeServe` hook for `tests.ApiScenario` ([#3025](https://github.com/pocketbase/pocketbase/discussions/3025)). + +- Trigger the JSVM `cronAdd()` handler only on app `serve` to prevent unexpected (and eventually duplicated) cron handler calls when custom console commands are used ([#3024](https://github.com/pocketbase/pocketbase/discussions/3024#discussioncomment-6592703)). + +- The `console.log()` messages are now written to the `stdout` instead of `stderr`. + + +## v0.17.0 + +- New more detailed guides for using PocketBase as framework (both Go and JS). + _If you find any typos or issues with the docs please report them in https://github.com/pocketbase/site._ + +- Added new experimental JavaScript app hooks binding via [goja](https://github.com/dop251/goja). + They are available by default with the prebuilt executable if you create `*.pb.js` file(s) in the `pb_hooks` directory. + Lower your expectations because the integration comes with some limitations. For more details please check the [Extend with JavaScript](https://pocketbase.io/docs/js-overview/) guide. + Optionally, you can also enable the JS app hooks as part of a custom Go build for dynamic scripting but you need to register the `jsvm` plugin manually: + ```go + jsvm.MustRegister(app core.App, config jsvm.Config{}) + ``` + +- Added Instagram OAuth2 provider ([#2534](https://github.com/pocketbase/pocketbase/pull/2534); thanks @pnmcosta). + +- Added VK OAuth2 provider ([#2533](https://github.com/pocketbase/pocketbase/pull/2533); thanks @imperatrona). + +- Added Yandex OAuth2 provider ([#2762](https://github.com/pocketbase/pocketbase/pull/2762); thanks @imperatrona). + +- Added new fields to `core.ServeEvent`: + ```go + type ServeEvent struct { + App App + Router *echo.Echo + // new fields + Server *http.Server // allows adjusting the HTTP server config (global timeouts, TLS options, etc.) + CertManager *autocert.Manager // allows adjusting the autocert options (cache dir, host policy, etc.) + } + ``` + +- Added `record.ExpandedOne(rel)` and `record.ExpandedAll(rel)` helpers to retrieve casted single or multiple expand relations from the already loaded "expand" Record data. + +- Added rule and filter record `Dao` helpers: + ```go + app.Dao().FindRecordsByFilter("posts", "title ~ 'lorem ipsum' && visible = true", "-created", 10) + app.Dao().FindFirstRecordByFilter("posts", "slug='test' && active=true") + app.Dao().CanAccessRecord(record, requestInfo, rule) + ``` + +- Added `Dao.WithoutHooks()` helper to create a new `Dao` from the current one but without the create/update/delete hooks. + +- Use a default fetch function that will return all relations in case the `fetchFunc` argument of `Dao.ExpandRecord(record, expands, fetchFunc)` and `Dao.ExpandRecords(records, expands, fetchFunc)` is `nil`. + +- For convenience it is now possible to call `Dao.RecordQuery(collectionModelOrIdentifier)` with just the collection id or name. + In case an invalid collection id/name string is passed the query will be resolved with cancelled context error. + +- Refactored `apis.ApiError` validation errors serialization to allow `map[string]error` and `map[string]any` when generating the public safe formatted `ApiError.Data`. + +- Added support for wrapped API errors (_in case Go 1.20+ is used with multiple wrapped errors, the first `apis.ApiError` takes precedence_). + +- Added `?download=1` file query parameter to the file serving endpoint to force the browser to always download the file and not show its preview. + +- Added new utility `github.com/pocketbase/pocketbase/tools/template` subpackage to assist with rendering HTML templates using the standard Go `html/template` and `text/template` syntax. + +- Added `types.JsonMap.Get(k)` and `types.JsonMap.Set(k, v)` helpers for the cases where the type aliased direct map access is not allowed (eg. in [goja](https://pkg.go.dev/github.com/dop251/goja#hdr-Maps_with_methods)). + +- Soft-deprecated `security.NewToken()` in favor of `security.NewJWT()`. + +- `Hook.Add()` and `Hook.PreAdd` now returns a unique string identifier that could be used to remove the registered hook handler via `Hook.Remove(handlerId)`. + +- Changed the after* hooks to be called right before writing the user response, allowing users to return response errors from the after hooks. + There is also no longer need for returning explicitly `hook.StopPropagtion` when writing custom response body in a hook because we will skip the finalizer response body write if a response was already "committed". + +- ⚠️ Renamed `*Options{}` to `Config{}` for consistency and replaced the unnecessary pointers with their value equivalent to keep the applied configuration defaults isolated within their function calls: + ```go + old: pocketbase.NewWithConfig(config *pocketbase.Config) *pocketbase.PocketBase + new: pocketbase.NewWithConfig(config pocketbase.Config) *pocketbase.PocketBase + + old: core.NewBaseApp(config *core.BaseAppConfig) *core.BaseApp + new: core.NewBaseApp(config core.BaseAppConfig) *core.BaseApp + + old: apis.Serve(app core.App, options *apis.ServeOptions) error + new: apis.Serve(app core.App, config apis.ServeConfig) (*http.Server, error) + + old: jsvm.MustRegisterMigrations(app core.App, options *jsvm.MigrationsOptions) + new: jsvm.MustRegister(app core.App, config jsvm.Config) + + old: ghupdate.MustRegister(app core.App, rootCmd *cobra.Command, options *ghupdate.Options) + new: ghupdate.MustRegister(app core.App, rootCmd *cobra.Command, config ghupdate.Config) + + old: migratecmd.MustRegister(app core.App, rootCmd *cobra.Command, options *migratecmd.Options) + new: migratecmd.MustRegister(app core.App, rootCmd *cobra.Command, config migratecmd.Config) + ``` + +- ⚠️ Changed the type of `subscriptions.Message.Data` from `string` to `[]byte` because `Data` usually is a json bytes slice anyway. + +- ⚠️ Renamed `models.RequestData` to `models.RequestInfo` and soft-deprecated `apis.RequestData(c)` in favor of `apis.RequestInfo(c)` to avoid the stuttering with the `Data` field. + _The old `apis.RequestData()` method still works to minimize the breaking changes but it is recommended to replace it with `apis.RequestInfo(c)`._ + +- ⚠️ Changes to the List/Search APIs + - Added new query parameter `?skipTotal=1` to skip the `COUNT` query performed with the list/search actions ([#2965](https://github.com/pocketbase/pocketbase/discussions/2965)). + If `?skipTotal=1` is set, the response fields `totalItems` and `totalPages` will have `-1` value (this is to avoid having different JSON responses and to differentiate from the zero default). + With the latest JS SDK 0.16+ and Dart SDK v0.11+ versions `skipTotal=1` is set by default for the `getFirstListItem()` and `getFullList()` requests. + + - The count and regular select statements also now executes concurrently, meaning that we no longer perform normalization over the `page` parameter and in case the user + request a page that doesn't exist (eg. `?page=99999999`) we'll return empty `items` array. + + - Reverted the default `COUNT` column to `id` as there are some common situations where it can negatively impact the query performance. + Additionally, from this version we also set `PRAGMA temp_store = MEMORY` so that also helps with the temp B-TREE creation when `id` is used. + _There are still scenarios where `COUNT` queries with `rowid` executes faster, but the majority of the time when nested relations lookups are used it seems to have the opposite effect (at least based on the benchmarks dataset)._ + +- ⚠️ Disallowed relations to views **from non-view** collections ([#3000](https://github.com/pocketbase/pocketbase/issues/3000)). + The change was necessary because I wasn't able to find an efficient way to track view changes and the previous behavior could have too many unexpected side-effects (eg. view with computed ids). + There is a system migration that will convert the existing view `relation` fields to `json` (multiple) and `text` (single) fields. + This could be a breaking change if you have `relation` to view and use `expand` or some of the `relation` view fields as part of a collection rule. + +- ⚠️ Added an extra `action` argument to the `Dao` hooks to allow skipping the default persist behavior. + In preparation for the logs generalization, the `Dao.After*Func` methods now also allow returning an error. + +- Allowed `0` as `RelationOptions.MinSelect` value to avoid the ambiguity between 0 and non-filled input value ([#2817](https://github.com/pocketbase/pocketbase/discussions/2817)). + +- Fixed zero-default value not being used if the field is not explicitly set when manually creating records ([#2992](https://github.com/pocketbase/pocketbase/issues/2992)). + Additionally, `record.Get(field)` will now always return normalized value (the same as in the json serialization) for consistency and to avoid ambiguities with what is stored in the related DB table. + The schema fields columns `DEFAULT` definition was also updated for new collections to ensure that `NULL` values can't be accidentally inserted. + +- Fixed `migrate down` not returning the correct `lastAppliedMigrations()` when the stored migration applied time is in seconds. + +- Fixed realtime delete event to be called after the record was deleted from the DB (_including transactions and cascade delete operations_). + +- Other minor fixes and improvements (typos and grammar fixes, updated dependencies, removed unnecessary 404 error check in the Admin UI, etc.). + + +## v0.16.10 + +- Added multiple valued fields (`relation`, `select`, `file`) normalizations to ensure that the zero-default value of a newly created multiple field is applied for already existing data ([#2930](https://github.com/pocketbase/pocketbase/issues/2930)). + + +## v0.16.9 + +- Register the `eagerRequestInfoCache` middleware only for the internal `api` group routes to avoid conflicts with custom route handlers ([#2914](https://github.com/pocketbase/pocketbase/issues/2914)). + + +## v0.16.8 + +- Fixed unique validator detailed error message not being returned when camelCase field name is used ([#2868](https://github.com/pocketbase/pocketbase/issues/2868)). + +- Updated the index parser to allow no space between the table name and the columns list ([#2864](https://github.com/pocketbase/pocketbase/discussions/2864#discussioncomment-6373736)). + +- Updated go deps. + + +## v0.16.7 + +- Minor optimization for the list/search queries to use `rowid` with the `COUNT` statement when available. + _This eliminates the temp B-TREE step when executing the query and for large datasets (eg. 150k) it could have 10x improvement (from ~580ms to ~60ms)._ + + +## v0.16.6 + +- Fixed collection index column sort normalization in the Admin UI ([#2681](https://github.com/pocketbase/pocketbase/pull/2681); thanks @SimonLoir). + +- Removed unnecessary admins count in `apis.RequireAdminAuthOnlyIfAny()` middleware ([#2726](https://github.com/pocketbase/pocketbase/pull/2726); thanks @svekko). + +- Fixed `multipart/form-data` request bind not populating map array values ([#2763](https://github.com/pocketbase/pocketbase/discussions/2763#discussioncomment-6278902)). + +- Upgraded npm and Go dependencies. + + +## v0.16.5 + +- Fixed the Admin UI serialization of implicit relation display fields ([#2675](https://github.com/pocketbase/pocketbase/issues/2675)). + +- Reset the Admin UI sort in case the active sort collection field is renamed or deleted. + + +## v0.16.4 + +- Fixed the selfupdate command not working on Windows due to missing `.exe` in the extracted binary path ([#2589](https://github.com/pocketbase/pocketbase/discussions/2589)). + _Note that the command on Windows will work from v0.16.4+ onwards, meaning that you still will have to update manually one more time to v0.16.4._ + +- Added `int64`, `int32`, `uint`, `uint64` and `uint32` support when scanning `types.DateTime` ([#2602](https://github.com/pocketbase/pocketbase/discussions/2602)) + +- Updated dependencies. + + +## v0.16.3 + +- Fixed schema fields sort not working on Safari/Gnome Web ([#2567](https://github.com/pocketbase/pocketbase/issues/2567)). + +- Fixed default `PRAGMA`s not being applied for new connections ([#2570](https://github.com/pocketbase/pocketbase/discussions/2570)). + + +## v0.16.2 + +- Fixed backups archive not excluding the local `backups` directory on Windows ([#2548](https://github.com/pocketbase/pocketbase/discussions/2548#discussioncomment-5979712)). + +- Changed file field to not use `dataTransfer.effectAllowed` when dropping files since it is not reliable and consistent across different OS and browsers ([#2541](https://github.com/pocketbase/pocketbase/issues/2541)). + +- Auto register the initial generated snapshot migration to prevent incorrectly reapplying the snapshot on Docker restart ([#2551](https://github.com/pocketbase/pocketbase/discussions/2551)). + +- Fixed missing view id field error message typo. + + +## v0.16.1 + +- Fixed backup restore not working in a container environment when `pb_data` is mounted as volume ([#2519](https://github.com/pocketbase/pocketbase/issues/2519)). + +- Fixed Dart SDK realtime API preview example ([#2523](https://github.com/pocketbase/pocketbase/pull/2523); thanks @xFrann). + +- Fixed typo in the backups create panel ([#2526](https://github.com/pocketbase/pocketbase/pull/2526); thanks @dschissler). + +- Removed unnecessary slice length check in `list.ExistInSlice` ([#2527](https://github.com/pocketbase/pocketbase/pull/2527); thanks @KunalSin9h). + +- Avoid mutating the cached request data on OAuth2 user create ([#2535](https://github.com/pocketbase/pocketbase/discussions/2535)). + +- Fixed Export Collections "Download as JSON" ([#2540](https://github.com/pocketbase/pocketbase/issues/2540)). + +- Fixed file field drag and drop not working in Firefox and Safari ([#2541](https://github.com/pocketbase/pocketbase/issues/2541)). + + +## v0.16.0 + +- Added automated backups (_+ cron rotation_) APIs and UI for the `pb_data` directory. + The backups can be also initialized programmatically using `app.CreateBackup("backup.zip")`. + There is also experimental restore method - `app.RestoreBackup("backup.zip")` (_currently works only on UNIX systems as it relies on execve_). + The backups can be stored locally or in external S3 storage (_it has its own configuration, separate from the file uploads storage filesystem_). + +- Added option to limit the returned API fields using the `?fields` query parameter. + The "fields picker" is applied for `SearchResult.Items` and every other JSON response. For example: + ```js + // original: {"id": "RECORD_ID", "name": "abc", "description": "...something very big...", "items": ["id1", "id2"], "expand": {"items": [{"id": "id1", "name": "test1"}, {"id": "id2", "name": "test2"}]}} + // output: {"name": "abc", "expand": {"items": [{"name": "test1"}, {"name": "test2"}]}} + const result = await pb.collection("example").getOne("RECORD_ID", { + expand: "items", + fields: "name,expand.items.name", + }) + ``` + +- Added new `./pocketbase update` command to selfupdate the prebuilt executable (with option to generate a backup of your `pb_data`). + +- Added new `./pocketbase admin` console command: + ```sh + // creates new admin account + ./pocketbase admin create test@example.com 123456890 + + // changes the password of an existing admin account + ./pocketbase admin update test@example.com 0987654321 + + // deletes single admin account (if exists) + ./pocketbase admin delete test@example.com + ``` + +- Added `apis.Serve(app, options)` helper to allow starting the API server programmatically. + +- Updated the schema fields Admin UI for "tidier" fields visualization. + +- Updated the logs "real" user IP to check for `Fly-Client-IP` header and changed the `X-Forwarded-For` header to use the first non-empty leftmost-ish IP as it the closest to the "real IP". + +- Added new `tools/archive` helper subpackage for managing archives (_currently works only with zip_). + +- Added new `tools/cron` helper subpackage for scheduling task using cron-like syntax (_this eventually may get exported in the future in a separate repo_). + +- Added new `Filesystem.List(prefix)` helper to retrieve a flat list with all files under the provided prefix. + +- Added new `App.NewBackupsFilesystem()` helper to create a dedicated filesystem abstraction for managing app data backups. + +- Added new `App.OnTerminate()` hook (_executed right before app termination, eg. on `SIGTERM` signal_). + +- Added `accept` file field attribute with the field MIME types ([#2466](https://github.com/pocketbase/pocketbase/pull/2466); thanks @Nikhil1920). + +- Added support for multiple files sort in the Admin UI ([#2445](https://github.com/pocketbase/pocketbase/issues/2445)). + +- Added support for multiple relations sort in the Admin UI. + +- Added `meta.isNew` to the OAuth2 auth JSON response to indicate a newly OAuth2 created PocketBase user. diff --git a/CHANGELOG_8_15.md b/CHANGELOG_8_15.md new file mode 100644 index 0000000..8dd162c --- /dev/null +++ b/CHANGELOG_8_15.md @@ -0,0 +1,1384 @@ +> List with changes from v0.8.x to v0.15.x. +> For the most recent versions, please refer to [CHANGELOG.md](./CHANGELOG.md) +--- + +## v0.15.3 + +- Updated the Admin UI to use the latest JS SDK to resolve the `isNew` record field conflict ([#2385](https://github.com/pocketbase/pocketbase/discussions/2385)). + +- Fixed `editor` field fullscreen `z-index` ([#2410](https://github.com/pocketbase/pocketbase/issues/2410)). + +- Inserts the default app settings as part of the system init migration so that they are always available when accessed from within a user defined migration ([#2423](https://github.com/pocketbase/pocketbase/discussions/2423)). + + +## v0.15.2 + +- Fixed View query `SELECT DISTINCT` identifiers parsing ([#2349-5706019](https://github.com/pocketbase/pocketbase/discussions/2349#discussioncomment-5706019)). + +- Fixed View collection schema incorrectly resolving multiple aliased fields originating from the same field source ([#2349-5707675](https://github.com/pocketbase/pocketbase/discussions/2349#discussioncomment-5707675)). + +- Added OAuth2 redirect fallback message to notify the user to go back to the app in case the browser window is not auto closed. + + +## v0.15.1 + +- Trigger the related `Record` model realtime subscription events on [custom model struct](https://pocketbase.io/docs/custom-models/) save ([#2325](https://github.com/pocketbase/pocketbase/discussions/2325)). + +- Fixed `Ctrl + S` in the `editor` field not propagating the quick save shortcut to the parent form. + +- Added `⌘ + S` alias for the record quick save shortcut (_I have no Mac device to test it but it should work based on [`e.metaKey` docs](https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/metaKey)_). + +- Enabled RTL for the TinyMCE editor ([#2327](https://github.com/pocketbase/pocketbase/issues/2327)). + +- Reduced the record form vertical layout shifts and slightly improved the rendering speed when loading multiple `relation` fields. + +- Enabled Admin UI assets cache. + + +## v0.15.0 + +- Simplified the OAuth2 authentication flow in a single "all in one" call ([#55](https://github.com/pocketbase/pocketbase/issues/55)). + Requires JS SDK v0.14.0+ or Dart SDK v0.9.0+. + The manual code-token exchange flow is still supported but the SDK method is renamed to `authWithOAuth2Code()` (_to minimize the breaking changes the JS SDK has a function overload that will proxy the existing `authWithOauth2` calls to `authWithOAuth2Code`_). + For more details and example, you could check https://pocketbase.io/docs/authentication/#oauth2-integration. + +- Added support for protected files ([#215](https://github.com/pocketbase/pocketbase/issues/215)). + Requires JS SDK v0.14.0+ or Dart SDK v0.9.0+. + It works with a short lived (~5min) file token passed as query param with the file url. + For more details and example, you could check https://pocketbase.io/docs/files-handling/#protected-files. + +- ⚠️ Fixed typo in `Record.WithUnkownData()` -> `Record.WithUnknownData()`. + +- Added simple loose wildcard search term support in the Admin UI. + +- Added auto "draft" to allow restoring previous record state in case of accidental reload or power outage. + +- Added `Ctrl + S` shortcut to save the record changes without closing the panel. + +- Added "drop files" support for the file upload field. + +- Refreshed the OAuth2 Admin UI. + + +## v0.14.5 + +- Added checks for `nil` hooks in `forms.RecordUpsert` when used with custom `Dao` ([#2277](https://github.com/pocketbase/pocketbase/issues/2277)). + +- Fixed unique detailed field error not returned on record create failure ([#2287](https://github.com/pocketbase/pocketbase/discussions/2287)). + + +## v0.14.4 + +- Fixed concurrent map write pannic on `list.ExistInSliceWithRegex()` cache ([#2272](https://github.com/pocketbase/pocketbase/issues/2272)). + + +## v0.14.3 + +- Fixed Admin UI Logs `meta` visualization in Firefox ([#2221](https://github.com/pocketbase/pocketbase/issues/2221)). + +- Downgraded to v1 of the `aws/aws-sdk-go` package since v2 has compatibility issues with GCS ([#2231](https://github.com/pocketbase/pocketbase/issues/2231)). + +- Upgraded the GitHub action to use [min Go 1.20.3](https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved) for the prebuilt executable since it contains some minor `net/http` security fixes. + + +## v0.14.2 + +- Reverted part of the old `COALESCE` handling as a fallback to support empty string comparison with missing joined relation fields. + + +## v0.14.1 + +- Fixed realtime events firing before the files upload completion. + +- Updated the underlying S3 lib to use `aws-sdk-go-v2` ([#1346](https://github.com/pocketbase/pocketbase/pull/1346); thanks @yuxiang-gao). + +- Updated TinyMCE to v6.4.1. + +- Updated the godoc of `Dao.Save*` methods. + + +## v0.14.0 + +- Added _experimental_ Apple OAuth2 integration. + +- Added `@request.headers.*` filter rule support. + +- Added support for advanced unique constraints and indexes management ([#345](https://github.com/pocketbase/pocketbase/issues/345), [#544](https://github.com/pocketbase/pocketbase/issues/544)) + +- Simplified the collections fields UI to allow easier and quicker scaffolding of the data schema. + +- Deprecated `SchemaField.Unique`. Unique constraints are now managed via indexes. + The `Unique` field is a no-op and will be removed in future version. + +- Removed the `COALESCE` wrapping from some of the generated filter conditions to make better use of the indexes ([#1939](https://github.com/pocketbase/pocketbase/issues/1939)). + +- Detect `id` aliased view columns as single `relation` fields ([#2029](https://github.com/pocketbase/pocketbase/discussions/2029)). + +- Optimized single relation lookups. + +- Normalized record values on `maxSelect` field option change (`select`, `file`, `relation`). + When changing **from single to multiple** all already inserted single values are converted to an array. + When changing **from multiple to single** only the last item of the already inserted array items is kept. + +- Changed the cost/round factor of bcrypt hash generation from 13 to 12 since several users complained about the slow authWithPassword responses on lower spec hardware. + _The change will affect only new users. Depending on the demand, we might make it configurable from the auth options._ + +- Simplified the default mail template styles to allow more control over the template layout ([#1904](https://github.com/pocketbase/pocketbase/issues/1904)). + +- Added option to explicitly set the record id from the Admin UI ([#2118](https://github.com/pocketbase/pocketbase/issues/2118)). + +- Added `migrate history-sync` command to clean `_migrations` history table from deleted migration files references. + +- Added new fields to the `core.RecordAuthWithOAuth2Event` struct: + ``` + IsNewRecord bool, // boolean field indicating whether the OAuth2 action created a new auth record + ProviderName string, // the name of the OAuth2 provider (eg. "google") + ProviderClient auth.Provider, // the loaded Provider client instance + ``` + +- Added CGO linux target for the prebuilt executable. + +- ⚠️ Renamed `daos.GetTableColumns()` to `daos.TableColumns()` for consistency with the other Dao table related helpers. + +- ⚠️ Renamed `daos.GetTableInfo()` to `daos.TableInfo()` for consistency with the other Dao table related helpers. + +- ⚠️ Changed `types.JsonArray` to support specifying a generic type, aka. `types.JsonArray[T]`. + If you have previously used `types.JsonArray`, you'll have to update it to `types.JsonArray[any]`. + +- ⚠️ Registered the `RemoveTrailingSlash` middleware only for the `/api/*` routes since it is causing issues with subpath file serving endpoints ([#2072](https://github.com/pocketbase/pocketbase/issues/2072)). + +- ⚠️ Changed the request logs `method` value to UPPERCASE, eg. "get" => "GET" ([#1956](https://github.com/pocketbase/pocketbase/discussions/1956)). + +- Other minor UI improvements. + + +## v0.13.4 + +- Removed eager unique collection name check to support lazy validation during bulk import. + + +## v0.13.3 + +- Fixed view collections import ([#2044](https://github.com/pocketbase/pocketbase/issues/2044)). + +- Updated the records picker Admin UI to show properly view collection relations. + + +## v0.13.2 + +- Fixed Admin UI js error when selecting multiple `file` field as `relation` "Display fields" ([#1989](https://github.com/pocketbase/pocketbase/issues/1989)). + + +## v0.13.1 + +- Added `HEAD` request method support for the `/api/files/:collection/:recordId/:filename` route ([#1976](https://github.com/pocketbase/pocketbase/discussions/1976)). + + +## v0.13.0 + +- Added new "View" collection type allowing you to create a read-only collection from a custom SQL `SELECT` statement. It supports: + - aggregations (`COUNT()`, `MIN()`, `MAX()`, `GROUP BY`, etc.) + - column and table aliases + - CTEs and subquery expressions + - auto `relation` fields association + - `file` fields proxying (up to 5 linked relations, eg. view1->view2->...->base) + - `filter`, `sort` and `expand` + - List and View API rules + +- Added auto fail/retry (default to 8 attempts) for the `SELECT` queries to gracefully handle the `database is locked` errors ([#1795](https://github.com/pocketbase/pocketbase/discussions/1795#discussioncomment-4882169)). + _The default max attempts can be accessed or changed via `Dao.MaxLockRetries`._ + +- Added default max query execution timeout (30s). + _The default timeout can be accessed or changed via `Dao.ModelQueryTimeout`._ + _For the prebuilt executables it can be also changed via the `--queryTimeout=10` flag._ + +- Added support for `dao.RecordQuery(collection)` to scan directly the `One()` and `All()` results in `*models.Record` or `[]*models.Record` without the need of explicit `NullStringMap`. + +- Added support to overwrite the default file serve headers if an explicit response header is set. + +- Added file thumbs when visualizing `relation` display file fields. + +- Added "Min select" `relation` field option. + +- Enabled `process.env` in JS migrations to allow accessing `os.Environ()`. + +- Added `UploadedFiles` field to the `RecordCreateEvent` and `RecordUpdateEvent` event structs. + +- ⚠️ Moved file upload after the record persistent to allow setting custom record id safely from the `OnModelBeforeCreate` hook. + +- ⚠️ Changed `System.GetFile()` to return directly `*blob.Reader` instead of the `io.ReadCloser` interface. + +- ⚠️ Changed `To`, `Cc` and `Bcc` of `mailer.Message` to `[]mail.Address` for consistency and to allow multiple recipients and optional name. + + If you are sending custom emails, you'll have to replace: + ```go + message := &mailer.Message{ + ... + + // (old) To: mail.Address{Address: "to@example.com"} + To: []mail.Address{{Address: "to@example.com", Name: "Some optional name"}}, + + // (old) Cc: []string{"cc@example.com"} + Cc: []mail.Address{{Address: "cc@example.com", Name: "Some optional name"}}, + + // (old) Bcc: []string{"bcc@example.com"} + Bcc: []mail.Address{{Address: "bcc@example.com", Name: "Some optional name"}}, + + ... + } + ``` + +- ⚠️ Refactored the Authentik integration as a more generic "OpenID Connect" provider (`oidc`) to support any OIDC provider (Okta, Keycloak, etc.). + _If you've previously used Authentik, make sure to rename the provider key in your code to `oidc`._ + _To enable more than one OIDC provider you can use the additional `oidc2` and `oidc3` provider keys._ + +- ⚠️ Removed the previously deprecated `Dao.Block()` and `Dao.Continue()` helpers in favor of `Dao.NonconcurrentDB()`. + +- Updated the internal redirects to allow easier subpath deployment when behind a reverse proxy. + +- Other minor Admin UI improvements. + + +## v0.12.3 + +- Fixed "Toggle column" reactivity when navigating between collections ([#1836](https://github.com/pocketbase/pocketbase/pull/1836)). + +- Logged the current datetime on server start ([#1822](https://github.com/pocketbase/pocketbase/issues/1822)). + + +## v0.12.2 + +- Fixed the "Clear" button of the datepicker component not clearing the value ([#1730](https://github.com/pocketbase/pocketbase/discussions/1730)). + +- Increased slightly the fields contrast ([#1742](https://github.com/pocketbase/pocketbase/issues/1742)). + +- Auto close the multi-select dropdown if "Max select" is reached. + + +## v0.12.1 + +- Fixed js error on empty relation save. + +- Fixed `overlay-active` css class not being removed on nested overlay panel close ([#1718](https://github.com/pocketbase/pocketbase/issues/1718)). + +- Added the collection name in the page title ([#1711](https://github.com/pocketbase/pocketbase/issues/1711)). + + +## v0.12.0 + +- Refactored the relation picker UI to allow server-side search, sort, create, update and delete of relation records ([#976](https://github.com/pocketbase/pocketbase/issues/976)). + +- Added new `RelationOptions.DisplayFields` option to specify custom relation field(s) visualization in the Admin UI. + +- Added Authentik OAuth2 provider ([#1377](https://github.com/pocketbase/pocketbase/pull/1377); thanks @pr0ton11). + +- Added LiveChat OAuth2 provider ([#1573](https://github.com/pocketbase/pocketbase/pull/1573); thanks @mariosant). + +- Added Gitea OAuth2 provider ([#1643](https://github.com/pocketbase/pocketbase/pull/1643); thanks @hlanderdev). + +- Added PDF file previews ([#1548](https://github.com/pocketbase/pocketbase/pull/1548); thanks @mjadobson). + +- Added video and audio file previews. + +- Added rich text editor (`editor`) field for HTML content based on TinyMCE ([#370](https://github.com/pocketbase/pocketbase/issues/370)). + _Currently the new field doesn't have any configuration options or validations but this may change in the future depending on how devs ended up using it._ + +- Added "Duplicate" Collection and Record options in the Admin UI ([#1656](https://github.com/pocketbase/pocketbase/issues/1656)). + +- Added `filesystem.GetFile()` helper to read files through the FileSystem abstraction ([#1578](https://github.com/pocketbase/pocketbase/pull/1578); thanks @avarabyeu). + +- Added new auth event hooks for finer control and more advanced auth scenarios handling: + + ```go + // auth record + OnRecordBeforeAuthWithPasswordRequest() + OnRecordAfterAuthWithPasswordRequest() + OnRecordBeforeAuthWithOAuth2Request() + OnRecordAfterAuthWithOAuth2Request() + OnRecordBeforeAuthRefreshRequest() + OnRecordAfterAuthRefreshRequest() + + // admin + OnAdminBeforeAuthWithPasswordRequest() + OnAdminAfterAuthWithPasswordRequest() + OnAdminBeforeAuthRefreshRequest() + OnAdminAfterAuthRefreshRequest() + OnAdminBeforeRequestPasswordResetRequest() + OnAdminAfterRequestPasswordResetRequest() + OnAdminBeforeConfirmPasswordResetRequest() + OnAdminAfterConfirmPasswordResetRequest() + ``` + +- Added `models.Record.CleanCopy()` helper that creates a new record copy with only the latest data state of the existing one and all other options reset to their defaults. + +- Added new helper `apis.RecordAuthResponse(app, httpContext, record, meta)` to return a standard Record auth API response ([#1623](https://github.com/pocketbase/pocketbase/issues/1623)). + +- Refactored `models.Record` expand and data change operations to be concurrent safe. + +- Refactored all `forms` Submit interceptors to use a generic data type as their payload. + +- Added several `store.Store` helpers: + ```go + store.Reset(newData map[string]T) + store.Length() int + store.GetAll() map[string]T + ``` + +- Added "tags" support for all Record and Model related event hooks. + + The "tags" allow registering event handlers that will be called only on matching table name(s) or colleciton id(s)/name(s). + For example: + ```go + app.OnRecordBeforeCreateRequest("articles").Add(func(e *core.RecordCreateEvent) error { + // called only on "articles" record creation + log.Println(e.Record) + return nil + }) + ``` + For all those event hooks `*hook.Hook` was replaced with `*hooks.TaggedHook`, but the hook methods signatures are the same so it should behave as it was previously if no tags were specified. + +- ⚠️ Fixed the `json` field **string** value normalization ([#1703](https://github.com/pocketbase/pocketbase/issues/1703)). + + In order to support seamlessly both `application/json` and `multipart/form-data` + requests, the following normalization rules are applied if the `json` field is a + **plain string value**: + + - "true" is converted to the json `true` + - "false" is converted to the json `false` + - "null" is converted to the json `null` + - "[1,2,3]" is converted to the json `[1,2,3]` + - "{\"a\":1,\"b\":2}" is converted to the json `{"a":1,"b":2}` + - numeric strings are converted to json number + - double quoted strings are left as they are (aka. without normalizations) + - any other string (empty string too) is double quoted + + Additionally, the "Nonempty" `json` field constraint now checks for `null`, `[]`, `{}` and `""` (empty string). + +- Added `aria-label` to some of the buttons in the Admin UI for better accessibility ([#1702](https://github.com/pocketbase/pocketbase/pull/1702); thanks @ndarilek). + +- Updated the filename extension checks in the Admin UI to be case-insensitive ([#1707](https://github.com/pocketbase/pocketbase/pull/1707); thanks @hungcrush). + +- Other minor improvements (more detailed API file upload errors, UI optimizations, docs improvements, etc.) + + +## v0.11.4 + +- Fixed cascade delete for rel records with the same id as the main record ([#1689](https://github.com/pocketbase/pocketbase/issues/1689)). + + +## v0.11.3 + +- Fix realtime API panic on concurrent clients iteration ([#1628](https://github.com/pocketbase/pocketbase/issues/1628)) + + - `app.SubscriptionsBroker().Clients()` now returns a shallow copy of the underlying map. + + - Added `Discard()` and `IsDiscarded()` helper methods to the `subscriptions.Client` interface. + + - Slow clients should no longer "block" the main action completion. + + +## v0.11.2 + +- Fixed `fs.DeleteByPrefix()` hang on invalid S3 settings ([#1575](https://github.com/pocketbase/pocketbase/discussions/1575#discussioncomment-4661089)). + +- Updated file(s) delete to run in the background on record/collection delete to avoid blocking the delete model transaction. + _Currently the cascade files delete operation is treated as "non-critical" and in case of an error it is just logged during debug._ + _This will be improved in the near future with the planned async job queue implementation._ + + +## v0.11.1 + +- Unescaped path parameter values ([#1552](https://github.com/pocketbase/pocketbase/issues/1552)). + + +## v0.11.0 + +- Added `+` and `-` body field modifiers for `number`, `files`, `select` and `relation` fields. + ```js + { + // oldValue + 2 + "someNumber+": 2, + + // oldValue + ["id1", "id2"] - ["id3"] + "someRelation+": ["id1", "id2"], + "someRelation-": ["id3"], + + // delete single file by its name (file fields supports only the "-" modifier!) + "someFile-": "filename.png", + } + ``` + _Note1: `@request.data.someField` will contain the final resolved value._ + + _Note2: The old index (`"field.0":null`) and filename (`"field.filename.png":null`) based suffixed syntax for deleting files is still supported._ + +- ⚠️ Added support for multi-match/match-all request data and collection multi-valued fields (`select`, `relation`) conditions. + If you want a "at least one of" type of condition, you can prefix the operator with `?`. + ```js + // for each someRelA.someRelB record require the "status" field to be "active" + someRelA.someRelB.status = "active" + + // OR for "at least one of" condition + someRelA.someRelB.status ?= "active" + ``` + _**Note: Previously the behavior for multi-valued fields was as the "at least one of" type. + The release comes with system db migration that will update your existing API rules (if needed) to preserve the compatibility. + If you have multi-select or multi-relation filter checks in your client-side code and want to preserve the old behavior, you'll have to prefix with `?` your operators.**_ + +- Added support for querying `@request.data.someRelField.*` relation fields. + ```js + // example submitted data: {"someRel": "REL_RECORD_ID"} + @request.data.someRel.status = "active" + ``` + +- Added `:isset` modifier for the static request data fields. + ```js + // prevent changing the "role" field + @request.data.role:isset = false + ``` + +- Added `:length` modifier for the arrayable request data and collection fields (`select`, `file`, `relation`). + ```js + // example submitted data: {"someSelectField": ["val1", "val2"]} + @request.data.someSelectField:length = 2 + + // check existing record field length + someSelectField:length = 2 + ``` + +- Added `:each` modifier support for the multi-`select` request data and collection field. + ```js + // check if all selected rows has "pb_" prefix + roles:each ~ 'pb_%' + ``` + +- Improved the Admin UI filters autocomplete. + +- Added `@random` sort key for `RANDOM()` sorted list results. + +- Added Strava OAuth2 provider ([#1443](https://github.com/pocketbase/pocketbase/pull/1443); thanks @szsascha). + +- Added Gitee OAuth2 provider ([#1448](https://github.com/pocketbase/pocketbase/pull/1448); thanks @yuxiang-gao). + +- Added IME status check to the textarea keydown handler ([#1370](https://github.com/pocketbase/pocketbase/pull/1370); thanks @tenthree). + +- Added `filesystem.NewFileFromBytes()` helper ([#1420](https://github.com/pocketbase/pocketbase/pull/1420); thanks @dschissler). + +- Added support for reordering uploaded multiple files. + +- Added `webp` to the default images mime type presets list ([#1469](https://github.com/pocketbase/pocketbase/pull/1469); thanks @khairulhaaziq). + +- Added the OAuth2 refresh token to the auth meta response ([#1487](https://github.com/pocketbase/pocketbase/issues/1487)). + +- Fixed the text wrapping in the Admin UI listing searchbar ([#1416](https://github.com/pocketbase/pocketbase/issues/1416)). + +- Fixed number field value output in the records listing ([#1447](https://github.com/pocketbase/pocketbase/issues/1447)). + +- Fixed duplicated settings view pages caused by uncompleted transitions ([#1498](https://github.com/pocketbase/pocketbase/issues/1498)). + +- Allowed sending `Authorization` header with the `/auth-with-password` record and admin login requests ([#1494](https://github.com/pocketbase/pocketbase/discussions/1494)). + +- `migrate down` now reverts migrations in the applied order. + +- Added additional list-bucket check in the S3 config test API. + +- Other minor improvements. + + +## v0.10.4 + +- Fixed `Record.MergeExpand` panic when the main model expand map is not initialized ([#1365](https://github.com/pocketbase/pocketbase/issues/1365)). + + +## v0.10.3 + +- ⚠️ Renamed the metadata key `original_filename` to `original-filename` due to an S3 file upload error caused by the underscore character ([#1343](https://github.com/pocketbase/pocketbase/pull/1343); thanks @yuxiang-gao). + +- Fixed request verification docs api url ([#1332](https://github.com/pocketbase/pocketbase/pull/1332); thanks @JoyMajumdar2001) + +- Excluded `collectionId` and `collectionName` from the displayable relation props list ([1322](https://github.com/pocketbase/pocketbase/issues/1322); thanks @dhall2). + + +## v0.10.2 + +- Fixed nested multiple expands with shared path ([#586](https://github.com/pocketbase/pocketbase/issues/586#issuecomment-1357784227)). + A new helper method `models.Record.MergeExpand(map[string]any)` was also added to simplify the expand handling and unit testing. + + +## v0.10.1 + +- Fixed nested transactions deadlock when authenticating with OAuth2 ([#1291](https://github.com/pocketbase/pocketbase/issues/1291)). + + +## v0.10.0 + +- Added `/api/health` endpoint (thanks @MarvinJWendt). + +- Added support for SMTP `LOGIN` auth for Microsoft/Outlook and other providers that don't support the `PLAIN` auth method ([#1217](https://github.com/pocketbase/pocketbase/discussions/1217#discussioncomment-4387970)). + +- Reduced memory consumption (you can expect ~20% less allocated memory). + +- Added support for split (concurrent and nonconcurrent) DB connections pool increasing even further the concurrent throughput without blocking reads on heavy write load. + +- Improved record references delete performance. + +- Removed the unnecessary parenthesis in the generated filter SQL query, reducing the "_parse stack overflow_" errors. + +- Fixed `~` expressions backslash literal escaping ([#1231](https://github.com/pocketbase/pocketbase/discussions/1231)). + +- Refactored the `core.app.Bootstrap()` to be called before starting the cobra commands ([#1267](https://github.com/pocketbase/pocketbase/discussions/1267)). + +- ⚠️ Changed `pocketbase.NewWithConfig(config Config)` to `pocketbase.NewWithConfig(config *Config)` and added 4 new config settings: + ```go + DataMaxOpenConns int // default to core.DefaultDataMaxOpenConns + DataMaxIdleConns int // default to core.DefaultDataMaxIdleConns + LogsMaxOpenConns int // default to core.DefaultLogsMaxOpenConns + LogsMaxIdleConns int // default to core.DefaultLogsMaxIdleConns + ``` + +- Added new helper method `core.App.IsBootstrapped()` to check the current app bootstrap state. + +- ⚠️ Changed `core.NewBaseApp(dir, encryptionEnv, isDebug)` to `NewBaseApp(config *BaseAppConfig)`. + +- ⚠️ Removed `rest.UploadedFile` struct (see below `filesystem.File`). + +- Added generic file resource struct that allows loading and uploading file content from + different sources (at the moment multipart/form-data requests and from the local filesystem). + ``` + filesystem.File{} + filesystem.NewFileFromPath(path) + filesystem.NewFileFromMultipart(multipartHeader) + filesystem/System.UploadFile(file) + ``` + +- Refactored `forms.RecordUpsert` to allow more easily loading and removing files programmatically. + ``` + forms.RecordUpsert.AddFiles(key, filesystem.File...) // add new filesystem.File to the form for upload + forms.RecordUpsert.RemoveFiles(key, filenames...) // marks the filenames for deletion + ``` + +- Trigger the `password` validators if any of the others password change fields is set. + + +## v0.9.2 + +- Fixed field column name conflict on record deletion ([#1220](https://github.com/pocketbase/pocketbase/discussions/1220)). + + +## v0.9.1 + +- Moved the record file upload and delete out of the db transaction to minimize the locking times. + +- Added `Dao` query semaphore and base fail/retry handling to improve the concurrent writes throughput ([#1187](https://github.com/pocketbase/pocketbase/issues/1187)). + +- Fixed records cascade deletion when there are "A<->B" relation references. + +- Replaced `c.QueryString()` with `c.QueryParams().Encode()` to allow loading middleware modified query parameters in the default crud actions ([#1210](https://github.com/pocketbase/pocketbase/discussions/1210)). + +- Fixed the datetime field not triggering the `onChange` event on manual field edit and added a "Clear" button ([#1219](https://github.com/pocketbase/pocketbase/issues/1219)). + +- Updated the GitHub goreleaser action to use go 1.19.4 since it comes with [some security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved). + + +## v0.9.0 + +- Fixed concurrent multi-relation cascade update/delete ([#1138](https://github.com/pocketbase/pocketbase/issues/1138)). + +- Added the raw OAuth2 user data (`meta.rawUser`) and OAuth2 access token (`meta.accessToken`) to the auth response ([#654](https://github.com/pocketbase/pocketbase/discussions/654)). + +- `BaseModel.UnmarkAsNew()` method was renamed to `BaseModel.MarkAsNotNew()`. + Additionally, to simplify the insert model queries with custom IDs, it is no longer required to call `MarkAsNew()` for manually initialized models with set ID since now this is the default state. + When the model is populated with values from the database (eg. after row `Scan`) it will be marked automatically as "not new". + +- Added `Record.OriginalCopy()` method that returns a new `Record` copy populated with the initially loaded record data (useful if you want to compare old and new field values). + +- Added new event hooks: + ```go + app.OnBeforeBootstrap() + app.OnAfterBootstrap() + app.OnBeforeApiError() + app.OnAfterApiError() + app.OnRealtimeDisconnectRequest() + app.OnRealtimeBeforeMessageSend() + app.OnRealtimeAfterMessageSend() + app.OnRecordBeforeRequestPasswordResetRequest() + app.OnRecordAfterRequestPasswordResetRequest() + app.OnRecordBeforeConfirmPasswordResetRequest() + app.OnRecordAfterConfirmPasswordResetRequest() + app.OnRecordBeforeRequestVerificationRequest() + app.OnRecordAfterRequestVerificationRequest() + app.OnRecordBeforeConfirmVerificationRequest() + app.OnRecordAfterConfirmVerificationRequest() + app.OnRecordBeforeRequestEmailChangeRequest() + app.OnRecordAfterRequestEmailChangeRequest() + app.OnRecordBeforeConfirmEmailChangeRequest() + app.OnRecordAfterConfirmEmailChangeRequest() + ``` + +- The original uploaded file name is now stored as metadata under the `original_filename` key. It could be accessed via: + ```go + fs, _ := app.NewFilesystem() + defer fs.Close() + + attrs, _ := fs.Attributes(fikeKey) + attrs.Metadata["original_name"] + ``` + +- Added support for `Partial/Range` file requests ([#1125](https://github.com/pocketbase/pocketbase/issues/1125)). + This is a minor breaking change if you are using `filesystem.Serve` (eg. as part of a custom `OnFileDownloadRequest` hook): + ```go + // old + filesystem.Serve(res, e.ServedPath, e.ServedName) + + // new + filesystem.Serve(res, req, e.ServedPath, e.ServedName) + ``` + +- Refactored the `migrate` command to support **external JavaScript migration files** using an embedded JS interpreter ([goja](https://github.com/dop251/goja)). + This allow writing custom migration scripts such as programmatically creating collections, + initializing default settings, running data imports, etc., with a JavaScript API very similar to the Go one (_more documentation will be available soon_). + + The `migrate` command is available by default for the prebuilt executable, + but if you use PocketBase as framework you need register it manually: + ```go + migrationsDir := "" // default to "pb_migrations" (for js) and "migrations" (for go) + + // load js files if you want to allow loading external JavaScript migrations + jsvm.MustRegisterMigrations(app, &jsvm.MigrationsOptions{ + Dir: migrationsDir, + }) + + // register the `migrate` command + migratecmd.MustRegister(app, app.RootCmd, &migratecmd.Options{ + TemplateLang: migratecmd.TemplateLangJS, // or migratecmd.TemplateLangGo (default) + Dir: migrationsDir, + Automigrate: true, + }) + ``` + + **The refactoring also comes with automigrations support.** + + If `Automigrate` is enabled (`true` by default for the prebuilt executable; can be disabled with `--automigrate=0`), + PocketBase will generate seamlessly in the background JS (or Go) migration file with your collection changes. + **The directory with the JS migrations can be committed to your git repo.** + All migrations (Go and JS) are automatically executed on server start. + Also note that the auto generated migrations are granural (in contrast to the `migrate collections` snapshot command) + and allow multiple developers to do changes on the collections independently (even editing the same collection) miniziming the eventual merge conflicts. + Here is a sample JS migration file that will be generated if you for example edit a single collection name: + ```js + // pb_migrations/1669663597_updated_posts_old.js + migrate((db) => { + // up + const dao = new Dao(db) + const collection = dao.findCollectionByNameOrId("lngf8rb3dqu86r3") + collection.name = "posts_new" + return dao.saveCollection(collection) + }, (db) => { + // down + const dao = new Dao(db) + const collection = dao.findCollectionByNameOrId("lngf8rb3dqu86r3") + collection.name = "posts_old" + return dao.saveCollection(collection) + }) + ``` + +- Added new `Dao` helpers to make it easier fetching and updating the app settings from a migration: + ```go + dao.FindSettings([optEncryptionKey]) + dao.SaveSettings(newSettings, [optEncryptionKey]) + ``` + +- Moved `core.Settings` to `models/settings.Settings`: + ``` + core.Settings{} -> settings.Settings{} + core.NewSettings() -> settings.New() + core.MetaConfig{} -> settings.MetaConfig{} + core.LogsConfig{} -> settings.LogsConfig{} + core.SmtpConfig{} -> settings.SmtpConfig{} + core.S3Config{} -> settings.S3Config{} + core.TokenConfig{} -> settings.TokenConfig{} + core.AuthProviderConfig{} -> settings.AuthProviderConfig{} + ``` + +- Changed the `mailer.Mailer` interface (**minor breaking if you are sending custom emails**): + ```go + // Old: + app.NewMailClient().Send(from, to, subject, html, attachments?) + + // New: + app.NewMailClient().Send(&mailer.Message{ + From: from, + To: to, + Subject: subject, + HTML: html, + Attachments: attachments, + // new configurable fields + Bcc: []string{"bcc1@example.com", "bcc2@example.com"}, + Cc: []string{"cc1@example.com", "cc2@example.com"}, + Headers: map[string]string{"Custom-Header": "test"}, + Text: "custom plain text version", + }) + ``` + The new `*mailer.Message` struct is also now a member of the `MailerRecordEvent` and `MailerAdminEvent` events. + +- Other minor UI fixes and improvements + + +## v0.8.0 + +**⚠️ This release contains breaking changes and requires some manual migration steps!** + +The biggest change is the merge of the `User` models and the `profiles` collection per [#376](https://github.com/pocketbase/pocketbase/issues/376). +There is no longer `user` type field and the users are just an "auth" collection (we now support **collection types**, currently only "base" and "auth"). +This should simplify the users management and at the same time allow us to have unlimited multiple "auth" collections each with their own custom fields and authentication options (eg. staff, client, etc.). + +In addition to the `Users` and `profiles` merge, this release comes with several other improvements: + +- Added indirect expand support [#312](https://github.com/pocketbase/pocketbase/issues/312#issuecomment-1242893496). + +- The `json` field type now supports filtering and sorting [#423](https://github.com/pocketbase/pocketbase/issues/423#issuecomment-1258302125). + +- The `relation` field now allows unlimited `maxSelect` (aka. without upper limit). + +- Added support for combined email/username + password authentication (see below `authWithPassword()`). + +- Added support for full _"manager-subordinate"_ users management, including a special API rule to allow directly changing system fields like email, password, etc. without requiring `oldPassword` or other user verification. + +- Enabled OAuth2 account linking on authorized request from the same auth collection (_this is useful for example if the OAuth2 provider doesn't return an email and you want to associate it with the current logged in user_). + +- Added option to toggle the record columns visibility from the table listing. + +- Added support for collection schema fields reordering. + +- Added several new OAuth2 providers (Microsoft Azure AD, Spotify, Twitch, Kakao). + +- Improved memory usage on large file uploads [#835](https://github.com/pocketbase/pocketbase/discussions/835). + +- More detailed API preview docs and site documentation (the repo is located at https://github.com/pocketbase/site). + +- Other minor performance improvements (mostly related to the search apis). + +### Migrate from v0.7.x + +- **[Data](#data)** +- **[SDKs](#sdks)** +- **[API](#api)** +- **[Internals](#internals)** + +#### Data + +The merge of users and profiles comes with several required db changes. +The easiest way to apply them is to use the new temporary `upgrade` command: + +```sh +# make sure to have a copy of your pb_data in case something fails +cp -r ./pb_data ./pb_data_backup + +# run the upgrade command +./pocketbase08 upgrade + +# start the application as usual +./pocketbase08 serve +``` + +The upgrade command: + +- Creates a new `users` collection with merged fields from the `_users` table and the `profiles` collection. + The new user records will have the ids from the `profiles` collection. +- Changes all `user` type fields to `relation` and update the references to point to the new user ids. +- Renames all `@collection.profiles.*`, `@request.user.*` and `@request.user.profile.*` filters to `@collection.users.*` and `@request.auth.*`. +- Appends `2` to all **schema field names** and **api filter rules** that conflicts with the new system reserved ones: + ``` + collectionId => collectionId2 + collectionName => collectionName2 + expand => expand2 + + // only for the "profiles" collection fields: + username => username2 + email => email2 + emailVisibility => emailVisibility2 + verified => verified2 + tokenKey => tokenKey2 + passwordHash => passwordHash2 + lastResetSentAt => lastResetSentAt2 + lastVerificationSentAt => lastVerificationSentAt2 + ``` + +#### SDKs + +Please check the individual SDK package changelog and apply the necessary changes in your code: + +- [**JavaScript SDK changelog**](https://github.com/pocketbase/js-sdk/blob/master/CHANGELOG.md) + ```sh + npm install pocketbase@latest --save + ``` + +- [**Dart SDK changelog**](https://github.com/pocketbase/dart-sdk/blob/master/CHANGELOG.md) + + ```sh + dart pub add pocketbase:^0.5.0 + # or with Flutter: + flutter pub add pocketbase:^0.5.0 + ``` + +#### API + +> _**You don't have to read this if you are using an official SDK.**_ + +- The authorization schema is no longer necessary. Now it is auto detected from the JWT token payload: + + + + + + + + + + + + + +
OldNew
Authorization: Admin TOKENAuthorization: TOKEN
Authorization: User TOKENAuthorization: TOKEN
+ +- All datetime stings are now returned in ISO8601 format - with _Z_ suffix and space as separator between the date and time part: + + + + + + + + + +
OldNew
2022-01-02 03:04:05.6782022-01-02 03:04:05.678Z
+ +- Removed the `@` prefix from the system record fields for easier json parsing: + + + + + + + + + + + + + + + + + +
OldNew
@collectionIdcollectionId
@collectionNamecollectionName
@expandexpand
+ +- All users api handlers are moved under `/api/collections/:collection/`: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
+ GET /api/users/auth-methods + + GET /api/collections/:collection/auth-methods +
+ POST /api/users/refresh + + POST /api/collections/:collection/auth-refresh +
POST /api/users/auth-via-oauth2 + POST /api/collections/:collection/auth-with-oauth2 +
+ You can now also pass optional createData object on OAuth2 sign-up. +
+ Also please note that now required user/profile fields are properly validated when creating new auth model on OAuth2 sign-up. +
POST /api/users/auth-via-email + POST /api/collections/:collection/auth-with-password +
+ Handles username/email + password authentication. +
+ {"identity": "usernameOrEmail", "password": "123456"} +
POST /api/users/request-password-resetPOST /api/collections/:collection/request-password-reset
POST /api/users/confirm-password-resetPOST /api/collections/:collection/confirm-password-reset
POST /api/users/request-verificationPOST /api/collections/:collection/request-verification
POST /api/users/confirm-verificationPOST /api/collections/:collection/confirm-verification
POST /api/users/request-email-changePOST /api/collections/:collection/request-email-change
POST /api/users/confirm-email-changePOST /api/collections/:collection/confirm-email-change
GET /api/usersGET /api/collections/:collection/records
GET /api/users/:idGET /api/collections/:collection/records/:id
POST /api/usersPOST /api/collections/:collection/records
PATCH /api/users/:idPATCH /api/collections/:collection/records/:id
DELETE /api/users/:idDELETE /api/collections/:collection/records/:id
GET /api/users/:id/external-authsGET /api/collections/:collection/records/:id/external-auths
DELETE /api/users/:id/external-auths/:providerDELETE /api/collections/:collection/records/:id/external-auths/:provider
+ + _In relation to the above changes, the `user` property in the auth response is renamed to `record`._ + +- The admins api was also updated for consistency with the users api changes: + + + + + + + + + + + + + +
OldNew
+ POST /api/admins/refresh + + POST /api/admins/auth-refresh +
POST /api/admins/auth-via-email + POST /api/admins/auth-with-password +
+ {"identity": "test@example.com", "password": "123456"} +
+ (notice that the email body field was renamed to identity) +
+ +- To prevent confusion with the auth method responses, the following endpoints now returns 204 with empty body (previously 200 with token and auth model): + ``` + POST /api/admins/confirm-password-reset + POST /api/collections/:collection/confirm-password-reset + POST /api/collections/:collection/confirm-verification + POST /api/collections/:collection/confirm-email-change + ``` + +- Renamed the "user" related settings fields returned by `GET /api/settings`: + + + + + + + + + + + + + + + + + + + + + +
OldNew
userAuthTokenrecordAuthToken
userPasswordResetTokenrecordPasswordResetToken
userEmailChangeTokenrecordEmailChangeToken
userVerificationTokenrecordVerificationToken
+ +#### Internals + +> _**You don't have to read this if you are not using PocketBase as framework.**_ + +- Removed `forms.New*WithConfig()` factories to minimize ambiguities. + If you need to pass a transaction Dao you can use the new `SetDao(dao)` method available to the form instances. + +- `forms.RecordUpsert.LoadData(data map[string]any)` now can bulk load external data from a map. + To load data from a request instance, you could use `forms.RecordUpsert.LoadRequest(r, optKeysPrefix = "")`. + +- `schema.RelationOptions.MaxSelect` has new type `*int` (_you can use the new `types.Pointer(123)` helper to assign pointer values_). + +- Renamed the constant `apis.ContextUserKey` (_"user"_) to `apis.ContextAuthRecordKey` (_"authRecord"_). + +- Replaced user related middlewares with their auth record alternative: + + + + + + + + + + + + + + + + + +
OldNew
apis.RequireUserAuth()apis.RequireRecordAuth(optCollectionNames ...string)
apis.RequireAdminOrUserAuth()apis.RequireAdminOrRecordAuth(optCollectionNames ...string)
N/A + RequireSameContextRecordAuth() +
+ (requires the auth record to be from the same context collection) +
+ +- The following record Dao helpers now uses the collection id or name instead of `*models.Collection` instance to reduce the verbosity when fetching records: + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
dao.FindRecordById(collection, ...)dao.FindRecordById(collectionNameOrId, ...)
dao.FindRecordsByIds(collection, ...)dao.FindRecordsByIds(collectionNameOrId, ...)
dao.FindRecordsByExpr(collection, ...)dao.FindRecordsByExpr(collectionNameOrId, ...)
dao.FindFirstRecordByData(collection, ...)dao.FindFirstRecordByData(collectionNameOrId, ...)
dao.IsRecordValueUnique(collection, ...)dao.IsRecordValueUnique(collectionNameOrId, ...)
+ +- Replaced all User related Dao helpers with Record equivalents: + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
dao.UserQuery()dao.RecordQuery(collection)
dao.FindUserById(id)dao.FindRecordById(collectionNameOrId, id)
dao.FindUserByToken(token, baseKey)dao.FindAuthRecordByToken(token, baseKey)
dao.FindUserByEmail(email)dao.FindAuthRecordByEmail(collectionNameOrId, email)
N/Adao.FindAuthRecordByUsername(collectionNameOrId, username)
+ +- Moved the formatted `ApiError` struct and factories to the `github.com/pocketbase/pocketbase/apis` subpackage: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
Import path
github.com/pocketbase/pocketbase/tools/restgithub.com/pocketbase/pocketbase/apis
Fields
rest.ApiError{}apis.ApiError{}
rest.NewNotFoundError()apis.NewNotFoundError()
rest.NewBadRequestError()apis.NewBadRequestError()
rest.NewForbiddenError()apis.NewForbiddenError()
rest.NewUnauthorizedError()apis.NewUnauthorizedError()
rest.NewApiError()apis.NewApiError()
+ +- Renamed `models.Record` helper getters: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
SetDataValueSet
GetDataValueGet
GetBoolDataValueGetBool
GetStringDataValueGetString
GetIntDataValueGetInt
GetFloatDataValueGetFloat
GetTimeDataValueGetTime
GetDateTimeDataValueGetDateTime
GetStringSliceDataValueGetStringSlice
+ +- Added new auth collection `models.Record` helpers: + ```go + func (m *Record) Username() string + func (m *Record) SetUsername(username string) error + func (m *Record) Email() string + func (m *Record) SetEmail(email string) error + func (m *Record) EmailVisibility() bool + func (m *Record) SetEmailVisibility(visible bool) error + func (m *Record) IgnoreEmailVisibility(state bool) + func (m *Record) Verified() bool + func (m *Record) SetVerified(verified bool) error + func (m *Record) TokenKey() string + func (m *Record) SetTokenKey(key string) error + func (m *Record) RefreshTokenKey() error + func (m *Record) LastResetSentAt() types.DateTime + func (m *Record) SetLastResetSentAt(dateTime types.DateTime) error + func (m *Record) LastVerificationSentAt() types.DateTime + func (m *Record) SetLastVerificationSentAt(dateTime types.DateTime) error + func (m *Record) ValidatePassword(password string) bool + func (m *Record) SetPassword(password string) error + ``` + +- Added option to return serialized custom `models.Record` fields data: + ```go + func (m *Record) UnknownData() map[string]any + func (m *Record) WithUnknownData(state bool) + ``` + +- Deleted `model.User`. Now the user data is stored as an auth `models.Record`. + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
User.EmailRecord.Email()
User.TokenKeyRecord.TokenKey()
User.VerifiedRecord.Verified()
User.SetPassword()Record.SetPassword()
User.RefreshTokenKey()Record.RefreshTokenKey()
etc.
+ +- Replaced `User` related event hooks with their `Record` alternative: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OldNew
OnMailerBeforeUserResetPasswordSend() *hook.Hook[*MailerUserEvent]OnMailerBeforeRecordResetPasswordSend() *hook.Hook[*MailerRecordEvent]
OnMailerAfterUserResetPasswordSend() *hook.Hook[*MailerUserEvent]OnMailerAfterRecordResetPasswordSend() *hook.Hook[*MailerRecordEvent]
OnMailerBeforeUserVerificationSend() *hook.Hook[*MailerUserEvent]OnMailerBeforeRecordVerificationSend() *hook.Hook[*MailerRecordEvent]
OnMailerAfterUserVerificationSend() *hook.Hook[*MailerUserEvent]OnMailerAfterRecordVerificationSend() *hook.Hook[*MailerRecordEvent]
OnMailerBeforeUserChangeEmailSend() *hook.Hook[*MailerUserEvent]OnMailerBeforeRecordChangeEmailSend() *hook.Hook[*MailerRecordEvent]
OnMailerAfterUserChangeEmailSend() *hook.Hook[*MailerUserEvent]OnMailerAfterRecordChangeEmailSend() *hook.Hook[*MailerRecordEvent]
OnUsersListRequest() *hook.Hook[*UserListEvent]OnRecordsListRequest() *hook.Hook[*RecordsListEvent]
OnUserViewRequest() *hook.Hook[*UserViewEvent]OnRecordViewRequest() *hook.Hook[*RecordViewEvent]
OnUserBeforeCreateRequest() *hook.Hook[*UserCreateEvent]OnRecordBeforeCreateRequest() *hook.Hook[*RecordCreateEvent]
OnUserAfterCreateRequest() *hook.Hook[*UserCreateEvent]OnRecordAfterCreateRequest() *hook.Hook[*RecordCreateEvent]
OnUserBeforeUpdateRequest() *hook.Hook[*UserUpdateEvent]OnRecordBeforeUpdateRequest() *hook.Hook[*RecordUpdateEvent]
OnUserAfterUpdateRequest() *hook.Hook[*UserUpdateEvent]OnRecordAfterUpdateRequest() *hook.Hook[*RecordUpdateEvent]
OnUserBeforeDeleteRequest() *hook.Hook[*UserDeleteEvent]OnRecordBeforeDeleteRequest() *hook.Hook[*RecordDeleteEvent]
OnUserAfterDeleteRequest() *hook.Hook[*UserDeleteEvent]OnRecordAfterDeleteRequest() *hook.Hook[*RecordDeleteEvent]
OnUserAuthRequest() *hook.Hook[*UserAuthEvent]OnRecordAuthRequest() *hook.Hook[*RecordAuthEvent]
OnUserListExternalAuths() *hook.Hook[*UserListExternalAuthsEvent]OnRecordListExternalAuths() *hook.Hook[*RecordListExternalAuthsEvent]
OnUserBeforeUnlinkExternalAuthRequest() *hook.Hook[*UserUnlinkExternalAuthEvent]OnRecordBeforeUnlinkExternalAuthRequest() *hook.Hook[*RecordUnlinkExternalAuthEvent]
OnUserAfterUnlinkExternalAuthRequest() *hook.Hook[*UserUnlinkExternalAuthEvent]OnRecordAfterUnlinkExternalAuthRequest() *hook.Hook[*RecordUnlinkExternalAuthEvent]
+ +- Replaced `forms.UserEmailLogin{}` with `forms.RecordPasswordLogin{}` (for both username and email depending on which is enabled for the collection). + +- Renamed user related `core.Settings` fields: + + + + + + + + + + + + + + + + + + + + + +
OldNew
core.Settings.UserAuthToken{}core.Settings.RecordAuthToken{}
core.Settings.UserPasswordResetToken{}core.Settings.RecordPasswordResetToken{}
core.Settings.UserEmailChangeToken{}core.Settings.RecordEmailChangeToken{}
core.Settings.UserVerificationToken{}core.Settings.RecordVerificationToken{}
+ +- Marked as "Deprecated" and will be removed in v0.9+: + ``` + core.Settings.EmailAuth{} + core.EmailAuthConfig{} + schema.FieldTypeUser + schema.UserOptions{} + ``` + +- The second argument of `apis.StaticDirectoryHandler(fileSystem, enableIndexFallback)` now is used to enable/disable index.html forwarding on missing file (eg. in case of SPA). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..a55e7d5 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,82 @@ +# Contributing to PocketBase + +Thanks for taking the time to improve PocketBase! + +This document describes how to prepare a PR for a change in the main repository. + +- [Prerequisites](#prerequisites) +- [Making changes in the Go code](#making-changes-in-the-go-code) +- [Making changes in the Admin UI](#making-changes-in-the-admin-ui) + +## Prerequisites + +- Go 1.23+ (for making changes in the Go code) +- Node 18+ (for making changes in the Admin UI) + +If you haven't already, you can fork the main repository and clone your fork so that you can work locally: + +``` +git clone https://github.com/your_username/pocketbase.git +``` + +> [!IMPORTANT] +> It is recommended to create a new branch from master for each of your bugfixes and features. +> This is required if you are planning to submit multiple PRs in order to keep the changes separate for review until they eventually get merged. + +## Making changes in the Go code + +PocketBase is distributed as a Go package, which means that in order to run the project you'll have to create a Go `main` program that imports the package. + +The repository already includes such program, located in `examples/base`, that is also used for the prebuilt executables. + +So, let's assume that you already done some changes in the PocketBase Go code and you want now to run them: + +1. Navigate to `examples/base` +2. Run `go run main.go serve` + +This will start a web server on `http://localhost:8090` with the embedded prebuilt Admin UI from `ui/dist`. And that's it! + +**Before making a PR to the main repository, it is a good idea to:** + +- Add unit/integration tests for your changes (we are using the standard `testing` go package). + To run the tests, you could execute (while in the root project directory): + + ```sh + go test ./... + + # or using the Makefile + make test + ``` + +- Run the linter - **golangci** ([see how to install](https://golangci-lint.run/usage/install/#local-installation)): + + ```sh + golangci-lint run -c ./golangci.yml ./... + + # or using the Makefile + make lint + ``` + +## Making changes in the Admin UI + +PocketBase Admin UI is a single-page application (SPA) built with Svelte and Vite. + +To start the Admin UI: + +1. Navigate to the `ui` project directory +2. Run `npm install` to install the node dependencies +3. Start vite's dev server + ```sh + npm run dev + ``` + +You could open the browser and access the running Admin UI at `http://localhost:3000`. + +Since the Admin UI is just a client-side application, you need to have the PocketBase backend server also running in the background (either manually running the `examples/base/main.go` or download a prebuilt executable). + +> [!NOTE] +> By default, the Admin UI is expecting the backend server to be started at `http://localhost:8090`, but you could change that by creating a new `ui/.env.development.local` file with `PB_BACKEND_URL = YOUR_ADDRESS` variable inside it. + +Every change you make in the Admin UI should be automatically reflected in the browser at `http://localhost:3000` without reloading the page. + +Once you are done with your changes, you have to build the Admin UI with `npm run build`, so that it can be embedded in the go package. And that's it - you can make your PR to the main PocketBase repository. diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..e3b8465 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,17 @@ +The MIT License (MIT) +Copyright (c) 2022 - present, Gani Georgiev + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software +and associated documentation files (the "Software"), to deal in the Software without restriction, +including without limitation the rights to use, copy, modify, merge, publish, distribute, +sublicense, and/or sell copies of the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or +substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING +BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..5418e1a --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +lint: + golangci-lint run -c ./golangci.yml ./... + +test: + go test ./... -v --cover + +jstypes: + go run ./plugins/jsvm/internal/types/types.go + +test-report: + go test ./... -v --cover -coverprofile=coverage.out + go tool cover -html=coverage.out diff --git a/README.md b/README.md new file mode 100644 index 0000000..0710d16 --- /dev/null +++ b/README.md @@ -0,0 +1,153 @@ +

+ + PocketBase - open source backend in 1 file + +

+ +

+ build + Latest releases + Go package documentation +

+ +[PocketBase](https://pocketbase.io) is an open source Go backend that includes: + +- embedded database (_SQLite_) with **realtime subscriptions** +- built-in **files and users management** +- convenient **Admin dashboard UI** +- and simple **REST-ish API** + +**For documentation and examples, please visit https://pocketbase.io/docs.** + +> [!WARNING] +> Please keep in mind that PocketBase is still under active development +> and therefore full backward compatibility is not guaranteed before reaching v1.0.0. + +## API SDK clients + +The easiest way to interact with the PocketBase Web APIs is to use one of the official SDK clients: + +- **JavaScript - [pocketbase/js-sdk](https://github.com/pocketbase/js-sdk)** (_Browser, Node.js, React Native_) +- **Dart - [pocketbase/dart-sdk](https://github.com/pocketbase/dart-sdk)** (_Web, Mobile, Desktop, CLI_) + +You could also check the recommendations in https://pocketbase.io/docs/how-to-use/. + + +## Overview + +### Use as standalone app + +You could download the prebuilt executable for your platform from the [Releases page](https://github.com/pocketbase/pocketbase/releases). +Once downloaded, extract the archive and run `./pocketbase serve` in the extracted directory. + +The prebuilt executables are based on the [`examples/base/main.go` file](https://github.com/pocketbase/pocketbase/blob/master/examples/base/main.go) and comes with the JS VM plugin enabled by default which allows to extend PocketBase with JavaScript (_for more details please refer to [Extend with JavaScript](https://pocketbase.io/docs/js-overview/)_). + +### Use as a Go framework/toolkit + +PocketBase is distributed as a regular Go library package which allows you to build +your own custom app specific business logic and still have a single portable executable at the end. + +Here is a minimal example: + +0. [Install Go 1.23+](https://go.dev/doc/install) (_if you haven't already_) + +1. Create a new project directory with the following `main.go` file inside it: + ```go + package main + + import ( + "log" + + "github.com/pocketbase/pocketbase" + "github.com/pocketbase/pocketbase/core" + ) + + func main() { + app := pocketbase.New() + + app.OnServe().BindFunc(func(se *core.ServeEvent) error { + // registers new "GET /hello" route + se.Router.GET("/hello", func(re *core.RequestEvent) error { + return re.String(200, "Hello world!") + }) + + return se.Next() + }) + + if err := app.Start(); err != nil { + log.Fatal(err) + } + } + ``` + +2. To init the dependencies, run `go mod init myapp && go mod tidy`. + +3. To start the application, run `go run main.go serve`. + +4. To build a statically linked executable, you can run `CGO_ENABLED=0 go build` and then start the created executable with `./myapp serve`. + +_For more details please refer to [Extend with Go](https://pocketbase.io/docs/go-overview/)._ + +### Building and running the repo main.go example + +To build the minimal standalone executable, like the prebuilt ones in the releases page, you can simply run `go build` inside the `examples/base` directory: + +0. [Install Go 1.23+](https://go.dev/doc/install) (_if you haven't already_) +1. Clone/download the repo +2. Navigate to `examples/base` +3. Run `GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build` + (_https://go.dev/doc/install/source#environment_) +4. Start the created executable by running `./base serve`. + +Note that the supported build targets by the pure Go SQLite driver at the moment are: + +``` +darwin amd64 +darwin arm64 +freebsd amd64 +freebsd arm64 +linux 386 +linux amd64 +linux arm +linux arm64 +linux ppc64le +linux riscv64 +linux s390x +windows amd64 +windows arm64 +``` + +### Testing + +PocketBase comes with mixed bag of unit and integration tests. +To run them, use the standard `go test` command: + +```sh +go test ./... +``` + +Check also the [Testing guide](http://pocketbase.io/docs/testing) to learn how to write your own custom application tests. + +## Security + +If you discover a security vulnerability within PocketBase, please send an e-mail to **support at pocketbase.io**. + +All reports will be promptly addressed and you'll be credited in the fix release notes. + +## Contributing + +PocketBase is free and open source project licensed under the [MIT License](LICENSE.md). +You are free to do whatever you want with it, even offering it as a paid service. + +You could help continuing its development by: + +- [Contribute to the source code](CONTRIBUTING.md) +- [Suggest new features and report issues](https://github.com/pocketbase/pocketbase/issues) + +PRs for new OAuth2 providers, bug fixes, code optimizations and documentation improvements are more than welcome. + +But please refrain creating PRs for _new features_ without previously discussing the implementation details. +PocketBase has a [roadmap](https://github.com/orgs/pocketbase/projects/2) and I try to work on issues in specific order and such PRs often come in out of nowhere and skew all initial planning with tedious back-and-forth communication. + +Don't get upset if I close your PR, even if it is well executed and tested. This doesn't mean that it will never be merged. +Later we can always refer to it and/or take pieces of your implementation when the time comes to work on the issue (don't worry you'll be credited in the release notes). diff --git a/apis/api_error_aliases.go b/apis/api_error_aliases.go new file mode 100644 index 0000000..95b708b --- /dev/null +++ b/apis/api_error_aliases.go @@ -0,0 +1,47 @@ +package apis + +import "github.com/pocketbase/pocketbase/tools/router" + +// ApiError aliases to minimize the breaking changes with earlier versions +// and for consistency with the JSVM binds. +// ------------------------------------------------------------------- + +// ToApiError wraps err into ApiError instance (if not already). +func ToApiError(err error) *router.ApiError { + return router.ToApiError(err) +} + +// NewApiError is an alias for [router.NewApiError]. +func NewApiError(status int, message string, errData any) *router.ApiError { + return router.NewApiError(status, message, errData) +} + +// NewBadRequestError is an alias for [router.NewBadRequestError]. +func NewBadRequestError(message string, errData any) *router.ApiError { + return router.NewBadRequestError(message, errData) +} + +// NewNotFoundError is an alias for [router.NewNotFoundError]. +func NewNotFoundError(message string, errData any) *router.ApiError { + return router.NewNotFoundError(message, errData) +} + +// NewForbiddenError is an alias for [router.NewForbiddenError]. +func NewForbiddenError(message string, errData any) *router.ApiError { + return router.NewForbiddenError(message, errData) +} + +// NewUnauthorizedError is an alias for [router.NewUnauthorizedError]. +func NewUnauthorizedError(message string, errData any) *router.ApiError { + return router.NewUnauthorizedError(message, errData) +} + +// NewTooManyRequestsError is an alias for [router.NewTooManyRequestsError]. +func NewTooManyRequestsError(message string, errData any) *router.ApiError { + return router.NewTooManyRequestsError(message, errData) +} + +// NewInternalServerError is an alias for [router.NewInternalServerError]. +func NewInternalServerError(message string, errData any) *router.ApiError { + return router.NewInternalServerError(message, errData) +} diff --git a/apis/backup.go b/apis/backup.go new file mode 100644 index 0000000..f1f2eb6 --- /dev/null +++ b/apis/backup.go @@ -0,0 +1,155 @@ +package apis + +import ( + "context" + "net/http" + "path/filepath" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +// bindBackupApi registers the file api endpoints and the corresponding handlers. +func bindBackupApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + sub := rg.Group("/backups") + sub.GET("", backupsList).Bind(RequireSuperuserAuth()) + sub.POST("", backupCreate).Bind(RequireSuperuserAuth()) + sub.POST("/upload", backupUpload).Bind(BodyLimit(0), RequireSuperuserAuth()) + sub.GET("/{key}", backupDownload) // relies on superuser file token + sub.DELETE("/{key}", backupDelete).Bind(RequireSuperuserAuth()) + sub.POST("/{key}/restore", backupRestore).Bind(RequireSuperuserAuth()) +} + +type backupFileInfo struct { + Modified types.DateTime `json:"modified"` + Key string `json:"key"` + Size int64 `json:"size"` +} + +func backupsList(e *core.RequestEvent) error { + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return e.BadRequestError("Failed to load backups filesystem.", err) + } + defer fsys.Close() + + fsys.SetContext(ctx) + + backups, err := fsys.List("") + if err != nil { + return e.BadRequestError("Failed to retrieve backup items. Raw error: \n"+err.Error(), nil) + } + + result := make([]backupFileInfo, len(backups)) + + for i, obj := range backups { + modified, _ := types.ParseDateTime(obj.ModTime) + + result[i] = backupFileInfo{ + Key: obj.Key, + Size: obj.Size, + Modified: modified, + } + } + + return e.JSON(http.StatusOK, result) +} + +func backupDownload(e *core.RequestEvent) error { + fileToken := e.Request.URL.Query().Get("token") + + authRecord, err := e.App.FindAuthRecordByToken(fileToken, core.TokenTypeFile) + if err != nil || !authRecord.IsSuperuser() { + return e.ForbiddenError("Insufficient permissions to access the resource.", err) + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) + defer cancel() + + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return e.InternalServerError("Failed to load backups filesystem.", err) + } + defer fsys.Close() + + fsys.SetContext(ctx) + + key := e.Request.PathValue("key") + + return fsys.Serve( + e.Response, + e.Request, + key, + filepath.Base(key), // without the path prefix (if any) + ) +} + +func backupDelete(e *core.RequestEvent) error { + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return e.InternalServerError("Failed to load backups filesystem.", err) + } + defer fsys.Close() + + fsys.SetContext(ctx) + + key := e.Request.PathValue("key") + + if key != "" && cast.ToString(e.App.Store().Get(core.StoreKeyActiveBackup)) == key { + return e.BadRequestError("The backup is currently being used and cannot be deleted.", nil) + } + + if err := fsys.Delete(key); err != nil { + return e.BadRequestError("Invalid or already deleted backup file. Raw error: \n"+err.Error(), nil) + } + + return e.NoContent(http.StatusNoContent) +} + +func backupRestore(e *core.RequestEvent) error { + if e.App.Store().Has(core.StoreKeyActiveBackup) { + return e.BadRequestError("Try again later - another backup/restore process has already been started.", nil) + } + + key := e.Request.PathValue("key") + + existsCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return e.InternalServerError("Failed to load backups filesystem.", err) + } + defer fsys.Close() + + fsys.SetContext(existsCtx) + + if exists, err := fsys.Exists(key); !exists { + return e.BadRequestError("Missing or invalid backup file.", err) + } + + routine.FireAndForget(func() { + // give some optimistic time to write the response before restarting the app + time.Sleep(1 * time.Second) + + // wait max 10 minutes to fetch the backup + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute) + defer cancel() + + if err := e.App.RestoreBackup(ctx, key); err != nil { + e.App.Logger().Error("Failed to restore backup", "key", key, "error", err.Error()) + } + }) + + return e.NoContent(http.StatusNoContent) +} diff --git a/apis/backup_create.go b/apis/backup_create.go new file mode 100644 index 0000000..d2ebe8d --- /dev/null +++ b/apis/backup_create.go @@ -0,0 +1,78 @@ +package apis + +import ( + "context" + "net/http" + "regexp" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" +) + +func backupCreate(e *core.RequestEvent) error { + if e.App.Store().Has(core.StoreKeyActiveBackup) { + return e.BadRequestError("Try again later - another backup/restore process has already been started", nil) + } + + form := new(backupCreateForm) + form.app = e.App + + err := e.BindBody(form) + if err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + + err = form.validate() + if err != nil { + return e.BadRequestError("An error occurred while validating the submitted data.", err) + } + + err = e.App.CreateBackup(context.Background(), form.Name) + if err != nil { + return e.BadRequestError("Failed to create backup.", err) + } + + // we don't retrieve the generated backup file because it may not be + // available yet due to the eventually consistent nature of some S3 providers + return e.NoContent(http.StatusNoContent) +} + +// ------------------------------------------------------------------- + +var backupNameRegex = regexp.MustCompile(`^[a-z0-9_-]+\.zip$`) + +type backupCreateForm struct { + app core.App + + Name string `form:"name" json:"name"` +} + +func (form *backupCreateForm) validate() error { + return validation.ValidateStruct(form, + validation.Field( + &form.Name, + validation.Length(1, 150), + validation.Match(backupNameRegex), + validation.By(form.checkUniqueName), + ), + ) +} + +func (form *backupCreateForm) checkUniqueName(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + fsys, err := form.app.NewBackupsFilesystem() + if err != nil { + return err + } + defer fsys.Close() + + if exists, err := fsys.Exists(v); err != nil || exists { + return validation.NewError("validation_backup_name_exists", "The backup file name is invalid or already exists.") + } + + return nil +} diff --git a/apis/backup_test.go b/apis/backup_test.go new file mode 100644 index 0000000..0bc7098 --- /dev/null +++ b/apis/backup_test.go @@ -0,0 +1,823 @@ +package apis_test + +import ( + "archive/zip" + "bytes" + "context" + "io" + "mime/multipart" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/filesystem/blob" +) + +func TestBackupsList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/backups", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/backups", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (empty list)", + Method: http.MethodGet, + URL: "/api/backups", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{`[]`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/backups", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"test1.zip"`, + `"test2.zip"`, + `"test3.zip"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestBackupsCreate(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/backups", + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/backups", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (pending backup)", + Method: http.MethodPost, + URL: "/api/backups", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Store().Set(core.StoreKeyActiveBackup, "") + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (autogenerated name)", + Method: http.MethodPost, + URL: "/api/backups", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + files, err := getBackupFiles(app) + if err != nil { + t.Fatal(err) + } + + if total := len(files); total != 1 { + t.Fatalf("Expected 1 backup file, got %d", total) + } + + expected := "pb_backup_" + if !strings.HasPrefix(files[0].Key, expected) { + t.Fatalf("Expected backup file with prefix %q, got %q", expected, files[0].Key) + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBackupCreate": 1, + }, + }, + { + Name: "authorized as superuser (invalid name)", + Method: http.MethodPost, + URL: "/api/backups", + Body: strings.NewReader(`{"name":"!test.zip"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"name":{"code":"validation_match_invalid"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (valid name)", + Method: http.MethodPost, + URL: "/api/backups", + Body: strings.NewReader(`{"name":"test.zip"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + files, err := getBackupFiles(app) + if err != nil { + t.Fatal(err) + } + + if total := len(files); total != 1 { + t.Fatalf("Expected 1 backup file, got %d", total) + } + + expected := "test.zip" + if files[0].Key != expected { + t.Fatalf("Expected backup file %q, got %q", expected, files[0].Key) + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBackupCreate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestBackupUpload(t *testing.T) { + t.Parallel() + + // create dummy form data bodies + type body struct { + buffer io.Reader + contentType string + } + bodies := make([]body, 10) + for i := 0; i < 10; i++ { + func() { + zb := new(bytes.Buffer) + zw := zip.NewWriter(zb) + if err := zw.Close(); err != nil { + t.Fatal(err) + } + + b := new(bytes.Buffer) + mw := multipart.NewWriter(b) + + mfw, err := mw.CreateFormFile("file", "test") + if err != nil { + t.Fatal(err) + } + if _, err := io.Copy(mfw, zb); err != nil { + t.Fatal(err) + } + + mw.Close() + + bodies[i] = body{ + buffer: b, + contentType: mw.FormDataContentType(), + } + }() + } + // --- + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/backups/upload", + Body: bodies[0].buffer, + Headers: map[string]string{ + "Content-Type": bodies[0].contentType, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/backups/upload", + Body: bodies[1].buffer, + Headers: map[string]string{ + "Content-Type": bodies[1].contentType, + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (missing file)", + Method: http.MethodPost, + URL: "/api/backups/upload", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureNoBackups(t, app) + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (existing backup name)", + Method: http.MethodPost, + URL: "/api/backups/upload", + Body: bodies[3].buffer, + Headers: map[string]string{ + "Content-Type": bodies[3].contentType, + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + fsys, err := app.NewBackupsFilesystem() + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + // create a dummy backup file to simulate existing backups + if err := fsys.Upload([]byte("123"), "test"); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + files, _ := getBackupFiles(app) + if total := len(files); total != 1 { + t.Fatalf("Expected %d backup file, got %d", 1, total) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{"file":{`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (valid file)", + Method: http.MethodPost, + URL: "/api/backups/upload", + Body: bodies[4].buffer, + Headers: map[string]string{ + "Content-Type": bodies[4].contentType, + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + files, _ := getBackupFiles(app) + if total := len(files); total != 1 { + t.Fatalf("Expected %d backup file, got %d", 1, total) + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "ensure that the default body limit is skipped", + Method: http.MethodPost, + URL: "/api/backups/upload", + Body: bytes.NewBuffer(make([]byte, apis.DefaultMaxBodySize+100)), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, // it doesn't matter as long as it is not 413 + ExpectedContent: []string{`"data":{`}, + NotExpectedContent: []string{"entity too large"}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestBackupsDownload(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/backups/test1.zip", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with record auth header", + Method: http.MethodGet, + URL: "/api/backups/test1.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with superuser auth header", + Method: http.MethodGet, + URL: "/api/backups/test1.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with empty or invalid token", + Method: http.MethodGet, + URL: "/api/backups/test1.zip?token=", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with valid record auth token", + Method: http.MethodGet, + URL: "/api/backups/test1.zip?token=eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with valid record file token", + Method: http.MethodGet, + URL: "/api/backups/test1.zip?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8ifQ.nSTLuCPcGpWn2K2l-BFkC3Vlzc-ZTDPByYq8dN1oPSo", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with valid superuser auth token", + Method: http.MethodGet, + URL: "/api/backups/test1.zip?token=eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with expired superuser file token", + Method: http.MethodGet, + URL: "/api/backups/test1.zip?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MTY0MDk5MTY2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.nqqtqpPhxU0045F4XP_ruAkzAidYBc5oPy9ErN3XBq0", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with valid superuser file token but missing backup name", + Method: http.MethodGet, + URL: "/api/backups/missing?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.Lupz541xRvrktwkrl55p5pPCF77T69ZRsohsIcb2dxc", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with valid superuser file token", + Method: http.MethodGet, + URL: "/api/backups/test1.zip?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.Lupz541xRvrktwkrl55p5pPCF77T69ZRsohsIcb2dxc", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + "storage/", + "data.db", + "auxiliary.db", + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "with valid superuser file token and backup name with escaped char", + Method: http.MethodGet, + URL: "/api/backups/%40test4.zip?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.Lupz541xRvrktwkrl55p5pPCF77T69ZRsohsIcb2dxc", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + "storage/", + "data.db", + "auxiliary.db", + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestBackupsDelete(t *testing.T) { + t.Parallel() + + noTestBackupFilesChanges := func(t testing.TB, app *tests.TestApp) { + files, err := getBackupFiles(app) + if err != nil { + t.Fatal(err) + } + + expected := 4 + if total := len(files); total != expected { + t.Fatalf("Expected %d backup(s), got %d", expected, total) + } + } + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodDelete, + URL: "/api/backups/test1.zip", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + noTestBackupFilesChanges(t, app) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodDelete, + URL: "/api/backups/test1.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + noTestBackupFilesChanges(t, app) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (missing file)", + Method: http.MethodDelete, + URL: "/api/backups/missing.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + noTestBackupFilesChanges(t, app) + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (existing file with matching active backup)", + Method: http.MethodDelete, + URL: "/api/backups/test1.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + + // mock active backup with the same name to delete + app.Store().Set(core.StoreKeyActiveBackup, "test1.zip") + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + noTestBackupFilesChanges(t, app) + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (existing file and no matching active backup)", + Method: http.MethodDelete, + URL: "/api/backups/test1.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + + // mock active backup with different name + app.Store().Set(core.StoreKeyActiveBackup, "new.zip") + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + files, err := getBackupFiles(app) + if err != nil { + t.Fatal(err) + } + + if total := len(files); total != 3 { + t.Fatalf("Expected %d backup files, got %d", 3, total) + } + + deletedFile := "test1.zip" + + for _, f := range files { + if f.Key == deletedFile { + t.Fatalf("Expected backup %q to be deleted", deletedFile) + } + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (backup with escaped character)", + Method: http.MethodDelete, + URL: "/api/backups/%40test4.zip", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + files, err := getBackupFiles(app) + if err != nil { + t.Fatal(err) + } + + if total := len(files); total != 3 { + t.Fatalf("Expected %d backup files, got %d", 3, total) + } + + deletedFile := "@test4.zip" + + for _, f := range files { + if f.Key == deletedFile { + t.Fatalf("Expected backup %q to be deleted", deletedFile) + } + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestBackupsRestore(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/backups/test1.zip/restore", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/backups/test1.zip/restore", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (missing file)", + Method: http.MethodPost, + URL: "/api/backups/missing.zip/restore", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (active backup process)", + Method: http.MethodPost, + URL: "/api/backups/test1.zip/restore", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := createTestBackups(app); err != nil { + t.Fatal(err) + } + + app.Store().Set(core.StoreKeyActiveBackup, "") + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +// ------------------------------------------------------------------- + +func createTestBackups(app core.App) error { + ctx := context.Background() + + if err := app.CreateBackup(ctx, "test1.zip"); err != nil { + return err + } + + if err := app.CreateBackup(ctx, "test2.zip"); err != nil { + return err + } + + if err := app.CreateBackup(ctx, "test3.zip"); err != nil { + return err + } + + if err := app.CreateBackup(ctx, "@test4.zip"); err != nil { + return err + } + + return nil +} + +func getBackupFiles(app core.App) ([]*blob.ListObject, error) { + fsys, err := app.NewBackupsFilesystem() + if err != nil { + return nil, err + } + defer fsys.Close() + + return fsys.List("") +} + +func ensureNoBackups(t testing.TB, app *tests.TestApp) { + files, err := getBackupFiles(app) + if err != nil { + t.Fatal(err) + } + + if total := len(files); total != 0 { + t.Fatalf("Expected 0 backup files, got %d", total) + } +} diff --git a/apis/backup_upload.go b/apis/backup_upload.go new file mode 100644 index 0000000..81eaf05 --- /dev/null +++ b/apis/backup_upload.go @@ -0,0 +1,72 @@ +package apis + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/filesystem" +) + +func backupUpload(e *core.RequestEvent) error { + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return err + } + defer fsys.Close() + + form := new(backupUploadForm) + form.fsys = fsys + files, _ := e.FindUploadedFiles("file") + if len(files) > 0 { + form.File = files[0] + } + + err = form.validate() + if err != nil { + return e.BadRequestError("An error occurred while validating the submitted data.", err) + } + + err = fsys.UploadFile(form.File, form.File.OriginalName) + if err != nil { + return e.BadRequestError("Failed to upload backup.", err) + } + + // we don't retrieve the generated backup file because it may not be + // available yet due to the eventually consistent nature of some S3 providers + return e.NoContent(http.StatusNoContent) +} + +// ------------------------------------------------------------------- + +type backupUploadForm struct { + fsys *filesystem.System + + File *filesystem.File `json:"file"` +} + +func (form *backupUploadForm) validate() error { + return validation.ValidateStruct(form, + validation.Field( + &form.File, + validation.Required, + validation.By(validators.UploadedFileMimeType([]string{"application/zip"})), + validation.By(form.checkUniqueName), + ), + ) +} + +func (form *backupUploadForm) checkUniqueName(value any) error { + v, _ := value.(*filesystem.File) + if v == nil { + return nil // nothing to check + } + + // note: we use the original name because that is what we upload + if exists, err := form.fsys.Exists(v.OriginalName); err != nil || exists { + return validation.NewError("validation_backup_name_exists", "Backup file with the specified name already exists.") + } + + return nil +} diff --git a/apis/base.go b/apis/base.go new file mode 100644 index 0000000..28eac80 --- /dev/null +++ b/apis/base.go @@ -0,0 +1,174 @@ +package apis + +import ( + "errors" + "fmt" + "io/fs" + "net/http" + "path/filepath" + "strings" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/router" +) + +// StaticWildcardParam is the name of Static handler wildcard parameter. +const StaticWildcardParam = "path" + +// NewRouter returns a new router instance loaded with the default app middlewares and api routes. +func NewRouter(app core.App) (*router.Router[*core.RequestEvent], error) { + pbRouter := router.NewRouter(func(w http.ResponseWriter, r *http.Request) (*core.RequestEvent, router.EventCleanupFunc) { + event := new(core.RequestEvent) + event.Response = w + event.Request = r + event.App = app + + return event, nil + }) + + // register default middlewares + pbRouter.Bind(activityLogger()) + pbRouter.Bind(panicRecover()) + pbRouter.Bind(rateLimit()) + pbRouter.Bind(loadAuthToken()) + pbRouter.Bind(securityHeaders()) + pbRouter.Bind(BodyLimit(DefaultMaxBodySize)) + + apiGroup := pbRouter.Group("/api") + bindSettingsApi(app, apiGroup) + bindCollectionApi(app, apiGroup) + bindRecordCrudApi(app, apiGroup) + bindRecordAuthApi(app, apiGroup) + bindLogsApi(app, apiGroup) + bindBackupApi(app, apiGroup) + bindCronApi(app, apiGroup) + bindFileApi(app, apiGroup) + bindBatchApi(app, apiGroup) + bindRealtimeApi(app, apiGroup) + bindHealthApi(app, apiGroup) + + return pbRouter, nil +} + +// WrapStdHandler wraps Go [http.Handler] into a PocketBase handler func. +func WrapStdHandler(h http.Handler) func(*core.RequestEvent) error { + return func(e *core.RequestEvent) error { + h.ServeHTTP(e.Response, e.Request) + return nil + } +} + +// WrapStdMiddleware wraps Go [func(http.Handler) http.Handle] into a PocketBase middleware func. +func WrapStdMiddleware(m func(http.Handler) http.Handler) func(*core.RequestEvent) error { + return func(e *core.RequestEvent) (err error) { + m(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + e.Response = w + e.Request = r + err = e.Next() + })).ServeHTTP(e.Response, e.Request) + return err + } +} + +// MustSubFS returns an [fs.FS] corresponding to the subtree rooted at fsys's dir. +// +// This is similar to [fs.Sub] but panics on failure. +func MustSubFS(fsys fs.FS, dir string) fs.FS { + dir = filepath.ToSlash(filepath.Clean(dir)) // ToSlash in case of Windows path + + sub, err := fs.Sub(fsys, dir) + if err != nil { + panic(fmt.Errorf("failed to create sub FS: %w", err)) + } + + return sub +} + +// Static is a handler function to serve static directory content from fsys. +// +// If a file resource is missing and indexFallback is set, the request +// will be forwarded to the base index.html (useful for SPA with pretty urls). +// +// NB! Expects the route to have a "{path...}" wildcard parameter. +// +// Special redirects: +// - if "path" is a file that ends in index.html, it is redirected to its non-index.html version (eg. /test/index.html -> /test/) +// - if "path" is a directory that has index.html, the index.html file is rendered, +// otherwise if missing - returns 404 or fallback to the root index.html if indexFallback is set +// +// Example: +// +// fsys := os.DirFS("./pb_public") +// router.GET("/files/{path...}", apis.Static(fsys, false)) +func Static(fsys fs.FS, indexFallback bool) func(*core.RequestEvent) error { + if fsys == nil { + panic("Static: the provided fs.FS argument is nil") + } + + return func(e *core.RequestEvent) error { + // disable the activity logger to avoid flooding with messages + // + // note: errors are still logged + if e.Get(requestEventKeySkipSuccessActivityLog) == nil { + e.Set(requestEventKeySkipSuccessActivityLog, true) + } + + filename := e.Request.PathValue(StaticWildcardParam) + filename = filepath.ToSlash(filepath.Clean(strings.TrimPrefix(filename, "/"))) + + // eagerly check for directory traversal + // + // note: this is just out of an abundance of caution because the fs.FS implementation could be non-std, + // but usually shouldn't be necessary since os.DirFS.Open is expected to fail if the filename starts with dots + if len(filename) > 2 && filename[0] == '.' && filename[1] == '.' && (filename[2] == '/' || filename[2] == '\\') { + if indexFallback && filename != router.IndexPage { + return e.FileFS(fsys, router.IndexPage) + } + return router.ErrFileNotFound + } + + fi, err := fs.Stat(fsys, filename) + if err != nil { + if indexFallback && filename != router.IndexPage { + return e.FileFS(fsys, router.IndexPage) + } + return router.ErrFileNotFound + } + + if fi.IsDir() { + // redirect to a canonical dir url, aka. with trailing slash + if !strings.HasSuffix(e.Request.URL.Path, "/") { + return e.Redirect(http.StatusMovedPermanently, safeRedirectPath(e.Request.URL.Path+"/")) + } + } else { + urlPath := e.Request.URL.Path + if strings.HasSuffix(urlPath, "/") { + // redirect to a non-trailing slash file route + urlPath = strings.TrimRight(urlPath, "/") + if len(urlPath) > 0 { + return e.Redirect(http.StatusMovedPermanently, safeRedirectPath(urlPath)) + } + } else if stripped, ok := strings.CutSuffix(urlPath, router.IndexPage); ok { + // redirect without the index.html + return e.Redirect(http.StatusMovedPermanently, safeRedirectPath(stripped)) + } + } + + fileErr := e.FileFS(fsys, filename) + + if fileErr != nil && indexFallback && filename != router.IndexPage && errors.Is(fileErr, router.ErrFileNotFound) { + return e.FileFS(fsys, router.IndexPage) + } + + return fileErr + } +} + +// safeRedirectPath normalizes the path string by replacing all beginning slashes +// (`\\`, `//`, `\/`) with a single forward slash to prevent open redirect attacks +func safeRedirectPath(path string) string { + if len(path) > 1 && (path[0] == '\\' || path[0] == '/') && (path[1] == '\\' || path[1] == '/') { + path = "/" + strings.TrimLeft(path, `/\`) + } + return path +} diff --git a/apis/base_test.go b/apis/base_test.go new file mode 100644 index 0000000..19d96a5 --- /dev/null +++ b/apis/base_test.go @@ -0,0 +1,313 @@ +package apis_test + +import ( + "fmt" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "testing" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/router" +) + +func TestWrapStdHandler(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + req := httptest.NewRequest(http.MethodGet, "/", nil) + rec := httptest.NewRecorder() + + e := new(core.RequestEvent) + e.App = app + e.Request = req + e.Response = rec + + err := apis.WrapStdHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("test")) + }))(e) + if err != nil { + t.Fatal(err) + } + + if body := rec.Body.String(); body != "test" { + t.Fatalf("Expected body %q, got %q", "test", body) + } +} + +func TestWrapStdMiddleware(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + req := httptest.NewRequest(http.MethodGet, "/", nil) + rec := httptest.NewRecorder() + + e := new(core.RequestEvent) + e.App = app + e.Request = req + e.Response = rec + + err := apis.WrapStdMiddleware(func(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("test")) + }) + })(e) + if err != nil { + t.Fatal(err) + } + + if body := rec.Body.String(); body != "test" { + t.Fatalf("Expected body %q, got %q", "test", body) + } +} + +func TestStatic(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys := os.DirFS(filepath.Join(dir, "sub")) + + type staticScenario struct { + path string + indexFallback bool + expectedStatus int + expectBody string + expectError bool + } + + scenarios := []staticScenario{ + { + path: "", + indexFallback: false, + expectedStatus: 200, + expectBody: "sub index.html", + expectError: false, + }, + { + path: "missing/a/b/c", + indexFallback: false, + expectedStatus: 404, + expectBody: "", + expectError: true, + }, + { + path: "missing/a/b/c", + indexFallback: true, + expectedStatus: 200, + expectBody: "sub index.html", + expectError: false, + }, + { + path: "testroot", // parent directory file + indexFallback: false, + expectedStatus: 404, + expectBody: "", + expectError: true, + }, + { + path: "test", + indexFallback: false, + expectedStatus: 200, + expectBody: "sub test", + expectError: false, + }, + { + path: "sub2", + indexFallback: false, + expectedStatus: 301, + expectBody: "", + expectError: false, + }, + { + path: "sub2/", + indexFallback: false, + expectedStatus: 200, + expectBody: "sub2 index.html", + expectError: false, + }, + { + path: "sub2/test", + indexFallback: false, + expectedStatus: 200, + expectBody: "sub2 test", + expectError: false, + }, + { + path: "sub2/test/", + indexFallback: false, + expectedStatus: 301, + expectBody: "", + expectError: false, + }, + } + + // extra directory traversal checks + dtp := []string{ + "/../", + "\\../", + "../", + "../../", + "..\\", + "..\\..\\", + "../..\\", + "..\\..//", + `%2e%2e%2f`, + `%2e%2e%2f%2e%2e%2f`, + `%2e%2e/`, + `%2e%2e/%2e%2e/`, + `..%2f`, + `..%2f..%2f`, + `%2e%2e%5c`, + `%2e%2e%5c%2e%2e%5c`, + `%2e%2e\`, + `%2e%2e\%2e%2e\`, + `..%5c`, + `..%5c..%5c`, + `%252e%252e%255c`, + `%252e%252e%255c%252e%252e%255c`, + `..%255c`, + `..%255c..%255c`, + } + for _, p := range dtp { + scenarios = append(scenarios, + staticScenario{ + path: p + "testroot", + indexFallback: false, + expectedStatus: 404, + expectBody: "", + expectError: true, + }, + staticScenario{ + path: p + "testroot", + indexFallback: true, + expectedStatus: 200, + expectBody: "sub index.html", + expectError: false, + }, + ) + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%v", i, s.path, s.indexFallback), func(t *testing.T) { + req := httptest.NewRequest(http.MethodGet, "/"+s.path, nil) + req.SetPathValue(apis.StaticWildcardParam, s.path) + + rec := httptest.NewRecorder() + + e := new(core.RequestEvent) + e.App = app + e.Request = req + e.Response = rec + + err := apis.Static(fsys, s.indexFallback)(e) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + body := rec.Body.String() + if body != s.expectBody { + t.Fatalf("Expected body %q, got %q", s.expectBody, body) + } + + if hasErr { + apiErr := router.ToApiError(err) + if apiErr.Status != s.expectedStatus { + t.Fatalf("Expected status code %d, got %d", s.expectedStatus, apiErr.Status) + } + } + }) + } +} + +func TestMustSubFS(t *testing.T) { + t.Parallel() + + dir := createTestDir(t) + defer os.RemoveAll(dir) + + // invalid path (no beginning and ending slashes) + if !hasPanicked(func() { + apis.MustSubFS(os.DirFS(dir), "/test/") + }) { + t.Fatalf("Expected to panic") + } + + // valid path + if hasPanicked(func() { + apis.MustSubFS(os.DirFS(dir), "./////a/b/c") // checks if ToSlash was called + }) { + t.Fatalf("Didn't expect to panic") + } + + // check sub content + sub := apis.MustSubFS(os.DirFS(dir), "sub") + + _, err := sub.Open("test") + if err != nil { + t.Fatalf("Missing expected file sub/test") + } +} + +// ------------------------------------------------------------------- + +func hasPanicked(f func()) (didPanic bool) { + defer func() { + if r := recover(); r != nil { + didPanic = true + } + }() + f() + return +} + +// note: make sure to call os.RemoveAll(dir) after you are done +// working with the created test dir. +func createTestDir(t *testing.T) string { + dir, err := os.MkdirTemp(os.TempDir(), "test_dir") + if err != nil { + t.Fatal(err) + } + + if err := os.WriteFile(filepath.Join(dir, "index.html"), []byte("root index.html"), 0644); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "testroot"), []byte("root test"), 0644); err != nil { + t.Fatal(err) + } + + if err := os.MkdirAll(filepath.Join(dir, "sub"), os.ModePerm); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "sub/index.html"), []byte("sub index.html"), 0644); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "sub/test"), []byte("sub test"), 0644); err != nil { + t.Fatal(err) + } + + if err := os.MkdirAll(filepath.Join(dir, "sub", "sub2"), os.ModePerm); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "sub/sub2/index.html"), []byte("sub2 index.html"), 0644); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "sub/sub2/test"), []byte("sub2 test"), 0644); err != nil { + t.Fatal(err) + } + + return dir +} diff --git a/apis/batch.go b/apis/batch.go new file mode 100644 index 0000000..39f10d9 --- /dev/null +++ b/apis/batch.go @@ -0,0 +1,548 @@ +package apis + +import ( + "bytes" + "encoding/json" + "errors" + "io" + "mime/multipart" + "net/http" + "net/http/httptest" + "regexp" + "slices" + "strconv" + "strings" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +func bindBatchApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + sub := rg.Group("/batch") + sub.POST("", batchTransaction).Unbind(DefaultBodyLimitMiddlewareId) // the body limit is inlined +} + +type HandleFunc func(e *core.RequestEvent) error + +type BatchActionHandlerFunc func(app core.App, ir *core.InternalRequest, params map[string]string, next func(data any) error) HandleFunc + +// ValidBatchActions defines a map with the supported batch InternalRequest actions. +// +// Note: when adding new routes make sure that their middlewares are inlined! +var ValidBatchActions = map[*regexp.Regexp]BatchActionHandlerFunc{ + // "upsert" handler + regexp.MustCompile(`^PUT /api/collections/(?P[^\/\?]+)/records(?P\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc { + var id string + if len(ir.Body) > 0 && ir.Body["id"] != "" { + id = cast.ToString(ir.Body["id"]) + } + if id != "" { + _, err := app.FindRecordById(params["collection"], id) + if err == nil { + // update + // --- + params["id"] = id // required for the path value + ir.Method = "PATCH" + ir.URL = "/api/collections/" + params["collection"] + "/records/" + id + params["query"] + return recordUpdate(false, next) + } + } + + // create + // --- + ir.Method = "POST" + ir.URL = "/api/collections/" + params["collection"] + "/records" + params["query"] + return recordCreate(false, next) + }, + regexp.MustCompile(`^POST /api/collections/(?P[^\/\?]+)/records(\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc { + return recordCreate(false, next) + }, + regexp.MustCompile(`^PATCH /api/collections/(?P[^\/\?]+)/records/(?P[^\/\?]+)(\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc { + return recordUpdate(false, next) + }, + regexp.MustCompile(`^DELETE /api/collections/(?P[^\/\?]+)/records/(?P[^\/\?]+)(\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc { + return recordDelete(false, next) + }, +} + +type BatchRequestResult struct { + Body any `json:"body"` + Status int `json:"status"` +} + +type batchRequestsForm struct { + Requests []*core.InternalRequest `form:"requests" json:"requests"` + + max int +} + +func (brs batchRequestsForm) validate() error { + return validation.ValidateStruct(&brs, + validation.Field(&brs.Requests, validation.Required, validation.Length(0, brs.max)), + ) +} + +// NB! When the request is submitted as multipart/form-data, +// the regular fields data is expected to be submitted as serailized +// json under the @jsonPayload field and file keys need to follow the +// pattern "requests.N.fileField" or requests[N].fileField. +func batchTransaction(e *core.RequestEvent) error { + maxRequests := e.App.Settings().Batch.MaxRequests + if !e.App.Settings().Batch.Enabled || maxRequests <= 0 { + return e.ForbiddenError("Batch requests are not allowed.", nil) + } + + txTimeout := time.Duration(e.App.Settings().Batch.Timeout) * time.Second + if txTimeout <= 0 { + txTimeout = 3 * time.Second // for now always limit + } + + maxBodySize := e.App.Settings().Batch.MaxBodySize + if maxBodySize <= 0 { + maxBodySize = 128 << 20 + } + + err := applyBodyLimit(e, maxBodySize) + if err != nil { + return err + } + + form := &batchRequestsForm{max: maxRequests} + + // load base requests data + err = e.BindBody(form) + if err != nil { + return e.BadRequestError("Failed to read the submitted batch data.", err) + } + + // load uploaded files into each request item + // note: expects the files to be under "requests.N.fileField" or "requests[N].fileField" format + // (the other regular fields must be put under `@jsonPayload` as serialized json) + if strings.HasPrefix(e.Request.Header.Get("Content-Type"), "multipart/form-data") { + for i, ir := range form.Requests { + iStr := strconv.Itoa(i) + + files, err := extractPrefixedFiles(e.Request, "requests."+iStr+".", "requests["+iStr+"].") + if err != nil { + return e.BadRequestError("Failed to read the submitted batch files data.", err) + } + + for key, files := range files { + if ir.Body == nil { + ir.Body = map[string]any{} + } + ir.Body[key] = files + } + } + } + + // validate batch request form + err = form.validate() + if err != nil { + return e.BadRequestError("Invalid batch request data.", err) + } + + event := new(core.BatchRequestEvent) + event.RequestEvent = e + event.Batch = form.Requests + + return e.App.OnBatchRequest().Trigger(event, func(e *core.BatchRequestEvent) error { + bp := batchProcessor{ + app: e.App, + baseEvent: e.RequestEvent, + infoContext: core.RequestInfoContextBatch, + } + + if err := bp.Process(e.Batch, txTimeout); err != nil { + return firstApiError(err, e.BadRequestError("Batch transaction failed.", err)) + } + + return e.JSON(http.StatusOK, bp.results) + }) +} + +type batchProcessor struct { + app core.App + baseEvent *core.RequestEvent + infoContext string + results []*BatchRequestResult + failedIndex int + errCh chan error + stopCh chan struct{} +} + +func (p *batchProcessor) Process(batch []*core.InternalRequest, timeout time.Duration) error { + p.results = make([]*BatchRequestResult, 0, len(batch)) + + if p.stopCh != nil { + close(p.stopCh) + } + p.stopCh = make(chan struct{}, 1) + + if p.errCh != nil { + close(p.errCh) + } + p.errCh = make(chan error, 1) + + return p.app.RunInTransaction(func(txApp core.App) error { + // used to interupts the recursive processing calls in case of a timeout or connection close + defer func() { + p.stopCh <- struct{}{} + }() + + go func() { + err := p.process(txApp, batch, 0) + + if err != nil { + err = validation.Errors{ + "requests": validation.Errors{ + strconv.Itoa(p.failedIndex): &BatchResponseError{ + code: "batch_request_failed", + message: "Batch request failed.", + err: router.ToApiError(err), + }, + }, + } + } + + // note: to avoid copying and due to the process recursion the final results order is reversed + if err == nil { + slices.Reverse(p.results) + } + + p.errCh <- err + }() + + select { + case responseErr := <-p.errCh: + return responseErr + case <-time.After(timeout): + // note: we don't return 408 Reques Timeout error because + // some browsers perform automatic retry behind the scenes + // which are hard to debug and unnecessary + return errors.New("batch transaction timeout") + case <-p.baseEvent.Request.Context().Done(): + return errors.New("batch request interrupted") + } + }) +} + +func (p *batchProcessor) process(activeApp core.App, batch []*core.InternalRequest, i int) error { + select { + case <-p.stopCh: + return nil + default: + if len(batch) == 0 { + return nil + } + + result, err := processInternalRequest( + activeApp, + p.baseEvent, + batch[0], + p.infoContext, + func(_ any) error { + if len(batch) == 1 { + return nil + } + + err := p.process(activeApp, batch[1:], i+1) + + // update the failed batch index (if not already) + if err != nil && p.failedIndex == 0 { + p.failedIndex = i + 1 + } + + return err + }, + ) + + if err != nil { + return err + } + + p.results = append(p.results, result) + + return nil + } +} + +func processInternalRequest( + activeApp core.App, + baseEvent *core.RequestEvent, + ir *core.InternalRequest, + infoContext string, + optNext func(data any) error, +) (*BatchRequestResult, error) { + handle, params, ok := prepareInternalAction(activeApp, ir, optNext) + if !ok { + return nil, errors.New("unknown batch request action") + } + + // construct a new http.Request + // --------------------------------------------------------------- + buf, mw, err := multipartDataFromInternalRequest(ir) + if err != nil { + return nil, err + } + + r, err := http.NewRequest(strings.ToUpper(ir.Method), ir.URL, buf) + if err != nil { + return nil, err + } + + // cleanup multipart temp files + defer func() { + if r.MultipartForm != nil { + if err := r.MultipartForm.RemoveAll(); err != nil { + activeApp.Logger().Warn("failed to cleanup temp batch files", "error", err) + } + } + }() + + // load batch request path params + // --- + for k, v := range params { + r.SetPathValue(k, v) + } + + // clone original request + // --- + r.RequestURI = r.URL.RequestURI() + r.Proto = baseEvent.Request.Proto + r.ProtoMajor = baseEvent.Request.ProtoMajor + r.ProtoMinor = baseEvent.Request.ProtoMinor + r.Host = baseEvent.Request.Host + r.RemoteAddr = baseEvent.Request.RemoteAddr + r.TLS = baseEvent.Request.TLS + + if s := baseEvent.Request.TransferEncoding; s != nil { + s2 := make([]string, len(s)) + copy(s2, s) + r.TransferEncoding = s2 + } + + if baseEvent.Request.Trailer != nil { + r.Trailer = baseEvent.Request.Trailer.Clone() + } + + if baseEvent.Request.Header != nil { + r.Header = baseEvent.Request.Header.Clone() + } + + // apply batch request specific headers + // --- + for k, v := range ir.Headers { + // individual Authorization header keys don't have affect + // because the auth state is populated from the base event + if strings.EqualFold(k, "authorization") { + continue + } + + r.Header.Set(k, v) + } + r.Header.Set("Content-Type", mw.FormDataContentType()) + + // construct a new RequestEvent + // --------------------------------------------------------------- + event := &core.RequestEvent{} + event.App = activeApp + event.Auth = baseEvent.Auth + event.SetAll(baseEvent.GetAll()) + + // load RequestInfo context + if infoContext == "" { + infoContext = core.RequestInfoContextDefault + } + event.Set(core.RequestEventKeyInfoContext, infoContext) + + // assign request + event.Request = r + event.Request.Body = &router.RereadableReadCloser{ReadCloser: r.Body} // enables multiple reads + + // assign response + rec := httptest.NewRecorder() + event.Response = &router.ResponseWriter{ResponseWriter: rec} // enables status and write tracking + + // execute + // --------------------------------------------------------------- + if err := handle(event); err != nil { + return nil, err + } + + result := rec.Result() + defer result.Body.Close() + + body, _ := types.ParseJSONRaw(rec.Body.Bytes()) + + return &BatchRequestResult{ + Status: result.StatusCode, + Body: body, + }, nil +} + +func multipartDataFromInternalRequest(ir *core.InternalRequest) (*bytes.Buffer, *multipart.Writer, error) { + buf := &bytes.Buffer{} + + mw := multipart.NewWriter(buf) + + regularFields := map[string]any{} + fileFields := map[string][]*filesystem.File{} + + // separate regular fields from files + // --- + for k, rawV := range ir.Body { + switch v := rawV.(type) { + case *filesystem.File: + fileFields[k] = append(fileFields[k], v) + case []*filesystem.File: + fileFields[k] = append(fileFields[k], v...) + default: + regularFields[k] = v + } + } + + // submit regularFields as @jsonPayload + // --- + rawBody, err := json.Marshal(regularFields) + if err != nil { + return nil, nil, errors.Join(err, mw.Close()) + } + + jsonPayload, err := mw.CreateFormField("@jsonPayload") + if err != nil { + return nil, nil, errors.Join(err, mw.Close()) + } + _, err = jsonPayload.Write(rawBody) + if err != nil { + return nil, nil, errors.Join(err, mw.Close()) + } + + // submit fileFields as multipart files + // --- + for key, files := range fileFields { + for _, file := range files { + part, err := mw.CreateFormFile(key, file.Name) + if err != nil { + return nil, nil, errors.Join(err, mw.Close()) + } + + fr, err := file.Reader.Open() + if err != nil { + return nil, nil, errors.Join(err, mw.Close()) + } + + _, err = io.Copy(part, fr) + if err != nil { + return nil, nil, errors.Join(err, fr.Close(), mw.Close()) + } + + err = fr.Close() + if err != nil { + return nil, nil, errors.Join(err, mw.Close()) + } + } + } + + return buf, mw, mw.Close() +} + +func extractPrefixedFiles(request *http.Request, prefixes ...string) (map[string][]*filesystem.File, error) { + if request.MultipartForm == nil { + if err := request.ParseMultipartForm(router.DefaultMaxMemory); err != nil { + return nil, err + } + } + + result := make(map[string][]*filesystem.File) + + for k, fhs := range request.MultipartForm.File { + for _, p := range prefixes { + if strings.HasPrefix(k, p) { + resultKey := strings.TrimPrefix(k, p) + + for _, fh := range fhs { + file, err := filesystem.NewFileFromMultipart(fh) + if err != nil { + return nil, err + } + + result[resultKey] = append(result[resultKey], file) + } + } + } + } + + return result, nil +} + +func prepareInternalAction(activeApp core.App, ir *core.InternalRequest, optNext func(data any) error) (HandleFunc, map[string]string, bool) { + full := strings.ToUpper(ir.Method) + " " + ir.URL + + for re, actionFactory := range ValidBatchActions { + params, ok := findNamedMatches(re, full) + if ok { + return actionFactory(activeApp, ir, params, optNext), params, true + } + } + + return nil, nil, false +} + +func findNamedMatches(re *regexp.Regexp, str string) (map[string]string, bool) { + match := re.FindStringSubmatch(str) + if match == nil { + return nil, false + } + + result := map[string]string{} + + names := re.SubexpNames() + + for i, m := range match { + if names[i] != "" { + result[names[i]] = m + } + } + + return result, true +} + +// ------------------------------------------------------------------- + +var ( + _ router.SafeErrorItem = (*BatchResponseError)(nil) + _ router.SafeErrorResolver = (*BatchResponseError)(nil) +) + +type BatchResponseError struct { + err *router.ApiError + code string + message string +} + +func (e *BatchResponseError) Error() string { + return e.message +} + +func (e *BatchResponseError) Code() string { + return e.code +} + +func (e *BatchResponseError) Resolve(errData map[string]any) any { + errData["response"] = e.err + return errData +} + +func (e BatchResponseError) MarshalJSON() ([]byte, error) { + return json.Marshal(map[string]any{ + "message": e.message, + "code": e.code, + "response": e.err, + }) +} diff --git a/apis/batch_test.go b/apis/batch_test.go new file mode 100644 index 0000000..5ec6d44 --- /dev/null +++ b/apis/batch_test.go @@ -0,0 +1,691 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/router" +) + +func TestBatchRequest(t *testing.T) { + t.Parallel() + + formData, mp, err := tests.MockMultipartData( + map[string]string{ + router.JSONPayloadKey: `{ + "requests":[ + {"method":"POST", "url":"/api/collections/demo3/records", "body": {"title": "batch1"}}, + {"method":"POST", "url":"/api/collections/demo3/records", "body": {"title": "batch2"}}, + {"method":"POST", "url":"/api/collections/demo3/records", "body": {"title": "batch3"}}, + {"method":"PATCH", "url":"/api/collections/demo3/records/lcl9d87w22ml6jy", "body": {"files-": "test_FLurQTgrY8.txt"}} + ] + }`, + }, + "requests.0.files", + "requests.0.files", + "requests.0.files", + "requests[2].files", + ) + if err != nil { + t.Fatal(err) + } + + scenarios := []tests.ApiScenario{ + { + Name: "disabled batch requets", + Method: http.MethodPost, + URL: "/api/batch", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().Batch.Enabled = false + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "max request limits reached", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {"method":"GET", "url":"/test1"}, + {"method":"GET", "url":"/test2"}, + {"method":"GET", "url":"/test3"} + ] + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().Batch.Enabled = true + app.Settings().Batch.MaxRequests = 2 + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"requests":{"code":"validation_length_too_long"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "trigger requests validations", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {}, + {"method":"GET", "url":"/valid"}, + {"method":"invalid", "url":"/valid"}, + {"method":"POST", "url":"` + strings.Repeat("a", 2001) + `"} + ] + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().Batch.Enabled = true + app.Settings().Batch.MaxRequests = 100 + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"requests":{`, + `"0":{"method":{"code":"validation_required"`, + `"2":{"method":{"code":"validation_in_invalid"`, + `"3":{"url":{"code":"validation_length_too_long"`, + }, + NotExpectedContent: []string{ + `"1":`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "unknown batch request action", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {"method":"GET", "url":"/api/health"} + ] + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"requests":{`, + `0":{"code":"batch_request_failed"`, + `"response":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + }, + }, + { + Name: "base 2 successful and 1 failed (public collection)", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch1"}}, + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch2"}}, + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": ""}} + ] + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"response":{`, + `"2":{"code":"batch_request_failed"`, + `"response":{"data":{"title":{"code":"validation_required"`, + }, + NotExpectedContent: []string{ + `"0":`, + `"1":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + "OnRecordCreateRequest": 3, + "OnModelCreate": 3, + "OnModelCreateExecute": 2, + "OnModelAfterCreateError": 3, + "OnModelValidate": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 2, + "OnRecordAfterCreateError": 3, + "OnRecordValidate": 3, + "OnRecordEnrich": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + records, err := app.FindRecordsByFilter("demo2", `title~"batch"`, "", 0, 0) + if err != nil { + t.Fatal(err) + } + + if len(records) != 0 { + t.Fatalf("Expected no batch records to be persisted, got %d", len(records)) + } + }, + }, + { + Name: "base 4 successful (public collection)", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch1"}}, + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch2"}}, + {"method":"PUT", "url":"/api/collections/demo2/records", "body": {"title": "batch3"}}, + {"method":"PUT", "url":"/api/collections/demo2/records?fields=*,id:excerpt(4,true)", "body": {"id":"achvryl401bhse3","title": "batch4"}} + ] + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"title":"batch1"`, + `"title":"batch2"`, + `"title":"batch3"`, + `"title":"batch4"`, + `"id":"achv..."`, + `"active":false`, + `"active":true`, + `"status":200`, + `"body":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + "OnModelValidate": 4, + "OnRecordValidate": 4, + "OnRecordEnrich": 4, + + "OnRecordCreateRequest": 3, + "OnModelCreate": 3, + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + records, err := app.FindRecordsByFilter("demo2", `title~"batch"`, "", 0, 0) + if err != nil { + t.Fatal(err) + } + + if len(records) != 4 { + t.Fatalf("Expected %d batch records to be persisted, got %d", 3, len(records)) + } + }, + }, + { + Name: "mixed create/update/delete (rules failure)", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch_create"}}, + {"method":"DELETE", "url":"/api/collections/demo2/records/achvryl401bhse3"}, + {"method":"PATCH", "url":"/api/collections/demo3/records/1tmknxy2868d869", "body": {"title": "batch_update"}} + ] + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"requests":{`, + `"2":{"code":"batch_request_failed"`, + `"response":{`, + }, + NotExpectedContent: []string{ + // only demo3 requires authentication + `"0":`, + `"1":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateError": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteError": 1, + "OnModelValidate": 1, + "OnRecordCreateRequest": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateError": 1, + "OnRecordDeleteRequest": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteError": 1, + "OnRecordEnrich": 1, + "OnRecordValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindFirstRecordByFilter("demo2", `title="batch_create"`) + if err == nil { + t.Fatal("Expected record to not be created") + } + + _, err = app.FindFirstRecordByFilter("demo3", `title="batch_update"`) + if err == nil { + t.Fatal("Expected record to not be updated") + } + + _, err = app.FindRecordById("demo2", "achvryl401bhse3") + if err != nil { + t.Fatal("Expected record to not be deleted") + } + }, + }, + { + Name: "mixed create/update/delete (rules success)", + Method: http.MethodPost, + URL: "/api/batch", + Headers: map[string]string{ + // test@example.com, clients + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch_create"}, "headers": {"Authorization": "ignored"}}, + {"method":"DELETE", "url":"/api/collections/demo2/records/achvryl401bhse3", "headers": {"Authorization": "ignored"}}, + {"method":"PATCH", "url":"/api/collections/demo3/records/1tmknxy2868d869", "body": {"title": "batch_update"}, "headers": {"Authorization": "ignored"}} + ] + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"title":"batch_create"`, + `"title":"batch_update"`, + `"status":200`, + `"status":204`, + `"body":{`, + `"body":null`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + // --- + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 2, + // --- + "OnRecordCreateRequest": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordDeleteRequest": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + "OnRecordUpdateRequest": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 2, + "OnRecordEnrich": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindFirstRecordByFilter("demo2", `title="batch_create"`) + if err != nil { + t.Fatal(err) + } + + _, err = app.FindFirstRecordByFilter("demo3", `title="batch_update"`) + if err != nil { + t.Fatal(err) + } + + _, err = app.FindRecordById("demo2", "achvryl401bhse3") + if err == nil { + t.Fatal("Expected record to be deleted") + } + }, + }, + { + Name: "mixed create/update/delete (superuser auth)", + Method: http.MethodPost, + URL: "/api/batch", + Headers: map[string]string{ + // test@example.com, _superusers + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch_create"}}, + {"method":"DELETE", "url":"/api/collections/demo2/records/achvryl401bhse3"}, + {"method":"PATCH", "url":"/api/collections/demo3/records/1tmknxy2868d869", "body": {"title": "batch_update"}} + ] + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"title":"batch_create"`, + `"title":"batch_update"`, + `"status":200`, + `"status":204`, + `"body":{`, + `"body":null`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + // --- + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 2, + // --- + "OnRecordCreateRequest": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordDeleteRequest": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + "OnRecordUpdateRequest": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 2, + "OnRecordEnrich": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindFirstRecordByFilter("demo2", `title="batch_create"`) + if err != nil { + t.Fatal(err) + } + + _, err = app.FindFirstRecordByFilter("demo3", `title="batch_update"`) + if err != nil { + t.Fatal(err) + } + + _, err = app.FindRecordById("demo2", "achvryl401bhse3") + if err == nil { + t.Fatal("Expected record to be deleted") + } + }, + }, + { + Name: "cascade delete/update", + Method: http.MethodPost, + URL: "/api/batch", + Headers: map[string]string{ + // test@example.com, _superusers + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: strings.NewReader(`{ + "requests": [ + {"method":"DELETE", "url":"/api/collections/demo3/records/1tmknxy2868d869"}, + {"method":"DELETE", "url":"/api/collections/demo3/records/mk5fmymtx4wsprk"} + ] + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"status":204`, + `"body":null`, + }, + NotExpectedContent: []string{ + `"status":200`, + `"body":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + // --- + "OnModelDelete": 3, // 2 batch + 1 cascade delete + "OnModelDeleteExecute": 3, + "OnModelAfterDeleteSuccess": 3, + "OnModelUpdate": 5, // 5 cascade update + "OnModelUpdateExecute": 5, + "OnModelAfterUpdateSuccess": 5, + // --- + "OnRecordDeleteRequest": 2, + "OnRecordDelete": 3, + "OnRecordDeleteExecute": 3, + "OnRecordAfterDeleteSuccess": 3, + "OnRecordUpdate": 5, + "OnRecordUpdateExecute": 5, + "OnRecordAfterUpdateSuccess": 5, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ids := []string{ + "1tmknxy2868d869", + "mk5fmymtx4wsprk", + "qzaqccwrmva4o1n", + } + + for _, id := range ids { + _, err := app.FindRecordById("demo2", id) + if err == nil { + t.Fatalf("Expected record %q to be deleted", id) + } + } + }, + }, + { + Name: "transaction timeout", + Method: http.MethodPost, + URL: "/api/batch", + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch1"}}, + {"method":"POST", "url":"/api/collections/demo2/records", "body": {"title": "batch2"}} + ] + }`), + Headers: map[string]string{ + // test@example.com, _superusers + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().Batch.Timeout = 1 + app.OnRecordCreateRequest("demo2").BindFunc(func(e *core.RecordRequestEvent) error { + time.Sleep(600 * time.Millisecond) // < 1s so that the first request can succeed + return e.Next() + }) + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{}`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + "OnRecordCreateRequest": 2, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateError": 1, + "OnRecordEnrich": 1, + "OnRecordValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + records, err := app.FindRecordsByFilter("demo2", `title~"batch"`, "", 0, 0) + if err != nil { + t.Fatal(err) + } + + if len(records) != 0 { + t.Fatalf("Expected %d batch records to be persisted, got %d", 0, len(records)) + } + }, + }, + { + Name: "multipart/form-data + file upload", + Method: http.MethodPost, + URL: "/api/batch", + Body: formData, + Headers: map[string]string{ + // test@example.com, clients + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + "Content-Type": mp.FormDataContentType(), + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"title":"batch1"`, + `"title":"batch2"`, + `"title":"batch3"`, + `"id":"lcl9d87w22ml6jy"`, + `"files":["300_UhLKX91HVb.png"]`, + `"tmpfile_`, + `"status":200`, + `"body":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + // --- + "OnModelCreate": 3, + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 4, + // --- + "OnRecordCreateRequest": 3, + "OnRecordUpdateRequest": 1, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 4, + "OnRecordEnrich": 4, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + batch1, err := app.FindFirstRecordByFilter("demo3", `title="batch1"`) + if err != nil { + t.Fatalf("missing batch1: %v", err) + } + batch1Files := batch1.GetStringSlice("files") + if len(batch1Files) != 3 { + t.Fatalf("Expected %d batch1 file(s), got %d", 3, len(batch1Files)) + } + + batch2, err := app.FindFirstRecordByFilter("demo3", `title="batch2"`) + if err != nil { + t.Fatalf("missing batch2: %v", err) + } + batch2Files := batch2.GetStringSlice("files") + if len(batch2Files) != 0 { + t.Fatalf("Expected %d batch2 file(s), got %d", 0, len(batch2Files)) + } + + batch3, err := app.FindFirstRecordByFilter("demo3", `title="batch3"`) + if err != nil { + t.Fatalf("missing batch3: %v", err) + } + batch3Files := batch3.GetStringSlice("files") + if len(batch3Files) != 1 { + t.Fatalf("Expected %d batch3 file(s), got %d", 1, len(batch3Files)) + } + + batch4, err := app.FindRecordById("demo3", "lcl9d87w22ml6jy") + if err != nil { + t.Fatalf("missing batch4: %v", err) + } + batch4Files := batch4.GetStringSlice("files") + if len(batch4Files) != 1 { + t.Fatalf("Expected %d batch4 file(s), got %d", 1, len(batch4Files)) + } + }, + }, + { + Name: "create/update with expand query params", + Method: http.MethodPost, + URL: "/api/batch", + Headers: map[string]string{ + // test@example.com, _superusers + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo5/records?expand=rel_one", "body": {"total": 9, "rel_one":"qzaqccwrmva4o1n"}}, + {"method":"PATCH", "url":"/api/collections/demo5/records/qjeql998mtp1azp?expand=rel_many", "body": {"total": 10}} + ] + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"body":{`, + `"id":"qjeql998mtp1azp"`, + `"id":"qzaqccwrmva4o1n"`, + `"id":"i9naidtvr6qsgb4"`, + `"expand":{"rel_one"`, + `"expand":{"rel_many"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnBatchRequest": 1, + // --- + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 2, + // --- + "OnRecordCreateRequest": 1, + "OnRecordUpdateRequest": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 2, + "OnRecordEnrich": 5, + }, + }, + { + Name: "check body limit middleware", + Method: http.MethodPost, + URL: "/api/batch", + Headers: map[string]string{ + // test@example.com, _superusers + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: strings.NewReader(`{ + "requests": [ + {"method":"POST", "url":"/api/collections/demo5/records?expand=rel_one", "body": {"total": 9, "rel_one":"qzaqccwrmva4o1n"}}, + {"method":"PATCH", "url":"/api/collections/demo5/records/qjeql998mtp1azp?expand=rel_many", "body": {"total": 10}} + ] + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().Batch.MaxBodySize = 10 + }, + ExpectedStatus: 413, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/collection.go b/apis/collection.go new file mode 100644 index 0000000..3adf1db --- /dev/null +++ b/apis/collection.go @@ -0,0 +1,206 @@ +package apis + +import ( + "errors" + "net/http" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/search" +) + +// bindCollectionApi registers the collection api endpoints and the corresponding handlers. +func bindCollectionApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + subGroup := rg.Group("/collections").Bind(RequireSuperuserAuth()) + subGroup.GET("", collectionsList) + subGroup.POST("", collectionCreate) + subGroup.GET("/{collection}", collectionView) + subGroup.PATCH("/{collection}", collectionUpdate) + subGroup.DELETE("/{collection}", collectionDelete) + subGroup.DELETE("/{collection}/truncate", collectionTruncate) + subGroup.PUT("/import", collectionsImport) + subGroup.GET("/meta/scaffolds", collectionScaffolds) +} + +func collectionsList(e *core.RequestEvent) error { + fieldResolver := search.NewSimpleFieldResolver( + "id", "created", "updated", "name", "system", "type", + ) + + collections := []*core.Collection{} + + result, err := search.NewProvider(fieldResolver). + Query(e.App.CollectionQuery()). + ParseAndExec(e.Request.URL.Query().Encode(), &collections) + + if err != nil { + return e.BadRequestError("", err) + } + + event := new(core.CollectionsListRequestEvent) + event.RequestEvent = e + event.Collections = collections + event.Result = result + + return event.App.OnCollectionsListRequest().Trigger(event, func(e *core.CollectionsListRequestEvent) error { + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Result) + }) + }) +} + +func collectionView(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("", err) + } + + event := new(core.CollectionRequestEvent) + event.RequestEvent = e + event.Collection = collection + + return e.App.OnCollectionViewRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Collection) + }) + }) +} + +func collectionCreate(e *core.RequestEvent) error { + // populate the minimal required factory collection data (if any) + factoryExtract := struct { + Type string `form:"type" json:"type"` + Name string `form:"name" json:"name"` + }{} + if err := e.BindBody(&factoryExtract); err != nil { + return e.BadRequestError("Failed to load the collection type data due to invalid formatting.", err) + } + + // create scaffold + collection := core.NewCollection(factoryExtract.Type, factoryExtract.Name) + + // merge the scaffold with the submitted request data + if err := e.BindBody(collection); err != nil { + return e.BadRequestError("Failed to load the submitted data due to invalid formatting.", err) + } + + event := new(core.CollectionRequestEvent) + event.RequestEvent = e + event.Collection = collection + + return e.App.OnCollectionCreateRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + if err := e.App.Save(e.Collection); err != nil { + // validation failure + var validationErrors validation.Errors + if errors.As(err, &validationErrors) { + return e.BadRequestError("Failed to create collection.", validationErrors) + } + + // other generic db error + return e.BadRequestError("Failed to create collection. Raw error: \n"+err.Error(), nil) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Collection) + }) + }) +} + +func collectionUpdate(e *core.RequestEvent) error { + collection, err := e.App.FindCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("", err) + } + + if err := e.BindBody(collection); err != nil { + return e.BadRequestError("Failed to load the submitted data due to invalid formatting.", err) + } + + event := new(core.CollectionRequestEvent) + event.RequestEvent = e + event.Collection = collection + + return event.App.OnCollectionUpdateRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + if err := e.App.Save(e.Collection); err != nil { + // validation failure + var validationErrors validation.Errors + if errors.As(err, &validationErrors) { + return e.BadRequestError("Failed to update collection.", validationErrors) + } + + // other generic db error + return e.BadRequestError("Failed to update collection. Raw error: \n"+err.Error(), nil) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Collection) + }) + }) +} + +func collectionDelete(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("", err) + } + + event := new(core.CollectionRequestEvent) + event.RequestEvent = e + event.Collection = collection + + return e.App.OnCollectionDeleteRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + if err := e.App.Delete(e.Collection); err != nil { + msg := "Failed to delete collection" + + // check fo references + refs, _ := e.App.FindCollectionReferences(e.Collection, e.Collection.Id) + if len(refs) > 0 { + names := make([]string, 0, len(refs)) + for ref := range refs { + names = append(names, ref.Name) + } + msg += " probably due to existing reference in " + strings.Join(names, ", ") + } + + return e.BadRequestError(msg, err) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +func collectionTruncate(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("", err) + } + + if collection.IsView() { + return e.BadRequestError("View collections cannot be truncated since they don't store their own records.", nil) + } + + err = e.App.TruncateCollection(collection) + if err != nil { + return e.BadRequestError("Failed to truncate collection (most likely due to required cascade delete record references).", err) + } + + return e.NoContent(http.StatusNoContent) +} + +func collectionScaffolds(e *core.RequestEvent) error { + collections := map[string]*core.Collection{ + core.CollectionTypeBase: core.NewBaseCollection(""), + core.CollectionTypeAuth: core.NewAuthCollection(""), + core.CollectionTypeView: core.NewViewCollection(""), + } + + for _, c := range collections { + c.Id = "" // clear autogenerated id + } + + return e.JSON(http.StatusOK, collections) +} diff --git a/apis/collection_import.go b/apis/collection_import.go new file mode 100644 index 0000000..1a2f2ad --- /dev/null +++ b/apis/collection_import.go @@ -0,0 +1,62 @@ +package apis + +import ( + "errors" + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" +) + +func collectionsImport(e *core.RequestEvent) error { + form := new(collectionsImportForm) + + err := e.BindBody(form) + if err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + + err = form.validate() + if err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + event := new(core.CollectionsImportRequestEvent) + event.RequestEvent = e + event.CollectionsData = form.Collections + event.DeleteMissing = form.DeleteMissing + + return event.App.OnCollectionsImportRequest().Trigger(event, func(e *core.CollectionsImportRequestEvent) error { + importErr := e.App.ImportCollections(e.CollectionsData, form.DeleteMissing) + if importErr == nil { + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + } + + // validation failure + var validationErrors validation.Errors + if errors.As(importErr, &validationErrors) { + return e.BadRequestError("Failed to import collections.", validationErrors) + } + + // generic/db failure + return e.BadRequestError("Failed to import collections.", validation.Errors{"collections": validation.NewError( + "validation_collections_import_failure", + "Failed to import the collections configuration. Raw error:\n"+importErr.Error(), + )}) + }) +} + +// ------------------------------------------------------------------- + +type collectionsImportForm struct { + Collections []map[string]any `form:"collections" json:"collections"` + DeleteMissing bool `form:"deleteMissing" json:"deleteMissing"` +} + +func (form *collectionsImportForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Collections, validation.Required), + ) +} diff --git a/apis/collection_import_test.go b/apis/collection_import_test.go new file mode 100644 index 0000000..aa0bf65 --- /dev/null +++ b/apis/collection_import_test.go @@ -0,0 +1,369 @@ +package apis_test + +import ( + "errors" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestCollectionsImport(t *testing.T) { + t.Parallel() + + totalCollections := 16 + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPut, + URL: "/api/collections/import", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPut, + URL: "/api/collections/import", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + empty collections", + Method: http.MethodPut, + URL: "/api/collections/import", + Body: strings.NewReader(`{"collections":[]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"collections":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + collections := []*core.Collection{} + if err := app.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + expected := totalCollections + if len(collections) != expected { + t.Fatalf("Expected %d collections, got %d", expected, len(collections)) + } + }, + }, + { + Name: "authorized as superuser + collections validator failure", + Method: http.MethodPut, + URL: "/api/collections/import", + Body: strings.NewReader(`{ + "collections":[ + {"name": "import1"}, + { + "name": "import2", + "fields": [ + { + "id": "koih1lqx", + "name": "expand", + "type": "text" + } + ] + } + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"collections":{"code":"validation_collections_import_failure"`, + `import2`, + `fields`, + }, + NotExpectedContent: []string{"Raw error:"}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsImportRequest": 1, + "OnCollectionCreate": 2, + "OnCollectionCreateExecute": 2, + "OnCollectionAfterCreateError": 2, + "OnModelCreate": 2, + "OnModelCreateExecute": 2, + "OnModelAfterCreateError": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + collections := []*core.Collection{} + if err := app.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + expected := totalCollections + if len(collections) != expected { + t.Fatalf("Expected %d collections, got %d", expected, len(collections)) + } + }, + }, + { + Name: "authorized as superuser + non-validator failure", + Method: http.MethodPut, + URL: "/api/collections/import", + Body: strings.NewReader(`{ + "collections":[ + { + "name": "import1", + "fields": [ + { + "id": "koih1lqx", + "name": "test", + "type": "text" + } + ] + }, + { + "name": "import2", + "fields": [ + { + "id": "koih1lqx", + "name": "test", + "type": "text" + } + ], + "indexes": [ + "create index idx_test on import2 (test)" + ] + } + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"collections":{"code":"validation_collections_import_failure"`, + `Raw error:`, + `custom_error`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsImportRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionCreate().BindFunc(func(e *core.CollectionEvent) error { + return errors.New("custom_error") + }) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + collections := []*core.Collection{} + if err := app.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + expected := totalCollections + if len(collections) != expected { + t.Fatalf("Expected %d collections, got %d", expected, len(collections)) + } + }, + }, + { + Name: "authorized as superuser + successful collections create", + Method: http.MethodPut, + URL: "/api/collections/import", + Body: strings.NewReader(`{ + "collections":[ + { + "name": "import1", + "fields": [ + { + "id": "koih1lqx", + "name": "test", + "type": "text" + } + ] + }, + { + "name": "import2", + "fields": [ + { + "id": "koih1lqx", + "name": "test", + "type": "text" + } + ], + "indexes": [ + "create index idx_test on import2 (test)" + ] + }, + { + "name": "auth_without_fields", + "type": "auth" + } + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsImportRequest": 1, + "OnCollectionCreate": 3, + "OnCollectionCreateExecute": 3, + "OnCollectionAfterCreateSuccess": 3, + "OnModelCreate": 3, + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + collections := []*core.Collection{} + if err := app.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + + expected := totalCollections + 3 + if len(collections) != expected { + t.Fatalf("Expected %d collections, got %d", expected, len(collections)) + } + + indexes, err := app.TableIndexes("import2") + if err != nil || indexes["idx_test"] == "" { + t.Fatalf("Missing index %s (%v)", "idx_test", err) + } + }, + }, + { + Name: "authorized as superuser + create/update/delete", + Method: http.MethodPut, + URL: "/api/collections/import", + Body: strings.NewReader(`{ + "deleteMissing": true, + "collections":[ + {"name": "test123"}, + { + "id":"wsmn24bux7wo113", + "name":"demo1", + "fields":[ + { + "id":"_2hlxbmp", + "name":"title", + "type":"text", + "required":true + } + ], + "indexes": [] + } + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsImportRequest": 1, + // --- + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateSuccess": 1, + // --- + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnCollectionUpdate": 1, + "OnCollectionUpdateExecute": 1, + "OnCollectionAfterUpdateSuccess": 1, + // --- + "OnModelDelete": 14, + "OnModelAfterDeleteSuccess": 14, + "OnModelDeleteExecute": 14, + "OnCollectionDelete": 9, + "OnCollectionDeleteExecute": 9, + "OnCollectionAfterDeleteSuccess": 9, + "OnRecordAfterDeleteSuccess": 5, + "OnRecordDelete": 5, + "OnRecordDeleteExecute": 5, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + collections := []*core.Collection{} + if err := app.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + + systemCollections := 0 + for _, c := range collections { + if c.System { + systemCollections++ + } + } + + expected := systemCollections + 2 + if len(collections) != expected { + t.Fatalf("Expected %d collections, got %d", expected, len(collections)) + } + }, + }, + { + Name: "OnCollectionsImportRequest tx body write check", + Method: http.MethodPut, + URL: "/api/collections/import", + Body: strings.NewReader(`{ + "deleteMissing": true, + "collections":[ + {"name": "test123"}, + { + "id":"wsmn24bux7wo113", + "name":"demo1", + "fields":[ + { + "id":"_2hlxbmp", + "name":"title", + "type":"text", + "required":true + } + ], + "indexes": [] + } + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionsImportRequest().BindFunc(func(e *core.CollectionsImportRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnCollectionsImportRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/collection_test.go b/apis/collection_test.go new file mode 100644 index 0000000..8d74f75 --- /dev/null +++ b/apis/collection_test.go @@ -0,0 +1,1586 @@ +package apis_test + +import ( + "net/http" + "os" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/list" +) + +func TestCollectionsList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/collections", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/collections", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/collections", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":16`, + `"items":[{`, + `"name":"` + core.CollectionNameSuperusers + `"`, + `"name":"` + core.CollectionNameAuthOrigins + `"`, + `"name":"` + core.CollectionNameExternalAuths + `"`, + `"name":"` + core.CollectionNameMFAs + `"`, + `"name":"` + core.CollectionNameOTPs + `"`, + `"name":"users"`, + `"name":"nologin"`, + `"name":"clients"`, + `"name":"demo1"`, + `"name":"demo2"`, + `"name":"demo3"`, + `"name":"demo4"`, + `"name":"demo5"`, + `"name":"numeric_id_view"`, + `"name":"view1"`, + `"name":"view2"`, + `"type":"auth"`, + `"type":"base"`, + `"type":"view"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsListRequest": 1, + }, + }, + { + Name: "authorized as superuser + paging and sorting", + Method: http.MethodGet, + URL: "/api/collections?page=2&perPage=2&sort=-created", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":2`, + `"perPage":2`, + `"totalItems":16`, + `"items":[{`, + `"name":"` + core.CollectionNameMFAs + `"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsListRequest": 1, + }, + }, + { + Name: "authorized as superuser + invalid filter", + Method: http.MethodGet, + URL: "/api/collections?filter=invalidfield~'demo2'", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + valid filter", + Method: http.MethodGet, + URL: "/api/collections?filter=name~'demo'", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":5`, + `"items":[{`, + `"name":"demo1"`, + `"name":"demo2"`, + `"name":"demo3"`, + `"name":"demo4"`, + `"name":"demo5"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionsListRequest": 1, + }, + }, + { + Name: "OnCollectionsListRequest tx body write check", + Method: http.MethodGet, + URL: "/api/collections", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionsListRequest().BindFunc(func(e *core.CollectionsListRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnCollectionsListRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCollectionView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/collections/demo1", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/collections/demo1", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + nonexisting collection identifier", + Method: http.MethodGet, + URL: "/api/collections/missing", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + using the collection name", + Method: http.MethodGet, + URL: "/api/collections/demo1", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"wsmn24bux7wo113"`, + `"name":"demo1"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionViewRequest": 1, + }, + }, + { + Name: "authorized as superuser + using the collection id", + Method: http.MethodGet, + URL: "/api/collections/wsmn24bux7wo113", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"wsmn24bux7wo113"`, + `"name":"demo1"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionViewRequest": 1, + }, + }, + { + Name: "OnCollectionViewRequest tx body write check", + Method: http.MethodGet, + URL: "/api/collections/wsmn24bux7wo113", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionViewRequest().BindFunc(func(e *core.CollectionRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnCollectionViewRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCollectionDelete(t *testing.T) { + t.Parallel() + + ensureDeletedFiles := func(app *tests.TestApp, collectionId string) { + storageDir := filepath.Join(app.DataDir(), "storage", collectionId) + + entries, _ := os.ReadDir(storageDir) + if len(entries) != 0 { + t.Errorf("Expected empty/deleted dir, found %d", len(entries)) + } + } + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodDelete, + URL: "/api/collections/demo1", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodDelete, + URL: "/api/collections/demo1", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + nonexisting collection identifier", + Method: http.MethodDelete, + URL: "/api/collections/missing", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + using the collection name", + Method: http.MethodDelete, + URL: "/api/collections/demo5", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionDeleteRequest": 1, + "OnCollectionDelete": 1, + "OnCollectionDeleteExecute": 1, + "OnCollectionAfterDeleteSuccess": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureDeletedFiles(app, "9n89pl5vkct6330") + }, + }, + { + Name: "authorized as superuser + using the collection id", + Method: http.MethodDelete, + URL: "/api/collections/9n89pl5vkct6330", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionDeleteRequest": 1, + "OnCollectionDelete": 1, + "OnCollectionDeleteExecute": 1, + "OnCollectionAfterDeleteSuccess": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureDeletedFiles(app, "9n89pl5vkct6330") + }, + }, + { + Name: "authorized as superuser + trying to delete a system collection", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameMFAs, + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionDeleteRequest": 1, + "OnCollectionDelete": 1, + "OnCollectionDeleteExecute": 1, + "OnCollectionAfterDeleteError": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteError": 1, + }, + }, + { + Name: "authorized as superuser + trying to delete a referenced collection", + Method: http.MethodDelete, + URL: "/api/collections/demo2", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionDeleteRequest": 1, + "OnCollectionDelete": 1, + "OnCollectionDeleteExecute": 1, + "OnCollectionAfterDeleteError": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteError": 1, + }, + }, + { + Name: "authorized as superuser + deleting a view", + Method: http.MethodDelete, + URL: "/api/collections/view2", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionDeleteRequest": 1, + "OnCollectionDelete": 1, + "OnCollectionDeleteExecute": 1, + "OnCollectionAfterDeleteSuccess": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + }, + }, + { + Name: "OnCollectionDeleteRequest tx body write check", + Method: http.MethodDelete, + URL: "/api/collections/view2", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionDeleteRequest().BindFunc(func(e *core.CollectionRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnCollectionDeleteRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCollectionCreate(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/collections", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{"name":"new","type":"base","fields":[{"type":"text","name":"test"}]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + empty data", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(``), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"name":{"code":"validation_required"`, + }, + NotExpectedContent: []string{ + `"fields":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "authorized as superuser + invalid data (eg. existing name)", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{"name":"demo1","type":"base","fields":[{"type":"text","name":""}]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"fields":{`, + `"name":{"code":"validation_collection_name_exists"`, + `"name":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "authorized as superuser + valid data", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{"name":"new","type":"base","fields":[{"type":"text","id":"12345789","name":"test"}]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":`, + `"name":"new"`, + `"type":"base"`, + `"system":false`, + // ensures that id field was prepended + `"fields":[{"autogeneratePattern":"[a-z0-9]{15}","hidden":false,"id":"text3208210256","max":15,"min":15,"name":"id","pattern":"^[a-z0-9]+$","presentable":false,"primaryKey":true,"required":true,"system":true,"type":"text"},{"autogeneratePattern":"","hidden":false,"id":"12345789","max":0,"min":0,"name":"test","pattern":"","presentable":false,"primaryKey":false,"required":false,"system":false,"type":"text"}]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "creating auth collection (default settings merge test)", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"auth", + "emailChangeToken":{"duration":123}, + "fields":[ + {"type":"text","id":"12345789","name":"test"}, + {"type":"text","name":"tokenKey","system":true,"required":false,"min":10} + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":`, + `"name":"new"`, + `"type":"auth"`, + `"system":false`, + `"passwordAuth":{"enabled":true,"identityFields":["email"]}`, + `"authRule":""`, + `"manageRule":null`, + `"name":"test"`, + `"name":"id"`, + `"name":"tokenKey"`, + `"name":"password"`, + `"name":"email"`, + `"name":"emailVisibility"`, + `"name":"verified"`, + `"duration":123`, + // should overwrite the user required option but keep the min value + `{"autogeneratePattern":"","hidden":true,"id":"text2504183744","max":0,"min":10,"name":"tokenKey","pattern":"","presentable":false,"primaryKey":false,"required":true,"system":true,"type":"text"}`, + }, + NotExpectedContent: []string{ + `"secret":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "creating base collection with reserved auth fields", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"base", + "fields":[ + {"type":"text","name":"email"}, + {"type":"text","name":"username"}, + {"type":"text","name":"verified"}, + {"type":"text","name":"emailVisibility"}, + {"type":"text","name":"lastResetSentAt"}, + {"type":"text","name":"lastVerificationSentAt"}, + {"type":"text","name":"tokenKey"}, + {"type":"text","name":"passwordHash"}, + {"type":"text","name":"password"}, + {"type":"text","name":"passwordConfirm"}, + {"type":"text","name":"oldPassword"} + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"name":"new"`, + `"type":"base"`, + `"fields":[{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "trying to create base collection with reserved system fields", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"base", + "fields":[ + {"type":"text","name":"id"}, + {"type":"text","name":"expand"}, + {"type":"text","name":"collectionId"}, + {"type":"text","name":"collectionName"} + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{"fields":{`, + `"1":{"name":{"code":"validation_not_in_invalid`, + `"2":{"name":{"code":"validation_not_in_invalid`, + `"3":{"name":{"code":"validation_not_in_invalid`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "trying to create auth collection with reserved auth fields", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"auth", + "fields":[ + {"type":"text","name":"oldPassword"}, + {"type":"text","name":"passwordConfirm"} + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{"fields":{`, + `"1":{"name":{"code":"validation_reserved_field_name`, + `"2":{"name":{"code":"validation_reserved_field_name`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "OnCollectionCreateRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{"name":"new","type":"base"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionCreateRequest().BindFunc(func(e *core.CollectionRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnCollectionCreateRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // view + // ----------------------------------------------------------- + { + Name: "trying to create view collection with invalid options", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"view", + "fields":[{"type":"text","id":"12345789","name":"ignored!@#$"}], + "viewQuery":"invalid" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"viewQuery":{"code":"validation_invalid_view_query`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "creating view collection", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"view", + "fields":[{"type":"text","id":"12345789","name":"ignored!@#$"}], + "viewQuery": "select 1 as id from ` + core.CollectionNameSuperusers + `" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"name":"new"`, + `"type":"view"`, + `"fields":[{"autogeneratePattern":"","hidden":false,"id":"text3208210256","max":0,"min":0,"name":"id","pattern":"^[a-z0-9]+$","presentable":false,"primaryKey":true,"required":true,"system":true,"type":"text"}]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + }, + }, + + // indexes + // ----------------------------------------------------------- + { + Name: "creating base collection with invalid indexes", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"base", + "fields":[ + {"type":"text","name":"test"} + ], + "indexes": [ + "create index idx_test1 on new (test)", + "create index idx_test2 on new (missing)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"indexes":{"1":{"code":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "creating base collection with index name from another collection", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"base", + "fields":[ + {"type":"text","name":"test"} + ], + "indexes": [ + "create index exist_test on new (test)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + demo1.AddIndex("exist_test", false, "updated", "") + if err = app.Save(demo1); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"indexes":{`, + `"0":{"code":"validation_existing_index_name"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "creating base collection with 2 indexes using the same name", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"base", + "indexes": [ + "create index duplicate_idx on new (created)", + "create index duplicate_idx on new (updated)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"indexes":{`, + `"1":{"code":"validation_duplicated_index_name"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionAfterCreateError": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "creating base collection with valid indexes (+ random table name)", + Method: http.MethodPost, + URL: "/api/collections", + Body: strings.NewReader(`{ + "name":"new", + "type":"base", + "fields":[ + {"type":"text","name":"test"} + ], + "indexes": [ + "create index idx_test1 on new (test)", + "create index idx_test2 on anything (id, test)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"name":"new"`, + `"type":"base"`, + `"indexes":[`, + `idx_test1`, + `idx_test2`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionCreateRequest": 1, + "OnCollectionCreate": 1, + "OnCollectionCreateExecute": 1, + "OnCollectionAfterCreateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + indexes, err := app.TableIndexes("new") + if err != nil { + t.Fatal(err) + } + + expected := []string{"idx_test1", "idx_test2"} + if len(indexes) != len(expected) { + t.Fatalf("Expected %d indexes, got %d\n%v", len(expected), len(indexes), indexes) + } + for name := range indexes { + if !list.ExistInSlice(name, expected) { + t.Fatalf("Missing index %q", name) + } + } + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCollectionUpdate(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + missing collection", + Method: http.MethodPatch, + URL: "/api/collections/missing", + Body: strings.NewReader(`{}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + empty body", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Body: strings.NewReader(`{}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"wsmn24bux7wo113"`, + `"name":"demo1"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionUpdateExecute": 1, + "OnCollectionAfterUpdateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "OnCollectionUpdateRequest tx body write check", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Body: strings.NewReader(`{}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnCollectionUpdateRequest().BindFunc(func(e *core.CollectionRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnCollectionUpdateRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + { + Name: "authorized as superuser + invalid data (eg. existing name)", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Body: strings.NewReader(`{ + "name":"demo2", + "type":"auth" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"name":{"code":"validation_collection_name_exists"`, + `"type":{"code":"validation_collection_type_change"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "authorized as superuser + valid data", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Body: strings.NewReader(`{"name":"new"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":`, + `"name":"new"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionUpdateExecute": 1, + "OnCollectionAfterUpdateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + // check if the record table was renamed + if !app.HasTable("new") { + t.Fatal("Couldn't find record table 'new'.") + } + }, + }, + { + Name: "trying to update collection with reserved fields", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Body: strings.NewReader(`{ + "name":"new", + "fields":[ + {"type":"text","name":"id","id":"_pbf_text_id_"}, + {"type":"text","name":"created"}, + {"type":"text","name":"updated"}, + {"type":"text","name":"expand"}, + {"type":"text","name":"collectionId"}, + {"type":"text","name":"collectionName"} + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{"fields":{`, + `"3":{"name":{"code":"validation_not_in_invalid`, + `"4":{"name":{"code":"validation_not_in_invalid`, + `"5":{"name":{"code":"validation_not_in_invalid`, + }, + NotExpectedContent: []string{ + `"0":`, + `"1":`, + `"2":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "trying to update collection with changed/removed system fields", + Method: http.MethodPatch, + URL: "/api/collections/demo1", + Body: strings.NewReader(`{ + "name":"new", + "fields":[ + {"type":"text","name":"created"} + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{"fields":{`, + `"code":"validation_system_field_change"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "trying to update auth collection with invalid options", + Method: http.MethodPatch, + URL: "/api/collections/users", + Body: strings.NewReader(`{ + "passwordAuth":{"identityFields": ["missing"]} + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"passwordAuth":{"identityFields":{"code":"validation_missing_field"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + + // view + // ----------------------------------------------------------- + { + Name: "trying to update view collection with invalid options", + Method: http.MethodPatch, + URL: "/api/collections/view1", + Body: strings.NewReader(`{ + "fields":[{"type":"text","id":"12345789","name":"ignored!@#$"}], + "viewQuery":"invalid" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"viewQuery":{"code":"validation_invalid_view_query"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "updating view collection", + Method: http.MethodPatch, + URL: "/api/collections/view2", + Body: strings.NewReader(`{ + "name":"view2_update", + "fields":[{"type":"text","id":"12345789","name":"ignored!@#$"}], + "viewQuery": "select 2 as id, created, updated, email from ` + core.CollectionNameSuperusers + `" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"name":"view2_update"`, + `"type":"view"`, + `"fields":[{`, + `"name":"email"`, + `"name":"id"`, + `"name":"created"`, + `"name":"updated"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionUpdateExecute": 1, + "OnCollectionAfterUpdateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + }, + }, + + // indexes + // ----------------------------------------------------------- + { + Name: "updating base collection with invalid indexes", + Method: http.MethodPatch, + URL: "/api/collections/demo2", + Body: strings.NewReader(`{ + "indexes": [ + "create unique idx_test1 on demo1 (text)", + "create index idx_test2 on demo2 (id, title)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"indexes":{"0":{"code":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + + { + Name: "updating base collection with index name from another collection", + Method: http.MethodPatch, + URL: "/api/collections/demo2", + Body: strings.NewReader(`{ + "indexes": [ + "create index exist_test on new (test)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + demo1.AddIndex("exist_test", false, "updated", "") + if err = app.Save(demo1); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"indexes":{`, + `"0":{"code":"validation_existing_index_name"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + { + Name: "updating base collection with 2 indexes using the same name", + Method: http.MethodPatch, + URL: "/api/collections/demo2", + Body: strings.NewReader(`{ + "indexes": [ + "create index duplicate_idx on new (created)", + "create index duplicate_idx on new (updated)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"indexes":{`, + `"1":{"code":"validation_duplicated_index_name"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionAfterUpdateError": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + }, + }, + + { + Name: "updating base collection with valid indexes (+ random table name)", + Method: http.MethodPatch, + URL: "/api/collections/demo2", + Body: strings.NewReader(`{ + "indexes": [ + "create unique index idx_test1 on demo2 (title)", + "create index idx_test2 on anything (active)" + ] + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"name":"demo2"`, + `"indexes":[`, + `idx_test1`, + `idx_test2`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnCollectionUpdateRequest": 1, + "OnCollectionUpdate": 1, + "OnCollectionUpdateExecute": 1, + "OnCollectionAfterUpdateSuccess": 1, + "OnCollectionValidate": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + indexes, err := app.TableIndexes("demo2") + if err != nil { + t.Fatal(err) + } + + expected := []string{"idx_test1", "idx_test2"} + if len(indexes) != len(expected) { + t.Fatalf("Expected %d indexes, got %d\n%v", len(expected), len(indexes), indexes) + } + for name := range indexes { + if !list.ExistInSlice(name, expected) { + t.Fatalf("Missing index %q", name) + } + } + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCollectionScaffolds(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/collections/meta/scaffolds", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/collections/meta/scaffolds", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/collections/meta/scaffolds", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":""`, + `"name":""`, + `"auth":{`, + `"base":{`, + `"view":{`, + `"type":"auth"`, + `"type":"base"`, + `"type":"view"`, + `"fields":[{`, + `"fields":[{`, + `"id":"text3208210256"`, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCollectionTruncate(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodDelete, + URL: "/api/collections/demo5/truncate", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodDelete, + URL: "/api/collections/demo5/truncate", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodDelete, + URL: "/api/collections/demo5/truncate", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnModelDelete": 2, + "OnModelDeleteExecute": 2, + "OnModelAfterDeleteSuccess": 2, + "OnRecordDelete": 2, + "OnRecordDeleteExecute": 2, + "OnRecordAfterDeleteSuccess": 2, + }, + }, + { + Name: "authorized as superuser but collection with required cascade delete references", + Method: http.MethodDelete, + URL: "/api/collections/demo3/truncate", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnModelDelete": 2, + "OnModelDeleteExecute": 2, + "OnModelAfterDeleteError": 2, + "OnModelUpdate": 2, + "OnModelUpdateExecute": 2, + "OnModelAfterUpdateError": 2, + "OnRecordDelete": 2, + "OnRecordDeleteExecute": 2, + "OnRecordAfterDeleteError": 2, + "OnRecordUpdate": 2, + "OnRecordUpdateExecute": 2, + "OnRecordAfterUpdateError": 2, + }, + }, + { + Name: "authorized as superuser trying to truncate view collection", + Method: http.MethodDelete, + URL: "/api/collections/view2/truncate", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/cron.go b/apis/cron.go new file mode 100644 index 0000000..6195ed6 --- /dev/null +++ b/apis/cron.go @@ -0,0 +1,59 @@ +package apis + +import ( + "net/http" + "slices" + "strings" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/cron" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/routine" +) + +// bindCronApi registers the crons api endpoint. +func bindCronApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + subGroup := rg.Group("/crons").Bind(RequireSuperuserAuth()) + subGroup.GET("", cronsList) + subGroup.POST("/{id}", cronRun) +} + +func cronsList(e *core.RequestEvent) error { + jobs := e.App.Cron().Jobs() + + slices.SortStableFunc(jobs, func(a, b *cron.Job) int { + if strings.HasPrefix(a.Id(), "__pb") { + return 1 + } + if strings.HasPrefix(b.Id(), "__pb") { + return -1 + } + return strings.Compare(a.Id(), b.Id()) + }) + + return e.JSON(http.StatusOK, jobs) +} + +func cronRun(e *core.RequestEvent) error { + cronId := e.Request.PathValue("id") + + var foundJob *cron.Job + + jobs := e.App.Cron().Jobs() + for _, j := range jobs { + if j.Id() == cronId { + foundJob = j + break + } + } + + if foundJob == nil { + return e.NotFoundError("Missing or invalid cron job", nil) + } + + routine.FireAndForget(func() { + foundJob.Run() + }) + + return e.NoContent(http.StatusNoContent) +} diff --git a/apis/cron_test.go b/apis/cron_test.go new file mode 100644 index 0000000..a72fb2f --- /dev/null +++ b/apis/cron_test.go @@ -0,0 +1,149 @@ +package apis_test + +import ( + "net/http" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/spf13/cast" +) + +func TestCronsList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/crons", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/crons", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (empty list)", + Method: http.MethodGet, + URL: "/api/crons", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Cron().RemoveAll() + }, + ExpectedStatus: 200, + ExpectedContent: []string{`[]`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/crons", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `{"id":"__pbLogsCleanup__","expression":"0 */6 * * *"}`, + `{"id":"__pbDBOptimize__","expression":"0 0 * * *"}`, + `{"id":"__pbMFACleanup__","expression":"0 * * * *"}`, + `{"id":"__pbOTPCleanup__","expression":"0 * * * *"}`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestCronsRun(t *testing.T) { + t.Parallel() + + beforeTestFunc := func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Cron().Add("test", "* * * * *", func() { + app.Store().Set("testJobCalls", cast.ToInt(app.Store().Get("testJobCalls"))+1) + }) + } + + expectedCalls := func(expected int) func(t testing.TB, app *tests.TestApp, res *http.Response) { + return func(t testing.TB, app *tests.TestApp, res *http.Response) { + total := cast.ToInt(app.Store().Get("testJobCalls")) + if total != expected { + t.Fatalf("Expected total testJobCalls %d, got %d", expected, total) + } + } + } + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/crons/test", + Delay: 50 * time.Millisecond, + BeforeTestFunc: beforeTestFunc, + AfterTestFunc: expectedCalls(0), + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/crons/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Delay: 50 * time.Millisecond, + BeforeTestFunc: beforeTestFunc, + AfterTestFunc: expectedCalls(0), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (missing job)", + Method: http.MethodPost, + URL: "/api/crons/missing", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Delay: 50 * time.Millisecond, + BeforeTestFunc: beforeTestFunc, + AfterTestFunc: expectedCalls(0), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (existing job)", + Method: http.MethodPost, + URL: "/api/crons/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Delay: 50 * time.Millisecond, + BeforeTestFunc: beforeTestFunc, + AfterTestFunc: expectedCalls(1), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/file.go b/apis/file.go new file mode 100644 index 0000000..5c6ec21 --- /dev/null +++ b/apis/file.go @@ -0,0 +1,230 @@ +package apis + +import ( + "context" + "errors" + "fmt" + "log/slog" + "net/http" + "os" + "runtime" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/spf13/cast" + "golang.org/x/sync/semaphore" + "golang.org/x/sync/singleflight" +) + +var imageContentTypes = []string{"image/png", "image/jpg", "image/jpeg", "image/gif", "image/webp"} +var defaultThumbSizes = []string{"100x100"} + +// bindFileApi registers the file api endpoints and the corresponding handlers. +func bindFileApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + maxWorkers := cast.ToInt64(os.Getenv("PB_THUMBS_MAX_WORKERS")) + if maxWorkers <= 0 { + maxWorkers = int64(runtime.NumCPU() + 2) // the value is arbitrary chosen and may change in the future + } + + maxWait := cast.ToInt64(os.Getenv("PB_THUMBS_MAX_WAIT")) + if maxWait <= 0 { + maxWait = 60 + } + + api := fileApi{ + thumbGenPending: new(singleflight.Group), + thumbGenSem: semaphore.NewWeighted(maxWorkers), + thumbGenMaxWait: time.Duration(maxWait) * time.Second, + } + + sub := rg.Group("/files") + sub.POST("/token", api.fileToken).Bind(RequireAuth()) + sub.GET("/{collection}/{recordId}/{filename}", api.download).Bind(collectionPathRateLimit("", "file")) +} + +type fileApi struct { + // thumbGenSem is a semaphore to prevent too much concurrent + // requests generating new thumbs at the same time. + thumbGenSem *semaphore.Weighted + + // thumbGenPending represents a group of currently pending + // thumb generation processes. + thumbGenPending *singleflight.Group + + // thumbGenMaxWait is the maximum waiting time for starting a new + // thumb generation process. + thumbGenMaxWait time.Duration +} + +func (api *fileApi) fileToken(e *core.RequestEvent) error { + if e.Auth == nil { + return e.UnauthorizedError("Missing auth context.", nil) + } + + token, err := e.Auth.NewFileToken() + if err != nil { + return e.InternalServerError("Failed to generate file token", err) + } + + event := new(core.FileTokenRequestEvent) + event.RequestEvent = e + event.Token = token + event.Record = e.Auth + + return e.App.OnFileTokenRequest().Trigger(event, func(e *core.FileTokenRequestEvent) error { + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, map[string]string{"token": e.Token}) + }) + }) +} + +func (api *fileApi) download(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil { + return e.NotFoundError("", nil) + } + + recordId := e.Request.PathValue("recordId") + if recordId == "" { + return e.NotFoundError("", nil) + } + + record, err := e.App.FindRecordById(collection, recordId) + if err != nil { + return e.NotFoundError("", err) + } + + filename := e.Request.PathValue("filename") + + fileField := record.FindFileFieldByFile(filename) + if fileField == nil { + return e.NotFoundError("", nil) + } + + // check whether the request is authorized to view the protected file + if fileField.Protected { + originalRequestInfo, err := e.RequestInfo() + if err != nil { + return e.InternalServerError("Failed to load request info", err) + } + + token := e.Request.URL.Query().Get("token") + authRecord, _ := e.App.FindAuthRecordByToken(token, core.TokenTypeFile) + + // create a shallow copy of the cached request data and adjust it to the current auth record (if any) + requestInfo := *originalRequestInfo + requestInfo.Context = core.RequestInfoContextProtectedFile + requestInfo.Auth = authRecord + + if ok, _ := e.App.CanAccessRecord(record, &requestInfo, record.Collection().ViewRule); !ok { + return e.NotFoundError("", errors.New("insufficient permissions to access the file resource")) + } + } + + baseFilesPath := record.BaseFilesPath() + + // fetch the original view file field related record + if collection.IsView() { + fileRecord, err := e.App.FindRecordByViewFile(collection.Id, fileField.Name, filename) + if err != nil { + return e.NotFoundError("", fmt.Errorf("failed to fetch view file field record: %w", err)) + } + baseFilesPath = fileRecord.BaseFilesPath() + } + + fsys, err := e.App.NewFilesystem() + if err != nil { + return e.InternalServerError("Filesystem initialization failure.", err) + } + defer fsys.Close() + + originalPath := baseFilesPath + "/" + filename + servedPath := originalPath + servedName := filename + + // check for valid thumb size param + thumbSize := e.Request.URL.Query().Get("thumb") + if thumbSize != "" && (list.ExistInSlice(thumbSize, defaultThumbSizes) || list.ExistInSlice(thumbSize, fileField.Thumbs)) { + // extract the original file meta attributes and check it existence + oAttrs, oAttrsErr := fsys.Attributes(originalPath) + if oAttrsErr != nil { + return e.NotFoundError("", err) + } + + // check if it is an image + if list.ExistInSlice(oAttrs.ContentType, imageContentTypes) { + // add thumb size as file suffix + servedName = thumbSize + "_" + filename + servedPath = baseFilesPath + "/thumbs_" + filename + "/" + servedName + + // create a new thumb if it doesn't exist + if exists, _ := fsys.Exists(servedPath); !exists { + if err := api.createThumb(e, fsys, originalPath, servedPath, thumbSize); err != nil { + e.App.Logger().Warn( + "Fallback to original - failed to create thumb "+servedName, + slog.Any("error", err), + slog.String("original", originalPath), + slog.String("thumb", servedPath), + ) + + // fallback to the original + servedName = filename + servedPath = originalPath + } + } + } + } + + event := new(core.FileDownloadRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + event.FileField = fileField + event.ServedPath = servedPath + event.ServedName = servedName + + // clickjacking shouldn't be a concern when serving uploaded files, + // so it safe to unset the global X-Frame-Options to allow files embedding + // (note: it is out of the hook to allow users to customize the behavior) + e.Response.Header().Del("X-Frame-Options") + + return e.App.OnFileDownloadRequest().Trigger(event, func(e *core.FileDownloadRequestEvent) error { + err = execAfterSuccessTx(true, e.App, func() error { + return fsys.Serve(e.Response, e.Request, e.ServedPath, e.ServedName) + }) + if err != nil { + return e.NotFoundError("", err) + } + + return nil + }) +} + +func (api *fileApi) createThumb( + e *core.RequestEvent, + fsys *filesystem.System, + originalPath string, + thumbPath string, + thumbSize string, +) error { + ch := api.thumbGenPending.DoChan(thumbPath, func() (any, error) { + ctx, cancel := context.WithTimeout(e.Request.Context(), api.thumbGenMaxWait) + defer cancel() + + if err := api.thumbGenSem.Acquire(ctx, 1); err != nil { + return nil, err + } + defer api.thumbGenSem.Release(1) + + return nil, fsys.CreateThumb(originalPath, thumbPath, thumbSize) + }) + + res := <-ch + + api.thumbGenPending.Forget(thumbPath) + + return res.Err +} diff --git a/apis/file_test.go b/apis/file_test.go new file mode 100644 index 0000000..a57c2cc --- /dev/null +++ b/apis/file_test.go @@ -0,0 +1,504 @@ +package apis_test + +import ( + "net/http" + "net/http/httptest" + "os" + "path" + "path/filepath" + "runtime" + "sync" + "testing" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestFileToken(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/files/token", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "regular user", + Method: http.MethodPost, + URL: "/api/files/token", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileTokenRequest": 1, + }, + }, + { + Name: "superuser", + Method: http.MethodPost, + URL: "/api/files/token", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileTokenRequest": 1, + }, + }, + { + Name: "hook token overwrite", + Method: http.MethodPost, + URL: "/api/files/token", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnFileTokenRequest().BindFunc(func(e *core.FileTokenRequestEvent) error { + e.Token = "test" + return e.Next() + }) + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"test"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileTokenRequest": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestFileDownload(t *testing.T) { + t.Parallel() + + _, currentFile, _, _ := runtime.Caller(0) + dataDirRelPath := "../tests/data/" + + testFilePath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt") + testImgPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png") + testThumbCropCenterPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png") + testThumbCropTopPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png") + testThumbCropBottomPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png") + testThumbFitPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png") + testThumbZeroWidthPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png") + testThumbZeroHeightPath := filepath.Join(path.Dir(currentFile), dataDirRelPath, "storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png") + + testFile, fileErr := os.ReadFile(testFilePath) + if fileErr != nil { + t.Fatal(fileErr) + } + + testImg, imgErr := os.ReadFile(testImgPath) + if imgErr != nil { + t.Fatal(imgErr) + } + + testThumbCropCenter, thumbErr := os.ReadFile(testThumbCropCenterPath) + if thumbErr != nil { + t.Fatal(thumbErr) + } + + testThumbCropTop, thumbErr := os.ReadFile(testThumbCropTopPath) + if thumbErr != nil { + t.Fatal(thumbErr) + } + + testThumbCropBottom, thumbErr := os.ReadFile(testThumbCropBottomPath) + if thumbErr != nil { + t.Fatal(thumbErr) + } + + testThumbFit, thumbErr := os.ReadFile(testThumbFitPath) + if thumbErr != nil { + t.Fatal(thumbErr) + } + + testThumbZeroWidth, thumbErr := os.ReadFile(testThumbZeroWidthPath) + if thumbErr != nil { + t.Fatal(thumbErr) + } + + testThumbZeroHeight, thumbErr := os.ReadFile(testThumbZeroHeightPath) + if thumbErr != nil { + t.Fatal(thumbErr) + } + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodGet, + URL: "/api/files/missing/4q1xlclmfloku33/300_1SEi6Q6U72.png", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing record", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/missing/300_1SEi6Q6U72.png", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing file", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/missing.png", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "existing image", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png", + ExpectedStatus: 200, + ExpectedContent: []string{string(testImg)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - missing thumb (should fallback to the original)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=999x999", + ExpectedStatus: 200, + ExpectedContent: []string{string(testImg)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - existing thumb (crop center)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=70x50", + ExpectedStatus: 200, + ExpectedContent: []string{string(testThumbCropCenter)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - existing thumb (crop top)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=70x50t", + ExpectedStatus: 200, + ExpectedContent: []string{string(testThumbCropTop)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - existing thumb (crop bottom)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=70x50b", + ExpectedStatus: 200, + ExpectedContent: []string{string(testThumbCropBottom)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - existing thumb (fit)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=70x50f", + ExpectedStatus: 200, + ExpectedContent: []string{string(testThumbFit)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - existing thumb (zero width)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=0x50", + ExpectedStatus: 200, + ExpectedContent: []string{string(testThumbZeroWidth)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing image - existing thumb (zero height)", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png?thumb=70x0", + ExpectedStatus: 200, + ExpectedContent: []string{string(testThumbZeroHeight)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "existing non image file - thumb parameter should be ignored", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt?thumb=100x100", + ExpectedStatus: 200, + ExpectedContent: []string{string(testFile)}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + + // protected file access checks + { + Name: "protected file - superuser with expired file token", + Method: http.MethodGet, + URL: "/api/files/demo1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MTY0MDk5MTY2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.nqqtqpPhxU0045F4XP_ruAkzAidYBc5oPy9ErN3XBq0", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "protected file - superuser with valid file token", + Method: http.MethodGet, + URL: "/api/files/demo1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.Lupz541xRvrktwkrl55p5pPCF77T69ZRsohsIcb2dxc", + ExpectedStatus: 200, + ExpectedContent: []string{"PNG"}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "protected file - guest without view access", + Method: http.MethodGet, + URL: "/api/files/demo1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "protected file - guest with view access", + Method: http.MethodGet, + URL: "/api/files/demo1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // mock public view access + c, err := app.FindCachedCollectionByNameOrId("demo1") + if err != nil { + t.Fatalf("Failed to fetch mock collection: %v", err) + } + c.ViewRule = types.Pointer("") + if err := app.UnsafeWithoutHooks().Save(c); err != nil { + t.Fatalf("Failed to update mock collection: %v", err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{"PNG"}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "protected file - auth record without view access", + Method: http.MethodGet, + URL: "/api/files/demo1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8ifQ.nSTLuCPcGpWn2K2l-BFkC3Vlzc-ZTDPByYq8dN1oPSo", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // mock restricted user view access + c, err := app.FindCachedCollectionByNameOrId("demo1") + if err != nil { + t.Fatalf("Failed to fetch mock collection: %v", err) + } + c.ViewRule = types.Pointer("@request.auth.verified = true") + if err := app.UnsafeWithoutHooks().Save(c); err != nil { + t.Fatalf("Failed to update mock collection: %v", err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "protected file - auth record with view access", + Method: http.MethodGet, + URL: "/api/files/demo1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8ifQ.nSTLuCPcGpWn2K2l-BFkC3Vlzc-ZTDPByYq8dN1oPSo", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // mock user view access + c, err := app.FindCachedCollectionByNameOrId("demo1") + if err != nil { + t.Fatalf("Failed to fetch mock collection: %v", err) + } + c.ViewRule = types.Pointer("@request.auth.verified = false") + if err := app.UnsafeWithoutHooks().Save(c); err != nil { + t.Fatalf("Failed to update mock collection: %v", err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{"PNG"}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + { + Name: "protected file in view (view's View API rule failure)", + Method: http.MethodGet, + URL: "/api/files/view1/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8ifQ.nSTLuCPcGpWn2K2l-BFkC3Vlzc-ZTDPByYq8dN1oPSo", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "protected file in view (view's View API rule success)", + Method: http.MethodGet, + URL: "/api/files/view1/84nmscqy84lsi1t/test_d61b33QdDU.txt?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8ifQ.nSTLuCPcGpWn2K2l-BFkC3Vlzc-ZTDPByYq8dN1oPSo", + ExpectedStatus: 200, + ExpectedContent: []string{"test"}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnFileDownloadRequest": 1, + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:file", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:file"}, + {MaxRequests: 0, Label: "users:file"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:file", + Method: http.MethodGet, + URL: "/api/files/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:file"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + // clone for the HEAD test (the same as the original scenario but without body) + head := scenario + head.Method = http.MethodHead + head.Name = ("(HEAD) " + scenario.Name) + head.ExpectedContent = nil + head.Test(t) + + // regular request test + scenario.Test(t) + } +} + +func TestConcurrentThumbsGeneration(t *testing.T) { + t.Parallel() + + app, err := tests.NewTestApp() + if err != nil { + t.Fatal(err) + } + defer app.Cleanup() + + fsys, err := app.NewFilesystem() + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + // create a dummy file field collection + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + fileField := demo1.Fields.GetByName("file_one").(*core.FileField) + fileField.Protected = false + fileField.MaxSelect = 1 + fileField.MaxSize = 999999 + // new thumbs + fileField.Thumbs = []string{"111x111", "111x222", "111x333"} + demo1.Fields.Add(fileField) + if err = app.Save(demo1); err != nil { + t.Fatal(err) + } + + fileKey := "wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png" + + urls := []string{ + "/api/files/" + fileKey + "?thumb=111x111", + "/api/files/" + fileKey + "?thumb=111x111", // should still result in single thumb + "/api/files/" + fileKey + "?thumb=111x222", + "/api/files/" + fileKey + "?thumb=111x333", + } + + var wg sync.WaitGroup + + wg.Add(len(urls)) + + for _, url := range urls { + go func() { + defer wg.Done() + + recorder := httptest.NewRecorder() + + req := httptest.NewRequest("GET", url, nil) + + pbRouter, _ := apis.NewRouter(app) + mux, _ := pbRouter.BuildMux() + if mux != nil { + mux.ServeHTTP(recorder, req) + } + }() + } + + wg.Wait() + + // ensure that all new requested thumbs were created + thumbKeys := []string{ + "wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/111x111_" + filepath.Base(fileKey), + "wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/111x222_" + filepath.Base(fileKey), + "wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/111x333_" + filepath.Base(fileKey), + } + for _, k := range thumbKeys { + if exists, _ := fsys.Exists(k); !exists { + t.Fatalf("Missing thumb %q: %v", k, err) + } + } +} diff --git a/apis/health.go b/apis/health.go new file mode 100644 index 0000000..5b13b42 --- /dev/null +++ b/apis/health.go @@ -0,0 +1,53 @@ +package apis + +import ( + "net/http" + "slices" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/router" +) + +// bindHealthApi registers the health api endpoint. +func bindHealthApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + subGroup := rg.Group("/health") + subGroup.GET("", healthCheck) +} + +// healthCheck returns a 200 OK response if the server is healthy. +func healthCheck(e *core.RequestEvent) error { + resp := struct { + Message string `json:"message"` + Code int `json:"code"` + Data map[string]any `json:"data"` + }{ + Code: http.StatusOK, + Message: "API is healthy.", + } + + if e.HasSuperuserAuth() { + resp.Data = make(map[string]any, 3) + resp.Data["canBackup"] = !e.App.Store().Has(core.StoreKeyActiveBackup) + resp.Data["realIP"] = e.RealIP() + + // loosely check if behind a reverse proxy + // (usually used in the dashboard to remind superusers in case deployed behind reverse-proxy) + possibleProxyHeader := "" + headersToCheck := append( + slices.Clone(e.App.Settings().TrustedProxy.Headers), + // common proxy headers + "CF-Connecting-IP", "Fly-Client-IP", "X‑Forwarded-For", + ) + for _, header := range headersToCheck { + if e.Request.Header.Get(header) != "" { + possibleProxyHeader = header + break + } + } + resp.Data["possibleProxyHeader"] = possibleProxyHeader + } else { + resp.Data = map[string]any{} // ensure that it is returned as object + } + + return e.JSON(http.StatusOK, resp) +} diff --git a/apis/health_test.go b/apis/health_test.go new file mode 100644 index 0000000..4f45c47 --- /dev/null +++ b/apis/health_test.go @@ -0,0 +1,71 @@ +package apis_test + +import ( + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/tests" +) + +func TestHealthAPI(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "GET health status (guest)", + Method: http.MethodGet, // automatically matches also HEAD as a side-effect of the Go std mux + URL: "/api/health", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"code":200`, + `"data":{}`, + }, + NotExpectedContent: []string{ + "canBackup", + "realIP", + "possibleProxyHeader", + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "GET health status (regular user)", + Method: http.MethodGet, + URL: "/api/health", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"code":200`, + `"data":{}`, + }, + NotExpectedContent: []string{ + "canBackup", + "realIP", + "possibleProxyHeader", + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "GET health status (superuser)", + Method: http.MethodGet, + URL: "/api/health", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"code":200`, + `"data":{`, + `"canBackup":true`, + `"realIP"`, + `"possibleProxyHeader"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/installer.go b/apis/installer.go new file mode 100644 index 0000000..03467f4 --- /dev/null +++ b/apis/installer.go @@ -0,0 +1,88 @@ +package apis + +import ( + "database/sql" + "errors" + "fmt" + "os" + "strings" + "time" + + "github.com/fatih/color" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/osutils" +) + +// DefaultInstallerFunc is the default PocketBase installer function. +// +// It will attempt to open a link in the browser (with a short-lived auth +// token for the systemSuperuser) to the installer UI so that users can +// create their own custom superuser record. +// +// See https://github.com/pocketbase/pocketbase/discussions/5814. +func DefaultInstallerFunc(app core.App, systemSuperuser *core.Record, baseURL string) error { + token, err := systemSuperuser.NewStaticAuthToken(30 * time.Minute) + if err != nil { + return err + } + + // launch url (ignore errors and always print a help text as fallback) + url := fmt.Sprintf("%s/_/#/pbinstal/%s", strings.TrimRight(baseURL, "/"), token) + _ = osutils.LaunchURL(url) + color.Magenta("\n(!) Launch the URL below in the browser if it hasn't been open already to create your first superuser account:") + color.New(color.Bold).Add(color.FgCyan).Println(url) + color.New(color.FgHiBlack, color.Italic).Printf("(you can also create your first superuser by running: %s superuser upsert EMAIL PASS)\n\n", os.Args[0]) + + return nil +} + +func loadInstaller( + app core.App, + baseURL string, + installerFunc func(app core.App, systemSuperuser *core.Record, baseURL string) error, +) error { + if installerFunc == nil || !needInstallerSuperuser(app) { + return nil + } + + superuser, err := findOrCreateInstallerSuperuser(app) + if err != nil { + return err + } + + return installerFunc(app, superuser, baseURL) +} + +func needInstallerSuperuser(app core.App) bool { + total, err := app.CountRecords(core.CollectionNameSuperusers, dbx.Not(dbx.HashExp{ + "email": core.DefaultInstallerEmail, + })) + + return err == nil && total == 0 +} + +func findOrCreateInstallerSuperuser(app core.App) (*core.Record, error) { + col, err := app.FindCachedCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + return nil, err + } + + record, err := app.FindAuthRecordByEmail(col, core.DefaultInstallerEmail) + if err != nil { + if !errors.Is(err, sql.ErrNoRows) { + return nil, err + } + + record = core.NewRecord(col) + record.SetEmail(core.DefaultInstallerEmail) + record.SetRandomPassword() + + err = app.Save(record) + if err != nil { + return nil, err + } + } + + return record, nil +} diff --git a/apis/logs.go b/apis/logs.go new file mode 100644 index 0000000..9f92492 --- /dev/null +++ b/apis/logs.go @@ -0,0 +1,73 @@ +package apis + +import ( + "net/http" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/search" +) + +// bindLogsApi registers the request logs api endpoints. +func bindLogsApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + sub := rg.Group("/logs").Bind(RequireSuperuserAuth(), SkipSuccessActivityLog()) + sub.GET("", logsList) + sub.GET("/stats", logsStats) + sub.GET("/{id}", logsView) +} + +var logFilterFields = []string{ + "id", "created", "level", "message", "data", + `^data\.[\w\.\:]*\w+$`, +} + +func logsList(e *core.RequestEvent) error { + fieldResolver := search.NewSimpleFieldResolver(logFilterFields...) + + result, err := search.NewProvider(fieldResolver). + Query(e.App.AuxModelQuery(&core.Log{})). + ParseAndExec(e.Request.URL.Query().Encode(), &[]*core.Log{}) + + if err != nil { + return e.BadRequestError("", err) + } + + return e.JSON(http.StatusOK, result) +} + +func logsStats(e *core.RequestEvent) error { + fieldResolver := search.NewSimpleFieldResolver(logFilterFields...) + + filter := e.Request.URL.Query().Get(search.FilterQueryParam) + + var expr dbx.Expression + if filter != "" { + var err error + expr, err = search.FilterData(filter).BuildExpr(fieldResolver) + if err != nil { + return e.BadRequestError("Invalid filter format.", err) + } + } + + stats, err := e.App.LogsStats(expr) + if err != nil { + return e.BadRequestError("Failed to generate logs stats.", err) + } + + return e.JSON(http.StatusOK, stats) +} + +func logsView(e *core.RequestEvent) error { + id := e.Request.PathValue("id") + if id == "" { + return e.NotFoundError("", nil) + } + + log, err := e.App.FindLogById(id) + if err != nil || log == nil { + return e.NotFoundError("", err) + } + + return e.JSON(http.StatusOK, log) +} diff --git a/apis/logs_test.go b/apis/logs_test.go new file mode 100644 index 0000000..ca3e33f --- /dev/null +++ b/apis/logs_test.go @@ -0,0 +1,212 @@ +package apis_test + +import ( + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestLogsList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/logs", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/logs", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/logs", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubLogsData(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":2`, + `"items":[{`, + `"id":"873f2133-9f38-44fb-bf82-c8f53b310d91"`, + `"id":"f2133873-44fb-9f38-bf82-c918f53b310d"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser + filter", + Method: http.MethodGet, + URL: "/api/logs?filter=data.status>200", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubLogsData(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":1`, + `"items":[{`, + `"id":"f2133873-44fb-9f38-bf82-c918f53b310d"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestLogView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/logs/873f2133-9f38-44fb-bf82-c8f53b310d91", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/logs/873f2133-9f38-44fb-bf82-c8f53b310d91", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (nonexisting request log)", + Method: http.MethodGet, + URL: "/api/logs/missing1-9f38-44fb-bf82-c8f53b310d91", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubLogsData(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (existing request log)", + Method: http.MethodGet, + URL: "/api/logs/873f2133-9f38-44fb-bf82-c8f53b310d91", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubLogsData(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"873f2133-9f38-44fb-bf82-c8f53b310d91"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestLogsStats(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/logs/stats", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/logs/stats", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/logs/stats", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubLogsData(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `[{"date":"2022-05-01 10:00:00.000Z","total":1},{"date":"2022-05-02 10:00:00.000Z","total":1}]`, + }, + }, + { + Name: "authorized as superuser + filter", + Method: http.MethodGet, + URL: "/api/logs/stats?filter=data.status>200", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubLogsData(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `[{"date":"2022-05-02 10:00:00.000Z","total":1}]`, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/middlewares.go b/apis/middlewares.go new file mode 100644 index 0000000..6f4424d --- /dev/null +++ b/apis/middlewares.go @@ -0,0 +1,444 @@ +package apis + +import ( + "errors" + "fmt" + "log/slog" + "net/http" + "net/url" + "runtime" + "slices" + "strings" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/spf13/cast" +) + +// Common request event store keys used by the middlewares and api handlers. +const ( + RequestEventKeyLogMeta = "pbLogMeta" // extra data to store with the request activity log + + requestEventKeyExecStart = "__execStart" // the value must be time.Time + requestEventKeySkipSuccessActivityLog = "__skipSuccessActivityLogger" // the value must be bool +) + +const ( + DefaultWWWRedirectMiddlewarePriority = -99999 + DefaultWWWRedirectMiddlewareId = "pbWWWRedirect" + + DefaultActivityLoggerMiddlewarePriority = DefaultRateLimitMiddlewarePriority - 40 + DefaultActivityLoggerMiddlewareId = "pbActivityLogger" + DefaultSkipSuccessActivityLogMiddlewareId = "pbSkipSuccessActivityLog" + DefaultEnableAuthIdActivityLog = "pbEnableAuthIdActivityLog" + + DefaultPanicRecoverMiddlewarePriority = DefaultRateLimitMiddlewarePriority - 30 + DefaultPanicRecoverMiddlewareId = "pbPanicRecover" + + DefaultLoadAuthTokenMiddlewarePriority = DefaultRateLimitMiddlewarePriority - 20 + DefaultLoadAuthTokenMiddlewareId = "pbLoadAuthToken" + + DefaultSecurityHeadersMiddlewarePriority = DefaultRateLimitMiddlewarePriority - 10 + DefaultSecurityHeadersMiddlewareId = "pbSecurityHeaders" + + DefaultRequireGuestOnlyMiddlewareId = "pbRequireGuestOnly" + DefaultRequireAuthMiddlewareId = "pbRequireAuth" + DefaultRequireSuperuserAuthMiddlewareId = "pbRequireSuperuserAuth" + DefaultRequireSuperuserOrOwnerAuthMiddlewareId = "pbRequireSuperuserOrOwnerAuth" + DefaultRequireSameCollectionContextAuthMiddlewareId = "pbRequireSameCollectionContextAuth" +) + +// RequireGuestOnly middleware requires a request to NOT have a valid +// Authorization header. +// +// This middleware is the opposite of [apis.RequireAuth()]. +func RequireGuestOnly() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRequireGuestOnlyMiddlewareId, + Func: func(e *core.RequestEvent) error { + if e.Auth != nil { + return router.NewBadRequestError("The request can be accessed only by guests.", nil) + } + + return e.Next() + }, + } +} + +// RequireAuth middleware requires a request to have a valid record Authorization header. +// +// The auth record could be from any collection. +// You can further filter the allowed record auth collections by specifying their names. +// +// Example: +// +// apis.RequireAuth() // any auth collection +// apis.RequireAuth("_superusers", "users") // only the listed auth collections +func RequireAuth(optCollectionNames ...string) *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRequireAuthMiddlewareId, + Func: requireAuth(optCollectionNames...), + } +} + +func requireAuth(optCollectionNames ...string) func(*core.RequestEvent) error { + return func(e *core.RequestEvent) error { + if e.Auth == nil { + return e.UnauthorizedError("The request requires valid record authorization token.", nil) + } + + // check record collection name + if len(optCollectionNames) > 0 && !slices.Contains(optCollectionNames, e.Auth.Collection().Name) { + return e.ForbiddenError("The authorized record is not allowed to perform this action.", nil) + } + + return e.Next() + } +} + +// RequireSuperuserAuth middleware requires a request to have +// a valid superuser Authorization header. +func RequireSuperuserAuth() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRequireSuperuserAuthMiddlewareId, + Func: requireAuth(core.CollectionNameSuperusers), + } +} + +// RequireSuperuserOrOwnerAuth middleware requires a request to have +// a valid superuser or regular record owner Authorization header set. +// +// This middleware is similar to [apis.RequireAuth()] but +// for the auth record token expects to have the same id as the path +// parameter ownerIdPathParam (default to "id" if empty). +func RequireSuperuserOrOwnerAuth(ownerIdPathParam string) *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRequireSuperuserOrOwnerAuthMiddlewareId, + Func: func(e *core.RequestEvent) error { + if e.Auth == nil { + return e.UnauthorizedError("The request requires superuser or record authorization token.", nil) + } + + if e.Auth.IsSuperuser() { + return e.Next() + } + + if ownerIdPathParam == "" { + ownerIdPathParam = "id" + } + ownerId := e.Request.PathValue(ownerIdPathParam) + + // note: it is considered "safe" to compare only the record id + // since the auth record ids are treated as unique across all auth collections + if e.Auth.Id != ownerId { + return e.ForbiddenError("You are not allowed to perform this request.", nil) + } + + return e.Next() + }, + } +} + +// RequireSameCollectionContextAuth middleware requires a request to have +// a valid record Authorization header and the auth record's collection to +// match the one from the route path parameter (default to "collection" if collectionParam is empty). +func RequireSameCollectionContextAuth(collectionPathParam string) *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRequireSameCollectionContextAuthMiddlewareId, + Func: func(e *core.RequestEvent) error { + if e.Auth == nil { + return e.UnauthorizedError("The request requires valid record authorization token.", nil) + } + + if collectionPathParam == "" { + collectionPathParam = "collection" + } + + collection, _ := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue(collectionPathParam)) + if collection == nil || e.Auth.Collection().Id != collection.Id { + return e.ForbiddenError(fmt.Sprintf("The request requires auth record from %s collection.", e.Auth.Collection().Name), nil) + } + + return e.Next() + }, + } +} + +// loadAuthToken attempts to load the auth context based on the "Authorization: TOKEN" header value. +// +// This middleware does nothing in case of: +// - missing, invalid or expired token +// - e.Auth is already loaded by another middleware +// +// This middleware is registered by default for all routes. +// +// Note: We don't throw an error on invalid or expired token to allow +// users to extend with their own custom handling in external middleware(s). +func loadAuthToken() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultLoadAuthTokenMiddlewareId, + Priority: DefaultLoadAuthTokenMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + // already loaded by another middleware + if e.Auth != nil { + return e.Next() + } + + token := getAuthTokenFromRequest(e) + if token == "" { + return e.Next() + } + + record, err := e.App.FindAuthRecordByToken(token, core.TokenTypeAuth) + if err != nil { + e.App.Logger().Debug("loadAuthToken failure", "error", err) + } else if record != nil { + e.Auth = record + } + + return e.Next() + }, + } +} + +func getAuthTokenFromRequest(e *core.RequestEvent) string { + token := e.Request.Header.Get("Authorization") + if token != "" { + // the schema prefix is not required and it is only for + // compatibility with the defaults of some HTTP clients + token = strings.TrimPrefix(token, "Bearer ") + } + return token +} + +// wwwRedirect performs www->non-www redirect(s) if the request host +// matches with one of the values in redirectHosts. +// +// This middleware is registered by default on Serve for all routes. +func wwwRedirect(redirectHosts []string) *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultWWWRedirectMiddlewareId, + Priority: DefaultWWWRedirectMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + host := e.Request.Host + + if strings.HasPrefix(host, "www.") && list.ExistInSlice(host, redirectHosts) { + // note: e.Request.URL.Scheme would be empty + schema := "http://" + if e.IsTLS() { + schema = "https://" + } + + return e.Redirect( + http.StatusTemporaryRedirect, + (schema + host[4:] + e.Request.RequestURI), + ) + } + + return e.Next() + }, + } +} + +// panicRecover returns a default panic-recover handler. +func panicRecover() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultPanicRecoverMiddlewareId, + Priority: DefaultPanicRecoverMiddlewarePriority, + Func: func(e *core.RequestEvent) (err error) { + // panic-recover + defer func() { + recoverResult := recover() + if recoverResult == nil { + return + } + + recoverErr, ok := recoverResult.(error) + if !ok { + recoverErr = fmt.Errorf("%v", recoverResult) + } else if errors.Is(recoverErr, http.ErrAbortHandler) { + // don't recover ErrAbortHandler so the response to the client can be aborted + panic(recoverResult) + } + + stack := make([]byte, 2<<10) // 2 KB + length := runtime.Stack(stack, true) + err = e.InternalServerError("", fmt.Errorf("[PANIC RECOVER] %w %s", recoverErr, stack[:length])) + }() + + err = e.Next() + + return err + }, + } +} + +// securityHeaders middleware adds common security headers to the response. +// +// This middleware is registered by default for all routes. +func securityHeaders() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultSecurityHeadersMiddlewareId, + Priority: DefaultSecurityHeadersMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + e.Response.Header().Set("X-XSS-Protection", "1; mode=block") + e.Response.Header().Set("X-Content-Type-Options", "nosniff") + e.Response.Header().Set("X-Frame-Options", "SAMEORIGIN") + + // @todo consider a default HSTS? + // (see also https://webkit.org/blog/8146/protecting-against-hsts-abuse/) + + return e.Next() + }, + } +} + +// SkipSuccessActivityLog is a helper middleware that instructs the global +// activity logger to log only requests that have failed/returned an error. +func SkipSuccessActivityLog() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultSkipSuccessActivityLogMiddlewareId, + Func: func(e *core.RequestEvent) error { + e.Set(requestEventKeySkipSuccessActivityLog, true) + return e.Next() + }, + } +} + +// activityLogger middleware takes care to save the request information +// into the logs database. +// +// This middleware is registered by default for all routes. +// +// The middleware does nothing if the app logs retention period is zero +// (aka. app.Settings().Logs.MaxDays = 0). +// +// Users can attach the [apis.SkipSuccessActivityLog()] middleware if +// you want to log only the failed requests. +func activityLogger() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultActivityLoggerMiddlewareId, + Priority: DefaultActivityLoggerMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + e.Set(requestEventKeyExecStart, time.Now()) + + err := e.Next() + + logRequest(e, err) + + return err + }, + } +} + +func logRequest(event *core.RequestEvent, err error) { + // no logs retention + if event.App.Settings().Logs.MaxDays == 0 { + return + } + + // the non-error route has explicitly disabled the activity logger + if err == nil && event.Get(requestEventKeySkipSuccessActivityLog) != nil { + return + } + + attrs := make([]any, 0, 15) + + attrs = append(attrs, slog.String("type", "request")) + + started := cast.ToTime(event.Get(requestEventKeyExecStart)) + if !started.IsZero() { + attrs = append(attrs, slog.Float64("execTime", float64(time.Since(started))/float64(time.Millisecond))) + } + + if meta := event.Get(RequestEventKeyLogMeta); meta != nil { + attrs = append(attrs, slog.Any("meta", meta)) + } + + status := event.Status() + method := cutStr(strings.ToUpper(event.Request.Method), 50) + requestUri := cutStr(event.Request.URL.RequestURI(), 3000) + + // parse the request error + if err != nil { + apiErr, isPlainApiError := err.(*router.ApiError) + if isPlainApiError || errors.As(err, &apiErr) { + // the status header wasn't written yet + if status == 0 { + status = apiErr.Status + } + + var errMsg string + if isPlainApiError { + errMsg = apiErr.Message + } else { + // wrapped ApiError -> add the full serialized version + // of the original error since it could contain more information + errMsg = err.Error() + } + + attrs = append( + attrs, + slog.String("error", errMsg), + slog.Any("details", apiErr.RawData()), + ) + } else { + attrs = append(attrs, slog.String("error", err.Error())) + } + } + + attrs = append( + attrs, + slog.String("url", requestUri), + slog.String("method", method), + slog.Int("status", status), + slog.String("referer", cutStr(event.Request.Referer(), 2000)), + slog.String("userAgent", cutStr(event.Request.UserAgent(), 2000)), + ) + + if event.Auth != nil { + attrs = append(attrs, slog.String("auth", event.Auth.Collection().Name)) + + if event.App.Settings().Logs.LogAuthId { + attrs = append(attrs, slog.String("authId", event.Auth.Id)) + } + } else { + attrs = append(attrs, slog.String("auth", "")) + } + + if event.App.Settings().Logs.LogIP { + attrs = append( + attrs, + slog.String("userIP", event.RealIP()), + slog.String("remoteIP", event.RemoteIP()), + ) + } + + // don't block on logs write + routine.FireAndForget(func() { + message := method + " " + + if escaped, unescapeErr := url.PathUnescape(requestUri); unescapeErr == nil { + message += escaped + } else { + message += requestUri + } + + if err != nil { + event.App.Logger().Error(message, attrs...) + } else { + event.App.Logger().Info(message, attrs...) + } + }) +} + +func cutStr(str string, max int) string { + if len(str) > max { + return str[:max] + "..." + } + return str +} diff --git a/apis/middlewares_body_limit.go b/apis/middlewares_body_limit.go new file mode 100644 index 0000000..3661a2e --- /dev/null +++ b/apis/middlewares_body_limit.go @@ -0,0 +1,120 @@ +package apis + +import ( + "io" + "net/http" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/router" +) + +var ErrRequestEntityTooLarge = router.NewApiError(http.StatusRequestEntityTooLarge, "Request entity too large", nil) + +const DefaultMaxBodySize int64 = 32 << 20 + +const ( + DefaultBodyLimitMiddlewareId = "pbBodyLimit" + DefaultBodyLimitMiddlewarePriority = DefaultRateLimitMiddlewarePriority + 10 +) + +// BodyLimit returns a middleware handler that changes the default request body size limit. +// +// If limitBytes <= 0, no limit is applied. +// +// Otherwise, if the request body size exceeds the configured limitBytes, +// it sends 413 error response. +func BodyLimit(limitBytes int64) *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultBodyLimitMiddlewareId, + Priority: DefaultBodyLimitMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + err := applyBodyLimit(e, limitBytes) + if err != nil { + return err + } + + return e.Next() + }, + } +} + +func dynamicCollectionBodyLimit(collectionPathParam string) *hook.Handler[*core.RequestEvent] { + if collectionPathParam == "" { + collectionPathParam = "collection" + } + + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultBodyLimitMiddlewareId, + Priority: DefaultBodyLimitMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue(collectionPathParam)) + if err != nil { + return e.NotFoundError("Missing or invalid collection context.", err) + } + + limitBytes := DefaultMaxBodySize + if !collection.IsView() { + for _, f := range collection.Fields { + if calc, ok := f.(core.MaxBodySizeCalculator); ok { + limitBytes += calc.CalculateMaxBodySize() + } + } + } + + err = applyBodyLimit(e, limitBytes) + if err != nil { + return err + } + + return e.Next() + }, + } +} + +func applyBodyLimit(e *core.RequestEvent, limitBytes int64) error { + // no limit + if limitBytes <= 0 { + return nil + } + + // optimistically check the submitted request content length + if e.Request.ContentLength > limitBytes { + return ErrRequestEntityTooLarge + } + + // replace the request body + // + // note: we don't use sync.Pool since the size of the elements could vary too much + // and it might not be efficient (see https://github.com/golang/go/issues/23199) + e.Request.Body = &limitedReader{ReadCloser: e.Request.Body, limit: limitBytes} + + return nil +} + +type limitedReader struct { + io.ReadCloser + limit int64 + totalRead int64 +} + +func (r *limitedReader) Read(b []byte) (int, error) { + n, err := r.ReadCloser.Read(b) + if err != nil { + return n, err + } + + r.totalRead += int64(n) + if r.totalRead > r.limit { + return n, ErrRequestEntityTooLarge + } + + return n, nil +} + +func (r *limitedReader) Reread() { + rr, ok := r.ReadCloser.(router.Rereader) + if ok { + rr.Reread() + } +} diff --git a/apis/middlewares_body_limit_test.go b/apis/middlewares_body_limit_test.go new file mode 100644 index 0000000..8e04e72 --- /dev/null +++ b/apis/middlewares_body_limit_test.go @@ -0,0 +1,60 @@ +package apis_test + +import ( + "bytes" + "fmt" + "net/http/httptest" + "testing" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestBodyLimitMiddleware(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + pbRouter, err := apis.NewRouter(app) + if err != nil { + t.Fatal(err) + } + pbRouter.POST("/a", func(e *core.RequestEvent) error { + return e.String(200, "a") + }) // default global BodyLimit check + + pbRouter.POST("/b", func(e *core.RequestEvent) error { + return e.String(200, "b") + }).Bind(apis.BodyLimit(20)) + + mux, err := pbRouter.BuildMux() + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + url string + size int64 + expectedStatus int + }{ + {"/a", 21, 200}, + {"/a", apis.DefaultMaxBodySize + 1, 413}, + {"/b", 20, 200}, + {"/b", 21, 413}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%s_%d", s.url, s.size), func(t *testing.T) { + rec := httptest.NewRecorder() + req := httptest.NewRequest("POST", s.url, bytes.NewReader(make([]byte, s.size))) + mux.ServeHTTP(rec, req) + + result := rec.Result() + defer result.Body.Close() + + if result.StatusCode != s.expectedStatus { + t.Fatalf("Expected response status %d, got %d", s.expectedStatus, result.StatusCode) + } + }) + } +} diff --git a/apis/middlewares_cors.go b/apis/middlewares_cors.go new file mode 100644 index 0000000..204586d --- /dev/null +++ b/apis/middlewares_cors.go @@ -0,0 +1,327 @@ +package apis + +// ------------------------------------------------------------------- +// This middleware is ported from echo/middleware to minimize the breaking +// changes and differences in the API behavior from earlier PocketBase versions +// (https://github.com/labstack/echo/blob/ec5b858dab6105ab4c3ed2627d1ebdfb6ae1ecb8/middleware/cors.go). +// +// I doubt that this would matter for most cases, but the only major difference +// is that for non-supported routes this middleware doesn't return 405 and fallbacks +// to the default catch-all PocketBase route (aka. returns 404) to avoid +// the extra overhead of further hijacking and wrapping the Go default mux +// (https://github.com/golang/go/issues/65648#issuecomment-1955328807). +// ------------------------------------------------------------------- + +import ( + "log" + "net/http" + "regexp" + "strconv" + "strings" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" +) + +const ( + DefaultCorsMiddlewareId = "pbCors" + DefaultCorsMiddlewarePriority = DefaultActivityLoggerMiddlewarePriority - 1 // before the activity logger and rate limit so that OPTIONS preflight requests are not counted +) + +// CORSConfig defines the config for CORS middleware. +type CORSConfig struct { + // AllowOrigins determines the value of the Access-Control-Allow-Origin + // response header. This header defines a list of origins that may access the + // resource. The wildcard characters '*' and '?' are supported and are + // converted to regex fragments '.*' and '.' accordingly. + // + // Security: use extreme caution when handling the origin, and carefully + // validate any logic. Remember that attackers may register hostile domain names. + // See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // + // Optional. Default value []string{"*"}. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin + AllowOrigins []string + + // AllowOriginFunc is a custom function to validate the origin. It takes the + // origin as an argument and returns true if allowed or false otherwise. If + // an error is returned, it is returned by the handler. If this option is + // set, AllowOrigins is ignored. + // + // Security: use extreme caution when handling the origin, and carefully + // validate any logic. Remember that attackers may register hostile domain names. + // See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // + // Optional. + AllowOriginFunc func(origin string) (bool, error) + + // AllowMethods determines the value of the Access-Control-Allow-Methods + // response header. This header specified the list of methods allowed when + // accessing the resource. This is used in response to a preflight request. + // + // Optional. Default value DefaultCORSConfig.AllowMethods. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods + AllowMethods []string + + // AllowHeaders determines the value of the Access-Control-Allow-Headers + // response header. This header is used in response to a preflight request to + // indicate which HTTP headers can be used when making the actual request. + // + // Optional. Default value []string{}. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers + AllowHeaders []string + + // AllowCredentials determines the value of the + // Access-Control-Allow-Credentials response header. This header indicates + // whether or not the response to the request can be exposed when the + // credentials mode (Request.credentials) is true. When used as part of a + // response to a preflight request, this indicates whether or not the actual + // request can be made using credentials. See also + // [MDN: Access-Control-Allow-Credentials]. + // + // Optional. Default value false, in which case the header is not set. + // + // Security: avoid using `AllowCredentials = true` with `AllowOrigins = *`. + // See "Exploiting CORS misconfigurations for Bitcoins and bounties", + // https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials + AllowCredentials bool + + // UnsafeWildcardOriginWithAllowCredentials UNSAFE/INSECURE: allows wildcard '*' origin to be used with AllowCredentials + // flag. In that case we consider any origin allowed and send it back to the client with `Access-Control-Allow-Origin` header. + // + // This is INSECURE and potentially leads to [cross-origin](https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties) + // attacks. See: https://github.com/labstack/echo/issues/2400 for discussion on the subject. + // + // Optional. Default value is false. + UnsafeWildcardOriginWithAllowCredentials bool + + // ExposeHeaders determines the value of Access-Control-Expose-Headers, which + // defines a list of headers that clients are allowed to access. + // + // Optional. Default value []string{}, in which case the header is not set. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Header + ExposeHeaders []string + + // MaxAge determines the value of the Access-Control-Max-Age response header. + // This header indicates how long (in seconds) the results of a preflight + // request can be cached. + // The header is set only if MaxAge != 0, negative value sends "0" which instructs browsers not to cache that response. + // + // Optional. Default value 0 - meaning header is not sent. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age + MaxAge int +} + +// DefaultCORSConfig is the default CORS middleware config. +var DefaultCORSConfig = CORSConfig{ + AllowOrigins: []string{"*"}, + AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete}, +} + +// CORS returns a CORS middleware. +func CORS(config CORSConfig) *hook.Handler[*core.RequestEvent] { + // Defaults + if len(config.AllowOrigins) == 0 { + config.AllowOrigins = DefaultCORSConfig.AllowOrigins + } + if len(config.AllowMethods) == 0 { + config.AllowMethods = DefaultCORSConfig.AllowMethods + } + + allowOriginPatterns := make([]*regexp.Regexp, 0, len(config.AllowOrigins)) + for _, origin := range config.AllowOrigins { + if origin == "*" { + continue // "*" is handled differently and does not need regexp + } + + pattern := regexp.QuoteMeta(origin) + pattern = strings.ReplaceAll(pattern, "\\*", ".*") + pattern = strings.ReplaceAll(pattern, "\\?", ".") + pattern = "^" + pattern + "$" + + re, err := regexp.Compile(pattern) + if err != nil { + // This is to preserve previous behaviour - invalid patterns were just ignored. + // If we would turn this to panic, users with invalid patterns + // would have applications crashing in production due unrecovered panic. + log.Println("invalid AllowOrigins pattern", origin) + continue + } + allowOriginPatterns = append(allowOriginPatterns, re) + } + + allowMethods := strings.Join(config.AllowMethods, ",") + allowHeaders := strings.Join(config.AllowHeaders, ",") + exposeHeaders := strings.Join(config.ExposeHeaders, ",") + + maxAge := "0" + if config.MaxAge > 0 { + maxAge = strconv.Itoa(config.MaxAge) + } + + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultCorsMiddlewareId, + Priority: DefaultCorsMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + req := e.Request + res := e.Response + origin := req.Header.Get("Origin") + allowOrigin := "" + + res.Header().Add("Vary", "Origin") + + // Preflight request is an OPTIONS request, using three HTTP request headers: Access-Control-Request-Method, + // Access-Control-Request-Headers, and the Origin header. See: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request + // For simplicity we just consider method type and later `Origin` header. + preflight := req.Method == http.MethodOptions + + // No Origin provided. This is (probably) not request from actual browser - proceed executing middleware chain + if origin == "" { + if !preflight { + return e.Next() + } + return e.NoContent(http.StatusNoContent) + } + + if config.AllowOriginFunc != nil { + allowed, err := config.AllowOriginFunc(origin) + if err != nil { + return err + } + if allowed { + allowOrigin = origin + } + } else { + // Check allowed origins + for _, o := range config.AllowOrigins { + if o == "*" && config.AllowCredentials && config.UnsafeWildcardOriginWithAllowCredentials { + allowOrigin = origin + break + } + if o == "*" || o == origin { + allowOrigin = o + break + } + if matchSubdomain(origin, o) { + allowOrigin = origin + break + } + } + + checkPatterns := false + if allowOrigin == "" { + // to avoid regex cost by invalid (long) domains (253 is domain name max limit) + if len(origin) <= (253+3+5) && strings.Contains(origin, "://") { + checkPatterns = true + } + } + if checkPatterns { + for _, re := range allowOriginPatterns { + if match := re.MatchString(origin); match { + allowOrigin = origin + break + } + } + } + } + + // Origin not allowed + if allowOrigin == "" { + if !preflight { + return e.Next() + } + return e.NoContent(http.StatusNoContent) + } + + res.Header().Set("Access-Control-Allow-Origin", allowOrigin) + if config.AllowCredentials { + res.Header().Set("Access-Control-Allow-Credentials", "true") + } + + // Simple request + if !preflight { + if exposeHeaders != "" { + res.Header().Set("Access-Control-Expose-Headers", exposeHeaders) + } + return e.Next() + } + + // Preflight request + res.Header().Add("Vary", "Access-Control-Request-Method") + res.Header().Add("Vary", "Access-Control-Request-Headers") + res.Header().Set("Access-Control-Allow-Methods", allowMethods) + + if allowHeaders != "" { + res.Header().Set("Access-Control-Allow-Headers", allowHeaders) + } else { + h := req.Header.Get("Access-Control-Request-Headers") + if h != "" { + res.Header().Set("Access-Control-Allow-Headers", h) + } + } + if config.MaxAge != 0 { + res.Header().Set("Access-Control-Max-Age", maxAge) + } + + return e.NoContent(http.StatusNoContent) + }, + } +} + +func matchScheme(domain, pattern string) bool { + didx := strings.Index(domain, ":") + pidx := strings.Index(pattern, ":") + return didx != -1 && pidx != -1 && domain[:didx] == pattern[:pidx] +} + +// matchSubdomain compares authority with wildcard +func matchSubdomain(domain, pattern string) bool { + if !matchScheme(domain, pattern) { + return false + } + + didx := strings.Index(domain, "://") + pidx := strings.Index(pattern, "://") + if didx == -1 || pidx == -1 { + return false + } + domAuth := domain[didx+3:] + // to avoid long loop by invalid long domain + if len(domAuth) > 253 { + return false + } + patAuth := pattern[pidx+3:] + + domComp := strings.Split(domAuth, ".") + patComp := strings.Split(patAuth, ".") + for i := len(domComp)/2 - 1; i >= 0; i-- { + opp := len(domComp) - 1 - i + domComp[i], domComp[opp] = domComp[opp], domComp[i] + } + for i := len(patComp)/2 - 1; i >= 0; i-- { + opp := len(patComp) - 1 - i + patComp[i], patComp[opp] = patComp[opp], patComp[i] + } + + for i, v := range domComp { + if len(patComp) <= i { + return false + } + p := patComp[i] + if p == "*" { + return true + } + if p != v { + return false + } + } + + return false +} diff --git a/apis/middlewares_gzip.go b/apis/middlewares_gzip.go new file mode 100644 index 0000000..91faf1a --- /dev/null +++ b/apis/middlewares_gzip.go @@ -0,0 +1,247 @@ +package apis + +// ------------------------------------------------------------------- +// This middleware is ported from echo/middleware to minimize the breaking +// changes and differences in the API behavior from earlier PocketBase versions +// (https://github.com/labstack/echo/blob/ec5b858dab6105ab4c3ed2627d1ebdfb6ae1ecb8/middleware/compress.go). +// ------------------------------------------------------------------- + +import ( + "bufio" + "bytes" + "compress/gzip" + "errors" + "io" + "net" + "net/http" + "strings" + "sync" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/router" +) + +const ( + gzipScheme = "gzip" +) + +const ( + DefaultGzipMiddlewareId = "pbGzip" +) + +// GzipConfig defines the config for Gzip middleware. +type GzipConfig struct { + // Gzip compression level. + // Optional. Default value -1. + Level int + + // Length threshold before gzip compression is applied. + // Optional. Default value 0. + // + // Most of the time you will not need to change the default. Compressing + // a short response might increase the transmitted data because of the + // gzip format overhead. Compressing the response will also consume CPU + // and time on the server and the client (for decompressing). Depending on + // your use case such a threshold might be useful. + // + // See also: + // https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits + MinLength int +} + +// Gzip returns a middleware which compresses HTTP response using Gzip compression scheme. +func Gzip() *hook.Handler[*core.RequestEvent] { + return GzipWithConfig(GzipConfig{}) +} + +// GzipWithConfig returns a middleware which compresses HTTP response using gzip compression scheme. +func GzipWithConfig(config GzipConfig) *hook.Handler[*core.RequestEvent] { + if config.Level < -2 || config.Level > 9 { // these are consts: gzip.HuffmanOnly and gzip.BestCompression + panic(errors.New("invalid gzip level")) + } + if config.Level == 0 { + config.Level = -1 + } + if config.MinLength < 0 { + config.MinLength = 0 + } + + pool := sync.Pool{ + New: func() interface{} { + w, err := gzip.NewWriterLevel(io.Discard, config.Level) + if err != nil { + return err + } + return w + }, + } + + bpool := sync.Pool{ + New: func() interface{} { + b := &bytes.Buffer{} + return b + }, + } + + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultGzipMiddlewareId, + Func: func(e *core.RequestEvent) error { + e.Response.Header().Add("Vary", "Accept-Encoding") + if strings.Contains(e.Request.Header.Get("Accept-Encoding"), gzipScheme) { + w, ok := pool.Get().(*gzip.Writer) + if !ok { + return e.InternalServerError("", errors.New("failed to get gzip.Writer")) + } + + rw := e.Response + w.Reset(rw) + + buf := bpool.Get().(*bytes.Buffer) + buf.Reset() + + grw := &gzipResponseWriter{Writer: w, ResponseWriter: rw, minLength: config.MinLength, buffer: buf} + defer func() { + // There are different reasons for cases when we have not yet written response to the client and now need to do so. + // a) handler response had only response code and no response body (ala 404 or redirects etc). Response code need to be written now. + // b) body is shorter than our minimum length threshold and being buffered currently and needs to be written + if !grw.wroteBody { + if rw.Header().Get("Content-Encoding") == gzipScheme { + rw.Header().Del("Content-Encoding") + } + if grw.wroteHeader { + rw.WriteHeader(grw.code) + } + // We have to reset response to it's pristine state when + // nothing is written to body or error is returned. + // See issue echo#424, echo#407. + e.Response = rw + w.Reset(io.Discard) + } else if !grw.minLengthExceeded { + // Write uncompressed response + e.Response = rw + if grw.wroteHeader { + rw.WriteHeader(grw.code) + } + grw.buffer.WriteTo(rw) + w.Reset(io.Discard) + } + w.Close() + bpool.Put(buf) + pool.Put(w) + }() + e.Response = grw + } + + return e.Next() + }, + } +} + +type gzipResponseWriter struct { + http.ResponseWriter + io.Writer + buffer *bytes.Buffer + minLength int + code int + wroteHeader bool + wroteBody bool + minLengthExceeded bool +} + +func (w *gzipResponseWriter) WriteHeader(code int) { + w.Header().Del("Content-Length") // Issue echo#444 + + w.wroteHeader = true + + // Delay writing of the header until we know if we'll actually compress the response + w.code = code +} + +func (w *gzipResponseWriter) Write(b []byte) (int, error) { + if w.Header().Get("Content-Type") == "" { + w.Header().Set("Content-Type", http.DetectContentType(b)) + } + + w.wroteBody = true + + if !w.minLengthExceeded { + n, err := w.buffer.Write(b) + + if w.buffer.Len() >= w.minLength { + w.minLengthExceeded = true + + // The minimum length is exceeded, add Content-Encoding header and write the header + w.Header().Set("Content-Encoding", gzipScheme) + if w.wroteHeader { + w.ResponseWriter.WriteHeader(w.code) + } + + return w.Writer.Write(w.buffer.Bytes()) + } + + return n, err + } + + return w.Writer.Write(b) +} + +func (w *gzipResponseWriter) Flush() { + if !w.minLengthExceeded { + // Enforce compression because we will not know how much more data will come + w.minLengthExceeded = true + w.Header().Set("Content-Encoding", gzipScheme) + if w.wroteHeader { + w.ResponseWriter.WriteHeader(w.code) + } + + _, _ = w.Writer.Write(w.buffer.Bytes()) + } + + _ = w.Writer.(*gzip.Writer).Flush() + + _ = http.NewResponseController(w.ResponseWriter).Flush() +} + +func (w *gzipResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { + return http.NewResponseController(w.ResponseWriter).Hijack() +} + +func (w *gzipResponseWriter) Push(target string, opts *http.PushOptions) error { + rw := w.ResponseWriter + for { + switch p := rw.(type) { + case http.Pusher: + return p.Push(target, opts) + case router.RWUnwrapper: + rw = p.Unwrap() + default: + return http.ErrNotSupported + } + } +} + +// Note: Disable the implementation for now because in case the platform +// supports the sendfile fast-path it won't run gzipResponseWriter.Write, +// preventing compression on the fly. +// +// func (w *gzipResponseWriter) ReadFrom(r io.Reader) (n int64, err error) { +// if w.wroteHeader { +// w.ResponseWriter.WriteHeader(w.code) +// } +// rw := w.ResponseWriter +// for { +// switch rf := rw.(type) { +// case io.ReaderFrom: +// return rf.ReadFrom(r) +// case router.RWUnwrapper: +// rw = rf.Unwrap() +// default: +// return io.Copy(w.ResponseWriter, r) +// } +// } +// } + +func (w *gzipResponseWriter) Unwrap() http.ResponseWriter { + return w.ResponseWriter +} diff --git a/apis/middlewares_rate_limit.go b/apis/middlewares_rate_limit.go new file mode 100644 index 0000000..886503d --- /dev/null +++ b/apis/middlewares_rate_limit.go @@ -0,0 +1,356 @@ +package apis + +import ( + "sync" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/store" +) + +const ( + DefaultRateLimitMiddlewareId = "pbRateLimit" + DefaultRateLimitMiddlewarePriority = -1000 +) + +const ( + rateLimitersStoreKey = "__pbRateLimiters__" + rateLimitersCronKey = "__pbRateLimitersCleanup__" + rateLimitersSettingsHookId = "__pbRateLimitersSettingsHook__" +) + +// rateLimit defines the global rate limit middleware. +// +// This middleware is registered by default for all routes. +func rateLimit() *hook.Handler[*core.RequestEvent] { + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRateLimitMiddlewareId, + Priority: DefaultRateLimitMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + if skipRateLimit(e) { + return e.Next() + } + + rule, ok := e.App.Settings().RateLimits.FindRateLimitRule( + defaultRateLimitLabels(e), + defaultRateLimitAudience(e)..., + ) + if ok { + err := checkRateLimit(e, rule.Label+rule.Audience, rule) + if err != nil { + return err + } + } + + return e.Next() + }, + } +} + +// collectionPathRateLimit defines a rate limit middleware for the internal collection handlers. +func collectionPathRateLimit(collectionPathParam string, baseTags ...string) *hook.Handler[*core.RequestEvent] { + if collectionPathParam == "" { + collectionPathParam = "collection" + } + + return &hook.Handler[*core.RequestEvent]{ + Id: DefaultRateLimitMiddlewareId, + Priority: DefaultRateLimitMiddlewarePriority, + Func: func(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue(collectionPathParam)) + if err != nil { + return e.NotFoundError("Missing or invalid collection context.", err) + } + + if err := checkCollectionRateLimit(e, collection, baseTags...); err != nil { + return err + } + + return e.Next() + }, + } +} + +// checkCollectionRateLimit checks whether the current request satisfy the +// rate limit configuration for the specific collection. +// +// Each baseTags entry will be prefixed with the collection name and its wildcard variant. +func checkCollectionRateLimit(e *core.RequestEvent, collection *core.Collection, baseTags ...string) error { + if skipRateLimit(e) { + return nil + } + + labels := make([]string, 0, 2+len(baseTags)*2) + + rtId := collection.Id + e.Request.Pattern + + // add first the primary labels (aka. ["collectionName:action1", "collectionName:action2"]) + for _, baseTag := range baseTags { + rtId += baseTag + labels = append(labels, collection.Name+":"+baseTag) + } + + // add the wildcard labels (aka. [..., "*:action1","*:action2", "*"]) + for _, baseTag := range baseTags { + labels = append(labels, "*:"+baseTag) + } + labels = append(labels, defaultRateLimitLabels(e)...) + + rule, ok := e.App.Settings().RateLimits.FindRateLimitRule(labels, defaultRateLimitAudience(e)...) + if ok { + return checkRateLimit(e, rtId+rule.Audience, rule) + } + + return nil +} + +// ------------------------------------------------------------------- + +// @todo consider exporting as helper? +// +//nolint:unused +func isClientRateLimited(e *core.RequestEvent, rtId string) bool { + rateLimiters, ok := e.App.Store().Get(rateLimitersStoreKey).(*store.Store[string, *rateLimiter]) + if !ok || rateLimiters == nil { + return false + } + + rt, ok := rateLimiters.GetOk(rtId) + if !ok || rt == nil { + return false + } + + client, ok := rt.getClient(e.RealIP()) + if !ok || client == nil { + return false + } + + return client.available <= 0 && time.Now().Unix()-client.lastConsume < client.interval +} + +// @todo consider exporting as helper? +func checkRateLimit(e *core.RequestEvent, rtId string, rule core.RateLimitRule) error { + switch rule.Audience { + case core.RateLimitRuleAudienceAll: + // valid for both guest and regular users + case core.RateLimitRuleAudienceGuest: + if e.Auth != nil { + return nil + } + case core.RateLimitRuleAudienceAuth: + if e.Auth == nil { + return nil + } + } + + rateLimiters := e.App.Store().GetOrSet(rateLimitersStoreKey, func() any { + return initRateLimitersStore(e.App) + }).(*store.Store[string, *rateLimiter]) + if rateLimiters == nil { + e.App.Logger().Warn("Failed to retrieve app rate limiters store") + return nil + } + + rt := rateLimiters.GetOrSet(rtId, func() *rateLimiter { + return newRateLimiter(rule.MaxRequests, rule.Duration, rule.Duration+1800) + }) + if rt == nil { + e.App.Logger().Warn("Failed to retrieve app rate limiter", "id", rtId) + return nil + } + + key := e.RealIP() + if key == "" { + e.App.Logger().Warn("Empty rate limit client key") + return nil + } + + if !rt.isAllowed(key) { + return e.TooManyRequestsError("", nil) + } + + return nil +} + +func skipRateLimit(e *core.RequestEvent) bool { + return !e.App.Settings().RateLimits.Enabled || e.HasSuperuserAuth() +} + +var defaultAuthAudience = []string{core.RateLimitRuleAudienceAll, core.RateLimitRuleAudienceAuth} +var defaultGuestAudience = []string{core.RateLimitRuleAudienceAll, core.RateLimitRuleAudienceGuest} + +func defaultRateLimitAudience(e *core.RequestEvent) []string { + if e.Auth != nil { + return defaultAuthAudience + } + + return defaultGuestAudience +} + +func defaultRateLimitLabels(e *core.RequestEvent) []string { + return []string{e.Request.Method + " " + e.Request.URL.Path, e.Request.URL.Path} +} + +func destroyRateLimitersStore(app core.App) { + app.OnSettingsReload().Unbind(rateLimitersSettingsHookId) + app.Cron().Remove(rateLimitersCronKey) + app.Store().Remove(rateLimitersStoreKey) +} + +func initRateLimitersStore(app core.App) *store.Store[string, *rateLimiter] { + app.Cron().Add(rateLimitersCronKey, "2 * * * *", func() { // offset a little since too many cleanup tasks execute at 00 + limitersStore, ok := app.Store().Get(rateLimitersStoreKey).(*store.Store[string, *rateLimiter]) + if !ok { + return + } + limiters := limitersStore.GetAll() + for _, limiter := range limiters { + limiter.clean() + } + }) + + app.OnSettingsReload().Bind(&hook.Handler[*core.SettingsReloadEvent]{ + Id: rateLimitersSettingsHookId, + Func: func(e *core.SettingsReloadEvent) error { + err := e.Next() + if err != nil { + return err + } + + // reset + destroyRateLimitersStore(e.App) + + return nil + }, + }) + + return store.New[string, *rateLimiter](nil) +} + +func newRateLimiter(maxAllowed int, intervalInSec int64, minDeleteIntervalInSec int64) *rateLimiter { + return &rateLimiter{ + maxAllowed: maxAllowed, + interval: intervalInSec, + minDeleteInterval: minDeleteIntervalInSec, + clients: map[string]*fixedWindow{}, + } +} + +type rateLimiter struct { + clients map[string]*fixedWindow + + maxAllowed int + interval int64 + minDeleteInterval int64 + totalDeleted int64 + + sync.RWMutex +} + +//nolint:unused +func (rt *rateLimiter) getClient(key string) (*fixedWindow, bool) { + rt.RLock() + client, ok := rt.clients[key] + rt.RUnlock() + + return client, ok +} + +func (rt *rateLimiter) isAllowed(key string) bool { + // lock only reads to minimize locks contention + rt.RLock() + client, ok := rt.clients[key] + rt.RUnlock() + + if !ok { + rt.Lock() + // check again in case the client was added by another request + client, ok = rt.clients[key] + if !ok { + client = newFixedWindow(rt.maxAllowed, rt.interval) + rt.clients[key] = client + } + rt.Unlock() + } + + return client.consume() +} + +func (rt *rateLimiter) clean() { + rt.Lock() + defer rt.Unlock() + + nowUnix := time.Now().Unix() + + for k, client := range rt.clients { + if client.hasExpired(nowUnix, rt.minDeleteInterval) { + delete(rt.clients, k) + rt.totalDeleted++ + } + } + + // "shrink" the map if too may items were deleted + // + // @todo remove after https://github.com/golang/go/issues/20135 + if rt.totalDeleted >= 300 { + shrunk := make(map[string]*fixedWindow, len(rt.clients)) + for k, v := range rt.clients { + shrunk[k] = v + } + rt.clients = shrunk + rt.totalDeleted = 0 + } +} + +func newFixedWindow(maxAllowed int, intervalInSec int64) *fixedWindow { + return &fixedWindow{ + maxAllowed: maxAllowed, + interval: intervalInSec, + } +} + +type fixedWindow struct { + // use plain Mutex instead of RWMutex since the operations are expected + // to be mostly writes (e.g. consume()) and it should perform better + sync.Mutex + + maxAllowed int // the max allowed tokens per interval + available int // the total available tokens + interval int64 // in seconds + lastConsume int64 // the time of the last consume +} + +// hasExpired checks whether it has been at least minElapsed seconds since the lastConsume time. +// (usually used to perform periodic cleanup of staled instances). +func (l *fixedWindow) hasExpired(relativeNow int64, minElapsed int64) bool { + l.Lock() + defer l.Unlock() + + return relativeNow-l.lastConsume > minElapsed +} + +// consume decrease the current window allowance with 1 (if not exhausted already). +// +// It returns false if the allowance has been already exhausted and the user +// has to wait until it resets back to its maxAllowed value. +func (l *fixedWindow) consume() bool { + l.Lock() + defer l.Unlock() + + nowUnix := time.Now().Unix() + + // reset consumed counter + if nowUnix-l.lastConsume >= l.interval { + l.available = l.maxAllowed + } + + if l.available > 0 { + l.available-- + l.lastConsume = nowUnix + + return true + } + + return false +} diff --git a/apis/middlewares_rate_limit_test.go b/apis/middlewares_rate_limit_test.go new file mode 100644 index 0000000..bbcb985 --- /dev/null +++ b/apis/middlewares_rate_limit_test.go @@ -0,0 +1,159 @@ +package apis_test + +import ( + "net/http/httptest" + "testing" + "time" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestDefaultRateLimitMiddleware(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + { + Label: "/rate/", + MaxRequests: 2, + Duration: 1, + }, + { + Label: "/rate/b", + MaxRequests: 3, + Duration: 1, + }, + { + Label: "POST /rate/b", + MaxRequests: 1, + Duration: 1, + }, + { + Label: "/rate/guest", + MaxRequests: 1, + Duration: 1, + Audience: core.RateLimitRuleAudienceGuest, + }, + { + Label: "/rate/auth", + MaxRequests: 1, + Duration: 1, + Audience: core.RateLimitRuleAudienceAuth, + }, + } + + pbRouter, err := apis.NewRouter(app) + if err != nil { + t.Fatal(err) + } + pbRouter.GET("/norate", func(e *core.RequestEvent) error { + return e.String(200, "norate") + }).BindFunc(func(e *core.RequestEvent) error { + return e.Next() + }) + pbRouter.GET("/rate/a", func(e *core.RequestEvent) error { + return e.String(200, "a") + }) + pbRouter.GET("/rate/b", func(e *core.RequestEvent) error { + return e.String(200, "b") + }) + pbRouter.GET("/rate/guest", func(e *core.RequestEvent) error { + return e.String(200, "guest") + }) + pbRouter.GET("/rate/auth", func(e *core.RequestEvent) error { + return e.String(200, "auth") + }) + + mux, err := pbRouter.BuildMux() + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + url string + wait float64 + authenticated bool + expectedStatus int + }{ + {"/norate", 0, false, 200}, + {"/norate", 0, false, 200}, + {"/norate", 0, false, 200}, + {"/norate", 0, false, 200}, + {"/norate", 0, false, 200}, + + {"/rate/a", 0, false, 200}, + {"/rate/a", 0, false, 200}, + {"/rate/a", 0, false, 429}, + {"/rate/a", 0, false, 429}, + {"/rate/a", 1.1, false, 200}, + {"/rate/a", 0, false, 200}, + {"/rate/a", 0, false, 429}, + + {"/rate/b", 0, false, 200}, + {"/rate/b", 0, false, 200}, + {"/rate/b", 0, false, 200}, + {"/rate/b", 0, false, 429}, + {"/rate/b", 1.1, false, 200}, + {"/rate/b", 0, false, 200}, + {"/rate/b", 0, false, 200}, + {"/rate/b", 0, false, 429}, + + // "auth" with guest (should fallback to the /rate/ rule) + {"/rate/auth", 0, false, 200}, + {"/rate/auth", 0, false, 200}, + {"/rate/auth", 0, false, 429}, + {"/rate/auth", 0, false, 429}, + + // "auth" rule with regular user (should match the /rate/auth rule) + {"/rate/auth", 0, true, 200}, + {"/rate/auth", 0, true, 429}, + {"/rate/auth", 0, true, 429}, + + // "guest" with guest (should match the /rate/guest rule) + {"/rate/guest", 0, false, 200}, + {"/rate/guest", 0, false, 429}, + {"/rate/guest", 0, false, 429}, + + // "guest" rule with regular user (should fallback to the /rate/ rule) + {"/rate/guest", 1, true, 200}, + {"/rate/guest", 0, true, 200}, + {"/rate/guest", 0, true, 429}, + {"/rate/guest", 0, true, 429}, + } + + for _, s := range scenarios { + t.Run(s.url, func(t *testing.T) { + if s.wait > 0 { + time.Sleep(time.Duration(s.wait) * time.Second) + } + + rec := httptest.NewRecorder() + req := httptest.NewRequest("GET", s.url, nil) + + if s.authenticated { + auth, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + token, err := auth.NewAuthToken() + if err != nil { + t.Fatal(err) + } + + req.Header.Add("Authorization", token) + } + + mux.ServeHTTP(rec, req) + + result := rec.Result() + + if result.StatusCode != s.expectedStatus { + t.Fatalf("Expected response status %d, got %d", s.expectedStatus, result.StatusCode) + } + }) + } +} diff --git a/apis/middlewares_test.go b/apis/middlewares_test.go new file mode 100644 index 0000000..d28c136 --- /dev/null +++ b/apis/middlewares_test.go @@ -0,0 +1,539 @@ +package apis_test + +import ( + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestPanicRecover(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "panic from route", + Method: http.MethodGet, + URL: "/my/test", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + panic("123") + }) + }, + ExpectedStatus: 500, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "panic from middleware", + Method: http.MethodGet, + URL: "/my/test", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(http.StatusOK, "test") + }).BindFunc(func(e *core.RequestEvent) error { + panic(123) + }) + }, + ExpectedStatus: 500, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRequireGuestOnly(t *testing.T) { + t.Parallel() + + beforeTestFunc := func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireGuestOnly()) + } + + scenarios := []tests.ApiScenario{ + { + Name: "valid regular user token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: beforeTestFunc, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid superuser auth token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: beforeTestFunc, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired/invalid token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoxNjQwOTkxNjYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.2D3tmqPn3vc5LoqqCz8V-iCDVXo9soYiH0d32G7FQT4", + }, + BeforeTestFunc: beforeTestFunc, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "guest", + Method: http.MethodGet, + URL: "/my/test", + BeforeTestFunc: beforeTestFunc, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRequireAuth(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/my/test", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth()) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoxNjQwOTkxNjYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.2D3tmqPn3vc5LoqqCz8V-iCDVXo9soYiH0d32G7FQT4", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth()) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6ImZpbGUiLCJjb2xsZWN0aW9uSWQiOiJwYmNfMzE0MjYzNTgyMyJ9.Lupz541xRvrktwkrl55p5pPCF77T69ZRsohsIcb2dxc", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth()) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token with no collection restrictions", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + // regular user + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth()) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + { + Name: "valid record static auth token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + // regular user + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6ZmFsc2V9.4IsO6YMsR19crhwl_YWzvRH8pfq2Ri4Gv2dzGyneLak", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth()) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + { + Name: "valid record auth token with collection not in the restricted list", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + // superuser + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth("users", "demo1")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token with collection in the restricted list", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + // superuser + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireAuth("users", core.CollectionNameSuperusers)) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRequireSuperuserAuth(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/my/test", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserAuth()) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired/invalid token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjE2NDA5OTE2NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.0pDcBPGDpL2Khh76ivlRi7ugiLBSYvasct3qpHV3rfs", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserAuth()) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid regular user auth token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserAuth()) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid superuser auth token", + Method: http.MethodGet, + URL: "/my/test", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserAuth()) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRequireSuperuserOrOwnerAuth(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/my/test/4q1xlclmfloku33", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("")) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired/invalid token", + Method: http.MethodGet, + URL: "/my/test/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjE2NDA5OTE2NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.0pDcBPGDpL2Khh76ivlRi7ugiLBSYvasct3qpHV3rfs", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("")) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token (different user)", + Method: http.MethodGet, + URL: "/my/test/oap640cot4yru2s", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token (owner)", + Method: http.MethodGet, + URL: "/my/test/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("")) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + { + Name: "valid record auth token (owner + non-matching custom owner param)", + Method: http.MethodGet, + URL: "/my/test/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("test")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token (owner + matching custom owner param)", + Method: http.MethodGet, + URL: "/my/test/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{test}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("test")) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + { + Name: "valid superuser auth token", + Method: http.MethodGet, + URL: "/my/test/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("")) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRequireSameCollectionContextAuth(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/my/test/_pb_users_auth_", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{collection}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSameCollectionContextAuth("")) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired/invalid token", + Method: http.MethodGet, + URL: "/my/test/_pb_users_auth_", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoxNjQwOTkxNjYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.2D3tmqPn3vc5LoqqCz8V-iCDVXo9soYiH0d32G7FQT4", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{collection}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSameCollectionContextAuth("")) + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token (different collection)", + Method: http.MethodGet, + URL: "/my/test/clients", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{collection}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSameCollectionContextAuth("")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token (same collection)", + Method: http.MethodGet, + URL: "/my/test/_pb_users_auth_", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{collection}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSameCollectionContextAuth("")) + }, + ExpectedStatus: 200, + ExpectedContent: []string{"test123"}, + }, + { + Name: "valid record auth token (non-matching/missing collection param)", + Method: http.MethodGet, + URL: "/my/test/_pb_users_auth_", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{id}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid record auth token (matching custom collection param)", + Method: http.MethodGet, + URL: "/my/test/_pb_users_auth_", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{test}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSuperuserOrOwnerAuth("test")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superuser no exception check", + Method: http.MethodGet, + URL: "/my/test/_pb_users_auth_", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + e.Router.GET("/my/test/{collection}", func(e *core.RequestEvent) error { + return e.String(200, "test123") + }).Bind(apis.RequireSameCollectionContextAuth("")) + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/realtime.go b/apis/realtime.go new file mode 100644 index 0000000..0b68317 --- /dev/null +++ b/apis/realtime.go @@ -0,0 +1,777 @@ +package apis + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "log/slog" + "net/http" + "strings" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/picker" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/subscriptions" + "golang.org/x/sync/errgroup" +) + +// note: the chunk size is arbitrary chosen and may change in the future +const clientsChunkSize = 150 + +// RealtimeClientAuthKey is the name of the realtime client store key that holds its auth state. +const RealtimeClientAuthKey = "auth" + +// bindRealtimeApi registers the realtime api endpoints. +func bindRealtimeApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + sub := rg.Group("/realtime") + sub.GET("", realtimeConnect).Bind(SkipSuccessActivityLog()) + sub.POST("", realtimeSetSubscriptions) + + bindRealtimeEvents(app) +} + +func realtimeConnect(e *core.RequestEvent) error { + // disable global write deadline for the SSE connection + rc := http.NewResponseController(e.Response) + writeDeadlineErr := rc.SetWriteDeadline(time.Time{}) + if writeDeadlineErr != nil { + if !errors.Is(writeDeadlineErr, http.ErrNotSupported) { + return e.InternalServerError("Failed to initialize SSE connection.", writeDeadlineErr) + } + + // only log since there are valid cases where it may not be implement (e.g. httptest.ResponseRecorder) + e.App.Logger().Warn("SetWriteDeadline is not supported, fallback to the default server WriteTimeout") + } + + // create cancellable request + cancelCtx, cancelRequest := context.WithCancel(e.Request.Context()) + defer cancelRequest() + e.Request = e.Request.Clone(cancelCtx) + + e.Response.Header().Set("Content-Type", "text/event-stream") + e.Response.Header().Set("Cache-Control", "no-store") + // https://github.com/pocketbase/pocketbase/discussions/480#discussioncomment-3657640 + // https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering + e.Response.Header().Set("X-Accel-Buffering", "no") + + connectEvent := new(core.RealtimeConnectRequestEvent) + connectEvent.RequestEvent = e + connectEvent.Client = subscriptions.NewDefaultClient() + connectEvent.IdleTimeout = 5 * time.Minute + + return e.App.OnRealtimeConnectRequest().Trigger(connectEvent, func(ce *core.RealtimeConnectRequestEvent) error { + // register new subscription client + ce.App.SubscriptionsBroker().Register(ce.Client) + defer func() { + e.App.SubscriptionsBroker().Unregister(ce.Client.Id()) + }() + + ce.App.Logger().Debug("Realtime connection established.", slog.String("clientId", ce.Client.Id())) + + // signalize established connection (aka. fire "connect" message) + connectMsgEvent := new(core.RealtimeMessageEvent) + connectMsgEvent.RequestEvent = ce.RequestEvent + connectMsgEvent.Client = ce.Client + connectMsgEvent.Message = &subscriptions.Message{ + Name: "PB_CONNECT", + Data: []byte(`{"clientId":"` + ce.Client.Id() + `"}`), + } + connectMsgErr := ce.App.OnRealtimeMessageSend().Trigger(connectMsgEvent, func(me *core.RealtimeMessageEvent) error { + err := me.Message.WriteSSE(me.Response, me.Client.Id()) + if err != nil { + return err + } + return me.Flush() + }) + if connectMsgErr != nil { + ce.App.Logger().Debug( + "Realtime connection closed (failed to deliver PB_CONNECT)", + slog.String("clientId", ce.Client.Id()), + slog.String("error", connectMsgErr.Error()), + ) + return nil + } + + // start an idle timer to keep track of inactive/forgotten connections + idleTimer := time.NewTimer(ce.IdleTimeout) + defer idleTimer.Stop() + + for { + select { + case <-idleTimer.C: + cancelRequest() + case msg, ok := <-ce.Client.Channel(): + if !ok { + // channel is closed + ce.App.Logger().Debug( + "Realtime connection closed (closed channel)", + slog.String("clientId", ce.Client.Id()), + ) + return nil + } + + msgEvent := new(core.RealtimeMessageEvent) + msgEvent.RequestEvent = ce.RequestEvent + msgEvent.Client = ce.Client + msgEvent.Message = &msg + msgErr := ce.App.OnRealtimeMessageSend().Trigger(msgEvent, func(me *core.RealtimeMessageEvent) error { + err := me.Message.WriteSSE(me.Response, me.Client.Id()) + if err != nil { + return err + } + return me.Flush() + }) + if msgErr != nil { + ce.App.Logger().Debug( + "Realtime connection closed (failed to deliver message)", + slog.String("clientId", ce.Client.Id()), + slog.String("error", msgErr.Error()), + ) + return nil + } + + idleTimer.Stop() + idleTimer.Reset(ce.IdleTimeout) + case <-ce.Request.Context().Done(): + // connection is closed + ce.App.Logger().Debug( + "Realtime connection closed (cancelled request)", + slog.String("clientId", ce.Client.Id()), + ) + return nil + } + } + }) +} + +type realtimeSubscribeForm struct { + ClientId string `form:"clientId" json:"clientId"` + Subscriptions []string `form:"subscriptions" json:"subscriptions"` +} + +func (form *realtimeSubscribeForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.ClientId, validation.Required, validation.Length(1, 255)), + validation.Field(&form.Subscriptions, + validation.Length(0, 1000), + validation.Each(validation.Length(0, 2500)), + ), + ) +} + +// note: in case of reconnect, clients will have to resubmit all subscriptions again +func realtimeSetSubscriptions(e *core.RequestEvent) error { + form := new(realtimeSubscribeForm) + + err := e.BindBody(form) + if err != nil { + return e.BadRequestError("", err) + } + + err = form.validate() + if err != nil { + return e.BadRequestError("", err) + } + + // find subscription client + client, err := e.App.SubscriptionsBroker().ClientById(form.ClientId) + if err != nil { + return e.NotFoundError("Missing or invalid client id.", err) + } + + // for now allow only guest->auth upgrades and any other auth change is forbidden + clientAuth, _ := client.Get(RealtimeClientAuthKey).(*core.Record) + if clientAuth != nil && !isSameAuth(clientAuth, e.Auth) { + return e.ForbiddenError("The current and the previous request authorization don't match.", nil) + } + + event := new(core.RealtimeSubscribeRequestEvent) + event.RequestEvent = e + event.Client = client + event.Subscriptions = form.Subscriptions + + return e.App.OnRealtimeSubscribeRequest().Trigger(event, func(e *core.RealtimeSubscribeRequestEvent) error { + // update auth state + e.Client.Set(RealtimeClientAuthKey, e.Auth) + + // unsubscribe from any previous existing subscriptions + e.Client.Unsubscribe() + + // subscribe to the new subscriptions + e.Client.Subscribe(e.Subscriptions...) + + e.App.Logger().Debug( + "Realtime subscriptions updated.", + slog.String("clientId", e.Client.Id()), + slog.Any("subscriptions", e.Subscriptions), + ) + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// updateClientsAuth updates the existing clients auth record with the new one (matched by ID). +func realtimeUpdateClientsAuth(app core.App, newAuthRecord *core.Record) error { + chunks := app.SubscriptionsBroker().ChunkedClients(clientsChunkSize) + + group := new(errgroup.Group) + + for _, chunk := range chunks { + group.Go(func() error { + for _, client := range chunk { + clientAuth, _ := client.Get(RealtimeClientAuthKey).(*core.Record) + if clientAuth != nil && + clientAuth.Id == newAuthRecord.Id && + clientAuth.Collection().Name == newAuthRecord.Collection().Name { + client.Set(RealtimeClientAuthKey, newAuthRecord) + } + } + + return nil + }) + } + + return group.Wait() +} + +// realtimeUnsetClientsAuthState unsets the auth state of all clients that have the provided auth model. +func realtimeUnsetClientsAuthState(app core.App, authModel core.Model) error { + chunks := app.SubscriptionsBroker().ChunkedClients(clientsChunkSize) + + group := new(errgroup.Group) + + for _, chunk := range chunks { + group.Go(func() error { + for _, client := range chunk { + clientAuth, _ := client.Get(RealtimeClientAuthKey).(*core.Record) + if clientAuth != nil && + clientAuth.Id == authModel.PK() && + clientAuth.Collection().Name == authModel.TableName() { + client.Unset(RealtimeClientAuthKey) + } + } + + return nil + }) + } + + return group.Wait() +} + +func bindRealtimeEvents(app core.App) { + // update the clients that has auth record association + app.OnModelAfterUpdateSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + authRecord := realtimeResolveRecord(e.App, e.Model, core.CollectionTypeAuth) + if authRecord != nil { + if err := realtimeUpdateClientsAuth(e.App, authRecord); err != nil { + app.Logger().Warn( + "Failed to update client(s) associated to the updated auth record", + slog.Any("id", authRecord.Id), + slog.String("collectionName", authRecord.Collection().Name), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: -99, + }) + + // remove the client(s) associated to the deleted auth model + // (note: works also with custom model for backward compatibility) + app.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + collection := realtimeResolveRecordCollection(e.App, e.Model) + if collection != nil && collection.IsAuth() { + if err := realtimeUnsetClientsAuthState(e.App, e.Model); err != nil { + app.Logger().Warn( + "Failed to remove client(s) associated to the deleted auth model", + slog.Any("id", e.Model.PK()), + slog.String("collectionName", e.Model.TableName()), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: -99, + }) + + app.OnModelAfterCreateSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + record := realtimeResolveRecord(e.App, e.Model, "") + if record != nil { + err := realtimeBroadcastRecord(e.App, "create", record, false) + if err != nil { + app.Logger().Debug( + "Failed to broadcast record create", + slog.String("id", record.Id), + slog.String("collectionName", record.Collection().Name), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: -99, + }) + + app.OnModelAfterUpdateSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + record := realtimeResolveRecord(e.App, e.Model, "") + if record != nil { + err := realtimeBroadcastRecord(e.App, "update", record, false) + if err != nil { + app.Logger().Debug( + "Failed to broadcast record update", + slog.String("id", record.Id), + slog.String("collectionName", record.Collection().Name), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: -99, + }) + + // delete: dry cache + app.OnModelDelete().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + record := realtimeResolveRecord(e.App, e.Model, "") + if record != nil { + // note: use the outside scoped app instance for the access checks so that the API rules + // are performed out of the delete transaction ensuring that they would still work even if + // a cascade-deleted record's API rule relies on an already deleted parent record + err := realtimeBroadcastRecord(e.App, "delete", record, true, app) + if err != nil { + app.Logger().Debug( + "Failed to dry cache record delete", + slog.String("id", record.Id), + slog.String("collectionName", record.Collection().Name), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: 99, // execute as later as possible + }) + + // delete: broadcast + app.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + // note: only ensure that it is a collection record + // and don't use realtimeResolveRecord because in case of a + // custom model it'll fail to resolve since the record is already deleted + collection := realtimeResolveRecordCollection(e.App, e.Model) + if collection != nil { + err := realtimeBroadcastDryCacheKey(e.App, getDryCacheKey("delete", e.Model)) + if err != nil { + app.Logger().Debug( + "Failed to broadcast record delete", + slog.Any("id", e.Model.PK()), + slog.String("collectionName", collection.Name), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: -99, + }) + + // delete: failure + app.OnModelAfterDeleteError().Bind(&hook.Handler[*core.ModelErrorEvent]{ + Func: func(e *core.ModelErrorEvent) error { + record := realtimeResolveRecord(e.App, e.Model, "") + if record != nil { + err := realtimeUnsetDryCacheKey(e.App, getDryCacheKey("delete", record)) + if err != nil { + app.Logger().Debug( + "Failed to cleanup after broadcast record delete failure", + slog.String("id", record.Id), + slog.String("collectionName", record.Collection().Name), + slog.String("error", err.Error()), + ) + } + } + + return e.Next() + }, + Priority: -99, + }) +} + +// resolveRecord converts *if possible* the provided model interface to a Record. +// This is usually helpful if the provided model is a custom Record model struct. +func realtimeResolveRecord(app core.App, model core.Model, optCollectionType string) *core.Record { + var record *core.Record + switch m := model.(type) { + case *core.Record: + record = m + case core.RecordProxy: + record = m.ProxyRecord() + } + + if record != nil { + if optCollectionType == "" || record.Collection().Type == optCollectionType { + return record + } + return nil + } + + tblName := model.TableName() + + // skip Log model checks + if tblName == core.LogsTableName { + return nil + } + + // check if it is custom Record model struct + collection, _ := app.FindCachedCollectionByNameOrId(tblName) + if collection != nil && (optCollectionType == "" || collection.Type == optCollectionType) { + if id, ok := model.PK().(string); ok { + record, _ = app.FindRecordById(collection, id) + } + } + + return record +} + +// realtimeResolveRecordCollection extracts *if possible* the Collection model from the provided model interface. +// This is usually helpful if the provided model is a custom Record model struct. +func realtimeResolveRecordCollection(app core.App, model core.Model) (collection *core.Collection) { + switch m := model.(type) { + case *core.Record: + return m.Collection() + case core.RecordProxy: + return m.ProxyRecord().Collection() + default: + // check if it is custom Record model struct + collection, err := app.FindCachedCollectionByNameOrId(model.TableName()) + if err == nil { + return collection + } + } + + return nil +} + +// recordData represents the broadcasted record subscrition message data. +type recordData struct { + Record any `json:"record"` /* map or core.Record */ + Action string `json:"action"` +} + +// Note: the optAccessCheckApp is there in case you want the access check +// to be performed against different db app context (e.g. out of a transaction). +// If set, it is expected that optAccessCheckApp instance is used for read-only operations to avoid deadlocks. +// If not set, it fallbacks to app. +func realtimeBroadcastRecord(app core.App, action string, record *core.Record, dryCache bool, optAccessCheckApp ...core.App) error { + collection := record.Collection() + if collection == nil { + return errors.New("[broadcastRecord] Record collection not set") + } + + chunks := app.SubscriptionsBroker().ChunkedClients(clientsChunkSize) + if len(chunks) == 0 { + return nil // no subscribers + } + + subscriptionRuleMap := map[string]*string{ + (collection.Name + "/" + record.Id + "?"): collection.ViewRule, + (collection.Id + "/" + record.Id + "?"): collection.ViewRule, + (collection.Name + "/*?"): collection.ListRule, + (collection.Id + "/*?"): collection.ListRule, + + // @deprecated: the same as the wildcard topic but kept for backward compatibility + (collection.Name + "?"): collection.ListRule, + (collection.Id + "?"): collection.ListRule, + } + + dryCacheKey := getDryCacheKey(action, record) + + group := new(errgroup.Group) + + accessCheckApp := app + if len(optAccessCheckApp) > 0 { + accessCheckApp = optAccessCheckApp[0] + } + + for _, chunk := range chunks { + group.Go(func() error { + var clientAuth *core.Record + + for _, client := range chunk { + // note: not executed concurrently to avoid races and to ensure + // that the access checks are applied for the current record db state + for prefix, rule := range subscriptionRuleMap { + subs := client.Subscriptions(prefix) + if len(subs) == 0 { + continue + } + + clientAuth, _ = client.Get(RealtimeClientAuthKey).(*core.Record) + + for sub, options := range subs { + // mock request data + requestInfo := &core.RequestInfo{ + Context: core.RequestInfoContextRealtime, + Method: "GET", + Query: options.Query, + Headers: options.Headers, + Auth: clientAuth, + } + + if !realtimeCanAccessRecord(accessCheckApp, record, requestInfo, rule) { + continue + } + + // create a clean record copy without expand and unknown fields because we don't know yet + // which exact fields the client subscription requested or has permissions to access + cleanRecord := record.Fresh() + + // trigger the enrich hooks + enrichErr := triggerRecordEnrichHooks(app, requestInfo, []*core.Record{cleanRecord}, func() error { + // apply expand + rawExpand := options.Query[expandQueryParam] + if rawExpand != "" { + expandErrs := app.ExpandRecord(cleanRecord, strings.Split(rawExpand, ","), expandFetch(app, requestInfo)) + if len(expandErrs) > 0 { + app.Logger().Debug( + "[broadcastRecord] expand errors", + slog.String("id", cleanRecord.Id), + slog.String("collectionName", cleanRecord.Collection().Name), + slog.String("sub", sub), + slog.String("expand", rawExpand), + slog.Any("errors", expandErrs), + ) + } + } + + // ignore the auth record email visibility checks + // for auth owner, superuser or manager + if collection.IsAuth() { + if isSameAuth(clientAuth, cleanRecord) || + realtimeCanAccessRecord(accessCheckApp, cleanRecord, requestInfo, collection.ManageRule) { + cleanRecord.IgnoreEmailVisibility(true) + } + } + + return nil + }) + if enrichErr != nil { + app.Logger().Debug( + "[broadcastRecord] record enrich error", + slog.String("id", cleanRecord.Id), + slog.String("collectionName", cleanRecord.Collection().Name), + slog.String("sub", sub), + slog.Any("error", enrichErr), + ) + continue + } + + data := &recordData{ + Action: action, + Record: cleanRecord, + } + + // check fields + rawFields := options.Query[fieldsQueryParam] + if rawFields != "" { + decoded, err := picker.Pick(cleanRecord, rawFields) + if err == nil { + data.Record = decoded + } else { + app.Logger().Debug( + "[broadcastRecord] pick fields error", + slog.String("id", cleanRecord.Id), + slog.String("collectionName", cleanRecord.Collection().Name), + slog.String("sub", sub), + slog.String("fields", rawFields), + slog.String("error", err.Error()), + ) + } + } + + dataBytes, err := json.Marshal(data) + if err != nil { + app.Logger().Debug( + "[broadcastRecord] data marshal error", + slog.String("id", cleanRecord.Id), + slog.String("collectionName", cleanRecord.Collection().Name), + slog.String("error", err.Error()), + ) + continue + } + + msg := subscriptions.Message{ + Name: sub, + Data: dataBytes, + } + + if dryCache { + messages, ok := client.Get(dryCacheKey).([]subscriptions.Message) + if !ok { + messages = []subscriptions.Message{msg} + } else { + messages = append(messages, msg) + } + client.Set(dryCacheKey, messages) + } else { + routine.FireAndForget(func() { + client.Send(msg) + }) + } + } + } + } + + return nil + }) + } + + return group.Wait() +} + +// realtimeBroadcastDryCacheKey broadcasts the dry cached key related messages. +func realtimeBroadcastDryCacheKey(app core.App, key string) error { + chunks := app.SubscriptionsBroker().ChunkedClients(clientsChunkSize) + if len(chunks) == 0 { + return nil // no subscribers + } + + group := new(errgroup.Group) + + for _, chunk := range chunks { + group.Go(func() error { + for _, client := range chunk { + messages, ok := client.Get(key).([]subscriptions.Message) + if !ok { + continue + } + + client.Unset(key) + + client := client + + routine.FireAndForget(func() { + for _, msg := range messages { + client.Send(msg) + } + }) + } + + return nil + }) + } + + return group.Wait() +} + +// realtimeUnsetDryCacheKey removes the dry cached key related messages. +func realtimeUnsetDryCacheKey(app core.App, key string) error { + chunks := app.SubscriptionsBroker().ChunkedClients(clientsChunkSize) + if len(chunks) == 0 { + return nil // no subscribers + } + + group := new(errgroup.Group) + + for _, chunk := range chunks { + group.Go(func() error { + for _, client := range chunk { + if client.Get(key) != nil { + client.Unset(key) + } + } + + return nil + }) + } + + return group.Wait() +} + +func getDryCacheKey(action string, model core.Model) string { + pkStr, ok := model.PK().(string) + if !ok { + pkStr = fmt.Sprintf("%v", model.PK()) + } + + return action + "/" + model.TableName() + "/" + pkStr +} + +func isSameAuth(authA, authB *core.Record) bool { + if authA == nil { + return authB == nil + } + + if authB == nil { + return false + } + + return authA.Id == authB.Id && authA.Collection().Id == authB.Collection().Id +} + +// realtimeCanAccessRecord checks if the subscription client has access to the specified record model. +func realtimeCanAccessRecord( + app core.App, + record *core.Record, + requestInfo *core.RequestInfo, + accessRule *string, +) bool { + // check the access rule + // --- + if ok, _ := app.CanAccessRecord(record, requestInfo, accessRule); !ok { + return false + } + + // check the subscription client-side filter (if any) + // --- + filter := requestInfo.Query[search.FilterQueryParam] + if filter == "" { + return true // no further checks needed + } + + err := checkForSuperuserOnlyRuleFields(requestInfo) + if err != nil { + return false + } + + var exists int + + q := app.ConcurrentDB().Select("(1)"). + From(record.Collection().Name). + AndWhere(dbx.HashExp{record.Collection().Name + ".id": record.Id}) + + resolver := core.NewRecordFieldResolver(app, record.Collection(), requestInfo, false) + expr, err := search.FilterData(filter).BuildExpr(resolver) + if err != nil { + return false + } + + q.AndWhere(expr) + resolver.UpdateQuery(q) + + err = q.Limit(1).Row(&exists) + + return err == nil && exists > 0 +} diff --git a/apis/realtime_test.go b/apis/realtime_test.go new file mode 100644 index 0000000..781ea18 --- /dev/null +++ b/apis/realtime_test.go @@ -0,0 +1,885 @@ +package apis_test + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "slices" + "strings" + "sync" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/subscriptions" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRealtimeConnect(t *testing.T) { + scenarios := []tests.ApiScenario{ + { + Method: http.MethodGet, + URL: "/api/realtime", + Timeout: 100 * time.Millisecond, + ExpectedStatus: 200, + ExpectedContent: []string{ + `id:`, + `event:PB_CONNECT`, + `data:{"clientId":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeConnectRequest": 1, + "OnRealtimeMessageSend": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if len(app.SubscriptionsBroker().Clients()) != 0 { + t.Errorf("Expected the subscribers to be removed after connection close, found %d", len(app.SubscriptionsBroker().Clients())) + } + }, + }, + { + Name: "PB_CONNECT interrupt", + Method: http.MethodGet, + URL: "/api/realtime", + Timeout: 100 * time.Millisecond, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeConnectRequest": 1, + "OnRealtimeMessageSend": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRealtimeMessageSend().BindFunc(func(e *core.RealtimeMessageEvent) error { + if e.Message.Name == "PB_CONNECT" { + return errors.New("PB_CONNECT error") + } + return e.Next() + }) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if len(app.SubscriptionsBroker().Clients()) != 0 { + t.Errorf("Expected the subscribers to be removed after connection close, found %d", len(app.SubscriptionsBroker().Clients())) + } + }, + }, + { + Name: "Skipping/ignoring messages", + Method: http.MethodGet, + URL: "/api/realtime", + Timeout: 100 * time.Millisecond, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeConnectRequest": 1, + "OnRealtimeMessageSend": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRealtimeMessageSend().BindFunc(func(e *core.RealtimeMessageEvent) error { + return nil + }) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if len(app.SubscriptionsBroker().Clients()) != 0 { + t.Errorf("Expected the subscribers to be removed after connection close, found %d", len(app.SubscriptionsBroker().Clients())) + } + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRealtimeSubscribe(t *testing.T) { + client := subscriptions.NewDefaultClient() + + resetClient := func() { + client.Unsubscribe() + client.Set(apis.RealtimeClientAuthKey, nil) + } + + validSubscriptionsLimit := make([]string, 1000) + for i := 0; i < len(validSubscriptionsLimit); i++ { + validSubscriptionsLimit[i] = fmt.Sprintf(`"%d"`, i) + } + invalidSubscriptionsLimit := make([]string, 1001) + for i := 0; i < len(invalidSubscriptionsLimit); i++ { + invalidSubscriptionsLimit[i] = fmt.Sprintf(`"%d"`, i) + } + + scenarios := []tests.ApiScenario{ + { + Name: "missing client", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"missing","subscriptions":["test1", "test2"]}`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{}`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"clientId":{"code":"validation_required`, + }, + NotExpectedContent: []string{ + `"subscriptions"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "existing client with invalid subscriptions limit", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{ + "clientId": "` + client.Id() + `", + "subscriptions": [` + strings.Join(invalidSubscriptionsLimit, ",") + `] + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + resetClient() + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"subscriptions":{"code":"validation_length_too_long"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "existing client with valid subscriptions limit", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{ + "clientId": "` + client.Id() + `", + "subscriptions": [` + strings.Join(validSubscriptionsLimit, ",") + `] + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + client.Subscribe("test0") // should be replaced + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if len(client.Subscriptions()) != len(validSubscriptionsLimit) { + t.Errorf("Expected %d subscriptions, got %d", len(validSubscriptionsLimit), len(client.Subscriptions())) + } + if client.HasSubscription("test0") { + t.Errorf("Expected old subscriptions to be replaced") + } + resetClient() + }, + }, + { + Name: "existing client with invalid topic length", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{ + "clientId": "` + client.Id() + `", + "subscriptions": ["abc", "` + strings.Repeat("a", 2501) + `"] + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + resetClient() + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"subscriptions":{"1":{"code":"validation_length_too_long"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "existing client with valid topic length", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{ + "clientId": "` + client.Id() + `", + "subscriptions": ["abc", "` + strings.Repeat("a", 2500) + `"] + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + client.Subscribe("test0") + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if len(client.Subscriptions()) != 2 { + t.Errorf("Expected %d subscriptions, got %d", 2, len(client.Subscriptions())) + } + if client.HasSubscription("test0") { + t.Errorf("Expected old subscriptions to be replaced") + } + resetClient() + }, + }, + { + Name: "existing client - empty subscriptions", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":[]}`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + client.Subscribe("test0") + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if len(client.Subscriptions()) != 0 { + t.Errorf("Expected no subscriptions, got %d", len(client.Subscriptions())) + } + resetClient() + }, + }, + { + Name: "existing client - 2 new subscriptions", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":["test1", "test2"]}`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + client.Subscribe("test0") + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + expectedSubs := []string{"test1", "test2"} + if len(expectedSubs) != len(client.Subscriptions()) { + t.Errorf("Expected subscriptions %v, got %v", expectedSubs, client.Subscriptions()) + } + + for _, s := range expectedSubs { + if !client.HasSubscription(s) { + t.Errorf("Cannot find %q subscription in %v", s, client.Subscriptions()) + } + } + resetClient() + }, + }, + { + Name: "existing client - guest -> authorized superuser", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":["test1", "test2"]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + authRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if authRecord == nil || !authRecord.IsSuperuser() { + t.Errorf("Expected superuser auth record, got %v", authRecord) + } + resetClient() + }, + }, + { + Name: "existing client - guest -> authorized regular auth record", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":["test1", "test2"]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + authRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if authRecord == nil { + t.Errorf("Expected regular user auth record, got %v", authRecord) + } + resetClient() + }, + }, + { + Name: "existing client - same auth", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":["test1", "test2"]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRealtimeSubscribeRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // the same user as the auth token + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + client.Set(apis.RealtimeClientAuthKey, user) + + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + authRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if authRecord == nil { + t.Errorf("Expected auth record model, got nil") + } + resetClient() + }, + }, + { + Name: "existing client - mismatched auth", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":["test1", "test2"]}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + client.Set(apis.RealtimeClientAuthKey, user) + + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + authRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if authRecord == nil { + t.Errorf("Expected auth record model, got nil") + } + resetClient() + }, + }, + { + Name: "existing client - unauthorized client", + Method: http.MethodPost, + URL: "/api/realtime", + Body: strings.NewReader(`{"clientId":"` + client.Id() + `","subscriptions":["test1", "test2"]}`), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + client.Set(apis.RealtimeClientAuthKey, user) + + app.SubscriptionsBroker().Register(client) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + authRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if authRecord == nil { + t.Errorf("Expected auth record model, got nil") + } + resetClient() + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRealtimeAuthRecordDeleteEvent(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + // init realtime handlers + apis.NewRouter(testApp) + + authRecord1, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + authRecord2, err := testApp.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + client1 := subscriptions.NewDefaultClient() + client1.Set(apis.RealtimeClientAuthKey, authRecord1) + testApp.SubscriptionsBroker().Register(client1) + + client2 := subscriptions.NewDefaultClient() + client2.Set(apis.RealtimeClientAuthKey, authRecord1) + testApp.SubscriptionsBroker().Register(client2) + + client3 := subscriptions.NewDefaultClient() + client3.Set(apis.RealtimeClientAuthKey, authRecord2) + testApp.SubscriptionsBroker().Register(client3) + + // mock delete event + e := new(core.ModelEvent) + e.App = testApp + e.Type = core.ModelEventTypeDelete + e.Context = context.Background() + e.Model = authRecord1 + + testApp.OnModelAfterDeleteSuccess().Trigger(e) + + if total := len(testApp.SubscriptionsBroker().Clients()); total != 3 { + t.Fatalf("Expected %d subscription clients, found %d", 3, total) + } + + if auth := client1.Get(apis.RealtimeClientAuthKey); auth != nil { + t.Fatalf("[client1] Expected the auth state to be unset, found %#v", auth) + } + + if auth := client2.Get(apis.RealtimeClientAuthKey); auth != nil { + t.Fatalf("[client2] Expected the auth state to be unset, found %#v", auth) + } + + if auth := client3.Get(apis.RealtimeClientAuthKey); auth == nil || auth.(*core.Record).Id != authRecord2.Id { + t.Fatalf("[client3] Expected the auth state to be left unchanged, found %#v", auth) + } +} + +func TestRealtimeAuthRecordUpdateEvent(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + // init realtime handlers + apis.NewRouter(testApp) + + authRecord1, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + client := subscriptions.NewDefaultClient() + client.Set(apis.RealtimeClientAuthKey, authRecord1) + testApp.SubscriptionsBroker().Register(client) + + // refetch the authRecord and change its email + authRecord2, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + authRecord2.SetEmail("new@example.com") + + // mock update event + e := new(core.ModelEvent) + e.App = testApp + e.Type = core.ModelEventTypeUpdate + e.Context = context.Background() + e.Model = authRecord2 + + testApp.OnModelAfterUpdateSuccess().Trigger(e) + + clientAuthRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if clientAuthRecord.Email() != authRecord2.Email() { + t.Fatalf("Expected authRecord with email %q, got %q", authRecord2.Email(), clientAuthRecord.Email()) + } +} + +// Custom auth record model struct +// ------------------------------------------------------------------- +var _ core.Model = (*CustomUser)(nil) + +type CustomUser struct { + core.BaseModel + + Email string `db:"email" json:"email"` +} + +func (m *CustomUser) TableName() string { + return "users" +} + +func findCustomUserByEmail(app core.App, email string) (*CustomUser, error) { + model := &CustomUser{} + + err := app.ModelQuery(model). + AndWhere(dbx.HashExp{"email": email}). + Limit(1). + One(model) + + if err != nil { + return nil, err + } + + return model, nil +} + +func TestRealtimeCustomAuthModelDeleteEvent(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + // init realtime handlers + apis.NewRouter(testApp) + + authRecord1, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + authRecord2, err := testApp.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + client1 := subscriptions.NewDefaultClient() + client1.Set(apis.RealtimeClientAuthKey, authRecord1) + testApp.SubscriptionsBroker().Register(client1) + + client2 := subscriptions.NewDefaultClient() + client2.Set(apis.RealtimeClientAuthKey, authRecord1) + testApp.SubscriptionsBroker().Register(client2) + + client3 := subscriptions.NewDefaultClient() + client3.Set(apis.RealtimeClientAuthKey, authRecord2) + testApp.SubscriptionsBroker().Register(client3) + + // refetch the authRecord as CustomUser + customUser, err := findCustomUserByEmail(testApp, authRecord1.Email()) + if err != nil { + t.Fatal(err) + } + + // delete the custom user (should unset the client auth record) + if err := testApp.Delete(customUser); err != nil { + t.Fatal(err) + } + + if total := len(testApp.SubscriptionsBroker().Clients()); total != 3 { + t.Fatalf("Expected %d subscription clients, found %d", 3, total) + } + + if auth := client1.Get(apis.RealtimeClientAuthKey); auth != nil { + t.Fatalf("[client1] Expected the auth state to be unset, found %#v", auth) + } + + if auth := client2.Get(apis.RealtimeClientAuthKey); auth != nil { + t.Fatalf("[client2] Expected the auth state to be unset, found %#v", auth) + } + + if auth := client3.Get(apis.RealtimeClientAuthKey); auth == nil || auth.(*core.Record).Id != authRecord2.Id { + t.Fatalf("[client3] Expected the auth state to be left unchanged, found %#v", auth) + } +} + +func TestRealtimeCustomAuthModelUpdateEvent(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + // init realtime handlers + apis.NewRouter(testApp) + + authRecord, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + client := subscriptions.NewDefaultClient() + client.Set(apis.RealtimeClientAuthKey, authRecord) + testApp.SubscriptionsBroker().Register(client) + + // refetch the authRecord as CustomUser + customUser, err := findCustomUserByEmail(testApp, "test@example.com") + if err != nil { + t.Fatal(err) + } + + // change its email + customUser.Email = "new@example.com" + if err := testApp.Save(customUser); err != nil { + t.Fatal(err) + } + + clientAuthRecord, _ := client.Get(apis.RealtimeClientAuthKey).(*core.Record) + if clientAuthRecord.Email() != customUser.Email { + t.Fatalf("Expected authRecord with email %q, got %q", customUser.Email, clientAuthRecord.Email()) + } +} + +// ------------------------------------------------------------------- + +var _ core.Model = (*CustomModelResolve)(nil) + +type CustomModelResolve struct { + core.BaseModel + tableName string + + Created string `db:"created"` +} + +func (m *CustomModelResolve) TableName() string { + return m.tableName +} + +func TestRealtimeRecordResolve(t *testing.T) { + t.Parallel() + + const testCollectionName = "realtime_test_collection" + + testRecordId := core.GenerateDefaultRandomId() + + client0 := subscriptions.NewDefaultClient() + client0.Subscribe(testCollectionName + "/*") + client0.Discard() + // --- + client1 := subscriptions.NewDefaultClient() + client1.Subscribe(testCollectionName + "/*") + // --- + client2 := subscriptions.NewDefaultClient() + client2.Subscribe(testCollectionName + "/" + testRecordId) + // --- + client3 := subscriptions.NewDefaultClient() + client3.Subscribe("demo1/*") + + scenarios := []struct { + name string + op func(testApp core.App) error + expected map[string][]string // clientId -> [events] + }{ + { + "core.Record", + func(testApp core.App) error { + c, err := testApp.FindCollectionByNameOrId(testCollectionName) + if err != nil { + return err + } + + r := core.NewRecord(c) + r.Id = testRecordId + + // create + err = testApp.Save(r) + if err != nil { + return err + } + + // update + err = testApp.Save(r) + if err != nil { + return err + } + + // delete + err = testApp.Delete(r) + if err != nil { + return err + } + + return nil + }, + map[string][]string{ + client1.Id(): {"create", "update", "delete"}, + client2.Id(): {"create", "update", "delete"}, + }, + }, + { + "core.RecordProxy", + func(testApp core.App) error { + c, err := testApp.FindCollectionByNameOrId(testCollectionName) + if err != nil { + return err + } + + r := core.NewRecord(c) + + proxy := &struct { + core.BaseRecordProxy + }{} + proxy.SetProxyRecord(r) + proxy.Id = testRecordId + + // create + err = testApp.Save(proxy) + if err != nil { + return err + } + + // update + err = testApp.Save(proxy) + if err != nil { + return err + } + + // delete + err = testApp.Delete(proxy) + if err != nil { + return err + } + + return nil + }, + map[string][]string{ + client1.Id(): {"create", "update", "delete"}, + client2.Id(): {"create", "update", "delete"}, + }, + }, + { + "custom model struct", + func(testApp core.App) error { + m := &CustomModelResolve{tableName: testCollectionName} + m.Id = testRecordId + + // create + err := testApp.Save(m) + if err != nil { + return err + } + + // update + m.Created = "123" + err = testApp.Save(m) + if err != nil { + return err + } + + // delete + err = testApp.Delete(m) + if err != nil { + return err + } + + return nil + }, + map[string][]string{ + client1.Id(): {"create", "update", "delete"}, + client2.Id(): {"create", "update", "delete"}, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + // init realtime handlers + apis.NewRouter(testApp) + + // create new test collection with public read access + testCollection := core.NewBaseCollection(testCollectionName) + testCollection.Fields.Add(&core.AutodateField{Name: "created", OnCreate: true, OnUpdate: true}) + testCollection.ListRule = types.Pointer("") + testCollection.ViewRule = types.Pointer("") + err := testApp.Save(testCollection) + if err != nil { + t.Fatal(err) + } + + testApp.SubscriptionsBroker().Register(client0) + testApp.SubscriptionsBroker().Register(client1) + testApp.SubscriptionsBroker().Register(client2) + testApp.SubscriptionsBroker().Register(client3) + + var wg sync.WaitGroup + + var notifications = map[string][]string{} + + var mu sync.Mutex + notify := func(clientId string, eventData []byte) { + data := struct{ Action string }{} + _ = json.Unmarshal(eventData, &data) + + mu.Lock() + defer mu.Unlock() + + if notifications[clientId] == nil { + notifications[clientId] = []string{} + } + notifications[clientId] = append(notifications[clientId], data.Action) + } + + wg.Add(1) + go func() { + defer wg.Done() + + timeout := time.After(250 * time.Millisecond) + + for { + select { + case e, ok := <-client0.Channel(): + if ok { + notify(client0.Id(), e.Data) + } + case e, ok := <-client1.Channel(): + if ok { + notify(client1.Id(), e.Data) + } + case e, ok := <-client2.Channel(): + if ok { + notify(client2.Id(), e.Data) + } + case e, ok := <-client3.Channel(): + if ok { + notify(client3.Id(), e.Data) + } + case <-timeout: + return + } + } + }() + + err = s.op(testApp) + if err != nil { + t.Fatal(err) + } + + wg.Wait() + + if len(s.expected) != len(notifications) { + t.Fatalf("Expected %d notified clients, got %d:\n%v", len(s.expected), len(notifications), notifications) + } + + for id, events := range s.expected { + if len(events) != len(notifications[id]) { + t.Fatalf("[%s] Expected %d events, got %d:\n%v\n%v", id, len(events), len(notifications[id]), s.expected, notifications) + } + for _, event := range events { + if !slices.Contains(notifications[id], event) { + t.Fatalf("[%s] Missing expected event %q in %v", id, event, notifications[id]) + } + } + } + }) + } +} diff --git a/apis/record_auth.go b/apis/record_auth.go new file mode 100644 index 0000000..fe960f7 --- /dev/null +++ b/apis/record_auth.go @@ -0,0 +1,79 @@ +package apis + +import ( + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/router" +) + +// bindRecordAuthApi registers the auth record api endpoints and +// the corresponding handlers. +func bindRecordAuthApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + // global oauth2 subscription redirect handler + rg.GET("/oauth2-redirect", oauth2SubscriptionRedirect).Bind( + SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url + ) + // add again as POST in case of response_mode=form_post + rg.POST("/oauth2-redirect", oauth2SubscriptionRedirect).Bind( + SkipSuccessActivityLog(), // skip success log as it could contain sensitive information in the url + ) + + sub := rg.Group("/collections/{collection}") + + sub.GET("/auth-methods", recordAuthMethods).Bind( + collectionPathRateLimit("", "listAuthMethods"), + ) + + sub.POST("/auth-refresh", recordAuthRefresh).Bind( + collectionPathRateLimit("", "authRefresh"), + RequireSameCollectionContextAuth(""), + ) + + sub.POST("/auth-with-password", recordAuthWithPassword).Bind( + collectionPathRateLimit("", "authWithPassword", "auth"), + ) + + sub.POST("/auth-with-oauth2", recordAuthWithOAuth2).Bind( + collectionPathRateLimit("", "authWithOAuth2", "auth"), + ) + + sub.POST("/request-otp", recordRequestOTP).Bind( + collectionPathRateLimit("", "requestOTP"), + ) + sub.POST("/auth-with-otp", recordAuthWithOTP).Bind( + collectionPathRateLimit("", "authWithOTP", "auth"), + ) + + sub.POST("/request-password-reset", recordRequestPasswordReset).Bind( + collectionPathRateLimit("", "requestPasswordReset"), + ) + sub.POST("/confirm-password-reset", recordConfirmPasswordReset).Bind( + collectionPathRateLimit("", "confirmPasswordReset"), + ) + + sub.POST("/request-verification", recordRequestVerification).Bind( + collectionPathRateLimit("", "requestVerification"), + ) + sub.POST("/confirm-verification", recordConfirmVerification).Bind( + collectionPathRateLimit("", "confirmVerification"), + ) + + sub.POST("/request-email-change", recordRequestEmailChange).Bind( + collectionPathRateLimit("", "requestEmailChange"), + RequireSameCollectionContextAuth(""), + ) + sub.POST("/confirm-email-change", recordConfirmEmailChange).Bind( + collectionPathRateLimit("", "confirmEmailChange"), + ) + + sub.POST("/impersonate/{id}", recordAuthImpersonate).Bind(RequireSuperuserAuth()) +} + +func findAuthCollection(e *core.RequestEvent) (*core.Collection, error) { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + + if err != nil || !collection.IsAuth() { + return nil, e.NotFoundError("Missing or invalid auth collection context.", err) + } + + return collection, nil +} diff --git a/apis/record_auth_email_change_confirm.go b/apis/record_auth_email_change_confirm.go new file mode 100644 index 0000000..799e082 --- /dev/null +++ b/apis/record_auth_email_change_confirm.go @@ -0,0 +1,122 @@ +package apis + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/security" +) + +func recordConfirmEmailChange(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if collection.Name == core.CollectionNameSuperusers { + return e.BadRequestError("All superusers can change their emails directly.", nil) + } + + form := newEmailChangeConfirmForm(e.App, collection) + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + authRecord, newEmail, err := form.parseToken() + if err != nil { + return firstApiError(err, e.BadRequestError("Invalid or expired token.", err)) + } + + event := new(core.RecordConfirmEmailChangeRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = authRecord + event.NewEmail = newEmail + + return e.App.OnRecordConfirmEmailChangeRequest().Trigger(event, func(e *core.RecordConfirmEmailChangeRequestEvent) error { + e.Record.SetEmail(e.NewEmail) + e.Record.SetVerified(true) + + if err := e.App.Save(e.Record); err != nil { + return firstApiError(err, e.BadRequestError("Failed to confirm email change.", err)) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// ------------------------------------------------------------------- + +func newEmailChangeConfirmForm(app core.App, collection *core.Collection) *EmailChangeConfirmForm { + return &EmailChangeConfirmForm{ + app: app, + collection: collection, + } +} + +type EmailChangeConfirmForm struct { + app core.App + collection *core.Collection + + Token string `form:"token" json:"token"` + Password string `form:"password" json:"password"` +} + +func (form *EmailChangeConfirmForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Token, validation.Required, validation.By(form.checkToken)), + validation.Field(&form.Password, validation.Required, validation.Length(1, 100), validation.By(form.checkPassword)), + ) +} + +func (form *EmailChangeConfirmForm) checkToken(value any) error { + _, _, err := form.parseToken() + return err +} + +func (form *EmailChangeConfirmForm) checkPassword(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + authRecord, _, _ := form.parseToken() + if authRecord == nil || !authRecord.ValidatePassword(v) { + return validation.NewError("validation_invalid_password", "Missing or invalid auth record password.") + } + + return nil +} + +func (form *EmailChangeConfirmForm) parseToken() (*core.Record, string, error) { + // check token payload + claims, _ := security.ParseUnverifiedJWT(form.Token) + newEmail, _ := claims[core.TokenClaimNewEmail].(string) + if newEmail == "" { + return nil, "", validation.NewError("validation_invalid_token_payload", "Invalid token payload - newEmail must be set.") + } + + // ensure that there aren't other users with the new email + _, err := form.app.FindAuthRecordByEmail(form.collection, newEmail) + if err == nil { + return nil, "", validation.NewError("validation_existing_token_email", "The new email address is already registered: "+newEmail) + } + + // verify that the token is not expired and its signature is valid + authRecord, err := form.app.FindAuthRecordByToken(form.Token, core.TokenTypeEmailChange) + if err != nil { + return nil, "", validation.NewError("validation_invalid_token", "Invalid or expired token.") + } + + if authRecord.Collection().Id != form.collection.Id { + return nil, "", validation.NewError("validation_token_collection_mismatch", "The provided token is for different auth collection.") + } + + return authRecord, newEmail, nil +} diff --git a/apis/record_auth_email_change_confirm_test.go b/apis/record_auth_email_change_confirm_test.go new file mode 100644 index 0000000..bf56be7 --- /dev/null +++ b/apis/record_auth_email_change_confirm_test.go @@ -0,0 +1,211 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordConfirmEmailChange(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/confirm-email-change", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":`, + `"token":{"code":"validation_required"`, + `"password":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid data", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{"token`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired token and correct password", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoxNjQwOTkxNjYxfQ.dff842MO0mgRTHY8dktp0dqG9-7LGQOgRuiAbQpYBls", + "password":"1234567890" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{`, + `"code":"validation_invalid_token"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-email change token", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + "password":"1234567890" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{`, + `"code":"validation_invalid_token_payload"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid token and incorrect password", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoyNTI0NjA0NDYxfQ.Y7mVlaEPhJiNPoIvIqbIosZU4c4lEhwysOrRR8c95iU", + "password":"1234567891" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"password":{`, + `"code":"validation_invalid_password"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid token and correct password", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoyNTI0NjA0NDYxfQ.Y7mVlaEPhJiNPoIvIqbIosZU4c4lEhwysOrRR8c95iU", + "password":"1234567890" + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmEmailChangeRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindAuthRecordByEmail("users", "change@example.com") + if err != nil { + t.Fatalf("Expected to find user with email %q, got error: %v", "change@example.com", err) + } + }, + }, + { + Name: "valid token in different auth collection", + Method: http.MethodPost, + URL: "/api/collections/clients/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoyNTI0NjA0NDYxfQ.Y7mVlaEPhJiNPoIvIqbIosZU4c4lEhwysOrRR8c95iU", + "password":"1234567890" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{"code":"validation_token_collection_mismatch"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "OnRecordConfirmEmailChangeRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoyNTI0NjA0NDYxfQ.Y7mVlaEPhJiNPoIvIqbIosZU4c4lEhwysOrRR8c95iU", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordConfirmEmailChangeRequest().BindFunc(func(e *core.RecordConfirmEmailChangeRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordConfirmEmailChangeRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:confirmEmailChange", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoyNTI0NjA0NDYxfQ.Y7mVlaEPhJiNPoIvIqbIosZU4c4lEhwysOrRR8c95iU", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:confirmEmailChange"}, + {MaxRequests: 0, Label: "users:confirmEmailChange"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:confirmEmailChange", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-email-change", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsInR5cGUiOiJlbWFpbENoYW5nZSIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSIsIm5ld0VtYWlsIjoiY2hhbmdlQGV4YW1wbGUuY29tIiwiZXhwIjoyNTI0NjA0NDYxfQ.Y7mVlaEPhJiNPoIvIqbIosZU4c4lEhwysOrRR8c95iU", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:confirmEmailChange"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_email_change_request.go b/apis/record_auth_email_change_request.go new file mode 100644 index 0000000..079b090 --- /dev/null +++ b/apis/record_auth_email_change_request.go @@ -0,0 +1,92 @@ +package apis + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails" +) + +func recordRequestEmailChange(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if collection.Name == core.CollectionNameSuperusers { + return e.BadRequestError("All superusers can change their emails directly.", nil) + } + + record := e.Auth + if record == nil { + return e.UnauthorizedError("The request requires valid auth record.", nil) + } + + form := newEmailChangeRequestForm(e.App, record) + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + event := new(core.RecordRequestEmailChangeRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + event.NewEmail = form.NewEmail + + return e.App.OnRecordRequestEmailChangeRequest().Trigger(event, func(e *core.RecordRequestEmailChangeRequestEvent) error { + if err := mails.SendRecordChangeEmail(e.App, e.Record, e.NewEmail); err != nil { + return firstApiError(err, e.BadRequestError("Failed to request email change.", err)) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// ------------------------------------------------------------------- + +func newEmailChangeRequestForm(app core.App, record *core.Record) *emailChangeRequestForm { + return &emailChangeRequestForm{ + app: app, + record: record, + } +} + +type emailChangeRequestForm struct { + app core.App + record *core.Record + + NewEmail string `form:"newEmail" json:"newEmail"` +} + +func (form *emailChangeRequestForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.NewEmail, + validation.Required, + validation.Length(1, 255), + is.EmailFormat, + validation.NotIn(form.record.Email()), + validation.By(form.checkUniqueEmail), + ), + ) +} + +func (form *emailChangeRequestForm) checkUniqueEmail(value any) error { + v, _ := value.(string) + if v == "" { + return nil + } + + found, _ := form.app.FindAuthRecordByEmail(form.record.Collection(), v) + if found != nil && found.Id != form.record.Id { + return validation.NewError("validation_invalid_new_email", "Invalid new email address.") + } + + return nil +} diff --git a/apis/record_auth_email_change_request_test.go b/apis/record_auth_email_change_request_test.go new file mode 100644 index 0000000..ef39e0c --- /dev/null +++ b/apis/record_auth_email_change_request_test.go @@ -0,0 +1,195 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordRequestEmailChange(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "record authentication but from different auth collection", + Method: http.MethodPost, + URL: "/api/collections/clients/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superuser authentication", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid data", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":`, + `"newEmail":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid data (existing email)", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"test2@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":`, + `"newEmail":{"code":"validation_invalid_new_email"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid data (new email)", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestEmailChangeRequest": 1, + "OnMailerSend": 1, + "OnMailerRecordEmailChangeSend": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if !strings.Contains(app.TestMailer.LastMessage().HTML, "/auth/confirm-email-change") { + t.Fatalf("Expected email change email, got\n%v", app.TestMailer.LastMessage().HTML) + } + }, + }, + { + Name: "OnRecordRequestEmailChangeRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordRequestEmailChangeRequest().BindFunc(func(e *core.RecordRequestEmailChangeRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordRequestEmailChangeRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:requestEmailChange", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:requestEmailChange"}, + {MaxRequests: 0, Label: "users:requestEmailChange"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:requestEmailChange", + Method: http.MethodPost, + URL: "/api/collections/users/request-email-change", + Body: strings.NewReader(`{"newEmail":"change@example.com"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:requestEmailChange"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_impersonate.go b/apis/record_auth_impersonate.go new file mode 100644 index 0000000..c198205 --- /dev/null +++ b/apis/record_auth_impersonate.go @@ -0,0 +1,54 @@ +package apis + +import ( + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" +) + +// note: for now allow superusers but it may change in the future to allow access +// also to users with "Manage API" rule access depending on the use cases that will arise +func recordAuthImpersonate(e *core.RequestEvent) error { + if !e.HasSuperuserAuth() { + return e.ForbiddenError("", nil) + } + + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + record, err := e.App.FindRecordById(collection, e.Request.PathValue("id")) + if err != nil { + return e.NotFoundError("", err) + } + + form := &impersonateForm{} + if err = e.BindBody(form); err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + if err = form.validate(); err != nil { + return e.BadRequestError("An error occurred while validating the submitted data.", err) + } + + token, err := record.NewStaticAuthToken(time.Duration(form.Duration) * time.Second) + if err != nil { + e.InternalServerError("Failed to generate static auth token", err) + } + + return recordAuthResponse(e, record, token, "", nil) +} + +// ------------------------------------------------------------------- + +type impersonateForm struct { + // Duration is the optional custom token duration in seconds. + Duration int64 `form:"duration" json:"duration"` +} + +func (form *impersonateForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Duration, validation.Min(0)), + ) +} diff --git a/apis/record_auth_impersonate_test.go b/apis/record_auth_impersonate_test.go new file mode 100644 index 0000000..a5f2dc1 --- /dev/null +++ b/apis/record_auth_impersonate_test.go @@ -0,0 +1,109 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordAuthImpersonate(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/collections/users/impersonate/4q1xlclmfloku33", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as different user", + Method: http.MethodPost, + URL: "/api/collections/users/impersonate/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6Im9hcDY0MGNvdDR5cnUycyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.GfJo6EHIobgas_AXt-M-tj5IoQendPnrkMSe9ExuSEY", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as the same user", + Method: http.MethodPost, + URL: "/api/collections/users/impersonate/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodPost, + URL: "/api/collections/users/impersonate/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"`, + `"id":"4q1xlclmfloku33"`, + `"record":{`, + }, + NotExpectedContent: []string{ + // hidden fields should remain hidden even though we are authenticated as superuser + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "authorized as superuser with custom invalid duration", + Method: http.MethodPost, + URL: "/api/collections/users/impersonate/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: strings.NewReader(`{"duration":-1}`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"duration":{`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser with custom valid duration", + Method: http.MethodPost, + URL: "/api/collections/users/impersonate/4q1xlclmfloku33", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: strings.NewReader(`{"duration":100}`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"`, + `"id":"4q1xlclmfloku33"`, + `"record":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_methods.go b/apis/record_auth_methods.go new file mode 100644 index 0000000..df39d66 --- /dev/null +++ b/apis/record_auth_methods.go @@ -0,0 +1,170 @@ +package apis + +import ( + "log/slog" + "net/http" + "slices" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/auth" + "github.com/pocketbase/pocketbase/tools/security" + "golang.org/x/oauth2" +) + +type otpResponse struct { + Enabled bool `json:"enabled"` + Duration int64 `json:"duration"` // in seconds +} + +type mfaResponse struct { + Enabled bool `json:"enabled"` + Duration int64 `json:"duration"` // in seconds +} + +type passwordResponse struct { + IdentityFields []string `json:"identityFields"` + Enabled bool `json:"enabled"` +} + +type oauth2Response struct { + Providers []providerInfo `json:"providers"` + Enabled bool `json:"enabled"` +} + +type providerInfo struct { + Name string `json:"name"` + DisplayName string `json:"displayName"` + State string `json:"state"` + AuthURL string `json:"authURL"` + + // @todo + // deprecated: use AuthURL instead + // AuthUrl will be removed after dropping v0.22 support + AuthUrl string `json:"authUrl"` + + // technically could be omitted if the provider doesn't support PKCE, + // but to avoid breaking existing typed clients we'll return them as empty string + CodeVerifier string `json:"codeVerifier"` + CodeChallenge string `json:"codeChallenge"` + CodeChallengeMethod string `json:"codeChallengeMethod"` +} + +type authMethodsResponse struct { + Password passwordResponse `json:"password"` + OAuth2 oauth2Response `json:"oauth2"` + MFA mfaResponse `json:"mfa"` + OTP otpResponse `json:"otp"` + + // legacy fields + // @todo remove after dropping v0.22 support + AuthProviders []providerInfo `json:"authProviders"` + UsernamePassword bool `json:"usernamePassword"` + EmailPassword bool `json:"emailPassword"` +} + +func (amr *authMethodsResponse) fillLegacyFields() { + amr.EmailPassword = amr.Password.Enabled && slices.Contains(amr.Password.IdentityFields, "email") + + amr.UsernamePassword = amr.Password.Enabled && slices.Contains(amr.Password.IdentityFields, "username") + + if amr.OAuth2.Enabled { + amr.AuthProviders = amr.OAuth2.Providers + } +} + +func recordAuthMethods(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + result := authMethodsResponse{ + Password: passwordResponse{ + IdentityFields: make([]string, 0, len(collection.PasswordAuth.IdentityFields)), + }, + OAuth2: oauth2Response{ + Providers: make([]providerInfo, 0, len(collection.OAuth2.Providers)), + }, + OTP: otpResponse{ + Enabled: collection.OTP.Enabled, + }, + MFA: mfaResponse{ + Enabled: collection.MFA.Enabled, + }, + } + + if collection.PasswordAuth.Enabled { + result.Password.Enabled = true + result.Password.IdentityFields = collection.PasswordAuth.IdentityFields + } + + if collection.OTP.Enabled { + result.OTP.Duration = collection.OTP.Duration + } + + if collection.MFA.Enabled { + result.MFA.Duration = collection.MFA.Duration + } + + if !collection.OAuth2.Enabled { + result.fillLegacyFields() + + return e.JSON(http.StatusOK, result) + } + + result.OAuth2.Enabled = true + + for _, config := range collection.OAuth2.Providers { + provider, err := config.InitProvider() + if err != nil { + e.App.Logger().Debug( + "Failed to setup OAuth2 provider", + slog.String("name", config.Name), + slog.String("error", err.Error()), + ) + continue // skip provider + } + + info := providerInfo{ + Name: config.Name, + DisplayName: provider.DisplayName(), + State: security.RandomString(30), + } + + if info.DisplayName == "" { + info.DisplayName = config.Name + } + + urlOpts := []oauth2.AuthCodeOption{} + + // custom providers url options + switch config.Name { + case auth.NameApple: + // see https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms#3332113 + urlOpts = append(urlOpts, oauth2.SetAuthURLParam("response_mode", "form_post")) + } + + if provider.PKCE() { + info.CodeVerifier = security.RandomString(43) + info.CodeChallenge = security.S256Challenge(info.CodeVerifier) + info.CodeChallengeMethod = "S256" + urlOpts = append(urlOpts, + oauth2.SetAuthURLParam("code_challenge", info.CodeChallenge), + oauth2.SetAuthURLParam("code_challenge_method", info.CodeChallengeMethod), + ) + } + + info.AuthURL = provider.BuildAuthURL( + info.State, + urlOpts..., + ) + "&redirect_uri=" // empty redirect_uri so that users can append their redirect url + + info.AuthUrl = info.AuthURL + + result.OAuth2.Providers = append(result.OAuth2.Providers, info) + } + + result.fillLegacyFields() + + return e.JSON(http.StatusOK, result) +} diff --git a/apis/record_auth_methods_test.go b/apis/record_auth_methods_test.go new file mode 100644 index 0000000..ec62468 --- /dev/null +++ b/apis/record_auth_methods_test.go @@ -0,0 +1,106 @@ +package apis_test + +import ( + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordAuthMethodsList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodGet, + URL: "/api/collections/missing/auth-methods", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non auth collection", + Method: http.MethodGet, + URL: "/api/collections/demo1/auth-methods", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth collection with none auth methods allowed", + Method: http.MethodGet, + URL: "/api/collections/nologin/auth-methods", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"password":{"identityFields":[],"enabled":false}`, + `"oauth2":{"providers":[],"enabled":false}`, + `"mfa":{"enabled":false,"duration":0}`, + `"otp":{"enabled":false,"duration":0}`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth collection with all auth methods allowed", + Method: http.MethodGet, + URL: "/api/collections/users/auth-methods", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"password":{"identityFields":["email","username"],"enabled":true}`, + `"mfa":{"enabled":true,"duration":1800}`, + `"otp":{"enabled":true,"duration":300}`, + `"oauth2":{`, + `"providers":[{`, + `"name":"google"`, + `"name":"gitlab"`, + `"state":`, + `"displayName":`, + `"codeVerifier":`, + `"codeChallenge":`, + `"codeChallengeMethod":`, + `"authURL":`, + `redirect_uri="`, // ensures that the redirect_uri is the last url param + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - nologin:listAuthMethods", + Method: http.MethodGet, + URL: "/api/collections/nologin/auth-methods", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:listAuthMethods"}, + {MaxRequests: 0, Label: "nologin:listAuthMethods"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:listAuthMethods", + Method: http.MethodGet, + URL: "/api/collections/nologin/auth-methods", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:listAuthMethods"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_otp_request.go b/apis/record_auth_otp_request.go new file mode 100644 index 0000000..6cc5ff7 --- /dev/null +++ b/apis/record_auth_otp_request.go @@ -0,0 +1,127 @@ +package apis + +import ( + "database/sql" + "errors" + "fmt" + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/pocketbase/pocketbase/tools/security" +) + +func recordRequestOTP(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if !collection.OTP.Enabled { + return e.ForbiddenError("The collection is not configured to allow OTP authentication.", nil) + } + + form := &createOTPForm{} + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + record, err := e.App.FindAuthRecordByEmail(collection, form.Email) + + // ignore not found errors to allow custom record find implementations + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return e.InternalServerError("", err) + } + + event := new(core.RecordCreateOTPRequestEvent) + event.RequestEvent = e + event.Password = security.RandomStringWithAlphabet(collection.OTP.Length, "1234567890") + event.Collection = collection + event.Record = record + + originalApp := e.App + + return e.App.OnRecordRequestOTPRequest().Trigger(event, func(e *core.RecordCreateOTPRequestEvent) error { + if e.Record == nil { + // write a dummy 200 response as a very rudimentary emails enumeration "protection" + e.JSON(http.StatusOK, map[string]string{ + "otpId": core.GenerateDefaultRandomId(), + }) + + return fmt.Errorf("missing or invalid %s OTP auth record with email %s", collection.Name, form.Email) + } + + var otp *core.OTP + + // limit the new OTP creations for a single user + if !e.App.IsDev() { + otps, err := e.App.FindAllOTPsByRecord(e.Record) + if err != nil { + return firstApiError(err, e.InternalServerError("Failed to fetch previous record OTPs.", err)) + } + + totalRecent := 0 + for _, existingOTP := range otps { + if !existingOTP.HasExpired(collection.OTP.DurationTime()) { + totalRecent++ + } + // use the last issued one + if totalRecent > 9 { + otp = otps[0] // otps are DESC sorted + e.App.Logger().Warn( + "Too many OTP requests - reusing the last issued", + "email", form.Email, + "recordId", e.Record.Id, + "otpId", existingOTP.Id, + ) + break + } + } + } + + if otp == nil { + // create new OTP + // --- + otp = core.NewOTP(e.App) + otp.SetCollectionRef(e.Record.Collection().Id) + otp.SetRecordRef(e.Record.Id) + otp.SetPassword(e.Password) + err = e.App.Save(otp) + if err != nil { + return err + } + + // send OTP email + // (in the background as a very basic timing attacks and emails enumeration protection) + // --- + routine.FireAndForget(func() { + err = mails.SendRecordOTP(originalApp, e.Record, otp.Id, e.Password) + if err != nil { + originalApp.Logger().Error("Failed to send OTP email", "error", errors.Join(err, originalApp.Delete(otp))) + } + }) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, map[string]string{"otpId": otp.Id}) + }) + }) +} + +// ------------------------------------------------------------------- + +type createOTPForm struct { + Email string `form:"email" json:"email"` +} + +func (form createOTPForm) validate() error { + return validation.ValidateStruct(&form, + validation.Field(&form.Email, validation.Required, validation.Length(1, 255), is.EmailFormat), + ) +} diff --git a/apis/record_auth_otp_request_test.go b/apis/record_auth_otp_request_test.go new file mode 100644 index 0000000..5a262d7 --- /dev/null +++ b/apis/record_auth_otp_request_test.go @@ -0,0 +1,316 @@ +package apis_test + +import ( + "net/http" + "strconv" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRecordRequestOTP(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth collection with disabled otp", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + usersCol.OTP.Enabled = false + + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty body", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{"email":{"code":"validation_required","message":"Cannot be blank."}}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid body", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid request data", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"invalid"}`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"email":{"code":"validation_is_email`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing auth record", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"missing@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"otpId":"`, // some fake random generated string + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestOTPRequest": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend()) + } + }, + }, + { + Name: "existing auth record (with < 9 non-expired)", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // insert 8 non-expired and 2 expired + for i := 0; i < 10; i++ { + otp := core.NewOTP(app) + otp.Id = "otp_" + strconv.Itoa(i) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if i >= 8 { + expiredDate := types.NowDateTime().AddDate(-3, 0, 0) + otp.SetRaw("created", expiredDate) + otp.SetRaw("updated", expiredDate) + } + if err := app.SaveNoValidate(otp); err != nil { + t.Fatal(err) + } + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"otpId":"`, + }, + NotExpectedContent: []string{ + `"otpId":"otp_`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestOTPRequest": 1, + "OnMailerSend": 1, + "OnMailerRecordOTPSend": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 2, // + 1 for the OTP update after the email send + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 2, + // OTP update + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 1 { + t.Fatalf("Expected 1 email, got %d", app.TestMailer.TotalSend()) + } + + // ensure that sentTo is set + otps, err := app.FindRecordsByFilter(core.CollectionNameOTPs, "sentTo='test@example.com'", "", 0, 0) + if err != nil || len(otps) != 1 { + t.Fatalf("Expected to find 1 OTP with sentTo %q, found %d", "test@example.com", len(otps)) + } + }, + }, + { + Name: "existing auth record with intercepted email (with < 9 non-expired)", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // prevent email sent + app.OnMailerRecordOTPSend("users").BindFunc(func(e *core.MailerRecordEvent) error { + return nil + }) + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"otpId":"`, + }, + NotExpectedContent: []string{ + `"otpId":"otp_`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestOTPRequest": 1, + "OnMailerRecordOTPSend": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected 0 emails, got %d", app.TestMailer.TotalSend()) + } + + // ensure that there is no OTP with user email as sentTo + otps, err := app.FindRecordsByFilter(core.CollectionNameOTPs, "sentTo='test@example.com'", "", 0, 0) + if err != nil || len(otps) != 0 { + t.Fatalf("Expected to find 0 OTPs with sentTo %q, found %d", "test@example.com", len(otps)) + } + }, + }, + { + Name: "existing auth record (with > 9 non-expired)", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // insert 10 non-expired + for i := 0; i < 10; i++ { + otp := core.NewOTP(app) + otp.Id = "otp_" + strconv.Itoa(i) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if err := app.SaveNoValidate(otp); err != nil { + t.Fatal(err) + } + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"otpId":"otp_9"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestOTPRequest": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected 0 sent emails, got %d", app.TestMailer.TotalSend()) + } + }, + }, + { + Name: "OnRecordRequestOTPRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordRequestOTPRequest().BindFunc(func(e *core.RecordCreateOTPRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordRequestOTPRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:requestOTP", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:requestOTP"}, + {MaxRequests: 0, Label: "users:requestOTP"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:requestOTP", + Method: http.MethodPost, + URL: "/api/collections/users/request-otp", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:requestOTP"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_password_reset_confirm.go b/apis/record_auth_password_reset_confirm.go new file mode 100644 index 0000000..2d3e470 --- /dev/null +++ b/apis/record_auth_password_reset_confirm.go @@ -0,0 +1,104 @@ +package apis + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +func recordConfirmPasswordReset(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + form := new(recordConfirmPasswordResetForm) + form.app = e.App + form.collection = collection + if err = e.BindBody(form); err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + authRecord, err := e.App.FindAuthRecordByToken(form.Token, core.TokenTypePasswordReset) + if err != nil { + return firstApiError(err, e.BadRequestError("Invalid or expired password reset token.", err)) + } + + event := new(core.RecordConfirmPasswordResetRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = authRecord + + return e.App.OnRecordConfirmPasswordResetRequest().Trigger(event, func(e *core.RecordConfirmPasswordResetRequestEvent) error { + authRecord.SetPassword(form.Password) + + if !authRecord.Verified() { + payload, err := security.ParseUnverifiedJWT(form.Token) + if err == nil && authRecord.Email() == cast.ToString(payload[core.TokenClaimEmail]) { + // mark as verified if the email hasn't changed + authRecord.SetVerified(true) + } + } + + err = e.App.Save(authRecord) + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to set new password.", err)) + } + + e.App.Store().Remove(getPasswordResetResendKey(authRecord)) + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// ------------------------------------------------------------------- + +type recordConfirmPasswordResetForm struct { + app core.App + collection *core.Collection + + Token string `form:"token" json:"token"` + Password string `form:"password" json:"password"` + PasswordConfirm string `form:"passwordConfirm" json:"passwordConfirm"` +} + +func (form *recordConfirmPasswordResetForm) validate() error { + min := 1 + passField, ok := form.collection.Fields.GetByName(core.FieldNamePassword).(*core.PasswordField) + if ok && passField != nil && passField.Min > 0 { + min = passField.Min + } + + return validation.ValidateStruct(form, + validation.Field(&form.Token, validation.Required, validation.By(form.checkToken)), + validation.Field(&form.Password, validation.Required, validation.Length(min, 255)), // the FieldPassword validator will check further the specicic length constraints + validation.Field(&form.PasswordConfirm, validation.Required, validation.By(validators.Equal(form.Password))), + ) +} + +func (form *recordConfirmPasswordResetForm) checkToken(value any) error { + v, _ := value.(string) + if v == "" { + return nil + } + + record, err := form.app.FindAuthRecordByToken(v, core.TokenTypePasswordReset) + if err != nil || record == nil { + return validation.NewError("validation_invalid_token", "Invalid or expired token.") + } + + if record.Collection().Id != form.collection.Id { + return validation.NewError("validation_token_collection_mismatch", "The provided token is for different auth collection.") + } + + return nil +} diff --git a/apis/record_auth_password_reset_confirm_test.go b/apis/record_auth_password_reset_confirm_test.go new file mode 100644 index 0000000..fff8f2b --- /dev/null +++ b/apis/record_auth_password_reset_confirm_test.go @@ -0,0 +1,360 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordConfirmPasswordReset(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"password":{"code":"validation_required"`, + `"passwordConfirm":{"code":"validation_required"`, + `"token":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid data format", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{"password`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired token and invalid password", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MTY0MDk5MTY2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.5Tm6_6amQqOlX3urAnXlEdmxwG5qQJfiTg6U0hHR1hk", + "password":"1234567", + "passwordConfirm":"7654321" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{"code":"validation_invalid_token"`, + `"password":{"code":"validation_length_out_of_range"`, + `"passwordConfirm":{"code":"validation_values_mismatch"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-password reset token", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.SetHpu2H-x-q4TIUz-xiQjwi7MNwLCLvSs4O0hUSp0E", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{"code":"validation_invalid_token"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/confirm-password-reset?expand=rel,missing", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "different auth collection", + Method: http.MethodPost, + URL: "/api/collections/clients/confirm-password-reset?expand=rel,missing", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{"token":{"code":"validation_token_collection_mismatch"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid token and data (unverified user)", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmPasswordResetRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatalf("Failed to fetch confirm password user: %v", err) + } + + if user.Verified() { + t.Fatal("Expected the user to be unverified") + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindAuthRecordByToken( + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + core.TokenTypePasswordReset, + ) + if err == nil { + t.Fatal("Expected the password reset token to be invalidated") + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatalf("Failed to fetch confirm password user: %v", err) + } + + if !user.Verified() { + t.Fatal("Expected the user to be marked as verified") + } + + if !user.ValidatePassword("1234567!") { + t.Fatal("Password wasn't changed") + } + }, + }, + { + Name: "valid token and data (unverified user with different email from the one in the token)", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmPasswordResetRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatalf("Failed to fetch confirm password user: %v", err) + } + + if user.Verified() { + t.Fatal("Expected the user to be unverified") + } + + oldTokenKey := user.TokenKey() + + // manually change the email to check whether the verified state will be updated + user.SetEmail("test_update@example.com") + if err = app.Save(user); err != nil { + t.Fatalf("Failed to update user test email: %v", err) + } + + // resave with the old token key since the email change above + // would change it and will make the password token invalid + user.SetTokenKey(oldTokenKey) + if err = app.Save(user); err != nil { + t.Fatalf("Failed to restore original user tokenKey: %v", err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindAuthRecordByToken( + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + core.TokenTypePasswordReset, + ) + if err == nil { + t.Fatalf("Expected the password reset token to be invalidated") + } + + user, err := app.FindAuthRecordByEmail("users", "test_update@example.com") + if err != nil { + t.Fatalf("Failed to fetch confirm password user: %v", err) + } + + if user.Verified() { + t.Fatal("Expected the user to remain unverified") + } + + if !user.ValidatePassword("1234567!") { + t.Fatal("Password wasn't changed") + } + }, + }, + { + Name: "valid token and data (verified user)", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmPasswordResetRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatalf("Failed to fetch confirm password user: %v", err) + } + + // ensure that the user is already verified + user.SetVerified(true) + if err := app.Save(user); err != nil { + t.Fatalf("Failed to update user verified state") + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + _, err := app.FindAuthRecordByToken( + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + core.TokenTypePasswordReset, + ) + if err == nil { + t.Fatal("Expected the password reset token to be invalidated") + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatalf("Failed to fetch confirm password user: %v", err) + } + + if !user.Verified() { + t.Fatal("Expected the user to remain verified") + } + + if !user.ValidatePassword("1234567!") { + t.Fatal("Password wasn't changed") + } + }, + }, + { + Name: "OnRecordConfirmPasswordResetRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordConfirmPasswordResetRequest().BindFunc(func(e *core.RecordConfirmPasswordResetRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordConfirmPasswordResetRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:confirmPasswordReset", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:confirmPasswordReset"}, + {MaxRequests: 0, Label: "users:confirmPasswordReset"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:confirmPasswordReset", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-password-reset", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY", + "password":"1234567!", + "passwordConfirm":"1234567!" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:confirmPasswordReset"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_password_reset_request.go b/apis/record_auth_password_reset_request.go new file mode 100644 index 0000000..16d7b84 --- /dev/null +++ b/apis/record_auth_password_reset_request.go @@ -0,0 +1,88 @@ +package apis + +import ( + "errors" + "fmt" + "net/http" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails" + "github.com/pocketbase/pocketbase/tools/routine" +) + +func recordRequestPasswordReset(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if !collection.PasswordAuth.Enabled { + return e.BadRequestError("The collection is not configured to allow password authentication.", nil) + } + + form := new(recordRequestPasswordResetForm) + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + record, err := e.App.FindAuthRecordByEmail(collection, form.Email) + if err != nil { + // eagerly write 204 response as a very basic measure against emails enumeration + e.NoContent(http.StatusNoContent) + return fmt.Errorf("failed to fetch %s record with email %s: %w", collection.Name, form.Email, err) + } + + resendKey := getPasswordResetResendKey(record) + if e.App.Store().Has(resendKey) { + // eagerly write 204 response as a very basic measure against emails enumeration + e.NoContent(http.StatusNoContent) + return errors.New("try again later - you've already requested a password reset email") + } + + event := new(core.RecordRequestPasswordResetRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + return e.App.OnRecordRequestPasswordResetRequest().Trigger(event, func(e *core.RecordRequestPasswordResetRequestEvent) error { + // run in background because we don't need to show the result to the client + app := e.App + routine.FireAndForget(func() { + if err := mails.SendRecordPasswordReset(app, e.Record); err != nil { + app.Logger().Error("Failed to send password reset email", "error", err) + return + } + + app.Store().Set(resendKey, struct{}{}) + time.AfterFunc(2*time.Minute, func() { + app.Store().Remove(resendKey) + }) + }) + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// ------------------------------------------------------------------- + +type recordRequestPasswordResetForm struct { + Email string `form:"email" json:"email"` +} + +func (form *recordRequestPasswordResetForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Email, validation.Required, validation.Length(1, 255), is.EmailFormat), + ) +} + +func getPasswordResetResendKey(record *core.Record) string { + return "@limitPasswordResetEmail_" + record.Collection().Id + record.Id +} diff --git a/apis/record_auth_password_reset_request_test.go b/apis/record_auth_password_reset_request_test.go new file mode 100644 index 0000000..0b4a348 --- /dev/null +++ b/apis/record_auth_password_reset_request_test.go @@ -0,0 +1,169 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordRequestPasswordReset(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/request-password-reset", + Body: strings.NewReader(``), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{"email":{"code":"validation_required","message":"Cannot be blank."}}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid data", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "existing auth record in a collection with disabled password login", + Method: http.MethodPost, + URL: "/api/collections/nologin/request-password-reset", + Body: strings.NewReader(`{"email":"test@example.com"}`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing auth record", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email":"missing@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend()) + } + }, + }, + { + Name: "existing auth record", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestPasswordResetRequest": 1, + "OnMailerSend": 1, + "OnMailerRecordPasswordResetSend": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if !strings.Contains(app.TestMailer.LastMessage().HTML, "/auth/confirm-password-reset") { + t.Fatalf("Expected password reset email, got\n%v", app.TestMailer.LastMessage().HTML) + } + }, + }, + { + Name: "existing auth record (after already sent)", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // simulate recent verification sent + authRecord, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + resendKey := "@limitPasswordResetEmail_" + authRecord.Collection().Id + authRecord.Id + app.Store().Set(resendKey, struct{}{}) + }, + }, + { + Name: "OnRecordRequestPasswordResetRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordRequestPasswordResetRequest().BindFunc(func(e *core.RecordRequestPasswordResetRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordRequestPasswordResetRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:requestPasswordReset", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email":"missing@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:requestPasswordReset"}, + {MaxRequests: 0, Label: "users:requestPasswordReset"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:requestPasswordReset", + Method: http.MethodPost, + URL: "/api/collections/users/request-password-reset", + Body: strings.NewReader(`{"email":"missing@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:requestPasswordReset"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_refresh.go b/apis/record_auth_refresh.go new file mode 100644 index 0000000..63230a8 --- /dev/null +++ b/apis/record_auth_refresh.go @@ -0,0 +1,29 @@ +package apis + +import ( + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +func recordAuthRefresh(e *core.RequestEvent) error { + record := e.Auth + if record == nil { + return e.NotFoundError("Missing auth record context.", nil) + } + + currentToken := getAuthTokenFromRequest(e) + claims, _ := security.ParseUnverifiedJWT(currentToken) + if v, ok := claims[core.TokenClaimRefreshable]; !ok || !cast.ToBool(v) { + return e.ForbiddenError("The current auth token is not refreshable.", nil) + } + + event := new(core.RecordAuthRefreshRequestEvent) + event.RequestEvent = e + event.Collection = record.Collection() + event.Record = record + + return e.App.OnRecordAuthRefreshRequest().Trigger(event, func(e *core.RecordAuthRefreshRequestEvent) error { + return RecordAuthResponse(e.RequestEvent, e.Record, "", nil) + }) +} diff --git a/apis/record_auth_refresh_test.go b/apis/record_auth_refresh_test.go new file mode 100644 index 0000000..d8e4b83 --- /dev/null +++ b/apis/record_auth_refresh_test.go @@ -0,0 +1,202 @@ +package apis_test + +import ( + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordAuthRefresh(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superuser trying to refresh the auth of another auth collection", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record + not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record + different auth collection", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-refresh?expand=rel,missing", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record + same auth collection as the token", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh?expand=rel,missing", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":`, + `"record":`, + `"id":"4q1xlclmfloku33"`, + `"emailVisibility":false`, + `"email":"test@example.com"`, // the owner can always view their email address + `"expand":`, + `"rel":`, + `"id":"llvuca81nly1qls"`, + }, + NotExpectedContent: []string{ + `"missing":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthRefreshRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 2, + }, + }, + { + Name: "auth record + same auth collection as the token but static/unrefreshable", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6ZmFsc2V9.4IsO6YMsR19crhwl_YWzvRH8pfq2Ri4Gv2dzGyneLak", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "unverified auth record in onlyVerified collection", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6Im8xeTBkZDBzcGQ3ODZtZCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.Zi0yXE-CNmnbTdVaQEzYZVuECqRdn3LgEM6pmB3XWBE", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthRefreshRequest": 1, + }, + }, + { + Name: "verified auth record in onlyVerified collection", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":`, + `"record":`, + `"id":"gk390qegs4y47wn"`, + `"verified":true`, + `"email":"test@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthRefreshRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "OnRecordAuthRefreshRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordAuthRefreshRequest().BindFunc(func(e *core.RecordAuthRefreshRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordAuthRefreshRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:authRefresh", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authRefresh"}, + {MaxRequests: 0, Label: "users:authRefresh"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:authRefresh", + Method: http.MethodPost, + URL: "/api/collections/users/auth-refresh", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:authRefresh"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_verification_confirm.go b/apis/record_auth_verification_confirm.go new file mode 100644 index 0000000..dcf86fb --- /dev/null +++ b/apis/record_auth_verification_confirm.go @@ -0,0 +1,102 @@ +package apis + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +func recordConfirmVerification(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if collection.Name == core.CollectionNameSuperusers { + return e.BadRequestError("All superusers are verified by default.", nil) + } + + form := new(recordConfirmVerificationForm) + form.app = e.App + form.collection = collection + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + record, err := form.app.FindAuthRecordByToken(form.Token, core.TokenTypeVerification) + if err != nil { + return e.BadRequestError("Invalid or expired verification token.", err) + } + + wasVerified := record.Verified() + + event := new(core.RecordConfirmVerificationRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + return e.App.OnRecordConfirmVerificationRequest().Trigger(event, func(e *core.RecordConfirmVerificationRequestEvent) error { + if !wasVerified { + e.Record.SetVerified(true) + + if err := e.App.Save(e.Record); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while saving the verified state.", err)) + } + } + + e.App.Store().Remove(getVerificationResendKey(e.Record)) + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// ------------------------------------------------------------------- + +type recordConfirmVerificationForm struct { + app core.App + collection *core.Collection + + Token string `form:"token" json:"token"` +} + +func (form *recordConfirmVerificationForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Token, validation.Required, validation.By(form.checkToken)), + ) +} + +func (form *recordConfirmVerificationForm) checkToken(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + claims, _ := security.ParseUnverifiedJWT(v) + email := cast.ToString(claims["email"]) + if email == "" { + return validation.NewError("validation_invalid_token_claims", "Missing email token claim.") + } + + record, err := form.app.FindAuthRecordByToken(v, core.TokenTypeVerification) + if err != nil || record == nil { + return validation.NewError("validation_invalid_token", "Invalid or expired token.") + } + + if record.Collection().Id != form.collection.Id { + return validation.NewError("validation_token_collection_mismatch", "The provided token is for different auth collection.") + } + + if record.Email() != email { + return validation.NewError("validation_token_email_mismatch", "The record email doesn't match with the requested token claims.") + } + + return nil +} diff --git a/apis/record_auth_verification_confirm_test.go b/apis/record_auth_verification_confirm_test.go new file mode 100644 index 0000000..ef48c7c --- /dev/null +++ b/apis/record_auth_verification_confirm_test.go @@ -0,0 +1,216 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordConfirmVerification(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid data format", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(`{"password`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired token", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MTY0MDk5MTY2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.qqelNNL2Udl6K_TJ282sNHYCpASgA6SIuSVKGfBHMZU" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{"code":"validation_invalid_token"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-verification token", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InBhc3N3b3JkUmVzZXQiLCJjb2xsZWN0aW9uSWQiOiJfcGJfdXNlcnNfYXV0aF8iLCJlbWFpbCI6InRlc3RAZXhhbXBsZS5jb20ifQ.xR-xq1oHDy0D8Q4NDOAEyYKGHWd_swzoiSoL8FLFBHY" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"token":{"code":"validation_invalid_token"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/confirm-verification?expand=rel,missing", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.SetHpu2H-x-q4TIUz-xiQjwi7MNwLCLvSs4O0hUSp0E" + }`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "different auth collection", + Method: http.MethodPost, + URL: "/api/collections/clients/confirm-verification?expand=rel,missing", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.SetHpu2H-x-q4TIUz-xiQjwi7MNwLCLvSs4O0hUSp0E" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{"token":{"code":"validation_token_collection_mismatch"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid token", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.SetHpu2H-x-q4TIUz-xiQjwi7MNwLCLvSs4O0hUSp0E" + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmVerificationRequest": 1, + "OnModelUpdate": 1, + "OnModelValidate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordValidate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + }, + }, + { + Name: "valid token (already verified)", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Im9hcDY0MGNvdDR5cnUycyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdDJAZXhhbXBsZS5jb20ifQ.QQmM3odNFVk6u4J4-5H8IBM3dfk9YCD7mPW-8PhBAI8" + }`), + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmVerificationRequest": 1, + }, + }, + { + Name: "valid verification token from a collection without allowed login", + Method: http.MethodPost, + URL: "/api/collections/nologin/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRjNDlrNmpnZWpuNDBoMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6ImtwdjcwOXNrMmxxYnFrOCIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.5GmuZr4vmwk3Cb_3ZZWNxwbE75KZC-j71xxIPR9AsVw" + }`), + ExpectedStatus: 204, + ExpectedContent: []string{}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordConfirmVerificationRequest": 1, + "OnModelUpdate": 1, + "OnModelValidate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordValidate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + }, + }, + { + Name: "OnRecordConfirmVerificationRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6Il9wYl91c2Vyc19hdXRoXyIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.SetHpu2H-x-q4TIUz-xiQjwi7MNwLCLvSs4O0hUSp0E" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordConfirmVerificationRequest().BindFunc(func(e *core.RecordConfirmVerificationRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordConfirmVerificationRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - nologin:confirmVerification", + Method: http.MethodPost, + URL: "/api/collections/nologin/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRjNDlrNmpnZWpuNDBoMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6ImtwdjcwOXNrMmxxYnFrOCIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.5GmuZr4vmwk3Cb_3ZZWNxwbE75KZC-j71xxIPR9AsVw" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:confirmVerification"}, + {MaxRequests: 0, Label: "nologin:confirmVerification"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:confirmVerification", + Method: http.MethodPost, + URL: "/api/collections/nologin/confirm-verification", + Body: strings.NewReader(`{ + "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRjNDlrNmpnZWpuNDBoMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6ImtwdjcwOXNrMmxxYnFrOCIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.5GmuZr4vmwk3Cb_3ZZWNxwbE75KZC-j71xxIPR9AsVw" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:confirmVerification"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_verification_request.go b/apis/record_auth_verification_request.go new file mode 100644 index 0000000..dbabe2d --- /dev/null +++ b/apis/record_auth_verification_request.go @@ -0,0 +1,91 @@ +package apis + +import ( + "errors" + "fmt" + "net/http" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails" + "github.com/pocketbase/pocketbase/tools/routine" +) + +func recordRequestVerification(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if collection.Name == core.CollectionNameSuperusers { + return e.BadRequestError("All superusers are verified by default.", nil) + } + + form := new(recordRequestVerificationForm) + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + record, err := e.App.FindAuthRecordByEmail(collection, form.Email) + if err != nil { + // eagerly write 204 response as a very basic measure against emails enumeration + e.NoContent(http.StatusNoContent) + return fmt.Errorf("failed to fetch %s record with email %s: %w", collection.Name, form.Email, err) + } + + resendKey := getVerificationResendKey(record) + if !record.Verified() && e.App.Store().Has(resendKey) { + // eagerly write 204 response as a very basic measure against emails enumeration + e.NoContent(http.StatusNoContent) + return errors.New("try again later - you've already requested a verification email") + } + + event := new(core.RecordRequestVerificationRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + return e.App.OnRecordRequestVerificationRequest().Trigger(event, func(e *core.RecordRequestVerificationRequestEvent) error { + if e.Record.Verified() { + return e.NoContent(http.StatusNoContent) + } + + // run in background because we don't need to show the result to the client + app := e.App + routine.FireAndForget(func() { + if err := mails.SendRecordVerification(app, e.Record); err != nil { + app.Logger().Error("Failed to send verification email", "error", err) + } + + app.Store().Set(resendKey, struct{}{}) + time.AfterFunc(2*time.Minute, func() { + app.Store().Remove(resendKey) + }) + }) + + return execAfterSuccessTx(true, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + }) +} + +// ------------------------------------------------------------------- + +type recordRequestVerificationForm struct { + Email string `form:"email" json:"email"` +} + +func (form *recordRequestVerificationForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Email, validation.Required, validation.Length(1, 255), is.EmailFormat), + ) +} + +func getVerificationResendKey(record *core.Record) string { + return "@limitVerificationEmail_" + record.Collection().Id + record.Id +} diff --git a/apis/record_auth_verification_request_test.go b/apis/record_auth_verification_request_test.go new file mode 100644 index 0000000..edbc7ca --- /dev/null +++ b/apis/record_auth_verification_request_test.go @@ -0,0 +1,186 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordRequestVerification(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/request-verification", + Body: strings.NewReader(``), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty data", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{"email":{"code":"validation_required","message":"Cannot be blank."}}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid data", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing auth record", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"missing@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend()) + } + }, + }, + { + Name: "already verified auth record", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"test2@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestVerificationRequest": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend()) + } + }, + }, + { + Name: "existing auth record", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordRequestVerificationRequest": 1, + "OnMailerSend": 1, + "OnMailerRecordVerificationSend": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if !strings.Contains(app.TestMailer.LastMessage().HTML, "/auth/confirm-verification") { + t.Fatalf("Expected verification email, got\n%v", app.TestMailer.LastMessage().HTML) + } + }, + }, + { + Name: "existing auth record (after already sent)", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"test@example.com"}`), + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + // terminated before firing the event + // "OnRecordRequestVerificationRequest": 1, + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // simulate recent verification sent + authRecord, err := app.FindFirstRecordByData("users", "email", "test@example.com") + if err != nil { + t.Fatal(err) + } + resendKey := "@limitVerificationEmail_" + authRecord.Collection().Id + authRecord.Id + app.Store().Set(resendKey, struct{}{}) + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected zero emails, got %d", app.TestMailer.TotalSend()) + } + }, + }, + { + Name: "OnRecordRequestVerificationRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordRequestVerificationRequest().BindFunc(func(e *core.RecordRequestVerificationRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordRequestVerificationRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:requestVerification", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:requestVerification"}, + {MaxRequests: 0, Label: "users:requestVerification"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:requestVerification", + Method: http.MethodPost, + URL: "/api/collections/users/request-verification", + Body: strings.NewReader(`{"email":"test@example.com"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:requestVerification"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_with_oauth2.go b/apis/record_auth_with_oauth2.go new file mode 100644 index 0000000..cdab3bc --- /dev/null +++ b/apis/record_auth_with_oauth2.go @@ -0,0 +1,374 @@ +package apis + +import ( + "context" + "database/sql" + "encoding/json" + "errors" + "fmt" + "log/slog" + "maps" + "net/http" + "strings" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/filesystem" + "golang.org/x/oauth2" +) + +func recordAuthWithOAuth2(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if !collection.OAuth2.Enabled { + return e.ForbiddenError("The collection is not configured to allow OAuth2 authentication.", nil) + } + + var fallbackAuthRecord *core.Record + if e.Auth != nil && e.Auth.Collection().Id == collection.Id { + fallbackAuthRecord = e.Auth + } + + e.Set(core.RequestEventKeyInfoContext, core.RequestInfoContextOAuth2) + + form := new(recordOAuth2LoginForm) + form.collection = collection + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + + if form.RedirectUrl != "" && form.RedirectURL == "" { + e.App.Logger().Warn("[recordAuthWithOAuth2] redirectUrl body param is deprecated and will be removed in the future. Please replace it with redirectURL.") + form.RedirectURL = form.RedirectUrl + } + + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + + // exchange token for OAuth2 user info and locate existing ExternalAuth rel + // --------------------------------------------------------------- + + // load provider configuration + providerConfig, ok := collection.OAuth2.GetProviderConfig(form.Provider) + if !ok { + return e.InternalServerError("Missing or invalid provider config.", nil) + } + + provider, err := providerConfig.InitProvider() + if err != nil { + return firstApiError(err, e.InternalServerError("Failed to init provider "+form.Provider, err)) + } + + ctx, cancel := context.WithTimeout(e.Request.Context(), 30*time.Second) + defer cancel() + + provider.SetContext(ctx) + provider.SetRedirectURL(form.RedirectURL) + + var opts []oauth2.AuthCodeOption + + if provider.PKCE() { + opts = append(opts, oauth2.SetAuthURLParam("code_verifier", form.CodeVerifier)) + } + + // fetch token + token, err := provider.FetchToken(form.Code, opts...) + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to fetch OAuth2 token.", err)) + } + + // fetch external auth user + authUser, err := provider.FetchAuthUser(token) + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to fetch OAuth2 user.", err)) + } + + var authRecord *core.Record + + // check for existing relation with the auth collection + externalAuthRel, err := e.App.FindFirstExternalAuthByExpr(dbx.HashExp{ + "collectionRef": form.collection.Id, + "provider": form.Provider, + "providerId": authUser.Id, + }) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return e.InternalServerError("Failed OAuth2 relation check.", err) + } + + switch { + case err == nil && externalAuthRel != nil: + authRecord, err = e.App.FindRecordById(form.collection, externalAuthRel.RecordRef()) + if err != nil { + return err + } + case fallbackAuthRecord != nil && fallbackAuthRecord.Collection().Id == form.collection.Id: + // fallback to the logged auth record (if any) + authRecord = fallbackAuthRecord + case authUser.Email != "": + // look for an existing auth record by the external auth record's email + authRecord, err = e.App.FindAuthRecordByEmail(form.collection.Id, authUser.Email) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return e.InternalServerError("Failed OAuth2 auth record check.", err) + } + } + + // --------------------------------------------------------------- + + event := new(core.RecordAuthWithOAuth2RequestEvent) + event.RequestEvent = e + event.Collection = collection + event.ProviderName = form.Provider + event.ProviderClient = provider + event.OAuth2User = authUser + event.CreateData = form.CreateData + event.Record = authRecord + event.IsNewRecord = authRecord == nil + + return e.App.OnRecordAuthWithOAuth2Request().Trigger(event, func(e *core.RecordAuthWithOAuth2RequestEvent) error { + if err := oauth2Submit(e, externalAuthRel); err != nil { + return firstApiError(err, e.BadRequestError("Failed to authenticate.", err)) + } + + // @todo revert back to struct after removing the custom auth.AuthUser marshalization + meta := map[string]any{} + rawOAuth2User, err := json.Marshal(e.OAuth2User) + if err != nil { + return err + } + err = json.Unmarshal(rawOAuth2User, &meta) + if err != nil { + return err + } + meta["isNew"] = e.IsNewRecord + + return RecordAuthResponse(e.RequestEvent, e.Record, core.MFAMethodOAuth2, meta) + }) +} + +// ------------------------------------------------------------------- + +type recordOAuth2LoginForm struct { + collection *core.Collection + + // Additional data that will be used for creating a new auth record + // if an existing OAuth2 account doesn't exist. + CreateData map[string]any `form:"createData" json:"createData"` + + // The name of the OAuth2 client provider (eg. "google") + Provider string `form:"provider" json:"provider"` + + // The authorization code returned from the initial request. + Code string `form:"code" json:"code"` + + // The optional PKCE code verifier as part of the code_challenge sent with the initial request. + CodeVerifier string `form:"codeVerifier" json:"codeVerifier"` + + // The redirect url sent with the initial request. + RedirectURL string `form:"redirectURL" json:"redirectURL"` + + // @todo + // deprecated: use RedirectURL instead + // RedirectUrl will be removed after dropping v0.22 support + RedirectUrl string `form:"redirectUrl" json:"redirectUrl"` +} + +func (form *recordOAuth2LoginForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.Provider, validation.Required, validation.Length(0, 100), validation.By(form.checkProviderName)), + validation.Field(&form.Code, validation.Required), + validation.Field(&form.RedirectURL, validation.Required), + ) +} + +func (form *recordOAuth2LoginForm) checkProviderName(value any) error { + name, _ := value.(string) + + _, ok := form.collection.OAuth2.GetProviderConfig(name) + if !ok { + return validation.NewError("validation_invalid_provider", "Provider with name {{.name}} is missing or is not enabled."). + SetParams(map[string]any{"name": name}) + } + + return nil +} + +func oldCanAssignUsername(txApp core.App, collection *core.Collection, username string) bool { + // ensure that username is unique + index, hasUniqueue := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, collection.OAuth2.MappedFields.Username) + if hasUniqueue { + var expr dbx.Expression + if strings.EqualFold(index.Columns[0].Collate, "nocase") { + // case-insensitive search + expr = dbx.NewExp("username = {:username} COLLATE NOCASE", dbx.Params{"username": username}) + } else { + expr = dbx.HashExp{"username": username} + } + + var exists int + _ = txApp.RecordQuery(collection).Select("(1)").AndWhere(expr).Limit(1).Row(&exists) + if exists > 0 { + return false + } + } + + // ensure that the value matches the pattern of the username field (if text) + txtField, _ := collection.Fields.GetByName(collection.OAuth2.MappedFields.Username).(*core.TextField) + + return txtField != nil && txtField.ValidatePlainValue(username) == nil +} + +func oauth2Submit(e *core.RecordAuthWithOAuth2RequestEvent, optExternalAuth *core.ExternalAuth) error { + return e.App.RunInTransaction(func(txApp core.App) error { + if e.Record == nil { + // extra check to prevent creating a superuser record via + // OAuth2 in case the method is used by another action + if e.Collection.Name == core.CollectionNameSuperusers { + return errors.New("superusers are not allowed to sign-up with OAuth2") + } + + payload := maps.Clone(e.CreateData) + if payload == nil { + payload = map[string]any{} + } + + // assign the OAuth2 user email only if the user hasn't submitted one + // (ignore empty/invalid values for consistency with the OAuth2->existing user update flow) + if v, _ := payload[core.FieldNameEmail].(string); v == "" { + payload[core.FieldNameEmail] = e.OAuth2User.Email + } + + // map known fields (unless the field was explicitly submitted as part of CreateData) + if _, ok := payload[e.Collection.OAuth2.MappedFields.Id]; !ok && e.Collection.OAuth2.MappedFields.Id != "" { + payload[e.Collection.OAuth2.MappedFields.Id] = e.OAuth2User.Id + } + if _, ok := payload[e.Collection.OAuth2.MappedFields.Name]; !ok && e.Collection.OAuth2.MappedFields.Name != "" { + payload[e.Collection.OAuth2.MappedFields.Name] = e.OAuth2User.Name + } + if _, ok := payload[e.Collection.OAuth2.MappedFields.Username]; !ok && + // no explicit username payload value and existing OAuth2 mapping + e.Collection.OAuth2.MappedFields.Username != "" && + // extra checks for backward compatibility with earlier versions + oldCanAssignUsername(txApp, e.Collection, e.OAuth2User.Username) { + payload[e.Collection.OAuth2.MappedFields.Username] = e.OAuth2User.Username + } + if _, ok := payload[e.Collection.OAuth2.MappedFields.AvatarURL]; !ok && + // no explicit avatar payload value and existing OAuth2 mapping + e.Collection.OAuth2.MappedFields.AvatarURL != "" && + // non-empty OAuth2 avatar url + e.OAuth2User.AvatarURL != "" { + mappedField := e.Collection.Fields.GetByName(e.Collection.OAuth2.MappedFields.AvatarURL) + if mappedField != nil && mappedField.Type() == core.FieldTypeFile { + // download the avatar if the mapped field is a file + avatarFile, err := func() (*filesystem.File, error) { + ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) + defer cancel() + return filesystem.NewFileFromURL(ctx, e.OAuth2User.AvatarURL) + }() + if err != nil { + txApp.Logger().Warn("Failed to retrieve OAuth2 avatar", slog.String("error", err.Error())) + } else { + payload[e.Collection.OAuth2.MappedFields.AvatarURL] = avatarFile + } + } else { + // otherwise - assign the url string + payload[e.Collection.OAuth2.MappedFields.AvatarURL] = e.OAuth2User.AvatarURL + } + } + + createdRecord, err := sendOAuth2RecordCreateRequest(txApp, e, payload) + if err != nil { + return err + } + + e.Record = createdRecord + + if e.Record.Email() == e.OAuth2User.Email && !e.Record.Verified() { + // mark as verified as long as it matches the OAuth2 data (even if the email is empty) + e.Record.SetVerified(true) + if err := txApp.Save(e.Record); err != nil { + return err + } + } + } else { + var needUpdate bool + + isLoggedAuthRecord := e.Auth != nil && + e.Auth.Id == e.Record.Id && + e.Auth.Collection().Id == e.Record.Collection().Id + + // set random password for users with unverified email + // (this is in case a malicious actor has registered previously with the user email) + if !isLoggedAuthRecord && e.Record.Email() != "" && !e.Record.Verified() { + e.Record.SetRandomPassword() + needUpdate = true + } + + // update the existing auth record empty email if the data.OAuth2User has one + // (this is in case previously the auth record was created + // with an OAuth2 provider that didn't return an email address) + if e.Record.Email() == "" && e.OAuth2User.Email != "" { + e.Record.SetEmail(e.OAuth2User.Email) + needUpdate = true + } + + // update the existing auth record verified state + // (only if the auth record doesn't have an email or the auth record email match with the one in data.OAuth2User) + if !e.Record.Verified() && (e.Record.Email() == "" || e.Record.Email() == e.OAuth2User.Email) { + e.Record.SetVerified(true) + needUpdate = true + } + + if needUpdate { + if err := txApp.Save(e.Record); err != nil { + return err + } + } + } + + // create ExternalAuth relation if missing + if optExternalAuth == nil { + optExternalAuth = core.NewExternalAuth(txApp) + optExternalAuth.SetCollectionRef(e.Record.Collection().Id) + optExternalAuth.SetRecordRef(e.Record.Id) + optExternalAuth.SetProvider(e.ProviderName) + optExternalAuth.SetProviderId(e.OAuth2User.Id) + + if err := txApp.Save(optExternalAuth); err != nil { + return fmt.Errorf("failed to save linked rel: %w", err) + } + } + + return nil + }) +} + +func sendOAuth2RecordCreateRequest(txApp core.App, e *core.RecordAuthWithOAuth2RequestEvent, payload map[string]any) (*core.Record, error) { + ir := &core.InternalRequest{ + Method: http.MethodPost, + URL: "/api/collections/" + e.Collection.Name + "/records", + Body: payload, + } + + var createdRecord *core.Record + response, err := processInternalRequest(txApp, e.RequestEvent, ir, core.RequestInfoContextOAuth2, func(data any) error { + createdRecord, _ = data.(*core.Record) + + return nil + }) + if err != nil { + return nil, err + } + + if response.Status != http.StatusOK || createdRecord == nil { + return nil, errors.New("failed to create OAuth2 auth record") + } + + return createdRecord, nil +} diff --git a/apis/record_auth_with_oauth2_redirect.go b/apis/record_auth_with_oauth2_redirect.go new file mode 100644 index 0000000..f5bde65 --- /dev/null +++ b/apis/record_auth_with_oauth2_redirect.go @@ -0,0 +1,74 @@ +package apis + +import ( + "encoding/json" + "net/http" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/subscriptions" +) + +const ( + oauth2SubscriptionTopic string = "@oauth2" + oauth2RedirectFailurePath string = "../_/#/auth/oauth2-redirect-failure" + oauth2RedirectSuccessPath string = "../_/#/auth/oauth2-redirect-success" +) + +type oauth2RedirectData struct { + State string `form:"state" json:"state"` + Code string `form:"code" json:"code"` + Error string `form:"error" json:"error,omitempty"` +} + +func oauth2SubscriptionRedirect(e *core.RequestEvent) error { + redirectStatusCode := http.StatusTemporaryRedirect + if e.Request.Method != http.MethodGet { + redirectStatusCode = http.StatusSeeOther + } + + data := oauth2RedirectData{} + + if e.Request.Method == http.MethodPost { + if err := e.BindBody(&data); err != nil { + e.App.Logger().Debug("Failed to read OAuth2 redirect data", "error", err) + return e.Redirect(redirectStatusCode, oauth2RedirectFailurePath) + } + } else { + query := e.Request.URL.Query() + data.State = query.Get("state") + data.Code = query.Get("code") + data.Error = query.Get("error") + } + + if data.State == "" { + e.App.Logger().Debug("Missing OAuth2 state parameter") + return e.Redirect(redirectStatusCode, oauth2RedirectFailurePath) + } + + client, err := e.App.SubscriptionsBroker().ClientById(data.State) + if err != nil || client.IsDiscarded() || !client.HasSubscription(oauth2SubscriptionTopic) { + e.App.Logger().Debug("Missing or invalid OAuth2 subscription client", "error", err, "clientId", data.State) + return e.Redirect(redirectStatusCode, oauth2RedirectFailurePath) + } + defer client.Unsubscribe(oauth2SubscriptionTopic) + + encodedData, err := json.Marshal(data) + if err != nil { + e.App.Logger().Debug("Failed to marshalize OAuth2 redirect data", "error", err) + return e.Redirect(redirectStatusCode, oauth2RedirectFailurePath) + } + + msg := subscriptions.Message{ + Name: oauth2SubscriptionTopic, + Data: encodedData, + } + + client.Send(msg) + + if data.Error != "" || data.Code == "" { + e.App.Logger().Debug("Failed OAuth2 redirect due to an error or missing code parameter", "error", data.Error, "clientId", data.State) + return e.Redirect(redirectStatusCode, oauth2RedirectFailurePath) + } + + return e.Redirect(redirectStatusCode, oauth2RedirectSuccessPath) +} diff --git a/apis/record_auth_with_oauth2_redirect_test.go b/apis/record_auth_with_oauth2_redirect_test.go new file mode 100644 index 0000000..f8cb06c --- /dev/null +++ b/apis/record_auth_with_oauth2_redirect_test.go @@ -0,0 +1,274 @@ +package apis_test + +import ( + "context" + "net/http" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/subscriptions" +) + +func TestRecordAuthWithOAuth2Redirect(t *testing.T) { + t.Parallel() + + clientStubs := make([]map[string]subscriptions.Client, 0, 10) + + for i := 0; i < 10; i++ { + c1 := subscriptions.NewDefaultClient() + + c2 := subscriptions.NewDefaultClient() + c2.Subscribe("@oauth2") + + c3 := subscriptions.NewDefaultClient() + c3.Subscribe("test1", "@oauth2") + + c4 := subscriptions.NewDefaultClient() + c4.Subscribe("test1", "test2") + + c5 := subscriptions.NewDefaultClient() + c5.Subscribe("@oauth2") + c5.Discard() + + clientStubs = append(clientStubs, map[string]subscriptions.Client{ + "c1": c1, + "c2": c2, + "c3": c3, + "c4": c4, + "c5": c5, + }) + } + + checkFailureRedirect := func(t testing.TB, app *tests.TestApp, res *http.Response) { + loc := res.Header.Get("Location") + if !strings.Contains(loc, "/oauth2-redirect-failure") { + t.Fatalf("Expected failure redirect, got %q", loc) + } + } + + checkSuccessRedirect := func(t testing.TB, app *tests.TestApp, res *http.Response) { + loc := res.Header.Get("Location") + if !strings.Contains(loc, "/oauth2-redirect-success") { + t.Fatalf("Expected success redirect, got %q", loc) + } + } + + // note: don't exit because it is usually called as part of a separate goroutine + checkClientMessages := func(t testing.TB, clientId string, msg subscriptions.Message, expectedMessages map[string][]string) { + if len(expectedMessages[clientId]) == 0 { + t.Errorf("Unexpected client %q message, got %q:\n%q", clientId, msg.Name, msg.Data) + return + } + + if msg.Name != "@oauth2" { + t.Errorf("Expected @oauth2 msg.Name, got %q", msg.Name) + return + } + + for _, txt := range expectedMessages[clientId] { + if !strings.Contains(string(msg.Data), txt) { + t.Errorf("Failed to find %q in \n%s", txt, msg.Data) + return + } + } + } + + beforeTestFunc := func( + clients map[string]subscriptions.Client, + expectedMessages map[string][]string, + ) func(testing.TB, *tests.TestApp, *core.ServeEvent) { + return func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + for _, client := range clients { + app.SubscriptionsBroker().Register(client) + } + + ctx, cancelFunc := context.WithTimeout(context.Background(), 100*time.Millisecond) + + // add to the app store so that it can be cancelled manually after test completion + app.Store().Set("cancelFunc", cancelFunc) + + go func() { + defer cancelFunc() + + for { + select { + case msg, ok := <-clients["c1"].Channel(): + if ok { + checkClientMessages(t, "c1", msg, expectedMessages) + } else { + t.Errorf("Unexpected c1 closed channel") + } + case msg, ok := <-clients["c2"].Channel(): + if ok { + checkClientMessages(t, "c2", msg, expectedMessages) + } else { + t.Errorf("Unexpected c2 closed channel") + } + case msg, ok := <-clients["c3"].Channel(): + if ok { + checkClientMessages(t, "c3", msg, expectedMessages) + } else { + t.Errorf("Unexpected c3 closed channel") + } + case msg, ok := <-clients["c4"].Channel(): + if ok { + checkClientMessages(t, "c4", msg, expectedMessages) + } else { + t.Errorf("Unexpected c4 closed channel") + } + case _, ok := <-clients["c5"].Channel(): + if ok { + t.Errorf("Expected c5 channel to be closed") + } + case <-ctx.Done(): + for _, c := range clients { + c.Discard() + } + return + } + } + }() + } + } + + scenarios := []tests.ApiScenario{ + { + Name: "no state query param", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?code=123", + BeforeTestFunc: beforeTestFunc(clientStubs[0], nil), + ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkFailureRedirect(t, app, res) + }, + }, + { + Name: "invalid or missing client", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?code=123&state=missing", + BeforeTestFunc: beforeTestFunc(clientStubs[1], nil), + ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkFailureRedirect(t, app, res) + }, + }, + { + Name: "no code query param", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?state=" + clientStubs[2]["c3"].Id(), + BeforeTestFunc: beforeTestFunc(clientStubs[2], map[string][]string{ + "c3": {`"state":"` + clientStubs[2]["c3"].Id(), `"code":""`}, + }), + ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkFailureRedirect(t, app, res) + + if clientStubs[2]["c3"].HasSubscription("@oauth2") { + t.Fatalf("Expected oauth2 subscription to be removed") + } + }, + }, + { + Name: "error query param", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?error=example&code=123&state=" + clientStubs[3]["c3"].Id(), + BeforeTestFunc: beforeTestFunc(clientStubs[3], map[string][]string{ + "c3": {`"state":"` + clientStubs[3]["c3"].Id(), `"code":"123"`, `"error":"example"`}, + }), + ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkFailureRedirect(t, app, res) + + if clientStubs[3]["c3"].HasSubscription("@oauth2") { + t.Fatalf("Expected oauth2 subscription to be removed") + } + }, + }, + { + Name: "discarded client with @oauth2 subscription", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?code=123&state=" + clientStubs[4]["c5"].Id(), + BeforeTestFunc: beforeTestFunc(clientStubs[4], nil), + ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkFailureRedirect(t, app, res) + }, + }, + { + Name: "client without @oauth2 subscription", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?code=123&state=" + clientStubs[4]["c4"].Id(), + BeforeTestFunc: beforeTestFunc(clientStubs[5], nil), + ExpectedStatus: http.StatusTemporaryRedirect, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkFailureRedirect(t, app, res) + }, + }, + { + Name: "client with @oauth2 subscription", + Method: http.MethodGet, + URL: "/api/oauth2-redirect?code=123&state=" + clientStubs[6]["c3"].Id(), + BeforeTestFunc: beforeTestFunc(clientStubs[6], map[string][]string{ + "c3": {`"state":"` + clientStubs[6]["c3"].Id(), `"code":"123"`}, + }), + ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkSuccessRedirect(t, app, res) + + if clientStubs[6]["c3"].HasSubscription("@oauth2") { + t.Fatalf("Expected oauth2 subscription to be removed") + } + }, + }, + { + Name: "(POST) client with @oauth2 subscription", + Method: http.MethodPost, + URL: "/api/oauth2-redirect", + Body: strings.NewReader("code=123&state=" + clientStubs[7]["c3"].Id()), + Headers: map[string]string{ + "content-type": "application/x-www-form-urlencoded", + }, + BeforeTestFunc: beforeTestFunc(clientStubs[7], map[string][]string{ + "c3": {`"state":"` + clientStubs[7]["c3"].Id(), `"code":"123"`}, + }), + ExpectedStatus: http.StatusSeeOther, + ExpectedEvents: map[string]int{"*": 0}, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + app.Store().Get("cancelFunc").(context.CancelFunc)() + + checkSuccessRedirect(t, app, res) + + if clientStubs[7]["c3"].HasSubscription("@oauth2") { + t.Fatalf("Expected oauth2 subscription to be removed") + } + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_with_oauth2_test.go b/apis/record_auth_with_oauth2_test.go new file mode 100644 index 0000000..0e2a385 --- /dev/null +++ b/apis/record_auth_with_oauth2_test.go @@ -0,0 +1,1715 @@ +package apis_test + +import ( + "bytes" + "errors" + "image" + "image/png" + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/auth" + "github.com/pocketbase/pocketbase/tools/dbutils" + "golang.org/x/oauth2" +) + +var _ auth.Provider = (*oauth2MockProvider)(nil) + +type oauth2MockProvider struct { + auth.BaseProvider + + AuthUser *auth.AuthUser + Token *oauth2.Token +} + +func (p *oauth2MockProvider) FetchToken(code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) { + if p.Token == nil { + return nil, errors.New("failed to fetch OAuth2 token") + } + return p.Token, nil +} + +func (p *oauth2MockProvider) FetchAuthUser(token *oauth2.Token) (*auth.AuthUser, error) { + if p.AuthUser == nil { + return nil, errors.New("failed to fetch OAuth2 user") + } + return p.AuthUser, nil +} + +func TestRecordAuthWithOAuth2(t *testing.T) { + t.Parallel() + + // start a test server + server := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + buf := new(bytes.Buffer) + png.Encode(buf, image.Rect(0, 0, 1, 1)) // tiny 1x1 png + http.ServeContent(res, req, "test_avatar.png", time.Now(), bytes.NewReader(buf.Bytes())) + })) + defer server.Close() + + scenarios := []tests.ApiScenario{ + { + Name: "disabled OAuth2 auth", + Method: http.MethodPost, + URL: "/api/collections/nologin/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code": "123", + "codeVerifier": "456", + "redirectURL": "https://example.com" + }`), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid body", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{"provider"`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "trigger form validations (missing provider)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "missing" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"provider":`, + `"code":`, + `"redirectURL":`, + }, + NotExpectedContent: []string{ + `"codeVerifier":`, // should be optional + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "trigger form validations (existing but disabled provider)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "apple" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"provider":`, + `"code":`, + `"redirectURL":`, + }, + NotExpectedContent: []string{ + `"codeVerifier":`, // should be optional + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "existing linked OAuth2 (unverified user)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com", + "createData": { + "name": "test_new" + } + }`), + Headers: map[string]string{ + // users, test2@example.com + // (auth with some other user from the same collection to ensure that it is ignored) + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6Im9hcDY0MGNvdDR5cnUycyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.GfJo6EHIobgas_AXt-M-tj5IoQendPnrkMSe9ExuSEY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.Verified() { + t.Fatalf("Expected user %q to be unverified", user.Email()) + } + + // ensure that the old password works + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + // stub linked provider + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(user.Collection().Id) + ea.SetRecordRef(user.Id) + ea.SetProvider("test") + ea.SetProviderId("test_id") + if err := app.Save(ea); err != nil { + t.Fatal(err) + } + + // test at least once that the correct request info context is properly loaded + app.OnRecordAuthRequest().BindFunc(func(e *core.RecordAuthRequestEvent) error { + info, err := e.RequestInfo() + if err != nil { + t.Fatal(err) + } + + if info.Context != core.RequestInfoContextOAuth2 { + t.Fatalf("Expected request context %q, got %q", core.RequestInfoContextOAuth2, info.Context) + } + + return e.Next() + }) + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"email":"test@example.com"`, + `"id":"4q1xlclmfloku33"`, + `"id":"test_id"`, + `"verified":false`, // shouldn't change + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + // --- + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 2, // create + update + "OnRecordValidate": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if name := user.GetString("name"); name != "test1" { + t.Fatalf("Expected name to not change, got %q", name) + } + + if user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be changed", "1234567890") + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if len(devices) != 1 { + t.Fatalf("Expected only 1 auth origin to be created, got %d (%v)", len(devices), err) + } + }, + }, + { + Name: "existing linked OAuth2 (verified user)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + if !user.Verified() { + t.Fatalf("Expected user %q to be verified", user.Email()) + } + + // ensure that the old password works + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + // stub linked provider + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(user.Collection().Id) + ea.SetRecordRef(user.Id) + ea.SetProvider("test") + ea.SetProviderId("test_id") + if err := app.Save(ea); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"isNew":false`, + `"email":"test2@example.com"`, + `"id":"oap640cot4yru2s"`, + `"id":"test_id"`, + `"verified":true`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + // --- + "OnModelValidate": 1, + "OnRecordValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected old password %q to be valid", "1234567890") + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if len(devices) != 1 { + t.Fatalf("Expected only 1 auth origin to be created, got %d (%v)", len(devices), err) + } + }, + }, + { + Name: "link by email", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.Verified() { + t.Fatalf("Expected user %q to be unverified", user.Email()) + } + + // ensure that the old password works + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id", Email: "test@example.com"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"isNew":false`, + `"email":"test@example.com"`, + `"id":"4q1xlclmfloku33"`, + `"id":"test_id"`, + `"verified":true`, // should be updated + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelCreate": 2, // authOrigins + externalAuths + "OnModelCreateExecute": 2, + "OnModelAfterCreateSuccess": 2, + "OnRecordCreate": 2, + "OnRecordCreateExecute": 2, + "OnRecordAfterCreateSuccess": 2, + // --- + "OnModelUpdate": 1, // record password and verified states + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 3, // record + authOrigins + externalAuths + "OnRecordValidate": 3, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be changed", "1234567890") + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if len(devices) != 1 { + t.Fatalf("Expected only 1 auth origin to be created, got %d (%v)", len(devices), err) + } + }, + }, + { + Name: "link by fallback user (OAuth2 user with different email)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.Verified() { + t.Fatalf("Expected user %q to be unverified", user.Email()) + } + + // ensure that the old password works + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "test_id", + Email: "test2@example.com", // different email -> should be ignored + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"isNew":false`, + `"email":"test@example.com"`, + `"id":"4q1xlclmfloku33"`, + `"id":"test_id"`, + `"verified":false`, // shouldn't change because the OAuth2 user email is different + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelCreate": 2, // authOrigins + externalAuths + "OnModelCreateExecute": 2, + "OnModelAfterCreateSuccess": 2, + "OnRecordCreate": 2, + "OnRecordCreateExecute": 2, + "OnRecordAfterCreateSuccess": 2, + // --- + "OnModelValidate": 2, + "OnRecordValidate": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q not to be changed", "1234567890") + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if len(devices) != 1 { + t.Fatalf("Expected only 1 auth origin to be created, got %d (%v)", len(devices), err) + } + }, + }, + { + Name: "link by fallback user (user without email)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.Verified() { + t.Fatalf("Expected user %q to be unverified", user.Email()) + } + + // ensure that the old password works + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + + oldTokenKey := user.TokenKey() + + // manually unset the user email + user.SetEmail("") + if err = app.Save(user); err != nil { + t.Fatal(err) + } + + // resave with the old token key since the email change above + // would change it and will make the password token invalid + user.SetTokenKey(oldTokenKey) + if err = app.Save(user); err != nil { + t.Fatalf("Failed to restore original user tokenKey: %v", err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "test_id", + Email: "test_oauth2@example.com", + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"isNew":false`, + `"email":"test_oauth2@example.com"`, + `"id":"4q1xlclmfloku33"`, + `"id":"test_id"`, + `"verified":true`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelCreate": 2, // authOrigins + externalAuths + "OnModelCreateExecute": 2, + "OnModelAfterCreateSuccess": 2, + "OnRecordCreate": 2, + "OnRecordCreateExecute": 2, + "OnRecordAfterCreateSuccess": 2, + // --- + "OnModelUpdate": 1, // record email set + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 3, // record + authOrigins + externalAuths + "OnRecordValidate": 3, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test_oauth2@example.com") + if err != nil { + t.Fatal(err) + } + + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q not to be changed", "1234567890") + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if len(devices) != 1 { + t.Fatalf("Expected only 1 auth origin to be created, got %d (%v)", len(devices), err) + } + }, + }, + { + Name: "link by fallback user (unverified user with matching email)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.Verified() { + t.Fatalf("Expected user %q to be unverified", user.Email()) + } + + // ensure that the old password works + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "test_id", + Email: "test@example.com", // matching email -> should be marked as verified + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"isNew":false`, + `"email":"test@example.com"`, + `"id":"4q1xlclmfloku33"`, + `"id":"test_id"`, + `"verified":true`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelCreate": 2, // authOrigins + externalAuths + "OnModelCreateExecute": 2, + "OnModelAfterCreateSuccess": 2, + "OnRecordCreate": 2, + "OnRecordCreateExecute": 2, + "OnRecordAfterCreateSuccess": 2, + // --- + "OnModelUpdate": 1, // record verified update + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 3, // record + authOrigins + externalAuths + "OnRecordValidate": 3, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q not to be changed", "1234567890") + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if len(devices) != 1 { + t.Fatalf("Expected only 1 auth origin to be created, got %d (%v)", len(devices), err) + } + }, + }, + { + Name: "creating user (no extra create data or custom fields mapping)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"record":{`, + `"token":"`, + `"meta":{`, + `"isNew":true`, + `"email":""`, + `"id":"test_id"`, + `"verified":true`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + }, + { + Name: "creating user (submit failure - form auth fields validator)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com", + "createData": { + "verified": true, + "email": "invalid", + "rel": "invalid", + "file": "invalid" + } + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"verified":{"code":"validation_values_mismatch"`, + }, + NotExpectedContent: []string{ + `"email":`, // ignored because the record validator never ran + `"rel":`, // ignored because the record validator never ran + `"file":`, // ignored because the record validator never ran + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordCreateRequest": 1, + }, + }, + { + Name: "creating user (submit failure - record fields validator)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com", + "createData": { + "email": "invalid", + "rel": "invalid", + "file": "invalid" + } + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"email":{"code":"validation_is_email"`, + `"rel":{"code":"validation_missing_rel_records"`, + `"file":{"code":"validation_invalid_file"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordCreateRequest": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnModelCreate": 1, + "OnModelAfterCreateError": 1, + "OnRecordCreate": 1, + "OnRecordAfterCreateError": 1, + }, + }, + { + Name: "creating user (valid create data with empty submitted email)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com", + "createData": { + "email": "", + "emailVisibility": true, + "password": "1234567890", + "passwordConfirm": "1234567890", + "name": "test_name", + "username": "test_username", + "rel": "0yxhwia2amd8gec" + } + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"isNew":true`, + `"email":""`, + `"emailVisibility":true`, + `"name":"test_name"`, + `"username":"test_username"`, + `"verified":true`, + `"rel":"0yxhwia2amd8gec"`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindFirstRecordByData("users", "username", "test_username") + if err != nil { + t.Fatal(err) + } + + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + }, + }, + { + Name: "creating user (valid create data with non-empty valid submitted email)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com", + "createData": { + "email": "test_create@example.com", + "emailVisibility": true, + "password": "1234567890", + "passwordConfirm": "1234567890", + "name": "test_name", + "username": "test_username", + "rel": "0yxhwia2amd8gec" + } + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "test_id", + Email: "oauth2@example.com", // should be ignored because of the explicit submitted email + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test_create@example.com"`, + `"emailVisibility":true`, + `"name":"test_name"`, + `"username":"test_username"`, + `"verified":false`, + `"rel":"0yxhwia2amd8gec"`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelValidate": 3, + "OnRecordValidate": 3, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindFirstRecordByData("users", "username", "test_username") + if err != nil { + t.Fatal(err) + } + + if !user.ValidatePassword("1234567890") { + t.Fatalf("Expected password %q to be valid", "1234567890") + } + }, + }, + { + Name: "creating user (with mapped OAuth2 fields and avatarURL->file field)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com", + "createData": { + "name": "test_name", + "emailVisibility": true, + "rel": "0yxhwia2amd8gec" + } + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "oauth2_id", + Email: "oauth2@example.com", + Username: "oauth2_username", + AvatarURL: server.URL + "/oauth2_avatar.png", + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + usersCol.OAuth2.MappedFields = core.OAuth2KnownFields{ + Username: "name", // should be ignored because of the explicit submitted value + Id: "username", + AvatarURL: "avatar", + } + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"isNew":true`, + `"email":"oauth2@example.com"`, + `"emailVisibility":true`, + `"name":"test_name"`, + `"username":"oauth2_username"`, + `"verified":true`, + `"rel":"0yxhwia2amd8gec"`, + `"avatar":"oauth2_avatar_`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + }, + { + Name: "creating user (with mapped OAuth2 avatarURL field but empty OAuth2User.avatarURL value)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "oauth2_id", + Email: "oauth2@example.com", + AvatarURL: "", + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + usersCol.OAuth2.MappedFields = core.OAuth2KnownFields{ + AvatarURL: "avatar", + } + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"isNew":true`, + `"email":"oauth2@example.com"`, + `"emailVisibility":false`, + `"verified":true`, + `"avatar":""`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + }, + { + Name: "creating user (with mapped OAuth2 fields, case-sensitive username and avatarURL->non-file field)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "oauth2_id", + Email: "oauth2@example.com", + Username: "tESt2_username", // wouldn't match with existing because the related field index is case-sensitive + Name: "oauth2_name", + AvatarURL: server.URL + "/oauth2_avatar.png", + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + usersCol.OAuth2.MappedFields = core.OAuth2KnownFields{ + Username: "username", + AvatarURL: "name", + } + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"isNew":true`, + `"email":"oauth2@example.com"`, + `"emailVisibility":false`, + `"username":"tESt2_username"`, + `"name":"http://127.`, + `"verified":true`, + `"avatar":""`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + }, + { + Name: "creating user (with mapped OAuth2 fields and duplicated case-insensitive username)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "oauth2_id", + Email: "oauth2@example.com", + Username: "tESt2_username", + Name: "oauth2_name", + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // make the username index case-insensitive to ensure that case-insensitive match is used + index, ok := dbutils.FindSingleColumnUniqueIndex(usersCol.Indexes, "username") + if ok { + index.Columns[0].Collate = "nocase" + usersCol.RemoveIndex(index.IndexName) + usersCol.Indexes = append(usersCol.Indexes, index.Build()) + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + usersCol.OAuth2.MappedFields = core.OAuth2KnownFields{ + Username: "username", + } + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"isNew":true`, + `"email":"oauth2@example.com"`, + `"emailVisibility":false`, + `"verified":true`, + `"avatar":""`, + `"username":"users`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + }, + { + Name: "creating user (with mapped OAuth2 fields and username that doesn't match the field validations)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{ + Id: "oauth2_id", + Email: "oauth2@example.com", + Username: "!@invalid", + Name: "oauth2_name", + }, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + usersCol.MFA.Enabled = false + usersCol.OAuth2.Enabled = true + usersCol.OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + usersCol.OAuth2.MappedFields = core.OAuth2KnownFields{ + Username: "username", + } + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"isNew":true`, + `"email":"oauth2@example.com"`, + `"emailVisibility":false`, + `"verified":true`, + `"avatar":""`, + `"username":"users`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOAuth2Request": 1, + "OnRecordAuthRequest": 1, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 2, // the auth response and from the create request + // --- + "OnModelCreate": 3, // record + authOrigins + externalAuths + "OnModelCreateExecute": 3, + "OnModelAfterCreateSuccess": 3, + "OnRecordCreate": 3, + "OnRecordCreateExecute": 3, + "OnRecordAfterCreateSuccess": 3, + // --- + "OnModelUpdate": 1, // created record verified state change + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + // --- + "OnModelValidate": 4, + "OnRecordValidate": 4, + }, + }, + { + Name: "OnRecordAuthWithOAuth2Request tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + Body: strings.NewReader(`{ + "provider": "test", + "code":"123", + "redirectURL": "https://example.com" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // register the test provider + auth.Providers["test"] = func() auth.Provider { + return &oauth2MockProvider{ + AuthUser: &auth.AuthUser{Id: "test_id"}, + Token: &oauth2.Token{AccessToken: "abc"}, + } + } + + // add the test provider in the collection + user.Collection().MFA.Enabled = false + user.Collection().OAuth2.Enabled = true + user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{ + Name: "test", + ClientId: "123", + ClientSecret: "456", + }} + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + // stub linked provider + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(user.Collection().Id) + ea.SetRecordRef(user.Id) + ea.SetProvider("test") + ea.SetProviderId("test_id") + if err := app.Save(ea); err != nil { + t.Fatal(err) + } + + app.OnRecordAuthWithOAuth2Request().BindFunc(func(e *core.RecordAuthWithOAuth2RequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordAuthWithOAuth2Request": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:authWithOAuth2", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authWithOAuth2"}, + {MaxRequests: 100, Label: "users:auth"}, + {MaxRequests: 0, Label: "users:authWithOAuth2"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:authWithOAuth2", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:auth"}, + {MaxRequests: 0, Label: "*:authWithOAuth2"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit tag - users:auth", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authWithOAuth2"}, + {MaxRequests: 0, Label: "users:auth"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit tag - *:auth", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-oauth2", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:auth"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_auth_with_otp.go b/apis/record_auth_with_otp.go new file mode 100644 index 0000000..c464167 --- /dev/null +++ b/apis/record_auth_with_otp.go @@ -0,0 +1,106 @@ +package apis + +import ( + "errors" + "fmt" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" +) + +func recordAuthWithOTP(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if !collection.OTP.Enabled { + return e.ForbiddenError("The collection is not configured to allow OTP authentication.", nil) + } + + form := &authWithOTPForm{} + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + e.Set(core.RequestEventKeyInfoContext, core.RequestInfoContextOTP) + + event := new(core.RecordAuthWithOTPRequestEvent) + event.RequestEvent = e + event.Collection = collection + + // extra validations + // (note: returns a generic 400 as a very basic OTPs enumeration protection) + // --- + event.OTP, err = e.App.FindOTPById(form.OTPId) + if err != nil { + return e.BadRequestError("Invalid or expired OTP", err) + } + + if event.OTP.CollectionRef() != collection.Id { + return e.BadRequestError("Invalid or expired OTP", errors.New("the OTP is for a different collection")) + } + + if event.OTP.HasExpired(collection.OTP.DurationTime()) { + return e.BadRequestError("Invalid or expired OTP", errors.New("the OTP is expired")) + } + + event.Record, err = e.App.FindRecordById(event.OTP.CollectionRef(), event.OTP.RecordRef()) + if err != nil { + return e.BadRequestError("Invalid or expired OTP", fmt.Errorf("missing auth record: %w", err)) + } + + // since otps are usually simple digit numbers, enforce an extra rate limit rule as basic enumaration protection + err = checkRateLimit(e, "@pb_otp_"+event.Record.Id, core.RateLimitRule{MaxRequests: 5, Duration: 180}) + if err != nil { + return e.TooManyRequestsError("Too many attempts, please try again later with a new OTP.", nil) + } + + if !event.OTP.ValidatePassword(form.Password) { + return e.BadRequestError("Invalid or expired OTP", errors.New("incorrect password")) + } + // --- + + return e.App.OnRecordAuthWithOTPRequest().Trigger(event, func(e *core.RecordAuthWithOTPRequestEvent) error { + // update the user email verified state in case the OTP originate from an email address matching the current record one + // + // note: don't wait for success auth response (it could fail because of MFA) and because we already validated the OTP above + otpSentTo := e.OTP.SentTo() + if !e.Record.Verified() && otpSentTo != "" && e.Record.Email() == otpSentTo { + e.Record.SetVerified(true) + err = e.App.Save(e.Record) + if err != nil { + e.App.Logger().Error("Failed to update record verified state after successful OTP validation", + "error", err, + "otpId", e.OTP.Id, + "recordId", e.Record.Id, + ) + } + } + + // try to delete the used otp + err = e.App.Delete(e.OTP) + if err != nil { + e.App.Logger().Error("Failed to delete used OTP", "error", err, "otpId", e.OTP.Id) + } + + return RecordAuthResponse(e.RequestEvent, e.Record, core.MFAMethodOTP, nil) + }) +} + +// ------------------------------------------------------------------- + +type authWithOTPForm struct { + OTPId string `form:"otpId" json:"otpId"` + Password string `form:"password" json:"password"` +} + +func (form *authWithOTPForm) validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.OTPId, validation.Required, validation.Length(1, 255)), + validation.Field(&form.Password, validation.Required, validation.Length(1, 71)), + ) +} diff --git a/apis/record_auth_with_otp_test.go b/apis/record_auth_with_otp_test.go new file mode 100644 index 0000000..bc51442 --- /dev/null +++ b/apis/record_auth_with_otp_test.go @@ -0,0 +1,608 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRecordAuthWithOTP(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "not an auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/auth-with-otp", + Body: strings.NewReader(`{"otpId":"test","password":"123456"}`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth collection with disabled otp", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{"otpId":"test","password":"123456"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + usersCol.OTP.Enabled = false + + if err := app.Save(usersCol); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid body", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{"email`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty body", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(``), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"otpId":{"code":"validation_required"`, + `"password":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid request data", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 256) + `", + "password":"` + strings.Repeat("a", 72) + `" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"otpId":{"code":"validation_length_out_of_range"`, + `"password":{"code":"validation_length_out_of_range"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing otp", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"missing", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "otp for different collection", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + client, err := app.FindAuthRecordByEmail("clients", "test@example.com") + if err != nil { + t.Fatal(err) + } + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(client.Collection().Id) + otp.SetRecordRef(client.Id) + otp.SetPassword("123456") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "otp with wrong password", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("1234567890") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expired otp with valid password", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + expiredDate := types.NowDateTime().AddDate(-3, 0, 0) + otp.SetRaw("created", expiredDate) + otp.SetRaw("updated", expiredDate) + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid otp with valid password (enabled MFA)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 401, + ExpectedContent: []string{`"mfaId":"`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOTPRequest": 1, + "OnRecordAuthRequest": 1, + // --- + "OnModelValidate": 1, + "OnModelCreate": 1, // mfa record + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelDelete": 1, // otp delete + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + // --- + "OnRecordValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + { + Name: "valid otp with valid password and empty sentTo (disabled MFA)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // ensure that the user is unverified + user.SetVerified(false) + if err = app.Save(user); err != nil { + t.Fatal(err) + } + + // disable MFA + user.Collection().MFA.Enabled = false + if err = app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + + // test at least once that the correct request info context is properly loaded + app.OnRecordAuthRequest().BindFunc(func(e *core.RecordAuthRequestEvent) error { + info, err := e.RequestInfo() + if err != nil { + t.Fatal(err) + } + + if info.Context != core.RequestInfoContextOTP { + t.Fatalf("Expected request context %q, got %q", core.RequestInfoContextOTP, info.Context) + } + + return e.Next() + }) + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"`, + `"record":{`, + `"email":"test@example.com"`, + }, + NotExpectedContent: []string{ + `"meta":`, + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOTPRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelValidate": 1, + "OnModelCreate": 1, // authOrigin + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelDelete": 1, // otp delete + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + // --- + "OnRecordValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if user.Verified() { + t.Fatal("Expected the user to remain unverified because sentTo != email") + } + }, + }, + { + Name: "valid otp with valid password and nonempty sentTo=email (disabled MFA)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // ensure that the user is unverified + user.SetVerified(false) + if err = app.Save(user); err != nil { + t.Fatal(err) + } + + // disable MFA + user.Collection().MFA.Enabled = false + if err = app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + otp.SetSentTo(user.Email()) + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"token":"`, + `"record":{`, + `"email":"test@example.com"`, + }, + NotExpectedContent: []string{ + `"meta":`, + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithOTPRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // --- + "OnModelValidate": 2, // +1 because of the verified user update + // authOrigin create + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + // OTP delete + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + // user verified update + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + // --- + "OnRecordValidate": 2, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + if !user.Verified() { + t.Fatal("Expected the user to be marked as verified") + } + }, + }, + { + Name: "OnRecordAuthWithOTPRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + strings.Repeat("a", 15) + `", + "password":"123456" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // disable MFA + user.Collection().MFA.Enabled = false + if err = app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + otp := core.NewOTP(app) + otp.Id = strings.Repeat("a", 15) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + + app.OnRecordAuthWithOTPRequest().BindFunc(func(e *core.RecordAuthWithOTPRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordAuthWithOTPRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:authWithOTP", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authWithOTP"}, + {MaxRequests: 100, Label: "users:auth"}, + {MaxRequests: 0, Label: "users:authWithOTP"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:authWithOTP", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:auth"}, + {MaxRequests: 0, Label: "*:authWithOTP"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - users:auth", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authWithOTP"}, + {MaxRequests: 0, Label: "users:auth"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:auth", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:auth"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordAuthWithOTPManualRateLimiterCheck(t *testing.T) { + t.Parallel() + + var storeCache map[string]any + + otpAId := strings.Repeat("a", 15) + otpBId := strings.Repeat("b", 15) + + scenarios := []struct { + otpId string + password string + expectedStatus int + }{ + {otpAId, "12345", 400}, + {otpAId, "12345", 400}, + {otpBId, "12345", 400}, + {otpBId, "12345", 400}, + {otpBId, "12345", 400}, + {otpAId, "12345", 429}, + {otpAId, "123456", 429}, // reject even if it is correct + {otpAId, "123456", 429}, + {otpBId, "123456", 429}, + } + + for _, s := range scenarios { + (&tests.ApiScenario{ + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-otp", + Body: strings.NewReader(`{ + "otpId":"` + s.otpId + `", + "password":"` + s.password + `" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + for k, v := range storeCache { + app.Store().Set(k, v) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + user.Collection().MFA.Enabled = false + if err := app.Save(user.Collection()); err != nil { + t.Fatal(err) + } + + for _, id := range []string{otpAId, otpBId} { + otp := core.NewOTP(app) + otp.Id = id + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("123456") + if err := app.Save(otp); err != nil { + t.Fatal(err) + } + } + }, + ExpectedStatus: s.expectedStatus, + ExpectedContent: []string{`"`}, // it doesn't matter anything non-empty + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + storeCache = app.Store().GetAll() + }, + }).Test(t) + } +} diff --git a/apis/record_auth_with_password.go b/apis/record_auth_with_password.go new file mode 100644 index 0000000..c28f911 --- /dev/null +++ b/apis/record_auth_with_password.go @@ -0,0 +1,135 @@ +package apis + +import ( + "database/sql" + "errors" + "slices" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/list" +) + +func recordAuthWithPassword(e *core.RequestEvent) error { + collection, err := findAuthCollection(e) + if err != nil { + return err + } + + if !collection.PasswordAuth.Enabled { + return e.ForbiddenError("The collection is not configured to allow password authentication.", nil) + } + + form := &authWithPasswordForm{} + if err = e.BindBody(form); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err)) + } + if err = form.validate(collection); err != nil { + return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err)) + } + + e.Set(core.RequestEventKeyInfoContext, core.RequestInfoContextPasswordAuth) + + var foundRecord *core.Record + var foundErr error + + if form.IdentityField != "" { + foundRecord, foundErr = findRecordByIdentityField(e.App, collection, form.IdentityField, form.Identity) + } else { + // prioritize email lookup + isEmail := is.EmailFormat.Validate(form.Identity) == nil + if isEmail && list.ExistInSlice(core.FieldNameEmail, collection.PasswordAuth.IdentityFields) { + foundRecord, foundErr = findRecordByIdentityField(e.App, collection, core.FieldNameEmail, form.Identity) + } + + // search by the other identity fields + if !isEmail || foundErr != nil { + for _, name := range collection.PasswordAuth.IdentityFields { + if !isEmail && name == core.FieldNameEmail { + continue // no need to search by the email field if it is not an email + } + + foundRecord, foundErr = findRecordByIdentityField(e.App, collection, name, form.Identity) + if foundErr == nil { + break + } + } + } + } + + // ignore not found errors to allow custom record find implementations + if foundErr != nil && !errors.Is(foundErr, sql.ErrNoRows) { + return e.InternalServerError("", foundErr) + } + + event := new(core.RecordAuthWithPasswordRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = foundRecord + event.Identity = form.Identity + event.Password = form.Password + event.IdentityField = form.IdentityField + + return e.App.OnRecordAuthWithPasswordRequest().Trigger(event, func(e *core.RecordAuthWithPasswordRequestEvent) error { + if e.Record == nil || !e.Record.ValidatePassword(e.Password) { + return e.BadRequestError("Failed to authenticate.", errors.New("invalid login credentials")) + } + + return RecordAuthResponse(e.RequestEvent, e.Record, core.MFAMethodPassword, nil) + }) +} + +// ------------------------------------------------------------------- + +type authWithPasswordForm struct { + Identity string `form:"identity" json:"identity"` + Password string `form:"password" json:"password"` + + // IdentityField specifies the field to use to search for the identity + // (leave it empty for "auto" detection). + IdentityField string `form:"identityField" json:"identityField"` +} + +func (form *authWithPasswordForm) validate(collection *core.Collection) error { + return validation.ValidateStruct(form, + validation.Field(&form.Identity, validation.Required, validation.Length(1, 255)), + validation.Field(&form.Password, validation.Required, validation.Length(1, 255)), + validation.Field( + &form.IdentityField, + validation.Length(1, 255), + validation.In(list.ToInterfaceSlice(collection.PasswordAuth.IdentityFields)...), + ), + ) +} + +func findRecordByIdentityField(app core.App, collection *core.Collection, field string, value any) (*core.Record, error) { + if !slices.Contains(collection.PasswordAuth.IdentityFields, field) { + return nil, errors.New("invalid identity field " + field) + } + + index, ok := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, field) + if !ok { + return nil, errors.New("missing " + field + " unique index constraint") + } + + var expr dbx.Expression + if strings.EqualFold(index.Columns[0].Collate, "nocase") { + // case-insensitive search + expr = dbx.NewExp("[["+field+"]] = {:identity} COLLATE NOCASE", dbx.Params{"identity": value}) + } else { + expr = dbx.HashExp{field: value} + } + + record := &core.Record{} + + err := app.RecordQuery(collection).AndWhere(expr).Limit(1).One(record) + if err != nil { + return nil, err + } + + return record, nil +} diff --git a/apis/record_auth_with_password_test.go b/apis/record_auth_with_password_test.go new file mode 100644 index 0000000..8ed3aea --- /dev/null +++ b/apis/record_auth_with_password_test.go @@ -0,0 +1,713 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/dbutils" +) + +func TestRecordAuthWithPassword(t *testing.T) { + t.Parallel() + + updateIdentityIndex := func(collectionIdOrName string, fieldCollateMap map[string]string) func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + return func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + for column, collate := range fieldCollateMap { + index, ok := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, column) + if !ok { + t.Fatalf("Missing unique identityField index for column %q", column) + } + + index.Columns[0].Collate = collate + + collection.RemoveIndex(index.IndexName) + collection.Indexes = append(collection.Indexes, index.Build()) + } + + err = app.Save(collection) + if err != nil { + t.Fatalf("Failed to update identityField index: %v", err) + } + } + } + + scenarios := []tests.ApiScenario{ + { + Name: "disabled password auth", + Method: http.MethodPost, + URL: "/api/collections/nologin/auth-with-password", + Body: strings.NewReader(`{"identity":"test@example.com","password":"1234567890"}`), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/auth-with-password", + Body: strings.NewReader(`{"identity":"test@example.com","password":"1234567890"}`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "invalid body format", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{"identity`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "empty body params", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{"identity":"","password":""}`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"identity":{`, + `"password":{`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "OnRecordAuthWithPasswordRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test@example.com", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordAuthWithPasswordRequest().BindFunc(func(e *core.RecordAuthWithPasswordRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordAuthWithPasswordRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + { + Name: "valid identity field and invalid password", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test@example.com", + "password":"invalid" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{}`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + }, + }, + { + Name: "valid identity field (email) and valid password", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test@example.com", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // test at least once that the correct request info context is properly loaded + app.OnRecordAuthRequest().BindFunc(func(e *core.RecordAuthRequestEvent) error { + info, err := e.RequestInfo() + if err != nil { + t.Fatal(err) + } + + if info.Context != core.RequestInfoContextPasswordAuth { + t.Fatalf("Expected request context %q, got %q", core.RequestInfoContextPasswordAuth, info.Context) + } + + return e.Next() + }) + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + { + Name: "valid identity field (username) and valid password", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"clients57772", + "password":"1234567890" + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"username":"clients57772"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + { + Name: "unknown explicit identityField", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identityField": "created", + "identity":"test@example.com", + "password":"1234567890" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"identityField":{"code":"validation_in_invalid"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "valid identity field and valid password with mismatched explicit identityField", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identityField": "username", + "identity":"test@example.com", + "password":"1234567890" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + }, + }, + { + Name: "valid identity field and valid password with matched explicit identityField", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identityField": "username", + "identity":"clients57772", + "password":"1234567890" + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"username":"clients57772"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + { + Name: "valid identity (unverified) and valid password in onlyVerified collection", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test2@example.com", + "password":"1234567890" + }`), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + }, + }, + { + Name: "already authenticated record", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test@example.com", + "password":"1234567890" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"gk390qegs4y47wn"`, + `"email":"test@example.com"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + { + Name: "with mfa first auth check", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test@example.com", + "password":"1234567890" + }`), + ExpectedStatus: 401, + ExpectedContent: []string{ + `"mfaId":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + // mfa create + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + mfas, err := app.FindAllMFAsByRecord(user) + if err != nil { + t.Fatal(err) + } + + if v := len(mfas); v != 1 { + t.Fatalf("Expected 1 mfa record to be created, got %d", v) + } + }, + }, + { + Name: "with mfa second auth check", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + Body: strings.NewReader(`{ + "mfaId": "` + strings.Repeat("a", 15) + `", + "identity":"test@example.com", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + // insert a dummy mfa record + mfa := core.NewMFA(app) + mfa.Id = strings.Repeat("a", 15) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef(user.Id) + mfa.SetMethod("test") + if err := app.Save(mfa); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 0, // disabled auth email alerts + "OnMailerRecordAuthAlertSend": 0, + // mfa delete + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + { + Name: "with enabled mfa but unsatisfied mfa rule (aka. skip the mfa check)", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + Body: strings.NewReader(`{ + "identity":"test@example.com", + "password":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + users, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + users.MFA.Enabled = true + users.MFA.Rule = "1=2" + + if err := app.Save(users); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 0, // disabled auth email alerts + "OnMailerRecordAuthAlertSend": 0, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + mfas, err := app.FindAllMFAsByRecord(user) + if err != nil { + t.Fatal(err) + } + + if v := len(mfas); v != 0 { + t.Fatalf("Expected no mfa records to be created, got %d", v) + } + }, + }, + + // case sensitivity checks + // ----------------------------------------------------------- + { + Name: "with explicit identityField (case-sensitive)", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identityField": "username", + "identity":"Clients57772", + "password":"1234567890" + }`), + BeforeTestFunc: updateIdentityIndex("clients", map[string]string{"username": ""}), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + }, + }, + { + Name: "with explicit identityField (case-insensitive)", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identityField": "username", + "identity":"Clients57772", + "password":"1234567890" + }`), + BeforeTestFunc: updateIdentityIndex("clients", map[string]string{"username": "nocase"}), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"username":"clients57772"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + { + Name: "without explicit identityField and non-email field (case-insensitive)", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"Clients57772", + "password":"1234567890" + }`), + BeforeTestFunc: updateIdentityIndex("clients", map[string]string{"username": "nocase"}), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"username":"clients57772"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + { + Name: "without explicit identityField and email field (case-insensitive)", + Method: http.MethodPost, + URL: "/api/collections/clients/auth-with-password", + Body: strings.NewReader(`{ + "identity":"tESt@example.com", + "password":"1234567890" + }`), + BeforeTestFunc: updateIdentityIndex("clients", map[string]string{"email": "nocase"}), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"test@example.com"`, + `"username":"clients57772"`, + `"token":`, + }, + NotExpectedContent: []string{ + // hidden fields + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordAuthWithPasswordRequest": 1, + "OnRecordAuthRequest": 1, + "OnRecordEnrich": 1, + // authOrigin track + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + "OnMailerSend": 1, + "OnMailerRecordAuthAlertSend": 1, + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - users:authWithPassword", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authWithPassword"}, + {MaxRequests: 100, Label: "users:auth"}, + {MaxRequests: 0, Label: "users:authWithPassword"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:authWithPassword", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:auth"}, + {MaxRequests: 0, Label: "*:authWithPassword"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - users:auth", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:authWithPassword"}, + {MaxRequests: 0, Label: "users:auth"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:auth", + Method: http.MethodPost, + URL: "/api/collections/users/auth-with-password", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:auth"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_crud.go b/apis/record_crud.go new file mode 100644 index 0000000..ff48758 --- /dev/null +++ b/apis/record_crud.go @@ -0,0 +1,742 @@ +package apis + +import ( + cryptoRand "crypto/rand" + "errors" + "fmt" + "math/big" + "net/http" + "strings" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/security" +) + +// bindRecordCrudApi registers the record crud api endpoints and +// the corresponding handlers. +// +// note: the rate limiter is "inlined" because some of the crud actions are also used in the batch APIs +func bindRecordCrudApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + subGroup := rg.Group("/collections/{collection}/records").Unbind(DefaultRateLimitMiddlewareId) + subGroup.GET("", recordsList) + subGroup.GET("/{id}", recordView) + subGroup.POST("", recordCreate(true, nil)).Bind(dynamicCollectionBodyLimit("")) + subGroup.PATCH("/{id}", recordUpdate(true, nil)).Bind(dynamicCollectionBodyLimit("")) + subGroup.DELETE("/{id}", recordDelete(true, nil)) +} + +func recordsList(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("Missing collection context.", err) + } + + err = checkCollectionRateLimit(e, collection, "list") + if err != nil { + return err + } + + requestInfo, err := e.RequestInfo() + if err != nil { + return firstApiError(err, e.BadRequestError("", err)) + } + + if collection.ListRule == nil && !requestInfo.HasSuperuserAuth() { + return e.ForbiddenError("Only superusers can perform this action.", nil) + } + + // forbid users and guests to query special filter/sort fields + err = checkForSuperuserOnlyRuleFields(requestInfo) + if err != nil { + return err + } + + query := e.App.RecordQuery(collection) + + fieldsResolver := core.NewRecordFieldResolver(e.App, collection, requestInfo, true) + + if !requestInfo.HasSuperuserAuth() && collection.ListRule != nil && *collection.ListRule != "" { + expr, err := search.FilterData(*collection.ListRule).BuildExpr(fieldsResolver) + if err != nil { + return err + } + query.AndWhere(expr) + + // will be applied by the search provider right before executing the query + // fieldsResolver.UpdateQuery(query) + } + + // hidden fields are searchable only by superusers + fieldsResolver.SetAllowHiddenFields(requestInfo.HasSuperuserAuth()) + + searchProvider := search.NewProvider(fieldsResolver).Query(query) + + // use rowid when available to minimize the need of a covering index with the "id" field + if !collection.IsView() { + searchProvider.CountCol("_rowid_") + } + + records := []*core.Record{} + result, err := searchProvider.ParseAndExec(e.Request.URL.Query().Encode(), &records) + if err != nil { + return firstApiError(err, e.BadRequestError("", err)) + } + + event := new(core.RecordsListRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Records = records + event.Result = result + + return e.App.OnRecordsListRequest().Trigger(event, func(e *core.RecordsListRequestEvent) error { + if err := EnrichRecords(e.RequestEvent, e.Records); err != nil { + return firstApiError(err, e.InternalServerError("Failed to enrich records", err)) + } + + // Add a randomized throttle in case of too many empty search filter attempts. + // + // This is just for extra precaution since security researches raised concern regarding the possibility of eventual + // timing attacks because the List API rule acts also as filter and executes in a single run with the client-side filters. + // This is by design and it is an accepted trade off between performance, usability and correctness. + // + // While technically the below doesn't fully guarantee protection against filter timing attacks, in practice combined with the network latency it makes them even less feasible. + // A properly configured rate limiter or individual fields Hidden checks are better suited if you are really concerned about eventual information disclosure by side-channel attacks. + // + // In all cases it doesn't really matter that much because it doesn't affect the builtin PocketBase security sensitive fields (e.g. password and tokenKey) since they + // are not client-side filterable and in the few places where they need to be compared against an external value, a constant time check is used. + if !e.HasSuperuserAuth() && + (collection.ListRule != nil && *collection.ListRule != "") && + (requestInfo.Query["filter"] != "") && + len(e.Records) == 0 && + checkRateLimit(e.RequestEvent, "@pb_list_timing_check_"+collection.Id, listTimingRateLimitRule) != nil { + e.App.Logger().Debug("Randomized throttle because of too many failed searches", "collectionId", collection.Id) + randomizedThrottle(150) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Result) + }) + }) +} + +var listTimingRateLimitRule = core.RateLimitRule{MaxRequests: 3, Duration: 3} + +func randomizedThrottle(softMax int64) { + var timeout int64 + randRange, err := cryptoRand.Int(cryptoRand.Reader, big.NewInt(softMax)) + if err == nil { + timeout = randRange.Int64() + } else { + timeout = softMax + } + + time.Sleep(time.Duration(timeout) * time.Millisecond) +} + +func recordView(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("Missing collection context.", err) + } + + err = checkCollectionRateLimit(e, collection, "view") + if err != nil { + return err + } + + recordId := e.Request.PathValue("id") + if recordId == "" { + return e.NotFoundError("", nil) + } + + requestInfo, err := e.RequestInfo() + if err != nil { + return firstApiError(err, e.BadRequestError("", err)) + } + + if collection.ViewRule == nil && !requestInfo.HasSuperuserAuth() { + return e.ForbiddenError("Only superusers can perform this action.", nil) + } + + ruleFunc := func(q *dbx.SelectQuery) error { + if !requestInfo.HasSuperuserAuth() && collection.ViewRule != nil && *collection.ViewRule != "" { + resolver := core.NewRecordFieldResolver(e.App, collection, requestInfo, true) + expr, err := search.FilterData(*collection.ViewRule).BuildExpr(resolver) + if err != nil { + return err + } + resolver.UpdateQuery(q) + q.AndWhere(expr) + } + return nil + } + + record, fetchErr := e.App.FindRecordById(collection, recordId, ruleFunc) + if fetchErr != nil || record == nil { + return firstApiError(err, e.NotFoundError("", fetchErr)) + } + + event := new(core.RecordRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + return e.App.OnRecordViewRequest().Trigger(event, func(e *core.RecordRequestEvent) error { + if err := EnrichRecord(e.RequestEvent, e.Record); err != nil { + return firstApiError(err, e.InternalServerError("Failed to enrich record", err)) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Record) + }) + }) +} + +func recordCreate(responseWriteAfterTx bool, optFinalizer func(data any) error) func(e *core.RequestEvent) error { + return func(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("Missing collection context.", err) + } + + if collection.IsView() { + return e.BadRequestError("Unsupported collection type.", nil) + } + + err = checkCollectionRateLimit(e, collection, "create") + if err != nil { + return err + } + + requestInfo, err := e.RequestInfo() + if err != nil { + return firstApiError(err, e.BadRequestError("", err)) + } + + hasSuperuserAuth := requestInfo.HasSuperuserAuth() + if !hasSuperuserAuth && collection.CreateRule == nil { + return e.ForbiddenError("Only superusers can perform this action.", nil) + } + + record := core.NewRecord(collection) + + data, err := recordDataFromRequest(e, record) + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to read the submitted data.", err)) + } + + // set a random password for the OAuth2 ignoring its plain password validators + var skipPlainPasswordRecordValidators bool + if requestInfo.Context == core.RequestInfoContextOAuth2 { + if _, ok := data[core.FieldNamePassword]; !ok { + data[core.FieldNamePassword] = security.RandomString(30) + data[core.FieldNamePassword+"Confirm"] = data[core.FieldNamePassword] + skipPlainPasswordRecordValidators = true + } + } + + // replace modifiers fields so that the resolved value is always + // available when accessing requestInfo.Body + requestInfo.Body = data + + form := forms.NewRecordUpsert(e.App, record) + if hasSuperuserAuth { + form.GrantSuperuserAccess() + } + form.Load(data) + + if skipPlainPasswordRecordValidators { + // unset the plain value to skip the plain password field validators + if raw, ok := record.GetRaw(core.FieldNamePassword).(*core.PasswordFieldValue); ok { + raw.Plain = "" + } + } + + // check the request and record data against the create and manage rules + if !hasSuperuserAuth && collection.CreateRule != nil { + dummyRecord := record.Clone() + + dummyRandomPart := "__pb_create__" + security.PseudorandomString(6) + + // set an id if it doesn't have already + // (the value doesn't matter; it is used only to minimize the breaking changes with earlier versions) + if dummyRecord.Id == "" { + dummyRecord.Id = "__temp_id__" + dummyRandomPart + } + + // unset the verified field to prevent manage API rule misuse in case the rule relies on it + dummyRecord.SetVerified(false) + + // export the dummy record data into db params + dummyExport, err := dummyRecord.DBExport(e.App) + if err != nil { + return e.BadRequestError("Failed to create record", fmt.Errorf("dummy DBExport error: %w", err)) + } + + dummyParams := make(dbx.Params, len(dummyExport)) + selects := make([]string, 0, len(dummyExport)) + var param string + for k, v := range dummyExport { + k = inflector.Columnify(k) // columnify is just as extra measure in case of custom fields + param = "__pb_create__" + k + dummyParams[param] = v + selects = append(selects, "{:"+param+"} AS [["+k+"]]") + } + + // shallow clone the current collection + dummyCollection := *collection + dummyCollection.Id += dummyRandomPart + dummyCollection.Name += inflector.Columnify(dummyRandomPart) + + withFrom := fmt.Sprintf("WITH {{%s}} as (SELECT %s)", dummyCollection.Name, strings.Join(selects, ",")) + + // check non-empty create rule + if *dummyCollection.CreateRule != "" { + ruleQuery := e.App.ConcurrentDB().Select("(1)").PreFragment(withFrom).From(dummyCollection.Name).AndBind(dummyParams) + + resolver := core.NewRecordFieldResolver(e.App, &dummyCollection, requestInfo, true) + + expr, err := search.FilterData(*dummyCollection.CreateRule).BuildExpr(resolver) + if err != nil { + return e.BadRequestError("Failed to create record", fmt.Errorf("create rule build expression failure: %w", err)) + } + ruleQuery.AndWhere(expr) + + resolver.UpdateQuery(ruleQuery) + + var exists int + err = ruleQuery.Limit(1).Row(&exists) + if err != nil || exists == 0 { + return e.BadRequestError("Failed to create record", fmt.Errorf("create rule failure: %w", err)) + } + } + + // check for manage rule access + manageRuleQuery := e.App.ConcurrentDB().Select("(1)").PreFragment(withFrom).From(dummyCollection.Name).AndBind(dummyParams) + if !form.HasManageAccess() && + hasAuthManageAccess(e.App, requestInfo, &dummyCollection, manageRuleQuery) { + form.GrantManagerAccess() + } + } + + var isOptFinalizerCalled bool + + event := new(core.RecordRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + hookErr := e.App.OnRecordCreateRequest().Trigger(event, func(e *core.RecordRequestEvent) error { + form.SetApp(e.App) + form.SetRecord(e.Record) + + err := form.Submit() + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to create record", err)) + } + + err = EnrichRecord(e.RequestEvent, e.Record) + if err != nil { + return firstApiError(err, e.InternalServerError("Failed to enrich record", err)) + } + + err = execAfterSuccessTx(responseWriteAfterTx, e.App, func() error { + return e.JSON(http.StatusOK, e.Record) + }) + if err != nil { + return err + } + + if optFinalizer != nil { + isOptFinalizerCalled = true + err = optFinalizer(e.Record) + if err != nil { + return firstApiError(err, e.InternalServerError("", err)) + } + } + + return nil + }) + if hookErr != nil { + return hookErr + } + + // e.g. in case the regular hook chain was stopped and the finalizer cannot be executed as part of the last e.Next() task + if !isOptFinalizerCalled && optFinalizer != nil { + if err := optFinalizer(event.Record); err != nil { + return firstApiError(err, e.InternalServerError("", err)) + } + } + + return nil + } +} + +func recordUpdate(responseWriteAfterTx bool, optFinalizer func(data any) error) func(e *core.RequestEvent) error { + return func(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("Missing collection context.", err) + } + + if collection.IsView() { + return e.BadRequestError("Unsupported collection type.", nil) + } + + err = checkCollectionRateLimit(e, collection, "update") + if err != nil { + return err + } + + recordId := e.Request.PathValue("id") + if recordId == "" { + return e.NotFoundError("", nil) + } + + requestInfo, err := e.RequestInfo() + if err != nil { + return firstApiError(err, e.BadRequestError("", err)) + } + + hasSuperuserAuth := requestInfo.HasSuperuserAuth() + + if !hasSuperuserAuth && collection.UpdateRule == nil { + return firstApiError(err, e.ForbiddenError("Only superusers can perform this action.", nil)) + } + + // eager fetch the record so that the modifiers field values can be resolved + record, err := e.App.FindRecordById(collection, recordId) + if err != nil { + return firstApiError(err, e.NotFoundError("", err)) + } + + data, err := recordDataFromRequest(e, record) + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to read the submitted data.", err)) + } + + // replace modifiers fields so that the resolved value is always + // available when accessing requestInfo.Body + requestInfo.Body = data + + ruleFunc := func(q *dbx.SelectQuery) error { + if !hasSuperuserAuth && collection.UpdateRule != nil && *collection.UpdateRule != "" { + resolver := core.NewRecordFieldResolver(e.App, collection, requestInfo, true) + expr, err := search.FilterData(*collection.UpdateRule).BuildExpr(resolver) + if err != nil { + return err + } + resolver.UpdateQuery(q) + q.AndWhere(expr) + } + return nil + } + + // refetch with access checks + record, err = e.App.FindRecordById(collection, recordId, ruleFunc) + if err != nil { + return firstApiError(err, e.NotFoundError("", err)) + } + + form := forms.NewRecordUpsert(e.App, record) + if hasSuperuserAuth { + form.GrantSuperuserAccess() + } + form.Load(data) + + manageRuleQuery := e.App.ConcurrentDB().Select("(1)").From(collection.Name).AndWhere(dbx.HashExp{ + collection.Name + ".id": record.Id, + }) + if !form.HasManageAccess() && + hasAuthManageAccess(e.App, requestInfo, collection, manageRuleQuery) { + form.GrantManagerAccess() + } + + var isOptFinalizerCalled bool + + event := new(core.RecordRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + hookErr := e.App.OnRecordUpdateRequest().Trigger(event, func(e *core.RecordRequestEvent) error { + form.SetApp(e.App) + form.SetRecord(e.Record) + + err := form.Submit() + if err != nil { + return firstApiError(err, e.BadRequestError("Failed to update record.", err)) + } + + err = EnrichRecord(e.RequestEvent, e.Record) + if err != nil { + return firstApiError(err, e.InternalServerError("Failed to enrich record", err)) + } + + err = execAfterSuccessTx(responseWriteAfterTx, e.App, func() error { + return e.JSON(http.StatusOK, e.Record) + }) + if err != nil { + return err + } + + if optFinalizer != nil { + isOptFinalizerCalled = true + err = optFinalizer(e.Record) + if err != nil { + return firstApiError(err, e.InternalServerError("", fmt.Errorf("update optFinalizer error: %w", err))) + } + } + + return nil + }) + if hookErr != nil { + return hookErr + } + + // e.g. in case the regular hook chain was stopped and the finalizer cannot be executed as part of the last e.Next() task + if !isOptFinalizerCalled && optFinalizer != nil { + if err := optFinalizer(event.Record); err != nil { + return firstApiError(err, e.InternalServerError("", fmt.Errorf("update optFinalizer error: %w", err))) + } + } + + return nil + } +} + +func recordDelete(responseWriteAfterTx bool, optFinalizer func(data any) error) func(e *core.RequestEvent) error { + return func(e *core.RequestEvent) error { + collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection")) + if err != nil || collection == nil { + return e.NotFoundError("Missing collection context.", err) + } + + if collection.IsView() { + return e.BadRequestError("Unsupported collection type.", nil) + } + + err = checkCollectionRateLimit(e, collection, "delete") + if err != nil { + return err + } + + recordId := e.Request.PathValue("id") + if recordId == "" { + return e.NotFoundError("", nil) + } + + requestInfo, err := e.RequestInfo() + if err != nil { + return firstApiError(err, e.BadRequestError("", err)) + } + + if !requestInfo.HasSuperuserAuth() && collection.DeleteRule == nil { + return e.ForbiddenError("Only superusers can perform this action.", nil) + } + + ruleFunc := func(q *dbx.SelectQuery) error { + if !requestInfo.HasSuperuserAuth() && collection.DeleteRule != nil && *collection.DeleteRule != "" { + resolver := core.NewRecordFieldResolver(e.App, collection, requestInfo, true) + expr, err := search.FilterData(*collection.DeleteRule).BuildExpr(resolver) + if err != nil { + return err + } + resolver.UpdateQuery(q) + q.AndWhere(expr) + } + return nil + } + + record, err := e.App.FindRecordById(collection, recordId, ruleFunc) + if err != nil || record == nil { + return e.NotFoundError("", err) + } + + var isOptFinalizerCalled bool + + event := new(core.RecordRequestEvent) + event.RequestEvent = e + event.Collection = collection + event.Record = record + + hookErr := e.App.OnRecordDeleteRequest().Trigger(event, func(e *core.RecordRequestEvent) error { + if err := e.App.Delete(e.Record); err != nil { + return firstApiError(err, e.BadRequestError("Failed to delete record. Make sure that the record is not part of a required relation reference.", err)) + } + + err = execAfterSuccessTx(responseWriteAfterTx, e.App, func() error { + return e.NoContent(http.StatusNoContent) + }) + if err != nil { + return err + } + + if optFinalizer != nil { + isOptFinalizerCalled = true + err = optFinalizer(e.Record) + if err != nil { + return firstApiError(err, e.InternalServerError("", fmt.Errorf("delete optFinalizer error: %w", err))) + } + } + + return nil + }) + if hookErr != nil { + return hookErr + } + + // e.g. in case the regular hook chain was stopped and the finalizer cannot be executed as part of the last e.Next() task + if !isOptFinalizerCalled && optFinalizer != nil { + if err := optFinalizer(event.Record); err != nil { + return firstApiError(err, e.InternalServerError("", fmt.Errorf("delete optFinalizer error: %w", err))) + } + } + + return nil + } +} + +// ------------------------------------------------------------------- + +func recordDataFromRequest(e *core.RequestEvent, record *core.Record) (map[string]any, error) { + info, err := e.RequestInfo() + if err != nil { + return nil, err + } + + // resolve regular fields + result := record.ReplaceModifiers(info.Body) + + // resolve uploaded files + uploadedFiles, err := extractUploadedFiles(e, record.Collection(), "") + if err != nil { + return nil, err + } + if len(uploadedFiles) > 0 { + for k, files := range uploadedFiles { + uploaded := make([]any, 0, len(files)) + + // if not remove/prepend/append -> merge with the submitted + // info.Body values to prevent accidental old files deletion + if info.Body[k] != nil && + !strings.HasPrefix(k, "+") && + !strings.HasSuffix(k, "+") && + !strings.HasSuffix(k, "-") { + existing := list.ToUniqueStringSlice(info.Body[k]) + for _, name := range existing { + uploaded = append(uploaded, name) + } + } + + for _, file := range files { + uploaded = append(uploaded, file) + } + + result[k] = uploaded + } + + result = record.ReplaceModifiers(result) + } + + isAuth := record.Collection().IsAuth() + + // unset hidden fields for non-superusers + if !info.HasSuperuserAuth() { + for _, f := range record.Collection().Fields { + if f.GetHidden() { + // exception for the auth collection "password" field + if isAuth && f.GetName() == core.FieldNamePassword { + continue + } + + delete(result, f.GetName()) + } + } + } + + return result, nil +} + +func extractUploadedFiles(re *core.RequestEvent, collection *core.Collection, prefix string) (map[string][]*filesystem.File, error) { + contentType := re.Request.Header.Get("content-type") + if !strings.HasPrefix(contentType, "multipart/form-data") { + return nil, nil // not multipart/form-data request + } + + result := map[string][]*filesystem.File{} + + for _, field := range collection.Fields { + if field.Type() != core.FieldTypeFile { + continue + } + + baseKey := field.GetName() + + keys := []string{ + baseKey, + // prepend and append modifiers + "+" + baseKey, + baseKey + "+", + } + + for _, k := range keys { + if prefix != "" { + k = prefix + "." + k + } + files, err := re.FindUploadedFiles(k) + if err != nil && !errors.Is(err, http.ErrMissingFile) { + return nil, err + } + if len(files) > 0 { + result[k] = files + } + } + } + + return result, nil +} + +// hasAuthManageAccess checks whether the client is allowed to have +// [forms.RecordUpsert] auth management permissions +// (e.g. allowing to change system auth fields without oldPassword). +func hasAuthManageAccess(app core.App, requestInfo *core.RequestInfo, collection *core.Collection, query *dbx.SelectQuery) bool { + if !collection.IsAuth() { + return false + } + + manageRule := collection.ManageRule + + if manageRule == nil || *manageRule == "" { + return false // only for superusers (manageRule can't be empty) + } + + if requestInfo == nil || requestInfo.Auth == nil { + return false // no auth record + } + + resolver := core.NewRecordFieldResolver(app, collection, requestInfo, true) + + expr, err := search.FilterData(*manageRule).BuildExpr(resolver) + if err != nil { + app.Logger().Error("Manage rule build expression error", "error", err, "collectionId", collection.Id) + return false + } + query.AndWhere(expr) + + resolver.UpdateQuery(query) + + var exists int + + err = query.Limit(1).Row(&exists) + + return err == nil && exists > 0 +} diff --git a/apis/record_crud_auth_origin_test.go b/apis/record_crud_auth_origin_test.go new file mode 100644 index 0000000..98db76c --- /dev/null +++ b/apis/record_crud_auth_origin_test.go @@ -0,0 +1,314 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordCrudAuthOriginList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "regular auth with authOrigins", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":1`, + `"totalPages":1`, + `"id":"9r2j0m74260ur8i"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "regular auth without authOrigins", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudAuthOriginView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{`"id":"9r2j0m74260ur8i"`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudAuthOriginDelete(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudAuthOriginCreate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "recordRef": "4q1xlclmfloku33", + "collectionRef": "_pb_users_auth_", + "fingerprint": "abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records", + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + ExpectedContent: []string{ + `"fingerprint":"abc"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudAuthOriginUpdate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "fingerprint":"abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameAuthOrigins + "/records/9r2j0m74260ur8i", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + ExpectedContent: []string{ + `"id":"9r2j0m74260ur8i"`, + `"fingerprint":"abc"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnRecordEnrich": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_crud_external_auth_test.go b/apis/record_crud_external_auth_test.go new file mode 100644 index 0000000..c4d1c48 --- /dev/null +++ b/apis/record_crud_external_auth_test.go @@ -0,0 +1,316 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordCrudExternalAuthList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "regular auth with externalAuths", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":1`, + `"totalPages":1`, + `"id":"f1z5b3843pzc964"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "regular auth without externalAuths", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records", + Headers: map[string]string{ + // users, test2@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6Im9hcDY0MGNvdDR5cnUycyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.GfJo6EHIobgas_AXt-M-tj5IoQendPnrkMSe9ExuSEY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudExternalAuthView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{`"id":"dlmflokuq1xl342"`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudExternalAuthDelete(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudExternalAuthCreate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "recordRef": "4q1xlclmfloku33", + "collectionRef": "_pb_users_auth_", + "provider": "github", + "providerId": "abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records", + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + ExpectedContent: []string{ + `"recordRef":"4q1xlclmfloku33"`, + `"providerId":"abc"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudExternalAuthUpdate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "providerId": "abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameExternalAuths + "/records/dlmflokuq1xl342", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + ExpectedContent: []string{ + `"id":"dlmflokuq1xl342"`, + `"providerId":"abc"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnRecordEnrich": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_crud_mfa_test.go b/apis/record_crud_mfa_test.go new file mode 100644 index 0000000..f82c446 --- /dev/null +++ b/apis/record_crud_mfa_test.go @@ -0,0 +1,405 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordCrudMFAList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "regular auth with mfas", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":1`, + `"totalPages":1`, + `"id":"user1_0"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "regular auth without mfas", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudMFAView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{`"id":"user1_0"`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudMFADelete(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudMFACreate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "recordRef": "4q1xlclmfloku33", + "collectionRef": "_pb_users_auth_", + "method": "abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records", + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedContent: []string{ + `"recordRef":"4q1xlclmfloku33"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudMFAUpdate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "method":"abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedContent: []string{ + `"id":"user1_0"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnRecordEnrich": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_crud_otp_test.go b/apis/record_crud_otp_test.go new file mode 100644 index 0000000..d7c44b8 --- /dev/null +++ b/apis/record_crud_otp_test.go @@ -0,0 +1,405 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordCrudOTPList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "regular auth with otps", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":1`, + `"totalPages":1`, + `"id":"user1_0"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "regular auth without otps", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"totalPages":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudOTPView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{`"id":"user1_0"`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudOTPDelete(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-owner auth", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudOTPCreate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "recordRef": "4q1xlclmfloku33", + "collectionRef": "_pb_users_auth_", + "password": "abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records", + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedContent: []string{ + `"recordRef":"4q1xlclmfloku33"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudOTPUpdate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "password":"abc" + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "owner regular auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0", + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + }, + ExpectedContent: []string{ + `"id":"user1_0"`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnRecordEnrich": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_crud_superuser_test.go b/apis/record_crud_superuser_test.go new file mode 100644 index 0000000..6c2ad58 --- /dev/null +++ b/apis/record_crud_superuser_test.go @@ -0,0 +1,336 @@ +package apis_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordCrudSuperuserList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-superusers auth", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records", + Headers: map[string]string{ + // _superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":4`, + `"items":[{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 4, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudSuperuserView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-superusers auth", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodGet, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + Headers: map[string]string{ + // _superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"sywbhecnh46rhm0"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudSuperuserDelete(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sbmbsdb40jyxf7h", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-superusers auth", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sbmbsdb40jyxf7h", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sbmbsdb40jyxf7h", + Headers: map[string]string{ + // _superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 4, // + 3 AuthOrigins + "OnModelDeleteExecute": 4, + "OnModelAfterDeleteSuccess": 4, + "OnRecordDelete": 4, + "OnRecordDeleteExecute": 4, + "OnRecordAfterDeleteSuccess": 4, + }, + }, + { + Name: "delete the last superuser", + Method: http.MethodDelete, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + Headers: map[string]string{ + // _superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + // delete all other superusers + superusers, err := app.FindAllRecords(core.CollectionNameSuperusers, dbx.Not(dbx.HashExp{"id": "sywbhecnh46rhm0"})) + if err != nil { + t.Fatal(err) + } + for _, superuser := range superusers { + if err = app.Delete(superuser); err != nil { + t.Fatal(err) + } + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelAfterDeleteError": 1, + "OnRecordDelete": 1, + "OnRecordAfterDeleteError": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudSuperuserCreate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "email": "test_new@example.com", + "password": "1234567890", + "passwordConfirm": "1234567890", + "verified": false + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records", + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-superusers auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPost, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records", + Headers: map[string]string{ + // _superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + ExpectedContent: []string{ + `"collectionName":"_superusers"`, + `"email":"test_new@example.com"`, + `"verified":true`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnRecordEnrich": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudSuperuserUpdate(t *testing.T) { + t.Parallel() + + body := func() *strings.Reader { + return strings.NewReader(`{ + "email": "test_new@example.com", + "verified": true + }`) + } + + scenarios := []tests.ApiScenario{ + { + Name: "guest", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "non-superusers auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: body(), + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superusers auth", + Method: http.MethodPatch, + URL: "/api/collections/" + core.CollectionNameSuperusers + "/records/sywbhecnh46rhm0", + Headers: map[string]string{ + // _superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Body: body(), + ExpectedContent: []string{ + `"collectionName":"_superusers"`, + `"id":"sywbhecnh46rhm0"`, + `"email":"test_new@example.com"`, + `"verified":true`, + }, + ExpectedStatus: 200, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnRecordEnrich": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordValidate": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_crud_test.go b/apis/record_crud_test.go new file mode 100644 index 0000000..2db19fc --- /dev/null +++ b/apis/record_crud_test.go @@ -0,0 +1,3584 @@ +package apis_test + +import ( + "bytes" + "net/http" + "net/url" + "os" + "path/filepath" + "strconv" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRecordCrudList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodGet, + URL: "/api/collections/missing/records", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "unauthenticated trying to access nil rule collection (aka. need superuser auth)", + Method: http.MethodGet, + URL: "/api/collections/demo1/records", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authenticated record trying to access nil rule collection (aka. need superuser auth)", + Method: http.MethodGet, + URL: "/api/collections/demo1/records", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "public collection but with superuser only filter param (aka. @collection, @request, etc.)", + Method: http.MethodGet, + URL: "/api/collections/demo2/records?filter=%40collection.demo2.title='test1'", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "public collection but with superuser only sort param (aka. @collection, @request, etc.)", + Method: http.MethodGet, + URL: "/api/collections/demo2/records?sort=@request.auth.title", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "public collection but with ENCODED superuser only filter/sort (aka. @collection)", + Method: http.MethodGet, + URL: "/api/collections/demo2/records?filter=%40collection.demo2.title%3D%27test1%27", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "public collection", + Method: http.MethodGet, + URL: "/api/collections/demo2/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"0yxhwia2amd8gec"`, + `"id":"achvryl401bhse3"`, + `"id":"llvuca81nly1qls"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "public collection (using the collection id)", + Method: http.MethodGet, + URL: "/api/collections/sz5l5z67tg7gku0/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"0yxhwia2amd8gec"`, + `"id":"achvryl401bhse3"`, + `"id":"llvuca81nly1qls"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "authorized as superuser trying to access nil rule collection (aka. need superuser auth)", + Method: http.MethodGet, + URL: "/api/collections/demo1/records", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"al1h9ijdeojtsjy"`, + `"id":"84nmscqy84lsi1t"`, + `"id":"imy661ixudk5izi"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "valid query params", + Method: http.MethodGet, + URL: "/api/collections/demo1/records?filter=text~'test'&sort=-bool", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":2`, + `"items":[{`, + `"id":"al1h9ijdeojtsjy"`, + `"id":"84nmscqy84lsi1t"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 2, + }, + }, + { + Name: "invalid filter", + Method: http.MethodGet, + URL: "/api/collections/demo1/records?filter=invalid~'test'", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "expand relations", + Method: http.MethodGet, + URL: "/api/collections/demo1/records?expand=rel_one,rel_many.rel,missing&perPage=2&sort=created", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":2`, + `"totalPages":2`, + `"totalItems":3`, + `"items":[{`, + `"collectionName":"demo1"`, + `"id":"84nmscqy84lsi1t"`, + `"id":"al1h9ijdeojtsjy"`, + `"expand":{`, + `"rel_one":""`, + `"rel_one":{"`, + `"rel_many":[{`, + `"rel":{`, + `"rel":""`, + `"json":[1,2,3]`, + `"select_many":["optionB","optionC"]`, + `"select_many":["optionB"]`, + // subrel items + `"id":"0yxhwia2amd8gec"`, + `"id":"llvuca81nly1qls"`, + // email visibility should be ignored for superusers even in expanded rels + `"email":"test@example.com"`, + `"email":"test2@example.com"`, + `"email":"test3@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 8, + }, + }, + { + Name: "authenticated record model that DOESN'T match the collection list rule", + Method: http.MethodGet, + URL: "/api/collections/demo3/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalItems":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "authenticated record that matches the collection list rule", + Method: http.MethodGet, + URL: "/api/collections/demo3/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":4`, + `"items":[{`, + `"id":"1tmknxy2868d869"`, + `"id":"lcl9d87w22ml6jy"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"mk5fmymtx4wsprk"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 4, + }, + }, + { + Name: "authenticated regular record that matches the collection list rule with hidden field", + Method: http.MethodGet, + URL: "/api/collections/demo3/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + col.ListRule = types.Pointer("title ~ 'test'") + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":4`, + `"items":[{`, + `"id":"1tmknxy2868d869"`, + `"id":"lcl9d87w22ml6jy"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"mk5fmymtx4wsprk"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 4, + }, + }, + { + Name: "authenticated regular record filtering with a hidden field", + Method: http.MethodGet, + URL: "/api/collections/demo3/records?filter=title~'test'", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "superuser filtering with a hidden field", + Method: http.MethodGet, + URL: "/api/collections/demo3/records?filter=title~'test'", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":4`, + `"items":[{`, + `"id":"1tmknxy2868d869"`, + `"id":"lcl9d87w22ml6jy"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"mk5fmymtx4wsprk"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 4, + }, + }, + { + Name: ":rule modifer", + Method: http.MethodGet, + URL: "/api/collections/demo5/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":1`, + `"items":[{`, + `"id":"qjeql998mtp1azp"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "multi-match - at least one of", + Method: http.MethodGet, + URL: "/api/collections/demo4/records?filter=" + url.QueryEscape("rel_many_no_cascade_required.files:length?=2"), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":1`, + `"items":[{`, + `"id":"qzaqccwrmva4o1n"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "multi-match - all", + Method: http.MethodGet, + URL: "/api/collections/demo4/records?filter=" + url.QueryEscape("rel_many_no_cascade_required.files:length=2"), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":0`, + `"totalItems":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "OnRecordsListRequest tx body write check", + Method: http.MethodGet, + URL: "/api/collections/demo4/records", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordsListRequest().BindFunc(func(e *core.RecordsListRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordsListRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // auth collection + // ----------------------------------------------------------- + { + Name: "check email visibility as guest", + Method: http.MethodGet, + URL: "/api/collections/nologin/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"phhq3wr65cap535"`, + `"id":"dc49k6jgejn40h3"`, + `"id":"oos036e9xvqeexy"`, + `"email":"test2@example.com"`, + `"emailVisibility":true`, + `"emailVisibility":false`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"email":"test@example.com"`, + `"email":"test3@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "check email visibility as any authenticated record", + Method: http.MethodGet, + URL: "/api/collections/nologin/records", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"phhq3wr65cap535"`, + `"id":"dc49k6jgejn40h3"`, + `"id":"oos036e9xvqeexy"`, + `"email":"test2@example.com"`, + `"emailVisibility":true`, + `"emailVisibility":false`, + }, + NotExpectedContent: []string{ + `"tokenKey":"`, + `"password":""`, + `"email":"test@example.com"`, + `"email":"test3@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "check email visibility as manage auth record", + Method: http.MethodGet, + URL: "/api/collections/nologin/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"phhq3wr65cap535"`, + `"id":"dc49k6jgejn40h3"`, + `"id":"oos036e9xvqeexy"`, + `"email":"test@example.com"`, + `"email":"test2@example.com"`, + `"email":"test3@example.com"`, + `"emailVisibility":true`, + `"emailVisibility":false`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "check email visibility as superuser", + Method: http.MethodGet, + URL: "/api/collections/nologin/records", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"phhq3wr65cap535"`, + `"id":"dc49k6jgejn40h3"`, + `"id":"oos036e9xvqeexy"`, + `"email":"test@example.com"`, + `"email":"test2@example.com"`, + `"email":"test3@example.com"`, + `"emailVisibility":true`, + `"emailVisibility":false`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + { + Name: "check self email visibility resolver", + Method: http.MethodGet, + URL: "/api/collections/nologin/records", + Headers: map[string]string{ + // nologin, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImRjNDlrNmpnZWpuNDBoMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoia3B2NzA5c2sybHFicWs4IiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.fdUPFLDx5b6RM_XFqnqsyiyNieyKA2HIIkRmUh9kIoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":3`, + `"items":[{`, + `"id":"phhq3wr65cap535"`, + `"id":"dc49k6jgejn40h3"`, + `"id":"oos036e9xvqeexy"`, + `"email":"test2@example.com"`, + `"email":"test@example.com"`, + `"emailVisibility":true`, + `"emailVisibility":false`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"email":"test3@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 3, + }, + }, + + // view collection + // ----------------------------------------------------------- + { + Name: "public view records", + Method: http.MethodGet, + URL: "/api/collections/view2/records?filter=state=false", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":2`, + `"items":[{`, + `"id":"al1h9ijdeojtsjy"`, + `"id":"imy661ixudk5izi"`, + }, + NotExpectedContent: []string{ + `"created"`, + `"updated"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 2, + }, + }, + { + Name: "guest that doesn't match the view collection list rule", + Method: http.MethodGet, + URL: "/api/collections/view1/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":0`, + `"totalItems":0`, + `"items":[]`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + }, + }, + { + Name: "authenticated record that matches the view collection list rule", + Method: http.MethodGet, + URL: "/api/collections/view1/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":1`, + `"items":[{`, + `"id":"84nmscqy84lsi1t"`, + `"bool":true`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "view collection with numeric ids", + Method: http.MethodGet, + URL: "/api/collections/numeric_id_view/records", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"page":1`, + `"perPage":30`, + `"totalPages":1`, + `"totalItems":2`, + `"items":[{`, + `"id":"1"`, + `"id":"2"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordsListRequest": 1, + "OnRecordEnrich": 2, + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - view2:list", + Method: http.MethodGet, + URL: "/api/collections/view2/records", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:list"}, + {MaxRequests: 0, Label: "view2:list"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:list", + Method: http.MethodGet, + URL: "/api/collections/view2/records", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:list"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudView(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodGet, + URL: "/api/collections/missing/records/0yxhwia2amd8gec", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing record", + Method: http.MethodGet, + URL: "/api/collections/demo2/records/missing", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "unauthenticated trying to access nil rule collection (aka. need superuser auth)", + Method: http.MethodGet, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authenticated record trying to access nil rule collection (aka. need superuser auth)", + Method: http.MethodGet, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authenticated record that doesn't match the collection view rule", + Method: http.MethodGet, + URL: "/api/collections/users/records/bgs820n361vj1qd", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "public collection view", + Method: http.MethodGet, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"0yxhwia2amd8gec"`, + `"collectionName":"demo2"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "public collection view (using the collection id)", + Method: http.MethodGet, + URL: "/api/collections/sz5l5z67tg7gku0/records/0yxhwia2amd8gec", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"0yxhwia2amd8gec"`, + `"collectionName":"demo2"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "authorized as superuser trying to access nil rule collection view (aka. need superuser auth)", + Method: http.MethodGet, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"imy661ixudk5izi"`, + `"collectionName":"demo1"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "authenticated record that does match the collection view rule", + Method: http.MethodGet, + URL: "/api/collections/users/records/4q1xlclmfloku33", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"4q1xlclmfloku33"`, + `"collectionName":"users"`, + // owners can always view their email + `"emailVisibility":false`, + `"email":"test@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "expand relations", + Method: http.MethodGet, + URL: "/api/collections/demo1/records/al1h9ijdeojtsjy?expand=rel_one,rel_many.rel,missing&perPage=2&sort=created", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"al1h9ijdeojtsjy"`, + `"collectionName":"demo1"`, + `"rel_many":[{`, + `"rel_one":{`, + `"collectionName":"users"`, + `"id":"bgs820n361vj1qd"`, + `"expand":{"rel":{`, + `"id":"0yxhwia2amd8gec"`, + `"collectionName":"demo2"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 7, + }, + }, + { + Name: "OnRecordViewRequest tx body write check", + Method: http.MethodGet, + URL: "/api/collections/demo1/records/al1h9ijdeojtsjy", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordViewRequest().BindFunc(func(e *core.RecordRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordViewRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // auth collection + // ----------------------------------------------------------- + { + Name: "check email visibility as guest", + Method: http.MethodGet, + URL: "/api/collections/nologin/records/oos036e9xvqeexy", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"oos036e9xvqeexy"`, + `"emailVisibility":false`, + `"verified":true`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"email":"test3@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "check email visibility as any authenticated record", + Method: http.MethodGet, + URL: "/api/collections/nologin/records/oos036e9xvqeexy", + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"oos036e9xvqeexy"`, + `"emailVisibility":false`, + `"verified":true`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"email":"test3@example.com"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "check email visibility as manage auth record", + Method: http.MethodGet, + URL: "/api/collections/nologin/records/oos036e9xvqeexy", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"oos036e9xvqeexy"`, + `"emailVisibility":false`, + `"email":"test3@example.com"`, + `"verified":true`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "check email visibility as superuser", + Method: http.MethodGet, + URL: "/api/collections/nologin/records/oos036e9xvqeexy", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"oos036e9xvqeexy"`, + `"emailVisibility":false`, + `"email":"test3@example.com"`, + `"verified":true`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "check self email visibility resolver", + Method: http.MethodGet, + URL: "/api/collections/nologin/records/dc49k6jgejn40h3", + Headers: map[string]string{ + // nologin, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImRjNDlrNmpnZWpuNDBoMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoia3B2NzA5c2sybHFicWs4IiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.fdUPFLDx5b6RM_XFqnqsyiyNieyKA2HIIkRmUh9kIoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"dc49k6jgejn40h3"`, + `"email":"test@example.com"`, + `"emailVisibility":false`, + `"verified":false`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + + // view collection + // ----------------------------------------------------------- + { + Name: "public view record", + Method: http.MethodGet, + URL: "/api/collections/view2/records/84nmscqy84lsi1t", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"84nmscqy84lsi1t"`, + `"state":true`, + `"file_many":["`, + `"rel_many":["`, + }, + NotExpectedContent: []string{ + `"created"`, + `"updated"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "guest that doesn't match the view collection view rule", + Method: http.MethodGet, + URL: "/api/collections/view1/records/84nmscqy84lsi1t", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authenticated record that matches the view collection view rule", + Method: http.MethodGet, + URL: "/api/collections/view1/records/84nmscqy84lsi1t", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"84nmscqy84lsi1t"`, + `"bool":true`, + `"text":"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "view record with numeric id", + Method: http.MethodGet, + URL: "/api/collections/numeric_id_view/records/1", + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"1"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordViewRequest": 1, + "OnRecordEnrich": 1, + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - numeric_id_view:view", + Method: http.MethodGet, + URL: "/api/collections/numeric_id_view/records/1", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:view"}, + {MaxRequests: 0, Label: "numeric_id_view:view"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:view", + Method: http.MethodGet, + URL: "/api/collections/numeric_id_view/records/1", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:view"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudDelete(t *testing.T) { + t.Parallel() + + ensureDeletedFiles := func(app *tests.TestApp, collectionId string, recordId string) { + storageDir := filepath.Join(app.DataDir(), "storage", collectionId, recordId) + + entries, _ := os.ReadDir(storageDir) + if len(entries) != 0 { + t.Errorf("Expected empty/deleted dir, found: %d\n%v", len(entries), entries) + } + } + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodDelete, + URL: "/api/collections/missing/records/0yxhwia2amd8gec", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "missing record", + Method: http.MethodDelete, + URL: "/api/collections/demo2/records/missing", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "unauthenticated trying to delete nil rule collection (aka. need superuser auth)", + Method: http.MethodDelete, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authenticated record trying to delete nil rule collection (aka. need superuser auth)", + Method: http.MethodDelete, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authenticated record that doesn't match the collection delete rule", + Method: http.MethodDelete, + URL: "/api/collections/users/records/bgs820n361vj1qd", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "trying to delete a view collection record", + Method: http.MethodDelete, + URL: "/api/collections/view1/records/imy661ixudk5izi", + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "public collection record delete", + Method: http.MethodDelete, + URL: "/api/collections/nologin/records/dc49k6jgejn40h3", + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + { + Name: "public collection record delete (using the collection id as identifier)", + Method: http.MethodDelete, + URL: "/api/collections/kpv709sk2lqbqk8/records/dc49k6jgejn40h3", + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + { + Name: "authorized as superuser trying to delete nil rule collection view (aka. need superuser auth)", + Method: http.MethodDelete, + URL: "/api/collections/clients/records/o1y0dd0spd786md", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + { + Name: "OnRecordDeleteRequest tx body write check", + Method: http.MethodDelete, + URL: "/api/collections/clients/records/o1y0dd0spd786md", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordDeleteRequest().BindFunc(func(e *core.RecordRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordDeleteRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + { + Name: "authenticated record that match the collection delete rule", + Method: http.MethodDelete, + URL: "/api/collections/users/records/4q1xlclmfloku33", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 3, // +2 for the externalAuths + "OnModelDeleteExecute": 3, + "OnModelAfterDeleteSuccess": 3, + "OnRecordDelete": 3, + "OnRecordDeleteExecute": 3, + "OnRecordAfterDeleteSuccess": 3, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnRecordUpdateExecute": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + ensureDeletedFiles(app, "_pb_users_auth_", "4q1xlclmfloku33") + + // check if all the external auths records were deleted + collection, _ := app.FindCollectionByNameOrId("users") + record := core.NewRecord(collection) + record.Set("id", "4q1xlclmfloku33") + externalAuths, err := app.FindAllExternalAuthsByRecord(record) + if err != nil { + t.Errorf("Failed to fetch external auths: %v", err) + } + if len(externalAuths) > 0 { + t.Errorf("Expected the linked external auths to be deleted, got %d", len(externalAuths)) + } + }, + }, + { + Name: "@request :isset (rule failure check)", + Method: http.MethodDelete, + URL: "/api/collections/demo5/records/la4y2w4o98acwuj", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "@request :isset (rule pass check)", + Method: http.MethodDelete, + URL: "/api/collections/demo5/records/la4y2w4o98acwuj?test=1", + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + }, + }, + + // cascade delete checks + // ----------------------------------------------------------- + { + Name: "trying to delete a record while being part of a non-cascade required relation", + Method: http.MethodDelete, + URL: "/api/collections/demo3/records/7nwo8tuiatetxdm", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 2, // the record itself + rel_one_cascade of test1 record + "OnModelDeleteExecute": 2, + "OnModelAfterDeleteError": 2, + "OnRecordDelete": 2, + "OnRecordDeleteExecute": 2, + "OnRecordAfterDeleteError": 2, + "OnModelUpdate": 2, // self_rel_many update of test1 record + rel_one_cascade demo4 cascaded in demo5 + "OnModelUpdateExecute": 2, + "OnModelAfterUpdateError": 2, + "OnRecordUpdate": 2, + "OnRecordUpdateExecute": 2, + "OnRecordAfterUpdateError": 2, + }, + }, + { + Name: "delete a record with non-cascade references", + Method: http.MethodDelete, + URL: "/api/collections/demo3/records/1tmknxy2868d869", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 1, + "OnModelDeleteExecute": 1, + "OnModelAfterDeleteSuccess": 1, + "OnRecordDelete": 1, + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + "OnModelUpdate": 2, + "OnModelUpdateExecute": 2, + "OnModelAfterUpdateSuccess": 2, + "OnRecordUpdate": 2, + "OnRecordUpdateExecute": 2, + "OnRecordAfterUpdateSuccess": 2, + }, + }, + { + Name: "delete a record with cascade references", + Method: http.MethodDelete, + URL: "/api/collections/users/records/oap640cot4yru2s", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + Delay: 100 * time.Millisecond, + ExpectedStatus: 204, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordDeleteRequest": 1, + "OnModelDelete": 2, + "OnModelDeleteExecute": 2, + "OnModelAfterDeleteSuccess": 2, + "OnRecordDelete": 2, + "OnRecordDeleteExecute": 2, + "OnRecordAfterDeleteSuccess": 2, + "OnModelUpdate": 2, + "OnModelUpdateExecute": 2, + "OnModelAfterUpdateSuccess": 2, + "OnRecordUpdate": 2, + "OnRecordUpdateExecute": 2, + "OnRecordAfterUpdateSuccess": 2, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + recId := "84nmscqy84lsi1t" + rec, _ := app.FindRecordById("demo1", recId, nil) + if rec != nil { + t.Errorf("Expected record %s to be cascade deleted", recId) + } + ensureDeletedFiles(app, "wsmn24bux7wo113", recId) + ensureDeletedFiles(app, "_pb_users_auth_", "oap640cot4yru2s") + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - demo5:delete", + Method: http.MethodDelete, + URL: "/api/collections/demo5/records/la4y2w4o98acwuj?test=1", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:delete"}, + {MaxRequests: 0, Label: "demo5:delete"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:delete", + Method: http.MethodDelete, + URL: "/api/collections/demo5/records/la4y2w4o98acwuj?test=1", + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:delete"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudCreate(t *testing.T) { + t.Parallel() + + formData, mp, err := tests.MockMultipartData(map[string]string{ + "title": "title_test", + }, "files") + if err != nil { + t.Fatal(err) + } + + formData2, mp2, err2 := tests.MockMultipartData(map[string]string{ + router.JSONPayloadKey: `{"title": "title_test2", "testPayload": 123}`, + }, "files") + if err2 != nil { + t.Fatal(err2) + } + + formData3, mp3, err3 := tests.MockMultipartData(map[string]string{ + router.JSONPayloadKey: `{"title": "title_test3", "testPayload": 123}`, + }, "files") + if err3 != nil { + t.Fatal(err3) + } + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodPost, + URL: "/api/collections/missing/records", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "guest trying to access nil-rule collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/records", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record trying to access nil-rule collection", + Method: http.MethodPost, + URL: "/api/collections/demo1/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "trying to create a new view collection record", + Method: http.MethodPost, + URL: "/api/collections/view1/records", + Body: strings.NewReader(`{"text":"new"}`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "submit invalid body", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: strings.NewReader(`{"`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "submit nil body", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: nil, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"title":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelValidate": 1, + "OnModelAfterCreateError": 1, + "OnRecordCreate": 1, + "OnRecordValidate": 1, + "OnRecordAfterCreateError": 1, + }, + }, + { + Name: "submit empty json body", + Method: http.MethodPost, + URL: "/api/collections/nologin/records", + Body: strings.NewReader(`{}`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"password":{"code":"validation_required"`, + `"passwordConfirm":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + }, + }, + { + Name: "guest submit in public collection", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: strings.NewReader(`{"title":"new"}`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":`, + `"title":"new"`, + `"active":false`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "guest trying to submit in restricted collection", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{"title":"test123"}`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record submit in restricted collection (rule failure check)", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{"title":"test123"}`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record submit in restricted collection (rule pass check) + expand relations", + Method: http.MethodPost, + URL: "/api/collections/demo4/records?expand=missing,rel_one_no_cascade,rel_many_no_cascade_required", + Body: strings.NewReader(`{ + "title":"test123", + "rel_one_no_cascade":"mk5fmymtx4wsprk", + "rel_one_no_cascade_required":"7nwo8tuiatetxdm", + "rel_one_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"], + "rel_many_cascade":"lcl9d87w22ml6jy" + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":`, + `"title":"test123"`, + `"expand":{}`, // empty expand even because of the query param + `"rel_one_no_cascade":"mk5fmymtx4wsprk"`, + `"rel_one_no_cascade_required":"7nwo8tuiatetxdm"`, + `"rel_one_cascade":"mk5fmymtx4wsprk"`, + `"rel_many_no_cascade":["mk5fmymtx4wsprk"]`, + `"rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"]`, + `"rel_many_cascade":["lcl9d87w22ml6jy"]`, + }, + NotExpectedContent: []string{ + // the users auth records don't have access to view the demo3 expands + `"missing"`, + `"id":"mk5fmymtx4wsprk"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"lcl9d87w22ml6jy"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "superuser submit in restricted collection (rule skip check) + expand relations", + Method: http.MethodPost, + URL: "/api/collections/demo4/records?expand=missing,rel_one_no_cascade,rel_many_no_cascade_required", + Body: strings.NewReader(`{ + "title":"test123", + "rel_one_no_cascade":"mk5fmymtx4wsprk", + "rel_one_no_cascade_required":"7nwo8tuiatetxdm", + "rel_one_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"], + "rel_many_cascade":"lcl9d87w22ml6jy" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":`, + `"title":"test123"`, + `"rel_one_no_cascade":"mk5fmymtx4wsprk"`, + `"rel_one_no_cascade_required":"7nwo8tuiatetxdm"`, + `"rel_one_cascade":"mk5fmymtx4wsprk"`, + `"rel_many_no_cascade":["mk5fmymtx4wsprk"]`, + `"rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"]`, + `"rel_many_cascade":["lcl9d87w22ml6jy"]`, + `"expand":{`, + `"id":"mk5fmymtx4wsprk"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"lcl9d87w22ml6jy"`, + }, + NotExpectedContent: []string{ + `"missing"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 4, + }, + }, + { + Name: "superuser submit via multipart form data", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: formData, + Headers: map[string]string{ + "Content-Type": mp.FormDataContentType(), + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"`, + `"title":"title_test"`, + `"files":["`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "submit via multipart form data with @jsonPayload key and unsatisfied @request.body rule", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: formData2, + Headers: map[string]string{ + "Content-Type": mp2.FormDataContentType(), + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatalf("failed to find demo3 collection: %v", err) + } + collection.CreateRule = types.Pointer("@request.body.testPayload != 123") + if err := app.Save(collection); err != nil { + t.Fatalf("failed to update demo3 collection create rule: %v", err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "submit via multipart form data with @jsonPayload key and satisfied @request.body rule", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: formData3, + Headers: map[string]string{ + "Content-Type": mp3.FormDataContentType(), + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatalf("failed to find demo3 collection: %v", err) + } + collection.CreateRule = types.Pointer("@request.body.testPayload = 123") + if err := app.Save(collection); err != nil { + t.Fatalf("failed to update demo3 collection create rule: %v", err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"`, + `"title":"title_test3"`, + `"files":["`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "unique field error check", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: strings.NewReader(`{ + "title":"test2" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"title":{`, + `"code":"validation_not_unique"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateError": 1, + "OnModelValidate": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateError": 1, + "OnRecordValidate": 1, + }, + }, + { + Name: "OnRecordCreateRequest tx body write check", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: strings.NewReader(`{"title":"new"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordCreateRequest().BindFunc(func(e *core.RecordRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordCreateRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + + // ID checks + // ----------------------------------------------------------- + { + Name: "invalid custom insertion id (less than 15 chars)", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{ + "id": "12345678901234", + "title": "test" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"id":{"code":"validation_min_text_constraint"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelValidate": 1, + "OnModelAfterCreateError": 1, + "OnRecordCreate": 1, + "OnRecordValidate": 1, + "OnRecordAfterCreateError": 1, + }, + }, + { + Name: "invalid custom insertion id (more than 15 chars)", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{ + "id": "1234567890123456", + "title": "test" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"id":{"code":"validation_max_text_constraint"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelValidate": 1, + "OnModelAfterCreateError": 1, + "OnRecordCreate": 1, + "OnRecordValidate": 1, + "OnRecordAfterCreateError": 1, + }, + }, + { + Name: "valid custom insertion id (exactly 15 chars)", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{ + "id": "123456789012345", + "title": "test" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"123456789012345"`, + `"title":"test"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "valid custom insertion id existing in another non-auth collection", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{ + "id": "0yxhwia2amd8gec", + "title": "test" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"0yxhwia2amd8gec"`, + `"title":"test"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "valid custom insertion auth id duplicating in another auth collection", + Method: http.MethodPost, + URL: "/api/collections/users/records", + Body: strings.NewReader(`{ + "id":"o1y0dd0spd786md", + "title":"test", + "password":"1234567890", + "passwordConfirm":"1234567890" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"id":{"code":"validation_invalid_auth_id"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, // unique constraints are handled on db level + "OnModelAfterCreateError": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateError": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + }, + }, + + // check whether if @request.body modifer fields are properly resolved + // ----------------------------------------------------------- + { + Name: "@request.body.field with compute modifers (rule failure check)", + Method: http.MethodPost, + URL: "/api/collections/demo5/records", + Body: strings.NewReader(`{ + "total+":4, + "total-":2 + }`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "@request.body.field with compute modifers (rule pass check)", + Method: http.MethodPost, + URL: "/api/collections/demo5/records", + Body: strings.NewReader(`{ + "total+":4, + "total-":1 + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"`, + `"collectionName":"demo5"`, + `"total":3`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + + // auth records + // ----------------------------------------------------------- + { + Name: "auth record with invalid form data", + Method: http.MethodPost, + URL: "/api/collections/users/records", + Body: strings.NewReader(`{ + "password":"1234567", + "passwordConfirm":"1234560", + "email":"invalid", + "username":"Users75657" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"passwordConfirm":{"code":"validation_values_mismatch"`, + }, + NotExpectedContent: []string{ + // record fields are not checked if the base auth form fields have errors + `"rel":`, + `"email":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + }, + }, + { + Name: "auth record with valid form data but invalid record fields", + Method: http.MethodPost, + URL: "/api/collections/users/records", + Body: strings.NewReader(`{ + "password":"1234567", + "passwordConfirm":"1234567", + "rel":"invalid" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"rel":{"code":`, + `"password":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelValidate": 1, + "OnModelAfterCreateError": 1, + "OnRecordCreate": 1, + "OnRecordValidate": 1, + "OnRecordAfterCreateError": 1, + }, + }, + { + Name: "auth record with valid data and explicitly verified state by guest", + Method: http.MethodPost, + URL: "/api/collections/users/records", + Body: strings.NewReader(`{ + "password":"12345678", + "passwordConfirm":"12345678", + "verified":true + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"verified":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + // no validation hooks because it should fail before save by the form auth fields validator + }, + }, + { + Name: "auth record with valid data and explicitly verified state by random user", + Method: http.MethodPost, + URL: "/api/collections/users/records", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: strings.NewReader(`{ + "password":"12345678", + "passwordConfirm":"12345678", + "emailVisibility":true, + "verified":true + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"verified":{"code":`, + }, + NotExpectedContent: []string{ + `"emailVisibility":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + // no validation hooks because it should fail before save by the form auth fields validator + }, + }, + { + Name: "auth record with valid data by superuser", + Method: http.MethodPost, + URL: "/api/collections/users/records", + Body: strings.NewReader(`{ + "id":"o1o1y0pd78686mq", + "username":"test.valid", + "email":"new@example.com", + "password":"12345678", + "passwordConfirm":"12345678", + "rel":"achvryl401bhse3", + "emailVisibility":true, + "verified":true + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"o1o1y0pd78686mq"`, + `"username":"test.valid"`, + `"email":"new@example.com"`, + `"rel":"achvryl401bhse3"`, + `"emailVisibility":true`, + `"verified":true`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"passwordConfirm"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "auth record with valid data by auth record with manage access", + Method: http.MethodPost, + URL: "/api/collections/nologin/records", + Body: strings.NewReader(`{ + "email":"new@example.com", + "password":"12345678", + "passwordConfirm":"12345678", + "name":"test_name", + "emailVisibility":true, + "verified":true + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"`, + `"username":"`, + `"email":"new@example.com"`, + `"name":"test_name"`, + `"emailVisibility":true`, + `"verified":true`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"passwordConfirm"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + + // ensure that hidden fields cannot be set by non-superusers + // ----------------------------------------------------------- + { + Name: "create with hidden field as regular user", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{ + "id": "abcde1234567890", + "title": "test_create" + }`), + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, err := app.FindRecordById("demo3", "abcde1234567890") + if err != nil { + t.Fatal(err) + } + + // ensure that the title wasn't saved + if v := record.GetString("title"); v != "" { + t.Fatalf("Expected empty title, got %q", v) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"abcde1234567890"`, + }, + NotExpectedContent: []string{ + `"title"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "create with hidden field as superuser", + Method: http.MethodPost, + URL: "/api/collections/demo3/records", + Body: strings.NewReader(`{ + "id": "abcde1234567890", + "title": "test_create" + }`), + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, err := app.FindRecordById("demo3", "abcde1234567890") + if err != nil { + t.Fatal(err) + } + + // ensure that the title was saved + if v := record.GetString("title"); v != "test_create" { + t.Fatalf("Expected title %q, got %q", "test_create", v) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"abcde1234567890"`, + `"title":"test_create"`, + }, + NotExpectedContent: []string{}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordCreateRequest": 1, + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnRecordCreate": 1, + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - demo2:create", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: strings.NewReader(`{"title":"new"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:create"}, + {MaxRequests: 0, Label: "demo2:create"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:create", + Method: http.MethodPost, + URL: "/api/collections/demo2/records", + Body: strings.NewReader(`{"title":"new"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:create"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + + // dynamic body limit checks + // ----------------------------------------------------------- + { + Name: "body > collection BodyLimit", + Method: http.MethodPost, + URL: "/api/collections/demo1/records", + // the exact body doesn't matter as long as it returns 413 + Body: bytes.NewReader(make([]byte, apis.DefaultMaxBodySize+5+20+2+1)), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + // adjust field sizes for the test + // --- + fileOneField := collection.Fields.GetByName("file_one").(*core.FileField) + fileOneField.MaxSize = 5 + + fileManyField := collection.Fields.GetByName("file_many").(*core.FileField) + fileManyField.MaxSize = 10 + fileManyField.MaxSelect = 2 + + jsonField := collection.Fields.GetByName("json").(*core.JSONField) + jsonField.MaxSize = 2 + + err = app.Save(collection) + if err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 413, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "body <= collection BodyLimit", + Method: http.MethodPost, + URL: "/api/collections/demo1/records", + // the exact body doesn't matter as long as it doesn't return 413 + Body: bytes.NewReader(make([]byte, apis.DefaultMaxBodySize+5+20+2)), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + // adjust field sizes for the test + // --- + fileOneField := collection.Fields.GetByName("file_one").(*core.FileField) + fileOneField.MaxSize = 5 + + fileManyField := collection.Fields.GetByName("file_many").(*core.FileField) + fileManyField.MaxSize = 10 + fileManyField.MaxSelect = 2 + + jsonField := collection.Fields.GetByName("json").(*core.JSONField) + jsonField.MaxSize = 2 + + err = app.Save(collection) + if err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestRecordCrudUpdate(t *testing.T) { + t.Parallel() + + formData, mp, err := tests.MockMultipartData(map[string]string{ + "title": "title_test", + }, "files") + if err != nil { + t.Fatal(err) + } + + formData2, mp2, err2 := tests.MockMultipartData(map[string]string{ + router.JSONPayloadKey: `{"title": "title_test2", "testPayload": 123}`, + }, "files") + if err2 != nil { + t.Fatal(err2) + } + + formData3, mp3, err3 := tests.MockMultipartData(map[string]string{ + router.JSONPayloadKey: `{"title": "title_test3", "testPayload": 123, "files":"300_JdfBOieXAW.png"}`, + }, "files") + if err3 != nil { + t.Fatal(err3) + } + + scenarios := []tests.ApiScenario{ + { + Name: "missing collection", + Method: http.MethodPatch, + URL: "/api/collections/missing/records/0yxhwia2amd8gec", + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "guest trying to access nil-rule collection record", + Method: http.MethodPatch, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record trying to access nil-rule collection", + Method: http.MethodPatch, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "trying to update a view collection record", + Method: http.MethodPatch, + URL: "/api/collections/view1/records/imy661ixudk5izi", + Body: strings.NewReader(`{"text":"new"}`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "submit invalid body", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{"`), + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "submit nil body (aka. no fields change)", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: nil, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"collectionName":"demo2"`, + `"id":"0yxhwia2amd8gec"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "submit empty body (aka. no fields change)", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{}`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"collectionName":"demo2"`, + `"id":"0yxhwia2amd8gec"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "trigger field validation", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{"title":"a"}`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `data":{`, + `"title":{"code":"validation_min_text_constraint"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelValidate": 1, + "OnModelAfterUpdateError": 1, + "OnRecordUpdate": 1, + "OnRecordValidate": 1, + "OnRecordAfterUpdateError": 1, + }, + }, + { + Name: "guest submit in public collection", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{"title":"new"}`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"0yxhwia2amd8gec"`, + `"title":"new"`, + `"active":true`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "guest trying to submit in restricted collection", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/mk5fmymtx4wsprk", + Body: strings.NewReader(`{"title":"new"}`), + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record submit in restricted collection (rule failure check)", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/mk5fmymtx4wsprk", + Body: strings.NewReader(`{"title":"new"}`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "auth record submit in restricted collection (rule pass check) + expand relations", + Method: http.MethodPatch, + URL: "/api/collections/demo4/records/i9naidtvr6qsgb4?expand=missing,rel_one_no_cascade,rel_many_no_cascade_required", + Body: strings.NewReader(`{ + "title":"test123", + "rel_one_no_cascade":"mk5fmymtx4wsprk", + "rel_one_no_cascade_required":"7nwo8tuiatetxdm", + "rel_one_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"], + "rel_many_cascade":"lcl9d87w22ml6jy" + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"i9naidtvr6qsgb4"`, + `"title":"test123"`, + `"expand":{}`, // empty expand even because of the query param + `"rel_one_no_cascade":"mk5fmymtx4wsprk"`, + `"rel_one_no_cascade_required":"7nwo8tuiatetxdm"`, + `"rel_one_cascade":"mk5fmymtx4wsprk"`, + `"rel_many_no_cascade":["mk5fmymtx4wsprk"]`, + `"rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"]`, + `"rel_many_cascade":["lcl9d87w22ml6jy"]`, + }, + NotExpectedContent: []string{ + // the users auth records don't have access to view the demo3 expands + `"missing"`, + `"id":"mk5fmymtx4wsprk"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"lcl9d87w22ml6jy"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "superuser submit in restricted collection (rule skip check) + expand relations", + Method: http.MethodPatch, + URL: "/api/collections/demo4/records/i9naidtvr6qsgb4?expand=missing,rel_one_no_cascade,rel_many_no_cascade_required", + Body: strings.NewReader(`{ + "title":"test123", + "rel_one_no_cascade":"mk5fmymtx4wsprk", + "rel_one_no_cascade_required":"7nwo8tuiatetxdm", + "rel_one_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade":"mk5fmymtx4wsprk", + "rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"], + "rel_many_cascade":"lcl9d87w22ml6jy" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"i9naidtvr6qsgb4"`, + `"title":"test123"`, + `"rel_one_no_cascade":"mk5fmymtx4wsprk"`, + `"rel_one_no_cascade_required":"7nwo8tuiatetxdm"`, + `"rel_one_cascade":"mk5fmymtx4wsprk"`, + `"rel_many_no_cascade":["mk5fmymtx4wsprk"]`, + `"rel_many_no_cascade_required":["7nwo8tuiatetxdm","lcl9d87w22ml6jy"]`, + `"rel_many_cascade":["lcl9d87w22ml6jy"]`, + `"expand":{`, + `"id":"mk5fmymtx4wsprk"`, + `"id":"7nwo8tuiatetxdm"`, + `"id":"lcl9d87w22ml6jy"`, + }, + NotExpectedContent: []string{ + `"missing"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 4, + }, + }, + { + Name: "superuser submit via multipart form data", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/mk5fmymtx4wsprk", + Body: formData, + Headers: map[string]string{ + "Content-Type": mp.FormDataContentType(), + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"mk5fmymtx4wsprk"`, + `"title":"title_test"`, + `"files":["`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "submit via multipart form data with @jsonPayload key and unsatisfied @request.body rule", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/mk5fmymtx4wsprk", + Body: formData2, + Headers: map[string]string{ + "Content-Type": mp2.FormDataContentType(), + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatalf("failed to find demo3 collection: %v", err) + } + collection.UpdateRule = types.Pointer("@request.body.testPayload != 123") + if err := app.Save(collection); err != nil { + t.Fatalf("failed to update demo3 collection update rule: %v", err) + } + }, + ExpectedStatus: 404, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "submit via multipart form data with @jsonPayload key and satisfied @request.body rule", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/mk5fmymtx4wsprk", + Body: formData3, + Headers: map[string]string{ + "Content-Type": mp3.FormDataContentType(), + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatalf("failed to find demo3 collection: %v", err) + } + collection.UpdateRule = types.Pointer("@request.body.testPayload = 123") + if err := app.Save(collection); err != nil { + t.Fatalf("failed to update demo3 collection update rule: %v", err) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"mk5fmymtx4wsprk"`, + `"title":"title_test3"`, + `"files":["`, + `"300_JdfBOieXAW.png"`, + `"tmpfile_`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "OnRecordUpdateRequest tx body write check", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{"title":"new"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnRecordUpdateRequest().BindFunc(func(e *core.RecordRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnRecordUpdateRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + { + Name: "try to change the id of an existing record", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/mk5fmymtx4wsprk", + Body: strings.NewReader(`{ + "id": "mk5fmymtx4wspra" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"id":{"code":"validation_pk_change"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelValidate": 1, + "OnModelAfterUpdateError": 1, + "OnRecordUpdate": 1, + "OnRecordValidate": 1, + "OnRecordAfterUpdateError": 1, + }, + }, + { + Name: "unique field error check", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/llvuca81nly1qls", + Body: strings.NewReader(`{ + "title":"test2" + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"title":{`, + `"code":"validation_not_unique"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateError": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateError": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + }, + }, + + // check whether if @request.body modifer fields are properly resolved + // ----------------------------------------------------------- + { + Name: "@request.body.field with compute modifers (rule failure check)", + Method: http.MethodPatch, + URL: "/api/collections/demo5/records/la4y2w4o98acwuj", + Body: strings.NewReader(`{ + "total+":3, + "total-":1 + }`), + ExpectedStatus: 404, + ExpectedContent: []string{ + `"data":{}`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "@request.body.field with compute modifers (rule pass check)", + Method: http.MethodPatch, + URL: "/api/collections/demo5/records/la4y2w4o98acwuj", + Body: strings.NewReader(`{ + "total+":2, + "total-":1 + }`), + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"la4y2w4o98acwuj"`, + `"collectionName":"demo5"`, + `"total":3`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + + // auth records + // ----------------------------------------------------------- + { + Name: "auth record with invalid form data", + Method: http.MethodPatch, + URL: "/api/collections/users/records/bgs820n361vj1qd", + Body: strings.NewReader(`{ + "password":"", + "passwordConfirm":"1234560", + "email":"invalid", + "verified":false + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"passwordConfirm":{`, + `"password":{`, + }, + NotExpectedContent: []string{ + // record fields are not checked if the base auth form fields have errors + `"email":`, + "verified", // superusers are allowed to change the verified state + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + }, + }, + { + Name: "auth record with valid form data but invalid record fields", + Method: http.MethodPatch, + URL: "/api/collections/users/records/bgs820n361vj1qd", + Body: strings.NewReader(`{ + "password":"1234567", + "passwordConfirm":"1234567", + "rel":"invalid" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"rel":{"code":`, + `"password":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelValidate": 1, + "OnModelAfterUpdateError": 1, + "OnRecordUpdate": 1, + "OnRecordValidate": 1, + "OnRecordAfterUpdateError": 1, + }, + }, + { + Name: "try to change account managing fields by guest", + Method: http.MethodPatch, + URL: "/api/collections/nologin/records/phhq3wr65cap535", + Body: strings.NewReader(`{ + "password":"12345678", + "passwordConfirm":"12345678", + "emailVisibility":true, + "verified":true + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"verified":{"code":`, + `"oldPassword":{"code":`, + }, + NotExpectedContent: []string{ + `"emailVisibility":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + }, + }, + { + Name: "try to change account managing fields by auth record (owner)", + Method: http.MethodPatch, + URL: "/api/collections/users/records/4q1xlclmfloku33", + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + Body: strings.NewReader(`{ + "password":"12345678", + "passwordConfirm":"12345678", + "emailVisibility":true, + "verified":true + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"verified":{"code":`, + `"oldPassword":{"code":`, + }, + NotExpectedContent: []string{ + `"emailVisibility":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + }, + }, + { + Name: "try to unset/downgrade email and verified fields (owner)", + Method: http.MethodPatch, + URL: "/api/collections/users/records/oap640cot4yru2s", + Headers: map[string]string{ + // users, test2@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6Im9hcDY0MGNvdDR5cnUycyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.GfJo6EHIobgas_AXt-M-tj5IoQendPnrkMSe9ExuSEY", + }, + Body: strings.NewReader(`{ + "email":"", + "verified":false + }`), + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"email":{"code":`, + `"verified":{"code":`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + }, + }, + { + Name: "try to change account managing fields by auth record with managing rights", + Method: http.MethodPatch, + URL: "/api/collections/nologin/records/phhq3wr65cap535", + Body: strings.NewReader(`{ + "email":"new@example.com", + "password":"12345678", + "passwordConfirm":"12345678", + "name":"test_name", + "emailVisibility":true, + "verified":true + }`), + Headers: map[string]string{ + // users, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"email":"new@example.com"`, + `"name":"test_name"`, + `"emailVisibility":true`, + `"verified":true`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"passwordConfirm"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, _ := app.FindRecordById("nologin", "phhq3wr65cap535") + if !record.ValidatePassword("12345678") { + t.Fatal("Password update failed.") + } + }, + }, + { + Name: "update auth record with valid data by superuser", + Method: http.MethodPatch, + URL: "/api/collections/users/records/oap640cot4yru2s", + Body: strings.NewReader(`{ + "username":"test.valid", + "email":"new@example.com", + "password":"12345678", + "passwordConfirm":"12345678", + "rel":"achvryl401bhse3", + "emailVisibility":true, + "verified":false + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"username":"test.valid"`, + `"email":"new@example.com"`, + `"rel":"achvryl401bhse3"`, + `"emailVisibility":true`, + `"verified":false`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, _ := app.FindRecordById("users", "oap640cot4yru2s") + if !record.ValidatePassword("12345678") { + t.Fatal("Password update failed.") + } + }, + }, + { + Name: "update auth record with valid data by guest (empty update filter + auth origins check)", + Method: http.MethodPatch, + URL: "/api/collections/nologin/records/dc49k6jgejn40h3", + Body: strings.NewReader(`{ + "username":"test_new", + "emailVisibility":true, + "name":"test" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + nologin, err := app.FindCollectionByNameOrId("nologin") + if err != nil { + t.Fatal(err) + } + + // add dummy auth origins for the record + for i := 0; i < 3; i++ { + d := core.NewAuthOrigin(app) + d.SetCollectionRef(nologin.Id) + d.SetRecordRef("dc49k6jgejn40h3") + d.SetFingerprint("abc_" + strconv.Itoa(i)) + if err = app.Save(d); err != nil { + t.Fatalf("Failed to save dummy auth origin %d: %v", i, err) + } + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"username":"test_new"`, + `"email":"test@example.com"`, // the email should be visible since we updated the emailVisibility + `"emailVisibility":true`, + `"verified":false`, + `"name":"test"`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"passwordConfirm"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, _ := app.FindRecordById("nologin", "dc49k6jgejn40h3") + + // the dummy auth origins should NOT have been removed since we didn't change the password + devices, err := app.FindAllAuthOriginsByRecord(record) + if err != nil { + t.Fatalf("Failed to retrieve dummy auth origins: %v", err) + } + if len(devices) != 3 { + t.Fatalf("Expected %d auth origins, got %d", 3, len(devices)) + } + }, + }, + { + Name: "success password change with oldPassword (+authOrigins reset check)", + Method: http.MethodPatch, + URL: "/api/collections/nologin/records/dc49k6jgejn40h3", + Body: strings.NewReader(`{ + "password":"123456789", + "passwordConfirm":"123456789", + "oldPassword":"1234567890" + }`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + nologin, err := app.FindCollectionByNameOrId("nologin") + if err != nil { + t.Fatal(err) + } + + // add dummy auth origins for the record + for i := 0; i < 3; i++ { + d := core.NewAuthOrigin(app) + d.SetCollectionRef(nologin.Id) + d.SetRecordRef("dc49k6jgejn40h3") + d.SetFingerprint("abc_" + strconv.Itoa(i)) + if err = app.Save(d); err != nil { + t.Fatalf("Failed to save dummy auth origin %d: %v", i, err) + } + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"dc49k6jgejn40h3"`, + }, + NotExpectedContent: []string{ + `"tokenKey"`, + `"password"`, + `"passwordConfirm"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + // auth origins + "OnModelDelete": 3, + "OnModelDeleteExecute": 3, + "OnModelAfterDeleteSuccess": 3, + "OnRecordDelete": 3, + "OnRecordDeleteExecute": 3, + "OnRecordAfterDeleteSuccess": 3, + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, _ := app.FindRecordById("nologin", "dc49k6jgejn40h3") + if !record.ValidatePassword("123456789") { + t.Fatal("Password update failed.") + } + + // the dummy auth origins should have been removed + devices, err := app.FindAllAuthOriginsByRecord(record) + if err != nil { + t.Fatalf("Failed to retrieve dummy auth origins: %v", err) + } + if len(devices) > 0 { + t.Fatalf("Expected auth origins to be removed, got %d", len(devices)) + } + }, + }, + + // ensure that hidden fields cannot be set by non-superusers + // ----------------------------------------------------------- + { + Name: "update with hidden field as regular user", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/1tmknxy2868d869", + Body: strings.NewReader(`{ + "title": "test_update" + }`), + Headers: map[string]string{ + // clients, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6ImdrMzkwcWVnczR5NDd3biIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoidjg1MXE0cjc5MHJoa25sIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.0ONnm_BsvPRZyDNT31GN1CKUB6uQRxvVvQ-Wc9AZfG0", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, err := app.FindRecordById("demo3", "1tmknxy2868d869") + if err != nil { + t.Fatal(err) + } + + // ensure that the title wasn't saved + if v := record.GetString("title"); v != "test1" { + t.Fatalf("Expected no title change, got %q", v) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"1tmknxy2868d869"`, + }, + NotExpectedContent: []string{ + `"title"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + { + Name: "update with hidden field as superuser", + Method: http.MethodPatch, + URL: "/api/collections/demo3/records/1tmknxy2868d869", + Body: strings.NewReader(`{ + "title": "test_update" + }`), + Headers: map[string]string{ + // superusers, test@example.com + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + // mock hidden field + col.Fields.GetByName("title").SetHidden(true) + + if err = app.Save(col); err != nil { + t.Fatal(err) + } + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + record, err := app.FindRecordById("demo3", "1tmknxy2868d869") + if err != nil { + t.Fatal(err) + } + + // ensure that the title has been updated + if v := record.GetString("title"); v != "test_update" { + t.Fatalf("Expected title %q, got %q", "test_update", v) + } + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"id":"1tmknxy2868d869"`, + `"title":"test_update"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnRecordUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnRecordUpdate": 1, + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnRecordValidate": 1, + "OnRecordEnrich": 1, + }, + }, + + // rate limit checks + // ----------------------------------------------------------- + { + Name: "RateLimit rule - demo2:update", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{"title":"new"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 100, Label: "*:update"}, + {MaxRequests: 0, Label: "demo2:update"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "RateLimit rule - *:update", + Method: http.MethodPatch, + URL: "/api/collections/demo2/records/0yxhwia2amd8gec", + Body: strings.NewReader(`{"title":"new"}`), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.Settings().RateLimits.Enabled = true + app.Settings().RateLimits.Rules = []core.RateLimitRule{ + {MaxRequests: 100, Label: "abc"}, + {MaxRequests: 0, Label: "*:update"}, + } + }, + ExpectedStatus: 429, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + + // dynamic body limit checks + // ----------------------------------------------------------- + { + Name: "body > collection BodyLimit", + Method: http.MethodPatch, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + // the exact body doesn't matter as long as it returns 413 + Body: bytes.NewReader(make([]byte, apis.DefaultMaxBodySize+5+20+2+1)), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + // adjust field sizes for the test + // --- + fileOneField := collection.Fields.GetByName("file_one").(*core.FileField) + fileOneField.MaxSize = 5 + + fileManyField := collection.Fields.GetByName("file_many").(*core.FileField) + fileManyField.MaxSize = 10 + fileManyField.MaxSelect = 2 + + jsonField := collection.Fields.GetByName("json").(*core.JSONField) + jsonField.MaxSize = 2 + + err = app.Save(collection) + if err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 413, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "body <= collection BodyLimit", + Method: http.MethodPatch, + URL: "/api/collections/demo1/records/imy661ixudk5izi", + // the exact body doesn't matter as long as it doesn't return 413 + Body: bytes.NewReader(make([]byte, apis.DefaultMaxBodySize+5+20+2)), + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + // adjust field sizes for the test + // --- + fileOneField := collection.Fields.GetByName("file_one").(*core.FileField) + fileOneField.MaxSize = 5 + + fileManyField := collection.Fields.GetByName("file_many").(*core.FileField) + fileManyField.MaxSize = 10 + fileManyField.MaxSelect = 2 + + jsonField := collection.Fields.GetByName("json").(*core.JSONField) + jsonField.MaxSize = 2 + + err = app.Save(collection) + if err != nil { + t.Fatal(err) + } + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/apis/record_helpers.go b/apis/record_helpers.go new file mode 100644 index 0000000..b15d241 --- /dev/null +++ b/apis/record_helpers.go @@ -0,0 +1,636 @@ +package apis + +import ( + "database/sql" + "errors" + "fmt" + "net/http" + "strings" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/security" +) + +const ( + expandQueryParam = "expand" + fieldsQueryParam = "fields" +) + +var ErrMFA = errors.New("mfa required") + +// RecordAuthResponse writes standardized json record auth response +// into the specified request context. +// +// The authMethod argument specify the name of the current authentication method (eg. password, oauth2, etc.) +// that it is used primarily as an auth identifier during MFA and for login alerts. +// +// Set authMethod to empty string if you want to ignore the MFA checks and the login alerts +// (can be also adjusted additionally via the OnRecordAuthRequest hook). +func RecordAuthResponse(e *core.RequestEvent, authRecord *core.Record, authMethod string, meta any) error { + token, tokenErr := authRecord.NewAuthToken() + if tokenErr != nil { + return e.InternalServerError("Failed to create auth token.", tokenErr) + } + + return recordAuthResponse(e, authRecord, token, authMethod, meta) +} + +func recordAuthResponse(e *core.RequestEvent, authRecord *core.Record, token string, authMethod string, meta any) error { + originalRequestInfo, err := e.RequestInfo() + if err != nil { + return err + } + + ok, err := e.App.CanAccessRecord(authRecord, originalRequestInfo, authRecord.Collection().AuthRule) + if !ok { + return firstApiError(err, e.ForbiddenError("The request doesn't satisfy the collection requirements to authenticate.", err)) + } + + event := new(core.RecordAuthRequestEvent) + event.RequestEvent = e + event.Collection = authRecord.Collection() + event.Record = authRecord + event.Token = token + event.Meta = meta + event.AuthMethod = authMethod + + return e.App.OnRecordAuthRequest().Trigger(event, func(e *core.RecordAuthRequestEvent) error { + if e.Written() { + return nil + } + + // MFA + // --- + mfaId, err := checkMFA(e.RequestEvent, e.Record, e.AuthMethod) + if err != nil { + return err + } + + // require additional authentication + if mfaId != "" { + // eagerly write the mfa response and return an err so that + // external middlewars are aware that the auth response requires an extra step + e.JSON(http.StatusUnauthorized, map[string]string{ + "mfaId": mfaId, + }) + return ErrMFA + } + // --- + + // create a shallow copy of the cached request data and adjust it to the current auth record + requestInfo := *originalRequestInfo + requestInfo.Auth = e.Record + + err = triggerRecordEnrichHooks(e.App, &requestInfo, []*core.Record{e.Record}, func() error { + if e.Record.IsSuperuser() { + e.Record.Unhide(e.Record.Collection().Fields.FieldNames()...) + } + + // allow always returning the email address of the authenticated model + e.Record.IgnoreEmailVisibility(true) + + // expand record relations + expands := strings.Split(e.Request.URL.Query().Get(expandQueryParam), ",") + if len(expands) > 0 { + failed := e.App.ExpandRecord(e.Record, expands, expandFetch(e.App, &requestInfo)) + if len(failed) > 0 { + e.App.Logger().Warn("[recordAuthResponse] Failed to expand relations", "error", failed) + } + } + + return nil + }) + if err != nil { + return err + } + + if e.AuthMethod != "" && authRecord.Collection().AuthAlert.Enabled { + if err = authAlert(e.RequestEvent, e.Record); err != nil { + e.App.Logger().Warn("[recordAuthResponse] Failed to send login alert", "error", err) + } + } + + result := struct { + Meta any `json:"meta,omitempty"` + Record *core.Record `json:"record"` + Token string `json:"token"` + }{ + Token: e.Token, + Record: e.Record, + } + + if e.Meta != nil { + result.Meta = e.Meta + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, result) + }) + }) +} + +// wantsMFA checks whether to enable MFA for the specified auth record based on its MFA rule +// (note: returns true even in case of an error as a safer default). +func wantsMFA(e *core.RequestEvent, record *core.Record) (bool, error) { + rule := record.Collection().MFA.Rule + if rule == "" { + return true, nil + } + + requestInfo, err := e.RequestInfo() + if err != nil { + return true, err + } + + var exists int + + query := e.App.RecordQuery(record.Collection()). + Select("(1)"). + AndWhere(dbx.HashExp{record.Collection().Name + ".id": record.Id}) + + // parse and apply the access rule filter + resolver := core.NewRecordFieldResolver(e.App, record.Collection(), requestInfo, true) + expr, err := search.FilterData(rule).BuildExpr(resolver) + if err != nil { + return true, err + } + resolver.UpdateQuery(query) + + err = query.AndWhere(expr).Limit(1).Row(&exists) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return true, err + } + + return exists > 0, nil +} + +// checkMFA handles any MFA auth checks that needs to be performed for the specified request event. +// Returns the mfaId that needs to be written as response to the user. +// +// (note: all auth methods are treated as equal and there is no requirement for "pairing"). +func checkMFA(e *core.RequestEvent, authRecord *core.Record, currentAuthMethod string) (string, error) { + if !authRecord.Collection().MFA.Enabled || currentAuthMethod == "" { + return "", nil + } + + ok, err := wantsMFA(e, authRecord) + if err != nil { + return "", e.BadRequestError("Failed to authenticate.", fmt.Errorf("MFA rule failure: %w", err)) + } + if !ok { + return "", nil // no mfa needed for this auth record + } + + // read the mfaId either from the qyery params or request body + mfaId := e.Request.URL.Query().Get("mfaId") + if mfaId == "" { + // check the body + data := struct { + MfaId string `form:"mfaId" json:"mfaId" xml:"mfaId"` + }{} + if err := e.BindBody(&data); err != nil { + return "", firstApiError(err, e.BadRequestError("Failed to read MFA Id", err)) + } + mfaId = data.MfaId + } + + // first-time auth + // --- + if mfaId == "" { + mfa := core.NewMFA(e.App) + mfa.SetCollectionRef(authRecord.Collection().Id) + mfa.SetRecordRef(authRecord.Id) + mfa.SetMethod(currentAuthMethod) + if err := e.App.Save(mfa); err != nil { + return "", firstApiError(err, e.InternalServerError("Failed to create MFA record", err)) + } + + return mfa.Id, nil + } + + // second-time auth + // --- + mfa, err := e.App.FindMFAById(mfaId) + deleteMFA := func() { + // try to delete the expired mfa + if mfa != nil { + if deleteErr := e.App.Delete(mfa); deleteErr != nil { + e.App.Logger().Warn("Failed to delete expired MFA record", "error", deleteErr, "mfaId", mfa.Id) + } + } + } + if err != nil || mfa.HasExpired(authRecord.Collection().MFA.DurationTime()) { + deleteMFA() + return "", e.BadRequestError("Invalid or expired MFA session.", err) + } + + if mfa.RecordRef() != authRecord.Id || mfa.CollectionRef() != authRecord.Collection().Id { + return "", e.BadRequestError("Invalid MFA session.", nil) + } + + if mfa.Method() == currentAuthMethod { + return "", e.BadRequestError("A different authentication method is required.", nil) + } + + deleteMFA() + + return "", nil +} + +// EnrichRecord parses the request context and enrich the provided record: +// - expands relations (if defaultExpands and/or ?expand query param is set) +// - ensures that the emails of the auth record and its expanded auth relations +// are visible only for the current logged superuser, record owner or record with manage access +func EnrichRecord(e *core.RequestEvent, record *core.Record, defaultExpands ...string) error { + return EnrichRecords(e, []*core.Record{record}, defaultExpands...) +} + +// EnrichRecords parses the request context and enriches the provided records: +// - expands relations (if defaultExpands and/or ?expand query param is set) +// - ensures that the emails of the auth records and their expanded auth relations +// are visible only for the current logged superuser, record owner or record with manage access +// +// Note: Expects all records to be from the same collection! +func EnrichRecords(e *core.RequestEvent, records []*core.Record, defaultExpands ...string) error { + if len(records) == 0 { + return nil + } + + info, err := e.RequestInfo() + if err != nil { + return err + } + + return triggerRecordEnrichHooks(e.App, info, records, func() error { + expands := defaultExpands + if param := info.Query[expandQueryParam]; param != "" { + expands = append(expands, strings.Split(param, ",")...) + } + + err := defaultEnrichRecords(e.App, info, records, expands...) + if err != nil { + // only log because it is not critical + e.App.Logger().Warn("failed to apply default enriching", "error", err) + } + + return nil + }) +} + +type iterator[T any] struct { + items []T + index int +} + +func (ri *iterator[T]) next() T { + var item T + + if ri.index < len(ri.items) { + item = ri.items[ri.index] + ri.index++ + } + + return item +} + +func triggerRecordEnrichHooks(app core.App, requestInfo *core.RequestInfo, records []*core.Record, finalizer func() error) error { + it := iterator[*core.Record]{items: records} + + enrichHook := app.OnRecordEnrich() + + event := new(core.RecordEnrichEvent) + event.App = app + event.RequestInfo = requestInfo + + var iterate func(record *core.Record) error + iterate = func(record *core.Record) error { + if record == nil { + return nil + } + + event.Record = record + + return enrichHook.Trigger(event, func(ee *core.RecordEnrichEvent) error { + next := it.next() + if next == nil { + if finalizer != nil { + return finalizer() + } + return nil + } + + event.App = ee.App // in case it was replaced with a transaction + event.Record = next + + err := iterate(next) + + event.App = app + event.Record = record + + return err + }) + } + + return iterate(it.next()) +} + +func defaultEnrichRecords(app core.App, requestInfo *core.RequestInfo, records []*core.Record, expands ...string) error { + err := autoResolveRecordsFlags(app, records, requestInfo) + if err != nil { + return fmt.Errorf("failed to resolve records flags: %w", err) + } + + if len(expands) > 0 { + expandErrs := app.ExpandRecords(records, expands, expandFetch(app, requestInfo)) + if len(expandErrs) > 0 { + errsSlice := make([]error, 0, len(expandErrs)) + for key, err := range expandErrs { + errsSlice = append(errsSlice, fmt.Errorf("failed to expand %q: %w", key, err)) + } + return fmt.Errorf("failed to expand records: %w", errors.Join(errsSlice...)) + } + } + + return nil +} + +// expandFetch is the records fetch function that is used to expand related records. +func expandFetch(app core.App, originalRequestInfo *core.RequestInfo) core.ExpandFetchFunc { + // shallow clone the provided request info to set an "expand" context + requestInfoClone := *originalRequestInfo + requestInfoPtr := &requestInfoClone + requestInfoPtr.Context = core.RequestInfoContextExpand + + return func(relCollection *core.Collection, relIds []string) ([]*core.Record, error) { + records, findErr := app.FindRecordsByIds(relCollection.Id, relIds, func(q *dbx.SelectQuery) error { + if requestInfoPtr.Auth != nil && requestInfoPtr.Auth.IsSuperuser() { + return nil // superusers can access everything + } + + if relCollection.ViewRule == nil { + return fmt.Errorf("only superusers can view collection %q records", relCollection.Name) + } + + if *relCollection.ViewRule != "" { + resolver := core.NewRecordFieldResolver(app, relCollection, requestInfoPtr, true) + expr, err := search.FilterData(*(relCollection.ViewRule)).BuildExpr(resolver) + if err != nil { + return err + } + resolver.UpdateQuery(q) + q.AndWhere(expr) + } + + return nil + }) + if findErr != nil { + return nil, findErr + } + + enrichErr := triggerRecordEnrichHooks(app, requestInfoPtr, records, func() error { + if err := autoResolveRecordsFlags(app, records, requestInfoPtr); err != nil { + // non-critical error + app.Logger().Warn("Failed to apply autoResolveRecordsFlags for the expanded records", "error", err) + } + + return nil + }) + if enrichErr != nil { + return nil, enrichErr + } + + return records, nil + } +} + +// autoResolveRecordsFlags resolves various visibility flags of the provided records. +// +// Currently it enables: +// - export of hidden fields if the current auth model is a superuser +// - email export ignoring the emailVisibity checks if the current auth model is superuser, owner or a "manager". +// +// Note: Expects all records to be from the same collection! +func autoResolveRecordsFlags(app core.App, records []*core.Record, requestInfo *core.RequestInfo) error { + if len(records) == 0 { + return nil // nothing to resolve + } + + if requestInfo.HasSuperuserAuth() { + hiddenFields := records[0].Collection().Fields.FieldNames() + for _, rec := range records { + rec.Unhide(hiddenFields...) + rec.IgnoreEmailVisibility(true) + } + } + + // additional emailVisibility checks + // --------------------------------------------------------------- + if !records[0].Collection().IsAuth() { + return nil // not auth collection records + } + + collection := records[0].Collection() + + mappedRecords := make(map[string]*core.Record, len(records)) + recordIds := make([]any, len(records)) + for i, rec := range records { + mappedRecords[rec.Id] = rec + recordIds[i] = rec.Id + } + + if requestInfo.Auth != nil && mappedRecords[requestInfo.Auth.Id] != nil { + mappedRecords[requestInfo.Auth.Id].IgnoreEmailVisibility(true) + } + + if collection.ManageRule == nil || *collection.ManageRule == "" { + return nil // no manage rule to check + } + + // fetch the ids of the managed records + // --- + managedIds := []string{} + + query := app.RecordQuery(collection). + Select(app.ConcurrentDB().QuoteSimpleColumnName(collection.Name) + ".id"). + AndWhere(dbx.In(app.ConcurrentDB().QuoteSimpleColumnName(collection.Name)+".id", recordIds...)) + + resolver := core.NewRecordFieldResolver(app, collection, requestInfo, true) + expr, err := search.FilterData(*collection.ManageRule).BuildExpr(resolver) + if err != nil { + return err + } + resolver.UpdateQuery(query) + query.AndWhere(expr) + + if err := query.Column(&managedIds); err != nil { + return err + } + // --- + + // ignore the email visibility check for the managed records + for _, id := range managedIds { + if rec, ok := mappedRecords[id]; ok { + rec.IgnoreEmailVisibility(true) + } + } + + return nil +} + +var ruleQueryParams = []string{search.FilterQueryParam, search.SortQueryParam} +var superuserOnlyRuleFields = []string{"@collection.", "@request."} + +// checkForSuperuserOnlyRuleFields loosely checks and returns an error if +// the provided RequestInfo contains rule fields that only the superuser can use. +func checkForSuperuserOnlyRuleFields(requestInfo *core.RequestInfo) error { + if len(requestInfo.Query) == 0 || requestInfo.HasSuperuserAuth() { + return nil // superuser or nothing to check + } + + for _, param := range ruleQueryParams { + v := requestInfo.Query[param] + if v == "" { + continue + } + + for _, field := range superuserOnlyRuleFields { + if strings.Contains(v, field) { + return router.NewForbiddenError("Only superusers can filter by "+field, nil) + } + } + } + + return nil +} + +// firstApiError returns the first ApiError from the errors list +// (this is used usually to prevent unnecessary wraping and to allow bubling ApiError from nested hooks) +// +// If no ApiError is found, returns a default "Internal server" error. +func firstApiError(errs ...error) *router.ApiError { + var apiErr *router.ApiError + var ok bool + + for _, err := range errs { + if err == nil { + continue + } + + // quick assert to avoid the reflection checks + apiErr, ok = err.(*router.ApiError) + if ok { + return apiErr + } + + // nested/wrapped errors + if errors.As(err, &apiErr) { + return apiErr + } + } + + return router.NewInternalServerError("", errors.Join(errs...)) +} + +// execAfterSuccessTx ensures that fn is executed only after a succesul transaction. +// +// If the current app instance is not a transactional or checkTx is false, +// then fn is directly executed. +// +// It could be usually used to allow propagating an error or writing +// custom response from within the wrapped transaction block. +func execAfterSuccessTx(checkTx bool, app core.App, fn func() error) error { + if txInfo := app.TxInfo(); txInfo != nil && checkTx { + txInfo.OnComplete(func(txErr error) error { + if txErr == nil { + return fn() + } + return nil + }) + return nil + } + + return fn() +} + +// ------------------------------------------------------------------- + +const maxAuthOrigins = 5 + +func authAlert(e *core.RequestEvent, authRecord *core.Record) error { + // generating fingerprint + // --- + userAgent := e.Request.UserAgent() + if len(userAgent) > 300 { + userAgent = userAgent[:300] + } + fingerprint := security.MD5(e.RealIP() + userAgent) + // --- + + origins, err := e.App.FindAllAuthOriginsByRecord(authRecord) + if err != nil { + return err + } + + isFirstLogin := len(origins) == 0 + + var currentOrigin *core.AuthOrigin + for _, origin := range origins { + if origin.Fingerprint() == fingerprint { + currentOrigin = origin + break + } + } + if currentOrigin == nil { + currentOrigin = core.NewAuthOrigin(e.App) + currentOrigin.SetCollectionRef(authRecord.Collection().Id) + currentOrigin.SetRecordRef(authRecord.Id) + currentOrigin.SetFingerprint(fingerprint) + } + + // send email alert for the new origin auth (skip first login) + // + // Note: The "fake" timeout is a temp solution to avoid blocking + // for too long when the SMTP server is not accessible, due + // to the lack of context cancellation support in the underlying + // mailer and net/smtp package. + // The goroutine technically "leaks" but we assume that the OS will + // terminate the connection after some time (usually after 3-4 mins). + if !isFirstLogin && currentOrigin.IsNew() && authRecord.Email() != "" { + mailSent := make(chan error, 1) + + timer := time.AfterFunc(15*time.Second, func() { + mailSent <- errors.New("auth alert mail send wait timeout reached") + }) + + routine.FireAndForget(func() { + err := mails.SendRecordAuthAlert(e.App, authRecord) + timer.Stop() + mailSent <- err + }) + + err = <-mailSent + if err != nil { + return err + } + } + + // try to keep only up to maxAuthOrigins + // (pop the last used ones; it is not executed in a transaction to avoid unnecessary locks) + if currentOrigin.IsNew() && len(origins) >= maxAuthOrigins { + for i := len(origins) - 1; i >= maxAuthOrigins-1; i-- { + if err := e.App.Delete(origins[i]); err != nil { + // treat as non-critical error, just log for now + e.App.Logger().Warn("Failed to delete old AuthOrigin record", "error", err, "authOriginId", origins[i].Id) + } + } + } + + // create/update the origin fingerprint + return e.App.Save(currentOrigin) +} diff --git a/apis/record_helpers_test.go b/apis/record_helpers_test.go new file mode 100644 index 0000000..d0458d3 --- /dev/null +++ b/apis/record_helpers_test.go @@ -0,0 +1,761 @@ +package apis_test + +import ( + "encoding/json" + "errors" + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestEnrichRecords(t *testing.T) { + t.Parallel() + + // mock test data + // --- + app, _ := tests.NewTestApp() + defer app.Cleanup() + + freshRecords := func(records []*core.Record) []*core.Record { + result := make([]*core.Record, len(records)) + for i, r := range records { + result[i] = r.Fresh() + } + return result + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if err != nil { + t.Fatal(err) + } + + usersRecords, err := app.FindRecordsByIds("users", []string{"4q1xlclmfloku33", "bgs820n361vj1qd"}) + if err != nil { + t.Fatal(err) + } + + nologinRecords, err := app.FindRecordsByIds("nologin", []string{"dc49k6jgejn40h3", "oos036e9xvqeexy"}) + if err != nil { + t.Fatal(err) + } + + demo1Records, err := app.FindRecordsByIds("demo1", []string{"al1h9ijdeojtsjy", "84nmscqy84lsi1t"}) + if err != nil { + t.Fatal(err) + } + + demo5Records, err := app.FindRecordsByIds("demo5", []string{"la4y2w4o98acwuj", "qjeql998mtp1azp"}) + if err != nil { + t.Fatal(err) + } + + // temp update the view rule to ensure that request context is set to "expand" + demo4, err := app.FindCollectionByNameOrId("demo4") + if err != nil { + t.Fatal(err) + } + demo4.ViewRule = types.Pointer("@request.context = 'expand'") + if err := app.Save(demo4); err != nil { + t.Fatal(err) + } + // --- + + scenarios := []struct { + name string + auth *core.Record + records []*core.Record + queryExpand string + defaultExpands []string + expected []string + notExpected []string + }{ + // email visibility checks + { + name: "[emailVisibility] guest", + auth: nil, + records: freshRecords(usersRecords), + queryExpand: "", + defaultExpands: nil, + expected: []string{ + `"customField":"123"`, + `"test3@example.com"`, // emailVisibility=true + }, + notExpected: []string{ + `"test@example.com"`, + }, + }, + { + name: "[emailVisibility] owner", + auth: user, + records: freshRecords(usersRecords), + queryExpand: "", + defaultExpands: nil, + expected: []string{ + `"customField":"123"`, + `"test3@example.com"`, // emailVisibility=true + `"test@example.com"`, // owner + }, + }, + { + name: "[emailVisibility] manager", + auth: user, + records: freshRecords(nologinRecords), + queryExpand: "", + defaultExpands: nil, + expected: []string{ + `"customField":"123"`, + `"test3@example.com"`, + `"test@example.com"`, + }, + }, + { + name: "[emailVisibility] superuser", + auth: superuser, + records: freshRecords(nologinRecords), + queryExpand: "", + defaultExpands: nil, + expected: []string{ + `"customField":"123"`, + `"test3@example.com"`, + `"test@example.com"`, + }, + }, + { + name: "[emailVisibility + expand] recursive auth rule checks (regular user)", + auth: user, + records: freshRecords(demo1Records), + queryExpand: "", + defaultExpands: []string{"rel_many"}, + expected: []string{ + `"customField":"123"`, + `"expand":{"rel_many"`, + `"expand":{}`, + `"test@example.com"`, + }, + notExpected: []string{ + `"id":"bgs820n361vj1qd"`, + `"id":"oap640cot4yru2s"`, + }, + }, + { + name: "[emailVisibility + expand] recursive auth rule checks (superuser)", + auth: superuser, + records: freshRecords(demo1Records), + queryExpand: "", + defaultExpands: []string{"rel_many"}, + expected: []string{ + `"customField":"123"`, + `"test@example.com"`, + `"expand":{"rel_many"`, + `"id":"bgs820n361vj1qd"`, + `"id":"4q1xlclmfloku33"`, + `"id":"oap640cot4yru2s"`, + }, + notExpected: []string{ + `"expand":{}`, + }, + }, + + // expand checks + { + name: "[expand] guest (query)", + auth: nil, + records: freshRecords(usersRecords), + queryExpand: "rel", + defaultExpands: nil, + expected: []string{ + `"customField":"123"`, + `"expand":{"rel"`, + `"id":"llvuca81nly1qls"`, + `"id":"0yxhwia2amd8gec"`, + }, + notExpected: []string{ + `"expand":{}`, + }, + }, + { + name: "[expand] guest (default expands)", + auth: nil, + records: freshRecords(usersRecords), + queryExpand: "", + defaultExpands: []string{"rel"}, + expected: []string{ + `"customField":"123"`, + `"expand":{"rel"`, + `"id":"llvuca81nly1qls"`, + `"id":"0yxhwia2amd8gec"`, + }, + }, + { + name: "[expand] @request.context=expand check", + auth: nil, + records: freshRecords(demo5Records), + queryExpand: "rel_one", + defaultExpands: []string{"rel_many"}, + expected: []string{ + `"customField":"123"`, + `"expand":{}`, + `"expand":{"`, + `"rel_many":[{`, + `"rel_one":{`, + `"id":"i9naidtvr6qsgb4"`, + `"id":"qzaqccwrmva4o1n"`, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + app.OnRecordEnrich().BindFunc(func(e *core.RecordEnrichEvent) error { + e.Record.WithCustomData(true) + e.Record.Set("customField", "123") + return e.Next() + }) + + req := httptest.NewRequest(http.MethodGet, "/?expand="+s.queryExpand, nil) + rec := httptest.NewRecorder() + + requestEvent := new(core.RequestEvent) + requestEvent.App = app + requestEvent.Request = req + requestEvent.Response = rec + requestEvent.Auth = s.auth + + err := apis.EnrichRecords(requestEvent, s.records, s.defaultExpands...) + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(s.records) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + for _, str := range s.expected { + if !strings.Contains(rawStr, str) { + t.Fatalf("Expected\n%q\nin\n%v", str, rawStr) + } + } + + for _, str := range s.notExpected { + if strings.Contains(rawStr, str) { + t.Fatalf("Didn't expected\n%q\nin\n%v", str, rawStr) + } + } + }) + } +} + +func TestRecordAuthResponseAuthRuleCheck(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + event := new(core.RequestEvent) + event.App = app + event.Request = httptest.NewRequest(http.MethodGet, "/", nil) + event.Response = httptest.NewRecorder() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + rule *string + expectError bool + }{ + { + "admin only rule", + nil, + true, + }, + { + "empty rule", + types.Pointer(""), + false, + }, + { + "false rule", + types.Pointer("1=2"), + true, + }, + { + "true rule", + types.Pointer("1=1"), + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + user.Collection().AuthRule = s.rule + + err := apis.RecordAuthResponse(event, user, "", nil) + + hasErr := err != nil + if s.expectError != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + // in all cases login alert shouldn't be send because of the empty auth method + if app.TestMailer.TotalSend() != 0 { + t.Fatalf("Expected no emails send, got %d:\n%v", app.TestMailer.TotalSend(), app.TestMailer.LastMessage().HTML) + } + + if !hasErr { + return + } + + apiErr, ok := err.(*router.ApiError) + + if !ok || apiErr == nil { + t.Fatalf("Expected ApiError, got %v", apiErr) + } + + if apiErr.Status != http.StatusForbidden { + t.Fatalf("Expected ApiError.Status %d, got %d", http.StatusForbidden, apiErr.Status) + } + }) + } +} + +func TestRecordAuthResponseAuthAlertCheck(t *testing.T) { + const testFingerprint = "d0f88d6c87767262ba8e93d6acccd784" + + scenarios := []struct { + name string + devices []string // mock existing device fingerprints + expectDevices []string + enabled bool + expectEmail bool + }{ + { + name: "first login", + devices: nil, + expectDevices: []string{testFingerprint}, + enabled: true, + expectEmail: false, + }, + { + name: "existing device", + devices: []string{"1", testFingerprint}, + expectDevices: []string{"1", testFingerprint}, + enabled: true, + expectEmail: false, + }, + { + name: "new device (< 5)", + devices: []string{"1", "2"}, + expectDevices: []string{"1", "2", testFingerprint}, + enabled: true, + expectEmail: true, + }, + { + name: "new device (>= 5)", + devices: []string{"1", "2", "3", "4", "5"}, + expectDevices: []string{"2", "3", "4", "5", testFingerprint}, + enabled: true, + expectEmail: true, + }, + { + name: "with disabled auth alert collection flag", + devices: []string{"1", "2"}, + expectDevices: []string{"1", "2"}, + enabled: false, + expectEmail: false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + event := new(core.RequestEvent) + event.App = app + event.Request = httptest.NewRequest(http.MethodGet, "/", nil) + event.Response = httptest.NewRecorder() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + user.Collection().MFA.Enabled = false + user.Collection().AuthRule = types.Pointer("") + user.Collection().AuthAlert.Enabled = s.enabled + + // ensure that there are no other auth origins + err = app.DeleteAllAuthOriginsByRecord(user) + if err != nil { + t.Fatal(err) + } + + mockCreated := types.NowDateTime().Add(-time.Duration(len(s.devices)+1) * time.Second) + // insert the mock devices + for _, fingerprint := range s.devices { + mockCreated = mockCreated.Add(1 * time.Second) + d := core.NewAuthOrigin(app) + d.SetCollectionRef(user.Collection().Id) + d.SetRecordRef(user.Id) + d.SetFingerprint(fingerprint) + d.SetRaw("created", mockCreated) + d.SetRaw("updated", mockCreated) + if err = app.Save(d); err != nil { + t.Fatal(err) + } + } + + err = apis.RecordAuthResponse(event, user, "example", nil) + if err != nil { + t.Fatalf("Failed to resolve auth response: %v", err) + } + + var expectTotalSend int + if s.expectEmail { + expectTotalSend = 1 + } + if total := app.TestMailer.TotalSend(); total != expectTotalSend { + t.Fatalf("Expected %d sent emails, got %d", expectTotalSend, total) + } + + devices, err := app.FindAllAuthOriginsByRecord(user) + if err != nil { + t.Fatalf("Failed to retrieve auth origins: %v", err) + } + + if len(devices) != len(s.expectDevices) { + t.Fatalf("Expected %d devices, got %d", len(s.expectDevices), len(devices)) + } + + for _, fingerprint := range s.expectDevices { + var exists bool + fingerprints := make([]string, 0, len(devices)) + for _, d := range devices { + if d.Fingerprint() == fingerprint { + exists = true + break + } + fingerprints = append(fingerprints, d.Fingerprint()) + } + if !exists { + t.Fatalf("Missing device with fingerprint %q:\n%v", fingerprint, fingerprints) + } + } + }) + } +} + +func TestRecordAuthResponseMFACheck(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + user2, err := app.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + rec := httptest.NewRecorder() + + event := new(core.RequestEvent) + event.App = app + event.Request = httptest.NewRequest(http.MethodGet, "/", nil) + event.Response = rec + + resetMFAs := func(authRecord *core.Record) { + // ensure that mfa is enabled + user.Collection().MFA.Enabled = true + user.Collection().MFA.Duration = 5 + user.Collection().MFA.Rule = "" + + mfas, err := app.FindAllMFAsByRecord(authRecord) + if err != nil { + t.Fatalf("Failed to retrieve mfas: %v", err) + } + for _, mfa := range mfas { + if err := app.Delete(mfa); err != nil { + t.Fatalf("Failed to delete mfa %q: %v", mfa.Id, err) + } + } + + // reset response + rec = httptest.NewRecorder() + event.Response = rec + } + + totalMFAs := func(authRecord *core.Record) int { + mfas, err := app.FindAllMFAsByRecord(authRecord) + if err != nil { + t.Fatalf("Failed to retrieve mfas: %v", err) + } + return len(mfas) + } + + t.Run("no collection MFA enabled", func(t *testing.T) { + resetMFAs(user) + + user.Collection().MFA.Enabled = false + + err = apis.RecordAuthResponse(event, user, "example", nil) + if err != nil { + t.Fatalf("Expected nil, got error: %v", err) + } + + body := rec.Body.String() + if strings.Contains(body, "mfaId") { + t.Fatalf("Expected no mfaId in the response body, got\n%v", body) + } + if !strings.Contains(body, "token") { + t.Fatalf("Expected auth token in the response body, got\n%v", body) + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected no mfa records to be created, got %d", total) + } + }) + + t.Run("no explicit auth method", func(t *testing.T) { + resetMFAs(user) + + err = apis.RecordAuthResponse(event, user, "", nil) + if err != nil { + t.Fatalf("Expected nil, got error: %v", err) + } + + body := rec.Body.String() + if strings.Contains(body, "mfaId") { + t.Fatalf("Expected no mfaId in the response body, got\n%v", body) + } + if !strings.Contains(body, "token") { + t.Fatalf("Expected auth token in the response body, got\n%v", body) + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected no mfa records to be created, got %d", total) + } + }) + + t.Run("no mfa wanted (mfa rule check failure)", func(t *testing.T) { + resetMFAs(user) + user.Collection().MFA.Rule = "1=2" + + err = apis.RecordAuthResponse(event, user, "example", nil) + if err != nil { + t.Fatalf("Expected nil, got error: %v", err) + } + + body := rec.Body.String() + if strings.Contains(body, "mfaId") { + t.Fatalf("Expected no mfaId in the response body, got\n%v", body) + } + if !strings.Contains(body, "token") { + t.Fatalf("Expected auth token in the response body, got\n%v", body) + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected no mfa records to be created, got %d", total) + } + }) + + t.Run("mfa wanted (mfa rule check success)", func(t *testing.T) { + resetMFAs(user) + user.Collection().MFA.Rule = "1=1" + + err = apis.RecordAuthResponse(event, user, "example", nil) + if !errors.Is(err, apis.ErrMFA) { + t.Fatalf("Expected ErrMFA, got: %v", err) + } + + body := rec.Body.String() + if !strings.Contains(body, "mfaId") { + t.Fatalf("Expected the created mfaId to be returned in the response body, got\n%v", body) + } + + if total := totalMFAs(user); total != 1 { + t.Fatalf("Expected a single mfa record to be created, got %d", total) + } + }) + + t.Run("mfa first-time", func(t *testing.T) { + resetMFAs(user) + + err = apis.RecordAuthResponse(event, user, "example", nil) + if !errors.Is(err, apis.ErrMFA) { + t.Fatalf("Expected ErrMFA, got: %v", err) + } + + body := rec.Body.String() + if !strings.Contains(body, "mfaId") { + t.Fatalf("Expected the created mfaId to be returned in the response body, got\n%v", body) + } + + if total := totalMFAs(user); total != 1 { + t.Fatalf("Expected a single mfa record to be created, got %d", total) + } + }) + + t.Run("mfa second-time with the same auth method", func(t *testing.T) { + resetMFAs(user) + + // create a dummy mfa record + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef(user.Id) + mfa.SetMethod("example") + if err = app.Save(mfa); err != nil { + t.Fatal(err) + } + + event.Request = httptest.NewRequest(http.MethodGet, "/?mfaId="+mfa.Id, nil) + + err = apis.RecordAuthResponse(event, user, "example", nil) + if err == nil { + t.Fatal("Expected error, got nil") + } + + if total := totalMFAs(user); total != 1 { + t.Fatalf("Expected only 1 mfa record (the existing one), got %d", total) + } + }) + + t.Run("mfa second-time with the different auth method (query param)", func(t *testing.T) { + resetMFAs(user) + + // create a dummy mfa record + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef(user.Id) + mfa.SetMethod("example1") + if err = app.Save(mfa); err != nil { + t.Fatal(err) + } + + event.Request = httptest.NewRequest(http.MethodGet, "/?mfaId="+mfa.Id, nil) + + err = apis.RecordAuthResponse(event, user, "example2", nil) + if err != nil { + t.Fatalf("Expected nil, got error: %v", err) + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected the dummy mfa record to be deleted, found %d", total) + } + }) + + t.Run("mfa second-time with the different auth method (body param)", func(t *testing.T) { + resetMFAs(user) + + // create a dummy mfa record + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef(user.Id) + mfa.SetMethod("example1") + if err = app.Save(mfa); err != nil { + t.Fatal(err) + } + + event.Request = httptest.NewRequest(http.MethodGet, "/", strings.NewReader(`{"mfaId":"`+mfa.Id+`"}`)) + event.Request.Header.Add("content-type", "application/json") + + err = apis.RecordAuthResponse(event, user, "example2", nil) + if err != nil { + t.Fatalf("Expected nil, got error: %v", err) + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected the dummy mfa record to be deleted, found %d", total) + } + }) + + t.Run("missing mfa", func(t *testing.T) { + resetMFAs(user) + + event.Request = httptest.NewRequest(http.MethodGet, "/?mfaId=missing", nil) + + err = apis.RecordAuthResponse(event, user, "example2", nil) + if err == nil { + t.Fatal("Expected error, got nil") + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected 0 mfa records, got %d", total) + } + }) + + t.Run("expired mfa", func(t *testing.T) { + resetMFAs(user) + + // create a dummy expired mfa record + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef(user.Id) + mfa.SetMethod("example1") + mfa.SetRaw("created", types.NowDateTime().Add(-1*time.Hour)) + mfa.SetRaw("updated", types.NowDateTime().Add(-1*time.Hour)) + if err = app.Save(mfa); err != nil { + t.Fatal(err) + } + + event.Request = httptest.NewRequest(http.MethodGet, "/?mfaId="+mfa.Id, nil) + + err = apis.RecordAuthResponse(event, user, "example2", nil) + if err == nil { + t.Fatal("Expected error, got nil") + } + + if totalMFAs(user) != 0 { + t.Fatal("Expected the expired mfa record to be deleted") + } + }) + + t.Run("mfa for different auth record", func(t *testing.T) { + resetMFAs(user) + + // create a dummy expired mfa record + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user2.Collection().Id) + mfa.SetRecordRef(user2.Id) + mfa.SetMethod("example1") + if err = app.Save(mfa); err != nil { + t.Fatal(err) + } + + event.Request = httptest.NewRequest(http.MethodGet, "/?mfaId="+mfa.Id, nil) + + err = apis.RecordAuthResponse(event, user, "example2", nil) + if err == nil { + t.Fatal("Expected error, got nil") + } + + if total := totalMFAs(user); total != 0 { + t.Fatalf("Expected no user mfas, got %d", total) + } + + if total := totalMFAs(user2); total != 1 { + t.Fatalf("Expected only 1 user2 mfa, got %d", total) + } + }) +} diff --git a/apis/serve.go b/apis/serve.go new file mode 100644 index 0000000..8095a4e --- /dev/null +++ b/apis/serve.go @@ -0,0 +1,318 @@ +package apis + +import ( + "context" + "crypto/tls" + "errors" + "log" + "net" + "net/http" + "path/filepath" + "strings" + "sync" + "time" + + "github.com/fatih/color" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/pocketbase/pocketbase/ui" + "golang.org/x/crypto/acme" + "golang.org/x/crypto/acme/autocert" +) + +// ServeConfig defines a configuration struct for apis.Serve(). +type ServeConfig struct { + // ShowStartBanner indicates whether to show or hide the server start console message. + ShowStartBanner bool + + // HttpAddr is the TCP address to listen for the HTTP server (eg. "127.0.0.1:80"). + HttpAddr string + + // HttpsAddr is the TCP address to listen for the HTTPS server (eg. "127.0.0.1:443"). + HttpsAddr string + + // Optional domains list to use when issuing the TLS certificate. + // + // If not set, the host from the bound server address will be used. + // + // For convenience, for each "non-www" domain a "www" entry and + // redirect will be automatically added. + CertificateDomains []string + + // AllowedOrigins is an optional list of CORS origins (default to "*"). + AllowedOrigins []string +} + +// Serve starts a new app web server. +// +// NB! The app should be bootstrapped before starting the web server. +// +// Example: +// +// app.Bootstrap() +// apis.Serve(app, apis.ServeConfig{ +// HttpAddr: "127.0.0.1:8080", +// ShowStartBanner: false, +// }) +func Serve(app core.App, config ServeConfig) error { + if len(config.AllowedOrigins) == 0 { + config.AllowedOrigins = []string{"*"} + } + + // ensure that the latest migrations are applied before starting the server + err := app.RunAllMigrations() + if err != nil { + return err + } + + pbRouter, err := NewRouter(app) + if err != nil { + return err + } + + pbRouter.Bind(CORS(CORSConfig{ + AllowOrigins: config.AllowedOrigins, + AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete}, + })) + + pbRouter.GET("/_/{path...}", Static(ui.DistDirFS, false)). + BindFunc(func(e *core.RequestEvent) error { + // ignore root path + if e.Request.PathValue(StaticWildcardParam) != "" { + e.Response.Header().Set("Cache-Control", "max-age=1209600, stale-while-revalidate=86400") + } + + // add a default CSP + if e.Response.Header().Get("Content-Security-Policy") == "" { + e.Response.Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' http://127.0.0.1:* https://tile.openstreetmap.org data: blob:; connect-src 'self' http://127.0.0.1:* https://nominatim.openstreetmap.org; script-src 'self' 'sha256-GRUzBA7PzKYug7pqxv5rJaec5bwDCw1Vo6/IXwvD3Tc='") + } + + return e.Next() + }). + Bind(Gzip()) + + // start http server + // --- + mainAddr := config.HttpAddr + if config.HttpsAddr != "" { + mainAddr = config.HttpsAddr + } + + var wwwRedirects []string + + // extract the host names for the certificate host policy + hostNames := config.CertificateDomains + if len(hostNames) == 0 { + host, _, _ := net.SplitHostPort(mainAddr) + hostNames = append(hostNames, host) + } + for _, host := range hostNames { + if strings.HasPrefix(host, "www.") { + continue // explicitly set www host + } + + wwwHost := "www." + host + if !list.ExistInSlice(wwwHost, hostNames) { + hostNames = append(hostNames, wwwHost) + wwwRedirects = append(wwwRedirects, wwwHost) + } + } + + // implicit www->non-www redirect(s) + if len(wwwRedirects) > 0 { + pbRouter.Bind(wwwRedirect(wwwRedirects)) + } + + certManager := &autocert.Manager{ + Prompt: autocert.AcceptTOS, + Cache: autocert.DirCache(filepath.Join(app.DataDir(), core.LocalAutocertCacheDirName)), + HostPolicy: autocert.HostWhitelist(hostNames...), + } + + // base request context used for cancelling long running requests + // like the SSE connections + baseCtx, cancelBaseCtx := context.WithCancel(context.Background()) + defer cancelBaseCtx() + + server := &http.Server{ + TLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + GetCertificate: certManager.GetCertificate, + NextProtos: []string{acme.ALPNProto}, + }, + // higher defaults to accommodate large file uploads/downloads + WriteTimeout: 5 * time.Minute, + ReadTimeout: 5 * time.Minute, + ReadHeaderTimeout: 1 * time.Minute, + Addr: mainAddr, + BaseContext: func(l net.Listener) context.Context { + return baseCtx + }, + ErrorLog: log.New(&serverErrorLogWriter{app: app}, "", 0), + } + + serveEvent := new(core.ServeEvent) + serveEvent.App = app + serveEvent.Router = pbRouter + serveEvent.Server = server + serveEvent.CertManager = certManager + serveEvent.InstallerFunc = DefaultInstallerFunc + + var listener net.Listener + + // graceful shutdown + // --------------------------------------------------------------- + // WaitGroup to block until server.ShutDown() returns because Serve and similar methods exit immediately. + // Note that the WaitGroup would do nothing if the app.OnTerminate() hook isn't triggered. + var wg sync.WaitGroup + + // try to gracefully shutdown the server on app termination + app.OnTerminate().Bind(&hook.Handler[*core.TerminateEvent]{ + Id: "pbGracefulShutdown", + Func: func(te *core.TerminateEvent) error { + cancelBaseCtx() + + ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second) + defer cancel() + + wg.Add(1) + + _ = server.Shutdown(ctx) + + if te.IsRestart { + // wait for execve and other handlers up to 3 seconds before exit + time.AfterFunc(3*time.Second, func() { + wg.Done() + }) + } else { + wg.Done() + } + + return te.Next() + }, + Priority: -9999, + }) + + // wait for the graceful shutdown to complete before exit + defer func() { + wg.Wait() + + if listener != nil { + _ = listener.Close() + } + }() + // --------------------------------------------------------------- + + var baseURL string + + // trigger the OnServe hook and start the tcp listener + serveHookErr := app.OnServe().Trigger(serveEvent, func(e *core.ServeEvent) error { + handler, err := e.Router.BuildMux() + if err != nil { + return err + } + + e.Server.Handler = handler + + if config.HttpsAddr == "" { + baseURL = "http://" + serverAddrToHost(serveEvent.Server.Addr) + } else { + baseURL = "https://" + if len(config.CertificateDomains) > 0 { + baseURL += config.CertificateDomains[0] + } else { + baseURL += serverAddrToHost(serveEvent.Server.Addr) + } + } + + addr := e.Server.Addr + if addr == "" { + // fallback similar to the std Server.ListenAndServe/ListenAndServeTLS + if config.HttpsAddr != "" { + addr = ":https" + } else { + addr = ":http" + } + } + + listener, err = net.Listen("tcp", addr) + if err != nil { + return err + } + + if e.InstallerFunc != nil { + app := e.App + installerFunc := e.InstallerFunc + routine.FireAndForget(func() { + if err := loadInstaller(app, baseURL, installerFunc); err != nil { + app.Logger().Warn("Failed to initialize installer", "error", err) + } + }) + } + + return nil + }) + if serveHookErr != nil { + return serveHookErr + } + + if listener == nil { + //nolint:staticcheck + return errors.New("The OnServe finalizer wasn't invoked. Did you forget to call the ServeEvent.Next() method?") + } + + if config.ShowStartBanner { + date := new(strings.Builder) + log.New(date, "", log.LstdFlags).Print() + + bold := color.New(color.Bold).Add(color.FgGreen) + bold.Printf( + "%s Server started at %s\n", + strings.TrimSpace(date.String()), + color.CyanString("%s", baseURL), + ) + + regular := color.New() + regular.Printf("├─ REST API: %s\n", color.CyanString("%s/api/", baseURL)) + regular.Printf("└─ Dashboard: %s\n", color.CyanString("%s/_/", baseURL)) + } + + var serveErr error + if config.HttpsAddr != "" { + if config.HttpAddr != "" { + // start an additional HTTP server for redirecting the traffic to the HTTPS version + go http.ListenAndServe(config.HttpAddr, certManager.HTTPHandler(nil)) + } + + // start HTTPS server + serveErr = serveEvent.Server.ServeTLS(listener, "", "") + } else { + // OR start HTTP server + serveErr = serveEvent.Server.Serve(listener) + } + if serveErr != nil && !errors.Is(serveErr, http.ErrServerClosed) { + return serveErr + } + + return nil +} + +// serverAddrToHost loosely converts http.Server.Addr string into a host to print. +func serverAddrToHost(addr string) string { + if addr == "" || strings.HasSuffix(addr, ":http") || strings.HasSuffix(addr, ":https") { + return "127.0.0.1" + } + return addr +} + +type serverErrorLogWriter struct { + app core.App +} + +func (s *serverErrorLogWriter) Write(p []byte) (int, error) { + s.app.Logger().Debug(strings.TrimSpace(string(p))) + + return len(p), nil +} diff --git a/apis/settings.go b/apis/settings.go new file mode 100644 index 0000000..d6d609c --- /dev/null +++ b/apis/settings.go @@ -0,0 +1,143 @@ +package apis + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/tools/router" +) + +// bindSettingsApi registers the settings api endpoints. +func bindSettingsApi(app core.App, rg *router.RouterGroup[*core.RequestEvent]) { + subGroup := rg.Group("/settings").Bind(RequireSuperuserAuth()) + subGroup.GET("", settingsList) + subGroup.PATCH("", settingsSet) + subGroup.POST("/test/s3", settingsTestS3) + subGroup.POST("/test/email", settingsTestEmail) + subGroup.POST("/apple/generate-client-secret", settingsGenerateAppleClientSecret) +} + +func settingsList(e *core.RequestEvent) error { + clone, err := e.App.Settings().Clone() + if err != nil { + return e.InternalServerError("", err) + } + + event := new(core.SettingsListRequestEvent) + event.RequestEvent = e + event.Settings = clone + + return e.App.OnSettingsListRequest().Trigger(event, func(e *core.SettingsListRequestEvent) error { + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, e.Settings) + }) + }) +} + +func settingsSet(e *core.RequestEvent) error { + event := new(core.SettingsUpdateRequestEvent) + event.RequestEvent = e + + if clone, err := e.App.Settings().Clone(); err == nil { + event.OldSettings = clone + } else { + return e.BadRequestError("", err) + } + + if clone, err := e.App.Settings().Clone(); err == nil { + event.NewSettings = clone + } else { + return e.BadRequestError("", err) + } + + if err := e.BindBody(&event.NewSettings); err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + + return e.App.OnSettingsUpdateRequest().Trigger(event, func(e *core.SettingsUpdateRequestEvent) error { + err := e.App.Save(e.NewSettings) + if err != nil { + return e.BadRequestError("An error occurred while saving the new settings.", err) + } + + appSettings, err := e.App.Settings().Clone() + if err != nil { + return e.InternalServerError("Failed to clone app settings.", err) + } + + return execAfterSuccessTx(true, e.App, func() error { + return e.JSON(http.StatusOK, appSettings) + }) + }) +} + +func settingsTestS3(e *core.RequestEvent) error { + form := forms.NewTestS3Filesystem(e.App) + + // load request + if err := e.BindBody(form); err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + + // send + if err := form.Submit(); err != nil { + // form error + if fErr, ok := err.(validation.Errors); ok { + return e.BadRequestError("Failed to test the S3 filesystem.", fErr) + } + + // mailer error + return e.BadRequestError("Failed to test the S3 filesystem. Raw error: \n"+err.Error(), nil) + } + + return e.NoContent(http.StatusNoContent) +} + +func settingsTestEmail(e *core.RequestEvent) error { + form := forms.NewTestEmailSend(e.App) + + // load request + if err := e.BindBody(form); err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + + // send + if err := form.Submit(); err != nil { + // form error + if fErr, ok := err.(validation.Errors); ok { + return e.BadRequestError("Failed to send the test email.", fErr) + } + + // mailer error + return e.BadRequestError("Failed to send the test email. Raw error: \n"+err.Error(), nil) + } + + return e.NoContent(http.StatusNoContent) +} + +func settingsGenerateAppleClientSecret(e *core.RequestEvent) error { + form := forms.NewAppleClientSecretCreate(e.App) + + // load request + if err := e.BindBody(form); err != nil { + return e.BadRequestError("An error occurred while loading the submitted data.", err) + } + + // generate + secret, err := form.Submit() + if err != nil { + // form error + if fErr, ok := err.(validation.Errors); ok { + return e.BadRequestError("Invalid client secret data.", fErr) + } + + // secret generation error + return e.BadRequestError("Failed to generate client secret. Raw error: \n"+err.Error(), nil) + } + + return e.JSON(http.StatusOK, map[string]string{ + "secret": secret, + }) +} diff --git a/apis/settings_test.go b/apis/settings_test.go new file mode 100644 index 0000000..3c20a75 --- /dev/null +++ b/apis/settings_test.go @@ -0,0 +1,641 @@ +package apis_test + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "encoding/pem" + "fmt" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestSettingsList(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodGet, + URL: "/api/settings", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodGet, + URL: "/api/settings", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser", + Method: http.MethodGet, + URL: "/api/settings", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"meta":{`, + `"logs":{`, + `"smtp":{`, + `"s3":{`, + `"backups":{`, + `"batch":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnSettingsListRequest": 1, + }, + }, + { + Name: "OnSettingsListRequest tx body write check", + Method: http.MethodGet, + URL: "/api/settings", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnSettingsListRequest().BindFunc(func(e *core.SettingsListRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnSettingsListRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestSettingsSet(t *testing.T) { + t.Parallel() + + validData := `{ + "meta":{"appName":"update_test"}, + "s3":{"secret": "s3_secret"}, + "backups":{"s3":{"secret":"backups_s3_secret"}} + }` + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPatch, + URL: "/api/settings", + Body: strings.NewReader(validData), + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPatch, + URL: "/api/settings", + Body: strings.NewReader(validData), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser submitting empty data", + Method: http.MethodPatch, + URL: "/api/settings", + Body: strings.NewReader(``), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"meta":{`, + `"logs":{`, + `"smtp":{`, + `"s3":{`, + `"backups":{`, + `"batch":{`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnSettingsUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnSettingsReload": 1, + }, + }, + { + Name: "authorized as superuser submitting invalid data", + Method: http.MethodPatch, + URL: "/api/settings", + Body: strings.NewReader(`{"meta":{"appName":""}}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"meta":{"appName":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnModelUpdate": 1, + "OnModelAfterUpdateError": 1, + "OnModelValidate": 1, + "OnSettingsUpdateRequest": 1, + }, + }, + { + Name: "authorized as superuser submitting valid data", + Method: http.MethodPatch, + URL: "/api/settings", + Body: strings.NewReader(validData), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"meta":{`, + `"logs":{`, + `"smtp":{`, + `"s3":{`, + `"backups":{`, + `"batch":{`, + `"appName":"update_test"`, + }, + NotExpectedContent: []string{ + "secret", + "password", + }, + ExpectedEvents: map[string]int{ + "*": 0, + "OnSettingsUpdateRequest": 1, + "OnModelUpdate": 1, + "OnModelUpdateExecute": 1, + "OnModelAfterUpdateSuccess": 1, + "OnModelValidate": 1, + "OnSettingsReload": 1, + }, + }, + { + Name: "OnSettingsUpdateRequest tx body write check", + Method: http.MethodPatch, + URL: "/api/settings", + Body: strings.NewReader(validData), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) { + app.OnSettingsUpdateRequest().BindFunc(func(e *core.SettingsUpdateRequestEvent) error { + original := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { e.App = original }() + + if err := e.Next(); err != nil { + return err + } + + return e.BadRequestError("TX_ERROR", nil) + }) + }) + }, + ExpectedStatus: 400, + ExpectedEvents: map[string]int{"OnSettingsUpdateRequest": 1}, + ExpectedContent: []string{"TX_ERROR"}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestSettingsTestS3(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/settings/test/s3", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/settings/test/s3", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (missing body + no s3)", + Method: http.MethodPost, + URL: "/api/settings/test/s3", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"filesystem":{`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (invalid filesystem)", + Method: http.MethodPost, + URL: "/api/settings/test/s3", + Body: strings.NewReader(`{"filesystem":"invalid"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{`, + `"filesystem":{`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (valid filesystem and no s3)", + Method: http.MethodPost, + URL: "/api/settings/test/s3", + Body: strings.NewReader(`{"filesystem":"storage"}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"data":{}`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestSettingsTestEmail(t *testing.T) { + t.Parallel() + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{ + "template": "verification", + "email": "test@example.com" + }`), + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{ + "template": "verification", + "email": "test@example.com" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (invalid body)", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (empty json)", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"email":{"code":"validation_required"`, + `"template":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (verifiation template)", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{ + "template": "verification", + "email": "test@example.com" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 1 { + t.Fatalf("[verification] Expected 1 sent email, got %d", app.TestMailer.TotalSend()) + } + + if len(app.TestMailer.LastMessage().To) != 1 { + t.Fatalf("[verification] Expected 1 recipient, got %v", app.TestMailer.LastMessage().To) + } + + if app.TestMailer.LastMessage().To[0].Address != "test@example.com" { + t.Fatalf("[verification] Expected the email to be sent to %s, got %s", "test@example.com", app.TestMailer.LastMessage().To[0].Address) + } + + if !strings.Contains(app.TestMailer.LastMessage().HTML, "Verify") { + t.Fatalf("[verification] Expected to sent a verification email, got \n%v\n%v", app.TestMailer.LastMessage().Subject, app.TestMailer.LastMessage().HTML) + } + }, + ExpectedStatus: 204, + ExpectedContent: []string{}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnMailerSend": 1, + "OnMailerRecordVerificationSend": 1, + }, + }, + { + Name: "authorized as superuser (password reset template)", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{ + "template": "password-reset", + "email": "test@example.com" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 1 { + t.Fatalf("[password-reset] Expected 1 sent email, got %d", app.TestMailer.TotalSend()) + } + + if len(app.TestMailer.LastMessage().To) != 1 { + t.Fatalf("[password-reset] Expected 1 recipient, got %v", app.TestMailer.LastMessage().To) + } + + if app.TestMailer.LastMessage().To[0].Address != "test@example.com" { + t.Fatalf("[password-reset] Expected the email to be sent to %s, got %s", "test@example.com", app.TestMailer.LastMessage().To[0].Address) + } + + if !strings.Contains(app.TestMailer.LastMessage().HTML, "Reset password") { + t.Fatalf("[password-reset] Expected to sent a password-reset email, got \n%v\n%v", app.TestMailer.LastMessage().Subject, app.TestMailer.LastMessage().HTML) + } + }, + ExpectedStatus: 204, + ExpectedContent: []string{}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnMailerSend": 1, + "OnMailerRecordPasswordResetSend": 1, + }, + }, + { + Name: "authorized as superuser (email change)", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{ + "template": "email-change", + "email": "test@example.com" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 1 { + t.Fatalf("[email-change] Expected 1 sent email, got %d", app.TestMailer.TotalSend()) + } + + if len(app.TestMailer.LastMessage().To) != 1 { + t.Fatalf("[email-change] Expected 1 recipient, got %v", app.TestMailer.LastMessage().To) + } + + if app.TestMailer.LastMessage().To[0].Address != "test@example.com" { + t.Fatalf("[email-change] Expected the email to be sent to %s, got %s", "test@example.com", app.TestMailer.LastMessage().To[0].Address) + } + + if !strings.Contains(app.TestMailer.LastMessage().HTML, "Confirm new email") { + t.Fatalf("[email-change] Expected to sent a confirm new email email, got \n%v\n%v", app.TestMailer.LastMessage().Subject, app.TestMailer.LastMessage().HTML) + } + }, + ExpectedStatus: 204, + ExpectedContent: []string{}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnMailerSend": 1, + "OnMailerRecordEmailChangeSend": 1, + }, + }, + { + Name: "authorized as superuser (otp)", + Method: http.MethodPost, + URL: "/api/settings/test/email", + Body: strings.NewReader(`{ + "template": "otp", + "email": "test@example.com" + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) { + if app.TestMailer.TotalSend() != 1 { + t.Fatalf("[otp] Expected 1 sent email, got %d", app.TestMailer.TotalSend()) + } + + if len(app.TestMailer.LastMessage().To) != 1 { + t.Fatalf("[otp] Expected 1 recipient, got %v", app.TestMailer.LastMessage().To) + } + + if app.TestMailer.LastMessage().To[0].Address != "test@example.com" { + t.Fatalf("[otp] Expected the email to be sent to %s, got %s", "test@example.com", app.TestMailer.LastMessage().To[0].Address) + } + + if !strings.Contains(app.TestMailer.LastMessage().HTML, "one-time password") { + t.Fatalf("[otp] Expected to sent OTP email, got \n%v\n%v", app.TestMailer.LastMessage().Subject, app.TestMailer.LastMessage().HTML) + } + }, + ExpectedStatus: 204, + ExpectedContent: []string{}, + ExpectedEvents: map[string]int{ + "*": 0, + "OnMailerSend": 1, + "OnMailerRecordOTPSend": 1, + }, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} + +func TestGenerateAppleClientSecret(t *testing.T) { + t.Parallel() + + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatal(err) + } + + encodedKey, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + t.Fatal(err) + } + + privatePem := pem.EncodeToMemory( + &pem.Block{ + Type: "PRIVATE KEY", + Bytes: encodedKey, + }, + ) + + scenarios := []tests.ApiScenario{ + { + Name: "unauthorized", + Method: http.MethodPost, + URL: "/api/settings/apple/generate-client-secret", + ExpectedStatus: 401, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as regular user", + Method: http.MethodPost, + URL: "/api/settings/apple/generate-client-secret", + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + }, + ExpectedStatus: 403, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (invalid body)", + Method: http.MethodPost, + URL: "/api/settings/apple/generate-client-secret", + Body: strings.NewReader(`{`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{`"data":{}`}, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (empty json)", + Method: http.MethodPost, + URL: "/api/settings/apple/generate-client-secret", + Body: strings.NewReader(`{}`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"clientId":{"code":"validation_required"`, + `"teamId":{"code":"validation_required"`, + `"keyId":{"code":"validation_required"`, + `"privateKey":{"code":"validation_required"`, + `"duration":{"code":"validation_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (invalid data)", + Method: http.MethodPost, + URL: "/api/settings/apple/generate-client-secret", + Body: strings.NewReader(`{ + "clientId": "", + "teamId": "123456789", + "keyId": "123456789", + "privateKey": "invalid", + "duration": -1 + }`), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 400, + ExpectedContent: []string{ + `"clientId":{"code":"validation_required"`, + `"teamId":{"code":"validation_length_invalid"`, + `"keyId":{"code":"validation_length_invalid"`, + `"privateKey":{"code":"validation_match_invalid"`, + `"duration":{"code":"validation_min_greater_equal_than_required"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + { + Name: "authorized as superuser (valid data)", + Method: http.MethodPost, + URL: "/api/settings/apple/generate-client-secret", + Body: strings.NewReader(fmt.Sprintf(`{ + "clientId": "123", + "teamId": "1234567890", + "keyId": "1234567891", + "privateKey": %q, + "duration": 1 + }`, privatePem)), + Headers: map[string]string{ + "Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY", + }, + ExpectedStatus: 200, + ExpectedContent: []string{ + `"secret":"`, + }, + ExpectedEvents: map[string]int{"*": 0}, + }, + } + + for _, scenario := range scenarios { + scenario.Test(t) + } +} diff --git a/cmd/serve.go b/cmd/serve.go new file mode 100644 index 0000000..fbd7a47 --- /dev/null +++ b/cmd/serve.go @@ -0,0 +1,77 @@ +package cmd + +import ( + "errors" + "net/http" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/spf13/cobra" +) + +// NewServeCommand creates and returns new command responsible for +// starting the default PocketBase web server. +func NewServeCommand(app core.App, showStartBanner bool) *cobra.Command { + var allowedOrigins []string + var httpAddr string + var httpsAddr string + + command := &cobra.Command{ + Use: "serve [domain(s)]", + Args: cobra.ArbitraryArgs, + Short: "Starts the web server (default to 127.0.0.1:8090 if no domain is specified)", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + // set default listener addresses if at least one domain is specified + if len(args) > 0 { + if httpAddr == "" { + httpAddr = "0.0.0.0:80" + } + if httpsAddr == "" { + httpsAddr = "0.0.0.0:443" + } + } else { + if httpAddr == "" { + httpAddr = "127.0.0.1:8090" + } + } + + err := apis.Serve(app, apis.ServeConfig{ + HttpAddr: httpAddr, + HttpsAddr: httpsAddr, + ShowStartBanner: showStartBanner, + AllowedOrigins: allowedOrigins, + CertificateDomains: args, + }) + + if errors.Is(err, http.ErrServerClosed) { + return nil + } + + return err + }, + } + + command.PersistentFlags().StringSliceVar( + &allowedOrigins, + "origins", + []string{"*"}, + "CORS allowed domain origins list", + ) + + command.PersistentFlags().StringVar( + &httpAddr, + "http", + "", + "TCP address to listen for the HTTP server\n(if domain args are specified - default to 0.0.0.0:80, otherwise - default to 127.0.0.1:8090)", + ) + + command.PersistentFlags().StringVar( + &httpsAddr, + "https", + "", + "TCP address to listen for the HTTPS server\n(if domain args are specified - default to 0.0.0.0:443, otherwise - default to empty string, aka. no TLS)\nThe incoming HTTP traffic also will be auto redirected to the HTTPS version", + ) + + return command +} diff --git a/cmd/superuser.go b/cmd/superuser.go new file mode 100644 index 0000000..523fa53 --- /dev/null +++ b/cmd/superuser.go @@ -0,0 +1,211 @@ +package cmd + +import ( + "errors" + "fmt" + + "github.com/fatih/color" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cobra" +) + +// NewSuperuserCommand creates and returns new command for managing +// superuser accounts (create, update, upsert, delete). +func NewSuperuserCommand(app core.App) *cobra.Command { + command := &cobra.Command{ + Use: "superuser", + Short: "Manage superusers", + } + + command.AddCommand(superuserUpsertCommand(app)) + command.AddCommand(superuserCreateCommand(app)) + command.AddCommand(superuserUpdateCommand(app)) + command.AddCommand(superuserDeleteCommand(app)) + command.AddCommand(superuserOTPCommand(app)) + + return command +} + +func superuserUpsertCommand(app core.App) *cobra.Command { + command := &cobra.Command{ + Use: "upsert", + Example: "superuser upsert test@example.com 1234567890", + Short: "Creates, or updates if email exists, a single superuser", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + if len(args) != 2 { + return errors.New("missing email and password arguments") + } + + if args[0] == "" || is.EmailFormat.Validate(args[0]) != nil { + return errors.New("missing or invalid email address") + } + + superusersCol, err := app.FindCachedCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + return fmt.Errorf("failed to fetch %q collection: %w", core.CollectionNameSuperusers, err) + } + + superuser, err := app.FindAuthRecordByEmail(superusersCol, args[0]) + if err != nil { + superuser = core.NewRecord(superusersCol) + } + + superuser.SetEmail(args[0]) + superuser.SetPassword(args[1]) + + if err := app.Save(superuser); err != nil { + return fmt.Errorf("failed to upsert superuser account: %w", err) + } + + color.Green("Successfully saved superuser %q!", superuser.Email()) + return nil + }, + } + + return command +} + +func superuserCreateCommand(app core.App) *cobra.Command { + command := &cobra.Command{ + Use: "create", + Example: "superuser create test@example.com 1234567890", + Short: "Creates a new superuser", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + if len(args) != 2 { + return errors.New("missing email and password arguments") + } + + if args[0] == "" || is.EmailFormat.Validate(args[0]) != nil { + return errors.New("missing or invalid email address") + } + + superusersCol, err := app.FindCachedCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + return fmt.Errorf("failed to fetch %q collection: %w", core.CollectionNameSuperusers, err) + } + + superuser := core.NewRecord(superusersCol) + superuser.SetEmail(args[0]) + superuser.SetPassword(args[1]) + + if err := app.Save(superuser); err != nil { + return fmt.Errorf("failed to create new superuser account: %w", err) + } + + color.Green("Successfully created new superuser %q!", superuser.Email()) + return nil + }, + } + + return command +} + +func superuserUpdateCommand(app core.App) *cobra.Command { + command := &cobra.Command{ + Use: "update", + Example: "superuser update test@example.com 1234567890", + Short: "Changes the password of a single superuser", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + if len(args) != 2 { + return errors.New("missing email and password arguments") + } + + if args[0] == "" || is.EmailFormat.Validate(args[0]) != nil { + return errors.New("missing or invalid email address") + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, args[0]) + if err != nil { + return fmt.Errorf("superuser with email %q doesn't exist", args[0]) + } + + superuser.SetPassword(args[1]) + + if err := app.Save(superuser); err != nil { + return fmt.Errorf("failed to change superuser %q password: %w", superuser.Email(), err) + } + + color.Green("Successfully changed superuser %q password!", superuser.Email()) + return nil + }, + } + + return command +} + +func superuserDeleteCommand(app core.App) *cobra.Command { + command := &cobra.Command{ + Use: "delete", + Example: "superuser delete test@example.com", + Short: "Deletes an existing superuser", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + if len(args) == 0 || args[0] == "" || is.EmailFormat.Validate(args[0]) != nil { + return errors.New("invalid or missing email address") + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, args[0]) + if err != nil { + color.Yellow("superuser %q is missing or already deleted", args[0]) + return nil + } + + if err := app.Delete(superuser); err != nil { + return fmt.Errorf("failed to delete superuser %q: %w", superuser.Email(), err) + } + + color.Green("Successfully deleted superuser %q!", superuser.Email()) + return nil + }, + } + + return command +} + +func superuserOTPCommand(app core.App) *cobra.Command { + command := &cobra.Command{ + Use: "otp", + Example: "superuser otp test@example.com", + Short: "Creates a new OTP for the specified superuser", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + if len(args) == 0 || args[0] == "" || is.EmailFormat.Validate(args[0]) != nil { + return errors.New("invalid or missing email address") + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, args[0]) + if err != nil { + return fmt.Errorf("superuser with email %q doesn't exist", args[0]) + } + + if !superuser.Collection().OTP.Enabled { + return errors.New("OTP auth is not enabled for the _superusers collection") + } + + pass := security.RandomStringWithAlphabet(superuser.Collection().OTP.Length, "1234567890") + + otp := core.NewOTP(app) + otp.SetCollectionRef(superuser.Collection().Id) + otp.SetRecordRef(superuser.Id) + otp.SetPassword(pass) + + err = app.Save(otp) + if err != nil { + return fmt.Errorf("failed to create OTP: %w", err) + } + + color.New(color.BgGreen, color.FgBlack).Printf("Successfully created OTP for superuser %q:", superuser.Email()) + color.Green("\n├─ Id: %s", otp.Id) + color.Green("├─ Pass: %s", pass) + color.Green("└─ Valid: %ds\n\n", superuser.Collection().OTP.Duration) + return nil + }, + } + + return command +} diff --git a/cmd/superuser_test.go b/cmd/superuser_test.go new file mode 100644 index 0000000..dd3681d --- /dev/null +++ b/cmd/superuser_test.go @@ -0,0 +1,403 @@ +package cmd_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/cmd" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestSuperuserUpsertCommand(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + email string + password string + expectError bool + }{ + { + "empty email and password", + "", + "", + true, + }, + { + "empty email", + "", + "1234567890", + true, + }, + { + "invalid email", + "invalid", + "1234567890", + true, + }, + { + "empty password", + "test@example.com", + "", + true, + }, + { + "short password", + "test_new@example.com", + "1234567", + true, + }, + { + "existing user", + "test@example.com", + "1234567890!", + false, + }, + { + "new user", + "test_new@example.com", + "1234567890!", + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + command := cmd.NewSuperuserCommand(app) + command.SetArgs([]string{"upsert", s.email, s.password}) + + err := command.Execute() + + hasErr := err != nil + if s.expectError != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + // check whether the superuser account was actually upserted + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email) + if err != nil { + t.Fatalf("Failed to fetch superuser %s: %v", s.email, err) + } else if !superuser.ValidatePassword(s.password) { + t.Fatal("Expected the superuser password to match") + } + }) + } +} + +func TestSuperuserCreateCommand(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + email string + password string + expectError bool + }{ + { + "empty email and password", + "", + "", + true, + }, + { + "empty email", + "", + "1234567890", + true, + }, + { + "invalid email", + "invalid", + "1234567890", + true, + }, + { + "duplicated email", + "test@example.com", + "1234567890", + true, + }, + { + "empty password", + "test@example.com", + "", + true, + }, + { + "short password", + "test_new@example.com", + "1234567", + true, + }, + { + "valid email and password", + "test_new@example.com", + "12345678", + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + command := cmd.NewSuperuserCommand(app) + command.SetArgs([]string{"create", s.email, s.password}) + + err := command.Execute() + + hasErr := err != nil + if s.expectError != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + // check whether the superuser account was actually created + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email) + if err != nil { + t.Fatalf("Failed to fetch created superuser %s: %v", s.email, err) + } else if !superuser.ValidatePassword(s.password) { + t.Fatal("Expected the superuser password to match") + } + }) + } +} + +func TestSuperuserUpdateCommand(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + email string + password string + expectError bool + }{ + { + "empty email and password", + "", + "", + true, + }, + { + "empty email", + "", + "1234567890", + true, + }, + { + "invalid email", + "invalid", + "1234567890", + true, + }, + { + "nonexisting superuser", + "test_missing@example.com", + "1234567890", + true, + }, + { + "empty password", + "test@example.com", + "", + true, + }, + { + "short password", + "test_new@example.com", + "1234567", + true, + }, + { + "valid email and password", + "test@example.com", + "12345678", + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + command := cmd.NewSuperuserCommand(app) + command.SetArgs([]string{"update", s.email, s.password}) + + err := command.Execute() + + hasErr := err != nil + if s.expectError != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + // check whether the superuser password was actually changed + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email) + if err != nil { + t.Fatalf("Failed to fetch superuser %s: %v", s.email, err) + } else if !superuser.ValidatePassword(s.password) { + t.Fatal("Expected the superuser password to match") + } + }) + } +} + +func TestSuperuserDeleteCommand(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + email string + expectError bool + }{ + { + "empty email", + "", + true, + }, + { + "invalid email", + "invalid", + true, + }, + { + "nonexisting superuser", + "test_missing@example.com", + false, + }, + { + "existing superuser", + "test@example.com", + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + command := cmd.NewSuperuserCommand(app) + command.SetArgs([]string{"delete", s.email}) + + err := command.Execute() + + hasErr := err != nil + if s.expectError != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if _, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email); err == nil { + t.Fatal("Expected the superuser account to be deleted") + } + }) + } +} + +func TestSuperuserOTPCommand(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + superusersCollection, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + + // remove all existing otps + otps, err := app.FindAllOTPsByCollection(superusersCollection) + if err != nil { + t.Fatal(err) + } + for _, otp := range otps { + err = app.Delete(otp) + if err != nil { + t.Fatal(err) + } + } + + scenarios := []struct { + name string + email string + enabled bool + expectError bool + }{ + { + "empty email", + "", + true, + true, + }, + { + "invalid email", + "invalid", + true, + true, + }, + { + "nonexisting superuser", + "test_missing@example.com", + true, + true, + }, + { + "existing superuser", + "test@example.com", + true, + false, + }, + { + "existing superuser with disabled OTP", + "test@example.com", + false, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + command := cmd.NewSuperuserCommand(app) + command.SetArgs([]string{"otp", s.email}) + + superusersCollection.OTP.Enabled = s.enabled + if err = app.SaveNoValidate(superusersCollection); err != nil { + t.Fatal(err) + } + + err := command.Execute() + + hasErr := err != nil + if s.expectError != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + superuser, err := app.FindAuthRecordByEmail(superusersCollection, s.email) + if err != nil { + t.Fatal(err) + } + + otps, _ := app.FindAllOTPsByRecord(superuser) + if total := len(otps); total != 1 { + t.Fatalf("Expected 1 OTP, got %d", total) + } + }) + } +} diff --git a/core/app.go b/core/app.go new file mode 100644 index 0000000..df2b354 --- /dev/null +++ b/core/app.go @@ -0,0 +1,1538 @@ +// Package core is the backbone of PocketBase. +// +// It defines the main PocketBase App interface and its base implementation. +package core + +import ( + "context" + "log/slog" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/cron" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/mailer" + "github.com/pocketbase/pocketbase/tools/store" + "github.com/pocketbase/pocketbase/tools/subscriptions" +) + +// App defines the main PocketBase app interface. +// +// Note that the interface is not intended to be implemented manually by users +// and instead they should use core.BaseApp (either directly or as embedded field in a custom struct). +// +// This interface exists to make testing easier and to allow users to +// create common and pluggable helpers and methods that doesn't rely +// on a specific wrapped app struct (hence the large interface size). +type App interface { + // UnsafeWithoutHooks returns a shallow copy of the current app WITHOUT any registered hooks. + // + // NB! Note that using the returned app instance may cause data integrity errors + // since the Record validations and data normalizations (including files uploads) + // rely on the app hooks to work. + UnsafeWithoutHooks() App + + // Logger returns the default app logger. + // + // If the application is not bootstrapped yet, fallbacks to slog.Default(). + Logger() *slog.Logger + + // IsBootstrapped checks if the application was initialized + // (aka. whether Bootstrap() was called). + IsBootstrapped() bool + + // IsTransactional checks if the current app instance is part of a transaction. + IsTransactional() bool + + // TxInfo returns the transaction associated with the current app instance (if any). + // + // Could be used if you want to execute indirectly a function after + // the related app transaction completes using `app.TxInfo().OnAfterFunc(callback)`. + TxInfo() *TxAppInfo + + // Bootstrap initializes the application + // (aka. create data dir, open db connections, load settings, etc.). + // + // It will call ResetBootstrapState() if the application was already bootstrapped. + Bootstrap() error + + // ResetBootstrapState releases the initialized core app resources + // (closing db connections, stopping cron ticker, etc.). + ResetBootstrapState() error + + // DataDir returns the app data directory path. + DataDir() string + + // EncryptionEnv returns the name of the app secret env key + // (currently used primarily for optional settings encryption but this may change in the future). + EncryptionEnv() string + + // IsDev returns whether the app is in dev mode. + // + // When enabled logs, executed sql statements, etc. are printed to the stderr. + IsDev() bool + + // Settings returns the loaded app settings. + Settings() *Settings + + // Store returns the app runtime store. + Store() *store.Store[string, any] + + // Cron returns the app cron instance. + Cron() *cron.Cron + + // SubscriptionsBroker returns the app realtime subscriptions broker instance. + SubscriptionsBroker() *subscriptions.Broker + + // NewMailClient creates and returns a new SMTP or Sendmail client + // based on the current app settings. + NewMailClient() mailer.Mailer + + // NewFilesystem creates a new local or S3 filesystem instance + // for managing regular app files (ex. record uploads) + // based on the current app settings. + // + // NB! Make sure to call Close() on the returned result + // after you are done working with it. + NewFilesystem() (*filesystem.System, error) + + // NewBackupsFilesystem creates a new local or S3 filesystem instance + // for managing app backups based on the current app settings. + // + // NB! Make sure to call Close() on the returned result + // after you are done working with it. + NewBackupsFilesystem() (*filesystem.System, error) + + // ReloadSettings reinitializes and reloads the stored application settings. + ReloadSettings() error + + // CreateBackup creates a new backup of the current app pb_data directory. + // + // Backups can be stored on S3 if it is configured in app.Settings().Backups. + // + // Please refer to the godoc of the specific core.App implementation + // for details on the backup procedures. + CreateBackup(ctx context.Context, name string) error + + // RestoreBackup restores the backup with the specified name and restarts + // the current running application process. + // + // The safely perform the restore it is recommended to have free disk space + // for at least 2x the size of the restored pb_data backup. + // + // Please refer to the godoc of the specific core.App implementation + // for details on the restore procedures. + // + // NB! This feature is experimental and currently is expected to work only on UNIX based systems. + RestoreBackup(ctx context.Context, name string) error + + // Restart restarts (aka. replaces) the current running application process. + // + // NB! It relies on execve which is supported only on UNIX based systems. + Restart() error + + // RunSystemMigrations applies all new migrations registered in the [core.SystemMigrations] list. + RunSystemMigrations() error + + // RunAppMigrations applies all new migrations registered in the [core.AppMigrations] list. + RunAppMigrations() error + + // RunAllMigrations applies all system and app migrations + // (aka. from both [core.SystemMigrations] and [core.AppMigrations]). + RunAllMigrations() error + + // --------------------------------------------------------------- + // DB methods + // --------------------------------------------------------------- + + // DB returns the default app data.db builder instance. + // + // To minimize SQLITE_BUSY errors, it automatically routes the + // SELECT queries to the underlying concurrent db pool and everything else + // to the nonconcurrent one. + // + // For more finer control over the used connections pools you can + // call directly ConcurrentDB() or NonconcurrentDB(). + DB() dbx.Builder + + // ConcurrentDB returns the concurrent app data.db builder instance. + // + // This method is used mainly internally for executing db read + // operations in a concurrent/non-blocking manner. + // + // Most users should use simply DB() as it will automatically + // route the query execution to ConcurrentDB() or NonconcurrentDB(). + // + // In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. + ConcurrentDB() dbx.Builder + + // NonconcurrentDB returns the nonconcurrent app data.db builder instance. + // + // The returned db instance is limited only to a single open connection, + // meaning that it can process only 1 db operation at a time (other queries queue up). + // + // This method is used mainly internally and in the tests to execute write + // (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. + // + // Most users should use simply DB() as it will automatically + // route the query execution to ConcurrentDB() or NonconcurrentDB(). + // + // In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. + NonconcurrentDB() dbx.Builder + + // AuxDB returns the app auxiliary.db builder instance. + // + // To minimize SQLITE_BUSY errors, it automatically routes the + // SELECT queries to the underlying concurrent db pool and everything else + // to the nonconcurrent one. + // + // For more finer control over the used connections pools you can + // call directly AuxConcurrentDB() or AuxNonconcurrentDB(). + AuxDB() dbx.Builder + + // AuxConcurrentDB returns the concurrent app auxiliary.db builder instance. + // + // This method is used mainly internally for executing db read + // operations in a concurrent/non-blocking manner. + // + // Most users should use simply AuxDB() as it will automatically + // route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). + // + // In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. + AuxConcurrentDB() dbx.Builder + + // AuxNonconcurrentDB returns the nonconcurrent app auxiliary.db builder instance. + // + // The returned db instance is limited only to a single open connection, + // meaning that it can process only 1 db operation at a time (other queries queue up). + // + // This method is used mainly internally and in the tests to execute write + // (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. + // + // Most users should use simply AuxDB() as it will automatically + // route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). + // + // In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. + AuxNonconcurrentDB() dbx.Builder + + // HasTable checks if a table (or view) with the provided name exists (case insensitive). + // in the data.db. + HasTable(tableName string) bool + + // AuxHasTable checks if a table (or view) with the provided name exists (case insensitive) + // in the auxiliary.db. + AuxHasTable(tableName string) bool + + // TableColumns returns all column names of a single table by its name. + TableColumns(tableName string) ([]string, error) + + // TableInfo returns the "table_info" pragma result for the specified table. + TableInfo(tableName string) ([]*TableInfoRow, error) + + // TableIndexes returns a name grouped map with all non empty index of the specified table. + // + // Note: This method doesn't return an error on nonexisting table. + TableIndexes(tableName string) (map[string]string, error) + + // DeleteTable drops the specified table. + // + // This method is a no-op if a table with the provided name doesn't exist. + // + // NB! Be aware that this method is vulnerable to SQL injection and the + // "tableName" argument must come only from trusted input! + DeleteTable(tableName string) error + + // DeleteView drops the specified view name. + // + // This method is a no-op if a view with the provided name doesn't exist. + // + // NB! Be aware that this method is vulnerable to SQL injection and the + // "name" argument must come only from trusted input! + DeleteView(name string) error + + // SaveView creates (or updates already existing) persistent SQL view. + // + // NB! Be aware that this method is vulnerable to SQL injection and the + // "selectQuery" argument must come only from trusted input! + SaveView(name string, selectQuery string) error + + // CreateViewFields creates a new FieldsList from the provided select query. + // + // There are some caveats: + // - The select query must have an "id" column. + // - Wildcard ("*") columns are not supported to avoid accidentally leaking sensitive data. + CreateViewFields(selectQuery string) (FieldsList, error) + + // FindRecordByViewFile returns the original Record of the provided view collection file. + FindRecordByViewFile(viewCollectionModelOrIdentifier any, fileFieldName string, filename string) (*Record, error) + + // Vacuum executes VACUUM on the data.db in order to reclaim unused data db disk space. + Vacuum() error + + // AuxVacuum executes VACUUM on the auxiliary.db in order to reclaim unused auxiliary db disk space. + AuxVacuum() error + + // --------------------------------------------------------------- + + // ModelQuery creates a new preconfigured select data.db query with preset + // SELECT, FROM and other common fields based on the provided model. + ModelQuery(model Model) *dbx.SelectQuery + + // AuxModelQuery creates a new preconfigured select auxiliary.db query with preset + // SELECT, FROM and other common fields based on the provided model. + AuxModelQuery(model Model) *dbx.SelectQuery + + // Delete deletes the specified model from the regular app database. + Delete(model Model) error + + // Delete deletes the specified model from the regular app database + // (the context could be used to limit the query execution). + DeleteWithContext(ctx context.Context, model Model) error + + // AuxDelete deletes the specified model from the auxiliary database. + AuxDelete(model Model) error + + // AuxDeleteWithContext deletes the specified model from the auxiliary database + // (the context could be used to limit the query execution). + AuxDeleteWithContext(ctx context.Context, model Model) error + + // Save validates and saves the specified model into the regular app database. + // + // If you don't want to run validations, use [App.SaveNoValidate()]. + Save(model Model) error + + // SaveWithContext is the same as [App.Save()] but allows specifying a context to limit the db execution. + // + // If you don't want to run validations, use [App.SaveNoValidateWithContext()]. + SaveWithContext(ctx context.Context, model Model) error + + // SaveNoValidate saves the specified model into the regular app database without performing validations. + // + // If you want to also run validations before persisting, use [App.Save()]. + SaveNoValidate(model Model) error + + // SaveNoValidateWithContext is the same as [App.SaveNoValidate()] + // but allows specifying a context to limit the db execution. + // + // If you want to also run validations before persisting, use [App.SaveWithContext()]. + SaveNoValidateWithContext(ctx context.Context, model Model) error + + // AuxSave validates and saves the specified model into the auxiliary app database. + // + // If you don't want to run validations, use [App.AuxSaveNoValidate()]. + AuxSave(model Model) error + + // AuxSaveWithContext is the same as [App.AuxSave()] but allows specifying a context to limit the db execution. + // + // If you don't want to run validations, use [App.AuxSaveNoValidateWithContext()]. + AuxSaveWithContext(ctx context.Context, model Model) error + + // AuxSaveNoValidate saves the specified model into the auxiliary app database without performing validations. + // + // If you want to also run validations before persisting, use [App.AuxSave()]. + AuxSaveNoValidate(model Model) error + + // AuxSaveNoValidateWithContext is the same as [App.AuxSaveNoValidate()] + // but allows specifying a context to limit the db execution. + // + // If you want to also run validations before persisting, use [App.AuxSaveWithContext()]. + AuxSaveNoValidateWithContext(ctx context.Context, model Model) error + + // Validate triggers the OnModelValidate hook for the specified model. + Validate(model Model) error + + // ValidateWithContext is the same as Validate but allows specifying the ModelEvent context. + ValidateWithContext(ctx context.Context, model Model) error + + // RunInTransaction wraps fn into a transaction for the regular app database. + // + // It is safe to nest RunInTransaction calls as long as you use the callback's txApp. + RunInTransaction(fn func(txApp App) error) error + + // AuxRunInTransaction wraps fn into a transaction for the auxiliary app database. + // + // It is safe to nest RunInTransaction calls as long as you use the callback's txApp. + AuxRunInTransaction(fn func(txApp App) error) error + + // --------------------------------------------------------------- + + // LogQuery returns a new Log select query. + LogQuery() *dbx.SelectQuery + + // FindLogById finds a single Log entry by its id. + FindLogById(id string) (*Log, error) + + // LogsStatsItem returns hourly grouped logs statistics. + LogsStats(expr dbx.Expression) ([]*LogsStatsItem, error) + + // DeleteOldLogs delete all logs that are created before createdBefore. + DeleteOldLogs(createdBefore time.Time) error + + // --------------------------------------------------------------- + + // CollectionQuery returns a new Collection select query. + CollectionQuery() *dbx.SelectQuery + + // FindCollections finds all collections by the given type(s). + // + // If collectionTypes is not set, it returns all collections. + // + // Example: + // + // app.FindAllCollections() // all collections + // app.FindAllCollections("auth", "view") // only auth and view collections + FindAllCollections(collectionTypes ...string) ([]*Collection, error) + + // ReloadCachedCollections fetches all collections and caches them into the app store. + ReloadCachedCollections() error + + // FindCollectionByNameOrId finds a single collection by its name (case insensitive) or id.s + FindCollectionByNameOrId(nameOrId string) (*Collection, error) + + // FindCachedCollectionByNameOrId is similar to [App.FindCollectionByNameOrId] + // but retrieves the Collection from the app cache instead of making a db call. + // + // NB! This method is suitable for read-only Collection operations. + // + // Returns [sql.ErrNoRows] if no Collection is found for consistency + // with the [App.FindCollectionByNameOrId] method. + // + // If you plan making changes to the returned Collection model, + // use [App.FindCollectionByNameOrId] instead. + // + // Caveats: + // + // - The returned Collection should be used only for read-only operations. + // Avoid directly modifying the returned cached Collection as it will affect + // the global cached value even if you don't persist the changes in the database! + // - If you are updating a Collection in a transaction and then call this method before commit, + // it'll return the cached Collection state and not the one from the uncommitted transaction. + // - The cache is automatically updated on collections db change (create/update/delete). + // To manually reload the cache you can call [App.ReloadCachedCollections] + FindCachedCollectionByNameOrId(nameOrId string) (*Collection, error) + + // FindCollectionReferences returns information for all relation + // fields referencing the provided collection. + // + // If the provided collection has reference to itself then it will be + // also included in the result. To exclude it, pass the collection id + // as the excludeIds argument. + FindCollectionReferences(collection *Collection, excludeIds ...string) (map[*Collection][]Field, error) + + // FindCachedCollectionReferences is similar to [App.FindCollectionReferences] + // but retrieves the Collection from the app cache instead of making a db call. + // + // NB! This method is suitable for read-only Collection operations. + // + // If you plan making changes to the returned Collection model, + // use [App.FindCollectionReferences] instead. + // + // Caveats: + // + // - The returned Collection should be used only for read-only operations. + // Avoid directly modifying the returned cached Collection as it will affect + // the global cached value even if you don't persist the changes in the database! + // - If you are updating a Collection in a transaction and then call this method before commit, + // it'll return the cached Collection state and not the one from the uncommitted transaction. + // - The cache is automatically updated on collections db change (create/update/delete). + // To manually reload the cache you can call [App.ReloadCachedCollections]. + FindCachedCollectionReferences(collection *Collection, excludeIds ...string) (map[*Collection][]Field, error) + + // IsCollectionNameUnique checks that there is no existing collection + // with the provided name (case insensitive!). + // + // Note: case insensitive check because the name is used also as + // table name for the records. + IsCollectionNameUnique(name string, excludeIds ...string) bool + + // TruncateCollection deletes all records associated with the provided collection. + // + // The truncate operation is executed in a single transaction, + // aka. either everything is deleted or none. + // + // Note that this method will also trigger the records related + // cascade and file delete actions. + TruncateCollection(collection *Collection) error + + // ImportCollections imports the provided collections data in a single transaction. + // + // For existing matching collections, the imported data is unmarshaled on top of the existing model. + // + // NB! If deleteMissing is true, ALL NON-SYSTEM COLLECTIONS AND SCHEMA FIELDS, + // that are not present in the imported configuration, WILL BE DELETED + // (this includes their related records data). + ImportCollections(toImport []map[string]any, deleteMissing bool) error + + // ImportCollectionsByMarshaledJSON is the same as [ImportCollections] + // but accept marshaled json array as import data (usually used for the autogenerated snapshots). + ImportCollectionsByMarshaledJSON(rawSliceOfMaps []byte, deleteMissing bool) error + + // SyncRecordTableSchema compares the two provided collections + // and applies the necessary related record table changes. + // + // If oldCollection is null, then only newCollection is used to create the record table. + // + // This method is automatically invoked as part of a collection create/update/delete operation. + SyncRecordTableSchema(newCollection *Collection, oldCollection *Collection) error + + // --------------------------------------------------------------- + + // FindAllExternalAuthsByRecord returns all ExternalAuth models + // linked to the provided auth record. + FindAllExternalAuthsByRecord(authRecord *Record) ([]*ExternalAuth, error) + + // FindAllExternalAuthsByCollection returns all ExternalAuth models + // linked to the provided auth collection. + FindAllExternalAuthsByCollection(collection *Collection) ([]*ExternalAuth, error) + + // FindFirstExternalAuthByExpr returns the first available (the most recent created) + // ExternalAuth model that satisfies the non-nil expression. + FindFirstExternalAuthByExpr(expr dbx.Expression) (*ExternalAuth, error) + + // --------------------------------------------------------------- + + // FindAllMFAsByRecord returns all MFA models linked to the provided auth record. + FindAllMFAsByRecord(authRecord *Record) ([]*MFA, error) + + // FindAllMFAsByCollection returns all MFA models linked to the provided collection. + FindAllMFAsByCollection(collection *Collection) ([]*MFA, error) + + // FindMFAById returns a single MFA model by its id. + FindMFAById(id string) (*MFA, error) + + // DeleteAllMFAsByRecord deletes all MFA models associated with the provided record. + // + // Returns a combined error with the failed deletes. + DeleteAllMFAsByRecord(authRecord *Record) error + + // DeleteExpiredMFAs deletes the expired MFAs for all auth collections. + DeleteExpiredMFAs() error + + // --------------------------------------------------------------- + + // FindAllOTPsByRecord returns all OTP models linked to the provided auth record. + FindAllOTPsByRecord(authRecord *Record) ([]*OTP, error) + + // FindAllOTPsByCollection returns all OTP models linked to the provided collection. + FindAllOTPsByCollection(collection *Collection) ([]*OTP, error) + + // FindOTPById returns a single OTP model by its id. + FindOTPById(id string) (*OTP, error) + + // DeleteAllOTPsByRecord deletes all OTP models associated with the provided record. + // + // Returns a combined error with the failed deletes. + DeleteAllOTPsByRecord(authRecord *Record) error + + // DeleteExpiredOTPs deletes the expired OTPs for all auth collections. + DeleteExpiredOTPs() error + + // --------------------------------------------------------------- + + // FindAllAuthOriginsByRecord returns all AuthOrigin models linked to the provided auth record (in DESC order). + FindAllAuthOriginsByRecord(authRecord *Record) ([]*AuthOrigin, error) + + // FindAllAuthOriginsByCollection returns all AuthOrigin models linked to the provided collection (in DESC order). + FindAllAuthOriginsByCollection(collection *Collection) ([]*AuthOrigin, error) + + // FindAuthOriginById returns a single AuthOrigin model by its id. + FindAuthOriginById(id string) (*AuthOrigin, error) + + // FindAuthOriginByRecordAndFingerprint returns a single AuthOrigin model + // by its authRecord relation and fingerprint. + FindAuthOriginByRecordAndFingerprint(authRecord *Record, fingerprint string) (*AuthOrigin, error) + + // DeleteAllAuthOriginsByRecord deletes all AuthOrigin models associated with the provided record. + // + // Returns a combined error with the failed deletes. + DeleteAllAuthOriginsByRecord(authRecord *Record) error + + // --------------------------------------------------------------- + + // RecordQuery returns a new Record select query from a collection model, id or name. + // + // In case a collection id or name is provided and that collection doesn't + // actually exists, the generated query will be created with a cancelled context + // and will fail once an executor (Row(), One(), All(), etc.) is called. + RecordQuery(collectionModelOrIdentifier any) *dbx.SelectQuery + + // FindRecordById finds the Record model by its id. + FindRecordById(collectionModelOrIdentifier any, recordId string, optFilters ...func(q *dbx.SelectQuery) error) (*Record, error) + + // FindRecordsByIds finds all records by the specified ids. + // If no records are found, returns an empty slice. + FindRecordsByIds(collectionModelOrIdentifier any, recordIds []string, optFilters ...func(q *dbx.SelectQuery) error) ([]*Record, error) + + // FindAllRecords finds all records matching specified db expressions. + // + // Returns all collection records if no expression is provided. + // + // Returns an empty slice if no records are found. + // + // Example: + // + // // no extra expressions + // app.FindAllRecords("example") + // + // // with extra expressions + // expr1 := dbx.HashExp{"email": "test@example.com"} + // expr2 := dbx.NewExp("LOWER(username) = {:username}", dbx.Params{"username": "test"}) + // app.FindAllRecords("example", expr1, expr2) + FindAllRecords(collectionModelOrIdentifier any, exprs ...dbx.Expression) ([]*Record, error) + + // FindFirstRecordByData returns the first found record matching + // the provided key-value pair. + FindFirstRecordByData(collectionModelOrIdentifier any, key string, value any) (*Record, error) + + // FindRecordsByFilter returns limit number of records matching the + // provided string filter. + // + // NB! Use the last "params" argument to bind untrusted user variables! + // + // The filter argument is optional and can be empty string to target + // all available records. + // + // The sort argument is optional and can be empty string OR the same format + // used in the web APIs, ex. "-created,title". + // + // If the limit argument is <= 0, no limit is applied to the query and + // all matching records are returned. + // + // Returns an empty slice if no records are found. + // + // Example: + // + // app.FindRecordsByFilter( + // "posts", + // "title ~ {:title} && visible = {:visible}", + // "-created", + // 10, + // 0, + // dbx.Params{"title": "lorem ipsum", "visible": true} + // ) + FindRecordsByFilter( + collectionModelOrIdentifier any, + filter string, + sort string, + limit int, + offset int, + params ...dbx.Params, + ) ([]*Record, error) + + // FindFirstRecordByFilter returns the first available record matching the provided filter (if any). + // + // NB! Use the last params argument to bind untrusted user variables! + // + // Returns sql.ErrNoRows if no record is found. + // + // Example: + // + // app.FindFirstRecordByFilter("posts", "") + // app.FindFirstRecordByFilter("posts", "slug={:slug} && status='public'", dbx.Params{"slug": "test"}) + FindFirstRecordByFilter( + collectionModelOrIdentifier any, + filter string, + params ...dbx.Params, + ) (*Record, error) + + // CountRecords returns the total number of records in a collection. + CountRecords(collectionModelOrIdentifier any, exprs ...dbx.Expression) (int64, error) + + // FindAuthRecordByToken finds the auth record associated with the provided JWT + // (auth, file, verifyEmail, changeEmail, passwordReset types). + // + // Optionally specify a list of validTypes to check tokens only from those types. + // + // Returns an error if the JWT is invalid, expired or not associated to an auth collection record. + FindAuthRecordByToken(token string, validTypes ...string) (*Record, error) + + // FindAuthRecordByEmail finds the auth record associated with the provided email. + // + // Returns an error if it is not an auth collection or the record is not found. + FindAuthRecordByEmail(collectionModelOrIdentifier any, email string) (*Record, error) + + // CanAccessRecord checks if a record is allowed to be accessed by the + // specified requestInfo and accessRule. + // + // Rule and db checks are ignored in case requestInfo.Auth is a superuser. + // + // The returned error indicate that something unexpected happened during + // the check (eg. invalid rule or db query error). + // + // The method always return false on invalid rule or db query error. + // + // Example: + // + // requestInfo, _ := e.RequestInfo() + // record, _ := app.FindRecordById("example", "RECORD_ID") + // rule := types.Pointer("@request.auth.id != '' || status = 'public'") + // // ... or use one of the record collection's rule, eg. record.Collection().ViewRule + // + // if ok, _ := app.CanAccessRecord(record, requestInfo, rule); ok { ... } + CanAccessRecord(record *Record, requestInfo *RequestInfo, accessRule *string) (bool, error) + + // ExpandRecord expands the relations of a single Record model. + // + // If optFetchFunc is not set, then a default function will be used + // that returns all relation records. + // + // Returns a map with the failed expand parameters and their errors. + ExpandRecord(record *Record, expands []string, optFetchFunc ExpandFetchFunc) map[string]error + + // ExpandRecords expands the relations of the provided Record models list. + // + // If optFetchFunc is not set, then a default function will be used + // that returns all relation records. + // + // Returns a map with the failed expand parameters and their errors. + ExpandRecords(records []*Record, expands []string, optFetchFunc ExpandFetchFunc) map[string]error + + // --------------------------------------------------------------- + // App event hooks + // --------------------------------------------------------------- + + // OnBootstrap hook is triggered when initializing the main application + // resources (db, app settings, etc). + OnBootstrap() *hook.Hook[*BootstrapEvent] + + // OnServe hook is triggered when the app web server is started + // (after starting the TCP listener but before initializing the blocking serve task), + // allowing you to adjust its options and attach new routes or middlewares. + OnServe() *hook.Hook[*ServeEvent] + + // OnTerminate hook is triggered when the app is in the process + // of being terminated (ex. on SIGTERM signal). + // + // Note that the app could be terminated abruptly without awaiting the hook completion. + OnTerminate() *hook.Hook[*TerminateEvent] + + // OnBackupCreate hook is triggered on each [App.CreateBackup] call. + OnBackupCreate() *hook.Hook[*BackupEvent] + + // OnBackupRestore hook is triggered before app backup restore (aka. [App.RestoreBackup] call). + // + // Note that by default on success the application is restarted and the after state of the hook is ignored. + OnBackupRestore() *hook.Hook[*BackupEvent] + + // --------------------------------------------------------------- + // DB models event hooks + // --------------------------------------------------------------- + + // OnModelValidate is triggered every time when a model is being validated + // (e.g. triggered by App.Validate() or App.Save()). + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelValidate(tags ...string) *hook.TaggedHook[*ModelEvent] + + // --------------------------------------------------------------- + + // OnModelCreate is triggered every time when a new model is being created + // (e.g. triggered by App.Save()). + // + // Operations BEFORE the e.Next() execute before the model validation + // and the INSERT DB statement. + // + // Operations AFTER the e.Next() execute after the model validation + // and the INSERT DB statement. + // + // Note that successful execution doesn't guarantee that the model + // is persisted in the database since its wrapping transaction may + // not have been committed yet. + // If you want to listen to only the actual persisted events, you can + // bind to [OnModelAfterCreateSuccess] or [OnModelAfterCreateError] hooks. + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelCreate(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelCreateExecute is triggered after successful Model validation + // and right before the model INSERT DB statement execution. + // + // Usually it is triggered as part of the App.Save() in the following firing order: + // OnModelCreate { + // -> OnModelValidate (skipped with App.SaveNoValidate()) + // -> OnModelCreateExecute + // } + // + // Note that successful execution doesn't guarantee that the model + // is persisted in the database since its wrapping transaction may have been + // committed yet. + // If you want to listen to only the actual persisted events, + // you can bind to [OnModelAfterCreateSuccess] or [OnModelAfterCreateError] hooks. + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelCreateExecute(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelAfterCreateSuccess is triggered after each successful + // Model DB create persistence. + // + // Note that when a Model is persisted as part of a transaction, + // this hook is delayed and executed only AFTER the transaction has been committed. + // This hook is NOT triggered in case the transaction rollbacks + // (aka. when the model wasn't persisted). + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelAfterCreateSuccess(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelAfterCreateError is triggered after each failed + // Model DB create persistence. + // + // Note that the execution of this hook is either immediate or delayed + // depending on the error: + // - "immediate" on App.Save() failure + // - "delayed" on transaction rollback + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelAfterCreateError(tags ...string) *hook.TaggedHook[*ModelErrorEvent] + + // --------------------------------------------------------------- + + // OnModelUpdate is triggered every time when a new model is being updated + // (e.g. triggered by App.Save()). + // + // Operations BEFORE the e.Next() execute before the model validation + // and the UPDATE DB statement. + // + // Operations AFTER the e.Next() execute after the model validation + // and the UPDATE DB statement. + // + // Note that successful execution doesn't guarantee that the model + // is persisted in the database since its wrapping transaction may + // not have been committed yet. + // If you want to listen to only the actual persisted events, you can + // bind to [OnModelAfterUpdateSuccess] or [OnModelAfterUpdateError] hooks. + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelUpdate(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelUpdateExecute is triggered after successful Model validation + // and right before the model UPDATE DB statement execution. + // + // Usually it is triggered as part of the App.Save() in the following firing order: + // OnModelUpdate { + // -> OnModelValidate (skipped with App.SaveNoValidate()) + // -> OnModelUpdateExecute + // } + // + // Note that successful execution doesn't guarantee that the model + // is persisted in the database since its wrapping transaction may have been + // committed yet. + // If you want to listen to only the actual persisted events, + // you can bind to [OnModelAfterUpdateSuccess] or [OnModelAfterUpdateError] hooks. + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelUpdateExecute(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelAfterUpdateSuccess is triggered after each successful + // Model DB update persistence. + // + // Note that when a Model is persisted as part of a transaction, + // this hook is delayed and executed only AFTER the transaction has been committed. + // This hook is NOT triggered in case the transaction rollbacks + // (aka. when the model changes weren't persisted). + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelAfterUpdateSuccess(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelAfterUpdateError is triggered after each failed + // Model DB update persistence. + // + // Note that the execution of this hook is either immediate or delayed + // depending on the error: + // - "immediate" on App.Save() failure + // - "delayed" on transaction rollback + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelAfterUpdateError(tags ...string) *hook.TaggedHook[*ModelErrorEvent] + + // --------------------------------------------------------------- + + // OnModelDelete is triggered every time when a new model is being deleted + // (e.g. triggered by App.Delete()). + // + // Note that successful execution doesn't guarantee that the model + // is deleted from the database since its wrapping transaction may + // not have been committed yet. + // If you want to listen to only the actual persisted deleted events, you can + // bind to [OnModelAfterDeleteSuccess] or [OnModelAfterDeleteError] hooks. + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelDelete(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelUpdateExecute is triggered right before the model + // DELETE DB statement execution. + // + // Usually it is triggered as part of the App.Delete() in the following firing order: + // OnModelDelete { + // -> (internal delete checks) + // -> OnModelDeleteExecute + // } + // + // Note that successful execution doesn't guarantee that the model + // is deleted from the database since its wrapping transaction may + // not have been committed yet. + // If you want to listen to only the actual persisted deleted events, you can + // bind to [OnModelAfterDeleteSuccess] or [OnModelAfterDeleteError] hooks. + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelDeleteExecute(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelAfterDeleteSuccess is triggered after each successful + // Model DB delete persistence. + // + // Note that when a Model is deleted as part of a transaction, + // this hook is delayed and executed only AFTER the transaction has been committed. + // This hook is NOT triggered in case the transaction rollbacks + // (aka. when the model delete wasn't persisted). + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelAfterDeleteSuccess(tags ...string) *hook.TaggedHook[*ModelEvent] + + // OnModelAfterDeleteError is triggered after each failed + // Model DB delete persistence. + // + // Note that the execution of this hook is either immediate or delayed + // depending on the error: + // - "immediate" on App.Delete() failure + // - "delayed" on transaction rollback + // + // For convenience, if you want to listen to only the Record models + // events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + // + // If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnModelAfterDeleteError(tags ...string) *hook.TaggedHook[*ModelErrorEvent] + + // --------------------------------------------------------------- + // Record models event hooks + // --------------------------------------------------------------- + + // OnRecordEnrich is triggered every time when a record is enriched + // (as part of the builtin Record responses, during realtime message seriazation, or when [apis.EnrichRecord] is invoked). + // + // It could be used for example to redact/hide or add computed temporary + // Record model props only for the specific request info. For example: + // + // app.OnRecordEnrich("posts").BindFunc(func(e core.*RecordEnrichEvent) { + // // hide one or more fields + // e.Record.Hide("role") + // + // // add new custom field for registered users + // if e.RequestInfo.Auth != nil && e.RequestInfo.Auth.Collection().Name == "users" { + // e.Record.WithCustomData(true) // for security requires explicitly allowing it + // e.Record.Set("computedScore", e.Record.GetInt("score") * e.RequestInfo.Auth.GetInt("baseScore")) + // } + // + // return e.Next() + // }) + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordEnrich(tags ...string) *hook.TaggedHook[*RecordEnrichEvent] + + // OnRecordValidate is a Record proxy model hook of [OnModelValidate]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordValidate(tags ...string) *hook.TaggedHook[*RecordEvent] + + // --------------------------------------------------------------- + + // OnRecordCreate is a Record proxy model hook of [OnModelCreate]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordCreate(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordCreateExecute is a Record proxy model hook of [OnModelCreateExecute]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordCreateExecute(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordAfterCreateSuccess is a Record proxy model hook of [OnModelAfterCreateSuccess]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAfterCreateSuccess(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordAfterCreateError is a Record proxy model hook of [OnModelAfterCreateError]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAfterCreateError(tags ...string) *hook.TaggedHook[*RecordErrorEvent] + + // --------------------------------------------------------------- + + // OnRecordUpdate is a Record proxy model hook of [OnModelUpdate]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordUpdate(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordUpdateExecute is a Record proxy model hook of [OnModelUpdateExecute]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordUpdateExecute(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordAfterUpdateSuccess is a Record proxy model hook of [OnModelAfterUpdateSuccess]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAfterUpdateSuccess(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordAfterUpdateError is a Record proxy model hook of [OnModelAfterUpdateError]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAfterUpdateError(tags ...string) *hook.TaggedHook[*RecordErrorEvent] + + // --------------------------------------------------------------- + + // OnRecordDelete is a Record proxy model hook of [OnModelDelete]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordDelete(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordDeleteExecute is a Record proxy model hook of [OnModelDeleteExecute]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordDeleteExecute(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordAfterDeleteSuccess is a Record proxy model hook of [OnModelAfterDeleteSuccess]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAfterDeleteSuccess(tags ...string) *hook.TaggedHook[*RecordEvent] + + // OnRecordAfterDeleteError is a Record proxy model hook of [OnModelAfterDeleteError]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAfterDeleteError(tags ...string) *hook.TaggedHook[*RecordErrorEvent] + + // --------------------------------------------------------------- + // Collection models event hooks + // --------------------------------------------------------------- + + // OnCollectionValidate is a Collection proxy model hook of [OnModelValidate]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionValidate(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // --------------------------------------------------------------- + + // OnCollectionCreate is a Collection proxy model hook of [OnModelCreate]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionCreate(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionCreateExecute is a Collection proxy model hook of [OnModelCreateExecute]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionCreateExecute(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionAfterCreateSuccess is a Collection proxy model hook of [OnModelAfterCreateSuccess]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionAfterCreateSuccess(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionAfterCreateError is a Collection proxy model hook of [OnModelAfterCreateError]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionAfterCreateError(tags ...string) *hook.TaggedHook[*CollectionErrorEvent] + + // --------------------------------------------------------------- + + // OnCollectionUpdate is a Collection proxy model hook of [OnModelUpdate]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionUpdate(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionUpdateExecute is a Collection proxy model hook of [OnModelUpdateExecute]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionUpdateExecute(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionAfterUpdateSuccess is a Collection proxy model hook of [OnModelAfterUpdateSuccess]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionAfterUpdateSuccess(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionAfterUpdateError is a Collection proxy model hook of [OnModelAfterUpdateError]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionAfterUpdateError(tags ...string) *hook.TaggedHook[*CollectionErrorEvent] + + // --------------------------------------------------------------- + + // OnCollectionDelete is a Collection proxy model hook of [OnModelDelete]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionDelete(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionDeleteExecute is a Collection proxy model hook of [OnModelDeleteExecute]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionDeleteExecute(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionAfterDeleteSuccess is a Collection proxy model hook of [OnModelAfterDeleteSuccess]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionAfterDeleteSuccess(tags ...string) *hook.TaggedHook[*CollectionEvent] + + // OnCollectionAfterDeleteError is a Collection proxy model hook of [OnModelAfterDeleteError]. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnCollectionAfterDeleteError(tags ...string) *hook.TaggedHook[*CollectionErrorEvent] + + // --------------------------------------------------------------- + // Mailer event hooks + // --------------------------------------------------------------- + + // OnMailerSend hook is triggered every time when a new email is + // being send using the [App.NewMailClient()] instance. + // + // It allows intercepting the email message or to use a custom mailer client. + OnMailerSend() *hook.Hook[*MailerEvent] + + // OnMailerRecordAuthAlertSend hook is triggered when + // sending a new device login auth alert email, allowing you to + // intercept and customize the email message that is being sent. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnMailerRecordAuthAlertSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] + + // OnMailerBeforeRecordResetPasswordSend hook is triggered when + // sending a password reset email to an auth record, allowing + // you to intercept and customize the email message that is being sent. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnMailerRecordPasswordResetSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] + + // OnMailerBeforeRecordVerificationSend hook is triggered when + // sending a verification email to an auth record, allowing + // you to intercept and customize the email message that is being sent. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnMailerRecordVerificationSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] + + // OnMailerRecordEmailChangeSend hook is triggered when sending a + // confirmation new address email to an auth record, allowing + // you to intercept and customize the email message that is being sent. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnMailerRecordEmailChangeSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] + + // OnMailerRecordOTPSend hook is triggered when sending an OTP email + // to an auth record, allowing you to intercept and customize the + // email message that is being sent. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnMailerRecordOTPSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] + + // --------------------------------------------------------------- + // Realtime API event hooks + // --------------------------------------------------------------- + + // OnRealtimeConnectRequest hook is triggered when establishing the SSE client connection. + // + // Any execution after e.Next() of a hook handler happens after the client disconnects. + OnRealtimeConnectRequest() *hook.Hook[*RealtimeConnectRequestEvent] + + // OnRealtimeMessageSend hook is triggered when sending an SSE message to a client. + OnRealtimeMessageSend() *hook.Hook[*RealtimeMessageEvent] + + // OnRealtimeSubscribeRequest hook is triggered when updating the + // client subscriptions, allowing you to further validate and + // modify the submitted change. + OnRealtimeSubscribeRequest() *hook.Hook[*RealtimeSubscribeRequestEvent] + + // --------------------------------------------------------------- + // Settings API event hooks + // --------------------------------------------------------------- + + // OnSettingsListRequest hook is triggered on each API Settings list request. + // + // Could be used to validate or modify the response before returning it to the client. + OnSettingsListRequest() *hook.Hook[*SettingsListRequestEvent] + + // OnSettingsUpdateRequest hook is triggered on each API Settings update request. + // + // Could be used to additionally validate the request data or + // implement completely different persistence behavior. + OnSettingsUpdateRequest() *hook.Hook[*SettingsUpdateRequestEvent] + + // OnSettingsReload hook is triggered every time when the App.Settings() + // is being replaced with a new state. + // + // Calling App.Settings() after e.Next() returns the new state. + OnSettingsReload() *hook.Hook[*SettingsReloadEvent] + + // --------------------------------------------------------------- + // File API event hooks + // --------------------------------------------------------------- + + // OnFileDownloadRequest hook is triggered before each API File download request. + // + // Could be used to validate or modify the file response before + // returning it to the client. + OnFileDownloadRequest(tags ...string) *hook.TaggedHook[*FileDownloadRequestEvent] + + // OnFileBeforeTokenRequest hook is triggered on each auth file token API request. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnFileTokenRequest(tags ...string) *hook.TaggedHook[*FileTokenRequestEvent] + + // --------------------------------------------------------------- + // Record Auth API event hooks + // --------------------------------------------------------------- + + // OnRecordAuthRequest hook is triggered on each successful API + // record authentication request (sign-in, token refresh, etc.). + // + // Could be used to additionally validate or modify the authenticated + // record data and token. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAuthRequest(tags ...string) *hook.TaggedHook[*RecordAuthRequestEvent] + + // OnRecordAuthWithPasswordRequest hook is triggered on each + // Record auth with password API request. + // + // [RecordAuthWithPasswordRequestEvent.Record] could be nil if no matching identity is found, allowing + // you to manually locate a different Record model (by reassigning [RecordAuthWithPasswordRequestEvent.Record]). + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAuthWithPasswordRequest(tags ...string) *hook.TaggedHook[*RecordAuthWithPasswordRequestEvent] + + // OnRecordAuthWithOAuth2Request hook is triggered on each Record + // OAuth2 sign-in/sign-up API request (after token exchange and before external provider linking). + // + // If [RecordAuthWithOAuth2RequestEvent.Record] is not set, then the OAuth2 + // request will try to create a new auth Record. + // + // To assign or link a different existing record model you can + // change the [RecordAuthWithOAuth2RequestEvent.Record] field. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAuthWithOAuth2Request(tags ...string) *hook.TaggedHook[*RecordAuthWithOAuth2RequestEvent] + + // OnRecordAuthRefreshRequest hook is triggered on each Record + // auth refresh API request (right before generating a new auth token). + // + // Could be used to additionally validate the request data or implement + // completely different auth refresh behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAuthRefreshRequest(tags ...string) *hook.TaggedHook[*RecordAuthRefreshRequestEvent] + + // OnRecordRequestPasswordResetRequest hook is triggered on + // each Record request password reset API request. + // + // Could be used to additionally validate the request data or implement + // completely different password reset behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordRequestPasswordResetRequest(tags ...string) *hook.TaggedHook[*RecordRequestPasswordResetRequestEvent] + + // OnRecordConfirmPasswordResetRequest hook is triggered on + // each Record confirm password reset API request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordConfirmPasswordResetRequest(tags ...string) *hook.TaggedHook[*RecordConfirmPasswordResetRequestEvent] + + // OnRecordRequestVerificationRequest hook is triggered on + // each Record request verification API request. + // + // Could be used to additionally validate the loaded request data or implement + // completely different verification behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordRequestVerificationRequest(tags ...string) *hook.TaggedHook[*RecordRequestVerificationRequestEvent] + + // OnRecordConfirmVerificationRequest hook is triggered on each + // Record confirm verification API request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordConfirmVerificationRequest(tags ...string) *hook.TaggedHook[*RecordConfirmVerificationRequestEvent] + + // OnRecordRequestEmailChangeRequest hook is triggered on each + // Record request email change API request. + // + // Could be used to additionally validate the request data or implement + // completely different request email change behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordRequestEmailChangeRequest(tags ...string) *hook.TaggedHook[*RecordRequestEmailChangeRequestEvent] + + // OnRecordConfirmEmailChangeRequest hook is triggered on each + // Record confirm email change API request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordConfirmEmailChangeRequest(tags ...string) *hook.TaggedHook[*RecordConfirmEmailChangeRequestEvent] + + // OnRecordRequestOTPRequest hook is triggered on each Record + // request OTP API request. + // + // [RecordCreateOTPRequestEvent.Record] could be nil if no matching identity is found, allowing + // you to manually create or locate a different Record model (by reassigning [RecordCreateOTPRequestEvent.Record]). + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordRequestOTPRequest(tags ...string) *hook.TaggedHook[*RecordCreateOTPRequestEvent] + + // OnRecordAuthWithOTPRequest hook is triggered on each Record + // auth with OTP API request. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordAuthWithOTPRequest(tags ...string) *hook.TaggedHook[*RecordAuthWithOTPRequestEvent] + + // --------------------------------------------------------------- + // Record CRUD API event hooks + // --------------------------------------------------------------- + + // OnRecordsListRequest hook is triggered on each API Records list request. + // + // Could be used to validate or modify the response before returning it to the client. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordsListRequest(tags ...string) *hook.TaggedHook[*RecordsListRequestEvent] + + // OnRecordViewRequest hook is triggered on each API Record view request. + // + // Could be used to validate or modify the response before returning it to the client. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordViewRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] + + // OnRecordCreateRequest hook is triggered on each API Record create request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordCreateRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] + + // OnRecordUpdateRequest hook is triggered on each API Record update request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordUpdateRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] + + // OnRecordDeleteRequest hook is triggered on each API Record delete request. + // + // Could be used to additionally validate the request data or implement + // completely different delete behavior. + // + // If the optional "tags" list (Collection ids or names) is specified, + // then all event handlers registered via the created hook will be + // triggered and called only if their event data origin matches the tags. + OnRecordDeleteRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] + + // --------------------------------------------------------------- + // Collection API event hooks + // --------------------------------------------------------------- + + // OnCollectionsListRequest hook is triggered on each API Collections list request. + // + // Could be used to validate or modify the response before returning it to the client. + OnCollectionsListRequest() *hook.Hook[*CollectionsListRequestEvent] + + // OnCollectionViewRequest hook is triggered on each API Collection view request. + // + // Could be used to validate or modify the response before returning it to the client. + OnCollectionViewRequest() *hook.Hook[*CollectionRequestEvent] + + // OnCollectionCreateRequest hook is triggered on each API Collection create request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + OnCollectionCreateRequest() *hook.Hook[*CollectionRequestEvent] + + // OnCollectionUpdateRequest hook is triggered on each API Collection update request. + // + // Could be used to additionally validate the request data or implement + // completely different persistence behavior. + OnCollectionUpdateRequest() *hook.Hook[*CollectionRequestEvent] + + // OnCollectionDeleteRequest hook is triggered on each API Collection delete request. + // + // Could be used to additionally validate the request data or implement + // completely different delete behavior. + OnCollectionDeleteRequest() *hook.Hook[*CollectionRequestEvent] + + // OnCollectionsBeforeImportRequest hook is triggered on each API + // collections import request. + // + // Could be used to additionally validate the imported collections or + // to implement completely different import behavior. + OnCollectionsImportRequest() *hook.Hook[*CollectionsImportRequestEvent] + + // --------------------------------------------------------------- + // Batch API event hooks + // --------------------------------------------------------------- + + // OnBatchRequest hook is triggered on each API batch request. + // + // Could be used to additionally validate or modify the submitted batch requests. + OnBatchRequest() *hook.Hook[*BatchRequestEvent] +} diff --git a/core/auth_origin_model.go b/core/auth_origin_model.go new file mode 100644 index 0000000..103ae93 --- /dev/null +++ b/core/auth_origin_model.go @@ -0,0 +1,239 @@ +package core + +import ( + "context" + "errors" + "slices" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/types" +) + +const CollectionNameAuthOrigins = "_authOrigins" + +var ( + _ Model = (*AuthOrigin)(nil) + _ PreValidator = (*AuthOrigin)(nil) + _ RecordProxy = (*AuthOrigin)(nil) +) + +// AuthOrigin defines a Record proxy for working with the authOrigins collection. +type AuthOrigin struct { + *Record +} + +// NewAuthOrigin instantiates and returns a new blank *AuthOrigin model. +// +// Example usage: +// +// origin := core.NewOrigin(app) +// origin.SetRecordRef(user.Id) +// origin.SetCollectionRef(user.Collection().Id) +// origin.SetFingerprint("...") +// app.Save(origin) +func NewAuthOrigin(app App) *AuthOrigin { + m := &AuthOrigin{} + + c, err := app.FindCachedCollectionByNameOrId(CollectionNameAuthOrigins) + if err != nil { + // this is just to make tests easier since authOrigins is a system collection and it is expected to be always accessible + // (note: the loaded record is further checked on AuthOrigin.PreValidate()) + c = NewBaseCollection("@___invalid___") + } + + m.Record = NewRecord(c) + + return m +} + +// PreValidate implements the [PreValidator] interface and checks +// whether the proxy is properly loaded. +func (m *AuthOrigin) PreValidate(ctx context.Context, app App) error { + if m.Record == nil || m.Record.Collection().Name != CollectionNameAuthOrigins { + return errors.New("missing or invalid AuthOrigin ProxyRecord") + } + + return nil +} + +// ProxyRecord returns the proxied Record model. +func (m *AuthOrigin) ProxyRecord() *Record { + return m.Record +} + +// SetProxyRecord loads the specified record model into the current proxy. +func (m *AuthOrigin) SetProxyRecord(record *Record) { + m.Record = record +} + +// CollectionRef returns the "collectionRef" field value. +func (m *AuthOrigin) CollectionRef() string { + return m.GetString("collectionRef") +} + +// SetCollectionRef updates the "collectionRef" record field value. +func (m *AuthOrigin) SetCollectionRef(collectionId string) { + m.Set("collectionRef", collectionId) +} + +// RecordRef returns the "recordRef" record field value. +func (m *AuthOrigin) RecordRef() string { + return m.GetString("recordRef") +} + +// SetRecordRef updates the "recordRef" record field value. +func (m *AuthOrigin) SetRecordRef(recordId string) { + m.Set("recordRef", recordId) +} + +// Fingerprint returns the "fingerprint" record field value. +func (m *AuthOrigin) Fingerprint() string { + return m.GetString("fingerprint") +} + +// SetFingerprint updates the "fingerprint" record field value. +func (m *AuthOrigin) SetFingerprint(fingerprint string) { + m.Set("fingerprint", fingerprint) +} + +// Created returns the "created" record field value. +func (m *AuthOrigin) Created() types.DateTime { + return m.GetDateTime("created") +} + +// Updated returns the "updated" record field value. +func (m *AuthOrigin) Updated() types.DateTime { + return m.GetDateTime("updated") +} + +func (app *BaseApp) registerAuthOriginHooks() { + recordRefHooks[*AuthOrigin](app, CollectionNameAuthOrigins, CollectionTypeAuth) + + // delete existing auth origins on password change + app.OnRecordUpdate().Bind(&hook.Handler[*RecordEvent]{ + Func: func(e *RecordEvent) error { + err := e.Next() + if err != nil || !e.Record.Collection().IsAuth() { + return err + } + + old := e.Record.Original().GetString(FieldNamePassword + ":hash") + new := e.Record.GetString(FieldNamePassword + ":hash") + if old != new { + err = e.App.DeleteAllAuthOriginsByRecord(e.Record) + if err != nil { + e.App.Logger().Warn( + "Failed to delete all previous auth origin fingerprints", + "error", err, + "recordId", e.Record.Id, + "collectionId", e.Record.Collection().Id, + ) + } + } + + return nil + }, + Priority: 99, + }) +} + +// ------------------------------------------------------------------- + +// recordRefHooks registers common hooks that are usually used with record proxies +// that have polymorphic record relations (aka. "collectionRef" and "recordRef" fields). +func recordRefHooks[T RecordProxy](app App, collectionName string, optCollectionTypes ...string) { + app.OnRecordValidate(collectionName).Bind(&hook.Handler[*RecordEvent]{ + Func: func(e *RecordEvent) error { + collectionId := e.Record.GetString("collectionRef") + err := validation.Validate(collectionId, validation.Required, validation.By(validateCollectionId(e.App, optCollectionTypes...))) + if err != nil { + return validation.Errors{"collectionRef": err} + } + + recordId := e.Record.GetString("recordRef") + err = validation.Validate(recordId, validation.Required, validation.By(validateRecordId(e.App, collectionId))) + if err != nil { + return validation.Errors{"recordRef": err} + } + + return e.Next() + }, + Priority: 99, + }) + + // delete on collection ref delete + app.OnCollectionDeleteExecute().Bind(&hook.Handler[*CollectionEvent]{ + Func: func(e *CollectionEvent) error { + if e.Collection.Name == collectionName || (len(optCollectionTypes) > 0 && !slices.Contains(optCollectionTypes, e.Collection.Type)) { + return e.Next() + } + + originalApp := e.App + txErr := e.App.RunInTransaction(func(txApp App) error { + e.App = txApp + + if err := e.Next(); err != nil { + return err + } + + rels, err := txApp.FindAllRecords(collectionName, dbx.HashExp{"collectionRef": e.Collection.Id}) + if err != nil { + return err + } + + for _, mfa := range rels { + if err := txApp.Delete(mfa); err != nil { + return err + } + } + + return nil + }) + e.App = originalApp + + return txErr + }, + Priority: 99, + }) + + // delete on record ref delete + app.OnRecordDeleteExecute().Bind(&hook.Handler[*RecordEvent]{ + Func: func(e *RecordEvent) error { + if e.Record.Collection().Name == collectionName || + (len(optCollectionTypes) > 0 && !slices.Contains(optCollectionTypes, e.Record.Collection().Type)) { + return e.Next() + } + + originalApp := e.App + txErr := e.App.RunInTransaction(func(txApp App) error { + e.App = txApp + + if err := e.Next(); err != nil { + return err + } + + rels, err := txApp.FindAllRecords(collectionName, dbx.HashExp{ + "collectionRef": e.Record.Collection().Id, + "recordRef": e.Record.Id, + }) + if err != nil { + return err + } + + for _, rel := range rels { + if err := txApp.Delete(rel); err != nil { + return err + } + } + + return nil + }) + e.App = originalApp + + return txErr + }, + Priority: 99, + }) +} diff --git a/core/auth_origin_model_test.go b/core/auth_origin_model_test.go new file mode 100644 index 0000000..2d06a2d --- /dev/null +++ b/core/auth_origin_model_test.go @@ -0,0 +1,332 @@ +package core_test + +import ( + "fmt" + "slices" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNewAuthOrigin(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + origin := core.NewAuthOrigin(app) + + if origin.Collection().Name != core.CollectionNameAuthOrigins { + t.Fatalf("Expected record with %q collection, got %q", core.CollectionNameAuthOrigins, origin.Collection().Name) + } +} + +func TestAuthOriginProxyRecord(t *testing.T) { + t.Parallel() + + record := core.NewRecord(core.NewBaseCollection("test")) + record.Id = "test_id" + + origin := core.AuthOrigin{} + origin.SetProxyRecord(record) + + if origin.ProxyRecord() == nil || origin.ProxyRecord().Id != record.Id { + t.Fatalf("Expected proxy record with id %q, got %v", record.Id, origin.ProxyRecord()) + } +} + +func TestAuthOriginRecordRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + origin := core.NewAuthOrigin(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + origin.SetRecordRef(testValue) + + if v := origin.RecordRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := origin.GetString("recordRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestAuthOriginCollectionRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + origin := core.NewAuthOrigin(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + origin.SetCollectionRef(testValue) + + if v := origin.CollectionRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := origin.GetString("collectionRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestAuthOriginFingerprint(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + origin := core.NewAuthOrigin(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + origin.SetFingerprint(testValue) + + if v := origin.Fingerprint(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := origin.GetString("fingerprint"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestAuthOriginCreated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + origin := core.NewAuthOrigin(app) + + if v := origin.Created().String(); v != "" { + t.Fatalf("Expected empty created, got %q", v) + } + + now := types.NowDateTime() + origin.SetRaw("created", now) + + if v := origin.Created().String(); v != now.String() { + t.Fatalf("Expected %q created, got %q", now.String(), v) + } +} + +func TestAuthOriginUpdated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + origin := core.NewAuthOrigin(app) + + if v := origin.Updated().String(); v != "" { + t.Fatalf("Expected empty updated, got %q", v) + } + + now := types.NowDateTime() + origin.SetRaw("updated", now) + + if v := origin.Updated().String(); v != now.String() { + t.Fatalf("Expected %q updated, got %q", now.String(), v) + } +} + +func TestAuthOriginPreValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + originsCol, err := app.FindCollectionByNameOrId(core.CollectionNameAuthOrigins) + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + t.Run("no proxy record", func(t *testing.T) { + origin := &core.AuthOrigin{} + + if err := app.Validate(origin); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("non-AuthOrigin collection", func(t *testing.T) { + origin := &core.AuthOrigin{} + origin.SetProxyRecord(core.NewRecord(core.NewBaseCollection("invalid"))) + origin.SetRecordRef(user.Id) + origin.SetCollectionRef(user.Collection().Id) + origin.SetFingerprint("abc") + + if err := app.Validate(origin); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("AuthOrigin collection", func(t *testing.T) { + origin := &core.AuthOrigin{} + origin.SetProxyRecord(core.NewRecord(originsCol)) + origin.SetRecordRef(user.Id) + origin.SetCollectionRef(user.Collection().Id) + origin.SetFingerprint("abc") + + if err := app.Validate(origin); err != nil { + t.Fatalf("Expected nil validation error, got %v", err) + } + }) +} + +func TestAuthOriginValidateHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + origin func() *core.AuthOrigin + expectErrors []string + }{ + { + "empty", + func() *core.AuthOrigin { + return core.NewAuthOrigin(app) + }, + []string{"collectionRef", "recordRef", "fingerprint"}, + }, + { + "non-auth collection", + func() *core.AuthOrigin { + origin := core.NewAuthOrigin(app) + origin.SetCollectionRef(demo1.Collection().Id) + origin.SetRecordRef(demo1.Id) + origin.SetFingerprint("abc") + return origin + }, + []string{"collectionRef"}, + }, + { + "missing record id", + func() *core.AuthOrigin { + origin := core.NewAuthOrigin(app) + origin.SetCollectionRef(user.Collection().Id) + origin.SetRecordRef("missing") + origin.SetFingerprint("abc") + return origin + }, + []string{"recordRef"}, + }, + { + "valid ref", + func() *core.AuthOrigin { + origin := core.NewAuthOrigin(app) + origin.SetCollectionRef(user.Collection().Id) + origin.SetRecordRef(user.Id) + origin.SetFingerprint("abc") + return origin + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := app.Validate(s.origin()) + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestAuthOriginPasswordChangeDeletion(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + // no auth origin associated with it + user1, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + superuser2, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + client1, err := testApp.FindAuthRecordByEmail("clients", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + deletedIds []string + }{ + {user1, nil}, + {superuser2, []string{"5798yh833k6w6w0", "ic55o70g4f8pcl4", "dmy260k6ksjr4ib"}}, + {client1, []string{"9r2j0m74260ur8i"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.record.Collection().Name, s.record.Id), func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + deletedIds := []string{} + app.OnRecordDelete().BindFunc(func(e *core.RecordEvent) error { + deletedIds = append(deletedIds, e.Record.Id) + return e.Next() + }) + + s.record.SetPassword("new_password") + + err := app.Save(s.record) + if err != nil { + t.Fatal(err) + } + + if len(deletedIds) != len(s.deletedIds) { + t.Fatalf("Expected deleted ids\n%v\ngot\n%v", s.deletedIds, deletedIds) + } + + for _, id := range s.deletedIds { + if !slices.Contains(deletedIds, id) { + t.Errorf("Expected to find deleted id %q in %v", id, deletedIds) + } + } + }) + } +} diff --git a/core/auth_origin_query.go b/core/auth_origin_query.go new file mode 100644 index 0000000..c8fd20d --- /dev/null +++ b/core/auth_origin_query.go @@ -0,0 +1,101 @@ +package core + +import ( + "errors" + + "github.com/pocketbase/dbx" +) + +// FindAllAuthOriginsByRecord returns all AuthOrigin models linked to the provided auth record (in DESC order). +func (app *BaseApp) FindAllAuthOriginsByRecord(authRecord *Record) ([]*AuthOrigin, error) { + result := []*AuthOrigin{} + + err := app.RecordQuery(CollectionNameAuthOrigins). + AndWhere(dbx.HashExp{ + "collectionRef": authRecord.Collection().Id, + "recordRef": authRecord.Id, + }). + OrderBy("created DESC"). + All(&result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindAllAuthOriginsByCollection returns all AuthOrigin models linked to the provided collection (in DESC order). +func (app *BaseApp) FindAllAuthOriginsByCollection(collection *Collection) ([]*AuthOrigin, error) { + result := []*AuthOrigin{} + + err := app.RecordQuery(CollectionNameAuthOrigins). + AndWhere(dbx.HashExp{"collectionRef": collection.Id}). + OrderBy("created DESC"). + All(&result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindAuthOriginById returns a single AuthOrigin model by its id. +func (app *BaseApp) FindAuthOriginById(id string) (*AuthOrigin, error) { + result := &AuthOrigin{} + + err := app.RecordQuery(CollectionNameAuthOrigins). + AndWhere(dbx.HashExp{"id": id}). + Limit(1). + One(result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindAuthOriginByRecordAndFingerprint returns a single AuthOrigin model +// by its authRecord relation and fingerprint. +func (app *BaseApp) FindAuthOriginByRecordAndFingerprint(authRecord *Record, fingerprint string) (*AuthOrigin, error) { + result := &AuthOrigin{} + + err := app.RecordQuery(CollectionNameAuthOrigins). + AndWhere(dbx.HashExp{ + "collectionRef": authRecord.Collection().Id, + "recordRef": authRecord.Id, + "fingerprint": fingerprint, + }). + Limit(1). + One(result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// DeleteAllAuthOriginsByRecord deletes all AuthOrigin models associated with the provided record. +// +// Returns a combined error with the failed deletes. +func (app *BaseApp) DeleteAllAuthOriginsByRecord(authRecord *Record) error { + models, err := app.FindAllAuthOriginsByRecord(authRecord) + if err != nil { + return err + } + + var errs []error + for _, m := range models { + if err := app.Delete(m); err != nil { + errs = append(errs, err) + } + } + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} diff --git a/core/auth_origin_query_test.go b/core/auth_origin_query_test.go new file mode 100644 index 0000000..eec036a --- /dev/null +++ b/core/auth_origin_query_test.go @@ -0,0 +1,268 @@ +package core_test + +import ( + "fmt" + "slices" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestFindAllAuthOriginsByRecord(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + superuser4, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test4@example.com") + if err != nil { + t.Fatal(err) + } + + client1, err := app.FindAuthRecordByEmail("clients", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + expected []string + }{ + {demo1, nil}, + {superuser2, []string{"5798yh833k6w6w0", "ic55o70g4f8pcl4", "dmy260k6ksjr4ib"}}, + {superuser4, nil}, + {client1, []string{"9r2j0m74260ur8i"}}, + } + + for _, s := range scenarios { + t.Run(s.record.Collection().Name+"_"+s.record.Id, func(t *testing.T) { + result, err := app.FindAllAuthOriginsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total origins %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindAllAuthOriginsByCollection(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + + clients, err := app.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + collection *core.Collection + expected []string + }{ + {demo1, nil}, + {superusers, []string{"5798yh833k6w6w0", "ic55o70g4f8pcl4", "dmy260k6ksjr4ib", "5f29jy38bf5zm3f"}}, + {clients, []string{"9r2j0m74260ur8i"}}, + } + + for _, s := range scenarios { + t.Run(s.collection.Name, func(t *testing.T) { + result, err := app.FindAllAuthOriginsByCollection(s.collection) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total origins %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindAuthOriginById(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + id string + expectError bool + }{ + {"", true}, + {"84nmscqy84lsi1t", true}, // non-origin id + {"9r2j0m74260ur8i", false}, + } + + for _, s := range scenarios { + t.Run(s.id, func(t *testing.T) { + result, err := app.FindAuthOriginById(s.id) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if result.Id != s.id { + t.Fatalf("Expected record with id %q, got %q", s.id, result.Id) + } + }) + } +} + +func TestFindAuthOriginByRecordAndFingerprint(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + fingerprint string + expectError bool + }{ + {demo1, "6afbfe481c31c08c55a746cccb88ece0", true}, + {superuser2, "", true}, + {superuser2, "abc", true}, + {superuser2, "22bbbcbed36e25321f384ccf99f60057", false}, // fingerprint from different origin + {superuser2, "6afbfe481c31c08c55a746cccb88ece0", false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.record.Id, s.fingerprint), func(t *testing.T) { + result, err := app.FindAuthOriginByRecordAndFingerprint(s.record, s.fingerprint) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if result.Fingerprint() != s.fingerprint { + t.Fatalf("Expected origin with fingerprint %q, got %q", s.fingerprint, result.Fingerprint()) + } + + if result.RecordRef() != s.record.Id || result.CollectionRef() != s.record.Collection().Id { + t.Fatalf("Expected record %q (%q), got %q (%q)", s.record.Id, s.record.Collection().Id, result.RecordRef(), result.CollectionRef()) + } + }) + } +} + +func TestDeleteAllAuthOriginsByRecord(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + demo1, err := testApp.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + superuser4, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test4@example.com") + if err != nil { + t.Fatal(err) + } + + client1, err := testApp.FindAuthRecordByEmail("clients", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + deletedIds []string + }{ + {demo1, nil}, // non-auth record + {superuser2, []string{"5798yh833k6w6w0", "ic55o70g4f8pcl4", "dmy260k6ksjr4ib"}}, + {superuser4, nil}, + {client1, []string{"9r2j0m74260ur8i"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.record.Collection().Name, s.record.Id), func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + deletedIds := []string{} + app.OnRecordDelete().BindFunc(func(e *core.RecordEvent) error { + deletedIds = append(deletedIds, e.Record.Id) + return e.Next() + }) + + err := app.DeleteAllAuthOriginsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(deletedIds) != len(s.deletedIds) { + t.Fatalf("Expected deleted ids\n%v\ngot\n%v", s.deletedIds, deletedIds) + } + + for _, id := range s.deletedIds { + if !slices.Contains(deletedIds, id) { + t.Errorf("Expected to find deleted id %q in %v", id, deletedIds) + } + } + }) + } +} diff --git a/core/base.go b/core/base.go new file mode 100644 index 0000000..b76c225 --- /dev/null +++ b/core/base.go @@ -0,0 +1,1535 @@ +package core + +import ( + "context" + "database/sql" + "errors" + "fmt" + "log" + "log/slog" + "os" + "path/filepath" + "regexp" + "runtime" + "strings" + "syscall" + "time" + + "github.com/fatih/color" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/cron" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/logger" + "github.com/pocketbase/pocketbase/tools/mailer" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/pocketbase/pocketbase/tools/store" + "github.com/pocketbase/pocketbase/tools/subscriptions" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" + "golang.org/x/sync/semaphore" +) + +const ( + DefaultDataMaxOpenConns int = 120 + DefaultDataMaxIdleConns int = 15 + DefaultAuxMaxOpenConns int = 20 + DefaultAuxMaxIdleConns int = 3 + DefaultQueryTimeout time.Duration = 30 * time.Second + + LocalStorageDirName string = "storage" + LocalBackupsDirName string = "backups" + LocalTempDirName string = ".pb_temp_to_delete" // temp pb_data sub directory that will be deleted on each app.Bootstrap() + LocalAutocertCacheDirName string = ".autocert_cache" +) + +// FilesManager defines an interface with common methods that files manager models should implement. +type FilesManager interface { + // BaseFilesPath returns the storage dir path used by the interface instance. + BaseFilesPath() string +} + +// DBConnectFunc defines a database connection initialization function. +type DBConnectFunc func(dbPath string) (*dbx.DB, error) + +// BaseAppConfig defines a BaseApp configuration option +type BaseAppConfig struct { + DBConnect DBConnectFunc + DataDir string + EncryptionEnv string + QueryTimeout time.Duration + DataMaxOpenConns int + DataMaxIdleConns int + AuxMaxOpenConns int + AuxMaxIdleConns int + IsDev bool +} + +// ensures that the BaseApp implements the App interface. +var _ App = (*BaseApp)(nil) + +// BaseApp implements core.App and defines the base PocketBase app structure. +type BaseApp struct { + config *BaseAppConfig + txInfo *TxAppInfo + store *store.Store[string, any] + cron *cron.Cron + settings *Settings + subscriptionsBroker *subscriptions.Broker + logger *slog.Logger + concurrentDB dbx.Builder + nonconcurrentDB dbx.Builder + auxConcurrentDB dbx.Builder + auxNonconcurrentDB dbx.Builder + + // app event hooks + onBootstrap *hook.Hook[*BootstrapEvent] + onServe *hook.Hook[*ServeEvent] + onTerminate *hook.Hook[*TerminateEvent] + onBackupCreate *hook.Hook[*BackupEvent] + onBackupRestore *hook.Hook[*BackupEvent] + + // db model hooks + onModelValidate *hook.Hook[*ModelEvent] + onModelCreate *hook.Hook[*ModelEvent] + onModelCreateExecute *hook.Hook[*ModelEvent] + onModelAfterCreateSuccess *hook.Hook[*ModelEvent] + onModelAfterCreateError *hook.Hook[*ModelErrorEvent] + onModelUpdate *hook.Hook[*ModelEvent] + onModelUpdateWrite *hook.Hook[*ModelEvent] + onModelAfterUpdateSuccess *hook.Hook[*ModelEvent] + onModelAfterUpdateError *hook.Hook[*ModelErrorEvent] + onModelDelete *hook.Hook[*ModelEvent] + onModelDeleteExecute *hook.Hook[*ModelEvent] + onModelAfterDeleteSuccess *hook.Hook[*ModelEvent] + onModelAfterDeleteError *hook.Hook[*ModelErrorEvent] + + // db record hooks + onRecordEnrich *hook.Hook[*RecordEnrichEvent] + onRecordValidate *hook.Hook[*RecordEvent] + onRecordCreate *hook.Hook[*RecordEvent] + onRecordCreateExecute *hook.Hook[*RecordEvent] + onRecordAfterCreateSuccess *hook.Hook[*RecordEvent] + onRecordAfterCreateError *hook.Hook[*RecordErrorEvent] + onRecordUpdate *hook.Hook[*RecordEvent] + onRecordUpdateExecute *hook.Hook[*RecordEvent] + onRecordAfterUpdateSuccess *hook.Hook[*RecordEvent] + onRecordAfterUpdateError *hook.Hook[*RecordErrorEvent] + onRecordDelete *hook.Hook[*RecordEvent] + onRecordDeleteExecute *hook.Hook[*RecordEvent] + onRecordAfterDeleteSuccess *hook.Hook[*RecordEvent] + onRecordAfterDeleteError *hook.Hook[*RecordErrorEvent] + + // db collection hooks + onCollectionValidate *hook.Hook[*CollectionEvent] + onCollectionCreate *hook.Hook[*CollectionEvent] + onCollectionCreateExecute *hook.Hook[*CollectionEvent] + onCollectionAfterCreateSuccess *hook.Hook[*CollectionEvent] + onCollectionAfterCreateError *hook.Hook[*CollectionErrorEvent] + onCollectionUpdate *hook.Hook[*CollectionEvent] + onCollectionUpdateExecute *hook.Hook[*CollectionEvent] + onCollectionAfterUpdateSuccess *hook.Hook[*CollectionEvent] + onCollectionAfterUpdateError *hook.Hook[*CollectionErrorEvent] + onCollectionDelete *hook.Hook[*CollectionEvent] + onCollectionDeleteExecute *hook.Hook[*CollectionEvent] + onCollectionAfterDeleteSuccess *hook.Hook[*CollectionEvent] + onCollectionAfterDeleteError *hook.Hook[*CollectionErrorEvent] + + // mailer event hooks + onMailerSend *hook.Hook[*MailerEvent] + onMailerRecordPasswordResetSend *hook.Hook[*MailerRecordEvent] + onMailerRecordVerificationSend *hook.Hook[*MailerRecordEvent] + onMailerRecordEmailChangeSend *hook.Hook[*MailerRecordEvent] + onMailerRecordOTPSend *hook.Hook[*MailerRecordEvent] + onMailerRecordAuthAlertSend *hook.Hook[*MailerRecordEvent] + + // realtime api event hooks + onRealtimeConnectRequest *hook.Hook[*RealtimeConnectRequestEvent] + onRealtimeMessageSend *hook.Hook[*RealtimeMessageEvent] + onRealtimeSubscribeRequest *hook.Hook[*RealtimeSubscribeRequestEvent] + + // settings event hooks + onSettingsListRequest *hook.Hook[*SettingsListRequestEvent] + onSettingsUpdateRequest *hook.Hook[*SettingsUpdateRequestEvent] + onSettingsReload *hook.Hook[*SettingsReloadEvent] + + // file api event hooks + onFileDownloadRequest *hook.Hook[*FileDownloadRequestEvent] + onFileTokenRequest *hook.Hook[*FileTokenRequestEvent] + + // record auth API event hooks + onRecordAuthRequest *hook.Hook[*RecordAuthRequestEvent] + onRecordAuthWithPasswordRequest *hook.Hook[*RecordAuthWithPasswordRequestEvent] + onRecordAuthWithOAuth2Request *hook.Hook[*RecordAuthWithOAuth2RequestEvent] + onRecordAuthRefreshRequest *hook.Hook[*RecordAuthRefreshRequestEvent] + onRecordRequestPasswordResetRequest *hook.Hook[*RecordRequestPasswordResetRequestEvent] + onRecordConfirmPasswordResetRequest *hook.Hook[*RecordConfirmPasswordResetRequestEvent] + onRecordRequestVerificationRequest *hook.Hook[*RecordRequestVerificationRequestEvent] + onRecordConfirmVerificationRequest *hook.Hook[*RecordConfirmVerificationRequestEvent] + onRecordRequestEmailChangeRequest *hook.Hook[*RecordRequestEmailChangeRequestEvent] + onRecordConfirmEmailChangeRequest *hook.Hook[*RecordConfirmEmailChangeRequestEvent] + onRecordRequestOTPRequest *hook.Hook[*RecordCreateOTPRequestEvent] + onRecordAuthWithOTPRequest *hook.Hook[*RecordAuthWithOTPRequestEvent] + + // record crud API event hooks + onRecordsListRequest *hook.Hook[*RecordsListRequestEvent] + onRecordViewRequest *hook.Hook[*RecordRequestEvent] + onRecordCreateRequest *hook.Hook[*RecordRequestEvent] + onRecordUpdateRequest *hook.Hook[*RecordRequestEvent] + onRecordDeleteRequest *hook.Hook[*RecordRequestEvent] + + // collection API event hooks + onCollectionsListRequest *hook.Hook[*CollectionsListRequestEvent] + onCollectionViewRequest *hook.Hook[*CollectionRequestEvent] + onCollectionCreateRequest *hook.Hook[*CollectionRequestEvent] + onCollectionUpdateRequest *hook.Hook[*CollectionRequestEvent] + onCollectionDeleteRequest *hook.Hook[*CollectionRequestEvent] + onCollectionsImportRequest *hook.Hook[*CollectionsImportRequestEvent] + + onBatchRequest *hook.Hook[*BatchRequestEvent] +} + +// NewBaseApp creates and returns a new BaseApp instance +// configured with the provided arguments. +// +// To initialize the app, you need to call `app.Bootstrap()`. +func NewBaseApp(config BaseAppConfig) *BaseApp { + app := &BaseApp{ + settings: newDefaultSettings(), + store: store.New[string, any](nil), + cron: cron.New(), + subscriptionsBroker: subscriptions.NewBroker(), + config: &config, + } + + // apply config defaults + if app.config.DBConnect == nil { + app.config.DBConnect = DefaultDBConnect + } + if app.config.DataMaxOpenConns <= 0 { + app.config.DataMaxOpenConns = DefaultDataMaxOpenConns + } + if app.config.DataMaxIdleConns <= 0 { + app.config.DataMaxIdleConns = DefaultDataMaxIdleConns + } + if app.config.AuxMaxOpenConns <= 0 { + app.config.AuxMaxOpenConns = DefaultAuxMaxOpenConns + } + if app.config.AuxMaxIdleConns <= 0 { + app.config.AuxMaxIdleConns = DefaultAuxMaxIdleConns + } + if app.config.QueryTimeout <= 0 { + app.config.QueryTimeout = DefaultQueryTimeout + } + + app.initHooks() + app.registerBaseHooks() + + return app +} + +// initHooks initializes all app hook handlers. +func (app *BaseApp) initHooks() { + // app event hooks + app.onBootstrap = &hook.Hook[*BootstrapEvent]{} + app.onServe = &hook.Hook[*ServeEvent]{} + app.onTerminate = &hook.Hook[*TerminateEvent]{} + app.onBackupCreate = &hook.Hook[*BackupEvent]{} + app.onBackupRestore = &hook.Hook[*BackupEvent]{} + + // db model hooks + app.onModelValidate = &hook.Hook[*ModelEvent]{} + app.onModelCreate = &hook.Hook[*ModelEvent]{} + app.onModelCreateExecute = &hook.Hook[*ModelEvent]{} + app.onModelAfterCreateSuccess = &hook.Hook[*ModelEvent]{} + app.onModelAfterCreateError = &hook.Hook[*ModelErrorEvent]{} + app.onModelUpdate = &hook.Hook[*ModelEvent]{} + app.onModelUpdateWrite = &hook.Hook[*ModelEvent]{} + app.onModelAfterUpdateSuccess = &hook.Hook[*ModelEvent]{} + app.onModelAfterUpdateError = &hook.Hook[*ModelErrorEvent]{} + app.onModelDelete = &hook.Hook[*ModelEvent]{} + app.onModelDeleteExecute = &hook.Hook[*ModelEvent]{} + app.onModelAfterDeleteSuccess = &hook.Hook[*ModelEvent]{} + app.onModelAfterDeleteError = &hook.Hook[*ModelErrorEvent]{} + + // db record hooks + app.onRecordEnrich = &hook.Hook[*RecordEnrichEvent]{} + app.onRecordValidate = &hook.Hook[*RecordEvent]{} + app.onRecordCreate = &hook.Hook[*RecordEvent]{} + app.onRecordCreateExecute = &hook.Hook[*RecordEvent]{} + app.onRecordAfterCreateSuccess = &hook.Hook[*RecordEvent]{} + app.onRecordAfterCreateError = &hook.Hook[*RecordErrorEvent]{} + app.onRecordUpdate = &hook.Hook[*RecordEvent]{} + app.onRecordUpdateExecute = &hook.Hook[*RecordEvent]{} + app.onRecordAfterUpdateSuccess = &hook.Hook[*RecordEvent]{} + app.onRecordAfterUpdateError = &hook.Hook[*RecordErrorEvent]{} + app.onRecordDelete = &hook.Hook[*RecordEvent]{} + app.onRecordDeleteExecute = &hook.Hook[*RecordEvent]{} + app.onRecordAfterDeleteSuccess = &hook.Hook[*RecordEvent]{} + app.onRecordAfterDeleteError = &hook.Hook[*RecordErrorEvent]{} + + // db collection hooks + app.onCollectionValidate = &hook.Hook[*CollectionEvent]{} + app.onCollectionCreate = &hook.Hook[*CollectionEvent]{} + app.onCollectionCreateExecute = &hook.Hook[*CollectionEvent]{} + app.onCollectionAfterCreateSuccess = &hook.Hook[*CollectionEvent]{} + app.onCollectionAfterCreateError = &hook.Hook[*CollectionErrorEvent]{} + app.onCollectionUpdate = &hook.Hook[*CollectionEvent]{} + app.onCollectionUpdateExecute = &hook.Hook[*CollectionEvent]{} + app.onCollectionAfterUpdateSuccess = &hook.Hook[*CollectionEvent]{} + app.onCollectionAfterUpdateError = &hook.Hook[*CollectionErrorEvent]{} + app.onCollectionDelete = &hook.Hook[*CollectionEvent]{} + app.onCollectionAfterDeleteSuccess = &hook.Hook[*CollectionEvent]{} + app.onCollectionDeleteExecute = &hook.Hook[*CollectionEvent]{} + app.onCollectionAfterDeleteError = &hook.Hook[*CollectionErrorEvent]{} + + // mailer event hooks + app.onMailerSend = &hook.Hook[*MailerEvent]{} + app.onMailerRecordPasswordResetSend = &hook.Hook[*MailerRecordEvent]{} + app.onMailerRecordVerificationSend = &hook.Hook[*MailerRecordEvent]{} + app.onMailerRecordEmailChangeSend = &hook.Hook[*MailerRecordEvent]{} + app.onMailerRecordOTPSend = &hook.Hook[*MailerRecordEvent]{} + app.onMailerRecordAuthAlertSend = &hook.Hook[*MailerRecordEvent]{} + + // realtime API event hooks + app.onRealtimeConnectRequest = &hook.Hook[*RealtimeConnectRequestEvent]{} + app.onRealtimeMessageSend = &hook.Hook[*RealtimeMessageEvent]{} + app.onRealtimeSubscribeRequest = &hook.Hook[*RealtimeSubscribeRequestEvent]{} + + // settings event hooks + app.onSettingsListRequest = &hook.Hook[*SettingsListRequestEvent]{} + app.onSettingsUpdateRequest = &hook.Hook[*SettingsUpdateRequestEvent]{} + app.onSettingsReload = &hook.Hook[*SettingsReloadEvent]{} + + // file API event hooks + app.onFileDownloadRequest = &hook.Hook[*FileDownloadRequestEvent]{} + app.onFileTokenRequest = &hook.Hook[*FileTokenRequestEvent]{} + + // record auth API event hooks + app.onRecordAuthRequest = &hook.Hook[*RecordAuthRequestEvent]{} + app.onRecordAuthWithPasswordRequest = &hook.Hook[*RecordAuthWithPasswordRequestEvent]{} + app.onRecordAuthWithOAuth2Request = &hook.Hook[*RecordAuthWithOAuth2RequestEvent]{} + app.onRecordAuthRefreshRequest = &hook.Hook[*RecordAuthRefreshRequestEvent]{} + app.onRecordRequestPasswordResetRequest = &hook.Hook[*RecordRequestPasswordResetRequestEvent]{} + app.onRecordConfirmPasswordResetRequest = &hook.Hook[*RecordConfirmPasswordResetRequestEvent]{} + app.onRecordRequestVerificationRequest = &hook.Hook[*RecordRequestVerificationRequestEvent]{} + app.onRecordConfirmVerificationRequest = &hook.Hook[*RecordConfirmVerificationRequestEvent]{} + app.onRecordRequestEmailChangeRequest = &hook.Hook[*RecordRequestEmailChangeRequestEvent]{} + app.onRecordConfirmEmailChangeRequest = &hook.Hook[*RecordConfirmEmailChangeRequestEvent]{} + app.onRecordRequestOTPRequest = &hook.Hook[*RecordCreateOTPRequestEvent]{} + app.onRecordAuthWithOTPRequest = &hook.Hook[*RecordAuthWithOTPRequestEvent]{} + + // record crud API event hooks + app.onRecordsListRequest = &hook.Hook[*RecordsListRequestEvent]{} + app.onRecordViewRequest = &hook.Hook[*RecordRequestEvent]{} + app.onRecordCreateRequest = &hook.Hook[*RecordRequestEvent]{} + app.onRecordUpdateRequest = &hook.Hook[*RecordRequestEvent]{} + app.onRecordDeleteRequest = &hook.Hook[*RecordRequestEvent]{} + + // collection API event hooks + app.onCollectionsListRequest = &hook.Hook[*CollectionsListRequestEvent]{} + app.onCollectionViewRequest = &hook.Hook[*CollectionRequestEvent]{} + app.onCollectionCreateRequest = &hook.Hook[*CollectionRequestEvent]{} + app.onCollectionUpdateRequest = &hook.Hook[*CollectionRequestEvent]{} + app.onCollectionDeleteRequest = &hook.Hook[*CollectionRequestEvent]{} + app.onCollectionsImportRequest = &hook.Hook[*CollectionsImportRequestEvent]{} + + app.onBatchRequest = &hook.Hook[*BatchRequestEvent]{} +} + +// UnsafeWithoutHooks returns a shallow copy of the current app WITHOUT any registered hooks. +// +// NB! Note that using the returned app instance may cause data integrity errors +// since the Record validations and data normalizations (including files uploads) +// rely on the app hooks to work. +func (app *BaseApp) UnsafeWithoutHooks() App { + clone := *app + + // reset all hook handlers + clone.initHooks() + + return &clone +} + +// Logger returns the default app logger. +// +// If the application is not bootstrapped yet, fallbacks to slog.Default(). +func (app *BaseApp) Logger() *slog.Logger { + if app.logger == nil { + return slog.Default() + } + + return app.logger +} + +// TxInfo returns the transaction associated with the current app instance (if any). +// +// Could be used if you want to execute indirectly a function after +// the related app transaction completes using `app.TxInfo().OnAfterFunc(callback)`. +func (app *BaseApp) TxInfo() *TxAppInfo { + return app.txInfo +} + +// IsTransactional checks if the current app instance is part of a transaction. +func (app *BaseApp) IsTransactional() bool { + return app.TxInfo() != nil +} + +// IsBootstrapped checks if the application was initialized +// (aka. whether Bootstrap() was called). +func (app *BaseApp) IsBootstrapped() bool { + return app.concurrentDB != nil && app.auxConcurrentDB != nil +} + +// Bootstrap initializes the application +// (aka. create data dir, open db connections, load settings, etc.). +// +// It will call ResetBootstrapState() if the application was already bootstrapped. +func (app *BaseApp) Bootstrap() error { + event := &BootstrapEvent{} + event.App = app + + err := app.OnBootstrap().Trigger(event, func(e *BootstrapEvent) error { + // clear resources of previous core state (if any) + if err := app.ResetBootstrapState(); err != nil { + return err + } + + // ensure that data dir exist + if err := os.MkdirAll(app.DataDir(), os.ModePerm); err != nil { + return err + } + + if err := app.initDataDB(); err != nil { + return err + } + + if err := app.initAuxDB(); err != nil { + return err + } + + if err := app.initLogger(); err != nil { + return err + } + + if err := app.RunSystemMigrations(); err != nil { + return err + } + + if err := app.ReloadCachedCollections(); err != nil { + return err + } + + if err := app.ReloadSettings(); err != nil { + return err + } + + // try to cleanup the pb_data temp directory (if any) + _ = os.RemoveAll(filepath.Join(app.DataDir(), LocalTempDirName)) + + return nil + }) + + // add a more user friendly message in case users forgot to call + // e.Next() as part of their bootstrap hook + if err == nil && !app.IsBootstrapped() { + app.Logger().Warn("OnBootstrap hook didn't fail but the app is still not bootstrapped - maybe missing e.Next()?") + } + + return err +} + +type closer interface { + Close() error +} + +// ResetBootstrapState releases the initialized core app resources +// (closing db connections, stopping cron ticker, etc.). +func (app *BaseApp) ResetBootstrapState() error { + app.Cron().Stop() + + var errs []error + + dbs := []*dbx.Builder{ + &app.concurrentDB, + &app.nonconcurrentDB, + &app.auxConcurrentDB, + &app.auxNonconcurrentDB, + } + + for _, db := range dbs { + if db == nil { + continue + } + if v, ok := (*db).(closer); ok { + if err := v.Close(); err != nil { + errs = append(errs, err) + } + } + *db = nil + } + + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} + +// DB returns the default app data.db builder instance. +// +// To minimize SQLITE_BUSY errors, it automatically routes the +// SELECT queries to the underlying concurrent db pool and everything +// else to the nonconcurrent one. +// +// For more finer control over the used connections pools you can +// call directly ConcurrentDB() or NonconcurrentDB(). +func (app *BaseApp) DB() dbx.Builder { + // transactional or both are nil + if app.concurrentDB == app.nonconcurrentDB { + return app.concurrentDB + } + + return &dualDBBuilder{ + concurrentDB: app.concurrentDB, + nonconcurrentDB: app.nonconcurrentDB, + } +} + +// ConcurrentDB returns the concurrent app data.db builder instance. +// +// This method is used mainly internally for executing db read +// operations in a concurrent/non-blocking manner. +// +// Most users should use simply DB() as it will automatically +// route the query execution to ConcurrentDB() or NonconcurrentDB(). +// +// In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. +func (app *BaseApp) ConcurrentDB() dbx.Builder { + return app.concurrentDB +} + +// NonconcurrentDB returns the nonconcurrent app data.db builder instance. +// +// The returned db instance is limited only to a single open connection, +// meaning that it can process only 1 db operation at a time (other queries queue up). +// +// This method is used mainly internally and in the tests to execute write +// (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. +// +// Most users should use simply DB() as it will automatically +// route the query execution to ConcurrentDB() or NonconcurrentDB(). +// +// In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. +func (app *BaseApp) NonconcurrentDB() dbx.Builder { + return app.nonconcurrentDB +} + +// AuxDB returns the app auxiliary.db builder instance. +// +// To minimize SQLITE_BUSY errors, it automatically routes the +// SELECT queries to the underlying concurrent db pool and everything +// else to the nonconcurrent one. +// +// For more finer control over the used connections pools you can +// call directly AuxConcurrentDB() or AuxNonconcurrentDB(). +func (app *BaseApp) AuxDB() dbx.Builder { + // transactional or both are nil + if app.auxConcurrentDB == app.auxNonconcurrentDB { + return app.auxConcurrentDB + } + + return &dualDBBuilder{ + concurrentDB: app.auxConcurrentDB, + nonconcurrentDB: app.auxNonconcurrentDB, + } +} + +// AuxConcurrentDB returns the concurrent app auxiliary.db builder instance. +// +// This method is used mainly internally for executing db read +// operations in a concurrent/non-blocking manner. +// +// Most users should use simply AuxDB() as it will automatically +// route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). +// +// In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. +func (app *BaseApp) AuxConcurrentDB() dbx.Builder { + return app.auxConcurrentDB +} + +// AuxNonconcurrentDB returns the nonconcurrent app auxiliary.db builder instance. +// +// The returned db instance is limited only to a single open connection, +// meaning that it can process only 1 db operation at a time (other queries queue up). +// +// This method is used mainly internally and in the tests to execute write +// (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. +// +// Most users should use simply AuxDB() as it will automatically +// route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). +// +// In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. +func (app *BaseApp) AuxNonconcurrentDB() dbx.Builder { + return app.auxNonconcurrentDB +} + +// DataDir returns the app data directory path. +func (app *BaseApp) DataDir() string { + return app.config.DataDir +} + +// EncryptionEnv returns the name of the app secret env key +// (currently used primarily for optional settings encryption but this may change in the future). +func (app *BaseApp) EncryptionEnv() string { + return app.config.EncryptionEnv +} + +// IsDev returns whether the app is in dev mode. +// +// When enabled logs, executed sql statements, etc. are printed to the stderr. +func (app *BaseApp) IsDev() bool { + return app.config.IsDev +} + +// Settings returns the loaded app settings. +func (app *BaseApp) Settings() *Settings { + return app.settings +} + +// Store returns the app runtime store. +func (app *BaseApp) Store() *store.Store[string, any] { + return app.store +} + +// Cron returns the app cron instance. +func (app *BaseApp) Cron() *cron.Cron { + return app.cron +} + +// SubscriptionsBroker returns the app realtime subscriptions broker instance. +func (app *BaseApp) SubscriptionsBroker() *subscriptions.Broker { + return app.subscriptionsBroker +} + +// NewMailClient creates and returns a new SMTP or Sendmail client +// based on the current app settings. +func (app *BaseApp) NewMailClient() mailer.Mailer { + var client mailer.Mailer + + // init mailer client + if app.Settings().SMTP.Enabled { + client = &mailer.SMTPClient{ + Host: app.Settings().SMTP.Host, + Port: app.Settings().SMTP.Port, + Username: app.Settings().SMTP.Username, + Password: app.Settings().SMTP.Password, + TLS: app.Settings().SMTP.TLS, + AuthMethod: app.Settings().SMTP.AuthMethod, + LocalName: app.Settings().SMTP.LocalName, + } + } else { + client = &mailer.Sendmail{} + } + + // register the app level hook + if h, ok := client.(mailer.SendInterceptor); ok { + h.OnSend().Bind(&hook.Handler[*mailer.SendEvent]{ + Id: "__pbMailerOnSend__", + Func: func(e *mailer.SendEvent) error { + appEvent := new(MailerEvent) + appEvent.App = app + appEvent.Mailer = client + appEvent.Message = e.Message + + return app.OnMailerSend().Trigger(appEvent, func(ae *MailerEvent) error { + e.Message = ae.Message + + // print the mail in the console to assist with the debugging + if app.IsDev() { + logDate := new(strings.Builder) + log.New(logDate, "", log.LstdFlags).Print() + + mailLog := new(strings.Builder) + mailLog.WriteString(strings.TrimSpace(logDate.String())) + mailLog.WriteString(" Mail sent\n") + fmt.Fprintf(mailLog, "├─ From: %v\n", ae.Message.From) + fmt.Fprintf(mailLog, "├─ To: %v\n", ae.Message.To) + fmt.Fprintf(mailLog, "├─ Cc: %v\n", ae.Message.Cc) + fmt.Fprintf(mailLog, "├─ Bcc: %v\n", ae.Message.Bcc) + fmt.Fprintf(mailLog, "├─ Subject: %v\n", ae.Message.Subject) + + if len(ae.Message.Attachments) > 0 { + attachmentKeys := make([]string, 0, len(ae.Message.Attachments)) + for k := range ae.Message.Attachments { + attachmentKeys = append(attachmentKeys, k) + } + fmt.Fprintf(mailLog, "├─ Attachments: %v\n", attachmentKeys) + } + + if len(ae.Message.InlineAttachments) > 0 { + attachmentKeys := make([]string, 0, len(ae.Message.InlineAttachments)) + for k := range ae.Message.InlineAttachments { + attachmentKeys = append(attachmentKeys, k) + } + fmt.Fprintf(mailLog, "├─ InlineAttachments: %v\n", attachmentKeys) + } + + const indentation = " " + if ae.Message.Text != "" { + textParts := strings.Split(strings.TrimSpace(ae.Message.Text), "\n") + textIndented := indentation + strings.Join(textParts, "\n"+indentation) + fmt.Fprintf(mailLog, "└─ Text:\n%s", textIndented) + } else { + htmlParts := strings.Split(strings.TrimSpace(ae.Message.HTML), "\n") + htmlIndented := indentation + strings.Join(htmlParts, "\n"+indentation) + fmt.Fprintf(mailLog, "└─ HTML:\n%s", htmlIndented) + } + + color.HiBlack("%s", mailLog.String()) + } + + // send the email with the new mailer in case it was replaced + if client != ae.Mailer { + return ae.Mailer.Send(e.Message) + } + + return e.Next() + }) + }, + }) + } + + return client +} + +// NewFilesystem creates a new local or S3 filesystem instance +// for managing regular app files (ex. record uploads) +// based on the current app settings. +// +// NB! Make sure to call Close() on the returned result +// after you are done working with it. +func (app *BaseApp) NewFilesystem() (*filesystem.System, error) { + if app.settings != nil && app.settings.S3.Enabled { + return filesystem.NewS3( + app.settings.S3.Bucket, + app.settings.S3.Region, + app.settings.S3.Endpoint, + app.settings.S3.AccessKey, + app.settings.S3.Secret, + app.settings.S3.ForcePathStyle, + ) + } + + // fallback to local filesystem + return filesystem.NewLocal(filepath.Join(app.DataDir(), LocalStorageDirName)) +} + +// NewBackupsFilesystem creates a new local or S3 filesystem instance +// for managing app backups based on the current app settings. +// +// NB! Make sure to call Close() on the returned result +// after you are done working with it. +func (app *BaseApp) NewBackupsFilesystem() (*filesystem.System, error) { + if app.settings != nil && app.settings.Backups.S3.Enabled { + return filesystem.NewS3( + app.settings.Backups.S3.Bucket, + app.settings.Backups.S3.Region, + app.settings.Backups.S3.Endpoint, + app.settings.Backups.S3.AccessKey, + app.settings.Backups.S3.Secret, + app.settings.Backups.S3.ForcePathStyle, + ) + } + + // fallback to local filesystem + return filesystem.NewLocal(filepath.Join(app.DataDir(), LocalBackupsDirName)) +} + +// Restart restarts (aka. replaces) the current running application process. +// +// NB! It relies on execve which is supported only on UNIX based systems. +func (app *BaseApp) Restart() error { + if runtime.GOOS == "windows" { + return errors.New("restart is not supported on windows") + } + + execPath, err := os.Executable() + if err != nil { + return err + } + + event := &TerminateEvent{} + event.App = app + event.IsRestart = true + + return app.OnTerminate().Trigger(event, func(e *TerminateEvent) error { + _ = e.App.ResetBootstrapState() + + // attempt to restart the bootstrap process in case execve returns an error for some reason + defer func() { + if err := e.App.Bootstrap(); err != nil { + app.Logger().Error("Failed to rebootstrap the application after failed app.Restart()", "error", err) + } + }() + + return syscall.Exec(execPath, os.Args, os.Environ()) + }) +} + +// RunSystemMigrations applies all new migrations registered in the [core.SystemMigrations] list. +func (app *BaseApp) RunSystemMigrations() error { + _, err := NewMigrationsRunner(app, SystemMigrations).Up() + return err +} + +// RunAppMigrations applies all new migrations registered in the [core.AppMigrations] list. +func (app *BaseApp) RunAppMigrations() error { + _, err := NewMigrationsRunner(app, AppMigrations).Up() + return err +} + +// RunAllMigrations applies all system and app migrations +// (aka. from both [core.SystemMigrations] and [core.AppMigrations]). +func (app *BaseApp) RunAllMigrations() error { + list := MigrationsList{} + list.Copy(SystemMigrations) + list.Copy(AppMigrations) + _, err := NewMigrationsRunner(app, list).Up() + return err +} + +// ------------------------------------------------------------------- +// App event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnBootstrap() *hook.Hook[*BootstrapEvent] { + return app.onBootstrap +} + +func (app *BaseApp) OnServe() *hook.Hook[*ServeEvent] { + return app.onServe +} + +func (app *BaseApp) OnTerminate() *hook.Hook[*TerminateEvent] { + return app.onTerminate +} + +func (app *BaseApp) OnBackupCreate() *hook.Hook[*BackupEvent] { + return app.onBackupCreate +} + +func (app *BaseApp) OnBackupRestore() *hook.Hook[*BackupEvent] { + return app.onBackupRestore +} + +// --------------------------------------------------------------- + +func (app *BaseApp) OnModelCreate(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelCreate, tags...) +} + +func (app *BaseApp) OnModelCreateExecute(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelCreateExecute, tags...) +} + +func (app *BaseApp) OnModelAfterCreateSuccess(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelAfterCreateSuccess, tags...) +} + +func (app *BaseApp) OnModelAfterCreateError(tags ...string) *hook.TaggedHook[*ModelErrorEvent] { + return hook.NewTaggedHook(app.onModelAfterCreateError, tags...) +} + +func (app *BaseApp) OnModelUpdate(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelUpdate, tags...) +} + +func (app *BaseApp) OnModelUpdateExecute(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelUpdateWrite, tags...) +} + +func (app *BaseApp) OnModelAfterUpdateSuccess(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelAfterUpdateSuccess, tags...) +} + +func (app *BaseApp) OnModelAfterUpdateError(tags ...string) *hook.TaggedHook[*ModelErrorEvent] { + return hook.NewTaggedHook(app.onModelAfterUpdateError, tags...) +} + +func (app *BaseApp) OnModelValidate(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelValidate, tags...) +} + +func (app *BaseApp) OnModelDelete(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelDelete, tags...) +} + +func (app *BaseApp) OnModelDeleteExecute(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelDeleteExecute, tags...) +} + +func (app *BaseApp) OnModelAfterDeleteSuccess(tags ...string) *hook.TaggedHook[*ModelEvent] { + return hook.NewTaggedHook(app.onModelAfterDeleteSuccess, tags...) +} + +func (app *BaseApp) OnModelAfterDeleteError(tags ...string) *hook.TaggedHook[*ModelErrorEvent] { + return hook.NewTaggedHook(app.onModelAfterDeleteError, tags...) +} + +func (app *BaseApp) OnRecordEnrich(tags ...string) *hook.TaggedHook[*RecordEnrichEvent] { + return hook.NewTaggedHook(app.onRecordEnrich, tags...) +} + +func (app *BaseApp) OnRecordValidate(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordValidate, tags...) +} + +func (app *BaseApp) OnRecordCreate(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordCreate, tags...) +} + +func (app *BaseApp) OnRecordCreateExecute(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordCreateExecute, tags...) +} + +func (app *BaseApp) OnRecordAfterCreateSuccess(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordAfterCreateSuccess, tags...) +} + +func (app *BaseApp) OnRecordAfterCreateError(tags ...string) *hook.TaggedHook[*RecordErrorEvent] { + return hook.NewTaggedHook(app.onRecordAfterCreateError, tags...) +} + +func (app *BaseApp) OnRecordUpdate(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordUpdate, tags...) +} + +func (app *BaseApp) OnRecordUpdateExecute(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordUpdateExecute, tags...) +} + +func (app *BaseApp) OnRecordAfterUpdateSuccess(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordAfterUpdateSuccess, tags...) +} + +func (app *BaseApp) OnRecordAfterUpdateError(tags ...string) *hook.TaggedHook[*RecordErrorEvent] { + return hook.NewTaggedHook(app.onRecordAfterUpdateError, tags...) +} + +func (app *BaseApp) OnRecordDelete(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordDelete, tags...) +} + +func (app *BaseApp) OnRecordDeleteExecute(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordDeleteExecute, tags...) +} + +func (app *BaseApp) OnRecordAfterDeleteSuccess(tags ...string) *hook.TaggedHook[*RecordEvent] { + return hook.NewTaggedHook(app.onRecordAfterDeleteSuccess, tags...) +} + +func (app *BaseApp) OnRecordAfterDeleteError(tags ...string) *hook.TaggedHook[*RecordErrorEvent] { + return hook.NewTaggedHook(app.onRecordAfterDeleteError, tags...) +} + +func (app *BaseApp) OnCollectionValidate(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionValidate, tags...) +} + +func (app *BaseApp) OnCollectionCreate(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionCreate, tags...) +} + +func (app *BaseApp) OnCollectionCreateExecute(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionCreateExecute, tags...) +} + +func (app *BaseApp) OnCollectionAfterCreateSuccess(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionAfterCreateSuccess, tags...) +} + +func (app *BaseApp) OnCollectionAfterCreateError(tags ...string) *hook.TaggedHook[*CollectionErrorEvent] { + return hook.NewTaggedHook(app.onCollectionAfterCreateError, tags...) +} + +func (app *BaseApp) OnCollectionUpdate(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionUpdate, tags...) +} + +func (app *BaseApp) OnCollectionUpdateExecute(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionUpdateExecute, tags...) +} + +func (app *BaseApp) OnCollectionAfterUpdateSuccess(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionAfterUpdateSuccess, tags...) +} + +func (app *BaseApp) OnCollectionAfterUpdateError(tags ...string) *hook.TaggedHook[*CollectionErrorEvent] { + return hook.NewTaggedHook(app.onCollectionAfterUpdateError, tags...) +} + +func (app *BaseApp) OnCollectionDelete(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionDelete, tags...) +} + +func (app *BaseApp) OnCollectionDeleteExecute(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionDeleteExecute, tags...) +} + +func (app *BaseApp) OnCollectionAfterDeleteSuccess(tags ...string) *hook.TaggedHook[*CollectionEvent] { + return hook.NewTaggedHook(app.onCollectionAfterDeleteSuccess, tags...) +} + +func (app *BaseApp) OnCollectionAfterDeleteError(tags ...string) *hook.TaggedHook[*CollectionErrorEvent] { + return hook.NewTaggedHook(app.onCollectionAfterDeleteError, tags...) +} + +// ------------------------------------------------------------------- +// Mailer event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnMailerSend() *hook.Hook[*MailerEvent] { + return app.onMailerSend +} + +func (app *BaseApp) OnMailerRecordPasswordResetSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] { + return hook.NewTaggedHook(app.onMailerRecordPasswordResetSend, tags...) +} + +func (app *BaseApp) OnMailerRecordVerificationSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] { + return hook.NewTaggedHook(app.onMailerRecordVerificationSend, tags...) +} + +func (app *BaseApp) OnMailerRecordEmailChangeSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] { + return hook.NewTaggedHook(app.onMailerRecordEmailChangeSend, tags...) +} + +func (app *BaseApp) OnMailerRecordOTPSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] { + return hook.NewTaggedHook(app.onMailerRecordOTPSend, tags...) +} + +func (app *BaseApp) OnMailerRecordAuthAlertSend(tags ...string) *hook.TaggedHook[*MailerRecordEvent] { + return hook.NewTaggedHook(app.onMailerRecordAuthAlertSend, tags...) +} + +// ------------------------------------------------------------------- +// Realtime API event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnRealtimeConnectRequest() *hook.Hook[*RealtimeConnectRequestEvent] { + return app.onRealtimeConnectRequest +} + +func (app *BaseApp) OnRealtimeMessageSend() *hook.Hook[*RealtimeMessageEvent] { + return app.onRealtimeMessageSend +} + +func (app *BaseApp) OnRealtimeSubscribeRequest() *hook.Hook[*RealtimeSubscribeRequestEvent] { + return app.onRealtimeSubscribeRequest +} + +// ------------------------------------------------------------------- +// Settings API event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnSettingsListRequest() *hook.Hook[*SettingsListRequestEvent] { + return app.onSettingsListRequest +} + +func (app *BaseApp) OnSettingsUpdateRequest() *hook.Hook[*SettingsUpdateRequestEvent] { + return app.onSettingsUpdateRequest +} + +func (app *BaseApp) OnSettingsReload() *hook.Hook[*SettingsReloadEvent] { + return app.onSettingsReload +} + +// ------------------------------------------------------------------- +// File API event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnFileDownloadRequest(tags ...string) *hook.TaggedHook[*FileDownloadRequestEvent] { + return hook.NewTaggedHook(app.onFileDownloadRequest, tags...) +} + +func (app *BaseApp) OnFileTokenRequest(tags ...string) *hook.TaggedHook[*FileTokenRequestEvent] { + return hook.NewTaggedHook(app.onFileTokenRequest, tags...) +} + +// ------------------------------------------------------------------- +// Record auth API event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnRecordAuthRequest(tags ...string) *hook.TaggedHook[*RecordAuthRequestEvent] { + return hook.NewTaggedHook(app.onRecordAuthRequest, tags...) +} + +func (app *BaseApp) OnRecordAuthWithPasswordRequest(tags ...string) *hook.TaggedHook[*RecordAuthWithPasswordRequestEvent] { + return hook.NewTaggedHook(app.onRecordAuthWithPasswordRequest, tags...) +} + +func (app *BaseApp) OnRecordAuthWithOAuth2Request(tags ...string) *hook.TaggedHook[*RecordAuthWithOAuth2RequestEvent] { + return hook.NewTaggedHook(app.onRecordAuthWithOAuth2Request, tags...) +} + +func (app *BaseApp) OnRecordAuthRefreshRequest(tags ...string) *hook.TaggedHook[*RecordAuthRefreshRequestEvent] { + return hook.NewTaggedHook(app.onRecordAuthRefreshRequest, tags...) +} + +func (app *BaseApp) OnRecordRequestPasswordResetRequest(tags ...string) *hook.TaggedHook[*RecordRequestPasswordResetRequestEvent] { + return hook.NewTaggedHook(app.onRecordRequestPasswordResetRequest, tags...) +} + +func (app *BaseApp) OnRecordConfirmPasswordResetRequest(tags ...string) *hook.TaggedHook[*RecordConfirmPasswordResetRequestEvent] { + return hook.NewTaggedHook(app.onRecordConfirmPasswordResetRequest, tags...) +} + +func (app *BaseApp) OnRecordRequestVerificationRequest(tags ...string) *hook.TaggedHook[*RecordRequestVerificationRequestEvent] { + return hook.NewTaggedHook(app.onRecordRequestVerificationRequest, tags...) +} + +func (app *BaseApp) OnRecordConfirmVerificationRequest(tags ...string) *hook.TaggedHook[*RecordConfirmVerificationRequestEvent] { + return hook.NewTaggedHook(app.onRecordConfirmVerificationRequest, tags...) +} + +func (app *BaseApp) OnRecordRequestEmailChangeRequest(tags ...string) *hook.TaggedHook[*RecordRequestEmailChangeRequestEvent] { + return hook.NewTaggedHook(app.onRecordRequestEmailChangeRequest, tags...) +} + +func (app *BaseApp) OnRecordConfirmEmailChangeRequest(tags ...string) *hook.TaggedHook[*RecordConfirmEmailChangeRequestEvent] { + return hook.NewTaggedHook(app.onRecordConfirmEmailChangeRequest, tags...) +} + +func (app *BaseApp) OnRecordRequestOTPRequest(tags ...string) *hook.TaggedHook[*RecordCreateOTPRequestEvent] { + return hook.NewTaggedHook(app.onRecordRequestOTPRequest, tags...) +} + +func (app *BaseApp) OnRecordAuthWithOTPRequest(tags ...string) *hook.TaggedHook[*RecordAuthWithOTPRequestEvent] { + return hook.NewTaggedHook(app.onRecordAuthWithOTPRequest, tags...) +} + +// ------------------------------------------------------------------- +// Record CRUD API event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnRecordsListRequest(tags ...string) *hook.TaggedHook[*RecordsListRequestEvent] { + return hook.NewTaggedHook(app.onRecordsListRequest, tags...) +} + +func (app *BaseApp) OnRecordViewRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] { + return hook.NewTaggedHook(app.onRecordViewRequest, tags...) +} + +func (app *BaseApp) OnRecordCreateRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] { + return hook.NewTaggedHook(app.onRecordCreateRequest, tags...) +} + +func (app *BaseApp) OnRecordUpdateRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] { + return hook.NewTaggedHook(app.onRecordUpdateRequest, tags...) +} + +func (app *BaseApp) OnRecordDeleteRequest(tags ...string) *hook.TaggedHook[*RecordRequestEvent] { + return hook.NewTaggedHook(app.onRecordDeleteRequest, tags...) +} + +// ------------------------------------------------------------------- +// Collection API event hooks +// ------------------------------------------------------------------- + +func (app *BaseApp) OnCollectionsListRequest() *hook.Hook[*CollectionsListRequestEvent] { + return app.onCollectionsListRequest +} + +func (app *BaseApp) OnCollectionViewRequest() *hook.Hook[*CollectionRequestEvent] { + return app.onCollectionViewRequest +} + +func (app *BaseApp) OnCollectionCreateRequest() *hook.Hook[*CollectionRequestEvent] { + return app.onCollectionCreateRequest +} + +func (app *BaseApp) OnCollectionUpdateRequest() *hook.Hook[*CollectionRequestEvent] { + return app.onCollectionUpdateRequest +} + +func (app *BaseApp) OnCollectionDeleteRequest() *hook.Hook[*CollectionRequestEvent] { + return app.onCollectionDeleteRequest +} + +func (app *BaseApp) OnCollectionsImportRequest() *hook.Hook[*CollectionsImportRequestEvent] { + return app.onCollectionsImportRequest +} + +func (app *BaseApp) OnBatchRequest() *hook.Hook[*BatchRequestEvent] { + return app.onBatchRequest +} + +// ------------------------------------------------------------------- +// Helpers +// ------------------------------------------------------------------- + +func (app *BaseApp) initDataDB() error { + dbPath := filepath.Join(app.DataDir(), "data.db") + + concurrentDB, err := app.config.DBConnect(dbPath) + if err != nil { + return err + } + concurrentDB.DB().SetMaxOpenConns(app.config.DataMaxOpenConns) + concurrentDB.DB().SetMaxIdleConns(app.config.DataMaxIdleConns) + concurrentDB.DB().SetConnMaxIdleTime(3 * time.Minute) + + nonconcurrentDB, err := app.config.DBConnect(dbPath) + if err != nil { + return err + } + nonconcurrentDB.DB().SetMaxOpenConns(1) + nonconcurrentDB.DB().SetMaxIdleConns(1) + nonconcurrentDB.DB().SetConnMaxIdleTime(3 * time.Minute) + + if app.IsDev() { + nonconcurrentDB.QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + color.HiBlack("[%.2fms] %v\n", float64(t.Milliseconds()), normalizeSQLLog(sql)) + } + nonconcurrentDB.ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + color.HiBlack("[%.2fms] %v\n", float64(t.Milliseconds()), normalizeSQLLog(sql)) + } + concurrentDB.QueryLogFunc = nonconcurrentDB.QueryLogFunc + concurrentDB.ExecLogFunc = nonconcurrentDB.ExecLogFunc + } + + app.concurrentDB = concurrentDB + app.nonconcurrentDB = nonconcurrentDB + + return nil +} + +var sqlLogReplacements = []struct { + pattern *regexp.Regexp + replacement string +}{ + {regexp.MustCompile(`\[\[([^\[\]\{\}\.]+)\.([^\[\]\{\}\.]+)\]\]`), "`$1`.`$2`"}, + {regexp.MustCompile(`\{\{([^\[\]\{\}\.]+)\.([^\[\]\{\}\.]+)\}\}`), "`$1`.`$2`"}, + {regexp.MustCompile(`([^'"])?\{\{`), "$1`"}, + {regexp.MustCompile(`\}\}([^'"])?`), "`$1"}, + {regexp.MustCompile(`([^'"])?\[\[`), "$1`"}, + {regexp.MustCompile(`\]\]([^'"])?`), "`$1"}, + {regexp.MustCompile(``), "NULL"}, +} + +// normalizeSQLLog replaces common query builder charactes with their plain SQL version for easier debugging. +// The query is still not suitable for execution and should be used only for log and debug purposes +// (the normalization is done here to avoid breaking changes in dbx). +func normalizeSQLLog(sql string) string { + for _, item := range sqlLogReplacements { + sql = item.pattern.ReplaceAllString(sql, item.replacement) + } + + return sql +} + +func (app *BaseApp) initAuxDB() error { + // note: renamed to "auxiliary" because "aux" is a reserved Windows filename + // (see https://github.com/pocketbase/pocketbase/issues/5607) + dbPath := filepath.Join(app.DataDir(), "auxiliary.db") + + concurrentDB, err := app.config.DBConnect(dbPath) + if err != nil { + return err + } + concurrentDB.DB().SetMaxOpenConns(app.config.AuxMaxOpenConns) + concurrentDB.DB().SetMaxIdleConns(app.config.AuxMaxIdleConns) + concurrentDB.DB().SetConnMaxIdleTime(3 * time.Minute) + + nonconcurrentDB, err := app.config.DBConnect(dbPath) + if err != nil { + return err + } + nonconcurrentDB.DB().SetMaxOpenConns(1) + nonconcurrentDB.DB().SetMaxIdleConns(1) + nonconcurrentDB.DB().SetConnMaxIdleTime(3 * time.Minute) + + app.auxConcurrentDB = concurrentDB + app.auxNonconcurrentDB = nonconcurrentDB + + return nil +} + +// @todo remove after refactoring the FilesManager interface +func supportFiles(m Model) bool { + var collection *Collection + switch v := m.(type) { + case *Collection: + collection = v + case *Record: + collection = v.Collection() + case RecordProxy: + if v.ProxyRecord() != nil { + collection = v.ProxyRecord().Collection() + } + } + + if collection == nil { + return true + } + + for _, f := range collection.Fields { + if f.Type() == FieldTypeFile { + return true + } + } + + return false +} + +func (app *BaseApp) registerBaseHooks() { + deletePrefix := func(prefix string) error { + fs, err := app.NewFilesystem() + if err != nil { + return err + } + defer fs.Close() + + failed := fs.DeletePrefix(prefix) + if len(failed) > 0 { + return errors.New("failed to delete the files at " + prefix) + } + + return nil + } + + maxFilesDeleteWorkers := cast.ToInt64(os.Getenv("PB_FILES_DELETE_MAX_WORKERS")) + if maxFilesDeleteWorkers <= 0 { + maxFilesDeleteWorkers = 2000 // the value is arbitrary chosen and may change in the future + } + + deleteSem := semaphore.NewWeighted(maxFilesDeleteWorkers) + + // try to delete the storage files from deleted Collection, Records, etc. model + app.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: "__pbFilesManagerDelete__", + Func: func(e *ModelEvent) error { + if m, ok := e.Model.(FilesManager); ok && m.BaseFilesPath() != "" && supportFiles(e.Model) { + // ensure that there is a trailing slash so that the list iterator could start walking from the prefix dir + // (https://github.com/pocketbase/pocketbase/discussions/5246#discussioncomment-10128955) + prefix := strings.TrimRight(m.BaseFilesPath(), "/") + "/" + + // note: for now assume no context cancellation + err := deleteSem.Acquire(context.Background(), 1) + if err != nil { + app.Logger().Error( + "Failed to delete storage prefix (couldn't acquire a worker)", + slog.String("prefix", prefix), + slog.String("error", err.Error()), + ) + } else { + // run in the background for "optimistic" delete to avoid blocking the delete transaction + routine.FireAndForget(func() { + defer deleteSem.Release(1) + + if err := deletePrefix(prefix); err != nil { + app.Logger().Error( + "Failed to delete storage prefix (non critical error; usually could happen because of S3 api limits)", + slog.String("prefix", prefix), + slog.String("error", err.Error()), + ) + } + }) + } + } + + return e.Next() + }, + Priority: -99, + }) + + app.OnServe().Bind(&hook.Handler[*ServeEvent]{ + Id: "__pbCronStart__", + Func: func(e *ServeEvent) error { + app.Cron().Start() + + return e.Next() + }, + Priority: 999, + }) + + app.Cron().Add("__pbDBOptimize__", "0 0 * * *", func() { + _, execErr := app.NonconcurrentDB().NewQuery("PRAGMA wal_checkpoint(TRUNCATE)").Execute() + if execErr != nil { + app.Logger().Warn("Failed to run periodic PRAGMA wal_checkpoint for the main DB", slog.String("error", execErr.Error())) + } + + _, execErr = app.AuxNonconcurrentDB().NewQuery("PRAGMA wal_checkpoint(TRUNCATE)").Execute() + if execErr != nil { + app.Logger().Warn("Failed to run periodic PRAGMA wal_checkpoint for the auxiliary DB", slog.String("error", execErr.Error())) + } + + _, execErr = app.ConcurrentDB().NewQuery("PRAGMA optimize").Execute() + if execErr != nil { + app.Logger().Warn("Failed to run periodic PRAGMA optimize", slog.String("error", execErr.Error())) + } + }) + + app.registerSettingsHooks() + app.registerAutobackupHooks() + app.registerCollectionHooks() + app.registerRecordHooks() + app.registerSuperuserHooks() + app.registerExternalAuthHooks() + app.registerMFAHooks() + app.registerOTPHooks() + app.registerAuthOriginHooks() +} + +// getLoggerMinLevel returns the logger min level based on the +// app configurations (dev mode, settings, etc.). +// +// If not in dev mode - returns the level from the app settings. +// +// If the app is in dev mode it returns -9999 level allowing to print +// practically all logs to the terminal. +// In this case DB logs are still filtered but the checks for the min level are done +// in the BatchOptions.BeforeAddFunc instead of the slog.Handler.Enabled() method. +func getLoggerMinLevel(app App) slog.Level { + var minLevel slog.Level + + if app.IsDev() { + minLevel = -99999 + } else if app.Settings() != nil { + minLevel = slog.Level(app.Settings().Logs.MinLevel) + } + + return minLevel +} + +func (app *BaseApp) initLogger() error { + duration := 3 * time.Second + ticker := time.NewTicker(duration) + done := make(chan bool) + + handler := logger.NewBatchHandler(logger.BatchOptions{ + Level: getLoggerMinLevel(app), + BatchSize: 200, + BeforeAddFunc: func(ctx context.Context, log *logger.Log) bool { + if app.IsDev() { + printLog(log) + + // manually check the log level and skip if necessary + if log.Level < slog.Level(app.Settings().Logs.MinLevel) { + return false + } + } + + ticker.Reset(duration) + + return app.Settings().Logs.MaxDays > 0 + }, + WriteFunc: func(ctx context.Context, logs []*logger.Log) error { + if !app.IsBootstrapped() || app.Settings().Logs.MaxDays == 0 { + return nil + } + + // write the accumulated logs + // (note: based on several local tests there is no significant performance difference between small number of separate write queries vs 1 big INSERT) + app.AuxRunInTransaction(func(txApp App) error { + model := &Log{} + for _, l := range logs { + model.MarkAsNew() + model.Id = GenerateDefaultRandomId() + model.Level = int(l.Level) + model.Message = l.Message + model.Data = l.Data + model.Created, _ = types.ParseDateTime(l.Time) + + if err := txApp.AuxSave(model); err != nil { + log.Println("Failed to write log", model, err) + } + } + + return nil + }) + + return nil + }, + }) + + go func() { + ctx := context.Background() + + for { + select { + case <-done: + return + case <-ticker.C: + handler.WriteAll(ctx) + } + } + }() + + app.logger = slog.New(handler) + + // write all remaining logs before ticker.Stop to avoid races with ResetBootstrap user calls + app.OnTerminate().Bind(&hook.Handler[*TerminateEvent]{ + Id: "__pbAppLoggerOnTerminate__", + Func: func(e *TerminateEvent) error { + handler.WriteAll(context.Background()) + + ticker.Stop() + + done <- true + + return e.Next() + }, + Priority: -999, + }) + + // reload log handler level (if initialized) + app.OnSettingsReload().Bind(&hook.Handler[*SettingsReloadEvent]{ + Id: "__pbAppLoggerOnSettingsReload__", + Func: func(e *SettingsReloadEvent) error { + err := e.Next() + if err != nil { + return err + } + + if e.App.Logger() != nil { + if h, ok := e.App.Logger().Handler().(*logger.BatchHandler); ok { + h.SetLevel(getLoggerMinLevel(e.App)) + } + } + + // try to clear old logs not matching the new settings + createdBefore := types.NowDateTime().AddDate(0, 0, -1*e.App.Settings().Logs.MaxDays) + expr := dbx.NewExp("[[created]] <= {:date} OR [[level]] < {:level}", dbx.Params{ + "date": createdBefore.String(), + "level": e.App.Settings().Logs.MinLevel, + }) + _, err = e.App.AuxNonconcurrentDB().Delete((&Log{}).TableName(), expr).Execute() + if err != nil { + e.App.Logger().Debug("Failed to cleanup old logs", "error", err) + } + + // no logs are allowed -> try to reclaim preserved disk space after the previous delete operation + if e.App.Settings().Logs.MaxDays == 0 { + err = e.App.AuxVacuum() + if err != nil { + e.App.Logger().Debug("Failed to VACUUM aux database", "error", err) + } + } + + return nil + }, + Priority: -999, + }) + + // cleanup old logs + app.Cron().Add("__pbLogsCleanup__", "0 */6 * * *", func() { + deleteErr := app.DeleteOldLogs(time.Now().AddDate(0, 0, -1*app.Settings().Logs.MaxDays)) + if deleteErr != nil { + app.Logger().Warn("Failed to delete old logs", "error", deleteErr) + } + }) + + return nil +} diff --git a/core/base_backup.go b/core/base_backup.go new file mode 100644 index 0000000..0c92d7a --- /dev/null +++ b/core/base_backup.go @@ -0,0 +1,389 @@ +package core + +import ( + "context" + "errors" + "fmt" + "io" + "log/slog" + "os" + "path/filepath" + "runtime" + "sort" + "time" + + "github.com/pocketbase/pocketbase/tools/archive" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/osutils" + "github.com/pocketbase/pocketbase/tools/security" +) + +const ( + StoreKeyActiveBackup = "@activeBackup" +) + +// CreateBackup creates a new backup of the current app pb_data directory. +// +// If name is empty, it will be autogenerated. +// If backup with the same name exists, the new backup file will replace it. +// +// The backup is executed within a transaction, meaning that new writes +// will be temporary "blocked" until the backup file is generated. +// +// To safely perform the backup, it is recommended to have free disk space +// for at least 2x the size of the pb_data directory. +// +// By default backups are stored in pb_data/backups +// (the backups directory itself is excluded from the generated backup). +// +// When using S3 storage for the uploaded collection files, you have to +// take care manually to backup those since they are not part of the pb_data. +// +// Backups can be stored on S3 if it is configured in app.Settings().Backups. +func (app *BaseApp) CreateBackup(ctx context.Context, name string) error { + if app.Store().Has(StoreKeyActiveBackup) { + return errors.New("try again later - another backup/restore operation has already been started") + } + + app.Store().Set(StoreKeyActiveBackup, name) + defer app.Store().Remove(StoreKeyActiveBackup) + + event := new(BackupEvent) + event.App = app + event.Context = ctx + event.Name = name + // default root dir entries to exclude from the backup generation + event.Exclude = []string{LocalBackupsDirName, LocalTempDirName, LocalAutocertCacheDirName} + + return app.OnBackupCreate().Trigger(event, func(e *BackupEvent) error { + // generate a default name if missing + if e.Name == "" { + e.Name = generateBackupName(e.App, "pb_backup_") + } + + // make sure that the special temp directory exists + // note: it needs to be inside the current pb_data to avoid "cross-device link" errors + localTempDir := filepath.Join(e.App.DataDir(), LocalTempDirName) + if err := os.MkdirAll(localTempDir, os.ModePerm); err != nil { + return fmt.Errorf("failed to create a temp dir: %w", err) + } + + // archive pb_data in a temp directory, exluding the "backups" and the temp dirs + // + // Run in transaction to temporary block other writes (transactions uses the NonconcurrentDB connection). + // --- + tempPath := filepath.Join(localTempDir, "pb_backup_"+security.PseudorandomString(6)) + createErr := e.App.RunInTransaction(func(txApp App) error { + return txApp.AuxRunInTransaction(func(txApp App) error { + // run manual checkpoint and truncate the WAL files + // (errors are ignored because it is not that important and the PRAGMA may not be supported by the used driver) + txApp.DB().NewQuery("PRAGMA wal_checkpoint(TRUNCATE)").Execute() + txApp.AuxDB().NewQuery("PRAGMA wal_checkpoint(TRUNCATE)").Execute() + + return archive.Create(txApp.DataDir(), tempPath, e.Exclude...) + }) + }) + if createErr != nil { + return createErr + } + defer os.Remove(tempPath) + + // persist the backup in the backups filesystem + // --- + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return err + } + defer fsys.Close() + + fsys.SetContext(e.Context) + + file, err := filesystem.NewFileFromPath(tempPath) + if err != nil { + return err + } + file.OriginalName = e.Name + file.Name = file.OriginalName + + if err := fsys.UploadFile(file, file.Name); err != nil { + return err + } + + return nil + }) +} + +// RestoreBackup restores the backup with the specified name and restarts +// the current running application process. +// +// NB! This feature is experimental and currently is expected to work only on UNIX based systems. +// +// To safely perform the restore it is recommended to have free disk space +// for at least 2x the size of the restored pb_data backup. +// +// The performed steps are: +// +// 1. Download the backup with the specified name in a temp location +// (this is in case of S3; otherwise it creates a temp copy of the zip) +// +// 2. Extract the backup in a temp directory inside the app "pb_data" +// (eg. "pb_data/.pb_temp_to_delete/pb_restore"). +// +// 3. Move the current app "pb_data" content (excluding the local backups and the special temp dir) +// under another temp sub dir that will be deleted on the next app start up +// (eg. "pb_data/.pb_temp_to_delete/old_pb_data"). +// This is because on some environments it may not be allowed +// to delete the currently open "pb_data" files. +// +// 4. Move the extracted dir content to the app "pb_data". +// +// 5. Restart the app (on successful app bootstap it will also remove the old pb_data). +// +// If a failure occure during the restore process the dir changes are reverted. +// If for whatever reason the revert is not possible, it panics. +// +// Note that if your pb_data has custom network mounts as subdirectories, then +// it is possible the restore to fail during the `os.Rename` operations +// (see https://github.com/pocketbase/pocketbase/issues/4647). +func (app *BaseApp) RestoreBackup(ctx context.Context, name string) error { + if app.Store().Has(StoreKeyActiveBackup) { + return errors.New("try again later - another backup/restore operation has already been started") + } + + app.Store().Set(StoreKeyActiveBackup, name) + defer app.Store().Remove(StoreKeyActiveBackup) + + event := new(BackupEvent) + event.App = app + event.Context = ctx + event.Name = name + // default root dir entries to exclude from the backup restore + event.Exclude = []string{LocalBackupsDirName, LocalTempDirName, LocalAutocertCacheDirName} + + return app.OnBackupRestore().Trigger(event, func(e *BackupEvent) error { + if runtime.GOOS == "windows" { + return errors.New("restore is not supported on Windows") + } + + // make sure that the special temp directory exists + // note: it needs to be inside the current pb_data to avoid "cross-device link" errors + localTempDir := filepath.Join(e.App.DataDir(), LocalTempDirName) + if err := os.MkdirAll(localTempDir, os.ModePerm); err != nil { + return fmt.Errorf("failed to create a temp dir: %w", err) + } + + fsys, err := e.App.NewBackupsFilesystem() + if err != nil { + return err + } + defer fsys.Close() + + fsys.SetContext(e.Context) + + if ok, _ := fsys.Exists(name); !ok { + return fmt.Errorf("missing or invalid backup file %q to restore", name) + } + + extractedDataDir := filepath.Join(localTempDir, "pb_restore_"+security.PseudorandomString(8)) + defer os.RemoveAll(extractedDataDir) + + // extract the zip + if e.App.Settings().Backups.S3.Enabled { + br, err := fsys.GetReader(name) + if err != nil { + return err + } + defer br.Close() + + // create a temp zip file from the blob.Reader and try to extract it + tempZip, err := os.CreateTemp(localTempDir, "pb_restore_zip") + if err != nil { + return err + } + defer os.Remove(tempZip.Name()) + defer tempZip.Close() // note: this technically shouldn't be necessary but it is here to workaround platforms discrepancies + + _, err = io.Copy(tempZip, br) + if err != nil { + return err + } + + err = archive.Extract(tempZip.Name(), extractedDataDir) + if err != nil { + return err + } + + // remove the temp zip file since we no longer need it + // (this is in case the app restarts and the defer calls are not called) + _ = tempZip.Close() + err = os.Remove(tempZip.Name()) + if err != nil { + e.App.Logger().Warn( + "[RestoreBackup] Failed to remove the temp zip backup file", + slog.String("file", tempZip.Name()), + slog.String("error", err.Error()), + ) + } + } else { + // manually construct the local path to avoid creating a copy of the zip file + // since the blob reader currently doesn't implement ReaderAt + zipPath := filepath.Join(app.DataDir(), LocalBackupsDirName, filepath.Base(name)) + + err = archive.Extract(zipPath, extractedDataDir) + if err != nil { + return err + } + } + + // ensure that at least a database file exists + extractedDB := filepath.Join(extractedDataDir, "data.db") + if _, err := os.Stat(extractedDB); err != nil { + return fmt.Errorf("data.db file is missing or invalid: %w", err) + } + + // move the current pb_data content to a special temp location + // that will hold the old data between dirs replace + // (the temp dir will be automatically removed on the next app start) + oldTempDataDir := filepath.Join(localTempDir, "old_pb_data_"+security.PseudorandomString(8)) + if err := osutils.MoveDirContent(e.App.DataDir(), oldTempDataDir, e.Exclude...); err != nil { + return fmt.Errorf("failed to move the current pb_data content to a temp location: %w", err) + } + + // move the extracted archive content to the app's pb_data + if err := osutils.MoveDirContent(extractedDataDir, e.App.DataDir(), e.Exclude...); err != nil { + return fmt.Errorf("failed to move the extracted archive content to pb_data: %w", err) + } + + revertDataDirChanges := func() error { + if err := osutils.MoveDirContent(e.App.DataDir(), extractedDataDir, e.Exclude...); err != nil { + return fmt.Errorf("failed to revert the extracted dir change: %w", err) + } + + if err := osutils.MoveDirContent(oldTempDataDir, e.App.DataDir(), e.Exclude...); err != nil { + return fmt.Errorf("failed to revert old pb_data dir change: %w", err) + } + + return nil + } + + // restart the app + if err := e.App.Restart(); err != nil { + if revertErr := revertDataDirChanges(); revertErr != nil { + panic(revertErr) + } + + return fmt.Errorf("failed to restart the app process: %w", err) + } + + return nil + }) +} + +// registerAutobackupHooks registers the autobackup app serve hooks. +func (app *BaseApp) registerAutobackupHooks() { + const jobId = "__pbAutoBackup__" + + loadJob := func() { + rawSchedule := app.Settings().Backups.Cron + if rawSchedule == "" { + app.Cron().Remove(jobId) + return + } + + app.Cron().Add(jobId, rawSchedule, func() { + const autoPrefix = "@auto_pb_backup_" + + name := generateBackupName(app, autoPrefix) + + if err := app.CreateBackup(context.Background(), name); err != nil { + app.Logger().Error( + "[Backup cron] Failed to create backup", + slog.String("name", name), + slog.String("error", err.Error()), + ) + } + + maxKeep := app.Settings().Backups.CronMaxKeep + + if maxKeep == 0 { + return // no explicit limit + } + + fsys, err := app.NewBackupsFilesystem() + if err != nil { + app.Logger().Error( + "[Backup cron] Failed to initialize the backup filesystem", + slog.String("error", err.Error()), + ) + return + } + defer fsys.Close() + + files, err := fsys.List(autoPrefix) + if err != nil { + app.Logger().Error( + "[Backup cron] Failed to list autogenerated backups", + slog.String("error", err.Error()), + ) + return + } + + if maxKeep >= len(files) { + return // nothing to remove + } + + // sort desc + sort.Slice(files, func(i, j int) bool { + return files[i].ModTime.After(files[j].ModTime) + }) + + // keep only the most recent n auto backup files + toRemove := files[maxKeep:] + + for _, f := range toRemove { + if err := fsys.Delete(f.Key); err != nil { + app.Logger().Error( + "[Backup cron] Failed to remove old autogenerated backup", + slog.String("key", f.Key), + slog.String("error", err.Error()), + ) + } + } + }) + } + + app.OnBootstrap().BindFunc(func(e *BootstrapEvent) error { + if err := e.Next(); err != nil { + return err + } + + loadJob() + + return nil + }) + + app.OnSettingsReload().BindFunc(func(e *SettingsReloadEvent) error { + if err := e.Next(); err != nil { + return err + } + + loadJob() + + return nil + }) +} + +func generateBackupName(app App, prefix string) string { + appName := inflector.Snakecase(app.Settings().Meta.AppName) + if len(appName) > 50 { + appName = appName[:50] + } + + return fmt.Sprintf( + "%s%s_%s.zip", + prefix, + appName, + time.Now().UTC().Format("20060102150405"), + ) +} diff --git a/core/base_backup_test.go b/core/base_backup_test.go new file mode 100644 index 0000000..47d00e3 --- /dev/null +++ b/core/base_backup_test.go @@ -0,0 +1,164 @@ +package core_test + +import ( + "context" + "fmt" + "io/fs" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/archive" + "github.com/pocketbase/pocketbase/tools/list" +) + +func TestCreateBackup(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // set some long app name with spaces and special characters + app.Settings().Meta.AppName = "test @! " + strings.Repeat("a", 100) + + expectedAppNamePrefix := "test_" + strings.Repeat("a", 45) + + // test pending error + app.Store().Set(core.StoreKeyActiveBackup, "") + if err := app.CreateBackup(context.Background(), "test.zip"); err == nil { + t.Fatal("Expected pending error, got nil") + } + app.Store().Remove(core.StoreKeyActiveBackup) + + // create with auto generated name + if err := app.CreateBackup(context.Background(), ""); err != nil { + t.Fatal("Failed to create a backup with autogenerated name") + } + + // create with custom name + if err := app.CreateBackup(context.Background(), "custom"); err != nil { + t.Fatal("Failed to create a backup with custom name") + } + + // create new with the same name (aka. replace) + if err := app.CreateBackup(context.Background(), "custom"); err != nil { + t.Fatal("Failed to create and replace a backup with the same name") + } + + backupsDir := filepath.Join(app.DataDir(), core.LocalBackupsDirName) + + entries, err := os.ReadDir(backupsDir) + if err != nil { + t.Fatal(err) + } + + expectedFiles := []string{ + `^pb_backup_` + expectedAppNamePrefix + `_\w+\.zip$`, + `^pb_backup_` + expectedAppNamePrefix + `_\w+\.zip.attrs$`, + "custom", + "custom.attrs", + } + + if len(entries) != len(expectedFiles) { + names := getEntryNames(entries) + t.Fatalf("Expected %d backup files, got %d: \n%v", len(expectedFiles), len(entries), names) + } + + for i, entry := range entries { + if !list.ExistInSliceWithRegex(entry.Name(), expectedFiles) { + t.Fatalf("[%d] Missing backup file %q", i, entry.Name()) + } + + if strings.HasSuffix(entry.Name(), ".attrs") { + continue + } + + path := filepath.Join(backupsDir, entry.Name()) + + if err := verifyBackupContent(app, path); err != nil { + t.Fatalf("[%d] Failed to verify backup content: %v", i, err) + } + } +} + +func TestRestoreBackup(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // create a initial test backup to ensure that there are at least 1 + // backup file and that the generated zip doesn't contain the backups dir + if err := app.CreateBackup(context.Background(), "initial"); err != nil { + t.Fatal("Failed to create test initial backup") + } + + // create test backup + if err := app.CreateBackup(context.Background(), "test"); err != nil { + t.Fatal("Failed to create test backup") + } + + // test pending error + app.Store().Set(core.StoreKeyActiveBackup, "") + if err := app.RestoreBackup(context.Background(), "test"); err == nil { + t.Fatal("Expected pending error, got nil") + } + app.Store().Remove(core.StoreKeyActiveBackup) + + // missing backup + if err := app.RestoreBackup(context.Background(), "missing"); err == nil { + t.Fatal("Expected missing error, got nil") + } +} + +// ------------------------------------------------------------------- + +func verifyBackupContent(app core.App, path string) error { + dir, err := os.MkdirTemp("", "backup_test") + if err != nil { + return err + } + defer os.RemoveAll(dir) + + if err := archive.Extract(path, dir); err != nil { + return err + } + + expectedRootEntries := []string{ + "storage", + "data.db", + "data.db-shm", + "data.db-wal", + "auxiliary.db", + "auxiliary.db-shm", + "auxiliary.db-wal", + ".gitignore", + } + + entries, err := os.ReadDir(dir) + if err != nil { + return err + } + + if len(entries) != len(expectedRootEntries) { + names := getEntryNames(entries) + return fmt.Errorf("Expected %d backup files, got %d: \n%v", len(expectedRootEntries), len(entries), names) + } + + for _, entry := range entries { + if !list.ExistInSliceWithRegex(entry.Name(), expectedRootEntries) { + return fmt.Errorf("Didn't expect %q entry", entry.Name()) + } + } + + return nil +} + +func getEntryNames(entries []fs.DirEntry) []string { + names := make([]string, len(entries)) + + for i, entry := range entries { + names[i] = entry.Name() + } + + return names +} diff --git a/core/base_test.go b/core/base_test.go new file mode 100644 index 0000000..b9b4353 --- /dev/null +++ b/core/base_test.go @@ -0,0 +1,554 @@ +package core_test + +import ( + "context" + "database/sql" + "log/slog" + "os" + "slices" + "testing" + "time" + + _ "unsafe" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/logger" + "github.com/pocketbase/pocketbase/tools/mailer" +) + +func TestNewBaseApp(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + EncryptionEnv: "test_env", + IsDev: true, + }) + + if app.DataDir() != testDataDir { + t.Fatalf("expected DataDir %q, got %q", testDataDir, app.DataDir()) + } + + if app.EncryptionEnv() != "test_env" { + t.Fatalf("expected EncryptionEnv test_env, got %q", app.EncryptionEnv()) + } + + if !app.IsDev() { + t.Fatalf("expected IsDev true, got %v", app.IsDev()) + } + + if app.Store() == nil { + t.Fatal("expected Store to be set, got nil") + } + + if app.Settings() == nil { + t.Fatal("expected Settings to be set, got nil") + } + + if app.SubscriptionsBroker() == nil { + t.Fatal("expected SubscriptionsBroker to be set, got nil") + } + + if app.Cron() == nil { + t.Fatal("expected Cron to be set, got nil") + } +} + +func TestBaseAppBootstrap(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + }) + defer app.ResetBootstrapState() + + if app.IsBootstrapped() { + t.Fatal("Didn't expect the application to be bootstrapped.") + } + + if err := app.Bootstrap(); err != nil { + t.Fatal(err) + } + + if !app.IsBootstrapped() { + t.Fatal("Expected the application to be bootstrapped.") + } + + if stat, err := os.Stat(testDataDir); err != nil || !stat.IsDir() { + t.Fatal("Expected test data directory to be created.") + } + + type nilCheck struct { + name string + value any + expectNil bool + } + + runNilChecks := func(checks []nilCheck) { + for _, check := range checks { + t.Run(check.name, func(t *testing.T) { + isNil := check.value == nil + if isNil != check.expectNil { + t.Fatalf("Expected isNil %v, got %v", check.expectNil, isNil) + } + }) + } + } + + nilChecksBeforeReset := []nilCheck{ + {"[before] db", app.DB(), false}, + {"[before] concurrentDB", app.ConcurrentDB(), false}, + {"[before] nonconcurrentDB", app.NonconcurrentDB(), false}, + {"[before] auxDB", app.AuxDB(), false}, + {"[before] auxConcurrentDB", app.AuxConcurrentDB(), false}, + {"[before] auxNonconcurrentDB", app.AuxNonconcurrentDB(), false}, + {"[before] settings", app.Settings(), false}, + {"[before] logger", app.Logger(), false}, + {"[before] cached collections", app.Store().Get(core.StoreKeyCachedCollections), false}, + } + + runNilChecks(nilChecksBeforeReset) + + // reset + if err := app.ResetBootstrapState(); err != nil { + t.Fatal(err) + } + + nilChecksAfterReset := []nilCheck{ + {"[after] db", app.DB(), true}, + {"[after] concurrentDB", app.ConcurrentDB(), true}, + {"[after] nonconcurrentDB", app.NonconcurrentDB(), true}, + {"[after] auxDB", app.AuxDB(), true}, + {"[after] auxConcurrentDB", app.AuxConcurrentDB(), true}, + {"[after] auxNonconcurrentDB", app.AuxNonconcurrentDB(), true}, + {"[after] settings", app.Settings(), false}, + {"[after] logger", app.Logger(), false}, + {"[after] cached collections", app.Store().Get(core.StoreKeyCachedCollections), false}, + } + + runNilChecks(nilChecksAfterReset) +} + +func TestNewBaseAppTx(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + }) + defer app.ResetBootstrapState() + + if err := app.Bootstrap(); err != nil { + t.Fatal(err) + } + + mustNotHaveTx := func(app core.App) { + if app.IsTransactional() { + t.Fatalf("Didn't expect the app to be transactional") + } + + if app.TxInfo() != nil { + t.Fatalf("Didn't expect the app.txInfo to be loaded") + } + } + + mustHaveTx := func(app core.App) { + if !app.IsTransactional() { + t.Fatalf("Expected the app to be transactional") + } + + if app.TxInfo() == nil { + t.Fatalf("Expected the app.txInfo to be loaded") + } + } + + mustNotHaveTx(app) + + app.RunInTransaction(func(txApp core.App) error { + mustHaveTx(txApp) + return nil + }) + + mustNotHaveTx(app) +} + +func TestBaseAppNewMailClient(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + EncryptionEnv: "pb_test_env", + }) + defer app.ResetBootstrapState() + + client1 := app.NewMailClient() + m1, ok := client1.(*mailer.Sendmail) + if !ok { + t.Fatalf("Expected mailer.Sendmail instance, got %v", m1) + } + if m1.OnSend() == nil || m1.OnSend().Length() == 0 { + t.Fatal("Expected OnSend hook to be registered") + } + + app.Settings().SMTP.Enabled = true + + client2 := app.NewMailClient() + m2, ok := client2.(*mailer.SMTPClient) + if !ok { + t.Fatalf("Expected mailer.SMTPClient instance, got %v", m2) + } + if m2.OnSend() == nil || m2.OnSend().Length() == 0 { + t.Fatal("Expected OnSend hook to be registered") + } +} + +func TestBaseAppNewFilesystem(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + }) + defer app.ResetBootstrapState() + + // local + local, localErr := app.NewFilesystem() + if localErr != nil { + t.Fatal(localErr) + } + if local == nil { + t.Fatal("Expected local filesystem instance, got nil") + } + + // misconfigured s3 + app.Settings().S3.Enabled = true + s3, s3Err := app.NewFilesystem() + if s3Err == nil { + t.Fatal("Expected S3 error, got nil") + } + if s3 != nil { + t.Fatalf("Expected nil s3 filesystem, got %v", s3) + } +} + +func TestBaseAppNewBackupsFilesystem(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + }) + defer app.ResetBootstrapState() + + // local + local, localErr := app.NewBackupsFilesystem() + if localErr != nil { + t.Fatal(localErr) + } + if local == nil { + t.Fatal("Expected local backups filesystem instance, got nil") + } + + // misconfigured s3 + app.Settings().Backups.S3.Enabled = true + s3, s3Err := app.NewBackupsFilesystem() + if s3Err == nil { + t.Fatal("Expected S3 error, got nil") + } + if s3 != nil { + t.Fatalf("Expected nil s3 backups filesystem, got %v", s3) + } +} + +func TestBaseAppLoggerWrites(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // reset + if err := app.DeleteOldLogs(time.Now()); err != nil { + t.Fatal(err) + } + + const logsThreshold = 200 + + totalLogs := func(app core.App, t *testing.T) int { + var total int + + err := app.LogQuery().Select("count(*)").Row(&total) + if err != nil { + t.Fatalf("Failed to fetch total logs: %v", err) + } + + return total + } + + t.Run("disabled logs retention", func(t *testing.T) { + app.Settings().Logs.MaxDays = 0 + + for i := 0; i < logsThreshold+1; i++ { + app.Logger().Error("test") + } + + if total := totalLogs(app, t); total != 0 { + t.Fatalf("Expected no logs, got %d", total) + } + }) + + t.Run("test batch logs writes", func(t *testing.T) { + app.Settings().Logs.MaxDays = 1 + + for i := 0; i < logsThreshold-1; i++ { + app.Logger().Error("test") + } + + if total := totalLogs(app, t); total != 0 { + t.Fatalf("Expected no logs, got %d", total) + } + + // should trigger batch write + app.Logger().Error("test") + + // should be added for the next batch write + app.Logger().Error("test") + + if total := totalLogs(app, t); total != logsThreshold { + t.Fatalf("Expected %d logs, got %d", logsThreshold, total) + } + + // wait for ~3 secs to check the timer trigger + time.Sleep(3200 * time.Millisecond) + if total := totalLogs(app, t); total != logsThreshold+1 { + t.Fatalf("Expected %d logs, got %d", logsThreshold+1, total) + } + }) +} + +func TestBaseAppRefreshSettingsLoggerMinLevelEnabled(t *testing.T) { + scenarios := []struct { + name string + isDev bool + level int + // level->enabled map + expectations map[int]bool + }{ + { + "dev mode", + true, + 4, + map[int]bool{ + 3: true, + 4: true, + 5: true, + }, + }, + { + "nondev mode", + false, + 4, + map[int]bool{ + 3: false, + 4: true, + 5: true, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := core.NewBaseApp(core.BaseAppConfig{ + DataDir: testDataDir, + IsDev: s.isDev, + }) + defer app.ResetBootstrapState() + + if err := app.Bootstrap(); err != nil { + t.Fatal(err) + } + + // silence query logs + app.ConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {} + app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {} + app.NonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {} + app.NonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {} + + handler, ok := app.Logger().Handler().(*logger.BatchHandler) + if !ok { + t.Fatalf("Expected BatchHandler, got %v", app.Logger().Handler()) + } + + app.Settings().Logs.MinLevel = s.level + + if err := app.Save(app.Settings()); err != nil { + t.Fatalf("Failed to save settings: %v", err) + } + + for level, enabled := range s.expectations { + if v := handler.Enabled(context.Background(), slog.Level(level)); v != enabled { + t.Fatalf("Expected level %d Enabled() to be %v, got %v", level, enabled, v) + } + } + }) + } +} + +func TestBaseAppDBDualBuilder(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + concurrentQueries := []string{} + nonconcurrentQueries := []string{} + app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + concurrentQueries = append(concurrentQueries, sql) + } + app.ConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + concurrentQueries = append(concurrentQueries, sql) + } + app.NonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + nonconcurrentQueries = append(nonconcurrentQueries, sql) + } + app.NonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + nonconcurrentQueries = append(nonconcurrentQueries, sql) + } + + type testQuery struct { + query string + isConcurrent bool + } + + regularTests := []testQuery{ + {" \n sEleCt 1", true}, + {"With abc(x) AS (select 2) SELECT x FROM abc", true}, + {"create table t1(x int)", false}, + {"insert into t1(x) values(1)", false}, + {"update t1 set x = 2", false}, + {"delete from t1", false}, + } + + txTests := []testQuery{ + {"select 3", false}, + {" \n WITH abc(x) AS (select 4) SELECT x FROM abc", false}, + {"create table t2(x int)", false}, + {"insert into t2(x) values(1)", false}, + {"update t2 set x = 2", false}, + {"delete from t2", false}, + } + + for _, item := range regularTests { + _, err := app.DB().NewQuery(item.query).Execute() + if err != nil { + t.Fatalf("Failed to execute query %q error: %v", item.query, err) + } + } + + app.RunInTransaction(func(txApp core.App) error { + for _, item := range txTests { + _, err := txApp.DB().NewQuery(item.query).Execute() + if err != nil { + t.Fatalf("Failed to execute query %q error: %v", item.query, err) + } + } + + return nil + }) + + allTests := append(regularTests, txTests...) + for _, item := range allTests { + if item.isConcurrent { + if !slices.Contains(concurrentQueries, item.query) { + t.Fatalf("Expected concurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries) + } + } else { + if !slices.Contains(nonconcurrentQueries, item.query) { + t.Fatalf("Expected nonconcurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries) + } + } + } +} + +func TestBaseAppAuxDBDualBuilder(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + concurrentQueries := []string{} + nonconcurrentQueries := []string{} + app.AuxConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + concurrentQueries = append(concurrentQueries, sql) + } + app.AuxConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + concurrentQueries = append(concurrentQueries, sql) + } + app.AuxNonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + nonconcurrentQueries = append(nonconcurrentQueries, sql) + } + app.AuxNonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + nonconcurrentQueries = append(nonconcurrentQueries, sql) + } + + type testQuery struct { + query string + isConcurrent bool + } + + regularTests := []testQuery{ + {" \n sEleCt 1", true}, + {"With abc(x) AS (select 2) SELECT x FROM abc", true}, + {"create table t1(x int)", false}, + {"insert into t1(x) values(1)", false}, + {"update t1 set x = 2", false}, + {"delete from t1", false}, + } + + txTests := []testQuery{ + {"select 3", false}, + {" \n WITH abc(x) AS (select 4) SELECT x FROM abc", false}, + {"create table t2(x int)", false}, + {"insert into t2(x) values(1)", false}, + {"update t2 set x = 2", false}, + {"delete from t2", false}, + } + + for _, item := range regularTests { + _, err := app.AuxDB().NewQuery(item.query).Execute() + if err != nil { + t.Fatalf("Failed to execute query %q error: %v", item.query, err) + } + } + + app.AuxRunInTransaction(func(txApp core.App) error { + for _, item := range txTests { + _, err := txApp.AuxDB().NewQuery(item.query).Execute() + if err != nil { + t.Fatalf("Failed to execute query %q error: %v", item.query, err) + } + } + + return nil + }) + + allTests := append(regularTests, txTests...) + for _, item := range allTests { + if item.isConcurrent { + if !slices.Contains(concurrentQueries, item.query) { + t.Fatalf("Expected concurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries) + } + } else { + if !slices.Contains(nonconcurrentQueries, item.query) { + t.Fatalf("Expected nonconcurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries) + } + } + } +} diff --git a/core/collection_import.go b/core/collection_import.go new file mode 100644 index 0000000..7119cc4 --- /dev/null +++ b/core/collection_import.go @@ -0,0 +1,200 @@ +package core + +import ( + "cmp" + "context" + "database/sql" + "encoding/json" + "errors" + "fmt" + "slices" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/spf13/cast" +) + +// ImportCollectionsByMarshaledJSON is the same as [ImportCollections] +// but accept marshaled json array as import data (usually used for the autogenerated snapshots). +func (app *BaseApp) ImportCollectionsByMarshaledJSON(rawSliceOfMaps []byte, deleteMissing bool) error { + data := []map[string]any{} + + err := json.Unmarshal(rawSliceOfMaps, &data) + if err != nil { + return err + } + + return app.ImportCollections(data, deleteMissing) +} + +// ImportCollections imports the provided collections data in a single transaction. +// +// For existing matching collections, the imported data is unmarshaled on top of the existing model. +// +// NB! If deleteMissing is true, ALL NON-SYSTEM COLLECTIONS AND SCHEMA FIELDS, +// that are not present in the imported configuration, WILL BE DELETED +// (this includes their related records data). +func (app *BaseApp) ImportCollections(toImport []map[string]any, deleteMissing bool) error { + if len(toImport) == 0 { + // prevent accidentally deleting all collections + return errors.New("no collections to import") + } + + importedCollections := make([]*Collection, len(toImport)) + mappedImported := make(map[string]*Collection, len(toImport)) + + // normalize imported collections data to ensure that all + // collection fields are present and properly initialized + for i, data := range toImport { + var imported *Collection + + identifier := cast.ToString(data["id"]) + if identifier == "" { + identifier = cast.ToString(data["name"]) + } + + existing, err := app.FindCollectionByNameOrId(identifier) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return err + } + + if existing != nil { + // refetch for deep copy + imported, err = app.FindCollectionByNameOrId(existing.Id) + if err != nil { + return err + } + + // ensure that the fields will be cleared + if data["fields"] == nil && deleteMissing { + data["fields"] = []map[string]any{} + } + + rawData, err := json.Marshal(data) + if err != nil { + return err + } + + // load the imported data + err = json.Unmarshal(rawData, imported) + if err != nil { + return err + } + + // extend with the existing fields if necessary + for _, f := range existing.Fields { + if !f.GetSystem() && deleteMissing { + continue + } + if imported.Fields.GetById(f.GetId()) == nil { + // replace with the existing id to prevent accidental column deletion + // since otherwise the imported field will be treated as a new one + found := imported.Fields.GetByName(f.GetName()) + if found != nil && found.Type() == f.Type() { + found.SetId(f.GetId()) + } + imported.Fields.Add(f) + } + } + } else { + imported = &Collection{} + + rawData, err := json.Marshal(data) + if err != nil { + return err + } + + // load the imported data + err = json.Unmarshal(rawData, imported) + if err != nil { + return err + } + } + + imported.IntegrityChecks(false) + + importedCollections[i] = imported + mappedImported[imported.Id] = imported + } + + // reorder views last since the view query could depend on some of the other collections + slices.SortStableFunc(importedCollections, func(a, b *Collection) int { + cmpA := -1 + if a.IsView() { + cmpA = 1 + } + + cmpB := -1 + if b.IsView() { + cmpB = 1 + } + + res := cmp.Compare(cmpA, cmpB) + if res == 0 { + res = a.Created.Compare(b.Created) + if res == 0 { + res = a.Updated.Compare(b.Updated) + } + } + return res + }) + + return app.RunInTransaction(func(txApp App) error { + existingCollections := []*Collection{} + if err := txApp.CollectionQuery().OrderBy("updated ASC").All(&existingCollections); err != nil { + return err + } + mappedExisting := make(map[string]*Collection, len(existingCollections)) + for _, existing := range existingCollections { + existing.IntegrityChecks(false) + mappedExisting[existing.Id] = existing + } + + // delete old collections not available in the new configuration + // (before saving the imports in case a deleted collection name is being reused) + if deleteMissing { + for _, existing := range existingCollections { + if mappedImported[existing.Id] != nil || existing.System { + continue // exist or system + } + + // delete collection + if err := txApp.Delete(existing); err != nil { + return err + } + } + } + + // upsert imported collections + for _, imported := range importedCollections { + if err := txApp.SaveNoValidate(imported); err != nil { + return fmt.Errorf("failed to save collection %q: %w", imported.Name, err) + } + } + + // run validations + for _, imported := range importedCollections { + original := mappedExisting[imported.Id] + if original == nil { + original = imported + } + + validator := newCollectionValidator( + context.Background(), + txApp, + imported, + original, + ) + if err := validator.run(); err != nil { + // serialize the validation error(s) + serializedErr, _ := json.MarshalIndent(err, "", " ") + + return validation.Errors{"collections": validation.NewError( + "validation_collections_import_failure", + fmt.Sprintf("Data validations failed for collection %q (%s):\n%s", imported.Name, imported.Id, serializedErr), + )} + } + } + + return nil + }) +} diff --git a/core/collection_import_test.go b/core/collection_import_test.go new file mode 100644 index 0000000..74df2f6 --- /dev/null +++ b/core/collection_import_test.go @@ -0,0 +1,476 @@ +package core_test + +import ( + "encoding/json" + "strings" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestImportCollections(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + var regularCollections []*core.Collection + err := testApp.CollectionQuery().AndWhere(dbx.HashExp{"system": false}).All(®ularCollections) + if err != nil { + t.Fatal(err) + } + + var systemCollections []*core.Collection + err = testApp.CollectionQuery().AndWhere(dbx.HashExp{"system": true}).All(&systemCollections) + if err != nil { + t.Fatal(err) + } + + totalRegularCollections := len(regularCollections) + totalSystemCollections := len(systemCollections) + totalCollections := totalRegularCollections + totalSystemCollections + + scenarios := []struct { + name string + data []map[string]any + deleteMissing bool + expectError bool + expectCollectionsCount int + afterTestFunc func(testApp *tests.TestApp, resultCollections []*core.Collection) + }{ + { + name: "empty collections", + data: []map[string]any{}, + expectError: true, + expectCollectionsCount: totalCollections, + }, + { + name: "minimal collection import (with missing system fields)", + data: []map[string]any{ + {"name": "import_test1", "type": "auth"}, + { + "name": "import_test2", "fields": []map[string]any{ + {"name": "test", "type": "text"}, + }, + }, + }, + deleteMissing: false, + expectError: false, + expectCollectionsCount: totalCollections + 2, + }, + { + name: "minimal collection import (trigger collection model validations)", + data: []map[string]any{ + {"name": ""}, + { + "name": "import_test2", "fields": []map[string]any{ + {"name": "test", "type": "text"}, + }, + }, + }, + deleteMissing: false, + expectError: true, + expectCollectionsCount: totalCollections, + }, + { + name: "minimal collection import (trigger field settings validation)", + data: []map[string]any{ + {"name": "import_test", "fields": []map[string]any{{"name": "test", "type": "text", "min": -1}}}, + }, + deleteMissing: false, + expectError: true, + expectCollectionsCount: totalCollections, + }, + { + name: "new + update + delete (system collections delete should be ignored)", + data: []map[string]any{ + { + "id": "wsmn24bux7wo113", + "name": "demo", + "fields": []map[string]any{ + { + "id": "_2hlxbmp", + "name": "title", + "type": "text", + "system": false, + "required": true, + "min": 3, + "max": nil, + "pattern": "", + }, + }, + "indexes": []string{}, + }, + { + "name": "import1", + "fields": []map[string]any{ + { + "name": "active", + "type": "bool", + }, + }, + }, + }, + deleteMissing: true, + expectError: false, + expectCollectionsCount: totalSystemCollections + 2, + }, + { + name: "test with deleteMissing: false", + data: []map[string]any{ + { + // "id": "wsmn24bux7wo113", // test update with only name as identifier + "name": "demo1", + "fields": []map[string]any{ + { + "id": "_2hlxbmp", + "name": "title", + "type": "text", + "system": false, + "required": true, + "min": 3, + "max": nil, + "pattern": "", + }, + { + "id": "_2hlxbmp", + "name": "field_with_duplicate_id", + "type": "text", + "system": false, + "required": true, + "unique": false, + "min": 4, + "max": nil, + "pattern": "", + }, + { + "id": "abcd_import", + "name": "new_field", + "type": "text", + }, + }, + }, + { + "name": "new_import", + "fields": []map[string]any{ + { + "id": "abcd_import", + "name": "active", + "type": "bool", + }, + }, + }, + }, + deleteMissing: false, + expectError: false, + expectCollectionsCount: totalCollections + 1, + afterTestFunc: func(testApp *tests.TestApp, resultCollections []*core.Collection) { + expectedCollectionFields := map[string]int{ + core.CollectionNameAuthOrigins: 6, + "nologin": 10, + "demo1": 19, + "demo2": 5, + "demo3": 5, + "demo4": 16, + "demo5": 9, + "new_import": 2, + } + for name, expectedCount := range expectedCollectionFields { + collection, err := testApp.FindCollectionByNameOrId(name) + if err != nil { + t.Fatal(err) + } + + if totalFields := len(collection.Fields); totalFields != expectedCount { + t.Errorf("Expected %d %q fields, got %d", expectedCount, collection.Name, totalFields) + } + } + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + err := testApp.ImportCollections(s.data, s.deleteMissing) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + // check collections count + collections := []*core.Collection{} + if err := testApp.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + if len(collections) != s.expectCollectionsCount { + t.Fatalf("Expected %d collections, got %d", s.expectCollectionsCount, len(collections)) + } + + if s.afterTestFunc != nil { + s.afterTestFunc(testApp, collections) + } + }) + } +} + +func TestImportCollectionsByMarshaledJSON(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + var regularCollections []*core.Collection + err := testApp.CollectionQuery().AndWhere(dbx.HashExp{"system": false}).All(®ularCollections) + if err != nil { + t.Fatal(err) + } + + var systemCollections []*core.Collection + err = testApp.CollectionQuery().AndWhere(dbx.HashExp{"system": true}).All(&systemCollections) + if err != nil { + t.Fatal(err) + } + + totalRegularCollections := len(regularCollections) + totalSystemCollections := len(systemCollections) + totalCollections := totalRegularCollections + totalSystemCollections + + scenarios := []struct { + name string + data string + deleteMissing bool + expectError bool + expectCollectionsCount int + afterTestFunc func(testApp *tests.TestApp, resultCollections []*core.Collection) + }{ + { + name: "invalid json array", + data: `{"test":123}`, + expectError: true, + expectCollectionsCount: totalCollections, + }, + { + name: "new + update + delete (system collections delete should be ignored)", + data: `[ + { + "id": "wsmn24bux7wo113", + "name": "demo", + "fields": [ + { + "id": "_2hlxbmp", + "name": "title", + "type": "text", + "system": false, + "required": true, + "min": 3, + "max": null, + "pattern": "" + } + ], + "indexes": [] + }, + { + "name": "import1", + "fields": [ + { + "name": "active", + "type": "bool" + } + ] + } + ]`, + deleteMissing: true, + expectError: false, + expectCollectionsCount: totalSystemCollections + 2, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + err := testApp.ImportCollectionsByMarshaledJSON([]byte(s.data), s.deleteMissing) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + // check collections count + collections := []*core.Collection{} + if err := testApp.CollectionQuery().All(&collections); err != nil { + t.Fatal(err) + } + if len(collections) != s.expectCollectionsCount { + t.Fatalf("Expected %d collections, got %d", s.expectCollectionsCount, len(collections)) + } + + if s.afterTestFunc != nil { + s.afterTestFunc(testApp, collections) + } + }) + } +} + +func TestImportCollectionsUpdateRules(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + data map[string]any + deleteMissing bool + }{ + { + "extend existing by name (without deleteMissing)", + map[string]any{"name": "clients", "authToken": map[string]any{"duration": 100}, "fields": []map[string]any{{"name": "test", "type": "text"}}}, + false, + }, + { + "extend existing by id (without deleteMissing)", + map[string]any{"id": "v851q4r790rhknl", "authToken": map[string]any{"duration": 100}, "fields": []map[string]any{{"name": "test", "type": "text"}}}, + false, + }, + { + "extend with delete missing", + map[string]any{ + "id": "v851q4r790rhknl", + "authToken": map[string]any{"duration": 100}, + "fields": []map[string]any{{"name": "test", "type": "text"}}, + "passwordAuth": map[string]any{"identityFields": []string{"email"}}, + "indexes": []string{ + // min required system fields indexes + "CREATE UNIQUE INDEX `_v851q4r790rhknl_email_idx` ON `clients` (email) WHERE email != ''", + "CREATE UNIQUE INDEX `_v851q4r790rhknl_tokenKey_idx` ON `clients` (tokenKey)", + }, + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + beforeCollection, err := testApp.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + err = testApp.ImportCollections([]map[string]any{s.data}, s.deleteMissing) + if err != nil { + t.Fatal(err) + } + + afterCollection, err := testApp.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + if afterCollection.AuthToken.Duration != 100 { + t.Fatalf("Expected AuthToken duration to be %d, got %d", 100, afterCollection.AuthToken.Duration) + } + if beforeCollection.AuthToken.Secret != afterCollection.AuthToken.Secret { + t.Fatalf("Expected AuthToken secrets to remain the same, got\n%q\nVS\n%q", beforeCollection.AuthToken.Secret, afterCollection.AuthToken.Secret) + } + if beforeCollection.Name != afterCollection.Name { + t.Fatalf("Expected Name to remain the same, got\n%q\nVS\n%q", beforeCollection.Name, afterCollection.Name) + } + if beforeCollection.Id != afterCollection.Id { + t.Fatalf("Expected Id to remain the same, got\n%q\nVS\n%q", beforeCollection.Id, afterCollection.Id) + } + + if !s.deleteMissing { + totalExpectedFields := len(beforeCollection.Fields) + 1 + if v := len(afterCollection.Fields); v != totalExpectedFields { + t.Fatalf("Expected %d total fields, got %d", totalExpectedFields, v) + } + + if afterCollection.Fields.GetByName("test") == nil { + t.Fatalf("Missing new field %q", "test") + } + + // ensure that the old fields still exist + oldFields := beforeCollection.Fields.FieldNames() + for _, name := range oldFields { + if afterCollection.Fields.GetByName(name) == nil { + t.Fatalf("Missing expected old field %q", name) + } + } + } else { + totalExpectedFields := 1 + for _, f := range beforeCollection.Fields { + if f.GetSystem() { + totalExpectedFields++ + } + } + + if v := len(afterCollection.Fields); v != totalExpectedFields { + t.Fatalf("Expected %d total fields, got %d", totalExpectedFields, v) + } + + if afterCollection.Fields.GetByName("test") == nil { + t.Fatalf("Missing new field %q", "test") + } + + // ensure that the old system fields still exist + for _, f := range beforeCollection.Fields { + if f.GetSystem() && afterCollection.Fields.GetByName(f.GetName()) == nil { + t.Fatalf("Missing expected old field %q", f.GetName()) + } + } + } + }) + } +} + +func TestImportCollectionsCreateRules(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + err := testApp.ImportCollections([]map[string]any{ + {"name": "new_test", "type": "auth", "authToken": map[string]any{"duration": 123}, "fields": []map[string]any{{"name": "test", "type": "text"}}}, + }, false) + if err != nil { + t.Fatal(err) + } + + collection, err := testApp.FindCollectionByNameOrId("new_test") + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(collection) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + expectedParts := []string{ + `"name":"new_test"`, + `"fields":[`, + `"name":"id"`, + `"name":"email"`, + `"name":"tokenKey"`, + `"name":"password"`, + `"name":"test"`, + `"indexes":[`, + `CREATE UNIQUE INDEX`, + `"duration":123`, + } + + for _, part := range expectedParts { + if !strings.Contains(rawStr, part) { + t.Errorf("Missing %q in\n%s", part, rawStr) + } + } +} diff --git a/core/collection_model.go b/core/collection_model.go new file mode 100644 index 0000000..e50eea3 --- /dev/null +++ b/core/collection_model.go @@ -0,0 +1,1073 @@ +package core + +import ( + "encoding/json" + "fmt" + "strconv" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +var ( + _ Model = (*Collection)(nil) + _ DBExporter = (*Collection)(nil) + _ FilesManager = (*Collection)(nil) +) + +const ( + CollectionTypeBase = "base" + CollectionTypeAuth = "auth" + CollectionTypeView = "view" +) + +const systemHookIdCollection = "__pbCollectionSystemHook__" + +const defaultLowercaseRecordIdPattern = "^[a-z0-9]+$" + +func (app *BaseApp) registerCollectionHooks() { + app.OnModelValidate().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionValidate().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelCreate().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionCreate().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelCreateExecute().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionCreateExecute().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterCreateSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionAfterCreateSuccess().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterCreateError().Bind(&hook.Handler[*ModelErrorEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelErrorEvent) error { + if ce, ok := newCollectionErrorEventFromModelErrorEvent(me); ok { + err := me.App.OnCollectionAfterCreateError().Trigger(ce, func(ce *CollectionErrorEvent) error { + syncModelErrorEventWithCollectionErrorEvent(me, ce) + defer syncCollectionErrorEventWithModelErrorEvent(ce, me) + return me.Next() + }) + syncModelErrorEventWithCollectionErrorEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelUpdate().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionUpdate().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelUpdateExecute().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionUpdateExecute().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterUpdateSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionAfterUpdateSuccess().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterUpdateError().Bind(&hook.Handler[*ModelErrorEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelErrorEvent) error { + if ce, ok := newCollectionErrorEventFromModelErrorEvent(me); ok { + err := me.App.OnCollectionAfterUpdateError().Trigger(ce, func(ce *CollectionErrorEvent) error { + syncModelErrorEventWithCollectionErrorEvent(me, ce) + defer syncCollectionErrorEventWithModelErrorEvent(ce, me) + return me.Next() + }) + syncModelErrorEventWithCollectionErrorEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelDelete().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionDelete().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelDeleteExecute().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionDeleteExecute().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelEvent) error { + if ce, ok := newCollectionEventFromModelEvent(me); ok { + err := me.App.OnCollectionAfterDeleteSuccess().Trigger(ce, func(ce *CollectionEvent) error { + syncModelEventWithCollectionEvent(me, ce) + defer syncCollectionEventWithModelEvent(ce, me) + return me.Next() + }) + syncModelEventWithCollectionEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterDeleteError().Bind(&hook.Handler[*ModelErrorEvent]{ + Id: systemHookIdCollection, + Func: func(me *ModelErrorEvent) error { + if ce, ok := newCollectionErrorEventFromModelErrorEvent(me); ok { + err := me.App.OnCollectionAfterDeleteError().Trigger(ce, func(ce *CollectionErrorEvent) error { + syncModelErrorEventWithCollectionErrorEvent(me, ce) + defer syncCollectionErrorEventWithModelErrorEvent(ce, me) + return me.Next() + }) + syncModelErrorEventWithCollectionErrorEvent(me, ce) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + // -------------------------------------------------------------- + + app.OnCollectionValidate().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdCollection, + Func: onCollectionValidate, + Priority: 99, + }) + + app.OnCollectionCreate().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdCollection, + Func: onCollectionSave, + Priority: -99, + }) + + app.OnCollectionUpdate().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdCollection, + Func: onCollectionSave, + Priority: -99, + }) + + app.OnCollectionCreateExecute().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdCollection, + Func: onCollectionSaveExecute, + // execute as latest as possible, aka. closer to the db action to minimize the transactions lock time + Priority: 99, + }) + + app.OnCollectionUpdateExecute().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdCollection, + Func: onCollectionSaveExecute, + Priority: 99, // execute as latest as possible, aka. closer to the db action to minimize the transactions lock time + }) + + app.OnCollectionDeleteExecute().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdCollection, + Func: onCollectionDeleteExecute, + Priority: 99, // execute as latest as possible, aka. closer to the db action to minimize the transactions lock time + }) + + // reload cache on failure + // --- + onErrorReloadCachedCollections := func(ce *CollectionErrorEvent) error { + if err := ce.App.ReloadCachedCollections(); err != nil { + ce.App.Logger().Warn("Failed to reload collections cache after collection change error", "error", err) + } + + return ce.Next() + } + app.OnCollectionAfterCreateError().Bind(&hook.Handler[*CollectionErrorEvent]{ + Id: systemHookIdCollection, + Func: onErrorReloadCachedCollections, + Priority: -99, + }) + app.OnCollectionAfterUpdateError().Bind(&hook.Handler[*CollectionErrorEvent]{ + Id: systemHookIdCollection, + Func: onErrorReloadCachedCollections, + Priority: -99, + }) + app.OnCollectionAfterDeleteError().Bind(&hook.Handler[*CollectionErrorEvent]{ + Id: systemHookIdCollection, + Func: onErrorReloadCachedCollections, + Priority: -99, + }) + // --- + + app.OnBootstrap().Bind(&hook.Handler[*BootstrapEvent]{ + Id: systemHookIdCollection, + Func: func(e *BootstrapEvent) error { + if err := e.Next(); err != nil { + return err + } + + if err := e.App.ReloadCachedCollections(); err != nil { + return fmt.Errorf("failed to load collections cache: %w", err) + } + + return nil + }, + Priority: 99, // execute as latest as possible + }) +} + +// @todo experiment eventually replacing the rules *string with a struct? +type baseCollection struct { + BaseModel + + disableIntegrityChecks bool + autogeneratedId string + + ListRule *string `db:"listRule" json:"listRule" form:"listRule"` + ViewRule *string `db:"viewRule" json:"viewRule" form:"viewRule"` + CreateRule *string `db:"createRule" json:"createRule" form:"createRule"` + UpdateRule *string `db:"updateRule" json:"updateRule" form:"updateRule"` + DeleteRule *string `db:"deleteRule" json:"deleteRule" form:"deleteRule"` + + // RawOptions represents the raw serialized collection option loaded from the DB. + // NB! This field shouldn't be modified manually. It is automatically updated + // with the collection type specific option before save. + RawOptions types.JSONRaw `db:"options" json:"-" xml:"-" form:"-"` + + Name string `db:"name" json:"name" form:"name"` + Type string `db:"type" json:"type" form:"type"` + Fields FieldsList `db:"fields" json:"fields" form:"fields"` + Indexes types.JSONArray[string] `db:"indexes" json:"indexes" form:"indexes"` + Created types.DateTime `db:"created" json:"created"` + Updated types.DateTime `db:"updated" json:"updated"` + + // System prevents the collection rename, deletion and rules change. + // It is used primarily for internal purposes for collections like "_superusers", "_externalAuths", etc. + System bool `db:"system" json:"system" form:"system"` +} + +// Collection defines the table, fields and various options related to a set of records. +type Collection struct { + baseCollection + collectionAuthOptions + collectionViewOptions +} + +// NewCollection initializes and returns a new Collection model with the specified type and name. +// +// It also loads the minimal default configuration for the collection +// (eg. system fields, indexes, type specific options, etc.). +func NewCollection(typ, name string, optId ...string) *Collection { + switch typ { + case CollectionTypeAuth: + return NewAuthCollection(name, optId...) + case CollectionTypeView: + return NewViewCollection(name, optId...) + default: + return NewBaseCollection(name, optId...) + } +} + +// NewBaseCollection initializes and returns a new "base" Collection model. +// +// It also loads the minimal default configuration for the collection +// (eg. system fields, indexes, type specific options, etc.). +func NewBaseCollection(name string, optId ...string) *Collection { + m := &Collection{} + m.Name = name + m.Type = CollectionTypeBase + + // @todo consider removing once inferred composite literals are supported + if len(optId) > 0 { + m.Id = optId[0] + } + + m.initDefaultId() + m.initDefaultFields() + + return m +} + +// NewViewCollection initializes and returns a new "view" Collection model. +// +// It also loads the minimal default configuration for the collection +// (eg. system fields, indexes, type specific options, etc.). +func NewViewCollection(name string, optId ...string) *Collection { + m := &Collection{} + m.Name = name + m.Type = CollectionTypeView + + // @todo consider removing once inferred composite literals are supported + if len(optId) > 0 { + m.Id = optId[0] + } + + m.initDefaultId() + m.initDefaultFields() + + return m +} + +// NewAuthCollection initializes and returns a new "auth" Collection model. +// +// It also loads the minimal default configuration for the collection +// (eg. system fields, indexes, type specific options, etc.). +func NewAuthCollection(name string, optId ...string) *Collection { + m := &Collection{} + m.Name = name + m.Type = CollectionTypeAuth + + // @todo consider removing once inferred composite literals are supported + if len(optId) > 0 { + m.Id = optId[0] + } + + m.initDefaultId() + m.initDefaultFields() + m.setDefaultAuthOptions() + + return m +} + +// TableName returns the Collection model SQL table name. +func (m *Collection) TableName() string { + return "_collections" +} + +// BaseFilesPath returns the storage dir path used by the collection. +func (m *Collection) BaseFilesPath() string { + return m.Id +} + +// IsBase checks if the current collection has "base" type. +func (m *Collection) IsBase() bool { + return m.Type == CollectionTypeBase +} + +// IsAuth checks if the current collection has "auth" type. +func (m *Collection) IsAuth() bool { + return m.Type == CollectionTypeAuth +} + +// IsView checks if the current collection has "view" type. +func (m *Collection) IsView() bool { + return m.Type == CollectionTypeView +} + +// IntegrityChecks toggles the current collection integrity checks (ex. checking references on delete). +func (m *Collection) IntegrityChecks(enable bool) { + m.disableIntegrityChecks = !enable +} + +// PostScan implements the [dbx.PostScanner] interface to auto unmarshal +// the raw serialized options into the concrete type specific fields. +func (m *Collection) PostScan() error { + if err := m.BaseModel.PostScan(); err != nil { + return err + } + + return m.unmarshalRawOptions() +} + +func (m *Collection) unmarshalRawOptions() error { + raw, err := m.RawOptions.MarshalJSON() + if err != nil { + return nil + } + + switch m.Type { + case CollectionTypeView: + return json.Unmarshal(raw, &m.collectionViewOptions) + case CollectionTypeAuth: + return json.Unmarshal(raw, &m.collectionAuthOptions) + } + + return nil +} + +// UnmarshalJSON implements the [json.Unmarshaler] interface. +// +// For new/"blank" Collection models it replaces the model with a factory +// instance and then unmarshal the provided data one on top of it. +func (m *Collection) UnmarshalJSON(b []byte) error { + type alias *Collection + + // initialize the default fields + // (e.g. in case the collection was NOT created using the designated factories) + if m.IsNew() && m.Type == "" { + minimal := &struct { + Type string `json:"type"` + Name string `json:"name"` + Id string `json:"id"` + }{} + if err := json.Unmarshal(b, minimal); err != nil { + return err + } + + blank := NewCollection(minimal.Type, minimal.Name, minimal.Id) + *m = *blank + } + + return json.Unmarshal(b, alias(m)) +} + +// MarshalJSON implements the [json.Marshaler] interface. +// +// Note that non-type related fields are ignored from the serialization +// (ex. for "view" colections the "auth" fields are skipped). +func (m Collection) MarshalJSON() ([]byte, error) { + switch m.Type { + case CollectionTypeView: + return json.Marshal(struct { + baseCollection + collectionViewOptions + }{m.baseCollection, m.collectionViewOptions}) + case CollectionTypeAuth: + alias := struct { + baseCollection + collectionAuthOptions + }{m.baseCollection, m.collectionAuthOptions} + + // ensure that it is always returned as array + if alias.OAuth2.Providers == nil { + alias.OAuth2.Providers = []OAuth2ProviderConfig{} + } + + // hide secret keys from the serialization + alias.AuthToken.Secret = "" + alias.FileToken.Secret = "" + alias.PasswordResetToken.Secret = "" + alias.EmailChangeToken.Secret = "" + alias.VerificationToken.Secret = "" + for i := range alias.OAuth2.Providers { + alias.OAuth2.Providers[i].ClientSecret = "" + } + + return json.Marshal(alias) + default: + return json.Marshal(m.baseCollection) + } +} + +// String returns a string representation of the current collection. +func (m Collection) String() string { + raw, _ := json.Marshal(m) + return string(raw) +} + +// DBExport prepares and exports the current collection data for db persistence. +func (m *Collection) DBExport(app App) (map[string]any, error) { + result := map[string]any{ + "id": m.Id, + "type": m.Type, + "listRule": m.ListRule, + "viewRule": m.ViewRule, + "createRule": m.CreateRule, + "updateRule": m.UpdateRule, + "deleteRule": m.DeleteRule, + "name": m.Name, + "fields": m.Fields, + "indexes": m.Indexes, + "system": m.System, + "created": m.Created, + "updated": m.Updated, + "options": `{}`, + } + + switch m.Type { + case CollectionTypeView: + if raw, err := types.ParseJSONRaw(m.collectionViewOptions); err == nil { + result["options"] = raw + } else { + return nil, err + } + case CollectionTypeAuth: + if raw, err := types.ParseJSONRaw(m.collectionAuthOptions); err == nil { + result["options"] = raw + } else { + return nil, err + } + } + + return result, nil +} + +// GetIndex returns s single Collection index expression by its name. +func (m *Collection) GetIndex(name string) string { + for _, idx := range m.Indexes { + if strings.EqualFold(dbutils.ParseIndex(idx).IndexName, name) { + return idx + } + } + + return "" +} + +// AddIndex adds a new index into the current collection. +// +// If the collection has an existing index matching the new name it will be replaced with the new one. +func (m *Collection) AddIndex(name string, unique bool, columnsExpr string, optWhereExpr string) { + m.RemoveIndex(name) + + var idx strings.Builder + + idx.WriteString("CREATE ") + if unique { + idx.WriteString("UNIQUE ") + } + idx.WriteString("INDEX `") + idx.WriteString(name) + idx.WriteString("` ") + idx.WriteString("ON `") + idx.WriteString(m.Name) + idx.WriteString("` (") + idx.WriteString(columnsExpr) + idx.WriteString(")") + if optWhereExpr != "" { + idx.WriteString(" WHERE ") + idx.WriteString(optWhereExpr) + } + + m.Indexes = append(m.Indexes, idx.String()) +} + +// RemoveIndex removes a single index with the specified name from the current collection. +func (m *Collection) RemoveIndex(name string) { + for i, idx := range m.Indexes { + if strings.EqualFold(dbutils.ParseIndex(idx).IndexName, name) { + m.Indexes = append(m.Indexes[:i], m.Indexes[i+1:]...) + return + } + } +} + +// delete hook +// ------------------------------------------------------------------- + +func onCollectionDeleteExecute(e *CollectionEvent) error { + if e.Collection.System { + return fmt.Errorf("[%s] system collections cannot be deleted", e.Collection.Name) + } + + defer func() { + if err := e.App.ReloadCachedCollections(); err != nil { + e.App.Logger().Warn("Failed to reload collections cache", "error", err) + } + }() + + if !e.Collection.disableIntegrityChecks { + // ensure that there aren't any existing references. + // note: the select is outside of the transaction to prevent SQLITE_LOCKED error when mixing read&write in a single transaction + references, err := e.App.FindCollectionReferences(e.Collection, e.Collection.Id) + if err != nil { + return fmt.Errorf("[%s] failed to check collection references: %w", e.Collection.Name, err) + } + if total := len(references); total > 0 { + names := make([]string, 0, len(references)) + for ref := range references { + names = append(names, ref.Name) + } + return fmt.Errorf("[%s] failed to delete due to existing relation references: %s", e.Collection.Name, strings.Join(names, ", ")) + } + } + + originalApp := e.App + + txErr := e.App.RunInTransaction(func(txApp App) error { + e.App = txApp + + // delete the related view or records table + if e.Collection.IsView() { + if err := txApp.DeleteView(e.Collection.Name); err != nil { + return err + } + } else { + if err := txApp.DeleteTable(e.Collection.Name); err != nil { + return err + } + } + + if !e.Collection.disableIntegrityChecks { + // trigger views resave to check for dependencies + if err := resaveViewsWithChangedFields(txApp, e.Collection.Id); err != nil { + return fmt.Errorf("[%s] failed to delete due to existing view dependency: %w", e.Collection.Name, err) + } + } + + // delete + return e.Next() + }) + + e.App = originalApp + + return txErr +} + +// save hook +// ------------------------------------------------------------------- + +func (c *Collection) idChecksum() string { + return "pbc_" + crc32Checksum(c.Type+c.Name) +} + +func (c *Collection) initDefaultId() { + if c.Id == "" { + c.Id = c.idChecksum() + c.autogeneratedId = c.Id + } +} + +func (c *Collection) updateGeneratedIdIfExists(app App) { + if !c.IsNew() || + // the id was explicitly cleared + c.Id == "" || + // the id was manually set + c.Id != c.autogeneratedId { + return + } + + // generate an up-to-date checksum + newId := c.idChecksum() + + // add a number to the current id (if already exists) + for i := 2; i < 1000; i++ { + var exists int + _ = app.CollectionQuery().Select("(1)").AndWhere(dbx.HashExp{"id": newId}).Limit(1).Row(&exists) + if exists == 0 { + break + } + newId = c.idChecksum() + strconv.Itoa(i) + } + + // no change + if c.Id == newId { + return + } + + // replace the old id in the index names (if any) + for i, idx := range c.Indexes { + parsed := dbutils.ParseIndex(idx) + original := parsed.IndexName + parsed.IndexName = strings.ReplaceAll(parsed.IndexName, c.Id, newId) + if parsed.IndexName != original { + c.Indexes[i] = parsed.Build() + } + } + + // update model id + c.Id = newId +} + +func onCollectionSave(e *CollectionEvent) error { + if e.Collection.Type == "" { + e.Collection.Type = CollectionTypeBase + } + + if e.Collection.IsNew() { + e.Collection.initDefaultId() + e.Collection.Created = types.NowDateTime() + } + + e.Collection.Updated = types.NowDateTime() + + // recreate the fields list to ensure that all normalizations + // like default field id are applied + e.Collection.Fields = NewFieldsList(e.Collection.Fields...) + + e.Collection.initDefaultFields() + + if e.Collection.IsAuth() { + e.Collection.unsetMissingOAuth2MappedFields() + } + + e.Collection.updateGeneratedIdIfExists(e.App) + + return e.Next() +} + +func onCollectionSaveExecute(e *CollectionEvent) error { + defer func() { + if err := e.App.ReloadCachedCollections(); err != nil { + e.App.Logger().Warn("Failed to reload collections cache", "error", err) + } + }() + + var oldCollection *Collection + if !e.Collection.IsNew() { + var err error + oldCollection, err = e.App.FindCachedCollectionByNameOrId(e.Collection.Id) + if err != nil { + return err + } + + // invalidate previously issued auth tokens on auth rule change + if oldCollection.AuthRule != e.Collection.AuthRule && + cast.ToString(oldCollection.AuthRule) != cast.ToString(e.Collection.AuthRule) { + e.Collection.AuthToken.Secret = security.RandomString(50) + } + } + + originalApp := e.App + txErr := e.App.RunInTransaction(func(txApp App) error { + e.App = txApp + + isView := e.Collection.IsView() + + // ensures that the view collection shema is properly loaded + if isView { + query := e.Collection.ViewQuery + + // generate collection fields list from the query + viewFields, err := e.App.CreateViewFields(query) + if err != nil { + return err + } + + // delete old renamed view + if oldCollection != nil { + if err := e.App.DeleteView(oldCollection.Name); err != nil { + return err + } + } + + // wrap view query if necessary + query, err = normalizeViewQueryId(e.App, query) + if err != nil { + return fmt.Errorf("failed to normalize view query id: %w", err) + } + + // (re)create the view + if err := e.App.SaveView(e.Collection.Name, query); err != nil { + return err + } + + // updates newCollection.Fields based on the generated view table info and query + e.Collection.Fields = viewFields + } + + // save the Collection model + if err := e.Next(); err != nil { + return err + } + + // sync the changes with the related records table + if !isView { + if err := e.App.SyncRecordTableSchema(e.Collection, oldCollection); err != nil { + // note: don't wrap to allow propagating indexes validation.Errors + return err + } + } + + return nil + }) + e.App = originalApp + + if txErr != nil { + return txErr + } + + // trigger an update for all views with changed fields as a result of the current collection save + // (ignoring view errors to allow users to update the query from the UI) + resaveViewsWithChangedFields(e.App, e.Collection.Id) + + return nil +} + +func (c *Collection) initDefaultFields() { + switch c.Type { + case CollectionTypeBase: + c.initIdField() + case CollectionTypeAuth: + c.initIdField() + c.initPasswordField() + c.initTokenKeyField() + c.initEmailField() + c.initEmailVisibilityField() + c.initVerifiedField() + case CollectionTypeView: + // view fields are autogenerated + } +} + +func (c *Collection) initIdField() { + field, _ := c.Fields.GetByName(FieldNameId).(*TextField) + if field == nil { + // create default field + field = &TextField{ + Name: FieldNameId, + System: true, + PrimaryKey: true, + Required: true, + Min: 15, + Max: 15, + Pattern: defaultLowercaseRecordIdPattern, + AutogeneratePattern: `[a-z0-9]{15}`, + } + + // prepend it + c.Fields = NewFieldsList(append([]Field{field}, c.Fields...)...) + } else { + // enforce system defaults + field.System = true + field.Required = true + field.PrimaryKey = true + field.Hidden = false + if field.Pattern == "" { + field.Pattern = defaultLowercaseRecordIdPattern + } + } +} + +func (c *Collection) initPasswordField() { + field, _ := c.Fields.GetByName(FieldNamePassword).(*PasswordField) + if field == nil { + // load default field + c.Fields.Add(&PasswordField{ + Name: FieldNamePassword, + System: true, + Hidden: true, + Required: true, + Min: 8, + }) + } else { + // enforce system defaults + field.System = true + field.Hidden = true + field.Required = true + } +} + +func (c *Collection) initTokenKeyField() { + field, _ := c.Fields.GetByName(FieldNameTokenKey).(*TextField) + if field == nil { + // load default field + c.Fields.Add(&TextField{ + Name: FieldNameTokenKey, + System: true, + Hidden: true, + Min: 30, + Max: 60, + Required: true, + AutogeneratePattern: `[a-zA-Z0-9]{50}`, + }) + } else { + // enforce system defaults + field.System = true + field.Hidden = true + field.Required = true + } + + // ensure that there is a unique index for the field + if _, ok := dbutils.FindSingleColumnUniqueIndex(c.Indexes, FieldNameTokenKey); !ok { + c.Indexes = append(c.Indexes, fmt.Sprintf( + "CREATE UNIQUE INDEX `%s` ON `%s` (`%s`)", + c.fieldIndexName(FieldNameTokenKey), + c.Name, + FieldNameTokenKey, + )) + } +} + +func (c *Collection) initEmailField() { + field, _ := c.Fields.GetByName(FieldNameEmail).(*EmailField) + if field == nil { + // load default field + c.Fields.Add(&EmailField{ + Name: FieldNameEmail, + System: true, + Required: true, + }) + } else { + // enforce system defaults + field.System = true + field.Hidden = false // managed by the emailVisibility flag + } + + // ensure that there is a unique index for the email field + if _, ok := dbutils.FindSingleColumnUniqueIndex(c.Indexes, FieldNameEmail); !ok { + c.Indexes = append(c.Indexes, fmt.Sprintf( + "CREATE UNIQUE INDEX `%s` ON `%s` (`%s`) WHERE `%s` != ''", + c.fieldIndexName(FieldNameEmail), + c.Name, + FieldNameEmail, + FieldNameEmail, + )) + } +} + +func (c *Collection) initEmailVisibilityField() { + field, _ := c.Fields.GetByName(FieldNameEmailVisibility).(*BoolField) + if field == nil { + // load default field + c.Fields.Add(&BoolField{ + Name: FieldNameEmailVisibility, + System: true, + }) + } else { + // enforce system defaults + field.System = true + } +} + +func (c *Collection) initVerifiedField() { + field, _ := c.Fields.GetByName(FieldNameVerified).(*BoolField) + if field == nil { + // load default field + c.Fields.Add(&BoolField{ + Name: FieldNameVerified, + System: true, + }) + } else { + // enforce system defaults + field.System = true + } +} + +func (c *Collection) fieldIndexName(field string) string { + name := "idx_" + field + "_" + + if c.Id != "" { + name += c.Id + } else if c.Name != "" { + name += c.Name + } else { + name += security.PseudorandomString(10) + } + + if len(name) > 64 { + return name[:64] + } + + return name +} diff --git a/core/collection_model_auth_options.go b/core/collection_model_auth_options.go new file mode 100644 index 0000000..a0198d0 --- /dev/null +++ b/core/collection_model_auth_options.go @@ -0,0 +1,543 @@ +package core + +import ( + "strconv" + "strings" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/tools/auth" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +func (m *Collection) unsetMissingOAuth2MappedFields() { + if !m.IsAuth() { + return + } + + if m.OAuth2.MappedFields.Id != "" { + if m.Fields.GetByName(m.OAuth2.MappedFields.Id) == nil { + m.OAuth2.MappedFields.Id = "" + } + } + + if m.OAuth2.MappedFields.Name != "" { + if m.Fields.GetByName(m.OAuth2.MappedFields.Name) == nil { + m.OAuth2.MappedFields.Name = "" + } + } + + if m.OAuth2.MappedFields.Username != "" { + if m.Fields.GetByName(m.OAuth2.MappedFields.Username) == nil { + m.OAuth2.MappedFields.Username = "" + } + } + + if m.OAuth2.MappedFields.AvatarURL != "" { + if m.Fields.GetByName(m.OAuth2.MappedFields.AvatarURL) == nil { + m.OAuth2.MappedFields.AvatarURL = "" + } + } +} + +func (m *Collection) setDefaultAuthOptions() { + m.collectionAuthOptions = collectionAuthOptions{ + VerificationTemplate: defaultVerificationTemplate, + ResetPasswordTemplate: defaultResetPasswordTemplate, + ConfirmEmailChangeTemplate: defaultConfirmEmailChangeTemplate, + AuthRule: types.Pointer(""), + AuthAlert: AuthAlertConfig{ + Enabled: true, + EmailTemplate: defaultAuthAlertTemplate, + }, + PasswordAuth: PasswordAuthConfig{ + Enabled: true, + IdentityFields: []string{FieldNameEmail}, + }, + MFA: MFAConfig{ + Enabled: false, + Duration: 1800, // 30min + }, + OTP: OTPConfig{ + Enabled: false, + Duration: 180, // 3min + Length: 8, + EmailTemplate: defaultOTPTemplate, + }, + AuthToken: TokenConfig{ + Secret: security.RandomString(50), + Duration: 604800, // 7 days + }, + PasswordResetToken: TokenConfig{ + Secret: security.RandomString(50), + Duration: 1800, // 30min + }, + EmailChangeToken: TokenConfig{ + Secret: security.RandomString(50), + Duration: 1800, // 30min + }, + VerificationToken: TokenConfig{ + Secret: security.RandomString(50), + Duration: 259200, // 3days + }, + FileToken: TokenConfig{ + Secret: security.RandomString(50), + Duration: 180, // 3min + }, + } +} + +var _ optionsValidator = (*collectionAuthOptions)(nil) + +// collectionAuthOptions defines the options for the "auth" type collection. +type collectionAuthOptions struct { + // AuthRule could be used to specify additional record constraints + // applied after record authentication and right before returning the + // auth token response to the client. + // + // For example, to allow only verified users you could set it to + // "verified = true". + // + // Set it to empty string to allow any Auth collection record to authenticate. + // + // Set it to nil to disallow authentication altogether for the collection + // (that includes password, OAuth2, etc.). + AuthRule *string `form:"authRule" json:"authRule"` + + // ManageRule gives admin-like permissions to allow fully managing + // the auth record(s), eg. changing the password without requiring + // to enter the old one, directly updating the verified state and email, etc. + // + // This rule is executed in addition to the Create and Update API rules. + ManageRule *string `form:"manageRule" json:"manageRule"` + + // AuthAlert defines options related to the auth alerts on new device login. + AuthAlert AuthAlertConfig `form:"authAlert" json:"authAlert"` + + // OAuth2 specifies whether OAuth2 auth is enabled for the collection + // and which OAuth2 providers are allowed. + OAuth2 OAuth2Config `form:"oauth2" json:"oauth2"` + + // PasswordAuth defines options related to the collection password authentication. + PasswordAuth PasswordAuthConfig `form:"passwordAuth" json:"passwordAuth"` + + // MFA defines options related to the Multi-factor authentication (MFA). + MFA MFAConfig `form:"mfa" json:"mfa"` + + // OTP defines options related to the One-time password authentication (OTP). + OTP OTPConfig `form:"otp" json:"otp"` + + // Various token configurations + // --- + AuthToken TokenConfig `form:"authToken" json:"authToken"` + PasswordResetToken TokenConfig `form:"passwordResetToken" json:"passwordResetToken"` + EmailChangeToken TokenConfig `form:"emailChangeToken" json:"emailChangeToken"` + VerificationToken TokenConfig `form:"verificationToken" json:"verificationToken"` + FileToken TokenConfig `form:"fileToken" json:"fileToken"` + + // Default email templates + // --- + VerificationTemplate EmailTemplate `form:"verificationTemplate" json:"verificationTemplate"` + ResetPasswordTemplate EmailTemplate `form:"resetPasswordTemplate" json:"resetPasswordTemplate"` + ConfirmEmailChangeTemplate EmailTemplate `form:"confirmEmailChangeTemplate" json:"confirmEmailChangeTemplate"` +} + +func (o *collectionAuthOptions) validate(cv *collectionValidator) error { + err := validation.ValidateStruct(o, + validation.Field( + &o.AuthRule, + validation.By(cv.checkRule), + validation.By(cv.ensureNoSystemRuleChange(cv.original.AuthRule)), + ), + validation.Field( + &o.ManageRule, + validation.NilOrNotEmpty, + validation.By(cv.checkRule), + validation.By(cv.ensureNoSystemRuleChange(cv.original.ManageRule)), + ), + validation.Field(&o.AuthAlert), + validation.Field(&o.PasswordAuth), + validation.Field(&o.OAuth2), + validation.Field(&o.OTP), + validation.Field(&o.MFA), + validation.Field(&o.AuthToken), + validation.Field(&o.PasswordResetToken), + validation.Field(&o.EmailChangeToken), + validation.Field(&o.VerificationToken), + validation.Field(&o.FileToken), + validation.Field(&o.VerificationTemplate, validation.Required), + validation.Field(&o.ResetPasswordTemplate, validation.Required), + validation.Field(&o.ConfirmEmailChangeTemplate, validation.Required), + ) + if err != nil { + return err + } + + if o.MFA.Enabled { + // if MFA is enabled require at least 2 auth methods + // + // @todo maybe consider disabling the check because if custom auth methods + // are registered it may fail since we don't have mechanism to detect them at the moment + authsEnabled := 0 + if o.PasswordAuth.Enabled { + authsEnabled++ + } + if o.OAuth2.Enabled { + authsEnabled++ + } + if o.OTP.Enabled { + authsEnabled++ + } + if authsEnabled < 2 { + return validation.Errors{ + "mfa": validation.Errors{ + "enabled": validation.NewError("validation_mfa_not_enough_auths", "MFA requires at least 2 auth methods to be enabled."), + }, + } + } + + if o.MFA.Rule != "" { + mfaRuleValidators := []validation.RuleFunc{ + cv.checkRule, + cv.ensureNoSystemRuleChange(&cv.original.MFA.Rule), + } + + for _, validator := range mfaRuleValidators { + err := validator(&o.MFA.Rule) + if err != nil { + return validation.Errors{ + "mfa": validation.Errors{ + "rule": err, + }, + } + } + } + } + } + + // extra check to ensure that only unique identity fields are used + if o.PasswordAuth.Enabled { + err = validation.Validate(o.PasswordAuth.IdentityFields, validation.By(cv.checkFieldsForUniqueIndex)) + if err != nil { + return validation.Errors{ + "passwordAuth": validation.Errors{ + "identityFields": err, + }, + } + } + } + + return nil +} + +// ------------------------------------------------------------------- + +type EmailTemplate struct { + Subject string `form:"subject" json:"subject"` + Body string `form:"body" json:"body"` +} + +// Validate makes EmailTemplate validatable by implementing [validation.Validatable] interface. +func (t EmailTemplate) Validate() error { + return validation.ValidateStruct(&t, + validation.Field(&t.Subject, validation.Required), + validation.Field(&t.Body, validation.Required), + ) +} + +// Resolve replaces the placeholder parameters in the current email +// template and returns its components as ready-to-use strings. +func (t EmailTemplate) Resolve(placeholders map[string]any) (subject, body string) { + body = t.Body + subject = t.Subject + + for k, v := range placeholders { + vStr := cast.ToString(v) + + // replace subject placeholder params (if any) + subject = strings.ReplaceAll(subject, k, vStr) + + // replace body placeholder params (if any) + body = strings.ReplaceAll(body, k, vStr) + } + + return subject, body +} + +// ------------------------------------------------------------------- + +type AuthAlertConfig struct { + Enabled bool `form:"enabled" json:"enabled"` + EmailTemplate EmailTemplate `form:"emailTemplate" json:"emailTemplate"` +} + +// Validate makes AuthAlertConfig validatable by implementing [validation.Validatable] interface. +func (c AuthAlertConfig) Validate() error { + return validation.ValidateStruct(&c, + // note: for now always run the email template validations even + // if not enabled since it could be used separately + validation.Field(&c.EmailTemplate), + ) +} + +// ------------------------------------------------------------------- + +type TokenConfig struct { + Secret string `form:"secret" json:"secret,omitempty"` + + // Duration specifies how long an issued token to be valid (in seconds) + Duration int64 `form:"duration" json:"duration"` +} + +// Validate makes TokenConfig validatable by implementing [validation.Validatable] interface. +func (c TokenConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.Secret, validation.Required, validation.Length(30, 255)), + validation.Field(&c.Duration, validation.Required, validation.Min(10), validation.Max(94670856)), // ~3y max + ) +} + +// DurationTime returns the current Duration as [time.Duration]. +func (c TokenConfig) DurationTime() time.Duration { + return time.Duration(c.Duration) * time.Second +} + +// ------------------------------------------------------------------- + +type OTPConfig struct { + Enabled bool `form:"enabled" json:"enabled"` + + // Duration specifies how long the OTP to be valid (in seconds) + Duration int64 `form:"duration" json:"duration"` + + // Length specifies the auto generated password length. + Length int `form:"length" json:"length"` + + // EmailTemplate is the default OTP email template that will be send to the auth record. + // + // In addition to the system placeholders you can also make use of + // [core.EmailPlaceholderOTPId] and [core.EmailPlaceholderOTP]. + EmailTemplate EmailTemplate `form:"emailTemplate" json:"emailTemplate"` +} + +// Validate makes OTPConfig validatable by implementing [validation.Validatable] interface. +func (c OTPConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.Duration, validation.When(c.Enabled, validation.Required, validation.Min(10), validation.Max(86400))), + validation.Field(&c.Length, validation.When(c.Enabled, validation.Required, validation.Min(4))), + // note: for now always run the email template validations even + // if not enabled since it could be used separately + validation.Field(&c.EmailTemplate), + ) +} + +// DurationTime returns the current Duration as [time.Duration]. +func (c OTPConfig) DurationTime() time.Duration { + return time.Duration(c.Duration) * time.Second +} + +// ------------------------------------------------------------------- + +type MFAConfig struct { + Enabled bool `form:"enabled" json:"enabled"` + + // Duration specifies how long an issued MFA to be valid (in seconds) + Duration int64 `form:"duration" json:"duration"` + + // Rule is an optional field to restrict MFA only for the records that satisfy the rule. + // + // Leave it empty to enable MFA for everyone. + Rule string `form:"rule" json:"rule"` +} + +// Validate makes MFAConfig validatable by implementing [validation.Validatable] interface. +func (c MFAConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.Duration, validation.When(c.Enabled, validation.Required, validation.Min(10), validation.Max(86400))), + ) +} + +// DurationTime returns the current Duration as [time.Duration]. +func (c MFAConfig) DurationTime() time.Duration { + return time.Duration(c.Duration) * time.Second +} + +// ------------------------------------------------------------------- + +type PasswordAuthConfig struct { + Enabled bool `form:"enabled" json:"enabled"` + + // IdentityFields is a list of field names that could be used as + // identity during password authentication. + // + // Usually only fields that has single column UNIQUE index are accepted as values. + IdentityFields []string `form:"identityFields" json:"identityFields"` +} + +// Validate makes PasswordAuthConfig validatable by implementing [validation.Validatable] interface. +func (c PasswordAuthConfig) Validate() error { + // strip duplicated values + c.IdentityFields = list.ToUniqueStringSlice(c.IdentityFields) + + if !c.Enabled { + return nil // no need to validate + } + + return validation.ValidateStruct(&c, + validation.Field(&c.IdentityFields, validation.Required), + ) +} + +// ------------------------------------------------------------------- + +type OAuth2KnownFields struct { + Id string `form:"id" json:"id"` + Name string `form:"name" json:"name"` + Username string `form:"username" json:"username"` + AvatarURL string `form:"avatarURL" json:"avatarURL"` +} + +type OAuth2Config struct { + Providers []OAuth2ProviderConfig `form:"providers" json:"providers"` + + MappedFields OAuth2KnownFields `form:"mappedFields" json:"mappedFields"` + + Enabled bool `form:"enabled" json:"enabled"` +} + +// GetProviderConfig returns the first OAuth2ProviderConfig that matches the specified name. +// +// Returns false and zero config if no such provider is available in c.Providers. +func (c OAuth2Config) GetProviderConfig(name string) (config OAuth2ProviderConfig, exists bool) { + for _, p := range c.Providers { + if p.Name == name { + return p, true + } + } + return +} + +// Validate makes OAuth2Config validatable by implementing [validation.Validatable] interface. +func (c OAuth2Config) Validate() error { + if !c.Enabled { + return nil // no need to validate + } + + return validation.ValidateStruct(&c, + // note: don't require providers for now as they could be externally registered/removed + validation.Field(&c.Providers, validation.By(checkForDuplicatedProviders)), + ) +} + +func checkForDuplicatedProviders(value any) error { + configs, _ := value.([]OAuth2ProviderConfig) + + existing := map[string]struct{}{} + + for i, c := range configs { + if c.Name == "" { + continue // the name nonempty state is validated separately + } + if _, ok := existing[c.Name]; ok { + return validation.Errors{ + strconv.Itoa(i): validation.Errors{ + "name": validation.NewError("validation_duplicated_provider", "The provider {{.name}} is already registered."). + SetParams(map[string]any{"name": c.Name}), + }, + } + } + existing[c.Name] = struct{}{} + } + + return nil +} + +type OAuth2ProviderConfig struct { + // PKCE overwrites the default provider PKCE config option. + // + // This usually shouldn't be needed but some OAuth2 vendors, like the LinkedIn OIDC, + // may require manual adjustment due to returning error if extra parameters are added to the request + // (https://github.com/pocketbase/pocketbase/discussions/3799#discussioncomment-7640312) + PKCE *bool `form:"pkce" json:"pkce"` + + Name string `form:"name" json:"name"` + ClientId string `form:"clientId" json:"clientId"` + ClientSecret string `form:"clientSecret" json:"clientSecret,omitempty"` + AuthURL string `form:"authURL" json:"authURL"` + TokenURL string `form:"tokenURL" json:"tokenURL"` + UserInfoURL string `form:"userInfoURL" json:"userInfoURL"` + DisplayName string `form:"displayName" json:"displayName"` + Extra map[string]any `form:"extra" json:"extra"` +} + +// Validate makes OAuth2ProviderConfig validatable by implementing [validation.Validatable] interface. +func (c OAuth2ProviderConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.Name, validation.Required, validation.By(checkProviderName)), + validation.Field(&c.ClientId, validation.Required), + validation.Field(&c.ClientSecret, validation.Required), + validation.Field(&c.AuthURL, is.URL), + validation.Field(&c.TokenURL, is.URL), + validation.Field(&c.UserInfoURL, is.URL), + ) +} + +func checkProviderName(value any) error { + name, _ := value.(string) + if name == "" { + return nil // nothing to check + } + + if _, err := auth.NewProviderByName(name); err != nil { + return validation.NewError("validation_missing_provider", "Invalid or missing provider with name {{.name}}."). + SetParams(map[string]any{"name": name}) + } + + return nil +} + +// InitProvider returns a new auth.Provider instance loaded with the current OAuth2ProviderConfig options. +func (c OAuth2ProviderConfig) InitProvider() (auth.Provider, error) { + provider, err := auth.NewProviderByName(c.Name) + if err != nil { + return nil, err + } + + if c.ClientId != "" { + provider.SetClientId(c.ClientId) + } + + if c.ClientSecret != "" { + provider.SetClientSecret(c.ClientSecret) + } + + if c.AuthURL != "" { + provider.SetAuthURL(c.AuthURL) + } + + if c.UserInfoURL != "" { + provider.SetUserInfoURL(c.UserInfoURL) + } + + if c.TokenURL != "" { + provider.SetTokenURL(c.TokenURL) + } + + if c.DisplayName != "" { + provider.SetDisplayName(c.DisplayName) + } + + if c.PKCE != nil { + provider.SetPKCE(*c.PKCE) + } + + if c.Extra != nil { + provider.SetExtra(c.Extra) + } + + return provider, nil +} diff --git a/core/collection_model_auth_options_test.go b/core/collection_model_auth_options_test.go new file mode 100644 index 0000000..a0aaa3b --- /dev/null +++ b/core/collection_model_auth_options_test.go @@ -0,0 +1,1026 @@ +package core_test + +import ( + "bytes" + "encoding/json" + "fmt" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/auth" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestCollectionAuthOptionsValidate(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + collection func(app core.App) (*core.Collection, error) + expectedErrors []string + }{ + // authRule + { + name: "nil authRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.AuthRule = nil + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "empty authRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.AuthRule = types.Pointer("") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "invalid authRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.AuthRule = types.Pointer("missing != ''") + return c, nil + }, + expectedErrors: []string{"authRule"}, + }, + { + name: "valid authRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.AuthRule = types.Pointer("id != ''") + return c, nil + }, + expectedErrors: []string{}, + }, + + // manageRule + { + name: "nil manageRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.ManageRule = nil + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "empty manageRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.ManageRule = types.Pointer("") + return c, nil + }, + expectedErrors: []string{"manageRule"}, + }, + { + name: "invalid manageRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.ManageRule = types.Pointer("missing != ''") + return c, nil + }, + expectedErrors: []string{"manageRule"}, + }, + { + name: "valid manageRule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.ManageRule = types.Pointer("id != ''") + return c, nil + }, + expectedErrors: []string{}, + }, + + // passwordAuth + { + name: "trigger passwordAuth validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.PasswordAuth = core.PasswordAuthConfig{ + Enabled: true, + } + return c, nil + }, + expectedErrors: []string{"passwordAuth"}, + }, + { + name: "passwordAuth with non-unique identity fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add(&core.TextField{Name: "test"}) + c.PasswordAuth = core.PasswordAuthConfig{ + Enabled: true, + IdentityFields: []string{"email", "test"}, + } + return c, nil + }, + expectedErrors: []string{"passwordAuth"}, + }, + { + name: "passwordAuth with non-unique identity fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add(&core.TextField{Name: "test"}) + c.AddIndex("auth_test_idx", true, "test", "") + c.PasswordAuth = core.PasswordAuthConfig{ + Enabled: true, + IdentityFields: []string{"email", "test"}, + } + return c, nil + }, + expectedErrors: []string{}, + }, + + // oauth2 + { + name: "trigger oauth2 validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.OAuth2 = core.OAuth2Config{ + Enabled: true, + Providers: []core.OAuth2ProviderConfig{ + {Name: "missing"}, + }, + } + return c, nil + }, + expectedErrors: []string{"oauth2"}, + }, + + // otp + { + name: "trigger otp validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.OTP = core.OTPConfig{ + Enabled: true, + Duration: -10, + } + return c, nil + }, + expectedErrors: []string{"otp"}, + }, + + // mfa + { + name: "trigger mfa validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.MFA = core.MFAConfig{ + Enabled: true, + Duration: -10, + } + return c, nil + }, + expectedErrors: []string{"mfa"}, + }, + { + name: "mfa enabled with < 2 auth methods", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.MFA.Enabled = true + c.PasswordAuth.Enabled = true + c.OTP.Enabled = false + c.OAuth2.Enabled = false + return c, nil + }, + expectedErrors: []string{"mfa"}, + }, + { + name: "mfa enabled with >= 2 auth methods", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.MFA.Enabled = true + c.PasswordAuth.Enabled = true + c.OTP.Enabled = true + c.OAuth2.Enabled = false + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "mfa disabled with invalid rule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.PasswordAuth.Enabled = true + c.OTP.Enabled = true + c.MFA.Enabled = false + c.MFA.Rule = "invalid" + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "mfa enabled with invalid rule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.PasswordAuth.Enabled = true + c.OTP.Enabled = true + c.MFA.Enabled = true + c.MFA.Rule = "invalid" + return c, nil + }, + expectedErrors: []string{"mfa"}, + }, + { + name: "mfa enabled with valid rule", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.PasswordAuth.Enabled = true + c.OTP.Enabled = true + c.MFA.Enabled = true + c.MFA.Rule = "1=1" + return c, nil + }, + expectedErrors: []string{}, + }, + + // tokens + { + name: "trigger authToken validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.AuthToken.Secret = "" + return c, nil + }, + expectedErrors: []string{"authToken"}, + }, + { + name: "trigger passwordResetToken validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.PasswordResetToken.Secret = "" + return c, nil + }, + expectedErrors: []string{"passwordResetToken"}, + }, + { + name: "trigger emailChangeToken validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.EmailChangeToken.Secret = "" + return c, nil + }, + expectedErrors: []string{"emailChangeToken"}, + }, + { + name: "trigger verificationToken validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.VerificationToken.Secret = "" + return c, nil + }, + expectedErrors: []string{"verificationToken"}, + }, + { + name: "trigger fileToken validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.FileToken.Secret = "" + return c, nil + }, + expectedErrors: []string{"fileToken"}, + }, + + // templates + { + name: "trigger verificationTemplate validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.VerificationTemplate.Body = "" + return c, nil + }, + expectedErrors: []string{"verificationTemplate"}, + }, + { + name: "trigger resetPasswordTemplate validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.ResetPasswordTemplate.Body = "" + return c, nil + }, + expectedErrors: []string{"resetPasswordTemplate"}, + }, + { + name: "trigger confirmEmailChangeTemplate validations", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.ConfirmEmailChangeTemplate.Body = "" + return c, nil + }, + expectedErrors: []string{"confirmEmailChangeTemplate"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := s.collection(app) + if err != nil { + t.Fatalf("Failed to retrieve test collection: %v", err) + } + + result := app.Validate(collection) + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestEmailTemplateValidate(t *testing.T) { + scenarios := []struct { + name string + template core.EmailTemplate + expectedErrors []string + }{ + { + "zero value", + core.EmailTemplate{}, + []string{"subject", "body"}, + }, + { + "non-empty data", + core.EmailTemplate{ + Subject: "a", + Body: "b", + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.template.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestEmailTemplateResolve(t *testing.T) { + template := core.EmailTemplate{ + Subject: "test_subject {PARAM3} {PARAM1}-{PARAM2} repeat-{PARAM1}", + Body: "test_body {PARAM3} {PARAM2}-{PARAM1} repeat-{PARAM2}", + } + + scenarios := []struct { + name string + placeholders map[string]any + template core.EmailTemplate + expectedSubject string + expectedBody string + }{ + { + "no placeholders", + nil, + template, + template.Subject, + template.Body, + }, + { + "no matching placeholders", + map[string]any{"{A}": "abc", "{B}": 456}, + template, + template.Subject, + template.Body, + }, + { + "at least one matching placeholder", + map[string]any{"{PARAM1}": "abc", "{PARAM2}": 456}, + template, + "test_subject {PARAM3} abc-456 repeat-abc", + "test_body {PARAM3} 456-abc repeat-456", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + subject, body := s.template.Resolve(s.placeholders) + + if subject != s.expectedSubject { + t.Fatalf("Expected subject\n%v\ngot\n%v", s.expectedSubject, subject) + } + + if body != s.expectedBody { + t.Fatalf("Expected body\n%v\ngot\n%v", s.expectedBody, body) + } + }) + } +} + +func TestTokenConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.TokenConfig + expectedErrors []string + }{ + { + "zero value", + core.TokenConfig{}, + []string{"secret", "duration"}, + }, + { + "invalid data", + core.TokenConfig{ + Secret: strings.Repeat("a", 29), + Duration: 9, + }, + []string{"secret", "duration"}, + }, + { + "valid data", + core.TokenConfig{ + Secret: strings.Repeat("a", 30), + Duration: 10, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestTokenConfigDurationTime(t *testing.T) { + scenarios := []struct { + config core.TokenConfig + expected time.Duration + }{ + {core.TokenConfig{}, 0 * time.Second}, + {core.TokenConfig{Duration: 1234}, 1234 * time.Second}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.config.Duration), func(t *testing.T) { + result := s.config.DurationTime() + + if result != s.expected { + t.Fatalf("Expected duration %d, got %d", s.expected, result) + } + }) + } +} + +func TestAuthAlertConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.AuthAlertConfig + expectedErrors []string + }{ + { + "zero value (disabled)", + core.AuthAlertConfig{}, + []string{"emailTemplate"}, + }, + { + "zero value (enabled)", + core.AuthAlertConfig{Enabled: true}, + []string{"emailTemplate"}, + }, + { + "invalid template", + core.AuthAlertConfig{ + EmailTemplate: core.EmailTemplate{Body: "", Subject: "b"}, + }, + []string{"emailTemplate"}, + }, + { + "valid data", + core.AuthAlertConfig{ + EmailTemplate: core.EmailTemplate{Body: "a", Subject: "b"}, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestOTPConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.OTPConfig + expectedErrors []string + }{ + { + "zero value (disabled)", + core.OTPConfig{}, + []string{"emailTemplate"}, + }, + { + "zero value (enabled)", + core.OTPConfig{Enabled: true}, + []string{"duration", "length", "emailTemplate"}, + }, + { + "invalid length (< 3)", + core.OTPConfig{ + Enabled: true, + EmailTemplate: core.EmailTemplate{Body: "a", Subject: "b"}, + Duration: 100, + Length: 3, + }, + []string{"length"}, + }, + { + "invalid duration (< 10)", + core.OTPConfig{ + Enabled: true, + EmailTemplate: core.EmailTemplate{Body: "a", Subject: "b"}, + Duration: 9, + Length: 100, + }, + []string{"duration"}, + }, + { + "invalid duration (> 86400)", + core.OTPConfig{ + Enabled: true, + EmailTemplate: core.EmailTemplate{Body: "a", Subject: "b"}, + Duration: 86401, + Length: 100, + }, + []string{"duration"}, + }, + { + "invalid template (triggering EmailTemplate validations)", + core.OTPConfig{ + Enabled: true, + EmailTemplate: core.EmailTemplate{Body: "", Subject: "b"}, + Duration: 86400, + Length: 4, + }, + []string{"emailTemplate"}, + }, + { + "valid data", + core.OTPConfig{ + Enabled: true, + EmailTemplate: core.EmailTemplate{Body: "a", Subject: "b"}, + Duration: 86400, + Length: 4, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestOTPConfigDurationTime(t *testing.T) { + scenarios := []struct { + config core.OTPConfig + expected time.Duration + }{ + {core.OTPConfig{}, 0 * time.Second}, + {core.OTPConfig{Duration: 1234}, 1234 * time.Second}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.config.Duration), func(t *testing.T) { + result := s.config.DurationTime() + + if result != s.expected { + t.Fatalf("Expected duration %d, got %d", s.expected, result) + } + }) + } +} + +func TestMFAConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.MFAConfig + expectedErrors []string + }{ + { + "zero value (disabled)", + core.MFAConfig{}, + []string{}, + }, + { + "zero value (enabled)", + core.MFAConfig{Enabled: true}, + []string{"duration"}, + }, + { + "invalid duration (< 10)", + core.MFAConfig{Enabled: true, Duration: 9}, + []string{"duration"}, + }, + { + "invalid duration (> 86400)", + core.MFAConfig{Enabled: true, Duration: 86401}, + []string{"duration"}, + }, + { + "valid data", + core.MFAConfig{Enabled: true, Duration: 86400}, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestMFAConfigDurationTime(t *testing.T) { + scenarios := []struct { + config core.MFAConfig + expected time.Duration + }{ + {core.MFAConfig{}, 0 * time.Second}, + {core.MFAConfig{Duration: 1234}, 1234 * time.Second}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.config.Duration), func(t *testing.T) { + result := s.config.DurationTime() + + if result != s.expected { + t.Fatalf("Expected duration %d, got %d", s.expected, result) + } + }) + } +} + +func TestPasswordAuthConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.PasswordAuthConfig + expectedErrors []string + }{ + { + "zero value (disabled)", + core.PasswordAuthConfig{}, + []string{}, + }, + { + "zero value (enabled)", + core.PasswordAuthConfig{Enabled: true}, + []string{"identityFields"}, + }, + { + "empty values", + core.PasswordAuthConfig{Enabled: true, IdentityFields: []string{"", ""}}, + []string{"identityFields"}, + }, + { + "valid data", + core.PasswordAuthConfig{Enabled: true, IdentityFields: []string{"abc"}}, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestOAuth2ConfigGetProviderConfig(t *testing.T) { + scenarios := []struct { + name string + providerName string + config core.OAuth2Config + expectedExists bool + }{ + { + "zero value", + "gitlab", + core.OAuth2Config{}, + false, + }, + { + "empty config with valid provider", + "gitlab", + core.OAuth2Config{}, + false, + }, + { + "non-empty config with missing provider", + "gitlab", + core.OAuth2Config{Providers: []core.OAuth2ProviderConfig{{Name: "google"}, {Name: "github"}}}, + false, + }, + { + "config with existing provider", + "github", + core.OAuth2Config{Providers: []core.OAuth2ProviderConfig{{Name: "google"}, {Name: "github"}}}, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + config, exists := s.config.GetProviderConfig(s.providerName) + + if exists != s.expectedExists { + t.Fatalf("Expected exists %v, got %v", s.expectedExists, exists) + } + + if exists { + if config.Name != s.providerName { + t.Fatalf("Expected config with name %q, got %q", s.providerName, config.Name) + } + } else { + if config.Name != "" { + t.Fatalf("Expected empty config, got %v", config) + } + } + }) + } +} + +func TestOAuth2ConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.OAuth2Config + expectedErrors []string + }{ + { + "zero value (disabled)", + core.OAuth2Config{}, + []string{}, + }, + { + "zero value (enabled)", + core.OAuth2Config{Enabled: true}, + []string{}, + }, + { + "unknown provider", + core.OAuth2Config{Enabled: true, Providers: []core.OAuth2ProviderConfig{ + {Name: "missing", ClientId: "abc", ClientSecret: "456"}, + }}, + []string{"providers"}, + }, + { + "known provider with invalid data", + core.OAuth2Config{Enabled: true, Providers: []core.OAuth2ProviderConfig{ + {Name: "gitlab", ClientId: "abc", TokenURL: "!invalid!"}, + }}, + []string{"providers"}, + }, + { + "known provider with valid data", + core.OAuth2Config{Enabled: true, Providers: []core.OAuth2ProviderConfig{ + {Name: "gitlab", ClientId: "abc", ClientSecret: "456", TokenURL: "https://example.com"}, + }}, + []string{}, + }, + { + "known provider with valid data (duplicated)", + core.OAuth2Config{Enabled: true, Providers: []core.OAuth2ProviderConfig{ + {Name: "gitlab", ClientId: "abc1", ClientSecret: "1", TokenURL: "https://example1.com"}, + {Name: "google", ClientId: "abc2", ClientSecret: "2", TokenURL: "https://example2.com"}, + {Name: "gitlab", ClientId: "abc3", ClientSecret: "3", TokenURL: "https://example3.com"}, + }}, + []string{"providers"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestOAuth2ProviderConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.OAuth2ProviderConfig + expectedErrors []string + }{ + { + "zero value", + core.OAuth2ProviderConfig{}, + []string{"name", "clientId", "clientSecret"}, + }, + { + "minimum valid data", + core.OAuth2ProviderConfig{Name: "gitlab", ClientId: "abc", ClientSecret: "456"}, + []string{}, + }, + { + "non-existing provider", + core.OAuth2ProviderConfig{Name: "missing", ClientId: "abc", ClientSecret: "456"}, + []string{"name"}, + }, + { + "invalid urls", + core.OAuth2ProviderConfig{ + Name: "gitlab", + ClientId: "abc", + ClientSecret: "456", + AuthURL: "!invalid!", + TokenURL: "!invalid!", + UserInfoURL: "!invalid!", + }, + []string{"authURL", "tokenURL", "userInfoURL"}, + }, + { + "valid urls", + core.OAuth2ProviderConfig{ + Name: "gitlab", + ClientId: "abc", + ClientSecret: "456", + AuthURL: "https://example.com/a", + TokenURL: "https://example.com/b", + UserInfoURL: "https://example.com/c", + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestOAuth2ProviderConfigInitProvider(t *testing.T) { + scenarios := []struct { + name string + config core.OAuth2ProviderConfig + expectedConfig core.OAuth2ProviderConfig + expectedError bool + }{ + { + "empty config", + core.OAuth2ProviderConfig{}, + core.OAuth2ProviderConfig{}, + true, + }, + { + "missing provider", + core.OAuth2ProviderConfig{ + Name: "missing", + ClientId: "test_ClientId", + ClientSecret: "test_ClientSecret", + AuthURL: "test_AuthURL", + TokenURL: "test_TokenURL", + UserInfoURL: "test_UserInfoURL", + DisplayName: "test_DisplayName", + PKCE: types.Pointer(true), + }, + core.OAuth2ProviderConfig{ + Name: "missing", + ClientId: "test_ClientId", + ClientSecret: "test_ClientSecret", + AuthURL: "test_AuthURL", + TokenURL: "test_TokenURL", + UserInfoURL: "test_UserInfoURL", + DisplayName: "test_DisplayName", + PKCE: types.Pointer(true), + }, + true, + }, + { + "existing provider minimal", + core.OAuth2ProviderConfig{ + Name: "gitlab", + }, + core.OAuth2ProviderConfig{ + Name: "gitlab", + ClientId: "", + ClientSecret: "", + AuthURL: "https://gitlab.com/oauth/authorize", + TokenURL: "https://gitlab.com/oauth/token", + UserInfoURL: "https://gitlab.com/api/v4/user", + DisplayName: "GitLab", + PKCE: types.Pointer(true), + }, + false, + }, + { + "existing provider with all fields", + core.OAuth2ProviderConfig{ + Name: "gitlab", + ClientId: "test_ClientId", + ClientSecret: "test_ClientSecret", + AuthURL: "test_AuthURL", + TokenURL: "test_TokenURL", + UserInfoURL: "test_UserInfoURL", + DisplayName: "test_DisplayName", + PKCE: types.Pointer(true), + Extra: map[string]any{"a": 1}, + }, + core.OAuth2ProviderConfig{ + Name: "gitlab", + ClientId: "test_ClientId", + ClientSecret: "test_ClientSecret", + AuthURL: "test_AuthURL", + TokenURL: "test_TokenURL", + UserInfoURL: "test_UserInfoURL", + DisplayName: "test_DisplayName", + PKCE: types.Pointer(true), + Extra: map[string]any{"a": 1}, + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + provider, err := s.config.InitProvider() + + hasErr := err != nil + if hasErr != s.expectedError { + t.Fatalf("Expected hasErr %v, got %v", s.expectedError, hasErr) + } + + if hasErr { + if provider != nil { + t.Fatalf("Expected nil provider, got %v", provider) + } + return + } + + factory, ok := auth.Providers[s.expectedConfig.Name] + if !ok { + t.Fatalf("Missing factory for provider %q", s.expectedConfig.Name) + } + + expectedType := fmt.Sprintf("%T", factory()) + providerType := fmt.Sprintf("%T", provider) + if expectedType != providerType { + t.Fatalf("Expected provider instanceof %q, got %q", expectedType, providerType) + } + + if provider.ClientId() != s.expectedConfig.ClientId { + t.Fatalf("Expected ClientId %q, got %q", s.expectedConfig.ClientId, provider.ClientId()) + } + + if provider.ClientSecret() != s.expectedConfig.ClientSecret { + t.Fatalf("Expected ClientSecret %q, got %q", s.expectedConfig.ClientSecret, provider.ClientSecret()) + } + + if provider.AuthURL() != s.expectedConfig.AuthURL { + t.Fatalf("Expected AuthURL %q, got %q", s.expectedConfig.AuthURL, provider.AuthURL()) + } + + if provider.UserInfoURL() != s.expectedConfig.UserInfoURL { + t.Fatalf("Expected UserInfoURL %q, got %q", s.expectedConfig.UserInfoURL, provider.UserInfoURL()) + } + + if provider.TokenURL() != s.expectedConfig.TokenURL { + t.Fatalf("Expected TokenURL %q, got %q", s.expectedConfig.TokenURL, provider.TokenURL()) + } + + if provider.DisplayName() != s.expectedConfig.DisplayName { + t.Fatalf("Expected DisplayName %q, got %q", s.expectedConfig.DisplayName, provider.DisplayName()) + } + + if provider.PKCE() != *s.expectedConfig.PKCE { + t.Fatalf("Expected PKCE %v, got %v", *s.expectedConfig.PKCE, provider.PKCE()) + } + + rawMeta, _ := json.Marshal(provider.Extra()) + expectedMeta, _ := json.Marshal(s.expectedConfig.Extra) + if !bytes.Equal(rawMeta, expectedMeta) { + t.Fatalf("Expected PKCE %v, got %v", *s.expectedConfig.PKCE, provider.PKCE()) + } + }) + } +} diff --git a/core/collection_model_auth_templates.go b/core/collection_model_auth_templates.go new file mode 100644 index 0000000..eede271 --- /dev/null +++ b/core/collection_model_auth_templates.go @@ -0,0 +1,75 @@ +package core + +// Common settings placeholder tokens +const ( + EmailPlaceholderAppName string = "{APP_NAME}" + EmailPlaceholderAppURL string = "{APP_URL}" + EmailPlaceholderToken string = "{TOKEN}" + EmailPlaceholderOTP string = "{OTP}" + EmailPlaceholderOTPId string = "{OTP_ID}" +) + +var defaultVerificationTemplate = EmailTemplate{ + Subject: "Verify your " + EmailPlaceholderAppName + " email", + Body: `

Hello,

+

Thank you for joining us at ` + EmailPlaceholderAppName + `.

+

Click on the button below to verify your email address.

+

+ Verify +

+

+ Thanks,
+ ` + EmailPlaceholderAppName + ` team +

`, +} + +var defaultResetPasswordTemplate = EmailTemplate{ + Subject: "Reset your " + EmailPlaceholderAppName + " password", + Body: `

Hello,

+

Click on the button below to reset your password.

+

+ Reset password +

+

If you didn't ask to reset your password, you can ignore this email.

+

+ Thanks,
+ ` + EmailPlaceholderAppName + ` team +

`, +} + +var defaultConfirmEmailChangeTemplate = EmailTemplate{ + Subject: "Confirm your " + EmailPlaceholderAppName + " new email address", + Body: `

Hello,

+

Click on the button below to confirm your new email address.

+

+ Confirm new email +

+

If you didn't ask to change your email address, you can ignore this email.

+

+ Thanks,
+ ` + EmailPlaceholderAppName + ` team +

`, +} + +var defaultOTPTemplate = EmailTemplate{ + Subject: "OTP for " + EmailPlaceholderAppName, + Body: `

Hello,

+

Your one-time password is: ` + EmailPlaceholderOTP + `

+

If you didn't ask for the one-time password, you can ignore this email.

+

+ Thanks,
+ ` + EmailPlaceholderAppName + ` team +

`, +} + +var defaultAuthAlertTemplate = EmailTemplate{ + Subject: "Login from a new location", + Body: `

Hello,

+

We noticed a login to your ` + EmailPlaceholderAppName + ` account from a new location.

+

If this was you, you may disregard this email.

+

If this wasn't you, you should immediately change your ` + EmailPlaceholderAppName + ` account password to revoke access from all other locations.

+

+ Thanks,
+ ` + EmailPlaceholderAppName + ` team +

`, +} diff --git a/core/collection_model_base_options.go b/core/collection_model_base_options.go new file mode 100644 index 0000000..924312b --- /dev/null +++ b/core/collection_model_base_options.go @@ -0,0 +1,11 @@ +package core + +var _ optionsValidator = (*collectionBaseOptions)(nil) + +// collectionBaseOptions defines the options for the "base" type collection. +type collectionBaseOptions struct { +} + +func (o *collectionBaseOptions) validate(cv *collectionValidator) error { + return nil +} diff --git a/core/collection_model_test.go b/core/collection_model_test.go new file mode 100644 index 0000000..ba0abf8 --- /dev/null +++ b/core/collection_model_test.go @@ -0,0 +1,1638 @@ +package core_test + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "slices" + "strconv" + "strings" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNewCollection(t *testing.T) { + t.Parallel() + + scenarios := []struct { + typ string + name string + expected []string + }{ + { + "", + "", + []string{ + `"id":"pbc_`, + `"name":""`, + `"type":"base"`, + `"system":false`, + `"indexes":[]`, + `"fields":[{`, + `"name":"id"`, + `"type":"text"`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + { + "unknown", + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"base"`, + `"system":false`, + `"indexes":[]`, + `"fields":[{`, + `"name":"id"`, + `"type":"text"`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + { + "base", + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"base"`, + `"system":false`, + `"indexes":[]`, + `"fields":[{`, + `"name":"id"`, + `"type":"text"`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + { + "view", + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"view"`, + `"indexes":[]`, + `"fields":[]`, + `"system":false`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + { + "auth", + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"auth"`, + `"fields":[{`, + `"system":false`, + `"type":"text"`, + `"type":"email"`, + `"name":"id"`, + `"name":"email"`, + `"name":"password"`, + `"name":"tokenKey"`, + `"name":"emailVisibility"`, + `"name":"verified"`, + `idx_email`, + `idx_tokenKey`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + `"identityFields":["email"]`, + }, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.typ, s.name), func(t *testing.T) { + result := core.NewCollection(s.typ, s.name).String() + + for _, part := range s.expected { + if !strings.Contains(result, part) { + t.Fatalf("Missing part %q in\n%v", part, result) + } + } + }) + } +} + +func TestNewBaseCollection(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + expected []string + }{ + { + "", + []string{ + `"id":"pbc_`, + `"name":""`, + `"type":"base"`, + `"system":false`, + `"indexes":[]`, + `"fields":[{`, + `"name":"id"`, + `"type":"text"`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + { + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"base"`, + `"system":false`, + `"indexes":[]`, + `"fields":[{`, + `"name":"id"`, + `"type":"text"`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.name), func(t *testing.T) { + result := core.NewBaseCollection(s.name).String() + + for _, part := range s.expected { + if !strings.Contains(result, part) { + t.Fatalf("Missing part %q in\n%v", part, result) + } + } + }) + } +} + +func TestNewViewCollection(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + expected []string + }{ + { + "", + []string{ + `"id":"pbc_`, + `"name":""`, + `"type":"view"`, + `"indexes":[]`, + `"fields":[]`, + `"system":false`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + { + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"view"`, + `"indexes":[]`, + `"fields":[]`, + `"system":false`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + }, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.name), func(t *testing.T) { + result := core.NewViewCollection(s.name).String() + + for _, part := range s.expected { + if !strings.Contains(result, part) { + t.Fatalf("Missing part %q in\n%v", part, result) + } + } + }) + } +} + +func TestNewAuthCollection(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + expected []string + }{ + { + "", + []string{ + `"id":""`, + `"name":""`, + `"type":"auth"`, + `"fields":[{`, + `"system":false`, + `"type":"text"`, + `"type":"email"`, + `"name":"id"`, + `"name":"email"`, + `"name":"password"`, + `"name":"tokenKey"`, + `"name":"emailVisibility"`, + `"name":"verified"`, + `idx_email`, + `idx_tokenKey`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + `"identityFields":["email"]`, + }, + }, + { + "test", + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"auth"`, + `"fields":[{`, + `"system":false`, + `"type":"text"`, + `"type":"email"`, + `"name":"id"`, + `"name":"email"`, + `"name":"password"`, + `"name":"tokenKey"`, + `"name":"emailVisibility"`, + `"name":"verified"`, + `idx_email`, + `idx_tokenKey`, + `"listRule":null`, + `"viewRule":null`, + `"createRule":null`, + `"updateRule":null`, + `"deleteRule":null`, + `"identityFields":["email"]`, + }, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.name), func(t *testing.T) { + result := core.NewAuthCollection(s.name).String() + + for _, part := range s.expected { + if !strings.Contains(result, part) { + t.Fatalf("Missing part %q in\n%v", part, result) + } + } + }) + } +} + +func TestCollectionTableName(t *testing.T) { + t.Parallel() + + c := core.NewBaseCollection("test") + if c.TableName() != "_collections" { + t.Fatalf("Expected tableName %q, got %q", "_collections", c.TableName()) + } +} + +func TestCollectionBaseFilesPath(t *testing.T) { + t.Parallel() + + c := core.Collection{} + + if c.BaseFilesPath() != "" { + t.Fatalf("Expected empty string, got %q", c.BaseFilesPath()) + } + + c.Id = "test" + + if c.BaseFilesPath() != c.Id { + t.Fatalf("Expected %q, got %q", c.Id, c.BaseFilesPath()) + } +} + +func TestCollectionIsBase(t *testing.T) { + t.Parallel() + + scenarios := []struct { + typ string + expected bool + }{ + {"unknown", false}, + {core.CollectionTypeBase, true}, + {core.CollectionTypeView, false}, + {core.CollectionTypeAuth, false}, + } + + for _, s := range scenarios { + t.Run(s.typ, func(t *testing.T) { + c := core.Collection{} + c.Type = s.typ + + if v := c.IsBase(); v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestCollectionIsView(t *testing.T) { + t.Parallel() + + scenarios := []struct { + typ string + expected bool + }{ + {"unknown", false}, + {core.CollectionTypeBase, false}, + {core.CollectionTypeView, true}, + {core.CollectionTypeAuth, false}, + } + + for _, s := range scenarios { + t.Run(s.typ, func(t *testing.T) { + c := core.Collection{} + c.Type = s.typ + + if v := c.IsView(); v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestCollectionIsAuth(t *testing.T) { + t.Parallel() + + scenarios := []struct { + typ string + expected bool + }{ + {"unknown", false}, + {core.CollectionTypeBase, false}, + {core.CollectionTypeView, false}, + {core.CollectionTypeAuth, true}, + } + + for _, s := range scenarios { + t.Run(s.typ, func(t *testing.T) { + c := core.Collection{} + c.Type = s.typ + + if v := c.IsAuth(); v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestCollectionPostScan(t *testing.T) { + t.Parallel() + + rawOptions := types.JSONRaw(`{ + "viewQuery":"select 1", + "authRule":"1=2" + }`) + + scenarios := []struct { + typ string + rawOptions types.JSONRaw + expected []string + }{ + { + core.CollectionTypeBase, + rawOptions, + []string{ + `lastSavedPK:"test"`, + `ViewQuery:""`, + `AuthRule:(*string)(nil)`, + }, + }, + { + core.CollectionTypeView, + rawOptions, + []string{ + `lastSavedPK:"test"`, + `ViewQuery:"select 1"`, + `AuthRule:(*string)(nil)`, + }, + }, + { + core.CollectionTypeAuth, + rawOptions, + []string{ + `lastSavedPK:"test"`, + `ViewQuery:""`, + `AuthRule:(*string)(0x`, + }, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.typ), func(t *testing.T) { + c := core.Collection{} + c.Id = "test" + c.Type = s.typ + c.RawOptions = s.rawOptions + + err := c.PostScan() + if err != nil { + t.Fatal(err) + } + + if c.IsNew() { + t.Fatal("Expected the collection to be marked as not new") + } + + rawModel := fmt.Sprintf("%#v", c) + + for _, part := range s.expected { + if !strings.Contains(rawModel, part) { + t.Fatalf("Missing part %q in\n%v", part, rawModel) + } + } + }) + } +} + +func TestCollectionUnmarshalJSON(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + raw string + collection func() *core.Collection + expected []string + notExpected []string + }{ + { + "base new empty", + `{"type":"base","name":"test","listRule":"1=2","authRule":"1=3","viewQuery":"abc"}`, + func() *core.Collection { + return &core.Collection{} + }, + []string{ + `"type":"base"`, + `"id":"pbc_`, + `"name":"test"`, + `"listRule":"1=2"`, + `"fields":[`, + `"name":"id"`, + `"indexes":[]`, + }, + []string{ + `"authRule":"1=3"`, + `"viewQuery":"abc"`, + }, + }, + { + "view new empty", + `{"type":"view","name":"test","listRule":"1=2","authRule":"1=3","viewQuery":"abc"}`, + func() *core.Collection { + return &core.Collection{} + }, + []string{ + `"type":"view"`, + `"id":"pbc_`, + `"name":"test"`, + `"listRule":"1=2"`, + `"fields":[]`, + `"viewQuery":"abc"`, + `"indexes":[]`, + }, + []string{ + `"authRule":"1=3"`, + }, + }, + { + "auth new empty", + `{"type":"auth","name":"test","listRule":"1=2","authRule":"1=3","viewQuery":"abc"}`, + func() *core.Collection { + return &core.Collection{} + }, + []string{ + `"type":"auth"`, + `"id":"pbc_`, + `"name":"test"`, + `"listRule":"1=2"`, + `"authRule":"1=3"`, + `"fields":[`, + `"name":"id"`, + }, + []string{ + `"indexes":[]`, + `"viewQuery":"abc"`, + }, + }, + { + "new but with set type (no default fields load)", + `{"type":"base","name":"test","listRule":"1=2","authRule":"1=3","viewQuery":"abc"}`, + func() *core.Collection { + c := &core.Collection{} + c.Type = core.CollectionTypeBase + return c + }, + []string{ + `"type":"base"`, + `"id":""`, + `"name":"test"`, + `"listRule":"1=2"`, + `"fields":[]`, + }, + []string{ + `"authRule":"1=3"`, + `"viewQuery":"abc"`, + }, + }, + { + "existing (no default fields load)", + `{"type":"auth","name":"test","listRule":"1=2","authRule":"1=3","viewQuery":"abc"}`, + func() *core.Collection { + c, _ := app.FindCollectionByNameOrId("demo1") + return c + }, + []string{ + `"type":"auth"`, + `"name":"test"`, + `"listRule":"1=2"`, + `"authRule":"1=3"`, + `"fields":[`, + `"name":"id"`, + }, + []string{ + `"name":"tokenKey"`, + `"viewQuery":"abc"`, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := s.collection() + + err := json.Unmarshal([]byte(s.raw), collection) + if err != nil { + t.Fatal(err) + } + + rawResult, err := json.Marshal(collection) + if err != nil { + t.Fatal(err) + } + rawResultStr := string(rawResult) + + for _, part := range s.expected { + if !strings.Contains(rawResultStr, part) { + t.Fatalf("Missing expected %q in\n%v", part, rawResultStr) + } + } + + for _, part := range s.notExpected { + if strings.Contains(rawResultStr, part) { + t.Fatalf("Didn't expected %q in\n%v", part, rawResultStr) + } + } + }) + } +} + +func TestCollectionSerialize(t *testing.T) { + scenarios := []struct { + name string + collection func() *core.Collection + expected []string + notExpected []string + }{ + { + "base", + func() *core.Collection { + c := core.NewCollection(core.CollectionTypeBase, "test") + c.ViewQuery = "1=1" + c.OAuth2.Providers = []core.OAuth2ProviderConfig{ + {Name: "test1", ClientId: "test_client_id1", ClientSecret: "test_client_secret1"}, + {Name: "test2", ClientId: "test_client_id2", ClientSecret: "test_client_secret2"}, + } + + return c + }, + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"base"`, + }, + []string{ + "verificationTemplate", + "manageRule", + "authRule", + "secret", + "oauth2", + "clientId", + "clientSecret", + "viewQuery", + }, + }, + { + "view", + func() *core.Collection { + c := core.NewCollection(core.CollectionTypeView, "test") + c.ViewQuery = "1=1" + c.OAuth2.Providers = []core.OAuth2ProviderConfig{ + {Name: "test1", ClientId: "test_client_id1", ClientSecret: "test_client_secret1"}, + {Name: "test2", ClientId: "test_client_id2", ClientSecret: "test_client_secret2"}, + } + + return c + }, + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"view"`, + `"viewQuery":"1=1"`, + }, + []string{ + "verificationTemplate", + "manageRule", + "authRule", + "secret", + "oauth2", + "clientId", + "clientSecret", + }, + }, + { + "auth", + func() *core.Collection { + c := core.NewCollection(core.CollectionTypeAuth, "test") + c.ViewQuery = "1=1" + c.OAuth2.Providers = []core.OAuth2ProviderConfig{ + {Name: "test1", ClientId: "test_client_id1", ClientSecret: "test_client_secret1"}, + {Name: "test2", ClientId: "test_client_id2", ClientSecret: "test_client_secret2"}, + } + + return c + }, + []string{ + `"id":"pbc_`, + `"name":"test"`, + `"type":"auth"`, + `"oauth2":{`, + `"providers":[{`, + `"clientId":"test_client_id1"`, + `"clientId":"test_client_id2"`, + }, + []string{ + "viewQuery", + "secret", + "clientSecret", + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := s.collection() + + raw, err := collection.MarshalJSON() + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != collection.String() { + t.Fatalf("Expected the same serialization, got\n%v\nVS\n%v", collection.String(), rawStr) + } + + for _, part := range s.expected { + if !strings.Contains(rawStr, part) { + t.Fatalf("Missing part %q in\n%v", part, rawStr) + } + } + + for _, part := range s.notExpected { + if strings.Contains(rawStr, part) { + t.Fatalf("Didn't expect part %q in\n%v", part, rawStr) + } + } + }) + } +} + +func TestCollectionDBExport(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + date, err := types.ParseDateTime("2024-07-01 01:02:03.456Z") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + typ string + expected string + }{ + { + "unknown", + `{"createRule":"1=3","created":"2024-07-01 01:02:03.456Z","deleteRule":"1=5","fields":[{"hidden":false,"id":"f1_id","name":"f1","presentable":false,"required":false,"system":true,"type":"bool"},{"hidden":false,"id":"f2_id","name":"f2","presentable":false,"required":true,"system":false,"type":"bool"}],"id":"test_id","indexes":["CREATE INDEX idx1 on test_name(id)","CREATE INDEX idx2 on test_name(id)"],"listRule":"1=1","name":"test_name","options":"{}","system":true,"type":"unknown","updateRule":"1=4","updated":"2024-07-01 01:02:03.456Z","viewRule":"1=7"}`, + }, + { + core.CollectionTypeBase, + `{"createRule":"1=3","created":"2024-07-01 01:02:03.456Z","deleteRule":"1=5","fields":[{"hidden":false,"id":"f1_id","name":"f1","presentable":false,"required":false,"system":true,"type":"bool"},{"hidden":false,"id":"f2_id","name":"f2","presentable":false,"required":true,"system":false,"type":"bool"}],"id":"test_id","indexes":["CREATE INDEX idx1 on test_name(id)","CREATE INDEX idx2 on test_name(id)"],"listRule":"1=1","name":"test_name","options":"{}","system":true,"type":"base","updateRule":"1=4","updated":"2024-07-01 01:02:03.456Z","viewRule":"1=7"}`, + }, + { + core.CollectionTypeView, + `{"createRule":"1=3","created":"2024-07-01 01:02:03.456Z","deleteRule":"1=5","fields":[{"hidden":false,"id":"f1_id","name":"f1","presentable":false,"required":false,"system":true,"type":"bool"},{"hidden":false,"id":"f2_id","name":"f2","presentable":false,"required":true,"system":false,"type":"bool"}],"id":"test_id","indexes":["CREATE INDEX idx1 on test_name(id)","CREATE INDEX idx2 on test_name(id)"],"listRule":"1=1","name":"test_name","options":{"viewQuery":"select 1"},"system":true,"type":"view","updateRule":"1=4","updated":"2024-07-01 01:02:03.456Z","viewRule":"1=7"}`, + }, + { + core.CollectionTypeAuth, + `{"createRule":"1=3","created":"2024-07-01 01:02:03.456Z","deleteRule":"1=5","fields":[{"hidden":false,"id":"f1_id","name":"f1","presentable":false,"required":false,"system":true,"type":"bool"},{"hidden":false,"id":"f2_id","name":"f2","presentable":false,"required":true,"system":false,"type":"bool"}],"id":"test_id","indexes":["CREATE INDEX idx1 on test_name(id)","CREATE INDEX idx2 on test_name(id)"],"listRule":"1=1","name":"test_name","options":{"authRule":null,"manageRule":"1=6","authAlert":{"enabled":false,"emailTemplate":{"subject":"","body":""}},"oauth2":{"providers":null,"mappedFields":{"id":"","name":"","username":"","avatarURL":""},"enabled":false},"passwordAuth":{"enabled":false,"identityFields":null},"mfa":{"enabled":false,"duration":0,"rule":""},"otp":{"enabled":false,"duration":0,"length":0,"emailTemplate":{"subject":"","body":""}},"authToken":{"duration":0},"passwordResetToken":{"duration":0},"emailChangeToken":{"duration":0},"verificationToken":{"duration":0},"fileToken":{"duration":0},"verificationTemplate":{"subject":"","body":""},"resetPasswordTemplate":{"subject":"","body":""},"confirmEmailChangeTemplate":{"subject":"","body":""}},"system":true,"type":"auth","updateRule":"1=4","updated":"2024-07-01 01:02:03.456Z","viewRule":"1=7"}`, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.typ), func(t *testing.T) { + c := core.Collection{} + c.Type = s.typ + c.Id = "test_id" + c.Name = "test_name" + c.System = true + c.ListRule = types.Pointer("1=1") + c.ViewRule = types.Pointer("1=2") + c.CreateRule = types.Pointer("1=3") + c.UpdateRule = types.Pointer("1=4") + c.DeleteRule = types.Pointer("1=5") + c.ManageRule = types.Pointer("1=6") + c.ViewRule = types.Pointer("1=7") + c.Created = date + c.Updated = date + c.Indexes = types.JSONArray[string]{"CREATE INDEX idx1 on test_name(id)", "CREATE INDEX idx2 on test_name(id)"} + c.ViewQuery = "select 1" + c.Fields.Add(&core.BoolField{Id: "f1_id", Name: "f1", System: true}) + c.Fields.Add(&core.BoolField{Id: "f2_id", Name: "f2", Required: true}) + c.RawOptions = types.JSONRaw(`{"viewQuery": "select 2"}`) // should be ignored + + result, err := c.DBExport(app) + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(result) + if err != nil { + t.Fatal(err) + } + + if str := string(raw); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestCollectionIndexHelpers(t *testing.T) { + t.Parallel() + + checkIndexes := func(t *testing.T, indexes, expectedIndexes []string) { + if len(indexes) != len(expectedIndexes) { + t.Fatalf("Expected %d indexes, got %d\n%v", len(expectedIndexes), len(indexes), indexes) + } + + for _, idx := range expectedIndexes { + if !slices.Contains(indexes, idx) { + t.Fatalf("Missing index\n%v\nin\n%v", idx, indexes) + } + } + } + + c := core.NewBaseCollection("test") + checkIndexes(t, c.Indexes, nil) + + c.AddIndex("idx1", false, "colA,colB", "colA != 1") + c.AddIndex("idx2", true, "colA", "") + c.AddIndex("idx3", false, "colA", "") + c.AddIndex("idx3", false, "colB", "") // should overwrite the previous one + + idx1 := "CREATE INDEX `idx1` ON `test` (colA,colB) WHERE colA != 1" + idx2 := "CREATE UNIQUE INDEX `idx2` ON `test` (colA)" + idx3 := "CREATE INDEX `idx3` ON `test` (colB)" + + checkIndexes(t, c.Indexes, []string{idx1, idx2, idx3}) + + c.RemoveIndex("iDx2") // case-insensitive + c.RemoveIndex("missing") // noop + + checkIndexes(t, c.Indexes, []string{idx1, idx3}) + + expectedIndexes := map[string]string{ + "missing": "", + "idx1": idx1, + // the name is case insensitive + "iDX3": idx3, + } + for key, expectedIdx := range expectedIndexes { + idx := c.GetIndex(key) + if idx != expectedIdx { + t.Errorf("Expected index %q to be\n%v\ngot\n%v", key, expectedIdx, idx) + } + } +} + +// ------------------------------------------------------------------- + +func TestCollectionDelete(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + collection string + disableIntegrityChecks bool + expectError bool + }{ + { + name: "unsaved", + collection: "", + expectError: true, + }, + { + name: "system", + collection: core.CollectionNameSuperusers, + expectError: true, + }, + { + name: "base with references", + collection: "demo1", + expectError: true, + }, + { + name: "base with references with disabled integrity checks", + collection: "demo1", + disableIntegrityChecks: true, + expectError: false, + }, + { + name: "base without references", + collection: "demo1", + expectError: true, + }, + { + name: "view with reference", + collection: "view1", + expectError: true, + }, + { + name: "view with references with disabled integrity checks", + collection: "view1", + disableIntegrityChecks: true, + expectError: false, + }, + { + name: "view without references", + collection: "view2", + disableIntegrityChecks: true, + expectError: false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + var col *core.Collection + + if s.collection == "" { + col = core.NewBaseCollection("test") + } else { + var err error + col, err = app.FindCollectionByNameOrId(s.collection) + if err != nil { + t.Fatal(err) + } + } + + if s.disableIntegrityChecks { + col.IntegrityChecks(!s.disableIntegrityChecks) + } + + err := app.Delete(col) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + exists := app.HasTable(col.Name) + + if !col.IsNew() && exists != hasErr { + t.Fatalf("Expected HasTable %v, got %v", hasErr, exists) + } + + if !hasErr { + cache, _ := app.FindCachedCollectionByNameOrId(col.Id) + if cache != nil { + t.Fatal("Expected the collection to be removed from the cache.") + } + } + }) + } +} + +func TestCollectionModelEventSync(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + testCollections := make([]*core.Collection, 4) + for i := 0; i < 4; i++ { + testCollections[i] = core.NewBaseCollection("sync_test_" + strconv.Itoa(i)) + if err := app.Save(testCollections[i]); err != nil { + t.Fatal(err) + } + } + + createModelEvent := func() *core.ModelEvent { + event := new(core.ModelEvent) + event.App = app + event.Context = context.Background() + event.Type = "test_a" + event.Model = testCollections[0] + return event + } + + createModelErrorEvent := func() *core.ModelErrorEvent { + event := new(core.ModelErrorEvent) + event.ModelEvent = *createModelEvent() + event.Error = errors.New("error_a") + return event + } + + changeCollectionEventBefore := func(e *core.CollectionEvent) { + e.Type = "test_b" + //nolint:staticcheck + e.Context = context.WithValue(context.Background(), "test", 123) + e.Collection = testCollections[1] + } + + modelEventFinalizerChange := func(e *core.ModelEvent) { + e.Type = "test_c" + //nolint:staticcheck + e.Context = context.WithValue(context.Background(), "test", 456) + e.Model = testCollections[2] + } + + changeCollectionEventAfter := func(e *core.CollectionEvent) { + e.Type = "test_d" + //nolint:staticcheck + e.Context = context.WithValue(context.Background(), "test", 789) + e.Collection = testCollections[3] + } + + expectedBeforeModelEventHandlerChecks := func(t *testing.T, e *core.ModelEvent) { + if e.Type != "test_a" { + t.Fatalf("Expected type %q, got %q", "test_a", e.Type) + } + + if v := e.Context.Value("test"); v != nil { + t.Fatalf("Expected context value %v, got %v", nil, v) + } + + if e.Model.PK() != testCollections[0].Id { + t.Fatalf("Expected collection with id %q, got %q (%d)", testCollections[0].Id, e.Model.PK(), 0) + } + } + + expectedAfterModelEventHandlerChecks := func(t *testing.T, e *core.ModelEvent) { + if e.Type != "test_d" { + t.Fatalf("Expected type %q, got %q", "test_d", e.Type) + } + + if v := e.Context.Value("test"); v != 789 { + t.Fatalf("Expected context value %v, got %v", 789, v) + } + + if e.Model.PK() != testCollections[3].Id { + t.Fatalf("Expected collection with id %q, got %q (%d)", testCollections[3].Id, e.Model.PK(), 3) + } + } + + expectedBeforeCollectionEventHandlerChecks := func(t *testing.T, e *core.CollectionEvent) { + if e.Type != "test_a" { + t.Fatalf("Expected type %q, got %q", "test_a", e.Type) + } + + if v := e.Context.Value("test"); v != nil { + t.Fatalf("Expected context value %v, got %v", nil, v) + } + + if e.Collection.Id != testCollections[0].Id { + t.Fatalf("Expected collection with id %q, got %q (%d)", testCollections[0].Id, e.Collection.Id, 0) + } + } + + expectedAfterCollectionEventHandlerChecks := func(t *testing.T, e *core.CollectionEvent) { + if e.Type != "test_c" { + t.Fatalf("Expected type %q, got %q", "test_c", e.Type) + } + + if v := e.Context.Value("test"); v != 456 { + t.Fatalf("Expected context value %v, got %v", 456, v) + } + + if e.Collection.Id != testCollections[2].Id { + t.Fatalf("Expected collection with id %q, got %q (%d)", testCollections[2].Id, e.Collection.Id, 2) + } + } + + modelEventFinalizer := func(e *core.ModelEvent) error { + modelEventFinalizerChange(e) + return nil + } + + modelErrorEventFinalizer := func(e *core.ModelErrorEvent) error { + modelEventFinalizerChange(&e.ModelEvent) + e.Error = errors.New("error_c") + return nil + } + + modelEventHandler := &hook.Handler[*core.ModelEvent]{ + Priority: -999, + Func: func(e *core.ModelEvent) error { + t.Run("before model", func(t *testing.T) { + expectedBeforeModelEventHandlerChecks(t, e) + }) + + _ = e.Next() + + t.Run("after model", func(t *testing.T) { + expectedAfterModelEventHandlerChecks(t, e) + }) + + return nil + }, + } + + modelErrorEventHandler := &hook.Handler[*core.ModelErrorEvent]{ + Priority: -999, + Func: func(e *core.ModelErrorEvent) error { + t.Run("before model error", func(t *testing.T) { + expectedBeforeModelEventHandlerChecks(t, &e.ModelEvent) + if v := e.Error.Error(); v != "error_a" { + t.Fatalf("Expected error %q, got %q", "error_a", v) + } + }) + + _ = e.Next() + + t.Run("after model error", func(t *testing.T) { + expectedAfterModelEventHandlerChecks(t, &e.ModelEvent) + if v := e.Error.Error(); v != "error_d" { + t.Fatalf("Expected error %q, got %q", "error_d", v) + } + }) + + return nil + }, + } + + recordEventHandler := &hook.Handler[*core.CollectionEvent]{ + Priority: -999, + Func: func(e *core.CollectionEvent) error { + t.Run("before collection", func(t *testing.T) { + expectedBeforeCollectionEventHandlerChecks(t, e) + }) + + changeCollectionEventBefore(e) + + _ = e.Next() + + t.Run("after collection", func(t *testing.T) { + expectedAfterCollectionEventHandlerChecks(t, e) + }) + + changeCollectionEventAfter(e) + + return nil + }, + } + + collectionErrorEventHandler := &hook.Handler[*core.CollectionErrorEvent]{ + Priority: -999, + Func: func(e *core.CollectionErrorEvent) error { + t.Run("before collection error", func(t *testing.T) { + expectedBeforeCollectionEventHandlerChecks(t, &e.CollectionEvent) + if v := e.Error.Error(); v != "error_a" { + t.Fatalf("Expected error %q, got %q", "error_c", v) + } + }) + + changeCollectionEventBefore(&e.CollectionEvent) + e.Error = errors.New("error_b") + + _ = e.Next() + + t.Run("after collection error", func(t *testing.T) { + expectedAfterCollectionEventHandlerChecks(t, &e.CollectionEvent) + if v := e.Error.Error(); v != "error_c" { + t.Fatalf("Expected error %q, got %q", "error_c", v) + } + }) + + changeCollectionEventAfter(&e.CollectionEvent) + e.Error = errors.New("error_d") + + return nil + }, + } + + // OnModelValidate + app.OnCollectionValidate().Bind(recordEventHandler) + app.OnModelValidate().Bind(modelEventHandler) + app.OnModelValidate().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelCreate + app.OnCollectionCreate().Bind(recordEventHandler) + app.OnModelCreate().Bind(modelEventHandler) + app.OnModelCreate().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelCreateExecute + app.OnCollectionCreateExecute().Bind(recordEventHandler) + app.OnModelCreateExecute().Bind(modelEventHandler) + app.OnModelCreateExecute().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterCreateSuccess + app.OnCollectionAfterCreateSuccess().Bind(recordEventHandler) + app.OnModelAfterCreateSuccess().Bind(modelEventHandler) + app.OnModelAfterCreateSuccess().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterCreateError + app.OnCollectionAfterCreateError().Bind(collectionErrorEventHandler) + app.OnModelAfterCreateError().Bind(modelErrorEventHandler) + app.OnModelAfterCreateError().Trigger(createModelErrorEvent(), modelErrorEventFinalizer) + + // OnModelUpdate + app.OnCollectionUpdate().Bind(recordEventHandler) + app.OnModelUpdate().Bind(modelEventHandler) + app.OnModelUpdate().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelUpdateExecute + app.OnCollectionUpdateExecute().Bind(recordEventHandler) + app.OnModelUpdateExecute().Bind(modelEventHandler) + app.OnModelUpdateExecute().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterUpdateSuccess + app.OnCollectionAfterUpdateSuccess().Bind(recordEventHandler) + app.OnModelAfterUpdateSuccess().Bind(modelEventHandler) + app.OnModelAfterUpdateSuccess().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterUpdateError + app.OnCollectionAfterUpdateError().Bind(collectionErrorEventHandler) + app.OnModelAfterUpdateError().Bind(modelErrorEventHandler) + app.OnModelAfterUpdateError().Trigger(createModelErrorEvent(), modelErrorEventFinalizer) + + // OnModelDelete + app.OnCollectionDelete().Bind(recordEventHandler) + app.OnModelDelete().Bind(modelEventHandler) + app.OnModelDelete().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelDeleteExecute + app.OnCollectionDeleteExecute().Bind(recordEventHandler) + app.OnModelDeleteExecute().Bind(modelEventHandler) + app.OnModelDeleteExecute().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterDeleteSuccess + app.OnCollectionAfterDeleteSuccess().Bind(recordEventHandler) + app.OnModelAfterDeleteSuccess().Bind(modelEventHandler) + app.OnModelAfterDeleteSuccess().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterDeleteError + app.OnCollectionAfterDeleteError().Bind(collectionErrorEventHandler) + app.OnModelAfterDeleteError().Bind(modelErrorEventHandler) + app.OnModelAfterDeleteError().Trigger(createModelErrorEvent(), modelErrorEventFinalizer) +} + +func TestCollectionSaveModel(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + collection func(app core.App) (*core.Collection, error) + expectError bool + expectColumns []string + }{ + // trigger validators + { + name: "create - trigger validators", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("!invalid") + c.Fields.Add(&core.TextField{Name: "example"}) + c.AddIndex("test_save_idx", false, "example", "") + return c, nil + }, + expectError: true, + }, + { + name: "update - trigger validators", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo5") + c.Name = "demo1" + c.Fields.Add(&core.TextField{Name: "example"}) + c.Fields.RemoveByName("file") + c.AddIndex("test_save_idx", false, "example", "") + return c, nil + }, + expectError: true, + }, + + // create + { + name: "create base collection", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new") + c.Type = "" // should be auto set to "base" + c.Fields.RemoveByName("id") // ensure that the default fields will be loaded + c.Fields.Add(&core.TextField{Name: "example"}) + c.AddIndex("test_save_idx", false, "example", "") + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "example", + }, + }, + { + name: "create auth collection", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new") + c.Fields.RemoveByName("id") // ensure that the default fields will be loaded + c.Fields.RemoveByName("email") // ensure that the default fields will be loaded + c.Fields.Add(&core.TextField{Name: "example"}) + c.AddIndex("test_save_idx", false, "example", "") + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "email", "tokenKey", "password", + "verified", "emailVisibility", "example", + }, + }, + { + name: "create view collection", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new") + c.Fields.Add(&core.TextField{Name: "ignored"}) // should be ignored + c.ViewQuery = "select 1 as id, 2 as example" + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "example", + }, + }, + + // update + { + name: "update base collection", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo5") + c.Fields.Add(&core.TextField{Name: "example"}) + c.Fields.RemoveByName("file") + c.Fields.GetByName("total").SetName("total_updated") + c.AddIndex("test_save_idx", false, "example", "") + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "select_one", "select_many", "rel_one", "rel_many", + "total_updated", "created", "updated", "example", + }, + }, + { + name: "update auth collection", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("clients") + c.Fields.Add(&core.TextField{Name: "example"}) + c.Fields.RemoveByName("file") + c.Fields.GetByName("name").SetName("name_updated") + c.AddIndex("test_save_idx", false, "example", "") + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "email", "emailVisibility", "password", "tokenKey", + "verified", "username", "name_updated", "created", "updated", "example", + }, + }, + { + name: "update view collection", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("view2") + c.Fields.Add(&core.TextField{Name: "example"}) // should be ignored + c.ViewQuery = "select 1 as id, 2 as example" + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "example", + }, + }, + + // auth normalization + { + name: "unset missing oauth2 mapped fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new") + c.OAuth2.Enabled = true + // shouldn't fail + c.OAuth2.MappedFields = core.OAuth2KnownFields{ + Id: "missing", + Name: "missing", + Username: "missing", + AvatarURL: "missing", + } + return c, nil + }, + expectError: false, + expectColumns: []string{ + "id", "email", "emailVisibility", "password", "tokenKey", "verified", + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := s.collection(app) + if err != nil { + t.Fatalf("Failed to retrieve test collection: %v", err) + } + + saveErr := app.Save(collection) + + hasErr := saveErr != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", hasErr, s.expectError, saveErr) + } + + if hasErr { + return + } + + // the collection should always have an id after successful Save + if collection.Id == "" { + t.Fatal("Expected collection id to be set") + } + + // the timestamp fields should be non-empty after successful Save + if collection.Created.String() == "" { + t.Fatal("Expected collection created to be set") + } + if collection.Updated.String() == "" { + t.Fatal("Expected collection updated to be set") + } + + // check if the records table was synced + hasTable := app.HasTable(collection.Name) + if !hasTable { + t.Fatalf("Expected records table %s to be created", collection.Name) + } + + // check if the records table has the fields fields + columns, err := app.TableColumns(collection.Name) + if err != nil { + t.Fatal(err) + } + if len(columns) != len(s.expectColumns) { + t.Fatalf("Expected columns\n%v\ngot\n%v", s.expectColumns, columns) + } + for i, c := range columns { + if !slices.Contains(s.expectColumns, c) { + t.Fatalf("[%d] Didn't expect record column %q", i, c) + } + } + + // make sure that all collection indexes exists + indexes, err := app.TableIndexes(collection.Name) + if err != nil { + t.Fatal(err) + } + if len(indexes) != len(collection.Indexes) { + t.Fatalf("Expected %d indexes, got %d", len(collection.Indexes), len(indexes)) + } + for _, idx := range collection.Indexes { + parsed := dbutils.ParseIndex(idx) + if _, ok := indexes[parsed.IndexName]; !ok { + t.Fatalf("Missing index %q in\n%v", idx, indexes) + } + } + }) + } +} + +// indirect update of a field used in view should cause view(s) update +func TestCollectionSaveIndirectViewsUpdate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + // update MaxSelect fields + { + relMany := collection.Fields.GetByName("rel_many").(*core.RelationField) + relMany.MaxSelect = 1 + + fileOne := collection.Fields.GetByName("file_one").(*core.FileField) + fileOne.MaxSelect = 10 + + if err := app.Save(collection); err != nil { + t.Fatal(err) + } + } + + // check view1 fields + { + view1, err := app.FindCollectionByNameOrId("view1") + if err != nil { + t.Fatal(err) + } + + relMany := view1.Fields.GetByName("rel_many").(*core.RelationField) + if relMany.MaxSelect != 1 { + t.Fatalf("Expected view1.rel_many MaxSelect to be %d, got %v", 1, relMany.MaxSelect) + } + + fileOne := view1.Fields.GetByName("file_one").(*core.FileField) + if fileOne.MaxSelect != 10 { + t.Fatalf("Expected view1.file_one MaxSelect to be %d, got %v", 10, fileOne.MaxSelect) + } + } + + // check view2 fields + { + view2, err := app.FindCollectionByNameOrId("view2") + if err != nil { + t.Fatal(err) + } + + relMany := view2.Fields.GetByName("rel_many").(*core.RelationField) + if relMany.MaxSelect != 1 { + t.Fatalf("Expected view2.rel_many MaxSelect to be %d, got %v", 1, relMany.MaxSelect) + } + } +} + +func TestCollectionSaveViewWrapping(t *testing.T) { + t.Parallel() + + viewName := "test_wrapping" + + scenarios := []struct { + name string + query string + expected string + }{ + { + "no wrapping - text field", + "select text as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select text as id, bool from demo1)", + }, + { + "no wrapping - id field", + "select text as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select text as id, bool from demo1)", + }, + { + "no wrapping - relation field", + "select rel_one as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select rel_one as id, bool from demo1)", + }, + { + "no wrapping - select field", + "select select_many as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select select_many as id, bool from demo1)", + }, + { + "no wrapping - email field", + "select email as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select email as id, bool from demo1)", + }, + { + "no wrapping - datetime field", + "select datetime as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select datetime as id, bool from demo1)", + }, + { + "no wrapping - url field", + "select url as id, bool from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select url as id, bool from demo1)", + }, + { + "wrapping - bool field", + "select bool as id, text as txt, url from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (SELECT CAST(`id` as TEXT) `id`,`txt`,`url` FROM (select bool as id, text as txt, url from demo1))", + }, + { + "wrapping - bool field (different order)", + "select text as txt, url, bool as id from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (SELECT `txt`,`url`,CAST(`id` as TEXT) `id` FROM (select text as txt, url, bool as id from demo1))", + }, + { + "wrapping - json field", + "select json as id, text, url from demo1", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (SELECT CAST(`id` as TEXT) `id`,`text`,`url` FROM (select json as id, text, url from demo1))", + }, + { + "wrapping - numeric id", + "select 1 as id", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (SELECT CAST(`id` as TEXT) `id` FROM (select 1 as id))", + }, + { + "wrapping - expresion", + "select ('test') as id", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (SELECT CAST(`id` as TEXT) `id` FROM (select ('test') as id))", + }, + { + "no wrapping - cast as text", + "select cast('test' as text) as id", + "CREATE VIEW `test_wrapping` AS SELECT * FROM (select cast('test' as text) as id)", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewViewCollection(viewName) + collection.ViewQuery = s.query + + err := app.Save(collection) + if err != nil { + t.Fatal(err) + } + + var sql string + + rowErr := app.ConcurrentDB().NewQuery("SELECT sql FROM sqlite_master WHERE type='view' AND name={:name}"). + Bind(dbx.Params{"name": viewName}). + Row(&sql) + if rowErr != nil { + t.Fatalf("Failed to retrieve view sql: %v", rowErr) + } + + if sql != s.expected { + t.Fatalf("Expected query \n%v, \ngot \n%v", s.expected, sql) + } + }) + } +} diff --git a/core/collection_model_view_options.go b/core/collection_model_view_options.go new file mode 100644 index 0000000..ffe2859 --- /dev/null +++ b/core/collection_model_view_options.go @@ -0,0 +1,18 @@ +package core + +import ( + validation "github.com/go-ozzo/ozzo-validation/v4" +) + +var _ optionsValidator = (*collectionViewOptions)(nil) + +// collectionViewOptions defines the options for the "view" type collection. +type collectionViewOptions struct { + ViewQuery string `form:"viewQuery" json:"viewQuery"` +} + +func (o *collectionViewOptions) validate(cv *collectionValidator) error { + return validation.ValidateStruct(o, + validation.Field(&o.ViewQuery, validation.Required, validation.By(cv.checkViewQuery)), + ) +} diff --git a/core/collection_model_view_options_test.go b/core/collection_model_view_options_test.go new file mode 100644 index 0000000..c7da1ef --- /dev/null +++ b/core/collection_model_view_options_test.go @@ -0,0 +1,79 @@ +package core_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestCollectionViewOptionsValidate(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + collection func(app core.App) (*core.Collection, error) + expectedErrors []string + }{ + { + name: "view with empty query", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new_auth") + return c, nil + }, + expectedErrors: []string{"fields", "viewQuery"}, + }, + { + name: "view with invalid query", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new_auth") + c.ViewQuery = "invalid" + return c, nil + }, + expectedErrors: []string{"fields", "viewQuery"}, + }, + { + name: "view with valid query but missing id", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new_auth") + c.ViewQuery = "select 1" + return c, nil + }, + expectedErrors: []string{"fields", "viewQuery"}, + }, + { + name: "view with valid query", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new_auth") + c.ViewQuery = "select demo1.id, text as example from demo1" + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "update view query ", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("view2") + c.ViewQuery = "select demo1.id, text as example from demo1" + return c, nil + }, + expectedErrors: []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := s.collection(app) + if err != nil { + t.Fatalf("Failed to retrieve test collection: %v", err) + } + + result := app.Validate(collection) + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} diff --git a/core/collection_query.go b/core/collection_query.go new file mode 100644 index 0000000..b19bb55 --- /dev/null +++ b/core/collection_query.go @@ -0,0 +1,391 @@ +package core + +import ( + "bytes" + "database/sql" + "encoding/json" + "errors" + "fmt" + "slices" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/list" +) + +const StoreKeyCachedCollections = "pbAppCachedCollections" + +// CollectionQuery returns a new Collection select query. +func (app *BaseApp) CollectionQuery() *dbx.SelectQuery { + return app.ModelQuery(&Collection{}) +} + +// FindCollections finds all collections by the given type(s). +// +// If collectionTypes is not set, it returns all collections. +// +// Example: +// +// app.FindAllCollections() // all collections +// app.FindAllCollections("auth", "view") // only auth and view collections +func (app *BaseApp) FindAllCollections(collectionTypes ...string) ([]*Collection, error) { + collections := []*Collection{} + + q := app.CollectionQuery() + + types := list.NonzeroUniques(collectionTypes) + if len(types) > 0 { + q.AndWhere(dbx.In("type", list.ToInterfaceSlice(types)...)) + } + + err := q.OrderBy("rowid ASC").All(&collections) + if err != nil { + return nil, err + } + + return collections, nil +} + +// ReloadCachedCollections fetches all collections and caches them into the app store. +func (app *BaseApp) ReloadCachedCollections() error { + collections, err := app.FindAllCollections() + if err != nil { + return err + } + + app.Store().Set(StoreKeyCachedCollections, collections) + + return nil +} + +// FindCollectionByNameOrId finds a single collection by its name (case insensitive) or id. +func (app *BaseApp) FindCollectionByNameOrId(nameOrId string) (*Collection, error) { + m := &Collection{} + + err := app.CollectionQuery(). + AndWhere(dbx.NewExp("[[id]]={:id} OR LOWER([[name]])={:name}", dbx.Params{ + "id": nameOrId, + "name": strings.ToLower(nameOrId), + })). + Limit(1). + One(m) + if err != nil { + return nil, err + } + + return m, nil +} + +// FindCachedCollectionByNameOrId is similar to [BaseApp.FindCollectionByNameOrId] +// but retrieves the Collection from the app cache instead of making a db call. +// +// NB! This method is suitable for read-only Collection operations. +// +// Returns [sql.ErrNoRows] if no Collection is found for consistency +// with the [BaseApp.FindCollectionByNameOrId] method. +// +// If you plan making changes to the returned Collection model, +// use [BaseApp.FindCollectionByNameOrId] instead. +// +// Caveats: +// +// - The returned Collection should be used only for read-only operations. +// Avoid directly modifying the returned cached Collection as it will affect +// the global cached value even if you don't persist the changes in the database! +// - If you are updating a Collection in a transaction and then call this method before commit, +// it'll return the cached Collection state and not the one from the uncommitted transaction. +// - The cache is automatically updated on collections db change (create/update/delete). +// To manually reload the cache you can call [BaseApp.ReloadCachedCollections]. +func (app *BaseApp) FindCachedCollectionByNameOrId(nameOrId string) (*Collection, error) { + collections, _ := app.Store().Get(StoreKeyCachedCollections).([]*Collection) + if collections == nil { + // cache is not initialized yet (eg. run in a system migration) + return app.FindCollectionByNameOrId(nameOrId) + } + + for _, c := range collections { + if strings.EqualFold(c.Name, nameOrId) || c.Id == nameOrId { + return c, nil + } + } + + return nil, sql.ErrNoRows +} + +// FindCollectionReferences returns information for all relation fields +// referencing the provided collection. +// +// If the provided collection has reference to itself then it will be +// also included in the result. To exclude it, pass the collection id +// as the excludeIds argument. +func (app *BaseApp) FindCollectionReferences(collection *Collection, excludeIds ...string) (map[*Collection][]Field, error) { + collections := []*Collection{} + + query := app.CollectionQuery() + + if uniqueExcludeIds := list.NonzeroUniques(excludeIds); len(uniqueExcludeIds) > 0 { + query.AndWhere(dbx.NotIn("id", list.ToInterfaceSlice(uniqueExcludeIds)...)) + } + + if err := query.All(&collections); err != nil { + return nil, err + } + + result := map[*Collection][]Field{} + + for _, c := range collections { + for _, rawField := range c.Fields { + f, ok := rawField.(*RelationField) + if ok && f.CollectionId == collection.Id { + result[c] = append(result[c], f) + } + } + } + + return result, nil +} + +// FindCachedCollectionReferences is similar to [BaseApp.FindCollectionReferences] +// but retrieves the Collection from the app cache instead of making a db call. +// +// NB! This method is suitable for read-only Collection operations. +// +// If you plan making changes to the returned Collection model, +// use [BaseApp.FindCollectionReferences] instead. +// +// Caveats: +// +// - The returned Collection should be used only for read-only operations. +// Avoid directly modifying the returned cached Collection as it will affect +// the global cached value even if you don't persist the changes in the database! +// - If you are updating a Collection in a transaction and then call this method before commit, +// it'll return the cached Collection state and not the one from the uncommitted transaction. +// - The cache is automatically updated on collections db change (create/update/delete). +// To manually reload the cache you can call [BaseApp.ReloadCachedCollections]. +func (app *BaseApp) FindCachedCollectionReferences(collection *Collection, excludeIds ...string) (map[*Collection][]Field, error) { + collections, _ := app.Store().Get(StoreKeyCachedCollections).([]*Collection) + if collections == nil { + // cache is not initialized yet (eg. run in a system migration) + return app.FindCollectionReferences(collection, excludeIds...) + } + + result := map[*Collection][]Field{} + + for _, c := range collections { + if slices.Contains(excludeIds, c.Id) { + continue + } + + for _, rawField := range c.Fields { + f, ok := rawField.(*RelationField) + if ok && f.CollectionId == collection.Id { + result[c] = append(result[c], f) + } + } + } + + return result, nil +} + +// IsCollectionNameUnique checks that there is no existing collection +// with the provided name (case insensitive!). +// +// Note: case insensitive check because the name is used also as +// table name for the records. +func (app *BaseApp) IsCollectionNameUnique(name string, excludeIds ...string) bool { + if name == "" { + return false + } + + query := app.CollectionQuery(). + Select("count(*)"). + AndWhere(dbx.NewExp("LOWER([[name]])={:name}", dbx.Params{"name": strings.ToLower(name)})). + Limit(1) + + if uniqueExcludeIds := list.NonzeroUniques(excludeIds); len(uniqueExcludeIds) > 0 { + query.AndWhere(dbx.NotIn("id", list.ToInterfaceSlice(uniqueExcludeIds)...)) + } + + var total int + + return query.Row(&total) == nil && total == 0 +} + +// TruncateCollection deletes all records associated with the provided collection. +// +// The truncate operation is executed in a single transaction, +// aka. either everything is deleted or none. +// +// Note that this method will also trigger the records related +// cascade and file delete actions. +func (app *BaseApp) TruncateCollection(collection *Collection) error { + if collection.IsView() { + return errors.New("view collections cannot be truncated since they don't store their own records") + } + + return app.RunInTransaction(func(txApp App) error { + records := make([]*Record, 0, 500) + + for { + err := txApp.RecordQuery(collection).Limit(500).All(&records) + if err != nil { + return err + } + + if len(records) == 0 { + return nil + } + + for _, record := range records { + err = txApp.Delete(record) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return err + } + } + + records = records[:0] + } + }) +} + +// ------------------------------------------------------------------- + +// saveViewCollection persists the provided View collection changes: +// - deletes the old related SQL view (if any) +// - creates a new SQL view with the latest newCollection.Options.Query +// - generates new feilds list based on newCollection.Options.Query +// - updates newCollection.Fields based on the generated view table info and query +// - saves the newCollection +// +// This method returns an error if newCollection is not a "view". +func saveViewCollection(app App, newCollection, oldCollection *Collection) error { + if !newCollection.IsView() { + return errors.New("not a view collection") + } + + return app.RunInTransaction(func(txApp App) error { + query := newCollection.ViewQuery + + // generate collection fields from the query + viewFields, err := txApp.CreateViewFields(query) + if err != nil { + return err + } + + // delete old renamed view + if oldCollection != nil { + if err := txApp.DeleteView(oldCollection.Name); err != nil { + return err + } + } + + // wrap view query if necessary + query, err = normalizeViewQueryId(txApp, query) + if err != nil { + return fmt.Errorf("failed to normalize view query id: %w", err) + } + + // (re)create the view + if err := txApp.SaveView(newCollection.Name, query); err != nil { + return err + } + + newCollection.Fields = viewFields + + return txApp.Save(newCollection) + }) +} + +// normalizeViewQueryId wraps (if necessary) the provided view query +// with a subselect to ensure that the id column is a text since +// currently we don't support non-string model ids +// (see https://github.com/pocketbase/pocketbase/issues/3110). +func normalizeViewQueryId(app App, query string) (string, error) { + query = strings.Trim(strings.TrimSpace(query), ";") + + info, err := getQueryTableInfo(app, query) + if err != nil { + return "", err + } + + for _, row := range info { + if strings.EqualFold(row.Name, FieldNameId) && strings.EqualFold(row.Type, "TEXT") { + return query, nil // no wrapping needed + } + } + + // raw parse to preserve the columns order + rawParsed := new(identifiersParser) + if err := rawParsed.parse(query); err != nil { + return "", err + } + + columns := make([]string, 0, len(rawParsed.columns)) + for _, col := range rawParsed.columns { + if col.alias == FieldNameId { + columns = append(columns, fmt.Sprintf("CAST([[%s]] as TEXT) [[%s]]", col.alias, col.alias)) + } else { + columns = append(columns, "[["+col.alias+"]]") + } + } + + query = fmt.Sprintf("SELECT %s FROM (%s)", strings.Join(columns, ","), query) + + return query, nil +} + +// resaveViewsWithChangedFields updates all view collections with changed fields. +func resaveViewsWithChangedFields(app App, excludeIds ...string) error { + collections, err := app.FindAllCollections(CollectionTypeView) + if err != nil { + return err + } + + return app.RunInTransaction(func(txApp App) error { + for _, collection := range collections { + if len(excludeIds) > 0 && list.ExistInSlice(collection.Id, excludeIds) { + continue + } + + // clone the existing fields for temp modifications + oldFields, err := collection.Fields.Clone() + if err != nil { + return err + } + + // generate new fields from the query + newFields, err := txApp.CreateViewFields(collection.ViewQuery) + if err != nil { + return err + } + + // unset the fields' ids to exclude from the comparison + for _, f := range oldFields { + f.SetId("") + } + for _, f := range newFields { + f.SetId("") + } + + encodedNewFields, err := json.Marshal(newFields) + if err != nil { + return err + } + + encodedOldFields, err := json.Marshal(oldFields) + if err != nil { + return err + } + + if bytes.EqualFold(encodedNewFields, encodedOldFields) { + continue // no changes + } + + if err := saveViewCollection(txApp, collection, nil); err != nil { + return err + } + } + + return nil + }) +} diff --git a/core/collection_query_test.go b/core/collection_query_test.go new file mode 100644 index 0000000..2bef7cf --- /dev/null +++ b/core/collection_query_test.go @@ -0,0 +1,474 @@ +package core_test + +import ( + "context" + "database/sql" + "fmt" + "os" + "path/filepath" + "slices" + "strings" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/list" +) + +func TestCollectionQuery(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + expected := "SELECT {{_collections}}.* FROM `_collections`" + + sql := app.CollectionQuery().Build().SQL() + if sql != expected { + t.Errorf("Expected sql %s, got %s", expected, sql) + } +} + +func TestReloadCachedCollections(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + err := app.ReloadCachedCollections() + if err != nil { + t.Fatal(err) + } + + cached := app.Store().Get(core.StoreKeyCachedCollections) + + cachedCollections, ok := cached.([]*core.Collection) + if !ok { + t.Fatalf("Expected []*core.Collection, got %T", cached) + } + + collections, err := app.FindAllCollections() + if err != nil { + t.Fatalf("Failed to retrieve all collections: %v", err) + } + + if len(cachedCollections) != len(collections) { + t.Fatalf("Expected %d collections, got %d", len(collections), len(cachedCollections)) + } + + for _, c := range collections { + var exists bool + for _, cc := range cachedCollections { + if cc.Id == c.Id { + exists = true + break + } + } + if !exists { + t.Fatalf("The collections cache is missing collection %q", c.Name) + } + } +} + +func TestFindAllCollections(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + collectionTypes []string + expectTotal int + }{ + {nil, 16}, + {[]string{}, 16}, + {[]string{""}, 16}, + {[]string{"unknown"}, 0}, + {[]string{"unknown", core.CollectionTypeAuth}, 4}, + {[]string{core.CollectionTypeAuth, core.CollectionTypeView}, 7}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, strings.Join(s.collectionTypes, "_")), func(t *testing.T) { + collections, err := app.FindAllCollections(s.collectionTypes...) + if err != nil { + t.Fatal(err) + } + + if len(collections) != s.expectTotal { + t.Fatalf("Expected %d collections, got %d", s.expectTotal, len(collections)) + } + + expectedTypes := list.NonzeroUniques(s.collectionTypes) + if len(expectedTypes) > 0 { + for _, c := range collections { + if !slices.Contains(expectedTypes, c.Type) { + t.Fatalf("Unexpected collection type %s\n%v", c.Type, c) + } + } + } + }) + } +} + +func TestFindCollectionByNameOrId(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + nameOrId string + expectError bool + }{ + {"", true}, + {"missing", true}, + {"wsmn24bux7wo113", false}, + {"demo1", false}, + {"DEMO1", false}, // case insensitive + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.nameOrId), func(t *testing.T) { + model, err := app.FindCollectionByNameOrId(s.nameOrId) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if model != nil && model.Id != s.nameOrId && !strings.EqualFold(model.Name, s.nameOrId) { + t.Fatalf("Expected model with identifier %s, got %v", s.nameOrId, model) + } + }) + } +} + +func TestFindCachedCollectionByNameOrId(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + totalQueries := 0 + app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + totalQueries++ + } + + run := func(withCache bool) { + scenarios := []struct { + nameOrId string + expectError bool + }{ + {"", true}, + {"missing", true}, + {"wsmn24bux7wo113", false}, + {"demo1", false}, + {"DEMO1", false}, // case insensitive + } + + var expectedTotalQueries int + + if withCache { + err := app.ReloadCachedCollections() + if err != nil { + t.Fatal(err) + } + } else { + app.Store().Reset(nil) + expectedTotalQueries = len(scenarios) + } + + totalQueries = 0 + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.nameOrId), func(t *testing.T) { + model, err := app.FindCachedCollectionByNameOrId(s.nameOrId) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if model != nil && model.Id != s.nameOrId && !strings.EqualFold(model.Name, s.nameOrId) { + t.Fatalf("Expected model with identifier %s, got %v", s.nameOrId, model) + } + }) + } + + if totalQueries != expectedTotalQueries { + t.Fatalf("Expected %d totalQueries, got %d", expectedTotalQueries, totalQueries) + } + } + + run(true) + + run(false) +} + +func TestFindCollectionReferences(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + result, err := app.FindCollectionReferences( + collection, + collection.Id, + // test whether "nonempty" exclude ids condition will be skipped + "", + "", + ) + if err != nil { + t.Fatal(err) + } + + if len(result) != 1 { + t.Fatalf("Expected 1 collection, got %d: %v", len(result), result) + } + + expectedFields := []string{ + "rel_one_no_cascade", + "rel_one_no_cascade_required", + "rel_one_cascade", + "rel_one_unique", + "rel_many_no_cascade", + "rel_many_no_cascade_required", + "rel_many_cascade", + "rel_many_unique", + } + + for col, fields := range result { + if col.Name != "demo4" { + t.Fatalf("Expected collection demo4, got %s", col.Name) + } + if len(fields) != len(expectedFields) { + t.Fatalf("Expected fields %v, got %v", expectedFields, fields) + } + for i, f := range fields { + if !slices.Contains(expectedFields, f.GetName()) { + t.Fatalf("[%d] Didn't expect field %v", i, f) + } + } + } +} + +func TestFindCachedCollectionReferences(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + totalQueries := 0 + app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + totalQueries++ + } + + run := func(withCache bool) { + var expectedTotalQueries int + + if withCache { + err := app.ReloadCachedCollections() + if err != nil { + t.Fatal(err) + } + } else { + app.Store().Reset(nil) + expectedTotalQueries = 1 + } + + totalQueries = 0 + + result, err := app.FindCachedCollectionReferences( + collection, + collection.Id, + // test whether "nonempty" exclude ids condition will be skipped + "", + "", + ) + if err != nil { + t.Fatal(err) + } + + if len(result) != 1 { + t.Fatalf("Expected 1 collection, got %d: %v", len(result), result) + } + + expectedFields := []string{ + "rel_one_no_cascade", + "rel_one_no_cascade_required", + "rel_one_cascade", + "rel_one_unique", + "rel_many_no_cascade", + "rel_many_no_cascade_required", + "rel_many_cascade", + "rel_many_unique", + } + + for col, fields := range result { + if col.Name != "demo4" { + t.Fatalf("Expected collection demo4, got %s", col.Name) + } + if len(fields) != len(expectedFields) { + t.Fatalf("Expected fields %v, got %v", expectedFields, fields) + } + for i, f := range fields { + if !slices.Contains(expectedFields, f.GetName()) { + t.Fatalf("[%d] Didn't expect field %v", i, f) + } + } + } + + if totalQueries != expectedTotalQueries { + t.Fatalf("Expected %d totalQueries, got %d", expectedTotalQueries, totalQueries) + } + } + + run(true) + + run(false) +} + +func TestIsCollectionNameUnique(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + excludeId string + expected bool + }{ + {"", "", false}, + {"demo1", "", false}, + {"Demo1", "", false}, + {"new", "", true}, + {"demo1", "wsmn24bux7wo113", true}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.name), func(t *testing.T) { + result := app.IsCollectionNameUnique(s.name, s.excludeId) + if result != s.expected { + t.Errorf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestFindCollectionTruncate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + countFiles := func(collectionId string) (int, error) { + entries, err := os.ReadDir(filepath.Join(app.DataDir(), "storage", collectionId)) + return len(entries), err + } + + t.Run("truncate view", func(t *testing.T) { + view2, err := app.FindCollectionByNameOrId("view2") + if err != nil { + t.Fatal(err) + } + + err = app.TruncateCollection(view2) + if err == nil { + t.Fatalf("Expected truncate to fail because view collections can't be truncated") + } + }) + + t.Run("truncate failure", func(t *testing.T) { + demo3, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + originalTotalRecords, err := app.CountRecords(demo3) + if err != nil { + t.Fatal(err) + } + + originalTotalFiles, err := countFiles(demo3.Id) + if err != nil { + t.Fatal(err) + } + + err = app.TruncateCollection(demo3) + if err == nil { + t.Fatalf("Expected truncate to fail due to cascade delete failed required constraint") + } + + // short delay to ensure that the file delete goroutine has been executed + time.Sleep(100 * time.Millisecond) + + totalRecords, err := app.CountRecords(demo3) + if err != nil { + t.Fatal(err) + } + + if totalRecords != originalTotalRecords { + t.Fatalf("Expected %d records, got %d", originalTotalRecords, totalRecords) + } + + totalFiles, err := countFiles(demo3.Id) + if err != nil { + t.Fatal(err) + } + if totalFiles != originalTotalFiles { + t.Fatalf("Expected %d files, got %d", originalTotalFiles, totalFiles) + } + }) + + t.Run("truncate success", func(t *testing.T) { + demo5, err := app.FindCollectionByNameOrId("demo5") + if err != nil { + t.Fatal(err) + } + + err = app.TruncateCollection(demo5) + if err != nil { + t.Fatal(err) + } + + // short delay to ensure that the file delete goroutine has been executed + time.Sleep(100 * time.Millisecond) + + total, err := app.CountRecords(demo5) + if err != nil { + t.Fatal(err) + } + if total != 0 { + t.Fatalf("Expected all records to be deleted, got %v", total) + } + + totalFiles, err := countFiles(demo5.Id) + if err != nil { + t.Fatal(err) + } + + if totalFiles != 0 { + t.Fatalf("Expected truncated record files to be deleted, got %d", totalFiles) + } + + // try to truncate again (shouldn't return an error) + err = app.TruncateCollection(demo5) + if err != nil { + t.Fatal(err) + } + }) +} diff --git a/core/collection_record_table_sync.go b/core/collection_record_table_sync.go new file mode 100644 index 0000000..3ecf208 --- /dev/null +++ b/core/collection_record_table_sync.go @@ -0,0 +1,364 @@ +package core + +import ( + "fmt" + "log/slog" + "strconv" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/security" +) + +// SyncRecordTableSchema compares the two provided collections +// and applies the necessary related record table changes. +// +// If oldCollection is null, then only newCollection is used to create the record table. +// +// This method is automatically invoked as part of a collection create/update/delete operation. +func (app *BaseApp) SyncRecordTableSchema(newCollection *Collection, oldCollection *Collection) error { + if newCollection.IsView() { + return nil // nothing to sync since views don't have records table + } + + txErr := app.RunInTransaction(func(txApp App) error { + // create + // ----------------------------------------------------------- + if oldCollection == nil || !app.HasTable(oldCollection.Name) { + tableName := newCollection.Name + + fields := newCollection.Fields + + cols := make(map[string]string, len(fields)) + + // add fields definition + for _, field := range fields { + cols[field.GetName()] = field.ColumnType(app) + } + + // create table + if _, err := txApp.DB().CreateTable(tableName, cols).Execute(); err != nil { + return err + } + + return createCollectionIndexes(txApp, newCollection) + } + + // update + // ----------------------------------------------------------- + oldTableName := oldCollection.Name + newTableName := newCollection.Name + oldFields := oldCollection.Fields + newFields := newCollection.Fields + + needTableRename := !strings.EqualFold(oldTableName, newTableName) + + var needIndexesUpdate bool + if needTableRename || + oldFields.String() != newFields.String() || + oldCollection.Indexes.String() != newCollection.Indexes.String() { + needIndexesUpdate = true + } + + if needIndexesUpdate { + // drop old indexes (if any) + if err := dropCollectionIndexes(txApp, oldCollection); err != nil { + return err + } + } + + // check for renamed table + if needTableRename { + _, err := txApp.DB().RenameTable("{{"+oldTableName+"}}", "{{"+newTableName+"}}").Execute() + if err != nil { + return err + } + } + + // check for deleted columns + for _, oldField := range oldFields { + if f := newFields.GetById(oldField.GetId()); f != nil { + continue // exist + } + + _, err := txApp.DB().DropColumn(newTableName, oldField.GetName()).Execute() + if err != nil { + return fmt.Errorf("failed to drop column %s - %w", oldField.GetName(), err) + } + } + + // check for new or renamed columns + toRename := map[string]string{} + for _, field := range newFields { + oldField := oldFields.GetById(field.GetId()) + // Note: + // We are using a temporary column name when adding or renaming columns + // to ensure that there are no name collisions in case there is + // names switch/reuse of existing columns (eg. name, title -> title, name). + // This way we are always doing 1 more rename operation but it provides better less ambiguous experience. + + if oldField == nil { + tempName := field.GetName() + security.PseudorandomString(5) + toRename[tempName] = field.GetName() + + // add + _, err := txApp.DB().AddColumn(newTableName, tempName, field.ColumnType(txApp)).Execute() + if err != nil { + return fmt.Errorf("failed to add column %s - %w", field.GetName(), err) + } + } else if oldField.GetName() != field.GetName() { + tempName := field.GetName() + security.PseudorandomString(5) + toRename[tempName] = field.GetName() + + // rename + _, err := txApp.DB().RenameColumn(newTableName, oldField.GetName(), tempName).Execute() + if err != nil { + return fmt.Errorf("failed to rename column %s - %w", oldField.GetName(), err) + } + } + } + + // set the actual columns name + for tempName, actualName := range toRename { + _, err := txApp.DB().RenameColumn(newTableName, tempName, actualName).Execute() + if err != nil { + return err + } + } + + if err := normalizeSingleVsMultipleFieldChanges(txApp, newCollection, oldCollection); err != nil { + return err + } + + if needIndexesUpdate { + return createCollectionIndexes(txApp, newCollection) + } + + return nil + }) + if txErr != nil { + return txErr + } + + // run optimize per the SQLite recommendations + // (https://www.sqlite.org/pragma.html#pragma_optimize) + _, optimizeErr := app.ConcurrentDB().NewQuery("PRAGMA optimize").Execute() + if optimizeErr != nil { + app.Logger().Warn("Failed to run PRAGMA optimize after record table sync", slog.String("error", optimizeErr.Error())) + } + + return nil +} + +func normalizeSingleVsMultipleFieldChanges(app App, newCollection *Collection, oldCollection *Collection) error { + if newCollection.IsView() || oldCollection == nil { + return nil // view or not an update + } + + return app.RunInTransaction(func(txApp App) error { + for _, newField := range newCollection.Fields { + // allow to continue even if there is no old field for the cases + // when a new field is added and there are already inserted data + var isOldMultiple bool + if oldField := oldCollection.Fields.GetById(newField.GetId()); oldField != nil { + if mv, ok := oldField.(MultiValuer); ok { + isOldMultiple = mv.IsMultiple() + } + } + + var isNewMultiple bool + if mv, ok := newField.(MultiValuer); ok { + isNewMultiple = mv.IsMultiple() + } + + if isOldMultiple == isNewMultiple { + continue // no change + } + + // ------------------------------------------------------- + // update the field column definition + // ------------------------------------------------------- + + // temporary drop all views to prevent reference errors during the columns renaming + // (this is used as an "alternative" to the writable_schema PRAGMA) + views := []struct { + Name string `db:"name"` + SQL string `db:"sql"` + }{} + err := txApp.DB().Select("name", "sql"). + From("sqlite_master"). + AndWhere(dbx.NewExp("sql is not null")). + AndWhere(dbx.HashExp{"type": "view"}). + All(&views) + if err != nil { + return err + } + for _, view := range views { + err = txApp.DeleteView(view.Name) + if err != nil { + return err + } + } + + originalName := newField.GetName() + oldTempName := "_" + newField.GetName() + security.PseudorandomString(5) + + // rename temporary the original column to something else to allow inserting a new one in its place + _, err = txApp.DB().RenameColumn(newCollection.Name, originalName, oldTempName).Execute() + if err != nil { + return err + } + + // reinsert the field column with the new type + _, err = txApp.DB().AddColumn(newCollection.Name, originalName, newField.ColumnType(txApp)).Execute() + if err != nil { + return err + } + + var copyQuery *dbx.Query + + if !isOldMultiple && isNewMultiple { + // single -> multiple (convert to array) + copyQuery = txApp.DB().NewQuery(fmt.Sprintf( + `UPDATE {{%s}} set [[%s]] = ( + CASE + WHEN COALESCE([[%s]], '') = '' + THEN '[]' + ELSE ( + CASE + WHEN json_valid([[%s]]) AND json_type([[%s]]) == 'array' + THEN [[%s]] + ELSE json_array([[%s]]) + END + ) + END + )`, + newCollection.Name, + originalName, + oldTempName, + oldTempName, + oldTempName, + oldTempName, + oldTempName, + )) + } else { + // multiple -> single (keep only the last element) + // + // note: for file fields the actual file objects are not + // deleted allowing additional custom handling via migration + copyQuery = txApp.DB().NewQuery(fmt.Sprintf( + `UPDATE {{%s}} set [[%s]] = ( + CASE + WHEN COALESCE([[%s]], '[]') = '[]' + THEN '' + ELSE ( + CASE + WHEN json_valid([[%s]]) AND json_type([[%s]]) == 'array' + THEN COALESCE(json_extract([[%s]], '$[#-1]'), '') + ELSE [[%s]] + END + ) + END + )`, + newCollection.Name, + originalName, + oldTempName, + oldTempName, + oldTempName, + oldTempName, + oldTempName, + )) + } + + // copy the normalized values + _, err = copyQuery.Execute() + if err != nil { + return err + } + + // drop the original column + _, err = txApp.DB().DropColumn(newCollection.Name, oldTempName).Execute() + if err != nil { + return err + } + + // restore views + for _, view := range views { + _, err = txApp.DB().NewQuery(view.SQL).Execute() + if err != nil { + return err + } + } + } + + return nil + }) +} + +func dropCollectionIndexes(app App, collection *Collection) error { + if collection.IsView() { + return nil // views don't have indexes + } + + return app.RunInTransaction(func(txApp App) error { + for _, raw := range collection.Indexes { + parsed := dbutils.ParseIndex(raw) + + if !parsed.IsValid() { + continue + } + + _, err := txApp.DB().NewQuery(fmt.Sprintf("DROP INDEX IF EXISTS [[%s]]", parsed.IndexName)).Execute() + if err != nil { + return err + } + } + + return nil + }) +} + +func createCollectionIndexes(app App, collection *Collection) error { + if collection.IsView() { + return nil // views don't have indexes + } + + return app.RunInTransaction(func(txApp App) error { + // upsert new indexes + // + // note: we are returning validation errors because the indexes cannot be + // easily validated in a form, aka. before persisting the related + // collection record table changes + errs := validation.Errors{} + for i, idx := range collection.Indexes { + parsed := dbutils.ParseIndex(idx) + + // ensure that the index is always for the current collection + parsed.TableName = collection.Name + + if !parsed.IsValid() { + errs[strconv.Itoa(i)] = validation.NewError( + "validation_invalid_index_expression", + "Invalid CREATE INDEX expression.", + ) + continue + } + + if _, err := txApp.DB().NewQuery(parsed.Build()).Execute(); err != nil { + errs[strconv.Itoa(i)] = validation.NewError( + "validation_invalid_index_expression", + fmt.Sprintf("Failed to create index %s - %v.", parsed.IndexName, err.Error()), + ) + continue + } + } + + if len(errs) > 0 { + return validation.Errors{"indexes": errs} + } + + return nil + }) +} diff --git a/core/collection_record_table_sync_test.go b/core/collection_record_table_sync_test.go new file mode 100644 index 0000000..38beeb6 --- /dev/null +++ b/core/collection_record_table_sync_test.go @@ -0,0 +1,296 @@ +package core_test + +import ( + "bytes" + "encoding/json" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestSyncRecordTableSchema(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + oldCollection, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + t.Fatal(err) + } + updatedCollection, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + t.Fatal(err) + } + updatedCollection.Name = "demo_renamed" + updatedCollection.Fields.RemoveByName("active") + updatedCollection.Fields.Add(&core.EmailField{ + Name: "new_field", + }) + updatedCollection.Fields.Add(&core.EmailField{ + Id: updatedCollection.Fields.GetByName("title").GetId(), + Name: "title_renamed", + }) + updatedCollection.Indexes = types.JSONArray[string]{"create index idx_title_renamed on anything (title_renamed)"} + + baseCol := core.NewBaseCollection("new_base") + baseCol.Fields.Add(&core.TextField{Name: "test"}) + + authCol := core.NewAuthCollection("new_auth") + authCol.Fields.Add(&core.TextField{Name: "test"}) + authCol.AddIndex("idx_auth_test", false, "email, id", "") + + scenarios := []struct { + name string + newCollection *core.Collection + oldCollection *core.Collection + expectedColumns []string + expectedIndexesCount int + }{ + { + "new base collection", + baseCol, + nil, + []string{"id", "test"}, + 0, + }, + { + "new auth collection", + authCol, + nil, + []string{ + "id", "test", "email", "verified", + "emailVisibility", "tokenKey", "password", + }, + 3, + }, + { + "no changes", + oldCollection, + oldCollection, + []string{"id", "created", "updated", "title", "active"}, + 3, + }, + { + "renamed table, deleted column, renamed columnd and new column", + updatedCollection, + oldCollection, + []string{"id", "created", "updated", "title_renamed", "new_field"}, + 1, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := app.SyncRecordTableSchema(s.newCollection, s.oldCollection) + if err != nil { + t.Fatal(err) + } + + if !app.HasTable(s.newCollection.Name) { + t.Fatalf("Expected table %s to exist", s.newCollection.Name) + } + + cols, _ := app.TableColumns(s.newCollection.Name) + if len(cols) != len(s.expectedColumns) { + t.Fatalf("Expected columns %v, got %v", s.expectedColumns, cols) + } + + for _, col := range cols { + if !list.ExistInSlice(col, s.expectedColumns) { + t.Fatalf("Couldn't find column %s in %v", col, s.expectedColumns) + } + } + + indexes, _ := app.TableIndexes(s.newCollection.Name) + + if totalIndexes := len(indexes); totalIndexes != s.expectedIndexesCount { + t.Fatalf("Expected %d indexes, got %d:\n%v", s.expectedIndexesCount, totalIndexes, indexes) + } + }) + } +} + +func getTotalViews(app core.App) (int, error) { + var total int + + err := app.DB().Select("count(*)"). + From("sqlite_master"). + AndWhere(dbx.NewExp("sql is not null")). + AndWhere(dbx.HashExp{"type": "view"}). + Row(&total) + + return total, err +} + +func TestSingleVsMultipleValuesNormalization(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + beforeTotalViews, err := getTotalViews(app) + if err != nil { + t.Fatal(err) + } + + // mock field changes + collection.Fields.GetByName("select_one").(*core.SelectField).MaxSelect = 2 + collection.Fields.GetByName("select_many").(*core.SelectField).MaxSelect = 1 + collection.Fields.GetByName("file_one").(*core.FileField).MaxSelect = 2 + collection.Fields.GetByName("file_many").(*core.FileField).MaxSelect = 1 + collection.Fields.GetByName("rel_one").(*core.RelationField).MaxSelect = 2 + collection.Fields.GetByName("rel_many").(*core.RelationField).MaxSelect = 1 + + // new multivaluer field to check whether the array normalization + // will be applied for already inserted data + collection.Fields.Add(&core.SelectField{ + Name: "new_multiple", + Values: []string{"a", "b", "c"}, + MaxSelect: 3, + }) + + if err := app.Save(collection); err != nil { + t.Fatal(err) + } + + // ensure that the views were reinserted + afterTotalViews, err := getTotalViews(app) + if err != nil { + t.Fatal(err) + } + if afterTotalViews != beforeTotalViews { + t.Fatalf("Expected total views %d, got %d", beforeTotalViews, afterTotalViews) + } + + // check whether the columns DEFAULT definition was updated + // --------------------------------------------------------------- + tableInfo, err := app.TableInfo(collection.Name) + if err != nil { + t.Fatal(err) + } + + tableInfoExpectations := map[string]string{ + "select_one": `'[]'`, + "select_many": `''`, + "file_one": `'[]'`, + "file_many": `''`, + "rel_one": `'[]'`, + "rel_many": `''`, + "new_multiple": `'[]'`, + } + for col, dflt := range tableInfoExpectations { + t.Run("check default for "+col, func(t *testing.T) { + var row *core.TableInfoRow + for _, r := range tableInfo { + if r.Name == col { + row = r + break + } + } + if row == nil { + t.Fatalf("Missing info for column %q", col) + } + + if v := row.DefaultValue.String; v != dflt { + t.Fatalf("Expected default value %q, got %q", dflt, v) + } + }) + } + + // check whether the values were normalized + // --------------------------------------------------------------- + type fieldsExpectation struct { + SelectOne string `db:"select_one"` + SelectMany string `db:"select_many"` + FileOne string `db:"file_one"` + FileMany string `db:"file_many"` + RelOne string `db:"rel_one"` + RelMany string `db:"rel_many"` + NewMultiple string `db:"new_multiple"` + } + + fieldsScenarios := []struct { + recordId string + expected fieldsExpectation + }{ + { + "imy661ixudk5izi", + fieldsExpectation{ + SelectOne: `[]`, + SelectMany: ``, + FileOne: `[]`, + FileMany: ``, + RelOne: `[]`, + RelMany: ``, + NewMultiple: `[]`, + }, + }, + { + "al1h9ijdeojtsjy", + fieldsExpectation{ + SelectOne: `["optionB"]`, + SelectMany: `optionB`, + FileOne: `["300_Jsjq7RdBgA.png"]`, + FileMany: ``, + RelOne: `["84nmscqy84lsi1t"]`, + RelMany: `oap640cot4yru2s`, + NewMultiple: `[]`, + }, + }, + { + "84nmscqy84lsi1t", + fieldsExpectation{ + SelectOne: `["optionB"]`, + SelectMany: `optionC`, + FileOne: `["test_d61b33QdDU.txt"]`, + FileMany: `test_tC1Yc87DfC.txt`, + RelOne: `[]`, + RelMany: `oap640cot4yru2s`, + NewMultiple: `[]`, + }, + }, + } + + for _, s := range fieldsScenarios { + t.Run("check fields for record "+s.recordId, func(t *testing.T) { + result := new(fieldsExpectation) + + err := app.DB().Select( + "select_one", + "select_many", + "file_one", + "file_many", + "rel_one", + "rel_many", + "new_multiple", + ).From(collection.Name).Where(dbx.HashExp{"id": s.recordId}).One(result) + if err != nil { + t.Fatalf("Failed to load record: %v", err) + } + + encodedResult, err := json.Marshal(result) + if err != nil { + t.Fatalf("Failed to encode result: %v", err) + } + + encodedExpectation, err := json.Marshal(s.expected) + if err != nil { + t.Fatalf("Failed to encode expectation: %v", err) + } + + if !bytes.EqualFold(encodedExpectation, encodedResult) { + t.Fatalf("Expected \n%s, \ngot \n%s", encodedExpectation, encodedResult) + } + }) + } +} diff --git a/core/collection_validate.go b/core/collection_validate.go new file mode 100644 index 0000000..a3506ab --- /dev/null +++ b/core/collection_validate.go @@ -0,0 +1,694 @@ +package core + +import ( + "context" + "fmt" + "regexp" + "strconv" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/types" +) + +var collectionNameRegex = regexp.MustCompile(`^\w+$`) + +func onCollectionValidate(e *CollectionEvent) error { + var original *Collection + if !e.Collection.IsNew() { + original = &Collection{} + if err := e.App.ModelQuery(original).Model(e.Collection.LastSavedPK(), original); err != nil { + return fmt.Errorf("failed to fetch old collection state: %w", err) + } + } + + validator := newCollectionValidator( + e.Context, + e.App, + e.Collection, + original, + ) + + if err := validator.run(); err != nil { + return err + } + + return e.Next() +} + +func newCollectionValidator(ctx context.Context, app App, new, original *Collection) *collectionValidator { + validator := &collectionValidator{ + ctx: ctx, + app: app, + new: new, + original: original, + } + + // load old/original collection + if validator.original == nil { + validator.original = NewCollection(validator.new.Type, "") + } + + return validator +} + +type collectionValidator struct { + original *Collection + new *Collection + app App + ctx context.Context +} + +type optionsValidator interface { + validate(cv *collectionValidator) error +} + +func (validator *collectionValidator) run() error { + if validator.original.IsNew() { + validator.new.updateGeneratedIdIfExists(validator.app) + } + + // generate fields from the query (overwriting any explicit user defined fields) + if validator.new.IsView() { + validator.new.Fields, _ = validator.app.CreateViewFields(validator.new.ViewQuery) + } + + // validate base fields + baseErr := validation.ValidateStruct(validator.new, + validation.Field( + &validator.new.Id, + validation.Required, + validation.When( + validator.original.IsNew(), + validation.Length(1, 100), + validation.Match(DefaultIdRegex), + validation.By(validators.UniqueId(validator.app.ConcurrentDB(), validator.new.TableName())), + ).Else( + validation.By(validators.Equal(validator.original.Id)), + ), + ), + validation.Field( + &validator.new.System, + validation.By(validator.ensureNoSystemFlagChange), + ), + validation.Field( + &validator.new.Type, + validation.Required, + validation.In( + CollectionTypeBase, + CollectionTypeAuth, + CollectionTypeView, + ), + validation.By(validator.ensureNoTypeChange), + ), + validation.Field( + &validator.new.Name, + validation.Required, + validation.Length(1, 255), + validation.By(checkForVia), + validation.Match(collectionNameRegex), + validation.By(validator.ensureNoSystemNameChange), + validation.By(validator.checkUniqueName), + ), + validation.Field( + &validator.new.Fields, + validation.By(validator.checkFieldDuplicates), + validation.By(validator.checkMinFields), + validation.When( + !validator.new.IsView(), + validation.By(validator.ensureNoSystemFieldsChange), + validation.By(validator.ensureNoFieldsTypeChange), + ), + validation.When(validator.new.IsAuth(), validation.By(validator.checkReservedAuthKeys)), + validation.By(validator.checkFieldValidators), + ), + validation.Field( + &validator.new.ListRule, + validation.By(validator.checkRule), + validation.By(validator.ensureNoSystemRuleChange(validator.original.ListRule)), + ), + validation.Field( + &validator.new.ViewRule, + validation.By(validator.checkRule), + validation.By(validator.ensureNoSystemRuleChange(validator.original.ViewRule)), + ), + validation.Field( + &validator.new.CreateRule, + validation.When(validator.new.IsView(), validation.Nil), + validation.By(validator.checkRule), + validation.By(validator.ensureNoSystemRuleChange(validator.original.CreateRule)), + ), + validation.Field( + &validator.new.UpdateRule, + validation.When(validator.new.IsView(), validation.Nil), + validation.By(validator.checkRule), + validation.By(validator.ensureNoSystemRuleChange(validator.original.UpdateRule)), + ), + validation.Field( + &validator.new.DeleteRule, + validation.When(validator.new.IsView(), validation.Nil), + validation.By(validator.checkRule), + validation.By(validator.ensureNoSystemRuleChange(validator.original.DeleteRule)), + ), + validation.Field(&validator.new.Indexes, validation.By(validator.checkIndexes)), + ) + + optionsErr := validator.validateOptions() + + return validators.JoinValidationErrors(baseErr, optionsErr) +} + +func (validator *collectionValidator) checkUniqueName(value any) error { + v, _ := value.(string) + + // ensure unique collection name + if !validator.app.IsCollectionNameUnique(v, validator.original.Id) { + return validation.NewError("validation_collection_name_exists", "Collection name must be unique (case insensitive).") + } + + // ensure that the collection name doesn't collide with the id of any collection + dummyCollection := &Collection{} + if validator.app.ModelQuery(dummyCollection).Model(v, dummyCollection) == nil { + return validation.NewError("validation_collection_name_id_duplicate", "The name must not match an existing collection id.") + } + + // ensure that there is no existing internal table with the provided name + if validator.original.Name != v && // has changed + validator.app.IsCollectionNameUnique(v) && // is not a collection (in case it was presaved) + validator.app.HasTable(v) { + return validation.NewError("validation_collection_name_invalid", "The name shouldn't match with an existing internal table.") + } + + return nil +} + +func (validator *collectionValidator) ensureNoSystemNameChange(value any) error { + v, _ := value.(string) + + if !validator.original.IsNew() && validator.original.System && v != validator.original.Name { + return validation.NewError("validation_collection_system_name_change", "System collection name cannot be changed.") + } + + return nil +} + +func (validator *collectionValidator) ensureNoSystemFlagChange(value any) error { + v, _ := value.(bool) + + if !validator.original.IsNew() && v != validator.original.System { + return validation.NewError("validation_collection_system_flag_change", "System collection state cannot be changed.") + } + + return nil +} + +func (validator *collectionValidator) ensureNoTypeChange(value any) error { + v, _ := value.(string) + + if !validator.original.IsNew() && v != validator.original.Type { + return validation.NewError("validation_collection_type_change", "Collection type cannot be changed.") + } + + return nil +} + +func (validator *collectionValidator) ensureNoFieldsTypeChange(value any) error { + v, ok := value.(FieldsList) + if !ok { + return validators.ErrUnsupportedValueType + } + + errs := validation.Errors{} + + for i, field := range v { + oldField := validator.original.Fields.GetById(field.GetId()) + + if oldField != nil && oldField.Type() != field.Type() { + errs[strconv.Itoa(i)] = validation.NewError( + "validation_field_type_change", + "Field type cannot be changed.", + ) + } + } + if len(errs) > 0 { + return errs + } + + return nil +} + +func (validator *collectionValidator) checkFieldDuplicates(value any) error { + fields, ok := value.(FieldsList) + if !ok { + return validators.ErrUnsupportedValueType + } + + totalFields := len(fields) + ids := make([]string, 0, totalFields) + names := make([]string, 0, totalFields) + + for i, field := range fields { + if list.ExistInSlice(field.GetId(), ids) { + return validation.Errors{ + strconv.Itoa(i): validation.Errors{ + "id": validation.NewError( + "validation_duplicated_field_id", + fmt.Sprintf("Duplicated or invalid field id %q", field.GetId()), + ), + }, + } + } + + // field names are used as db columns and should be case insensitive + nameLower := strings.ToLower(field.GetName()) + + if list.ExistInSlice(nameLower, names) { + return validation.Errors{ + strconv.Itoa(i): validation.Errors{ + "name": validation.NewError( + "validation_duplicated_field_name", + "Duplicated or invalid field name {{.fieldName}}", + ).SetParams(map[string]any{ + "fieldName": field.GetName(), + }), + }, + } + } + + ids = append(ids, field.GetId()) + names = append(names, nameLower) + } + + return nil +} + +func (validator *collectionValidator) checkFieldValidators(value any) error { + fields, ok := value.(FieldsList) + if !ok { + return validators.ErrUnsupportedValueType + } + + errs := validation.Errors{} + + for i, field := range fields { + if err := field.ValidateSettings(validator.ctx, validator.app, validator.new); err != nil { + errs[strconv.Itoa(i)] = err + } + } + + if len(errs) > 0 { + return errs + } + + return nil +} + +func (cv *collectionValidator) checkViewQuery(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + if _, err := cv.app.CreateViewFields(v); err != nil { + return validation.NewError( + "validation_invalid_view_query", + fmt.Sprintf("Invalid query - %s", err.Error()), + ) + } + + return nil +} + +var reservedAuthKeys = []string{"passwordConfirm", "oldPassword"} + +func (cv *collectionValidator) checkReservedAuthKeys(value any) error { + fields, ok := value.(FieldsList) + if !ok { + return validators.ErrUnsupportedValueType + } + + if !cv.new.IsAuth() { + return nil // not an auth collection + } + + errs := validation.Errors{} + for i, field := range fields { + if list.ExistInSlice(field.GetName(), reservedAuthKeys) { + errs[strconv.Itoa(i)] = validation.Errors{ + "name": validation.NewError( + "validation_reserved_field_name", + "The field name is reserved and cannot be used.", + ), + } + } + } + if len(errs) > 0 { + return errs + } + + return nil +} + +func (cv *collectionValidator) checkMinFields(value any) error { + fields, ok := value.(FieldsList) + if !ok { + return validators.ErrUnsupportedValueType + } + + if len(fields) == 0 { + return validation.ErrRequired + } + + // all collections must have an "id" PK field + idField, _ := fields.GetByName(FieldNameId).(*TextField) + if idField == nil || !idField.PrimaryKey { + return validation.NewError("validation_missing_primary_key", `Missing or invalid "id" PK field.`) + } + + switch cv.new.Type { + case CollectionTypeAuth: + passwordField, _ := fields.GetByName(FieldNamePassword).(*PasswordField) + if passwordField == nil { + return validation.NewError("validation_missing_password_field", `System "password" field is required.`) + } + if !passwordField.Hidden || !passwordField.System { + return validation.Errors{FieldNamePassword: ErrMustBeSystemAndHidden} + } + + tokenKeyField, _ := fields.GetByName(FieldNameTokenKey).(*TextField) + if tokenKeyField == nil { + return validation.NewError("validation_missing_tokenKey_field", `System "tokenKey" field is required.`) + } + if !tokenKeyField.Hidden || !tokenKeyField.System { + return validation.Errors{FieldNameTokenKey: ErrMustBeSystemAndHidden} + } + + emailField, _ := fields.GetByName(FieldNameEmail).(*EmailField) + if emailField == nil { + return validation.NewError("validation_missing_email_field", `System "email" field is required.`) + } + if !emailField.System { + return validation.Errors{FieldNameEmail: ErrMustBeSystem} + } + + emailVisibilityField, _ := fields.GetByName(FieldNameEmailVisibility).(*BoolField) + if emailVisibilityField == nil { + return validation.NewError("validation_missing_emailVisibility_field", `System "emailVisibility" field is required.`) + } + if !emailVisibilityField.System { + return validation.Errors{FieldNameEmailVisibility: ErrMustBeSystem} + } + + verifiedField, _ := fields.GetByName(FieldNameVerified).(*BoolField) + if verifiedField == nil { + return validation.NewError("validation_missing_verified_field", `System "verified" field is required.`) + } + if !verifiedField.System { + return validation.Errors{FieldNameVerified: ErrMustBeSystem} + } + + return nil + } + + return nil +} + +func (validator *collectionValidator) ensureNoSystemFieldsChange(value any) error { + fields, ok := value.(FieldsList) + if !ok { + return validators.ErrUnsupportedValueType + } + + if validator.original.IsNew() { + return nil // not an update + } + + for _, oldField := range validator.original.Fields { + if !oldField.GetSystem() { + continue + } + + newField := fields.GetById(oldField.GetId()) + + if newField == nil || oldField.GetName() != newField.GetName() { + return validation.NewError("validation_system_field_change", "System fields cannot be deleted or renamed.") + } + } + + return nil +} + +func (cv *collectionValidator) checkFieldsForUniqueIndex(value any) error { + names, ok := value.([]string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if len(names) == 0 { + return nil // nothing to check + } + + for _, name := range names { + field := cv.new.Fields.GetByName(name) + if field == nil { + return validation.NewError("validation_missing_field", "Invalid or missing field {{.fieldName}}"). + SetParams(map[string]any{"fieldName": name}) + } + + if _, ok := dbutils.FindSingleColumnUniqueIndex(cv.new.Indexes, name); !ok { + return validation.NewError("validation_missing_unique_constraint", "The field {{.fieldName}} doesn't have a UNIQUE constraint."). + SetParams(map[string]any{"fieldName": name}) + } + } + + return nil +} + +// note: value could be either *string or string +func (validator *collectionValidator) checkRule(value any) error { + var vStr string + + v, ok := value.(*string) + if ok { + if v != nil { + vStr = *v + } + } else { + vStr, ok = value.(string) + } + if !ok { + return validators.ErrUnsupportedValueType + } + + if vStr == "" { + return nil // nothing to check + } + + r := NewRecordFieldResolver(validator.app, validator.new, nil, true) + _, err := search.FilterData(vStr).BuildExpr(r) + if err != nil { + return validation.NewError("validation_invalid_rule", "Invalid rule. Raw error: "+err.Error()) + } + + return nil +} + +func (validator *collectionValidator) ensureNoSystemRuleChange(oldRule *string) validation.RuleFunc { + return func(value any) error { + if validator.original.IsNew() || !validator.original.System { + return nil // not an update of a system collection + } + + rule, ok := value.(*string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if (rule == nil && oldRule == nil) || + (rule != nil && oldRule != nil && *rule == *oldRule) { + return nil + } + + return validation.NewError("validation_collection_system_rule_change", "System collection API rule cannot be changed.") + } +} + +func (cv *collectionValidator) checkIndexes(value any) error { + indexes, _ := value.(types.JSONArray[string]) + + if cv.new.IsView() && len(indexes) > 0 { + return validation.NewError( + "validation_indexes_not_supported", + "View collections don't support indexes.", + ) + } + + duplicatedNames := make(map[string]struct{}, len(indexes)) + duplicatedDefinitions := make(map[string]struct{}, len(indexes)) + + for i, rawIndex := range indexes { + parsed := dbutils.ParseIndex(rawIndex) + + // always set a table name because it is ignored anyway in order to keep it in sync with the collection name + parsed.TableName = "validator" + + if !parsed.IsValid() { + return validation.Errors{ + strconv.Itoa(i): validation.NewError( + "validation_invalid_index_expression", + "Invalid CREATE INDEX expression.", + ), + } + } + + if _, isDuplicated := duplicatedNames[strings.ToLower(parsed.IndexName)]; isDuplicated { + return validation.Errors{ + strconv.Itoa(i): validation.NewError( + "validation_duplicated_index_name", + "The index name already exists.", + ), + } + } + duplicatedNames[strings.ToLower(parsed.IndexName)] = struct{}{} + + // ensure that the index name is not used in another collection + var usedTblName string + _ = cv.app.ConcurrentDB().Select("tbl_name"). + From("sqlite_master"). + AndWhere(dbx.HashExp{"type": "index"}). + AndWhere(dbx.NewExp("LOWER([[tbl_name]])!=LOWER({:oldName})", dbx.Params{"oldName": cv.original.Name})). + AndWhere(dbx.NewExp("LOWER([[tbl_name]])!=LOWER({:newName})", dbx.Params{"newName": cv.new.Name})). + AndWhere(dbx.NewExp("LOWER([[name]])=LOWER({:indexName})", dbx.Params{"indexName": parsed.IndexName})). + Limit(1). + Row(&usedTblName) + if usedTblName != "" { + return validation.Errors{ + strconv.Itoa(i): validation.NewError( + "validation_existing_index_name", + "The index name is already used in {{.usedTableName}} collection.", + ).SetParams(map[string]any{"usedTableName": usedTblName}), + } + } + + // reset non-important identifiers + parsed.SchemaName = "validator" + parsed.IndexName = "validator" + parsedDef := parsed.Build() + + if _, isDuplicated := duplicatedDefinitions[parsedDef]; isDuplicated { + return validation.Errors{ + strconv.Itoa(i): validation.NewError( + "validation_duplicated_index_definition", + "The index definition already exists.", + ), + } + } + duplicatedDefinitions[parsedDef] = struct{}{} + + // note: we don't check the index table name because it is always + // overwritten by the SyncRecordTableSchema to allow + // easier partial modifications (eg. changing only the collection name). + // if !strings.EqualFold(parsed.TableName, form.Name) { + // return validation.Errors{ + // strconv.Itoa(i): validation.NewError( + // "validation_invalid_index_table", + // fmt.Sprintf("The index table must be the same as the collection name."), + // ), + // } + // } + } + + // ensure that unique indexes on system fields are not changed or removed + if !cv.original.IsNew() { + OLD_INDEXES_LOOP: + for _, oldIndex := range cv.original.Indexes { + oldParsed := dbutils.ParseIndex(oldIndex) + if !oldParsed.Unique { + continue + } + + // reset collate and sort since they are not important for the unique constraint + for i := range oldParsed.Columns { + oldParsed.Columns[i].Collate = "" + oldParsed.Columns[i].Sort = "" + } + + oldParsedStr := oldParsed.Build() + + for _, column := range oldParsed.Columns { + for _, f := range cv.original.Fields { + if !f.GetSystem() || !strings.EqualFold(column.Name, f.GetName()) { + continue + } + + var hasMatch bool + for _, newIndex := range cv.new.Indexes { + newParsed := dbutils.ParseIndex(newIndex) + + // exclude the non-important identifiers from the check + newParsed.SchemaName = oldParsed.SchemaName + newParsed.IndexName = oldParsed.IndexName + newParsed.TableName = oldParsed.TableName + + // exclude partial constraints + newParsed.Where = oldParsed.Where + + // reset collate and sort + for i := range newParsed.Columns { + newParsed.Columns[i].Collate = "" + newParsed.Columns[i].Sort = "" + } + + if oldParsedStr == newParsed.Build() { + hasMatch = true + break + } + } + + if !hasMatch { + return validation.NewError( + "validation_invalid_unique_system_field_index", + "Unique index definition on system fields ({{.fieldName}}) is invalid or missing.", + ).SetParams(map[string]any{"fieldName": f.GetName()}) + } + + continue OLD_INDEXES_LOOP + } + } + } + } + + // check for required indexes + // + // note: this is in case the indexes were removed manually when creating/importing new auth collections + // and technically it is not necessary because on app.Save() the missing indexes will be reinserted by the system collection hook + if cv.new.IsAuth() { + requiredNames := []string{FieldNameTokenKey, FieldNameEmail} + for _, name := range requiredNames { + if _, ok := dbutils.FindSingleColumnUniqueIndex(indexes, name); !ok { + return validation.NewError( + "validation_missing_required_unique_index", + `Missing required unique index for field "{{.fieldName}}".`, + ).SetParams(map[string]any{"fieldName": name}) + } + } + } + + return nil +} + +func (validator *collectionValidator) validateOptions() error { + switch validator.new.Type { + case CollectionTypeAuth: + return validator.new.collectionAuthOptions.validate(validator) + case CollectionTypeView: + return validator.new.collectionViewOptions.validate(validator) + } + + return nil +} diff --git a/core/collection_validate_test.go b/core/collection_validate_test.go new file mode 100644 index 0000000..0f98de4 --- /dev/null +++ b/core/collection_validate_test.go @@ -0,0 +1,909 @@ +package core_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestCollectionValidate(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + collection func(app core.App) (*core.Collection, error) + expectedErrors []string + }{ + { + name: "empty collection", + collection: func(app core.App) (*core.Collection, error) { + return &core.Collection{}, nil + }, + expectedErrors: []string{ + "id", "name", "type", "fields", // no default fields because the type is unknown + }, + }, + { + name: "unknown type with all invalid fields", + collection: func(app core.App) (*core.Collection, error) { + c := &core.Collection{} + c.Id = "invalid_id ?!@#$" + c.Name = "invalid_name ?!@#$" + c.Type = "invalid_type" + c.ListRule = types.Pointer("missing = '123'") + c.ViewRule = types.Pointer("missing = '123'") + c.CreateRule = types.Pointer("missing = '123'") + c.UpdateRule = types.Pointer("missing = '123'") + c.DeleteRule = types.Pointer("missing = '123'") + c.Indexes = []string{"create index '' on '' ()"} + + // type specific fields + c.ViewQuery = "invalid" // should be ignored + c.AuthRule = types.Pointer("missing = '123'") // should be ignored + + return c, nil + }, + expectedErrors: []string{ + "id", "name", "type", "indexes", + "listRule", "viewRule", "createRule", "updateRule", "deleteRule", + "fields", // no default fields because the type is unknown + }, + }, + { + name: "base with invalid fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("invalid_name ?!@#$") + c.Indexes = []string{"create index '' on '' ()"} + + // type specific fields + c.ViewQuery = "invalid" // should be ignored + c.AuthRule = types.Pointer("missing = '123'") // should be ignored + + return c, nil + }, + expectedErrors: []string{"name", "indexes"}, + }, + { + name: "view with invalid fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("invalid_name ?!@#$") + c.Indexes = []string{"create index '' on '' ()"} + + // type specific fields + c.ViewQuery = "invalid" + c.AuthRule = types.Pointer("missing = '123'") // should be ignored + + return c, nil + }, + expectedErrors: []string{"indexes", "name", "fields", "viewQuery"}, + }, + { + name: "auth with invalid fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("invalid_name ?!@#$") + c.Indexes = []string{"create index '' on '' ()"} + + // type specific fields + c.ViewQuery = "invalid" // should be ignored + c.AuthRule = types.Pointer("missing = '123'") + + return c, nil + }, + expectedErrors: []string{"indexes", "name", "authRule"}, + }, + + // type checks + { + name: "empty type", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + c.Type = "" + return c, nil + }, + expectedErrors: []string{"type"}, + }, + { + name: "unknown type", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + c.Type = "unknown" + return c, nil + }, + expectedErrors: []string{"type"}, + }, + { + name: "base type", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "view type", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("test") + c.ViewQuery = "select 1 as id" + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "auth type", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("test") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "changing type", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("users") + c.Type = core.CollectionTypeBase + return c, nil + }, + expectedErrors: []string{"type"}, + }, + + // system checks + { + name: "change from system to regular", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + c.System = false + return c, nil + }, + expectedErrors: []string{"system"}, + }, + { + name: "change from regular to system", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.System = true + return c, nil + }, + expectedErrors: []string{"system"}, + }, + { + name: "create system", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new_system") + c.System = true + return c, nil + }, + expectedErrors: []string{}, + }, + + // id checks + { + name: "empty id", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + c.Id = "" + return c, nil + }, + expectedErrors: []string{"id"}, + }, + { + name: "invalid id", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + c.Id = "!invalid" + return c, nil + }, + expectedErrors: []string{"id"}, + }, + { + name: "existing id", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + c.Id = "_pb_users_auth_" + return c, nil + }, + expectedErrors: []string{"id"}, + }, + { + name: "changing id", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo3") + c.Id = "anything" + return c, nil + }, + expectedErrors: []string{"id"}, + }, + { + name: "valid id", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test") + c.Id = "anything" + return c, nil + }, + expectedErrors: []string{}, + }, + + // name checks + { + name: "empty name", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("") + c.Id = "test" + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "invalid name", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("!invalid") + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "name with _via_", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("a_via_b") + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "create with existing collection name", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("demo1") + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "create with existing internal table name", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("_collections") + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "update with existing collection name", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("users") + c.Name = "demo1" + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "update with existing internal table name", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("users") + c.Name = "_collections" + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "system collection name change", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + c.Name = "superusers_new" + return c, nil + }, + expectedErrors: []string{"name"}, + }, + { + name: "create with valid name", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new_col") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "update with valid name", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Name = "demo1_new" + return c, nil + }, + expectedErrors: []string{}, + }, + + // rule checks + { + name: "invalid base rules", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new") + c.ListRule = types.Pointer("!invalid") + c.ViewRule = types.Pointer("missing = 123") + c.CreateRule = types.Pointer("id = 123 && missing = 456") + c.UpdateRule = types.Pointer("(id = 123") + c.DeleteRule = types.Pointer("missing = 123") + return c, nil + }, + expectedErrors: []string{"listRule", "viewRule", "createRule", "updateRule", "deleteRule"}, + }, + { + name: "valid base rules", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new") + c.Fields.Add(&core.TextField{Name: "f1"}) // dummy field to ensure that new fields can be referenced + c.ListRule = types.Pointer("") + c.ViewRule = types.Pointer("f1 = 123") + c.CreateRule = types.Pointer("id = 123 && f1 = 456") + c.UpdateRule = types.Pointer("(id = 123)") + c.DeleteRule = types.Pointer("f1 = 123") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "view with non-nil create/update/delete rules", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new") + c.ViewQuery = "select 1 as id, 'text' as f1" + c.ListRule = types.Pointer("id = 123") + c.ViewRule = types.Pointer("f1 = 456") + c.CreateRule = types.Pointer("") + c.UpdateRule = types.Pointer("") + c.DeleteRule = types.Pointer("") + return c, nil + }, + expectedErrors: []string{"createRule", "updateRule", "deleteRule"}, + }, + { + name: "view with nil create/update/delete rules", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewViewCollection("new") + c.ViewQuery = "select 1 as id, 'text' as f1" + c.ListRule = types.Pointer("id = 1") + c.ViewRule = types.Pointer("f1 = 456") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "changing api rules", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("users") + c.Fields.Add(&core.TextField{Name: "f1"}) // dummy field to ensure that new fields can be referenced + c.ListRule = types.Pointer("id = 1") + c.ViewRule = types.Pointer("f1 = 456") + c.CreateRule = types.Pointer("id = 123 && f1 = 456") + c.UpdateRule = types.Pointer("(id = 123)") + c.DeleteRule = types.Pointer("f1 = 123") + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "changing system collection api rules", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + c.ListRule = types.Pointer("1 = 1") + c.ViewRule = types.Pointer("1 = 1") + c.CreateRule = types.Pointer("1 = 1") + c.UpdateRule = types.Pointer("1 = 1") + c.DeleteRule = types.Pointer("1 = 1") + c.ManageRule = types.Pointer("1 = 1") + c.AuthRule = types.Pointer("1 = 1") + return c, nil + }, + expectedErrors: []string{ + "listRule", "viewRule", "createRule", "updateRule", + "deleteRule", "manageRule", "authRule", + }, + }, + + // indexes checks + { + name: "invalid index expression", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "create index invalid", + "create index idx_test_demo2 on anything (text)", // the name of table shouldn't matter + } + return c, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "index name used in other table", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "create index `idx_test_demo1` on demo1 (id)", + "create index `__pb_USERS_auth__username_idx` on anything (text)", // should be case-insensitive + } + return c, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "duplicated index names", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "create index idx_test_demo1 on demo1 (id)", + "create index idx_test_demo1 on anything (text)", + } + return c, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "duplicated index definitions", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "create index idx_test_demo1 on demo1 (id)", + "create index idx_test_demo2 on demo1 (id)", + } + return c, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "try to add index to a view collection", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("view1") + c.Indexes = []string{"create index idx_test_view1 on view1 (id)"} + return c, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "replace old with new indexes", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "create index idx_test_demo1 on demo1 (id)", + "create index idx_test_demo2 on anything (text)", // the name of table shouldn't matter + } + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "old + new indexes", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "CREATE INDEX `_wsmn24bux7wo113_created_idx` ON `demo1` (`created`)", + "create index idx_test_demo1 on anything (id)", + } + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "index for missing field", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + c.Indexes = []string{ + "create index idx_test_demo1 on anything (missing)", // still valid because it is checked on db persist + } + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "auth collection with missing required unique indexes", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Indexes = []string{} + return c, nil + }, + expectedErrors: []string{"indexes", "passwordAuth"}, + }, + { + name: "auth collection with non-unique required indexes", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Indexes = []string{ + "create index test_idx1 on new_auth (tokenKey)", + "create index test_idx2 on new_auth (email)", + } + return c, nil + }, + expectedErrors: []string{"indexes", "passwordAuth"}, + }, + { + name: "auth collection with unique required indexes", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Indexes = []string{ + "create unique index test_idx1 on new_auth (tokenKey)", + "create unique index test_idx2 on new_auth (email)", + } + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "removing index on system field", + collection: func(app core.App) (*core.Collection, error) { + demo2, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // mark the title field as system + demo2.Fields.GetByName("title").SetSystem(true) + if err = app.Save(demo2); err != nil { + return nil, err + } + + // refresh + demo2, err = app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + demo2.RemoveIndex("idx_unique_demo2_title") + + return demo2, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "changing partial constraint of existing index on system field", + collection: func(app core.App) (*core.Collection, error) { + demo2, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // mark the title field as system + demo2.Fields.GetByName("title").SetSystem(true) + if err = app.Save(demo2); err != nil { + return nil, err + } + + // refresh + demo2, err = app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // replace the index with a partial one + demo2.RemoveIndex("idx_unique_demo2_title") + demo2.AddIndex("idx_new_demo2_title", true, "title", "1 = 1") + + return demo2, nil + }, + expectedErrors: []string{}, + }, + { + name: "changing column sort and collate of existing index on system field", + collection: func(app core.App) (*core.Collection, error) { + demo2, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // mark the title field as system + demo2.Fields.GetByName("title").SetSystem(true) + if err = app.Save(demo2); err != nil { + return nil, err + } + + // refresh + demo2, err = app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // replace the index with a new one for the same column but with collate and sort + demo2.RemoveIndex("idx_unique_demo2_title") + demo2.AddIndex("idx_new_demo2_title", true, "title COLLATE test ASC", "") + + return demo2, nil + }, + expectedErrors: []string{}, + }, + { + name: "adding new column to index on system field", + collection: func(app core.App) (*core.Collection, error) { + demo2, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // mark the title field as system + demo2.Fields.GetByName("title").SetSystem(true) + if err = app.Save(demo2); err != nil { + return nil, err + } + + // refresh + demo2, err = app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // replace the index with a non-unique one + demo2.RemoveIndex("idx_unique_demo2_title") + demo2.AddIndex("idx_new_title", false, "title, id", "") + + return demo2, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "changing index type on system field", + collection: func(app core.App) (*core.Collection, error) { + demo2, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // mark the title field as system + demo2.Fields.GetByName("title").SetSystem(true) + if err = app.Save(demo2); err != nil { + return nil, err + } + + // refresh + demo2, err = app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // replace the index with a non-unique one (partial constraints are ignored) + demo2.RemoveIndex("idx_unique_demo2_title") + demo2.AddIndex("idx_new_title", false, "title", "1=1") + + return demo2, nil + }, + expectedErrors: []string{"indexes"}, + }, + { + name: "changing index on non-system field", + collection: func(app core.App) (*core.Collection, error) { + demo2, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + return nil, err + } + + // replace the index with a partial one + demo2.RemoveIndex("idx_demo2_active") + demo2.AddIndex("idx_demo2_active", true, "active", "1 = 1") + + return demo2, nil + }, + expectedErrors: []string{}, + }, + + // fields list checks + { + name: "empty fields", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new_auth") + c.Fields = nil // the minimum fields should auto added + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "no id primay key field", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new_auth") + c.Fields = core.NewFieldsList( + &core.TextField{Name: "id"}, + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with id primay key field", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new_auth") + c.Fields = core.NewFieldsList( + &core.TextField{Name: "id", PrimaryKey: true, Required: true, Pattern: `\w+`}, + ) + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "duplicated field names", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("new_auth") + c.Fields = core.NewFieldsList( + &core.TextField{Name: "id", PrimaryKey: true, Required: true, Pattern: `\w+`}, + &core.TextField{Id: "f1", Name: "Test"}, // case-insensitive + &core.BoolField{Id: "f2", Name: "test"}, + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "changing field type", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("demo1") + f := c.Fields.GetByName("text") + c.Fields.Add(&core.BoolField{Id: f.GetId(), Name: f.GetName()}) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "renaming system field", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId(core.CollectionNameAuthOrigins) + f := c.Fields.GetByName("fingerprint") + f.SetName("fingerprint_new") + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "deleting system field", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId(core.CollectionNameAuthOrigins) + c.Fields.RemoveByName("fingerprint") + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "invalid field setting", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test_new") + c.Fields.Add(&core.TextField{Name: "f1", Min: -10}) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "valid field setting", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewBaseCollection("test_new") + c.Fields.Add(&core.TextField{Name: "f1", Min: 10}) + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "fields view changes should be ignored", + collection: func(app core.App) (*core.Collection, error) { + c, _ := app.FindCollectionByNameOrId("view1") + c.Fields = nil + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "with reserved auth only field name (passwordConfirm)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "passwordConfirm"}, + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with reserved auth only field name (oldPassword)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "oldPassword"}, + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with invalid password auth field options (1)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "password", System: true, Hidden: true}, // should be PasswordField + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with valid password auth field options (2)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.PasswordField{Name: "password", System: true, Hidden: true}, + ) + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "with invalid tokenKey auth field options (1)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "tokenKey", System: true}, // should be also hidden + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with valid tokenKey auth field options (2)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "tokenKey", System: true, Hidden: true}, + ) + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "with invalid email auth field options (1)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "email", System: true}, // should be EmailField + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with valid email auth field options (2)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.EmailField{Name: "email", System: true}, + ) + return c, nil + }, + expectedErrors: []string{}, + }, + { + name: "with invalid verified auth field options (1)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.TextField{Name: "verified", System: true}, // should be BoolField + ) + return c, nil + }, + expectedErrors: []string{"fields"}, + }, + { + name: "with valid verified auth field options (2)", + collection: func(app core.App) (*core.Collection, error) { + c := core.NewAuthCollection("new_auth") + c.Fields.Add( + &core.BoolField{Name: "verified", System: true}, + ) + return c, nil + }, + expectedErrors: []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := s.collection(app) + if err != nil { + t.Fatalf("Failed to retrieve test collection: %v", err) + } + + result := app.Validate(collection) + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} diff --git a/core/db.go b/core/db.go new file mode 100644 index 0000000..71fa829 --- /dev/null +++ b/core/db.go @@ -0,0 +1,499 @@ +package core + +import ( + "context" + "errors" + "fmt" + "hash/crc32" + "regexp" + "slices" + "strconv" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +const ( + idColumn string = "id" + + // DefaultIdLength is the default length of the generated model id. + DefaultIdLength int = 15 + + // DefaultIdAlphabet is the default characters set used for generating the model id. + DefaultIdAlphabet string = "abcdefghijklmnopqrstuvwxyz0123456789" +) + +// DefaultIdRegex specifies the default regex pattern for an id value. +var DefaultIdRegex = regexp.MustCompile(`^\w+$`) + +// DBExporter defines an interface for custom DB data export. +// Usually used as part of [App.Save]. +type DBExporter interface { + // DBExport returns a key-value map with the data to be used when saving the struct in the database. + DBExport(app App) (map[string]any, error) +} + +// PreValidator defines an optional model interface for registering a +// function that will run BEFORE firing the validation hooks (see [App.ValidateWithContext]). +type PreValidator interface { + // PreValidate defines a function that runs BEFORE the validation hooks. + PreValidate(ctx context.Context, app App) error +} + +// PostValidator defines an optional model interface for registering a +// function that will run AFTER executing the validation hooks (see [App.ValidateWithContext]). +type PostValidator interface { + // PostValidate defines a function that runs AFTER the successful + // execution of the validation hooks. + PostValidate(ctx context.Context, app App) error +} + +// GenerateDefaultRandomId generates a default random id string +// (note: the generated random string is not intended for security purposes). +func GenerateDefaultRandomId() string { + return security.PseudorandomStringWithAlphabet(DefaultIdLength, DefaultIdAlphabet) +} + +// crc32Checksum generates a stringified crc32 checksum from the provided plain string. +func crc32Checksum(str string) string { + return strconv.FormatInt(int64(crc32.ChecksumIEEE([]byte(str))), 10) +} + +// ModelQuery creates a new preconfigured select data.db query with preset +// SELECT, FROM and other common fields based on the provided model. +func (app *BaseApp) ModelQuery(m Model) *dbx.SelectQuery { + return app.modelQuery(app.ConcurrentDB(), m) +} + +// AuxModelQuery creates a new preconfigured select auxiliary.db query with preset +// SELECT, FROM and other common fields based on the provided model. +func (app *BaseApp) AuxModelQuery(m Model) *dbx.SelectQuery { + return app.modelQuery(app.AuxConcurrentDB(), m) +} + +func (app *BaseApp) modelQuery(db dbx.Builder, m Model) *dbx.SelectQuery { + tableName := m.TableName() + + return db. + Select("{{" + tableName + "}}.*"). + From(tableName). + WithBuildHook(func(query *dbx.Query) { + query.WithExecHook(execLockRetry(app.config.QueryTimeout, defaultMaxLockRetries)) + }) +} + +// Delete deletes the specified model from the regular app database. +func (app *BaseApp) Delete(model Model) error { + return app.DeleteWithContext(context.Background(), model) +} + +// Delete deletes the specified model from the regular app database +// (the context could be used to limit the query execution). +func (app *BaseApp) DeleteWithContext(ctx context.Context, model Model) error { + return app.delete(ctx, model, false) +} + +// AuxDelete deletes the specified model from the auxiliary database. +func (app *BaseApp) AuxDelete(model Model) error { + return app.AuxDeleteWithContext(context.Background(), model) +} + +// AuxDeleteWithContext deletes the specified model from the auxiliary database +// (the context could be used to limit the query execution). +func (app *BaseApp) AuxDeleteWithContext(ctx context.Context, model Model) error { + return app.delete(ctx, model, true) +} + +func (app *BaseApp) delete(ctx context.Context, model Model, isForAuxDB bool) error { + event := new(ModelEvent) + event.App = app + event.Type = ModelEventTypeDelete + event.Context = ctx + event.Model = model + + deleteErr := app.OnModelDelete().Trigger(event, func(e *ModelEvent) error { + pk := cast.ToString(e.Model.LastSavedPK()) + if pk == "" { + return errors.New("the model can be deleted only if it is existing and has a non-empty primary key") + } + + // db write + return e.App.OnModelDeleteExecute().Trigger(event, func(e *ModelEvent) error { + var db dbx.Builder + if isForAuxDB { + db = e.App.AuxNonconcurrentDB() + } else { + db = e.App.NonconcurrentDB() + } + + return baseLockRetry(func(attempt int) error { + _, err := db.Delete(e.Model.TableName(), dbx.HashExp{ + idColumn: pk, + }).WithContext(e.Context).Execute() + + return err + }, defaultMaxLockRetries) + }) + }) + if deleteErr != nil { + errEvent := &ModelErrorEvent{ModelEvent: *event, Error: deleteErr} + errEvent.App = app // replace with the initial app in case it was changed by the hook + hookErr := app.OnModelAfterDeleteError().Trigger(errEvent) + if hookErr != nil { + return errors.Join(deleteErr, hookErr) + } + + return deleteErr + } + + if app.txInfo != nil { + // execute later after the transaction has completed + app.txInfo.OnComplete(func(txErr error) error { + if app.txInfo != nil && app.txInfo.parent != nil { + event.App = app.txInfo.parent + } + + if txErr != nil { + return app.OnModelAfterDeleteError().Trigger(&ModelErrorEvent{ + ModelEvent: *event, + Error: txErr, + }) + } + + return app.OnModelAfterDeleteSuccess().Trigger(event) + }) + } else if err := event.App.OnModelAfterDeleteSuccess().Trigger(event); err != nil { + return err + } + + return nil +} + +// Save validates and saves the specified model into the regular app database. +// +// If you don't want to run validations, use [App.SaveNoValidate()]. +func (app *BaseApp) Save(model Model) error { + return app.SaveWithContext(context.Background(), model) +} + +// SaveWithContext is the same as [App.Save()] but allows specifying a context to limit the db execution. +// +// If you don't want to run validations, use [App.SaveNoValidateWithContext()]. +func (app *BaseApp) SaveWithContext(ctx context.Context, model Model) error { + return app.save(ctx, model, true, false) +} + +// SaveNoValidate saves the specified model into the regular app database without performing validations. +// +// If you want to also run validations before persisting, use [App.Save()]. +func (app *BaseApp) SaveNoValidate(model Model) error { + return app.SaveNoValidateWithContext(context.Background(), model) +} + +// SaveNoValidateWithContext is the same as [App.SaveNoValidate()] +// but allows specifying a context to limit the db execution. +// +// If you want to also run validations before persisting, use [App.SaveWithContext()]. +func (app *BaseApp) SaveNoValidateWithContext(ctx context.Context, model Model) error { + return app.save(ctx, model, false, false) +} + +// AuxSave validates and saves the specified model into the auxiliary app database. +// +// If you don't want to run validations, use [App.AuxSaveNoValidate()]. +func (app *BaseApp) AuxSave(model Model) error { + return app.AuxSaveWithContext(context.Background(), model) +} + +// AuxSaveWithContext is the same as [App.AuxSave()] but allows specifying a context to limit the db execution. +// +// If you don't want to run validations, use [App.AuxSaveNoValidateWithContext()]. +func (app *BaseApp) AuxSaveWithContext(ctx context.Context, model Model) error { + return app.save(ctx, model, true, true) +} + +// AuxSaveNoValidate saves the specified model into the auxiliary app database without performing validations. +// +// If you want to also run validations before persisting, use [App.AuxSave()]. +func (app *BaseApp) AuxSaveNoValidate(model Model) error { + return app.AuxSaveNoValidateWithContext(context.Background(), model) +} + +// AuxSaveNoValidateWithContext is the same as [App.AuxSaveNoValidate()] +// but allows specifying a context to limit the db execution. +// +// If you want to also run validations before persisting, use [App.AuxSaveWithContext()]. +func (app *BaseApp) AuxSaveNoValidateWithContext(ctx context.Context, model Model) error { + return app.save(ctx, model, false, true) +} + +// Validate triggers the OnModelValidate hook for the specified model. +func (app *BaseApp) Validate(model Model) error { + return app.ValidateWithContext(context.Background(), model) +} + +// ValidateWithContext is the same as Validate but allows specifying the ModelEvent context. +func (app *BaseApp) ValidateWithContext(ctx context.Context, model Model) error { + if m, ok := model.(PreValidator); ok { + if err := m.PreValidate(ctx, app); err != nil { + return err + } + } + + event := new(ModelEvent) + event.App = app + event.Context = ctx + event.Type = ModelEventTypeValidate + event.Model = model + + return event.App.OnModelValidate().Trigger(event, func(e *ModelEvent) error { + if m, ok := e.Model.(PostValidator); ok { + if err := m.PostValidate(ctx, e.App); err != nil { + return err + } + } + + return e.Next() + }) +} + +// ------------------------------------------------------------------- + +func (app *BaseApp) save(ctx context.Context, model Model, withValidations bool, isForAuxDB bool) error { + if model.IsNew() { + return app.create(ctx, model, withValidations, isForAuxDB) + } + + return app.update(ctx, model, withValidations, isForAuxDB) +} + +func (app *BaseApp) create(ctx context.Context, model Model, withValidations bool, isForAuxDB bool) error { + event := new(ModelEvent) + event.App = app + event.Context = ctx + event.Type = ModelEventTypeCreate + event.Model = model + + saveErr := app.OnModelCreate().Trigger(event, func(e *ModelEvent) error { + // run validations (if any) + if withValidations { + validateErr := e.App.ValidateWithContext(e.Context, e.Model) + if validateErr != nil { + return validateErr + } + } + + // db write + return e.App.OnModelCreateExecute().Trigger(event, func(e *ModelEvent) error { + var db dbx.Builder + if isForAuxDB { + db = e.App.AuxNonconcurrentDB() + } else { + db = e.App.NonconcurrentDB() + } + + dbErr := baseLockRetry(func(attempt int) error { + if m, ok := e.Model.(DBExporter); ok { + data, err := m.DBExport(e.App) + if err != nil { + return err + } + + // manually add the id to the data if missing + if _, ok := data[idColumn]; !ok { + data[idColumn] = e.Model.PK() + } + + if cast.ToString(data[idColumn]) == "" { + return errors.New("empty primary key is not allowed when using the DBExporter interface") + } + + _, err = db.Insert(e.Model.TableName(), data).WithContext(e.Context).Execute() + + return err + } + + return db.Model(e.Model).WithContext(e.Context).Insert() + }, defaultMaxLockRetries) + if dbErr != nil { + return dbErr + } + + e.Model.MarkAsNotNew() + + return nil + }) + }) + if saveErr != nil { + event.Model.MarkAsNew() // reset "new" state + + errEvent := &ModelErrorEvent{ModelEvent: *event, Error: saveErr} + errEvent.App = app // replace with the initial app in case it was changed by the hook + hookErr := app.OnModelAfterCreateError().Trigger(errEvent) + if hookErr != nil { + return errors.Join(saveErr, hookErr) + } + + return saveErr + } + + if app.txInfo != nil { + // execute later after the transaction has completed + app.txInfo.OnComplete(func(txErr error) error { + if app.txInfo != nil && app.txInfo.parent != nil { + event.App = app.txInfo.parent + } + + if txErr != nil { + event.Model.MarkAsNew() // reset "new" state + + return app.OnModelAfterCreateError().Trigger(&ModelErrorEvent{ + ModelEvent: *event, + Error: txErr, + }) + } + + return app.OnModelAfterCreateSuccess().Trigger(event) + }) + } else if err := event.App.OnModelAfterCreateSuccess().Trigger(event); err != nil { + return err + } + + return nil +} + +func (app *BaseApp) update(ctx context.Context, model Model, withValidations bool, isForAuxDB bool) error { + event := new(ModelEvent) + event.App = app + event.Context = ctx + event.Type = ModelEventTypeUpdate + event.Model = model + + saveErr := app.OnModelUpdate().Trigger(event, func(e *ModelEvent) error { + // run validations (if any) + if withValidations { + validateErr := e.App.ValidateWithContext(e.Context, e.Model) + if validateErr != nil { + return validateErr + } + } + + // db write + return e.App.OnModelUpdateExecute().Trigger(event, func(e *ModelEvent) error { + var db dbx.Builder + if isForAuxDB { + db = e.App.AuxNonconcurrentDB() + } else { + db = e.App.NonconcurrentDB() + } + + return baseLockRetry(func(attempt int) error { + if m, ok := e.Model.(DBExporter); ok { + data, err := m.DBExport(e.App) + if err != nil { + return err + } + + // note: for now disallow primary key change for consistency with dbx.ModelQuery.Update() + if data[idColumn] != e.Model.LastSavedPK() { + return errors.New("primary key change is not allowed") + } + + _, err = db.Update(e.Model.TableName(), data, dbx.HashExp{ + idColumn: e.Model.LastSavedPK(), + }).WithContext(e.Context).Execute() + + return err + } + + return db.Model(e.Model).WithContext(e.Context).Update() + }, defaultMaxLockRetries) + }) + }) + if saveErr != nil { + errEvent := &ModelErrorEvent{ModelEvent: *event, Error: saveErr} + errEvent.App = app // replace with the initial app in case it was changed by the hook + hookErr := app.OnModelAfterUpdateError().Trigger(errEvent) + if hookErr != nil { + return errors.Join(saveErr, hookErr) + } + + return saveErr + } + + if app.txInfo != nil { + // execute later after the transaction has completed + app.txInfo.OnComplete(func(txErr error) error { + if app.txInfo != nil && app.txInfo.parent != nil { + event.App = app.txInfo.parent + } + + if txErr != nil { + return app.OnModelAfterUpdateError().Trigger(&ModelErrorEvent{ + ModelEvent: *event, + Error: txErr, + }) + } + + return app.OnModelAfterUpdateSuccess().Trigger(event) + }) + } else if err := event.App.OnModelAfterUpdateSuccess().Trigger(event); err != nil { + return err + } + + return nil +} + +func validateCollectionId(app App, optTypes ...string) validation.RuleFunc { + return func(value any) error { + id, _ := value.(string) + if id == "" { + return nil + } + + collection := &Collection{} + if err := app.ModelQuery(collection).Model(id, collection); err != nil { + return validation.NewError("validation_invalid_collection_id", "Missing or invalid collection.") + } + + if len(optTypes) > 0 && !slices.Contains(optTypes, collection.Type) { + return validation.NewError( + "validation_invalid_collection_type", + fmt.Sprintf("Invalid collection type - must be %s.", strings.Join(optTypes, ", ")), + ) + } + + return nil + } +} + +func validateRecordId(app App, collectionNameOrId string) validation.RuleFunc { + return func(value any) error { + id, _ := value.(string) + if id == "" { + return nil + } + + collection, err := app.FindCachedCollectionByNameOrId(collectionNameOrId) + if err != nil { + return validation.NewError("validation_invalid_collection", "Missing or invalid collection.") + } + + var exists int + + rowErr := app.ConcurrentDB().Select("(1)"). + From(collection.Name). + AndWhere(dbx.HashExp{"id": id}). + Limit(1). + Row(&exists) + + if rowErr != nil || exists == 0 { + return validation.NewError("validation_invalid_record", "Missing or invalid record.") + } + + return nil + } +} diff --git a/core/db_builder.go b/core/db_builder.go new file mode 100644 index 0000000..021e9c9 --- /dev/null +++ b/core/db_builder.go @@ -0,0 +1,187 @@ +package core + +import ( + "strings" + "unicode" + "unicode/utf8" + + "github.com/pocketbase/dbx" +) + +var _ dbx.Builder = (*dualDBBuilder)(nil) + +// note: expects both builder to use the same driver +type dualDBBuilder struct { + concurrentDB dbx.Builder + nonconcurrentDB dbx.Builder +} + +// Select implements the [dbx.Builder.Select] interface method. +func (b *dualDBBuilder) Select(cols ...string) *dbx.SelectQuery { + return b.concurrentDB.Select(cols...) +} + +// Model implements the [dbx.Builder.Model] interface method. +func (b *dualDBBuilder) Model(data interface{}) *dbx.ModelQuery { + return b.nonconcurrentDB.Model(data) +} + +// GeneratePlaceholder implements the [dbx.Builder.GeneratePlaceholder] interface method. +func (b *dualDBBuilder) GeneratePlaceholder(i int) string { + return b.concurrentDB.GeneratePlaceholder(i) +} + +// Quote implements the [dbx.Builder.Quote] interface method. +func (b *dualDBBuilder) Quote(str string) string { + return b.concurrentDB.Quote(str) +} + +// QuoteSimpleTableName implements the [dbx.Builder.QuoteSimpleTableName] interface method. +func (b *dualDBBuilder) QuoteSimpleTableName(table string) string { + return b.concurrentDB.QuoteSimpleTableName(table) +} + +// QuoteSimpleColumnName implements the [dbx.Builder.QuoteSimpleColumnName] interface method. +func (b *dualDBBuilder) QuoteSimpleColumnName(col string) string { + return b.concurrentDB.QuoteSimpleColumnName(col) +} + +// QueryBuilder implements the [dbx.Builder.QueryBuilder] interface method. +func (b *dualDBBuilder) QueryBuilder() dbx.QueryBuilder { + return b.concurrentDB.QueryBuilder() +} + +// Insert implements the [dbx.Builder.Insert] interface method. +func (b *dualDBBuilder) Insert(table string, cols dbx.Params) *dbx.Query { + return b.nonconcurrentDB.Insert(table, cols) +} + +// Upsert implements the [dbx.Builder.Upsert] interface method. +func (b *dualDBBuilder) Upsert(table string, cols dbx.Params, constraints ...string) *dbx.Query { + return b.nonconcurrentDB.Upsert(table, cols, constraints...) +} + +// Update implements the [dbx.Builder.Update] interface method. +func (b *dualDBBuilder) Update(table string, cols dbx.Params, where dbx.Expression) *dbx.Query { + return b.nonconcurrentDB.Update(table, cols, where) +} + +// Delete implements the [dbx.Builder.Delete] interface method. +func (b *dualDBBuilder) Delete(table string, where dbx.Expression) *dbx.Query { + return b.nonconcurrentDB.Delete(table, where) +} + +// CreateTable implements the [dbx.Builder.CreateTable] interface method. +func (b *dualDBBuilder) CreateTable(table string, cols map[string]string, options ...string) *dbx.Query { + return b.nonconcurrentDB.CreateTable(table, cols, options...) +} + +// RenameTable implements the [dbx.Builder.RenameTable] interface method. +func (b *dualDBBuilder) RenameTable(oldName, newName string) *dbx.Query { + return b.nonconcurrentDB.RenameTable(oldName, newName) +} + +// DropTable implements the [dbx.Builder.DropTable] interface method. +func (b *dualDBBuilder) DropTable(table string) *dbx.Query { + return b.nonconcurrentDB.DropTable(table) +} + +// TruncateTable implements the [dbx.Builder.TruncateTable] interface method. +func (b *dualDBBuilder) TruncateTable(table string) *dbx.Query { + return b.nonconcurrentDB.TruncateTable(table) +} + +// AddColumn implements the [dbx.Builder.AddColumn] interface method. +func (b *dualDBBuilder) AddColumn(table, col, typ string) *dbx.Query { + return b.nonconcurrentDB.AddColumn(table, col, typ) +} + +// DropColumn implements the [dbx.Builder.DropColumn] interface method. +func (b *dualDBBuilder) DropColumn(table, col string) *dbx.Query { + return b.nonconcurrentDB.DropColumn(table, col) +} + +// RenameColumn implements the [dbx.Builder.RenameColumn] interface method. +func (b *dualDBBuilder) RenameColumn(table, oldName, newName string) *dbx.Query { + return b.nonconcurrentDB.RenameColumn(table, oldName, newName) +} + +// AlterColumn implements the [dbx.Builder.AlterColumn] interface method. +func (b *dualDBBuilder) AlterColumn(table, col, typ string) *dbx.Query { + return b.nonconcurrentDB.AlterColumn(table, col, typ) +} + +// AddPrimaryKey implements the [dbx.Builder.AddPrimaryKey] interface method. +func (b *dualDBBuilder) AddPrimaryKey(table, name string, cols ...string) *dbx.Query { + return b.nonconcurrentDB.AddPrimaryKey(table, name, cols...) +} + +// DropPrimaryKey implements the [dbx.Builder.DropPrimaryKey] interface method. +func (b *dualDBBuilder) DropPrimaryKey(table, name string) *dbx.Query { + return b.nonconcurrentDB.DropPrimaryKey(table, name) +} + +// AddForeignKey implements the [dbx.Builder.AddForeignKey] interface method. +func (b *dualDBBuilder) AddForeignKey(table, name string, cols, refCols []string, refTable string, options ...string) *dbx.Query { + return b.nonconcurrentDB.AddForeignKey(table, name, cols, refCols, refTable, options...) +} + +// DropForeignKey implements the [dbx.Builder.DropForeignKey] interface method. +func (b *dualDBBuilder) DropForeignKey(table, name string) *dbx.Query { + return b.nonconcurrentDB.DropForeignKey(table, name) +} + +// CreateIndex implements the [dbx.Builder.CreateIndex] interface method. +func (b *dualDBBuilder) CreateIndex(table, name string, cols ...string) *dbx.Query { + return b.nonconcurrentDB.CreateIndex(table, name, cols...) +} + +// CreateUniqueIndex implements the [dbx.Builder.CreateUniqueIndex] interface method. +func (b *dualDBBuilder) CreateUniqueIndex(table, name string, cols ...string) *dbx.Query { + return b.nonconcurrentDB.CreateUniqueIndex(table, name, cols...) +} + +// DropIndex implements the [dbx.Builder.DropIndex] interface method. +func (b *dualDBBuilder) DropIndex(table, name string) *dbx.Query { + return b.nonconcurrentDB.DropIndex(table, name) +} + +// NewQuery implements the [dbx.Builder.NewQuery] interface method by +// routing the SELECT queries to the concurrent builder instance. +func (b *dualDBBuilder) NewQuery(str string) *dbx.Query { + // note: technically INSERT/UPDATE/DELETE could also have CTE but since + // it is rare for now this scase is ignored to avoid unnecessary complicating the checks + trimmed := trimLeftSpaces(str) + if hasPrefixFold(trimmed, "SELECT") || hasPrefixFold(trimmed, "WITH") { + return b.concurrentDB.NewQuery(str) + } + + return b.nonconcurrentDB.NewQuery(str) +} + +var asciiSpace = [256]uint8{'\t': 1, '\n': 1, '\v': 1, '\f': 1, '\r': 1, ' ': 1} + +// note: similar to strings.Space() but without the right trim because it is not needed in our case +func trimLeftSpaces(str string) string { + start := 0 + for ; start < len(str); start++ { + c := str[start] + if c >= utf8.RuneSelf { + return strings.TrimLeftFunc(str[start:], unicode.IsSpace) + } + if asciiSpace[c] == 0 { + break + } + } + + return str[start:] +} + +// note: the prefix is expected to be ASCII +func hasPrefixFold(str, prefix string) bool { + if len(str) < len(prefix) { + return false + } + + return strings.EqualFold(str[:len(prefix)], prefix) +} diff --git a/core/db_connect.go b/core/db_connect.go new file mode 100644 index 0000000..189a544 --- /dev/null +++ b/core/db_connect.go @@ -0,0 +1,22 @@ +//go:build !no_default_driver + +package core + +import ( + "github.com/pocketbase/dbx" + _ "modernc.org/sqlite" +) + +func DefaultDBConnect(dbPath string) (*dbx.DB, error) { + // Note: the busy_timeout pragma must be first because + // the connection needs to be set to block on busy before WAL mode + // is set in case it hasn't been already set by another connection. + pragmas := "?_pragma=busy_timeout(10000)&_pragma=journal_mode(WAL)&_pragma=journal_size_limit(200000000)&_pragma=synchronous(NORMAL)&_pragma=foreign_keys(ON)&_pragma=temp_store(MEMORY)&_pragma=cache_size(-16000)" + + db, err := dbx.Open("sqlite", dbPath+pragmas) + if err != nil { + return nil, err + } + + return db, nil +} diff --git a/core/db_connect_nodefaultdriver.go b/core/db_connect_nodefaultdriver.go new file mode 100644 index 0000000..34e7a41 --- /dev/null +++ b/core/db_connect_nodefaultdriver.go @@ -0,0 +1,9 @@ +//go:build no_default_driver + +package core + +import "github.com/pocketbase/dbx" + +func DefaultDBConnect(dbPath string) (*dbx.DB, error) { + panic("DBConnect config option must be set when the no_default_driver tag is used!") +} diff --git a/core/db_model.go b/core/db_model.go new file mode 100644 index 0000000..9649e1a --- /dev/null +++ b/core/db_model.go @@ -0,0 +1,59 @@ +package core + +// Model defines an interface with common methods that all db models should have. +// +// Note: for simplicity composite pk are not supported. +type Model interface { + TableName() string + PK() any + LastSavedPK() any + IsNew() bool + MarkAsNew() + MarkAsNotNew() +} + +// BaseModel defines a base struct that is intended to be embedded into other custom models. +type BaseModel struct { + lastSavedPK string + + // Id is the primary key of the model. + // It is usually autogenerated by the parent model implementation. + Id string `db:"id" json:"id" form:"id" xml:"id"` +} + +// LastSavedPK returns the last saved primary key of the model. +// +// Its value is updated to the latest PK value after MarkAsNotNew() or PostScan() calls. +func (m *BaseModel) LastSavedPK() any { + return m.lastSavedPK +} + +func (m *BaseModel) PK() any { + return m.Id +} + +// IsNew indicates what type of db query (insert or update) +// should be used with the model instance. +func (m *BaseModel) IsNew() bool { + return m.lastSavedPK == "" +} + +// MarkAsNew clears the pk field and marks the current model as "new" +// (aka. forces m.IsNew() to be true). +func (m *BaseModel) MarkAsNew() { + m.lastSavedPK = "" +} + +// MarkAsNew set the pk field to the Id value and marks the current model +// as NOT "new" (aka. forces m.IsNew() to be false). +func (m *BaseModel) MarkAsNotNew() { + m.lastSavedPK = m.Id +} + +// PostScan implements the [dbx.PostScanner] interface. +// +// It is usually executed right after the model is populated with the db row values. +func (m *BaseModel) PostScan() error { + m.MarkAsNotNew() + return nil +} diff --git a/core/db_model_test.go b/core/db_model_test.go new file mode 100644 index 0000000..1771a77 --- /dev/null +++ b/core/db_model_test.go @@ -0,0 +1,70 @@ +package core_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/core" +) + +func TestBaseModel(t *testing.T) { + id := "test_id" + + m := core.BaseModel{Id: id} + + if m.PK() != id { + t.Fatalf("[before PostScan] Expected PK %q, got %q", "", m.PK()) + } + + if m.LastSavedPK() != "" { + t.Fatalf("[before PostScan] Expected LastSavedPK %q, got %q", "", m.LastSavedPK()) + } + + if !m.IsNew() { + t.Fatalf("[before PostScan] Expected IsNew %v, got %v", true, m.IsNew()) + } + + if err := m.PostScan(); err != nil { + t.Fatal(err) + } + + if m.PK() != id { + t.Fatalf("[after PostScan] Expected PK %q, got %q", "", m.PK()) + } + + if m.LastSavedPK() != id { + t.Fatalf("[after PostScan] Expected LastSavedPK %q, got %q", id, m.LastSavedPK()) + } + + if m.IsNew() { + t.Fatalf("[after PostScan] Expected IsNew %v, got %v", false, m.IsNew()) + } + + m.MarkAsNew() + + if m.PK() != id { + t.Fatalf("[after MarkAsNew] Expected PK %q, got %q", id, m.PK()) + } + + if m.LastSavedPK() != "" { + t.Fatalf("[after MarkAsNew] Expected LastSavedPK %q, got %q", "", m.LastSavedPK()) + } + + if !m.IsNew() { + t.Fatalf("[after MarkAsNew] Expected IsNew %v, got %v", true, m.IsNew()) + } + + // mark as not new without id + m.MarkAsNotNew() + + if m.PK() != id { + t.Fatalf("[after MarkAsNotNew] Expected PK %q, got %q", id, m.PK()) + } + + if m.LastSavedPK() != id { + t.Fatalf("[after MarkAsNotNew] Expected LastSavedPK %q, got %q", id, m.LastSavedPK()) + } + + if m.IsNew() { + t.Fatalf("[after MarkAsNotNew] Expected IsNew %v, got %v", false, m.IsNew()) + } +} diff --git a/core/db_retry.go b/core/db_retry.go new file mode 100644 index 0000000..0c83d64 --- /dev/null +++ b/core/db_retry.go @@ -0,0 +1,70 @@ +package core + +import ( + "context" + "database/sql" + "errors" + "fmt" + "strings" + "time" + + "github.com/pocketbase/dbx" +) + +// default retries intervals (in ms) +var defaultRetryIntervals = []int{50, 100, 150, 200, 300, 400, 500, 700, 1000} + +// default max retry attempts +const defaultMaxLockRetries = 12 + +func execLockRetry(timeout time.Duration, maxRetries int) dbx.ExecHookFunc { + return func(q *dbx.Query, op func() error) error { + if q.Context() == nil { + cancelCtx, cancel := context.WithTimeout(context.Background(), timeout) + defer func() { + cancel() + //nolint:staticcheck + q.WithContext(nil) // reset + }() + q.WithContext(cancelCtx) + } + + execErr := baseLockRetry(func(attempt int) error { + return op() + }, maxRetries) + if execErr != nil && !errors.Is(execErr, sql.ErrNoRows) { + execErr = fmt.Errorf("%w; failed query: %s", execErr, q.SQL()) + } + + return execErr + } +} + +func baseLockRetry(op func(attempt int) error, maxRetries int) error { + attempt := 1 + +Retry: + err := op(attempt) + + if err != nil && attempt <= maxRetries { + errStr := err.Error() + // we are checking the error against the plain error texts since the codes could vary between drivers + if strings.Contains(errStr, "database is locked") || + strings.Contains(errStr, "table is locked") { + // wait and retry + time.Sleep(getDefaultRetryInterval(attempt)) + attempt++ + goto Retry + } + } + + return err +} + +func getDefaultRetryInterval(attempt int) time.Duration { + if attempt < 0 || attempt > len(defaultRetryIntervals)-1 { + return time.Duration(defaultRetryIntervals[len(defaultRetryIntervals)-1]) * time.Millisecond + } + + return time.Duration(defaultRetryIntervals[attempt]) * time.Millisecond +} diff --git a/core/db_retry_test.go b/core/db_retry_test.go new file mode 100644 index 0000000..838902f --- /dev/null +++ b/core/db_retry_test.go @@ -0,0 +1,66 @@ +package core + +import ( + "errors" + "fmt" + "testing" +) + +func TestGetDefaultRetryInterval(t *testing.T) { + t.Parallel() + + if i := getDefaultRetryInterval(-1); i.Milliseconds() != 1000 { + t.Fatalf("Expected 1000ms, got %v", i) + } + + if i := getDefaultRetryInterval(999); i.Milliseconds() != 1000 { + t.Fatalf("Expected 1000ms, got %v", i) + } + + if i := getDefaultRetryInterval(3); i.Milliseconds() != 200 { + t.Fatalf("Expected 500ms, got %v", i) + } +} + +func TestBaseLockRetry(t *testing.T) { + t.Parallel() + + scenarios := []struct { + err error + failUntilAttempt int + expectedAttempts int + }{ + {nil, 3, 1}, + {errors.New("test"), 3, 1}, + {errors.New("database is locked"), 3, 3}, + {errors.New("table is locked"), 3, 3}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.err), func(t *testing.T) { + lastAttempt := 0 + + err := baseLockRetry(func(attempt int) error { + lastAttempt = attempt + + if attempt < s.failUntilAttempt { + return s.err + } + + return nil + }, s.failUntilAttempt+2) + + if lastAttempt != s.expectedAttempts { + t.Errorf("Expected lastAttempt to be %d, got %d", s.expectedAttempts, lastAttempt) + } + + if s.failUntilAttempt == s.expectedAttempts && err != nil { + t.Fatalf("Expected nil, got err %v", err) + } + + if s.failUntilAttempt != s.expectedAttempts && s.err != nil && err == nil { + t.Fatalf("Expected error %q, got nil", s.err) + } + }) + } +} diff --git a/core/db_table.go b/core/db_table.go new file mode 100644 index 0000000..053c24b --- /dev/null +++ b/core/db_table.go @@ -0,0 +1,137 @@ +package core + +import ( + "database/sql" + "fmt" + + "github.com/pocketbase/dbx" +) + +// TableColumns returns all column names of a single table by its name. +func (app *BaseApp) TableColumns(tableName string) ([]string, error) { + columns := []string{} + + err := app.ConcurrentDB().NewQuery("SELECT name FROM PRAGMA_TABLE_INFO({:tableName})"). + Bind(dbx.Params{"tableName": tableName}). + Column(&columns) + + return columns, err +} + +type TableInfoRow struct { + // the `db:"pk"` tag has special semantic so we cannot rename + // the original field without specifying a custom mapper + PK int + + Index int `db:"cid"` + Name string `db:"name"` + Type string `db:"type"` + NotNull bool `db:"notnull"` + DefaultValue sql.NullString `db:"dflt_value"` +} + +// TableInfo returns the "table_info" pragma result for the specified table. +func (app *BaseApp) TableInfo(tableName string) ([]*TableInfoRow, error) { + info := []*TableInfoRow{} + + err := app.ConcurrentDB().NewQuery("SELECT * FROM PRAGMA_TABLE_INFO({:tableName})"). + Bind(dbx.Params{"tableName": tableName}). + All(&info) + if err != nil { + return nil, err + } + + // mattn/go-sqlite3 doesn't throw an error on invalid or missing table + // so we additionally have to check whether the loaded info result is nonempty + if len(info) == 0 { + return nil, fmt.Errorf("empty table info probably due to invalid or missing table %s", tableName) + } + + return info, nil +} + +// TableIndexes returns a name grouped map with all non empty index of the specified table. +// +// Note: This method doesn't return an error on nonexisting table. +func (app *BaseApp) TableIndexes(tableName string) (map[string]string, error) { + indexes := []struct { + Name string + Sql string + }{} + + err := app.ConcurrentDB().Select("name", "sql"). + From("sqlite_master"). + AndWhere(dbx.NewExp("sql is not null")). + AndWhere(dbx.HashExp{ + "type": "index", + "tbl_name": tableName, + }). + All(&indexes) + if err != nil { + return nil, err + } + + result := make(map[string]string, len(indexes)) + + for _, idx := range indexes { + result[idx.Name] = idx.Sql + } + + return result, nil +} + +// DeleteTable drops the specified table. +// +// This method is a no-op if a table with the provided name doesn't exist. +// +// NB! Be aware that this method is vulnerable to SQL injection and the +// "tableName" argument must come only from trusted input! +func (app *BaseApp) DeleteTable(tableName string) error { + _, err := app.NonconcurrentDB().NewQuery(fmt.Sprintf( + "DROP TABLE IF EXISTS {{%s}}", + tableName, + )).Execute() + + return err +} + +// HasTable checks if a table (or view) with the provided name exists (case insensitive). +// in the data.db. +func (app *BaseApp) HasTable(tableName string) bool { + return app.hasTable(app.ConcurrentDB(), tableName) +} + +// AuxHasTable checks if a table (or view) with the provided name exists (case insensitive) +// in the auixiliary.db. +func (app *BaseApp) AuxHasTable(tableName string) bool { + return app.hasTable(app.AuxConcurrentDB(), tableName) +} + +func (app *BaseApp) hasTable(db dbx.Builder, tableName string) bool { + var exists int + + err := db.Select("(1)"). + From("sqlite_schema"). + AndWhere(dbx.HashExp{"type": []any{"table", "view"}}). + AndWhere(dbx.NewExp("LOWER([[name]])=LOWER({:tableName})", dbx.Params{"tableName": tableName})). + Limit(1). + Row(&exists) + + return err == nil && exists > 0 +} + +// Vacuum executes VACUUM on the data.db in order to reclaim unused data db disk space. +func (app *BaseApp) Vacuum() error { + return app.vacuum(app.NonconcurrentDB()) +} + +// AuxVacuum executes VACUUM on the auxiliary.db in order to reclaim unused auxiliary db disk space. +func (app *BaseApp) AuxVacuum() error { + return app.vacuum(app.AuxNonconcurrentDB()) +} + +func (app *BaseApp) vacuum(db dbx.Builder) error { + _, err := db.NewQuery("VACUUM").Execute() + + return err +} diff --git a/core/db_table_test.go b/core/db_table_test.go new file mode 100644 index 0000000..2dede6b --- /dev/null +++ b/core/db_table_test.go @@ -0,0 +1,250 @@ +package core_test + +import ( + "context" + "database/sql" + "encoding/json" + "fmt" + "slices" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestHasTable(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + tableName string + expected bool + }{ + {"", false}, + {"test", false}, + {core.CollectionNameSuperusers, true}, + {"demo3", true}, + {"DEMO3", true}, // table names are case insensitives by default + {"view1", true}, // view + } + + for _, s := range scenarios { + t.Run(s.tableName, func(t *testing.T) { + result := app.HasTable(s.tableName) + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestAuxHasTable(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + tableName string + expected bool + }{ + {"", false}, + {"test", false}, + {"_lOGS", true}, // table names are case insensitives by default + } + + for _, s := range scenarios { + t.Run(s.tableName, func(t *testing.T) { + result := app.AuxHasTable(s.tableName) + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestTableColumns(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + tableName string + expected []string + }{ + {"", nil}, + {"_params", []string{"id", "value", "created", "updated"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.tableName), func(t *testing.T) { + columns, _ := app.TableColumns(s.tableName) + + if len(columns) != len(s.expected) { + t.Fatalf("Expected columns %v, got %v", s.expected, columns) + } + + for _, c := range columns { + if !slices.Contains(s.expected, c) { + t.Errorf("Didn't expect column %s", c) + } + } + }) + } +} + +func TestTableInfo(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + tableName string + expected string + }{ + {"", "null"}, + {"missing", "null"}, + { + "_params", + `[{"PK":0,"Index":0,"Name":"created","Type":"TEXT","NotNull":true,"DefaultValue":{"String":"''","Valid":true}},{"PK":1,"Index":1,"Name":"id","Type":"TEXT","NotNull":true,"DefaultValue":{"String":"'r'||lower(hex(randomblob(7)))","Valid":true}},{"PK":0,"Index":2,"Name":"updated","Type":"TEXT","NotNull":true,"DefaultValue":{"String":"''","Valid":true}},{"PK":0,"Index":3,"Name":"value","Type":"JSON","NotNull":false,"DefaultValue":{"String":"NULL","Valid":true}}]`, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.tableName), func(t *testing.T) { + rows, _ := app.TableInfo(s.tableName) + + raw, err := json.Marshal(rows) + if err != nil { + t.Fatal(err) + } + + if str := string(raw); str != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, str) + } + }) + } +} + +func TestTableIndexes(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + tableName string + expected []string + }{ + {"", nil}, + {"missing", nil}, + { + core.CollectionNameSuperusers, + []string{"idx_email__pbc_3323866339", "idx_tokenKey__pbc_3323866339"}, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.tableName), func(t *testing.T) { + indexes, _ := app.TableIndexes(s.tableName) + + if len(indexes) != len(s.expected) { + t.Fatalf("Expected %d indexes, got %d\n%v", len(s.expected), len(indexes), indexes) + } + + for _, name := range s.expected { + if v, ok := indexes[name]; !ok || v == "" { + t.Fatalf("Expected non-empty index %q in \n%v", name, indexes) + } + } + }) + } +} + +func TestDeleteTable(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + tableName string + expectError bool + }{ + {"", true}, + {"test", false}, // missing tables are ignored + {"_admins", false}, + {"demo3", false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.tableName), func(t *testing.T) { + err := app.DeleteTable(s.tableName) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + }) + } +} + +func TestVacuum(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + calledQueries := []string{} + app.NonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + calledQueries = append(calledQueries, sql) + } + app.NonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + calledQueries = append(calledQueries, sql) + } + + if err := app.Vacuum(); err != nil { + t.Fatal(err) + } + + if total := len(calledQueries); total != 1 { + t.Fatalf("Expected 1 query, got %d", total) + } + + if calledQueries[0] != "VACUUM" { + t.Fatalf("Expected VACUUM query, got %s", calledQueries[0]) + } +} + +func TestAuxVacuum(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + calledQueries := []string{} + app.AuxNonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + calledQueries = append(calledQueries, sql) + } + app.AuxNonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + calledQueries = append(calledQueries, sql) + } + + if err := app.AuxVacuum(); err != nil { + t.Fatal(err) + } + + if total := len(calledQueries); total != 1 { + t.Fatalf("Expected 1 query, got %d", total) + } + + if calledQueries[0] != "VACUUM" { + t.Fatalf("Expected VACUUM query, got %s", calledQueries[0]) + } +} diff --git a/core/db_test.go b/core/db_test.go new file mode 100644 index 0000000..d274b7e --- /dev/null +++ b/core/db_test.go @@ -0,0 +1,113 @@ +package core_test + +import ( + "context" + "errors" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestGenerateDefaultRandomId(t *testing.T) { + t.Parallel() + + id1 := core.GenerateDefaultRandomId() + id2 := core.GenerateDefaultRandomId() + + if id1 == id2 { + t.Fatalf("Expected id1 and id2 to differ, got %q", id1) + } + + if l := len(id1); l != 15 { + t.Fatalf("Expected id1 length %d, got %d", 15, l) + } + + if l := len(id2); l != 15 { + t.Fatalf("Expected id2 length %d, got %d", 15, l) + } +} + +func TestModelQuery(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + modelsQuery := app.ModelQuery(&core.Collection{}) + logsModelQuery := app.AuxModelQuery(&core.Collection{}) + + if app.ConcurrentDB() == modelsQuery.Info().Builder { + t.Fatalf("ModelQuery() is not using app.ConcurrentDB()") + } + + if app.AuxConcurrentDB() == logsModelQuery.Info().Builder { + t.Fatalf("AuxModelQuery() is not using app.AuxConcurrentDB()") + } + + expectedSQL := "SELECT {{_collections}}.* FROM `_collections`" + for i, q := range []*dbx.SelectQuery{modelsQuery, logsModelQuery} { + sql := q.Build().SQL() + if sql != expectedSQL { + t.Fatalf("[%d] Expected select\n%s\ngot\n%s", i, expectedSQL, sql) + } + } +} + +func TestValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + u := &mockSuperusers{} + + testErr := errors.New("test") + + app.OnModelValidate().BindFunc(func(e *core.ModelEvent) error { + return testErr + }) + + err := app.Validate(u) + if err != testErr { + t.Fatalf("Expected error %v, got %v", testErr, err) + } +} + +func TestValidateWithContext(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + u := &mockSuperusers{} + + testErr := errors.New("test") + + app.OnModelValidate().BindFunc(func(e *core.ModelEvent) error { + if v := e.Context.Value("test"); v != 123 { + t.Fatalf("Expected 'test' context value %#v, got %#v", 123, v) + } + return testErr + }) + + //nolint:staticcheck + ctx := context.WithValue(context.Background(), "test", 123) + + err := app.ValidateWithContext(ctx, u) + if err != testErr { + t.Fatalf("Expected error %v, got %v", testErr, err) + } +} + +// ------------------------------------------------------------------- + +type mockSuperusers struct { + core.BaseModel + Email string `db:"email"` +} + +func (m *mockSuperusers) TableName() string { + return core.CollectionNameSuperusers +} diff --git a/core/db_tx.go b/core/db_tx.go new file mode 100644 index 0000000..3f08228 --- /dev/null +++ b/core/db_tx.go @@ -0,0 +1,112 @@ +package core + +import ( + "errors" + "fmt" + "sync" + + "github.com/pocketbase/dbx" +) + +// RunInTransaction wraps fn into a transaction for the regular app database. +// +// It is safe to nest RunInTransaction calls as long as you use the callback's txApp. +func (app *BaseApp) RunInTransaction(fn func(txApp App) error) error { + return app.runInTransaction(app.NonconcurrentDB(), fn, false) +} + +// AuxRunInTransaction wraps fn into a transaction for the auxiliary app database. +// +// It is safe to nest RunInTransaction calls as long as you use the callback's txApp. +func (app *BaseApp) AuxRunInTransaction(fn func(txApp App) error) error { + return app.runInTransaction(app.AuxNonconcurrentDB(), fn, true) +} + +func (app *BaseApp) runInTransaction(db dbx.Builder, fn func(txApp App) error, isForAuxDB bool) error { + switch txOrDB := db.(type) { + case *dbx.Tx: + // run as part of the already existing transaction + return fn(app) + case *dbx.DB: + var txApp *BaseApp + txErr := txOrDB.Transactional(func(tx *dbx.Tx) error { + txApp = app.createTxApp(tx, isForAuxDB) + return fn(txApp) + }) + + // execute all after event calls on transaction complete + if txApp != nil && txApp.txInfo != nil { + afterFuncErr := txApp.txInfo.runAfterFuncs(txErr) + if afterFuncErr != nil { + return errors.Join(txErr, afterFuncErr) + } + } + + return txErr + default: + return errors.New("failed to start transaction (unknown db type)") + } +} + +// createTxApp shallow clones the current app and assigns a new tx state. +func (app *BaseApp) createTxApp(tx *dbx.Tx, isForAuxDB bool) *BaseApp { + clone := *app + + if isForAuxDB { + clone.auxConcurrentDB = tx + clone.auxNonconcurrentDB = tx + } else { + clone.concurrentDB = tx + clone.nonconcurrentDB = tx + } + + clone.txInfo = &TxAppInfo{ + parent: app, + isForAuxDB: isForAuxDB, + } + + return &clone +} + +// TxAppInfo represents an active transaction context associated to an existing app instance. +type TxAppInfo struct { + parent *BaseApp + afterFuncs []func(txErr error) error + mu sync.Mutex + isForAuxDB bool +} + +// OnComplete registers the provided callback that will be invoked +// once the related transaction ends (either completes successfully or rollbacked with an error). +// +// The callback receives the transaction error (if any) as its argument. +// Any additional errors returned by the OnComplete callbacks will be +// joined together with txErr when returning the final transaction result. +func (a *TxAppInfo) OnComplete(fn func(txErr error) error) { + a.mu.Lock() + defer a.mu.Unlock() + + a.afterFuncs = append(a.afterFuncs, fn) +} + +// note: can be called only once because TxAppInfo is cleared +func (a *TxAppInfo) runAfterFuncs(txErr error) error { + a.mu.Lock() + defer a.mu.Unlock() + + var errs []error + + for _, call := range a.afterFuncs { + if err := call(txErr); err != nil { + errs = append(errs, err) + } + } + + a.afterFuncs = nil + + if len(errs) > 0 { + return fmt.Errorf("transaction afterFunc errors: %w", errors.Join(errs...)) + } + + return nil +} diff --git a/core/db_tx_test.go b/core/db_tx_test.go new file mode 100644 index 0000000..d83f126 --- /dev/null +++ b/core/db_tx_test.go @@ -0,0 +1,413 @@ +package core_test + +import ( + "errors" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRunInTransaction(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + t.Run("failed nested transaction", func(t *testing.T) { + app.RunInTransaction(func(txApp core.App) error { + superuser, _ := txApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + + return txApp.RunInTransaction(func(tx2Dao core.App) error { + if err := tx2Dao.Delete(superuser); err != nil { + t.Fatal(err) + } + return errors.New("test error") + }) + }) + + // superuser should still exist + superuser, _ := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if superuser == nil { + t.Fatal("Expected superuser test@example.com to not be deleted") + } + }) + + t.Run("successful nested transaction", func(t *testing.T) { + app.RunInTransaction(func(txApp core.App) error { + superuser, _ := txApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + + return txApp.RunInTransaction(func(tx2Dao core.App) error { + return tx2Dao.Delete(superuser) + }) + }) + + // superuser should have been deleted + superuser, _ := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if superuser != nil { + t.Fatalf("Expected superuser test@example.com to be deleted, found %v", superuser) + } + }) +} + +func TestTransactionHooksCallsOnFailure(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + createHookCalls := 0 + updateHookCalls := 0 + deleteHookCalls := 0 + afterCreateHookCalls := 0 + afterUpdateHookCalls := 0 + afterDeleteHookCalls := 0 + + app.OnModelCreate().BindFunc(func(e *core.ModelEvent) error { + createHookCalls++ + return e.Next() + }) + + app.OnModelUpdate().BindFunc(func(e *core.ModelEvent) error { + updateHookCalls++ + return e.Next() + }) + + app.OnModelDelete().BindFunc(func(e *core.ModelEvent) error { + deleteHookCalls++ + return e.Next() + }) + + app.OnModelAfterCreateSuccess().BindFunc(func(e *core.ModelEvent) error { + afterCreateHookCalls++ + return e.Next() + }) + + app.OnModelAfterUpdateSuccess().BindFunc(func(e *core.ModelEvent) error { + afterUpdateHookCalls++ + return e.Next() + }) + + app.OnModelAfterDeleteSuccess().BindFunc(func(e *core.ModelEvent) error { + afterDeleteHookCalls++ + return e.Next() + }) + + existingModel, _ := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + + app.RunInTransaction(func(txApp1 core.App) error { + return txApp1.RunInTransaction(func(txApp2 core.App) error { + // test create + // --- + newModel := core.NewRecord(existingModel.Collection()) + newModel.SetEmail("test_new1@example.com") + newModel.SetPassword("1234567890") + if err := txApp2.Save(newModel); err != nil { + t.Fatal(err) + } + + // test update (twice) + // --- + if err := txApp2.Save(existingModel); err != nil { + t.Fatal(err) + } + if err := txApp2.Save(existingModel); err != nil { + t.Fatal(err) + } + + // test delete + // --- + if err := txApp2.Delete(newModel); err != nil { + t.Fatal(err) + } + + return errors.New("test_tx_error") + }) + }) + + if createHookCalls != 1 { + t.Errorf("Expected createHookCalls to be called 1 time, got %d", createHookCalls) + } + if updateHookCalls != 2 { + t.Errorf("Expected updateHookCalls to be called 2 times, got %d", updateHookCalls) + } + if deleteHookCalls != 1 { + t.Errorf("Expected deleteHookCalls to be called 1 time, got %d", deleteHookCalls) + } + if afterCreateHookCalls != 0 { + t.Errorf("Expected afterCreateHookCalls to be called 0 times, got %d", afterCreateHookCalls) + } + if afterUpdateHookCalls != 0 { + t.Errorf("Expected afterUpdateHookCalls to be called 0 times, got %d", afterUpdateHookCalls) + } + if afterDeleteHookCalls != 0 { + t.Errorf("Expected afterDeleteHookCalls to be called 0 times, got %d", afterDeleteHookCalls) + } +} + +func TestTransactionHooksCallsOnSuccess(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + createHookCalls := 0 + updateHookCalls := 0 + deleteHookCalls := 0 + afterCreateHookCalls := 0 + afterUpdateHookCalls := 0 + afterDeleteHookCalls := 0 + + app.OnModelCreate().BindFunc(func(e *core.ModelEvent) error { + createHookCalls++ + return e.Next() + }) + + app.OnModelUpdate().BindFunc(func(e *core.ModelEvent) error { + updateHookCalls++ + return e.Next() + }) + + app.OnModelDelete().BindFunc(func(e *core.ModelEvent) error { + deleteHookCalls++ + return e.Next() + }) + + app.OnModelAfterCreateSuccess().BindFunc(func(e *core.ModelEvent) error { + if e.App.IsTransactional() { + t.Fatal("Expected e.App to be non-transactional") + } + + afterCreateHookCalls++ + return e.Next() + }) + + app.OnModelAfterUpdateSuccess().BindFunc(func(e *core.ModelEvent) error { + if e.App.IsTransactional() { + t.Fatal("Expected e.App to be non-transactional") + } + + afterUpdateHookCalls++ + return e.Next() + }) + + app.OnModelAfterDeleteSuccess().BindFunc(func(e *core.ModelEvent) error { + if e.App.IsTransactional() { + t.Fatal("Expected e.App to be non-transactional") + } + + afterDeleteHookCalls++ + return e.Next() + }) + + existingModel, _ := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + + app.RunInTransaction(func(txApp1 core.App) error { + return txApp1.RunInTransaction(func(txApp2 core.App) error { + // test create + // --- + newModel := core.NewRecord(existingModel.Collection()) + newModel.SetEmail("test_new1@example.com") + newModel.SetPassword("1234567890") + if err := txApp2.Save(newModel); err != nil { + t.Fatal(err) + } + + // test update (twice) + // --- + if err := txApp2.Save(existingModel); err != nil { + t.Fatal(err) + } + if err := txApp2.Save(existingModel); err != nil { + t.Fatal(err) + } + + // test delete + // --- + if err := txApp2.Delete(newModel); err != nil { + t.Fatal(err) + } + + return nil + }) + }) + + if createHookCalls != 1 { + t.Errorf("Expected createHookCalls to be called 1 time, got %d", createHookCalls) + } + if updateHookCalls != 2 { + t.Errorf("Expected updateHookCalls to be called 2 times, got %d", updateHookCalls) + } + if deleteHookCalls != 1 { + t.Errorf("Expected deleteHookCalls to be called 1 time, got %d", deleteHookCalls) + } + if afterCreateHookCalls != 1 { + t.Errorf("Expected afterCreateHookCalls to be called 1 time, got %d", afterCreateHookCalls) + } + if afterUpdateHookCalls != 2 { + t.Errorf("Expected afterUpdateHookCalls to be called 2 times, got %d", afterUpdateHookCalls) + } + if afterDeleteHookCalls != 1 { + t.Errorf("Expected afterDeleteHookCalls to be called 1 time, got %d", afterDeleteHookCalls) + } +} + +func TestTransactionFromInnerCreateHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + app.OnRecordCreateExecute("demo2").BindFunc(func(e *core.RecordEvent) error { + originalApp := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { + e.App = originalApp + }() + + nextErr := e.Next() + + return nextErr + }) + }) + + app.OnRecordAfterCreateSuccess("demo2").BindFunc(func(e *core.RecordEvent) error { + if e.App.IsTransactional() { + t.Fatal("Expected e.App to be non-transactional") + } + + // perform a db query with the app instance to ensure that it is still valid + _, err := e.App.FindFirstRecordByFilter("demo2", "1=1") + if err != nil { + t.Fatalf("Failed to perform a db query after tx success: %v", err) + } + + return e.Next() + }) + + collection, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + t.Fatal(err) + } + + record := core.NewRecord(collection) + + record.Set("title", "test_inner_tx") + + if err = app.Save(record); err != nil { + t.Fatalf("Create failed: %v", err) + } + + expectedHookCalls := map[string]int{ + "OnRecordCreateExecute": 1, + "OnRecordAfterCreateSuccess": 1, + } + for k, total := range expectedHookCalls { + if found, ok := app.EventCalls[k]; !ok || total != found { + t.Fatalf("Expected %q %d calls, got %d", k, total, found) + } + } +} + +func TestTransactionFromInnerUpdateHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + app.OnRecordUpdateExecute("demo2").BindFunc(func(e *core.RecordEvent) error { + originalApp := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { + e.App = originalApp + }() + + nextErr := e.Next() + + return nextErr + }) + }) + + app.OnRecordAfterUpdateSuccess("demo2").BindFunc(func(e *core.RecordEvent) error { + if e.App.IsTransactional() { + t.Fatal("Expected e.App to be non-transactional") + } + + // perform a db query with the app instance to ensure that it is still valid + _, err := e.App.FindFirstRecordByFilter("demo2", "1=1") + if err != nil { + t.Fatalf("Failed to perform a db query after tx success: %v", err) + } + + return e.Next() + }) + + existingModel, err := app.FindFirstRecordByFilter("demo2", "1=1") + if err != nil { + t.Fatal(err) + } + + if err = app.Save(existingModel); err != nil { + t.Fatalf("Update failed: %v", err) + } + + expectedHookCalls := map[string]int{ + "OnRecordUpdateExecute": 1, + "OnRecordAfterUpdateSuccess": 1, + } + for k, total := range expectedHookCalls { + if found, ok := app.EventCalls[k]; !ok || total != found { + t.Fatalf("Expected %q %d calls, got %d", k, total, found) + } + } +} + +func TestTransactionFromInnerDeleteHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + app.OnRecordDeleteExecute("demo2").BindFunc(func(e *core.RecordEvent) error { + originalApp := e.App + return e.App.RunInTransaction(func(txApp core.App) error { + e.App = txApp + defer func() { + e.App = originalApp + }() + + nextErr := e.Next() + + return nextErr + }) + }) + + app.OnRecordAfterDeleteSuccess("demo2").BindFunc(func(e *core.RecordEvent) error { + if e.App.IsTransactional() { + t.Fatal("Expected e.App to be non-transactional") + } + + // perform a db query with the app instance to ensure that it is still valid + _, err := e.App.FindFirstRecordByFilter("demo2", "1=1") + if err != nil { + t.Fatalf("Failed to perform a db query after tx success: %v", err) + } + + return e.Next() + }) + + existingModel, err := app.FindFirstRecordByFilter("demo2", "1=1") + if err != nil { + t.Fatal(err) + } + + if err = app.Delete(existingModel); err != nil { + t.Fatalf("Delete failed: %v", err) + } + + expectedHookCalls := map[string]int{ + "OnRecordDeleteExecute": 1, + "OnRecordAfterDeleteSuccess": 1, + } + for k, total := range expectedHookCalls { + if found, ok := app.EventCalls[k]; !ok || total != found { + t.Fatalf("Expected %q %d calls, got %d", k, total, found) + } + } +} diff --git a/core/event_request.go b/core/event_request.go new file mode 100644 index 0000000..11a80f7 --- /dev/null +++ b/core/event_request.go @@ -0,0 +1,197 @@ +package core + +import ( + "maps" + "net/netip" + "strings" + "sync" + + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/router" +) + +// Common request store keys used by the middlewares and api handlers. +const ( + RequestEventKeyInfoContext = "infoContext" +) + +// RequestEvent defines the PocketBase router handler event. +type RequestEvent struct { + App App + + cachedRequestInfo *RequestInfo + + Auth *Record + + router.Event + + mu sync.Mutex +} + +// RealIP returns the "real" IP address from the configured trusted proxy headers. +// +// If Settings.TrustedProxy is not configured or the found IP is empty, +// it fallbacks to e.RemoteIP(). +// +// NB! +// Be careful when used in a security critical context as it relies on +// the trusted proxy to be properly configured and your app to be accessible only through it. +// If you are not sure, use e.RemoteIP(). +func (e *RequestEvent) RealIP() string { + settings := e.App.Settings() + + for _, h := range settings.TrustedProxy.Headers { + headerValues := e.Request.Header.Values(h) + if len(headerValues) == 0 { + continue + } + + // extract the last header value as it is expected to be the one controlled by the proxy + ipsList := headerValues[len(headerValues)-1] + if ipsList == "" { + continue + } + + ips := strings.Split(ipsList, ",") + + if settings.TrustedProxy.UseLeftmostIP { + for _, ip := range ips { + parsed, err := netip.ParseAddr(strings.TrimSpace(ip)) + if err == nil { + return parsed.StringExpanded() + } + } + } else { + for i := len(ips) - 1; i >= 0; i-- { + parsed, err := netip.ParseAddr(strings.TrimSpace(ips[i])) + if err == nil { + return parsed.StringExpanded() + } + } + } + } + + return e.RemoteIP() +} + +// HasSuperuserAuth checks whether the current RequestEvent has superuser authentication loaded. +func (e *RequestEvent) HasSuperuserAuth() bool { + return e.Auth != nil && e.Auth.IsSuperuser() +} + +// RequestInfo parses the current request into RequestInfo instance. +// +// Note that the returned result is cached to avoid copying the request data multiple times +// but the auth state and other common store items are always refreshed in case they were changed by another handler. +func (e *RequestEvent) RequestInfo() (*RequestInfo, error) { + e.mu.Lock() + defer e.mu.Unlock() + + if e.cachedRequestInfo != nil { + e.cachedRequestInfo.Auth = e.Auth + + infoCtx, _ := e.Get(RequestEventKeyInfoContext).(string) + if infoCtx != "" { + e.cachedRequestInfo.Context = infoCtx + } else { + e.cachedRequestInfo.Context = RequestInfoContextDefault + } + } else { + // (re)init e.cachedRequestInfo based on the current request event + if err := e.initRequestInfo(); err != nil { + return nil, err + } + } + + return e.cachedRequestInfo, nil +} + +func (e *RequestEvent) initRequestInfo() error { + infoCtx, _ := e.Get(RequestEventKeyInfoContext).(string) + if infoCtx == "" { + infoCtx = RequestInfoContextDefault + } + + info := &RequestInfo{ + Context: infoCtx, + Method: e.Request.Method, + Query: map[string]string{}, + Headers: map[string]string{}, + Body: map[string]any{}, + } + + if err := e.BindBody(&info.Body); err != nil { + return err + } + + // extract the first value of all query params + query := e.Request.URL.Query() + for k, v := range query { + if len(v) > 0 { + info.Query[k] = v[0] + } + } + + // extract the first value of all headers and normalizes the keys + // ("X-Token" is converted to "x_token") + for k, v := range e.Request.Header { + if len(v) > 0 { + info.Headers[inflector.Snakecase(k)] = v[0] + } + } + + info.Auth = e.Auth + + e.cachedRequestInfo = info + + return nil +} + +// ------------------------------------------------------------------- + +const ( + RequestInfoContextDefault = "default" + RequestInfoContextExpand = "expand" + RequestInfoContextRealtime = "realtime" + RequestInfoContextProtectedFile = "protectedFile" + RequestInfoContextBatch = "batch" + RequestInfoContextOAuth2 = "oauth2" + RequestInfoContextOTP = "otp" + RequestInfoContextPasswordAuth = "password" +) + +// RequestInfo defines a HTTP request data struct, usually used +// as part of the `@request.*` filter resolver. +// +// The Query and Headers fields contains only the first value for each found entry. +type RequestInfo struct { + Query map[string]string `json:"query"` + Headers map[string]string `json:"headers"` + Body map[string]any `json:"body"` + Auth *Record `json:"auth"` + Method string `json:"method"` + Context string `json:"context"` +} + +// HasSuperuserAuth checks whether the current RequestInfo instance +// has superuser authentication loaded. +func (info *RequestInfo) HasSuperuserAuth() bool { + return info.Auth != nil && info.Auth.IsSuperuser() +} + +// Clone creates a new shallow copy of the current RequestInfo and its Auth record (if any). +func (info *RequestInfo) Clone() *RequestInfo { + clone := &RequestInfo{ + Method: info.Method, + Context: info.Context, + Query: maps.Clone(info.Query), + Body: maps.Clone(info.Body), + Headers: maps.Clone(info.Headers), + } + + if info.Auth != nil { + clone.Auth = info.Auth.Fresh() + } + + return clone +} diff --git a/core/event_request_batch.go b/core/event_request_batch.go new file mode 100644 index 0000000..240c880 --- /dev/null +++ b/core/event_request_batch.go @@ -0,0 +1,33 @@ +package core + +import ( + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/hook" +) + +type BatchRequestEvent struct { + hook.Event + *RequestEvent + + Batch []*InternalRequest +} + +type InternalRequest struct { + // note: for uploading files the value must be either *filesystem.File or []*filesystem.File + Body map[string]any `form:"body" json:"body"` + + Headers map[string]string `form:"headers" json:"headers"` + + Method string `form:"method" json:"method"` + + URL string `form:"url" json:"url"` +} + +func (br InternalRequest) Validate() error { + return validation.ValidateStruct(&br, + validation.Field(&br.Method, validation.Required, validation.In(http.MethodGet, http.MethodPost, http.MethodPut, http.MethodPatch, http.MethodDelete)), + validation.Field(&br.URL, validation.Required, validation.Length(0, 2000)), + ) +} diff --git a/core/event_request_batch_test.go b/core/event_request_batch_test.go new file mode 100644 index 0000000..6feaf40 --- /dev/null +++ b/core/event_request_batch_test.go @@ -0,0 +1,74 @@ +package core_test + +import ( + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestInternalRequestValidate(t *testing.T) { + scenarios := []struct { + name string + request core.InternalRequest + expectedErrors []string + }{ + { + "empty struct", + core.InternalRequest{}, + []string{"method", "url"}, + }, + + // method + { + "GET method", + core.InternalRequest{URL: "test", Method: http.MethodGet}, + []string{}, + }, + { + "POST method", + core.InternalRequest{URL: "test", Method: http.MethodPost}, + []string{}, + }, + { + "PUT method", + core.InternalRequest{URL: "test", Method: http.MethodPut}, + []string{}, + }, + { + "PATCH method", + core.InternalRequest{URL: "test", Method: http.MethodPatch}, + []string{}, + }, + { + "DELETE method", + core.InternalRequest{URL: "test", Method: http.MethodDelete}, + []string{}, + }, + { + "unknown method", + core.InternalRequest{URL: "test", Method: "unknown"}, + []string{"method"}, + }, + + // url + { + "url <= 2000", + core.InternalRequest{URL: strings.Repeat("a", 2000), Method: http.MethodGet}, + []string{}, + }, + { + "url > 2000", + core.InternalRequest{URL: strings.Repeat("a", 2001), Method: http.MethodGet}, + []string{"url"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + tests.TestValidationErrors(t, s.request.Validate(), s.expectedErrors) + }) + } +} diff --git a/core/event_request_test.go b/core/event_request_test.go new file mode 100644 index 0000000..6cfc3dc --- /dev/null +++ b/core/event_request_test.go @@ -0,0 +1,334 @@ +package core_test + +import ( + "encoding/json" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestEventRequestRealIP(t *testing.T) { + t.Parallel() + + headers := map[string][]string{ + "CF-Connecting-IP": {"1.2.3.4", "1.1.1.1"}, + "Fly-Client-IP": {"1.2.3.4", "1.1.1.2"}, + "X-Real-IP": {"1.2.3.4", "1.1.1.3,1.1.1.4"}, + "X-Forwarded-For": {"1.2.3.4", "invalid,1.1.1.5,1.1.1.6,invalid"}, + } + + scenarios := []struct { + name string + headers map[string][]string + trustedHeaders []string + useLeftmostIP bool + expected string + }{ + { + "no trusted headers", + headers, + nil, + false, + "127.0.0.1", + }, + { + "non-matching trusted header", + headers, + []string{"header1", "header2"}, + false, + "127.0.0.1", + }, + { + "trusted X-Real-IP (rightmost)", + headers, + []string{"header1", "x-real-ip", "x-forwarded-for"}, + false, + "1.1.1.4", + }, + { + "trusted X-Real-IP (leftmost)", + headers, + []string{"header1", "x-real-ip", "x-forwarded-for"}, + true, + "1.1.1.3", + }, + { + "trusted X-Forwarded-For (rightmost)", + headers, + []string{"header1", "x-forwarded-for"}, + false, + "1.1.1.6", + }, + { + "trusted X-Forwarded-For (leftmost)", + headers, + []string{"header1", "x-forwarded-for"}, + true, + "1.1.1.5", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, err := tests.NewTestApp() + if err != nil { + t.Fatal(err) + } + defer app.Cleanup() + + app.Settings().TrustedProxy.Headers = s.trustedHeaders + app.Settings().TrustedProxy.UseLeftmostIP = s.useLeftmostIP + + event := core.RequestEvent{} + event.App = app + + event.Request, err = http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatal(err) + } + event.Request.RemoteAddr = "127.0.0.1:80" // fallback + + for k, values := range s.headers { + for _, v := range values { + event.Request.Header.Add(k, v) + } + } + + result := event.RealIP() + + if result != s.expected { + t.Fatalf("Expected ip %q, got %q", s.expected, result) + } + }) + } +} + +func TestEventRequestHasSuperUserAuth(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + record *core.Record + expected bool + }{ + {"nil record", nil, false}, + {"regular user record", user, false}, + {"superuser record", superuser, true}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + e := core.RequestEvent{} + e.Auth = s.record + + result := e.HasSuperuserAuth() + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestRequestEventRequestInfo(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + userCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + user1 := core.NewRecord(userCol) + user1.Id = "user1" + user1.SetEmail("test1@example.com") + + user2 := core.NewRecord(userCol) + user2.Id = "user2" + user2.SetEmail("test2@example.com") + + testBody := `{"a":123,"b":"test"}` + + event := core.RequestEvent{} + event.Request, err = http.NewRequest("POST", "/test?q1=123&q2=456", strings.NewReader(testBody)) + if err != nil { + t.Fatal(err) + } + event.Request.Header.Add("content-type", "application/json") + event.Request.Header.Add("x-test", "test") + event.Set(core.RequestEventKeyInfoContext, "test") + event.Auth = user1 + + t.Run("init", func(t *testing.T) { + info, err := event.RequestInfo() + if err != nil { + t.Fatalf("Failed to resolve request info: %v", err) + } + + raw, err := json.Marshal(info) + if err != nil { + t.Fatalf("Failed to serialize request info: %v", err) + } + rawStr := string(raw) + + expected := `{"query":{"q1":"123","q2":"456"},"headers":{"content_type":"application/json","x_test":"test"},"body":{"a":123,"b":"test"},"auth":{"avatar":"","collectionId":"_pb_users_auth_","collectionName":"users","created":"","emailVisibility":false,"file":[],"id":"user1","name":"","rel":"","updated":"","username":"","verified":false},"method":"POST","context":"test"}` + + if expected != rawStr { + t.Fatalf("Expected\n%v\ngot\n%v", expected, rawStr) + } + }) + + t.Run("change user and context", func(t *testing.T) { + event.Set(core.RequestEventKeyInfoContext, "test2") + event.Auth = user2 + + info, err := event.RequestInfo() + if err != nil { + t.Fatalf("Failed to resolve request info: %v", err) + } + + raw, err := json.Marshal(info) + if err != nil { + t.Fatalf("Failed to serialize request info: %v", err) + } + rawStr := string(raw) + + expected := `{"query":{"q1":"123","q2":"456"},"headers":{"content_type":"application/json","x_test":"test"},"body":{"a":123,"b":"test"},"auth":{"avatar":"","collectionId":"_pb_users_auth_","collectionName":"users","created":"","emailVisibility":false,"file":[],"id":"user2","name":"","rel":"","updated":"","username":"","verified":false},"method":"POST","context":"test2"}` + + if expected != rawStr { + t.Fatalf("Expected\n%v\ngot\n%v", expected, rawStr) + } + }) +} + +func TestRequestInfoHasSuperuserAuth(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if err != nil { + t.Fatal(err) + } + + event := core.RequestEvent{} + event.Request, err = http.NewRequest("POST", "/test?q1=123&q2=456", strings.NewReader(`{"a":123,"b":"test"}`)) + if err != nil { + t.Fatal(err) + } + event.Request.Header.Add("content-type", "application/json") + + scenarios := []struct { + name string + record *core.Record + expected bool + }{ + {"nil record", nil, false}, + {"regular user record", user, false}, + {"superuser record", superuser, true}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + event.Auth = s.record + + info, err := event.RequestInfo() + if err != nil { + t.Fatalf("Failed to resolve request info: %v", err) + } + + result := info.HasSuperuserAuth() + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestRequestInfoClone(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + userCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + user := core.NewRecord(userCol) + user.Id = "user1" + user.SetEmail("test1@example.com") + + event := core.RequestEvent{} + event.Request, err = http.NewRequest("POST", "/test?q1=123&q2=456", strings.NewReader(`{"a":123,"b":"test"}`)) + if err != nil { + t.Fatal(err) + } + event.Request.Header.Add("content-type", "application/json") + event.Auth = user + + info, err := event.RequestInfo() + if err != nil { + t.Fatalf("Failed to resolve request info: %v", err) + } + + clone := info.Clone() + + // modify the clone fields to ensure that it is a shallow copy + clone.Headers["new_header"] = "test" + clone.Query["new_query"] = "test" + clone.Body["new_body"] = "test" + clone.Auth.Id = "user2" // should be a Fresh copy of the record + + // check the original data + // --- + originalRaw, err := json.Marshal(info) + if err != nil { + t.Fatalf("Failed to serialize original request info: %v", err) + } + originalRawStr := string(originalRaw) + + expectedRawStr := `{"query":{"q1":"123","q2":"456"},"headers":{"content_type":"application/json"},"body":{"a":123,"b":"test"},"auth":{"avatar":"","collectionId":"_pb_users_auth_","collectionName":"users","created":"","emailVisibility":false,"file":[],"id":"user1","name":"","rel":"","updated":"","username":"","verified":false},"method":"POST","context":"default"}` + if expectedRawStr != originalRawStr { + t.Fatalf("Expected original info\n%v\ngot\n%v", expectedRawStr, originalRawStr) + } + + // check the clone data + // --- + cloneRaw, err := json.Marshal(clone) + if err != nil { + t.Fatalf("Failed to serialize clone request info: %v", err) + } + cloneRawStr := string(cloneRaw) + + expectedCloneStr := `{"query":{"new_query":"test","q1":"123","q2":"456"},"headers":{"content_type":"application/json","new_header":"test"},"body":{"a":123,"b":"test","new_body":"test"},"auth":{"avatar":"","collectionId":"_pb_users_auth_","collectionName":"users","created":"","emailVisibility":false,"file":[],"id":"user2","name":"","rel":"","updated":"","username":"","verified":false},"method":"POST","context":"default"}` + if expectedCloneStr != cloneRawStr { + t.Fatalf("Expected clone info\n%v\ngot\n%v", expectedCloneStr, cloneRawStr) + } +} diff --git a/core/events.go b/core/events.go new file mode 100644 index 0000000..41511e7 --- /dev/null +++ b/core/events.go @@ -0,0 +1,582 @@ +package core + +import ( + "context" + "net/http" + "time" + + "github.com/pocketbase/pocketbase/tools/auth" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/mailer" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/subscriptions" + "golang.org/x/crypto/acme/autocert" +) + +type HookTagger interface { + HookTags() []string +} + +// ------------------------------------------------------------------- + +type baseModelEventData struct { + Model Model +} + +func (e *baseModelEventData) Tags() []string { + if e.Model == nil { + return nil + } + + if ht, ok := e.Model.(HookTagger); ok { + return ht.HookTags() + } + + return []string{e.Model.TableName()} +} + +// ------------------------------------------------------------------- + +type baseRecordEventData struct { + Record *Record +} + +func (e *baseRecordEventData) Tags() []string { + if e.Record == nil { + return nil + } + + return e.Record.HookTags() +} + +// ------------------------------------------------------------------- + +type baseCollectionEventData struct { + Collection *Collection +} + +func (e *baseCollectionEventData) Tags() []string { + if e.Collection == nil { + return nil + } + + tags := make([]string, 0, 2) + + if e.Collection.Id != "" { + tags = append(tags, e.Collection.Id) + } + + if e.Collection.Name != "" { + tags = append(tags, e.Collection.Name) + } + + return tags +} + +// ------------------------------------------------------------------- +// App events data +// ------------------------------------------------------------------- + +type BootstrapEvent struct { + hook.Event + App App +} + +type TerminateEvent struct { + hook.Event + App App + IsRestart bool +} + +type BackupEvent struct { + hook.Event + App App + Context context.Context + Name string // the name of the backup to create/restore. + Exclude []string // list of dir entries to exclude from the backup create/restore. +} + +type ServeEvent struct { + hook.Event + App App + Router *router.Router[*RequestEvent] + Server *http.Server + CertManager *autocert.Manager + + // InstallerFunc is the "installer" function that is called after + // successful server tcp bind but only if there is no explicit + // superuser record created yet. + // + // It runs in a separate goroutine and its default value is [apis.DefaultInstallerFunc]. + // + // It receives a system superuser record as argument that you can use to generate + // a short-lived auth token (e.g. systemSuperuser.NewStaticAuthToken(30 * time.Minute)) + // and concatenate it as query param for your installer page + // (if you are using the client-side SDKs, you can then load the + // token with pb.authStore.save(token) and perform any Web API request + // e.g. creating a new superuser). + // + // Set it to nil if you want to skip the installer. + InstallerFunc func(app App, systemSuperuser *Record, baseURL string) error +} + +// ------------------------------------------------------------------- +// Settings events data +// ------------------------------------------------------------------- + +type SettingsListRequestEvent struct { + hook.Event + *RequestEvent + + Settings *Settings +} + +type SettingsUpdateRequestEvent struct { + hook.Event + *RequestEvent + + OldSettings *Settings + NewSettings *Settings +} + +type SettingsReloadEvent struct { + hook.Event + App App +} + +// ------------------------------------------------------------------- +// Mailer events data +// ------------------------------------------------------------------- + +type MailerEvent struct { + hook.Event + App App + + Mailer mailer.Mailer + Message *mailer.Message +} + +type MailerRecordEvent struct { + MailerEvent + baseRecordEventData + Meta map[string]any +} + +// ------------------------------------------------------------------- +// Model events data +// ------------------------------------------------------------------- + +const ( + ModelEventTypeCreate = "create" + ModelEventTypeUpdate = "update" + ModelEventTypeDelete = "delete" + ModelEventTypeValidate = "validate" +) + +type ModelEvent struct { + hook.Event + App App + baseModelEventData + Context context.Context + + // Could be any of the ModelEventType* constants, like: + // - create + // - update + // - delete + // - validate + Type string +} + +type ModelErrorEvent struct { + Error error + ModelEvent +} + +// ------------------------------------------------------------------- +// Record events data +// ------------------------------------------------------------------- + +type RecordEvent struct { + hook.Event + App App + baseRecordEventData + Context context.Context + + // Could be any of the ModelEventType* constants, like: + // - create + // - update + // - delete + // - validate + Type string +} + +type RecordErrorEvent struct { + Error error + RecordEvent +} + +func syncModelEventWithRecordEvent(me *ModelEvent, re *RecordEvent) { + me.App = re.App + me.Context = re.Context + me.Type = re.Type + + // @todo enable if after profiling doesn't have significant impact + // skip for now to avoid excessive checks and assume that the + // Model and the Record fields still points to the same instance + // + // if _, ok := me.Model.(*Record); ok { + // me.Model = re.Record + // } else if proxy, ok := me.Model.(RecordProxy); ok { + // proxy.SetProxyRecord(re.Record) + // } +} + +func syncRecordEventWithModelEvent(re *RecordEvent, me *ModelEvent) { + re.App = me.App + re.Context = me.Context + re.Type = me.Type +} + +func newRecordEventFromModelEvent(me *ModelEvent) (*RecordEvent, bool) { + record, ok := me.Model.(*Record) + if !ok { + proxy, ok := me.Model.(RecordProxy) + if !ok { + return nil, false + } + record = proxy.ProxyRecord() + } + + re := new(RecordEvent) + re.App = me.App + re.Context = me.Context + re.Type = me.Type + re.Record = record + + return re, true +} + +func newRecordErrorEventFromModelErrorEvent(me *ModelErrorEvent) (*RecordErrorEvent, bool) { + recordEvent, ok := newRecordEventFromModelEvent(&me.ModelEvent) + if !ok { + return nil, false + } + + re := new(RecordErrorEvent) + re.RecordEvent = *recordEvent + re.Error = me.Error + + return re, true +} + +func syncModelErrorEventWithRecordErrorEvent(me *ModelErrorEvent, re *RecordErrorEvent) { + syncModelEventWithRecordEvent(&me.ModelEvent, &re.RecordEvent) + me.Error = re.Error +} + +func syncRecordErrorEventWithModelErrorEvent(re *RecordErrorEvent, me *ModelErrorEvent) { + syncRecordEventWithModelEvent(&re.RecordEvent, &me.ModelEvent) + re.Error = me.Error +} + +// ------------------------------------------------------------------- +// Collection events data +// ------------------------------------------------------------------- + +type CollectionEvent struct { + hook.Event + App App + baseCollectionEventData + Context context.Context + + // Could be any of the ModelEventType* constants, like: + // - create + // - update + // - delete + // - validate + Type string +} + +type CollectionErrorEvent struct { + Error error + CollectionEvent +} + +func syncModelEventWithCollectionEvent(me *ModelEvent, ce *CollectionEvent) { + me.App = ce.App + me.Context = ce.Context + me.Type = ce.Type + me.Model = ce.Collection +} + +func syncCollectionEventWithModelEvent(ce *CollectionEvent, me *ModelEvent) { + ce.App = me.App + ce.Context = me.Context + ce.Type = me.Type + if c, ok := me.Model.(*Collection); ok { + ce.Collection = c + } +} + +func newCollectionEventFromModelEvent(me *ModelEvent) (*CollectionEvent, bool) { + record, ok := me.Model.(*Collection) + if !ok { + return nil, false + } + + ce := new(CollectionEvent) + ce.App = me.App + ce.Context = me.Context + ce.Type = me.Type + ce.Collection = record + + return ce, true +} + +func newCollectionErrorEventFromModelErrorEvent(me *ModelErrorEvent) (*CollectionErrorEvent, bool) { + collectionevent, ok := newCollectionEventFromModelEvent(&me.ModelEvent) + if !ok { + return nil, false + } + + ce := new(CollectionErrorEvent) + ce.CollectionEvent = *collectionevent + ce.Error = me.Error + + return ce, true +} + +func syncModelErrorEventWithCollectionErrorEvent(me *ModelErrorEvent, ce *CollectionErrorEvent) { + syncModelEventWithCollectionEvent(&me.ModelEvent, &ce.CollectionEvent) + me.Error = ce.Error +} + +func syncCollectionErrorEventWithModelErrorEvent(ce *CollectionErrorEvent, me *ModelErrorEvent) { + syncCollectionEventWithModelEvent(&ce.CollectionEvent, &me.ModelEvent) + ce.Error = me.Error +} + +// ------------------------------------------------------------------- +// File API events data +// ------------------------------------------------------------------- + +type FileTokenRequestEvent struct { + hook.Event + *RequestEvent + baseRecordEventData + + Token string +} + +type FileDownloadRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + FileField *FileField + ServedPath string + ServedName string +} + +// ------------------------------------------------------------------- +// Collection API events data +// ------------------------------------------------------------------- + +type CollectionsListRequestEvent struct { + hook.Event + *RequestEvent + + Collections []*Collection + Result *search.Result +} + +type CollectionsImportRequestEvent struct { + hook.Event + *RequestEvent + + CollectionsData []map[string]any + DeleteMissing bool +} + +type CollectionRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData +} + +// ------------------------------------------------------------------- +// Realtime API events data +// ------------------------------------------------------------------- + +type RealtimeConnectRequestEvent struct { + hook.Event + *RequestEvent + + Client subscriptions.Client + + // note: modifying it after the connect has no effect + IdleTimeout time.Duration +} + +type RealtimeMessageEvent struct { + hook.Event + *RequestEvent + + Client subscriptions.Client + Message *subscriptions.Message +} + +type RealtimeSubscribeRequestEvent struct { + hook.Event + *RequestEvent + + Client subscriptions.Client + Subscriptions []string +} + +// ------------------------------------------------------------------- +// Record CRUD API events data +// ------------------------------------------------------------------- + +type RecordsListRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + // @todo consider removing and maybe add as generic to the search.Result? + Records []*Record + Result *search.Result +} + +type RecordRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record +} + +type RecordEnrichEvent struct { + hook.Event + App App + baseRecordEventData + + RequestInfo *RequestInfo +} + +// ------------------------------------------------------------------- +// Auth Record API events data +// ------------------------------------------------------------------- + +type RecordCreateOTPRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + Password string +} + +type RecordAuthWithOTPRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + OTP *OTP +} + +type RecordAuthRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + Token string + Meta any + AuthMethod string +} + +type RecordAuthWithPasswordRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + Identity string + IdentityField string + Password string +} + +type RecordAuthWithOAuth2RequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + ProviderName string + ProviderClient auth.Provider + Record *Record + OAuth2User *auth.AuthUser + CreateData map[string]any + IsNewRecord bool +} + +type RecordAuthRefreshRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record +} + +type RecordRequestPasswordResetRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record +} + +type RecordConfirmPasswordResetRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record +} + +type RecordRequestVerificationRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record +} + +type RecordConfirmVerificationRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record +} + +type RecordRequestEmailChangeRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + NewEmail string +} + +type RecordConfirmEmailChangeRequestEvent struct { + hook.Event + *RequestEvent + baseCollectionEventData + + Record *Record + NewEmail string +} diff --git a/core/external_auth_model.go b/core/external_auth_model.go new file mode 100644 index 0000000..3623dfa --- /dev/null +++ b/core/external_auth_model.go @@ -0,0 +1,140 @@ +package core + +import ( + "context" + "errors" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/auth" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/types" +) + +var ( + _ Model = (*ExternalAuth)(nil) + _ PreValidator = (*ExternalAuth)(nil) + _ RecordProxy = (*ExternalAuth)(nil) +) + +const CollectionNameExternalAuths = "_externalAuths" + +// ExternalAuth defines a Record proxy for working with the externalAuths collection. +type ExternalAuth struct { + *Record +} + +// NewExternalAuth instantiates and returns a new blank *ExternalAuth model. +// +// Example usage: +// +// ea := core.NewExternalAuth(app) +// ea.SetRecordRef(user.Id) +// ea.SetCollectionRef(user.Collection().Id) +// ea.SetProvider("google") +// ea.SetProviderId("...") +// app.Save(ea) +func NewExternalAuth(app App) *ExternalAuth { + m := &ExternalAuth{} + + c, err := app.FindCachedCollectionByNameOrId(CollectionNameExternalAuths) + if err != nil { + // this is just to make tests easier since it is a system collection and it is expected to be always accessible + // (note: the loaded record is further checked on ExternalAuth.PreValidate()) + c = NewBaseCollection("@__invalid__") + } + + m.Record = NewRecord(c) + + return m +} + +// PreValidate implements the [PreValidator] interface and checks +// whether the proxy is properly loaded. +func (m *ExternalAuth) PreValidate(ctx context.Context, app App) error { + if m.Record == nil || m.Record.Collection().Name != CollectionNameExternalAuths { + return errors.New("missing or invalid ExternalAuth ProxyRecord") + } + + return nil +} + +// ProxyRecord returns the proxied Record model. +func (m *ExternalAuth) ProxyRecord() *Record { + return m.Record +} + +// SetProxyRecord loads the specified record model into the current proxy. +func (m *ExternalAuth) SetProxyRecord(record *Record) { + m.Record = record +} + +// CollectionRef returns the "collectionRef" field value. +func (m *ExternalAuth) CollectionRef() string { + return m.GetString("collectionRef") +} + +// SetCollectionRef updates the "collectionRef" record field value. +func (m *ExternalAuth) SetCollectionRef(collectionId string) { + m.Set("collectionRef", collectionId) +} + +// RecordRef returns the "recordRef" record field value. +func (m *ExternalAuth) RecordRef() string { + return m.GetString("recordRef") +} + +// SetRecordRef updates the "recordRef" record field value. +func (m *ExternalAuth) SetRecordRef(recordId string) { + m.Set("recordRef", recordId) +} + +// Provider returns the "provider" record field value. +func (m *ExternalAuth) Provider() string { + return m.GetString("provider") +} + +// SetProvider updates the "provider" record field value. +func (m *ExternalAuth) SetProvider(provider string) { + m.Set("provider", provider) +} + +// Provider returns the "providerId" record field value. +func (m *ExternalAuth) ProviderId() string { + return m.GetString("providerId") +} + +// SetProvider updates the "providerId" record field value. +func (m *ExternalAuth) SetProviderId(providerId string) { + m.Set("providerId", providerId) +} + +// Created returns the "created" record field value. +func (m *ExternalAuth) Created() types.DateTime { + return m.GetDateTime("created") +} + +// Updated returns the "updated" record field value. +func (m *ExternalAuth) Updated() types.DateTime { + return m.GetDateTime("updated") +} + +func (app *BaseApp) registerExternalAuthHooks() { + recordRefHooks[*ExternalAuth](app, CollectionNameExternalAuths, CollectionTypeAuth) + + app.OnRecordValidate(CollectionNameExternalAuths).Bind(&hook.Handler[*RecordEvent]{ + Func: func(e *RecordEvent) error { + providerNames := make([]any, 0, len(auth.Providers)) + for name := range auth.Providers { + providerNames = append(providerNames, name) + } + + provider := e.Record.GetString("provider") + if err := validation.Validate(provider, validation.Required, validation.In(providerNames...)); err != nil { + return validation.Errors{"provider": err} + } + + return e.Next() + }, + Priority: 99, + }) +} diff --git a/core/external_auth_model_test.go b/core/external_auth_model_test.go new file mode 100644 index 0000000..512f677 --- /dev/null +++ b/core/external_auth_model_test.go @@ -0,0 +1,310 @@ +package core_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNewExternalAuth(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + if ea.Collection().Name != core.CollectionNameExternalAuths { + t.Fatalf("Expected record with %q collection, got %q", core.CollectionNameExternalAuths, ea.Collection().Name) + } +} + +func TestExternalAuthProxyRecord(t *testing.T) { + t.Parallel() + + record := core.NewRecord(core.NewBaseCollection("test")) + record.Id = "test_id" + + ea := core.ExternalAuth{} + ea.SetProxyRecord(record) + + if ea.ProxyRecord() == nil || ea.ProxyRecord().Id != record.Id { + t.Fatalf("Expected proxy record with id %q, got %v", record.Id, ea.ProxyRecord()) + } +} + +func TestExternalAuthRecordRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + ea.SetRecordRef(testValue) + + if v := ea.RecordRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := ea.GetString("recordRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestExternalAuthCollectionRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + ea.SetCollectionRef(testValue) + + if v := ea.CollectionRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := ea.GetString("collectionRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestExternalAuthProvider(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + ea.SetProvider(testValue) + + if v := ea.Provider(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := ea.GetString("provider"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestExternalAuthProviderId(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + ea.SetProviderId(testValue) + + if v := ea.ProviderId(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := ea.GetString("providerId"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestExternalAuthCreated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + if v := ea.Created().String(); v != "" { + t.Fatalf("Expected empty created, got %q", v) + } + + now := types.NowDateTime() + ea.SetRaw("created", now) + + if v := ea.Created().String(); v != now.String() { + t.Fatalf("Expected %q created, got %q", now.String(), v) + } +} + +func TestExternalAuthUpdated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + ea := core.NewExternalAuth(app) + + if v := ea.Updated().String(); v != "" { + t.Fatalf("Expected empty updated, got %q", v) + } + + now := types.NowDateTime() + ea.SetRaw("updated", now) + + if v := ea.Updated().String(); v != now.String() { + t.Fatalf("Expected %q updated, got %q", now.String(), v) + } +} + +func TestExternalAuthPreValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + externalAuthsCol, err := app.FindCollectionByNameOrId(core.CollectionNameExternalAuths) + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + t.Run("no proxy record", func(t *testing.T) { + externalAuth := &core.ExternalAuth{} + + if err := app.Validate(externalAuth); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("non-ExternalAuth collection", func(t *testing.T) { + externalAuth := &core.ExternalAuth{} + externalAuth.SetProxyRecord(core.NewRecord(core.NewBaseCollection("invalid"))) + externalAuth.SetRecordRef(user.Id) + externalAuth.SetCollectionRef(user.Collection().Id) + externalAuth.SetProvider("gitlab") + externalAuth.SetProviderId("test123") + + if err := app.Validate(externalAuth); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("ExternalAuth collection", func(t *testing.T) { + externalAuth := &core.ExternalAuth{} + externalAuth.SetProxyRecord(core.NewRecord(externalAuthsCol)) + externalAuth.SetRecordRef(user.Id) + externalAuth.SetCollectionRef(user.Collection().Id) + externalAuth.SetProvider("gitlab") + externalAuth.SetProviderId("test123") + + if err := app.Validate(externalAuth); err != nil { + t.Fatalf("Expected nil validation error, got %v", err) + } + }) +} + +func TestExternalAuthValidateHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + externalAuth func() *core.ExternalAuth + expectErrors []string + }{ + { + "empty", + func() *core.ExternalAuth { + return core.NewExternalAuth(app) + }, + []string{"collectionRef", "recordRef", "provider", "providerId"}, + }, + { + "non-auth collection", + func() *core.ExternalAuth { + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(demo1.Collection().Id) + ea.SetRecordRef(demo1.Id) + ea.SetProvider("gitlab") + ea.SetProviderId("test123") + return ea + }, + []string{"collectionRef"}, + }, + { + "disabled provider", + func() *core.ExternalAuth { + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(user.Collection().Id) + ea.SetRecordRef("missing") + ea.SetProvider("apple") + ea.SetProviderId("test123") + return ea + }, + []string{"recordRef"}, + }, + { + "missing record id", + func() *core.ExternalAuth { + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(user.Collection().Id) + ea.SetRecordRef("missing") + ea.SetProvider("gitlab") + ea.SetProviderId("test123") + return ea + }, + []string{"recordRef"}, + }, + { + "valid ref", + func() *core.ExternalAuth { + ea := core.NewExternalAuth(app) + ea.SetCollectionRef(user.Collection().Id) + ea.SetRecordRef(user.Id) + ea.SetProvider("gitlab") + ea.SetProviderId("test123") + return ea + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := app.Validate(s.externalAuth()) + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} diff --git a/core/external_auth_query.go b/core/external_auth_query.go new file mode 100644 index 0000000..9331cfd --- /dev/null +++ b/core/external_auth_query.go @@ -0,0 +1,61 @@ +package core + +import ( + "github.com/pocketbase/dbx" +) + +// FindAllExternalAuthsByRecord returns all ExternalAuth models +// linked to the provided auth record. +func (app *BaseApp) FindAllExternalAuthsByRecord(authRecord *Record) ([]*ExternalAuth, error) { + auths := []*ExternalAuth{} + + err := app.RecordQuery(CollectionNameExternalAuths). + AndWhere(dbx.HashExp{ + "collectionRef": authRecord.Collection().Id, + "recordRef": authRecord.Id, + }). + OrderBy("created DESC"). + All(&auths) + + if err != nil { + return nil, err + } + + return auths, nil +} + +// FindAllExternalAuthsByCollection returns all ExternalAuth models +// linked to the provided auth collection. +func (app *BaseApp) FindAllExternalAuthsByCollection(collection *Collection) ([]*ExternalAuth, error) { + auths := []*ExternalAuth{} + + err := app.RecordQuery(CollectionNameExternalAuths). + AndWhere(dbx.HashExp{"collectionRef": collection.Id}). + OrderBy("created DESC"). + All(&auths) + + if err != nil { + return nil, err + } + + return auths, nil +} + +// FindFirstExternalAuthByExpr returns the first available (the most recent created) +// ExternalAuth model that satisfies the non-nil expression. +func (app *BaseApp) FindFirstExternalAuthByExpr(expr dbx.Expression) (*ExternalAuth, error) { + model := &ExternalAuth{} + + err := app.RecordQuery(CollectionNameExternalAuths). + AndWhere(dbx.Not(dbx.HashExp{"providerId": ""})). // exclude empty providerIds + AndWhere(expr). + OrderBy("created DESC"). + Limit(1). + One(model) + + if err != nil { + return nil, err + } + + return model, nil +} diff --git a/core/external_auth_query_test.go b/core/external_auth_query_test.go new file mode 100644 index 0000000..868ba66 --- /dev/null +++ b/core/external_auth_query_test.go @@ -0,0 +1,176 @@ +package core_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestFindAllExternalAuthsByRecord(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser1, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if err != nil { + t.Fatal(err) + } + + user1, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + user2, err := app.FindAuthRecordByEmail("users", "test2@example.com") + if err != nil { + t.Fatal(err) + } + + user3, err := app.FindAuthRecordByEmail("users", "test3@example.com") + if err != nil { + t.Fatal(err) + } + + client1, err := app.FindAuthRecordByEmail("clients", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + expected []string + }{ + {demo1, nil}, + {superuser1, nil}, + {client1, []string{"f1z5b3843pzc964"}}, + {user1, []string{"clmflokuq1xl341", "dlmflokuq1xl342"}}, + {user2, nil}, + {user3, []string{"5eto7nmys833164"}}, + } + + for _, s := range scenarios { + t.Run(s.record.Collection().Name+"_"+s.record.Id, func(t *testing.T) { + result, err := app.FindAllExternalAuthsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total models %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindAllExternalAuthsByCollection(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + + clients, err := app.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + users, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + collection *core.Collection + expected []string + }{ + {demo1, nil}, + {superusers, nil}, + {clients, []string{ + "f1z5b3843pzc964", + }}, + {users, []string{ + "5eto7nmys833164", + "clmflokuq1xl341", + "dlmflokuq1xl342", + }}, + } + + for _, s := range scenarios { + t.Run(s.collection.Name, func(t *testing.T) { + result, err := app.FindAllExternalAuthsByCollection(s.collection) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total models %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindFirstExternalAuthByExpr(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + expr dbx.Expression + expectedId string + }{ + {dbx.HashExp{"collectionRef": "invalid"}, ""}, + {dbx.HashExp{"collectionRef": "_pb_users_auth_"}, "5eto7nmys833164"}, + {dbx.HashExp{"collectionRef": "_pb_users_auth_", "provider": "gitlab"}, "dlmflokuq1xl342"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%v", i, s.expr.Build(app.ConcurrentDB().(*dbx.DB), dbx.Params{})), func(t *testing.T) { + result, err := app.FindFirstExternalAuthByExpr(s.expr) + + hasErr := err != nil + expectErr := s.expectedId == "" + if hasErr != expectErr { + t.Fatalf("Expected hasErr %v, got %v", expectErr, hasErr) + } + + if hasErr { + return + } + + if result.Id != s.expectedId { + t.Errorf("Expected id %q, got %q", s.expectedId, result.Id) + } + }) + } +} diff --git a/core/field.go b/core/field.go new file mode 100644 index 0000000..8ee4d50 --- /dev/null +++ b/core/field.go @@ -0,0 +1,252 @@ +package core + +import ( + "context" + "database/sql/driver" + "regexp" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/list" +) + +var fieldNameRegex = regexp.MustCompile(`^\w+$`) + +const maxSafeJSONInt int64 = 1<<53 - 1 + +// Commonly used field names. +const ( + FieldNameId = "id" + FieldNameCollectionId = "collectionId" + FieldNameCollectionName = "collectionName" + FieldNameExpand = "expand" + FieldNameEmail = "email" + FieldNameEmailVisibility = "emailVisibility" + FieldNameVerified = "verified" + FieldNameTokenKey = "tokenKey" + FieldNamePassword = "password" +) + +// SystemFields returns special internal field names that are usually readonly. +var SystemDynamicFieldNames = []string{ + FieldNameCollectionId, + FieldNameCollectionName, + FieldNameExpand, +} + +// Common RecordInterceptor action names. +const ( + InterceptorActionValidate = "validate" + InterceptorActionDelete = "delete" + InterceptorActionDeleteExecute = "deleteExecute" + InterceptorActionAfterDelete = "afterDelete" + InterceptorActionAfterDeleteError = "afterDeleteError" + InterceptorActionCreate = "create" + InterceptorActionCreateExecute = "createExecute" + InterceptorActionAfterCreate = "afterCreate" + InterceptorActionAfterCreateError = "afterCreateFailure" + InterceptorActionUpdate = "update" + InterceptorActionUpdateExecute = "updateExecute" + InterceptorActionAfterUpdate = "afterUpdate" + InterceptorActionAfterUpdateError = "afterUpdateError" +) + +// Common field errors. +var ( + ErrUnknownField = validation.NewError("validation_unknown_field", "Unknown or invalid field.") + ErrInvalidFieldValue = validation.NewError("validation_invalid_field_value", "Invalid field value.") + ErrMustBeSystemAndHidden = validation.NewError("validation_must_be_system_and_hidden", `The field must be marked as "System" and "Hidden".`) + ErrMustBeSystem = validation.NewError("validation_must_be_system", `The field must be marked as "System".`) +) + +// FieldFactoryFunc defines a simple function to construct a specific Field instance. +type FieldFactoryFunc func() Field + +// Fields holds all available collection fields. +var Fields = map[string]FieldFactoryFunc{} + +// Field defines a common interface that all Collection fields should implement. +type Field interface { + // note: the getters has an explicit "Get" prefix to avoid conflicts with their related field members + + // GetId returns the field id. + GetId() string + + // SetId changes the field id. + SetId(id string) + + // GetName returns the field name. + GetName() string + + // SetName changes the field name. + SetName(name string) + + // GetSystem returns the field system flag state. + GetSystem() bool + + // SetSystem changes the field system flag state. + SetSystem(system bool) + + // GetHidden returns the field hidden flag state. + GetHidden() bool + + // SetHidden changes the field hidden flag state. + SetHidden(hidden bool) + + // Type returns the unique type of the field. + Type() string + + // ColumnType returns the DB column definition of the field. + ColumnType(app App) string + + // PrepareValue returns a properly formatted field value based on the provided raw one. + // + // This method is also called on record construction to initialize its default field value. + PrepareValue(record *Record, raw any) (any, error) + + // ValidateSettings validates the current field value associated with the provided record. + ValidateValue(ctx context.Context, app App, record *Record) error + + // ValidateSettings validates the current field settings. + ValidateSettings(ctx context.Context, app App, collection *Collection) error +} + +// MaxBodySizeCalculator defines an optional field interface for +// specifying the max size of a field value. +type MaxBodySizeCalculator interface { + // CalculateMaxBodySize returns the approximate max body size of a field value. + CalculateMaxBodySize() int64 +} + +type ( + SetterFunc func(record *Record, raw any) + + // SetterFinder defines a field interface for registering custom field value setters. + SetterFinder interface { + // FindSetter returns a single field value setter function + // by performing pattern-like field matching using the specified key. + // + // The key is usually just the field name but it could also + // contains "modifier" characters based on which you can perform custom set operations + // (ex. "users+" could be mapped to a function that will append new user to the existing field value). + // + // Return nil if you want to fallback to the default field value setter. + FindSetter(key string) SetterFunc + } +) + +type ( + GetterFunc func(record *Record) any + + // GetterFinder defines a field interface for registering custom field value getters. + GetterFinder interface { + // FindGetter returns a single field value getter function + // by performing pattern-like field matching using the specified key. + // + // The key is usually just the field name but it could also + // contains "modifier" characters based on which you can perform custom get operations + // (ex. "description:excerpt" could be mapped to a function that will return an excerpt of the current field value). + // + // Return nil if you want to fallback to the default field value setter. + FindGetter(key string) GetterFunc + } +) + +// DriverValuer defines a Field interface for exporting and formatting +// a field value for the database. +type DriverValuer interface { + // DriverValue exports a single field value for persistence in the database. + DriverValue(record *Record) (driver.Value, error) +} + +// MultiValuer defines a field interface that every multi-valued (eg. with MaxSelect) field has. +type MultiValuer interface { + // IsMultiple checks whether the field is configured to support multiple or single values. + IsMultiple() bool +} + +// RecordInterceptor defines a field interface for reacting to various +// Record related operations (create, delete, validate, etc.). +type RecordInterceptor interface { + // Interceptor is invoked when a specific record action occurs + // allowing you to perform extra validations and normalization + // (ex. uploading or deleting files). + // + // Note that users must call actionFunc() manually if they want to + // execute the specific record action. + Intercept( + ctx context.Context, + app App, + record *Record, + actionName string, + actionFunc func() error, + ) error +} + +// DefaultFieldIdValidationRule performs base validation on a field id value. +func DefaultFieldIdValidationRule(value any) error { + v, ok := value.(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + rules := []validation.Rule{ + validation.Required, + validation.Length(1, 100), + } + + for _, r := range rules { + if err := r.Validate(v); err != nil { + return err + } + } + + return nil +} + +// exclude special filter and system literals +var excludeNames = append([]any{ + "null", "true", "false", "_rowid_", +}, list.ToInterfaceSlice(SystemDynamicFieldNames)...) + +// DefaultFieldIdValidationRule performs base validation on a field name value. +func DefaultFieldNameValidationRule(value any) error { + v, ok := value.(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + rules := []validation.Rule{ + validation.Required, + validation.Length(1, 100), + validation.Match(fieldNameRegex), + validation.NotIn(excludeNames...), + validation.By(checkForVia), + } + + for _, r := range rules { + if err := r.Validate(v); err != nil { + return err + } + } + + return nil +} + +func checkForVia(value any) error { + v, _ := value.(string) + if v == "" { + return nil + } + + if strings.Contains(strings.ToLower(v), "_via_") { + return validation.NewError("validation_found_via", `The value cannot contain "_via_".`) + } + + return nil +} + +func noopSetter(record *Record, raw any) { + // do nothing +} diff --git a/core/field_autodate.go b/core/field_autodate.go new file mode 100644 index 0000000..ca29bed --- /dev/null +++ b/core/field_autodate.go @@ -0,0 +1,215 @@ +package core + +import ( + "context" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/types" +) + +func init() { + Fields[FieldTypeAutodate] = func() Field { + return &AutodateField{} + } +} + +const FieldTypeAutodate = "autodate" + +// used to keep track of the last set autodate value +const autodateLastKnownPrefix = internalCustomFieldKeyPrefix + "_last_autodate_" + +var ( + _ Field = (*AutodateField)(nil) + _ SetterFinder = (*AutodateField)(nil) + _ RecordInterceptor = (*AutodateField)(nil) +) + +// AutodateField defines an "autodate" type field, aka. +// field which datetime value could be auto set on record create/update. +// +// This field is usually used for defining timestamp fields like "created" and "updated". +// +// Requires either both or at least one of the OnCreate or OnUpdate options to be set. +type AutodateField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // OnCreate auto sets the current datetime as field value on record create. + OnCreate bool `form:"onCreate" json:"onCreate"` + + // OnUpdate auto sets the current datetime as field value on record update. + OnUpdate bool `form:"onUpdate" json:"onUpdate"` +} + +// Type implements [Field.Type] interface method. +func (f *AutodateField) Type() string { + return FieldTypeAutodate +} + +// GetId implements [Field.GetId] interface method. +func (f *AutodateField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *AutodateField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *AutodateField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *AutodateField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *AutodateField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *AutodateField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *AutodateField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *AutodateField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *AutodateField) ColumnType(app App) string { + return "TEXT DEFAULT '' NOT NULL" // note: sqlite doesn't allow adding new columns with non-constant defaults +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *AutodateField) PrepareValue(record *Record, raw any) (any, error) { + val, _ := types.ParseDateTime(raw) + return val, nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *AutodateField) ValidateValue(ctx context.Context, app App, record *Record) error { + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *AutodateField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + oldOnCreate := f.OnCreate + oldOnUpdate := f.OnUpdate + + oldCollection, _ := app.FindCollectionByNameOrId(collection.Id) + if oldCollection != nil { + oldField, ok := oldCollection.Fields.GetById(f.Id).(*AutodateField) + if ok && oldField != nil { + oldOnCreate = oldField.OnCreate + oldOnUpdate = oldField.OnUpdate + } + } + + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field( + &f.OnCreate, + validation.When(f.System, validation.By(validators.Equal(oldOnCreate))), + validation.Required.Error("either onCreate or onUpdate must be enabled").When(!f.OnUpdate), + ), + validation.Field( + &f.OnUpdate, + validation.When(f.System, validation.By(validators.Equal(oldOnUpdate))), + validation.Required.Error("either onCreate or onUpdate must be enabled").When(!f.OnCreate), + ), + ) +} + +// FindSetter implements the [SetterFinder] interface. +func (f *AutodateField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + // return noopSetter to disallow updating the value with record.Set() + return noopSetter + default: + return nil + } +} + +// Intercept implements the [RecordInterceptor] interface. +func (f *AutodateField) Intercept( + ctx context.Context, + app App, + record *Record, + actionName string, + actionFunc func() error, +) error { + switch actionName { + case InterceptorActionCreateExecute: + // ignore if a date different from the old one was manually set with SetRaw + if f.OnCreate && record.GetDateTime(f.Name).Equal(f.getLastKnownValue(record)) { + now := types.NowDateTime() + record.SetRaw(f.Name, now) + record.SetRaw(autodateLastKnownPrefix+f.Name, now) // eagerly set so that it can be renewed on resave after failure + } + + if err := actionFunc(); err != nil { + return err + } + + record.SetRaw(autodateLastKnownPrefix+f.Name, record.GetRaw(f.Name)) + + return nil + case InterceptorActionUpdateExecute: + // ignore if a date different from the old one was manually set with SetRaw + if f.OnUpdate && record.GetDateTime(f.Name).Equal(f.getLastKnownValue(record)) { + now := types.NowDateTime() + record.SetRaw(f.Name, now) + record.SetRaw(autodateLastKnownPrefix+f.Name, now) // eagerly set so that it can be renewed on resave after failure + } + + if err := actionFunc(); err != nil { + return err + } + + record.SetRaw(autodateLastKnownPrefix+f.Name, record.GetRaw(f.Name)) + + return nil + default: + return actionFunc() + } +} + +func (f *AutodateField) getLastKnownValue(record *Record) types.DateTime { + v := record.GetDateTime(autodateLastKnownPrefix + f.Name) + if !v.IsZero() { + return v + } + + return record.Original().GetDateTime(f.Name) +} diff --git a/core/field_autodate_test.go b/core/field_autodate_test.go new file mode 100644 index 0000000..8861ae6 --- /dev/null +++ b/core/field_autodate_test.go @@ -0,0 +1,441 @@ +package core_test + +import ( + "context" + "errors" + "fmt" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestAutodateFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeAutodate) +} + +func TestAutodateFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.AutodateField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestAutodateFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.AutodateField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"invalid", ""}, + {"2024-01-01 00:11:22.345Z", "2024-01-01 00:11:22.345Z"}, + {time.Date(2024, 1, 2, 3, 4, 5, 0, time.UTC), "2024-01-02 03:04:05.000Z"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vDate, ok := v.(types.DateTime) + if !ok { + t.Fatalf("Expected types.DateTime instance, got %T", v) + } + + if vDate.String() != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestAutodateFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.AutodateField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.AutodateField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + false, + }, + { + "missing field value", + &core.AutodateField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("abc", true) + return record + }, + false, + }, + { + "existing field value", + &core.AutodateField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.NowDateTime()) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestAutodateFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeAutodate) + testDefaultFieldNameValidation(t, core.FieldTypeAutodate) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + field func() *core.AutodateField + expectErrors []string + }{ + { + "empty onCreate and onUpdate", + func() *core.AutodateField { + return &core.AutodateField{ + Id: "test", + Name: "test", + } + }, + []string{"onCreate", "onUpdate"}, + }, + { + "with onCreate", + func() *core.AutodateField { + return &core.AutodateField{ + Id: "test", + Name: "test", + OnCreate: true, + } + }, + []string{}, + }, + { + "with onUpdate", + func() *core.AutodateField { + return &core.AutodateField{ + Id: "test", + Name: "test", + OnUpdate: true, + } + }, + []string{}, + }, + { + "change of a system autodate field", + func() *core.AutodateField { + created := superusers.Fields.GetByName("created").(*core.AutodateField) + created.OnCreate = !created.OnCreate + created.OnUpdate = !created.OnUpdate + return created + }, + []string{"onCreate", "onUpdate"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, superusers) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestAutodateFieldFindSetter(t *testing.T) { + field := &core.AutodateField{Name: "test"} + + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(field) + + initialDate, err := types.ParseDateTime("2024-01-02 03:04:05.789Z") + if err != nil { + t.Fatal(err) + } + + record := core.NewRecord(collection) + record.SetRaw("test", initialDate) + + t.Run("no matching setter", func(t *testing.T) { + f := field.FindSetter("abc") + if f != nil { + t.Fatal("Expected nil setter") + } + }) + + t.Run("matching setter", func(t *testing.T) { + f := field.FindSetter("test") + if f == nil { + t.Fatal("Expected non-nil setter") + } + + f(record, types.NowDateTime()) // should be ignored + + if v := record.GetString("test"); v != "2024-01-02 03:04:05.789Z" { + t.Fatalf("Expected no value change, got %q", v) + } + }) +} + +func cutMilliseconds(datetime string) string { + if len(datetime) > 19 { + return datetime[:19] + } + return datetime +} + +func TestAutodateFieldIntercept(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + initialDate, err := types.ParseDateTime("2024-01-02 03:04:05.789Z") + if err != nil { + t.Fatal(err) + } + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + actionName string + field *core.AutodateField + record func() *core.Record + expected string + }{ + { + "non-matching action", + "test", + &core.AutodateField{Name: "test", OnCreate: true, OnUpdate: true}, + func() *core.Record { + return core.NewRecord(collection) + }, + "", + }, + { + "create with zero value (disabled onCreate)", + core.InterceptorActionCreateExecute, + &core.AutodateField{Name: "test", OnCreate: false, OnUpdate: true}, + func() *core.Record { + return core.NewRecord(collection) + }, + "", + }, + { + "create with zero value", + core.InterceptorActionCreateExecute, + &core.AutodateField{Name: "test", OnCreate: true, OnUpdate: true}, + func() *core.Record { + return core.NewRecord(collection) + }, + "{NOW}", + }, + { + "create with non-zero value", + core.InterceptorActionCreateExecute, + &core.AutodateField{Name: "test", OnCreate: true, OnUpdate: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", initialDate) + return record + }, + initialDate.String(), + }, + { + "update with zero value (disabled onUpdate)", + core.InterceptorActionUpdateExecute, + &core.AutodateField{Name: "test", OnCreate: true, OnUpdate: false}, + func() *core.Record { + return core.NewRecord(collection) + }, + "", + }, + { + "update with zero value", + core.InterceptorActionUpdateExecute, + &core.AutodateField{Name: "test", OnCreate: true, OnUpdate: true}, + func() *core.Record { + return core.NewRecord(collection) + }, + "{NOW}", + }, + { + "update with non-zero value", + core.InterceptorActionUpdateExecute, + &core.AutodateField{Name: "test", OnCreate: true, OnUpdate: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", initialDate) + return record + }, + initialDate.String(), + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + actionCalls := 0 + record := s.record() + + now := types.NowDateTime().String() + err := s.field.Intercept(context.Background(), app, record, s.actionName, func() error { + actionCalls++ + return nil + }) + if err != nil { + t.Fatal(err) + } + + if actionCalls != 1 { + t.Fatalf("Expected actionCalls %d, got %d", 1, actionCalls) + } + + expected := cutMilliseconds(strings.ReplaceAll(s.expected, "{NOW}", now)) + + v := cutMilliseconds(record.GetString(s.field.GetName())) + if v != expected { + t.Fatalf("Expected value %q, got %q", expected, v) + } + }) + } +} + +func TestAutodateRecordResave(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + t.Fatal(err) + } + + record, err := app.FindRecordById(collection, "llvuca81nly1qls") + if err != nil { + t.Fatal(err) + } + + lastUpdated := record.GetDateTime("updated") + + // save with autogenerated date + err = app.Save(record) + if err != nil { + t.Fatal(err) + } + + newUpdated := record.GetDateTime("updated") + if newUpdated.Equal(lastUpdated) { + t.Fatalf("[0] Expected updated to change, got %v", newUpdated) + } + lastUpdated = newUpdated + + // save with custom date + manualUpdated := lastUpdated.Add(-1 * time.Minute) + record.SetRaw("updated", manualUpdated) + err = app.Save(record) + if err != nil { + t.Fatal(err) + } + + newUpdated = record.GetDateTime("updated") + if !newUpdated.Equal(manualUpdated) { + t.Fatalf("[1] Expected updated to be the manual set date %v, got %v", manualUpdated, newUpdated) + } + lastUpdated = newUpdated + + // save again with autogenerated date + err = app.Save(record) + if err != nil { + t.Fatal(err) + } + + newUpdated = record.GetDateTime("updated") + if newUpdated.Equal(lastUpdated) { + t.Fatalf("[2] Expected updated to change, got %v", newUpdated) + } + lastUpdated = newUpdated + + // simulate save failure + app.OnRecordUpdateExecute(collection.Id).Bind(&hook.Handler[*core.RecordEvent]{ + Id: "test_failure", + Func: func(*core.RecordEvent) error { + return errors.New("test") + }, + Priority: 9999999999, // as latest as possible + }) + + // save again with autogenerated date (should fail) + err = app.Save(record) + if err == nil { + t.Fatal("Expected save failure") + } + + // updated should still be set even after save failure + newUpdated = record.GetDateTime("updated") + if newUpdated.Equal(lastUpdated) { + t.Fatalf("[3] Expected updated to change, got %v", newUpdated) + } + lastUpdated = newUpdated + + // cleanup the error and resave again + app.OnRecordUpdateExecute(collection.Id).Unbind("test_failure") + + err = app.Save(record) + if err != nil { + t.Fatal(err) + } + + newUpdated = record.GetDateTime("updated") + if newUpdated.Equal(lastUpdated) { + t.Fatalf("[4] Expected updated to change, got %v", newUpdated) + } +} diff --git a/core/field_bool.go b/core/field_bool.go new file mode 100644 index 0000000..7be98c2 --- /dev/null +++ b/core/field_bool.go @@ -0,0 +1,124 @@ +package core + +import ( + "context" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeBool] = func() Field { + return &BoolField{} + } +} + +const FieldTypeBool = "bool" + +var _ Field = (*BoolField)(nil) + +// BoolField defines "bool" type field to store a single true/false value. +// +// The respective zero record field value is false. +type BoolField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Required will require the field value to be always "true". + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *BoolField) Type() string { + return FieldTypeBool +} + +// GetId implements [Field.GetId] interface method. +func (f *BoolField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *BoolField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *BoolField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *BoolField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *BoolField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *BoolField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *BoolField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *BoolField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *BoolField) ColumnType(app App) string { + return "BOOLEAN DEFAULT FALSE NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *BoolField) PrepareValue(record *Record, raw any) (any, error) { + return cast.ToBool(raw), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *BoolField) ValidateValue(ctx context.Context, app App, record *Record) error { + v, ok := record.GetRaw(f.Name).(bool) + if !ok { + return validators.ErrUnsupportedValueType + } + + if f.Required { + return validation.Required.Validate(v) + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *BoolField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + ) +} diff --git a/core/field_bool_test.go b/core/field_bool_test.go new file mode 100644 index 0000000..6706099 --- /dev/null +++ b/core/field_bool_test.go @@ -0,0 +1,150 @@ +package core_test + +import ( + "context" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestBoolFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeBool) +} + +func TestBoolFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.BoolField{} + + expected := "BOOLEAN DEFAULT FALSE NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestBoolFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.BoolField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected bool + }{ + {"", false}, + {"f", false}, + {"t", true}, + {1, true}, + {0, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + if v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestBoolFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.BoolField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.BoolField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "missing field value (non-required)", + &core.BoolField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("abc", true) + return record + }, + true, // because of failed nil.(bool) cast + }, + { + "missing field value (required)", + &core.BoolField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("abc", true) + return record + }, + true, + }, + { + "false field value (non-required)", + &core.BoolField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", false) + return record + }, + false, + }, + { + "false field value (required)", + &core.BoolField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", false) + return record + }, + true, + }, + { + "true field value (required)", + &core.BoolField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", true) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestBoolFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeBool) + testDefaultFieldNameValidation(t, core.FieldTypeBool) +} diff --git a/core/field_date.go b/core/field_date.go new file mode 100644 index 0000000..67ee1eb --- /dev/null +++ b/core/field_date.go @@ -0,0 +1,174 @@ +package core + +import ( + "context" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/types" +) + +func init() { + Fields[FieldTypeDate] = func() Field { + return &DateField{} + } +} + +const FieldTypeDate = "date" + +var _ Field = (*DateField)(nil) + +// DateField defines "date" type field to store a single [types.DateTime] value. +// +// The respective zero record field value is the zero [types.DateTime]. +type DateField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Min specifies the min allowed field value. + // + // Leave it empty to skip the validator. + Min types.DateTime `form:"min" json:"min"` + + // Max specifies the max allowed field value. + // + // Leave it empty to skip the validator. + Max types.DateTime `form:"max" json:"max"` + + // Required will require the field value to be non-zero [types.DateTime]. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *DateField) Type() string { + return FieldTypeDate +} + +// GetId implements [Field.GetId] interface method. +func (f *DateField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *DateField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *DateField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *DateField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *DateField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *DateField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *DateField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *DateField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *DateField) ColumnType(app App) string { + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *DateField) PrepareValue(record *Record, raw any) (any, error) { + // ignore scan errors since the format may change between versions + // and to allow running db adjusting migrations + val, _ := types.ParseDateTime(raw) + return val, nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *DateField) ValidateValue(ctx context.Context, app App, record *Record) error { + val, ok := record.GetRaw(f.Name).(types.DateTime) + if !ok { + return validators.ErrUnsupportedValueType + } + + if val.IsZero() { + if f.Required { + return validation.ErrRequired + } + return nil // nothing to check + } + + if !f.Min.IsZero() { + if err := validation.Min(f.Min.Time()).Validate(val.Time()); err != nil { + return err + } + } + + if !f.Max.IsZero() { + if err := validation.Max(f.Max.Time()).Validate(val.Time()); err != nil { + return err + } + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *DateField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.Max, validation.By(f.checkRange(f.Min, f.Max))), + ) +} + +func (f *DateField) checkRange(min types.DateTime, max types.DateTime) validation.RuleFunc { + return func(value any) error { + v, _ := value.(types.DateTime) + if v.IsZero() { + return nil // nothing to check + } + + dr := validation.Date(types.DefaultDateLayout) + + if !min.IsZero() { + dr.Min(min.Time()) + } + + if !max.IsZero() { + dr.Max(max.Time()) + } + + return dr.Validate(v.String()) + } +} diff --git a/core/field_date_test.go b/core/field_date_test.go new file mode 100644 index 0000000..ea95b19 --- /dev/null +++ b/core/field_date_test.go @@ -0,0 +1,229 @@ +package core_test + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestDateFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeDate) +} + +func TestDateFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.DateField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestDateFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.DateField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"invalid", ""}, + {"2024-01-01 00:11:22.345Z", "2024-01-01 00:11:22.345Z"}, + {time.Date(2024, 1, 2, 3, 4, 5, 0, time.UTC), "2024-01-02 03:04:05.000Z"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vDate, ok := v.(types.DateTime) + if !ok { + t.Fatalf("Expected types.DateTime instance, got %T", v) + } + + if vDate.String() != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestDateFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.DateField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.DateField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (not required)", + &core.DateField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.DateTime{}) + return record + }, + false, + }, + { + "zero field value (required)", + &core.DateField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.DateTime{}) + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.DateField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.NowDateTime()) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestDateFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeDate) + testDefaultFieldNameValidation(t, core.FieldTypeDate) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() *core.DateField + expectErrors []string + }{ + { + "zero Min/Max", + func() *core.DateField { + return &core.DateField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "non-empty Min with empty Max", + func() *core.DateField { + return &core.DateField{ + Id: "test", + Name: "test", + Min: types.NowDateTime(), + } + }, + []string{}, + }, + { + "empty Min non-empty Max", + func() *core.DateField { + return &core.DateField{ + Id: "test", + Name: "test", + Max: types.NowDateTime(), + } + }, + []string{}, + }, + { + "Min = Max", + func() *core.DateField { + date := types.NowDateTime() + return &core.DateField{ + Id: "test", + Name: "test", + Min: date, + Max: date, + } + }, + []string{}, + }, + { + "Min > Max", + func() *core.DateField { + min := types.NowDateTime() + max := min.Add(-5 * time.Second) + return &core.DateField{ + Id: "test", + Name: "test", + Min: min, + Max: max, + } + }, + []string{}, + }, + { + "Min < Max", + func() *core.DateField { + max := types.NowDateTime() + min := max.Add(-5 * time.Second) + return &core.DateField{ + Id: "test", + Name: "test", + Min: min, + Max: max, + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} diff --git a/core/field_editor.go b/core/field_editor.go new file mode 100644 index 0000000..e3f1748 --- /dev/null +++ b/core/field_editor.go @@ -0,0 +1,162 @@ +package core + +import ( + "context" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeEditor] = func() Field { + return &EditorField{} + } +} + +const FieldTypeEditor = "editor" + +const DefaultEditorFieldMaxSize int64 = 5 << 20 + +var ( + _ Field = (*EditorField)(nil) + _ MaxBodySizeCalculator = (*EditorField)(nil) +) + +// EditorField defines "editor" type field to store HTML formatted text. +// +// The respective zero record field value is empty string. +type EditorField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // MaxSize specifies the maximum size of the allowed field value (in bytes and up to 2^53-1). + // + // If zero, a default limit of ~5MB is applied. + MaxSize int64 `form:"maxSize" json:"maxSize"` + + // ConvertURLs is usually used to instruct the editor whether to + // apply url conversion (eg. stripping the domain name in case the + // urls are using the same domain as the one where the editor is loaded). + // + // (see also https://www.tiny.cloud/docs/tinymce/6/url-handling/#convert_urls) + ConvertURLs bool `form:"convertURLs" json:"convertURLs"` + + // Required will require the field value to be non-empty string. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *EditorField) Type() string { + return FieldTypeEditor +} + +// GetId implements [Field.GetId] interface method. +func (f *EditorField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *EditorField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *EditorField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *EditorField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *EditorField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *EditorField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *EditorField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *EditorField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *EditorField) ColumnType(app App) string { + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *EditorField) PrepareValue(record *Record, raw any) (any, error) { + return cast.ToString(raw), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *EditorField) ValidateValue(ctx context.Context, app App, record *Record) error { + val, ok := record.GetRaw(f.Name).(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if f.Required { + if err := validation.Required.Validate(val); err != nil { + return err + } + } + + maxSize := f.CalculateMaxBodySize() + + if int64(len(val)) > maxSize { + return validation.NewError( + "validation_content_size_limit", + "The maximum allowed content size is {{.maxSize}} bytes", + ).SetParams(map[string]any{"maxSize": maxSize}) + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *EditorField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.MaxSize, validation.Min(0), validation.Max(maxSafeJSONInt)), + ) +} + +// CalculateMaxBodySize implements the [MaxBodySizeCalculator] interface. +func (f *EditorField) CalculateMaxBodySize() int64 { + if f.MaxSize <= 0 { + return DefaultEditorFieldMaxSize + } + + return f.MaxSize +} diff --git a/core/field_editor_test.go b/core/field_editor_test.go new file mode 100644 index 0000000..8bcebcd --- /dev/null +++ b/core/field_editor_test.go @@ -0,0 +1,252 @@ +package core_test + +import ( + "context" + "fmt" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestEditorFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeEditor) +} + +func TestEditorFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.EditorField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestEditorFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.EditorField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"test", "test"}, + {false, "false"}, + {true, "true"}, + {123.456, "123.456"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vStr, ok := v.(string) + if !ok { + t.Fatalf("Expected string instance, got %T", v) + } + + if vStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, v) + } + }) + } +} + +func TestEditorFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.EditorField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.EditorField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (not required)", + &core.EditorField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "zero field value (required)", + &core.EditorField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.EditorField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "abc") + return record + }, + false, + }, + { + "> default MaxSize", + &core.EditorField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", strings.Repeat("a", 1+(5<<20))) + return record + }, + true, + }, + { + "> MaxSize", + &core.EditorField{Name: "test", Required: true, MaxSize: 5}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "abcdef") + return record + }, + true, + }, + { + "<= MaxSize", + &core.EditorField{Name: "test", Required: true, MaxSize: 5}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "abcde") + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestEditorFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeEditor) + testDefaultFieldNameValidation(t, core.FieldTypeEditor) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() *core.EditorField + expectErrors []string + }{ + { + "< 0 MaxSize", + func() *core.EditorField { + return &core.EditorField{ + Id: "test", + Name: "test", + MaxSize: -1, + } + }, + []string{"maxSize"}, + }, + { + "= 0 MaxSize", + func() *core.EditorField { + return &core.EditorField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "> 0 MaxSize", + func() *core.EditorField { + return &core.EditorField{ + Id: "test", + Name: "test", + MaxSize: 1, + } + }, + []string{}, + }, + { + "MaxSize > safe json int", + func() *core.EditorField { + return &core.EditorField{ + Id: "test", + Name: "test", + MaxSize: 1 << 53, + } + }, + []string{"maxSize"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestEditorFieldCalculateMaxBodySize(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + scenarios := []struct { + field *core.EditorField + expected int64 + }{ + {&core.EditorField{}, core.DefaultEditorFieldMaxSize}, + {&core.EditorField{MaxSize: 10}, 10}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.field.MaxSize), func(t *testing.T) { + result := s.field.CalculateMaxBodySize() + + if result != s.expected { + t.Fatalf("Expected %d, got %d", s.expected, result) + } + }) + } +} diff --git a/core/field_email.go b/core/field_email.go new file mode 100644 index 0000000..9d82ac1 --- /dev/null +++ b/core/field_email.go @@ -0,0 +1,167 @@ +package core + +import ( + "context" + "slices" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeEmail] = func() Field { + return &EmailField{} + } +} + +const FieldTypeEmail = "email" + +var _ Field = (*EmailField)(nil) + +// EmailField defines "email" type field for storing a single email string address. +// +// The respective zero record field value is empty string. +type EmailField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // ExceptDomains will require the email domain to NOT be included in the listed ones. + // + // This validator can be set only if OnlyDomains is empty. + ExceptDomains []string `form:"exceptDomains" json:"exceptDomains"` + + // OnlyDomains will require the email domain to be included in the listed ones. + // + // This validator can be set only if ExceptDomains is empty. + OnlyDomains []string `form:"onlyDomains" json:"onlyDomains"` + + // Required will require the field value to be non-empty email string. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *EmailField) Type() string { + return FieldTypeEmail +} + +// GetId implements [Field.GetId] interface method. +func (f *EmailField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *EmailField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *EmailField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *EmailField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *EmailField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *EmailField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *EmailField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *EmailField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *EmailField) ColumnType(app App) string { + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *EmailField) PrepareValue(record *Record, raw any) (any, error) { + return cast.ToString(raw), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *EmailField) ValidateValue(ctx context.Context, app App, record *Record) error { + val, ok := record.GetRaw(f.Name).(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if f.Required { + if err := validation.Required.Validate(val); err != nil { + return err + } + } + + if val == "" { + return nil // nothing to check + } + + if err := is.EmailFormat.Validate(val); err != nil { + return err + } + + domain := val[strings.LastIndex(val, "@")+1:] + + // only domains check + if len(f.OnlyDomains) > 0 && !slices.Contains(f.OnlyDomains, domain) { + return validation.NewError("validation_email_domain_not_allowed", "Email domain is not allowed") + } + + // except domains check + if len(f.ExceptDomains) > 0 && slices.Contains(f.ExceptDomains, domain) { + return validation.NewError("validation_email_domain_not_allowed", "Email domain is not allowed") + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *EmailField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field( + &f.ExceptDomains, + validation.When(len(f.OnlyDomains) > 0, validation.Empty).Else(validation.Each(is.Domain)), + ), + validation.Field( + &f.OnlyDomains, + validation.When(len(f.ExceptDomains) > 0, validation.Empty).Else(validation.Each(is.Domain)), + ), + ) +} diff --git a/core/field_email_test.go b/core/field_email_test.go new file mode 100644 index 0000000..600f2c2 --- /dev/null +++ b/core/field_email_test.go @@ -0,0 +1,271 @@ +package core_test + +import ( + "context" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestEmailFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeEmail) +} + +func TestEmailFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.EmailField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestEmailFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.EmailField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"test", "test"}, + {false, "false"}, + {true, "true"}, + {123.456, "123.456"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vStr, ok := v.(string) + if !ok { + t.Fatalf("Expected string instance, got %T", v) + } + + if vStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, v) + } + }) + } +} + +func TestEmailFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.EmailField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.EmailField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (not required)", + &core.EmailField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "zero field value (required)", + &core.EmailField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.EmailField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "test@example.com") + return record + }, + false, + }, + { + "invalid email", + &core.EmailField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "invalid") + return record + }, + true, + }, + { + "failed onlyDomains", + &core.EmailField{Name: "test", OnlyDomains: []string{"example.org", "example.net"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "test@example.com") + return record + }, + true, + }, + { + "success onlyDomains", + &core.EmailField{Name: "test", OnlyDomains: []string{"example.org", "example.com"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "test@example.com") + return record + }, + false, + }, + { + "failed exceptDomains", + &core.EmailField{Name: "test", ExceptDomains: []string{"example.org", "example.com"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "test@example.com") + return record + }, + true, + }, + { + "success exceptDomains", + &core.EmailField{Name: "test", ExceptDomains: []string{"example.org", "example.net"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "test@example.com") + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestEmailFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeEmail) + testDefaultFieldNameValidation(t, core.FieldTypeEmail) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() *core.EmailField + expectErrors []string + }{ + { + "zero minimal", + func() *core.EmailField { + return &core.EmailField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "both onlyDomains and exceptDomains", + func() *core.EmailField { + return &core.EmailField{ + Id: "test", + Name: "test", + OnlyDomains: []string{"example.com"}, + ExceptDomains: []string{"example.org"}, + } + }, + []string{"onlyDomains", "exceptDomains"}, + }, + { + "invalid onlyDomains", + func() *core.EmailField { + return &core.EmailField{ + Id: "test", + Name: "test", + OnlyDomains: []string{"example.com", "invalid"}, + } + }, + []string{"onlyDomains"}, + }, + { + "valid onlyDomains", + func() *core.EmailField { + return &core.EmailField{ + Id: "test", + Name: "test", + OnlyDomains: []string{"example.com", "example.org"}, + } + }, + []string{}, + }, + { + "invalid exceptDomains", + func() *core.EmailField { + return &core.EmailField{ + Id: "test", + Name: "test", + ExceptDomains: []string{"example.com", "invalid"}, + } + }, + []string{"exceptDomains"}, + }, + { + "valid exceptDomains", + func() *core.EmailField { + return &core.EmailField{ + Id: "test", + Name: "test", + ExceptDomains: []string{"example.com", "example.org"}, + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} diff --git a/core/field_file.go b/core/field_file.go new file mode 100644 index 0000000..871adeb --- /dev/null +++ b/core/field_file.go @@ -0,0 +1,820 @@ +package core + +import ( + "context" + "database/sql/driver" + "errors" + "fmt" + "log" + "regexp" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeFile] = func() Field { + return &FileField{} + } +} + +const FieldTypeFile = "file" + +const DefaultFileFieldMaxSize int64 = 5 << 20 + +var looseFilenameRegex = regexp.MustCompile(`^[^\./\\][^/\\]+$`) + +const ( + deletedFilesPrefix = internalCustomFieldKeyPrefix + "_deletedFilesPrefix_" + uploadedFilesPrefix = internalCustomFieldKeyPrefix + "_uploadedFilesPrefix_" +) + +var ( + _ Field = (*FileField)(nil) + _ MultiValuer = (*FileField)(nil) + _ DriverValuer = (*FileField)(nil) + _ GetterFinder = (*FileField)(nil) + _ SetterFinder = (*FileField)(nil) + _ RecordInterceptor = (*FileField)(nil) + _ MaxBodySizeCalculator = (*FileField)(nil) +) + +// FileField defines "file" type field for managing record file(s). +// +// Only the file name is stored as part of the record value. +// New files (aka. files to upload) are expected to be of *filesytem.File. +// +// If MaxSelect is not set or <= 1, then the field value is expected to be a single record id. +// +// If MaxSelect is > 1, then the field value is expected to be a slice of record ids. +// +// The respective zero record field value is either empty string (single) or empty string slice (multiple). +// +// --- +// +// The following additional setter keys are available: +// +// - "fieldName+" - append one or more files to the existing record one. For example: +// +// // []string{"old1.txt", "old2.txt", "new1_ajkvass.txt", "new2_klhfnwd.txt"} +// record.Set("documents+", []*filesystem.File{new1, new2}) +// +// - "+fieldName" - prepend one or more files to the existing record one. For example: +// +// // []string{"new1_ajkvass.txt", "new2_klhfnwd.txt", "old1.txt", "old2.txt",} +// record.Set("+documents", []*filesystem.File{new1, new2}) +// +// - "fieldName-" - subtract/delete one or more files from the existing record one. For example: +// +// // []string{"old2.txt",} +// record.Set("documents-", "old1.txt") +type FileField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // MaxSize specifies the maximum size of a single uploaded file (in bytes and up to 2^53-1). + // + // If zero, a default limit of 5MB is applied. + MaxSize int64 `form:"maxSize" json:"maxSize"` + + // MaxSelect specifies the max allowed files. + // + // For multiple files the value must be > 1, otherwise fallbacks to single (default). + MaxSelect int `form:"maxSelect" json:"maxSelect"` + + // MimeTypes specifies an optional list of the allowed file mime types. + // + // Leave it empty to disable the validator. + MimeTypes []string `form:"mimeTypes" json:"mimeTypes"` + + // Thumbs specifies an optional list of the supported thumbs for image based files. + // + // Each entry must be in one of the following formats: + // + // - WxH (eg. 100x300) - crop to WxH viewbox (from center) + // - WxHt (eg. 100x300t) - crop to WxH viewbox (from top) + // - WxHb (eg. 100x300b) - crop to WxH viewbox (from bottom) + // - WxHf (eg. 100x300f) - fit inside a WxH viewbox (without cropping) + // - 0xH (eg. 0x300) - resize to H height preserving the aspect ratio + // - Wx0 (eg. 100x0) - resize to W width preserving the aspect ratio + Thumbs []string `form:"thumbs" json:"thumbs"` + + // Protected will require the users to provide a special file token to access the file. + // + // Note that by default all files are publicly accessible. + // + // For the majority of the cases this is fine because by default + // all file names have random part appended to their name which + // need to be known by the user before accessing the file. + Protected bool `form:"protected" json:"protected"` + + // Required will require the field value to have at least one file. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *FileField) Type() string { + return FieldTypeFile +} + +// GetId implements [Field.GetId] interface method. +func (f *FileField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *FileField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *FileField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *FileField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *FileField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *FileField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *FileField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *FileField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// IsMultiple implements MultiValuer interface and checks whether the +// current field options support multiple values. +func (f *FileField) IsMultiple() bool { + return f.MaxSelect > 1 +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *FileField) ColumnType(app App) string { + if f.IsMultiple() { + return "JSON DEFAULT '[]' NOT NULL" + } + + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *FileField) PrepareValue(record *Record, raw any) (any, error) { + return f.normalizeValue(raw), nil +} + +// DriverValue implements the [DriverValuer] interface. +func (f *FileField) DriverValue(record *Record) (driver.Value, error) { + files := f.toSliceValue(record.GetRaw(f.Name)) + + if f.IsMultiple() { + ja := make(types.JSONArray[string], len(files)) + for i, v := range files { + ja[i] = f.getFileName(v) + } + return ja, nil + } + + if len(files) == 0 { + return "", nil + } + + return f.getFileName(files[len(files)-1]), nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *FileField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.MaxSelect, validation.Min(0), validation.Max(maxSafeJSONInt)), + validation.Field(&f.MaxSize, validation.Min(0), validation.Max(maxSafeJSONInt)), + validation.Field(&f.Thumbs, validation.Each( + validation.NotIn("0x0", "0x0t", "0x0b", "0x0f"), + validation.Match(filesystem.ThumbSizeRegex), + )), + ) +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *FileField) ValidateValue(ctx context.Context, app App, record *Record) error { + files := f.toSliceValue(record.GetRaw(f.Name)) + if len(files) == 0 { + if f.Required { + return validation.ErrRequired + } + return nil // nothing to check + } + + // validate existing and disallow new plain string filenames submission + // (new files must be *filesystem.File) + // --- + oldExistingStrings := f.toSliceValue(f.getLatestOldValue(app, record)) + existingStrings := list.ToInterfaceSlice(f.extractPlainStrings(files)) + addedStrings := f.excludeFiles(existingStrings, oldExistingStrings) + + if len(addedStrings) > 0 { + invalidFiles := make([]string, len(addedStrings)) + for i, invalid := range addedStrings { + invalidStr := cast.ToString(invalid) + if len(invalidStr) > 250 { + invalidStr = invalidStr[:250] + } + invalidFiles[i] = invalidStr + } + + return validation.NewError("validation_invalid_file", "Invalid new files: {{.invalidFiles}}."). + SetParams(map[string]any{"invalidFiles": invalidFiles}) + } + + maxSelect := f.maxSelect() + if len(files) > maxSelect { + return validation.NewError("validation_too_many_files", "The maximum allowed files is {{.maxSelect}}"). + SetParams(map[string]any{"maxSelect": maxSelect}) + } + + // validate uploaded + // --- + uploads := f.extractUploadableFiles(files) + for _, upload := range uploads { + // loosely check the filename just in case it was manually changed after the normalization + err := validation.Length(1, 150).Validate(upload.Name) + if err != nil { + return err + } + err = validation.Match(looseFilenameRegex).Validate(upload.Name) + if err != nil { + return err + } + + // check size + err = validators.UploadedFileSize(f.maxSize())(upload) + if err != nil { + return err + } + + // check type + if len(f.MimeTypes) > 0 { + err = validators.UploadedFileMimeType(f.MimeTypes)(upload) + if err != nil { + return err + } + } + } + + return nil +} + +func (f *FileField) maxSize() int64 { + if f.MaxSize <= 0 { + return DefaultFileFieldMaxSize + } + + return f.MaxSize +} + +func (f *FileField) maxSelect() int { + if f.MaxSelect <= 1 { + return 1 + } + + return f.MaxSelect +} + +// CalculateMaxBodySize implements the [MaxBodySizeCalculator] interface. +func (f *FileField) CalculateMaxBodySize() int64 { + return f.maxSize() * int64(f.maxSelect()) +} + +// Interceptors +// ------------------------------------------------------------------- + +// Intercept implements the [RecordInterceptor] interface. +// +// note: files delete after records deletion is handled globally by the app FileManager hook +func (f *FileField) Intercept( + ctx context.Context, + app App, + record *Record, + actionName string, + actionFunc func() error, +) error { + switch actionName { + case InterceptorActionCreateExecute, InterceptorActionUpdateExecute: + oldValue := f.getLatestOldValue(app, record) + + err := f.processFilesToUpload(ctx, app, record) + if err != nil { + return err + } + + err = actionFunc() + if err != nil { + return errors.Join(err, f.afterRecordExecuteFailure(newContextIfInvalid(ctx), app, record)) + } + + f.rememberFilesToDelete(app, record, oldValue) + + f.afterRecordExecuteSuccess(newContextIfInvalid(ctx), app, record) + + return nil + case InterceptorActionAfterCreateError, InterceptorActionAfterUpdateError: + // when in transaction we assume that the error was handled by afterRecordExecuteFailure + if app.IsTransactional() { + return actionFunc() + } + + failedToDelete, deleteErr := f.deleteNewlyUploadedFiles(newContextIfInvalid(ctx), app, record) + if deleteErr != nil { + app.Logger().Warn( + "Failed to cleanup all new files after record commit failure", + "error", deleteErr, + "failedToDelete", failedToDelete, + ) + } + + record.SetRaw(deletedFilesPrefix+f.Name, nil) + + if record.IsNew() { + // try to delete the record directory if there are no other files + // + // note: executed only on create failure to avoid accidentally + // deleting a concurrently updating directory due to the + // eventual consistent nature of some storage providers + err := f.deleteEmptyRecordDir(newContextIfInvalid(ctx), app, record) + if err != nil { + app.Logger().Warn("Failed to delete empty dir after new record commit failure", "error", err) + } + } + + return actionFunc() + case InterceptorActionAfterCreate, InterceptorActionAfterUpdate: + record.SetRaw(uploadedFilesPrefix+f.Name, nil) + + err := f.processFilesToDelete(ctx, app, record) + if err != nil { + return err + } + + return actionFunc() + default: + return actionFunc() + } +} +func (f *FileField) getLatestOldValue(app App, record *Record) any { + if !record.IsNew() { + latestOriginal, err := app.FindRecordById(record.Collection(), cast.ToString(record.LastSavedPK())) + if err == nil { + return latestOriginal.GetRaw(f.Name) + } + } + + return record.Original().GetRaw(f.Name) +} + +func (f *FileField) afterRecordExecuteSuccess(ctx context.Context, app App, record *Record) { + uploaded, _ := record.GetRaw(uploadedFilesPrefix + f.Name).([]*filesystem.File) + + // replace the uploaded file objects with their plain string names + newValue := f.toSliceValue(record.GetRaw(f.Name)) + for i, v := range newValue { + if file, ok := v.(*filesystem.File); ok { + uploaded = append(uploaded, file) + newValue[i] = file.Name + } + } + f.setValue(record, newValue) + + record.SetRaw(uploadedFilesPrefix+f.Name, uploaded) +} + +func (f *FileField) afterRecordExecuteFailure(ctx context.Context, app App, record *Record) error { + uploaded := f.extractUploadableFiles(f.toSliceValue(record.GetRaw(f.Name))) + + toDelete := make([]string, len(uploaded)) + for i, file := range uploaded { + toDelete[i] = file.Name + } + + // delete previously uploaded files + failedToDelete, deleteErr := f.deleteFilesByNamesList(ctx, app, record, list.ToUniqueStringSlice(toDelete)) + + if len(failedToDelete) > 0 { + app.Logger().Warn( + "Failed to cleanup the new uploaded file after record db write failure", + "error", deleteErr, + "failedToDelete", failedToDelete, + ) + } + + return deleteErr +} + +func (f *FileField) deleteEmptyRecordDir(ctx context.Context, app App, record *Record) error { + fsys, err := app.NewFilesystem() + if err != nil { + return err + } + defer fsys.Close() + fsys.SetContext(newContextIfInvalid(ctx)) + + dir := record.BaseFilesPath() + + if !fsys.IsEmptyDir(dir) { + return nil // no-op + } + + err = fsys.Delete(dir) + if err != nil && !errors.Is(err, filesystem.ErrNotFound) { + return err + } + + return nil +} + +func (f *FileField) processFilesToDelete(ctx context.Context, app App, record *Record) error { + markedForDelete, _ := record.GetRaw(deletedFilesPrefix + f.Name).([]string) + if len(markedForDelete) == 0 { + return nil + } + + old := list.ToInterfaceSlice(markedForDelete) + new := list.ToInterfaceSlice(f.extractPlainStrings(f.toSliceValue(record.GetRaw(f.Name)))) + diff := f.excludeFiles(old, new) + + toDelete := make([]string, len(diff)) + for i, del := range diff { + toDelete[i] = f.getFileName(del) + } + + failedToDelete, err := f.deleteFilesByNamesList(ctx, app, record, list.ToUniqueStringSlice(toDelete)) + + record.SetRaw(deletedFilesPrefix+f.Name, failedToDelete) + + return err +} + +func (f *FileField) rememberFilesToDelete(app App, record *Record, oldValue any) { + old := list.ToInterfaceSlice(f.extractPlainStrings(f.toSliceValue(oldValue))) + new := list.ToInterfaceSlice(f.extractPlainStrings(f.toSliceValue(record.GetRaw(f.Name)))) + diff := f.excludeFiles(old, new) + + toDelete, _ := record.GetRaw(deletedFilesPrefix + f.Name).([]string) + + for _, del := range diff { + toDelete = append(toDelete, f.getFileName(del)) + } + + record.SetRaw(deletedFilesPrefix+f.Name, toDelete) +} + +func (f *FileField) processFilesToUpload(ctx context.Context, app App, record *Record) error { + uploads := f.extractUploadableFiles(f.toSliceValue(record.GetRaw(f.Name))) + if len(uploads) == 0 { + return nil + } + + if record.Id == "" { + return errors.New("uploading files requires the record to have a valid nonempty id") + } + + fsys, err := app.NewFilesystem() + if err != nil { + return err + } + defer fsys.Close() + fsys.SetContext(ctx) + + var failed []error // list of upload errors + var succeeded []string // list of uploaded file names + + for _, upload := range uploads { + path := record.BaseFilesPath() + "/" + upload.Name + if err := fsys.UploadFile(upload, path); err == nil { + succeeded = append(succeeded, upload.Name) + } else { + failed = append(failed, fmt.Errorf("%q: %w", upload.Name, err)) + break // for now stop on the first error since we currently don't allow partial uploads + } + } + + if len(failed) > 0 { + // cleanup - try to delete the successfully uploaded files (if any) + _, cleanupErr := f.deleteFilesByNamesList(newContextIfInvalid(ctx), app, record, succeeded) + + failed = append(failed, cleanupErr) + + return fmt.Errorf("failed to upload all files: %w", errors.Join(failed...)) + } + + return nil +} + +func (f *FileField) deleteNewlyUploadedFiles(ctx context.Context, app App, record *Record) ([]string, error) { + uploaded, _ := record.GetRaw(uploadedFilesPrefix + f.Name).([]*filesystem.File) + if len(uploaded) == 0 { + return nil, nil + } + + names := make([]string, len(uploaded)) + for i, file := range uploaded { + names[i] = file.Name + } + + failed, err := f.deleteFilesByNamesList(ctx, app, record, list.ToUniqueStringSlice(names)) + if err != nil { + return failed, err + } + + record.SetRaw(uploadedFilesPrefix+f.Name, nil) + + return nil, nil +} + +// deleteFiles deletes a list of record files by their names. +// Returns the failed/remaining files. +func (f *FileField) deleteFilesByNamesList(ctx context.Context, app App, record *Record, filenames []string) ([]string, error) { + if len(filenames) == 0 { + return nil, nil // nothing to delete + } + + if record.Id == "" { + return filenames, errors.New("the record doesn't have an id") + } + + fsys, err := app.NewFilesystem() + if err != nil { + return filenames, err + } + defer fsys.Close() + fsys.SetContext(ctx) + + var failures []error + + for i := len(filenames) - 1; i >= 0; i-- { + filename := filenames[i] + if filename == "" || strings.ContainsAny(filename, "/\\") { + continue // empty or not a plain filename + } + + path := record.BaseFilesPath() + "/" + filename + + err := fsys.Delete(path) + if err != nil && !errors.Is(err, filesystem.ErrNotFound) { + // store the delete error + failures = append(failures, fmt.Errorf("file %d (%q): %w", i, filename, err)) + } else { + // remove the deleted file from the list + filenames = append(filenames[:i], filenames[i+1:]...) + + // try to delete the related file thumbs (if any) + thumbsErr := fsys.DeletePrefix(record.BaseFilesPath() + "/thumbs_" + filename + "/") + if len(thumbsErr) > 0 { + app.Logger().Warn("Failed to delete file thumbs", "error", errors.Join(thumbsErr...)) + } + } + } + + if len(failures) > 0 { + return filenames, fmt.Errorf("failed to delete all files: %w", errors.Join(failures...)) + } + + return nil, nil +} + +// newContextIfInvalid returns a new Background context if the provided one was cancelled. +func newContextIfInvalid(ctx context.Context) context.Context { + if ctx.Err() == nil { + return ctx + } + + return context.Background() +} + +// ------------------------------------------------------------------- + +// FindGetter implements the [GetterFinder] interface. +func (f *FileField) FindGetter(key string) GetterFunc { + switch key { + case f.Name: + return func(record *Record) any { + return record.GetRaw(f.Name) + } + case f.Name + ":unsaved": + return func(record *Record) any { + return f.extractUploadableFiles(f.toSliceValue(record.GetRaw(f.Name))) + } + case f.Name + ":uploaded": + // deprecated + log.Println("[file field getter] please replace :uploaded with :unsaved") + return func(record *Record) any { + return f.extractUploadableFiles(f.toSliceValue(record.GetRaw(f.Name))) + } + default: + return nil + } +} + +// ------------------------------------------------------------------- + +// FindSetter implements the [SetterFinder] interface. +func (f *FileField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + return f.setValue + case "+" + f.Name: + return f.prependValue + case f.Name + "+": + return f.appendValue + case f.Name + "-": + return f.subtractValue + default: + return nil + } +} + +func (f *FileField) setValue(record *Record, raw any) { + val := f.normalizeValue(raw) + + record.SetRaw(f.Name, val) +} + +func (f *FileField) prependValue(record *Record, toPrepend any) { + files := f.toSliceValue(record.GetRaw(f.Name)) + prepends := f.toSliceValue(toPrepend) + + if len(prepends) > 0 { + files = append(prepends, files...) + } + + f.setValue(record, files) +} + +func (f *FileField) appendValue(record *Record, toAppend any) { + files := f.toSliceValue(record.GetRaw(f.Name)) + appends := f.toSliceValue(toAppend) + + if len(appends) > 0 { + files = append(files, appends...) + } + + f.setValue(record, files) +} + +func (f *FileField) subtractValue(record *Record, toRemove any) { + files := f.excludeFiles( + f.toSliceValue(record.GetRaw(f.Name)), + f.toSliceValue(toRemove), + ) + + f.setValue(record, files) +} + +func (f *FileField) normalizeValue(raw any) any { + files := f.toSliceValue(raw) + + if f.IsMultiple() { + return files + } + + if len(files) > 0 { + return files[len(files)-1] // the last selected + } + + return "" +} + +func (f *FileField) toSliceValue(raw any) []any { + var result []any + + switch value := raw.(type) { + case nil: + // nothing to cast + case *filesystem.File: + result = append(result, value) + case filesystem.File: + result = append(result, &value) + case []*filesystem.File: + for _, v := range value { + result = append(result, v) + } + case []filesystem.File: + for _, v := range value { + result = append(result, &v) + } + case []any: + for _, v := range value { + casted := f.toSliceValue(v) + if len(casted) == 1 { + result = append(result, casted[0]) + } + } + default: + result = list.ToInterfaceSlice(list.ToUniqueStringSlice(value)) + } + + return f.uniqueFiles(result) +} + +func (f *FileField) uniqueFiles(files []any) []any { + found := make(map[string]struct{}, len(files)) + result := make([]any, 0, len(files)) + + for _, fv := range files { + name := f.getFileName(fv) + if _, ok := found[name]; !ok { + result = append(result, fv) + found[name] = struct{}{} + } + } + + return result +} + +func (f *FileField) extractPlainStrings(files []any) []string { + result := []string{} + + for _, raw := range files { + if f, ok := raw.(string); ok { + result = append(result, f) + } + } + + return result +} + +func (f *FileField) extractUploadableFiles(files []any) []*filesystem.File { + result := []*filesystem.File{} + + for _, raw := range files { + if upload, ok := raw.(*filesystem.File); ok { + result = append(result, upload) + } + } + + return result +} + +func (f *FileField) excludeFiles(base []any, toExclude []any) []any { + result := make([]any, 0, len(base)) + +SUBTRACT_LOOP: + for _, fv := range base { + for _, exclude := range toExclude { + if f.getFileName(exclude) == f.getFileName(fv) { + continue SUBTRACT_LOOP // skip + } + } + + result = append(result, fv) + } + + return result +} + +func (f *FileField) getFileName(file any) string { + switch v := file.(type) { + case string: + return v + case *filesystem.File: + return v.Name + default: + return "" + } +} diff --git a/core/field_file_test.go b/core/field_file_test.go new file mode 100644 index 0000000..82ad369 --- /dev/null +++ b/core/field_file_test.go @@ -0,0 +1,1152 @@ +package core_test + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "fmt" + "slices" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestFileFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeFile) +} + +func TestFileFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field *core.FileField + expected string + }{ + { + "single (zero)", + &core.FileField{}, + "TEXT DEFAULT '' NOT NULL", + }, + { + "single", + &core.FileField{MaxSelect: 1}, + "TEXT DEFAULT '' NOT NULL", + }, + { + "multiple", + &core.FileField{MaxSelect: 2}, + "JSON DEFAULT '[]' NOT NULL", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if v := s.field.ColumnType(app); v != s.expected { + t.Fatalf("Expected\n%q\ngot\n%q", s.expected, v) + } + }) + } +} + +func TestFileFieldIsMultiple(t *testing.T) { + scenarios := []struct { + name string + field *core.FileField + expected bool + }{ + { + "zero", + &core.FileField{}, + false, + }, + { + "single", + &core.FileField{MaxSelect: 1}, + false, + }, + { + "multiple", + &core.FileField{MaxSelect: 2}, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if v := s.field.IsMultiple(); v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestFileFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record := core.NewRecord(core.NewBaseCollection("test")) + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "test1.txt") + if err != nil { + t.Fatal(err) + } + f1Raw, err := json.Marshal(f1) + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + raw any + field *core.FileField + expected string + }{ + // single + {nil, &core.FileField{MaxSelect: 1}, `""`}, + {"", &core.FileField{MaxSelect: 1}, `""`}, + {123, &core.FileField{MaxSelect: 1}, `"123"`}, + {"a", &core.FileField{MaxSelect: 1}, `"a"`}, + {`["a"]`, &core.FileField{MaxSelect: 1}, `"a"`}, + {*f1, &core.FileField{MaxSelect: 1}, string(f1Raw)}, + {f1, &core.FileField{MaxSelect: 1}, string(f1Raw)}, + {[]string{}, &core.FileField{MaxSelect: 1}, `""`}, + {[]string{"a", "b"}, &core.FileField{MaxSelect: 1}, `"b"`}, + + // multiple + {nil, &core.FileField{MaxSelect: 2}, `[]`}, + {"", &core.FileField{MaxSelect: 2}, `[]`}, + {123, &core.FileField{MaxSelect: 2}, `["123"]`}, + {"a", &core.FileField{MaxSelect: 2}, `["a"]`}, + {`["a"]`, &core.FileField{MaxSelect: 2}, `["a"]`}, + {[]any{f1}, &core.FileField{MaxSelect: 2}, `[` + string(f1Raw) + `]`}, + {[]*filesystem.File{f1}, &core.FileField{MaxSelect: 2}, `[` + string(f1Raw) + `]`}, + {[]filesystem.File{*f1}, &core.FileField{MaxSelect: 2}, `[` + string(f1Raw) + `]`}, + {[]string{}, &core.FileField{MaxSelect: 2}, `[]`}, + {[]string{"a", "b", "c"}, &core.FileField{MaxSelect: 2}, `["a","b","c"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v_%v", i, s.raw, s.field.IsMultiple()), func(t *testing.T) { + v, err := s.field.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vRaw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + + if string(vRaw) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, vRaw) + } + }) + } +} + +func TestFileFieldDriverValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + raw any + field *core.FileField + expected string + }{ + // single + {nil, &core.FileField{MaxSelect: 1}, `""`}, + {"", &core.FileField{MaxSelect: 1}, `""`}, + {123, &core.FileField{MaxSelect: 1}, `"123"`}, + {"a", &core.FileField{MaxSelect: 1}, `"a"`}, + {`["a"]`, &core.FileField{MaxSelect: 1}, `"a"`}, + {f1, &core.FileField{MaxSelect: 1}, `"` + f1.Name + `"`}, + {[]string{}, &core.FileField{MaxSelect: 1}, `""`}, + {[]string{"a", "b"}, &core.FileField{MaxSelect: 1}, `"b"`}, + + // multiple + {nil, &core.FileField{MaxSelect: 2}, `[]`}, + {"", &core.FileField{MaxSelect: 2}, `[]`}, + {123, &core.FileField{MaxSelect: 2}, `["123"]`}, + {"a", &core.FileField{MaxSelect: 2}, `["a"]`}, + {`["a"]`, &core.FileField{MaxSelect: 2}, `["a"]`}, + {[]any{"a", f1}, &core.FileField{MaxSelect: 2}, `["a","` + f1.Name + `"]`}, + {[]string{}, &core.FileField{MaxSelect: 2}, `[]`}, + {[]string{"a", "b", "c"}, &core.FileField{MaxSelect: 2}, `["a","b","c"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v_%v", i, s.raw, s.field.IsMultiple()), func(t *testing.T) { + record := core.NewRecord(core.NewBaseCollection("test")) + record.SetRaw(s.field.GetName(), s.raw) + + v, err := s.field.DriverValue(record) + if err != nil { + t.Fatal(err) + } + + if s.field.IsMultiple() { + _, ok := v.(types.JSONArray[string]) + if !ok { + t.Fatalf("Expected types.JSONArray value, got %T", v) + } + } else { + _, ok := v.(string) + if !ok { + t.Fatalf("Expected string value, got %T", v) + } + } + + vRaw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + + if string(vRaw) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, vRaw) + } + }) + } +} + +func TestFileFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "test1.txt") + if err != nil { + t.Fatal(err) + } + + f2, err := filesystem.NewFileFromBytes([]byte("test"), "test2.txt") + if err != nil { + t.Fatal(err) + } + + f3, err := filesystem.NewFileFromBytes([]byte("test_abc"), "test3.txt") + if err != nil { + t.Fatal(err) + } + + f4, err := filesystem.NewFileFromBytes(make([]byte, core.DefaultFileFieldMaxSize+1), "test4.txt") + if err != nil { + t.Fatal(err) + } + + f5, err := filesystem.NewFileFromBytes(make([]byte, core.DefaultFileFieldMaxSize), "test5.txt") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + field *core.FileField + record func() *core.Record + expectError bool + }{ + // single + { + "zero field value (not required)", + &core.FileField{Name: "test", MaxSize: 9999, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "zero field value (required)", + &core.FileField{Name: "test", MaxSize: 9999, MaxSelect: 1, Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "new plain filename", // new files must be *filesystem.File + &core.FileField{Name: "test", MaxSize: 9999, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "a") + return record + }, + true, + }, + { + "new file", + &core.FileField{Name: "test", MaxSize: 9999, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", f1) + return record + }, + false, + }, + { + "new files > MaxSelect", + &core.FileField{Name: "test", MaxSize: 9999, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []any{f1, f2}) + return record + }, + true, + }, + { + "new files <= MaxSelect", + &core.FileField{Name: "test", MaxSize: 9999, MaxSelect: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []any{f1, f2}) + return record + }, + false, + }, + { + "> default MaxSize", + &core.FileField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", f4) + return record + }, + true, + }, + { + "<= default MaxSize", + &core.FileField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", f5) + return record + }, + false, + }, + { + "> MaxSize", + &core.FileField{Name: "test", MaxSize: 4, MaxSelect: 3}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []any{f1, f2, f3}) // f3=8 + return record + }, + true, + }, + { + "<= MaxSize", + &core.FileField{Name: "test", MaxSize: 8, MaxSelect: 3}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []any{f1, f2, f3}) + return record + }, + false, + }, + { + "non-matching MimeType", + &core.FileField{Name: "test", MaxSize: 999, MaxSelect: 3, MimeTypes: []string{"a", "b"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []any{f1, f2}) + return record + }, + true, + }, + { + "matching MimeType", + &core.FileField{Name: "test", MaxSize: 999, MaxSelect: 3, MimeTypes: []string{"text/plain", "b"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []any{f1, f2}) + return record + }, + false, + }, + { + "existing files > MaxSelect", + &core.FileField{Name: "file_many", MaxSize: 999, MaxSelect: 2}, + func() *core.Record { + record, _ := app.FindRecordById("demo1", "84nmscqy84lsi1t") // 5 files + return record + }, + true, + }, + { + "existing files should ignore the MaxSize and Mimetypes checks", + &core.FileField{Name: "file_many", MaxSize: 1, MaxSelect: 5, MimeTypes: []string{"a", "b"}}, + func() *core.Record { + record, _ := app.FindRecordById("demo1", "84nmscqy84lsi1t") + return record + }, + false, + }, + { + "existing + new file > MaxSelect (5+2)", + &core.FileField{Name: "file_many", MaxSize: 999, MaxSelect: 6}, + func() *core.Record { + record, _ := app.FindRecordById("demo1", "84nmscqy84lsi1t") + record.Set("file_many+", []any{f1, f2}) + return record + }, + true, + }, + { + "existing + new file <= MaxSelect (5+2)", + &core.FileField{Name: "file_many", MaxSize: 999, MaxSelect: 7}, + func() *core.Record { + record, _ := app.FindRecordById("demo1", "84nmscqy84lsi1t") + record.Set("file_many+", []any{f1, f2}) + return record + }, + false, + }, + { + "existing + new filename", + &core.FileField{Name: "file_many", MaxSize: 999, MaxSelect: 99}, + func() *core.Record { + record, _ := app.FindRecordById("demo1", "84nmscqy84lsi1t") + record.Set("file_many+", "test123.png") + return record + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestFileFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeFile) + testDefaultFieldNameValidation(t, core.FieldTypeFile) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field func() *core.FileField + expectErrors []string + }{ + { + "zero minimal", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "0x0 thumb", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSelect: 1, + Thumbs: []string{"100x200", "0x0"}, + } + }, + []string{"thumbs"}, + }, + { + "0x0t thumb", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: 1, + MaxSelect: 1, + Thumbs: []string{"100x200", "0x0t"}, + } + }, + []string{"thumbs"}, + }, + { + "0x0b thumb", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: 1, + MaxSelect: 1, + Thumbs: []string{"100x200", "0x0b"}, + } + }, + []string{"thumbs"}, + }, + { + "0x0f thumb", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: 1, + MaxSelect: 1, + Thumbs: []string{"100x200", "0x0f"}, + } + }, + []string{"thumbs"}, + }, + { + "invalid format", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: 1, + MaxSelect: 1, + Thumbs: []string{"100x200", "100x"}, + } + }, + []string{"thumbs"}, + }, + { + "valid thumbs", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: 1, + MaxSelect: 1, + Thumbs: []string{"100x200", "100x40", "100x200"}, + } + }, + []string{}, + }, + { + "MaxSize > safe json int", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: 1 << 53, + } + }, + []string{"maxSize"}, + }, + { + "MaxSize < 0", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSize: -1, + } + }, + []string{"maxSize"}, + }, + { + "MaxSelect > safe json int", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSelect: 1 << 53, + } + }, + []string{"maxSelect"}, + }, + { + "MaxSelect < 0", + func() *core.FileField { + return &core.FileField{ + Id: "test", + Name: "test", + MaxSelect: -1, + } + }, + []string{"maxSelect"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + field := s.field() + + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(field) + + errs := field.ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestFileFieldCalculateMaxBodySize(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + scenarios := []struct { + field *core.FileField + expected int64 + }{ + {&core.FileField{}, core.DefaultFileFieldMaxSize}, + {&core.FileField{MaxSelect: 2}, 2 * core.DefaultFileFieldMaxSize}, + {&core.FileField{MaxSize: 10}, 10}, + {&core.FileField{MaxSize: 10, MaxSelect: 1}, 10}, + {&core.FileField{MaxSize: 10, MaxSelect: 2}, 20}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d_%d", i, s.field.MaxSelect, s.field.MaxSize), func(t *testing.T) { + result := s.field.CalculateMaxBodySize() + + if result != s.expected { + t.Fatalf("Expected %d, got %d", s.expected, result) + } + }) + } +} + +func TestFileFieldFindGetter(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "f1") + if err != nil { + t.Fatal(err) + } + f1.Name = "f1" + + f2, err := filesystem.NewFileFromBytes([]byte("test"), "f2") + if err != nil { + t.Fatal(err) + } + f2.Name = "f2" + + record, err := app.FindRecordById("demo3", "lcl9d87w22ml6jy") + if err != nil { + t.Fatal(err) + } + record.Set("files+", []any{f1, f2}) + record.Set("files-", "test_FLurQTgrY8.txt") + + field, ok := record.Collection().Fields.GetByName("files").(*core.FileField) + if !ok { + t.Fatalf("Expected *core.FileField, got %T", record.Collection().Fields.GetByName("files")) + } + + scenarios := []struct { + name string + key string + hasGetter bool + expected string + }{ + { + "no match", + "example", + false, + "", + }, + { + "exact match", + field.GetName(), + true, + `["300_UhLKX91HVb.png",{"name":"f1","originalName":"f1","size":4},{"name":"f2","originalName":"f2","size":4}]`, + }, + { + "unsaved", + field.GetName() + ":unsaved", + true, + `[{"name":"f1","originalName":"f1","size":4},{"name":"f2","originalName":"f2","size":4}]`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + getter := field.FindGetter(s.key) + + hasGetter := getter != nil + if hasGetter != s.hasGetter { + t.Fatalf("Expected hasGetter %v, got %v", s.hasGetter, hasGetter) + } + + if !hasGetter { + return + } + + v := getter(record) + + raw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, rawStr) + } + }) + } +} + +func TestFileFieldFindSetter(t *testing.T) { + scenarios := []struct { + name string + key string + value any + field *core.FileField + hasSetter bool + expected string + }{ + { + "no match", + "example", + "b", + &core.FileField{Name: "test", MaxSelect: 1}, + false, + "", + }, + { + "exact match (single)", + "test", + "b", + &core.FileField{Name: "test", MaxSelect: 1}, + true, + `"b"`, + }, + { + "exact match (multiple)", + "test", + []string{"a", "b", "b"}, + &core.FileField{Name: "test", MaxSelect: 2}, + true, + `["a","b"]`, + }, + { + "append (single)", + "test+", + "b", + &core.FileField{Name: "test", MaxSelect: 1}, + true, + `"b"`, + }, + { + "append (multiple)", + "test+", + []string{"a"}, + &core.FileField{Name: "test", MaxSelect: 2}, + true, + `["c","d","a"]`, + }, + { + "prepend (single)", + "+test", + "b", + &core.FileField{Name: "test", MaxSelect: 1}, + true, + `"d"`, // the last of the existing values + }, + { + "prepend (multiple)", + "+test", + []string{"a"}, + &core.FileField{Name: "test", MaxSelect: 2}, + true, + `["a","c","d"]`, + }, + { + "subtract (single)", + "test-", + "d", + &core.FileField{Name: "test", MaxSelect: 1}, + true, + `"c"`, + }, + { + "subtract (multiple)", + "test-", + []string{"unknown", "c"}, + &core.FileField{Name: "test", MaxSelect: 2}, + true, + `["d"]`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(s.field) + + setter := s.field.FindSetter(s.key) + + hasSetter := setter != nil + if hasSetter != s.hasSetter { + t.Fatalf("Expected hasSetter %v, got %v", s.hasSetter, hasSetter) + } + + if !hasSetter { + return + } + + record := core.NewRecord(collection) + record.SetRaw(s.field.GetName(), []string{"c", "d"}) + + setter(record, s.value) + + raw, err := json.Marshal(record.Get(s.field.GetName())) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, rawStr) + } + }) + } +} + +func TestFileFieldIntercept(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + demo1, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + demo1.Fields.GetByName("text").(*core.TextField).Required = true // trigger validation error + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "new1.txt") + if err != nil { + t.Fatal(err) + } + + f2, err := filesystem.NewFileFromBytes([]byte("test"), "new2.txt") + if err != nil { + t.Fatal(err) + } + + f3, err := filesystem.NewFileFromBytes([]byte("test"), "new3.txt") + if err != nil { + t.Fatal(err) + } + + f4, err := filesystem.NewFileFromBytes([]byte("test"), "new4.txt") + if err != nil { + t.Fatal(err) + } + + record := core.NewRecord(demo1) + + ok := t.Run("1. create - with validation error", func(t *testing.T) { + record.Set("file_many", []any{f1, f2}) + + err := testApp.Save(record) + + tests.TestValidationErrors(t, err, []string{"text"}) + + value, _ := record.GetRaw("file_many").([]any) + if len(value) != 2 { + t.Fatalf("Expected the file field value to be unchanged, got %v", value) + } + }) + if !ok { + return + } + + ok = t.Run("2. create - fixing the validation error", func(t *testing.T) { + record.Set("text", "abc") + + err := testApp.Save(record) + if err != nil { + t.Fatalf("Expected save to succeed, got %v", err) + } + + expectedKeys := []string{f1.Name, f2.Name} + + raw := record.GetRaw("file_many") + + // ensure that the value was replaced with the file names + value := list.ToUniqueStringSlice(raw) + if len(value) != len(expectedKeys) { + t.Fatalf("Expected the file field to be updated with the %d file names, got\n%v", len(expectedKeys), raw) + } + for _, name := range expectedKeys { + if !slices.Contains(value, name) { + t.Fatalf("Missing file %q in %v", name, value) + } + } + + checkRecordFiles(t, testApp, record, expectedKeys) + }) + if !ok { + return + } + + ok = t.Run("3. update - validation error", func(t *testing.T) { + record.Set("text", "") + record.Set("file_many+", f3) + record.Set("file_many-", f2.Name) + + err := testApp.Save(record) + + tests.TestValidationErrors(t, err, []string{"text"}) + + raw, _ := json.Marshal(record.GetRaw("file_many")) + expectedRaw, _ := json.Marshal([]any{f1.Name, f3}) + if !bytes.Equal(expectedRaw, raw) { + t.Fatalf("Expected file field value\n%s\ngot\n%s", expectedRaw, raw) + } + + checkRecordFiles(t, testApp, record, []string{f1.Name, f2.Name}) + }) + if !ok { + return + } + + ok = t.Run("4. update - fixing the validation error", func(t *testing.T) { + record.Set("text", "abc2") + + err := testApp.Save(record) + if err != nil { + t.Fatalf("Expected save to succeed, got %v", err) + } + + raw, _ := json.Marshal(record.GetRaw("file_many")) + expectedRaw, _ := json.Marshal([]any{f1.Name, f3.Name}) + if !bytes.Equal(expectedRaw, raw) { + t.Fatalf("Expected file field value\n%s\ngot\n%s", expectedRaw, raw) + } + + checkRecordFiles(t, testApp, record, []string{f1.Name, f3.Name}) + }) + if !ok { + return + } + + t.Run("5. update - second time update", func(t *testing.T) { + record.Set("file_many-", f1.Name) + record.Set("file_many+", f4) + + err := testApp.Save(record) + if err != nil { + t.Fatalf("Expected save to succeed, got %v", err) + } + + raw, _ := json.Marshal(record.GetRaw("file_many")) + expectedRaw, _ := json.Marshal([]any{f3.Name, f4.Name}) + if !bytes.Equal(expectedRaw, raw) { + t.Fatalf("Expected file field value\n%s\ngot\n%s", expectedRaw, raw) + } + + checkRecordFiles(t, testApp, record, []string{f3.Name, f4.Name}) + }) +} + +func TestFileFieldInterceptTx(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + demo1, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + demo1.Fields.GetByName("text").(*core.TextField).Required = true // trigger validation error + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "new1.txt") + if err != nil { + t.Fatal(err) + } + + f2, err := filesystem.NewFileFromBytes([]byte("test"), "new2.txt") + if err != nil { + t.Fatal(err) + } + + f3, err := filesystem.NewFileFromBytes([]byte("test"), "new3.txt") + if err != nil { + t.Fatal(err) + } + + f4, err := filesystem.NewFileFromBytes([]byte("test"), "new4.txt") + if err != nil { + t.Fatal(err) + } + + var record *core.Record + + tx := func(succeed bool) func(txApp core.App) error { + var txErr error + if !succeed { + txErr = errors.New("tx error") + } + + return func(txApp core.App) error { + record = core.NewRecord(demo1) + ok := t.Run(fmt.Sprintf("[tx_%v] create with validation error", succeed), func(t *testing.T) { + record.Set("text", "") + record.Set("file_many", []any{f1, f2}) + + err := txApp.Save(record) + tests.TestValidationErrors(t, err, []string{"text"}) + + checkRecordFiles(t, txApp, record, []string{}) // no uploaded files + }) + if !ok { + return txErr + } + + // --- + + ok = t.Run(fmt.Sprintf("[tx_%v] create with fixed validation error", succeed), func(t *testing.T) { + record.Set("text", "abc") + + err = txApp.Save(record) + if err != nil { + t.Fatalf("Expected save to succeed, got %v", err) + } + + checkRecordFiles(t, txApp, record, []string{f1.Name, f2.Name}) + }) + if !ok { + return txErr + } + + // --- + + ok = t.Run(fmt.Sprintf("[tx_%v] update with validation error", succeed), func(t *testing.T) { + record.Set("text", "") + record.Set("file_many+", f3) + record.Set("file_many-", f2.Name) + + err = txApp.Save(record) + tests.TestValidationErrors(t, err, []string{"text"}) + + raw, _ := json.Marshal(record.GetRaw("file_many")) + expectedRaw, _ := json.Marshal([]any{f1.Name, f3}) + if !bytes.Equal(expectedRaw, raw) { + t.Fatalf("Expected file field value\n%s\ngot\n%s", expectedRaw, raw) + } + + checkRecordFiles(t, txApp, record, []string{f1.Name, f2.Name}) // no file changes + }) + if !ok { + return txErr + } + + // --- + + ok = t.Run(fmt.Sprintf("[tx_%v] update with fixed validation error", succeed), func(t *testing.T) { + record.Set("text", "abc2") + + err = txApp.Save(record) + if err != nil { + t.Fatalf("Expected save to succeed, got %v", err) + } + + raw, _ := json.Marshal(record.GetRaw("file_many")) + expectedRaw, _ := json.Marshal([]any{f1.Name, f3.Name}) + if !bytes.Equal(expectedRaw, raw) { + t.Fatalf("Expected file field value\n%s\ngot\n%s", expectedRaw, raw) + } + + checkRecordFiles(t, txApp, record, []string{f1.Name, f3.Name, f2.Name}) // f2 shouldn't be deleted yet + }) + if !ok { + return txErr + } + + // --- + + ok = t.Run(fmt.Sprintf("[tx_%v] second time update", succeed), func(t *testing.T) { + record.Set("file_many-", f1.Name) + record.Set("file_many+", f4) + + err := txApp.Save(record) + if err != nil { + t.Fatalf("Expected save to succeed, got %v", err) + } + + raw, _ := json.Marshal(record.GetRaw("file_many")) + expectedRaw, _ := json.Marshal([]any{f3.Name, f4.Name}) + if !bytes.Equal(expectedRaw, raw) { + t.Fatalf("Expected file field value\n%s\ngot\n%s", expectedRaw, raw) + } + + checkRecordFiles(t, txApp, record, []string{f3.Name, f4.Name, f1.Name, f2.Name}) // f1 and f2 shouldn't be deleted yet + }) + if !ok { + return txErr + } + + // --- + + return txErr + } + } + + // failed transaction + txErr := testApp.RunInTransaction(tx(false)) + if txErr == nil { + t.Fatal("Expected transaction error") + } + // there shouldn't be any fails associated with the record id + checkRecordFiles(t, testApp, record, []string{}) + + txErr = testApp.RunInTransaction(tx(true)) + if txErr != nil { + t.Fatalf("Expected transaction to succeed, got %v", txErr) + } + // only the last updated files should remain + checkRecordFiles(t, testApp, record, []string{f3.Name, f4.Name}) +} + +// ------------------------------------------------------------------- + +func checkRecordFiles(t *testing.T, testApp core.App, record *core.Record, expectedKeys []string) { + fsys, err := testApp.NewFilesystem() + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + objects, err := fsys.List(record.BaseFilesPath() + "/") + if err != nil { + t.Fatal(err) + } + objectKeys := make([]string, 0, len(objects)) + for _, obj := range objects { + // exclude thumbs + if !strings.Contains(obj.Key, "/thumbs_") { + objectKeys = append(objectKeys, obj.Key) + } + } + + if len(objectKeys) != len(expectedKeys) { + t.Fatalf("Expected files:\n%v\ngot\n%v", expectedKeys, objectKeys) + } + for _, key := range expectedKeys { + fullKey := record.BaseFilesPath() + "/" + key + if !slices.Contains(objectKeys, fullKey) { + t.Fatalf("Missing expected file key\n%q\nin\n%v", fullKey, objectKeys) + } + } +} diff --git a/core/field_geo_point.go b/core/field_geo_point.go new file mode 100644 index 0000000..eecc418 --- /dev/null +++ b/core/field_geo_point.go @@ -0,0 +1,148 @@ +package core + +import ( + "context" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/types" +) + +func init() { + Fields[FieldTypeGeoPoint] = func() Field { + return &GeoPointField{} + } +} + +const FieldTypeGeoPoint = "geoPoint" + +var ( + _ Field = (*GeoPointField)(nil) +) + +// GeoPointField defines "geoPoint" type field for storing latitude and longitude GPS coordinates. +// +// You can set the record field value as [types.GeoPoint], map or serialized json object with lat-lon props. +// The stored value is always converted to [types.GeoPoint]. +// Nil, empty map, empty bytes slice, etc. results in zero [types.GeoPoint]. +// +// Examples of updating a record's GeoPointField value programmatically: +// +// record.Set("location", types.GeoPoint{Lat: 123, Lon: 456}) +// record.Set("location", map[string]any{"lat":123, "lon":456}) +// record.Set("location", []byte(`{"lat":123, "lon":456}`) +type GeoPointField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Required will require the field coordinates to be non-zero (aka. not "Null Island"). + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *GeoPointField) Type() string { + return FieldTypeGeoPoint +} + +// GetId implements [Field.GetId] interface method. +func (f *GeoPointField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *GeoPointField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *GeoPointField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *GeoPointField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *GeoPointField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *GeoPointField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *GeoPointField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *GeoPointField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *GeoPointField) ColumnType(app App) string { + return `JSON DEFAULT '{"lon":0,"lat":0}' NOT NULL` +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *GeoPointField) PrepareValue(record *Record, raw any) (any, error) { + point := types.GeoPoint{} + err := point.Scan(raw) + return point, err +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *GeoPointField) ValidateValue(ctx context.Context, app App, record *Record) error { + val, ok := record.GetRaw(f.Name).(types.GeoPoint) + if !ok { + return validators.ErrUnsupportedValueType + } + + // zero value + if val.Lat == 0 && val.Lon == 0 { + if f.Required { + return validation.ErrRequired + } + return nil + } + + if val.Lat < -90 || val.Lat > 90 { + return validation.NewError("validation_invalid_latitude", "Latitude must be between -90 and 90 degrees.") + } + + if val.Lon < -180 || val.Lon > 180 { + return validation.NewError("validation_invalid_longitude", "Longitude must be between -180 and 180 degrees.") + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *GeoPointField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + ) +} diff --git a/core/field_geo_point_test.go b/core/field_geo_point_test.go new file mode 100644 index 0000000..dfee422 --- /dev/null +++ b/core/field_geo_point_test.go @@ -0,0 +1,202 @@ +package core_test + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestGeoPointFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeGeoPoint) +} + +func TestGeoPointFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.GeoPointField{} + + expected := `JSON DEFAULT '{"lon":0,"lat":0}' NOT NULL` + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestGeoPointFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.GeoPointField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {nil, `{"lon":0,"lat":0}`}, + {"", `{"lon":0,"lat":0}`}, + {[]byte{}, `{"lon":0,"lat":0}`}, + {map[string]any{}, `{"lon":0,"lat":0}`}, + {types.GeoPoint{Lon: 10, Lat: 20}, `{"lon":10,"lat":20}`}, + {&types.GeoPoint{Lon: 10, Lat: 20}, `{"lon":10,"lat":20}`}, + {[]byte(`{"lon": 10, "lat": 20}`), `{"lon":10,"lat":20}`}, + {map[string]any{"lon": 10, "lat": 20}, `{"lon":10,"lat":20}`}, + {map[string]float64{"lon": 10, "lat": 20}, `{"lon":10,"lat":20}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, rawStr) + } + }) + } +} + +func TestGeoPointFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.GeoPointField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.GeoPointField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (non-required)", + &core.GeoPointField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{}) + return record + }, + false, + }, + { + "zero field value (required)", + &core.GeoPointField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{}) + return record + }, + true, + }, + { + "non-zero Lat field value (required)", + &core.GeoPointField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lat: 1}) + return record + }, + false, + }, + { + "non-zero Lon field value (required)", + &core.GeoPointField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lon: 1}) + return record + }, + false, + }, + { + "non-zero Lat-Lon field value (required)", + &core.GeoPointField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lon: -1, Lat: -2}) + return record + }, + false, + }, + { + "lat < -90", + &core.GeoPointField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lat: -90.1}) + return record + }, + true, + }, + { + "lat > 90", + &core.GeoPointField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lat: 90.1}) + return record + }, + true, + }, + { + "lon < -180", + &core.GeoPointField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lon: -180.1}) + return record + }, + true, + }, + { + "lon > 180", + &core.GeoPointField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.GeoPoint{Lon: 180.1}) + return record + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestGeoPointFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeGeoPoint) + testDefaultFieldNameValidation(t, core.FieldTypeGeoPoint) +} diff --git a/core/field_json.go b/core/field_json.go new file mode 100644 index 0000000..4a30edf --- /dev/null +++ b/core/field_json.go @@ -0,0 +1,195 @@ +package core + +import ( + "context" + "slices" + "strconv" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/types" +) + +func init() { + Fields[FieldTypeJSON] = func() Field { + return &JSONField{} + } +} + +const FieldTypeJSON = "json" + +const DefaultJSONFieldMaxSize int64 = 1 << 20 + +var ( + _ Field = (*JSONField)(nil) + _ MaxBodySizeCalculator = (*JSONField)(nil) +) + +// JSONField defines "json" type field for storing any serialized JSON value. +// +// The respective zero record field value is the zero [types.JSONRaw]. +type JSONField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // MaxSize specifies the maximum size of the allowed field value (in bytes and up to 2^53-1). + // + // If zero, a default limit of 1MB is applied. + MaxSize int64 `form:"maxSize" json:"maxSize"` + + // Required will require the field value to be non-empty JSON value + // (aka. not "null", `""`, "[]", "{}"). + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *JSONField) Type() string { + return FieldTypeJSON +} + +// GetId implements [Field.GetId] interface method. +func (f *JSONField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *JSONField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *JSONField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *JSONField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *JSONField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *JSONField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *JSONField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *JSONField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *JSONField) ColumnType(app App) string { + return "JSON DEFAULT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *JSONField) PrepareValue(record *Record, raw any) (any, error) { + if str, ok := raw.(string); ok { + // in order to support seamlessly both json and multipart/form-data requests, + // the following normalization rules are applied for plain string values: + // - "true" is converted to the json `true` + // - "false" is converted to the json `false` + // - "null" is converted to the json `null` + // - "[1,2,3]" is converted to the json `[1,2,3]` + // - "{\"a\":1,\"b\":2}" is converted to the json `{"a":1,"b":2}` + // - numeric strings are converted to json number + // - double quoted strings are left as they are (aka. without normalizations) + // - any other string (empty string too) is double quoted + if str == "" { + raw = strconv.Quote(str) + } else if str == "null" || str == "true" || str == "false" { + raw = str + } else if ((str[0] >= '0' && str[0] <= '9') || + str[0] == '-' || + str[0] == '"' || + str[0] == '[' || + str[0] == '{') && + is.JSON.Validate(str) == nil { + raw = str + } else { + raw = strconv.Quote(str) + } + } + + return types.ParseJSONRaw(raw) +} + +var emptyJSONValues = []string{ + "null", `""`, "[]", "{}", "", +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *JSONField) ValidateValue(ctx context.Context, app App, record *Record) error { + raw, ok := record.GetRaw(f.Name).(types.JSONRaw) + if !ok { + return validators.ErrUnsupportedValueType + } + + maxSize := f.CalculateMaxBodySize() + + if int64(len(raw)) > maxSize { + return validation.NewError( + "validation_json_size_limit", + "The maximum allowed JSON size is {{.maxSize}} bytes", + ).SetParams(map[string]any{"maxSize": maxSize}) + } + + if is.JSON.Validate(raw) != nil { + return validation.NewError("validation_invalid_json", "Must be a valid json value") + } + + rawStr := strings.TrimSpace(raw.String()) + + if f.Required && slices.Contains(emptyJSONValues, rawStr) { + return validation.ErrRequired + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *JSONField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.MaxSize, validation.Min(0), validation.Max(maxSafeJSONInt)), + ) +} + +// CalculateMaxBodySize implements the [MaxBodySizeCalculator] interface. +func (f *JSONField) CalculateMaxBodySize() int64 { + if f.MaxSize <= 0 { + return DefaultJSONFieldMaxSize + } + + return f.MaxSize +} diff --git a/core/field_json_test.go b/core/field_json_test.go new file mode 100644 index 0000000..75263a9 --- /dev/null +++ b/core/field_json_test.go @@ -0,0 +1,277 @@ +package core_test + +import ( + "context" + "fmt" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestJSONFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeJSON) +} + +func TestJSONFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.JSONField{} + + expected := "JSON DEFAULT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestJSONFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.JSONField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"null", `null`}, + {"", `""`}, + {"true", `true`}, + {"false", `false`}, + {"test", `"test"`}, + {"123", `123`}, + {"-456", `-456`}, + {"[1,2,3]", `[1,2,3]`}, + {"[1,2,3", `"[1,2,3"`}, + {`{"a":1,"b":2}`, `{"a":1,"b":2}`}, + {`{"a":1,"b":2`, `"{\"a\":1,\"b\":2"`}, + {[]int{1, 2, 3}, `[1,2,3]`}, + {map[string]int{"a": 1, "b": 2}, `{"a":1,"b":2}`}, + {nil, `null`}, + {false, `false`}, + {true, `true`}, + {-78, `-78`}, + {123.456, `123.456`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + raw, ok := v.(types.JSONRaw) + if !ok { + t.Fatalf("Expected string instance, got %T", v) + } + rawStr := raw.String() + + if rawStr != s.expected { + t.Fatalf("Expected\n%#v\ngot\n%#v", s.expected, rawStr) + } + }) + } +} + +func TestJSONFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.JSONField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.JSONField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (not required)", + &core.JSONField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw{}) + return record + }, + false, + }, + { + "zero field value (required)", + &core.JSONField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw{}) + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.JSONField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw("[1,2,3]")) + return record + }, + false, + }, + { + "non-zero field value (required)", + &core.JSONField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw(`"aaa"`)) + return record + }, + false, + }, + { + "> default MaxSize", + &core.JSONField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw(`"`+strings.Repeat("a", (1<<20))+`"`)) + return record + }, + true, + }, + { + "> MaxSize", + &core.JSONField{Name: "test", MaxSize: 5}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw(`"aaaa"`)) + return record + }, + true, + }, + { + "<= MaxSize", + &core.JSONField{Name: "test", MaxSize: 5}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", types.JSONRaw(`"aaa"`)) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestJSONFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeJSON) + testDefaultFieldNameValidation(t, core.FieldTypeJSON) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() *core.JSONField + expectErrors []string + }{ + { + "MaxSize < 0", + func() *core.JSONField { + return &core.JSONField{ + Id: "test", + Name: "test", + MaxSize: -1, + } + }, + []string{"maxSize"}, + }, + { + "MaxSize = 0", + func() *core.JSONField { + return &core.JSONField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "MaxSize > 0", + func() *core.JSONField { + return &core.JSONField{ + Id: "test", + Name: "test", + MaxSize: 1, + } + }, + []string{}, + }, + { + "MaxSize > safe json int", + func() *core.JSONField { + return &core.JSONField{ + Id: "test", + Name: "test", + MaxSize: 1 << 53, + } + }, + []string{"maxSize"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestJSONFieldCalculateMaxBodySize(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + scenarios := []struct { + field *core.JSONField + expected int64 + }{ + {&core.JSONField{}, core.DefaultJSONFieldMaxSize}, + {&core.JSONField{MaxSize: 10}, 10}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.field.MaxSize), func(t *testing.T) { + result := s.field.CalculateMaxBodySize() + + if result != s.expected { + t.Fatalf("Expected %d, got %d", s.expected, result) + } + }) + } +} diff --git a/core/field_number.go b/core/field_number.go new file mode 100644 index 0000000..d11e175 --- /dev/null +++ b/core/field_number.go @@ -0,0 +1,222 @@ +package core + +import ( + "context" + "fmt" + "math" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeNumber] = func() Field { + return &NumberField{} + } +} + +const FieldTypeNumber = "number" + +var ( + _ Field = (*NumberField)(nil) + _ SetterFinder = (*NumberField)(nil) +) + +// NumberField defines "number" type field for storing numeric (float64) value. +// +// The respective zero record field value is 0. +// +// The following additional setter keys are available: +// +// - "fieldName+" - appends to the existing record value. For example: +// record.Set("total+", 5) +// - "fieldName-" - subtracts from the existing record value. For example: +// record.Set("total-", 5) +type NumberField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Min specifies the min allowed field value. + // + // Leave it nil to skip the validator. + Min *float64 `form:"min" json:"min"` + + // Max specifies the max allowed field value. + // + // Leave it nil to skip the validator. + Max *float64 `form:"max" json:"max"` + + // OnlyInt will require the field value to be integer. + OnlyInt bool `form:"onlyInt" json:"onlyInt"` + + // Required will require the field value to be non-zero. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *NumberField) Type() string { + return FieldTypeNumber +} + +// GetId implements [Field.GetId] interface method. +func (f *NumberField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *NumberField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *NumberField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *NumberField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *NumberField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *NumberField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *NumberField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *NumberField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *NumberField) ColumnType(app App) string { + return "NUMERIC DEFAULT 0 NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *NumberField) PrepareValue(record *Record, raw any) (any, error) { + return cast.ToFloat64(raw), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *NumberField) ValidateValue(ctx context.Context, app App, record *Record) error { + val, ok := record.GetRaw(f.Name).(float64) + if !ok { + return validators.ErrUnsupportedValueType + } + + if math.IsInf(val, 0) || math.IsNaN(val) { + return validation.NewError("validation_not_a_number", "The submitted number is not properly formatted") + } + + if val == 0 { + if f.Required { + if err := validation.Required.Validate(val); err != nil { + return err + } + } + return nil + } + + if f.OnlyInt && val != float64(int64(val)) { + return validation.NewError("validation_only_int_constraint", "Decimal numbers are not allowed") + } + + if f.Min != nil && val < *f.Min { + return validation.NewError("validation_min_number_constraint", fmt.Sprintf("Must be larger than %f", *f.Min)) + } + + if f.Max != nil && val > *f.Max { + return validation.NewError("validation_max_number_constraint", fmt.Sprintf("Must be less than %f", *f.Max)) + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *NumberField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + maxRules := []validation.Rule{ + validation.By(f.checkOnlyInt), + } + if f.Min != nil && f.Max != nil { + maxRules = append(maxRules, validation.Min(*f.Min)) + } + + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.Min, validation.By(f.checkOnlyInt)), + validation.Field(&f.Max, maxRules...), + ) +} + +func (f *NumberField) checkOnlyInt(value any) error { + v, _ := value.(*float64) + if v == nil || !f.OnlyInt { + return nil // nothing to check + } + + if *v != float64(int64(*v)) { + return validation.NewError("validation_only_int_constraint", "Decimal numbers are not allowed.") + } + + return nil +} + +// FindSetter implements the [SetterFinder] interface. +func (f *NumberField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + return f.setValue + case f.Name + "+": + return f.addValue + case f.Name + "-": + return f.subtractValue + default: + return nil + } +} + +func (f *NumberField) setValue(record *Record, raw any) { + record.SetRaw(f.Name, cast.ToFloat64(raw)) +} + +func (f *NumberField) addValue(record *Record, raw any) { + val := cast.ToFloat64(record.GetRaw(f.Name)) + + record.SetRaw(f.Name, val+cast.ToFloat64(raw)) +} + +func (f *NumberField) subtractValue(record *Record, raw any) { + val := cast.ToFloat64(record.GetRaw(f.Name)) + + record.SetRaw(f.Name, val-cast.ToFloat64(raw)) +} diff --git a/core/field_number_test.go b/core/field_number_test.go new file mode 100644 index 0000000..a9117d6 --- /dev/null +++ b/core/field_number_test.go @@ -0,0 +1,403 @@ +package core_test + +import ( + "context" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNumberFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeNumber) +} + +func TestNumberFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.NumberField{} + + expected := "NUMERIC DEFAULT 0 NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestNumberFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.NumberField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected float64 + }{ + {"", 0}, + {"test", 0}, + {false, 0}, + {true, 1}, + {-2, -2}, + {123.456, 123.456}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + vRaw, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + v, ok := vRaw.(float64) + if !ok { + t.Fatalf("Expected float64 instance, got %T", v) + } + + if v != s.expected { + t.Fatalf("Expected %f, got %f", s.expected, v) + } + }) + } +} + +func TestNumberFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.NumberField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.NumberField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "123") + return record + }, + true, + }, + { + "zero field value (not required)", + &core.NumberField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 0.0) + return record + }, + false, + }, + { + "zero field value (required)", + &core.NumberField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 0.0) + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.NumberField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123.0) + return record + }, + false, + }, + { + "decimal with onlyInt", + &core.NumberField{Name: "test", OnlyInt: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123.456) + return record + }, + true, + }, + { + "int with onlyInt", + &core.NumberField{Name: "test", OnlyInt: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123.0) + return record + }, + false, + }, + { + "< min", + &core.NumberField{Name: "test", Min: types.Pointer(2.0)}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 1.0) + return record + }, + true, + }, + { + ">= min", + &core.NumberField{Name: "test", Min: types.Pointer(2.0)}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 2.0) + return record + }, + false, + }, + { + "> max", + &core.NumberField{Name: "test", Max: types.Pointer(2.0)}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 3.0) + return record + }, + true, + }, + { + "<= max", + &core.NumberField{Name: "test", Max: types.Pointer(2.0)}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 2.0) + return record + }, + false, + }, + { + "infinity", + &core.NumberField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.Set("test", "Inf") + return record + }, + true, + }, + { + "NaN", + &core.NumberField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.Set("test", "NaN") + return record + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestNumberFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeNumber) + testDefaultFieldNameValidation(t, core.FieldTypeNumber) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() *core.NumberField + expectErrors []string + }{ + { + "zero", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "decumal min", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + Min: types.Pointer(1.2), + } + }, + []string{}, + }, + { + "decumal min (onlyInt)", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + OnlyInt: true, + Min: types.Pointer(1.2), + } + }, + []string{"min"}, + }, + { + "int min (onlyInt)", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + OnlyInt: true, + Min: types.Pointer(1.0), + } + }, + []string{}, + }, + { + "decumal max", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + Max: types.Pointer(1.2), + } + }, + []string{}, + }, + { + "decumal max (onlyInt)", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + OnlyInt: true, + Max: types.Pointer(1.2), + } + }, + []string{"max"}, + }, + { + "int max (onlyInt)", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + OnlyInt: true, + Max: types.Pointer(1.0), + } + }, + []string{}, + }, + { + "min > max", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + Min: types.Pointer(2.0), + Max: types.Pointer(1.0), + } + }, + []string{"max"}, + }, + { + "min <= max", + func() *core.NumberField { + return &core.NumberField{ + Id: "test", + Name: "test", + Min: types.Pointer(2.0), + Max: types.Pointer(2.0), + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestNumberFieldFindSetter(t *testing.T) { + field := &core.NumberField{Name: "test"} + + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(field) + + t.Run("no match", func(t *testing.T) { + f := field.FindSetter("abc") + if f != nil { + t.Fatal("Expected nil setter") + } + }) + + t.Run("direct name match", func(t *testing.T) { + f := field.FindSetter("test") + if f == nil { + t.Fatal("Expected non-nil setter") + } + + record := core.NewRecord(collection) + record.SetRaw("test", 2.0) + + f(record, "123.456") // should be casted + + if v := record.Get("test"); v != 123.456 { + t.Fatalf("Expected %f, got %f", 123.456, v) + } + }) + + t.Run("name+ match", func(t *testing.T) { + f := field.FindSetter("test+") + if f == nil { + t.Fatal("Expected non-nil setter") + } + + record := core.NewRecord(collection) + record.SetRaw("test", 2.0) + + f(record, "1.5") // should be casted and appended to the existing value + + if v := record.Get("test"); v != 3.5 { + t.Fatalf("Expected %f, got %f", 3.5, v) + } + }) + + t.Run("name- match", func(t *testing.T) { + f := field.FindSetter("test-") + if f == nil { + t.Fatal("Expected non-nil setter") + } + + record := core.NewRecord(collection) + record.SetRaw("test", 2.0) + + f(record, "1.5") // should be casted and subtracted from the existing value + + if v := record.Get("test"); v != 0.5 { + t.Fatalf("Expected %f, got %f", 0.5, v) + } + }) +} diff --git a/core/field_password.go b/core/field_password.go new file mode 100644 index 0000000..794846f --- /dev/null +++ b/core/field_password.go @@ -0,0 +1,318 @@ +package core + +import ( + "context" + "database/sql/driver" + "fmt" + "regexp" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/spf13/cast" + "golang.org/x/crypto/bcrypt" +) + +func init() { + Fields[FieldTypePassword] = func() Field { + return &PasswordField{} + } +} + +const FieldTypePassword = "password" + +var ( + _ Field = (*PasswordField)(nil) + _ GetterFinder = (*PasswordField)(nil) + _ SetterFinder = (*PasswordField)(nil) + _ DriverValuer = (*PasswordField)(nil) + _ RecordInterceptor = (*PasswordField)(nil) +) + +// PasswordField defines "password" type field for storing bcrypt hashed strings +// (usually used only internally for the "password" auth collection system field). +// +// If you want to set a direct bcrypt hash as record field value you can use the SetRaw method, for example: +// +// // generates a bcrypt hash of "123456" and set it as field value +// // (record.GetString("password") returns the plain password until persisted, otherwise empty string) +// record.Set("password", "123456") +// +// // set directly a bcrypt hash of "123456" as field value +// // (record.GetString("password") returns empty string) +// record.SetRaw("password", "$2a$10$.5Elh8fgxypNUWhpUUr/xOa2sZm0VIaE0qWuGGl9otUfobb46T1Pq") +// +// The following additional getter keys are available: +// +// - "fieldName:hash" - returns the bcrypt hash string of the record field value (if any). For example: +// record.GetString("password:hash") +type PasswordField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Pattern specifies an optional regex pattern to match against the field value. + // + // Leave it empty to skip the pattern check. + Pattern string `form:"pattern" json:"pattern"` + + // Min specifies an optional required field string length. + Min int `form:"min" json:"min"` + + // Max specifies an optional required field string length. + // + // If zero, fallback to max 71 bytes. + Max int `form:"max" json:"max"` + + // Cost specifies the cost/weight/iteration/etc. bcrypt factor. + // + // If zero, fallback to [bcrypt.DefaultCost]. + // + // If explicitly set, must be between [bcrypt.MinCost] and [bcrypt.MaxCost]. + Cost int `form:"cost" json:"cost"` + + // Required will require the field value to be non-empty string. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *PasswordField) Type() string { + return FieldTypePassword +} + +// GetId implements [Field.GetId] interface method. +func (f *PasswordField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *PasswordField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *PasswordField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *PasswordField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *PasswordField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *PasswordField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *PasswordField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *PasswordField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *PasswordField) ColumnType(app App) string { + return "TEXT DEFAULT '' NOT NULL" +} + +// DriverValue implements the [DriverValuer] interface. +func (f *PasswordField) DriverValue(record *Record) (driver.Value, error) { + fp := f.getPasswordValue(record) + return fp.Hash, fp.LastError +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *PasswordField) PrepareValue(record *Record, raw any) (any, error) { + return &PasswordFieldValue{ + Hash: cast.ToString(raw), + }, nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *PasswordField) ValidateValue(ctx context.Context, app App, record *Record) error { + fp, ok := record.GetRaw(f.Name).(*PasswordFieldValue) + if !ok { + return validators.ErrUnsupportedValueType + } + + if fp.LastError != nil { + return fp.LastError + } + + if f.Required { + if err := validation.Required.Validate(fp.Hash); err != nil { + return err + } + } + + if fp.Plain == "" { + return nil // nothing to check + } + + // note: casted to []rune to count multi-byte chars as one for the + // sake of more intuitive UX and clearer user error messages + // + // note2: technically multi-byte strings could produce bigger length than the bcrypt limit + // but it should be fine as it will be just truncated (even if it cuts a byte sequence in the middle) + length := len([]rune(fp.Plain)) + + if length < f.Min { + return validation.NewError("validation_min_text_constraint", fmt.Sprintf("Must be at least %d character(s)", f.Min)) + } + + maxLength := f.Max + if maxLength <= 0 { + maxLength = 71 + } + if length > maxLength { + return validation.NewError("validation_max_text_constraint", fmt.Sprintf("Must be less than %d character(s)", maxLength)) + } + + if f.Pattern != "" { + match, _ := regexp.MatchString(f.Pattern, fp.Plain) + if !match { + return validation.NewError("validation_invalid_format", "Invalid value format") + } + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *PasswordField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.Min, validation.Min(1), validation.Max(71)), + validation.Field(&f.Max, validation.Min(f.Min), validation.Max(71)), + validation.Field(&f.Cost, validation.Min(bcrypt.MinCost), validation.Max(bcrypt.MaxCost)), + validation.Field(&f.Pattern, validation.By(validators.IsRegex)), + ) +} + +func (f *PasswordField) getPasswordValue(record *Record) *PasswordFieldValue { + raw := record.GetRaw(f.Name) + + switch v := raw.(type) { + case *PasswordFieldValue: + return v + case string: + // we assume that any raw string starting with $2 is bcrypt hash + if strings.HasPrefix(v, "$2") { + return &PasswordFieldValue{Hash: v} + } + } + + return &PasswordFieldValue{} +} + +// Intercept implements the [RecordInterceptor] interface. +func (f *PasswordField) Intercept( + ctx context.Context, + app App, + record *Record, + actionName string, + actionFunc func() error, +) error { + switch actionName { + case InterceptorActionAfterCreate, InterceptorActionAfterUpdate: + // unset the plain field value after successful create/update + fp := f.getPasswordValue(record) + fp.Plain = "" + } + + return actionFunc() +} + +// FindGetter implements the [GetterFinder] interface. +func (f *PasswordField) FindGetter(key string) GetterFunc { + switch key { + case f.Name: + return func(record *Record) any { + return f.getPasswordValue(record).Plain + } + case f.Name + ":hash": + return func(record *Record) any { + return f.getPasswordValue(record).Hash + } + default: + return nil + } +} + +// FindSetter implements the [SetterFinder] interface. +func (f *PasswordField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + return f.setValue + default: + return nil + } +} + +func (f *PasswordField) setValue(record *Record, raw any) { + fv := &PasswordFieldValue{ + Plain: cast.ToString(raw), + } + + // hash the password + if fv.Plain != "" { + cost := f.Cost + if cost <= 0 { + cost = bcrypt.DefaultCost + } + + hash, err := bcrypt.GenerateFromPassword([]byte(fv.Plain), cost) + if err != nil { + fv.LastError = err + } + + fv.Hash = string(hash) + } + + record.SetRaw(f.Name, fv) +} + +// ------------------------------------------------------------------- + +type PasswordFieldValue struct { + LastError error + Hash string + Plain string +} + +func (pv PasswordFieldValue) Validate(pass string) bool { + if pv.Hash == "" || pv.LastError != nil { + return false + } + + err := bcrypt.CompareHashAndPassword([]byte(pv.Hash), []byte(pass)) + + return err == nil +} diff --git a/core/field_password_test.go b/core/field_password_test.go new file mode 100644 index 0000000..31a1113 --- /dev/null +++ b/core/field_password_test.go @@ -0,0 +1,568 @@ +package core_test + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "golang.org/x/crypto/bcrypt" +) + +func TestPasswordFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypePassword) +} + +func TestPasswordFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.PasswordField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestPasswordFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.PasswordField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"test", "test"}, + {false, "false"}, + {true, "true"}, + {123.456, "123.456"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + pv, ok := v.(*core.PasswordFieldValue) + if !ok { + t.Fatalf("Expected PasswordFieldValue instance, got %T", v) + } + + if pv.Hash != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, v) + } + }) + } +} + +func TestPasswordFieldDriverValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.PasswordField{Name: "test"} + + err := errors.New("example_err") + + scenarios := []struct { + raw any + expected *core.PasswordFieldValue + }{ + {123, &core.PasswordFieldValue{}}, + {"abc", &core.PasswordFieldValue{}}, + {"$2abc", &core.PasswordFieldValue{Hash: "$2abc"}}, + {&core.PasswordFieldValue{Hash: "test", LastError: err}, &core.PasswordFieldValue{Hash: "test", LastError: err}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%v", i, s.raw), func(t *testing.T) { + record := core.NewRecord(core.NewBaseCollection("test")) + record.SetRaw(f.GetName(), s.raw) + + v, err := f.DriverValue(record) + + vStr, ok := v.(string) + if !ok { + t.Fatalf("Expected string instance, got %T", v) + } + + var errStr string + if err != nil { + errStr = err.Error() + } + + var expectedErrStr string + if s.expected.LastError != nil { + expectedErrStr = s.expected.LastError.Error() + } + + if errStr != expectedErrStr { + t.Fatalf("Expected error %q, got %q", expectedErrStr, errStr) + } + + if vStr != s.expected.Hash { + t.Fatalf("Expected hash %q, got %q", s.expected.Hash, vStr) + } + }) + } +} + +func TestPasswordFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.PasswordField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.PasswordField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "123") + return record + }, + true, + }, + { + "zero field value (not required)", + &core.PasswordField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{}) + return record + }, + false, + }, + { + "zero field value (required)", + &core.PasswordField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{}) + return record + }, + true, + }, + { + "empty hash but non-empty plain password (required)", + &core.PasswordField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "test"}) + return record + }, + true, + }, + { + "non-empty hash (required)", + &core.PasswordField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Hash: "test"}) + return record + }, + false, + }, + { + "with LastError", + &core.PasswordField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{LastError: errors.New("test")}) + return record + }, + true, + }, + { + "< Min", + &core.PasswordField{Name: "test", Min: 3}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "аб"}) // multi-byte chars test + return record + }, + true, + }, + { + ">= Min", + &core.PasswordField{Name: "test", Min: 3}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "абв"}) // multi-byte chars test + return record + }, + false, + }, + { + "> default Max", + &core.PasswordField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: strings.Repeat("a", 72)}) + return record + }, + true, + }, + { + "<= default Max", + &core.PasswordField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: strings.Repeat("a", 71)}) + return record + }, + false, + }, + { + "> Max", + &core.PasswordField{Name: "test", Max: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "абв"}) // multi-byte chars test + return record + }, + true, + }, + { + "<= Max", + &core.PasswordField{Name: "test", Max: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "аб"}) // multi-byte chars test + return record + }, + false, + }, + { + "non-matching pattern", + &core.PasswordField{Name: "test", Pattern: `\d+`}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "abc"}) + return record + }, + true, + }, + { + "matching pattern", + &core.PasswordField{Name: "test", Pattern: `\d+`}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", &core.PasswordFieldValue{Plain: "123"}) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestPasswordFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypePassword) + testDefaultFieldNameValidation(t, core.FieldTypePassword) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field func(col *core.Collection) *core.PasswordField + expectErrors []string + }{ + { + "zero minimal", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "invalid pattern", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Pattern: "(invalid", + } + }, + []string{"pattern"}, + }, + { + "valid pattern", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Pattern: `\d+`, + } + }, + []string{}, + }, + { + "Min < 0", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Min: -1, + } + }, + []string{"min"}, + }, + { + "Min > 71", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Min: 72, + } + }, + []string{"min"}, + }, + { + "valid Min", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Min: 5, + } + }, + []string{}, + }, + { + "Max < Min", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Min: 2, + Max: 1, + } + }, + []string{"max"}, + }, + { + "Min > Min", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Min: 2, + Max: 3, + } + }, + []string{}, + }, + { + "Max > 71", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Max: 72, + } + }, + []string{"max"}, + }, + { + "cost < bcrypt.MinCost", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Cost: bcrypt.MinCost - 1, + } + }, + []string{"cost"}, + }, + { + "cost > bcrypt.MaxCost", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Cost: bcrypt.MaxCost + 1, + } + }, + []string{"cost"}, + }, + { + "valid cost", + func(col *core.Collection) *core.PasswordField { + return &core.PasswordField{ + Id: "test", + Name: "test", + Cost: 12, + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.GetByName("id").SetId("test") // set a dummy known id so that it can be replaced + + field := s.field(collection) + + collection.Fields.Add(field) + + errs := field.ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestPasswordFieldFindSetter(t *testing.T) { + scenarios := []struct { + name string + key string + value any + field *core.PasswordField + hasSetter bool + expected string + }{ + { + "no match", + "example", + "abc", + &core.PasswordField{Name: "test"}, + false, + "", + }, + { + "exact match", + "test", + "abc", + &core.PasswordField{Name: "test"}, + true, + `"abc"`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(s.field) + + setter := s.field.FindSetter(s.key) + + hasSetter := setter != nil + if hasSetter != s.hasSetter { + t.Fatalf("Expected hasSetter %v, got %v", s.hasSetter, hasSetter) + } + + if !hasSetter { + return + } + + record := core.NewRecord(collection) + record.SetRaw(s.field.GetName(), []string{"c", "d"}) + + setter(record, s.value) + + raw, err := json.Marshal(record.Get(s.field.GetName())) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, rawStr) + } + }) + } +} + +func TestPasswordFieldFindGetter(t *testing.T) { + scenarios := []struct { + name string + key string + field *core.PasswordField + hasGetter bool + expected string + }{ + { + "no match", + "example", + &core.PasswordField{Name: "test"}, + false, + "", + }, + { + "field name match", + "test", + &core.PasswordField{Name: "test"}, + true, + "test_plain", + }, + { + "field name hash modifier", + "test:hash", + &core.PasswordField{Name: "test"}, + true, + "test_hash", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(s.field) + + getter := s.field.FindGetter(s.key) + + hasGetter := getter != nil + if hasGetter != s.hasGetter { + t.Fatalf("Expected hasGetter %v, got %v", s.hasGetter, hasGetter) + } + + if !hasGetter { + return + } + + record := core.NewRecord(collection) + record.SetRaw(s.field.GetName(), &core.PasswordFieldValue{Hash: "test_hash", Plain: "test_plain"}) + + result := getter(record) + + if result != s.expected { + t.Fatalf("Expected %q, got %#v", s.expected, result) + } + }) + } +} diff --git a/core/field_relation.go b/core/field_relation.go new file mode 100644 index 0000000..7795645 --- /dev/null +++ b/core/field_relation.go @@ -0,0 +1,350 @@ +package core + +import ( + "context" + "database/sql/driver" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" +) + +func init() { + Fields[FieldTypeRelation] = func() Field { + return &RelationField{} + } +} + +const FieldTypeRelation = "relation" + +var ( + _ Field = (*RelationField)(nil) + _ MultiValuer = (*RelationField)(nil) + _ DriverValuer = (*RelationField)(nil) + _ SetterFinder = (*RelationField)(nil) +) + +// RelationField defines "relation" type field for storing single or +// multiple collection record references. +// +// Requires the CollectionId option to be set. +// +// If MaxSelect is not set or <= 1, then the field value is expected to be a single record id. +// +// If MaxSelect is > 1, then the field value is expected to be a slice of record ids. +// +// The respective zero record field value is either empty string (single) or empty string slice (multiple). +// +// --- +// +// The following additional setter keys are available: +// +// - "fieldName+" - append one or more values to the existing record one. For example: +// +// record.Set("categories+", []string{"new1", "new2"}) // []string{"old1", "old2", "new1", "new2"} +// +// - "+fieldName" - prepend one or more values to the existing record one. For example: +// +// record.Set("+categories", []string{"new1", "new2"}) // []string{"new1", "new2", "old1", "old2"} +// +// - "fieldName-" - subtract one or more values from the existing record one. For example: +// +// record.Set("categories-", "old1") // []string{"old2"} +type RelationField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // CollectionId is the id of the related collection. + CollectionId string `form:"collectionId" json:"collectionId"` + + // CascadeDelete indicates whether the root model should be deleted + // in case of delete of all linked relations. + CascadeDelete bool `form:"cascadeDelete" json:"cascadeDelete"` + + // MinSelect indicates the min number of allowed relation records + // that could be linked to the main model. + // + // No min limit is applied if it is zero or negative value. + MinSelect int `form:"minSelect" json:"minSelect"` + + // MaxSelect indicates the max number of allowed relation records + // that could be linked to the main model. + // + // For multiple select the value must be > 1, otherwise fallbacks to single (default). + // + // If MinSelect is set, MaxSelect must be at least >= MinSelect. + MaxSelect int `form:"maxSelect" json:"maxSelect"` + + // Required will require the field value to be non-empty. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *RelationField) Type() string { + return FieldTypeRelation +} + +// GetId implements [Field.GetId] interface method. +func (f *RelationField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *RelationField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *RelationField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *RelationField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *RelationField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *RelationField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *RelationField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *RelationField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// IsMultiple implements [MultiValuer] interface and checks whether the +// current field options support multiple values. +func (f *RelationField) IsMultiple() bool { + return f.MaxSelect > 1 +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *RelationField) ColumnType(app App) string { + if f.IsMultiple() { + return "JSON DEFAULT '[]' NOT NULL" + } + + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *RelationField) PrepareValue(record *Record, raw any) (any, error) { + return f.normalizeValue(raw), nil +} + +func (f *RelationField) normalizeValue(raw any) any { + val := list.ToUniqueStringSlice(raw) + + if !f.IsMultiple() { + if len(val) > 0 { + return val[len(val)-1] // the last selected + } + return "" + } + + return val +} + +// DriverValue implements the [DriverValuer] interface. +func (f *RelationField) DriverValue(record *Record) (driver.Value, error) { + val := list.ToUniqueStringSlice(record.GetRaw(f.Name)) + + if !f.IsMultiple() { + if len(val) > 0 { + return val[len(val)-1], nil // the last selected + } + return "", nil + } + + // serialize as json string array + return append(types.JSONArray[string]{}, val...), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *RelationField) ValidateValue(ctx context.Context, app App, record *Record) error { + ids := list.ToUniqueStringSlice(record.GetRaw(f.Name)) + if len(ids) == 0 { + if f.Required { + return validation.ErrRequired + } + return nil // nothing to check + } + + if f.MinSelect > 0 && len(ids) < f.MinSelect { + return validation.NewError("validation_not_enough_values", "Select at least {{.minSelect}}"). + SetParams(map[string]any{"minSelect": f.MinSelect}) + } + + maxSelect := max(f.MaxSelect, 1) + if len(ids) > maxSelect { + return validation.NewError("validation_too_many_values", "Select no more than {{.maxSelect}}"). + SetParams(map[string]any{"maxSelect": maxSelect}) + } + + // check if the related records exist + // --- + relCollection, err := app.FindCachedCollectionByNameOrId(f.CollectionId) + if err != nil { + return validation.NewError("validation_missing_rel_collection", "Relation connection is missing or cannot be accessed") + } + + var total int + _ = app.ConcurrentDB(). + Select("count(*)"). + From(relCollection.Name). + AndWhere(dbx.In("id", list.ToInterfaceSlice(ids)...)). + Row(&total) + if total != len(ids) { + return validation.NewError("validation_missing_rel_records", "Failed to find all relation records with the provided ids") + } + // --- + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *RelationField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.CollectionId, validation.Required, validation.By(f.checkCollectionId(app, collection))), + validation.Field(&f.MinSelect, validation.Min(0)), + validation.Field(&f.MaxSelect, validation.When(f.MinSelect > 0, validation.Required), validation.Min(f.MinSelect)), + ) +} + +func (f *RelationField) checkCollectionId(app App, collection *Collection) validation.RuleFunc { + return func(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + var oldCollection *Collection + + if !collection.IsNew() { + var err error + oldCollection, err = app.FindCachedCollectionByNameOrId(collection.Id) + if err != nil { + return err + } + } + + // prevent collectionId change + if oldCollection != nil { + oldField, _ := oldCollection.Fields.GetById(f.Id).(*RelationField) + if oldField != nil && oldField.CollectionId != v { + return validation.NewError( + "validation_field_relation_change", + "The relation collection cannot be changed.", + ) + } + } + + relCollection, _ := app.FindCachedCollectionByNameOrId(v) + + // validate collectionId + if relCollection == nil || relCollection.Id != v { + return validation.NewError( + "validation_field_relation_missing_collection", + "The relation collection doesn't exist.", + ) + } + + // allow only views to have relations to other views + // (see https://github.com/pocketbase/pocketbase/issues/3000) + if !collection.IsView() && relCollection.IsView() { + return validation.NewError( + "validation_relation_field_non_view_base_collection", + "Only view collections are allowed to have relations to other views.", + ) + } + + return nil + } +} + +// --- + +// FindSetter implements [SetterFinder] interface method. +func (f *RelationField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + return f.setValue + case "+" + f.Name: + return f.prependValue + case f.Name + "+": + return f.appendValue + case f.Name + "-": + return f.subtractValue + default: + return nil + } +} + +func (f *RelationField) setValue(record *Record, raw any) { + record.SetRaw(f.Name, f.normalizeValue(raw)) +} + +func (f *RelationField) appendValue(record *Record, modifierValue any) { + val := record.GetRaw(f.Name) + + val = append( + list.ToUniqueStringSlice(val), + list.ToUniqueStringSlice(modifierValue)..., + ) + + f.setValue(record, val) +} + +func (f *RelationField) prependValue(record *Record, modifierValue any) { + val := record.GetRaw(f.Name) + + val = append( + list.ToUniqueStringSlice(modifierValue), + list.ToUniqueStringSlice(val)..., + ) + + f.setValue(record, val) +} + +func (f *RelationField) subtractValue(record *Record, modifierValue any) { + val := record.GetRaw(f.Name) + + val = list.SubtractSlice( + list.ToUniqueStringSlice(val), + list.ToUniqueStringSlice(modifierValue), + ) + + f.setValue(record, val) +} diff --git a/core/field_relation_test.go b/core/field_relation_test.go new file mode 100644 index 0000000..598e361 --- /dev/null +++ b/core/field_relation_test.go @@ -0,0 +1,603 @@ +package core_test + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRelationFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeRelation) +} + +func TestRelationFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field *core.RelationField + expected string + }{ + { + "single (zero)", + &core.RelationField{}, + "TEXT DEFAULT '' NOT NULL", + }, + { + "single", + &core.RelationField{MaxSelect: 1}, + "TEXT DEFAULT '' NOT NULL", + }, + { + "multiple", + &core.RelationField{MaxSelect: 2}, + "JSON DEFAULT '[]' NOT NULL", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if v := s.field.ColumnType(app); v != s.expected { + t.Fatalf("Expected\n%q\ngot\n%q", s.expected, v) + } + }) + } +} + +func TestRelationFieldIsMultiple(t *testing.T) { + scenarios := []struct { + name string + field *core.RelationField + expected bool + }{ + { + "zero", + &core.RelationField{}, + false, + }, + { + "single", + &core.RelationField{MaxSelect: 1}, + false, + }, + { + "multiple", + &core.RelationField{MaxSelect: 2}, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if v := s.field.IsMultiple(); v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestRelationFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + field *core.RelationField + expected string + }{ + // single + {nil, &core.RelationField{MaxSelect: 1}, `""`}, + {"", &core.RelationField{MaxSelect: 1}, `""`}, + {123, &core.RelationField{MaxSelect: 1}, `"123"`}, + {"a", &core.RelationField{MaxSelect: 1}, `"a"`}, + {`["a"]`, &core.RelationField{MaxSelect: 1}, `"a"`}, + {[]string{}, &core.RelationField{MaxSelect: 1}, `""`}, + {[]string{"a", "b"}, &core.RelationField{MaxSelect: 1}, `"b"`}, + + // multiple + {nil, &core.RelationField{MaxSelect: 2}, `[]`}, + {"", &core.RelationField{MaxSelect: 2}, `[]`}, + {123, &core.RelationField{MaxSelect: 2}, `["123"]`}, + {"a", &core.RelationField{MaxSelect: 2}, `["a"]`}, + {`["a"]`, &core.RelationField{MaxSelect: 2}, `["a"]`}, + {[]string{}, &core.RelationField{MaxSelect: 2}, `[]`}, + {[]string{"a", "b", "c"}, &core.RelationField{MaxSelect: 2}, `["a","b","c"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v_%v", i, s.raw, s.field.IsMultiple()), func(t *testing.T) { + v, err := s.field.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vRaw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + + if string(vRaw) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, vRaw) + } + }) + } +} + +func TestRelationFieldDriverValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + raw any + field *core.RelationField + expected string + }{ + // single + {nil, &core.RelationField{MaxSelect: 1}, `""`}, + {"", &core.RelationField{MaxSelect: 1}, `""`}, + {123, &core.RelationField{MaxSelect: 1}, `"123"`}, + {"a", &core.RelationField{MaxSelect: 1}, `"a"`}, + {`["a"]`, &core.RelationField{MaxSelect: 1}, `"a"`}, + {[]string{}, &core.RelationField{MaxSelect: 1}, `""`}, + {[]string{"a", "b"}, &core.RelationField{MaxSelect: 1}, `"b"`}, + + // multiple + {nil, &core.RelationField{MaxSelect: 2}, `[]`}, + {"", &core.RelationField{MaxSelect: 2}, `[]`}, + {123, &core.RelationField{MaxSelect: 2}, `["123"]`}, + {"a", &core.RelationField{MaxSelect: 2}, `["a"]`}, + {`["a"]`, &core.RelationField{MaxSelect: 2}, `["a"]`}, + {[]string{}, &core.RelationField{MaxSelect: 2}, `[]`}, + {[]string{"a", "b", "c"}, &core.RelationField{MaxSelect: 2}, `["a","b","c"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v_%v", i, s.raw, s.field.IsMultiple()), func(t *testing.T) { + record := core.NewRecord(core.NewBaseCollection("test")) + record.SetRaw(s.field.GetName(), s.raw) + + v, err := s.field.DriverValue(record) + if err != nil { + t.Fatal(err) + } + + if s.field.IsMultiple() { + _, ok := v.(types.JSONArray[string]) + if !ok { + t.Fatalf("Expected types.JSONArray value, got %T", v) + } + } else { + _, ok := v.(string) + if !ok { + t.Fatalf("Expected string value, got %T", v) + } + } + + vRaw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + + if string(vRaw) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, vRaw) + } + }) + } +} + +func TestRelationFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + field *core.RelationField + record func() *core.Record + expectError bool + }{ + // single + { + "[single] zero field value (not required)", + &core.RelationField{Name: "test", MaxSelect: 1, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "[single] zero field value (required)", + &core.RelationField{Name: "test", MaxSelect: 1, CollectionId: demo1.Id, Required: true}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "[single] id from other collection", + &core.RelationField{Name: "test", MaxSelect: 1, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", "achvryl401bhse3") + return record + }, + true, + }, + { + "[single] valid id", + &core.RelationField{Name: "test", MaxSelect: 1, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", "84nmscqy84lsi1t") + return record + }, + false, + }, + { + "[single] > MaxSelect", + &core.RelationField{Name: "test", MaxSelect: 1, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}) + return record + }, + true, + }, + + // multiple + { + "[multiple] zero field value (not required)", + &core.RelationField{Name: "test", MaxSelect: 2, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{}) + return record + }, + false, + }, + { + "[multiple] zero field value (required)", + &core.RelationField{Name: "test", MaxSelect: 2, CollectionId: demo1.Id, Required: true}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{}) + return record + }, + true, + }, + { + "[multiple] id from other collection", + &core.RelationField{Name: "test", MaxSelect: 2, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{"84nmscqy84lsi1t", "achvryl401bhse3"}) + return record + }, + true, + }, + { + "[multiple] valid id", + &core.RelationField{Name: "test", MaxSelect: 2, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}) + return record + }, + false, + }, + { + "[multiple] > MaxSelect", + &core.RelationField{Name: "test", MaxSelect: 2, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{"84nmscqy84lsi1t", "al1h9ijdeojtsjy", "imy661ixudk5izi"}) + return record + }, + true, + }, + { + "[multiple] < MinSelect", + &core.RelationField{Name: "test", MinSelect: 2, MaxSelect: 99, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{"84nmscqy84lsi1t"}) + return record + }, + true, + }, + { + "[multiple] >= MinSelect", + &core.RelationField{Name: "test", MinSelect: 2, MaxSelect: 99, CollectionId: demo1.Id}, + func() *core.Record { + record := core.NewRecord(core.NewBaseCollection("test_collection")) + record.SetRaw("test", []string{"84nmscqy84lsi1t", "al1h9ijdeojtsjy", "imy661ixudk5izi"}) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestRelationFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeRelation) + testDefaultFieldNameValidation(t, core.FieldTypeRelation) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + field func(col *core.Collection) *core.RelationField + expectErrors []string + }{ + { + "zero minimal", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + } + }, + []string{"collectionId"}, + }, + { + "invalid collectionId", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: demo1.Name, + } + }, + []string{"collectionId"}, + }, + { + "valid collectionId", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: demo1.Id, + } + }, + []string{}, + }, + { + "base->view", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: "v9gwnfh02gjq1q0", + } + }, + []string{"collectionId"}, + }, + { + "view->view", + func(col *core.Collection) *core.RelationField { + col.Type = core.CollectionTypeView + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: "v9gwnfh02gjq1q0", + } + }, + []string{}, + }, + { + "MinSelect < 0", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: demo1.Id, + MinSelect: -1, + } + }, + []string{"minSelect"}, + }, + { + "MinSelect > 0", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: demo1.Id, + MinSelect: 1, + } + }, + []string{"maxSelect"}, + }, + { + "MaxSelect < MinSelect", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: demo1.Id, + MinSelect: 2, + MaxSelect: 1, + } + }, + []string{"maxSelect"}, + }, + { + "MaxSelect >= MinSelect", + func(col *core.Collection) *core.RelationField { + return &core.RelationField{ + Id: "test", + Name: "test", + CollectionId: demo1.Id, + MinSelect: 2, + MaxSelect: 2, + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.GetByName("id").SetId("test") // set a dummy known id so that it can be replaced + + field := s.field(collection) + + collection.Fields.Add(field) + + errs := field.ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestRelationFieldFindSetter(t *testing.T) { + scenarios := []struct { + name string + key string + value any + field *core.RelationField + hasSetter bool + expected string + }{ + { + "no match", + "example", + "b", + &core.RelationField{Name: "test", MaxSelect: 1}, + false, + "", + }, + { + "exact match (single)", + "test", + "b", + &core.RelationField{Name: "test", MaxSelect: 1}, + true, + `"b"`, + }, + { + "exact match (multiple)", + "test", + []string{"a", "b"}, + &core.RelationField{Name: "test", MaxSelect: 2}, + true, + `["a","b"]`, + }, + { + "append (single)", + "test+", + "b", + &core.RelationField{Name: "test", MaxSelect: 1}, + true, + `"b"`, + }, + { + "append (multiple)", + "test+", + []string{"a"}, + &core.RelationField{Name: "test", MaxSelect: 2}, + true, + `["c","d","a"]`, + }, + { + "prepend (single)", + "+test", + "b", + &core.RelationField{Name: "test", MaxSelect: 1}, + true, + `"d"`, // the last of the existing values + }, + { + "prepend (multiple)", + "+test", + []string{"a"}, + &core.RelationField{Name: "test", MaxSelect: 2}, + true, + `["a","c","d"]`, + }, + { + "subtract (single)", + "test-", + "d", + &core.RelationField{Name: "test", MaxSelect: 1}, + true, + `"c"`, + }, + { + "subtract (multiple)", + "test-", + []string{"unknown", "c"}, + &core.RelationField{Name: "test", MaxSelect: 2}, + true, + `["d"]`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(s.field) + + setter := s.field.FindSetter(s.key) + + hasSetter := setter != nil + if hasSetter != s.hasSetter { + t.Fatalf("Expected hasSetter %v, got %v", s.hasSetter, hasSetter) + } + + if !hasSetter { + return + } + + record := core.NewRecord(collection) + record.SetRaw(s.field.GetName(), []string{"c", "d"}) + + setter(record, s.value) + + raw, err := json.Marshal(record.Get(s.field.GetName())) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, rawStr) + } + }) + } +} diff --git a/core/field_select.go b/core/field_select.go new file mode 100644 index 0000000..e77eb38 --- /dev/null +++ b/core/field_select.go @@ -0,0 +1,275 @@ +package core + +import ( + "context" + "database/sql/driver" + "slices" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" +) + +func init() { + Fields[FieldTypeSelect] = func() Field { + return &SelectField{} + } +} + +const FieldTypeSelect = "select" + +var ( + _ Field = (*SelectField)(nil) + _ MultiValuer = (*SelectField)(nil) + _ DriverValuer = (*SelectField)(nil) + _ SetterFinder = (*SelectField)(nil) +) + +// SelectField defines "select" type field for storing single or +// multiple string values from a predefined list. +// +// Requires the Values option to be set. +// +// If MaxSelect is not set or <= 1, then the field value is expected to be a single Values element. +// +// If MaxSelect is > 1, then the field value is expected to be a subset of Values slice. +// +// The respective zero record field value is either empty string (single) or empty string slice (multiple). +// +// --- +// +// The following additional setter keys are available: +// +// - "fieldName+" - append one or more values to the existing record one. For example: +// +// record.Set("roles+", []string{"new1", "new2"}) // []string{"old1", "old2", "new1", "new2"} +// +// - "+fieldName" - prepend one or more values to the existing record one. For example: +// +// record.Set("+roles", []string{"new1", "new2"}) // []string{"new1", "new2", "old1", "old2"} +// +// - "fieldName-" - subtract one or more values from the existing record one. For example: +// +// record.Set("roles-", "old1") // []string{"old2"} +type SelectField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Values specifies the list of accepted values. + Values []string `form:"values" json:"values"` + + // MaxSelect specifies the max allowed selected values. + // + // For multiple select the value must be > 1, otherwise fallbacks to single (default). + MaxSelect int `form:"maxSelect" json:"maxSelect"` + + // Required will require the field value to be non-empty. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *SelectField) Type() string { + return FieldTypeSelect +} + +// GetId implements [Field.GetId] interface method. +func (f *SelectField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *SelectField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *SelectField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *SelectField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *SelectField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *SelectField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *SelectField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *SelectField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// IsMultiple implements [MultiValuer] interface and checks whether the +// current field options support multiple values. +func (f *SelectField) IsMultiple() bool { + return f.MaxSelect > 1 +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *SelectField) ColumnType(app App) string { + if f.IsMultiple() { + return "JSON DEFAULT '[]' NOT NULL" + } + + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *SelectField) PrepareValue(record *Record, raw any) (any, error) { + return f.normalizeValue(raw), nil +} + +func (f *SelectField) normalizeValue(raw any) any { + val := list.ToUniqueStringSlice(raw) + + if !f.IsMultiple() { + if len(val) > 0 { + return val[len(val)-1] // the last selected + } + return "" + } + + return val +} + +// DriverValue implements the [DriverValuer] interface. +func (f *SelectField) DriverValue(record *Record) (driver.Value, error) { + val := list.ToUniqueStringSlice(record.GetRaw(f.Name)) + + if !f.IsMultiple() { + if len(val) > 0 { + return val[len(val)-1], nil // the last selected + } + return "", nil + } + + // serialize as json string array + return append(types.JSONArray[string]{}, val...), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *SelectField) ValidateValue(ctx context.Context, app App, record *Record) error { + normalizedVal := list.ToUniqueStringSlice(record.GetRaw(f.Name)) + if len(normalizedVal) == 0 { + if f.Required { + return validation.ErrRequired + } + return nil // nothing to check + } + + maxSelect := max(f.MaxSelect, 1) + + // check max selected items + if len(normalizedVal) > maxSelect { + return validation.NewError("validation_too_many_values", "Select no more than {{.maxSelect}}"). + SetParams(map[string]any{"maxSelect": maxSelect}) + } + + // check against the allowed values + for _, val := range normalizedVal { + if !slices.Contains(f.Values, val) { + return validation.NewError("validation_invalid_value", "Invalid value {{.value}}"). + SetParams(map[string]any{"value": val}) + } + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *SelectField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + max := len(f.Values) + if max == 0 { + max = 1 + } + + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field(&f.Values, validation.Required), + validation.Field(&f.MaxSelect, validation.Min(0), validation.Max(max)), + ) +} + +// FindSetter implements the [SetterFinder] interface. +func (f *SelectField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + return f.setValue + case "+" + f.Name: + return f.prependValue + case f.Name + "+": + return f.appendValue + case f.Name + "-": + return f.subtractValue + default: + return nil + } +} + +func (f *SelectField) setValue(record *Record, raw any) { + record.SetRaw(f.Name, f.normalizeValue(raw)) +} + +func (f *SelectField) appendValue(record *Record, modifierValue any) { + val := record.GetRaw(f.Name) + + val = append( + list.ToUniqueStringSlice(val), + list.ToUniqueStringSlice(modifierValue)..., + ) + + f.setValue(record, val) +} + +func (f *SelectField) prependValue(record *Record, modifierValue any) { + val := record.GetRaw(f.Name) + + val = append( + list.ToUniqueStringSlice(modifierValue), + list.ToUniqueStringSlice(val)..., + ) + + f.setValue(record, val) +} + +func (f *SelectField) subtractValue(record *Record, modifierValue any) { + val := record.GetRaw(f.Name) + + val = list.SubtractSlice( + list.ToUniqueStringSlice(val), + list.ToUniqueStringSlice(modifierValue), + ) + + f.setValue(record, val) +} diff --git a/core/field_select_test.go b/core/field_select_test.go new file mode 100644 index 0000000..808c109 --- /dev/null +++ b/core/field_select_test.go @@ -0,0 +1,516 @@ +package core_test + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestSelectFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeSelect) +} + +func TestSelectFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field *core.SelectField + expected string + }{ + { + "single (zero)", + &core.SelectField{}, + "TEXT DEFAULT '' NOT NULL", + }, + { + "single", + &core.SelectField{MaxSelect: 1}, + "TEXT DEFAULT '' NOT NULL", + }, + { + "multiple", + &core.SelectField{MaxSelect: 2}, + "JSON DEFAULT '[]' NOT NULL", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if v := s.field.ColumnType(app); v != s.expected { + t.Fatalf("Expected\n%q\ngot\n%q", s.expected, v) + } + }) + } +} + +func TestSelectFieldIsMultiple(t *testing.T) { + scenarios := []struct { + name string + field *core.SelectField + expected bool + }{ + { + "single (zero)", + &core.SelectField{}, + false, + }, + { + "single", + &core.SelectField{MaxSelect: 1}, + false, + }, + { + "multiple (>1)", + &core.SelectField{MaxSelect: 2}, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if v := s.field.IsMultiple(); v != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, v) + } + }) + } +} + +func TestSelectFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + field *core.SelectField + expected string + }{ + // single + {nil, &core.SelectField{}, `""`}, + {"", &core.SelectField{}, `""`}, + {123, &core.SelectField{}, `"123"`}, + {"a", &core.SelectField{}, `"a"`}, + {`["a"]`, &core.SelectField{}, `"a"`}, + {[]string{}, &core.SelectField{}, `""`}, + {[]string{"a", "b"}, &core.SelectField{}, `"b"`}, + + // multiple + {nil, &core.SelectField{MaxSelect: 2}, `[]`}, + {"", &core.SelectField{MaxSelect: 2}, `[]`}, + {123, &core.SelectField{MaxSelect: 2}, `["123"]`}, + {"a", &core.SelectField{MaxSelect: 2}, `["a"]`}, + {`["a"]`, &core.SelectField{MaxSelect: 2}, `["a"]`}, + {[]string{}, &core.SelectField{MaxSelect: 2}, `[]`}, + {[]string{"a", "b", "c"}, &core.SelectField{MaxSelect: 2}, `["a","b","c"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v_%v", i, s.raw, s.field.IsMultiple()), func(t *testing.T) { + v, err := s.field.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vRaw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + + if string(vRaw) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, vRaw) + } + }) + } +} + +func TestSelectFieldDriverValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + raw any + field *core.SelectField + expected string + }{ + // single + {nil, &core.SelectField{}, `""`}, + {"", &core.SelectField{}, `""`}, + {123, &core.SelectField{}, `"123"`}, + {"a", &core.SelectField{}, `"a"`}, + {`["a"]`, &core.SelectField{}, `"a"`}, + {[]string{}, &core.SelectField{}, `""`}, + {[]string{"a", "b"}, &core.SelectField{}, `"b"`}, + + // multiple + {nil, &core.SelectField{MaxSelect: 2}, `[]`}, + {"", &core.SelectField{MaxSelect: 2}, `[]`}, + {123, &core.SelectField{MaxSelect: 2}, `["123"]`}, + {"a", &core.SelectField{MaxSelect: 2}, `["a"]`}, + {`["a"]`, &core.SelectField{MaxSelect: 2}, `["a"]`}, + {[]string{}, &core.SelectField{MaxSelect: 2}, `[]`}, + {[]string{"a", "b", "c"}, &core.SelectField{MaxSelect: 2}, `["a","b","c"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v_%v", i, s.raw, s.field.IsMultiple()), func(t *testing.T) { + record := core.NewRecord(core.NewBaseCollection("test")) + record.SetRaw(s.field.GetName(), s.raw) + + v, err := s.field.DriverValue(record) + if err != nil { + t.Fatal(err) + } + + if s.field.IsMultiple() { + _, ok := v.(types.JSONArray[string]) + if !ok { + t.Fatalf("Expected types.JSONArray value, got %T", v) + } + } else { + _, ok := v.(string) + if !ok { + t.Fatalf("Expected string value, got %T", v) + } + } + + vRaw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + + if string(vRaw) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, vRaw) + } + }) + } +} + +func TestSelectFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + values := []string{"a", "b", "c"} + + scenarios := []struct { + name string + field *core.SelectField + record func() *core.Record + expectError bool + }{ + // single + { + "[single] zero field value (not required)", + &core.SelectField{Name: "test", Values: values, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "[single] zero field value (required)", + &core.SelectField{Name: "test", Values: values, MaxSelect: 1, Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "[single] unknown value", + &core.SelectField{Name: "test", Values: values, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "unknown") + return record + }, + true, + }, + { + "[single] known value", + &core.SelectField{Name: "test", Values: values, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "a") + return record + }, + false, + }, + { + "[single] > MaxSelect", + &core.SelectField{Name: "test", Values: values, MaxSelect: 1}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{"a", "b"}) + return record + }, + true, + }, + + // multiple + { + "[multiple] zero field value (not required)", + &core.SelectField{Name: "test", Values: values, MaxSelect: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{}) + return record + }, + false, + }, + { + "[multiple] zero field value (required)", + &core.SelectField{Name: "test", Values: values, MaxSelect: 2, Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{}) + return record + }, + true, + }, + { + "[multiple] unknown value", + &core.SelectField{Name: "test", Values: values, MaxSelect: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{"a", "unknown"}) + return record + }, + true, + }, + { + "[multiple] known value", + &core.SelectField{Name: "test", Values: values, MaxSelect: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{"a", "b"}) + return record + }, + false, + }, + { + "[multiple] > MaxSelect", + &core.SelectField{Name: "test", Values: values, MaxSelect: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{"a", "b", "c"}) + return record + }, + true, + }, + { + "[multiple] > MaxSelect (duplicated values)", + &core.SelectField{Name: "test", Values: values, MaxSelect: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", []string{"a", "b", "b", "a"}) + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestSelectFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeSelect) + testDefaultFieldNameValidation(t, core.FieldTypeSelect) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field func() *core.SelectField + expectErrors []string + }{ + { + "zero minimal", + func() *core.SelectField { + return &core.SelectField{ + Id: "test", + Name: "test", + } + }, + []string{"values"}, + }, + { + "MaxSelect > Values length", + func() *core.SelectField { + return &core.SelectField{ + Id: "test", + Name: "test", + Values: []string{"a", "b"}, + MaxSelect: 3, + } + }, + []string{"maxSelect"}, + }, + { + "MaxSelect <= Values length", + func() *core.SelectField { + return &core.SelectField{ + Id: "test", + Name: "test", + Values: []string{"a", "b"}, + MaxSelect: 2, + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + field := s.field() + + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(field) + + errs := field.ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestSelectFieldFindSetter(t *testing.T) { + values := []string{"a", "b", "c", "d"} + + scenarios := []struct { + name string + key string + value any + field *core.SelectField + hasSetter bool + expected string + }{ + { + "no match", + "example", + "b", + &core.SelectField{Name: "test", MaxSelect: 1, Values: values}, + false, + "", + }, + { + "exact match (single)", + "test", + "b", + &core.SelectField{Name: "test", MaxSelect: 1, Values: values}, + true, + `"b"`, + }, + { + "exact match (multiple)", + "test", + []string{"a", "b"}, + &core.SelectField{Name: "test", MaxSelect: 2, Values: values}, + true, + `["a","b"]`, + }, + { + "append (single)", + "test+", + "b", + &core.SelectField{Name: "test", MaxSelect: 1, Values: values}, + true, + `"b"`, + }, + { + "append (multiple)", + "test+", + []string{"a"}, + &core.SelectField{Name: "test", MaxSelect: 2, Values: values}, + true, + `["c","d","a"]`, + }, + { + "prepend (single)", + "+test", + "b", + &core.SelectField{Name: "test", MaxSelect: 1, Values: values}, + true, + `"d"`, // the last of the existing values + }, + { + "prepend (multiple)", + "+test", + []string{"a"}, + &core.SelectField{Name: "test", MaxSelect: 2, Values: values}, + true, + `["a","c","d"]`, + }, + { + "subtract (single)", + "test-", + "d", + &core.SelectField{Name: "test", MaxSelect: 1, Values: values}, + true, + `"c"`, + }, + { + "subtract (multiple)", + "test-", + []string{"unknown", "c"}, + &core.SelectField{Name: "test", MaxSelect: 2, Values: values}, + true, + `["d"]`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(s.field) + + setter := s.field.FindSetter(s.key) + + hasSetter := setter != nil + if hasSetter != s.hasSetter { + t.Fatalf("Expected hasSetter %v, got %v", s.hasSetter, hasSetter) + } + + if !hasSetter { + return + } + + record := core.NewRecord(collection) + record.SetRaw(s.field.GetName(), []string{"c", "d"}) + + setter(record, s.value) + + raw, err := json.Marshal(record.Get(s.field.GetName())) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, rawStr) + } + }) + } +} diff --git a/core/field_test.go b/core/field_test.go new file mode 100644 index 0000000..fba7089 --- /dev/null +++ b/core/field_test.go @@ -0,0 +1,261 @@ +package core_test + +import ( + "context" + "strings" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func testFieldBaseMethods(t *testing.T, fieldType string) { + factory, ok := core.Fields[fieldType] + if !ok { + t.Fatalf("Missing %q field factory", fieldType) + } + + f := factory() + if f == nil { + t.Fatal("Expected non-nil Field instance") + } + + t.Run("type", func(t *testing.T) { + if v := f.Type(); v != fieldType { + t.Fatalf("Expected type %q, got %q", fieldType, v) + } + }) + + t.Run("id", func(t *testing.T) { + testValues := []string{"new_id", ""} + for _, expected := range testValues { + f.SetId(expected) + if v := f.GetId(); v != expected { + t.Fatalf("Expected id %q, got %q", expected, v) + } + } + }) + + t.Run("name", func(t *testing.T) { + testValues := []string{"new_name", ""} + for _, expected := range testValues { + f.SetName(expected) + if v := f.GetName(); v != expected { + t.Fatalf("Expected name %q, got %q", expected, v) + } + } + }) + + t.Run("system", func(t *testing.T) { + testValues := []bool{false, true} + for _, expected := range testValues { + f.SetSystem(expected) + if v := f.GetSystem(); v != expected { + t.Fatalf("Expected system %v, got %v", expected, v) + } + } + }) + + t.Run("hidden", func(t *testing.T) { + testValues := []bool{false, true} + for _, expected := range testValues { + f.SetHidden(expected) + if v := f.GetHidden(); v != expected { + t.Fatalf("Expected hidden %v, got %v", expected, v) + } + } + }) +} + +func testDefaultFieldIdValidation(t *testing.T, fieldType string) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() core.Field + expectError bool + }{ + { + "empty value", + func() core.Field { + f := core.Fields[fieldType]() + return f + }, + true, + }, + { + "invalid length", + func() core.Field { + f := core.Fields[fieldType]() + f.SetId(strings.Repeat("a", 101)) + return f + }, + true, + }, + { + "valid length", + func() core.Field { + f := core.Fields[fieldType]() + f.SetId(strings.Repeat("a", 100)) + return f + }, + false, + }, + } + + for _, s := range scenarios { + t.Run("[id] "+s.name, func(t *testing.T) { + errs, _ := s.field().ValidateSettings(context.Background(), app, collection).(validation.Errors) + + hasErr := errs["id"] != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + }) + } +} + +func testDefaultFieldNameValidation(t *testing.T, fieldType string) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() core.Field + expectError bool + }{ + { + "empty value", + func() core.Field { + f := core.Fields[fieldType]() + return f + }, + true, + }, + { + "invalid length", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName(strings.Repeat("a", 101)) + return f + }, + true, + }, + { + "valid length", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName(strings.Repeat("a", 100)) + return f + }, + false, + }, + { + "invalid regex", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("test(") + return f + }, + true, + }, + { + "valid regex", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("test_123") + return f + }, + false, + }, + { + "_via_", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("a_via_b") + return f + }, + true, + }, + { + "system reserved - null", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("null") + return f + }, + true, + }, + { + "system reserved - false", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("false") + return f + }, + true, + }, + { + "system reserved - true", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("true") + return f + }, + true, + }, + { + "system reserved - _rowid_", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("_rowid_") + return f + }, + true, + }, + { + "system reserved - expand", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("expand") + return f + }, + true, + }, + { + "system reserved - collectionId", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("collectionId") + return f + }, + true, + }, + { + "system reserved - collectionName", + func() core.Field { + f := core.Fields[fieldType]() + f.SetName("collectionName") + return f + }, + true, + }, + } + + for _, s := range scenarios { + t.Run("[name] "+s.name, func(t *testing.T) { + errs, _ := s.field().ValidateSettings(context.Background(), app, collection).(validation.Errors) + + hasErr := errs["name"] != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + }) + } +} diff --git a/core/field_text.go b/core/field_text.go new file mode 100644 index 0000000..b999e8b --- /dev/null +++ b/core/field_text.go @@ -0,0 +1,367 @@ +package core + +import ( + "context" + "database/sql" + "errors" + "fmt" + "regexp" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeText] = func() Field { + return &TextField{} + } +} + +const FieldTypeText = "text" + +const autogenerateModifier = ":autogenerate" + +var ( + _ Field = (*TextField)(nil) + _ SetterFinder = (*TextField)(nil) + _ RecordInterceptor = (*TextField)(nil) +) + +// TextField defines "text" type field for storing any string value. +// +// The respective zero record field value is empty string. +// +// The following additional setter keys are available: +// +// - "fieldName:autogenerate" - autogenerate field value if AutogeneratePattern is set. For example: +// +// record.Set("slug:autogenerate", "") // [random value] +// record.Set("slug:autogenerate", "abc-") // abc-[random value] +type TextField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // Min specifies the minimum required string characters. + // + // if zero value, no min limit is applied. + Min int `form:"min" json:"min"` + + // Max specifies the maximum allowed string characters. + // + // If zero, a default limit of 5000 is applied. + Max int `form:"max" json:"max"` + + // Pattern specifies an optional regex pattern to match against the field value. + // + // Leave it empty to skip the pattern check. + Pattern string `form:"pattern" json:"pattern"` + + // AutogeneratePattern specifies an optional regex pattern that could + // be used to generate random string from it and set it automatically + // on record create if no explicit value is set or when the `:autogenerate` modifier is used. + // + // Note: the generated value still needs to satisfy min, max, pattern (if set) + AutogeneratePattern string `form:"autogeneratePattern" json:"autogeneratePattern"` + + // Required will require the field value to be non-empty string. + Required bool `form:"required" json:"required"` + + // PrimaryKey will mark the field as primary key. + // + // A single collection can have only 1 field marked as primary key. + PrimaryKey bool `form:"primaryKey" json:"primaryKey"` +} + +// Type implements [Field.Type] interface method. +func (f *TextField) Type() string { + return FieldTypeText +} + +// GetId implements [Field.GetId] interface method. +func (f *TextField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *TextField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *TextField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *TextField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *TextField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *TextField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *TextField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *TextField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *TextField) ColumnType(app App) string { + if f.PrimaryKey { + // note: the default is just a last resort fallback to avoid empty + // string values in case the record was inserted with raw sql and + // it is not actually used when operating with the db abstraction + return "TEXT PRIMARY KEY DEFAULT ('r'||lower(hex(randomblob(7)))) NOT NULL" + } + + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *TextField) PrepareValue(record *Record, raw any) (any, error) { + return cast.ToString(raw), nil +} + +var forbiddenPKChars = []string{"/", "\\"} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *TextField) ValidateValue(ctx context.Context, app App, record *Record) error { + newVal, ok := record.GetRaw(f.Name).(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if f.PrimaryKey { + // disallow PK change + if !record.IsNew() { + oldVal := record.LastSavedPK() + if oldVal != newVal { + return validation.NewError("validation_pk_change", "The record primary key cannot be changed.") + } + if oldVal != "" { + // no need to further validate because the id can't be updated + // and because the id could have been inserted manually by migration from another system + // that may not comply with the user defined PocketBase validations + return nil + } + } else { + // disallow PK special characters no matter of the Pattern validator to minimize + // side-effects when the primary key is used for example in a directory path + for _, c := range forbiddenPKChars { + if strings.Contains(newVal, c) { + return validation.NewError("validation_pk_forbidden", "The record primary key contains forbidden characters."). + SetParams(map[string]any{"forbidden": c}) + } + } + + // this technically shouldn't be necessarily but again to + // minimize misuse of the Pattern validator that could cause + // side-effects on some platforms check for duplicates in a case-insensitive manner + // + // (@todo eventually may get replaced in the future with a system unique constraint to avoid races or wrapping the request in a transaction) + if f.Pattern != defaultLowercaseRecordIdPattern { + var exists int + err := app.ConcurrentDB(). + Select("(1)"). + From(record.TableName()). + Where(dbx.NewExp("id = {:id} COLLATE NOCASE", dbx.Params{"id": newVal})). + Limit(1). + Row(&exists) + if exists > 0 || (err != nil && !errors.Is(err, sql.ErrNoRows)) { + return validation.NewError("validation_pk_invalid", "The record primary key is invalid or already exists.") + } + } + } + } + + return f.ValidatePlainValue(newVal) +} + +// ValidatePlainValue validates the provided string against the field options. +func (f *TextField) ValidatePlainValue(value string) error { + if f.Required || f.PrimaryKey { + if err := validation.Required.Validate(value); err != nil { + return err + } + } + + if value == "" { + return nil // nothing to check + } + + // note: casted to []rune to count multi-byte chars as one + length := len([]rune(value)) + + if f.Min > 0 && length < f.Min { + return validation.NewError("validation_min_text_constraint", "Must be at least {{.min}} character(s)"). + SetParams(map[string]any{"min": f.Min}) + } + + max := f.Max + if max == 0 { + max = 5000 + } + + if max > 0 && length > max { + return validation.NewError("validation_max_text_constraint", "Must be no more than {{.max}} character(s)"). + SetParams(map[string]any{"max": max}) + } + + if f.Pattern != "" { + match, _ := regexp.MatchString(f.Pattern, value) + if !match { + return validation.NewError("validation_invalid_format", "Invalid value format") + } + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *TextField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, + validation.By(DefaultFieldNameValidationRule), + validation.When(f.PrimaryKey, validation.In(idColumn).Error(`The primary key must be named "id".`)), + ), + validation.Field(&f.PrimaryKey, validation.By(f.checkOtherFieldsForPK(collection))), + validation.Field(&f.Min, validation.Min(0), validation.Max(maxSafeJSONInt)), + validation.Field(&f.Max, validation.Min(f.Min), validation.Max(maxSafeJSONInt)), + validation.Field(&f.Pattern, validation.When(f.PrimaryKey, validation.Required), validation.By(validators.IsRegex)), + validation.Field(&f.Hidden, validation.When(f.PrimaryKey, validation.Empty)), + validation.Field(&f.Required, validation.When(f.PrimaryKey, validation.Required)), + validation.Field(&f.AutogeneratePattern, validation.By(validators.IsRegex), validation.By(f.checkAutogeneratePattern)), + ) +} + +func (f *TextField) checkOtherFieldsForPK(collection *Collection) validation.RuleFunc { + return func(value any) error { + v, _ := value.(bool) + if !v { + return nil // not a pk + } + + totalPrimaryKeys := 0 + for _, field := range collection.Fields { + if text, ok := field.(*TextField); ok && text.PrimaryKey { + totalPrimaryKeys++ + } + + if totalPrimaryKeys > 1 { + return validation.NewError("validation_unsupported_composite_pk", "Composite PKs are not supported and the collection must have only 1 PK.") + } + } + + return nil + } +} + +func (f *TextField) checkAutogeneratePattern(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + // run 10 tests to check for conflicts with the other field validators + for i := 0; i < 10; i++ { + generated, err := security.RandomStringByRegex(v) + if err != nil { + return validation.NewError("validation_invalid_autogenerate_pattern", err.Error()) + } + + // (loosely) check whether the generated pattern satisfies the current field settings + if err := f.ValidatePlainValue(generated); err != nil { + return validation.NewError( + "validation_invalid_autogenerate_pattern_value", + fmt.Sprintf("The provided autogenerate pattern could produce invalid field values, ex.: %q", generated), + ) + } + } + + return nil +} + +// Intercept implements the [RecordInterceptor] interface. +func (f *TextField) Intercept( + ctx context.Context, + app App, + record *Record, + actionName string, + actionFunc func() error, +) error { + // set autogenerated value if missing for new records + switch actionName { + case InterceptorActionValidate, InterceptorActionCreate: + if f.AutogeneratePattern != "" && f.hasZeroValue(record) && record.IsNew() { + v, err := security.RandomStringByRegex(f.AutogeneratePattern) + if err != nil { + return fmt.Errorf("failed to autogenerate %q value: %w", f.Name, err) + } + record.SetRaw(f.Name, v) + } + } + + return actionFunc() +} + +func (f *TextField) hasZeroValue(record *Record) bool { + v, _ := record.GetRaw(f.Name).(string) + return v == "" +} + +// FindSetter implements the [SetterFinder] interface. +func (f *TextField) FindSetter(key string) SetterFunc { + switch key { + case f.Name: + return func(record *Record, raw any) { + record.SetRaw(f.Name, cast.ToString(raw)) + } + case f.Name + autogenerateModifier: + return func(record *Record, raw any) { + v := cast.ToString(raw) + + if f.AutogeneratePattern != "" { + generated, _ := security.RandomStringByRegex(f.AutogeneratePattern) + v += generated + } + + record.SetRaw(f.Name, v) + } + default: + return nil + } +} diff --git a/core/field_text_test.go b/core/field_text_test.go new file mode 100644 index 0000000..100ddb3 --- /dev/null +++ b/core/field_text_test.go @@ -0,0 +1,654 @@ +package core_test + +import ( + "context" + "fmt" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestTextFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeText) +} + +func TestTextFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.TextField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestTextFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.TextField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"test", "test"}, + {false, "false"}, + {true, "true"}, + {123.456, "123.456"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vStr, ok := v.(string) + if !ok { + t.Fatalf("Expected string instance, got %T", v) + } + + if vStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, v) + } + }) + } +} + +func TestTextFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + existingRecord, err := app.FindFirstRecordByFilter(collection, "id != ''") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + field *core.TextField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.TextField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (not required)", + &core.TextField{Name: "test", Pattern: `\d+`, Min: 10, Max: 100}, // other fields validators should be ignored + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "zero field value (required)", + &core.TextField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.TextField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "abc") + return record + }, + false, + }, + { + "special forbidden character / (non-primaryKey)", + &core.TextField{Name: "test", PrimaryKey: false}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "/") + return record + }, + false, + }, + { + "special forbidden character \\ (non-primaryKey)", + &core.TextField{Name: "test", PrimaryKey: false}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "\\") + return record + }, + false, + }, + { + "special forbidden character / (primaryKey)", + &core.TextField{Name: "test", PrimaryKey: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "/") + return record + }, + true, + }, + { + "special forbidden character \\ (primaryKey)", + &core.TextField{Name: "test", PrimaryKey: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "\\") + return record + }, + true, + }, + { + "zero field value (primaryKey)", + &core.TextField{Name: "test", PrimaryKey: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "non-zero field value (primaryKey)", + &core.TextField{Name: "test", PrimaryKey: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "abcd") + return record + }, + false, + }, + { + "case-insensitive duplicated primary key check", + &core.TextField{Name: "test", PrimaryKey: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", strings.ToUpper(existingRecord.Id)) + return record + }, + true, + }, + { + "< min", + &core.TextField{Name: "test", Min: 4}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "абв") // multi-byte + return record + }, + true, + }, + { + ">= min", + &core.TextField{Name: "test", Min: 3}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "абв") // multi-byte + return record + }, + false, + }, + { + "> default max", + &core.TextField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", strings.Repeat("a", 5001)) + return record + }, + true, + }, + { + "<= default max", + &core.TextField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", strings.Repeat("a", 500)) + return record + }, + false, + }, + { + "> max", + &core.TextField{Name: "test", Max: 2}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "абв") // multi-byte + return record + }, + true, + }, + { + "<= max", + &core.TextField{Name: "test", Min: 3}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "абв") // multi-byte + return record + }, + false, + }, + { + "mismatched pattern", + &core.TextField{Name: "test", Pattern: `\d+`}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "abc") + return record + }, + true, + }, + { + "matched pattern", + &core.TextField{Name: "test", Pattern: `\d+`}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "123") + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestTextFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeText) + testDefaultFieldNameValidation(t, core.FieldTypeText) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + field func() *core.TextField + expectErrors []string + }{ + { + "zero minimal", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "primaryKey without required", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "id", + PrimaryKey: true, + Pattern: `\d+`, + } + }, + []string{"required"}, + }, + { + "primaryKey without pattern", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "id", + PrimaryKey: true, + Required: true, + } + }, + []string{"pattern"}, + }, + { + "primaryKey with hidden", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "id", + Required: true, + PrimaryKey: true, + Hidden: true, + Pattern: `\d+`, + } + }, + []string{"hidden"}, + }, + { + "primaryKey with name != id", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "test", + PrimaryKey: true, + Required: true, + Pattern: `\d+`, + } + }, + []string{"name"}, + }, + { + "multiple primaryKey fields", + func() *core.TextField { + return &core.TextField{ + Id: "test2", + Name: "id", + PrimaryKey: true, + Pattern: `\d+`, + Required: true, + } + }, + []string{"primaryKey"}, + }, + { + "invalid pattern", + func() *core.TextField { + return &core.TextField{ + Id: "test2", + Name: "id", + Pattern: `(invalid`, + } + }, + []string{"pattern"}, + }, + { + "valid pattern", + func() *core.TextField { + return &core.TextField{ + Id: "test2", + Name: "id", + Pattern: `\d+`, + } + }, + []string{}, + }, + { + "invalid autogeneratePattern", + func() *core.TextField { + return &core.TextField{ + Id: "test2", + Name: "id", + AutogeneratePattern: `(invalid`, + } + }, + []string{"autogeneratePattern"}, + }, + { + "valid autogeneratePattern", + func() *core.TextField { + return &core.TextField{ + Id: "test2", + Name: "id", + AutogeneratePattern: `[a-z]+`, + } + }, + []string{}, + }, + { + "conflicting pattern and autogeneratePattern", + func() *core.TextField { + return &core.TextField{ + Id: "test2", + Name: "id", + Pattern: `\d+`, + AutogeneratePattern: `[a-z]+`, + } + }, + []string{"autogeneratePattern"}, + }, + { + "Max > safe json int", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "test", + Max: 1 << 53, + } + }, + []string{"max"}, + }, + { + "Max < 0", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "test", + Max: -1, + } + }, + []string{"max"}, + }, + { + "Min > safe json int", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "test", + Min: 1 << 53, + } + }, + []string{"min"}, + }, + { + "Min < 0", + func() *core.TextField { + return &core.TextField{ + Id: "test", + Name: "test", + Min: -1, + } + }, + []string{"min"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + field := s.field() + + collection := core.NewBaseCollection("test_collection") + collection.Fields.GetByName("id").SetId("test") // set a dummy known id so that it can be replaced + collection.Fields.Add(field) + + errs := field.ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} + +func TestTextFieldAutogenerate(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + actionName string + field *core.TextField + record func() *core.Record + expected string + }{ + { + "non-matching action", + core.InterceptorActionUpdate, + &core.TextField{Name: "test", AutogeneratePattern: "abc"}, + func() *core.Record { + return core.NewRecord(collection) + }, + "", + }, + { + "matching action (create)", + core.InterceptorActionCreate, + &core.TextField{Name: "test", AutogeneratePattern: "abc"}, + func() *core.Record { + return core.NewRecord(collection) + }, + "abc", + }, + { + "matching action (validate)", + core.InterceptorActionValidate, + &core.TextField{Name: "test", AutogeneratePattern: "abc"}, + func() *core.Record { + return core.NewRecord(collection) + }, + "abc", + }, + { + "existing non-zero value", + core.InterceptorActionCreate, + &core.TextField{Name: "test", AutogeneratePattern: "abc"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "123") + return record + }, + "123", + }, + { + "non-new record", + core.InterceptorActionValidate, + &core.TextField{Name: "test", AutogeneratePattern: "abc"}, + func() *core.Record { + record := core.NewRecord(collection) + record.Id = "test" + record.PostScan() + return record + }, + "", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + actionCalls := 0 + record := s.record() + + err := s.field.Intercept(context.Background(), app, record, s.actionName, func() error { + actionCalls++ + return nil + }) + if err != nil { + t.Fatal(err) + } + + if actionCalls != 1 { + t.Fatalf("Expected actionCalls %d, got %d", 1, actionCalls) + } + + v := record.GetString(s.field.GetName()) + if v != s.expected { + t.Fatalf("Expected value %q, got %q", s.expected, v) + } + }) + } +} + +func TestTextFieldFindSetter(t *testing.T) { + scenarios := []struct { + name string + key string + value any + field *core.TextField + hasSetter bool + expected string + }{ + { + "no match", + "example", + "abc", + &core.TextField{Name: "test", AutogeneratePattern: "test"}, + false, + "", + }, + { + "exact match", + "test", + "abc", + &core.TextField{Name: "test", AutogeneratePattern: "test"}, + true, + "abc", + }, + { + "autogenerate modifier", + "test:autogenerate", + "abc", + &core.TextField{Name: "test", AutogeneratePattern: "test"}, + true, + "abctest", + }, + { + "autogenerate modifier without AutogeneratePattern option", + "test:autogenerate", + "abc", + &core.TextField{Name: "test"}, + true, + "abc", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(s.field) + + setter := s.field.FindSetter(s.key) + + hasSetter := setter != nil + if hasSetter != s.hasSetter { + t.Fatalf("Expected hasSetter %v, got %v", s.hasSetter, hasSetter) + } + + if !hasSetter { + return + } + + record := core.NewRecord(collection) + + setter(record, s.value) + + result := record.GetString(s.field.Name) + + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} diff --git a/core/field_url.go b/core/field_url.go new file mode 100644 index 0000000..79a61dc --- /dev/null +++ b/core/field_url.go @@ -0,0 +1,168 @@ +package core + +import ( + "context" + "net/url" + "slices" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/spf13/cast" +) + +func init() { + Fields[FieldTypeURL] = func() Field { + return &URLField{} + } +} + +const FieldTypeURL = "url" + +var _ Field = (*URLField)(nil) + +// URLField defines "url" type field for storing a single URL string value. +// +// The respective zero record field value is empty string. +type URLField struct { + // Name (required) is the unique name of the field. + Name string `form:"name" json:"name"` + + // Id is the unique stable field identifier. + // + // It is automatically generated from the name when adding to a collection FieldsList. + Id string `form:"id" json:"id"` + + // System prevents the renaming and removal of the field. + System bool `form:"system" json:"system"` + + // Hidden hides the field from the API response. + Hidden bool `form:"hidden" json:"hidden"` + + // Presentable hints the Dashboard UI to use the underlying + // field record value in the relation preview label. + Presentable bool `form:"presentable" json:"presentable"` + + // --- + + // ExceptDomains will require the URL domain to NOT be included in the listed ones. + // + // This validator can be set only if OnlyDomains is empty. + ExceptDomains []string `form:"exceptDomains" json:"exceptDomains"` + + // OnlyDomains will require the URL domain to be included in the listed ones. + // + // This validator can be set only if ExceptDomains is empty. + OnlyDomains []string `form:"onlyDomains" json:"onlyDomains"` + + // Required will require the field value to be non-empty URL string. + Required bool `form:"required" json:"required"` +} + +// Type implements [Field.Type] interface method. +func (f *URLField) Type() string { + return FieldTypeURL +} + +// GetId implements [Field.GetId] interface method. +func (f *URLField) GetId() string { + return f.Id +} + +// SetId implements [Field.SetId] interface method. +func (f *URLField) SetId(id string) { + f.Id = id +} + +// GetName implements [Field.GetName] interface method. +func (f *URLField) GetName() string { + return f.Name +} + +// SetName implements [Field.SetName] interface method. +func (f *URLField) SetName(name string) { + f.Name = name +} + +// GetSystem implements [Field.GetSystem] interface method. +func (f *URLField) GetSystem() bool { + return f.System +} + +// SetSystem implements [Field.SetSystem] interface method. +func (f *URLField) SetSystem(system bool) { + f.System = system +} + +// GetHidden implements [Field.GetHidden] interface method. +func (f *URLField) GetHidden() bool { + return f.Hidden +} + +// SetHidden implements [Field.SetHidden] interface method. +func (f *URLField) SetHidden(hidden bool) { + f.Hidden = hidden +} + +// ColumnType implements [Field.ColumnType] interface method. +func (f *URLField) ColumnType(app App) string { + return "TEXT DEFAULT '' NOT NULL" +} + +// PrepareValue implements [Field.PrepareValue] interface method. +func (f *URLField) PrepareValue(record *Record, raw any) (any, error) { + return cast.ToString(raw), nil +} + +// ValidateValue implements [Field.ValidateValue] interface method. +func (f *URLField) ValidateValue(ctx context.Context, app App, record *Record) error { + val, ok := record.GetRaw(f.Name).(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if f.Required { + if err := validation.Required.Validate(val); err != nil { + return err + } + } + + if val == "" { + return nil // nothing to check + } + + if is.URL.Validate(val) != nil { + return validation.NewError("validation_invalid_url", "Must be a valid url") + } + + // extract host/domain + u, _ := url.Parse(val) + + // only domains check + if len(f.OnlyDomains) > 0 && !slices.Contains(f.OnlyDomains, u.Host) { + return validation.NewError("validation_url_domain_not_allowed", "Url domain is not allowed") + } + + // except domains check + if len(f.ExceptDomains) > 0 && slices.Contains(f.ExceptDomains, u.Host) { + return validation.NewError("validation_url_domain_not_allowed", "Url domain is not allowed") + } + + return nil +} + +// ValidateSettings implements [Field.ValidateSettings] interface method. +func (f *URLField) ValidateSettings(ctx context.Context, app App, collection *Collection) error { + return validation.ValidateStruct(f, + validation.Field(&f.Id, validation.By(DefaultFieldIdValidationRule)), + validation.Field(&f.Name, validation.By(DefaultFieldNameValidationRule)), + validation.Field( + &f.ExceptDomains, + validation.When(len(f.OnlyDomains) > 0, validation.Empty).Else(validation.Each(is.Domain)), + ), + validation.Field( + &f.OnlyDomains, + validation.When(len(f.ExceptDomains) > 0, validation.Empty).Else(validation.Each(is.Domain)), + ), + ) +} diff --git a/core/field_url_test.go b/core/field_url_test.go new file mode 100644 index 0000000..0b2db39 --- /dev/null +++ b/core/field_url_test.go @@ -0,0 +1,271 @@ +package core_test + +import ( + "context" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestURLFieldBaseMethods(t *testing.T) { + testFieldBaseMethods(t, core.FieldTypeURL) +} + +func TestURLFieldColumnType(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.URLField{} + + expected := "TEXT DEFAULT '' NOT NULL" + + if v := f.ColumnType(app); v != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, v) + } +} + +func TestURLFieldPrepareValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f := &core.URLField{} + record := core.NewRecord(core.NewBaseCollection("test")) + + scenarios := []struct { + raw any + expected string + }{ + {"", ""}, + {"test", "test"}, + {false, "false"}, + {true, "true"}, + {123.456, "123.456"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.raw), func(t *testing.T) { + v, err := f.PrepareValue(record, s.raw) + if err != nil { + t.Fatal(err) + } + + vStr, ok := v.(string) + if !ok { + t.Fatalf("Expected string instance, got %T", v) + } + + if vStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, v) + } + }) + } +} + +func TestURLFieldValidateValue(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field *core.URLField + record func() *core.Record + expectError bool + }{ + { + "invalid raw value", + &core.URLField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", 123) + return record + }, + true, + }, + { + "zero field value (not required)", + &core.URLField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + false, + }, + { + "zero field value (required)", + &core.URLField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "") + return record + }, + true, + }, + { + "non-zero field value (required)", + &core.URLField{Name: "test", Required: true}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "https://example.com") + return record + }, + false, + }, + { + "invalid url", + &core.URLField{Name: "test"}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "invalid") + return record + }, + true, + }, + { + "failed onlyDomains", + &core.URLField{Name: "test", OnlyDomains: []string{"example.org", "example.net"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "https://example.com") + return record + }, + true, + }, + { + "success onlyDomains", + &core.URLField{Name: "test", OnlyDomains: []string{"example.org", "example.com"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "https://example.com") + return record + }, + false, + }, + { + "failed exceptDomains", + &core.URLField{Name: "test", ExceptDomains: []string{"example.org", "example.com"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "https://example.com") + return record + }, + true, + }, + { + "success exceptDomains", + &core.URLField{Name: "test", ExceptDomains: []string{"example.org", "example.net"}}, + func() *core.Record { + record := core.NewRecord(collection) + record.SetRaw("test", "https://example.com") + return record + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.field.ValidateValue(context.Background(), app, s.record()) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestURLFieldValidateSettings(t *testing.T) { + testDefaultFieldIdValidation(t, core.FieldTypeURL) + testDefaultFieldNameValidation(t, core.FieldTypeURL) + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection := core.NewBaseCollection("test_collection") + + scenarios := []struct { + name string + field func() *core.URLField + expectErrors []string + }{ + { + "zero minimal", + func() *core.URLField { + return &core.URLField{ + Id: "test", + Name: "test", + } + }, + []string{}, + }, + { + "both onlyDomains and exceptDomains", + func() *core.URLField { + return &core.URLField{ + Id: "test", + Name: "test", + OnlyDomains: []string{"example.com"}, + ExceptDomains: []string{"example.org"}, + } + }, + []string{"onlyDomains", "exceptDomains"}, + }, + { + "invalid onlyDomains", + func() *core.URLField { + return &core.URLField{ + Id: "test", + Name: "test", + OnlyDomains: []string{"example.com", "invalid"}, + } + }, + []string{"onlyDomains"}, + }, + { + "valid onlyDomains", + func() *core.URLField { + return &core.URLField{ + Id: "test", + Name: "test", + OnlyDomains: []string{"example.com", "example.org"}, + } + }, + []string{}, + }, + { + "invalid exceptDomains", + func() *core.URLField { + return &core.URLField{ + Id: "test", + Name: "test", + ExceptDomains: []string{"example.com", "invalid"}, + } + }, + []string{"exceptDomains"}, + }, + { + "valid exceptDomains", + func() *core.URLField { + return &core.URLField{ + Id: "test", + Name: "test", + ExceptDomains: []string{"example.com", "example.org"}, + } + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := s.field().ValidateSettings(context.Background(), app, collection) + + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} diff --git a/core/fields_list.go b/core/fields_list.go new file mode 100644 index 0000000..1708a05 --- /dev/null +++ b/core/fields_list.go @@ -0,0 +1,388 @@ +package core + +import ( + "database/sql/driver" + "encoding/json" + "fmt" + "slices" + "strconv" +) + +// NewFieldsList creates a new FieldsList instance with the provided fields. +func NewFieldsList(fields ...Field) FieldsList { + l := make(FieldsList, 0, len(fields)) + + for _, f := range fields { + l.add(-1, f) + } + + return l +} + +// FieldsList defines a Collection slice of fields. +type FieldsList []Field + +// Clone creates a deep clone of the current list. +func (l FieldsList) Clone() (FieldsList, error) { + copyRaw, err := json.Marshal(l) + if err != nil { + return nil, err + } + + result := FieldsList{} + if err := json.Unmarshal(copyRaw, &result); err != nil { + return nil, err + } + + return result, nil +} + +// FieldNames returns a slice with the name of all list fields. +func (l FieldsList) FieldNames() []string { + result := make([]string, len(l)) + + for i, field := range l { + result[i] = field.GetName() + } + + return result +} + +// AsMap returns a map with all registered list field. +// The returned map is indexed with each field name. +func (l FieldsList) AsMap() map[string]Field { + result := make(map[string]Field, len(l)) + + for _, field := range l { + result[field.GetName()] = field + } + + return result +} + +// GetById returns a single field by its id. +func (l FieldsList) GetById(fieldId string) Field { + for _, field := range l { + if field.GetId() == fieldId { + return field + } + } + return nil +} + +// GetByName returns a single field by its name. +func (l FieldsList) GetByName(fieldName string) Field { + for _, field := range l { + if field.GetName() == fieldName { + return field + } + } + return nil +} + +// RemoveById removes a single field by its id. +// +// This method does nothing if field with the specified id doesn't exist. +func (l *FieldsList) RemoveById(fieldId string) { + fields := *l + for i, field := range fields { + if field.GetId() == fieldId { + *l = append(fields[:i], fields[i+1:]...) + return + } + } +} + +// RemoveByName removes a single field by its name. +// +// This method does nothing if field with the specified name doesn't exist. +func (l *FieldsList) RemoveByName(fieldName string) { + fields := *l + for i, field := range fields { + if field.GetName() == fieldName { + *l = append(fields[:i], fields[i+1:]...) + return + } + } +} + +// Add adds one or more fields to the current list. +// +// By default this method will try to REPLACE existing fields with +// the new ones by their id or by their name if the new field doesn't have an explicit id. +// +// If no matching existing field is found, it will APPEND the field to the end of the list. +// +// In all cases, if any of the new fields don't have an explicit id it will auto generate a default one for them +// (the id value doesn't really matter and it is mostly used as a stable identifier in case of a field rename). +func (l *FieldsList) Add(fields ...Field) { + for _, f := range fields { + l.add(-1, f) + } +} + +// AddAt is the same as Add but insert/move the fields at the specific position. +// +// If pos < 0, then this method acts the same as calling Add. +// +// If pos > FieldsList total items, then the specified fields are inserted/moved at the end of the list. +func (l *FieldsList) AddAt(pos int, fields ...Field) { + total := len(*l) + + for i, f := range fields { + if pos < 0 { + l.add(-1, f) + } else if pos > total { + l.add(total+i, f) + } else { + l.add(pos+i, f) + } + } +} + +// AddMarshaledJSON parses the provided raw json data and adds the +// found fields into the current list (following the same rule as the Add method). +// +// The rawJSON argument could be one of: +// - serialized array of field objects +// - single field object. +// +// Example: +// +// l.AddMarshaledJSON([]byte{`{"type":"text", name: "test"}`}) +// l.AddMarshaledJSON([]byte{`[{"type":"text", name: "test1"}, {"type":"text", name: "test2"}]`}) +func (l *FieldsList) AddMarshaledJSON(rawJSON []byte) error { + extractedFields, err := marshaledJSONtoFieldsList(rawJSON) + if err != nil { + return err + } + + l.Add(extractedFields...) + + return nil +} + +// AddMarshaledJSONAt is the same as AddMarshaledJSON but insert/move the fields at the specific position. +// +// If pos < 0, then this method acts the same as calling AddMarshaledJSON. +// +// If pos > FieldsList total items, then the specified fields are inserted/moved at the end of the list. +func (l *FieldsList) AddMarshaledJSONAt(pos int, rawJSON []byte) error { + extractedFields, err := marshaledJSONtoFieldsList(rawJSON) + if err != nil { + return err + } + + l.AddAt(pos, extractedFields...) + + return nil +} + +func marshaledJSONtoFieldsList(rawJSON []byte) (FieldsList, error) { + extractedFields := FieldsList{} + + // nothing to add + if len(rawJSON) == 0 { + return extractedFields, nil + } + + // try to unmarshal first into a new fieds list + // (assuming that rawJSON is array of objects) + err := json.Unmarshal(rawJSON, &extractedFields) + if err != nil { + // try again but wrap the rawJSON in [] + // (assuming that rawJSON is a single object) + wrapped := make([]byte, 0, len(rawJSON)+2) + wrapped = append(wrapped, '[') + wrapped = append(wrapped, rawJSON...) + wrapped = append(wrapped, ']') + err = json.Unmarshal(wrapped, &extractedFields) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal the provided JSON - expects array of objects or just single object: %w", err) + } + } + + return extractedFields, nil +} + +func (l *FieldsList) add(pos int, newField Field) { + fields := *l + + var replaceByName bool + var replaceInPlace bool + + if pos < 0 { + replaceInPlace = true + pos = len(fields) + } else if pos > len(fields) { + pos = len(fields) + } + + newFieldId := newField.GetId() + + // set default id + if newFieldId == "" { + replaceByName = true + + baseId := newField.Type() + crc32Checksum(newField.GetName()) + newFieldId = baseId + for i := 2; i < 1000; i++ { + if l.GetById(newFieldId) == nil { + break // already unique + } + newFieldId = baseId + strconv.Itoa(i) + } + newField.SetId(newFieldId) + } + + // try to replace existing + for i, field := range fields { + if replaceByName { + if name := newField.GetName(); name != "" && field.GetName() == name { + // reuse the original id + newField.SetId(field.GetId()) + + if replaceInPlace { + (*l)[i] = newField + return + } else { + // remove the current field and insert it later at the specific position + *l = slices.Delete(*l, i, i+1) + if total := len(*l); pos > total { + pos = total + } + break + } + } + } else { + if field.GetId() == newFieldId { + if replaceInPlace { + (*l)[i] = newField + return + } else { + // remove the current field and insert it later at the specific position + *l = slices.Delete(*l, i, i+1) + if total := len(*l); pos > total { + pos = total + } + break + } + } + } + } + + // insert the new field + *l = slices.Insert(*l, pos, newField) +} + +// String returns the string representation of the current list. +func (l FieldsList) String() string { + v, _ := json.Marshal(l) + return string(v) +} + +type onlyFieldType struct { + Type string `json:"type"` +} + +type fieldWithType struct { + Field + Type string `json:"type"` +} + +func (fwt *fieldWithType) UnmarshalJSON(data []byte) error { + // extract the field type to init a blank factory + t := &onlyFieldType{} + if err := json.Unmarshal(data, t); err != nil { + return fmt.Errorf("failed to unmarshal field type: %w", err) + } + + factory, ok := Fields[t.Type] + if !ok { + return fmt.Errorf("missing or unknown field type in %s", data) + } + + fwt.Type = t.Type + fwt.Field = factory() + + // unmarshal the rest of the data into the created field + if err := json.Unmarshal(data, fwt.Field); err != nil { + return fmt.Errorf("failed to unmarshal field: %w", err) + } + + return nil +} + +// UnmarshalJSON implements [json.Unmarshaler] and +// loads the provided json data into the current FieldsList. +func (l *FieldsList) UnmarshalJSON(data []byte) error { + fwts := []fieldWithType{} + + if err := json.Unmarshal(data, &fwts); err != nil { + return err + } + + *l = []Field{} // reset + + for _, fwt := range fwts { + l.add(-1, fwt.Field) + } + + return nil +} + +// MarshalJSON implements the [json.Marshaler] interface. +func (l FieldsList) MarshalJSON() ([]byte, error) { + if l == nil { + l = []Field{} // always init to ensure that it is serialized as empty array + } + + wrapper := make([]map[string]any, 0, len(l)) + + for _, f := range l { + // precompute the json into a map so that we can append the type to a flatten object + raw, err := json.Marshal(f) + if err != nil { + return nil, err + } + + data := map[string]any{} + if err := json.Unmarshal(raw, &data); err != nil { + return nil, err + } + data["type"] = f.Type() + + wrapper = append(wrapper, data) + } + + return json.Marshal(wrapper) +} + +// Value implements the [driver.Valuer] interface. +func (l FieldsList) Value() (driver.Value, error) { + data, err := json.Marshal(l) + + return string(data), err +} + +// Scan implements [sql.Scanner] interface to scan the provided value +// into the current FieldsList instance. +func (l *FieldsList) Scan(value any) error { + var data []byte + switch v := value.(type) { + case nil: + // no cast needed + case []byte: + data = v + case string: + data = []byte(v) + default: + return fmt.Errorf("failed to unmarshal FieldsList value %q", value) + } + + if len(data) == 0 { + data = []byte("[]") + } + + return l.UnmarshalJSON(data) +} diff --git a/core/fields_list_test.go b/core/fields_list_test.go new file mode 100644 index 0000000..e667e76 --- /dev/null +++ b/core/fields_list_test.go @@ -0,0 +1,558 @@ +package core_test + +import ( + "bytes" + "encoding/json" + "slices" + "strconv" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" +) + +func TestNewFieldsList(t *testing.T) { + fields := core.NewFieldsList( + &core.TextField{Id: "id1", Name: "test1"}, + &core.TextField{Name: "test2"}, + &core.TextField{Id: "id1", Name: "test1_new"}, // should replace the original id1 field + ) + + if len(fields) != 2 { + t.Fatalf("Expected 2 fields, got %d (%v)", len(fields), fields) + } + + for _, f := range fields { + if f.GetId() == "" { + t.Fatalf("Expected field id to be set, found empty id for field %v", f) + } + } + + if fields[0].GetName() != "test1_new" { + t.Fatalf("Expected field with name test1_new, got %s", fields[0].GetName()) + } + + if fields[1].GetName() != "test2" { + t.Fatalf("Expected field with name test2, got %s", fields[1].GetName()) + } +} + +func TestFieldsListClone(t *testing.T) { + f1 := &core.TextField{Name: "test1"} + f2 := &core.EmailField{Name: "test2"} + s1 := core.NewFieldsList(f1, f2) + + s2, err := s1.Clone() + if err != nil { + t.Fatal(err) + } + + s1Str := s1.String() + s2Str := s2.String() + + if s1Str != s2Str { + t.Fatalf("Expected the cloned list to be equal, got \n%v\nVS\n%v", s1, s2) + } + + // change in one list shouldn't result to change in the other + // (aka. check if it is a deep clone) + s1[0].SetName("test1_update") + if s2[0].GetName() != "test1" { + t.Fatalf("Expected s2 field name to not change, got %q", s2[0].GetName()) + } +} + +func TestFieldsListFieldNames(t *testing.T) { + f1 := &core.TextField{Name: "test1"} + f2 := &core.EmailField{Name: "test2"} + testFieldsList := core.NewFieldsList(f1, f2) + + result := testFieldsList.FieldNames() + + expected := []string{f1.Name, f2.Name} + + if len(result) != len(expected) { + t.Fatalf("Expected %d slice elements, got %d\n%v", len(expected), len(result), result) + } + + for _, name := range expected { + if !slices.Contains(result, name) { + t.Fatalf("Missing name %q in %v", name, result) + } + } +} + +func TestFieldsListAsMap(t *testing.T) { + f1 := &core.TextField{Name: "test1"} + f2 := &core.EmailField{Name: "test2"} + testFieldsList := core.NewFieldsList(f1, f2) + + result := testFieldsList.AsMap() + + expectedIndexes := []string{f1.Name, f2.Name} + + if len(result) != len(expectedIndexes) { + t.Fatalf("Expected %d map elements, got %d\n%v", len(expectedIndexes), len(result), result) + } + + for _, index := range expectedIndexes { + if _, ok := result[index]; !ok { + t.Fatalf("Missing index %q", index) + } + } +} + +func TestFieldsListGetById(t *testing.T) { + f1 := &core.TextField{Id: "id1", Name: "test1"} + f2 := &core.EmailField{Id: "id2", Name: "test2"} + testFieldsList := core.NewFieldsList(f1, f2) + + // missing field id + result1 := testFieldsList.GetById("test1") + if result1 != nil { + t.Fatalf("Found unexpected field %v", result1) + } + + // existing field id + result2 := testFieldsList.GetById("id2") + if result2 == nil || result2.GetId() != "id2" { + t.Fatalf("Cannot find field with id %q, got %v ", "id2", result2) + } +} + +func TestFieldsListGetByName(t *testing.T) { + f1 := &core.TextField{Id: "id1", Name: "test1"} + f2 := &core.EmailField{Id: "id2", Name: "test2"} + testFieldsList := core.NewFieldsList(f1, f2) + + // missing field name + result1 := testFieldsList.GetByName("id1") + if result1 != nil { + t.Fatalf("Found unexpected field %v", result1) + } + + // existing field name + result2 := testFieldsList.GetByName("test2") + if result2 == nil || result2.GetName() != "test2" { + t.Fatalf("Cannot find field with name %q, got %v ", "test2", result2) + } +} + +func TestFieldsListRemove(t *testing.T) { + testFieldsList := core.NewFieldsList( + &core.TextField{Id: "id1", Name: "test1"}, + &core.TextField{Id: "id2", Name: "test2"}, + &core.TextField{Id: "id3", Name: "test3"}, + &core.TextField{Id: "id4", Name: "test4"}, + &core.TextField{Id: "id5", Name: "test5"}, + &core.TextField{Id: "id6", Name: "test6"}, + ) + + // remove by id + testFieldsList.RemoveById("id2") + testFieldsList.RemoveById("test3") // should do nothing + + // remove by name + testFieldsList.RemoveByName("test5") + testFieldsList.RemoveByName("id6") // should do nothing + + expected := []string{"test1", "test3", "test4", "test6"} + + if len(testFieldsList) != len(expected) { + t.Fatalf("Expected %d, got %d\n%v", len(expected), len(testFieldsList), testFieldsList) + } + + for _, name := range expected { + if f := testFieldsList.GetByName(name); f == nil { + t.Fatalf("Missing field %q", name) + } + } +} + +func TestFieldsListAdd(t *testing.T) { + f0 := &core.TextField{} + f1 := &core.TextField{Name: "test1"} + f2 := &core.TextField{Id: "f2Id", Name: "test2"} + f3 := &core.TextField{Id: "f3Id", Name: "test3"} + testFieldsList := core.NewFieldsList(f0, f1, f2, f3) + + f2New := &core.EmailField{Id: "f2Id", Name: "test2_new"} + f4 := &core.URLField{Name: "test4"} + + testFieldsList.Add(f2New) + testFieldsList.Add(f4) + + if len(testFieldsList) != 5 { + t.Fatalf("Expected %d, got %d\n%v", 5, len(testFieldsList), testFieldsList) + } + + // check if each field has id + for _, f := range testFieldsList { + if f.GetId() == "" { + t.Fatalf("Expected field id to be set, found empty id for field %v", f) + } + } + + // check if f2 field was replaced + if f := testFieldsList.GetById("f2Id"); f == nil || f.Type() != core.FieldTypeEmail { + t.Fatalf("Expected f2 field to be replaced, found %v", f) + } + + // check if f4 was added + if f := testFieldsList.GetByName("test4"); f == nil || f.GetName() != "test4" { + t.Fatalf("Expected f4 field to be added, found %v", f) + } +} + +func TestFieldsListAddMarshaledJSON(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + raw []byte + expectError bool + expectedFields map[string]string + }{ + { + "nil", + nil, + false, + map[string]string{"abc": core.FieldTypeNumber}, + }, + { + "empty array", + []byte(`[]`), + false, + map[string]string{"abc": core.FieldTypeNumber}, + }, + { + "empty object", + []byte(`{}`), + true, + map[string]string{"abc": core.FieldTypeNumber}, + }, + { + "array with empty object", + []byte(`[{}]`), + true, + map[string]string{"abc": core.FieldTypeNumber}, + }, + { + "single object with invalid type", + []byte(`{"type":"missing","name":"test"}`), + true, + map[string]string{"abc": core.FieldTypeNumber}, + }, + { + "single object with valid type", + []byte(`{"type":"text","name":"test"}`), + false, + map[string]string{ + "abc": core.FieldTypeNumber, + "test": core.FieldTypeText, + }, + }, + { + "array of object with valid types", + []byte(`[{"type":"text","name":"test1"},{"type":"url","name":"test2"}]`), + false, + map[string]string{ + "abc": core.FieldTypeNumber, + "test1": core.FieldTypeText, + "test2": core.FieldTypeURL, + }, + }, + { + "fields with duplicated ids should replace existing fields", + []byte(`[{"type":"text","name":"test1"},{"type":"url","name":"test2"},{"type":"text","name":"abc2", "id":"abc_id"}]`), + false, + map[string]string{ + "abc2": core.FieldTypeText, + "test1": core.FieldTypeText, + "test2": core.FieldTypeURL, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testList := core.NewFieldsList(&core.NumberField{Name: "abc", Id: "abc_id"}) + err := testList.AddMarshaledJSON(s.raw) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + + if len(s.expectedFields) != len(testList) { + t.Fatalf("Expected %d fields, got %d", len(s.expectedFields), len(testList)) + } + + for fieldName, typ := range s.expectedFields { + f := testList.GetByName(fieldName) + + if f == nil { + t.Errorf("Missing expected field %q", fieldName) + continue + } + + if f.Type() != typ { + t.Errorf("Expect field %q to has type %q, got %q", fieldName, typ, f.Type()) + } + } + }) + } +} + +func TestFieldsListAddAt(t *testing.T) { + scenarios := []struct { + position int + expected []string + }{ + {-2, []string{"test1", "test2_new", "test3", "test4"}}, + {-1, []string{"test1", "test2_new", "test3", "test4"}}, + {0, []string{"test2_new", "test4", "test1", "test3"}}, + {1, []string{"test1", "test2_new", "test4", "test3"}}, + {2, []string{"test1", "test3", "test2_new", "test4"}}, + {3, []string{"test1", "test3", "test2_new", "test4"}}, + {4, []string{"test1", "test3", "test2_new", "test4"}}, + {5, []string{"test1", "test3", "test2_new", "test4"}}, + } + + for _, s := range scenarios { + t.Run(strconv.Itoa(s.position), func(t *testing.T) { + f1 := &core.TextField{Id: "f1Id", Name: "test1"} + f2 := &core.TextField{Id: "f2Id", Name: "test2"} + f3 := &core.TextField{Id: "f3Id", Name: "test3"} + testFieldsList := core.NewFieldsList(f1, f2, f3) + + f2New := &core.EmailField{Id: "f2Id", Name: "test2_new"} + f4 := &core.URLField{Name: "test4"} + testFieldsList.AddAt(s.position, f2New, f4) + + rawNames, err := json.Marshal(testFieldsList.FieldNames()) + if err != nil { + t.Fatal(err) + } + + rawExpected, err := json.Marshal(s.expected) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(rawNames, rawExpected) { + t.Fatalf("Expected fields\n%s\ngot\n%s", rawExpected, rawNames) + } + }) + } +} + +func TestFieldsListAddMarshaledJSONAt(t *testing.T) { + scenarios := []struct { + position int + expected []string + }{ + {-2, []string{"test1", "test2_new", "test3", "test4"}}, + {-1, []string{"test1", "test2_new", "test3", "test4"}}, + {0, []string{"test2_new", "test4", "test1", "test3"}}, + {1, []string{"test1", "test2_new", "test4", "test3"}}, + {2, []string{"test1", "test3", "test2_new", "test4"}}, + {3, []string{"test1", "test3", "test2_new", "test4"}}, + {4, []string{"test1", "test3", "test2_new", "test4"}}, + {5, []string{"test1", "test3", "test2_new", "test4"}}, + } + + for _, s := range scenarios { + t.Run(strconv.Itoa(s.position), func(t *testing.T) { + f1 := &core.TextField{Id: "f1Id", Name: "test1"} + f2 := &core.TextField{Id: "f2Id", Name: "test2"} + f3 := &core.TextField{Id: "f3Id", Name: "test3"} + testFieldsList := core.NewFieldsList(f1, f2, f3) + + err := testFieldsList.AddMarshaledJSONAt(s.position, []byte(`[ + {"id":"f2Id", "name":"test2_new", "type": "text"}, + {"name": "test4", "type": "text"} + ]`)) + if err != nil { + t.Fatal(err) + } + + rawNames, err := json.Marshal(testFieldsList.FieldNames()) + if err != nil { + t.Fatal(err) + } + + rawExpected, err := json.Marshal(s.expected) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(rawNames, rawExpected) { + t.Fatalf("Expected fields\n%s\ngot\n%s", rawExpected, rawNames) + } + }) + } +} + +func TestFieldsListStringAndValue(t *testing.T) { + t.Run("empty list", func(t *testing.T) { + testFieldsList := core.NewFieldsList() + + str := testFieldsList.String() + if str != "[]" { + t.Fatalf("Expected empty slice, got\n%q", str) + } + + v, err := testFieldsList.Value() + if err != nil { + t.Fatal(err) + } + if v != str { + t.Fatalf("Expected String and Value to match") + } + }) + + t.Run("list with fields", func(t *testing.T) { + testFieldsList := core.NewFieldsList( + &core.TextField{Id: "f1id", Name: "test1"}, + &core.BoolField{Id: "f2id", Name: "test2"}, + &core.URLField{Id: "f3id", Name: "test3"}, + ) + + str := testFieldsList.String() + + v, err := testFieldsList.Value() + if err != nil { + t.Fatal(err) + } + if v != str { + t.Fatalf("Expected String and Value to match") + } + + expectedParts := []string{ + `"type":"bool"`, + `"type":"url"`, + `"type":"text"`, + `"id":"f1id"`, + `"id":"f2id"`, + `"id":"f3id"`, + `"name":"test1"`, + `"name":"test2"`, + `"name":"test3"`, + } + + for _, part := range expectedParts { + if !strings.Contains(str, part) { + t.Fatalf("Missing %q in\nn%v", part, str) + } + } + }) +} + +func TestFieldsListScan(t *testing.T) { + scenarios := []struct { + name string + data any + expectError bool + expectJSON string + }{ + {"nil", nil, false, "[]"}, + {"empty string", "", false, "[]"}, + {"empty byte", []byte{}, false, "[]"}, + {"empty string array", "[]", false, "[]"}, + {"invalid string", "invalid", true, "[]"}, + {"non-string", 123, true, "[]"}, + {"item with no field type", `[{}]`, true, "[]"}, + { + "unknown field type", + `[{"id":"123","name":"test1","type":"unknown"},{"id":"456","name":"test2","type":"bool"}]`, + true, + `[]`, + }, + { + "only the minimum field options", + `[{"id":"123","name":"test1","type":"text","required":true},{"id":"456","name":"test2","type":"bool"}]`, + false, + `[{"autogeneratePattern":"","hidden":false,"id":"123","max":0,"min":0,"name":"test1","pattern":"","presentable":false,"primaryKey":false,"required":true,"system":false,"type":"text"},{"hidden":false,"id":"456","name":"test2","presentable":false,"required":false,"system":false,"type":"bool"}]`, + }, + { + "all field options", + `[{"autogeneratePattern":"","hidden":true,"id":"123","max":12,"min":0,"name":"test1","pattern":"","presentable":true,"primaryKey":false,"required":true,"system":false,"type":"text"},{"hidden":false,"id":"456","name":"test2","presentable":false,"required":false,"system":true,"type":"bool"}]`, + false, + `[{"autogeneratePattern":"","hidden":true,"id":"123","max":12,"min":0,"name":"test1","pattern":"","presentable":true,"primaryKey":false,"required":true,"system":false,"type":"text"},{"hidden":false,"id":"456","name":"test2","presentable":false,"required":false,"system":true,"type":"bool"}]`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testFieldsList := core.FieldsList{} + + err := testFieldsList.Scan(s.data) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + str := testFieldsList.String() + if str != s.expectJSON { + t.Fatalf("Expected\n%v\ngot\n%v", s.expectJSON, str) + } + }) + } +} + +func TestFieldsListJSON(t *testing.T) { + scenarios := []struct { + name string + data string + expectError bool + expectJSON string + }{ + {"empty string", "", true, "[]"}, + {"invalid string", "invalid", true, "[]"}, + {"empty string array", "[]", false, "[]"}, + {"item with no field type", `[{}]`, true, "[]"}, + { + "unknown field type", + `[{"id":"123","name":"test1","type":"unknown"},{"id":"456","name":"test2","type":"bool"}]`, + true, + `[]`, + }, + { + "only the minimum field options", + `[{"id":"123","name":"test1","type":"text","required":true},{"id":"456","name":"test2","type":"bool"}]`, + false, + `[{"autogeneratePattern":"","hidden":false,"id":"123","max":0,"min":0,"name":"test1","pattern":"","presentable":false,"primaryKey":false,"required":true,"system":false,"type":"text"},{"hidden":false,"id":"456","name":"test2","presentable":false,"required":false,"system":false,"type":"bool"}]`, + }, + { + "all field options", + `[{"autogeneratePattern":"","hidden":true,"id":"123","max":12,"min":0,"name":"test1","pattern":"","presentable":true,"primaryKey":false,"required":true,"system":false,"type":"text"},{"hidden":false,"id":"456","name":"test2","presentable":false,"required":false,"system":true,"type":"bool"}]`, + false, + `[{"autogeneratePattern":"","hidden":true,"id":"123","max":12,"min":0,"name":"test1","pattern":"","presentable":true,"primaryKey":false,"required":true,"system":false,"type":"text"},{"hidden":false,"id":"456","name":"test2","presentable":false,"required":false,"system":true,"type":"bool"}]`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testFieldsList := core.FieldsList{} + + err := testFieldsList.UnmarshalJSON([]byte(s.data)) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + raw, err := testFieldsList.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + str := string(raw) + if str != s.expectJSON { + t.Fatalf("Expected\n%v\ngot\n%v", s.expectJSON, str) + } + }) + } +} diff --git a/core/log_model.go b/core/log_model.go new file mode 100644 index 0000000..c2c3e7a --- /dev/null +++ b/core/log_model.go @@ -0,0 +1,22 @@ +package core + +import "github.com/pocketbase/pocketbase/tools/types" + +var ( + _ Model = (*Log)(nil) +) + +const LogsTableName = "_logs" + +type Log struct { + BaseModel + + Created types.DateTime `db:"created" json:"created"` + Data types.JSONMap[any] `db:"data" json:"data"` + Message string `db:"message" json:"message"` + Level int `db:"level" json:"level"` +} + +func (m *Log) TableName() string { + return LogsTableName +} diff --git a/core/log_printer.go b/core/log_printer.go new file mode 100644 index 0000000..0f8eb3b --- /dev/null +++ b/core/log_printer.go @@ -0,0 +1,67 @@ +package core + +import ( + "fmt" + "log/slog" + "strings" + + "github.com/fatih/color" + "github.com/pocketbase/pocketbase/tools/logger" + "github.com/pocketbase/pocketbase/tools/store" + "github.com/spf13/cast" +) + +var cachedColors = store.New[string, *color.Color](nil) + +// getColor returns [color.Color] object and cache it (if not already). +func getColor(attrs ...color.Attribute) (c *color.Color) { + cacheKey := fmt.Sprint(attrs) + if c = cachedColors.Get(cacheKey); c == nil { + c = color.New(attrs...) + cachedColors.Set(cacheKey, c) + } + return +} + +// printLog prints the provided log to the stderr. +// (note: defined as variable to overwriting in the tests) +var printLog = func(log *logger.Log) { + var str strings.Builder + + switch log.Level { + case slog.LevelDebug: + str.WriteString(getColor(color.Bold, color.FgHiBlack).Sprint("DEBUG ")) + str.WriteString(getColor(color.FgWhite).Sprint(log.Message)) + case slog.LevelInfo: + str.WriteString(getColor(color.Bold, color.FgWhite).Sprint("INFO ")) + str.WriteString(getColor(color.FgWhite).Sprint(log.Message)) + case slog.LevelWarn: + str.WriteString(getColor(color.Bold, color.FgYellow).Sprint("WARN ")) + str.WriteString(getColor(color.FgYellow).Sprint(log.Message)) + case slog.LevelError: + str.WriteString(getColor(color.Bold, color.FgRed).Sprint("ERROR ")) + str.WriteString(getColor(color.FgRed).Sprint(log.Message)) + default: + str.WriteString(getColor(color.Bold, color.FgCyan).Sprintf("[%d] ", log.Level)) + str.WriteString(getColor(color.FgCyan).Sprint(log.Message)) + } + + str.WriteString("\n") + + if v, ok := log.Data["type"]; ok && cast.ToString(v) == "request" { + padding := 0 + keys := []string{"error", "details"} + for _, k := range keys { + if v := log.Data[k]; v != nil { + str.WriteString(getColor(color.FgHiRed).Sprintf("%s└─ %v", strings.Repeat(" ", padding), v)) + str.WriteString("\n") + padding += 3 + } + } + } else if len(log.Data) > 0 { + str.WriteString(getColor(color.FgHiBlack).Sprintf("└─ %v", log.Data)) + str.WriteString("\n") + } + + fmt.Print(str.String()) +} diff --git a/core/log_printer_test.go b/core/log_printer_test.go new file mode 100644 index 0000000..4349749 --- /dev/null +++ b/core/log_printer_test.go @@ -0,0 +1,124 @@ +package core + +import ( + "context" + "database/sql" + "log/slog" + "os" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/logger" +) + +func TestBaseAppLoggerLevelDevPrint(t *testing.T) { + testLogLevel := 4 + + scenarios := []struct { + name string + isDev bool + levels []int + printedLevels []int + persistedLevels []int + }{ + { + "dev mode", + true, + []int{testLogLevel - 1, testLogLevel, testLogLevel + 1}, + []int{testLogLevel - 1, testLogLevel, testLogLevel + 1}, + []int{testLogLevel, testLogLevel + 1}, + }, + { + "nondev mode", + false, + []int{testLogLevel - 1, testLogLevel, testLogLevel + 1}, + []int{}, + []int{testLogLevel, testLogLevel + 1}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + const testDataDir = "./pb_base_app_test_data_dir/" + defer os.RemoveAll(testDataDir) + + app := NewBaseApp(BaseAppConfig{ + DataDir: testDataDir, + IsDev: s.isDev, + }) + defer app.ResetBootstrapState() + + if err := app.Bootstrap(); err != nil { + t.Fatal(err) + } + + // silence query logs + app.concurrentDB.(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {} + app.concurrentDB.(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {} + app.nonconcurrentDB.(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {} + app.nonconcurrentDB.(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {} + + app.Settings().Logs.MinLevel = testLogLevel + if err := app.Save(app.Settings()); err != nil { + t.Fatal(err) + } + + var printedLevels []int + var persistedLevels []int + + ctx := context.Background() + + // track printed logs + originalPrintLog := printLog + defer func() { + printLog = originalPrintLog + }() + printLog = func(log *logger.Log) { + printedLevels = append(printedLevels, int(log.Level)) + } + + // track persisted logs + app.OnModelAfterCreateSuccess("_logs").BindFunc(func(e *ModelEvent) error { + l, ok := e.Model.(*Log) + if ok { + persistedLevels = append(persistedLevels, l.Level) + } + return e.Next() + }) + + // write and persist logs + for _, l := range s.levels { + app.Logger().Log(ctx, slog.Level(l), "test") + } + handler, ok := app.Logger().Handler().(*logger.BatchHandler) + if !ok { + t.Fatalf("Expected BatchHandler, got %v", app.Logger().Handler()) + } + if err := handler.WriteAll(ctx); err != nil { + t.Fatalf("Failed to write all logs: %v", err) + } + + // check persisted log levels + if len(s.persistedLevels) != len(persistedLevels) { + t.Fatalf("Expected persisted levels \n%v\ngot\n%v", s.persistedLevels, persistedLevels) + } + for _, l := range persistedLevels { + if !list.ExistInSlice(l, s.persistedLevels) { + t.Fatalf("Missing expected persisted level %v in %v", l, persistedLevels) + } + } + + // check printed log levels + if len(s.printedLevels) != len(printedLevels) { + t.Fatalf("Expected printed levels \n%v\ngot\n%v", s.printedLevels, printedLevels) + } + for _, l := range printedLevels { + if !list.ExistInSlice(l, s.printedLevels) { + t.Fatalf("Missing expected printed level %v in %v", l, printedLevels) + } + } + }) + } +} diff --git a/core/log_query.go b/core/log_query.go new file mode 100644 index 0000000..a1ebc77 --- /dev/null +++ b/core/log_query.go @@ -0,0 +1,65 @@ +package core + +import ( + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/types" +) + +// LogQuery returns a new Log select query. +func (app *BaseApp) LogQuery() *dbx.SelectQuery { + return app.AuxModelQuery(&Log{}) +} + +// FindLogById finds a single Log entry by its id. +func (app *BaseApp) FindLogById(id string) (*Log, error) { + model := &Log{} + + err := app.LogQuery(). + AndWhere(dbx.HashExp{"id": id}). + Limit(1). + One(model) + + if err != nil { + return nil, err + } + + return model, nil +} + +// LogsStatsItem defines the total number of logs for a specific time period. +type LogsStatsItem struct { + Date types.DateTime `db:"date" json:"date"` + Total int `db:"total" json:"total"` +} + +// LogsStats returns hourly grouped logs statistics. +func (app *BaseApp) LogsStats(expr dbx.Expression) ([]*LogsStatsItem, error) { + result := []*LogsStatsItem{} + + query := app.LogQuery(). + Select("count(id) as total", "strftime('%Y-%m-%d %H:00:00', created) as date"). + GroupBy("date") + + if expr != nil { + query.AndWhere(expr) + } + + err := query.All(&result) + + return result, err +} + +// DeleteOldLogs delete all logs that are created before createdBefore. +// +// For better performance the logs delete is executed as plain SQL statement, +// aka. no delete model hook events will be fired. +func (app *BaseApp) DeleteOldLogs(createdBefore time.Time) error { + formattedDate := createdBefore.UTC().Format(types.DefaultDateLayout) + expr := dbx.NewExp("[[created]] <= {:date}", dbx.Params{"date": formattedDate}) + + _, err := app.auxNonconcurrentDB.Delete((&Log{}).TableName(), expr).Execute() + + return err +} diff --git a/core/log_query_test.go b/core/log_query_test.go new file mode 100644 index 0000000..df36198 --- /dev/null +++ b/core/log_query_test.go @@ -0,0 +1,114 @@ +package core_test + +import ( + "encoding/json" + "fmt" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestFindLogById(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + tests.StubLogsData(app) + + scenarios := []struct { + id string + expectError bool + }{ + {"", true}, + {"invalid", true}, + {"00000000-9f38-44fb-bf82-c8f53b310d91", true}, + {"873f2133-9f38-44fb-bf82-c8f53b310d91", false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.id), func(t *testing.T) { + log, err := app.FindLogById(s.id) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if log != nil && log.Id != s.id { + t.Fatalf("Expected log with id %q, got %q", s.id, log.Id) + } + }) + } +} + +func TestLogsStats(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + tests.StubLogsData(app) + + expected := `[{"date":"2022-05-01 10:00:00.000Z","total":1},{"date":"2022-05-02 10:00:00.000Z","total":1}]` + + now := time.Now().UTC().Format(types.DefaultDateLayout) + exp := dbx.NewExp("[[created]] <= {:date}", dbx.Params{"date": now}) + result, err := app.LogsStats(exp) + if err != nil { + t.Fatal(err) + } + + encoded, _ := json.Marshal(result) + if string(encoded) != expected { + t.Fatalf("Expected\n%q\ngot\n%q", expected, string(encoded)) + } +} + +func TestDeleteOldLogs(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + tests.StubLogsData(app) + + scenarios := []struct { + date string + expectedTotal int + }{ + {"2022-01-01 10:00:00.000Z", 2}, // no logs to delete before that time + {"2022-05-01 11:00:00.000Z", 1}, // only 1 log should have left + {"2022-05-03 11:00:00.000Z", 0}, // no more logs should have left + {"2022-05-04 11:00:00.000Z", 0}, // no more logs should have left + } + + for _, s := range scenarios { + t.Run(s.date, func(t *testing.T) { + date, dateErr := time.Parse(types.DefaultDateLayout, s.date) + if dateErr != nil { + t.Fatalf("Date error %v", dateErr) + } + + deleteErr := app.DeleteOldLogs(date) + if deleteErr != nil { + t.Fatalf("Delete error %v", deleteErr) + } + + // check total remaining logs + var total int + countErr := app.AuxModelQuery(&core.Log{}).Select("count(*)").Row(&total) + if countErr != nil { + t.Errorf("Count error %v", countErr) + } + + if total != s.expectedTotal { + t.Errorf("Expected %d remaining logs, got %d", s.expectedTotal, total) + } + }) + } +} diff --git a/core/mfa_model.go b/core/mfa_model.go new file mode 100644 index 0000000..d2d2eb1 --- /dev/null +++ b/core/mfa_model.go @@ -0,0 +1,157 @@ +package core + +import ( + "context" + "errors" + "time" + + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/types" +) + +const ( + MFAMethodPassword = "password" + MFAMethodOAuth2 = "oauth2" + MFAMethodOTP = "otp" +) + +const CollectionNameMFAs = "_mfas" + +var ( + _ Model = (*MFA)(nil) + _ PreValidator = (*MFA)(nil) + _ RecordProxy = (*MFA)(nil) +) + +// MFA defines a Record proxy for working with the mfas collection. +type MFA struct { + *Record +} + +// NewMFA instantiates and returns a new blank *MFA model. +// +// Example usage: +// +// mfa := core.NewMFA(app) +// mfa.SetRecordRef(user.Id) +// mfa.SetCollectionRef(user.Collection().Id) +// mfa.SetMethod(core.MFAMethodPassword) +// app.Save(mfa) +func NewMFA(app App) *MFA { + m := &MFA{} + + c, err := app.FindCachedCollectionByNameOrId(CollectionNameMFAs) + if err != nil { + // this is just to make tests easier since mfa is a system collection and it is expected to be always accessible + // (note: the loaded record is further checked on MFA.PreValidate()) + c = NewBaseCollection("@__invalid__") + } + + m.Record = NewRecord(c) + + return m +} + +// PreValidate implements the [PreValidator] interface and checks +// whether the proxy is properly loaded. +func (m *MFA) PreValidate(ctx context.Context, app App) error { + if m.Record == nil || m.Record.Collection().Name != CollectionNameMFAs { + return errors.New("missing or invalid mfa ProxyRecord") + } + + return nil +} + +// ProxyRecord returns the proxied Record model. +func (m *MFA) ProxyRecord() *Record { + return m.Record +} + +// SetProxyRecord loads the specified record model into the current proxy. +func (m *MFA) SetProxyRecord(record *Record) { + m.Record = record +} + +// CollectionRef returns the "collectionRef" field value. +func (m *MFA) CollectionRef() string { + return m.GetString("collectionRef") +} + +// SetCollectionRef updates the "collectionRef" record field value. +func (m *MFA) SetCollectionRef(collectionId string) { + m.Set("collectionRef", collectionId) +} + +// RecordRef returns the "recordRef" record field value. +func (m *MFA) RecordRef() string { + return m.GetString("recordRef") +} + +// SetRecordRef updates the "recordRef" record field value. +func (m *MFA) SetRecordRef(recordId string) { + m.Set("recordRef", recordId) +} + +// Method returns the "method" record field value. +func (m *MFA) Method() string { + return m.GetString("method") +} + +// SetMethod updates the "method" record field value. +func (m *MFA) SetMethod(method string) { + m.Set("method", method) +} + +// Created returns the "created" record field value. +func (m *MFA) Created() types.DateTime { + return m.GetDateTime("created") +} + +// Updated returns the "updated" record field value. +func (m *MFA) Updated() types.DateTime { + return m.GetDateTime("updated") +} + +// HasExpired checks if the mfa is expired, aka. whether it has been +// more than maxElapsed time since its creation. +func (m *MFA) HasExpired(maxElapsed time.Duration) bool { + return time.Since(m.Created().Time()) > maxElapsed +} + +func (app *BaseApp) registerMFAHooks() { + recordRefHooks[*MFA](app, CollectionNameMFAs, CollectionTypeAuth) + + // run on every hour to cleanup expired mfa sessions + app.Cron().Add("__pbMFACleanup__", "0 * * * *", func() { + if err := app.DeleteExpiredMFAs(); err != nil { + app.Logger().Warn("Failed to delete expired MFA sessions", "error", err) + } + }) + + // delete existing mfas on password change + app.OnRecordUpdate().Bind(&hook.Handler[*RecordEvent]{ + Func: func(e *RecordEvent) error { + err := e.Next() + if err != nil || !e.Record.Collection().IsAuth() { + return err + } + + old := e.Record.Original().GetString(FieldNamePassword + ":hash") + new := e.Record.GetString(FieldNamePassword + ":hash") + if old != new { + err = e.App.DeleteAllMFAsByRecord(e.Record) + if err != nil { + e.App.Logger().Warn( + "Failed to delete all previous mfas", + "error", err, + "recordId", e.Record.Id, + "collectionId", e.Record.Collection().Id, + ) + } + } + + return nil + }, + Priority: 99, + }) +} diff --git a/core/mfa_model_test.go b/core/mfa_model_test.go new file mode 100644 index 0000000..9766974 --- /dev/null +++ b/core/mfa_model_test.go @@ -0,0 +1,302 @@ +package core_test + +import ( + "fmt" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNewMFA(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfa := core.NewMFA(app) + + if mfa.Collection().Name != core.CollectionNameMFAs { + t.Fatalf("Expected record with %q collection, got %q", core.CollectionNameMFAs, mfa.Collection().Name) + } +} + +func TestMFAProxyRecord(t *testing.T) { + t.Parallel() + + record := core.NewRecord(core.NewBaseCollection("test")) + record.Id = "test_id" + + mfa := core.MFA{} + mfa.SetProxyRecord(record) + + if mfa.ProxyRecord() == nil || mfa.ProxyRecord().Id != record.Id { + t.Fatalf("Expected proxy record with id %q, got %v", record.Id, mfa.ProxyRecord()) + } +} + +func TestMFARecordRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfa := core.NewMFA(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + mfa.SetRecordRef(testValue) + + if v := mfa.RecordRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := mfa.GetString("recordRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestMFACollectionRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfa := core.NewMFA(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + mfa.SetCollectionRef(testValue) + + if v := mfa.CollectionRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := mfa.GetString("collectionRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestMFAMethod(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfa := core.NewMFA(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + mfa.SetMethod(testValue) + + if v := mfa.Method(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := mfa.GetString("method"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestMFACreated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfa := core.NewMFA(app) + + if v := mfa.Created().String(); v != "" { + t.Fatalf("Expected empty created, got %q", v) + } + + now := types.NowDateTime() + mfa.SetRaw("created", now) + + if v := mfa.Created().String(); v != now.String() { + t.Fatalf("Expected %q created, got %q", now.String(), v) + } +} + +func TestMFAUpdated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfa := core.NewMFA(app) + + if v := mfa.Updated().String(); v != "" { + t.Fatalf("Expected empty updated, got %q", v) + } + + now := types.NowDateTime() + mfa.SetRaw("updated", now) + + if v := mfa.Updated().String(); v != now.String() { + t.Fatalf("Expected %q updated, got %q", now.String(), v) + } +} + +func TestMFAHasExpired(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + now := types.NowDateTime() + + mfa := core.NewMFA(app) + mfa.SetRaw("created", now.Add(-5*time.Minute)) + + scenarios := []struct { + maxElapsed time.Duration + expected bool + }{ + {0 * time.Minute, true}, + {3 * time.Minute, true}, + {5 * time.Minute, true}, + {6 * time.Minute, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.maxElapsed.String()), func(t *testing.T) { + result := mfa.HasExpired(s.maxElapsed) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestMFAPreValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + mfasCol, err := app.FindCollectionByNameOrId(core.CollectionNameMFAs) + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + t.Run("no proxy record", func(t *testing.T) { + mfa := &core.MFA{} + + if err := app.Validate(mfa); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("non-MFA collection", func(t *testing.T) { + mfa := &core.MFA{} + mfa.SetProxyRecord(core.NewRecord(core.NewBaseCollection("invalid"))) + mfa.SetRecordRef(user.Id) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetMethod("test123") + + if err := app.Validate(mfa); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("MFA collection", func(t *testing.T) { + mfa := &core.MFA{} + mfa.SetProxyRecord(core.NewRecord(mfasCol)) + mfa.SetRecordRef(user.Id) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetMethod("test123") + + if err := app.Validate(mfa); err != nil { + t.Fatalf("Expected nil validation error, got %v", err) + } + }) +} + +func TestMFAValidateHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + mfa func() *core.MFA + expectErrors []string + }{ + { + "empty", + func() *core.MFA { + return core.NewMFA(app) + }, + []string{"collectionRef", "recordRef", "method"}, + }, + { + "non-auth collection", + func() *core.MFA { + mfa := core.NewMFA(app) + mfa.SetCollectionRef(demo1.Collection().Id) + mfa.SetRecordRef(demo1.Id) + mfa.SetMethod("test123") + return mfa + }, + []string{"collectionRef"}, + }, + { + "missing record id", + func() *core.MFA { + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef("missing") + mfa.SetMethod("test123") + return mfa + }, + []string{"recordRef"}, + }, + { + "valid ref", + func() *core.MFA { + mfa := core.NewMFA(app) + mfa.SetCollectionRef(user.Collection().Id) + mfa.SetRecordRef(user.Id) + mfa.SetMethod("test123") + return mfa + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := app.Validate(s.mfa()) + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} diff --git a/core/mfa_query.go b/core/mfa_query.go new file mode 100644 index 0000000..1ccfd45 --- /dev/null +++ b/core/mfa_query.go @@ -0,0 +1,117 @@ +package core + +import ( + "errors" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/types" +) + +// FindAllMFAsByRecord returns all MFA models linked to the provided auth record. +func (app *BaseApp) FindAllMFAsByRecord(authRecord *Record) ([]*MFA, error) { + result := []*MFA{} + + err := app.RecordQuery(CollectionNameMFAs). + AndWhere(dbx.HashExp{ + "collectionRef": authRecord.Collection().Id, + "recordRef": authRecord.Id, + }). + OrderBy("created DESC"). + All(&result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindAllMFAsByCollection returns all MFA models linked to the provided collection. +func (app *BaseApp) FindAllMFAsByCollection(collection *Collection) ([]*MFA, error) { + result := []*MFA{} + + err := app.RecordQuery(CollectionNameMFAs). + AndWhere(dbx.HashExp{"collectionRef": collection.Id}). + OrderBy("created DESC"). + All(&result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindMFAById returns a single MFA model by its id. +func (app *BaseApp) FindMFAById(id string) (*MFA, error) { + result := &MFA{} + + err := app.RecordQuery(CollectionNameMFAs). + AndWhere(dbx.HashExp{"id": id}). + Limit(1). + One(result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// DeleteAllMFAsByRecord deletes all MFA models associated with the provided record. +// +// Returns a combined error with the failed deletes. +func (app *BaseApp) DeleteAllMFAsByRecord(authRecord *Record) error { + models, err := app.FindAllMFAsByRecord(authRecord) + if err != nil { + return err + } + + var errs []error + for _, m := range models { + if err := app.Delete(m); err != nil { + errs = append(errs, err) + } + } + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} + +// DeleteExpiredMFAs deletes the expired MFAs for all auth collections. +func (app *BaseApp) DeleteExpiredMFAs() error { + authCollections, err := app.FindAllCollections(CollectionTypeAuth) + if err != nil { + return err + } + + // note: perform even if MFA is disabled to ensure that there are no dangling old records + for _, collection := range authCollections { + minValidDate, err := types.ParseDateTime(time.Now().Add(-1 * collection.MFA.DurationTime())) + if err != nil { + return err + } + + items := []*Record{} + + err = app.RecordQuery(CollectionNameMFAs). + AndWhere(dbx.HashExp{"collectionRef": collection.Id}). + AndWhere(dbx.NewExp("[[created]] < {:date}", dbx.Params{"date": minValidDate})). + All(&items) + if err != nil { + return err + } + + for _, item := range items { + err = app.Delete(item) + if err != nil { + return err + } + } + } + + return nil +} diff --git a/core/mfa_query_test.go b/core/mfa_query_test.go new file mode 100644 index 0000000..e26e2b3 --- /dev/null +++ b/core/mfa_query_test.go @@ -0,0 +1,311 @@ +package core_test + +import ( + "fmt" + "slices" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestFindAllMFAsByRecord(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + superuser4, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test4@example.com") + if err != nil { + t.Fatal(err) + } + + user1, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + expected []string + }{ + {demo1, nil}, + {superuser2, []string{"superuser2_0", "superuser2_3", "superuser2_2", "superuser2_1", "superuser2_4"}}, + {superuser4, nil}, + {user1, []string{"user1_0"}}, + } + + for _, s := range scenarios { + t.Run(s.record.Collection().Name+"_"+s.record.Id, func(t *testing.T) { + result, err := app.FindAllMFAsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total mfas %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindAllMFAsByCollection(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + + clients, err := app.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + users, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + collection *core.Collection + expected []string + }{ + {demo1, nil}, + {superusers, []string{ + "superuser2_0", + "superuser2_3", + "superuser3_0", + "superuser2_2", + "superuser3_1", + "superuser2_1", + "superuser2_4", + }}, + {clients, nil}, + {users, []string{"user1_0"}}, + } + + for _, s := range scenarios { + t.Run(s.collection.Name, func(t *testing.T) { + result, err := app.FindAllMFAsByCollection(s.collection) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total mfas %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindMFAById(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + + scenarios := []struct { + id string + expectError bool + }{ + {"", true}, + {"84nmscqy84lsi1t", true}, // non-mfa id + {"superuser2_0", false}, + {"superuser2_4", false}, // expired + {"user1_0", false}, + } + + for _, s := range scenarios { + t.Run(s.id, func(t *testing.T) { + result, err := app.FindMFAById(s.id) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if result.Id != s.id { + t.Fatalf("Expected record with id %q, got %q", s.id, result.Id) + } + }) + } +} + +func TestDeleteAllMFAsByRecord(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + demo1, err := testApp.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + superuser4, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test4@example.com") + if err != nil { + t.Fatal(err) + } + + user1, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + deletedIds []string + }{ + {demo1, nil}, // non-auth record + {superuser2, []string{"superuser2_0", "superuser2_1", "superuser2_3", "superuser2_2", "superuser2_4"}}, + {superuser4, nil}, + {user1, []string{"user1_0"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.record.Collection().Name, s.record.Id), func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + + deletedIds := []string{} + app.OnRecordAfterDeleteSuccess().BindFunc(func(e *core.RecordEvent) error { + deletedIds = append(deletedIds, e.Record.Id) + return e.Next() + }) + + err := app.DeleteAllMFAsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(deletedIds) != len(s.deletedIds) { + t.Fatalf("Expected deleted ids\n%v\ngot\n%v", s.deletedIds, deletedIds) + } + + for _, id := range s.deletedIds { + if !slices.Contains(deletedIds, id) { + t.Errorf("Expected to find deleted id %q in %v", id, deletedIds) + } + } + }) + } +} + +func TestDeleteExpiredMFAs(t *testing.T) { + t.Parallel() + + checkDeletedIds := func(app core.App, t *testing.T, expectedDeletedIds []string) { + if err := tests.StubMFARecords(app); err != nil { + t.Fatal(err) + } + + deletedIds := []string{} + app.OnRecordDelete().BindFunc(func(e *core.RecordEvent) error { + deletedIds = append(deletedIds, e.Record.Id) + return e.Next() + }) + + if err := app.DeleteExpiredMFAs(); err != nil { + t.Fatal(err) + } + + if len(deletedIds) != len(expectedDeletedIds) { + t.Fatalf("Expected deleted ids\n%v\ngot\n%v", expectedDeletedIds, deletedIds) + } + + for _, id := range expectedDeletedIds { + if !slices.Contains(deletedIds, id) { + t.Errorf("Expected to find deleted id %q in %v", id, deletedIds) + } + } + } + + t.Run("default test collections", func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + checkDeletedIds(app, t, []string{ + "user1_0", + "superuser2_1", + "superuser2_4", + }) + }) + + t.Run("mfa collection duration mock", func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + superusers.MFA.Duration = 60 + if err := app.Save(superusers); err != nil { + t.Fatalf("Failed to mock superusers mfa duration: %v", err) + } + + checkDeletedIds(app, t, []string{ + "user1_0", + "superuser2_1", + "superuser2_2", + "superuser2_4", + "superuser3_1", + }) + }) +} diff --git a/core/migrations_list.go b/core/migrations_list.go new file mode 100644 index 0000000..dc54181 --- /dev/null +++ b/core/migrations_list.go @@ -0,0 +1,83 @@ +package core + +import ( + "path/filepath" + "runtime" + "sort" +) + +type Migration struct { + Up func(txApp App) error + Down func(txApp App) error + File string + ReapplyCondition func(txApp App, runner *MigrationsRunner, fileName string) (bool, error) +} + +// MigrationsList defines a list with migration definitions +type MigrationsList struct { + list []*Migration +} + +// Item returns a single migration from the list by its index. +func (l *MigrationsList) Item(index int) *Migration { + return l.list[index] +} + +// Items returns the internal migrations list slice. +func (l *MigrationsList) Items() []*Migration { + return l.list +} + +// Copy copies all provided list migrations into the current one. +func (l *MigrationsList) Copy(list MigrationsList) { + for _, item := range list.Items() { + l.Register(item.Up, item.Down, item.File) + } +} + +// Add adds adds an existing migration definition to the list. +// +// If m.File is not provided, it will try to get the name from its .go file. +// +// The list will be sorted automatically based on the migrations file name. +func (l *MigrationsList) Add(m *Migration) { + if m.File == "" { + _, path, _, _ := runtime.Caller(1) + m.File = filepath.Base(path) + } + + l.list = append(l.list, m) + + sort.SliceStable(l.list, func(i int, j int) bool { + return l.list[i].File < l.list[j].File + }) +} + +// Register adds new migration definition to the list. +// +// If optFilename is not provided, it will try to get the name from its .go file. +// +// The list will be sorted automatically based on the migrations file name. +func (l *MigrationsList) Register( + up func(txApp App) error, + down func(txApp App) error, + optFilename ...string, +) { + var file string + if len(optFilename) > 0 { + file = optFilename[0] + } else { + _, path, _, _ := runtime.Caller(1) + file = filepath.Base(path) + } + + l.list = append(l.list, &Migration{ + File: file, + Up: up, + Down: down, + }) + + sort.SliceStable(l.list, func(i int, j int) bool { + return l.list[i].File < l.list[j].File + }) +} diff --git a/core/migrations_list_test.go b/core/migrations_list_test.go new file mode 100644 index 0000000..36acd40 --- /dev/null +++ b/core/migrations_list_test.go @@ -0,0 +1,48 @@ +package core_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/core" +) + +func TestMigrationsList(t *testing.T) { + l1 := core.MigrationsList{} + l1.Add(&core.Migration{File: "5_test.go"}) + l1.Add(&core.Migration{ /* auto detect file name */ }) + l1.Register(nil, nil, "3_test.go") + l1.Register(nil, nil, "1_test.go") + l1.Register(nil, nil, "2_test.go") + l1.Register(nil, nil /* auto detect file name */) + + l2 := core.MigrationsList{} + l2.Register(nil, nil, "4_test.go") + l2.Copy(l1) + + expected := []string{ + "1_test.go", + "2_test.go", + "3_test.go", + "4_test.go", + "5_test.go", + // twice because there 2 test migrations with auto filename + "migrations_list_test.go", + "migrations_list_test.go", + } + + items := l2.Items() + if len(items) != len(expected) { + names := make([]string, len(items)) + for i, item := range items { + names[i] = item.File + } + t.Fatalf("Expected %d items, got %d:\n%v", len(expected), len(names), names) + } + + for i, name := range expected { + item := l2.Item(i) + if item.File != name { + t.Fatalf("Expected name %s for index %d, got %s", name, i, item.File) + } + } +} diff --git a/core/migrations_runner.go b/core/migrations_runner.go new file mode 100644 index 0000000..9b0ff76 --- /dev/null +++ b/core/migrations_runner.go @@ -0,0 +1,317 @@ +package core + +import ( + "fmt" + "strings" + "time" + + "github.com/fatih/color" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/osutils" + "github.com/spf13/cast" +) + +var AppMigrations MigrationsList +var SystemMigrations MigrationsList + +const DefaultMigrationsTable = "_migrations" + +// MigrationsRunner defines a simple struct for managing the execution of db migrations. +type MigrationsRunner struct { + app App + tableName string + migrationsList MigrationsList + inited bool +} + +// NewMigrationsRunner creates and initializes a new db migrations MigrationsRunner instance. +func NewMigrationsRunner(app App, migrationsList MigrationsList) *MigrationsRunner { + return &MigrationsRunner{ + app: app, + migrationsList: migrationsList, + tableName: DefaultMigrationsTable, + } +} + +// Run interactively executes the current runner with the provided args. +// +// The following commands are supported: +// - up - applies all migrations +// - down [n] - reverts the last n (default 1) applied migrations +// - history-sync - syncs the migrations table with the runner's migrations list +func (r *MigrationsRunner) Run(args ...string) error { + if err := r.initMigrationsTable(); err != nil { + return err + } + + cmd := "up" + if len(args) > 0 { + cmd = args[0] + } + + switch cmd { + case "up": + applied, err := r.Up() + if err != nil { + return err + } + + if len(applied) == 0 { + color.Green("No new migrations to apply.") + } else { + for _, file := range applied { + color.Green("Applied %s", file) + } + } + + return nil + case "down": + toRevertCount := 1 + if len(args) > 1 { + toRevertCount = cast.ToInt(args[1]) + if toRevertCount < 0 { + // revert all applied migrations + toRevertCount = len(r.migrationsList.Items()) + } + } + + names, err := r.lastAppliedMigrations(toRevertCount) + if err != nil { + return err + } + + confirm := osutils.YesNoPrompt(fmt.Sprintf( + "\n%v\nDo you really want to revert the last %d applied migration(s)?", + strings.Join(names, "\n"), + toRevertCount, + ), false) + if !confirm { + fmt.Println("The command has been cancelled") + return nil + } + + reverted, err := r.Down(toRevertCount) + if err != nil { + return err + } + + if len(reverted) == 0 { + color.Green("No migrations to revert.") + } else { + for _, file := range reverted { + color.Green("Reverted %s", file) + } + } + + return nil + case "history-sync": + if err := r.RemoveMissingAppliedMigrations(); err != nil { + return err + } + + color.Green("The %s table was synced with the available migrations.", r.tableName) + return nil + default: + return fmt.Errorf("unsupported command: %q", cmd) + } +} + +// Up executes all unapplied migrations for the provided runner. +// +// On success returns list with the applied migrations file names. +func (r *MigrationsRunner) Up() ([]string, error) { + if err := r.initMigrationsTable(); err != nil { + return nil, err + } + + applied := []string{} + + err := r.app.AuxRunInTransaction(func(txApp App) error { + return txApp.RunInTransaction(func(txApp App) error { + for _, m := range r.migrationsList.Items() { + // applied migrations check + if r.isMigrationApplied(txApp, m.File) { + if m.ReapplyCondition == nil { + continue // no need to reapply + } + + shouldReapply, err := m.ReapplyCondition(txApp, r, m.File) + if err != nil { + return err + } + if !shouldReapply { + continue + } + + // clear previous history stored entry + // (it will be recreated after successful execution) + r.saveRevertedMigration(txApp, m.File) + } + + // ignore empty Up action + if m.Up != nil { + if err := m.Up(txApp); err != nil { + return fmt.Errorf("failed to apply migration %s: %w", m.File, err) + } + } + + if err := r.saveAppliedMigration(txApp, m.File); err != nil { + return fmt.Errorf("failed to save applied migration info for %s: %w", m.File, err) + } + + applied = append(applied, m.File) + } + + return nil + }) + }) + + if err != nil { + return nil, err + } + return applied, nil +} + +// Down reverts the last `toRevertCount` applied migrations +// (in the order they were applied). +// +// On success returns list with the reverted migrations file names. +func (r *MigrationsRunner) Down(toRevertCount int) ([]string, error) { + if err := r.initMigrationsTable(); err != nil { + return nil, err + } + + reverted := make([]string, 0, toRevertCount) + + names, appliedErr := r.lastAppliedMigrations(toRevertCount) + if appliedErr != nil { + return nil, appliedErr + } + + err := r.app.AuxRunInTransaction(func(txApp App) error { + return txApp.RunInTransaction(func(txApp App) error { + for _, name := range names { + for _, m := range r.migrationsList.Items() { + if m.File != name { + continue + } + + // revert limit reached + if toRevertCount-len(reverted) <= 0 { + return nil + } + + // ignore empty Down action + if m.Down != nil { + if err := m.Down(txApp); err != nil { + return fmt.Errorf("failed to revert migration %s: %w", m.File, err) + } + } + + if err := r.saveRevertedMigration(txApp, m.File); err != nil { + return fmt.Errorf("failed to save reverted migration info for %s: %w", m.File, err) + } + + reverted = append(reverted, m.File) + } + } + return nil + }) + }) + + if err != nil { + return nil, err + } + + return reverted, nil +} + +// RemoveMissingAppliedMigrations removes the db entries of all applied migrations +// that are not listed in the runner's migrations list. +func (r *MigrationsRunner) RemoveMissingAppliedMigrations() error { + loadedMigrations := r.migrationsList.Items() + + names := make([]any, len(loadedMigrations)) + for i, migration := range loadedMigrations { + names[i] = migration.File + } + + _, err := r.app.DB().Delete(r.tableName, dbx.Not(dbx.HashExp{ + "file": names, + })).Execute() + + return err +} + +func (r *MigrationsRunner) initMigrationsTable() error { + if r.inited { + return nil // already inited + } + + rawQuery := fmt.Sprintf( + "CREATE TABLE IF NOT EXISTS {{%s}} (file VARCHAR(255) PRIMARY KEY NOT NULL, applied INTEGER NOT NULL)", + r.tableName, + ) + + _, err := r.app.DB().NewQuery(rawQuery).Execute() + + if err == nil { + r.inited = true + } + + return err +} + +func (r *MigrationsRunner) isMigrationApplied(txApp App, file string) bool { + var exists int + + err := txApp.DB().Select("(1)"). + From(r.tableName). + Where(dbx.HashExp{"file": file}). + Limit(1). + Row(&exists) + + return err == nil && exists > 0 +} + +func (r *MigrationsRunner) saveAppliedMigration(txApp App, file string) error { + _, err := txApp.DB().Insert(r.tableName, dbx.Params{ + "file": file, + "applied": time.Now().UnixMicro(), + }).Execute() + + return err +} + +func (r *MigrationsRunner) saveRevertedMigration(txApp App, file string) error { + _, err := txApp.DB().Delete(r.tableName, dbx.HashExp{"file": file}).Execute() + + return err +} + +func (r *MigrationsRunner) lastAppliedMigrations(limit int) ([]string, error) { + var files = make([]string, 0, limit) + + loadedMigrations := r.migrationsList.Items() + + names := make([]any, len(loadedMigrations)) + for i, migration := range loadedMigrations { + names[i] = migration.File + } + + err := r.app.DB().Select("file"). + From(r.tableName). + Where(dbx.Not(dbx.HashExp{"applied": nil})). + AndWhere(dbx.HashExp{"file": names}). + // unify microseconds and seconds applied time for backward compatibility + OrderBy("substr(applied||'0000000000000000', 0, 17) DESC"). + AndOrderBy("file DESC"). + Limit(int64(limit)). + Column(&files) + + if err != nil { + return nil, err + } + + return files, nil +} diff --git a/core/migrations_runner_test.go b/core/migrations_runner_test.go new file mode 100644 index 0000000..a4c0c93 --- /dev/null +++ b/core/migrations_runner_test.go @@ -0,0 +1,212 @@ +package core_test + +import ( + "encoding/json" + "fmt" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestMigrationsRunnerUpAndDown(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + callsOrder := []string{} + + l := core.MigrationsList{} + l.Register(func(app core.App) error { + callsOrder = append(callsOrder, "up2") + return nil + }, func(app core.App) error { + callsOrder = append(callsOrder, "down2") + return nil + }, "2_test") + l.Register(func(app core.App) error { + callsOrder = append(callsOrder, "up3") + return nil + }, func(app core.App) error { + callsOrder = append(callsOrder, "down3") + return nil + }, "3_test") + l.Register(func(app core.App) error { + callsOrder = append(callsOrder, "up1") + return nil + }, func(app core.App) error { + callsOrder = append(callsOrder, "down1") + return nil + }, "1_test") + l.Register(func(app core.App) error { + callsOrder = append(callsOrder, "up4") + return nil + }, func(app core.App) error { + callsOrder = append(callsOrder, "down4") + return nil + }, "4_test") + l.Add(&core.Migration{ + Up: func(app core.App) error { + callsOrder = append(callsOrder, "up5") + return nil + }, + Down: func(app core.App) error { + callsOrder = append(callsOrder, "down5") + return nil + }, + File: "5_test", + ReapplyCondition: func(txApp core.App, runner *core.MigrationsRunner, fileName string) (bool, error) { + return true, nil + }, + }) + + runner := core.NewMigrationsRunner(app, l) + + // --------------------------------------------------------------- + // simulate partially out-of-order applied migration + // --------------------------------------------------------------- + + _, err := app.DB().Insert(core.DefaultMigrationsTable, dbx.Params{ + "file": "4_test", + "applied": time.Now().UnixMicro() - 2, + }).Execute() + if err != nil { + t.Fatalf("Failed to insert 5_test migration: %v", err) + } + + _, err = app.DB().Insert(core.DefaultMigrationsTable, dbx.Params{ + "file": "5_test", + "applied": time.Now().UnixMicro() - 1, + }).Execute() + if err != nil { + t.Fatalf("Failed to insert 5_test migration: %v", err) + } + + _, err = app.DB().Insert(core.DefaultMigrationsTable, dbx.Params{ + "file": "2_test", + "applied": time.Now().UnixMicro(), + }).Execute() + if err != nil { + t.Fatalf("Failed to insert 2_test migration: %v", err) + } + + // --------------------------------------------------------------- + // Up() + // --------------------------------------------------------------- + + if _, err := runner.Up(); err != nil { + t.Fatal(err) + } + + expectedUpCallsOrder := `["up1","up3","up5"]` // skip up2 and up4 since they were applied already (up5 has extra reapply condition) + + upCallsOrder, err := json.Marshal(callsOrder) + if err != nil { + t.Fatal(err) + } + + if v := string(upCallsOrder); v != expectedUpCallsOrder { + t.Fatalf("Expected Up() calls order %s, got %s", expectedUpCallsOrder, upCallsOrder) + } + + // --------------------------------------------------------------- + + // reset callsOrder + callsOrder = []string{} + + // simulate unrun migration + l.Register(nil, func(app core.App) error { + callsOrder = append(callsOrder, "down6") + return nil + }, "6_test") + + // simulate applied migrations from different migrations list + _, err = app.DB().Insert(core.DefaultMigrationsTable, dbx.Params{ + "file": "from_different_list", + "applied": time.Now().UnixMicro(), + }).Execute() + if err != nil { + t.Fatalf("Failed to insert from_different_list migration: %v", err) + } + + // --------------------------------------------------------------- + + // --------------------------------------------------------------- + // Down() + // --------------------------------------------------------------- + + if _, err := runner.Down(2); err != nil { + t.Fatal(err) + } + + expectedDownCallsOrder := `["down5","down3"]` // revert in the applied order + + downCallsOrder, err := json.Marshal(callsOrder) + if err != nil { + t.Fatal(err) + } + + if v := string(downCallsOrder); v != expectedDownCallsOrder { + t.Fatalf("Expected Down() calls order %s, got %s", expectedDownCallsOrder, downCallsOrder) + } +} + +func TestMigrationsRunnerRemoveMissingAppliedMigrations(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // mock migrations history + for i := 1; i <= 3; i++ { + _, err := app.DB().Insert(core.DefaultMigrationsTable, dbx.Params{ + "file": fmt.Sprintf("%d_test", i), + "applied": time.Now().UnixMicro(), + }).Execute() + if err != nil { + t.Fatal(err) + } + } + + if !isMigrationApplied(app, "2_test") { + t.Fatalf("Expected 2_test migration to be applied") + } + + // create a runner without 2_test to mock deleted migration + l := core.MigrationsList{} + l.Register(func(app core.App) error { + return nil + }, func(app core.App) error { + return nil + }, "1_test") + l.Register(func(app core.App) error { + return nil + }, func(app core.App) error { + return nil + }, "3_test") + + r := core.NewMigrationsRunner(app, l) + + if err := r.RemoveMissingAppliedMigrations(); err != nil { + t.Fatalf("Failed to remove missing applied migrations: %v", err) + } + + if isMigrationApplied(app, "2_test") { + t.Fatalf("Expected 2_test migration to NOT be applied") + } +} + +func isMigrationApplied(app core.App, file string) bool { + var exists int + + err := app.DB().Select("(1)"). + From(core.DefaultMigrationsTable). + Where(dbx.HashExp{"file": file}). + Limit(1). + Row(&exists) + + return err == nil && exists > 0 +} diff --git a/core/otp_model.go b/core/otp_model.go new file mode 100644 index 0000000..589ce4a --- /dev/null +++ b/core/otp_model.go @@ -0,0 +1,127 @@ +package core + +import ( + "context" + "errors" + "time" + + "github.com/pocketbase/pocketbase/tools/types" +) + +const CollectionNameOTPs = "_otps" + +var ( + _ Model = (*OTP)(nil) + _ PreValidator = (*OTP)(nil) + _ RecordProxy = (*OTP)(nil) +) + +// OTP defines a Record proxy for working with the otps collection. +type OTP struct { + *Record +} + +// NewOTP instantiates and returns a new blank *OTP model. +// +// Example usage: +// +// otp := core.NewOTP(app) +// otp.SetRecordRef(user.Id) +// otp.SetCollectionRef(user.Collection().Id) +// otp.SetPassword(security.RandomStringWithAlphabet(6, "1234567890")) +// app.Save(otp) +func NewOTP(app App) *OTP { + m := &OTP{} + + c, err := app.FindCachedCollectionByNameOrId(CollectionNameOTPs) + if err != nil { + // this is just to make tests easier since otp is a system collection and it is expected to be always accessible + // (note: the loaded record is further checked on OTP.PreValidate()) + c = NewBaseCollection("__invalid__") + } + + m.Record = NewRecord(c) + + return m +} + +// PreValidate implements the [PreValidator] interface and checks +// whether the proxy is properly loaded. +func (m *OTP) PreValidate(ctx context.Context, app App) error { + if m.Record == nil || m.Record.Collection().Name != CollectionNameOTPs { + return errors.New("missing or invalid otp ProxyRecord") + } + + return nil +} + +// ProxyRecord returns the proxied Record model. +func (m *OTP) ProxyRecord() *Record { + return m.Record +} + +// SetProxyRecord loads the specified record model into the current proxy. +func (m *OTP) SetProxyRecord(record *Record) { + m.Record = record +} + +// CollectionRef returns the "collectionRef" field value. +func (m *OTP) CollectionRef() string { + return m.GetString("collectionRef") +} + +// SetCollectionRef updates the "collectionRef" record field value. +func (m *OTP) SetCollectionRef(collectionId string) { + m.Set("collectionRef", collectionId) +} + +// RecordRef returns the "recordRef" record field value. +func (m *OTP) RecordRef() string { + return m.GetString("recordRef") +} + +// SetRecordRef updates the "recordRef" record field value. +func (m *OTP) SetRecordRef(recordId string) { + m.Set("recordRef", recordId) +} + +// SentTo returns the "sentTo" record field value. +// +// It could be any string value (email, phone, message app id, etc.) +// and usually is used as part of the auth flow to update the verified +// user state in case for example the sentTo value matches with the user record email. +func (m *OTP) SentTo() string { + return m.GetString("sentTo") +} + +// SetSentTo updates the "sentTo" record field value. +func (m *OTP) SetSentTo(val string) { + m.Set("sentTo", val) +} + +// Created returns the "created" record field value. +func (m *OTP) Created() types.DateTime { + return m.GetDateTime("created") +} + +// Updated returns the "updated" record field value. +func (m *OTP) Updated() types.DateTime { + return m.GetDateTime("updated") +} + +// HasExpired checks if the otp is expired, aka. whether it has been +// more than maxElapsed time since its creation. +func (m *OTP) HasExpired(maxElapsed time.Duration) bool { + return time.Since(m.Created().Time()) > maxElapsed +} + +func (app *BaseApp) registerOTPHooks() { + recordRefHooks[*OTP](app, CollectionNameOTPs, CollectionTypeAuth) + + // run on every hour to cleanup expired otp sessions + app.Cron().Add("__pbOTPCleanup__", "0 * * * *", func() { + if err := app.DeleteExpiredOTPs(); err != nil { + app.Logger().Warn("Failed to delete expired OTP sessions", "error", err) + } + }) +} diff --git a/core/otp_model_test.go b/core/otp_model_test.go new file mode 100644 index 0000000..f0d5155 --- /dev/null +++ b/core/otp_model_test.go @@ -0,0 +1,302 @@ +package core_test + +import ( + "fmt" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNewOTP(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otp := core.NewOTP(app) + + if otp.Collection().Name != core.CollectionNameOTPs { + t.Fatalf("Expected record with %q collection, got %q", core.CollectionNameOTPs, otp.Collection().Name) + } +} + +func TestOTPProxyRecord(t *testing.T) { + t.Parallel() + + record := core.NewRecord(core.NewBaseCollection("test")) + record.Id = "test_id" + + otp := core.OTP{} + otp.SetProxyRecord(record) + + if otp.ProxyRecord() == nil || otp.ProxyRecord().Id != record.Id { + t.Fatalf("Expected proxy record with id %q, got %v", record.Id, otp.ProxyRecord()) + } +} + +func TestOTPRecordRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otp := core.NewOTP(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + otp.SetRecordRef(testValue) + + if v := otp.RecordRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := otp.GetString("recordRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestOTPCollectionRef(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otp := core.NewOTP(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + otp.SetCollectionRef(testValue) + + if v := otp.CollectionRef(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := otp.GetString("collectionRef"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestOTPSentTo(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otp := core.NewOTP(app) + + testValues := []string{"test_1", "test2", ""} + for i, testValue := range testValues { + t.Run(fmt.Sprintf("%d_%q", i, testValue), func(t *testing.T) { + otp.SetSentTo(testValue) + + if v := otp.SentTo(); v != testValue { + t.Fatalf("Expected getter %q, got %q", testValue, v) + } + + if v := otp.GetString("sentTo"); v != testValue { + t.Fatalf("Expected field value %q, got %q", testValue, v) + } + }) + } +} + +func TestOTPCreated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otp := core.NewOTP(app) + + if v := otp.Created().String(); v != "" { + t.Fatalf("Expected empty created, got %q", v) + } + + now := types.NowDateTime() + otp.SetRaw("created", now) + + if v := otp.Created().String(); v != now.String() { + t.Fatalf("Expected %q created, got %q", now.String(), v) + } +} + +func TestOTPUpdated(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otp := core.NewOTP(app) + + if v := otp.Updated().String(); v != "" { + t.Fatalf("Expected empty updated, got %q", v) + } + + now := types.NowDateTime() + otp.SetRaw("updated", now) + + if v := otp.Updated().String(); v != now.String() { + t.Fatalf("Expected %q updated, got %q", now.String(), v) + } +} + +func TestOTPHasExpired(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + now := types.NowDateTime() + + otp := core.NewOTP(app) + otp.SetRaw("created", now.Add(-5*time.Minute)) + + scenarios := []struct { + maxElapsed time.Duration + expected bool + }{ + {0 * time.Minute, true}, + {3 * time.Minute, true}, + {5 * time.Minute, true}, + {6 * time.Minute, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.maxElapsed.String()), func(t *testing.T) { + result := otp.HasExpired(s.maxElapsed) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestOTPPreValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + otpsCol, err := app.FindCollectionByNameOrId(core.CollectionNameOTPs) + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + t.Run("no proxy record", func(t *testing.T) { + otp := &core.OTP{} + + if err := app.Validate(otp); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("non-OTP collection", func(t *testing.T) { + otp := &core.OTP{} + otp.SetProxyRecord(core.NewRecord(core.NewBaseCollection("invalid"))) + otp.SetRecordRef(user.Id) + otp.SetCollectionRef(user.Collection().Id) + otp.SetPassword("test123") + + if err := app.Validate(otp); err == nil { + t.Fatal("Expected collection validation error") + } + }) + + t.Run("OTP collection", func(t *testing.T) { + otp := &core.OTP{} + otp.SetProxyRecord(core.NewRecord(otpsCol)) + otp.SetRecordRef(user.Id) + otp.SetCollectionRef(user.Collection().Id) + otp.SetPassword("test123") + + if err := app.Validate(otp); err != nil { + t.Fatalf("Expected nil validation error, got %v", err) + } + }) +} + +func TestOTPValidateHook(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + otp func() *core.OTP + expectErrors []string + }{ + { + "empty", + func() *core.OTP { + return core.NewOTP(app) + }, + []string{"collectionRef", "recordRef", "password"}, + }, + { + "non-auth collection", + func() *core.OTP { + otp := core.NewOTP(app) + otp.SetCollectionRef(demo1.Collection().Id) + otp.SetRecordRef(demo1.Id) + otp.SetPassword("test123") + return otp + }, + []string{"collectionRef"}, + }, + { + "missing record id", + func() *core.OTP { + otp := core.NewOTP(app) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef("missing") + otp.SetPassword("test123") + return otp + }, + []string{"recordRef"}, + }, + { + "valid ref", + func() *core.OTP { + otp := core.NewOTP(app) + otp.SetCollectionRef(user.Collection().Id) + otp.SetRecordRef(user.Id) + otp.SetPassword("test123") + return otp + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + errs := app.Validate(s.otp()) + tests.TestValidationErrors(t, errs, s.expectErrors) + }) + } +} diff --git a/core/otp_query.go b/core/otp_query.go new file mode 100644 index 0000000..8b2b4a9 --- /dev/null +++ b/core/otp_query.go @@ -0,0 +1,117 @@ +package core + +import ( + "errors" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/types" +) + +// FindAllOTPsByRecord returns all OTP models linked to the provided auth record. +func (app *BaseApp) FindAllOTPsByRecord(authRecord *Record) ([]*OTP, error) { + result := []*OTP{} + + err := app.RecordQuery(CollectionNameOTPs). + AndWhere(dbx.HashExp{ + "collectionRef": authRecord.Collection().Id, + "recordRef": authRecord.Id, + }). + OrderBy("created DESC"). + All(&result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindAllOTPsByCollection returns all OTP models linked to the provided collection. +func (app *BaseApp) FindAllOTPsByCollection(collection *Collection) ([]*OTP, error) { + result := []*OTP{} + + err := app.RecordQuery(CollectionNameOTPs). + AndWhere(dbx.HashExp{"collectionRef": collection.Id}). + OrderBy("created DESC"). + All(&result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// FindOTPById returns a single OTP model by its id. +func (app *BaseApp) FindOTPById(id string) (*OTP, error) { + result := &OTP{} + + err := app.RecordQuery(CollectionNameOTPs). + AndWhere(dbx.HashExp{"id": id}). + Limit(1). + One(result) + + if err != nil { + return nil, err + } + + return result, nil +} + +// DeleteAllOTPsByRecord deletes all OTP models associated with the provided record. +// +// Returns a combined error with the failed deletes. +func (app *BaseApp) DeleteAllOTPsByRecord(authRecord *Record) error { + models, err := app.FindAllOTPsByRecord(authRecord) + if err != nil { + return err + } + + var errs []error + for _, m := range models { + if err := app.Delete(m); err != nil { + errs = append(errs, err) + } + } + if len(errs) > 0 { + return errors.Join(errs...) + } + + return nil +} + +// DeleteExpiredOTPs deletes the expired OTPs for all auth collections. +func (app *BaseApp) DeleteExpiredOTPs() error { + authCollections, err := app.FindAllCollections(CollectionTypeAuth) + if err != nil { + return err + } + + // note: perform even if OTP is disabled to ensure that there are no dangling old records + for _, collection := range authCollections { + minValidDate, err := types.ParseDateTime(time.Now().Add(-1 * collection.OTP.DurationTime())) + if err != nil { + return err + } + + items := []*Record{} + + err = app.RecordQuery(CollectionNameOTPs). + AndWhere(dbx.HashExp{"collectionRef": collection.Id}). + AndWhere(dbx.NewExp("[[created]] < {:date}", dbx.Params{"date": minValidDate})). + All(&items) + if err != nil { + return err + } + + for _, item := range items { + err = app.Delete(item) + if err != nil { + return err + } + } + } + + return nil +} diff --git a/core/otp_query_test.go b/core/otp_query_test.go new file mode 100644 index 0000000..440ffb9 --- /dev/null +++ b/core/otp_query_test.go @@ -0,0 +1,310 @@ +package core_test + +import ( + "fmt" + "slices" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestFindAllOTPsByRecord(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + superuser4, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test4@example.com") + if err != nil { + t.Fatal(err) + } + + user1, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + expected []string + }{ + {demo1, nil}, + {superuser2, []string{"superuser2_0", "superuser2_1", "superuser2_3", "superuser2_2", "superuser2_4"}}, + {superuser4, nil}, + {user1, []string{"user1_0"}}, + } + + for _, s := range scenarios { + t.Run(s.record.Collection().Name+"_"+s.record.Id, func(t *testing.T) { + result, err := app.FindAllOTPsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total otps %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindAllOTPsByCollection(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + + demo1, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + + clients, err := app.FindCollectionByNameOrId("clients") + if err != nil { + t.Fatal(err) + } + + users, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + collection *core.Collection + expected []string + }{ + {demo1, nil}, + {superusers, []string{ + "superuser2_0", + "superuser2_1", + "superuser2_3", + "superuser3_0", + "superuser3_1", + "superuser2_2", + "superuser2_4", + }}, + {clients, nil}, + {users, []string{"user1_0"}}, + } + + for _, s := range scenarios { + t.Run(s.collection.Name, func(t *testing.T) { + result, err := app.FindAllOTPsByCollection(s.collection) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected total otps %d, got %d", len(s.expected), len(result)) + } + + for i, id := range s.expected { + if result[i].Id != id { + t.Errorf("[%d] Expected id %q, got %q", i, id, result[i].Id) + } + } + }) + } +} + +func TestFindOTPById(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + + scenarios := []struct { + id string + expectError bool + }{ + {"", true}, + {"84nmscqy84lsi1t", true}, // non-otp id + {"superuser2_0", false}, + {"superuser2_4", false}, // expired + {"user1_0", false}, + } + + for _, s := range scenarios { + t.Run(s.id, func(t *testing.T) { + result, err := app.FindOTPById(s.id) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if result.Id != s.id { + t.Fatalf("Expected record with id %q, got %q", s.id, result.Id) + } + }) + } +} + +func TestDeleteAllOTPsByRecord(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + demo1, err := testApp.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + superuser2, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + t.Fatal(err) + } + + superuser4, err := testApp.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test4@example.com") + if err != nil { + t.Fatal(err) + } + + user1, err := testApp.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + deletedIds []string + }{ + {demo1, nil}, // non-auth record + {superuser2, []string{"superuser2_0", "superuser2_1", "superuser2_3", "superuser2_2", "superuser2_4"}}, + {superuser4, nil}, + {user1, []string{"user1_0"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.record.Collection().Name, s.record.Id), func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + + deletedIds := []string{} + app.OnRecordAfterDeleteSuccess().BindFunc(func(e *core.RecordEvent) error { + deletedIds = append(deletedIds, e.Record.Id) + return e.Next() + }) + + err := app.DeleteAllOTPsByRecord(s.record) + if err != nil { + t.Fatal(err) + } + + if len(deletedIds) != len(s.deletedIds) { + t.Fatalf("Expected deleted ids\n%v\ngot\n%v", s.deletedIds, deletedIds) + } + + for _, id := range s.deletedIds { + if !slices.Contains(deletedIds, id) { + t.Errorf("Expected to find deleted id %q in %v", id, deletedIds) + } + } + }) + } +} + +func TestDeleteExpiredOTPs(t *testing.T) { + t.Parallel() + + checkDeletedIds := func(app core.App, t *testing.T, expectedDeletedIds []string) { + if err := tests.StubOTPRecords(app); err != nil { + t.Fatal(err) + } + + deletedIds := []string{} + app.OnRecordAfterDeleteSuccess().BindFunc(func(e *core.RecordEvent) error { + deletedIds = append(deletedIds, e.Record.Id) + return e.Next() + }) + + if err := app.DeleteExpiredOTPs(); err != nil { + t.Fatal(err) + } + + if len(deletedIds) != len(expectedDeletedIds) { + t.Fatalf("Expected deleted ids\n%v\ngot\n%v", expectedDeletedIds, deletedIds) + } + + for _, id := range expectedDeletedIds { + if !slices.Contains(deletedIds, id) { + t.Errorf("Expected to find deleted id %q in %v", id, deletedIds) + } + } + } + + t.Run("default test collections", func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + checkDeletedIds(app, t, []string{ + "user1_0", + "superuser2_2", + "superuser2_4", + }) + }) + + t.Run("otp collection duration mock", func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + superusers, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + t.Fatal(err) + } + superusers.OTP.Duration = 60 + if err := app.Save(superusers); err != nil { + t.Fatalf("Failed to mock superusers otp duration: %v", err) + } + + checkDeletedIds(app, t, []string{ + "user1_0", + "superuser2_2", + "superuser2_4", + "superuser3_1", + }) + }) +} diff --git a/core/record_field_resolver.go b/core/record_field_resolver.go new file mode 100644 index 0000000..b93a7b0 --- /dev/null +++ b/core/record_field_resolver.go @@ -0,0 +1,403 @@ +package core + +import ( + "encoding/json" + "errors" + "fmt" + "slices" + "strconv" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +// filter modifiers +const ( + eachModifier string = "each" + issetModifier string = "isset" + lengthModifier string = "length" + lowerModifier string = "lower" +) + +// ensure that `search.FieldResolver` interface is implemented +var _ search.FieldResolver = (*RecordFieldResolver)(nil) + +// RecordFieldResolver defines a custom search resolver struct for +// managing Record model search fields. +// +// Usually used together with `search.Provider`. +// Example: +// +// resolver := resolvers.NewRecordFieldResolver( +// app, +// myCollection, +// &models.RequestInfo{...}, +// true, +// ) +// provider := search.NewProvider(resolver) +// ... +type RecordFieldResolver struct { + app App + baseCollection *Collection + requestInfo *RequestInfo + staticRequestInfo map[string]any + allowedFields []string + joins []*join + allowHiddenFields bool +} + +// AllowedFields returns a copy of the resolver's allowed fields. +func (r *RecordFieldResolver) AllowedFields() []string { + return slices.Clone(r.allowedFields) +} + +// SetAllowedFields replaces the resolver's allowed fields with the new ones. +func (r *RecordFieldResolver) SetAllowedFields(newAllowedFields []string) { + r.allowedFields = slices.Clone(newAllowedFields) +} + +// AllowHiddenFields returns whether the current resolver allows filtering hidden fields. +func (r *RecordFieldResolver) AllowHiddenFields() bool { + return r.allowHiddenFields +} + +// SetAllowHiddenFields enables or disables hidden fields filtering. +func (r *RecordFieldResolver) SetAllowHiddenFields(allowHiddenFields bool) { + r.allowHiddenFields = allowHiddenFields +} + +// NewRecordFieldResolver creates and initializes a new `RecordFieldResolver`. +func NewRecordFieldResolver( + app App, + baseCollection *Collection, + requestInfo *RequestInfo, + allowHiddenFields bool, +) *RecordFieldResolver { + r := &RecordFieldResolver{ + app: app, + baseCollection: baseCollection, + requestInfo: requestInfo, + allowHiddenFields: allowHiddenFields, // note: it is not based only on the requestInfo.auth since it could be used by a non-request internal method + joins: []*join{}, + allowedFields: []string{ + `^\w+[\w\.\:]*$`, + `^\@request\.context$`, + `^\@request\.method$`, + `^\@request\.auth\.[\w\.\:]*\w+$`, + `^\@request\.body\.[\w\.\:]*\w+$`, + `^\@request\.query\.[\w\.\:]*\w+$`, + `^\@request\.headers\.[\w\.\:]*\w+$`, + `^\@collection\.\w+(\:\w+)?\.[\w\.\:]*\w+$`, + }, + } + + r.staticRequestInfo = map[string]any{} + if r.requestInfo != nil { + r.staticRequestInfo["context"] = r.requestInfo.Context + r.staticRequestInfo["method"] = r.requestInfo.Method + r.staticRequestInfo["query"] = r.requestInfo.Query + r.staticRequestInfo["headers"] = r.requestInfo.Headers + r.staticRequestInfo["body"] = r.requestInfo.Body + r.staticRequestInfo["auth"] = nil + if r.requestInfo.Auth != nil { + authClone := r.requestInfo.Auth.Clone() + r.staticRequestInfo["auth"] = authClone. + Unhide(authClone.Collection().Fields.FieldNames()...). + IgnoreEmailVisibility(true). + PublicExport() + } + } + + return r +} + +// UpdateQuery implements `search.FieldResolver` interface. +// +// Conditionally updates the provided search query based on the +// resolved fields (eg. dynamically joining relations). +func (r *RecordFieldResolver) UpdateQuery(query *dbx.SelectQuery) error { + if len(r.joins) > 0 { + query.Distinct(true) + + for _, join := range r.joins { + query.LeftJoin( + (join.tableName + " " + join.tableAlias), + join.on, + ) + } + } + + return nil +} + +// Resolve implements `search.FieldResolver` interface. +// +// Example of some resolvable fieldName formats: +// +// id +// someSelect.each +// project.screen.status +// screen.project_via_prototype.name +// @request.context +// @request.method +// @request.query.filter +// @request.headers.x_token +// @request.auth.someRelation.name +// @request.body.someRelation.name +// @request.body.someField +// @request.body.someSelect:each +// @request.body.someField:isset +// @collection.product.name +func (r *RecordFieldResolver) Resolve(fieldName string) (*search.ResolverResult, error) { + return parseAndRun(fieldName, r) +} + +func (r *RecordFieldResolver) resolveStaticRequestField(path ...string) (*search.ResolverResult, error) { + if len(path) == 0 { + return nil, errors.New("at least one path key should be provided") + } + + lastProp, modifier, err := splitModifier(path[len(path)-1]) + if err != nil { + return nil, err + } + + path[len(path)-1] = lastProp + + // extract value + resultVal, err := extractNestedVal(r.staticRequestInfo, path...) + if err != nil { + r.app.Logger().Debug("resolveStaticRequestField graceful fallback", "error", err.Error()) + } + + if modifier == issetModifier { + if err != nil { + return &search.ResolverResult{Identifier: "FALSE"}, nil + } + return &search.ResolverResult{Identifier: "TRUE"}, nil + } + + // note: we are ignoring the error because requestInfo is dynamic + // and some of the lookup keys may not be defined for the request + + switch v := resultVal.(type) { + case nil: + return &search.ResolverResult{Identifier: "NULL"}, nil + case string: + // check if it is a number field and explicitly try to cast to + // float in case of a numeric string value was used + // (this usually the case when the data is from a multipart/form-data request) + field := r.baseCollection.Fields.GetByName(path[len(path)-1]) + if field != nil && field.Type() == FieldTypeNumber { + if nv, err := strconv.ParseFloat(v, 64); err == nil { + resultVal = nv + } + } + // otherwise - no further processing is needed... + case bool, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64, float32, float64: + // no further processing is needed... + default: + // non-plain value + // try casting to string (in case for exampe fmt.Stringer is implemented) + val, castErr := cast.ToStringE(v) + + // if that doesn't work, try encoding it + if castErr != nil { + encoded, jsonErr := json.Marshal(v) + if jsonErr == nil { + val = string(encoded) + } + } + + resultVal = val + } + + placeholder := "f" + security.PseudorandomString(8) + + if modifier == lowerModifier { + return &search.ResolverResult{ + Identifier: "LOWER({:" + placeholder + "})", + Params: dbx.Params{placeholder: resultVal}, + }, nil + } + + return &search.ResolverResult{ + Identifier: "{:" + placeholder + "}", + Params: dbx.Params{placeholder: resultVal}, + }, nil +} + +func (r *RecordFieldResolver) loadCollection(collectionNameOrId string) (*Collection, error) { + if collectionNameOrId == r.baseCollection.Name || collectionNameOrId == r.baseCollection.Id { + return r.baseCollection, nil + } + + return getCollectionByModelOrIdentifier(r.app, collectionNameOrId) +} + +func (r *RecordFieldResolver) registerJoin(tableName string, tableAlias string, on dbx.Expression) { + join := &join{ + tableName: tableName, + tableAlias: tableAlias, + on: on, + } + + // replace existing join + for i, j := range r.joins { + if j.tableAlias == join.tableAlias { + r.joins[i] = join + return + } + } + + // register new join + r.joins = append(r.joins, join) +} + +type mapExtractor interface { + AsMap() map[string]any +} + +func extractNestedVal(rawData any, keys ...string) (any, error) { + if len(keys) == 0 { + return nil, errors.New("at least one key should be provided") + } + + switch m := rawData.(type) { + // maps + case map[string]any: + return mapVal(m, keys...) + case map[string]string: + return mapVal(m, keys...) + case map[string]bool: + return mapVal(m, keys...) + case map[string]float32: + return mapVal(m, keys...) + case map[string]float64: + return mapVal(m, keys...) + case map[string]int: + return mapVal(m, keys...) + case map[string]int8: + return mapVal(m, keys...) + case map[string]int16: + return mapVal(m, keys...) + case map[string]int32: + return mapVal(m, keys...) + case map[string]int64: + return mapVal(m, keys...) + case map[string]uint: + return mapVal(m, keys...) + case map[string]uint8: + return mapVal(m, keys...) + case map[string]uint16: + return mapVal(m, keys...) + case map[string]uint32: + return mapVal(m, keys...) + case map[string]uint64: + return mapVal(m, keys...) + case mapExtractor: + return mapVal(m.AsMap(), keys...) + case types.JSONRaw: + var raw any + err := json.Unmarshal(m, &raw) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal raw JSON in order extract nested value from: %w", err) + } + return extractNestedVal(raw, keys...) + + // slices + case []string: + return arrVal(m, keys...) + case []bool: + return arrVal(m, keys...) + case []float32: + return arrVal(m, keys...) + case []float64: + return arrVal(m, keys...) + case []int: + return arrVal(m, keys...) + case []int8: + return arrVal(m, keys...) + case []int16: + return arrVal(m, keys...) + case []int32: + return arrVal(m, keys...) + case []int64: + return arrVal(m, keys...) + case []uint: + return arrVal(m, keys...) + case []uint8: + return arrVal(m, keys...) + case []uint16: + return arrVal(m, keys...) + case []uint32: + return arrVal(m, keys...) + case []uint64: + return arrVal(m, keys...) + case []mapExtractor: + extracted := make([]any, len(m)) + for i, v := range m { + extracted[i] = v.AsMap() + } + return arrVal(extracted, keys...) + case []any: + return arrVal(m, keys...) + case []types.JSONRaw: + return arrVal(m, keys...) + default: + return nil, fmt.Errorf("expected map or array, got %#v", rawData) + } +} + +func mapVal[T any](m map[string]T, keys ...string) (any, error) { + result, ok := m[keys[0]] + if !ok { + return nil, fmt.Errorf("invalid key path - missing key %q", keys[0]) + } + + // end key reached + if len(keys) == 1 { + return result, nil + } + + return extractNestedVal(result, keys[1:]...) +} + +func arrVal[T any](m []T, keys ...string) (any, error) { + idx, err := strconv.Atoi(keys[0]) + if err != nil || idx < 0 || idx >= len(m) { + return nil, fmt.Errorf("invalid key path - invalid or missing array index %q", keys[0]) + } + + result := m[idx] + + // end key reached + if len(keys) == 1 { + return result, nil + } + + return extractNestedVal(result, keys[1:]...) +} + +func splitModifier(combined string) (string, string, error) { + parts := strings.Split(combined, ":") + + if len(parts) != 2 { + return combined, "", nil + } + + // validate modifier + switch parts[1] { + case issetModifier, + eachModifier, + lengthModifier, + lowerModifier: + return parts[0], parts[1], nil + } + + return "", "", fmt.Errorf("unknown modifier in %q", combined) +} diff --git a/core/record_field_resolver_multi_match.go b/core/record_field_resolver_multi_match.go new file mode 100644 index 0000000..bb51efd --- /dev/null +++ b/core/record_field_resolver_multi_match.go @@ -0,0 +1,70 @@ +package core + +import ( + "fmt" + "strings" + + "github.com/pocketbase/dbx" +) + +var _ dbx.Expression = (*multiMatchSubquery)(nil) + +// join defines the specification for a single SQL JOIN clause. +type join struct { + tableName string + tableAlias string + on dbx.Expression +} + +// multiMatchSubquery defines a record multi-match subquery expression. +type multiMatchSubquery struct { + baseTableAlias string + fromTableName string + fromTableAlias string + valueIdentifier string + joins []*join + params dbx.Params +} + +// Build converts the expression into a SQL fragment. +// +// Implements [dbx.Expression] interface. +func (m *multiMatchSubquery) Build(db *dbx.DB, params dbx.Params) string { + if m.baseTableAlias == "" || m.fromTableName == "" || m.fromTableAlias == "" { + return "0=1" + } + + if params == nil { + params = m.params + } else { + // merge by updating the parent params + for k, v := range m.params { + params[k] = v + } + } + + var mergedJoins strings.Builder + for i, j := range m.joins { + if i > 0 { + mergedJoins.WriteString(" ") + } + mergedJoins.WriteString("LEFT JOIN ") + mergedJoins.WriteString(db.QuoteTableName(j.tableName)) + mergedJoins.WriteString(" ") + mergedJoins.WriteString(db.QuoteTableName(j.tableAlias)) + if j.on != nil { + mergedJoins.WriteString(" ON ") + mergedJoins.WriteString(j.on.Build(db, params)) + } + } + + return fmt.Sprintf( + `SELECT %s as [[multiMatchValue]] FROM %s %s %s WHERE %s = %s`, + db.QuoteColumnName(m.valueIdentifier), + db.QuoteTableName(m.fromTableName), + db.QuoteTableName(m.fromTableAlias), + mergedJoins.String(), + db.QuoteColumnName(m.fromTableAlias+".id"), + db.QuoteColumnName(m.baseTableAlias+".id"), + ) +} diff --git a/core/record_field_resolver_runner.go b/core/record_field_resolver_runner.go new file mode 100644 index 0000000..412e330 --- /dev/null +++ b/core/record_field_resolver_runner.go @@ -0,0 +1,792 @@ +package core + +import ( + "encoding/json" + "errors" + "fmt" + "reflect" + "regexp" + "strconv" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +// maxNestedRels defines the max allowed nested relations depth. +const maxNestedRels = 6 + +// list of auth filter fields that don't require join with the auth +// collection or any other extra checks to be resolved. +var plainRequestAuthFields = map[string]struct{}{ + "@request.auth." + FieldNameId: {}, + "@request.auth." + FieldNameCollectionId: {}, + "@request.auth." + FieldNameCollectionName: {}, + "@request.auth." + FieldNameEmail: {}, + "@request.auth." + FieldNameEmailVisibility: {}, + "@request.auth." + FieldNameVerified: {}, +} + +// parseAndRun starts a new one-off RecordFieldResolver.Resolve execution. +func parseAndRun(fieldName string, resolver *RecordFieldResolver) (*search.ResolverResult, error) { + r := &runner{ + fieldName: fieldName, + resolver: resolver, + } + + return r.run() +} + +type runner struct { + used bool // indicates whether the runner was already executed + resolver *RecordFieldResolver // resolver is the shared expression fields resolver + fieldName string // the name of the single field expression the runner is responsible for + + // shared processing state + // --------------------------------------------------------------- + activeProps []string // holds the active props that remains to be processed + activeCollectionName string // the last used collection name + activeTableAlias string // the last used table alias + allowHiddenFields bool // indicates whether hidden fields (eg. email) should be allowed without extra conditions + nullifyMisingField bool // indicating whether to return null on missing field or return an error + withMultiMatch bool // indicates whether to attach a multiMatchSubquery condition to the ResolverResult + multiMatchActiveTableAlias string // the last used multi-match table alias + multiMatch *multiMatchSubquery // the multi-match subquery expression generated from the fieldName +} + +func (r *runner) run() (*search.ResolverResult, error) { + if r.used { + return nil, errors.New("the runner was already used") + } + + if len(r.resolver.allowedFields) > 0 && !list.ExistInSliceWithRegex(r.fieldName, r.resolver.allowedFields) { + return nil, fmt.Errorf("failed to resolve field %q", r.fieldName) + } + + defer func() { + r.used = true + }() + + r.prepare() + + // check for @collection field (aka. non-relational join) + // must be in the format "@collection.COLLECTION_NAME.FIELD[.FIELD2....]" + if r.activeProps[0] == "@collection" { + return r.processCollectionField() + } + + if r.activeProps[0] == "@request" { + if r.resolver.requestInfo == nil { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + + if strings.HasPrefix(r.fieldName, "@request.auth.") { + return r.processRequestAuthField() + } + + if strings.HasPrefix(r.fieldName, "@request.body.") && len(r.activeProps) > 2 { + name, modifier, err := splitModifier(r.activeProps[2]) + if err != nil { + return nil, err + } + + bodyField := r.resolver.baseCollection.Fields.GetByName(name) + if bodyField == nil { + return r.resolver.resolveStaticRequestField(r.activeProps[1:]...) + } + + // check for body relation field + if bodyField.Type() == FieldTypeRelation && len(r.activeProps) > 3 { + return r.processRequestInfoRelationField(bodyField) + } + + // check for body arrayble fields ":each" modifier + if modifier == eachModifier && len(r.activeProps) == 3 { + return r.processRequestInfoEachModifier(bodyField) + } + + // check for body arrayble fields ":length" modifier + if modifier == lengthModifier && len(r.activeProps) == 3 { + return r.processRequestInfoLengthModifier(bodyField) + } + + // check for body arrayble fields ":lower" modifier + if modifier == lowerModifier && len(r.activeProps) == 3 { + return r.processRequestInfoLowerModifier(bodyField) + } + } + + // some other @request.* static field + return r.resolver.resolveStaticRequestField(r.activeProps[1:]...) + } + + // regular field + return r.processActiveProps() +} + +func (r *runner) prepare() { + r.activeProps = strings.Split(r.fieldName, ".") + + r.activeCollectionName = r.resolver.baseCollection.Name + r.activeTableAlias = inflector.Columnify(r.activeCollectionName) + + r.allowHiddenFields = r.resolver.allowHiddenFields + // always allow hidden fields since the @.* filter is a system one + if r.activeProps[0] == "@collection" || r.activeProps[0] == "@request" { + r.allowHiddenFields = true + } + + // enable the ignore flag for missing @request.* fields for backward + // compatibility and consistency with all @request.* filter fields and types + r.nullifyMisingField = r.activeProps[0] == "@request" + + // prepare a multi-match subquery + r.multiMatch = &multiMatchSubquery{ + baseTableAlias: r.activeTableAlias, + params: dbx.Params{}, + } + r.multiMatch.fromTableName = inflector.Columnify(r.activeCollectionName) + r.multiMatch.fromTableAlias = "__mm_" + r.activeTableAlias + r.multiMatchActiveTableAlias = r.multiMatch.fromTableAlias + r.withMultiMatch = false +} + +func (r *runner) processCollectionField() (*search.ResolverResult, error) { + if len(r.activeProps) < 3 { + return nil, fmt.Errorf("invalid @collection field path in %q", r.fieldName) + } + + // nameOrId or nameOrId:alias + collectionParts := strings.SplitN(r.activeProps[1], ":", 2) + + collection, err := r.resolver.loadCollection(collectionParts[0]) + if err != nil { + return nil, fmt.Errorf("failed to load collection %q from field path %q", r.activeProps[1], r.fieldName) + } + + r.activeCollectionName = collection.Name + + if len(collectionParts) == 2 && collectionParts[1] != "" { + r.activeTableAlias = inflector.Columnify("__collection_alias_" + collectionParts[1]) + } else { + r.activeTableAlias = inflector.Columnify("__collection_" + r.activeCollectionName) + } + + r.withMultiMatch = true + + // join the collection to the main query + r.resolver.registerJoin(inflector.Columnify(collection.Name), r.activeTableAlias, nil) + + // join the collection to the multi-match subquery + r.multiMatchActiveTableAlias = "__mm" + r.activeTableAlias + r.multiMatch.joins = append(r.multiMatch.joins, &join{ + tableName: inflector.Columnify(collection.Name), + tableAlias: r.multiMatchActiveTableAlias, + }) + + // leave only the collection fields + // aka. @collection.someCollection.fieldA.fieldB -> fieldA.fieldB + r.activeProps = r.activeProps[2:] + + return r.processActiveProps() +} + +func (r *runner) processRequestAuthField() (*search.ResolverResult, error) { + if r.resolver.requestInfo == nil || r.resolver.requestInfo.Auth == nil || r.resolver.requestInfo.Auth.Collection() == nil { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + + // plain auth field + // --- + if _, ok := plainRequestAuthFields[r.fieldName]; ok { + return r.resolver.resolveStaticRequestField(r.activeProps[1:]...) + } + + // resolve the auth collection field + // --- + collection := r.resolver.requestInfo.Auth.Collection() + + r.activeCollectionName = collection.Name + r.activeTableAlias = "__auth_" + inflector.Columnify(r.activeCollectionName) + + // join the auth collection to the main query + r.resolver.registerJoin( + inflector.Columnify(r.activeCollectionName), + r.activeTableAlias, + dbx.HashExp{ + // aka. __auth_users.id = :userId + (r.activeTableAlias + ".id"): r.resolver.requestInfo.Auth.Id, + }, + ) + + // join the auth collection to the multi-match subquery + r.multiMatchActiveTableAlias = "__mm_" + r.activeTableAlias + r.multiMatch.joins = append( + r.multiMatch.joins, + &join{ + tableName: inflector.Columnify(r.activeCollectionName), + tableAlias: r.multiMatchActiveTableAlias, + on: dbx.HashExp{ + (r.multiMatchActiveTableAlias + ".id"): r.resolver.requestInfo.Auth.Id, + }, + }, + ) + + // leave only the auth relation fields + // aka. @request.auth.fieldA.fieldB -> fieldA.fieldB + r.activeProps = r.activeProps[2:] + + return r.processActiveProps() +} + +// note: nil value is returned as empty slice +func toSlice(value any) []any { + if value == nil { + return []any{} + } + + rv := reflect.ValueOf(value) + + kind := rv.Kind() + if kind != reflect.Slice && kind != reflect.Array { + return []any{value} + } + + rvLen := rv.Len() + + result := make([]interface{}, rvLen) + + for i := 0; i < rvLen; i++ { + result[i] = rv.Index(i).Interface() + } + + return result +} + +func (r *runner) processRequestInfoLowerModifier(bodyField Field) (*search.ResolverResult, error) { + rawValue := cast.ToString(r.resolver.requestInfo.Body[bodyField.GetName()]) + + placeholder := "infoLower" + bodyField.GetName() + security.PseudorandomString(6) + + result := &search.ResolverResult{ + Identifier: "LOWER({:" + placeholder + "})", + Params: dbx.Params{placeholder: rawValue}, + } + + return result, nil +} + +func (r *runner) processRequestInfoLengthModifier(bodyField Field) (*search.ResolverResult, error) { + if _, ok := bodyField.(MultiValuer); !ok { + return nil, fmt.Errorf("field %q doesn't support multivalue operations", bodyField.GetName()) + } + + bodyItems := toSlice(r.resolver.requestInfo.Body[bodyField.GetName()]) + + result := &search.ResolverResult{ + Identifier: strconv.Itoa(len(bodyItems)), + } + + return result, nil +} + +func (r *runner) processRequestInfoEachModifier(bodyField Field) (*search.ResolverResult, error) { + multiValuer, ok := bodyField.(MultiValuer) + if !ok { + return nil, fmt.Errorf("field %q doesn't support multivalue operations", bodyField.GetName()) + } + + bodyItems := toSlice(r.resolver.requestInfo.Body[bodyField.GetName()]) + bodyItemsRaw, err := json.Marshal(bodyItems) + if err != nil { + return nil, fmt.Errorf("cannot serialize the data for field %q", r.activeProps[2]) + } + + placeholder := "dataEach" + security.PseudorandomString(6) + cleanFieldName := inflector.Columnify(bodyField.GetName()) + jeTable := fmt.Sprintf("json_each({:%s})", placeholder) + jeAlias := "__dataEach_" + cleanFieldName + "_je" + r.resolver.registerJoin(jeTable, jeAlias, nil) + + result := &search.ResolverResult{ + Identifier: fmt.Sprintf("[[%s.value]]", jeAlias), + Params: dbx.Params{placeholder: bodyItemsRaw}, + } + + if multiValuer.IsMultiple() { + r.withMultiMatch = true + } + + if r.withMultiMatch { + placeholder2 := "mm" + placeholder + jeTable2 := fmt.Sprintf("json_each({:%s})", placeholder2) + jeAlias2 := "__mm" + jeAlias + + r.multiMatch.joins = append(r.multiMatch.joins, &join{ + tableName: jeTable2, + tableAlias: jeAlias2, + }) + r.multiMatch.params[placeholder2] = bodyItemsRaw + r.multiMatch.valueIdentifier = fmt.Sprintf("[[%s.value]]", jeAlias2) + + result.MultiMatchSubQuery = r.multiMatch + } + + return result, nil +} + +func (r *runner) processRequestInfoRelationField(bodyField Field) (*search.ResolverResult, error) { + relField, ok := bodyField.(*RelationField) + if !ok { + return nil, fmt.Errorf("failed to initialize data relation field %q", bodyField.GetName()) + } + + dataRelCollection, err := r.resolver.loadCollection(relField.CollectionId) + if err != nil { + return nil, fmt.Errorf("failed to load collection %q from data field %q", relField.CollectionId, relField.Name) + } + + var dataRelIds []string + if r.resolver.requestInfo != nil && len(r.resolver.requestInfo.Body) != 0 { + dataRelIds = list.ToUniqueStringSlice(r.resolver.requestInfo.Body[relField.Name]) + } + if len(dataRelIds) == 0 { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + + r.activeCollectionName = dataRelCollection.Name + r.activeTableAlias = inflector.Columnify("__data_" + dataRelCollection.Name + "_" + relField.Name) + + // join the data rel collection to the main collection + r.resolver.registerJoin( + r.activeCollectionName, + r.activeTableAlias, + dbx.In( + fmt.Sprintf("[[%s.id]]", r.activeTableAlias), + list.ToInterfaceSlice(dataRelIds)..., + ), + ) + + if relField.IsMultiple() { + r.withMultiMatch = true + } + + // join the data rel collection to the multi-match subquery + r.multiMatchActiveTableAlias = inflector.Columnify("__data_mm_" + dataRelCollection.Name + "_" + relField.Name) + r.multiMatch.joins = append( + r.multiMatch.joins, + &join{ + tableName: r.activeCollectionName, + tableAlias: r.multiMatchActiveTableAlias, + on: dbx.In( + fmt.Sprintf("[[%s.id]]", r.multiMatchActiveTableAlias), + list.ToInterfaceSlice(dataRelIds)..., + ), + }, + ) + + // leave only the data relation fields + // aka. @request.body.someRel.fieldA.fieldB -> fieldA.fieldB + r.activeProps = r.activeProps[3:] + + return r.processActiveProps() +} + +var viaRegex = regexp.MustCompile(`^(\w+)_via_(\w+)$`) + +func (r *runner) processActiveProps() (*search.ResolverResult, error) { + totalProps := len(r.activeProps) + + for i, prop := range r.activeProps { + collection, err := r.resolver.loadCollection(r.activeCollectionName) + if err != nil { + return nil, fmt.Errorf("failed to resolve field %q", prop) + } + + // last prop + if i == totalProps-1 { + return r.processLastProp(collection, prop) + } + + field := collection.Fields.GetByName(prop) + + if field != nil && field.GetHidden() && !r.allowHiddenFields { + return nil, fmt.Errorf("non-filterable field %q", prop) + } + + // json or geoPoint field -> treat the rest of the props as json path + // @todo consider converting to "JSONExtractable" interface with optional extra validation for the remaining props? + if field != nil && (field.Type() == FieldTypeJSON || field.Type() == FieldTypeGeoPoint) { + var jsonPath strings.Builder + for j, p := range r.activeProps[i+1:] { + if _, err := strconv.Atoi(p); err == nil { + jsonPath.WriteString("[") + jsonPath.WriteString(inflector.Columnify(p)) + jsonPath.WriteString("]") + } else { + if j > 0 { + jsonPath.WriteString(".") + } + jsonPath.WriteString(inflector.Columnify(p)) + } + } + jsonPathStr := jsonPath.String() + + result := &search.ResolverResult{ + NoCoalesce: true, + Identifier: dbutils.JSONExtract(r.activeTableAlias+"."+inflector.Columnify(prop), jsonPathStr), + } + + if r.withMultiMatch { + r.multiMatch.valueIdentifier = dbutils.JSONExtract(r.multiMatchActiveTableAlias+"."+inflector.Columnify(prop), jsonPathStr) + result.MultiMatchSubQuery = r.multiMatch + } + + return result, nil + } + + if i >= maxNestedRels { + return nil, fmt.Errorf("max nested relations reached for field %q", prop) + } + + // check for back relation (eg. yourCollection_via_yourRelField) + // ----------------------------------------------------------- + if field == nil { + parts := viaRegex.FindStringSubmatch(prop) + if len(parts) != 3 { + if r.nullifyMisingField { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + return nil, fmt.Errorf("failed to resolve field %q", prop) + } + + backCollection, err := r.resolver.loadCollection(parts[1]) + if err != nil { + if r.nullifyMisingField { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + return nil, fmt.Errorf("failed to load back relation field %q collection", prop) + } + + backField := backCollection.Fields.GetByName(parts[2]) + if backField == nil { + if r.nullifyMisingField { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + return nil, fmt.Errorf("missing back relation field %q", parts[2]) + } + + if backField.Type() != FieldTypeRelation { + if r.nullifyMisingField { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + return nil, fmt.Errorf("invalid back relation field %q", parts[2]) + } + + if backField.GetHidden() && !r.allowHiddenFields { + return nil, fmt.Errorf("non-filterable back relation field %q", backField.GetName()) + } + + backRelField, ok := backField.(*RelationField) + if !ok { + return nil, fmt.Errorf("failed to initialize back relation field %q", backField.GetName()) + } + if backRelField.CollectionId != collection.Id { + // https://github.com/pocketbase/pocketbase/discussions/6590#discussioncomment-12496581 + if r.nullifyMisingField { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + return nil, fmt.Errorf("invalid collection reference of a back relation field %q", backField.GetName()) + } + + // join the back relation to the main query + // --- + cleanProp := inflector.Columnify(prop) + cleanBackFieldName := inflector.Columnify(backRelField.Name) + newTableAlias := r.activeTableAlias + "_" + cleanProp + newCollectionName := inflector.Columnify(backCollection.Name) + + isBackRelMultiple := backRelField.IsMultiple() + if !isBackRelMultiple { + // additionally check if the rel field has a single column unique index + _, hasUniqueIndex := dbutils.FindSingleColumnUniqueIndex(backCollection.Indexes, backRelField.Name) + isBackRelMultiple = !hasUniqueIndex + } + + if !isBackRelMultiple { + r.resolver.registerJoin( + newCollectionName, + newTableAlias, + dbx.NewExp(fmt.Sprintf("[[%s.%s]] = [[%s.id]]", newTableAlias, cleanBackFieldName, r.activeTableAlias)), + ) + } else { + jeAlias := r.activeTableAlias + "_" + cleanProp + "_je" + r.resolver.registerJoin( + newCollectionName, + newTableAlias, + dbx.NewExp(fmt.Sprintf( + "[[%s.id]] IN (SELECT [[%s.value]] FROM %s {{%s}})", + r.activeTableAlias, + jeAlias, + dbutils.JSONEach(newTableAlias+"."+cleanBackFieldName), + jeAlias, + )), + ) + } + + r.activeCollectionName = newCollectionName + r.activeTableAlias = newTableAlias + // --- + + // join the back relation to the multi-match subquery + // --- + if isBackRelMultiple { + r.withMultiMatch = true // enable multimatch if not already + } + + newTableAlias2 := r.multiMatchActiveTableAlias + "_" + cleanProp + + if !isBackRelMultiple { + r.multiMatch.joins = append( + r.multiMatch.joins, + &join{ + tableName: newCollectionName, + tableAlias: newTableAlias2, + on: dbx.NewExp(fmt.Sprintf("[[%s.%s]] = [[%s.id]]", newTableAlias2, cleanBackFieldName, r.multiMatchActiveTableAlias)), + }, + ) + } else { + jeAlias2 := r.multiMatchActiveTableAlias + "_" + cleanProp + "_je" + r.multiMatch.joins = append( + r.multiMatch.joins, + &join{ + tableName: newCollectionName, + tableAlias: newTableAlias2, + on: dbx.NewExp(fmt.Sprintf( + "[[%s.id]] IN (SELECT [[%s.value]] FROM %s {{%s}})", + r.multiMatchActiveTableAlias, + jeAlias2, + dbutils.JSONEach(newTableAlias2+"."+cleanBackFieldName), + jeAlias2, + )), + }, + ) + } + + r.multiMatchActiveTableAlias = newTableAlias2 + // --- + + continue + } + // ----------------------------------------------------------- + + // check for direct relation + if field.Type() != FieldTypeRelation { + return nil, fmt.Errorf("field %q is not a valid relation", prop) + } + + // join the relation to the main query + // --- + relField, ok := field.(*RelationField) + if !ok { + return nil, fmt.Errorf("failed to initialize relation field %q", prop) + } + + relCollection, relErr := r.resolver.loadCollection(relField.CollectionId) + if relErr != nil { + return nil, fmt.Errorf("failed to load field %q collection", prop) + } + + // "id" lookups optimization for single relations to avoid unnecessary joins, + // aka. "user.id" and "user" should produce the same query identifier + if !relField.IsMultiple() && + // the penultimate prop is "id" + i == totalProps-2 && r.activeProps[i+1] == FieldNameId { + return r.processLastProp(collection, relField.Name) + } + + cleanFieldName := inflector.Columnify(relField.Name) + prefixedFieldName := r.activeTableAlias + "." + cleanFieldName + newTableAlias := r.activeTableAlias + "_" + cleanFieldName + newCollectionName := relCollection.Name + + if !relField.IsMultiple() { + r.resolver.registerJoin( + inflector.Columnify(newCollectionName), + newTableAlias, + dbx.NewExp(fmt.Sprintf("[[%s.id]] = [[%s]]", newTableAlias, prefixedFieldName)), + ) + } else { + jeAlias := r.activeTableAlias + "_" + cleanFieldName + "_je" + r.resolver.registerJoin(dbutils.JSONEach(prefixedFieldName), jeAlias, nil) + r.resolver.registerJoin( + inflector.Columnify(newCollectionName), + newTableAlias, + dbx.NewExp(fmt.Sprintf("[[%s.id]] = [[%s.value]]", newTableAlias, jeAlias)), + ) + } + + r.activeCollectionName = newCollectionName + r.activeTableAlias = newTableAlias + // --- + + // join the relation to the multi-match subquery + // --- + if relField.IsMultiple() { + r.withMultiMatch = true // enable multimatch if not already + } + + newTableAlias2 := r.multiMatchActiveTableAlias + "_" + cleanFieldName + prefixedFieldName2 := r.multiMatchActiveTableAlias + "." + cleanFieldName + + if !relField.IsMultiple() { + r.multiMatch.joins = append( + r.multiMatch.joins, + &join{ + tableName: inflector.Columnify(newCollectionName), + tableAlias: newTableAlias2, + on: dbx.NewExp(fmt.Sprintf("[[%s.id]] = [[%s]]", newTableAlias2, prefixedFieldName2)), + }, + ) + } else { + jeAlias2 := r.multiMatchActiveTableAlias + "_" + cleanFieldName + "_je" + r.multiMatch.joins = append( + r.multiMatch.joins, + &join{ + tableName: dbutils.JSONEach(prefixedFieldName2), + tableAlias: jeAlias2, + }, + &join{ + tableName: inflector.Columnify(newCollectionName), + tableAlias: newTableAlias2, + on: dbx.NewExp(fmt.Sprintf("[[%s.id]] = [[%s.value]]", newTableAlias2, jeAlias2)), + }, + ) + } + + r.multiMatchActiveTableAlias = newTableAlias2 + // --- + } + + return nil, fmt.Errorf("failed to resolve field %q", r.fieldName) +} + +func (r *runner) processLastProp(collection *Collection, prop string) (*search.ResolverResult, error) { + name, modifier, err := splitModifier(prop) + if err != nil { + return nil, err + } + + field := collection.Fields.GetByName(name) + if field == nil { + if r.nullifyMisingField { + return &search.ResolverResult{Identifier: "NULL"}, nil + } + return nil, fmt.Errorf("unknown field %q", name) + } + + if field.GetHidden() && !r.allowHiddenFields { + return nil, fmt.Errorf("non-filterable field %q", name) + } + + multvaluer, isMultivaluer := field.(MultiValuer) + + cleanFieldName := inflector.Columnify(field.GetName()) + + // arrayable fields with ":length" modifier + // ------------------------------------------------------- + if modifier == lengthModifier && isMultivaluer { + jePair := r.activeTableAlias + "." + cleanFieldName + + result := &search.ResolverResult{ + Identifier: dbutils.JSONArrayLength(jePair), + } + + if r.withMultiMatch { + jePair2 := r.multiMatchActiveTableAlias + "." + cleanFieldName + r.multiMatch.valueIdentifier = dbutils.JSONArrayLength(jePair2) + result.MultiMatchSubQuery = r.multiMatch + } + + return result, nil + } + + // arrayable fields with ":each" modifier + // ------------------------------------------------------- + if modifier == eachModifier && isMultivaluer { + jePair := r.activeTableAlias + "." + cleanFieldName + jeAlias := r.activeTableAlias + "_" + cleanFieldName + "_je" + r.resolver.registerJoin(dbutils.JSONEach(jePair), jeAlias, nil) + + result := &search.ResolverResult{ + Identifier: fmt.Sprintf("[[%s.value]]", jeAlias), + } + + if multvaluer.IsMultiple() { + r.withMultiMatch = true + } + + if r.withMultiMatch { + jePair2 := r.multiMatchActiveTableAlias + "." + cleanFieldName + jeAlias2 := r.multiMatchActiveTableAlias + "_" + cleanFieldName + "_je" + + r.multiMatch.joins = append(r.multiMatch.joins, &join{ + tableName: dbutils.JSONEach(jePair2), + tableAlias: jeAlias2, + }) + r.multiMatch.valueIdentifier = fmt.Sprintf("[[%s.value]]", jeAlias2) + + result.MultiMatchSubQuery = r.multiMatch + } + + return result, nil + } + + // default + // ------------------------------------------------------- + result := &search.ResolverResult{ + Identifier: "[[" + r.activeTableAlias + "." + cleanFieldName + "]]", + } + + if r.withMultiMatch { + r.multiMatch.valueIdentifier = "[[" + r.multiMatchActiveTableAlias + "." + cleanFieldName + "]]" + result.MultiMatchSubQuery = r.multiMatch + } + + // allow querying only auth records with emails marked as public + if field.GetName() == FieldNameEmail && !r.allowHiddenFields && collection.IsAuth() { + result.AfterBuild = func(expr dbx.Expression) dbx.Expression { + return dbx.Enclose(dbx.And(expr, dbx.NewExp(fmt.Sprintf( + "[[%s.%s]] = TRUE", + r.activeTableAlias, + FieldNameEmailVisibility, + )))) + } + } + + // wrap in json_extract to ensure that top-level primitives + // stored as json work correctly when compared to their SQL equivalent + // (https://github.com/pocketbase/pocketbase/issues/4068) + if field.Type() == FieldTypeJSON { + result.NoCoalesce = true + result.Identifier = dbutils.JSONExtract(r.activeTableAlias+"."+cleanFieldName, "") + if r.withMultiMatch { + r.multiMatch.valueIdentifier = dbutils.JSONExtract(r.multiMatchActiveTableAlias+"."+cleanFieldName, "") + } + } + + // account for the ":lower" modifier + if modifier == lowerModifier { + result.Identifier = "LOWER(" + result.Identifier + ")" + if r.withMultiMatch { + r.multiMatch.valueIdentifier = "LOWER(" + r.multiMatch.valueIdentifier + ")" + } + } + + return result, nil +} diff --git a/core/record_field_resolver_test.go b/core/record_field_resolver_test.go new file mode 100644 index 0000000..14394e3 --- /dev/null +++ b/core/record_field_resolver_test.go @@ -0,0 +1,808 @@ +package core_test + +import ( + "encoding/json" + "regexp" + "slices" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRecordFieldResolverAllowedFields(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + r := core.NewRecordFieldResolver(app, collection, nil, false) + + fields := r.AllowedFields() + if len(fields) != 8 { + t.Fatalf("Expected %d original allowed fields, got %d", 8, len(fields)) + } + + // change the allowed fields + newFields := []string{"a", "b", "c"} + expected := slices.Clone(newFields) + r.SetAllowedFields(newFields) + + // change the new fields to ensure that the slice was cloned + newFields[2] = "d" + + fields = r.AllowedFields() + if len(fields) != len(expected) { + t.Fatalf("Expected %d changed allowed fields, got %d", len(expected), len(fields)) + } + + for i, v := range expected { + if fields[i] != v { + t.Errorf("[%d] Expected field %q", i, v) + } + } +} + +func TestRecordFieldResolverAllowHiddenFields(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + r := core.NewRecordFieldResolver(app, collection, nil, false) + + allowHiddenFields := r.AllowHiddenFields() + if allowHiddenFields { + t.Fatalf("Expected original allowHiddenFields %v, got %v", allowHiddenFields, !allowHiddenFields) + } + + // change the flag + expected := !allowHiddenFields + r.SetAllowHiddenFields(expected) + + allowHiddenFields = r.AllowHiddenFields() + if allowHiddenFields != expected { + t.Fatalf("Expected changed allowHiddenFields %v, got %v", expected, allowHiddenFields) + } +} + +func TestRecordFieldResolverUpdateQuery(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + authRecord, err := app.FindRecordById("users", "4q1xlclmfloku33") + if err != nil { + t.Fatal(err) + } + + requestInfo := &core.RequestInfo{ + Context: "ctx", + Headers: map[string]string{ + "a": "123", + "b": "456", + }, + Query: map[string]string{ + "a": "", // to ensure that :isset returns true because the key exists + "b": "123", + }, + Body: map[string]any{ + "a": nil, // to ensure that :isset returns true because the key exists + "b": 123, + "number": 10, + "select_many": []string{"optionA", "optionC"}, + "rel_one": "test", + "rel_many": []string{"test1", "test2"}, + "file_one": "test", + "file_many": []string{"test1", "test2", "test3"}, + "self_rel_one": "test", + "self_rel_many": []string{"test1"}, + "rel_many_cascade": []string{"test1", "test2"}, + "rel_one_cascade": "test1", + "rel_one_no_cascade": "test1", + }, + Auth: authRecord, + } + + scenarios := []struct { + name string + collectionIdOrName string + rule string + allowHiddenFields bool + expectQuery string + }{ + { + "non relation field (with all default operators)", + "demo4", + "title = true || title != 'test' || title ~ 'test1' || title !~ '%test2' || title > 1 || title >= 2 || title < 3 || title <= 4", + false, + "SELECT `demo4`.* FROM `demo4` WHERE ([[demo4.title]] = 1 OR [[demo4.title]] IS NOT {:TEST} OR [[demo4.title]] LIKE {:TEST} ESCAPE '\\' OR [[demo4.title]] NOT LIKE {:TEST} ESCAPE '\\' OR [[demo4.title]] > {:TEST} OR [[demo4.title]] >= {:TEST} OR [[demo4.title]] < {:TEST} OR [[demo4.title]] <= {:TEST})", + }, + { + "non relation field (with all opt/any operators)", + "demo4", + "title ?= true || title ?!= 'test' || title ?~ 'test1' || title ?!~ '%test2' || title ?> 1 || title ?>= 2 || title ?< 3 || title ?<= 4", + false, + "SELECT `demo4`.* FROM `demo4` WHERE ([[demo4.title]] = 1 OR [[demo4.title]] IS NOT {:TEST} OR [[demo4.title]] LIKE {:TEST} ESCAPE '\\' OR [[demo4.title]] NOT LIKE {:TEST} ESCAPE '\\' OR [[demo4.title]] > {:TEST} OR [[demo4.title]] >= {:TEST} OR [[demo4.title]] < {:TEST} OR [[demo4.title]] <= {:TEST})", + }, + { + "single direct rel", + "demo4", + "self_rel_one > true", + false, + "SELECT `demo4`.* FROM `demo4` WHERE [[demo4.self_rel_one]] > 1", + }, + { + "single direct rel (with id)", + "demo4", + "self_rel_one.id > true", // shouldn't have join + false, + "SELECT `demo4`.* FROM `demo4` WHERE [[demo4.self_rel_one]] > 1", + }, + { + "single direct rel (with non-id field)", + "demo4", + "self_rel_one.created > true", // should have join + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo4` `demo4_self_rel_one` ON [[demo4_self_rel_one.id]] = [[demo4.self_rel_one]] WHERE [[demo4_self_rel_one.created]] > 1", + }, + { + "multiple direct rel", + "demo4", + "self_rel_many ?> true", + false, + "SELECT `demo4`.* FROM `demo4` WHERE [[demo4.self_rel_many]] > 1", + }, + { + "multiple direct rel (with id)", + "demo4", + "self_rel_many.id ?> true", // should have join + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] WHERE [[demo4_self_rel_many.id]] > 1", + }, + { + "nested single rel (self rel)", + "demo4", + "self_rel_one.title > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo4` `demo4_self_rel_one` ON [[demo4_self_rel_one.id]] = [[demo4.self_rel_one]] WHERE [[demo4_self_rel_one.title]] > 1", + }, + { + "nested single rel (other collection)", + "demo4", + "rel_one_cascade.title > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo3` `demo4_rel_one_cascade` ON [[demo4_rel_one_cascade.id]] = [[demo4.rel_one_cascade]] WHERE [[demo4_rel_one_cascade.title]] > 1", + }, + { + "non-relation field + single rel", + "demo4", + "title > true || self_rel_one.title > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo4` `demo4_self_rel_one` ON [[demo4_self_rel_one.id]] = [[demo4.self_rel_one]] WHERE ([[demo4.title]] > 1 OR [[demo4_self_rel_one.title]] > 1)", + }, + { + "nested incomplete relations (opt/any operator)", + "demo4", + "self_rel_many.self_rel_one ?> true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] WHERE [[demo4_self_rel_many.self_rel_one]] > 1", + }, + { + "nested incomplete relations (multi-match operator)", + "demo4", + "self_rel_many.self_rel_one > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] WHERE ((([[demo4_self_rel_many.self_rel_one]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo4_self_rel_many.self_rel_one]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))))", + }, + { + "nested complete relations (opt/any operator)", + "demo4", + "self_rel_many.self_rel_one.title ?> true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one` ON [[demo4_self_rel_many_self_rel_one.id]] = [[demo4_self_rel_many.self_rel_one]] WHERE [[demo4_self_rel_many_self_rel_one.title]] > 1", + }, + { + "nested complete relations (multi-match operator)", + "demo4", + "self_rel_many.self_rel_one.title > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one` ON [[demo4_self_rel_many_self_rel_one.id]] = [[demo4_self_rel_many.self_rel_one]] WHERE ((([[demo4_self_rel_many_self_rel_one.title]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo4_self_rel_many_self_rel_one.title]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `__mm_demo4_self_rel_many_self_rel_one` ON [[__mm_demo4_self_rel_many_self_rel_one.id]] = [[__mm_demo4_self_rel_many.self_rel_one]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))))", + }, + { + "repeated nested relations (opt/any operator)", + "demo4", + "self_rel_many.self_rel_one.self_rel_many.self_rel_one.title ?> true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one` ON [[demo4_self_rel_many_self_rel_one.id]] = [[demo4_self_rel_many.self_rel_one]] LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4_self_rel_many_self_rel_one.self_rel_many]]), json_type([[demo4_self_rel_many_self_rel_one.self_rel_many]])='array', FALSE) THEN [[demo4_self_rel_many_self_rel_one.self_rel_many]] ELSE json_array([[demo4_self_rel_many_self_rel_one.self_rel_many]]) END) `demo4_self_rel_many_self_rel_one_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one_self_rel_many` ON [[demo4_self_rel_many_self_rel_one_self_rel_many.id]] = [[demo4_self_rel_many_self_rel_one_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one` ON [[demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.id]] = [[demo4_self_rel_many_self_rel_one_self_rel_many.self_rel_one]] WHERE [[demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.title]] > 1", + }, + { + "repeated nested relations (multi-match operator)", + "demo4", + "self_rel_many.self_rel_one.self_rel_many.self_rel_one.title > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one` ON [[demo4_self_rel_many_self_rel_one.id]] = [[demo4_self_rel_many.self_rel_one]] LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4_self_rel_many_self_rel_one.self_rel_many]]), json_type([[demo4_self_rel_many_self_rel_one.self_rel_many]])='array', FALSE) THEN [[demo4_self_rel_many_self_rel_one.self_rel_many]] ELSE json_array([[demo4_self_rel_many_self_rel_one.self_rel_many]]) END) `demo4_self_rel_many_self_rel_one_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one_self_rel_many` ON [[demo4_self_rel_many_self_rel_one_self_rel_many.id]] = [[demo4_self_rel_many_self_rel_one_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one` ON [[demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.id]] = [[demo4_self_rel_many_self_rel_one_self_rel_many.self_rel_one]] WHERE ((([[demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.title]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.title]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `__mm_demo4_self_rel_many_self_rel_one` ON [[__mm_demo4_self_rel_many_self_rel_one.id]] = [[__mm_demo4_self_rel_many.self_rel_one]] LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4_self_rel_many_self_rel_one.self_rel_many]]), json_type([[__mm_demo4_self_rel_many_self_rel_one.self_rel_many]])='array', FALSE) THEN [[__mm_demo4_self_rel_many_self_rel_one.self_rel_many]] ELSE json_array([[__mm_demo4_self_rel_many_self_rel_one.self_rel_many]]) END) `__mm_demo4_self_rel_many_self_rel_one_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many_self_rel_one_self_rel_many` ON [[__mm_demo4_self_rel_many_self_rel_one_self_rel_many.id]] = [[__mm_demo4_self_rel_many_self_rel_one_self_rel_many_je.value]] LEFT JOIN `demo4` `__mm_demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one` ON [[__mm_demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.id]] = [[__mm_demo4_self_rel_many_self_rel_one_self_rel_many.self_rel_one]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))))", + }, + { + "multiple relations (opt/any operators)", + "demo4", + "self_rel_many.title ?= 'test' || self_rel_one.json_object.a ?> true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_one` ON [[demo4_self_rel_one.id]] = [[demo4.self_rel_one]] WHERE ([[demo4_self_rel_many.title]] = {:TEST} OR (CASE WHEN json_valid([[demo4_self_rel_one.json_object]]) THEN JSON_EXTRACT([[demo4_self_rel_one.json_object]], '$.a') ELSE JSON_EXTRACT(json_object('pb', [[demo4_self_rel_one.json_object]]), '$.pb.a') END) > 1)", + }, + { + "multiple relations (multi-match operators)", + "demo4", + "self_rel_many.title = 'test' || self_rel_one.json_object.a > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] LEFT JOIN `demo4` `demo4_self_rel_one` ON [[demo4_self_rel_one.id]] = [[demo4.self_rel_one]] WHERE ((([[demo4_self_rel_many.title]] = {:TEST}) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo4_self_rel_many.title]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] = {:TEST})))) OR (CASE WHEN json_valid([[demo4_self_rel_one.json_object]]) THEN JSON_EXTRACT([[demo4_self_rel_one.json_object]], '$.a') ELSE JSON_EXTRACT(json_object('pb', [[demo4_self_rel_one.json_object]]), '$.pb.a') END) > 1)", + }, + { + "back relations via single relation field (without unique index)", + "demo3", + "demo4_via_rel_one_cascade.id = true", + false, + "SELECT DISTINCT `demo3`.* FROM `demo3` LEFT JOIN `demo4` `demo3_demo4_via_rel_one_cascade` ON [[demo3.id]] IN (SELECT [[demo3_demo4_via_rel_one_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[demo3_demo4_via_rel_one_cascade.rel_one_cascade]]), json_type([[demo3_demo4_via_rel_one_cascade.rel_one_cascade]])='array', FALSE) THEN [[demo3_demo4_via_rel_one_cascade.rel_one_cascade]] ELSE json_array([[demo3_demo4_via_rel_one_cascade.rel_one_cascade]]) END) {{demo3_demo4_via_rel_one_cascade_je}}) WHERE ((([[demo3_demo4_via_rel_one_cascade.id]] = 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo3_demo4_via_rel_one_cascade.id]] as [[multiMatchValue]] FROM `demo3` `__mm_demo3` LEFT JOIN `demo4` `__mm_demo3_demo4_via_rel_one_cascade` ON [[__mm_demo3.id]] IN (SELECT [[__mm_demo3_demo4_via_rel_one_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[__mm_demo3_demo4_via_rel_one_cascade.rel_one_cascade]]), json_type([[__mm_demo3_demo4_via_rel_one_cascade.rel_one_cascade]])='array', FALSE) THEN [[__mm_demo3_demo4_via_rel_one_cascade.rel_one_cascade]] ELSE json_array([[__mm_demo3_demo4_via_rel_one_cascade.rel_one_cascade]]) END) {{__mm_demo3_demo4_via_rel_one_cascade_je}}) WHERE `__mm_demo3`.`id` = `demo3`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] = 1)))))", + }, + { + "back relations via single relation field (with unique index)", + "demo3", + "demo4_via_rel_one_unique.id = true", + false, + "SELECT DISTINCT `demo3`.* FROM `demo3` LEFT JOIN `demo4` `demo3_demo4_via_rel_one_unique` ON [[demo3_demo4_via_rel_one_unique.rel_one_unique]] = [[demo3.id]] WHERE [[demo3_demo4_via_rel_one_unique.id]] = 1", + }, + { + "back relations via multiple relation field (opt/any operators)", + "demo3", + "demo4_via_rel_many_cascade.id ?= true", + false, + "SELECT DISTINCT `demo3`.* FROM `demo3` LEFT JOIN `demo4` `demo3_demo4_via_rel_many_cascade` ON [[demo3.id]] IN (SELECT [[demo3_demo4_via_rel_many_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]]), json_type([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]])='array', FALSE) THEN [[demo3_demo4_via_rel_many_cascade.rel_many_cascade]] ELSE json_array([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]]) END) {{demo3_demo4_via_rel_many_cascade_je}}) WHERE [[demo3_demo4_via_rel_many_cascade.id]] = 1", + }, + { + "back relations via multiple relation field (multi-match operators)", + "demo3", + "demo4_via_rel_many_cascade.id = true", + false, + "SELECT DISTINCT `demo3`.* FROM `demo3` LEFT JOIN `demo4` `demo3_demo4_via_rel_many_cascade` ON [[demo3.id]] IN (SELECT [[demo3_demo4_via_rel_many_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]]), json_type([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]])='array', FALSE) THEN [[demo3_demo4_via_rel_many_cascade.rel_many_cascade]] ELSE json_array([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]]) END) {{demo3_demo4_via_rel_many_cascade_je}}) WHERE ((([[demo3_demo4_via_rel_many_cascade.id]] = 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo3_demo4_via_rel_many_cascade.id]] as [[multiMatchValue]] FROM `demo3` `__mm_demo3` LEFT JOIN `demo4` `__mm_demo3_demo4_via_rel_many_cascade` ON [[__mm_demo3.id]] IN (SELECT [[__mm_demo3_demo4_via_rel_many_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[__mm_demo3_demo4_via_rel_many_cascade.rel_many_cascade]]), json_type([[__mm_demo3_demo4_via_rel_many_cascade.rel_many_cascade]])='array', FALSE) THEN [[__mm_demo3_demo4_via_rel_many_cascade.rel_many_cascade]] ELSE json_array([[__mm_demo3_demo4_via_rel_many_cascade.rel_many_cascade]]) END) {{__mm_demo3_demo4_via_rel_many_cascade_je}}) WHERE `__mm_demo3`.`id` = `demo3`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] = 1)))))", + }, + { + "back relations via unique multiple relation field (should be the same as multi-match)", + "demo3", + "demo4_via_rel_many_unique.id = true", + false, + "SELECT DISTINCT `demo3`.* FROM `demo3` LEFT JOIN `demo4` `demo3_demo4_via_rel_many_unique` ON [[demo3.id]] IN (SELECT [[demo3_demo4_via_rel_many_unique_je.value]] FROM json_each(CASE WHEN iif(json_valid([[demo3_demo4_via_rel_many_unique.rel_many_unique]]), json_type([[demo3_demo4_via_rel_many_unique.rel_many_unique]])='array', FALSE) THEN [[demo3_demo4_via_rel_many_unique.rel_many_unique]] ELSE json_array([[demo3_demo4_via_rel_many_unique.rel_many_unique]]) END) {{demo3_demo4_via_rel_many_unique_je}}) WHERE ((([[demo3_demo4_via_rel_many_unique.id]] = 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo3_demo4_via_rel_many_unique.id]] as [[multiMatchValue]] FROM `demo3` `__mm_demo3` LEFT JOIN `demo4` `__mm_demo3_demo4_via_rel_many_unique` ON [[__mm_demo3.id]] IN (SELECT [[__mm_demo3_demo4_via_rel_many_unique_je.value]] FROM json_each(CASE WHEN iif(json_valid([[__mm_demo3_demo4_via_rel_many_unique.rel_many_unique]]), json_type([[__mm_demo3_demo4_via_rel_many_unique.rel_many_unique]])='array', FALSE) THEN [[__mm_demo3_demo4_via_rel_many_unique.rel_many_unique]] ELSE json_array([[__mm_demo3_demo4_via_rel_many_unique.rel_many_unique]]) END) {{__mm_demo3_demo4_via_rel_many_unique_je}}) WHERE `__mm_demo3`.`id` = `demo3`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] = 1)))))", + }, + { + "recursive back relations", + "demo3", + "demo4_via_rel_many_cascade.rel_one_cascade.demo4_via_rel_many_cascade.id ?= true", + false, + "SELECT DISTINCT `demo3`.* FROM `demo3` LEFT JOIN `demo4` `demo3_demo4_via_rel_many_cascade` ON [[demo3.id]] IN (SELECT [[demo3_demo4_via_rel_many_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]]), json_type([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]])='array', FALSE) THEN [[demo3_demo4_via_rel_many_cascade.rel_many_cascade]] ELSE json_array([[demo3_demo4_via_rel_many_cascade.rel_many_cascade]]) END) {{demo3_demo4_via_rel_many_cascade_je}}) LEFT JOIN `demo3` `demo3_demo4_via_rel_many_cascade_rel_one_cascade` ON [[demo3_demo4_via_rel_many_cascade_rel_one_cascade.id]] = [[demo3_demo4_via_rel_many_cascade.rel_one_cascade]] LEFT JOIN `demo4` `demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade` ON [[demo3_demo4_via_rel_many_cascade_rel_one_cascade.id]] IN (SELECT [[demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade_je.value]] FROM json_each(CASE WHEN iif(json_valid([[demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade.rel_many_cascade]]), json_type([[demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade.rel_many_cascade]])='array', FALSE) THEN [[demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade.rel_many_cascade]] ELSE json_array([[demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade.rel_many_cascade]]) END) {{demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade_je}}) WHERE [[demo3_demo4_via_rel_many_cascade_rel_one_cascade_demo4_via_rel_many_cascade.id]] = 1", + }, + { + "@collection join (opt/any operators)", + "demo4", + "@collection.demo1.text ?> true || @collection.demo2.active ?> true || @collection.demo1:demo1_alias.file_one ?> true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo1` `__collection_demo1` LEFT JOIN `demo2` `__collection_demo2` LEFT JOIN `demo1` `__collection_alias_demo1_alias` WHERE ([[__collection_demo1.text]] > 1 OR [[__collection_demo2.active]] > 1 OR [[__collection_alias_demo1_alias.file_one]] > 1)", + }, + { + "@collection join (multi-match operators)", + "demo4", + "@collection.demo1.text > true || @collection.demo2.active > true || @collection.demo1.file_one > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo1` `__collection_demo1` LEFT JOIN `demo2` `__collection_demo2` WHERE ((([[__collection_demo1.text]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__collection_demo1.text]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `demo1` `__mm__collection_demo1` WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) OR (([[__collection_demo2.active]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__collection_demo2.active]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `demo2` `__mm__collection_demo2` WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) OR (([[__collection_demo1.file_one]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__collection_demo1.file_one]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `demo1` `__mm__collection_demo1` WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))))", + }, + { + "@request.auth fields", + "demo4", + "@request.auth.id > true || @request.auth.username > true || @request.auth.rel.title > true || @request.body.demo < true || @request.auth.missingA.missingB > false", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `users` `__auth_users` ON `__auth_users`.`id`={:p0} LEFT JOIN `demo2` `__auth_users_rel` ON [[__auth_users_rel.id]] = [[__auth_users.rel]] WHERE ({:TEST} > 1 OR [[__auth_users.username]] > 1 OR [[__auth_users_rel.title]] > 1 OR NULL < 1 OR NULL > 0)", + }, + { + "@request.* static fields", + "demo4", + "@request.context = true || @request.query.a = true || @request.query.b = true || @request.query.missing = true || @request.headers.a = true || @request.headers.missing = true", + false, + "SELECT `demo4`.* FROM `demo4` WHERE ({:TEST} = 1 OR '' = 1 OR {:TEST} = 1 OR '' = 1 OR {:TEST} = 1 OR '' = 1)", + }, + { + "hidden field with system filters (multi-match and ignore emailVisibility)", + "demo4", + "@collection.users.email > true || @request.auth.email > true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `users` `__collection_users` WHERE ((([[__collection_users.email]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__collection_users.email]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `users` `__mm__collection_users` WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) OR {:TEST} > 1)", + }, + { + "hidden field (add emailVisibility)", + "users", + "id > true || email > true || email:lower > false", + false, + "SELECT `users`.* FROM `users` WHERE ([[users.id]] > 1 OR (([[users.email]] > 1) AND ([[users.emailVisibility]] = TRUE)) OR ((LOWER([[users.email]]) > 0) AND ([[users.emailVisibility]] = TRUE)))", + }, + { + "hidden field (force ignore emailVisibility)", + "users", + "email > true", + true, + "SELECT `users`.* FROM `users` WHERE [[users.email]] > 1", + }, + { + "static @request fields with :lower modifier", + "demo1", + "@request.body.a:lower > true ||" + + "@request.body.b:lower > true ||" + + "@request.body.c:lower > true ||" + + "@request.query.a:lower > true ||" + + "@request.query.b:lower > true ||" + + "@request.query.c:lower > true ||" + + "@request.headers.a:lower > true ||" + + "@request.headers.c:lower > true", + false, + "SELECT `demo1`.* FROM `demo1` WHERE (NULL > 1 OR LOWER({:TEST}) > 1 OR NULL > 1 OR LOWER({:TEST}) > 1 OR LOWER({:TEST}) > 1 OR NULL > 1 OR LOWER({:TEST}) > 1 OR NULL > 1)", + }, + { + "collection fields with :lower modifier", + "demo1", + "@request.body.rel_one:lower > true ||" + + "@request.body.rel_many:lower > true ||" + + "@request.body.rel_many.email:lower > true ||" + + "text:lower > true ||" + + "bool:lower > true ||" + + "url:lower > true ||" + + "select_one:lower > true ||" + + "select_many:lower > true ||" + + "file_one:lower > true ||" + + "file_many:lower > true ||" + + "number:lower > true ||" + + "email:lower > true ||" + + "datetime:lower > true ||" + + "json:lower > true ||" + + "rel_one:lower > true ||" + + "rel_many:lower > true ||" + + "rel_many.name:lower > true ||" + + "created:lower > true", + false, + "SELECT DISTINCT `demo1`.* FROM `demo1` LEFT JOIN `users` `__data_users_rel_many` ON [[__data_users_rel_many.id]] IN ({:p0}, {:p1}) LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.rel_many]]), json_type([[demo1.rel_many]])='array', FALSE) THEN [[demo1.rel_many]] ELSE json_array([[demo1.rel_many]]) END) `demo1_rel_many_je` LEFT JOIN `users` `demo1_rel_many` ON [[demo1_rel_many.id]] = [[demo1_rel_many_je.value]] WHERE (LOWER({:infoLowerrel_oneTEST}) > 1 OR LOWER({:infoLowerrel_manyTEST}) > 1 OR ((LOWER([[__data_users_rel_many.email]]) > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT LOWER([[__data_mm_users_rel_many.email]]) as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN `users` `__data_mm_users_rel_many` ON [[__data_mm_users_rel_many.id]] IN ({:p4}, {:p5}) WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) OR LOWER([[demo1.text]]) > 1 OR LOWER([[demo1.bool]]) > 1 OR LOWER([[demo1.url]]) > 1 OR LOWER([[demo1.select_one]]) > 1 OR LOWER([[demo1.select_many]]) > 1 OR LOWER([[demo1.file_one]]) > 1 OR LOWER([[demo1.file_many]]) > 1 OR LOWER([[demo1.number]]) > 1 OR LOWER([[demo1.email]]) > 1 OR LOWER([[demo1.datetime]]) > 1 OR LOWER((CASE WHEN json_valid([[demo1.json]]) THEN JSON_EXTRACT([[demo1.json]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo1.json]]), '$.pb') END)) > 1 OR LOWER([[demo1.rel_one]]) > 1 OR LOWER([[demo1.rel_many]]) > 1 OR ((LOWER([[demo1_rel_many.name]]) > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT LOWER([[__mm_demo1_rel_many.name]]) as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` LEFT JOIN `users` `__mm_demo1_rel_many` ON [[__mm_demo1_rel_many.id]] = [[__mm_demo1_rel_many_je.value]] WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) OR LOWER([[demo1.created]]) > 1)", + }, + { + "isset modifier", + "demo1", + "@request.body.a:isset > true ||" + + "@request.body.b:isset > true ||" + + "@request.body.c:isset > true ||" + + "@request.query.a:isset > true ||" + + "@request.query.b:isset > true ||" + + "@request.query.c:isset > true ||" + + "@request.headers.a:isset > true ||" + + "@request.headers.c:isset > true", + false, + "SELECT `demo1`.* FROM `demo1` WHERE (TRUE > 1 OR TRUE > 1 OR FALSE > 1 OR TRUE > 1 OR TRUE > 1 OR FALSE > 1 OR TRUE > 1 OR FALSE > 1)", + }, + { + "@request.body.rel.* fields", + "demo4", + "@request.body.rel_one_cascade.title > true &&" + + // reference the same as rel_one_cascade collection but should use a different join alias + "@request.body.rel_one_no_cascade.title < true &&" + + // different collection + "@request.body.self_rel_many.title = true", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo3` `__data_demo3_rel_one_cascade` ON [[__data_demo3_rel_one_cascade.id]]={:p0} LEFT JOIN `demo3` `__data_demo3_rel_one_no_cascade` ON [[__data_demo3_rel_one_no_cascade.id]]={:p1} LEFT JOIN `demo4` `__data_demo4_self_rel_many` ON [[__data_demo4_self_rel_many.id]]={:p2} WHERE ([[__data_demo3_rel_one_cascade.title]] > 1 AND [[__data_demo3_rel_one_no_cascade.title]] < 1 AND (([[__data_demo4_self_rel_many.title]] = 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__data_mm_demo4_self_rel_many.title]] as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `demo4` `__data_mm_demo4_self_rel_many` ON [[__data_mm_demo4_self_rel_many.id]]={:p3} WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] = 1)))))", + }, + { + "@request.body.arrayble:each fields", + "demo1", + "@request.body.select_one:each > true &&" + + "@request.body.select_one:each ?< true &&" + + "@request.body.select_many:each > true &&" + + "@request.body.select_many:each ?< true &&" + + "@request.body.file_one:each > true &&" + + "@request.body.file_one:each ?< true &&" + + "@request.body.file_many:each > true &&" + + "@request.body.file_many:each ?< true &&" + + "@request.body.rel_one:each > true &&" + + "@request.body.rel_one:each ?< true &&" + + "@request.body.rel_many:each > true &&" + + "@request.body.rel_many:each ?< true", + false, + "SELECT DISTINCT `demo1`.* FROM `demo1` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_select_one_je` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_select_many_je` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_file_one_je` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_file_many_je` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_rel_one_je` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_rel_many_je` WHERE ([[__dataEach_select_one_je.value]] > 1 AND [[__dataEach_select_one_je.value]] < 1 AND (([[__dataEach_select_many_je.value]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__dataEach_select_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each({:mmdataEachTEST}) `__mm__dataEach_select_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) AND [[__dataEach_select_many_je.value]] < 1 AND [[__dataEach_file_one_je.value]] > 1 AND [[__dataEach_file_one_je.value]] < 1 AND (([[__dataEach_file_many_je.value]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__dataEach_file_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each({:mmdataEachTEST}) `__mm__dataEach_file_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) AND [[__dataEach_file_many_je.value]] < 1 AND [[__dataEach_rel_one_je.value]] > 1 AND [[__dataEach_rel_one_je.value]] < 1 AND (([[__dataEach_rel_many_je.value]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__dataEach_rel_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each({:mmdataEachTEST}) `__mm__dataEach_rel_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) AND [[__dataEach_rel_many_je.value]] < 1)", + }, + { + "regular arrayble:each fields", + "demo1", + "select_one:each > true &&" + + "select_one:each ?< true &&" + + "select_many:each > true &&" + + "select_many:each ?< true &&" + + "file_one:each > true &&" + + "file_one:each ?< true &&" + + "file_many:each > true &&" + + "file_many:each ?< true &&" + + "rel_one:each > true &&" + + "rel_one:each ?< true &&" + + "rel_many:each > true &&" + + "rel_many:each ?< true", + false, + "SELECT DISTINCT `demo1`.* FROM `demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.select_one]]), json_type([[demo1.select_one]])='array', FALSE) THEN [[demo1.select_one]] ELSE json_array([[demo1.select_one]]) END) `demo1_select_one_je` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.select_many]]), json_type([[demo1.select_many]])='array', FALSE) THEN [[demo1.select_many]] ELSE json_array([[demo1.select_many]]) END) `demo1_select_many_je` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.file_one]]), json_type([[demo1.file_one]])='array', FALSE) THEN [[demo1.file_one]] ELSE json_array([[demo1.file_one]]) END) `demo1_file_one_je` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.file_many]]), json_type([[demo1.file_many]])='array', FALSE) THEN [[demo1.file_many]] ELSE json_array([[demo1.file_many]]) END) `demo1_file_many_je` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.rel_one]]), json_type([[demo1.rel_one]])='array', FALSE) THEN [[demo1.rel_one]] ELSE json_array([[demo1.rel_one]]) END) `demo1_rel_one_je` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.rel_many]]), json_type([[demo1.rel_many]])='array', FALSE) THEN [[demo1.rel_many]] ELSE json_array([[demo1.rel_many]]) END) `demo1_rel_many_je` WHERE ([[demo1_select_one_je.value]] > 1 AND [[demo1_select_one_je.value]] < 1 AND (([[demo1_select_many_je.value]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_select_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.select_many]]), json_type([[__mm_demo1.select_many]])='array', FALSE) THEN [[__mm_demo1.select_many]] ELSE json_array([[__mm_demo1.select_many]]) END) `__mm_demo1_select_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) AND [[demo1_select_many_je.value]] < 1 AND [[demo1_file_one_je.value]] > 1 AND [[demo1_file_one_je.value]] < 1 AND (([[demo1_file_many_je.value]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_file_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.file_many]]), json_type([[__mm_demo1.file_many]])='array', FALSE) THEN [[__mm_demo1.file_many]] ELSE json_array([[__mm_demo1.file_many]]) END) `__mm_demo1_file_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) AND [[demo1_file_many_je.value]] < 1 AND [[demo1_rel_one_je.value]] > 1 AND [[demo1_rel_one_je.value]] < 1 AND (([[demo1_rel_many_je.value]] > 1) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_rel_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > 1)))) AND [[demo1_rel_many_je.value]] < 1)", + }, + { + "arrayble:each vs arrayble:each", + "demo1", + "select_one:each != select_many:each &&" + + "select_many:each > select_one:each &&" + + "select_many:each ?< select_one:each &&" + + "select_many:each = @request.body.select_many:each", + false, + "SELECT DISTINCT `demo1`.* FROM `demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.select_one]]), json_type([[demo1.select_one]])='array', FALSE) THEN [[demo1.select_one]] ELSE json_array([[demo1.select_one]]) END) `demo1_select_one_je` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.select_many]]), json_type([[demo1.select_many]])='array', FALSE) THEN [[demo1.select_many]] ELSE json_array([[demo1.select_many]]) END) `demo1_select_many_je` LEFT JOIN json_each({:dataEachTEST}) `__dataEach_select_many_je` WHERE (((COALESCE([[demo1_select_one_je.value]], '') IS NOT COALESCE([[demo1_select_many_je.value]], '')) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_select_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.select_many]]), json_type([[__mm_demo1.select_many]])='array', FALSE) THEN [[__mm_demo1.select_many]] ELSE json_array([[__mm_demo1.select_many]]) END) `__mm_demo1_select_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT (COALESCE([[demo1_select_one_je.value]], '') IS NOT COALESCE([[__smTEST.multiMatchValue]], ''))))) AND (([[demo1_select_many_je.value]] > [[demo1_select_one_je.value]]) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_select_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.select_many]]), json_type([[__mm_demo1.select_many]])='array', FALSE) THEN [[__mm_demo1.select_many]] ELSE json_array([[__mm_demo1.select_many]]) END) `__mm_demo1_select_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] > [[demo1_select_one_je.value]])))) AND [[demo1_select_many_je.value]] < [[demo1_select_one_je.value]] AND (([[demo1_select_many_je.value]] = [[__dataEach_select_many_je.value]]) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_select_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.select_many]]), json_type([[__mm_demo1.select_many]])='array', FALSE) THEN [[__mm_demo1.select_many]] ELSE json_array([[__mm_demo1.select_many]]) END) `__mm_demo1_select_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mlTEST}} LEFT JOIN (SELECT [[__mm__dataEach_select_many_je.value]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each({:mmdataEachTEST}) `__mm__dataEach_select_many_je` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mrTEST}} WHERE NOT (COALESCE([[__mlTEST.multiMatchValue]], '') = COALESCE([[__mrTEST.multiMatchValue]], ''))))))", + }, + { + "mixed multi-match vs multi-match", + "demo1", + "rel_many.rel.active != rel_many.name &&" + + "rel_many.rel.active ?= rel_many.name &&" + + "rel_many.rel.title ~ rel_one.email &&" + + "@collection.demo2.active = rel_many.rel.active &&" + + "@collection.demo2.active ?= rel_many.rel.active &&" + + "rel_many.email > @request.body.rel_many.email", + false, + "SELECT DISTINCT `demo1`.* FROM `demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo1.rel_many]]), json_type([[demo1.rel_many]])='array', FALSE) THEN [[demo1.rel_many]] ELSE json_array([[demo1.rel_many]]) END) `demo1_rel_many_je` LEFT JOIN `users` `demo1_rel_many` ON [[demo1_rel_many.id]] = [[demo1_rel_many_je.value]] LEFT JOIN `demo2` `demo1_rel_many_rel` ON [[demo1_rel_many_rel.id]] = [[demo1_rel_many.rel]] LEFT JOIN `demo1` `demo1_rel_one` ON [[demo1_rel_one.id]] = [[demo1.rel_one]] LEFT JOIN `demo2` `__collection_demo2` LEFT JOIN `users` `__data_users_rel_many` ON [[__data_users_rel_many.id]] IN ({:p0}, {:p1}) WHERE (((COALESCE([[demo1_rel_many_rel.active]], '') IS NOT COALESCE([[demo1_rel_many.name]], '')) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_rel_many_rel.active]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` LEFT JOIN `users` `__mm_demo1_rel_many` ON [[__mm_demo1_rel_many.id]] = [[__mm_demo1_rel_many_je.value]] LEFT JOIN `demo2` `__mm_demo1_rel_many_rel` ON [[__mm_demo1_rel_many_rel.id]] = [[__mm_demo1_rel_many.rel]] WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mlTEST}} LEFT JOIN (SELECT [[__mm_demo1_rel_many.name]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` LEFT JOIN `users` `__mm_demo1_rel_many` ON [[__mm_demo1_rel_many.id]] = [[__mm_demo1_rel_many_je.value]] WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mrTEST}} WHERE NOT (COALESCE([[__mlTEST.multiMatchValue]], '') IS NOT COALESCE([[__mrTEST.multiMatchValue]], ''))))) AND COALESCE([[demo1_rel_many_rel.active]], '') = COALESCE([[demo1_rel_many.name]], '') AND (([[demo1_rel_many_rel.title]] LIKE ('%' || [[demo1_rel_one.email]] || '%') ESCAPE '\\') AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_rel_many_rel.title]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` LEFT JOIN `users` `__mm_demo1_rel_many` ON [[__mm_demo1_rel_many.id]] = [[__mm_demo1_rel_many_je.value]] LEFT JOIN `demo2` `__mm_demo1_rel_many_rel` ON [[__mm_demo1_rel_many_rel.id]] = [[__mm_demo1_rel_many.rel]] WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] LIKE ('%' || [[demo1_rel_one.email]] || '%') ESCAPE '\\')))) AND ((COALESCE([[__collection_demo2.active]], '') = COALESCE([[demo1_rel_many_rel.active]], '')) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm__collection_demo2.active]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN `demo2` `__mm__collection_demo2` WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mlTEST}} LEFT JOIN (SELECT [[__mm_demo1_rel_many_rel.active]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` LEFT JOIN `users` `__mm_demo1_rel_many` ON [[__mm_demo1_rel_many.id]] = [[__mm_demo1_rel_many_je.value]] LEFT JOIN `demo2` `__mm_demo1_rel_many_rel` ON [[__mm_demo1_rel_many_rel.id]] = [[__mm_demo1_rel_many.rel]] WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mrTEST}} WHERE NOT (COALESCE([[__mlTEST.multiMatchValue]], '') = COALESCE([[__mrTEST.multiMatchValue]], ''))))) AND COALESCE([[__collection_demo2.active]], '') = COALESCE([[demo1_rel_many_rel.active]], '') AND (((([[demo1_rel_many.email]] > [[__data_users_rel_many.email]]) AND (NOT EXISTS (SELECT 1 FROM (SELECT [[__mm_demo1_rel_many.email]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo1.rel_many]]), json_type([[__mm_demo1.rel_many]])='array', FALSE) THEN [[__mm_demo1.rel_many]] ELSE json_array([[__mm_demo1.rel_many]]) END) `__mm_demo1_rel_many_je` LEFT JOIN `users` `__mm_demo1_rel_many` ON [[__mm_demo1_rel_many.id]] = [[__mm_demo1_rel_many_je.value]] WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mlTEST}} LEFT JOIN (SELECT [[__data_mm_users_rel_many.email]] as [[multiMatchValue]] FROM `demo1` `__mm_demo1` LEFT JOIN `users` `__data_mm_users_rel_many` ON [[__data_mm_users_rel_many.id]] IN ({:p2}, {:p3}) WHERE `__mm_demo1`.`id` = `demo1`.`id`) {{__mrTEST}} WHERE NOT ([[__mlTEST.multiMatchValue]] > [[__mrTEST.multiMatchValue]]))))) AND ([[demo1_rel_many.emailVisibility]] = TRUE)))", + }, + { + "@request.body.arrayable:length fields", + "demo1", + "@request.body.select_one:length > 1 &&" + + "@request.body.select_one:length ?> 2 &&" + + "@request.body.select_many:length < 3 &&" + + "@request.body.select_many:length ?> 4 &&" + + "@request.body.rel_one:length = 5 &&" + + "@request.body.rel_one:length ?= 6 &&" + + "@request.body.rel_many:length != 7 &&" + + "@request.body.rel_many:length ?!= 8 &&" + + "@request.body.file_one:length = 9 &&" + + "@request.body.file_one:length ?= 0 &&" + + "@request.body.file_many:length != 1 &&" + + "@request.body.file_many:length ?!= 2", + false, + "SELECT `demo1`.* FROM `demo1` WHERE (0 > {:TEST} AND 0 > {:TEST} AND 2 < {:TEST} AND 2 > {:TEST} AND 1 = {:TEST} AND 1 = {:TEST} AND 2 IS NOT {:TEST} AND 2 IS NOT {:TEST} AND 1 = {:TEST} AND 1 = {:TEST} AND 3 IS NOT {:TEST} AND 3 IS NOT {:TEST})", + }, + { + "regular arrayable:length fields", + "demo4", + "@request.body.self_rel_one.self_rel_many:length > 1 &&" + + "@request.body.self_rel_one.self_rel_many:length ?> 2 &&" + + "@request.body.rel_many_cascade.files:length ?< 3 &&" + + "@request.body.rel_many_cascade.files:length < 4 &&" + + "@request.body.rel_one_cascade.files:length < 4.1 &&" + // to ensure that the join to the same as above table will be aliased + "self_rel_one.self_rel_many:length = 5 &&" + + "self_rel_one.self_rel_many:length ?= 6 &&" + + "self_rel_one.rel_many_cascade.files:length != 7 &&" + + "self_rel_one.rel_many_cascade.files:length ?!= 8", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN `demo4` `__data_demo4_self_rel_one` ON [[__data_demo4_self_rel_one.id]]={:p0} LEFT JOIN `demo3` `__data_demo3_rel_many_cascade` ON [[__data_demo3_rel_many_cascade.id]] IN ({:p1}, {:p2}) LEFT JOIN `demo3` `__data_demo3_rel_one_cascade` ON [[__data_demo3_rel_one_cascade.id]]={:p3} LEFT JOIN `demo4` `demo4_self_rel_one` ON [[demo4_self_rel_one.id]] = [[demo4.self_rel_one]] LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4_self_rel_one.rel_many_cascade]]), json_type([[demo4_self_rel_one.rel_many_cascade]])='array', FALSE) THEN [[demo4_self_rel_one.rel_many_cascade]] ELSE json_array([[demo4_self_rel_one.rel_many_cascade]]) END) `demo4_self_rel_one_rel_many_cascade_je` LEFT JOIN `demo3` `demo4_self_rel_one_rel_many_cascade` ON [[demo4_self_rel_one_rel_many_cascade.id]] = [[demo4_self_rel_one_rel_many_cascade_je.value]] WHERE (json_array_length(CASE WHEN iif(json_valid([[__data_demo4_self_rel_one.self_rel_many]]), json_type([[__data_demo4_self_rel_one.self_rel_many]])='array', FALSE) THEN [[__data_demo4_self_rel_one.self_rel_many]] ELSE (CASE WHEN [[__data_demo4_self_rel_one.self_rel_many]] = '' OR [[__data_demo4_self_rel_one.self_rel_many]] IS NULL THEN json_array() ELSE json_array([[__data_demo4_self_rel_one.self_rel_many]]) END) END) > {:TEST} AND json_array_length(CASE WHEN iif(json_valid([[__data_demo4_self_rel_one.self_rel_many]]), json_type([[__data_demo4_self_rel_one.self_rel_many]])='array', FALSE) THEN [[__data_demo4_self_rel_one.self_rel_many]] ELSE (CASE WHEN [[__data_demo4_self_rel_one.self_rel_many]] = '' OR [[__data_demo4_self_rel_one.self_rel_many]] IS NULL THEN json_array() ELSE json_array([[__data_demo4_self_rel_one.self_rel_many]]) END) END) > {:TEST} AND json_array_length(CASE WHEN iif(json_valid([[__data_demo3_rel_many_cascade.files]]), json_type([[__data_demo3_rel_many_cascade.files]])='array', FALSE) THEN [[__data_demo3_rel_many_cascade.files]] ELSE (CASE WHEN [[__data_demo3_rel_many_cascade.files]] = '' OR [[__data_demo3_rel_many_cascade.files]] IS NULL THEN json_array() ELSE json_array([[__data_demo3_rel_many_cascade.files]]) END) END) < {:TEST} AND ((json_array_length(CASE WHEN iif(json_valid([[__data_demo3_rel_many_cascade.files]]), json_type([[__data_demo3_rel_many_cascade.files]])='array', FALSE) THEN [[__data_demo3_rel_many_cascade.files]] ELSE (CASE WHEN [[__data_demo3_rel_many_cascade.files]] = '' OR [[__data_demo3_rel_many_cascade.files]] IS NULL THEN json_array() ELSE json_array([[__data_demo3_rel_many_cascade.files]]) END) END) < {:TEST}) AND (NOT EXISTS (SELECT 1 FROM (SELECT json_array_length(CASE WHEN iif(json_valid([[__data_mm_demo3_rel_many_cascade.files]]), json_type([[__data_mm_demo3_rel_many_cascade.files]])='array', FALSE) THEN [[__data_mm_demo3_rel_many_cascade.files]] ELSE (CASE WHEN [[__data_mm_demo3_rel_many_cascade.files]] = '' OR [[__data_mm_demo3_rel_many_cascade.files]] IS NULL THEN json_array() ELSE json_array([[__data_mm_demo3_rel_many_cascade.files]]) END) END) as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `demo3` `__data_mm_demo3_rel_many_cascade` ON [[__data_mm_demo3_rel_many_cascade.id]] IN ({:p8}, {:p9}) WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] < {:TEST})))) AND json_array_length(CASE WHEN iif(json_valid([[__data_demo3_rel_one_cascade.files]]), json_type([[__data_demo3_rel_one_cascade.files]])='array', FALSE) THEN [[__data_demo3_rel_one_cascade.files]] ELSE (CASE WHEN [[__data_demo3_rel_one_cascade.files]] = '' OR [[__data_demo3_rel_one_cascade.files]] IS NULL THEN json_array() ELSE json_array([[__data_demo3_rel_one_cascade.files]]) END) END) < {:TEST} AND json_array_length(CASE WHEN iif(json_valid([[demo4_self_rel_one.self_rel_many]]), json_type([[demo4_self_rel_one.self_rel_many]])='array', FALSE) THEN [[demo4_self_rel_one.self_rel_many]] ELSE (CASE WHEN [[demo4_self_rel_one.self_rel_many]] = '' OR [[demo4_self_rel_one.self_rel_many]] IS NULL THEN json_array() ELSE json_array([[demo4_self_rel_one.self_rel_many]]) END) END) = {:TEST} AND json_array_length(CASE WHEN iif(json_valid([[demo4_self_rel_one.self_rel_many]]), json_type([[demo4_self_rel_one.self_rel_many]])='array', FALSE) THEN [[demo4_self_rel_one.self_rel_many]] ELSE (CASE WHEN [[demo4_self_rel_one.self_rel_many]] = '' OR [[demo4_self_rel_one.self_rel_many]] IS NULL THEN json_array() ELSE json_array([[demo4_self_rel_one.self_rel_many]]) END) END) = {:TEST} AND ((json_array_length(CASE WHEN iif(json_valid([[demo4_self_rel_one_rel_many_cascade.files]]), json_type([[demo4_self_rel_one_rel_many_cascade.files]])='array', FALSE) THEN [[demo4_self_rel_one_rel_many_cascade.files]] ELSE (CASE WHEN [[demo4_self_rel_one_rel_many_cascade.files]] = '' OR [[demo4_self_rel_one_rel_many_cascade.files]] IS NULL THEN json_array() ELSE json_array([[demo4_self_rel_one_rel_many_cascade.files]]) END) END) IS NOT {:TEST}) AND (NOT EXISTS (SELECT 1 FROM (SELECT json_array_length(CASE WHEN iif(json_valid([[__mm_demo4_self_rel_one_rel_many_cascade.files]]), json_type([[__mm_demo4_self_rel_one_rel_many_cascade.files]])='array', FALSE) THEN [[__mm_demo4_self_rel_one_rel_many_cascade.files]] ELSE (CASE WHEN [[__mm_demo4_self_rel_one_rel_many_cascade.files]] = '' OR [[__mm_demo4_self_rel_one_rel_many_cascade.files]] IS NULL THEN json_array() ELSE json_array([[__mm_demo4_self_rel_one_rel_many_cascade.files]]) END) END) as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN `demo4` `__mm_demo4_self_rel_one` ON [[__mm_demo4_self_rel_one.id]] = [[__mm_demo4.self_rel_one]] LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4_self_rel_one.rel_many_cascade]]), json_type([[__mm_demo4_self_rel_one.rel_many_cascade]])='array', FALSE) THEN [[__mm_demo4_self_rel_one.rel_many_cascade]] ELSE json_array([[__mm_demo4_self_rel_one.rel_many_cascade]]) END) `__mm_demo4_self_rel_one_rel_many_cascade_je` LEFT JOIN `demo3` `__mm_demo4_self_rel_one_rel_many_cascade` ON [[__mm_demo4_self_rel_one_rel_many_cascade.id]] = [[__mm_demo4_self_rel_one_rel_many_cascade_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] IS NOT {:TEST})))) AND json_array_length(CASE WHEN iif(json_valid([[demo4_self_rel_one_rel_many_cascade.files]]), json_type([[demo4_self_rel_one_rel_many_cascade.files]])='array', FALSE) THEN [[demo4_self_rel_one_rel_many_cascade.files]] ELSE (CASE WHEN [[demo4_self_rel_one_rel_many_cascade.files]] = '' OR [[demo4_self_rel_one_rel_many_cascade.files]] IS NULL THEN json_array() ELSE json_array([[demo4_self_rel_one_rel_many_cascade.files]]) END) END) IS NOT {:TEST})", + }, + { + "json_extract and json_array_length COALESCE equal normalizations", + "demo4", + "json_object.a.b = '' && self_rel_many:length != 2 && json_object.a.b > 3 && self_rel_many:length <= 4", + false, + "SELECT `demo4`.* FROM `demo4` WHERE ((CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$.a.b') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb.a.b') END) IS {:TEST} AND json_array_length(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE (CASE WHEN [[demo4.self_rel_many]] = '' OR [[demo4.self_rel_many]] IS NULL THEN json_array() ELSE json_array([[demo4.self_rel_many]]) END) END) IS NOT {:TEST} AND (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$.a.b') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb.a.b') END) > {:TEST} AND json_array_length(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE (CASE WHEN [[demo4.self_rel_many]] = '' OR [[demo4.self_rel_many]] IS NULL THEN json_array() ELSE json_array([[demo4.self_rel_many]]) END) END) <= {:TEST})", + }, + { + "json field equal normalization checks", + "demo4", + "json_object = '' || json_object != '' || '' = json_object || '' != json_object ||" + + "json_object = null || json_object != null || null = json_object || null != json_object ||" + + "json_object = true || json_object != true || true = json_object || true != json_object ||" + + "json_object = json_object || json_object != json_object ||" + + "json_object = title || title != json_object ||" + + // multimatch expressions + "self_rel_many.json_object = '' || null = self_rel_many.json_object ||" + + "self_rel_many.json_object = self_rel_many.json_object", + false, + "SELECT DISTINCT `demo4`.* FROM `demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[demo4.self_rel_many]]), json_type([[demo4.self_rel_many]])='array', FALSE) THEN [[demo4.self_rel_many]] ELSE json_array([[demo4.self_rel_many]]) END) `demo4_self_rel_many_je` LEFT JOIN `demo4` `demo4_self_rel_many` ON [[demo4_self_rel_many.id]] = [[demo4_self_rel_many_je.value]] WHERE ((CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS {:TEST} OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS NOT {:TEST} OR {:TEST} IS (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR {:TEST} IS NOT (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS NULL OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS NOT NULL OR NULL IS (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR NULL IS NOT (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS 1 OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS NOT 1 OR 1 IS (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR 1 IS NOT (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS NOT (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) IS [[demo4.title]] OR [[demo4.title]] IS NOT (CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb') END) OR (((CASE WHEN json_valid([[demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4_self_rel_many.json_object]]), '$.pb') END) IS {:TEST}) AND (NOT EXISTS (SELECT 1 FROM (SELECT (CASE WHEN json_valid([[__mm_demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[__mm_demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[__mm_demo4_self_rel_many.json_object]]), '$.pb') END) as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT ([[__smTEST.multiMatchValue]] IS {:TEST})))) OR ((NULL IS (CASE WHEN json_valid([[demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4_self_rel_many.json_object]]), '$.pb') END)) AND (NOT EXISTS (SELECT 1 FROM (SELECT (CASE WHEN json_valid([[__mm_demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[__mm_demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[__mm_demo4_self_rel_many.json_object]]), '$.pb') END) as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__smTEST}} WHERE NOT (NULL IS [[__smTEST.multiMatchValue]])))) OR (((CASE WHEN json_valid([[demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4_self_rel_many.json_object]]), '$.pb') END) IS (CASE WHEN json_valid([[demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[demo4_self_rel_many.json_object]]), '$.pb') END)) AND (NOT EXISTS (SELECT 1 FROM (SELECT (CASE WHEN json_valid([[__mm_demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[__mm_demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[__mm_demo4_self_rel_many.json_object]]), '$.pb') END) as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__mlTEST}} LEFT JOIN (SELECT (CASE WHEN json_valid([[__mm_demo4_self_rel_many.json_object]]) THEN JSON_EXTRACT([[__mm_demo4_self_rel_many.json_object]], '$') ELSE JSON_EXTRACT(json_object('pb', [[__mm_demo4_self_rel_many.json_object]]), '$.pb') END) as [[multiMatchValue]] FROM `demo4` `__mm_demo4` LEFT JOIN json_each(CASE WHEN iif(json_valid([[__mm_demo4.self_rel_many]]), json_type([[__mm_demo4.self_rel_many]])='array', FALSE) THEN [[__mm_demo4.self_rel_many]] ELSE json_array([[__mm_demo4.self_rel_many]]) END) `__mm_demo4_self_rel_many_je` LEFT JOIN `demo4` `__mm_demo4_self_rel_many` ON [[__mm_demo4_self_rel_many.id]] = [[__mm_demo4_self_rel_many_je.value]] WHERE `__mm_demo4`.`id` = `demo4`.`id`) {{__mrTEST}} WHERE NOT ([[__mlTEST.multiMatchValue]] IS [[__mrTEST.multiMatchValue]])))))", + }, + { + "geoPoint props access", + "demo1", + "point = '' || point.lat > 1 || point.lon < 2 || point.something > 3", + false, + "SELECT `demo1`.* FROM `demo1` WHERE (([[demo1.point]] = '' OR [[demo1.point]] IS NULL) OR (CASE WHEN json_valid([[demo1.point]]) THEN JSON_EXTRACT([[demo1.point]], '$.lat') ELSE JSON_EXTRACT(json_object('pb', [[demo1.point]]), '$.pb.lat') END) > {:TEST} OR (CASE WHEN json_valid([[demo1.point]]) THEN JSON_EXTRACT([[demo1.point]], '$.lon') ELSE JSON_EXTRACT(json_object('pb', [[demo1.point]]), '$.pb.lon') END) < {:TEST} OR (CASE WHEN json_valid([[demo1.point]]) THEN JSON_EXTRACT([[demo1.point]], '$.something') ELSE JSON_EXTRACT(json_object('pb', [[demo1.point]]), '$.pb.something') END) > {:TEST})", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection, err := app.FindCollectionByNameOrId(s.collectionIdOrName) + if err != nil { + t.Fatalf("[%s] Failed to load collection %s: %v", s.name, s.collectionIdOrName, err) + } + + query := app.RecordQuery(collection) + + r := core.NewRecordFieldResolver(app, collection, requestInfo, s.allowHiddenFields) + + expr, err := search.FilterData(s.rule).BuildExpr(r) + if err != nil { + t.Fatalf("[%s] BuildExpr failed with error %v", s.name, err) + } + + if err := r.UpdateQuery(query); err != nil { + t.Fatalf("[%s] UpdateQuery failed with error %v", s.name, err) + } + + rawQuery := query.AndWhere(expr).Build().SQL() + + // replace TEST placeholder with .+ regex pattern + expectQuery := strings.ReplaceAll( + "^"+regexp.QuoteMeta(s.expectQuery)+"$", + "TEST", + `\w+`, + ) + + if !list.ExistInSliceWithRegex(rawQuery, []string{expectQuery}) { + t.Fatalf("[%s] Expected query\n %v \ngot:\n %v", s.name, expectQuery, rawQuery) + } + }) + } +} + +func TestRecordFieldResolverResolveCollectionFields(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo4") + if err != nil { + t.Fatal(err) + } + + authRecord, err := app.FindRecordById("users", "4q1xlclmfloku33") + if err != nil { + t.Fatal(err) + } + + requestInfo := &core.RequestInfo{ + Auth: authRecord, + } + + r := core.NewRecordFieldResolver(app, collection, requestInfo, true) + + scenarios := []struct { + fieldName string + expectError bool + expectName string + }{ + {"", true, ""}, + {" ", true, ""}, + {"unknown", true, ""}, + {"invalid format", true, ""}, + {"id", false, "[[demo4.id]]"}, + {"created", false, "[[demo4.created]]"}, + {"updated", false, "[[demo4.updated]]"}, + {"title", false, "[[demo4.title]]"}, + {"title.test", true, ""}, + {"self_rel_many", false, "[[demo4.self_rel_many]]"}, + {"self_rel_many.", true, ""}, + {"self_rel_many.unknown", true, ""}, + {"self_rel_many.title", false, "[[demo4_self_rel_many.title]]"}, + {"self_rel_many.self_rel_one.self_rel_many.title", false, "[[demo4_self_rel_many_self_rel_one_self_rel_many.title]]"}, + + // max relations limit + {"self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.id", false, "[[demo4_self_rel_many_self_rel_many_self_rel_many_self_rel_many_self_rel_many_self_rel_many.id]]"}, + {"self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.id", true, ""}, + + // back relations + {"rel_one_cascade.demo4_via_title.id", true, ""}, // not a relation field + {"rel_one_cascade.demo4_via_self_rel_one.id", true, ""}, // relation field but to a different collection + {"rel_one_cascade.demo4_via_rel_one_cascade.id", false, "[[demo4_rel_one_cascade_demo4_via_rel_one_cascade.id]]"}, + {"rel_one_cascade.demo4_via_rel_one_cascade.rel_one_cascade.demo4_via_rel_one_cascade.id", false, "[[demo4_rel_one_cascade_demo4_via_rel_one_cascade_rel_one_cascade_demo4_via_rel_one_cascade.id]]"}, + + // json_extract + {"json_array.0", false, "(CASE WHEN json_valid([[demo4.json_array]]) THEN JSON_EXTRACT([[demo4.json_array]], '$[0]') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_array]]), '$.pb[0]') END)"}, + {"json_object.a.b.c", false, "(CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$.a.b.c') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb.a.b.c') END)"}, + + // max relations limit shouldn't apply for json paths + {"json_object.a.b.c.e.f.g.h.i.j.k.l.m.n.o.p", false, "(CASE WHEN json_valid([[demo4.json_object]]) THEN JSON_EXTRACT([[demo4.json_object]], '$.a.b.c.e.f.g.h.i.j.k.l.m.n.o.p') ELSE JSON_EXTRACT(json_object('pb', [[demo4.json_object]]), '$.pb.a.b.c.e.f.g.h.i.j.k.l.m.n.o.p') END)"}, + + // @request.auth relation join + {"@request.auth.rel", false, "[[__auth_users.rel]]"}, + {"@request.auth.rel.title", false, "[[__auth_users_rel.title]]"}, + {"@request.auth.demo1_via_rel_many.id", false, "[[__auth_users_demo1_via_rel_many.id]]"}, + {"@request.auth.rel.missing", false, "NULL"}, + {"@request.auth.missing_via_rel", false, "NULL"}, + {"@request.auth.demo1_via_file_one.id", false, "NULL"}, // not a relation field + {"@request.auth.demo1_via_rel_one.id", false, "NULL"}, // relation field but to a different collection + + // @collection fieds + {"@collect", true, ""}, + {"collection.demo4.title", true, ""}, + {"@collection", true, ""}, + {"@collection.unknown", true, ""}, + {"@collection.demo2", true, ""}, + {"@collection.demo2.", true, ""}, + {"@collection.demo2:someAlias", true, ""}, + {"@collection.demo2:someAlias.", true, ""}, + {"@collection.demo2.title", false, "[[__collection_demo2.title]]"}, + {"@collection.demo2:someAlias.title", false, "[[__collection_alias_someAlias.title]]"}, + {"@collection.demo4.id", false, "[[__collection_demo4.id]]"}, + {"@collection.demo4.created", false, "[[__collection_demo4.created]]"}, + {"@collection.demo4.updated", false, "[[__collection_demo4.updated]]"}, + {"@collection.demo4.self_rel_many.missing", true, ""}, + {"@collection.demo4.self_rel_many.self_rel_one.self_rel_many.self_rel_one.title", false, "[[__collection_demo4_self_rel_many_self_rel_one_self_rel_many_self_rel_one.title]]"}, + } + + for _, s := range scenarios { + t.Run(s.fieldName, func(t *testing.T) { + r, err := r.Resolve(s.fieldName) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if r.Identifier != s.expectName { + t.Fatalf("Expected r.Identifier\n%q\ngot\n%q", s.expectName, r.Identifier) + } + + // params should be empty for non @request fields + if len(r.Params) != 0 { + t.Fatalf("Expected 0 r.Params, got\n%v", r.Params) + } + }) + } +} + +func TestRecordFieldResolverResolveStaticRequestInfoFields(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + authRecord, err := app.FindRecordById("users", "4q1xlclmfloku33") + if err != nil { + t.Fatal(err) + } + + requestInfo := &core.RequestInfo{ + Context: "ctx", + Method: "get", + Query: map[string]string{ + "a": "123", + }, + Body: map[string]any{ + "number": "10", + "number_unknown": "20", + "raw_json_obj": types.JSONRaw(`{"a":123}`), + "raw_json_arr1": types.JSONRaw(`[123, 456]`), + "raw_json_arr2": types.JSONRaw(`[{"a":123},{"b":456}]`), + "raw_json_simple": types.JSONRaw(`123`), + "b": 456, + "c": map[string]int{"sub": 1}, + }, + Headers: map[string]string{ + "d": "789", + }, + Auth: authRecord, + } + + r := core.NewRecordFieldResolver(app, collection, requestInfo, true) + + scenarios := []struct { + fieldName string + expectError bool + expectParamValue string // encoded json + }{ + {"@request", true, ""}, + {"@request.invalid format", true, ""}, + {"@request.invalid_format2!", true, ""}, + {"@request.missing", true, ""}, + {"@request.context", false, `"ctx"`}, + {"@request.method", false, `"get"`}, + {"@request.query", true, ``}, + {"@request.query.a", false, `"123"`}, + {"@request.query.a.missing", false, ``}, + {"@request.headers", true, ``}, + {"@request.headers.missing", false, ``}, + {"@request.headers.d", false, `"789"`}, + {"@request.headers.d.sub", false, ``}, + {"@request.body", true, ``}, + {"@request.body.b", false, `456`}, + {"@request.body.number", false, `10`}, // number field normalization + {"@request.body.number_unknown", false, `"20"`}, // no numeric normalizations for unknown fields + {"@request.body.b.missing", false, ``}, + {"@request.body.c", false, `"{\"sub\":1}"`}, + {"@request.auth", true, ""}, + {"@request.auth.id", false, `"4q1xlclmfloku33"`}, + {"@request.auth.collectionId", false, `"` + authRecord.Collection().Id + `"`}, + {"@request.auth.collectionName", false, `"` + authRecord.Collection().Name + `"`}, + {"@request.auth.verified", false, `false`}, + {"@request.auth.emailVisibility", false, `false`}, + {"@request.auth.email", false, `"test@example.com"`}, // should always be returned no matter of the emailVisibility state + {"@request.auth.missing", false, `NULL`}, + {"@request.body.raw_json_simple", false, `"123"`}, + {"@request.body.raw_json_simple.a", false, `NULL`}, + {"@request.body.raw_json_obj.a", false, `123`}, + {"@request.body.raw_json_obj.b", false, `NULL`}, + {"@request.body.raw_json_arr1.1", false, `456`}, + {"@request.body.raw_json_arr1.3", false, `NULL`}, + {"@request.body.raw_json_arr2.0.a", false, `123`}, + {"@request.body.raw_json_arr2.0.b", false, `NULL`}, + } + + for _, s := range scenarios { + t.Run(s.fieldName, func(t *testing.T) { + r, err := r.Resolve(s.fieldName) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + // missing key + // --- + if len(r.Params) == 0 { + if r.Identifier != "NULL" { + t.Fatalf("Expected 0 placeholder parameters for %v, got %v", r.Identifier, r.Params) + } + return + } + + // existing key + // --- + if len(r.Params) != 1 { + t.Fatalf("Expected 1 placeholder parameter for %v, got %v", r.Identifier, r.Params) + } + + var paramName string + var paramValue any + for k, v := range r.Params { + paramName = k + paramValue = v + } + + if r.Identifier != ("{:" + paramName + "}") { + t.Fatalf("Expected parameter r.Identifier %q, got %q", paramName, r.Identifier) + } + + encodedParamValue, _ := json.Marshal(paramValue) + if string(encodedParamValue) != s.expectParamValue { + t.Fatalf("Expected r.Params %#v for %s, got %#v", s.expectParamValue, r.Identifier, string(encodedParamValue)) + } + }) + } + + // ensure that the original email visibility was restored + if authRecord.EmailVisibility() { + t.Fatal("Expected the original authRecord emailVisibility to remain unchanged") + } + if v, ok := authRecord.PublicExport()[core.FieldNameEmail]; ok { + t.Fatalf("Expected the original authRecord email to not be exported, got %q", v) + } +} diff --git a/core/record_model.go b/core/record_model.go new file mode 100644 index 0000000..35efa86 --- /dev/null +++ b/core/record_model.go @@ -0,0 +1,1620 @@ +package core + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "fmt" + "log" + "maps" + "slices" + "sort" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/store" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +// used as a workaround by some fields for persisting local state between various events +// (for now is kept private and cannot be changed or cloned outside of the core package) +const internalCustomFieldKeyPrefix = "@pbInternal" + +var ( + _ Model = (*Record)(nil) + _ HookTagger = (*Record)(nil) + _ DBExporter = (*Record)(nil) + _ FilesManager = (*Record)(nil) +) + +type Record struct { + collection *Collection + originalData map[string]any + customVisibility *store.Store[string, bool] + data *store.Store[string, any] + expand *store.Store[string, any] + + BaseModel + + exportCustomData bool + ignoreEmailVisibility bool + ignoreUnchangedFields bool +} + +const systemHookIdRecord = "__pbRecordSystemHook__" + +func (app *BaseApp) registerRecordHooks() { + app.OnModelValidate().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordValidate().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelCreate().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordCreate().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelCreateExecute().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordCreateExecute().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterCreateSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordAfterCreateSuccess().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterCreateError().Bind(&hook.Handler[*ModelErrorEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelErrorEvent) error { + if re, ok := newRecordErrorEventFromModelErrorEvent(me); ok { + err := me.App.OnRecordAfterCreateError().Trigger(re, func(re *RecordErrorEvent) error { + syncModelErrorEventWithRecordErrorEvent(me, re) + defer syncRecordErrorEventWithModelErrorEvent(re, me) + return me.Next() + }) + syncModelErrorEventWithRecordErrorEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelUpdate().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordUpdate().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelUpdateExecute().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordUpdateExecute().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterUpdateSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordAfterUpdateSuccess().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterUpdateError().Bind(&hook.Handler[*ModelErrorEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelErrorEvent) error { + if re, ok := newRecordErrorEventFromModelErrorEvent(me); ok { + err := me.App.OnRecordAfterUpdateError().Trigger(re, func(re *RecordErrorEvent) error { + syncModelErrorEventWithRecordErrorEvent(me, re) + defer syncRecordErrorEventWithModelErrorEvent(re, me) + return me.Next() + }) + syncModelErrorEventWithRecordErrorEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelDelete().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordDelete().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelDeleteExecute().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordDeleteExecute().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelEvent) error { + if re, ok := newRecordEventFromModelEvent(me); ok { + err := me.App.OnRecordAfterDeleteSuccess().Trigger(re, func(re *RecordEvent) error { + syncModelEventWithRecordEvent(me, re) + defer syncRecordEventWithModelEvent(re, me) + return me.Next() + }) + syncModelEventWithRecordEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + app.OnModelAfterDeleteError().Bind(&hook.Handler[*ModelErrorEvent]{ + Id: systemHookIdRecord, + Func: func(me *ModelErrorEvent) error { + if re, ok := newRecordErrorEventFromModelErrorEvent(me); ok { + err := me.App.OnRecordAfterDeleteError().Trigger(re, func(re *RecordErrorEvent) error { + syncModelErrorEventWithRecordErrorEvent(me, re) + defer syncRecordErrorEventWithModelErrorEvent(re, me) + return me.Next() + }) + syncModelErrorEventWithRecordErrorEvent(me, re) + return err + } + + return me.Next() + }, + Priority: -99, + }) + + // --------------------------------------------------------------- + + app.OnRecordValidate().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionValidate, + func() error { + return onRecordValidate(e) + }, + ) + }, + Priority: 99, + }) + + app.OnRecordCreate().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionCreate, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordCreateExecute().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionCreateExecute, + func() error { + return onRecordSaveExecute(e) + }, + ) + }, + Priority: 99, + }) + + app.OnRecordAfterCreateSuccess().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionAfterCreate, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordAfterCreateError().Bind(&hook.Handler[*RecordErrorEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordErrorEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionAfterCreateError, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordUpdate().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionUpdate, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordUpdateExecute().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionUpdateExecute, + func() error { + return onRecordSaveExecute(e) + }, + ) + }, + Priority: 99, + }) + + app.OnRecordAfterUpdateSuccess().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionAfterUpdate, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordAfterUpdateError().Bind(&hook.Handler[*RecordErrorEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordErrorEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionAfterUpdateError, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordDelete().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionDelete, + func() error { + if e.Record.Collection().IsView() { + return errors.New("view records cannot be deleted") + } + + return e.Next() + }, + ) + }, + Priority: -99, + }) + + app.OnRecordDeleteExecute().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionDeleteExecute, + func() error { + return onRecordDeleteExecute(e) + }, + ) + }, + Priority: 99, + }) + + app.OnRecordAfterDeleteSuccess().Bind(&hook.Handler[*RecordEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionAfterDelete, + e.Next, + ) + }, + Priority: -99, + }) + + app.OnRecordAfterDeleteError().Bind(&hook.Handler[*RecordErrorEvent]{ + Id: systemHookIdRecord, + Func: func(e *RecordErrorEvent) error { + return e.Record.callFieldInterceptors( + e.Context, + e.App, + InterceptorActionAfterDeleteError, + e.Next, + ) + }, + Priority: -99, + }) +} + +// ------------------------------------------------------------------- + +// newRecordFromNullStringMap initializes a single new Record model +// with data loaded from the provided NullStringMap. +// +// Note that this method is intended to load and Scan data from a database row result. +func newRecordFromNullStringMap(collection *Collection, data dbx.NullStringMap) (*Record, error) { + record := NewRecord(collection) + + var fieldName string + for _, field := range collection.Fields { + fieldName = field.GetName() + + nullString, ok := data[fieldName] + + var value any + var err error + + if ok && nullString.Valid { + value, err = field.PrepareValue(record, nullString.String) + } else { + value, err = field.PrepareValue(record, nil) + } + + if err != nil { + return nil, err + } + + // we load only the original data to avoid unnecessary copying the same data into the record.data store + // (it is also the reason why we don't invoke PostScan on the record itself) + record.originalData[fieldName] = value + + if fieldName == FieldNameId { + record.Id = cast.ToString(value) + } + } + + record.BaseModel.PostScan() + + return record, nil +} + +// newRecordsFromNullStringMaps initializes a new Record model for +// each row in the provided NullStringMap slice. +// +// Note that this method is intended to load and Scan data from a database rows result. +func newRecordsFromNullStringMaps(collection *Collection, rows []dbx.NullStringMap) ([]*Record, error) { + result := make([]*Record, len(rows)) + + var err error + for i, row := range rows { + result[i], err = newRecordFromNullStringMap(collection, row) + if err != nil { + return nil, err + } + } + + return result, nil +} + +// ------------------------------------------------------------------- + +// NewRecord initializes a new empty Record model. +func NewRecord(collection *Collection) *Record { + record := &Record{ + collection: collection, + data: store.New[string, any](nil), + customVisibility: store.New[string, bool](nil), + originalData: make(map[string]any, len(collection.Fields)), + } + + // initialize default field values + var fieldName string + for _, field := range collection.Fields { + fieldName = field.GetName() + + if fieldName == FieldNameId { + continue + } + + value, _ := field.PrepareValue(record, nil) + record.originalData[fieldName] = value + } + + return record +} + +// Collection returns the Collection model associated with the current Record model. +// +// NB! The returned collection is only for read purposes and it shouldn't be modified +// because it could have unintended side-effects on other Record models from the same collection. +func (m *Record) Collection() *Collection { + return m.collection +} + +// TableName returns the table name associated with the current Record model. +func (m *Record) TableName() string { + return m.collection.Name +} + +// PostScan implements the [dbx.PostScanner] interface. +// +// It essentially refreshes/updates the current Record original state +// as if the model was fetched from the databases for the first time. +// +// Or in other words, it means that m.Original().FieldsData() will have +// the same values as m.Record().FieldsData(). +func (m *Record) PostScan() error { + if m.Id == "" { + return errors.New("missing record primary key") + } + + if err := m.BaseModel.PostScan(); err != nil { + return err + } + + m.originalData = m.FieldsData() + + return nil +} + +// HookTags returns the hook tags associated with the current record. +func (m *Record) HookTags() []string { + return []string{m.collection.Name, m.collection.Id} +} + +// BaseFilesPath returns the storage dir path used by the record. +func (m *Record) BaseFilesPath() string { + id := cast.ToString(m.LastSavedPK()) + if id == "" { + id = m.Id + } + + return m.collection.BaseFilesPath() + "/" + id +} + +// Original returns a shallow copy of the current record model populated +// with its ORIGINAL db data state (aka. right after PostScan()) +// and everything else reset to the defaults. +// +// If record was created using NewRecord() the original will be always +// a blank record (until PostScan() is invoked). +func (m *Record) Original() *Record { + newRecord := NewRecord(m.collection) + + newRecord.originalData = maps.Clone(m.originalData) + + if newRecord.originalData[FieldNameId] != nil { + newRecord.lastSavedPK = cast.ToString(newRecord.originalData[FieldNameId]) + newRecord.Id = newRecord.lastSavedPK + } + + return newRecord +} + +// Fresh returns a shallow copy of the current record model populated +// with its LATEST data state and everything else reset to the defaults +// (aka. no expand, no unknown fields and with default visibility flags). +func (m *Record) Fresh() *Record { + newRecord := m.Original() + + // note: this will also load the Id field through m.GetRaw + var fieldName string + for _, field := range m.collection.Fields { + fieldName = field.GetName() + newRecord.SetRaw(fieldName, m.GetRaw(fieldName)) + } + + return newRecord +} + +// Clone returns a shallow copy of the current record model with all of +// its collection and unknown fields data, expand and flags copied. +// +// use [Record.Fresh()] instead if you want a copy with only the latest +// collection fields data and everything else reset to the defaults. +func (m *Record) Clone() *Record { + newRecord := m.Original() + + newRecord.Id = m.Id + newRecord.exportCustomData = m.exportCustomData + newRecord.ignoreEmailVisibility = m.ignoreEmailVisibility + newRecord.ignoreUnchangedFields = m.ignoreUnchangedFields + newRecord.customVisibility.Reset(m.customVisibility.GetAll()) + + data := m.data.GetAll() + for k, v := range data { + newRecord.SetRaw(k, v) + } + + if m.expand != nil { + newRecord.SetExpand(m.expand.GetAll()) + } + + return newRecord +} + +// Expand returns a shallow copy of the current Record model expand data (if any). +func (m *Record) Expand() map[string]any { + if m.expand == nil { + // return a dummy initialized map to avoid assignment to nil map errors + return map[string]any{} + } + + return m.expand.GetAll() +} + +// SetExpand replaces the current Record's expand with the provided expand arg data (shallow copied). +func (m *Record) SetExpand(expand map[string]any) { + if m.expand == nil { + m.expand = store.New[string, any](nil) + } + + m.expand.Reset(expand) +} + +// MergeExpand merges recursively the provided expand data into +// the current model's expand (if any). +// +// Note that if an expanded prop with the same key is a slice (old or new expand) +// then both old and new records will be merged into a new slice (aka. a :merge: [b,c] => [a,b,c]). +// Otherwise the "old" expanded record will be replace with the "new" one (aka. a :merge: aNew => aNew). +func (m *Record) MergeExpand(expand map[string]any) { + // nothing to merge + if len(expand) == 0 { + return + } + + // no old expand + if m.expand == nil { + m.expand = store.New(expand) + return + } + + oldExpand := m.expand.GetAll() + + for key, new := range expand { + old, ok := oldExpand[key] + if !ok { + oldExpand[key] = new + continue + } + + var wasOldSlice bool + var oldSlice []*Record + switch v := old.(type) { + case *Record: + oldSlice = []*Record{v} + case []*Record: + wasOldSlice = true + oldSlice = v + default: + // invalid old expand data -> assign directly the new + // (no matter whether new is valid or not) + oldExpand[key] = new + continue + } + + var wasNewSlice bool + var newSlice []*Record + switch v := new.(type) { + case *Record: + newSlice = []*Record{v} + case []*Record: + wasNewSlice = true + newSlice = v + default: + // invalid new expand data -> skip + continue + } + + oldIndexed := make(map[string]*Record, len(oldSlice)) + for _, oldRecord := range oldSlice { + oldIndexed[oldRecord.Id] = oldRecord + } + + for _, newRecord := range newSlice { + oldRecord := oldIndexed[newRecord.Id] + if oldRecord != nil { + // note: there is no need to update oldSlice since oldRecord is a reference + oldRecord.MergeExpand(newRecord.Expand()) + } else { + // missing new entry + oldSlice = append(oldSlice, newRecord) + } + } + + if wasOldSlice || wasNewSlice || len(oldSlice) == 0 { + oldExpand[key] = oldSlice + } else { + oldExpand[key] = oldSlice[0] + } + } + + m.expand.Reset(oldExpand) +} + +// FieldsData returns a shallow copy ONLY of the collection's fields record's data. +func (m *Record) FieldsData() map[string]any { + result := make(map[string]any, len(m.collection.Fields)) + + var fieldName string + for _, field := range m.collection.Fields { + fieldName = field.GetName() + result[fieldName] = m.Get(fieldName) + } + + return result +} + +// CustomData returns a shallow copy ONLY of the custom record fields data, +// aka. fields that are neither defined by the collection, nor special system ones. +// +// Note that custom fields prefixed with "@pbInternal" are always skipped. +func (m *Record) CustomData() map[string]any { + if m.data == nil { + return nil + } + + fields := m.Collection().Fields + + knownFields := make(map[string]struct{}, len(fields)) + + for _, f := range fields { + knownFields[f.GetName()] = struct{}{} + } + + result := map[string]any{} + + rawData := m.data.GetAll() + for k, v := range rawData { + if _, ok := knownFields[k]; !ok { + // skip internal custom fields + if strings.HasPrefix(k, internalCustomFieldKeyPrefix) { + continue + } + + result[k] = v + } + } + + return result +} + +// WithCustomData toggles the export/serialization of custom data fields +// (false by default). +func (m *Record) WithCustomData(state bool) *Record { + m.exportCustomData = state + return m +} + +// IgnoreEmailVisibility toggles the flag to ignore the auth record email visibility check. +func (m *Record) IgnoreEmailVisibility(state bool) *Record { + m.ignoreEmailVisibility = state + return m +} + +// IgnoreUnchangedFields toggles the flag to ignore the unchanged fields +// from the DB export for the UPDATE SQL query. +// +// This could be used if you want to save only the record fields that you've changed +// without overwrite other untouched fields in case of concurrent update. +// +// Note that the fields change comparison is based on the current fields against m.Original() +// (aka. if you have performed save on the same Record instance multiple times you may have to refetch it, +// so that m.Original() could reflect the last saved change). +func (m *Record) IgnoreUnchangedFields(state bool) *Record { + m.ignoreUnchangedFields = state + return m +} + +// Set sets the provided key-value data pair into the current Record +// model directly as it is WITHOUT NORMALIZATIONS. +// +// See also [Record.Set]. +func (m *Record) SetRaw(key string, value any) { + if key == FieldNameId { + m.Id = cast.ToString(value) + } + + m.data.Set(key, value) +} + +// SetIfFieldExists sets the provided key-value data pair into the current Record model +// ONLY if key is existing Collection field name/modifier. +// +// This method does nothing if key is not a known Collection field name/modifier. +// +// On success returns the matched Field, otherwise - nil. +// +// To set any key-value, including custom/unknown fields, use the [Record.Set] method. +func (m *Record) SetIfFieldExists(key string, value any) Field { + for _, field := range m.Collection().Fields { + ff, ok := field.(SetterFinder) + if ok { + setter := ff.FindSetter(key) + if setter != nil { + setter(m, value) + return field + } + } + + // fallback to the default field PrepareValue method for direct match + if key == field.GetName() { + value, _ = field.PrepareValue(m, value) + m.SetRaw(key, value) + return field + } + } + + return nil +} + +// Set sets the provided key-value data pair into the current Record model. +// +// If the record collection has field with name matching the provided "key", +// the value will be further normalized according to the field setter(s). +func (m *Record) Set(key string, value any) { + switch key { + case FieldNameExpand: // for backward-compatibility with earlier versions + m.SetExpand(cast.ToStringMap(value)) + default: + field := m.SetIfFieldExists(key, value) + if field == nil { + // custom key - set it without any transformations + m.SetRaw(key, value) + } + } +} + +func (m *Record) GetRaw(key string) any { + if key == FieldNameId { + return m.Id + } + + if v, ok := m.data.GetOk(key); ok { + return v + } + + return m.originalData[key] +} + +// Get returns a normalized single record model data value for "key". +func (m *Record) Get(key string) any { + switch key { + case FieldNameExpand: // for backward-compatibility with earlier versions + return m.Expand() + default: + for _, field := range m.Collection().Fields { + gm, ok := field.(GetterFinder) + if !ok { + continue // no custom getters + } + + getter := gm.FindGetter(key) + if getter != nil { + return getter(m) + } + } + + return m.GetRaw(key) + } +} + +// Load bulk loads the provided data into the current Record model. +func (m *Record) Load(data map[string]any) { + for k, v := range data { + m.Set(k, v) + } +} + +// GetBool returns the data value for "key" as a bool. +func (m *Record) GetBool(key string) bool { + return cast.ToBool(m.Get(key)) +} + +// GetString returns the data value for "key" as a string. +func (m *Record) GetString(key string) string { + return cast.ToString(m.Get(key)) +} + +// GetInt returns the data value for "key" as an int. +func (m *Record) GetInt(key string) int { + return cast.ToInt(m.Get(key)) +} + +// GetFloat returns the data value for "key" as a float64. +func (m *Record) GetFloat(key string) float64 { + return cast.ToFloat64(m.Get(key)) +} + +// GetDateTime returns the data value for "key" as a DateTime instance. +func (m *Record) GetDateTime(key string) types.DateTime { + d, _ := types.ParseDateTime(m.Get(key)) + return d +} + +// GetGeoPoint returns the data value for "key" as a GeoPoint instance. +func (m *Record) GetGeoPoint(key string) types.GeoPoint { + point := types.GeoPoint{} + _ = point.Scan(m.Get(key)) + return point +} + +// GetStringSlice returns the data value for "key" as a slice of non-zero unique strings. +func (m *Record) GetStringSlice(key string) []string { + return list.ToUniqueStringSlice(m.Get(key)) +} + +// GetUnsavedFiles returns the uploaded files for the provided "file" field key, +// (aka. the current [*filesytem.File] values) so that you can apply further +// validations or modifications (including changing the file name or content before persisting). +// +// Example: +// +// files := record.GetUnsavedFiles("documents") +// for _, f := range files { +// f.Name = "doc_" + f.Name // add a prefix to each file name +// } +// app.Save(record) // the files are pointers so the applied changes will transparently reflect on the record value +func (m *Record) GetUnsavedFiles(key string) []*filesystem.File { + if !strings.HasSuffix(key, ":unsaved") { + key += ":unsaved" + } + + values, _ := m.Get(key).([]*filesystem.File) + + return values +} + +// Deprecated: replaced with GetUnsavedFiles. +func (m *Record) GetUploadedFiles(key string) []*filesystem.File { + log.Println("Please replace GetUploadedFiles with GetUnsavedFiles") + return m.GetUnsavedFiles(key) +} + +// Retrieves the "key" json field value and unmarshals it into "result". +// +// Example +// +// result := struct { +// FirstName string `json:"first_name"` +// }{} +// err := m.UnmarshalJSONField("my_field_name", &result) +func (m *Record) UnmarshalJSONField(key string, result any) error { + return json.Unmarshal([]byte(m.GetString(key)), &result) +} + +// ExpandedOne retrieves a single relation Record from the already +// loaded expand data of the current model. +// +// If the requested expand relation is multiple, this method returns +// only first available Record from the expanded relation. +// +// Returns nil if there is no such expand relation loaded. +func (m *Record) ExpandedOne(relField string) *Record { + if m.expand == nil { + return nil + } + + rel := m.expand.Get(relField) + + switch v := rel.(type) { + case *Record: + return v + case []*Record: + if len(v) > 0 { + return v[0] + } + } + + return nil +} + +// ExpandedAll retrieves a slice of relation Records from the already +// loaded expand data of the current model. +// +// If the requested expand relation is single, this method normalizes +// the return result and will wrap the single model as a slice. +// +// Returns nil slice if there is no such expand relation loaded. +func (m *Record) ExpandedAll(relField string) []*Record { + if m.expand == nil { + return nil + } + + rel := m.expand.Get(relField) + + switch v := rel.(type) { + case *Record: + return []*Record{v} + case []*Record: + return v + } + + return nil +} + +// FindFileFieldByFile returns the first file type field for which +// any of the record's data contains the provided filename. +func (m *Record) FindFileFieldByFile(filename string) *FileField { + for _, field := range m.Collection().Fields { + if field.Type() != FieldTypeFile { + continue + } + + f, ok := field.(*FileField) + if !ok { + continue + } + + filenames := m.GetStringSlice(f.GetName()) + if slices.Contains(filenames, filename) { + return f + } + } + + return nil +} + +// DBExport implements the [DBExporter] interface and returns a key-value +// map with the data to be persisted when saving the Record in the database. +func (m *Record) DBExport(app App) (map[string]any, error) { + result, err := m.dbExport() + if err != nil { + return nil, err + } + + // remove exported fields that haven't changed + // (with exception of the id column) + if !m.IsNew() && m.ignoreUnchangedFields { + oldResult, err := m.Original().dbExport() + if err != nil { + return nil, err + } + + for oldK, oldV := range oldResult { + if oldK == idColumn { + continue + } + newV, ok := result[oldK] + if ok && areValuesEqual(newV, oldV) { + delete(result, oldK) + } + } + } + + return result, nil +} + +func (m *Record) dbExport() (map[string]any, error) { + fields := m.Collection().Fields + + result := make(map[string]any, len(fields)) + + var fieldName string + for _, field := range fields { + fieldName = field.GetName() + + if f, ok := field.(DriverValuer); ok { + v, err := f.DriverValue(m) + if err != nil { + return nil, err + } + result[fieldName] = v + } else { + result[fieldName] = m.GetRaw(fieldName) + } + } + + return result, nil +} + +func areValuesEqual(a any, b any) bool { + switch av := a.(type) { + case string: + bv, ok := b.(string) + return ok && bv == av + case bool: + bv, ok := b.(bool) + return ok && bv == av + case float32: + bv, ok := b.(float32) + return ok && bv == av + case float64: + bv, ok := b.(float64) + return ok && bv == av + case uint: + bv, ok := b.(uint) + return ok && bv == av + case uint8: + bv, ok := b.(uint8) + return ok && bv == av + case uint16: + bv, ok := b.(uint16) + return ok && bv == av + case uint32: + bv, ok := b.(uint32) + return ok && bv == av + case uint64: + bv, ok := b.(uint64) + return ok && bv == av + case int: + bv, ok := b.(int) + return ok && bv == av + case int8: + bv, ok := b.(int8) + return ok && bv == av + case int16: + bv, ok := b.(int16) + return ok && bv == av + case int32: + bv, ok := b.(int32) + return ok && bv == av + case int64: + bv, ok := b.(int64) + return ok && bv == av + case []byte: + bv, ok := b.([]byte) + return ok && bytes.Equal(av, bv) + case []string: + bv, ok := b.([]string) + return ok && slices.Equal(av, bv) + case []int: + bv, ok := b.([]int) + return ok && slices.Equal(av, bv) + case []int32: + bv, ok := b.([]int32) + return ok && slices.Equal(av, bv) + case []int64: + bv, ok := b.([]int64) + return ok && slices.Equal(av, bv) + case []float32: + bv, ok := b.([]float32) + return ok && slices.Equal(av, bv) + case []float64: + bv, ok := b.([]float64) + return ok && slices.Equal(av, bv) + case types.JSONArray[string]: + bv, ok := b.(types.JSONArray[string]) + return ok && slices.Equal(av, bv) + case types.JSONRaw: + bv, ok := b.(types.JSONRaw) + return ok && bytes.Equal(av, bv) + default: + aRaw, err := json.Marshal(a) + if err != nil { + return false + } + + bRaw, err := json.Marshal(b) + if err != nil { + return false + } + + return bytes.Equal(aRaw, bRaw) + } +} + +// Hide hides the specified fields from the public safe serialization of the record. +func (record *Record) Hide(fieldNames ...string) *Record { + for _, name := range fieldNames { + record.customVisibility.Set(name, false) + } + + return record +} + +// Unhide forces to unhide the specified fields from the public safe serialization +// of the record (even when the collection field itself is marked as hidden). +func (record *Record) Unhide(fieldNames ...string) *Record { + for _, name := range fieldNames { + record.customVisibility.Set(name, true) + } + + return record +} + +// PublicExport exports only the record fields that are safe to be public. +// +// To export unknown data fields you need to set record.WithCustomData(true). +// +// For auth records, to force the export of the email field you need to set +// record.IgnoreEmailVisibility(true). +func (record *Record) PublicExport() map[string]any { + export := make(map[string]any, len(record.collection.Fields)+3) + + var isVisible, hasCustomVisibility bool + + customVisibility := record.customVisibility.GetAll() + + // export schema fields + var fieldName string + for _, f := range record.collection.Fields { + fieldName = f.GetName() + + isVisible, hasCustomVisibility = customVisibility[fieldName] + if !hasCustomVisibility { + isVisible = !f.GetHidden() + } + + if !isVisible { + continue + } + + export[fieldName] = record.Get(fieldName) + } + + // export custom fields + if record.exportCustomData { + for k, v := range record.CustomData() { + isVisible, hasCustomVisibility = customVisibility[k] + if !hasCustomVisibility || isVisible { + export[k] = v + } + } + } + + if record.Collection().IsAuth() { + // always hide the password and tokenKey fields + delete(export, FieldNamePassword) + delete(export, FieldNameTokenKey) + + if !record.ignoreEmailVisibility && !record.GetBool(FieldNameEmailVisibility) { + delete(export, FieldNameEmail) + } + } + + // add helper collection reference fields + isVisible, hasCustomVisibility = customVisibility[FieldNameCollectionId] + if !hasCustomVisibility || isVisible { + export[FieldNameCollectionId] = record.collection.Id + } + isVisible, hasCustomVisibility = customVisibility[FieldNameCollectionName] + if !hasCustomVisibility || isVisible { + export[FieldNameCollectionName] = record.collection.Name + } + + // add expand (if non-nil) + isVisible, hasCustomVisibility = customVisibility[FieldNameExpand] + if (!hasCustomVisibility || isVisible) && record.expand != nil { + export[FieldNameExpand] = record.expand.GetAll() + } + + return export +} + +// MarshalJSON implements the [json.Marshaler] interface. +// +// Only the data exported by `PublicExport()` will be serialized. +func (m Record) MarshalJSON() ([]byte, error) { + return json.Marshal(m.PublicExport()) +} + +// UnmarshalJSON implements the [json.Unmarshaler] interface. +func (m *Record) UnmarshalJSON(data []byte) error { + result := map[string]any{} + + if err := json.Unmarshal(data, &result); err != nil { + return err + } + + m.Load(result) + + return nil +} + +// ReplaceModifiers returns a new map with applied modifier +// values based on the current record and the specified data. +// +// The resolved modifier keys will be removed. +// +// Multiple modifiers will be applied one after another, +// while reusing the previous base key value result (ex. 1; -5; +2 => -2). +// +// Note that because Go doesn't guaranteed the iteration order of maps, +// we would explicitly apply shorter keys first for a more consistent and reproducible behavior. +// +// Example usage: +// +// newData := record.ReplaceModifiers(data) +// // record: {"field": 10} +// // data: {"field+": 5} +// // result: {"field": 15} +func (m *Record) ReplaceModifiers(data map[string]any) map[string]any { + if len(data) == 0 { + return data + } + + dataCopy := maps.Clone(data) + + recordCopy := m.Fresh() + + // key orders is not guaranteed so + sortedDataKeys := make([]string, 0, len(data)) + for k := range data { + sortedDataKeys = append(sortedDataKeys, k) + } + sort.SliceStable(sortedDataKeys, func(i int, j int) bool { + return len(sortedDataKeys[i]) < len(sortedDataKeys[j]) + }) + + for _, k := range sortedDataKeys { + field := recordCopy.SetIfFieldExists(k, data[k]) + if field != nil { + // delete the original key in case it is with a modifer (ex. "items+") + delete(dataCopy, k) + + // store the transformed value under the field name + dataCopy[field.GetName()] = recordCopy.Get(field.GetName()) + } + } + + return dataCopy +} + +// ------------------------------------------------------------------- + +func (m *Record) callFieldInterceptors( + ctx context.Context, + app App, + actionName string, + actionFunc func() error, +) error { + // the firing order of the fields doesn't matter + for _, field := range m.Collection().Fields { + if f, ok := field.(RecordInterceptor); ok { + oldfn := actionFunc + actionFunc = func() error { + return f.Intercept(ctx, app, m, actionName, oldfn) + } + } + } + + return actionFunc() +} + +func onRecordValidate(e *RecordEvent) error { + errs := validation.Errors{} + + for _, f := range e.Record.Collection().Fields { + if err := f.ValidateValue(e.Context, e.App, e.Record); err != nil { + errs[f.GetName()] = err + } + } + + if len(errs) > 0 { + return errs + } + + return e.Next() +} + +func onRecordSaveExecute(e *RecordEvent) error { + if e.Record.Collection().IsAuth() { + // ensure that the token key is regenerated on password change or email change + if !e.Record.IsNew() { + lastSavedRecord, err := e.App.FindRecordById(e.Record.Collection(), e.Record.Id) + if err != nil { + return err + } + + if lastSavedRecord.TokenKey() == e.Record.TokenKey() && + (lastSavedRecord.Get(FieldNamePassword) != e.Record.Get(FieldNamePassword) || + lastSavedRecord.Email() != e.Record.Email()) { + e.Record.RefreshTokenKey() + } + } + + // cross-check that the auth record id is unique across all auth collections. + authCollections, err := e.App.FindAllCollections(CollectionTypeAuth) + if err != nil { + return fmt.Errorf("unable to fetch the auth collections for cross-id unique check: %w", err) + } + for _, collection := range authCollections { + if e.Record.Collection().Id == collection.Id { + continue // skip current collection (sqlite will do the check for us) + } + record, _ := e.App.FindRecordById(collection, e.Record.Id) + if record != nil { + return validation.Errors{ + FieldNameId: validation.NewError("validation_invalid_auth_id", "Invalid or duplicated auth record id."), + } + } + } + } + + err := e.Next() + if err == nil { + return nil + } + + return validators.NormalizeUniqueIndexError( + err, + e.Record.Collection().Name, + e.Record.Collection().Fields.FieldNames(), + ) +} + +func onRecordDeleteExecute(e *RecordEvent) error { + // fetch rel references (if any) + // + // note: the select is outside of the transaction to minimize + // SQLITE_BUSY errors when mixing read&write in a single transaction + refs, err := e.App.FindCachedCollectionReferences(e.Record.Collection()) + if err != nil { + return err + } + + originalApp := e.App + txErr := e.App.RunInTransaction(func(txApp App) error { + e.App = txApp + + // delete the record before the relation references to ensure that there + // will be no "A<->B" relations to prevent deadlock when calling DeleteRecord recursively + if err := e.Next(); err != nil { + return err + } + + return cascadeRecordDelete(txApp, e.Record, refs) + }) + e.App = originalApp + + return txErr +} + +// cascadeRecordDelete triggers cascade deletion for the provided references. +// +// NB! This method is expected to be called from inside of a transaction. +func cascadeRecordDelete(app App, mainRecord *Record, refs map[*Collection][]Field) error { + // Sort the refs keys to ensure that the cascade events firing order is always the same. + // This is not necessary for the operation to function correctly but it helps having deterministic output during testing. + sortedRefKeys := make([]*Collection, 0, len(refs)) + for k := range refs { + sortedRefKeys = append(sortedRefKeys, k) + } + sort.Slice(sortedRefKeys, func(i, j int) bool { + return sortedRefKeys[i].Name < sortedRefKeys[j].Name + }) + + for _, refCollection := range sortedRefKeys { + fields, ok := refs[refCollection] + + if !ok || refCollection.IsView() { + continue // skip missing or view collections + } + + recordTableName := inflector.Columnify(refCollection.Name) + + for _, field := range fields { + prefixedFieldName := recordTableName + "." + inflector.Columnify(field.GetName()) + + query := app.RecordQuery(refCollection) + + if opt, ok := field.(MultiValuer); !ok || !opt.IsMultiple() { + query.AndWhere(dbx.HashExp{prefixedFieldName: mainRecord.Id}) + } else { + query.AndWhere(dbx.Exists(dbx.NewExp(fmt.Sprintf( + `SELECT 1 FROM %s {{__je__}} WHERE [[__je__.value]]={:jevalue}`, + dbutils.JSONEach(prefixedFieldName), + ), dbx.Params{ + "jevalue": mainRecord.Id, + }))) + } + + if refCollection.Id == mainRecord.Collection().Id { + query.AndWhere(dbx.Not(dbx.HashExp{recordTableName + ".id": mainRecord.Id})) + } + + // trigger cascade for each batchSize rel items until there is none + batchSize := 4000 + rows := make([]*Record, 0, batchSize) + for { + if err := query.Limit(int64(batchSize)).All(&rows); err != nil { + return err + } + + total := len(rows) + if total == 0 { + break + } + + err := deleteRefRecords(app, mainRecord, rows, field) + if err != nil { + return err + } + + if total < batchSize { + break // no more items + } + + rows = rows[:0] // keep allocated memory + } + } + } + + return nil +} + +// deleteRefRecords checks if related records has to be deleted (if `CascadeDelete` is set) +// OR +// just unset the record id from any relation field values (if they are not required). +// +// NB! This method is expected to be called from inside of a transaction. +func deleteRefRecords(app App, mainRecord *Record, refRecords []*Record, field Field) error { + relField, _ := field.(*RelationField) + if relField == nil { + return errors.New("only RelationField is supported at the moment, got " + field.Type()) + } + + for _, refRecord := range refRecords { + ids := refRecord.GetStringSlice(relField.Name) + + // unset the record id + for i := len(ids) - 1; i >= 0; i-- { + if ids[i] == mainRecord.Id { + ids = append(ids[:i], ids[i+1:]...) + break + } + } + + // cascade delete the reference + // (only if there are no other active references in case of multiple select) + if relField.CascadeDelete && len(ids) == 0 { + if err := app.Delete(refRecord); err != nil { + return err + } + // no further actions are needed (the reference is deleted) + continue + } + + if relField.Required && len(ids) == 0 { + return fmt.Errorf("the record cannot be deleted because it is part of a required reference in record %s (%s collection)", refRecord.Id, refRecord.Collection().Name) + } + + // save the reference changes + // (without validation because it is possible that another relation field to have a reference to a previous deleted record) + refRecord.Set(relField.Name, ids) + if err := app.SaveNoValidate(refRecord); err != nil { + return err + } + } + + return nil +} diff --git a/core/record_model_auth.go b/core/record_model_auth.go new file mode 100644 index 0000000..07858f4 --- /dev/null +++ b/core/record_model_auth.go @@ -0,0 +1,85 @@ +package core + +import "github.com/pocketbase/pocketbase/tools/security" + +// Email returns the "email" record field value (usually available with Auth collections). +func (m *Record) Email() string { + return m.GetString(FieldNameEmail) +} + +// SetEmail sets the "email" record field value (usually available with Auth collections). +func (m *Record) SetEmail(email string) { + m.Set(FieldNameEmail, email) +} + +// Verified returns the "emailVisibility" record field value (usually available with Auth collections). +func (m *Record) EmailVisibility() bool { + return m.GetBool(FieldNameEmailVisibility) +} + +// SetEmailVisibility sets the "emailVisibility" record field value (usually available with Auth collections). +func (m *Record) SetEmailVisibility(visible bool) { + m.Set(FieldNameEmailVisibility, visible) +} + +// Verified returns the "verified" record field value (usually available with Auth collections). +func (m *Record) Verified() bool { + return m.GetBool(FieldNameVerified) +} + +// SetVerified sets the "verified" record field value (usually available with Auth collections). +func (m *Record) SetVerified(verified bool) { + m.Set(FieldNameVerified, verified) +} + +// TokenKey returns the "tokenKey" record field value (usually available with Auth collections). +func (m *Record) TokenKey() string { + return m.GetString(FieldNameTokenKey) +} + +// SetTokenKey sets the "tokenKey" record field value (usually available with Auth collections). +func (m *Record) SetTokenKey(key string) { + m.Set(FieldNameTokenKey, key) +} + +// RefreshTokenKey generates and sets a new random auth record "tokenKey". +func (m *Record) RefreshTokenKey() { + m.Set(FieldNameTokenKey+autogenerateModifier, "") +} + +// SetPassword sets the "password" record field value (usually available with Auth collections). +func (m *Record) SetPassword(password string) { + // note: the tokenKey will be auto changed if necessary before db write + m.Set(FieldNamePassword, password) +} + +// SetRandomPassword sets the "password" auth record field to a random autogenerated value. +// +// The autogenerated password is ~30 characters and it is set directly as hash, +// aka. the field plain password value validators (length, pattern, etc.) are ignored +// (this is usually used as part of the auto created OTP or OAuth2 user flows). +func (m *Record) SetRandomPassword() string { + pass := security.RandomString(30) + + m.Set(FieldNamePassword, pass) + m.RefreshTokenKey() // manually refresh the token key because the plain password is resetted + + // unset the plain value to skip the field validators + if raw, ok := m.GetRaw(FieldNamePassword).(*PasswordFieldValue); ok { + raw.Plain = "" + } + + return pass +} + +// ValidatePassword validates a plain password against the "password" record field. +// +// Returns false if the password is incorrect. +func (m *Record) ValidatePassword(password string) bool { + pv, ok := m.GetRaw(FieldNamePassword).(*PasswordFieldValue) + if !ok { + return false + } + + return pv.Validate(password) +} diff --git a/core/record_model_auth_test.go b/core/record_model_auth_test.go new file mode 100644 index 0000000..f716850 --- /dev/null +++ b/core/record_model_auth_test.go @@ -0,0 +1,160 @@ +package core_test + +import ( + "context" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestRecordEmail(t *testing.T) { + record := core.NewRecord(core.NewAuthCollection("test")) + + if record.Email() != "" { + t.Fatalf("Expected email %q, got %q", "", record.Email()) + } + + email := "test@example.com" + record.SetEmail(email) + + if record.Email() != email { + t.Fatalf("Expected email %q, got %q", email, record.Email()) + } +} + +func TestRecordEmailVisibility(t *testing.T) { + record := core.NewRecord(core.NewAuthCollection("test")) + + if record.EmailVisibility() != false { + t.Fatalf("Expected emailVisibility %v, got %v", false, record.EmailVisibility()) + } + + record.SetEmailVisibility(true) + + if record.EmailVisibility() != true { + t.Fatalf("Expected emailVisibility %v, got %v", true, record.EmailVisibility()) + } +} + +func TestRecordVerified(t *testing.T) { + record := core.NewRecord(core.NewAuthCollection("test")) + + if record.Verified() != false { + t.Fatalf("Expected verified %v, got %v", false, record.Verified()) + } + + record.SetVerified(true) + + if record.Verified() != true { + t.Fatalf("Expected verified %v, got %v", true, record.Verified()) + } +} + +func TestRecordTokenKey(t *testing.T) { + record := core.NewRecord(core.NewAuthCollection("test")) + + if record.TokenKey() != "" { + t.Fatalf("Expected tokenKey %q, got %q", "", record.TokenKey()) + } + + tokenKey := "example" + + record.SetTokenKey(tokenKey) + + if record.TokenKey() != tokenKey { + t.Fatalf("Expected tokenKey %q, got %q", tokenKey, record.TokenKey()) + } + + record.RefreshTokenKey() + + if record.TokenKey() == tokenKey { + t.Fatalf("Expected tokenKey to be random generated, got %q", tokenKey) + } + + if len(record.TokenKey()) != 50 { + t.Fatalf("Expected %d characters, got %d", 50, len(record.TokenKey())) + } +} + +func TestRecordPassword(t *testing.T) { + scenarios := []struct { + name string + password string + expected bool + }{ + { + "empty password", + "", + false, + }, + { + "non-empty password", + "123456", + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + record := core.NewRecord(core.NewAuthCollection("test")) + + if record.ValidatePassword(s.password) { + t.Fatal("[before set] Expected password to be invalid") + } + + record.SetPassword(s.password) + + result := record.ValidatePassword(s.password) + + if result != s.expected { + t.Fatalf("[after set] Expected ValidatePassword %v, got %v", result, s.expected) + } + + // try with a random string to ensure that not any string validates + if record.ValidatePassword(security.PseudorandomString(5)) { + t.Fatal("[random] Expected password to be invalid") + } + }) + } +} + +func TestRecordSetRandomPassword(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + oldTokenKey := "old_tokenKey" + record := core.NewRecord(core.NewAuthCollection("test")) + record.SetTokenKey(oldTokenKey) + + pass := record.SetRandomPassword() + + if pass == "" { + t.Fatal("Expected non-empty generated random password") + } + + if !record.ValidatePassword(pass) { + t.Fatal("Expected the generated random password to be valid") + } + + if record.TokenKey() == oldTokenKey { + t.Fatal("Expected token key to change") + } + + f, ok := record.Collection().Fields.GetByName(core.FieldNamePassword).(*core.PasswordField) + if !ok { + t.Fatal("Expected *core.PasswordField") + } + + // ensure that the field validators will be ignored + f.Min = 1 + f.Max = 2 + f.Pattern = `\d+` + + if err := f.ValidateValue(context.Background(), app, record); err != nil { + t.Fatalf("Expected password field plain value validators to be ignored, got %v", err) + } +} diff --git a/core/record_model_superusers.go b/core/record_model_superusers.go new file mode 100644 index 0000000..8b1da48 --- /dev/null +++ b/core/record_model_superusers.go @@ -0,0 +1,118 @@ +package core + +import ( + "database/sql" + "errors" + "fmt" + + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/router" +) + +const CollectionNameSuperusers = "_superusers" + +// DefaultInstallerEmail is the default superuser email address +// for the initial autogenerated superuser account. +const DefaultInstallerEmail = "__pbinstaller@example.com" + +func (app *BaseApp) registerSuperuserHooks() { + app.OnRecordDelete(CollectionNameSuperusers).Bind(&hook.Handler[*RecordEvent]{ + Id: "pbSuperusersRecordDelete", + Func: func(e *RecordEvent) error { + originalApp := e.App + txErr := e.App.RunInTransaction(func(txApp App) error { + e.App = txApp + + total, err := e.App.CountRecords(CollectionNameSuperusers) + if err != nil { + return fmt.Errorf("failed to fetch total superusers count: %w", err) + } + + if total == 1 { + return router.NewBadRequestError("You can't delete the only existing superuser", nil) + } + + return e.Next() + }) + e.App = originalApp + + return txErr + }, + Priority: -99, + }) + + recordSaveHandler := &hook.Handler[*RecordEvent]{ + Id: "pbSuperusersRecordSaveExec", + Func: func(e *RecordEvent) error { + e.Record.SetVerified(true) // always mark superusers as verified + + if err := e.Next(); err != nil { + return err + } + + // ensure that the installer superuser is deleted + if e.Type == ModelEventTypeCreate && e.Record.Email() != DefaultInstallerEmail { + record, err := app.FindAuthRecordByEmail(CollectionNameSuperusers, DefaultInstallerEmail) + if errors.Is(err, sql.ErrNoRows) { + // already deleted + } else if err != nil { + e.App.Logger().Warn("Failed to fetch installer superuser", "error", err) + } else { + err = e.App.Delete(record) + if err != nil { + e.App.Logger().Warn("Failed to delete installer superuser", "error", err) + } + } + } + + return nil + }, + Priority: -99, + } + app.OnRecordCreateExecute(CollectionNameSuperusers).Bind(recordSaveHandler) + app.OnRecordUpdateExecute(CollectionNameSuperusers).Bind(recordSaveHandler) + + // prevent sending password reset emails to the installer address + app.OnMailerRecordPasswordResetSend(CollectionNameSuperusers).Bind(&hook.Handler[*MailerRecordEvent]{ + Id: "pbSuperusersInstallerPasswordReset", + Func: func(e *MailerRecordEvent) error { + if e.Record.Email() == DefaultInstallerEmail { + return errors.New("cannot reset the password for the installer superuser") + } + + return e.Next() + }, + }) + + collectionSaveHandler := &hook.Handler[*CollectionEvent]{ + Id: "pbSuperusersCollectionSaveExec", + Func: func(e *CollectionEvent) error { + // don't allow name change even if executed with SaveNoValidate + e.Collection.Name = CollectionNameSuperusers + + // for now don't allow superusers OAuth2 since we don't want + // to accidentally create a new superuser by just OAuth2 signin + e.Collection.OAuth2.Enabled = false + e.Collection.OAuth2.Providers = nil + + // force password auth + e.Collection.PasswordAuth.Enabled = true + + // for superusers we don't allow for now standalone OTP auth and always require to be combined with MFA + if e.Collection.OTP.Enabled { + e.Collection.MFA.Enabled = true + } + + return e.Next() + }, + Priority: 99, + } + app.OnCollectionCreateExecute(CollectionNameSuperusers).Bind(collectionSaveHandler) + app.OnCollectionUpdateExecute(CollectionNameSuperusers).Bind(collectionSaveHandler) +} + +// IsSuperuser returns whether the current record is a superuser, aka. +// whether the record is from the _superusers collection. +func (m *Record) IsSuperuser() bool { + return m.Collection().Name == CollectionNameSuperusers +} diff --git a/core/record_model_superusers_test.go b/core/record_model_superusers_test.go new file mode 100644 index 0000000..db8a70a --- /dev/null +++ b/core/record_model_superusers_test.go @@ -0,0 +1,48 @@ +package core_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func TestRecordIsSuperUser(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + record *core.Record + expected bool + }{ + {demo1, false}, + {user, false}, + {superuser, true}, + } + + for _, s := range scenarios { + t.Run(s.record.Collection().Name, func(t *testing.T) { + result := s.record.IsSuperuser() + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} diff --git a/core/record_model_test.go b/core/record_model_test.go new file mode 100644 index 0000000..4d44603 --- /dev/null +++ b/core/record_model_test.go @@ -0,0 +1,2460 @@ +package core_test + +import ( + "bytes" + "context" + "database/sql" + "encoding/json" + "errors" + "fmt" + "regexp" + "slices" + "strconv" + "strings" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" +) + +func TestNewRecord(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Fields.Add(&core.BoolField{Name: "status"}) + + m := core.NewRecord(collection) + + rawData, err := json.Marshal(m.FieldsData()) // should be initialized with the defaults + if err != nil { + t.Fatal(err) + } + + expected := `{"id":"","status":false}` + + if str := string(rawData); str != expected { + t.Fatalf("Expected schema data\n%v\ngot\n%v", expected, str) + } +} + +func TestRecordCollection(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + + m := core.NewRecord(collection) + + if m.Collection().Name != collection.Name { + t.Fatalf("Expected collection with name %q, got %q", collection.Name, m.Collection().Name) + } +} + +func TestRecordTableName(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + + m := core.NewRecord(collection) + + if m.TableName() != collection.Name { + t.Fatalf("Expected table %q, got %q", collection.Name, m.TableName()) + } +} + +func TestRecordPostScan(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test_collection") + collection.Fields.Add(&core.TextField{Name: "test"}) + + m := core.NewRecord(collection) + + // calling PostScan without id + err := m.PostScan() + if err == nil { + t.Fatal("Expected PostScan id error, got nil") + } + + m.Id = "test_id" + m.Set("test", "abc") + + if v := m.IsNew(); v != true { + t.Fatalf("[before PostScan] Expected IsNew %v, got %v", true, v) + } + if v := m.Original().PK(); v != "" { + t.Fatalf("[before PostScan] Expected the original PK to be empty string, got %v", v) + } + if v := m.Original().Get("test"); v != "" { + t.Fatalf("[before PostScan] Expected the original 'test' field to be empty string, got %v", v) + } + + err = m.PostScan() + if err != nil { + t.Fatalf("Expected PostScan nil error, got %v", err) + } + + if v := m.IsNew(); v != false { + t.Fatalf("[after PostScan] Expected IsNew %v, got %v", false, v) + } + if v := m.Original().PK(); v != "test_id" { + t.Fatalf("[after PostScan] Expected the original PK to be %q, got %v", "test_id", v) + } + if v := m.Original().Get("test"); v != "abc" { + t.Fatalf("[after PostScan] Expected the original 'test' field to be %q, got %v", "abc", v) + } +} + +func TestRecordHookTags(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + + m := core.NewRecord(collection) + + tags := m.HookTags() + + expectedTags := []string{collection.Id, collection.Name} + + if len(tags) != len(expectedTags) { + t.Fatalf("Expected tags\n%v\ngot\n%v", expectedTags, tags) + } + + for _, tag := range tags { + if !slices.Contains(expectedTags, tag) { + t.Errorf("Missing expected tag %q", tag) + } + } +} + +func TestRecordBaseFilesPath(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + + m := core.NewRecord(collection) + m.Id = "abc" + + result := m.BaseFilesPath() + expected := collection.BaseFilesPath() + "/" + m.Id + if result != expected { + t.Fatalf("Expected %q, got %q", expected, result) + } +} + +func TestRecordOriginal(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + originalId := record.Id + originalName := record.GetString("name") + + extraFieldsCheck := []string{`"email":`, `"custom":`} + + // change the fields + record.Id = "changed" + record.Set("name", "name_new") + record.Set("custom", "test_custom") + record.SetExpand(map[string]any{"test": 123}) + record.IgnoreEmailVisibility(true) + record.IgnoreUnchangedFields(true) + record.WithCustomData(true) + record.Unhide(record.Collection().Fields.FieldNames()...) + + // ensure that the email visibility and the custom data toggles are active + raw, err := record.MarshalJSON() + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + for _, f := range extraFieldsCheck { + if !strings.Contains(rawStr, f) { + t.Fatalf("Expected %s in\n%s", f, rawStr) + } + } + + // check changes + if v := record.GetString("name"); v != "name_new" { + t.Fatalf("Expected name to be %q, got %q", "name_new", v) + } + if v := record.GetString("custom"); v != "test_custom" { + t.Fatalf("Expected custom to be %q, got %q", "test_custom", v) + } + + // check original + if v := record.Original().PK(); v != originalId { + t.Fatalf("Expected the original PK to be %q, got %q", originalId, v) + } + if v := record.Original().Id; v != originalId { + t.Fatalf("Expected the original id to be %q, got %q", originalId, v) + } + if v := record.Original().GetString("name"); v != originalName { + t.Fatalf("Expected the original name to be %q, got %q", originalName, v) + } + if v := record.Original().GetString("custom"); v != "" { + t.Fatalf("Expected the original custom to be %q, got %q", "", v) + } + if v := record.Original().Expand(); len(v) != 0 { + t.Fatalf("Expected empty original expand, got\n%v", v) + } + + // ensure that the email visibility and the custom flag toggles weren't copied + originalRaw, err := record.Original().MarshalJSON() + if err != nil { + t.Fatal(err) + } + originalRawStr := string(originalRaw) + for _, f := range extraFieldsCheck { + if strings.Contains(originalRawStr, f) { + t.Fatalf("Didn't expected %s in original\n%s", f, originalRawStr) + } + } + + // loading new data shouldn't affect the original state + record.Load(map[string]any{"name": "name_new2"}) + + if v := record.GetString("name"); v != "name_new2" { + t.Fatalf("Expected name to be %q, got %q", "name_new2", v) + } + + if v := record.Original().GetString("name"); v != originalName { + t.Fatalf("Expected the original name still to be %q, got %q", originalName, v) + } +} + +func TestRecordFresh(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + originalId := record.Id + + extraFieldsCheck := []string{`"email":`, `"custom":`} + + autodateTest := types.NowDateTime() + + // change the fields + record.Id = "changed" + record.Set("name", "name_new") + record.Set("custom", "test_custom") + record.SetRaw("created", autodateTest) + record.SetExpand(map[string]any{"test": 123}) + record.IgnoreEmailVisibility(true) + record.IgnoreUnchangedFields(true) + record.WithCustomData(true) + record.Unhide(record.Collection().Fields.FieldNames()...) + + // ensure that the email visibility and the custom data toggles are active + raw, err := record.MarshalJSON() + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + for _, f := range extraFieldsCheck { + if !strings.Contains(rawStr, f) { + t.Fatalf("Expected %s in\n%s", f, rawStr) + } + } + + // check changes + if v := record.GetString("name"); v != "name_new" { + t.Fatalf("Expected name to be %q, got %q", "name_new", v) + } + if v := record.GetDateTime("created").String(); v != autodateTest.String() { + t.Fatalf("Expected created to be %q, got %q", autodateTest.String(), v) + } + if v := record.GetString("custom"); v != "test_custom" { + t.Fatalf("Expected custom to be %q, got %q", "test_custom", v) + } + + // check fresh + if v := record.Fresh().LastSavedPK(); v != originalId { + t.Fatalf("Expected the fresh LastSavedPK to be %q, got %q", originalId, v) + } + if v := record.Fresh().PK(); v != record.Id { + t.Fatalf("Expected the fresh PK to be %q, got %q", record.Id, v) + } + if v := record.Fresh().Id; v != record.Id { + t.Fatalf("Expected the fresh id to be %q, got %q", record.Id, v) + } + if v := record.Fresh().GetString("name"); v != record.GetString("name") { + t.Fatalf("Expected the fresh name to be %q, got %q", record.GetString("name"), v) + } + if v := record.Fresh().GetDateTime("created").String(); v != autodateTest.String() { + t.Fatalf("Expected the fresh created to be %q, got %q", autodateTest.String(), v) + } + if v := record.Fresh().GetDateTime("updated").String(); v != record.GetDateTime("updated").String() { + t.Fatalf("Expected the fresh updated to be %q, got %q", record.GetDateTime("updated").String(), v) + } + if v := record.Fresh().GetString("custom"); v != "" { + t.Fatalf("Expected the fresh custom to be %q, got %q", "", v) + } + if v := record.Fresh().Expand(); len(v) != 0 { + t.Fatalf("Expected empty fresh expand, got\n%v", v) + } + + // ensure that the email visibility and the custom flag toggles weren't copied + freshRaw, err := record.Fresh().MarshalJSON() + if err != nil { + t.Fatal(err) + } + freshRawStr := string(freshRaw) + for _, f := range extraFieldsCheck { + if strings.Contains(freshRawStr, f) { + t.Fatalf("Didn't expected %s in fresh\n%s", f, freshRawStr) + } + } +} + +func TestRecordClone(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + originalId := record.Id + + extraFieldsCheck := []string{`"email":`, `"custom":`} + + autodateTest := types.NowDateTime() + + // change the fields + record.Id = "changed" + record.Set("name", "name_new") + record.Set("custom", "test_custom") + record.SetRaw("created", autodateTest) + record.SetExpand(map[string]any{"test": 123}) + record.IgnoreEmailVisibility(true) + record.WithCustomData(true) + record.Unhide(record.Collection().Fields.FieldNames()...) + + // ensure that the email visibility and the custom data toggles are active + raw, err := record.MarshalJSON() + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + for _, f := range extraFieldsCheck { + if !strings.Contains(rawStr, f) { + t.Fatalf("Expected %s in\n%s", f, rawStr) + } + } + + // check changes + if v := record.GetString("name"); v != "name_new" { + t.Fatalf("Expected name to be %q, got %q", "name_new", v) + } + if v := record.GetDateTime("created").String(); v != autodateTest.String() { + t.Fatalf("Expected created to be %q, got %q", autodateTest.String(), v) + } + if v := record.GetString("custom"); v != "test_custom" { + t.Fatalf("Expected custom to be %q, got %q", "test_custom", v) + } + + // check clone + if v := record.Clone().LastSavedPK(); v != originalId { + t.Fatalf("Expected the clone LastSavedPK to be %q, got %q", originalId, v) + } + if v := record.Clone().PK(); v != record.Id { + t.Fatalf("Expected the clone PK to be %q, got %q", record.Id, v) + } + if v := record.Clone().Id; v != record.Id { + t.Fatalf("Expected the clone id to be %q, got %q", record.Id, v) + } + if v := record.Clone().GetString("name"); v != record.GetString("name") { + t.Fatalf("Expected the clone name to be %q, got %q", record.GetString("name"), v) + } + if v := record.Clone().GetDateTime("created").String(); v != autodateTest.String() { + t.Fatalf("Expected the clone created to be %q, got %q", autodateTest.String(), v) + } + if v := record.Clone().GetDateTime("updated").String(); v != record.GetDateTime("updated").String() { + t.Fatalf("Expected the clone updated to be %q, got %q", record.GetDateTime("updated").String(), v) + } + if v := record.Clone().GetString("custom"); v != "test_custom" { + t.Fatalf("Expected the clone custom to be %q, got %q", "test_custom", v) + } + if _, ok := record.Clone().Expand()["test"]; !ok { + t.Fatalf("Expected non-empty clone expand") + } + + // ensure that the email visibility and the custom data toggles state were copied + cloneRaw, err := record.Clone().MarshalJSON() + if err != nil { + t.Fatal(err) + } + cloneRawStr := string(cloneRaw) + for _, f := range extraFieldsCheck { + if !strings.Contains(cloneRawStr, f) { + t.Fatalf("Expected %s in clone\n%s", f, cloneRawStr) + } + } +} + +func TestRecordExpand(t *testing.T) { + t.Parallel() + + record := core.NewRecord(core.NewBaseCollection("test")) + + expand := record.Expand() + if expand == nil || len(expand) != 0 { + t.Fatalf("Expected empty map expand, got %v", expand) + } + + data1 := map[string]any{"a": 123, "b": 456} + data2 := map[string]any{"c": 123} + record.SetExpand(data1) + record.SetExpand(data2) // should overwrite the previous call + + // modify the expand map to check for shallow copy + data2["d"] = 456 + + expand = record.Expand() + if len(expand) != 1 { + t.Fatalf("Expected empty map expand, got %v", expand) + } + if v := expand["c"]; v != 123 { + t.Fatalf("Expected to find expand.c %v, got %v", 123, v) + } +} + +func TestRecordMergeExpand(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Id = "_pbc_123" + + m := core.NewRecord(collection) + m.Id = "m" + + // a + a := core.NewRecord(collection) + a.Id = "a" + a1 := core.NewRecord(collection) + a1.Id = "a1" + a2 := core.NewRecord(collection) + a2.Id = "a2" + a3 := core.NewRecord(collection) + a3.Id = "a3" + a31 := core.NewRecord(collection) + a31.Id = "a31" + a32 := core.NewRecord(collection) + a32.Id = "a32" + a.SetExpand(map[string]any{ + "a1": a1, + "a23": []*core.Record{a2, a3}, + }) + a3.SetExpand(map[string]any{ + "a31": a31, + "a32": []*core.Record{a32}, + }) + + // b + b := core.NewRecord(collection) + b.Id = "b" + b1 := core.NewRecord(collection) + b1.Id = "b1" + b.SetExpand(map[string]any{ + "b1": b1, + }) + + // c + c := core.NewRecord(collection) + c.Id = "c" + + // load initial expand + m.SetExpand(map[string]any{ + "a": a, + "b": b, + "c": []*core.Record{c}, + }) + + // a (new) + aNew := core.NewRecord(collection) + aNew.Id = a.Id + a3New := core.NewRecord(collection) + a3New.Id = a3.Id + a32New := core.NewRecord(collection) + a32New.Id = "a32New" + a33New := core.NewRecord(collection) + a33New.Id = "a33New" + a3New.SetExpand(map[string]any{ + "a32": []*core.Record{a32New}, + "a33New": a33New, + }) + aNew.SetExpand(map[string]any{ + "a23": []*core.Record{a2, a3New}, + }) + + // b (new) + bNew := core.NewRecord(collection) + bNew.Id = "bNew" + dNew := core.NewRecord(collection) + dNew.Id = "dNew" + + // merge expands + m.MergeExpand(map[string]any{ + "a": aNew, + "b": []*core.Record{bNew}, + "dNew": dNew, + }) + + result := m.Expand() + + raw, err := json.Marshal(result) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + expected := `{"a":{"collectionId":"_pbc_123","collectionName":"test","expand":{"a1":{"collectionId":"_pbc_123","collectionName":"test","id":"a1"},"a23":[{"collectionId":"_pbc_123","collectionName":"test","id":"a2"},{"collectionId":"_pbc_123","collectionName":"test","expand":{"a31":{"collectionId":"_pbc_123","collectionName":"test","id":"a31"},"a32":[{"collectionId":"_pbc_123","collectionName":"test","id":"a32"},{"collectionId":"_pbc_123","collectionName":"test","id":"a32New"}],"a33New":{"collectionId":"_pbc_123","collectionName":"test","id":"a33New"}},"id":"a3"}]},"id":"a"},"b":[{"collectionId":"_pbc_123","collectionName":"test","expand":{"b1":{"collectionId":"_pbc_123","collectionName":"test","id":"b1"}},"id":"b"},{"collectionId":"_pbc_123","collectionName":"test","id":"bNew"}],"c":[{"collectionId":"_pbc_123","collectionName":"test","id":"c"}],"dNew":{"collectionId":"_pbc_123","collectionName":"test","id":"dNew"}}` + + if expected != rawStr { + t.Fatalf("Expected \n%v, \ngot \n%v", expected, rawStr) + } +} + +func TestRecordMergeExpandNilCheck(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Id = "_pbc_123" + + scenarios := []struct { + name string + expand map[string]any + expected string + }{ + { + "nil expand", + nil, + `{"collectionId":"_pbc_123","collectionName":"test","id":""}`, + }, + { + "empty expand", + map[string]any{}, + `{"collectionId":"_pbc_123","collectionName":"test","id":""}`, + }, + { + "non-empty expand", + map[string]any{"test": core.NewRecord(collection)}, + `{"collectionId":"_pbc_123","collectionName":"test","expand":{"test":{"collectionId":"_pbc_123","collectionName":"test","id":""}},"id":""}`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + m := core.NewRecord(collection) + m.MergeExpand(s.expand) + + raw, err := json.Marshal(m) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected \n%v, \ngot \n%v", s.expected, rawStr) + } + }) + } +} + +func TestRecordExpandedOne(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + + main := core.NewRecord(collection) + + single := core.NewRecord(collection) + single.Id = "single" + + multiple1 := core.NewRecord(collection) + multiple1.Id = "multiple1" + + multiple2 := core.NewRecord(collection) + multiple2.Id = "multiple2" + + main.SetExpand(map[string]any{ + "single": single, + "multiple": []*core.Record{multiple1, multiple2}, + }) + + if v := main.ExpandedOne("missing"); v != nil { + t.Fatalf("Expected nil, got %v", v) + } + + if v := main.ExpandedOne("single"); v == nil || v.Id != "single" { + t.Fatalf("Expected record with id %q, got %v", "single", v) + } + + if v := main.ExpandedOne("multiple"); v == nil || v.Id != "multiple1" { + t.Fatalf("Expected record with id %q, got %v", "multiple1", v) + } +} + +func TestRecordExpandedAll(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + + main := core.NewRecord(collection) + + single := core.NewRecord(collection) + single.Id = "single" + + multiple1 := core.NewRecord(collection) + multiple1.Id = "multiple1" + + multiple2 := core.NewRecord(collection) + multiple2.Id = "multiple2" + + main.SetExpand(map[string]any{ + "single": single, + "multiple": []*core.Record{multiple1, multiple2}, + }) + + if v := main.ExpandedAll("missing"); v != nil { + t.Fatalf("Expected nil, got %v", v) + } + + if v := main.ExpandedAll("single"); len(v) != 1 || v[0].Id != "single" { + t.Fatalf("Expected [single] slice, got %v", v) + } + + if v := main.ExpandedAll("multiple"); len(v) != 2 || v[0].Id != "multiple1" || v[1].Id != "multiple2" { + t.Fatalf("Expected [multiple1, multiple2] slice, got %v", v) + } +} + +func TestRecordFieldsData(t *testing.T) { + t.Parallel() + + collection := core.NewAuthCollection("test") + collection.Fields.Add(&core.TextField{Name: "field1"}) + collection.Fields.Add(&core.TextField{Name: "field2"}) + + m := core.NewRecord(collection) + m.Id = "test_id" // direct id assignment + m.Set("email", "test@example.com") + m.Set("password", "123") // hidden fields should be also returned + m.Set("tokenKey", "789") + m.Set("field1", 123) + m.Set("field2", 456) + m.Set("unknown", 789) + + raw, err := json.Marshal(m.FieldsData()) + if err != nil { + t.Fatal(err) + } + + expected := `{"email":"test@example.com","emailVisibility":false,"field1":"123","field2":"456","id":"test_id","password":"123","tokenKey":"789","verified":false}` + + if v := string(raw); v != expected { + t.Fatalf("Expected\n%v\ngot\n%v", expected, v) + } +} + +func TestRecordCustomData(t *testing.T) { + t.Parallel() + + collection := core.NewAuthCollection("test") + collection.Fields.Add(&core.TextField{Name: "field1"}) + collection.Fields.Add(&core.TextField{Name: "field2"}) + + m := core.NewRecord(collection) + m.Id = "test_id" // direct id assignment + m.Set("email", "test@example.com") + m.Set("password", "123") // hidden fields should be also returned + m.Set("tokenKey", "789") + m.Set("field1", 123) + m.Set("field2", 456) + m.Set("unknown", 789) + + raw, err := json.Marshal(m.CustomData()) + if err != nil { + t.Fatal(err) + } + + expected := `{"unknown":789}` + + if v := string(raw); v != expected { + t.Fatalf("Expected\n%v\ngot\n%v", expected, v) + } +} + +func TestRecordSetGet(t *testing.T) { + t.Parallel() + + f1 := &mockField{} + f1.Name = "mock1" + + f2 := &mockField{} + f2.Name = "mock2" + + f3 := &mockField{} + f3.Name = "mock3" + + collection := core.NewBaseCollection("test") + collection.Fields.Add(&core.TextField{Name: "text1"}) + collection.Fields.Add(&core.TextField{Name: "text2"}) + collection.Fields.Add(f1) + collection.Fields.Add(f2) + collection.Fields.Add(f3) + + record := core.NewRecord(collection) + record.Set("text1", 123) // should be converted to string using the ScanValue fallback + record.SetRaw("text2", 456) + record.Set("mock1", 1) // should be converted to string using the setter + record.SetRaw("mock2", 1) + record.Set("mock3:test", "abc") + record.Set("unknown", 789) + + t.Run("GetRaw", func(t *testing.T) { + expected := map[string]any{ + "text1": "123", + "text2": 456, + "mock1": "1", + "mock2": 1, + "mock3": "modifier_set", + "mock3:test": nil, + "unknown": 789, + } + + for k, v := range expected { + raw := record.GetRaw(k) + if raw != v { + t.Errorf("Expected %q to be %v, got %v", k, v, raw) + } + } + }) + + t.Run("Get", func(t *testing.T) { + expected := map[string]any{ + "text1": "123", + "text2": 456, + "mock1": "1", + "mock2": 1, + "mock3": "modifier_set", + "mock3:test": "modifier_get", + "unknown": 789, + } + + for k, v := range expected { + get := record.Get(k) + if get != v { + t.Errorf("Expected %q to be %v, got %v", k, v, get) + } + } + }) +} + +func TestRecordLoad(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Fields.Add(&core.TextField{Name: "text"}) + + record := core.NewRecord(collection) + record.Load(map[string]any{ + "text": 123, + "custom": 456, + }) + + expected := map[string]any{ + "text": "123", + "custom": 456, + } + + for k, v := range expected { + get := record.Get(k) + if get != v { + t.Errorf("Expected %q to be %#v, got %#v", k, v, get) + } + } +} + +func TestRecordGetBool(t *testing.T) { + t.Parallel() + + scenarios := []struct { + value any + expected bool + }{ + {nil, false}, + {"", false}, + {0, false}, + {1, true}, + {[]string{"true"}, false}, + {time.Now(), false}, + {"test", false}, + {"false", false}, + {"true", true}, + {false, false}, + {true, true}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + result := record.GetBool("test") + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestRecordGetString(t *testing.T) { + t.Parallel() + + scenarios := []struct { + value any + expected string + }{ + {nil, ""}, + {"", ""}, + {0, "0"}, + {1.4, "1.4"}, + {[]string{"true"}, ""}, + {map[string]int{"test": 1}, ""}, + {[]byte("abc"), "abc"}, + {"test", "test"}, + {false, "false"}, + {true, "true"}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + result := record.GetString("test") + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestRecordGetInt(t *testing.T) { + t.Parallel() + + scenarios := []struct { + value any + expected int + }{ + {nil, 0}, + {"", 0}, + {[]string{"true"}, 0}, + {map[string]int{"test": 1}, 0}, + {time.Now(), 0}, + {"test", 0}, + {123, 123}, + {2.4, 2}, + {"123", 123}, + {"123.5", 0}, + {false, 0}, + {true, 1}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + result := record.GetInt("test") + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestRecordGetFloat(t *testing.T) { + t.Parallel() + + scenarios := []struct { + value any + expected float64 + }{ + {nil, 0}, + {"", 0}, + {[]string{"true"}, 0}, + {map[string]int{"test": 1}, 0}, + {time.Now(), 0}, + {"test", 0}, + {123, 123}, + {2.4, 2.4}, + {"123", 123}, + {"123.5", 123.5}, + {false, 0}, + {true, 1}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + result := record.GetFloat("test") + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestRecordGetDateTime(t *testing.T) { + t.Parallel() + + nowTime := time.Now() + testTime, _ := time.Parse(types.DefaultDateLayout, "2022-01-01 08:00:40.000Z") + + scenarios := []struct { + value any + expected time.Time + }{ + {nil, time.Time{}}, + {"", time.Time{}}, + {false, time.Time{}}, + {true, time.Time{}}, + {"test", time.Time{}}, + {[]string{"true"}, time.Time{}}, + {map[string]int{"test": 1}, time.Time{}}, + {1641024040, testTime}, + {"2022-01-01 08:00:40.000", testTime}, + {nowTime, nowTime}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + result := record.GetDateTime("test") + if !result.Time().Equal(s.expected) { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestRecordGetStringSlice(t *testing.T) { + t.Parallel() + + nowTime := time.Now() + + scenarios := []struct { + value any + expected []string + }{ + {nil, []string{}}, + {"", []string{}}, + {false, []string{"false"}}, + {true, []string{"true"}}, + {nowTime, []string{}}, + {123, []string{"123"}}, + {"test", []string{"test"}}, + {map[string]int{"test": 1}, []string{}}, + {`["test1", "test2"]`, []string{"test1", "test2"}}, + {[]int{123, 123, 456}, []string{"123", "456"}}, + {[]string{"test", "test", "123"}, []string{"test", "123"}}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + result := record.GetStringSlice("test") + + if len(result) != len(s.expected) { + t.Fatalf("Expected %d elements, got %d: %v", len(s.expected), len(result), result) + } + + for _, v := range result { + if !slices.Contains(s.expected, v) { + t.Fatalf("Cannot find %v in %v", v, s.expected) + } + } + }) + } +} + +func TestRecordGetGeoPoint(t *testing.T) { + t.Parallel() + + scenarios := []struct { + value any + expected string + }{ + {nil, `{"lon":0,"lat":0}`}, + {"", `{"lon":0,"lat":0}`}, + {0, `{"lon":0,"lat":0}`}, + {false, `{"lon":0,"lat":0}`}, + {"{}", `{"lon":0,"lat":0}`}, + {"[]", `{"lon":0,"lat":0}`}, + {[]int{1, 2}, `{"lon":0,"lat":0}`}, + {map[string]any{"lon": 1, "lat": 2}, `{"lon":1,"lat":2}`}, + {[]byte(`{"lon":1,"lat":2}`), `{"lon":1,"lat":2}`}, + {`{"lon":1,"lat":2}`, `{"lon":1,"lat":2}`}, + {types.GeoPoint{Lon: 1, Lat: 2}, `{"lon":1,"lat":2}`}, + {&types.GeoPoint{Lon: 1, Lat: 2}, `{"lon":1,"lat":2}`}, + } + + collection := core.NewBaseCollection("test") + record := core.NewRecord(collection) + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("test", s.value) + + pointStr := record.GetGeoPoint("test").String() + + if pointStr != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, pointStr) + } + }) + } +} + +func TestRecordGetUnsavedFiles(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f1, err := filesystem.NewFileFromBytes([]byte("test"), "f1") + if err != nil { + t.Fatal(err) + } + f1.Name = "f1" + + f2, err := filesystem.NewFileFromBytes([]byte("test"), "f2") + if err != nil { + t.Fatal(err) + } + f2.Name = "f2" + + record, err := app.FindRecordById("demo3", "lcl9d87w22ml6jy") + if err != nil { + t.Fatal(err) + } + record.Set("files+", []any{f1, f2}) + + scenarios := []struct { + key string + expected string + }{ + { + "", + "null", + }, + { + "title", + "null", + }, + { + "files", + `[{"name":"f1","originalName":"f1","size":4},{"name":"f2","originalName":"f2","size":4}]`, + }, + { + "files:unsaved", + `[{"name":"f1","originalName":"f1","size":4},{"name":"f2","originalName":"f2","size":4}]`, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.key), func(t *testing.T) { + v := record.GetUnsavedFiles(s.key) + + raw, err := json.Marshal(v) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, rawStr) + } + }) + } +} + +func TestRecordUnmarshalJSONField(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Fields.Add(&core.JSONField{Name: "field"}) + + record := core.NewRecord(collection) + + var testPointer *string + var testStr string + var testInt int + var testBool bool + var testSlice []int + var testMap map[string]any + + scenarios := []struct { + value any + destination any + expectError bool + expectedJSON string + }{ + {nil, testPointer, false, `null`}, + {nil, testStr, false, `""`}, + {"", testStr, false, `""`}, + {1, testInt, false, `1`}, + {true, testBool, false, `true`}, + {[]int{1, 2, 3}, testSlice, false, `[1,2,3]`}, + {map[string]any{"test": 123}, testMap, false, `{"test":123}`}, + // json encoded values + {`null`, testPointer, false, `null`}, + {`true`, testBool, false, `true`}, + {`456`, testInt, false, `456`}, + {`"test"`, testStr, false, `"test"`}, + {`[4,5,6]`, testSlice, false, `[4,5,6]`}, + {`{"test":456}`, testMap, false, `{"test":456}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + record.Set("field", s.value) + + err := record.UnmarshalJSONField("field", &s.destination) + hasErr := err != nil + + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + + raw, _ := json.Marshal(s.destination) + if v := string(raw); v != s.expectedJSON { + t.Fatalf("Expected %q, got %q", s.expectedJSON, v) + } + }) + } +} + +func TestRecordFindFileFieldByFile(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Fields.Add( + &core.TextField{Name: "field1"}, + &core.FileField{Name: "field2", MaxSelect: 1, MaxSize: 1}, + &core.FileField{Name: "field3", MaxSelect: 2, MaxSize: 1}, + ) + + m := core.NewRecord(collection) + m.Set("field1", "test") + m.Set("field2", "test.png") + m.Set("field3", []string{"test1.png", "test2.png"}) + + scenarios := []struct { + filename string + expectField string + }{ + {"", ""}, + {"test", ""}, + {"test2", ""}, + {"test.png", "field2"}, + {"test2.png", "field3"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.filename), func(t *testing.T) { + result := m.FindFileFieldByFile(s.filename) + + var fieldName string + if result != nil { + fieldName = result.Name + } + + if s.expectField != fieldName { + t.Fatalf("Expected field %v, got %v", s.expectField, result) + } + }) + } +} + +func TestRecordDBExport(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + f1 := &core.TextField{Name: "field1"} + f2 := &core.FileField{Name: "field2", MaxSelect: 1, MaxSize: 1} + f3 := &core.SelectField{Name: "field3", MaxSelect: 2, Values: []string{"test1", "test2", "test3"}} + f4 := &core.RelationField{Name: "field4", MaxSelect: 2} + + colBase := core.NewBaseCollection("test_base") + colBase.Fields.Add(f1, f2, f3, f4) + + colAuth := core.NewAuthCollection("test_auth") + colAuth.Fields.Add(f1, f2, f3, f4) + + scenarios := []struct { + collection *core.Collection + expected string + }{ + { + colBase, + `{"field1":"test","field2":"test.png","field3":["test1","test2"],"field4":["test11","test12"],"id":"test_id"}`, + }, + { + colAuth, + `{"email":"test_email","emailVisibility":true,"field1":"test","field2":"test.png","field3":["test1","test2"],"field4":["test11","test12"],"id":"test_id","password":"_TEST_","tokenKey":"test_tokenKey","verified":false}`, + }, + } + + data := map[string]any{ + "id": "test_id", + "field1": "test", + "field2": "test.png", + "field3": []string{"test1", "test2"}, + "field4": []string{"test11", "test12", "test11"}, // strip duplicate, + "unknown": "test_unknown", + "password": "test_passwordHash", + "username": "test_username", + "emailVisibility": true, + "email": "test_email", + "verified": "invalid", // should be casted + "tokenKey": "test_tokenKey", + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.collection.Type, s.collection.Name), func(t *testing.T) { + record := core.NewRecord(s.collection) + + record.Load(data) + + result, err := record.DBExport(app) + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(result) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + // replace _TEST_ placeholder with .+ regex pattern + pattern := regexp.MustCompile(strings.ReplaceAll( + "^"+regexp.QuoteMeta(s.expected)+"$", + "_TEST_", + `.+`, + )) + + if !pattern.MatchString(rawStr) { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, rawStr) + } + }) + } +} + +func TestRecordIgnoreUnchangedFields(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + new := core.NewRecord(col) + + existing, err := app.FindRecordById(col, "mk5fmymtx4wsprk") + if err != nil { + t.Fatal(err) + } + existing.Set("title", "test_new") + existing.Set("files", existing.Get("files")) // no change + + scenarios := []struct { + ignoreUnchangedFields bool + record *core.Record + expected []string + }{ + { + false, + new, + []string{"id", "created", "updated", "title", "files"}, + }, + { + true, + new, + []string{"id", "created", "updated", "title", "files"}, + }, + { + false, + existing, + []string{"id", "created", "updated", "title", "files"}, + }, + { + true, + existing, + []string{"id", "title"}, + }, + } + + for i, s := range scenarios { + action := "create" + if !s.record.IsNew() { + action = "update" + } + + t.Run(fmt.Sprintf("%d_%s_%v", i, action, s.ignoreUnchangedFields), func(t *testing.T) { + s.record.IgnoreUnchangedFields(s.ignoreUnchangedFields) + + result, err := s.record.DBExport(app) + if err != nil { + t.Fatal(err) + } + + if len(result) != len(s.expected) { + t.Fatalf("Expected %d keys, got %d:\n%v", len(s.expected), len(result), result) + } + + for _, key := range s.expected { + if _, ok := result[key]; !ok { + t.Fatalf("Missing expected key %q in\n%v", key, result) + } + } + }) + } +} + +func TestRecordPublicExportAndMarshalJSON(t *testing.T) { + t.Parallel() + + f1 := &core.TextField{Name: "field1"} + f2 := &core.FileField{Name: "field2", MaxSelect: 1, MaxSize: 1} + f3 := &core.SelectField{Name: "field3", MaxSelect: 2, Values: []string{"test1", "test2", "test3"}} + f4 := &core.TextField{Name: "field4", Hidden: true} + f5 := &core.TextField{Name: "field5", Hidden: true} + + colBase := core.NewBaseCollection("test_base") + colBase.Id = "_pbc_base_123" + colBase.Fields.Add(f1, f2, f3, f4, f5) + + colAuth := core.NewAuthCollection("test_auth") + colAuth.Id = "_pbc_auth_123" + colAuth.Fields.Add(f1, f2, f3, f4, f5) + + scenarios := []struct { + name string + collection *core.Collection + ignoreEmailVisibility bool + withCustomData bool + hideFields []string + unhideFields []string + expectedJSON string + }{ + // base + { + "[base] no extra flags", + colBase, + false, + false, + nil, + nil, + `{"collectionId":"_pbc_base_123","collectionName":"test_base","expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"id":"test_id"}`, + }, + { + "[base] with email visibility", + colBase, + true, // should have no effect + false, + nil, + nil, + `{"collectionId":"_pbc_base_123","collectionName":"test_base","expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"id":"test_id"}`, + }, + { + "[base] with custom data", + colBase, + true, // should have no effect + true, + nil, + nil, + `{"collectionId":"_pbc_base_123","collectionName":"test_base","email":"test_email","emailVisibility":"test_invalid","expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"id":"test_id","password":"test_passwordHash","tokenKey":"test_tokenKey","unknown":"test_unknown","verified":true}`, + }, + { + "[base] with explicit hide and unhide fields", + colBase, + false, + true, + []string{"field3", "field1", "expand", "collectionId", "collectionName", "email", "tokenKey", "unknown"}, + []string{"field4", "@pbInternalAbc"}, + `{"emailVisibility":"test_invalid","field2":"field_2.png","field4":"field_4","id":"test_id","password":"test_passwordHash","verified":true}`, + }, + { + "[base] trying to unhide custom fields without explicit WithCustomData", + colBase, + false, + true, + nil, + []string{"field5", "@pbInternalAbc", "email", "tokenKey", "unknown"}, + `{"collectionId":"_pbc_base_123","collectionName":"test_base","email":"test_email","emailVisibility":"test_invalid","expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"field5":"field_5","id":"test_id","password":"test_passwordHash","tokenKey":"test_tokenKey","unknown":"test_unknown","verified":true}`, + }, + + // auth + { + "[auth] no extra flags", + colAuth, + false, + false, + nil, + nil, + `{"collectionId":"_pbc_auth_123","collectionName":"test_auth","emailVisibility":false,"expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"id":"test_id","verified":true}`, + }, + { + "[auth] with email visibility", + colAuth, + true, + false, + nil, + nil, + `{"collectionId":"_pbc_auth_123","collectionName":"test_auth","email":"test_email","emailVisibility":false,"expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"id":"test_id","verified":true}`, + }, + { + "[auth] with custom data", + colAuth, + false, + true, + nil, + nil, + `{"collectionId":"_pbc_auth_123","collectionName":"test_auth","emailVisibility":false,"expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"id":"test_id","unknown":"test_unknown","verified":true}`, + }, + { + "[auth] with explicit hide and unhide fields", + colAuth, + true, + true, + []string{"field3", "field1", "expand", "collectionId", "collectionName", "email", "unknown"}, + []string{"field4", "@pbInternalAbc"}, + `{"emailVisibility":false,"field2":"field_2.png","field4":"field_4","id":"test_id","verified":true}`, + }, + { + "[auth] trying to unhide custom fields without explicit WithCustomData", + colAuth, + false, + true, + nil, + []string{"field5", "@pbInternalAbc", "tokenKey", "unknown", "email"}, // emailVisibility:false has higher priority + `{"collectionId":"_pbc_auth_123","collectionName":"test_auth","emailVisibility":false,"expand":{"test":123},"field1":"field_1","field2":"field_2.png","field3":["test1","test2"],"field5":"field_5","id":"test_id","unknown":"test_unknown","verified":true}`, + }, + } + + data := map[string]any{ + "id": "test_id", + "field1": "field_1", + "field2": "field_2.png", + "field3": []string{"test1", "test2"}, + "field4": "field_4", + "field5": "field_5", + "expand": map[string]any{"test": 123}, + "collectionId": "m_id", // should be always ignored + "collectionName": "m_name", // should be always ignored + "unknown": "test_unknown", + "password": "test_passwordHash", + "emailVisibility": "test_invalid", // for auth collections should be casted to bool + "email": "test_email", + "verified": true, + "tokenKey": "test_tokenKey", + "@pbInternalAbc": "test_custom_inter", // always hidden + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + m := core.NewRecord(s.collection) + + m.Load(data) + m.IgnoreEmailVisibility(s.ignoreEmailVisibility) + m.WithCustomData(s.withCustomData) + m.Unhide(s.unhideFields...) + m.Hide(s.hideFields...) + + exportResult, err := json.Marshal(m.PublicExport()) + if err != nil { + t.Fatal(err) + } + exportResultStr := string(exportResult) + + // MarshalJSON and PublicExport should return the same + marshalResult, err := m.MarshalJSON() + if err != nil { + t.Fatal(err) + } + marshalResultStr := string(marshalResult) + + if exportResultStr != marshalResultStr { + t.Fatalf("Expected the PublicExport to be the same as MarshalJSON, but got \n%v \nvs \n%v", exportResultStr, marshalResultStr) + } + + if exportResultStr != s.expectedJSON { + t.Fatalf("Expected json \n%v \ngot \n%v", s.expectedJSON, exportResultStr) + } + }) + } +} + +func TestRecordUnmarshalJSON(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Fields.Add(&core.TextField{Name: "text"}) + + record := core.NewRecord(collection) + + data := map[string]any{ + "text": 123, + "custom": 456.789, + } + rawData, err := json.Marshal(data) + if err != nil { + t.Fatal(err) + } + + err = record.UnmarshalJSON(rawData) + if err != nil { + t.Fatalf("Failed to unmarshal: %v", err) + } + + expected := map[string]any{ + "text": "123", + "custom": 456.789, + } + + for k, v := range expected { + get := record.Get(k) + if get != v { + t.Errorf("Expected %q to be %#v, got %#v", k, v, get) + } + } +} + +func TestRecordReplaceModifiers(t *testing.T) { + t.Parallel() + + collection := core.NewBaseCollection("test") + collection.Fields.Add( + &mockField{core.TextField{Name: "mock"}}, + &core.NumberField{Name: "number"}, + ) + + originalData := map[string]any{ + "mock": "a", + "number": 2.1, + } + + record := core.NewRecord(collection) + for k, v := range originalData { + record.Set(k, v) + } + + result := record.ReplaceModifiers(map[string]any{ + "mock:test": "b", + "number+": 3, + }) + + expected := map[string]any{ + "mock": "modifier_set", + "number": 5.1, + } + + if len(result) != len(expected) { + t.Fatalf("Expected\n%v\ngot\n%v", expected, result) + } + + for k, v := range expected { + if result[k] != v { + t.Errorf("Expected %q %#v, got %#v", k, v, result[k]) + } + } + + // ensure that the original data hasn't changed + for k, v := range originalData { + rv := record.Get(k) + if rv != v { + t.Errorf("Expected original %q %#v, got %#v", k, v, rv) + } + } +} + +func TestRecordValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // dummy collection to ensure that the specified field validators are triggered + collection := core.NewBaseCollection("validate_test") + collection.Fields.Add( + &core.TextField{Name: "f1", Min: 3}, + &core.NumberField{Name: "f2", Required: true}, + ) + if err := app.Save(collection); err != nil { + t.Fatal(err) + } + + record := core.NewRecord(collection) + record.Id = "!invalid" + + t.Run("no data set", func(t *testing.T) { + tests.TestValidationErrors(t, app.Validate(record), []string{"id", "f2"}) + }) + + t.Run("failing the text field min requirement", func(t *testing.T) { + record.Set("f1", "a") + tests.TestValidationErrors(t, app.Validate(record), []string{"id", "f1", "f2"}) + }) + + t.Run("satisfying the fields validations", func(t *testing.T) { + record.Id = strings.Repeat("b", 15) + record.Set("f1", "abc") + record.Set("f2", 1) + tests.TestValidationErrors(t, app.Validate(record), nil) + }) +} + +func TestRecordModelEventSync(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + col, err := app.FindCollectionByNameOrId("demo3") + if err != nil { + t.Fatal(err) + } + + testRecords := make([]*core.Record, 4) + for i := 0; i < 4; i++ { + testRecords[i] = core.NewRecord(col) + testRecords[i].Set("title", "sync_test_"+strconv.Itoa(i)) + if err := app.Save(testRecords[i]); err != nil { + t.Fatal(err) + } + } + + createModelEvent := func() *core.ModelEvent { + event := new(core.ModelEvent) + event.App = app + event.Context = context.Background() + event.Type = "test_a" + event.Model = testRecords[0] + return event + } + + createModelErrorEvent := func() *core.ModelErrorEvent { + event := new(core.ModelErrorEvent) + event.ModelEvent = *createModelEvent() + event.Error = errors.New("error_a") + return event + } + + changeRecordEventBefore := func(e *core.RecordEvent) { + e.Type = "test_b" + //nolint:staticcheck + e.Context = context.WithValue(context.Background(), "test", 123) + e.Record = testRecords[1] + } + + modelEventFinalizerChange := func(e *core.ModelEvent) { + e.Type = "test_c" + //nolint:staticcheck + e.Context = context.WithValue(context.Background(), "test", 456) + e.Model = testRecords[2] + } + + changeRecordEventAfter := func(e *core.RecordEvent) { + e.Type = "test_d" + //nolint:staticcheck + e.Context = context.WithValue(context.Background(), "test", 789) + e.Record = testRecords[3] + } + + expectedBeforeModelEventHandlerChecks := func(t *testing.T, e *core.ModelEvent) { + if e.Type != "test_a" { + t.Fatalf("Expected type %q, got %q", "test_a", e.Type) + } + + if v := e.Context.Value("test"); v != nil { + t.Fatalf("Expected context value %v, got %v", nil, v) + } + + if e.Model.PK() != testRecords[0].Id { + t.Fatalf("Expected record with id %q, got %q (%d)", testRecords[0].Id, e.Model.PK(), 0) + } + } + + expectedAfterModelEventHandlerChecks := func(t *testing.T, e *core.ModelEvent) { + if e.Type != "test_d" { + t.Fatalf("Expected type %q, got %q", "test_d", e.Type) + } + + if v := e.Context.Value("test"); v != 789 { + t.Fatalf("Expected context value %v, got %v", 789, v) + } + + // note: currently the Model and Record values are not synced due to performance consideration + if e.Model.PK() != testRecords[2].Id { + t.Fatalf("Expected record with id %q, got %q (%d)", testRecords[2].Id, e.Model.PK(), 2) + } + } + + expectedBeforeRecordEventHandlerChecks := func(t *testing.T, e *core.RecordEvent) { + if e.Type != "test_a" { + t.Fatalf("Expected type %q, got %q", "test_a", e.Type) + } + + if v := e.Context.Value("test"); v != nil { + t.Fatalf("Expected context value %v, got %v", nil, v) + } + + if e.Record.Id != testRecords[0].Id { + t.Fatalf("Expected record with id %q, got %q (%d)", testRecords[0].Id, e.Record.Id, 2) + } + } + + expectedAfterRecordEventHandlerChecks := func(t *testing.T, e *core.RecordEvent) { + if e.Type != "test_c" { + t.Fatalf("Expected type %q, got %q", "test_c", e.Type) + } + + if v := e.Context.Value("test"); v != 456 { + t.Fatalf("Expected context value %v, got %v", 456, v) + } + + // note: currently the Model and Record values are not synced due to performance consideration + if e.Record.Id != testRecords[1].Id { + t.Fatalf("Expected record with id %q, got %q (%d)", testRecords[1].Id, e.Record.Id, 1) + } + } + + modelEventFinalizer := func(e *core.ModelEvent) error { + modelEventFinalizerChange(e) + return nil + } + + modelErrorEventFinalizer := func(e *core.ModelErrorEvent) error { + modelEventFinalizerChange(&e.ModelEvent) + e.Error = errors.New("error_c") + return nil + } + + modelEventHandler := &hook.Handler[*core.ModelEvent]{ + Priority: -999, + Func: func(e *core.ModelEvent) error { + t.Run("before model", func(t *testing.T) { + expectedBeforeModelEventHandlerChecks(t, e) + }) + + _ = e.Next() + + t.Run("after model", func(t *testing.T) { + expectedAfterModelEventHandlerChecks(t, e) + }) + + return nil + }, + } + + modelErrorEventHandler := &hook.Handler[*core.ModelErrorEvent]{ + Priority: -999, + Func: func(e *core.ModelErrorEvent) error { + t.Run("before model error", func(t *testing.T) { + expectedBeforeModelEventHandlerChecks(t, &e.ModelEvent) + if v := e.Error.Error(); v != "error_a" { + t.Fatalf("Expected error %q, got %q", "error_a", v) + } + }) + + _ = e.Next() + + t.Run("after model error", func(t *testing.T) { + expectedAfterModelEventHandlerChecks(t, &e.ModelEvent) + if v := e.Error.Error(); v != "error_d" { + t.Fatalf("Expected error %q, got %q", "error_d", v) + } + }) + + return nil + }, + } + + recordEventHandler := &hook.Handler[*core.RecordEvent]{ + Priority: -999, + Func: func(e *core.RecordEvent) error { + t.Run("before record", func(t *testing.T) { + expectedBeforeRecordEventHandlerChecks(t, e) + }) + + changeRecordEventBefore(e) + + _ = e.Next() + + t.Run("after record", func(t *testing.T) { + expectedAfterRecordEventHandlerChecks(t, e) + }) + + changeRecordEventAfter(e) + + return nil + }, + } + + recordErrorEventHandler := &hook.Handler[*core.RecordErrorEvent]{ + Priority: -999, + Func: func(e *core.RecordErrorEvent) error { + t.Run("before record error", func(t *testing.T) { + expectedBeforeRecordEventHandlerChecks(t, &e.RecordEvent) + if v := e.Error.Error(); v != "error_a" { + t.Fatalf("Expected error %q, got %q", "error_c", v) + } + }) + + changeRecordEventBefore(&e.RecordEvent) + e.Error = errors.New("error_b") + + _ = e.Next() + + t.Run("after record error", func(t *testing.T) { + expectedAfterRecordEventHandlerChecks(t, &e.RecordEvent) + if v := e.Error.Error(); v != "error_c" { + t.Fatalf("Expected error %q, got %q", "error_c", v) + } + }) + + changeRecordEventAfter(&e.RecordEvent) + e.Error = errors.New("error_d") + + return nil + }, + } + + // OnModelValidate + app.OnRecordValidate().Bind(recordEventHandler) + app.OnModelValidate().Bind(modelEventHandler) + app.OnModelValidate().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelCreate + app.OnRecordCreate().Bind(recordEventHandler) + app.OnModelCreate().Bind(modelEventHandler) + app.OnModelCreate().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelCreateExecute + app.OnRecordCreateExecute().Bind(recordEventHandler) + app.OnModelCreateExecute().Bind(modelEventHandler) + app.OnModelCreateExecute().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterCreateSuccess + app.OnRecordAfterCreateSuccess().Bind(recordEventHandler) + app.OnModelAfterCreateSuccess().Bind(modelEventHandler) + app.OnModelAfterCreateSuccess().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterCreateError + app.OnRecordAfterCreateError().Bind(recordErrorEventHandler) + app.OnModelAfterCreateError().Bind(modelErrorEventHandler) + app.OnModelAfterCreateError().Trigger(createModelErrorEvent(), modelErrorEventFinalizer) + + // OnModelUpdate + app.OnRecordUpdate().Bind(recordEventHandler) + app.OnModelUpdate().Bind(modelEventHandler) + app.OnModelUpdate().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelUpdateExecute + app.OnRecordUpdateExecute().Bind(recordEventHandler) + app.OnModelUpdateExecute().Bind(modelEventHandler) + app.OnModelUpdateExecute().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterUpdateSuccess + app.OnRecordAfterUpdateSuccess().Bind(recordEventHandler) + app.OnModelAfterUpdateSuccess().Bind(modelEventHandler) + app.OnModelAfterUpdateSuccess().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterUpdateError + app.OnRecordAfterUpdateError().Bind(recordErrorEventHandler) + app.OnModelAfterUpdateError().Bind(modelErrorEventHandler) + app.OnModelAfterUpdateError().Trigger(createModelErrorEvent(), modelErrorEventFinalizer) + + // OnModelDelete + app.OnRecordDelete().Bind(recordEventHandler) + app.OnModelDelete().Bind(modelEventHandler) + app.OnModelDelete().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelDeleteExecute + app.OnRecordDeleteExecute().Bind(recordEventHandler) + app.OnModelDeleteExecute().Bind(modelEventHandler) + app.OnModelDeleteExecute().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterDeleteSuccess + app.OnRecordAfterDeleteSuccess().Bind(recordEventHandler) + app.OnModelAfterDeleteSuccess().Bind(modelEventHandler) + app.OnModelAfterDeleteSuccess().Trigger(createModelEvent(), modelEventFinalizer) + + // OnModelAfterDeleteError + app.OnRecordAfterDeleteError().Bind(recordErrorEventHandler) + app.OnModelAfterDeleteError().Bind(modelErrorEventHandler) + app.OnModelAfterDeleteError().Trigger(createModelErrorEvent(), modelErrorEventFinalizer) +} + +func TestRecordSave(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + record func(app core.App) (*core.Record, error) + expectError bool + }{ + // trigger validators + { + name: "create - trigger validators", + record: func(app core.App) (*core.Record, error) { + c, _ := app.FindCollectionByNameOrId("demo2") + record := core.NewRecord(c) + return record, nil + }, + expectError: true, + }, + { + name: "update - trigger validators", + record: func(app core.App) (*core.Record, error) { + record, _ := app.FindFirstRecordByData("demo2", "title", "test1") + record.Set("title", "") + return record, nil + }, + expectError: true, + }, + + // create + { + name: "create base record", + record: func(app core.App) (*core.Record, error) { + c, _ := app.FindCollectionByNameOrId("demo2") + record := core.NewRecord(c) + record.Set("title", "new_test") + return record, nil + }, + expectError: false, + }, + { + name: "create auth record", + record: func(app core.App) (*core.Record, error) { + c, _ := app.FindCollectionByNameOrId("nologin") + record := core.NewRecord(c) + record.Set("email", "test_new@example.com") + record.Set("password", "1234567890") + return record, nil + }, + expectError: false, + }, + { + name: "create view record", + record: func(app core.App) (*core.Record, error) { + c, _ := app.FindCollectionByNameOrId("view2") + record := core.NewRecord(c) + record.Set("state", true) + return record, nil + }, + expectError: true, // view records are read-only + }, + + // update + { + name: "update base record", + record: func(app core.App) (*core.Record, error) { + record, _ := app.FindFirstRecordByData("demo2", "title", "test1") + record.Set("title", "test_new") + return record, nil + }, + expectError: false, + }, + { + name: "update auth record", + record: func(app core.App) (*core.Record, error) { + record, _ := app.FindAuthRecordByEmail("nologin", "test@example.com") + record.Set("name", "test_new") + record.Set("email", "test_new@example.com") + return record, nil + }, + expectError: false, + }, + { + name: "update view record", + record: func(app core.App) (*core.Record, error) { + record, _ := app.FindFirstRecordByData("view2", "state", true) + record.Set("state", false) + return record, nil + }, + expectError: true, // view records are read-only + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record, err := s.record(app) + if err != nil { + t.Fatalf("Failed to retrieve test record: %v", err) + } + + saveErr := app.Save(record) + + hasErr := saveErr != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", hasErr, s.expectError, saveErr) + } + + if hasErr { + return + } + + // the record should always have an id after successful Save + if record.Id == "" { + t.Fatal("Expected record id to be set") + } + + if record.IsNew() { + t.Fatal("Expected the record to be marked as not new") + } + + // refetch and compare the serialization + refreshed, err := app.FindRecordById(record.Collection(), record.Id) + if err != nil { + t.Fatal(err) + } + + rawRefreshed, err := refreshed.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + raw, err := record.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(raw, rawRefreshed) { + t.Fatalf("Expected the refreshed record to be the same as the saved one, got\n%s\nVS\n%s", raw, rawRefreshed) + } + }) + } +} + +func TestRecordSaveIdFromOtherCollection(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + baseCollection, _ := app.FindCollectionByNameOrId("demo2") + authCollection, _ := app.FindCollectionByNameOrId("nologin") + + // base collection test + r1 := core.NewRecord(baseCollection) + r1.Set("title", "test_new") + r1.Set("id", "mk5fmymtx4wsprk") // existing id of demo3 record + if err := app.Save(r1); err != nil { + t.Fatalf("Expected nil, got error %v", err) + } + + // auth collection test + r2 := core.NewRecord(authCollection) + r2.SetEmail("test_new@example.com") + r2.SetPassword("1234567890") + r2.Set("id", "gk390qegs4y47wn") // existing id of "clients" record + if err := app.Save(r2); err == nil { + t.Fatal("Expected error, got nil") + } + + // try again with unique id + r2.Set("id", strings.Repeat("a", 15)) + if err := app.Save(r2); err != nil { + t.Fatalf("Expected nil, got error %v", err) + } +} + +func TestRecordSaveIdUpdateNoValidation(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + rec, err := app.FindRecordById("demo3", "7nwo8tuiatetxdm") + if err != nil { + t.Fatal(err) + } + + rec.Id = strings.Repeat("a", 15) + + err = app.SaveNoValidate(rec) + if err == nil { + t.Fatal("Expected save to fail, got nil") + } + + // no changes + rec.Load(rec.Original().FieldsData()) + err = app.SaveNoValidate(rec) + if err != nil { + t.Fatalf("Expected save to succeed, got error %v", err) + } +} + +func TestRecordSaveWithAutoTokenKeyRefresh(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + payload map[string]any + expectedChange bool + }{ + { + "no email or password change", + map[string]any{"name": "example"}, + false, + }, + { + "password change", + map[string]any{"password": "1234567890"}, + true, + }, + { + "email change", + map[string]any{"email": "test_update@example.com"}, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + record, err := app.FindFirstRecordByFilter("nologin", "1=1") + if err != nil { + t.Fatal(err) + } + + originalTokenKey := record.TokenKey() + + record.Load(s.payload) + + err = app.Save(record) + if err != nil { + t.Fatal(err) + } + + newTokenKey := record.TokenKey() + + hasChange := originalTokenKey != newTokenKey + + if hasChange != s.expectedChange { + t.Fatalf("Expected hasChange %v, got %v", s.expectedChange, hasChange) + } + }) + } +} + +func TestRecordDelete(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demoCollection, _ := app.FindCollectionByNameOrId("demo2") + + // delete unsaved record + // --- + newRec := core.NewRecord(demoCollection) + if err := app.Delete(newRec); err == nil { + t.Fatal("(newRec) Didn't expect to succeed deleting unsaved record") + } + + // delete view record + // --- + viewRec, _ := app.FindRecordById("view2", "84nmscqy84lsi1t") + if err := app.Delete(viewRec); err == nil { + t.Fatal("(viewRec) Didn't expect to succeed deleting view record") + } + // check if it still exists + viewRec, _ = app.FindRecordById(viewRec.Collection().Id, viewRec.Id) + if viewRec == nil { + t.Fatal("(viewRec) Expected view record to still exists") + } + + // delete existing record + external auths + // --- + rec1, _ := app.FindRecordById("users", "4q1xlclmfloku33") + if err := app.Delete(rec1); err != nil { + t.Fatalf("(rec1) Expected nil, got error %v", err) + } + // check if it was really deleted + if refreshed, _ := app.FindRecordById(rec1.Collection().Id, rec1.Id); refreshed != nil { + t.Fatalf("(rec1) Expected record to be deleted, got %v", refreshed) + } + // check if the external auths were deleted + if auths, _ := app.FindAllExternalAuthsByRecord(rec1); len(auths) > 0 { + t.Fatalf("(rec1) Expected external auths to be deleted, got %v", auths) + } + + // delete existing record while being part of a non-cascade required relation + // --- + rec2, _ := app.FindRecordById("demo3", "7nwo8tuiatetxdm") + if err := app.Delete(rec2); err == nil { + t.Fatalf("(rec2) Expected error, got nil") + } + + // delete existing record + cascade + // --- + calledQueries := []string{} + app.NonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + calledQueries = append(calledQueries, sql) + } + app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + calledQueries = append(calledQueries, sql) + } + app.NonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + calledQueries = append(calledQueries, sql) + } + app.ConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + calledQueries = append(calledQueries, sql) + } + rec3, _ := app.FindRecordById("users", "oap640cot4yru2s") + // delete + if err := app.Delete(rec3); err != nil { + t.Fatalf("(rec3) Expected nil, got error %v", err) + } + // check if it was really deleted + rec3, _ = app.FindRecordById(rec3.Collection().Id, rec3.Id) + if rec3 != nil { + t.Fatalf("(rec3) Expected record to be deleted, got %v", rec3) + } + // check if the operation cascaded + rel, _ := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if rel != nil { + t.Fatalf("(rec3) Expected the delete to cascade, found relation %v", rel) + } + // ensure that the json rel fields were prefixed + joinedQueries := strings.Join(calledQueries, " ") + expectedRelManyPart := "SELECT `demo1`.* FROM `demo1` WHERE EXISTS (SELECT 1 FROM json_each(CASE WHEN iif(json_valid([[demo1.rel_many]]), json_type([[demo1.rel_many]])='array', FALSE) THEN [[demo1.rel_many]] ELSE json_array([[demo1.rel_many]]) END) {{__je__}} WHERE [[__je__.value]]='" + if !strings.Contains(joinedQueries, expectedRelManyPart) { + t.Fatalf("(rec3) Expected the cascade delete to call the query \n%v, got \n%v", expectedRelManyPart, calledQueries) + } + expectedRelOnePart := "SELECT `demo1`.* FROM `demo1` WHERE (`demo1`.`rel_one`='" + if !strings.Contains(joinedQueries, expectedRelOnePart) { + t.Fatalf("(rec3) Expected the cascade delete to call the query \n%v, got \n%v", expectedRelOnePart, calledQueries) + } +} + +func TestRecordDeleteBatchProcessing(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + if err := createMockBatchProcessingData(app); err != nil { + t.Fatal(err) + } + + // find and delete the first c1 record to trigger cascade + mainRecord, _ := app.FindRecordById("c1", "a") + if err := app.Delete(mainRecord); err != nil { + t.Fatal(err) + } + + // check if the main record was deleted + _, err := app.FindRecordById(mainRecord.Collection().Id, mainRecord.Id) + if err == nil { + t.Fatal("The main record wasn't deleted") + } + + // check if the c1 b rel field were updated + c1RecordB, err := app.FindRecordById("c1", "b") + if err != nil || c1RecordB.GetString("rel") != "" { + t.Fatalf("Expected c1RecordB.rel to be nil, got %v", c1RecordB.GetString("rel")) + } + + // check if the c2 rel fields were updated + c2Records, err := app.FindAllRecords("c2", nil) + if err != nil || len(c2Records) == 0 { + t.Fatalf("Failed to fetch c2 records: %v", err) + } + for _, r := range c2Records { + ids := r.GetStringSlice("rel") + if len(ids) != 1 || ids[0] != "b" { + t.Fatalf("Expected only 'b' rel id, got %v", ids) + } + } + + // check if all c3 relations were deleted + c3Records, err := app.FindAllRecords("c3", nil) + if err != nil { + t.Fatalf("Failed to fetch c3 records: %v", err) + } + if total := len(c3Records); total != 0 { + t.Fatalf("Expected c3 records to be deleted, found %d", total) + } +} + +func createMockBatchProcessingData(app core.App) error { + // create mock collection without relation + c1 := core.NewBaseCollection("c1") + c1.Id = "c1" + c1.Fields.Add( + &core.TextField{Name: "text"}, + &core.RelationField{ + Name: "rel", + MaxSelect: 1, + CollectionId: "c1", + CascadeDelete: false, // should unset all rel fields + }, + ) + if err := app.SaveNoValidate(c1); err != nil { + return err + } + + // create mock collection with a multi-rel field + c2 := core.NewBaseCollection("c2") + c2.Id = "c2" + c2.Fields.Add( + &core.TextField{Name: "text"}, + &core.RelationField{ + Name: "rel", + MaxSelect: 10, + CollectionId: "c1", + CascadeDelete: false, // should unset all rel fields + }, + ) + if err := app.SaveNoValidate(c2); err != nil { + return err + } + + // create mock collection with a single-rel field + c3 := core.NewBaseCollection("c3") + c3.Id = "c3" + c3.Fields.Add( + &core.RelationField{ + Name: "rel", + MaxSelect: 1, + CollectionId: "c1", + CascadeDelete: true, // should delete all c3 records + }, + ) + if err := app.SaveNoValidate(c3); err != nil { + return err + } + + // insert mock records + c1RecordA := core.NewRecord(c1) + c1RecordA.Id = "a" + c1RecordA.Set("rel", c1RecordA.Id) // self reference + if err := app.SaveNoValidate(c1RecordA); err != nil { + return err + } + c1RecordB := core.NewRecord(c1) + c1RecordB.Id = "b" + c1RecordB.Set("rel", c1RecordA.Id) // rel to another record from the same collection + if err := app.SaveNoValidate(c1RecordB); err != nil { + return err + } + for i := 0; i < 4500; i++ { + c2Record := core.NewRecord(c2) + c2Record.Set("rel", []string{c1RecordA.Id, c1RecordB.Id}) + if err := app.SaveNoValidate(c2Record); err != nil { + return err + } + + c3Record := core.NewRecord(c3) + c3Record.Set("rel", c1RecordA.Id) + if err := app.SaveNoValidate(c3Record); err != nil { + return err + } + } + + // set the same id as the relation for at least 1 record + // to check whether the correct condition will be added + c3Record := core.NewRecord(c3) + c3Record.Set("rel", c1RecordA.Id) + c3Record.Id = c1RecordA.Id + if err := app.SaveNoValidate(c3Record); err != nil { + return err + } + + return nil +} + +// ------------------------------------------------------------------- + +type mockField struct { + core.TextField +} + +func (f *mockField) FindGetter(key string) core.GetterFunc { + switch key { + case f.Name + ":test": + return func(record *core.Record) any { + return "modifier_get" + } + default: + return nil + } +} + +func (f *mockField) FindSetter(key string) core.SetterFunc { + switch key { + case f.Name: + return func(record *core.Record, raw any) { + record.SetRaw(f.Name, cast.ToString(raw)) + } + case f.Name + ":test": + return func(record *core.Record, raw any) { + record.SetRaw(f.Name, "modifier_set") + } + default: + return nil + } +} diff --git a/core/record_proxy.go b/core/record_proxy.go new file mode 100644 index 0000000..644ede7 --- /dev/null +++ b/core/record_proxy.go @@ -0,0 +1,32 @@ +package core + +// RecordProxy defines an interface for a Record proxy/project model, +// aka. custom model struct that acts on behalve the proxied Record to +// allow for example typed getter/setters for the Record fields. +// +// To implement the interface it is usually enough to embed the [BaseRecordProxy] struct. +type RecordProxy interface { + // ProxyRecord returns the proxied Record model. + ProxyRecord() *Record + + // SetProxyRecord loads the specified record model into the current proxy. + SetProxyRecord(record *Record) +} + +var _ RecordProxy = (*BaseRecordProxy)(nil) + +// BaseRecordProxy implements the [RecordProxy] interface and it is intended +// to be used as embed to custom user provided Record proxy structs. +type BaseRecordProxy struct { + *Record +} + +// ProxyRecord returns the proxied Record model. +func (m *BaseRecordProxy) ProxyRecord() *Record { + return m.Record +} + +// SetProxyRecord loads the specified record model into the current proxy. +func (m *BaseRecordProxy) SetProxyRecord(record *Record) { + m.Record = record +} diff --git a/core/record_proxy_test.go b/core/record_proxy_test.go new file mode 100644 index 0000000..bc8f004 --- /dev/null +++ b/core/record_proxy_test.go @@ -0,0 +1,20 @@ +package core_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/core" +) + +func TestBaseRecordProxy(t *testing.T) { + p := core.BaseRecordProxy{} + + record := core.NewRecord(core.NewBaseCollection("test")) + record.Id = "test" + + p.SetProxyRecord(record) + + if p.ProxyRecord() == nil || p.ProxyRecord().Id != p.Id || p.Id != "test" { + t.Fatalf("Expected proxy record to be set") + } +} diff --git a/core/record_query.go b/core/record_query.go new file mode 100644 index 0000000..9797ca1 --- /dev/null +++ b/core/record_query.go @@ -0,0 +1,622 @@ +package core + +import ( + "context" + "database/sql" + "errors" + "fmt" + "reflect" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/security" +) + +var recordProxyType = reflect.TypeOf((*RecordProxy)(nil)).Elem() + +// RecordQuery returns a new Record select query from a collection model, id or name. +// +// In case a collection id or name is provided and that collection doesn't +// actually exists, the generated query will be created with a cancelled context +// and will fail once an executor (Row(), One(), All(), etc.) is called. +func (app *BaseApp) RecordQuery(collectionModelOrIdentifier any) *dbx.SelectQuery { + var tableName string + + collection, collectionErr := getCollectionByModelOrIdentifier(app, collectionModelOrIdentifier) + if collection != nil { + tableName = collection.Name + } + if tableName == "" { + // update with some fake table name for easier debugging + tableName = "@@__invalidCollectionModelOrIdentifier" + } + + query := app.ConcurrentDB().Select(app.ConcurrentDB().QuoteSimpleColumnName(tableName) + ".*").From(tableName) + + // in case of an error attach a new context and cancel it immediately with the error + if collectionErr != nil { + ctx, cancelFunc := context.WithCancelCause(context.Background()) + query.WithContext(ctx) + cancelFunc(collectionErr) + } + + return query.WithBuildHook(func(q *dbx.Query) { + q.WithExecHook(execLockRetry(app.config.QueryTimeout, defaultMaxLockRetries)). + WithOneHook(func(q *dbx.Query, a any, op func(b any) error) error { + if a == nil { + return op(a) + } + + switch v := a.(type) { + case *Record: + record, err := resolveRecordOneHook(collection, op) + if err != nil { + return err + } + + *v = *record + + return nil + case RecordProxy: + record, err := resolveRecordOneHook(collection, op) + if err != nil { + return err + } + + v.SetProxyRecord(record) + return nil + default: + return op(a) + } + }). + WithAllHook(func(q *dbx.Query, sliceA any, op func(sliceB any) error) error { + if sliceA == nil { + return op(sliceA) + } + + switch v := sliceA.(type) { + case *[]*Record: + records, err := resolveRecordAllHook(collection, op) + if err != nil { + return err + } + + *v = records + + return nil + case *[]Record: + records, err := resolveRecordAllHook(collection, op) + if err != nil { + return err + } + + nonPointers := make([]Record, len(records)) + for i, r := range records { + nonPointers[i] = *r + } + + *v = nonPointers + + return nil + default: // expects []RecordProxy slice + rv := reflect.ValueOf(v) + if rv.Kind() != reflect.Ptr || rv.IsNil() { + return errors.New("must be a pointer") + } + + rv = dereference(rv) + + if rv.Kind() != reflect.Slice { + return errors.New("must be a slice of RecordSetters") + } + + et := rv.Type().Elem() + + var isSliceOfPointers bool + if et.Kind() == reflect.Ptr { + isSliceOfPointers = true + et = et.Elem() + } + + if !reflect.PointerTo(et).Implements(recordProxyType) { + return op(sliceA) + } + + records, err := resolveRecordAllHook(collection, op) + if err != nil { + return err + } + + // create an empty slice + if rv.IsNil() { + rv.Set(reflect.MakeSlice(rv.Type(), 0, len(records))) + } + + for _, record := range records { + ev := reflect.New(et) + + if !ev.CanInterface() { + continue + } + + ps, ok := ev.Interface().(RecordProxy) + if !ok { + continue + } + + ps.SetProxyRecord(record) + + ev = ev.Elem() + if isSliceOfPointers { + ev = ev.Addr() + } + + rv.Set(reflect.Append(rv, ev)) + } + + return nil + } + }) + }) +} + +func resolveRecordOneHook(collection *Collection, op func(dst any) error) (*Record, error) { + data := dbx.NullStringMap{} + if err := op(&data); err != nil { + return nil, err + } + return newRecordFromNullStringMap(collection, data) +} + +func resolveRecordAllHook(collection *Collection, op func(dst any) error) ([]*Record, error) { + data := []dbx.NullStringMap{} + if err := op(&data); err != nil { + return nil, err + } + return newRecordsFromNullStringMaps(collection, data) +} + +// dereference returns the underlying value v points to. +func dereference(v reflect.Value) reflect.Value { + for v.Kind() == reflect.Ptr { + if v.IsNil() { + // initialize with a new value and continue searching + v.Set(reflect.New(v.Type().Elem())) + } + v = v.Elem() + } + return v +} + +func getCollectionByModelOrIdentifier(app App, collectionModelOrIdentifier any) (*Collection, error) { + switch c := collectionModelOrIdentifier.(type) { + case *Collection: + return c, nil + case Collection: + return &c, nil + case string: + return app.FindCachedCollectionByNameOrId(c) + default: + return nil, errors.New("unknown collection identifier - must be collection model, id or name") + } +} + +// ------------------------------------------------------------------- + +// FindRecordById finds the Record model by its id. +func (app *BaseApp) FindRecordById( + collectionModelOrIdentifier any, + recordId string, + optFilters ...func(q *dbx.SelectQuery) error, +) (*Record, error) { + collection, err := getCollectionByModelOrIdentifier(app, collectionModelOrIdentifier) + if err != nil { + return nil, err + } + + record := &Record{} + + query := app.RecordQuery(collection). + AndWhere(dbx.HashExp{collection.Name + ".id": recordId}) + + // apply filter funcs (if any) + for _, filter := range optFilters { + if filter == nil { + continue + } + if err = filter(query); err != nil { + return nil, err + } + } + + err = query.Limit(1).One(record) + if err != nil { + return nil, err + } + + return record, nil +} + +// FindRecordsByIds finds all records by the specified ids. +// If no records are found, returns an empty slice. +func (app *BaseApp) FindRecordsByIds( + collectionModelOrIdentifier any, + recordIds []string, + optFilters ...func(q *dbx.SelectQuery) error, +) ([]*Record, error) { + collection, err := getCollectionByModelOrIdentifier(app, collectionModelOrIdentifier) + if err != nil { + return nil, err + } + + query := app.RecordQuery(collection). + AndWhere(dbx.In( + collection.Name+".id", + list.ToInterfaceSlice(recordIds)..., + )) + + for _, filter := range optFilters { + if filter == nil { + continue + } + if err = filter(query); err != nil { + return nil, err + } + } + + records := make([]*Record, 0, len(recordIds)) + + err = query.All(&records) + if err != nil { + return nil, err + } + + return records, nil +} + +// FindAllRecords finds all records matching specified db expressions. +// +// Returns all collection records if no expression is provided. +// +// Returns an empty slice if no records are found. +// +// Example: +// +// // no extra expressions +// app.FindAllRecords("example") +// +// // with extra expressions +// expr1 := dbx.HashExp{"email": "test@example.com"} +// expr2 := dbx.NewExp("LOWER(username) = {:username}", dbx.Params{"username": "test"}) +// app.FindAllRecords("example", expr1, expr2) +func (app *BaseApp) FindAllRecords(collectionModelOrIdentifier any, exprs ...dbx.Expression) ([]*Record, error) { + query := app.RecordQuery(collectionModelOrIdentifier) + + for _, expr := range exprs { + if expr != nil { // add only the non-nil expressions + query.AndWhere(expr) + } + } + + var records []*Record + + if err := query.All(&records); err != nil { + return nil, err + } + + return records, nil +} + +// FindFirstRecordByData returns the first found record matching +// the provided key-value pair. +func (app *BaseApp) FindFirstRecordByData(collectionModelOrIdentifier any, key string, value any) (*Record, error) { + record := &Record{} + + err := app.RecordQuery(collectionModelOrIdentifier). + AndWhere(dbx.HashExp{inflector.Columnify(key): value}). + Limit(1). + One(record) + if err != nil { + return nil, err + } + + return record, nil +} + +// FindRecordsByFilter returns limit number of records matching the +// provided string filter. +// +// NB! Use the last "params" argument to bind untrusted user variables! +// +// The filter argument is optional and can be empty string to target +// all available records. +// +// The sort argument is optional and can be empty string OR the same format +// used in the web APIs, ex. "-created,title". +// +// If the limit argument is <= 0, no limit is applied to the query and +// all matching records are returned. +// +// Returns an empty slice if no records are found. +// +// Example: +// +// app.FindRecordsByFilter( +// "posts", +// "title ~ {:title} && visible = {:visible}", +// "-created", +// 10, +// 0, +// dbx.Params{"title": "lorem ipsum", "visible": true} +// ) +func (app *BaseApp) FindRecordsByFilter( + collectionModelOrIdentifier any, + filter string, + sort string, + limit int, + offset int, + params ...dbx.Params, +) ([]*Record, error) { + collection, err := getCollectionByModelOrIdentifier(app, collectionModelOrIdentifier) + if err != nil { + return nil, err + } + + q := app.RecordQuery(collection) + + // build a fields resolver and attach the generated conditions to the query + // --- + resolver := NewRecordFieldResolver( + app, + collection, // the base collection + nil, // no request data + true, // allow searching hidden/protected fields like "email" + ) + + if filter != "" { + expr, err := search.FilterData(filter).BuildExpr(resolver, params...) + if err != nil { + return nil, fmt.Errorf("invalid filter expression: %w", err) + } + q.AndWhere(expr) + } + + if sort != "" { + for _, sortField := range search.ParseSortFromString(sort) { + expr, err := sortField.BuildExpr(resolver) + if err != nil { + return nil, err + } + if expr != "" { + q.AndOrderBy(expr) + } + } + } + + resolver.UpdateQuery(q) // attaches any adhoc joins and aliases + // --- + + if offset > 0 { + q.Offset(int64(offset)) + } + + if limit > 0 { + q.Limit(int64(limit)) + } + + records := []*Record{} + + if err := q.All(&records); err != nil { + return nil, err + } + + return records, nil +} + +// FindFirstRecordByFilter returns the first available record matching the provided filter (if any). +// +// NB! Use the last params argument to bind untrusted user variables! +// +// Returns sql.ErrNoRows if no record is found. +// +// Example: +// +// app.FindFirstRecordByFilter("posts", "") +// app.FindFirstRecordByFilter("posts", "slug={:slug} && status='public'", dbx.Params{"slug": "test"}) +func (app *BaseApp) FindFirstRecordByFilter( + collectionModelOrIdentifier any, + filter string, + params ...dbx.Params, +) (*Record, error) { + result, err := app.FindRecordsByFilter(collectionModelOrIdentifier, filter, "", 1, 0, params...) + if err != nil { + return nil, err + } + + if len(result) == 0 { + return nil, sql.ErrNoRows + } + + return result[0], nil +} + +// CountRecords returns the total number of records in a collection. +func (app *BaseApp) CountRecords(collectionModelOrIdentifier any, exprs ...dbx.Expression) (int64, error) { + var total int64 + + q := app.RecordQuery(collectionModelOrIdentifier).Select("count(*)") + + for _, expr := range exprs { + if expr != nil { // add only the non-nil expressions + q.AndWhere(expr) + } + } + + err := q.Row(&total) + + return total, err +} + +// FindAuthRecordByToken finds the auth record associated with the provided JWT +// (auth, file, verifyEmail, changeEmail, passwordReset types). +// +// Optionally specify a list of validTypes to check tokens only from those types. +// +// Returns an error if the JWT is invalid, expired or not associated to an auth collection record. +func (app *BaseApp) FindAuthRecordByToken(token string, validTypes ...string) (*Record, error) { + if token == "" { + return nil, errors.New("missing token") + } + + unverifiedClaims, err := security.ParseUnverifiedJWT(token) + if err != nil { + return nil, err + } + + // check required claims + id, _ := unverifiedClaims[TokenClaimId].(string) + collectionId, _ := unverifiedClaims[TokenClaimCollectionId].(string) + tokenType, _ := unverifiedClaims[TokenClaimType].(string) + if id == "" || collectionId == "" || tokenType == "" { + return nil, errors.New("missing or invalid token claims") + } + + // check types (if explicitly set) + if len(validTypes) > 0 && !list.ExistInSlice(tokenType, validTypes) { + return nil, fmt.Errorf("invalid token type %q, expects %q", tokenType, strings.Join(validTypes, ",")) + } + + record, err := app.FindRecordById(collectionId, id) + if err != nil { + return nil, err + } + + if !record.Collection().IsAuth() { + return nil, errors.New("the token is not associated to an auth collection record") + } + + var baseTokenKey string + switch tokenType { + case TokenTypeAuth: + baseTokenKey = record.Collection().AuthToken.Secret + case TokenTypeFile: + baseTokenKey = record.Collection().FileToken.Secret + case TokenTypeVerification: + baseTokenKey = record.Collection().VerificationToken.Secret + case TokenTypePasswordReset: + baseTokenKey = record.Collection().PasswordResetToken.Secret + case TokenTypeEmailChange: + baseTokenKey = record.Collection().EmailChangeToken.Secret + default: + return nil, errors.New("unknown token type " + tokenType) + } + + secret := record.TokenKey() + baseTokenKey + + // verify token signature + _, err = security.ParseJWT(token, secret) + if err != nil { + return nil, err + } + + return record, nil +} + +// FindAuthRecordByEmail finds the auth record associated with the provided email. +// +// The email check would be case-insensitive if the related collection +// email unique index has COLLATE NOCASE specified for the email column. +// +// Returns an error if it is not an auth collection or the record is not found. +func (app *BaseApp) FindAuthRecordByEmail(collectionModelOrIdentifier any, email string) (*Record, error) { + collection, err := getCollectionByModelOrIdentifier(app, collectionModelOrIdentifier) + if err != nil { + return nil, fmt.Errorf("failed to fetch auth collection: %w", err) + } + + if !collection.IsAuth() { + return nil, fmt.Errorf("%q is not an auth collection", collection.Name) + } + + record := &Record{} + + var expr dbx.Expression + + index, ok := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, FieldNameEmail) + if ok && strings.EqualFold(index.Columns[0].Collate, "nocase") { + // case-insensitive search + expr = dbx.NewExp("[["+FieldNameEmail+"]] = {:email} COLLATE NOCASE", dbx.Params{"email": email}) + } else { + expr = dbx.HashExp{FieldNameEmail: email} + } + + err = app.RecordQuery(collection). + AndWhere(expr). + Limit(1). + One(record) + if err != nil { + return nil, err + } + + return record, nil +} + +// CanAccessRecord checks if a record is allowed to be accessed by the +// specified requestInfo and accessRule. +// +// Rule and db checks are ignored in case requestInfo.Auth is a superuser. +// +// The returned error indicate that something unexpected happened during +// the check (eg. invalid rule or db query error). +// +// The method always return false on invalid rule or db query error. +// +// Example: +// +// requestInfo, _ := e.RequestInfo() +// record, _ := app.FindRecordById("example", "RECORD_ID") +// rule := types.Pointer("@request.auth.id != '' || status = 'public'") +// // ... or use one of the record collection's rule, eg. record.Collection().ViewRule +// +// if ok, _ := app.CanAccessRecord(record, requestInfo, rule); ok { ... } +func (app *BaseApp) CanAccessRecord(record *Record, requestInfo *RequestInfo, accessRule *string) (bool, error) { + // superusers can access everything + if requestInfo.HasSuperuserAuth() { + return true, nil + } + + // only superusers can access this record + if accessRule == nil { + return false, nil + } + + // empty public rule, aka. everyone can access + if *accessRule == "" { + return true, nil + } + + var exists int + + query := app.RecordQuery(record.Collection()). + Select("(1)"). + AndWhere(dbx.HashExp{record.Collection().Name + ".id": record.Id}) + + // parse and apply the access rule filter + resolver := NewRecordFieldResolver(app, record.Collection(), requestInfo, true) + expr, err := search.FilterData(*accessRule).BuildExpr(resolver) + if err != nil { + return false, err + } + resolver.UpdateQuery(query) + + err = query.AndWhere(expr).Limit(1).Row(&exists) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return false, err + } + + return exists > 0, nil +} diff --git a/core/record_query_expand.go b/core/record_query_expand.go new file mode 100644 index 0000000..2869c1d --- /dev/null +++ b/core/record_query_expand.go @@ -0,0 +1,282 @@ +package core + +import ( + "errors" + "fmt" + "log" + "regexp" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/list" +) + +// ExpandFetchFunc defines the function that is used to fetch the expanded relation records. +type ExpandFetchFunc func(relCollection *Collection, relIds []string) ([]*Record, error) + +// ExpandRecord expands the relations of a single Record model. +// +// If optFetchFunc is not set, then a default function will be used +// that returns all relation records. +// +// Returns a map with the failed expand parameters and their errors. +func (app *BaseApp) ExpandRecord(record *Record, expands []string, optFetchFunc ExpandFetchFunc) map[string]error { + return app.ExpandRecords([]*Record{record}, expands, optFetchFunc) +} + +// ExpandRecords expands the relations of the provided Record models list. +// +// If optFetchFunc is not set, then a default function will be used +// that returns all relation records. +// +// Returns a map with the failed expand parameters and their errors. +func (app *BaseApp) ExpandRecords(records []*Record, expands []string, optFetchFunc ExpandFetchFunc) map[string]error { + normalized := normalizeExpands(expands) + + failed := map[string]error{} + + for _, expand := range normalized { + if err := app.expandRecords(records, expand, optFetchFunc, 1); err != nil { + failed[expand] = err + } + } + + return failed +} + +// Deprecated +var indirectExpandRegexOld = regexp.MustCompile(`^(\w+)\((\w+)\)$`) + +var indirectExpandRegex = regexp.MustCompile(`^(\w+)_via_(\w+)$`) + +// notes: +// - if fetchFunc is nil, dao.FindRecordsByIds will be used +// - all records are expected to be from the same collection +// - if maxNestedRels(6) is reached, the function returns nil ignoring the remaining expand path +func (app *BaseApp) expandRecords(records []*Record, expandPath string, fetchFunc ExpandFetchFunc, recursionLevel int) error { + if fetchFunc == nil { + // load a default fetchFunc + fetchFunc = func(relCollection *Collection, relIds []string) ([]*Record, error) { + return app.FindRecordsByIds(relCollection.Id, relIds) + } + } + + if expandPath == "" || recursionLevel > maxNestedRels || len(records) == 0 { + return nil + } + + mainCollection := records[0].Collection() + + var relField *RelationField + var relCollection *Collection + + parts := strings.SplitN(expandPath, ".", 2) + var matches []string + + // @todo remove the old syntax support + if strings.Contains(parts[0], "(") { + matches = indirectExpandRegexOld.FindStringSubmatch(parts[0]) + if len(matches) == 3 { + log.Printf( + "%s expand format is deprecated and will be removed in the future. Consider replacing it with %s_via_%s.\n", + matches[0], + matches[1], + matches[2], + ) + } + } else { + matches = indirectExpandRegex.FindStringSubmatch(parts[0]) + } + + if len(matches) == 3 { + indirectRel, _ := getCollectionByModelOrIdentifier(app, matches[1]) + if indirectRel == nil { + return fmt.Errorf("couldn't find back-related collection %q", matches[1]) + } + + indirectRelField, _ := indirectRel.Fields.GetByName(matches[2]).(*RelationField) + if indirectRelField == nil || indirectRelField.CollectionId != mainCollection.Id { + return fmt.Errorf("couldn't find back-relation field %q in collection %q", matches[2], indirectRel.Name) + } + + // add the related id(s) as a dynamic relation field value to + // allow further expand checks at later stage in a more unified manner + prepErr := func() error { + q := app.ConcurrentDB().Select("id"). + From(indirectRel.Name). + Limit(1000) // the limit is arbitrary chosen and may change in the future + + if indirectRelField.IsMultiple() { + q.AndWhere(dbx.Exists(dbx.NewExp(fmt.Sprintf( + "SELECT 1 FROM %s je WHERE je.value = {:id}", + dbutils.JSONEach(indirectRelField.Name), + )))) + } else { + q.AndWhere(dbx.NewExp("[[" + indirectRelField.Name + "]] = {:id}")) + } + + pq := q.Build().Prepare() + + for _, record := range records { + var relIds []string + + err := pq.Bind(dbx.Params{"id": record.Id}).Column(&relIds) + if err != nil { + return errors.Join(err, pq.Close()) + } + + if len(relIds) > 0 { + record.Set(parts[0], relIds) + } + } + + return pq.Close() + }() + if prepErr != nil { + return prepErr + } + + // indirect/back relation + relField = &RelationField{ + Name: parts[0], + MaxSelect: 2147483647, + CollectionId: indirectRel.Id, + } + if _, ok := dbutils.FindSingleColumnUniqueIndex(indirectRel.Indexes, indirectRelField.GetName()); ok { + relField.MaxSelect = 1 + } + relCollection = indirectRel + } else { + // direct relation + relField, _ = mainCollection.Fields.GetByName(parts[0]).(*RelationField) + if relField == nil { + return fmt.Errorf("couldn't find relation field %q in collection %q", parts[0], mainCollection.Name) + } + + relCollection, _ = getCollectionByModelOrIdentifier(app, relField.CollectionId) + if relCollection == nil { + return fmt.Errorf("couldn't find related collection %q", relField.CollectionId) + } + } + + // --------------------------------------------------------------- + + // extract the id of the relations to expand + relIds := make([]string, 0, len(records)) + for _, record := range records { + relIds = append(relIds, record.GetStringSlice(relField.Name)...) + } + + // fetch rels + rels, relsErr := fetchFunc(relCollection, relIds) + if relsErr != nil { + return relsErr + } + + // expand nested fields + if len(parts) > 1 { + err := app.expandRecords(rels, parts[1], fetchFunc, recursionLevel+1) + if err != nil { + return err + } + } + + // reindex with the rel id + indexedRels := make(map[string]*Record, len(rels)) + for _, rel := range rels { + indexedRels[rel.Id] = rel + } + + for _, model := range records { + // init expand if not already + // (this is done to ensure that the "expand" key will be returned in the response even if empty) + if model.expand == nil { + model.SetExpand(nil) + } + + relIds := model.GetStringSlice(relField.Name) + + validRels := make([]*Record, 0, len(relIds)) + for _, id := range relIds { + if rel, ok := indexedRels[id]; ok { + validRels = append(validRels, rel) + } + } + + if len(validRels) == 0 { + continue // no valid relations + } + + expandData := model.Expand() + + // normalize access to the previously expanded rel records (if any) + var oldExpandedRels []*Record + switch v := expandData[relField.Name].(type) { + case nil: + // no old expands + case *Record: + oldExpandedRels = []*Record{v} + case []*Record: + oldExpandedRels = v + } + + // merge expands + for _, oldExpandedRel := range oldExpandedRels { + // find a matching rel record + for _, rel := range validRels { + if rel.Id != oldExpandedRel.Id { + continue + } + + rel.MergeExpand(oldExpandedRel.Expand()) + } + } + + // update the expanded data + if relField.IsMultiple() { + expandData[relField.Name] = validRels + } else { + expandData[relField.Name] = validRels[0] + } + + model.SetExpand(expandData) + } + + return nil +} + +// normalizeExpands normalizes expand strings and merges self containing paths +// (eg. ["a.b.c", "a.b", " test ", " ", "test"] -> ["a.b.c", "test"]). +func normalizeExpands(paths []string) []string { + // normalize paths + normalized := make([]string, 0, len(paths)) + for _, p := range paths { + p = strings.ReplaceAll(p, " ", "") // replace spaces + p = strings.Trim(p, ".") // trim incomplete paths + if p != "" { + normalized = append(normalized, p) + } + } + + // merge containing paths + result := make([]string, 0, len(normalized)) + for i, p1 := range normalized { + var skip bool + for j, p2 := range normalized { + if i == j { + continue + } + if strings.HasPrefix(p2, p1+".") { + // skip because there is more detailed expand path + skip = true + break + } + } + if !skip { + result = append(result, p1) + } + } + + return list.ToUniqueStringSlice(result) +} diff --git a/core/record_query_expand_test.go b/core/record_query_expand_test.go new file mode 100644 index 0000000..04b5cbf --- /dev/null +++ b/core/record_query_expand_test.go @@ -0,0 +1,486 @@ +package core_test + +import ( + "encoding/json" + "errors" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/list" +) + +func TestExpandRecords(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + testName string + collectionIdOrName string + recordIds []string + expands []string + fetchFunc core.ExpandFetchFunc + expectNonemptyExpandProps int + expectExpandFailures int + }{ + { + "empty records", + "", + []string{}, + []string{"self_rel_one", "self_rel_many.self_rel_one"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 0, + }, + { + "empty expand", + "demo4", + []string{"i9naidtvr6qsgb4", "qzaqccwrmva4o1n"}, + []string{}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 0, + }, + { + "fetchFunc with error", + "demo4", + []string{"i9naidtvr6qsgb4", "qzaqccwrmva4o1n"}, + []string{"self_rel_one", "self_rel_many.self_rel_one"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return nil, errors.New("test error") + }, + 0, + 2, + }, + { + "missing relation field", + "demo4", + []string{"i9naidtvr6qsgb4", "qzaqccwrmva4o1n"}, + []string{"missing"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 1, + }, + { + "existing, but non-relation type field", + "demo4", + []string{"i9naidtvr6qsgb4", "qzaqccwrmva4o1n"}, + []string{"title"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 1, + }, + { + "invalid/missing second level expand", + "demo4", + []string{"i9naidtvr6qsgb4", "qzaqccwrmva4o1n"}, + []string{"rel_one_no_cascade.title"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 1, + }, + { + "with nil fetchfunc", + "users", + []string{ + "bgs820n361vj1qd", + "4q1xlclmfloku33", + "oap640cot4yru2s", // no rels + }, + []string{"rel"}, + nil, + 2, + 0, + }, + { + "expand normalizations", + "demo4", + []string{"i9naidtvr6qsgb4", "qzaqccwrmva4o1n"}, + []string{ + "self_rel_one", "self_rel_many.self_rel_many.rel_one_no_cascade", + "self_rel_many.self_rel_one.self_rel_many.self_rel_one.rel_one_no_cascade", + "self_rel_many", "self_rel_many.", + " self_rel_many ", "", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 9, + 0, + }, + { + "single expand", + "users", + []string{ + "bgs820n361vj1qd", + "4q1xlclmfloku33", + "oap640cot4yru2s", // no rels + }, + []string{"rel"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 2, + 0, + }, + { + "with nil fetchfunc", + "users", + []string{ + "bgs820n361vj1qd", + "4q1xlclmfloku33", + "oap640cot4yru2s", // no rels + }, + []string{"rel"}, + nil, + 2, + 0, + }, + { + "maxExpandDepth reached", + "demo4", + []string{"qzaqccwrmva4o1n"}, + []string{"self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 6, + 0, + }, + { + "simple back single relation field expand (deprecated syntax)", + "demo3", + []string{"lcl9d87w22ml6jy"}, + []string{"demo4(rel_one_no_cascade_required)"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 1, + 0, + }, + { + "simple back expand via single relation field", + "demo3", + []string{"lcl9d87w22ml6jy"}, + []string{"demo4_via_rel_one_no_cascade_required"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 1, + 0, + }, + { + "nested back expand via single relation field", + "demo3", + []string{"lcl9d87w22ml6jy"}, + []string{ + "demo4_via_rel_one_no_cascade_required.self_rel_many.self_rel_many.self_rel_one", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 5, + 0, + }, + { + "nested back expand via multiple relation field", + "demo3", + []string{"lcl9d87w22ml6jy"}, + []string{ + "demo4_via_rel_many_no_cascade_required.self_rel_many.rel_many_no_cascade_required.demo4_via_rel_many_no_cascade_required", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 7, + 0, + }, + { + "expand multiple relations sharing a common path", + "demo4", + []string{"qzaqccwrmva4o1n"}, + []string{ + "rel_one_no_cascade", + "rel_many_no_cascade", + "self_rel_many.self_rel_one.rel_many_cascade", + "self_rel_many.self_rel_one.rel_many_no_cascade_required", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 5, + 0, + }, + } + + for _, s := range scenarios { + t.Run(s.testName, func(t *testing.T) { + ids := list.ToUniqueStringSlice(s.recordIds) + records, _ := app.FindRecordsByIds(s.collectionIdOrName, ids) + failed := app.ExpandRecords(records, s.expands, s.fetchFunc) + + if len(failed) != s.expectExpandFailures { + t.Errorf("Expected %d failures, got %d\n%v", s.expectExpandFailures, len(failed), failed) + } + + encoded, _ := json.Marshal(records) + encodedStr := string(encoded) + totalExpandProps := strings.Count(encodedStr, `"`+core.FieldNameExpand+`":`) + totalEmptyExpands := strings.Count(encodedStr, `"`+core.FieldNameExpand+`":{}`) + totalNonemptyExpands := totalExpandProps - totalEmptyExpands + + if s.expectNonemptyExpandProps != totalNonemptyExpands { + t.Errorf("Expected %d expand props, got %d\n%v", s.expectNonemptyExpandProps, totalNonemptyExpands, encodedStr) + } + }) + } +} + +func TestExpandRecord(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + testName string + collectionIdOrName string + recordId string + expands []string + fetchFunc core.ExpandFetchFunc + expectNonemptyExpandProps int + expectExpandFailures int + }{ + { + "empty expand", + "demo4", + "i9naidtvr6qsgb4", + []string{}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 0, + }, + { + "fetchFunc with error", + "demo4", + "i9naidtvr6qsgb4", + []string{"self_rel_one", "self_rel_many.self_rel_one"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return nil, errors.New("test error") + }, + 0, + 2, + }, + { + "missing relation field", + "demo4", + "i9naidtvr6qsgb4", + []string{"missing"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 1, + }, + { + "existing, but non-relation type field", + "demo4", + "i9naidtvr6qsgb4", + []string{"title"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 1, + }, + { + "invalid/missing second level expand", + "demo4", + "qzaqccwrmva4o1n", + []string{"rel_one_no_cascade.title"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 1, + }, + { + "expand normalizations", + "demo4", + "qzaqccwrmva4o1n", + []string{ + "self_rel_one", "self_rel_many.self_rel_many.rel_one_no_cascade", + "self_rel_many.self_rel_one.self_rel_many.self_rel_one.rel_one_no_cascade", + "self_rel_many", "self_rel_many.", + " self_rel_many ", "", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 8, + 0, + }, + { + "no rels to expand", + "users", + "oap640cot4yru2s", + []string{"rel"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 0, + 0, + }, + { + "maxExpandDepth reached", + "demo4", + "qzaqccwrmva4o1n", + []string{"self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many.self_rel_many"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 6, + 0, + }, + { + "simple indirect expand via single relation field (deprecated syntax)", + "demo3", + "lcl9d87w22ml6jy", + []string{"demo4(rel_one_no_cascade_required)"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 1, + 0, + }, + { + "simple indirect expand via single relation field", + "demo3", + "lcl9d87w22ml6jy", + []string{"demo4_via_rel_one_no_cascade_required"}, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 1, + 0, + }, + { + "nested indirect expand via single relation field", + "demo3", + "lcl9d87w22ml6jy", + []string{ + "demo4(rel_one_no_cascade_required).self_rel_many.self_rel_many.self_rel_one", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 5, + 0, + }, + { + "nested indirect expand via single relation field", + "demo3", + "lcl9d87w22ml6jy", + []string{ + "demo4_via_rel_many_no_cascade_required.self_rel_many.rel_many_no_cascade_required.demo4_via_rel_many_no_cascade_required", + }, + func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }, + 7, + 0, + }, + } + + for _, s := range scenarios { + t.Run(s.testName, func(t *testing.T) { + record, _ := app.FindRecordById(s.collectionIdOrName, s.recordId) + failed := app.ExpandRecord(record, s.expands, s.fetchFunc) + + if len(failed) != s.expectExpandFailures { + t.Errorf("Expected %d failures, got %d\n%v", s.expectExpandFailures, len(failed), failed) + } + + encoded, _ := json.Marshal(record) + encodedStr := string(encoded) + totalExpandProps := strings.Count(encodedStr, `"`+core.FieldNameExpand+`":`) + totalEmptyExpands := strings.Count(encodedStr, `"`+core.FieldNameExpand+`":{}`) + totalNonemptyExpands := totalExpandProps - totalEmptyExpands + + if s.expectNonemptyExpandProps != totalNonemptyExpands { + t.Errorf("Expected %d expand props, got %d\n%v", s.expectNonemptyExpandProps, totalNonemptyExpands, encodedStr) + } + }) + } +} + +func TestBackRelationExpandSingeVsArrayResult(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record, err := app.FindRecordById("demo3", "7nwo8tuiatetxdm") + if err != nil { + t.Fatal(err) + } + + // non-unique indirect expand + { + errs := app.ExpandRecord(record, []string{"demo4_via_rel_one_cascade"}, func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }) + if len(errs) > 0 { + t.Fatal(errs) + } + + result, ok := record.Expand()["demo4_via_rel_one_cascade"].([]*core.Record) + if !ok { + t.Fatalf("Expected the expanded result to be a slice, got %v", result) + } + } + + // unique indirect expand + { + // mock a unique constraint for the rel_one_cascade field + // --- + demo4, err := app.FindCollectionByNameOrId("demo4") + if err != nil { + t.Fatal(err) + } + + demo4.Indexes = append(demo4.Indexes, "create unique index idx_unique_expand on demo4 (rel_one_cascade)") + + if err := app.Save(demo4); err != nil { + t.Fatalf("Failed to mock unique constraint: %v", err) + } + // --- + + errs := app.ExpandRecord(record, []string{"demo4_via_rel_one_cascade"}, func(c *core.Collection, ids []string) ([]*core.Record, error) { + return app.FindRecordsByIds(c.Id, ids, nil) + }) + if len(errs) > 0 { + t.Fatal(errs) + } + + result, ok := record.Expand()["demo4_via_rel_one_cascade"].(*core.Record) + if !ok { + t.Fatalf("Expected the expanded result to be a single model, got %v", result) + } + } +} diff --git a/core/record_query_test.go b/core/record_query_test.go new file mode 100644 index 0000000..fe38b40 --- /dev/null +++ b/core/record_query_test.go @@ -0,0 +1,1197 @@ +package core_test + +import ( + "encoding/json" + "errors" + "fmt" + "slices" + "strings" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestRecordQueryWithDifferentCollectionValues(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + collection any + expectedTotal int + expectError bool + }{ + {"with nil value", nil, 0, true}, + {"with invalid or missing collection id/name", "missing", 0, true}, + {"with pointer model", collection, 3, false}, + {"with value model", *collection, 3, false}, + {"with name", "demo1", 3, false}, + {"with id", "wsmn24bux7wo113", 3, false}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + var records []*core.Record + err := app.RecordQuery(s.collection).All(&records) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasError %v, got %v", s.expectError, hasErr) + } + + if total := len(records); total != s.expectedTotal { + t.Fatalf("Expected %d records, got %d", s.expectedTotal, total) + } + }) + } +} + +func TestRecordQueryOne(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + collection string + recordId string + model any + }{ + { + "record model", + "demo1", + "84nmscqy84lsi1t", + &core.Record{}, + }, + { + "record proxy", + "demo1", + "84nmscqy84lsi1t", + &struct { + core.BaseRecordProxy + }{}, + }, + { + "custom struct", + "demo1", + "84nmscqy84lsi1t", + &struct { + Id string `db:"id" json:"id"` + }{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection, err := app.FindCollectionByNameOrId(s.collection) + if err != nil { + t.Fatal(err) + } + + q := app.RecordQuery(collection). + Where(dbx.HashExp{"id": s.recordId}) + + if err := q.One(s.model); err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(s.model) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if !strings.Contains(rawStr, fmt.Sprintf(`"id":%q`, s.recordId)) { + t.Fatalf("Missing id %q in\n%s", s.recordId, rawStr) + } + }) + } +} + +func TestRecordQueryAll(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + type customStructs struct { + Id string `db:"id" json:"id"` + } + + type mockRecordProxy struct { + core.BaseRecordProxy + } + + scenarios := []struct { + name string + collection string + recordIds []any + result any + }{ + { + "slice of Record models", + "demo1", + []any{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}, + &[]core.Record{}, + }, + { + "slice of pointer Record models", + "demo1", + []any{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}, + &[]*core.Record{}, + }, + { + "slice of Record proxies", + "demo1", + []any{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}, + &[]mockRecordProxy{}, + }, + { + "slice of pointer Record proxies", + "demo1", + []any{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}, + &[]mockRecordProxy{}, + }, + { + "slice of custom structs", + "demo1", + []any{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}, + &[]customStructs{}, + }, + { + "slice of pointer custom structs", + "demo1", + []any{"84nmscqy84lsi1t", "al1h9ijdeojtsjy"}, + &[]customStructs{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + collection, err := app.FindCollectionByNameOrId(s.collection) + if err != nil { + t.Fatal(err) + } + + q := app.RecordQuery(collection). + Where(dbx.HashExp{"id": s.recordIds}) + + if err := q.All(s.result); err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(s.result) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + sliceOfMaps := []any{} + if err := json.Unmarshal(raw, &sliceOfMaps); err != nil { + t.Fatal(err) + } + + if len(sliceOfMaps) != len(s.recordIds) { + t.Fatalf("Expected %d items, got %d", len(s.recordIds), len(sliceOfMaps)) + } + + for _, id := range s.recordIds { + if !strings.Contains(rawStr, fmt.Sprintf(`"id":%q`, id)) { + t.Fatalf("Missing id %q in\n%s", id, rawStr) + } + } + }) + } +} + +func TestFindRecordById(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + collectionIdOrName string + id string + filters []func(q *dbx.SelectQuery) error + expectError bool + }{ + {"demo2", "missing", nil, true}, + {"missing", "0yxhwia2amd8gec", nil, true}, + {"demo2", "0yxhwia2amd8gec", nil, false}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{}, false}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{nil, nil}, false}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + nil, + func(q *dbx.SelectQuery) error { return nil }, + }, false}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"title": "missing"}) + return nil + }, + }, true}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + return errors.New("test error") + }, + }, true}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"title": "test3"}) + return nil + }, + }, false}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"title": "test3"}) + return nil + }, + nil, + }, false}, + {"demo2", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"title": "test3"}) + return nil + }, + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"active": false}) + return nil + }, + }, true}, + {"sz5l5z67tg7gku0", "0yxhwia2amd8gec", []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"title": "test3"}) + return nil + }, + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"active": true}) + return nil + }, + }, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s_%d", i, s.collectionIdOrName, s.id, len(s.filters)), func(t *testing.T) { + record, err := app.FindRecordById( + s.collectionIdOrName, + s.id, + s.filters..., + ) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if record != nil && record.Id != s.id { + t.Fatalf("Expected record with id %s, got %s", s.id, record.Id) + } + }) + } +} + +func TestFindRecordsByIds(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + collectionIdOrName string + ids []string + filters []func(q *dbx.SelectQuery) error + expectTotal int + expectError bool + }{ + {"demo2", []string{}, nil, 0, false}, + {"demo2", []string{""}, nil, 0, false}, + {"demo2", []string{"missing"}, nil, 0, false}, + {"missing", []string{"0yxhwia2amd8gec"}, nil, 0, true}, + {"demo2", []string{"0yxhwia2amd8gec"}, nil, 1, false}, + {"sz5l5z67tg7gku0", []string{"0yxhwia2amd8gec"}, nil, 1, false}, + { + "demo2", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + nil, + 2, + false, + }, + { + "demo2", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + []func(q *dbx.SelectQuery) error{}, + 2, + false, + }, + { + "demo2", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + []func(q *dbx.SelectQuery) error{nil, nil}, + 2, + false, + }, + { + "demo2", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + return nil // empty filter + }, + }, + 2, + false, + }, + { + "demo2", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + return nil // empty filter + }, + func(q *dbx.SelectQuery) error { + return errors.New("test error") + }, + }, + 0, + true, + }, + { + "demo2", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"active": true}) + return nil + }, + nil, + }, + 1, + false, + }, + { + "sz5l5z67tg7gku0", + []string{"0yxhwia2amd8gec", "llvuca81nly1qls"}, + []func(q *dbx.SelectQuery) error{ + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.HashExp{"active": true}) + return nil + }, + func(q *dbx.SelectQuery) error { + q.AndWhere(dbx.Not(dbx.HashExp{"title": ""})) + return nil + }, + }, + 1, + false, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%v_%d", i, s.collectionIdOrName, s.ids, len(s.filters)), func(t *testing.T) { + records, err := app.FindRecordsByIds( + s.collectionIdOrName, + s.ids, + s.filters..., + ) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if len(records) != s.expectTotal { + t.Fatalf("Expected %d records, got %d", s.expectTotal, len(records)) + } + + for _, r := range records { + if !slices.Contains(s.ids, r.Id) { + t.Fatalf("Couldn't find id %s in %v", r.Id, s.ids) + } + } + }) + } +} + +func TestFindAllRecords(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + collectionIdOrName string + expressions []dbx.Expression + expectIds []string + expectError bool + }{ + { + "missing", + nil, + []string{}, + true, + }, + { + "demo2", + nil, + []string{ + "achvryl401bhse3", + "llvuca81nly1qls", + "0yxhwia2amd8gec", + }, + false, + }, + { + "demo2", + []dbx.Expression{ + nil, + dbx.HashExp{"id": "123"}, + }, + []string{}, + false, + }, + { + "sz5l5z67tg7gku0", + []dbx.Expression{ + dbx.Like("title", "test").Match(true, true), + dbx.HashExp{"active": true}, + }, + []string{ + "achvryl401bhse3", + "0yxhwia2amd8gec", + }, + false, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.collectionIdOrName), func(t *testing.T) { + records, err := app.FindAllRecords(s.collectionIdOrName, s.expressions...) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if len(records) != len(s.expectIds) { + t.Fatalf("Expected %d records, got %d", len(s.expectIds), len(records)) + } + + for _, r := range records { + if !slices.Contains(s.expectIds, r.Id) { + t.Fatalf("Couldn't find id %s in %v", r.Id, s.expectIds) + } + } + }) + } +} + +func TestFindFirstRecordByData(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + collectionIdOrName string + key string + value any + expectId string + expectError bool + }{ + { + "missing", + "id", + "llvuca81nly1qls", + "llvuca81nly1qls", + true, + }, + { + "demo2", + "", + "llvuca81nly1qls", + "", + true, + }, + { + "demo2", + "id", + "invalid", + "", + true, + }, + { + "demo2", + "id", + "llvuca81nly1qls", + "llvuca81nly1qls", + false, + }, + { + "sz5l5z67tg7gku0", + "title", + "test3", + "0yxhwia2amd8gec", + false, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s_%v", i, s.collectionIdOrName, s.key, s.value), func(t *testing.T) { + record, err := app.FindFirstRecordByData(s.collectionIdOrName, s.key, s.value) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if !s.expectError && record.Id != s.expectId { + t.Fatalf("Expected record with id %s, got %v", s.expectId, record.Id) + } + }) + } +} + +func TestFindRecordsByFilter(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + collectionIdOrName string + filter string + sort string + limit int + offset int + params []dbx.Params + expectError bool + expectRecordIds []string + }{ + { + "missing collection", + "missing", + "id != ''", + "", + 0, + 0, + nil, + true, + nil, + }, + { + "invalid filter", + "demo2", + "someMissingField > 1", + "", + 0, + 0, + nil, + true, + nil, + }, + { + "empty filter", + "demo2", + "", + "", + 0, + 0, + nil, + false, + []string{ + "llvuca81nly1qls", + "achvryl401bhse3", + "0yxhwia2amd8gec", + }, + }, + { + "simple filter", + "demo2", + "id != ''", + "", + 0, + 0, + nil, + false, + []string{ + "llvuca81nly1qls", + "achvryl401bhse3", + "0yxhwia2amd8gec", + }, + }, + { + "multi-condition filter with sort", + "demo2", + "id != '' && active=true", + "-created,title", + -1, // should behave the same as 0 + 0, + nil, + false, + []string{ + "0yxhwia2amd8gec", + "achvryl401bhse3", + }, + }, + { + "with limit and offset", + "sz5l5z67tg7gku0", + "id != ''", + "title", + 2, + 1, + nil, + false, + []string{ + "achvryl401bhse3", + "0yxhwia2amd8gec", + }, + }, + { + "with placeholder params", + "demo2", + "active = {:active}", + "", + 10, + 0, + []dbx.Params{{"active": false}}, + false, + []string{ + "llvuca81nly1qls", + }, + }, + { + "with json filter and sort", + "demo4", + "json_object != null && json_object.a.b = 'test'", + "-json_object.a", + 10, + 0, + []dbx.Params{{"active": false}}, + false, + []string{ + "i9naidtvr6qsgb4", + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + records, err := app.FindRecordsByFilter( + s.collectionIdOrName, + s.filter, + s.sort, + s.limit, + s.offset, + s.params..., + ) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if len(records) != len(s.expectRecordIds) { + t.Fatalf("Expected %d records, got %d", len(s.expectRecordIds), len(records)) + } + + for i, id := range s.expectRecordIds { + if id != records[i].Id { + t.Fatalf("Expected record with id %q, got %q at index %d", id, records[i].Id, i) + } + } + }) + } +} + +func TestFindFirstRecordByFilter(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + collectionIdOrName string + filter string + params []dbx.Params + expectError bool + expectRecordId string + }{ + { + "missing collection", + "missing", + "id != ''", + nil, + true, + "", + }, + { + "invalid filter", + "demo2", + "someMissingField > 1", + nil, + true, + "", + }, + { + "empty filter", + "demo2", + "", + nil, + false, + "llvuca81nly1qls", + }, + { + "valid filter but no matches", + "demo2", + "id = 'test'", + nil, + true, + "", + }, + { + "valid filter and multiple matches", + "sz5l5z67tg7gku0", + "id != ''", + nil, + false, + "llvuca81nly1qls", + }, + { + "with placeholder params", + "demo2", + "active = {:active}", + []dbx.Params{{"active": false}}, + false, + "llvuca81nly1qls", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + record, err := app.FindFirstRecordByFilter(s.collectionIdOrName, s.filter, s.params...) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if record.Id != s.expectRecordId { + t.Fatalf("Expected record with id %q, got %q", s.expectRecordId, record.Id) + } + }) + } +} + +func TestCountRecords(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + collectionIdOrName string + expressions []dbx.Expression + expectTotal int64 + expectError bool + }{ + { + "missing collection", + "missing", + nil, + 0, + true, + }, + { + "valid collection name", + "demo2", + nil, + 3, + false, + }, + { + "valid collection id", + "sz5l5z67tg7gku0", + nil, + 3, + false, + }, + { + "nil expression", + "demo2", + []dbx.Expression{nil}, + 3, + false, + }, + { + "no matches", + "demo2", + []dbx.Expression{ + nil, + dbx.Like("title", "missing"), + dbx.HashExp{"active": true}, + }, + 0, + false, + }, + { + "with matches", + "demo2", + []dbx.Expression{ + nil, + dbx.Like("title", "test"), + dbx.HashExp{"active": true}, + }, + 2, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + total, err := app.CountRecords(s.collectionIdOrName, s.expressions...) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if total != s.expectTotal { + t.Fatalf("Expected total %d, got %d", s.expectTotal, total) + } + }) + } +} + +func TestFindAuthRecordByToken(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + token string + types []string + expectedId string + }{ + { + "empty token", + "", + nil, + "", + }, + { + "invalid token", + "invalid", + nil, + "", + }, + { + "expired token", + "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoxNjQwOTkxNjYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.2D3tmqPn3vc5LoqqCz8V-iCDVXo9soYiH0d32G7FQT4", + nil, + "", + }, + { + "valid auth token", + "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + nil, + "4q1xlclmfloku33", + }, + { + "valid verification token", + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRjNDlrNmpnZWpuNDBoMyIsImV4cCI6MjUyNDYwNDQ2MSwidHlwZSI6InZlcmlmaWNhdGlvbiIsImNvbGxlY3Rpb25JZCI6ImtwdjcwOXNrMmxxYnFrOCIsImVtYWlsIjoidGVzdEBleGFtcGxlLmNvbSJ9.5GmuZr4vmwk3Cb_3ZZWNxwbE75KZC-j71xxIPR9AsVw", + nil, + "dc49k6jgejn40h3", + }, + { + "auth token with file type only check", + "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + []string{core.TokenTypeFile}, + "", + }, + { + "auth token with file and auth type check", + "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo", + []string{core.TokenTypeFile, core.TokenTypeAuth}, + "4q1xlclmfloku33", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + record, err := app.FindAuthRecordByToken(s.token, s.types...) + + hasErr := err != nil + expectErr := s.expectedId == "" + if hasErr != expectErr { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", expectErr, hasErr, err) + } + + if hasErr { + return + } + + if record.Id != s.expectedId { + t.Fatalf("Expected record with id %q, got %q", s.expectedId, record.Id) + } + }) + } +} + +func TestFindAuthRecordByEmail(t *testing.T) { + t.Parallel() + + scenarios := []struct { + collectionIdOrName string + email string + nocaseIndex bool + expectError bool + }{ + {"missing", "test@example.com", false, true}, + {"demo2", "test@example.com", false, true}, + {"users", "missing@example.com", false, true}, + {"users", "test@example.com", false, false}, + {"clients", "test2@example.com", false, false}, + // case-insensitive tests + {"clients", "TeSt2@example.com", false, true}, + {"clients", "TeSt2@example.com", true, false}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%s_%s", s.collectionIdOrName, s.email), func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, _ := app.FindCollectionByNameOrId(s.collectionIdOrName) + if collection != nil { + emailIndex, ok := dbutils.FindSingleColumnUniqueIndex(collection.Indexes, core.FieldNameEmail) + if ok { + if s.nocaseIndex { + emailIndex.Columns[0].Collate = "nocase" + } else { + emailIndex.Columns[0].Collate = "" + } + + collection.RemoveIndex(emailIndex.IndexName) + collection.Indexes = append(collection.Indexes, emailIndex.Build()) + err := app.Save(collection) + if err != nil { + t.Fatalf("Failed to update email index: %v", err) + } + } + } + + record, err := app.FindAuthRecordByEmail(s.collectionIdOrName, s.email) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if !strings.EqualFold(record.Email(), s.email) { + t.Fatalf("Expected record with email %s, got %s", s.email, record.Email()) + } + }) + } +} + +func TestCanAccessRecord(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test@example.com") + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + record, err := app.FindRecordById("demo1", "imy661ixudk5izi") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + record *core.Record + requestInfo *core.RequestInfo + rule *string + expected bool + expectError bool + }{ + { + "as superuser with nil rule", + record, + &core.RequestInfo{ + Auth: superuser, + }, + nil, + true, + false, + }, + { + "as superuser with non-empty rule", + record, + &core.RequestInfo{ + Auth: superuser, + }, + types.Pointer("id = ''"), // the filter rule should be ignored + true, + false, + }, + { + "as superuser with invalid rule", + record, + &core.RequestInfo{ + Auth: superuser, + }, + types.Pointer("id ?!@ 1"), // the filter rule should be ignored + true, + false, + }, + { + "as guest with nil rule", + record, + &core.RequestInfo{}, + nil, + false, + false, + }, + { + "as guest with empty rule", + record, + &core.RequestInfo{}, + types.Pointer(""), + true, + false, + }, + { + "as guest with invalid rule", + record, + &core.RequestInfo{}, + types.Pointer("id ?!@ 1"), + false, + true, + }, + { + "as guest with mismatched rule", + record, + &core.RequestInfo{}, + types.Pointer("@request.auth.id != ''"), + false, + false, + }, + { + "as guest with matched rule", + record, + &core.RequestInfo{ + Body: map[string]any{"test": 1}, + }, + types.Pointer("@request.auth.id != '' || @request.body.test = 1"), + true, + false, + }, + { + "as auth record with nil rule", + record, + &core.RequestInfo{ + Auth: user, + }, + nil, + false, + false, + }, + { + "as auth record with empty rule", + record, + &core.RequestInfo{ + Auth: user, + }, + types.Pointer(""), + true, + false, + }, + { + "as auth record with invalid rule", + record, + &core.RequestInfo{ + Auth: user, + }, + types.Pointer("id ?!@ 1"), + false, + true, + }, + { + "as auth record with mismatched rule", + record, + &core.RequestInfo{ + Auth: user, + Body: map[string]any{"test": 1}, + }, + types.Pointer("@request.auth.id != '' && @request.body.test > 1"), + false, + false, + }, + { + "as auth record with matched rule", + record, + &core.RequestInfo{ + Auth: user, + Body: map[string]any{"test": 2}, + }, + types.Pointer("@request.auth.id != '' && @request.body.test > 1"), + true, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result, err := app.CanAccessRecord(s.record, s.requestInfo, s.rule) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} diff --git a/core/record_tokens.go b/core/record_tokens.go new file mode 100644 index 0000000..0eead2b --- /dev/null +++ b/core/record_tokens.go @@ -0,0 +1,165 @@ +package core + +import ( + "errors" + "time" + + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/pocketbase/tools/security" +) + +// Supported record token types +const ( + TokenTypeAuth = "auth" + TokenTypeFile = "file" + TokenTypeVerification = "verification" + TokenTypePasswordReset = "passwordReset" + TokenTypeEmailChange = "emailChange" +) + +// List with commonly used record token claims +const ( + TokenClaimId = "id" + TokenClaimType = "type" + TokenClaimCollectionId = "collectionId" + TokenClaimEmail = "email" + TokenClaimNewEmail = "newEmail" + TokenClaimRefreshable = "refreshable" +) + +// Common token related errors +var ( + ErrNotAuthRecord = errors.New("not an auth collection record") + ErrMissingSigningKey = errors.New("missing or invalid signing key") +) + +// NewStaticAuthToken generates and returns a new static record authentication token. +// +// Static auth tokens are similar to the regular auth tokens, but are +// non-refreshable and support custom duration. +// +// Zero or negative duration will fallback to the duration from the auth collection settings. +func (m *Record) NewStaticAuthToken(duration time.Duration) (string, error) { + return m.newAuthToken(duration, false) +} + +// NewAuthToken generates and returns a new record authentication token. +func (m *Record) NewAuthToken() (string, error) { + return m.newAuthToken(0, true) +} + +func (m *Record) newAuthToken(duration time.Duration, refreshable bool) (string, error) { + if !m.Collection().IsAuth() { + return "", ErrNotAuthRecord + } + + key := (m.TokenKey() + m.Collection().AuthToken.Secret) + if key == "" { + return "", ErrMissingSigningKey + } + + claims := jwt.MapClaims{ + TokenClaimType: TokenTypeAuth, + TokenClaimId: m.Id, + TokenClaimCollectionId: m.Collection().Id, + TokenClaimRefreshable: refreshable, + } + + if duration <= 0 { + duration = m.Collection().AuthToken.DurationTime() + } + + return security.NewJWT(claims, key, duration) +} + +// NewVerificationToken generates and returns a new record verification token. +func (m *Record) NewVerificationToken() (string, error) { + if !m.Collection().IsAuth() { + return "", ErrNotAuthRecord + } + + key := (m.TokenKey() + m.Collection().VerificationToken.Secret) + if key == "" { + return "", ErrMissingSigningKey + } + + return security.NewJWT( + jwt.MapClaims{ + TokenClaimType: TokenTypeVerification, + TokenClaimId: m.Id, + TokenClaimCollectionId: m.Collection().Id, + TokenClaimEmail: m.Email(), + }, + key, + m.Collection().VerificationToken.DurationTime(), + ) +} + +// NewPasswordResetToken generates and returns a new auth record password reset request token. +func (m *Record) NewPasswordResetToken() (string, error) { + if !m.Collection().IsAuth() { + return "", ErrNotAuthRecord + } + + key := (m.TokenKey() + m.Collection().PasswordResetToken.Secret) + if key == "" { + return "", ErrMissingSigningKey + } + + return security.NewJWT( + jwt.MapClaims{ + TokenClaimType: TokenTypePasswordReset, + TokenClaimId: m.Id, + TokenClaimCollectionId: m.Collection().Id, + TokenClaimEmail: m.Email(), + }, + key, + m.Collection().PasswordResetToken.DurationTime(), + ) +} + +// NewEmailChangeToken generates and returns a new auth record change email request token. +func (m *Record) NewEmailChangeToken(newEmail string) (string, error) { + if !m.Collection().IsAuth() { + return "", ErrNotAuthRecord + } + + key := (m.TokenKey() + m.Collection().EmailChangeToken.Secret) + if key == "" { + return "", ErrMissingSigningKey + } + + return security.NewJWT( + jwt.MapClaims{ + TokenClaimType: TokenTypeEmailChange, + TokenClaimId: m.Id, + TokenClaimCollectionId: m.Collection().Id, + TokenClaimEmail: m.Email(), + TokenClaimNewEmail: newEmail, + }, + key, + m.Collection().EmailChangeToken.DurationTime(), + ) +} + +// NewFileToken generates and returns a new record private file access token. +func (m *Record) NewFileToken() (string, error) { + if !m.Collection().IsAuth() { + return "", ErrNotAuthRecord + } + + key := (m.TokenKey() + m.Collection().FileToken.Secret) + if key == "" { + return "", ErrMissingSigningKey + } + + return security.NewJWT( + jwt.MapClaims{ + TokenClaimType: TokenTypeFile, + TokenClaimId: m.Id, + TokenClaimCollectionId: m.Collection().Id, + }, + key, + m.Collection().FileToken.DurationTime(), + ) +} diff --git a/core/record_tokens_test.go b/core/record_tokens_test.go new file mode 100644 index 0000000..34ad909 --- /dev/null +++ b/core/record_tokens_test.go @@ -0,0 +1,176 @@ +package core_test + +import ( + "fmt" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +func TestNewStaticAuthToken(t *testing.T) { + t.Parallel() + + testRecordToken(t, core.TokenTypeAuth, func(record *core.Record) (string, error) { + return record.NewStaticAuthToken(0) + }, map[string]any{ + core.TokenClaimRefreshable: false, + }) +} + +func TestNewStaticAuthTokenWithCustomDuration(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + var tolerance int64 = 1 // in sec + + durations := []int64{-100, 0, 100} + + for i, d := range durations { + t.Run(fmt.Sprintf("%d_%d", i, d), func(t *testing.T) { + now := time.Now() + + duration := time.Duration(d) * time.Second + + token, err := user.NewStaticAuthToken(duration) + if err != nil { + t.Fatal(err) + } + + claims, err := security.ParseUnverifiedJWT(token) + if err != nil { + t.Fatal(err) + } + + exp := cast.ToInt64(claims["exp"]) + + expectedDuration := duration + // should fallback to the collection setting + if expectedDuration <= 0 { + expectedDuration = user.Collection().AuthToken.DurationTime() + } + expectedMinExp := now.Add(expectedDuration).Unix() - tolerance + expectedMaxExp := now.Add(expectedDuration).Unix() + tolerance + + if exp < expectedMinExp { + t.Fatalf("Expected token exp to be greater than %d, got %d", expectedMinExp, exp) + } + + if exp > expectedMaxExp { + t.Fatalf("Expected token exp to be less than %d, got %d", expectedMaxExp, exp) + } + }) + } +} + +func TestNewAuthToken(t *testing.T) { + t.Parallel() + + testRecordToken(t, core.TokenTypeAuth, func(record *core.Record) (string, error) { + return record.NewAuthToken() + }, map[string]any{ + core.TokenClaimRefreshable: true, + }) +} + +func TestNewVerificationToken(t *testing.T) { + t.Parallel() + + testRecordToken(t, core.TokenTypeVerification, func(record *core.Record) (string, error) { + return record.NewVerificationToken() + }, nil) +} + +func TestNewPasswordResetToken(t *testing.T) { + t.Parallel() + + testRecordToken(t, core.TokenTypePasswordReset, func(record *core.Record) (string, error) { + return record.NewPasswordResetToken() + }, nil) +} + +func TestNewEmailChangeToken(t *testing.T) { + t.Parallel() + + testRecordToken(t, core.TokenTypeEmailChange, func(record *core.Record) (string, error) { + return record.NewEmailChangeToken("new@example.com") + }, nil) +} + +func TestNewFileToken(t *testing.T) { + t.Parallel() + + testRecordToken(t, core.TokenTypeFile, func(record *core.Record) (string, error) { + return record.NewFileToken() + }, nil) +} + +func testRecordToken( + t *testing.T, + tokenType string, + tokenFunc func(record *core.Record) (string, error), + expectedClaims map[string]any, +) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo1, err := app.FindRecordById("demo1", "84nmscqy84lsi1t") + if err != nil { + t.Fatal(err) + } + + user, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + t.Run("non-auth record", func(t *testing.T) { + _, err = tokenFunc(demo1) + if err == nil { + t.Fatal("Expected error for non-auth records") + } + }) + + t.Run("auth record", func(t *testing.T) { + token, err := tokenFunc(user) + if err != nil { + t.Fatal(err) + } + + tokenRecord, _ := app.FindAuthRecordByToken(token, tokenType) + if tokenRecord == nil || tokenRecord.Id != user.Id { + t.Fatalf("Expected auth record\n%v\ngot\n%v", user, tokenRecord) + } + + if len(expectedClaims) > 0 { + claims, _ := security.ParseUnverifiedJWT(token) + for k, v := range expectedClaims { + if claims[k] != v { + t.Errorf("Expected claim %q with value %#v, got %#v", k, v, claims[k]) + } + } + } + }) + + t.Run("empty signing key", func(t *testing.T) { + user.SetTokenKey("") + collection := user.Collection() + *collection = core.Collection{} + collection.Type = core.CollectionTypeAuth + + _, err := tokenFunc(user) + if err == nil { + t.Fatal("Expected empty signing key error") + } + }) +} diff --git a/core/settings_model.go b/core/settings_model.go new file mode 100644 index 0000000..7464e11 --- /dev/null +++ b/core/settings_model.go @@ -0,0 +1,706 @@ +package core + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "os" + "regexp" + "slices" + "strconv" + "strings" + "sync" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/cron" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/mailer" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" +) + +const ( + paramsTable = "_params" + + paramsKeySettings = "settings" + + systemHookIdSettings = "__pbSettingsSystemHook__" +) + +func (app *BaseApp) registerSettingsHooks() { + saveFunc := func(me *ModelEvent) error { + if err := me.Next(); err != nil { + return err + } + + if me.Model.PK() == paramsKeySettings { + // auto reload the app settings because we don't know whether + // the Settings model is the app one or a different one + return errors.Join( + me.App.Settings().PostScan(), + me.App.ReloadSettings(), + ) + } + + return nil + } + + app.OnModelAfterCreateSuccess(paramsTable).Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdSettings, + Func: saveFunc, + Priority: -999, + }) + + app.OnModelAfterUpdateSuccess(paramsTable).Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdSettings, + Func: saveFunc, + Priority: -999, + }) + + app.OnModelDelete(paramsTable).Bind(&hook.Handler[*ModelEvent]{ + Id: systemHookIdSettings, + Func: func(me *ModelEvent) error { + if me.Model.PK() == paramsKeySettings { + return errors.New("the app params settings cannot be deleted") + } + + return me.Next() + }, + Priority: -999, + }) + + app.OnCollectionUpdate().Bind(&hook.Handler[*CollectionEvent]{ + Id: systemHookIdSettings, + Func: func(e *CollectionEvent) error { + oldCollection, err := e.App.FindCachedCollectionByNameOrId(e.Collection.Id) + if err != nil { + return fmt.Errorf("failed to retrieve old cached collection: %w", err) + } + + err = e.Next() + if err != nil { + return err + } + + // update existing rate limit rules on collection rename + if oldCollection.Name != e.Collection.Name { + var hasChange bool + + rules := e.App.Settings().RateLimits.Rules + for i := 0; i < len(rules); i++ { + if strings.HasPrefix(rules[i].Label, oldCollection.Name+":") { + rules[i].Label = strings.Replace(rules[i].Label, oldCollection.Name+":", e.Collection.Name+":", 1) + hasChange = true + } + } + + if hasChange { + e.App.Settings().RateLimits.Rules = rules + err = e.App.Save(e.App.Settings()) + if err != nil { + return err + } + } + } + + return nil + }, + Priority: 99, + }) +} + +var ( + _ Model = (*Settings)(nil) + _ PostValidator = (*Settings)(nil) + _ DBExporter = (*Settings)(nil) +) + +type settings struct { + SMTP SMTPConfig `form:"smtp" json:"smtp"` + Backups BackupsConfig `form:"backups" json:"backups"` + S3 S3Config `form:"s3" json:"s3"` + Meta MetaConfig `form:"meta" json:"meta"` + RateLimits RateLimitsConfig `form:"rateLimits" json:"rateLimits"` + TrustedProxy TrustedProxyConfig `form:"trustedProxy" json:"trustedProxy"` + Batch BatchConfig `form:"batch" json:"batch"` + Logs LogsConfig `form:"logs" json:"logs"` +} + +// Settings defines the PocketBase app settings. +type Settings struct { + settings + + mu sync.RWMutex + isNew bool +} + +func newDefaultSettings() *Settings { + return &Settings{ + isNew: true, + settings: settings{ + Meta: MetaConfig{ + AppName: "Acme", + AppURL: "http://localhost:8090", + HideControls: false, + SenderName: "Support", + SenderAddress: "support@example.com", + }, + Logs: LogsConfig{ + MaxDays: 5, + LogIP: true, + }, + SMTP: SMTPConfig{ + Enabled: false, + Host: "smtp.example.com", + Port: 587, + Username: "", + Password: "", + TLS: false, + }, + Backups: BackupsConfig{ + CronMaxKeep: 3, + }, + Batch: BatchConfig{ + Enabled: false, + MaxRequests: 50, + Timeout: 3, + }, + RateLimits: RateLimitsConfig{ + Enabled: false, // @todo once tested enough enable by default for new installations + Rules: []RateLimitRule{ + {Label: "*:auth", MaxRequests: 2, Duration: 3}, + {Label: "*:create", MaxRequests: 20, Duration: 5}, + {Label: "/api/batch", MaxRequests: 3, Duration: 1}, + {Label: "/api/", MaxRequests: 300, Duration: 10}, + }, + }, + }, + } +} + +// TableName implements [Model.TableName] interface method. +func (s *Settings) TableName() string { + return paramsTable +} + +// PK implements [Model.LastSavedPK] interface method. +func (s *Settings) LastSavedPK() any { + return paramsKeySettings +} + +// PK implements [Model.PK] interface method. +func (s *Settings) PK() any { + return paramsKeySettings +} + +// IsNew implements [Model.IsNew] interface method. +func (s *Settings) IsNew() bool { + s.mu.RLock() + defer s.mu.RUnlock() + + return s.isNew +} + +// MarkAsNew implements [Model.MarkAsNew] interface method. +func (s *Settings) MarkAsNew() { + s.mu.Lock() + defer s.mu.Unlock() + + s.isNew = true +} + +// MarkAsNew implements [Model.MarkAsNotNew] interface method. +func (s *Settings) MarkAsNotNew() { + s.mu.Lock() + defer s.mu.Unlock() + + s.isNew = false +} + +// PostScan implements [Model.PostScan] interface method. +func (s *Settings) PostScan() error { + s.MarkAsNotNew() + return nil +} + +// String returns a serialized string representation of the current settings. +func (s *Settings) String() string { + s.mu.RLock() + defer s.mu.RUnlock() + + raw, _ := json.Marshal(s) + return string(raw) +} + +// DBExport prepares and exports the current settings for db persistence. +func (s *Settings) DBExport(app App) (map[string]any, error) { + s.mu.RLock() + defer s.mu.RUnlock() + + now := types.NowDateTime() + + result := map[string]any{ + "id": s.PK(), + } + + if s.IsNew() { + result["created"] = now + } + result["updated"] = now + + encoded, err := json.Marshal(s.settings) + if err != nil { + return nil, err + } + + encryptionKey := os.Getenv(app.EncryptionEnv()) + if encryptionKey != "" { + encryptVal, encryptErr := security.Encrypt(encoded, encryptionKey) + if encryptErr != nil { + return nil, encryptErr + } + + result["value"] = encryptVal + } else { + result["value"] = encoded + } + + return result, nil +} + +// PostValidate implements the [PostValidator] interface and defines +// the Settings model validations. +func (s *Settings) PostValidate(ctx context.Context, app App) error { + s.mu.RLock() + defer s.mu.RUnlock() + + return validation.ValidateStructWithContext(ctx, s, + validation.Field(&s.Meta), + validation.Field(&s.Logs), + validation.Field(&s.SMTP), + validation.Field(&s.S3), + validation.Field(&s.Backups), + validation.Field(&s.Batch), + validation.Field(&s.RateLimits), + validation.Field(&s.TrustedProxy), + ) +} + +// Merge merges the "other" settings into the current one. +func (s *Settings) Merge(other *Settings) error { + other.mu.RLock() + defer other.mu.RUnlock() + + raw, err := json.Marshal(other.settings) + if err != nil { + return err + } + + s.mu.Lock() + defer s.mu.Unlock() + + return json.Unmarshal(raw, &s) +} + +// Clone creates a new deep copy of the current settings. +func (s *Settings) Clone() (*Settings, error) { + clone := &Settings{ + isNew: s.isNew, + } + + if err := clone.Merge(s); err != nil { + return nil, err + } + + return clone, nil +} + +// MarshalJSON implements the [json.Marshaler] interface. +// +// Note that sensitive fields (S3 secret, SMTP password, etc.) are excluded. +func (s *Settings) MarshalJSON() ([]byte, error) { + s.mu.RLock() + copy := s.settings + s.mu.RUnlock() + + sensitiveFields := []*string{ + ©.SMTP.Password, + ©.S3.Secret, + ©.Backups.S3.Secret, + } + + // mask all sensitive fields + for _, v := range sensitiveFields { + if v != nil && *v != "" { + *v = "" + } + } + + return json.Marshal(copy) +} + +// ------------------------------------------------------------------- + +type SMTPConfig struct { + Enabled bool `form:"enabled" json:"enabled"` + Port int `form:"port" json:"port"` + Host string `form:"host" json:"host"` + Username string `form:"username" json:"username"` + Password string `form:"password" json:"password,omitempty"` + + // SMTP AUTH - PLAIN (default) or LOGIN + AuthMethod string `form:"authMethod" json:"authMethod"` + + // Whether to enforce TLS encryption for the mail server connection. + // + // When set to false StartTLS command is send, leaving the server + // to decide whether to upgrade the connection or not. + TLS bool `form:"tls" json:"tls"` + + // LocalName is optional domain name or IP address used for the + // EHLO/HELO exchange (if not explicitly set, defaults to "localhost"). + // + // This is required only by some SMTP servers, such as Gmail SMTP-relay. + LocalName string `form:"localName" json:"localName"` +} + +// Validate makes SMTPConfig validatable by implementing [validation.Validatable] interface. +func (c SMTPConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field( + &c.Host, + validation.When(c.Enabled, validation.Required), + is.Host, + ), + validation.Field( + &c.Port, + validation.When(c.Enabled, validation.Required), + validation.Min(0), + ), + validation.Field( + &c.AuthMethod, + // don't require it for backward compatibility + // (fallback internally to PLAIN) + // validation.When(c.Enabled, validation.Required), + validation.In(mailer.SMTPAuthLogin, mailer.SMTPAuthPlain), + ), + validation.Field(&c.LocalName, is.Host), + ) +} + +// ------------------------------------------------------------------- + +type S3Config struct { + Enabled bool `form:"enabled" json:"enabled"` + Bucket string `form:"bucket" json:"bucket"` + Region string `form:"region" json:"region"` + Endpoint string `form:"endpoint" json:"endpoint"` + AccessKey string `form:"accessKey" json:"accessKey"` + Secret string `form:"secret" json:"secret,omitempty"` + ForcePathStyle bool `form:"forcePathStyle" json:"forcePathStyle"` +} + +// Validate makes S3Config validatable by implementing [validation.Validatable] interface. +func (c S3Config) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.Endpoint, is.URL, validation.When(c.Enabled, validation.Required)), + validation.Field(&c.Bucket, validation.When(c.Enabled, validation.Required)), + validation.Field(&c.Region, validation.When(c.Enabled, validation.Required)), + validation.Field(&c.AccessKey, validation.When(c.Enabled, validation.Required)), + validation.Field(&c.Secret, validation.When(c.Enabled, validation.Required)), + ) +} + +// ------------------------------------------------------------------- + +type BatchConfig struct { + Enabled bool `form:"enabled" json:"enabled"` + + // MaxRequests is the maximum allowed batch request to execute. + MaxRequests int `form:"maxRequests" json:"maxRequests"` + + // Timeout is the the max duration in seconds to wait before cancelling the batch transaction. + Timeout int64 `form:"timeout" json:"timeout"` + + // MaxBodySize is the maximum allowed batch request body size in bytes. + // + // If not set, fallbacks to max ~128MB. + MaxBodySize int64 `form:"maxBodySize" json:"maxBodySize"` +} + +// Validate makes BatchConfig validatable by implementing [validation.Validatable] interface. +func (c BatchConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.MaxRequests, validation.When(c.Enabled, validation.Required), validation.Min(0)), + validation.Field(&c.Timeout, validation.When(c.Enabled, validation.Required), validation.Min(0)), + validation.Field(&c.MaxBodySize, validation.Min(0)), + ) +} + +// ------------------------------------------------------------------- + +type BackupsConfig struct { + // Cron is a cron expression to schedule auto backups, eg. "* * * * *". + // + // Leave it empty to disable the auto backups functionality. + Cron string `form:"cron" json:"cron"` + + // CronMaxKeep is the the max number of cron generated backups to + // keep before removing older entries. + // + // This field works only when the cron config has valid cron expression. + CronMaxKeep int `form:"cronMaxKeep" json:"cronMaxKeep"` + + // S3 is an optional S3 storage config specifying where to store the app backups. + S3 S3Config `form:"s3" json:"s3"` +} + +// Validate makes BackupsConfig validatable by implementing [validation.Validatable] interface. +func (c BackupsConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.S3), + validation.Field(&c.Cron, validation.By(checkCronExpression)), + validation.Field( + &c.CronMaxKeep, + validation.When(c.Cron != "", validation.Required), + validation.Min(1), + ), + ) +} + +func checkCronExpression(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + _, err := cron.NewSchedule(v) + if err != nil { + return validation.NewError("validation_invalid_cron", err.Error()) + } + + return nil +} + +// ------------------------------------------------------------------- + +type MetaConfig struct { + AppName string `form:"appName" json:"appName"` + AppURL string `form:"appURL" json:"appURL"` + SenderName string `form:"senderName" json:"senderName"` + SenderAddress string `form:"senderAddress" json:"senderAddress"` + HideControls bool `form:"hideControls" json:"hideControls"` +} + +// Validate makes MetaConfig validatable by implementing [validation.Validatable] interface. +func (c MetaConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.AppName, validation.Required, validation.Length(1, 255)), + validation.Field(&c.AppURL, validation.Required, is.URL), + validation.Field(&c.SenderName, validation.Required, validation.Length(1, 255)), + validation.Field(&c.SenderAddress, is.EmailFormat, validation.Required), + ) +} + +// ------------------------------------------------------------------- + +type LogsConfig struct { + MaxDays int `form:"maxDays" json:"maxDays"` + MinLevel int `form:"minLevel" json:"minLevel"` + LogIP bool `form:"logIP" json:"logIP"` + LogAuthId bool `form:"logAuthId" json:"logAuthId"` +} + +// Validate makes LogsConfig validatable by implementing [validation.Validatable] interface. +func (c LogsConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.MaxDays, validation.Min(0)), + ) +} + +// ------------------------------------------------------------------- + +type TrustedProxyConfig struct { + // Headers is a list of explicit trusted header(s) to check. + Headers []string `form:"headers" json:"headers"` + + // UseLeftmostIP specifies to use the left-mostish IP from the trusted headers. + // + // Note that this could be insecure when used with X-Forwarded-For header + // because some proxies like AWS ELB allow users to prepend their own header value + // before appending the trusted ones. + UseLeftmostIP bool `form:"useLeftmostIP" json:"useLeftmostIP"` +} + +// MarshalJSON implements the [json.Marshaler] interface. +func (c TrustedProxyConfig) MarshalJSON() ([]byte, error) { + type alias TrustedProxyConfig + + // serialize as empty array + if c.Headers == nil { + c.Headers = []string{} + } + + return json.Marshal(alias(c)) +} + +// Validate makes RateLimitRule validatable by implementing [validation.Validatable] interface. +func (c TrustedProxyConfig) Validate() error { + return nil +} + +// ------------------------------------------------------------------- + +type RateLimitsConfig struct { + Rules []RateLimitRule `form:"rules" json:"rules"` + Enabled bool `form:"enabled" json:"enabled"` +} + +// FindRateLimitRule returns the first matching rule based on the provided labels. +// +// Optionally you can further specify a list of valid RateLimitRule.Audience values to further filter the matching rule +// (aka. the rule Audience will have to exist in one of the specified options). +func (c *RateLimitsConfig) FindRateLimitRule(searchLabels []string, optOnlyAudience ...string) (RateLimitRule, bool) { + var prefixRules []int + + for i, label := range searchLabels { + // check for direct match + for j := range c.Rules { + if label == c.Rules[j].Label && + (len(optOnlyAudience) == 0 || slices.Contains(optOnlyAudience, c.Rules[j].Audience)) { + return c.Rules[j], true + } + + if i == 0 && strings.HasSuffix(c.Rules[j].Label, "/") { + prefixRules = append(prefixRules, j) + } + } + + // check for prefix match + if len(prefixRules) > 0 { + for j := range prefixRules { + if strings.HasPrefix(label+"/", c.Rules[prefixRules[j]].Label) && + (len(optOnlyAudience) == 0 || slices.Contains(optOnlyAudience, c.Rules[prefixRules[j]].Audience)) { + return c.Rules[prefixRules[j]], true + } + } + } + } + + return RateLimitRule{}, false +} + +// MarshalJSON implements the [json.Marshaler] interface. +func (c RateLimitsConfig) MarshalJSON() ([]byte, error) { + type alias RateLimitsConfig + + // serialize as empty array + if c.Rules == nil { + c.Rules = []RateLimitRule{} + } + + return json.Marshal(alias(c)) +} + +// Validate makes RateLimitsConfig validatable by implementing [validation.Validatable] interface. +func (c RateLimitsConfig) Validate() error { + return validation.ValidateStruct(&c, + validation.Field( + &c.Rules, + validation.When(c.Enabled, validation.Required), + validation.By(checkUniqueRuleLabel), + ), + ) +} + +func checkUniqueRuleLabel(value any) error { + rules, ok := value.([]RateLimitRule) + if !ok { + return validators.ErrUnsupportedValueType + } + + existing := make([]string, 0, len(rules)) + + for i, rule := range rules { + fullKey := rule.Label + "@@" + rule.Audience + + var conflicts bool + for _, key := range existing { + if strings.HasPrefix(key, fullKey) || strings.HasPrefix(fullKey, key) { + conflicts = true + break + } + } + + if conflicts { + return validation.Errors{ + strconv.Itoa(i): validation.Errors{ + "label": validation.NewError("validation_conflicting_rate_limit_rule", "Rate limit rule configuration with label {{.label}} already exists or conflicts with another rule."). + SetParams(map[string]any{"label": rule.Label}), + }, + } + } else { + existing = append(existing, fullKey) + } + } + + return nil +} + +var rateLimitRuleLabelRegex = regexp.MustCompile(`^(\w+\ \/[\w\/-]*|\/[\w\/-]*|^\w+\:\w+|\*\:\w+|\w+)$`) + +// The allowed RateLimitRule.Audience values +const ( + RateLimitRuleAudienceAll = "" + RateLimitRuleAudienceGuest = "@guest" + RateLimitRuleAudienceAuth = "@auth" +) + +type RateLimitRule struct { + // Label is the identifier of the current rule. + // + // It could be a tag, complete path or path prerefix (when ends with `/`). + // + // Example supported labels: + // - test_a (plain text "tag") + // - users:create + // - *:create + // - / + // - /api + // - POST /api/collections/ + Label string `form:"label" json:"label"` + + // Audience specifies the auth group the rule should apply for: + // - "" - both guests and authenticated users (default) + // - "guest" - only for guests + // - "auth" - only for authenticated users + Audience string `form:"audience" json:"audience"` + + // Duration specifies the interval (in seconds) per which to reset + // the counted/accumulated rate limiter tokens. + Duration int64 `form:"duration" json:"duration"` + + // MaxRequests is the max allowed number of requests per Duration. + MaxRequests int `form:"maxRequests" json:"maxRequests"` +} + +// Validate makes RateLimitRule validatable by implementing [validation.Validatable] interface. +func (c RateLimitRule) Validate() error { + return validation.ValidateStruct(&c, + validation.Field(&c.Label, validation.Required, validation.Match(rateLimitRuleLabelRegex)), + validation.Field(&c.MaxRequests, validation.Required, validation.Min(1)), + validation.Field(&c.Duration, validation.Required, validation.Min(1)), + validation.Field(&c.Audience, + validation.In(RateLimitRuleAudienceAll, RateLimitRuleAudienceGuest, RateLimitRuleAudienceAuth), + ), + ) +} + +// DurationTime returns the tag's Duration as [time.Duration]. +func (c RateLimitRule) DurationTime() time.Duration { + return time.Duration(c.Duration) * time.Second +} diff --git a/core/settings_model_test.go b/core/settings_model_test.go new file mode 100644 index 0000000..7706085 --- /dev/null +++ b/core/settings_model_test.go @@ -0,0 +1,812 @@ +package core_test + +import ( + "encoding/json" + "fmt" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/mailer" +) + +func TestSettingsDelete(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + err := app.Delete(app.Settings()) + if err == nil { + t.Fatal("Exected settings delete to fail") + } +} + +func TestSettingsMerge(t *testing.T) { + s1 := &core.Settings{} + s1.Meta.AppURL = "app_url" // should be unset + + s2 := &core.Settings{} + s2.Meta.AppName = "test" + s2.Logs.MaxDays = 123 + s2.SMTP.Host = "test" + s2.SMTP.Enabled = true + s2.S3.Enabled = true + s2.S3.Endpoint = "test" + s2.Backups.Cron = "* * * * *" + s2.Batch.Timeout = 15 + + if err := s1.Merge(s2); err != nil { + t.Fatal(err) + } + + s1Encoded, err := json.Marshal(s1) + if err != nil { + t.Fatal(err) + } + + s2Encoded, err := json.Marshal(s2) + if err != nil { + t.Fatal(err) + } + + if string(s1Encoded) != string(s2Encoded) { + t.Fatalf("Expected the same serialization, got\n%v\nVS\n%v", string(s1Encoded), string(s2Encoded)) + } +} + +func TestSettingsClone(t *testing.T) { + s1 := &core.Settings{} + s1.Meta.AppName = "test_name" + + s2, err := s1.Clone() + if err != nil { + t.Fatal(err) + } + + s1Bytes, err := json.Marshal(s1) + if err != nil { + t.Fatal(err) + } + + s2Bytes, err := json.Marshal(s2) + if err != nil { + t.Fatal(err) + } + + if string(s1Bytes) != string(s2Bytes) { + t.Fatalf("Expected equivalent serialization, got %v VS %v", string(s1Bytes), string(s2Bytes)) + } + + // verify that it is a deep copy + s2.Meta.AppName = "new_test_name" + if s1.Meta.AppName == s2.Meta.AppName { + t.Fatalf("Expected s1 and s2 to have different Meta.AppName, got %s", s1.Meta.AppName) + } +} + +func TestSettingsMarshalJSON(t *testing.T) { + settings := &core.Settings{} + + // control fields + settings.Meta.AppName = "test123" + settings.SMTP.Username = "abc" + + // secrets + testSecret := "test_secret" + settings.SMTP.Password = testSecret + settings.S3.Secret = testSecret + settings.Backups.S3.Secret = testSecret + + raw, err := json.Marshal(settings) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + expected := `{"smtp":{"enabled":false,"port":0,"host":"","username":"abc","authMethod":"","tls":false,"localName":""},"backups":{"cron":"","cronMaxKeep":0,"s3":{"enabled":false,"bucket":"","region":"","endpoint":"","accessKey":"","forcePathStyle":false}},"s3":{"enabled":false,"bucket":"","region":"","endpoint":"","accessKey":"","forcePathStyle":false},"meta":{"appName":"test123","appURL":"","senderName":"","senderAddress":"","hideControls":false},"rateLimits":{"rules":[],"enabled":false},"trustedProxy":{"headers":[],"useLeftmostIP":false},"batch":{"enabled":false,"maxRequests":0,"timeout":0,"maxBodySize":0},"logs":{"maxDays":0,"minLevel":0,"logIP":false,"logAuthId":false}}` + + if rawStr != expected { + t.Fatalf("Expected\n%v\ngot\n%v", expected, rawStr) + } +} + +func TestSettingsValidate(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + s := app.Settings() + + // set invalid settings data + s.Meta.AppName = "" + s.Logs.MaxDays = -10 + s.SMTP.Enabled = true + s.SMTP.Host = "" + s.S3.Enabled = true + s.S3.Endpoint = "invalid" + s.Backups.Cron = "invalid" + s.Backups.CronMaxKeep = -10 + s.Batch.Enabled = true + s.Batch.MaxRequests = -1 + s.Batch.Timeout = -1 + s.RateLimits.Enabled = true + s.RateLimits.Rules = nil + + // check if Validate() is triggering the members validate methods. + err := app.Validate(s) + if err == nil { + t.Fatalf("Expected error, got nil") + } + + expectations := []string{ + `"meta":{`, + `"logs":{`, + `"smtp":{`, + `"s3":{`, + `"backups":{`, + `"batch":{`, + `"rateLimits":{`, + } + + errBytes, _ := json.Marshal(err) + jsonErr := string(errBytes) + for _, expected := range expectations { + if !strings.Contains(jsonErr, expected) { + t.Errorf("Expected error key %s in %v", expected, jsonErr) + } + } +} + +func TestMetaConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.MetaConfig + expectedErrors []string + }{ + { + "zero values", + core.MetaConfig{}, + []string{ + "appName", + "appURL", + "senderName", + "senderAddress", + }, + }, + { + "invalid data", + core.MetaConfig{ + AppName: strings.Repeat("a", 300), + AppURL: "test", + SenderName: strings.Repeat("a", 300), + SenderAddress: "invalid_email", + }, + []string{ + "appName", + "appURL", + "senderName", + "senderAddress", + }, + }, + { + "valid data", + core.MetaConfig{ + AppName: "test", + AppURL: "https://example.com", + SenderName: "test", + SenderAddress: "test@example.com", + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestLogsConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.LogsConfig + expectedErrors []string + }{ + { + "zero values", + core.LogsConfig{}, + []string{}, + }, + { + "invalid data", + core.LogsConfig{MaxDays: -1}, + []string{"maxDays"}, + }, + { + "valid data", + core.LogsConfig{MaxDays: 2}, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestSMTPConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.SMTPConfig + expectedErrors []string + }{ + { + "zero values (disabled)", + core.SMTPConfig{}, + []string{}, + }, + { + "zero values (enabled)", + core.SMTPConfig{Enabled: true}, + []string{"host", "port"}, + }, + { + "invalid data", + core.SMTPConfig{ + Enabled: true, + Host: "test:test:test", + Port: -10, + LocalName: "invalid!", + AuthMethod: "invalid", + }, + []string{"host", "port", "authMethod", "localName"}, + }, + { + "valid data (no explicit auth method and localName)", + core.SMTPConfig{ + Enabled: true, + Host: "example.com", + Port: 100, + TLS: true, + }, + []string{}, + }, + { + "valid data (explicit auth method and localName)", + core.SMTPConfig{ + Enabled: true, + Host: "example.com", + Port: 100, + AuthMethod: mailer.SMTPAuthLogin, + LocalName: "example.com", + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestS3ConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.S3Config + expectedErrors []string + }{ + { + "zero values (disabled)", + core.S3Config{}, + []string{}, + }, + { + "zero values (enabled)", + core.S3Config{Enabled: true}, + []string{ + "bucket", + "region", + "endpoint", + "accessKey", + "secret", + }, + }, + { + "invalid data", + core.S3Config{ + Enabled: true, + Endpoint: "test:test:test", + }, + []string{ + "bucket", + "region", + "endpoint", + "accessKey", + "secret", + }, + }, + { + "valid data (url endpoint)", + core.S3Config{ + Enabled: true, + Endpoint: "https://localhost:8090", + Bucket: "test", + Region: "test", + AccessKey: "test", + Secret: "test", + }, + []string{}, + }, + { + "valid data (hostname endpoint)", + core.S3Config{ + Enabled: true, + Endpoint: "example.com", + Bucket: "test", + Region: "test", + AccessKey: "test", + Secret: "test", + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestBackupsConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.BackupsConfig + expectedErrors []string + }{ + { + "zero value", + core.BackupsConfig{}, + []string{}, + }, + { + "invalid cron", + core.BackupsConfig{ + Cron: "invalid", + CronMaxKeep: 0, + }, + []string{"cron", "cronMaxKeep"}, + }, + { + "invalid enabled S3", + core.BackupsConfig{ + S3: core.S3Config{ + Enabled: true, + }, + }, + []string{"s3"}, + }, + { + "valid data", + core.BackupsConfig{ + S3: core.S3Config{ + Enabled: true, + Endpoint: "example.com", + Bucket: "test", + Region: "test", + AccessKey: "test", + Secret: "test", + }, + Cron: "*/10 * * * *", + CronMaxKeep: 1, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestBatchConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.BatchConfig + expectedErrors []string + }{ + { + "zero value", + core.BatchConfig{}, + []string{}, + }, + { + "zero value (enabled)", + core.BatchConfig{Enabled: true}, + []string{"maxRequests", "timeout"}, + }, + { + "invalid data (negative values)", + core.BatchConfig{ + MaxRequests: -1, + Timeout: -1, + MaxBodySize: -1, + }, + []string{"maxRequests", "timeout", "maxBodySize"}, + }, + { + "min fields valid data", + core.BatchConfig{ + Enabled: true, + MaxRequests: 1, + Timeout: 1, + }, + []string{}, + }, + { + "all fields valid data", + core.BatchConfig{ + Enabled: true, + MaxRequests: 10, + Timeout: 1, + MaxBodySize: 1, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestRateLimitsConfigValidate(t *testing.T) { + scenarios := []struct { + name string + config core.RateLimitsConfig + expectedErrors []string + }{ + { + "zero value (disabled)", + core.RateLimitsConfig{}, + []string{}, + }, + { + "zero value (enabled)", + core.RateLimitsConfig{Enabled: true}, + []string{"rules"}, + }, + { + "invalid data", + core.RateLimitsConfig{ + Enabled: true, + Rules: []core.RateLimitRule{ + { + Label: "/123abc/", + Duration: 1, + MaxRequests: 2, + }, + { + Label: "!abc", + Duration: -1, + MaxRequests: -1, + }, + }, + }, + []string{"rules"}, + }, + { + "valid data", + core.RateLimitsConfig{ + Enabled: true, + Rules: []core.RateLimitRule{ + { + Label: "123_abc", + Duration: 1, + MaxRequests: 2, + }, + { + Label: "/456-abc", + Duration: 1, + MaxRequests: 2, + }, + }, + }, + []string{}, + }, + { + "duplicated rules with the same audience", + core.RateLimitsConfig{ + Enabled: true, + Rules: []core.RateLimitRule{ + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + }, + { + Label: "/a", + Duration: 2, + MaxRequests: 3, + }, + }, + }, + []string{"rules"}, + }, + { + "duplicated rule with conflicting audience (A)", + core.RateLimitsConfig{ + Enabled: true, + Rules: []core.RateLimitRule{ + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + }, + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + Audience: core.RateLimitRuleAudienceGuest, + }, + }, + }, + []string{"rules"}, + }, + { + "duplicated rule with conflicting audience (B)", + core.RateLimitsConfig{ + Enabled: true, + Rules: []core.RateLimitRule{ + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + Audience: core.RateLimitRuleAudienceAuth, + }, + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + }, + }, + }, + []string{"rules"}, + }, + { + "duplicated rule with non-conflicting audience", + core.RateLimitsConfig{ + Enabled: true, + Rules: []core.RateLimitRule{ + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + Audience: core.RateLimitRuleAudienceAuth, + }, + { + Label: "/a", + Duration: 1, + MaxRequests: 2, + Audience: core.RateLimitRuleAudienceGuest, + }, + }, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestRateLimitsFindRateLimitRule(t *testing.T) { + limits := core.RateLimitsConfig{ + Rules: []core.RateLimitRule{ + {Label: "abc"}, + {Label: "def", Audience: core.RateLimitRuleAudienceGuest}, + {Label: "/test/a", Audience: core.RateLimitRuleAudienceGuest}, + {Label: "POST /test/a"}, + {Label: "/test/a/", Audience: core.RateLimitRuleAudienceAuth}, + {Label: "POST /test/a/"}, + }, + } + + scenarios := []struct { + labels []string + audience []string + expected string + }{ + {[]string{}, []string{}, ""}, + {[]string{"missing"}, []string{}, ""}, + {[]string{"abc"}, []string{}, "abc"}, + {[]string{"abc"}, []string{core.RateLimitRuleAudienceGuest}, ""}, + {[]string{"abc"}, []string{core.RateLimitRuleAudienceAuth}, ""}, + {[]string{"def"}, []string{core.RateLimitRuleAudienceGuest}, "def"}, + {[]string{"def"}, []string{core.RateLimitRuleAudienceAuth}, ""}, + {[]string{"/test"}, []string{}, ""}, + {[]string{"/test/a"}, []string{}, "/test/a"}, + {[]string{"/test/a"}, []string{core.RateLimitRuleAudienceAuth}, "/test/a/"}, + {[]string{"/test/a"}, []string{core.RateLimitRuleAudienceGuest}, "/test/a"}, + {[]string{"GET /test/a"}, []string{}, ""}, + {[]string{"POST /test/a"}, []string{}, "POST /test/a"}, + {[]string{"/test/a/b/c"}, []string{}, "/test/a/"}, + {[]string{"/test/a/b/c"}, []string{core.RateLimitRuleAudienceAuth}, "/test/a/"}, + {[]string{"/test/a/b/c"}, []string{core.RateLimitRuleAudienceGuest}, ""}, + {[]string{"GET /test/a/b/c"}, []string{}, ""}, + {[]string{"POST /test/a/b/c"}, []string{}, "POST /test/a/"}, + {[]string{"/test/a", "abc"}, []string{}, "/test/a"}, // priority checks + } + + for _, s := range scenarios { + t.Run(strings.Join(s.labels, "_")+":"+strings.Join(s.audience, "_"), func(t *testing.T) { + rule, ok := limits.FindRateLimitRule(s.labels, s.audience...) + + hasLabel := rule.Label != "" + if hasLabel != ok { + t.Fatalf("Expected hasLabel %v, got %v", hasLabel, ok) + } + + if rule.Label != s.expected { + t.Fatalf("Expected rule with label %q, got %q", s.expected, rule.Label) + } + }) + } +} + +func TestRateLimitRuleValidate(t *testing.T) { + scenarios := []struct { + name string + config core.RateLimitRule + expectedErrors []string + }{ + { + "zero value", + core.RateLimitRule{}, + []string{"label", "duration", "maxRequests"}, + }, + { + "invalid data", + core.RateLimitRule{ + Label: "@abc", + Duration: -1, + MaxRequests: -1, + Audience: "invalid", + }, + []string{"label", "duration", "maxRequests", "audience"}, + }, + { + "valid data (name)", + core.RateLimitRule{ + Label: "abc:123", + Duration: 1, + MaxRequests: 1, + }, + []string{}, + }, + { + "valid data (name:action)", + core.RateLimitRule{ + Label: "abc:123", + Duration: 1, + MaxRequests: 1, + }, + []string{}, + }, + { + "valid data (*:action)", + core.RateLimitRule{ + Label: "*:123", + Duration: 1, + MaxRequests: 1, + }, + []string{}, + }, + { + "valid data (path /a/b)", + core.RateLimitRule{ + Label: "/a/b", + Duration: 1, + MaxRequests: 1, + }, + []string{}, + }, + { + "valid data (path POST /a/b)", + core.RateLimitRule{ + Label: "POST /a/b/", + Duration: 1, + MaxRequests: 1, + }, + []string{}, + }, + { + "invalid audience", + core.RateLimitRule{ + Label: "/a/b/", + Duration: 1, + MaxRequests: 1, + Audience: "invalid", + }, + []string{"audience"}, + }, + { + "valid audience - " + core.RateLimitRuleAudienceGuest, + core.RateLimitRule{ + Label: "POST /a/b/", + Duration: 1, + MaxRequests: 1, + Audience: core.RateLimitRuleAudienceGuest, + }, + []string{}, + }, + { + "valid audience - " + core.RateLimitRuleAudienceAuth, + core.RateLimitRule{ + Label: "POST /a/b/", + Duration: 1, + MaxRequests: 1, + Audience: core.RateLimitRuleAudienceAuth, + }, + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.config.Validate() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestRateLimitRuleDurationTime(t *testing.T) { + scenarios := []struct { + config core.RateLimitRule + expected time.Duration + }{ + {core.RateLimitRule{}, 0 * time.Second}, + {core.RateLimitRule{Duration: 1234}, 1234 * time.Second}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.config.Duration), func(t *testing.T) { + result := s.config.DurationTime() + + if result != s.expected { + t.Fatalf("Expected duration %d, got %d", s.expected, result) + } + }) + } +} diff --git a/core/settings_query.go b/core/settings_query.go new file mode 100644 index 0000000..2adbb3d --- /dev/null +++ b/core/settings_query.go @@ -0,0 +1,88 @@ +package core + +import ( + "database/sql" + "encoding/json" + "errors" + "fmt" + "os" + + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" +) + +type Param struct { + BaseModel + + Created types.DateTime `db:"created" json:"created"` + Updated types.DateTime `db:"updated" json:"updated"` + Value types.JSONRaw `db:"value" json:"value"` +} + +func (m *Param) TableName() string { + return paramsTable +} + +// ReloadSettings initializes and reloads the stored application settings. +// +// If no settings were stored it will persist the current app ones. +func (app *BaseApp) ReloadSettings() error { + param := &Param{} + err := app.ModelQuery(param).Model(paramsKeySettings, param) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return err + } + + // no settings were previously stored -> save + // (ReloadSettings() will be invoked again by a system hook after successful save) + if param.Id == "" { + // force insert in case the param entry was deleted manually after application start + app.Settings().MarkAsNew() + return app.Save(app.Settings()) + } + + event := new(SettingsReloadEvent) + event.App = app + + return app.OnSettingsReload().Trigger(event, func(e *SettingsReloadEvent) error { + return e.App.Settings().loadParam(e.App, param) + }) +} + +// loadParam loads the settings from the stored param into the app ones. +// +// @todo note that the encryption may get removed in the future since it doesn't +// really accomplish much and it might be better to find a way to encrypt the backups +// or implement support for resolving env variables. +func (s *Settings) loadParam(app App, param *Param) error { + // try first without decryption + s.mu.Lock() + plainDecodeErr := json.Unmarshal(param.Value, s) + s.mu.Unlock() + + // failed, try to decrypt + if plainDecodeErr != nil { + encryptionKey := os.Getenv(app.EncryptionEnv()) + + // load without decryption has failed and there is no encryption key to use for decrypt + if encryptionKey == "" { + return fmt.Errorf("invalid settings db data or missing encryption key %q", app.EncryptionEnv()) + } + + // decrypt + decrypted, decryptErr := security.Decrypt(string(param.Value), encryptionKey) + if decryptErr != nil { + return decryptErr + } + + // decode again + s.mu.Lock() + decryptedDecodeErr := json.Unmarshal(decrypted, s) + s.mu.Unlock() + if decryptedDecodeErr != nil { + return decryptedDecodeErr + } + } + + return s.PostScan() +} diff --git a/core/settings_query_test.go b/core/settings_query_test.go new file mode 100644 index 0000000..a754288 --- /dev/null +++ b/core/settings_query_test.go @@ -0,0 +1,159 @@ +package core_test + +import ( + "os" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestReloadSettings(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // cleanup all stored settings + // --- + if _, err := app.DB().NewQuery("DELETE from _params;").Execute(); err != nil { + t.Fatalf("Failed to delete all test settings: %v", err) + } + + // check if the new settings are saved in the db + // --- + app.Settings().Meta.AppName = "test_name_after_delete" + + app.ResetEventCalls() + if err := app.ReloadSettings(); err != nil { + t.Fatalf("Failed to reload the settings after delete: %v", err) + } + testEventCalls(t, app, map[string]int{ + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnSettingsReload": 1, + }) + + param := &core.Param{} + err := app.ModelQuery(param).Model("settings", param) + if err != nil { + t.Fatalf("Expected new settings to be persisted, got %v", err) + } + + if !strings.Contains(param.Value.String(), "test_name_after_delete") { + t.Fatalf("Expected to find AppName test_name_after_delete in\n%s", param.Value.String()) + } + + // change the db entry and reload the app settings (ensure that there was no db update) + // --- + param.Value = types.JSONRaw([]byte(`{"meta": {"appName":"test_name_after_update"}}`)) + if err := app.Save(param); err != nil { + t.Fatalf("Failed to update the test settings: %v", err) + } + + app.ResetEventCalls() + if err := app.ReloadSettings(); err != nil { + t.Fatalf("Failed to reload app settings: %v", err) + } + testEventCalls(t, app, map[string]int{ + "OnSettingsReload": 1, + }) + + // try to reload again without doing any changes + // --- + app.ResetEventCalls() + if err := app.ReloadSettings(); err != nil { + t.Fatalf("Failed to reload app settings without change: %v", err) + } + testEventCalls(t, app, map[string]int{ + "OnSettingsReload": 1, + }) + + if app.Settings().Meta.AppName != "test_name_after_update" { + t.Fatalf("Expected AppName %q, got %q", "test_name_after_update", app.Settings().Meta.AppName) + } +} + +func TestReloadSettingsWithEncryption(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + os.Setenv("pb_test_env", strings.Repeat("a", 32)) + + // cleanup all stored settings + // --- + if _, err := app.DB().NewQuery("DELETE from _params;").Execute(); err != nil { + t.Fatalf("Failed to delete all test settings: %v", err) + } + + // check if the new settings are saved in the db + // --- + app.Settings().Meta.AppName = "test_name_after_delete" + + app.ResetEventCalls() + if err := app.ReloadSettings(); err != nil { + t.Fatalf("Failed to reload the settings after delete: %v", err) + } + testEventCalls(t, app, map[string]int{ + "OnModelCreate": 1, + "OnModelCreateExecute": 1, + "OnModelAfterCreateSuccess": 1, + "OnModelValidate": 1, + "OnSettingsReload": 1, + }) + + param := &core.Param{} + err := app.ModelQuery(param).Model("settings", param) + if err != nil { + t.Fatalf("Expected new settings to be persisted, got %v", err) + } + rawValue := param.Value.String() + if rawValue == "" || strings.Contains(rawValue, "test_name") { + t.Fatalf("Expected inserted settings to be encrypted, found\n%s", rawValue) + } + + // change and reload the app settings (ensure that there was no db update) + // --- + app.Settings().Meta.AppName = "test_name_after_update" + if err := app.Save(app.Settings()); err != nil { + t.Fatalf("Failed to update app settings: %v", err) + } + + // try to reload again without doing any changes + // --- + app.ResetEventCalls() + if err := app.ReloadSettings(); err != nil { + t.Fatalf("Failed to reload app settings: %v", err) + } + testEventCalls(t, app, map[string]int{ + "OnSettingsReload": 1, + }) + + // refetch the settings param to ensure that the new value was stored encrypted + err = app.ModelQuery(param).Model("settings", param) + if err != nil { + t.Fatalf("Expected new settings to be persisted, got %v", err) + } + rawValue = param.Value.String() + if rawValue == "" || strings.Contains(rawValue, "test_name") { + t.Fatalf("Expected updated settings to be encrypted, found\n%s", rawValue) + } + + if app.Settings().Meta.AppName != "test_name_after_update" { + t.Fatalf("Expected AppName %q, got %q", "test_name_after_update", app.Settings().Meta.AppName) + } +} + +func testEventCalls(t *testing.T, app *tests.TestApp, events map[string]int) { + if len(events) != len(app.EventCalls) { + t.Fatalf("Expected events doesn't match:\n%v\ngot\n%v", events, app.EventCalls) + } + + for name, total := range events { + if v, ok := app.EventCalls[name]; !ok || v != total { + t.Fatalf("Expected events doesn't exist or match:\n%v\ngot\n%v", events, app.EventCalls) + } + } +} diff --git a/core/validators/db.go b/core/validators/db.go new file mode 100644 index 0000000..347ca89 --- /dev/null +++ b/core/validators/db.go @@ -0,0 +1,80 @@ +package validators + +import ( + "database/sql" + "errors" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" +) + +// UniqueId checks whether a field string id already exists in the specified table. +// +// Example: +// +// validation.Field(&form.RelId, validation.By(validators.UniqueId(form.app.DB(), "tbl_example")) +func UniqueId(db dbx.Builder, tableName string) validation.RuleFunc { + return func(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + var foundId string + + err := db. + Select("id"). + From(tableName). + Where(dbx.HashExp{"id": v}). + Limit(1). + Row(&foundId) + + if (err != nil && !errors.Is(err, sql.ErrNoRows)) || foundId != "" { + return validation.NewError("validation_invalid_or_existing_id", "The model id is invalid or already exists.") + } + + return nil + } +} + +// NormalizeUniqueIndexError attempts to convert a +// "unique constraint failed" error into a validation.Errors. +// +// The provided err is returned as it is without changes if: +// - err is nil +// - err is already validation.Errors +// - err is not "unique constraint failed" error +func NormalizeUniqueIndexError(err error, tableOrAlias string, fieldNames []string) error { + if err == nil { + return err + } + + if _, ok := err.(validation.Errors); ok { + return err + } + + msg := strings.ToLower(err.Error()) + + // check for unique constraint failure + if strings.Contains(msg, "unique constraint failed") { + // note: extra space to unify multi-columns lookup + msg = strings.ReplaceAll(strings.TrimSpace(msg), ",", " ") + " " + + normalizedErrs := validation.Errors{} + + for _, name := range fieldNames { + // note: extra spaces to exclude table name with suffix matching the current one + // OR other fields starting with the current field name + if strings.Contains(msg, strings.ToLower(" "+tableOrAlias+"."+name+" ")) { + normalizedErrs[name] = validation.NewError("validation_not_unique", "Value must be unique") + } + } + + if len(normalizedErrs) > 0 { + return normalizedErrs + } + } + + return err +} diff --git a/core/validators/db_test.go b/core/validators/db_test.go new file mode 100644 index 0000000..7ce2a9b --- /dev/null +++ b/core/validators/db_test.go @@ -0,0 +1,125 @@ +package validators_test + +import ( + "errors" + "fmt" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tests" +) + +func TestUniqueId(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + id string + tableName string + expectError bool + }{ + {"", "", false}, + {"test", "", true}, + {"wsmn24bux7wo113", "_collections", true}, + {"test_unique_id", "unknown_table", true}, + {"test_unique_id", "_collections", false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.id, s.tableName), func(t *testing.T) { + err := validators.UniqueId(app.DB(), s.tableName)(s.id) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestNormalizeUniqueIndexError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + err error + table string + names []string + expectedKeys []string + }{ + { + "nil error (no changes)", + nil, + "test", + []string{"a", "b"}, + nil, + }, + { + "non-unique index error (no changes)", + errors.New("abc"), + "test", + []string{"a", "b"}, + nil, + }, + { + "validation error (no changes)", + validation.Errors{"c": errors.New("abc")}, + "test", + []string{"a", "b"}, + []string{"c"}, + }, + { + "unique index error but mismatched table name", + errors.New("UNIQUE constraint failed for fields test.a,test.b"), + "example", + []string{"a", "b"}, + nil, + }, + { + "unique index error with table name suffix matching the specified one", + errors.New("UNIQUE constraint failed for fields test_suffix.a,test_suffix.b"), + "suffix", + []string{"a", "b", "c"}, + nil, + }, + { + "unique index error but mismatched fields", + errors.New("UNIQUE constraint failed for fields test.a,test.b"), + "test", + []string{"c", "d"}, + nil, + }, + { + "unique index error with matching table name and fields", + errors.New("UNIQUE constraint failed for fields test.a,test.b"), + "test", + []string{"a", "b", "c"}, + []string{"a", "b"}, + }, + { + "unique index error with matching table name and field starting with the name of another non-unique field", + errors.New("UNIQUE constraint failed for fields test.a_2,test.c"), + "test", + []string{"a", "a_2", "c"}, + []string{"a_2", "c"}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := validators.NormalizeUniqueIndexError(s.err, s.table, s.names) + + if len(s.expectedKeys) == 0 { + if result != s.err { + t.Fatalf("Expected no error change, got %v", result) + } + return + } + + tests.TestValidationErrors(t, result, s.expectedKeys) + }) + } +} diff --git a/core/validators/equal.go b/core/validators/equal.go new file mode 100644 index 0000000..9ee673c --- /dev/null +++ b/core/validators/equal.go @@ -0,0 +1,85 @@ +package validators + +import ( + "reflect" + + validation "github.com/go-ozzo/ozzo-validation/v4" +) + +// Equal checks whether the validated value matches another one from the same type. +// +// It expects the compared values to be from the same type and works +// with booleans, numbers, strings and their pointer variants. +// +// If one of the value is pointer, the comparison is based on its +// underlying value (when possible to determine). +// +// Note that empty/zero values are also compared (this differ from other validation.RuleFunc). +// +// Example: +// +// validation.Field(&form.PasswordConfirm, validation.By(validators.Equal(form.Password))) +func Equal[T comparable](valueToCompare T) validation.RuleFunc { + return func(value any) error { + if compareValues(value, valueToCompare) { + return nil + } + + return validation.NewError("validation_values_mismatch", "Values don't match.") + } +} + +func compareValues(a, b any) bool { + if a == b { + return true + } + + if checkIsNil(a) && checkIsNil(b) { + return true + } + + var result bool + + defer func() { + if err := recover(); err != nil { + result = false + } + }() + + reflectA := reflect.ValueOf(a) + reflectB := reflect.ValueOf(b) + + dereferencedA := dereference(reflectA) + dereferencedB := dereference(reflectB) + if dereferencedA.CanInterface() && dereferencedB.CanInterface() { + result = dereferencedA.Interface() == dereferencedB.Interface() + } + + return result +} + +// note https://github.com/golang/go/issues/51649 +func checkIsNil(value any) bool { + if value == nil { + return true + } + + var result bool + + defer func() { + if err := recover(); err != nil { + result = false + } + }() + + result = reflect.ValueOf(value).IsNil() + + return result +} + +func dereference(v reflect.Value) reflect.Value { + for v.Kind() == reflect.Pointer { + v = v.Elem() + } + return v +} diff --git a/core/validators/equal_test.go b/core/validators/equal_test.go new file mode 100644 index 0000000..dedb376 --- /dev/null +++ b/core/validators/equal_test.go @@ -0,0 +1,62 @@ +package validators_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core/validators" +) + +func Equal(t *testing.T) { + t.Parallel() + + strA := "abc" + strB := "abc" + strC := "123" + var strNilPtr *string + var strNilPtr2 *string + + scenarios := []struct { + valA any + valB any + expectError bool + }{ + {nil, nil, false}, + {"", "", false}, + {"", "456", true}, + {"123", "", true}, + {"123", "456", true}, + {"123", "123", false}, + {true, false, true}, + {false, true, true}, + {false, false, false}, + {true, true, false}, + {0, 0, false}, + {0, 1, true}, + {1, 2, true}, + {1, 1, false}, + {&strA, &strA, false}, + {&strA, &strB, false}, + {&strA, &strC, true}, + {"abc", &strA, false}, + {&strA, "abc", false}, + {"abc", &strC, true}, + {"test", 123, true}, + {nil, 123, true}, + {nil, strA, true}, + {nil, &strA, true}, + {nil, strNilPtr, false}, + {strNilPtr, strNilPtr2, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%v_%v", i, s.valA, s.valB), func(t *testing.T) { + err := validators.Equal(s.valA)(s.valB) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} diff --git a/core/validators/file.go b/core/validators/file.go new file mode 100644 index 0000000..e3e556e --- /dev/null +++ b/core/validators/file.go @@ -0,0 +1,96 @@ +package validators + +import ( + "fmt" + "strings" + + "github.com/gabriel-vasile/mimetype" + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/filesystem" +) + +// UploadedFileSize checks whether the validated [*filesystem.File] +// size is no more than the provided maxBytes. +// +// Example: +// +// validation.Field(&form.File, validation.By(validators.UploadedFileSize(1000))) +func UploadedFileSize(maxBytes int64) validation.RuleFunc { + return func(value any) error { + v, ok := value.(*filesystem.File) + if !ok { + return ErrUnsupportedValueType + } + + if v == nil { + return nil // nothing to validate + } + + if v.Size > maxBytes { + return validation.NewError( + "validation_file_size_limit", + "Failed to upload {{.file}} - the maximum allowed file size is {{.maxSize}} bytes.", + ).SetParams(map[string]any{ + "file": v.OriginalName, + "maxSize": maxBytes, + }) + } + + return nil + } +} + +// UploadedFileMimeType checks whether the validated [*filesystem.File] +// mimetype is within the provided allowed mime types. +// +// Example: +// +// validMimeTypes := []string{"test/plain","image/jpeg"} +// validation.Field(&form.File, validation.By(validators.UploadedFileMimeType(validMimeTypes))) +func UploadedFileMimeType(validTypes []string) validation.RuleFunc { + return func(value any) error { + v, ok := value.(*filesystem.File) + if !ok { + return ErrUnsupportedValueType + } + + if v == nil { + return nil // nothing to validate + } + + baseErr := validation.NewError( + "validation_invalid_mime_type", + fmt.Sprintf("Failed to upload %q due to unsupported file type.", v.OriginalName), + ) + + if len(validTypes) == 0 { + return baseErr + } + + f, err := v.Reader.Open() + if err != nil { + return baseErr + } + defer f.Close() + + filetype, err := mimetype.DetectReader(f) + if err != nil { + return baseErr + } + + for _, t := range validTypes { + if filetype.Is(t) { + return nil // valid + } + } + + return validation.NewError( + "validation_invalid_mime_type", + fmt.Sprintf( + "%q mime type must be one of: %s.", + v.Name, + strings.Join(validTypes, ", "), + ), + ) + } +} diff --git a/core/validators/file_test.go b/core/validators/file_test.go new file mode 100644 index 0000000..3af6fe5 --- /dev/null +++ b/core/validators/file_test.go @@ -0,0 +1,75 @@ +package validators_test + +import ( + "fmt" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/filesystem" +) + +func TestUploadedFileSize(t *testing.T) { + t.Parallel() + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + maxBytes int64 + file *filesystem.File + expectError bool + }{ + {0, nil, false}, + {4, nil, false}, + {3, file, true}, // all test files have "test" as content + {4, file, false}, + {5, file, false}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%d", s.maxBytes), func(t *testing.T) { + err := validators.UploadedFileSize(s.maxBytes)(s.file) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} + +func TestUploadedFileMimeType(t *testing.T) { + t.Parallel() + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.png") // the extension shouldn't matter + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + types []string + file *filesystem.File + expectError bool + }{ + {nil, nil, false}, + {[]string{"image/jpeg"}, nil, false}, + {[]string{}, file, true}, + {[]string{"image/jpeg"}, file, true}, + // test files are detected as "text/plain; charset=utf-8" content type + {[]string{"image/jpeg", "text/plain; charset=utf-8"}, file, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, strings.Join(s.types, ";")), func(t *testing.T) { + err := validators.UploadedFileMimeType(s.types)(s.file) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} diff --git a/core/validators/string.go b/core/validators/string.go new file mode 100644 index 0000000..c0d885b --- /dev/null +++ b/core/validators/string.go @@ -0,0 +1,29 @@ +package validators + +import ( + "regexp" + + validation "github.com/go-ozzo/ozzo-validation/v4" +) + +// IsRegex checks whether the validated value is a valid regular expression pattern. +// +// Example: +// +// validation.Field(&form.Pattern, validation.By(validators.IsRegex)) +func IsRegex(value any) error { + v, ok := value.(string) + if !ok { + return ErrUnsupportedValueType + } + + if v == "" { + return nil // nothing to check + } + + if _, err := regexp.Compile(v); err != nil { + return validation.NewError("validation_invalid_regex", err.Error()) + } + + return nil +} diff --git a/core/validators/string_test.go b/core/validators/string_test.go new file mode 100644 index 0000000..dead6df --- /dev/null +++ b/core/validators/string_test.go @@ -0,0 +1,33 @@ +package validators_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/core/validators" +) + +func TestIsRegex(t *testing.T) { + t.Parallel() + + scenarios := []struct { + val string + expectError bool + }{ + {"", false}, + {`abc`, false}, + {`\w+`, false}, + {`\w*((abc+`, true}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + err := validators.IsRegex(s.val) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + }) + } +} diff --git a/core/validators/validators.go b/core/validators/validators.go new file mode 100644 index 0000000..a4ce3a6 --- /dev/null +++ b/core/validators/validators.go @@ -0,0 +1,40 @@ +// Package validators implements some common custom PocketBase validators. +package validators + +import ( + "errors" + "maps" + + validation "github.com/go-ozzo/ozzo-validation/v4" +) + +var ErrUnsupportedValueType = validation.NewError("validation_unsupported_value_type", "Invalid or unsupported value type.") + +// JoinValidationErrors attempts to join the provided [validation.Errors] arguments. +// +// If only one of the arguments is [validation.Errors], it returns the first non-empty [validation.Errors]. +// +// If both arguments are not [validation.Errors] then it returns a combined [errors.Join] error. +func JoinValidationErrors(errA, errB error) error { + vErrA, okA := errA.(validation.Errors) + vErrB, okB := errB.(validation.Errors) + + // merge + if okA && okB { + result := maps.Clone(vErrA) + maps.Copy(result, vErrB) + if len(result) > 0 { + return result + } + } + + if okA && len(vErrA) > 0 { + return vErrA + } + + if okB && len(vErrB) > 0 { + return vErrB + } + + return errors.Join(errA, errB) +} diff --git a/core/validators/validators_test.go b/core/validators/validators_test.go new file mode 100644 index 0000000..0a54fa8 --- /dev/null +++ b/core/validators/validators_test.go @@ -0,0 +1,39 @@ +package validators_test + +import ( + "errors" + "fmt" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core/validators" +) + +func TestJoinValidationErrors(t *testing.T) { + scenarios := []struct { + errA error + errB error + expected string + }{ + {nil, nil, ""}, + {errors.New("abc"), nil, "abc"}, + {nil, errors.New("abc"), "abc"}, + {errors.New("abc"), errors.New("456"), "abc\n456"}, + {validation.Errors{"test1": errors.New("test1_err")}, nil, "test1: test1_err."}, + {nil, validation.Errors{"test2": errors.New("test2_err")}, "test2: test2_err."}, + {validation.Errors{}, errors.New("456"), "\n456"}, + {errors.New("456"), validation.Errors{}, "456\n"}, + {validation.Errors{"test1": errors.New("test1_err")}, errors.New("456"), "test1: test1_err."}, + {errors.New("456"), validation.Errors{"test2": errors.New("test2_err")}, "test2: test2_err."}, + {validation.Errors{"test1": errors.New("test1_err")}, validation.Errors{"test2": errors.New("test2_err")}, "test1: test1_err; test2: test2_err."}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#T_%T", i, s.errA, s.errB), func(t *testing.T) { + result := fmt.Sprintf("%v", validators.JoinValidationErrors(s.errA, s.errB)) + if result != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, result) + } + }) + } +} diff --git a/core/view.go b/core/view.go new file mode 100644 index 0000000..d7db625 --- /dev/null +++ b/core/view.go @@ -0,0 +1,620 @@ +package core + +import ( + "errors" + "fmt" + "io" + "regexp" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/dbutils" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/tokenizer" +) + +// DeleteView drops the specified view name. +// +// This method is a no-op if a view with the provided name doesn't exist. +// +// NB! Be aware that this method is vulnerable to SQL injection and the +// "name" argument must come only from trusted input! +func (app *BaseApp) DeleteView(name string) error { + _, err := app.DB().NewQuery(fmt.Sprintf( + "DROP VIEW IF EXISTS {{%s}}", + name, + )).Execute() + + return err +} + +// SaveView creates (or updates already existing) persistent SQL view. +// +// NB! Be aware that this method is vulnerable to SQL injection and the +// "selectQuery" argument must come only from trusted input! +func (app *BaseApp) SaveView(name string, selectQuery string) error { + return app.RunInTransaction(func(txApp App) error { + // delete old view (if exists) + if err := txApp.DeleteView(name); err != nil { + return err + } + + selectQuery = strings.Trim(strings.TrimSpace(selectQuery), ";") + + // try to loosely detect multiple inline statements + tk := tokenizer.NewFromString(selectQuery) + tk.Separators(';') + if queryParts, _ := tk.ScanAll(); len(queryParts) > 1 { + return errors.New("multiple statements are not supported") + } + + // (re)create the view + // + // note: the query is wrapped in a secondary SELECT as a rudimentary + // measure to discourage multiple inline sql statements execution + viewQuery := fmt.Sprintf("CREATE VIEW {{%s}} AS SELECT * FROM (%s)", name, selectQuery) + if _, err := txApp.DB().NewQuery(viewQuery).Execute(); err != nil { + return err + } + + // fetch the view table info to ensure that the view was created + // because missing tables or columns won't return an error + if _, err := txApp.TableInfo(name); err != nil { + // manually cleanup previously created view in case the func + // is called in a nested transaction and the error is discarded + txApp.DeleteView(name) + + return err + } + + return nil + }) +} + +// CreateViewFields creates a new FieldsList from the provided select query. +// +// There are some caveats: +// - The select query must have an "id" column. +// - Wildcard ("*") columns are not supported to avoid accidentally leaking sensitive data. +func (app *BaseApp) CreateViewFields(selectQuery string) (FieldsList, error) { + result := NewFieldsList() + + suggestedFields, err := parseQueryToFields(app, selectQuery) + if err != nil { + return result, err + } + + // note wrap in a transaction in case the selectQuery contains + // multiple statements allowing us to rollback on any error + txErr := app.RunInTransaction(func(txApp App) error { + info, err := getQueryTableInfo(txApp, selectQuery) + if err != nil { + return err + } + + var hasId bool + + for _, row := range info { + if row.Name == FieldNameId { + hasId = true + } + + var field Field + + if f, ok := suggestedFields[row.Name]; ok { + field = f.field + } else { + field = defaultViewField(row.Name) + } + + result.Add(field) + } + + if !hasId { + return errors.New("missing required id column (you can use `(ROW_NUMBER() OVER()) as id` if you don't have one)") + } + + return nil + }) + + return result, txErr +} + +// FindRecordByViewFile returns the original Record of the provided view collection file. +func (app *BaseApp) FindRecordByViewFile(viewCollectionModelOrIdentifier any, fileFieldName string, filename string) (*Record, error) { + view, err := getCollectionByModelOrIdentifier(app, viewCollectionModelOrIdentifier) + if err != nil { + return nil, err + } + + if !view.IsView() { + return nil, errors.New("not a view collection") + } + + var findFirstNonViewQueryFileField func(int) (*queryField, error) + findFirstNonViewQueryFileField = func(level int) (*queryField, error) { + // check the level depth to prevent infinite circular recursion + // (the limit is arbitrary and may change in the future) + if level > 5 { + return nil, errors.New("reached the max recursion level of view collection file field queries") + } + + queryFields, err := parseQueryToFields(app, view.ViewQuery) + if err != nil { + return nil, err + } + + for _, item := range queryFields { + if item.collection == nil || + item.original == nil || + item.field.GetName() != fileFieldName { + continue + } + + if item.collection.IsView() { + view = item.collection + fileFieldName = item.original.GetName() + return findFirstNonViewQueryFileField(level + 1) + } + + return item, nil + } + + return nil, errors.New("no query file field found") + } + + qf, err := findFirstNonViewQueryFileField(1) + if err != nil { + return nil, err + } + + cleanFieldName := inflector.Columnify(qf.original.GetName()) + + record := &Record{} + + query := app.RecordQuery(qf.collection).Limit(1) + + if opt, ok := qf.original.(MultiValuer); !ok || !opt.IsMultiple() { + query.AndWhere(dbx.HashExp{cleanFieldName: filename}) + } else { + query.InnerJoin( + fmt.Sprintf(`%s as {{_je_file}}`, dbutils.JSONEach(cleanFieldName)), + dbx.HashExp{"_je_file.value": filename}, + ) + } + + if err := query.One(record); err != nil { + return nil, err + } + + return record, nil +} + +// ------------------------------------------------------------------- +// Raw query to schema helpers +// ------------------------------------------------------------------- + +type queryField struct { + // field is the final resolved field. + field Field + + // collection refers to the original field's collection model. + // It could be nil if the found query field is not from a collection + collection *Collection + + // original is the original found collection field. + // It could be nil if the found query field is not from a collection + original Field +} + +func defaultViewField(name string) Field { + return &JSONField{ + Name: name, + MaxSize: 1, // unused for views + } +} + +var castRegex = regexp.MustCompile(`(?i)^cast\s*\(.*\s+as\s+(\w+)\s*\)$`) + +func parseQueryToFields(app App, selectQuery string) (map[string]*queryField, error) { + p := new(identifiersParser) + if err := p.parse(selectQuery); err != nil { + return nil, err + } + + collections, err := findCollectionsByIdentifiers(app, p.tables) + if err != nil { + return nil, err + } + + result := make(map[string]*queryField, len(p.columns)) + + var mainTable identifier + + if len(p.tables) > 0 { + mainTable = p.tables[0] + } + + for _, col := range p.columns { + colLower := strings.ToLower(col.original) + + // pk (always assume text field for now) + if col.alias == FieldNameId { + result[col.alias] = &queryField{ + field: &TextField{ + Name: col.alias, + System: true, + Required: true, + PrimaryKey: true, + Pattern: `^[a-z0-9]+$`, + }, + } + continue + } + + // numeric aggregations + if strings.HasPrefix(colLower, "count(") || strings.HasPrefix(colLower, "total(") { + result[col.alias] = &queryField{ + field: &NumberField{ + Name: col.alias, + }, + } + continue + } + + castMatch := castRegex.FindStringSubmatch(colLower) + + // numeric casts + if len(castMatch) == 2 { + switch castMatch[1] { + case "real", "integer", "int", "decimal", "numeric": + result[col.alias] = &queryField{ + field: &NumberField{ + Name: col.alias, + }, + } + continue + case "text": + result[col.alias] = &queryField{ + field: &TextField{ + Name: col.alias, + }, + } + continue + case "boolean", "bool": + result[col.alias] = &queryField{ + field: &BoolField{ + Name: col.alias, + }, + } + continue + } + } + + parts := strings.Split(col.original, ".") + + var fieldName string + var collection *Collection + + if len(parts) == 2 { + fieldName = parts[1] + collection = collections[parts[0]] + } else { + fieldName = parts[0] + collection = collections[mainTable.alias] + } + + // fallback to the default field + if collection == nil { + result[col.alias] = &queryField{ + field: defaultViewField(col.alias), + } + continue + } + + if fieldName == "*" { + return nil, errors.New("dynamic column names are not supported") + } + + // find the first field by name (case insensitive) + var field Field + for _, f := range collection.Fields { + if strings.EqualFold(f.GetName(), fieldName) { + field = f + break + } + } + + // fallback to the default field + if field == nil { + result[col.alias] = &queryField{ + field: defaultViewField(col.alias), + collection: collection, + } + continue + } + + // convert to relation since it is an id reference + if strings.EqualFold(fieldName, FieldNameId) { + result[col.alias] = &queryField{ + field: &RelationField{ + Name: col.alias, + MaxSelect: 1, + CollectionId: collection.Id, + }, + collection: collection, + } + continue + } + + // we fetch a brand new collection object to avoid using reflection + // or having a dedicated Clone method for each field type + tempCollection, err := app.FindCollectionByNameOrId(collection.Id) + if err != nil { + return nil, err + } + + clone := tempCollection.Fields.GetById(field.GetId()) + if clone == nil { + return nil, fmt.Errorf("missing expected field %q (%q) in collection %q", field.GetName(), field.GetId(), tempCollection.Name) + } + // set new random id to prevent duplications if the same field is aliased multiple times + clone.SetId("_clone_" + security.PseudorandomString(4)) + clone.SetName(col.alias) + + result[col.alias] = &queryField{ + original: field, + field: clone, + collection: collection, + } + } + + return result, nil +} + +func findCollectionsByIdentifiers(app App, tables []identifier) (map[string]*Collection, error) { + names := make([]any, 0, len(tables)) + + for _, table := range tables { + if strings.Contains(table.alias, "(") { + continue // skip expressions + } + names = append(names, table.original) + } + + if len(names) == 0 { + return nil, nil + } + + result := make(map[string]*Collection, len(names)) + collections := make([]*Collection, 0, len(names)) + + err := app.CollectionQuery(). + AndWhere(dbx.In("name", names...)). + All(&collections) + if err != nil { + return nil, err + } + + for _, table := range tables { + for _, collection := range collections { + if collection.Name == table.original { + result[table.alias] = collection + } + } + } + + return result, nil +} + +func getQueryTableInfo(app App, selectQuery string) ([]*TableInfoRow, error) { + tempView := "_temp_" + security.PseudorandomString(6) + + var info []*TableInfoRow + + txErr := app.RunInTransaction(func(txApp App) error { + // create a temp view with the provided query + err := txApp.SaveView(tempView, selectQuery) + if err != nil { + return err + } + + // extract the generated view table info + info, err = txApp.TableInfo(tempView) + + return errors.Join(err, txApp.DeleteView(tempView)) + }) + + if txErr != nil { + return nil, txErr + } + + return info, nil +} + +// ------------------------------------------------------------------- +// Raw query identifiers parser +// ------------------------------------------------------------------- + +var ( + joinReplaceRegex = regexp.MustCompile(`(?im)\s+(full\s+outer\s+join|left\s+outer\s+join|right\s+outer\s+join|full\s+join|cross\s+join|inner\s+join|outer\s+join|left\s+join|right\s+join|join)\s+?`) + discardReplaceRegex = regexp.MustCompile(`(?im)\s+(where|group\s+by|having|order|limit|with)\s+?`) + commentsReplaceRegex = regexp.MustCompile(`(?m)(\/\*[\s\S]*?\*\/)|(--.+$)`) +) + +type identifier struct { + original string + alias string +} + +type identifiersParser struct { + columns []identifier + tables []identifier +} + +func (p *identifiersParser) parse(selectQuery string) error { + str := strings.Trim(strings.TrimSpace(selectQuery), ";") + str = commentsReplaceRegex.ReplaceAllString(str, " ") + str = joinReplaceRegex.ReplaceAllString(str, " __pb_join__ ") + str = discardReplaceRegex.ReplaceAllString(str, " __pb_discard__ ") + + tk := tokenizer.NewFromString(str) + tk.Separators(',', ' ', '\n', '\t') + tk.KeepSeparator(true) + + var skip bool + var partType string + var activeBuilder *strings.Builder + var selectParts strings.Builder + var fromParts strings.Builder + var joinParts strings.Builder + + for { + token, err := tk.Scan() + if err != nil { + if err != io.EOF { + return err + } + break + } + + trimmed := strings.ToLower(strings.TrimSpace(token)) + + switch trimmed { + case "select": + skip = false + partType = "select" + activeBuilder = &selectParts + case "distinct": + continue // ignore as it is not important for the identifiers parsing + case "from": + skip = false + partType = "from" + activeBuilder = &fromParts + case "__pb_join__": + skip = false + + // the previous part was also a join + if partType == "join" { + joinParts.WriteString(",") + } + + partType = "join" + activeBuilder = &joinParts + case "__pb_discard__": + // skip following tokens + skip = true + default: + isJoin := partType == "join" + + if isJoin && trimmed == "on" { + skip = true + } + + if !skip && activeBuilder != nil { + activeBuilder.WriteString(" ") + activeBuilder.WriteString(token) + } + } + } + + selects, err := extractIdentifiers(selectParts.String()) + if err != nil { + return err + } + + froms, err := extractIdentifiers(fromParts.String()) + if err != nil { + return err + } + + joins, err := extractIdentifiers(joinParts.String()) + if err != nil { + return err + } + + p.columns = selects + p.tables = froms + p.tables = append(p.tables, joins...) + + return nil +} + +func extractIdentifiers(rawExpression string) ([]identifier, error) { + rawTk := tokenizer.NewFromString(rawExpression) + rawTk.Separators(',') + + rawIdentifiers, err := rawTk.ScanAll() + if err != nil { + return nil, err + } + + result := make([]identifier, 0, len(rawIdentifiers)) + + for _, rawIdentifier := range rawIdentifiers { + tk := tokenizer.NewFromString(rawIdentifier) + tk.Separators(' ', '\n', '\t') + + parts, err := tk.ScanAll() + if err != nil { + return nil, err + } + + resolved, err := identifierFromParts(parts) + if err != nil { + return nil, err + } + + result = append(result, resolved) + } + + return result, nil +} + +func identifierFromParts(parts []string) (identifier, error) { + var result identifier + + switch len(parts) { + case 3: + if !strings.EqualFold(parts[1], "as") { + return result, fmt.Errorf(`invalid identifier part - expected "as", got %v`, parts[1]) + } + + result.original = parts[0] + result.alias = parts[2] + case 2: + result.original = parts[0] + result.alias = parts[1] + case 1: + subParts := strings.Split(parts[0], ".") + result.original = parts[0] + result.alias = subParts[len(subParts)-1] + default: + return result, fmt.Errorf(`invalid identifier parts %v`, parts) + } + + result.original = trimRawIdentifier(result.original) + + // we trim the single quote even though it is not a valid column quote character + // because SQLite allows it if the context expects an identifier and not string literal + // (https://www.sqlite.org/lang_keywords.html) + result.alias = trimRawIdentifier(result.alias, "'") + + return result, nil +} + +func trimRawIdentifier(rawIdentifier string, extraTrimChars ...string) string { + trimChars := "`\"[];" + if len(extraTrimChars) > 0 { + trimChars += strings.Join(extraTrimChars, "") + } + + parts := strings.Split(rawIdentifier, ".") + + for i := range parts { + parts[i] = strings.Trim(parts[i], trimChars) + } + + return strings.Join(parts, ".") +} diff --git a/core/view_test.go b/core/view_test.go new file mode 100644 index 0000000..37eb2fc --- /dev/null +++ b/core/view_test.go @@ -0,0 +1,647 @@ +package core_test + +import ( + "encoding/json" + "fmt" + "slices" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" +) + +func ensureNoTempViews(app core.App, t *testing.T) { + var total int + + err := app.DB().Select("count(*)"). + From("sqlite_schema"). + AndWhere(dbx.HashExp{"type": "view"}). + AndWhere(dbx.NewExp(`[[name]] LIKE '%\_temp\_%' ESCAPE '\'`)). + Limit(1). + Row(&total) + if err != nil { + t.Fatalf("Failed to check for temp views: %v", err) + } + + if total > 0 { + t.Fatalf("Expected all temp views to be deleted, got %d", total) + } +} + +func TestDeleteView(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + viewName string + expectError bool + }{ + {"", true}, + {"demo1", true}, // not a view table + {"missing", false}, // missing or already deleted + {"view1", false}, // existing + {"VieW1", false}, // view names are case insensitives + } + + for i, s := range scenarios { + err := app.DeleteView(s.viewName) + + hasErr := err != nil + if hasErr != s.expectError { + t.Errorf("[%d - %q] Expected hasErr %v, got %v (%v)", i, s.viewName, s.expectError, hasErr, err) + } + } + + ensureNoTempViews(app, t) +} + +func TestSaveView(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + scenarioName string + viewName string + query string + expectError bool + expectColumns []string + }{ + { + "empty name and query", + "", + "", + true, + nil, + }, + { + "empty name", + "", + "select * from " + core.CollectionNameSuperusers, + true, + nil, + }, + { + "empty query", + "123Test", + "", + true, + nil, + }, + { + "invalid query", + "123Test", + "123 456", + true, + nil, + }, + { + "missing table", + "123Test", + "select id from missing", + true, + nil, + }, + { + "non select query", + "123Test", + "drop table " + core.CollectionNameSuperusers, + true, + nil, + }, + { + "multiple select queries", + "123Test", + "select *, count(id) as c from " + core.CollectionNameSuperusers + "; select * from demo1;", + true, + nil, + }, + { + "try to break the parent parenthesis", + "123Test", + "select *, count(id) as c from `" + core.CollectionNameSuperusers + "`)", + true, + nil, + }, + { + "simple select query (+ trimmed semicolon)", + "123Test", + ";select *, count(id) as c from " + core.CollectionNameSuperusers + ";", + false, + []string{ + "id", "created", "updated", + "password", "tokenKey", "email", + "emailVisibility", "verified", + "c", + }, + }, + { + "update old view with new query", + "123Test", + "select 1 as test from " + core.CollectionNameSuperusers, + false, + []string{"test"}, + }, + } + + for _, s := range scenarios { + t.Run(s.scenarioName, func(t *testing.T) { + err := app.SaveView(s.viewName, s.query) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + infoRows, err := app.TableInfo(s.viewName) + if err != nil { + t.Fatalf("Failed to fetch table info for %s: %v", s.viewName, err) + } + + if len(s.expectColumns) != len(infoRows) { + t.Fatalf("Expected %d columns, got %d", len(s.expectColumns), len(infoRows)) + } + + for _, row := range infoRows { + if !slices.Contains(s.expectColumns, row.Name) { + t.Fatalf("Missing %q column in %v", row.Name, s.expectColumns) + } + } + }) + } + + ensureNoTempViews(app, t) +} + +func TestCreateViewFieldsWithDiscardedNestedTransaction(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + app.RunInTransaction(func(txApp core.App) error { + _, err := txApp.CreateViewFields("select id from missing") + if err == nil { + t.Fatal("Expected error, got nil") + } + + return nil + }) + + ensureNoTempViews(app, t) +} + +func TestCreateViewFields(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + scenarios := []struct { + name string + query string + expectError bool + expectFields map[string]string // name-type pairs + }{ + { + "empty query", + "", + true, + nil, + }, + { + "invalid query", + "test 123456", + true, + nil, + }, + { + "missing table", + "select id from missing", + true, + nil, + }, + { + "query with wildcard column", + "select a.id, a.* from demo1 a", + true, + nil, + }, + { + "query without id", + "select text, url, created, updated from demo1", + true, + nil, + }, + { + "query with comments", + ` + select + -- test single line + demo1.id, + demo1.text, + /* multi + * line comment block */ + demo1.url, demo1.created, demo1.updated from/* inline comment block with no spaces between the identifiers */demo1 + -- comment before join + join demo2 ON ( + -- comment inside join + demo2.id = demo1.id + ) + -- comment before where + where ( + -- comment inside where + demo2.id = demo1.id + ) + `, + false, + map[string]string{ + "id": core.FieldTypeText, + "text": core.FieldTypeText, + "url": core.FieldTypeURL, + "created": core.FieldTypeAutodate, + "updated": core.FieldTypeAutodate, + }, + }, + { + "query with all fields and quoted identifiers", + ` + select + "id", + "created", + "updated", + [text], + ` + "`bool`" + `, + "url", + "select_one", + "select_many", + "file_one", + "demo1"."file_many", + ` + "`demo1`." + "`number`" + ` number_alias, + "email", + "datetime", + "json", + "rel_one", + "rel_many", + 'single_quoted_custom_literal' as 'single_quoted_column' + from demo1 + `, + false, + map[string]string{ + "id": core.FieldTypeText, + "created": core.FieldTypeAutodate, + "updated": core.FieldTypeAutodate, + "text": core.FieldTypeText, + "bool": core.FieldTypeBool, + "url": core.FieldTypeURL, + "select_one": core.FieldTypeSelect, + "select_many": core.FieldTypeSelect, + "file_one": core.FieldTypeFile, + "file_many": core.FieldTypeFile, + "number_alias": core.FieldTypeNumber, + "email": core.FieldTypeEmail, + "datetime": core.FieldTypeDate, + "json": core.FieldTypeJSON, + "rel_one": core.FieldTypeRelation, + "rel_many": core.FieldTypeRelation, + "single_quoted_column": core.FieldTypeJSON, + }, + }, + { + "query with indirect relations fields", + "select a.id, b.id as bid, b.created from demo1 as a left join demo2 b", + false, + map[string]string{ + "id": core.FieldTypeText, + "bid": core.FieldTypeRelation, + "created": core.FieldTypeAutodate, + }, + }, + { + "query with multiple froms, joins and style of aliasses", + ` + select + a.id as id, + b.id as bid, + lj.id cid, + ij.id as did, + a.bool, + ` + core.CollectionNameSuperusers + `.id as eid, + ` + core.CollectionNameSuperusers + `.email + from demo1 a, demo2 as b + left join demo3 lj on lj.id = 123 + inner join demo4 as ij on ij.id = 123 + join ` + core.CollectionNameSuperusers + ` + where 1=1 + group by a.id + limit 10 + `, + false, + map[string]string{ + "id": core.FieldTypeText, + "bid": core.FieldTypeRelation, + "cid": core.FieldTypeRelation, + "did": core.FieldTypeRelation, + "bool": core.FieldTypeBool, + "eid": core.FieldTypeRelation, + "email": core.FieldTypeEmail, + }, + }, + { + "query with casts", + `select + a.id, + count(a.id) count, + cast(a.id as int) cast_int, + cast(a.id as integer) cast_integer, + cast(a.id as real) cast_real, + cast(a.id as decimal) cast_decimal, + cast(a.id as numeric) cast_numeric, + cast(a.id as text) cast_text, + cast(a.id as bool) cast_bool, + cast(a.id as boolean) cast_boolean, + avg(a.id) avg, + sum(a.id) sum, + total(a.id) total, + min(a.id) min, + max(a.id) max + from demo1 a`, + false, + map[string]string{ + "id": core.FieldTypeText, + "count": core.FieldTypeNumber, + "total": core.FieldTypeNumber, + "cast_int": core.FieldTypeNumber, + "cast_integer": core.FieldTypeNumber, + "cast_real": core.FieldTypeNumber, + "cast_decimal": core.FieldTypeNumber, + "cast_numeric": core.FieldTypeNumber, + "cast_text": core.FieldTypeText, + "cast_bool": core.FieldTypeBool, + "cast_boolean": core.FieldTypeBool, + // json because they are nullable + "sum": core.FieldTypeJSON, + "avg": core.FieldTypeJSON, + "min": core.FieldTypeJSON, + "max": core.FieldTypeJSON, + }, + }, + { + "query with reserved auth collection fields", + ` + select + a.id, + a.username, + a.email, + a.emailVisibility, + a.verified, + demo1.id relid + from users a + left join demo1 + `, + false, + map[string]string{ + "id": core.FieldTypeText, + "username": core.FieldTypeText, + "email": core.FieldTypeEmail, + "emailVisibility": core.FieldTypeBool, + "verified": core.FieldTypeBool, + "relid": core.FieldTypeRelation, + }, + }, + { + "query with unknown fields and aliases", + `select + id, + id as id2, + text as text_alias, + url as url_alias, + "demo1"."bool" as bool_alias, + number as number_alias, + created created_alias, + updated updated_alias, + 123 as custom + from demo1`, + false, + map[string]string{ + "id": core.FieldTypeText, + "id2": core.FieldTypeRelation, + "text_alias": core.FieldTypeText, + "url_alias": core.FieldTypeURL, + "bool_alias": core.FieldTypeBool, + "number_alias": core.FieldTypeNumber, + "created_alias": core.FieldTypeAutodate, + "updated_alias": core.FieldTypeAutodate, + "custom": core.FieldTypeJSON, + }, + }, + { + "query with distinct and reordered id column", + `select distinct + id as id2, + id, + 123 as custom + from demo1`, + false, + map[string]string{ + "id2": core.FieldTypeRelation, + "id": core.FieldTypeText, + "custom": core.FieldTypeJSON, + }, + }, + { + "query with aliasing the same field multiple times", + `select + a.id as id, + a.text as alias1, + a.text as alias2, + b.text as alias3, + b.text as alias4 + from demo1 a + left join demo1 as b`, + false, + map[string]string{ + "id": core.FieldTypeText, + "alias1": core.FieldTypeText, + "alias2": core.FieldTypeText, + "alias3": core.FieldTypeText, + "alias4": core.FieldTypeText, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result, err := app.CreateViewFields(s.query) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if len(s.expectFields) != len(result) { + serialized, _ := json.Marshal(result) + t.Fatalf("Expected %d fields, got %d: \n%s", len(s.expectFields), len(result), serialized) + } + + for name, typ := range s.expectFields { + field := result.GetByName(name) + + if field == nil { + t.Fatalf("Expected to find field %s, got nil", name) + } + + if field.Type() != typ { + t.Fatalf("Expected field %s to be %q, got %q", name, typ, field.Type()) + } + } + }) + } + + ensureNoTempViews(app, t) +} + +func TestFindRecordByViewFile(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + prevCollection, err := app.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + totalLevels := 6 + + // create collection view mocks + fileOneAlias := "file_one one0" + fileManyAlias := "file_many many0" + mockCollections := make([]*core.Collection, 0, totalLevels) + for i := 0; i <= totalLevels; i++ { + view := new(core.Collection) + view.Type = core.CollectionTypeView + view.Name = fmt.Sprintf("_test_view%d", i) + view.ViewQuery = fmt.Sprintf( + "select id, %s, %s from %s", + fileOneAlias, + fileManyAlias, + prevCollection.Name, + ) + + // save view + if err := app.Save(view); err != nil { + t.Fatalf("Failed to save view%d: %v", i, err) + } + + mockCollections = append(mockCollections, view) + prevCollection = view + fileOneAlias = fmt.Sprintf("one%d one%d", i, i+1) + fileManyAlias = fmt.Sprintf("many%d many%d", i, i+1) + } + + fileOneName := "test_d61b33QdDU.txt" + fileManyName := "test_QZFjKjXchk.txt" + expectedRecordId := "84nmscqy84lsi1t" + + scenarios := []struct { + name string + collectionNameOrId string + fileFieldName string + filename string + expectError bool + expectRecordId string + }{ + { + "missing collection", + "missing", + "a", + fileOneName, + true, + "", + }, + { + "non-view collection", + "demo1", + "file_one", + fileOneName, + true, + "", + }, + { + "view collection after the max recursion limit", + mockCollections[totalLevels-1].Name, + fmt.Sprintf("one%d", totalLevels-1), + fileOneName, + true, + "", + }, + { + "first view collection (single file)", + mockCollections[0].Name, + "one0", + fileOneName, + false, + expectedRecordId, + }, + { + "first view collection (many files)", + mockCollections[0].Name, + "many0", + fileManyName, + false, + expectedRecordId, + }, + { + "last view collection before the recursion limit (single file)", + mockCollections[totalLevels-2].Name, + fmt.Sprintf("one%d", totalLevels-2), + fileOneName, + false, + expectedRecordId, + }, + { + "last view collection before the recursion limit (many files)", + mockCollections[totalLevels-2].Name, + fmt.Sprintf("many%d", totalLevels-2), + fileManyName, + false, + expectedRecordId, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + record, err := app.FindRecordByViewFile( + s.collectionNameOrId, + s.fileFieldName, + s.filename, + ) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if record.Id != s.expectRecordId { + t.Fatalf("Expected recordId %q, got %q", s.expectRecordId, record.Id) + } + }) + } +} diff --git a/examples/base/.gitignore b/examples/base/.gitignore new file mode 100644 index 0000000..b0b3cfb --- /dev/null +++ b/examples/base/.gitignore @@ -0,0 +1,6 @@ +# ignore everything +/* + +# exclude from the ignore filter +!.gitignore +!main.go diff --git a/examples/base/main.go b/examples/base/main.go new file mode 100644 index 0000000..ff03b85 --- /dev/null +++ b/examples/base/main.go @@ -0,0 +1,132 @@ +package main + +import ( + "log" + "net/http" + "os" + "path/filepath" + "strings" + + "github.com/pocketbase/pocketbase" + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/plugins/ghupdate" + "github.com/pocketbase/pocketbase/plugins/jsvm" + "github.com/pocketbase/pocketbase/plugins/migratecmd" + "github.com/pocketbase/pocketbase/tools/hook" +) + +func main() { + app := pocketbase.New() + + // --------------------------------------------------------------- + // Optional plugin flags: + // --------------------------------------------------------------- + + var hooksDir string + app.RootCmd.PersistentFlags().StringVar( + &hooksDir, + "hooksDir", + "", + "the directory with the JS app hooks", + ) + + var hooksWatch bool + app.RootCmd.PersistentFlags().BoolVar( + &hooksWatch, + "hooksWatch", + true, + "auto restart the app on pb_hooks file change; it has no effect on Windows", + ) + + var hooksPool int + app.RootCmd.PersistentFlags().IntVar( + &hooksPool, + "hooksPool", + 15, + "the total prewarm goja.Runtime instances for the JS app hooks execution", + ) + + var migrationsDir string + app.RootCmd.PersistentFlags().StringVar( + &migrationsDir, + "migrationsDir", + "", + "the directory with the user defined migrations", + ) + + var automigrate bool + app.RootCmd.PersistentFlags().BoolVar( + &automigrate, + "automigrate", + true, + "enable/disable auto migrations", + ) + + var publicDir string + app.RootCmd.PersistentFlags().StringVar( + &publicDir, + "publicDir", + defaultPublicDir(), + "the directory to serve static files", + ) + + var indexFallback bool + app.RootCmd.PersistentFlags().BoolVar( + &indexFallback, + "indexFallback", + true, + "fallback the request to index.html on missing static path, e.g. when pretty urls are used with SPA", + ) + + app.RootCmd.ParseFlags(os.Args[1:]) + + // --------------------------------------------------------------- + // Plugins and hooks: + // --------------------------------------------------------------- + + // load jsvm (pb_hooks and pb_migrations) + jsvm.MustRegister(app, jsvm.Config{ + MigrationsDir: migrationsDir, + HooksDir: hooksDir, + HooksWatch: hooksWatch, + HooksPoolSize: hooksPool, + }) + + // migrate command (with js templates) + migratecmd.MustRegister(app, app.RootCmd, migratecmd.Config{ + TemplateLang: migratecmd.TemplateLangJS, + Automigrate: automigrate, + Dir: migrationsDir, + }) + + // GitHub selfupdate + ghupdate.MustRegister(app, app.RootCmd, ghupdate.Config{}) + + // static route to serves files from the provided public dir + // (if publicDir exists and the route path is not already defined) + app.OnServe().Bind(&hook.Handler[*core.ServeEvent]{ + Func: func(e *core.ServeEvent) error { + if !e.Router.HasRoute(http.MethodGet, "/{path...}") { + e.Router.GET("/{path...}", apis.Static(os.DirFS(publicDir), indexFallback)) + } + + return e.Next() + }, + Priority: 999, // execute as latest as possible to allow users to provide their own route + }) + + if err := app.Start(); err != nil { + log.Fatal(err) + } +} + +// the default pb_public dir location is relative to the executable +func defaultPublicDir() string { + if strings.HasPrefix(os.Args[0], os.TempDir()) { + // most likely ran with go run + return "./pb_public" + } + + return filepath.Join(os.Args[0], "../pb_public") +} diff --git a/forms/apple_client_secret_create.go b/forms/apple_client_secret_create.go new file mode 100644 index 0000000..f07166e --- /dev/null +++ b/forms/apple_client_secret_create.go @@ -0,0 +1,87 @@ +package forms + +import ( + "regexp" + "strings" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/pocketbase/core" +) + +var privateKeyRegex = regexp.MustCompile(`(?m)-----BEGIN PRIVATE KEY----[\s\S]+-----END PRIVATE KEY-----`) + +// AppleClientSecretCreate is a form struct to generate a new Apple Client Secret. +// +// Reference: https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens +type AppleClientSecretCreate struct { + app core.App + + // ClientId is the identifier of your app (aka. Service ID). + ClientId string `form:"clientId" json:"clientId"` + + // TeamId is a 10-character string associated with your developer account + // (usually could be found next to your name in the Apple Developer site). + TeamId string `form:"teamId" json:"teamId"` + + // KeyId is a 10-character key identifier generated for the "Sign in with Apple" + // private key associated with your developer account. + KeyId string `form:"keyId" json:"keyId"` + + // PrivateKey is the private key associated to your app. + // Usually wrapped within -----BEGIN PRIVATE KEY----- X -----END PRIVATE KEY-----. + PrivateKey string `form:"privateKey" json:"privateKey"` + + // Duration specifies how long the generated JWT should be considered valid. + // The specified value must be in seconds and max 15777000 (~6months). + Duration int `form:"duration" json:"duration"` +} + +// NewAppleClientSecretCreate creates a new [AppleClientSecretCreate] form with initializer +// config created from the provided [core.App] instances. +func NewAppleClientSecretCreate(app core.App) *AppleClientSecretCreate { + form := &AppleClientSecretCreate{ + app: app, + } + + return form +} + +// Validate makes the form validatable by implementing [validation.Validatable] interface. +func (form *AppleClientSecretCreate) Validate() error { + return validation.ValidateStruct(form, + validation.Field(&form.ClientId, validation.Required), + validation.Field(&form.TeamId, validation.Required, validation.Length(10, 10)), + validation.Field(&form.KeyId, validation.Required, validation.Length(10, 10)), + validation.Field(&form.PrivateKey, validation.Required, validation.Match(privateKeyRegex)), + validation.Field(&form.Duration, validation.Required, validation.Min(1), validation.Max(15777000)), + ) +} + +// Submit validates the form and returns a new Apple Client Secret JWT. +func (form *AppleClientSecretCreate) Submit() (string, error) { + if err := form.Validate(); err != nil { + return "", err + } + + signKey, err := jwt.ParseECPrivateKeyFromPEM([]byte(strings.TrimSpace(form.PrivateKey))) + if err != nil { + return "", err + } + + now := time.Now() + + claims := &jwt.RegisteredClaims{ + Audience: jwt.ClaimStrings{"https://appleid.apple.com"}, + Subject: form.ClientId, + Issuer: form.TeamId, + IssuedAt: jwt.NewNumericDate(now), + ExpiresAt: jwt.NewNumericDate(now.Add(time.Duration(form.Duration) * time.Second)), + } + + token := jwt.NewWithClaims(jwt.SigningMethodES256, claims) + token.Header["kid"] = form.KeyId + + return token.SignedString(signKey) +} diff --git a/forms/apple_client_secret_create_test.go b/forms/apple_client_secret_create_test.go new file mode 100644 index 0000000..4778d48 --- /dev/null +++ b/forms/apple_client_secret_create_test.go @@ -0,0 +1,119 @@ +package forms_test + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "encoding/json" + "encoding/pem" + "testing" + + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/tests" +) + +func TestAppleClientSecretCreateValidateAndSubmit(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + t.Fatal(err) + } + + encodedKey, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + t.Fatal(err) + } + + privatePem := pem.EncodeToMemory( + &pem.Block{ + Type: "PRIVATE KEY", + Bytes: encodedKey, + }, + ) + + scenarios := []struct { + name string + formData map[string]any + expectError bool + }{ + { + "empty data", + map[string]any{}, + true, + }, + { + "invalid data", + map[string]any{ + "clientId": "", + "teamId": "123456789", + "keyId": "123456789", + "privateKey": "-----BEGIN PRIVATE KEY----- invalid -----END PRIVATE KEY-----", + "duration": -1, + }, + true, + }, + { + "valid data", + map[string]any{ + "clientId": "123", + "teamId": "1234567890", + "keyId": "1234567891", + "privateKey": string(privatePem), + "duration": 1, + }, + false, + }, + } + + for _, s := range scenarios { + form := forms.NewAppleClientSecretCreate(app) + + rawData, marshalErr := json.Marshal(s.formData) + if marshalErr != nil { + t.Errorf("[%s] Failed to marshalize the scenario data: %v", s.name, marshalErr) + continue + } + + // load data + loadErr := json.Unmarshal(rawData, form) + if loadErr != nil { + t.Errorf("[%s] Failed to load form data: %v", s.name, loadErr) + continue + } + + secret, err := form.Submit() + + hasErr := err != nil + if hasErr != s.expectError { + t.Errorf("[%s] Expected hasErr %v, got %v (%v)", s.name, s.expectError, hasErr, err) + } + + if hasErr { + continue + } + + if secret == "" { + t.Errorf("[%s] Expected non-empty secret", s.name) + } + + claims := jwt.MapClaims{} + token, _, err := jwt.NewParser().ParseUnverified(secret, claims) + if err != nil { + t.Errorf("[%s] Failed to parse token: %v", s.name, err) + } + + if alg := token.Header["alg"]; alg != "ES256" { + t.Errorf("[%s] Expected %q alg header, got %q", s.name, "ES256", alg) + } + + if kid := token.Header["kid"]; kid != form.KeyId { + t.Errorf("[%s] Expected %q kid header, got %q", s.name, form.KeyId, kid) + } + } +} diff --git a/forms/record_upsert.go b/forms/record_upsert.go new file mode 100644 index 0000000..02b6508 --- /dev/null +++ b/forms/record_upsert.go @@ -0,0 +1,316 @@ +package forms + +import ( + "context" + "errors" + "fmt" + "slices" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/core/validators" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +const ( + accessLevelDefault = iota + accessLevelManager + accessLevelSuperuser +) + +type RecordUpsert struct { + ctx context.Context + app core.App + record *core.Record + accessLevel int + + // extra password fields + disablePasswordValidations bool + password string + passwordConfirm string + oldPassword string +} + +// NewRecordUpsert creates a new [RecordUpsert] form from the provided [core.App] and [core.Record] instances +// (for create you could pass a pointer to an empty Record - core.NewRecord(collection)). +func NewRecordUpsert(app core.App, record *core.Record) *RecordUpsert { + form := &RecordUpsert{ + ctx: context.Background(), + app: app, + record: record, + } + + return form +} + +// SetContext assigns ctx as context of the current form. +func (form *RecordUpsert) SetContext(ctx context.Context) { + form.ctx = ctx +} + +// SetApp replaces the current form app instance. +// +// This could be used for example if you want to change at later stage +// before submission to change from regular -> transactional app instance. +func (form *RecordUpsert) SetApp(app core.App) { + form.app = app +} + +// SetRecord replaces the current form record instance. +func (form *RecordUpsert) SetRecord(record *core.Record) { + form.record = record +} + +// ResetAccess resets the form access level to the accessLevelDefault. +func (form *RecordUpsert) ResetAccess() { + form.accessLevel = accessLevelDefault +} + +// GrantManagerAccess updates the form access level to "manager" allowing +// directly changing some system record fields (often used with auth collection records). +func (form *RecordUpsert) GrantManagerAccess() { + form.accessLevel = accessLevelManager +} + +// GrantSuperuserAccess updates the form access level to "superuser" allowing +// directly changing all system record fields, including those marked as "Hidden". +func (form *RecordUpsert) GrantSuperuserAccess() { + form.accessLevel = accessLevelSuperuser +} + +// HasManageAccess reports whether the form has "manager" or "superuser" level access. +func (form *RecordUpsert) HasManageAccess() bool { + return form.accessLevel == accessLevelManager || form.accessLevel == accessLevelSuperuser +} + +// Load loads the provided data into the form and the related record. +func (form *RecordUpsert) Load(data map[string]any) { + excludeFields := []string{core.FieldNameExpand} + + isAuth := form.record.Collection().IsAuth() + + // load the special auth form fields + if isAuth { + if v, ok := data["password"]; ok { + form.password = cast.ToString(v) + } + if v, ok := data["passwordConfirm"]; ok { + form.passwordConfirm = cast.ToString(v) + } + if v, ok := data["oldPassword"]; ok { + form.oldPassword = cast.ToString(v) + } + + excludeFields = append(excludeFields, "passwordConfirm", "oldPassword") // skip non-schema password fields + } + + for k, v := range data { + if slices.Contains(excludeFields, k) { + continue + } + + // set only known collection fields + field := form.record.SetIfFieldExists(k, v) + + // restore original value if hidden field (with exception of the auth "password") + // + // note: this is an extra measure against loading hidden fields + // but usually is not used by the default route handlers since + // they filter additionally the data before calling Load + if form.accessLevel != accessLevelSuperuser && field != nil && field.GetHidden() && (!isAuth || field.GetName() != core.FieldNamePassword) { + form.record.SetRaw(field.GetName(), form.record.Original().GetRaw(field.GetName())) + } + } +} + +func (form *RecordUpsert) validateFormFields() error { + isAuth := form.record.Collection().IsAuth() + if !isAuth { + return nil + } + + form.syncPasswordFields() + + isNew := form.record.IsNew() + + original := form.record.Original() + + validateData := map[string]any{ + "email": form.record.Email(), + "verified": form.record.Verified(), + "password": form.password, + "passwordConfirm": form.passwordConfirm, + "oldPassword": form.oldPassword, + } + + return validation.Validate(validateData, + validation.Map( + validation.Key( + "email", + // don't allow direct email updates if the form doesn't have manage access permissions + // (aka. allow only admin or authorized auth models to directly update the field) + validation.When( + !isNew && !form.HasManageAccess(), + validation.By(validators.Equal(original.Email())), + ), + ), + validation.Key( + "verified", + // don't allow changing verified if the form doesn't have manage access permissions + // (aka. allow only admin or authorized auth models to directly change the field) + validation.When( + !form.HasManageAccess(), + validation.By(validators.Equal(original.Verified())), + ), + ), + validation.Key( + "password", + validation.When( + !form.disablePasswordValidations && (isNew || form.passwordConfirm != "" || form.oldPassword != ""), + validation.Required, + ), + ), + validation.Key( + "passwordConfirm", + validation.When( + !form.disablePasswordValidations && (isNew || form.password != "" || form.oldPassword != ""), + validation.Required, + ), + validation.When(!form.disablePasswordValidations, validation.By(validators.Equal(form.password))), + ), + validation.Key( + "oldPassword", + // require old password only on update when: + // - form.HasManageAccess() is not satisfied + // - changing the existing password + validation.When( + !form.disablePasswordValidations && !isNew && !form.HasManageAccess() && (form.password != "" || form.passwordConfirm != ""), + validation.Required, + validation.By(form.checkOldPassword), + ), + ), + ), + ) +} + +func (form *RecordUpsert) checkOldPassword(value any) error { + v, ok := value.(string) + if !ok { + return validators.ErrUnsupportedValueType + } + + if !form.record.Original().ValidatePassword(v) { + return validation.NewError("validation_invalid_old_password", "Missing or invalid old password.") + } + + return nil +} + +// Deprecated: It was previously used as part of the record create action but it is not needed anymore and will be removed in the future. +// +// DrySubmit performs a temp form submit within a transaction and reverts it at the end. +// For actual record persistence, check the [RecordUpsert.Submit()] method. +// +// This method doesn't perform validations, handle file uploads/deletes or trigger app save events! +func (form *RecordUpsert) DrySubmit(callback func(txApp core.App, drySavedRecord *core.Record) error) error { + isNew := form.record.IsNew() + + clone := form.record.Clone() + + // set an id if it doesn't have already + // (the value doesn't matter; it is used only during the manual delete/update rollback) + if clone.IsNew() && clone.Id == "" { + clone.Id = "_temp_" + security.PseudorandomString(15) + } + + app := form.app.UnsafeWithoutHooks() + + isTransactional := app.IsTransactional() + if !isTransactional { + return app.RunInTransaction(func(txApp core.App) error { + tx, ok := txApp.DB().(*dbx.Tx) + if !ok { + return errors.New("failed to get transaction db") + } + defer tx.Rollback() + + if err := txApp.SaveNoValidateWithContext(form.ctx, clone); err != nil { + return validators.NormalizeUniqueIndexError(err, clone.Collection().Name, clone.Collection().Fields.FieldNames()) + } + + if callback != nil { + return callback(txApp, clone) + } + + return nil + }) + } + + // already in a transaction + // (manual rollback to avoid starting another transaction) + // --------------------------------------------------------------- + err := app.SaveNoValidateWithContext(form.ctx, clone) + if err != nil { + return validators.NormalizeUniqueIndexError(err, clone.Collection().Name, clone.Collection().Fields.FieldNames()) + } + + manualRollback := func() error { + if isNew { + err = app.DeleteWithContext(form.ctx, clone) + if err != nil { + return fmt.Errorf("failed to rollback dry submit created record: %w", err) + } + } else { + clone.Load(clone.Original().FieldsData()) + err = app.SaveNoValidateWithContext(form.ctx, clone) + if err != nil { + return fmt.Errorf("failed to rollback dry submit updated record: %w", err) + } + } + + return nil + } + + if callback != nil { + return errors.Join(callback(app, clone), manualRollback()) + } + + return manualRollback() +} + +// Submit validates the form specific validations and attempts to save the form record. +func (form *RecordUpsert) Submit() error { + err := form.validateFormFields() + if err != nil { + return err + } + + // run record validations and persist in db + return form.app.SaveWithContext(form.ctx, form.record) +} + +// syncPasswordFields syncs the form's auth password fields with their +// corresponding record field values. +// +// This could be useful in case the password fields were programmatically set +// directly by modifying the related record model. +func (form *RecordUpsert) syncPasswordFields() { + if !form.record.Collection().IsAuth() { + return // not an auth collection + } + + form.disablePasswordValidations = false + + rawPassword := form.record.GetRaw(core.FieldNamePassword) + if v, ok := rawPassword.(*core.PasswordFieldValue); ok && v != nil { + if + // programmatically set custom plain password value + (v.Plain != "" && v.Plain != form.password) || + // random generated password for new record + (v.Plain == "" && v.Hash != "" && form.record.IsNew()) { + form.disablePasswordValidations = true + } + } +} diff --git a/forms/record_upsert_test.go b/forms/record_upsert_test.go new file mode 100644 index 0000000..faf423d --- /dev/null +++ b/forms/record_upsert_test.go @@ -0,0 +1,1012 @@ +package forms_test + +import ( + "bytes" + "encoding/json" + "errors" + "maps" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/filesystem" +) + +func TestRecordUpsertLoad(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + demo1Col, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + usersCol, err := testApp.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + data map[string]any + record *core.Record + managerAccessLevel bool + superuserAccessLevel bool + expected []string + notExpected []string + }{ + { + name: "base collection record", + data: map[string]any{ + "text": "test_text", + "custom": "123", // should be ignored + "number": "456", // should be normalized by the setter + "select_many+": []string{"optionB", "optionC"}, // test modifier fields + "created": "2022-01:01 10:00:00.000Z", // should be ignored + // ignore special auth fields + "oldPassword": "123", + "password": "456", + "passwordConfirm": "789", + }, + record: core.NewRecord(demo1Col), + expected: []string{ + `"text":"test_text"`, + `"number":456`, + `"select_many":["optionB","optionC"]`, + `"created":""`, + `"updated":""`, + `"json":null`, + }, + notExpected: []string{ + `"custom"`, + `"password"`, + `"oldPassword"`, + `"passwordConfirm"`, + `"select_many-"`, + `"select_many+"`, + }, + }, + { + name: "auth collection record", + data: map[string]any{ + "email": "test@example.com", + // special auth fields + "oldPassword": "123", + "password": "456", + "passwordConfirm": "789", + }, + record: core.NewRecord(usersCol), + expected: []string{ + `"email":"test@example.com"`, + `"password":"456"`, + }, + notExpected: []string{ + `"oldPassword"`, + `"passwordConfirm"`, + }, + }, + { + name: "hidden fields (manager)", + data: map[string]any{ + "email": "test@example.com", + "tokenKey": "abc", // should be ignored + // special auth fields + "password": "456", + "oldPassword": "123", + "passwordConfirm": "789", + }, + managerAccessLevel: true, + record: core.NewRecord(usersCol), + expected: []string{ + `"email":"test@example.com"`, + `"tokenKey":""`, + `"password":"456"`, + }, + notExpected: []string{ + `"oldPassword"`, + `"passwordConfirm"`, + }, + }, + { + name: "hidden fields (superuser)", + data: map[string]any{ + "email": "test@example.com", + "tokenKey": "abc", + // special auth fields + "password": "456", + "oldPassword": "123", + "passwordConfirm": "789", + }, + superuserAccessLevel: true, + record: core.NewRecord(usersCol), + expected: []string{ + `"email":"test@example.com"`, + `"tokenKey":"abc"`, + `"password":"456"`, + }, + notExpected: []string{ + `"oldPassword"`, + `"passwordConfirm"`, + }, + }, + { + name: "with file field", + data: map[string]any{ + "file_one": file, + "url": file, // should be ignored for non-file fields + }, + record: core.NewRecord(demo1Col), + expected: []string{ + `"file_one":{`, + `"originalName":"test.txt"`, + `"url":""`, + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + form := forms.NewRecordUpsert(testApp, s.record) + + if s.managerAccessLevel { + form.GrantManagerAccess() + } + + if s.superuserAccessLevel { + form.GrantSuperuserAccess() + } + + // ensure that the form access level was updated + if !form.HasManageAccess() && (s.superuserAccessLevel || s.managerAccessLevel) { + t.Fatalf("Expected the form to have manage access level (manager or superuser)") + } + + form.Load(s.data) + + loaded := map[string]any{} + maps.Copy(loaded, s.record.FieldsData()) + maps.Copy(loaded, s.record.CustomData()) + + raw, err := json.Marshal(loaded) + if err != nil { + t.Fatalf("Failed to serialize data: %v", err) + } + + rawStr := string(raw) + + for _, str := range s.expected { + if !strings.Contains(rawStr, str) { + t.Fatalf("Couldn't find %q in \n%v", str, rawStr) + } + } + + for _, str := range s.notExpected { + if strings.Contains(rawStr, str) { + t.Fatalf("Didn't expect %q in \n%v", str, rawStr) + } + } + }) + } +} + +func TestRecordUpsertDrySubmitFailure(t *testing.T) { + runTest := func(t *testing.T, testApp core.App) { + col, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + originalId := "imy661ixudk5izi" + + record, err := testApp.FindRecordById(col, originalId) + if err != nil { + t.Fatal(err) + } + + oldRaw, err := json.Marshal(record) + if err != nil { + t.Fatal(err) + } + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + form := forms.NewRecordUpsert(testApp, record) + form.Load(map[string]any{ + "text": "test_update", + "file_one": file, + "select_one": "!invalid", // should be allowed even if invalid since validations are not executed + }) + + calls := "" + testApp.OnRecordValidate(col.Name).BindFunc(func(e *core.RecordEvent) error { + calls += "a" // shouldn't be called + return e.Next() + }) + + result := form.DrySubmit(func(txApp core.App, drySavedRecord *core.Record) error { + calls += "b" + return errors.New("error...") + }) + + if result == nil { + t.Fatal("Expected DrySubmit error, got nil") + } + + if calls != "b" { + t.Fatalf("Expected calls %q, got %q", "ab", calls) + } + + // refresh the record to ensure that the changes weren't persisted + record, err = testApp.FindRecordById(col, originalId) + if err != nil { + t.Fatalf("Expected record with the original id %q to exist, got\n%v", originalId, record.PublicExport()) + } + + newRaw, err := json.Marshal(record) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(oldRaw, newRaw) { + t.Fatalf("Expected record\n%s\ngot\n%s", oldRaw, newRaw) + } + + testFilesCount(t, testApp, record, 0) + } + + t.Run("without parent transaction", func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + runTest(t, testApp) + }) + + t.Run("with parent transaction", func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + testApp.RunInTransaction(func(txApp core.App) error { + runTest(t, txApp) + return nil + }) + }) +} + +func TestRecordUpsertDrySubmitCreateSuccess(t *testing.T) { + runTest := func(t *testing.T, testApp core.App) { + col, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + record := core.NewRecord(col) + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + form := forms.NewRecordUpsert(testApp, record) + form.Load(map[string]any{ + "id": "test", + "text": "test_update", + "file_one": file, + "select_one": "!invalid", // should be allowed even if invalid since validations are not executed + }) + + calls := "" + testApp.OnRecordValidate(col.Name).BindFunc(func(e *core.RecordEvent) error { + calls += "a" // shouldn't be called + return e.Next() + }) + + result := form.DrySubmit(func(txApp core.App, drySavedRecord *core.Record) error { + calls += "b" + return nil + }) + + if result != nil { + t.Fatalf("Expected DrySubmit success, got error: %v", result) + } + + if calls != "b" { + t.Fatalf("Expected calls %q, got %q", "ab", calls) + } + + // refresh the record to ensure that the changes weren't persisted + _, err = testApp.FindRecordById(col, record.Id) + if err == nil { + t.Fatal("Expected the created record to be deleted") + } + + testFilesCount(t, testApp, record, 0) + } + + t.Run("without parent transaction", func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + runTest(t, testApp) + }) + + t.Run("with parent transaction", func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + testApp.RunInTransaction(func(txApp core.App) error { + runTest(t, txApp) + return nil + }) + }) +} + +func TestRecordUpsertDrySubmitUpdateSuccess(t *testing.T) { + runTest := func(t *testing.T, testApp core.App) { + col, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + record, err := testApp.FindRecordById(col, "imy661ixudk5izi") + if err != nil { + t.Fatal(err) + } + + oldRaw, err := json.Marshal(record) + if err != nil { + t.Fatal(err) + } + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + form := forms.NewRecordUpsert(testApp, record) + form.Load(map[string]any{ + "text": "test_update", + "file_one": file, + }) + + calls := "" + testApp.OnRecordValidate(col.Name).BindFunc(func(e *core.RecordEvent) error { + calls += "a" // shouldn't be called + return e.Next() + }) + + result := form.DrySubmit(func(txApp core.App, drySavedRecord *core.Record) error { + calls += "b" + return nil + }) + + if result != nil { + t.Fatalf("Expected DrySubmit success, got error: %v", result) + } + + if calls != "b" { + t.Fatalf("Expected calls %q, got %q", "ab", calls) + } + + // refresh the record to ensure that the changes weren't persisted + record, err = testApp.FindRecordById(col, record.Id) + if err != nil { + t.Fatal(err) + } + + newRaw, err := json.Marshal(record) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(oldRaw, newRaw) { + t.Fatalf("Expected record\n%s\ngot\n%s", oldRaw, newRaw) + } + + testFilesCount(t, testApp, record, 0) + } + + t.Run("without parent transaction", func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + runTest(t, testApp) + }) + + t.Run("with parent transaction", func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + testApp.RunInTransaction(func(txApp core.App) error { + runTest(t, txApp) + return nil + }) + }) +} + +func TestRecordUpsertSubmitValidations(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + demo2Col, err := app.FindCollectionByNameOrId("demo2") + if err != nil { + t.Fatal(err) + } + + demo2Rec, err := app.FindRecordById(demo2Col, "llvuca81nly1qls") + if err != nil { + t.Fatal(err) + } + + usersCol, err := app.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + userRec, err := app.FindRecordById(usersCol, "4q1xlclmfloku33") + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + record *core.Record + data map[string]any + managerAccess bool + expectedErrors []string + }{ + // base + { + name: "new base collection record with empty data", + record: core.NewRecord(demo2Col), + data: map[string]any{}, + expectedErrors: []string{"title"}, + }, + { + name: "new base collection record with invalid data", + record: core.NewRecord(demo2Col), + data: map[string]any{ + "title": "", + // should be ignored + "custom": "abc", + "oldPassword": "123", + "password": "456", + "passwordConfirm": "789", + }, + expectedErrors: []string{"title"}, + }, + { + name: "new base collection record with valid data", + record: core.NewRecord(demo2Col), + data: map[string]any{ + "title": "abc", + // should be ignored + "custom": "abc", + "oldPassword": "123", + "password": "456", + "passwordConfirm": "789", + }, + expectedErrors: []string{}, + }, + { + name: "existing base collection record with empty data", + record: demo2Rec, + data: map[string]any{}, + expectedErrors: []string{}, + }, + { + name: "existing base collection record with invalid data", + record: demo2Rec, + data: map[string]any{ + "title": "", + }, + expectedErrors: []string{"title"}, + }, + { + name: "existing base collection record with valid data", + record: demo2Rec, + data: map[string]any{ + "title": "abc", + }, + expectedErrors: []string{}, + }, + + // auth + { + name: "new auth collection record with empty data", + record: core.NewRecord(usersCol), + data: map[string]any{}, + expectedErrors: []string{"password", "passwordConfirm"}, + }, + { + name: "new auth collection record with invalid record and invalid form data (without manager acess)", + record: core.NewRecord(usersCol), + data: map[string]any{ + "verified": true, + "emailVisibility": true, + "email": "test@example.com", + "password": "456", + "passwordConfirm": "789", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + "oldPassword": "123", + }, + // fail the form validator + expectedErrors: []string{"verified", "passwordConfirm"}, + }, + { + name: "new auth collection record with invalid record and valid form data (without manager acess)", + record: core.NewRecord(usersCol), + data: map[string]any{ + "verified": false, + "emailVisibility": true, + "email": "test@example.com", + "password": "456", + "passwordConfirm": "456", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + "oldPassword": "123", + }, + // fail the record fields validator + expectedErrors: []string{"password", "username"}, + }, + { + name: "new auth collection record with invalid record and invalid form data (with manager acess)", + record: core.NewRecord(usersCol), + managerAccess: true, + data: map[string]any{ + "verified": true, + "emailVisibility": true, + "email": "test@example.com", + "password": "456", + "passwordConfirm": "789", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + "oldPassword": "123", + }, + // fail the form validator + expectedErrors: []string{"passwordConfirm"}, + }, + { + name: "new auth collection record with invalid record and valid form data (with manager acess)", + record: core.NewRecord(usersCol), + managerAccess: true, + data: map[string]any{ + "verified": true, + "emailVisibility": true, + "email": "test@example.com", + "password": "456", + "passwordConfirm": "456", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + "oldPassword": "123", + }, + // fail the record fields validator + expectedErrors: []string{"password", "username"}, + }, + { + name: "new auth collection record with valid data", + record: core.NewRecord(usersCol), + data: map[string]any{ + "emailVisibility": true, + "email": "test_new@example.com", + "password": "1234567890", + "passwordConfirm": "1234567890", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + "oldPassword": "123", + }, + expectedErrors: []string{}, + }, + { + name: "new auth collection record with valid data and duplicated email", + record: core.NewRecord(usersCol), + data: map[string]any{ + "email": "test@example.com", + "password": "1234567890", + "passwordConfirm": "1234567890", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + "oldPassword": "123", + }, + // fail the unique db validator + expectedErrors: []string{"email"}, + }, + { + name: "existing auth collection record with empty data", + record: userRec, + data: map[string]any{}, + expectedErrors: []string{}, + }, + { + name: "existing auth collection record with invalid record data and invalid form data (without manager access)", + record: userRec, + data: map[string]any{ + "verified": true, + "email": "test_new@example.com", // not allowed to change + "oldPassword": "123", + "password": "456", + "passwordConfirm": "789", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + }, + // fail form validator + expectedErrors: []string{"verified", "email", "oldPassword", "passwordConfirm"}, + }, + { + name: "existing auth collection record with invalid record data and valid form data (without manager access)", + record: userRec, + data: map[string]any{ + "oldPassword": "1234567890", + "password": "12345678901", + "passwordConfirm": "12345678901", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + }, + // fail record fields validator + expectedErrors: []string{"username"}, + }, + { + name: "existing auth collection record with invalid record data and invalid form data (with manager access)", + record: userRec, + managerAccess: true, + data: map[string]any{ + "verified": true, + "email": "test_new@example.com", + "oldPassword": "123", // should be ignored + "password": "456", + "passwordConfirm": "789", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + }, + // fail form validator + expectedErrors: []string{"passwordConfirm"}, + }, + { + name: "existing auth collection record with invalid record data and valid form data (with manager access)", + record: userRec, + managerAccess: true, + data: map[string]any{ + "verified": true, + "email": "test_new@example.com", + "oldPassword": "1234567890", + "password": "12345678901", + "passwordConfirm": "12345678901", + "username": "!invalid", + // should be ignored (custom or hidden fields) + "tokenKey": strings.Repeat("a", 2), + "custom": "abc", + }, + // fail record fields validator + expectedErrors: []string{"username"}, + }, + { + name: "existing auth collection record with base valid data", + record: userRec, + data: map[string]any{ + "name": "test", + }, + expectedErrors: []string{}, + }, + { + name: "existing auth collection record with valid password and invalid oldPassword data", + record: userRec, + data: map[string]any{ + "name": "test", + "oldPassword": "invalid", + "password": "1234567890", + "passwordConfirm": "1234567890", + }, + expectedErrors: []string{"oldPassword"}, + }, + { + name: "existing auth collection record with valid password data", + record: userRec, + data: map[string]any{ + "name": "test", + "oldPassword": "1234567890", + "password": "0987654321", + "passwordConfirm": "0987654321", + }, + expectedErrors: []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + form := forms.NewRecordUpsert(testApp, s.record.Original()) + if s.managerAccess { + form.GrantManagerAccess() + } + form.Load(s.data) + + result := form.Submit() + + tests.TestValidationErrors(t, result, s.expectedErrors) + }) + } +} + +func TestRecordUpsertSubmitFailure(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + col, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + record, err := testApp.FindRecordById(col, "imy661ixudk5izi") + if err != nil { + t.Fatal(err) + } + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + form := forms.NewRecordUpsert(testApp, record) + form.Load(map[string]any{ + "text": "test_update", + "file_one": file, + "select_one": "invalid", + }) + + validateCalls := 0 + testApp.OnRecordValidate(col.Name).BindFunc(func(e *core.RecordEvent) error { + validateCalls++ + return e.Next() + }) + + result := form.Submit() + + if result == nil { + t.Fatal("Expected Submit error, got nil") + } + + if validateCalls != 1 { + t.Fatalf("Expected validateCalls %d, got %d", 1, validateCalls) + } + + // refresh the record to ensure that the changes weren't persisted + record, err = testApp.FindRecordById(col, record.Id) + if err != nil { + t.Fatal(err) + } + + if v := record.GetString("text"); v == "test_update" { + t.Fatalf("Expected record.text to remain the same, got %q", v) + } + + if v := record.GetString("select_one"); v != "" { + t.Fatalf("Expected record.select_one to remain the same, got %q", v) + } + + if v := record.GetString("file_one"); v != "" { + t.Fatalf("Expected record.file_one to remain the same, got %q", v) + } + + testFilesCount(t, testApp, record, 0) +} + +func TestRecordUpsertSubmitSuccess(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + col, err := testApp.FindCollectionByNameOrId("demo1") + if err != nil { + t.Fatal(err) + } + + record, err := testApp.FindRecordById(col, "imy661ixudk5izi") + if err != nil { + t.Fatal(err) + } + + file, err := filesystem.NewFileFromBytes([]byte("test"), "test.txt") + if err != nil { + t.Fatal(err) + } + + form := forms.NewRecordUpsert(testApp, record) + form.Load(map[string]any{ + "text": "test_update", + "file_one": file, + "select_one": "optionC", + }) + + validateCalls := 0 + testApp.OnRecordValidate(col.Name).BindFunc(func(e *core.RecordEvent) error { + validateCalls++ + return e.Next() + }) + + result := form.Submit() + + if result != nil { + t.Fatalf("Expected Submit success, got error: %v", result) + } + + if validateCalls != 1 { + t.Fatalf("Expected validateCalls %d, got %d", 1, validateCalls) + } + + // refresh the record to ensure that the changes were persisted + record, err = testApp.FindRecordById(col, record.Id) + if err != nil { + t.Fatal(err) + } + + if v := record.GetString("text"); v != "test_update" { + t.Fatalf("Expected record.text %q, got %q", "test_update", v) + } + + if v := record.GetString("select_one"); v != "optionC" { + t.Fatalf("Expected record.select_one %q, got %q", "optionC", v) + } + + if v := record.GetString("file_one"); v != file.Name { + t.Fatalf("Expected record.file_one %q, got %q", file.Name, v) + } + + testFilesCount(t, testApp, record, 2) // the file + attrs +} + +func TestRecordUpsertPasswordsSync(t *testing.T) { + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + users, err := testApp.FindCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + t.Run("new user without password", func(t *testing.T) { + record := core.NewRecord(users) + + form := forms.NewRecordUpsert(testApp, record) + + err := form.Submit() + + tests.TestValidationErrors(t, err, []string{"password", "passwordConfirm"}) + }) + + t.Run("new user with manual password", func(t *testing.T) { + record := core.NewRecord(users) + + form := forms.NewRecordUpsert(testApp, record) + + record.SetPassword("1234567890") + + err := form.Submit() + if err != nil { + t.Fatalf("Expected no errors, got %v", err) + } + }) + + t.Run("new user with random password", func(t *testing.T) { + record := core.NewRecord(users) + + form := forms.NewRecordUpsert(testApp, record) + + record.SetRandomPassword() + + err := form.Submit() + if err != nil { + t.Fatalf("Expected no errors, got %v", err) + } + }) + + t.Run("update user with no password change", func(t *testing.T) { + record, err := testApp.FindAuthRecordByEmail(users, "test@example.com") + if err != nil { + t.Fatal(err) + } + + oldHash := record.GetString("password:hash") + + form := forms.NewRecordUpsert(testApp, record) + + err = form.Submit() + if err != nil { + t.Fatalf("Expected no errors, got %v", err) + } + + newHash := record.GetString("password:hash") + if newHash == "" || newHash != oldHash { + t.Fatal("Expected no password change") + } + }) + + t.Run("update user with manual password change", func(t *testing.T) { + record, err := testApp.FindAuthRecordByEmail(users, "test@example.com") + if err != nil { + t.Fatal(err) + } + + oldHash := record.GetString("password:hash") + + form := forms.NewRecordUpsert(testApp, record) + + record.SetPassword("1234567890") + + err = form.Submit() + if err != nil { + t.Fatalf("Expected no errors, got %v", err) + } + + newHash := record.GetString("password:hash") + if newHash == "" || newHash == oldHash { + t.Fatal("Expected password change") + } + }) + + t.Run("update user with random password change", func(t *testing.T) { + record, err := testApp.FindAuthRecordByEmail(users, "test@example.com") + if err != nil { + t.Fatal(err) + } + + oldHash := record.GetString("password:hash") + + form := forms.NewRecordUpsert(testApp, record) + + record.SetRandomPassword() + + err = form.Submit() + if err != nil { + t.Fatalf("Expected no errors, got %v", err) + } + + newHash := record.GetString("password:hash") + if newHash == "" || newHash == oldHash { + t.Fatal("Expected password change") + } + }) +} + +// ------------------------------------------------------------------- + +func testFilesCount(t *testing.T, app core.App, record *core.Record, count int) { + storageDir := filepath.Join(app.DataDir(), "storage", record.Collection().Id, record.Id) + + entries, _ := os.ReadDir(storageDir) + if len(entries) != count { + t.Errorf("Expected %d entries, got %d\n%v", count, len(entries), entries) + } +} diff --git a/forms/test_email_send.go b/forms/test_email_send.go new file mode 100644 index 0000000..77da7dc --- /dev/null +++ b/forms/test_email_send.go @@ -0,0 +1,116 @@ +package forms + +import ( + "errors" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails" +) + +const ( + TestTemplateVerification = "verification" + TestTemplatePasswordReset = "password-reset" + TestTemplateEmailChange = "email-change" + TestTemplateOTP = "otp" + TestTemplateAuthAlert = "login-alert" +) + +// TestEmailSend is a email template test request form. +type TestEmailSend struct { + app core.App + + Email string `form:"email" json:"email"` + Template string `form:"template" json:"template"` + Collection string `form:"collection" json:"collection"` // optional, fallbacks to _superusers +} + +// NewTestEmailSend creates and initializes new TestEmailSend form. +func NewTestEmailSend(app core.App) *TestEmailSend { + return &TestEmailSend{app: app} +} + +// Validate makes the form validatable by implementing [validation.Validatable] interface. +func (form *TestEmailSend) Validate() error { + return validation.ValidateStruct(form, + validation.Field( + &form.Collection, + validation.Length(1, 255), + validation.By(form.checkAuthCollection), + ), + validation.Field( + &form.Email, + validation.Required, + validation.Length(1, 255), + is.EmailFormat, + ), + validation.Field( + &form.Template, + validation.Required, + validation.In( + TestTemplateVerification, + TestTemplatePasswordReset, + TestTemplateEmailChange, + TestTemplateOTP, + TestTemplateAuthAlert, + ), + ), + ) +} + +func (form *TestEmailSend) checkAuthCollection(value any) error { + v, _ := value.(string) + if v == "" { + return nil // nothing to check + } + + c, _ := form.app.FindCollectionByNameOrId(v) + if c == nil || !c.IsAuth() { + return validation.NewError("validation_invalid_auth_collection", "Must be a valid auth collection id or name.") + } + + return nil +} + +// Submit validates and sends a test email to the form.Email address. +func (form *TestEmailSend) Submit() error { + if err := form.Validate(); err != nil { + return err + } + + collectionIdOrName := form.Collection + if collectionIdOrName == "" { + collectionIdOrName = core.CollectionNameSuperusers + } + + collection, err := form.app.FindCollectionByNameOrId(collectionIdOrName) + if err != nil { + return err + } + + record := core.NewRecord(collection) + for _, field := range collection.Fields { + if field.GetHidden() { + continue + } + record.Set(field.GetName(), "__pb_test_"+field.GetName()+"__") + } + record.RefreshTokenKey() + record.SetEmail(form.Email) + + switch form.Template { + case TestTemplateVerification: + return mails.SendRecordVerification(form.app, record) + case TestTemplatePasswordReset: + return mails.SendRecordPasswordReset(form.app, record) + case TestTemplateEmailChange: + return mails.SendRecordChangeEmail(form.app, record, form.Email) + case TestTemplateOTP: + return mails.SendRecordOTP(form.app, record, "_PB_TEST_OTP_ID_", "123456") + case TestTemplateAuthAlert: + return mails.SendRecordAuthAlert(form.app, record) + default: + return errors.New("unknown template " + form.Template) + } +} diff --git a/forms/test_email_send_test.go b/forms/test_email_send_test.go new file mode 100644 index 0000000..0d58595 --- /dev/null +++ b/forms/test_email_send_test.go @@ -0,0 +1,96 @@ +package forms_test + +import ( + "fmt" + "strings" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/tests" +) + +func TestEmailSendValidateAndSubmit(t *testing.T) { + t.Parallel() + + scenarios := []struct { + template string + email string + collection string + expectedErrors []string + }{ + {"", "", "", []string{"template", "email"}}, + {"invalid", "test@example.com", "", []string{"template"}}, + {forms.TestTemplateVerification, "invalid", "", []string{"email"}}, + {forms.TestTemplateVerification, "test@example.com", "invalid", []string{"collection"}}, + {forms.TestTemplateVerification, "test@example.com", "demo1", []string{"collection"}}, + {forms.TestTemplateVerification, "test@example.com", "users", nil}, + {forms.TestTemplatePasswordReset, "test@example.com", "", nil}, + {forms.TestTemplateEmailChange, "test@example.com", "", nil}, + {forms.TestTemplateOTP, "test@example.com", "", nil}, + {forms.TestTemplateAuthAlert, "test@example.com", "", nil}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.template), func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + form := forms.NewTestEmailSend(app) + form.Email = s.email + form.Template = s.template + form.Collection = s.collection + + result := form.Submit() + + // parse errors + errs, ok := result.(validation.Errors) + if !ok && result != nil { + t.Fatalf("Failed to parse errors %v", result) + } + + // check errors + if len(errs) > len(s.expectedErrors) { + t.Fatalf("Expected error keys %v, got %v", s.expectedErrors, errs) + } + for _, k := range s.expectedErrors { + if _, ok := errs[k]; !ok { + t.Fatalf("Missing expected error key %q in %v", k, errs) + } + } + + expectedEmails := 1 + if len(s.expectedErrors) > 0 { + expectedEmails = 0 + } + + if app.TestMailer.TotalSend() != expectedEmails { + t.Fatalf("Expected %d email(s) to be sent, got %d", expectedEmails, app.TestMailer.TotalSend()) + } + + if len(s.expectedErrors) > 0 { + return + } + + var expectedContent string + switch s.template { + case forms.TestTemplatePasswordReset: + expectedContent = "Reset password" + case forms.TestTemplateEmailChange: + expectedContent = "Confirm new email" + case forms.TestTemplateVerification: + expectedContent = "Verify" + case forms.TestTemplateOTP: + expectedContent = "one-time password" + case forms.TestTemplateAuthAlert: + expectedContent = "from a new location" + default: + expectedContent = "__UNKNOWN_TEMPLATE__" + } + + if !strings.Contains(app.TestMailer.LastMessage().HTML, expectedContent) { + t.Errorf("Expected the email to contains %q, got\n%v", expectedContent, app.TestMailer.LastMessage().HTML) + } + }) + } +} diff --git a/forms/test_s3_filesystem.go b/forms/test_s3_filesystem.go new file mode 100644 index 0000000..c39c59e --- /dev/null +++ b/forms/test_s3_filesystem.go @@ -0,0 +1,87 @@ +package forms + +import ( + "errors" + "fmt" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/security" +) + +const ( + s3FilesystemStorage = "storage" + s3FilesystemBackups = "backups" +) + +// TestS3Filesystem defines a S3 filesystem connection test. +type TestS3Filesystem struct { + app core.App + + // The name of the filesystem - storage or backups + Filesystem string `form:"filesystem" json:"filesystem"` +} + +// NewTestS3Filesystem creates and initializes new TestS3Filesystem form. +func NewTestS3Filesystem(app core.App) *TestS3Filesystem { + return &TestS3Filesystem{app: app} +} + +// Validate makes the form validatable by implementing [validation.Validatable] interface. +func (form *TestS3Filesystem) Validate() error { + return validation.ValidateStruct(form, + validation.Field( + &form.Filesystem, + validation.Required, + validation.In(s3FilesystemStorage, s3FilesystemBackups), + ), + ) +} + +// Submit validates and performs a S3 filesystem connection test. +func (form *TestS3Filesystem) Submit() error { + if err := form.Validate(); err != nil { + return err + } + + var s3Config core.S3Config + + if form.Filesystem == s3FilesystemBackups { + s3Config = form.app.Settings().Backups.S3 + } else { + s3Config = form.app.Settings().S3 + } + + if !s3Config.Enabled { + return errors.New("S3 storage filesystem is not enabled") + } + + fsys, err := filesystem.NewS3( + s3Config.Bucket, + s3Config.Region, + s3Config.Endpoint, + s3Config.AccessKey, + s3Config.Secret, + s3Config.ForcePathStyle, + ) + if err != nil { + return fmt.Errorf("failed to initialize the S3 filesystem: %w", err) + } + defer fsys.Close() + + testPrefix := "pb_settings_test_" + security.PseudorandomString(5) + testFileKey := testPrefix + "/test.txt" + + // try to upload a test file + if err := fsys.Upload([]byte("test"), testFileKey); err != nil { + return fmt.Errorf("failed to upload a test file: %w", err) + } + + // test prefix deletion (ensures that both bucket list and delete works) + if errs := fsys.DeletePrefix(testPrefix); len(errs) > 0 { + return fmt.Errorf("failed to delete a test file: %w", errs[0]) + } + + return nil +} diff --git a/forms/test_s3_filesystem_test.go b/forms/test_s3_filesystem_test.go new file mode 100644 index 0000000..391cef7 --- /dev/null +++ b/forms/test_s3_filesystem_test.go @@ -0,0 +1,107 @@ +package forms_test + +import ( + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/tests" +) + +func TestS3FilesystemValidate(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + filesystem string + expectedErrors []string + }{ + { + "empty filesystem", + "", + []string{"filesystem"}, + }, + { + "invalid filesystem", + "something", + []string{"filesystem"}, + }, + { + "backups filesystem", + "backups", + []string{}, + }, + { + "storage filesystem", + "storage", + []string{}, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + form := forms.NewTestS3Filesystem(app) + form.Filesystem = s.filesystem + + result := form.Validate() + + // parse errors + errs, ok := result.(validation.Errors) + if !ok && result != nil { + t.Fatalf("Failed to parse errors %v", result) + } + + // check errors + if len(errs) > len(s.expectedErrors) { + t.Fatalf("Expected error keys %v, got %v", s.expectedErrors, errs) + } + for _, k := range s.expectedErrors { + if _, ok := errs[k]; !ok { + t.Fatalf("Missing expected error key %q in %v", k, errs) + } + } + }) + } +} + +func TestS3FilesystemSubmitFailure(t *testing.T) { + t.Parallel() + + app, _ := tests.NewTestApp() + defer app.Cleanup() + + // check if validate was called + { + form := forms.NewTestS3Filesystem(app) + form.Filesystem = "" + + result := form.Submit() + + if result == nil { + t.Fatal("Expected error, got nil") + } + + if _, ok := result.(validation.Errors); !ok { + t.Fatalf("Expected validation.Error, got %v", result) + } + } + + // check with valid storage and disabled s3 + { + form := forms.NewTestS3Filesystem(app) + form.Filesystem = "storage" + + result := form.Submit() + + if result == nil { + t.Fatal("Expected error, got nil") + } + + if _, ok := result.(validation.Error); ok { + t.Fatalf("Didn't expect validation.Error, got %v", result) + } + } +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..876c720 --- /dev/null +++ b/go.mod @@ -0,0 +1,50 @@ +module github.com/pocketbase/pocketbase + +go 1.23.0 + +require ( + github.com/disintegration/imaging v1.6.2 + github.com/domodwyer/mailyak/v3 v3.6.2 + github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c + github.com/dop251/goja_nodejs v0.0.0-20250314160716-c55ecee183c0 + github.com/fatih/color v1.18.0 + github.com/fsnotify/fsnotify v1.7.0 + github.com/gabriel-vasile/mimetype v1.4.9 + github.com/ganigeorgiev/fexpr v0.5.0 + github.com/go-ozzo/ozzo-validation/v4 v4.3.0 + github.com/golang-jwt/jwt/v5 v5.2.2 + github.com/pocketbase/dbx v1.11.0 + github.com/pocketbase/tygoja v0.0.0-20250103200817-ca580d8c5119 + github.com/spf13/cast v1.8.0 + github.com/spf13/cobra v1.9.1 + golang.org/x/crypto v0.38.0 + golang.org/x/image v0.27.0 + golang.org/x/net v0.40.0 + golang.org/x/oauth2 v0.30.0 + golang.org/x/sync v0.14.0 + modernc.org/sqlite v1.37.0 +) + +require ( + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect + github.com/dlclark/regexp2 v1.11.5 // indirect + github.com/dop251/base64dec v0.0.0-20231022112746-c6c9f9a96217 // indirect + github.com/dustin/go-humanize v1.0.1 // indirect + github.com/go-sourcemap/sourcemap v2.1.4+incompatible // indirect + github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/ncruces/go-strftime v0.1.9 // indirect + github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect + github.com/spf13/pflag v1.0.6 // indirect + golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 // indirect + golang.org/x/mod v0.24.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.25.0 // indirect + golang.org/x/tools v0.33.0 // indirect + modernc.org/libc v1.62.1 // indirect + modernc.org/mathutil v1.7.1 // indirect + modernc.org/memory v1.9.1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..3e655b9 --- /dev/null +++ b/go.sum @@ -0,0 +1,138 @@ +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/disintegration/imaging v1.6.2 h1:w1LecBlG2Lnp8B3jk5zSuNqd7b4DXhcjwek1ei82L+c= +github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44amcmDAg8hxG0Ewe4= +github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ= +github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/domodwyer/mailyak/v3 v3.6.2 h1:x3tGMsyFhTCaxp6ycgR0FE/bu5QiNp+hetUuCOBXMn8= +github.com/domodwyer/mailyak/v3 v3.6.2/go.mod h1:lOm/u9CyCVWHeaAmHIdF4RiKVxKUT/H5XX10lIKAL6c= +github.com/dop251/base64dec v0.0.0-20231022112746-c6c9f9a96217 h1:16iT9CBDOniJwFGPI41MbUDfEk74hFaKTqudrX8kenY= +github.com/dop251/base64dec v0.0.0-20231022112746-c6c9f9a96217/go.mod h1:eIb+f24U+eWQCIsj9D/ah+MD9UP+wdxuqzsdLD+mhGM= +github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c h1:mxWGS0YyquJ/ikZOjSrRjjFIbUqIP9ojyYQ+QZTU3Rg= +github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c/go.mod h1:MxLav0peU43GgvwVgNbLAj1s/bSGboKkhuULvq/7hx4= +github.com/dop251/goja_nodejs v0.0.0-20250314160716-c55ecee183c0 h1:jTwdYTGERaZ/3+glBUVQZV2NwGodd9HlkXJbTBUPLLo= +github.com/dop251/goja_nodejs v0.0.0-20250314160716-c55ecee183c0/go.mod h1:Tb7Xxye4LX7cT3i8YLvmPMGCV92IOi4CDZvm/V8ylc0= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY= +github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok= +github.com/ganigeorgiev/fexpr v0.5.0 h1:XA9JxtTE/Xm+g/JFI6RfZEHSiQlk+1glLvRK1Lpv/Tk= +github.com/ganigeorgiev/fexpr v0.5.0/go.mod h1:RyGiGqmeXhEQ6+mlGdnUleLHgtzzu/VGO2WtJkF5drE= +github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es= +github.com/go-ozzo/ozzo-validation/v4 v4.3.0/go.mod h1:2NKgrcHl3z6cJs+3Oo940FPRiTzuqKbvfrL2RxCj6Ew= +github.com/go-sourcemap/sourcemap v2.1.4+incompatible h1:a+iTbH5auLKxaNwQFg0B+TCYl6lbukKPc7b5x0n1s6Q= +github.com/go-sourcemap/sourcemap v2.1.4+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg= +github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8= +github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs= +github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4= +github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pocketbase/dbx v1.11.0 h1:LpZezioMfT3K4tLrqA55wWFw1EtH1pM4tzSVa7kgszU= +github.com/pocketbase/dbx v1.11.0/go.mod h1:xXRCIAKTHMgUCyCKZm55pUOdvFziJjQfXaWKhu2vhMs= +github.com/pocketbase/tygoja v0.0.0-20250103200817-ca580d8c5119 h1:TjQtEReJDTpvlNFTRjuHvPQpJHAeJdcQF130eCAAT/o= +github.com/pocketbase/tygoja v0.0.0-20250103200817-ca580d8c5119/go.mod h1:hKJWPGFqavk3cdTa47Qvs8g37lnfI57OYdVVbIqW5aE= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cast v1.8.0 h1:gEN9K4b8Xws4EX0+a0reLmhq8moKn7ntRlQYgjPeCDk= +github.com/spf13/cast v1.8.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= +github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= +github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= +golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= +golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6 h1:y5zboxd6LQAqYIhHnB48p0ByQ/GnQx2BE33L8BOHQkI= +golang.org/x/exp v0.0.0-20250506013437-ce4c2cf36ca6/go.mod h1:U6Lno4MTRCDY+Ba7aCcauB9T60gsv5s4ralQzP72ZoQ= +golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.27.0 h1:C8gA4oWU/tKkdCfYT6T2u4faJu3MeNS5O8UPWlPF61w= +golang.org/x/image v0.27.0/go.mod h1:xbdrClrAUway1MUTEZDq9mz/UpRwYAkFFNUslZtcB+g= +golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= +golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= +golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= +golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4= +golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= +golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= +google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +modernc.org/cc/v4 v4.25.2 h1:T2oH7sZdGvTaie0BRNFbIYsabzCxUQg8nLqCdQ2i0ic= +modernc.org/cc/v4 v4.25.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0= +modernc.org/ccgo/v4 v4.25.1 h1:TFSzPrAGmDsdnhT9X2UrcPMI3N/mJ9/X9ykKXwLhDsU= +modernc.org/ccgo/v4 v4.25.1/go.mod h1:njjuAYiPflywOOrm3B7kCB444ONP5pAVr8PIEoE0uDw= +modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE= +modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ= +modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI= +modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito= +modernc.org/libc v1.62.1 h1:s0+fv5E3FymN8eJVmnk0llBe6rOxCu/DEU+XygRbS8s= +modernc.org/libc v1.62.1/go.mod h1:iXhATfJQLjG3NWy56a6WVU73lWOcdYVxsvwCgoPljuo= +modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= +modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= +modernc.org/memory v1.9.1 h1:V/Z1solwAVmMW1yttq3nDdZPJqV1rM05Ccq6KMSZ34g= +modernc.org/memory v1.9.1/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw= +modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8= +modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns= +modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w= +modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE= +modernc.org/sqlite v1.37.0 h1:s1TMe7T3Q3ovQiK2Ouz4Jwh7dw4ZDqbebSDTlSJdfjI= +modernc.org/sqlite v1.37.0/go.mod h1:5YiWv+YviqGMuGw4V+PNplcyaJ5v+vQd7TQOgkACoJM= +modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= +modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= +modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= +modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= diff --git a/golangci.yml b/golangci.yml new file mode 100644 index 0000000..47bd8b6 --- /dev/null +++ b/golangci.yml @@ -0,0 +1,27 @@ +version: "2" +run: + go: 1.23 + concurrency: 4 + timeout: 10m +linters: + default: none + enable: + - asasalint + - asciicheck + - gomodguard + - goprintffuncname + - govet + - ineffassign + - misspell + - nakedret + - nolintlint + - prealloc + - reassign + - staticcheck + - unconvert + - unused + - whitespace +formatters: + enable: + - gofmt + - goimports diff --git a/mails/base.go b/mails/base.go new file mode 100644 index 0000000..df34c94 --- /dev/null +++ b/mails/base.go @@ -0,0 +1,33 @@ +// Package mails implements various helper methods for sending common +// emails like forgotten password, verification, etc. +package mails + +import ( + "bytes" + "text/template" +) + +// resolveTemplateContent resolves inline html template strings. +func resolveTemplateContent(data any, content ...string) (string, error) { + if len(content) == 0 { + return "", nil + } + + t := template.New("inline_template") + + var parseErr error + for _, v := range content { + t, parseErr = t.Parse(v) + if parseErr != nil { + return "", parseErr + } + } + + var wr bytes.Buffer + + if executeErr := t.Execute(&wr, data); executeErr != nil { + return "", executeErr + } + + return wr.String(), nil +} diff --git a/mails/record.go b/mails/record.go new file mode 100644 index 0000000..25b50ae --- /dev/null +++ b/mails/record.go @@ -0,0 +1,296 @@ +package mails + +import ( + "html" + "html/template" + "net/mail" + "slices" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/mails/templates" + "github.com/pocketbase/pocketbase/tools/mailer" +) + +// SendRecordAuthAlert sends a new device login alert to the specified auth record. +func SendRecordAuthAlert(app core.App, authRecord *core.Record) error { + mailClient := app.NewMailClient() + + subject, body, err := resolveEmailTemplate(app, authRecord, authRecord.Collection().AuthAlert.EmailTemplate, nil) + if err != nil { + return err + } + + message := &mailer.Message{ + From: mail.Address{ + Name: app.Settings().Meta.SenderName, + Address: app.Settings().Meta.SenderAddress, + }, + To: []mail.Address{{Address: authRecord.Email()}}, + Subject: subject, + HTML: body, + } + + event := new(core.MailerRecordEvent) + event.App = app + event.Mailer = mailClient + event.Message = message + event.Record = authRecord + + return app.OnMailerRecordAuthAlertSend().Trigger(event, func(e *core.MailerRecordEvent) error { + return e.Mailer.Send(e.Message) + }) +} + +// SendRecordOTP sends OTP email to the specified auth record. +// +// This method will also update the "sentTo" field of the related OTP record to the mail sent To address (if the OTP exists and not already assigned). +func SendRecordOTP(app core.App, authRecord *core.Record, otpId string, pass string) error { + mailClient := app.NewMailClient() + + subject, body, err := resolveEmailTemplate(app, authRecord, authRecord.Collection().OTP.EmailTemplate, map[string]any{ + core.EmailPlaceholderOTPId: otpId, + core.EmailPlaceholderOTP: pass, + }) + if err != nil { + return err + } + + message := &mailer.Message{ + From: mail.Address{ + Name: app.Settings().Meta.SenderName, + Address: app.Settings().Meta.SenderAddress, + }, + To: []mail.Address{{Address: authRecord.Email()}}, + Subject: subject, + HTML: body, + } + + event := new(core.MailerRecordEvent) + event.App = app + event.Mailer = mailClient + event.Message = message + event.Record = authRecord + event.Meta = map[string]any{ + "otpId": otpId, + "password": pass, + } + + return app.OnMailerRecordOTPSend().Trigger(event, func(e *core.MailerRecordEvent) error { + err := e.Mailer.Send(e.Message) + if err != nil { + return err + } + + var toAddress string + if len(e.Message.To) > 0 { + toAddress = e.Message.To[0].Address + } + if toAddress == "" { + return nil + } + + otp, err := e.App.FindOTPById(otpId) + if err != nil { + e.App.Logger().Warn( + "Unable to find OTP to update its sentTo field (either it was already deleted or the id is nonexisting)", + "error", err, + "otpId", otpId, + ) + return nil + } + + if otp.SentTo() != "" { + return nil // was already sent to another target + } + + otp.SetSentTo(toAddress) + if err = e.App.Save(otp); err != nil { + e.App.Logger().Error( + "Failed to update OTP sentTo field", + "error", err, + "otpId", otpId, + "to", toAddress, + ) + } + + return nil + }) +} + +// SendRecordPasswordReset sends a password reset request email to the specified auth record. +func SendRecordPasswordReset(app core.App, authRecord *core.Record) error { + token, tokenErr := authRecord.NewPasswordResetToken() + if tokenErr != nil { + return tokenErr + } + + mailClient := app.NewMailClient() + + subject, body, err := resolveEmailTemplate(app, authRecord, authRecord.Collection().ResetPasswordTemplate, map[string]any{ + core.EmailPlaceholderToken: token, + }) + if err != nil { + return err + } + + message := &mailer.Message{ + From: mail.Address{ + Name: app.Settings().Meta.SenderName, + Address: app.Settings().Meta.SenderAddress, + }, + To: []mail.Address{{Address: authRecord.Email()}}, + Subject: subject, + HTML: body, + } + + event := new(core.MailerRecordEvent) + event.App = app + event.Mailer = mailClient + event.Message = message + event.Record = authRecord + event.Meta = map[string]any{"token": token} + + return app.OnMailerRecordPasswordResetSend().Trigger(event, func(e *core.MailerRecordEvent) error { + return e.Mailer.Send(e.Message) + }) +} + +// SendRecordVerification sends a verification request email to the specified auth record. +func SendRecordVerification(app core.App, authRecord *core.Record) error { + token, tokenErr := authRecord.NewVerificationToken() + if tokenErr != nil { + return tokenErr + } + + mailClient := app.NewMailClient() + + subject, body, err := resolveEmailTemplate(app, authRecord, authRecord.Collection().VerificationTemplate, map[string]any{ + core.EmailPlaceholderToken: token, + }) + if err != nil { + return err + } + + message := &mailer.Message{ + From: mail.Address{ + Name: app.Settings().Meta.SenderName, + Address: app.Settings().Meta.SenderAddress, + }, + To: []mail.Address{{Address: authRecord.Email()}}, + Subject: subject, + HTML: body, + } + + event := new(core.MailerRecordEvent) + event.App = app + event.Mailer = mailClient + event.Message = message + event.Record = authRecord + event.Meta = map[string]any{"token": token} + + return app.OnMailerRecordVerificationSend().Trigger(event, func(e *core.MailerRecordEvent) error { + return e.Mailer.Send(e.Message) + }) +} + +// SendRecordChangeEmail sends a change email confirmation email to the specified auth record. +func SendRecordChangeEmail(app core.App, authRecord *core.Record, newEmail string) error { + token, tokenErr := authRecord.NewEmailChangeToken(newEmail) + if tokenErr != nil { + return tokenErr + } + + mailClient := app.NewMailClient() + + subject, body, err := resolveEmailTemplate(app, authRecord, authRecord.Collection().ConfirmEmailChangeTemplate, map[string]any{ + core.EmailPlaceholderToken: token, + }) + if err != nil { + return err + } + + message := &mailer.Message{ + From: mail.Address{ + Name: app.Settings().Meta.SenderName, + Address: app.Settings().Meta.SenderAddress, + }, + To: []mail.Address{{Address: newEmail}}, + Subject: subject, + HTML: body, + } + + event := new(core.MailerRecordEvent) + event.App = app + event.Mailer = mailClient + event.Message = message + event.Record = authRecord + event.Meta = map[string]any{ + "token": token, + "newEmail": newEmail, + } + + return app.OnMailerRecordEmailChangeSend().Trigger(event, func(e *core.MailerRecordEvent) error { + return e.Mailer.Send(e.Message) + }) +} + +var nonescapeTypes = []string{ + core.FieldTypeAutodate, + core.FieldTypeDate, + core.FieldTypeBool, + core.FieldTypeNumber, +} + +func resolveEmailTemplate( + app core.App, + authRecord *core.Record, + emailTemplate core.EmailTemplate, + placeholders map[string]any, +) (subject string, body string, err error) { + if placeholders == nil { + placeholders = map[string]any{} + } + + // register default system placeholders + if _, ok := placeholders[core.EmailPlaceholderAppName]; !ok { + placeholders[core.EmailPlaceholderAppName] = app.Settings().Meta.AppName + } + if _, ok := placeholders[core.EmailPlaceholderAppURL]; !ok { + placeholders[core.EmailPlaceholderAppURL] = app.Settings().Meta.AppURL + } + + // register default auth record placeholders + for _, field := range authRecord.Collection().Fields { + if field.GetHidden() { + continue + } + + fieldPlacehodler := "{RECORD:" + field.GetName() + "}" + if _, ok := placeholders[fieldPlacehodler]; !ok { + val := authRecord.GetString(field.GetName()) + + // note: the escaping is not strictly necessary but for just in case + // the user decide to store and render the email as plain html + if !slices.Contains(nonescapeTypes, field.Type()) { + val = html.EscapeString(val) + } + + placeholders[fieldPlacehodler] = val + } + } + + subject, rawBody := emailTemplate.Resolve(placeholders) + + params := struct { + HTMLContent template.HTML + }{ + HTMLContent: template.HTML(rawBody), + } + + body, err = resolveTemplateContent(params, templates.Layout, templates.HTMLBody) + if err != nil { + return "", "", err + } + + return subject, body, nil +} diff --git a/mails/record_test.go b/mails/record_test.go new file mode 100644 index 0000000..0f103db --- /dev/null +++ b/mails/record_test.go @@ -0,0 +1,168 @@ +package mails_test + +import ( + "html" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/mails" + "github.com/pocketbase/pocketbase/tests" +) + +func TestSendRecordAuthAlert(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + user, _ := testApp.FindFirstRecordByData("users", "email", "test@example.com") + + // to test that it is escaped + user.Set("name", "

"+user.GetString("name")+"

") + + err := mails.SendRecordAuthAlert(testApp, user) + if err != nil { + t.Fatal(err) + } + + if testApp.TestMailer.TotalSend() != 1 { + t.Fatalf("Expected one email to be sent, got %d", testApp.TestMailer.TotalSend()) + } + + expectedParts := []string{ + html.EscapeString(user.GetString("name")) + "{RECORD:tokenKey}", // public and private record placeholder checks + "login to your " + testApp.Settings().Meta.AppName + " account from a new location", + "If this was you", + "If this wasn't you", + } + for _, part := range expectedParts { + if !strings.Contains(testApp.TestMailer.LastMessage().HTML, part) { + t.Fatalf("Couldn't find %s \nin\n %s", part, testApp.TestMailer.LastMessage().HTML) + } + } +} + +func TestSendRecordPasswordReset(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + user, _ := testApp.FindFirstRecordByData("users", "email", "test@example.com") + + // to test that it is escaped + user.Set("name", "

"+user.GetString("name")+"

") + + err := mails.SendRecordPasswordReset(testApp, user) + if err != nil { + t.Fatal(err) + } + + if testApp.TestMailer.TotalSend() != 1 { + t.Fatalf("Expected one email to be sent, got %d", testApp.TestMailer.TotalSend()) + } + + expectedParts := []string{ + html.EscapeString(user.GetString("name")) + "{RECORD:tokenKey}", // the record name as {RECORD:name} + "http://localhost:8090/_/#/auth/confirm-password-reset/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.", + } + for _, part := range expectedParts { + if !strings.Contains(testApp.TestMailer.LastMessage().HTML, part) { + t.Fatalf("Couldn't find %s \nin\n %s", part, testApp.TestMailer.LastMessage().HTML) + } + } +} + +func TestSendRecordVerification(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + user, _ := testApp.FindFirstRecordByData("users", "email", "test@example.com") + + // to test that it is escaped + user.Set("name", "

"+user.GetString("name")+"

") + + err := mails.SendRecordVerification(testApp, user) + if err != nil { + t.Fatal(err) + } + + if testApp.TestMailer.TotalSend() != 1 { + t.Fatalf("Expected one email to be sent, got %d", testApp.TestMailer.TotalSend()) + } + + expectedParts := []string{ + html.EscapeString(user.GetString("name")) + "{RECORD:tokenKey}", // the record name as {RECORD:name} + "http://localhost:8090/_/#/auth/confirm-verification/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.", + } + for _, part := range expectedParts { + if !strings.Contains(testApp.TestMailer.LastMessage().HTML, part) { + t.Fatalf("Couldn't find %s \nin\n %s", part, testApp.TestMailer.LastMessage().HTML) + } + } +} + +func TestSendRecordChangeEmail(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + user, _ := testApp.FindFirstRecordByData("users", "email", "test@example.com") + + // to test that it is escaped + user.Set("name", "

"+user.GetString("name")+"

") + + err := mails.SendRecordChangeEmail(testApp, user, "new_test@example.com") + if err != nil { + t.Fatal(err) + } + + if testApp.TestMailer.TotalSend() != 1 { + t.Fatalf("Expected one email to be sent, got %d", testApp.TestMailer.TotalSend()) + } + + expectedParts := []string{ + html.EscapeString(user.GetString("name")) + "{RECORD:tokenKey}", // the record name as {RECORD:name} + "http://localhost:8090/_/#/auth/confirm-email-change/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.", + } + for _, part := range expectedParts { + if !strings.Contains(testApp.TestMailer.LastMessage().HTML, part) { + t.Fatalf("Couldn't find %s \nin\n %s", part, testApp.TestMailer.LastMessage().HTML) + } + } +} + +func TestSendRecordOTP(t *testing.T) { + t.Parallel() + + testApp, _ := tests.NewTestApp() + defer testApp.Cleanup() + + user, _ := testApp.FindFirstRecordByData("users", "email", "test@example.com") + + // to test that it is escaped + user.Set("name", "

"+user.GetString("name")+"

") + + err := mails.SendRecordOTP(testApp, user, "test_otp_id", "test_otp_code") + if err != nil { + t.Fatal(err) + } + + if testApp.TestMailer.TotalSend() != 1 { + t.Fatalf("Expected one email to be sent, got %d", testApp.TestMailer.TotalSend()) + } + + expectedParts := []string{ + html.EscapeString(user.GetString("name")) + "{RECORD:tokenKey}", // the record name as {RECORD:name} + "one-time password", + "test_otp_code", + } + for _, part := range expectedParts { + if !strings.Contains(testApp.TestMailer.LastMessage().HTML, part) { + t.Fatalf("Couldn't find %s \nin\n %s", part, testApp.TestMailer.LastMessage().HTML) + } + } +} diff --git a/mails/templates/html_content.go b/mails/templates/html_content.go new file mode 100644 index 0000000..34d5845 --- /dev/null +++ b/mails/templates/html_content.go @@ -0,0 +1,8 @@ +package templates + +// Available variables: +// +// ``` +// HTMLContent template.HTML +// ``` +const HTMLBody = `{{define "content"}}{{.HTMLContent}}{{end}}` diff --git a/mails/templates/layout.go b/mails/templates/layout.go new file mode 100644 index 0000000..7a43ad9 --- /dev/null +++ b/mails/templates/layout.go @@ -0,0 +1,79 @@ +package templates + +const Layout = ` + + + + + + + + + {{template "content" .}} + + +` diff --git a/migrations/1640988000_aux_init.go b/migrations/1640988000_aux_init.go new file mode 100644 index 0000000..db1b841 --- /dev/null +++ b/migrations/1640988000_aux_init.go @@ -0,0 +1,36 @@ +package migrations + +import ( + "github.com/pocketbase/pocketbase/core" +) + +func init() { + core.SystemMigrations.Add(&core.Migration{ + Up: func(txApp core.App) error { + _, execErr := txApp.AuxDB().NewQuery(` + CREATE TABLE IF NOT EXISTS {{_logs}} ( + [[id]] TEXT PRIMARY KEY DEFAULT ('r'||lower(hex(randomblob(7)))) NOT NULL, + [[level]] INTEGER DEFAULT 0 NOT NULL, + [[message]] TEXT DEFAULT "" NOT NULL, + [[data]] JSON DEFAULT "{}" NOT NULL, + [[created]] TEXT DEFAULT (strftime('%Y-%m-%d %H:%M:%fZ')) NOT NULL + ); + + CREATE INDEX IF NOT EXISTS idx_logs_level on {{_logs}} ([[level]]); + CREATE INDEX IF NOT EXISTS idx_logs_message on {{_logs}} ([[message]]); + CREATE INDEX IF NOT EXISTS idx_logs_created_hour on {{_logs}} (strftime('%Y-%m-%d %H:00:00', [[created]])); + `).Execute() + + return execErr + }, + Down: func(txApp core.App) error { + _, err := txApp.AuxDB().DropTable("_logs").Execute() + return err + }, + ReapplyCondition: func(txApp core.App, runner *core.MigrationsRunner, fileName string) (bool, error) { + // reapply only if the _logs table doesn't exist + exists := txApp.AuxHasTable("_logs") + return !exists, nil + }, + }) +} diff --git a/migrations/1640988000_init.go b/migrations/1640988000_init.go new file mode 100644 index 0000000..541f045 --- /dev/null +++ b/migrations/1640988000_init.go @@ -0,0 +1,347 @@ +package migrations + +import ( + "fmt" + "path/filepath" + "runtime" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/types" +) + +// Register is a short alias for `AppMigrations.Register()` +// that is usually used in external/user defined migrations. +func Register( + up func(app core.App) error, + down func(app core.App) error, + optFilename ...string, +) { + var optFiles []string + if len(optFilename) > 0 { + optFiles = optFilename + } else { + _, path, _, _ := runtime.Caller(1) + optFiles = append(optFiles, filepath.Base(path)) + } + core.AppMigrations.Register(up, down, optFiles...) +} + +func init() { + core.SystemMigrations.Register(func(txApp core.App) error { + if err := createParamsTable(txApp); err != nil { + return fmt.Errorf("_params exec error: %w", err) + } + + // ----------------------------------------------------------- + + _, execerr := txApp.DB().NewQuery(` + CREATE TABLE {{_collections}} ( + [[id]] TEXT PRIMARY KEY DEFAULT ('r'||lower(hex(randomblob(7)))) NOT NULL, + [[system]] BOOLEAN DEFAULT FALSE NOT NULL, + [[type]] TEXT DEFAULT "base" NOT NULL, + [[name]] TEXT UNIQUE NOT NULL, + [[fields]] JSON DEFAULT "[]" NOT NULL, + [[indexes]] JSON DEFAULT "[]" NOT NULL, + [[listRule]] TEXT DEFAULT NULL, + [[viewRule]] TEXT DEFAULT NULL, + [[createRule]] TEXT DEFAULT NULL, + [[updateRule]] TEXT DEFAULT NULL, + [[deleteRule]] TEXT DEFAULT NULL, + [[options]] JSON DEFAULT "{}" NOT NULL, + [[created]] TEXT DEFAULT (strftime('%Y-%m-%d %H:%M:%fZ')) NOT NULL, + [[updated]] TEXT DEFAULT (strftime('%Y-%m-%d %H:%M:%fZ')) NOT NULL + ); + + CREATE INDEX IF NOT EXISTS idx__collections_type on {{_collections}} ([[type]]); + `).Execute() + if execerr != nil { + return fmt.Errorf("_collections exec error: %w", execerr) + } + + if err := createMFAsCollection(txApp); err != nil { + return fmt.Errorf("_mfas error: %w", err) + } + + if err := createOTPsCollection(txApp); err != nil { + return fmt.Errorf("_otps error: %w", err) + } + + if err := createExternalAuthsCollection(txApp); err != nil { + return fmt.Errorf("_externalAuths error: %w", err) + } + + if err := createAuthOriginsCollection(txApp); err != nil { + return fmt.Errorf("_authOrigins error: %w", err) + } + + if err := createSuperusersCollection(txApp); err != nil { + return fmt.Errorf("_superusers error: %w", err) + } + + if err := createUsersCollection(txApp); err != nil { + return fmt.Errorf("users error: %w", err) + } + + return nil + }, func(txApp core.App) error { + tables := []string{ + "users", + core.CollectionNameSuperusers, + core.CollectionNameMFAs, + core.CollectionNameOTPs, + core.CollectionNameAuthOrigins, + "_params", + "_collections", + } + + for _, name := range tables { + if _, err := txApp.DB().DropTable(name).Execute(); err != nil { + return err + } + } + + return nil + }) +} + +func createParamsTable(txApp core.App) error { + _, execErr := txApp.DB().NewQuery(` + CREATE TABLE {{_params}} ( + [[id]] TEXT PRIMARY KEY DEFAULT ('r'||lower(hex(randomblob(7)))) NOT NULL, + [[value]] JSON DEFAULT NULL, + [[created]] TEXT DEFAULT (strftime('%Y-%m-%d %H:%M:%fZ')) NOT NULL, + [[updated]] TEXT DEFAULT (strftime('%Y-%m-%d %H:%M:%fZ')) NOT NULL + ); + `).Execute() + + return execErr +} + +func createMFAsCollection(txApp core.App) error { + col := core.NewBaseCollection(core.CollectionNameMFAs) + col.System = true + + ownerRule := "@request.auth.id != '' && recordRef = @request.auth.id && collectionRef = @request.auth.collectionId" + col.ListRule = types.Pointer(ownerRule) + col.ViewRule = types.Pointer(ownerRule) + + col.Fields.Add(&core.TextField{ + Name: "collectionRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "recordRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "method", + System: true, + Required: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "created", + System: true, + OnCreate: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "updated", + System: true, + OnCreate: true, + OnUpdate: true, + }) + col.AddIndex("idx_mfas_collectionRef_recordRef", false, "collectionRef,recordRef", "") + + return txApp.Save(col) +} + +func createOTPsCollection(txApp core.App) error { + col := core.NewBaseCollection(core.CollectionNameOTPs) + col.System = true + + ownerRule := "@request.auth.id != '' && recordRef = @request.auth.id && collectionRef = @request.auth.collectionId" + col.ListRule = types.Pointer(ownerRule) + col.ViewRule = types.Pointer(ownerRule) + + col.Fields.Add(&core.TextField{ + Name: "collectionRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "recordRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.PasswordField{ + Name: "password", + System: true, + Hidden: true, + Required: true, + Cost: 8, // low cost for better performance and because it is not critical + }) + col.Fields.Add(&core.TextField{ + Name: "sentTo", + System: true, + Hidden: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "created", + System: true, + OnCreate: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "updated", + System: true, + OnCreate: true, + OnUpdate: true, + }) + col.AddIndex("idx_otps_collectionRef_recordRef", false, "collectionRef, recordRef", "") + + return txApp.Save(col) +} + +func createAuthOriginsCollection(txApp core.App) error { + col := core.NewBaseCollection(core.CollectionNameAuthOrigins) + col.System = true + + ownerRule := "@request.auth.id != '' && recordRef = @request.auth.id && collectionRef = @request.auth.collectionId" + col.ListRule = types.Pointer(ownerRule) + col.ViewRule = types.Pointer(ownerRule) + col.DeleteRule = types.Pointer(ownerRule) + + col.Fields.Add(&core.TextField{ + Name: "collectionRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "recordRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "fingerprint", + System: true, + Required: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "created", + System: true, + OnCreate: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "updated", + System: true, + OnCreate: true, + OnUpdate: true, + }) + col.AddIndex("idx_authOrigins_unique_pairs", true, "collectionRef, recordRef, fingerprint", "") + + return txApp.Save(col) +} + +func createExternalAuthsCollection(txApp core.App) error { + col := core.NewBaseCollection(core.CollectionNameExternalAuths) + col.System = true + + ownerRule := "@request.auth.id != '' && recordRef = @request.auth.id && collectionRef = @request.auth.collectionId" + col.ListRule = types.Pointer(ownerRule) + col.ViewRule = types.Pointer(ownerRule) + col.DeleteRule = types.Pointer(ownerRule) + + col.Fields.Add(&core.TextField{ + Name: "collectionRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "recordRef", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "provider", + System: true, + Required: true, + }) + col.Fields.Add(&core.TextField{ + Name: "providerId", + System: true, + Required: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "created", + System: true, + OnCreate: true, + }) + col.Fields.Add(&core.AutodateField{ + Name: "updated", + System: true, + OnCreate: true, + OnUpdate: true, + }) + col.AddIndex("idx_externalAuths_record_provider", true, "collectionRef, recordRef, provider", "") + col.AddIndex("idx_externalAuths_collection_provider", true, "collectionRef, provider, providerId", "") + + return txApp.Save(col) +} + +func createSuperusersCollection(txApp core.App) error { + superusers := core.NewAuthCollection(core.CollectionNameSuperusers) + superusers.System = true + superusers.Fields.Add(&core.EmailField{ + Name: "email", + System: true, + Required: true, + }) + superusers.Fields.Add(&core.AutodateField{ + Name: "created", + System: true, + OnCreate: true, + }) + superusers.Fields.Add(&core.AutodateField{ + Name: "updated", + System: true, + OnCreate: true, + OnUpdate: true, + }) + superusers.AuthToken.Duration = 86400 // 1 day + + return txApp.Save(superusers) +} + +func createUsersCollection(txApp core.App) error { + users := core.NewAuthCollection("users", "_pb_users_auth_") + + ownerRule := "id = @request.auth.id" + users.ListRule = types.Pointer(ownerRule) + users.ViewRule = types.Pointer(ownerRule) + users.CreateRule = types.Pointer("") + users.UpdateRule = types.Pointer(ownerRule) + users.DeleteRule = types.Pointer(ownerRule) + + users.Fields.Add(&core.TextField{ + Name: "name", + Max: 255, + }) + users.Fields.Add(&core.FileField{ + Name: "avatar", + MaxSelect: 1, + MimeTypes: []string{"image/jpeg", "image/png", "image/svg+xml", "image/gif", "image/webp"}, + }) + users.Fields.Add(&core.AutodateField{ + Name: "created", + OnCreate: true, + }) + users.Fields.Add(&core.AutodateField{ + Name: "updated", + OnCreate: true, + OnUpdate: true, + }) + users.OAuth2.MappedFields.Name = "name" + users.OAuth2.MappedFields.AvatarURL = "avatar" + + return txApp.Save(users) +} diff --git a/migrations/1717233556_v0.23_migrate.go b/migrations/1717233556_v0.23_migrate.go new file mode 100644 index 0000000..c6b9818 --- /dev/null +++ b/migrations/1717233556_v0.23_migrate.go @@ -0,0 +1,912 @@ +package migrations + +import ( + "encoding/json" + "errors" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" + "golang.org/x/crypto/bcrypt" +) + +// note: this migration will be deleted in future version + +func init() { + core.SystemMigrations.Register(func(txApp core.App) error { + // note: mfas and authOrigins tables are available only with v0.23 + hasUpgraded := txApp.HasTable(core.CollectionNameMFAs) && txApp.HasTable(core.CollectionNameAuthOrigins) + if hasUpgraded { + return nil + } + + oldSettings, err := loadOldSettings(txApp) + if err != nil { + return fmt.Errorf("failed to fetch old settings: %w", err) + } + + if err = migrateOldCollections(txApp, oldSettings); err != nil { + return err + } + + if err = migrateSuperusers(txApp, oldSettings); err != nil { + return fmt.Errorf("failed to migrate admins->superusers: %w", err) + } + + if err = migrateSettings(txApp, oldSettings); err != nil { + return fmt.Errorf("failed to migrate settings: %w", err) + } + + if err = migrateExternalAuths(txApp); err != nil { + return fmt.Errorf("failed to migrate externalAuths: %w", err) + } + + if err = createMFAsCollection(txApp); err != nil { + return fmt.Errorf("failed to create mfas collection: %w", err) + } + + if err = createOTPsCollection(txApp); err != nil { + return fmt.Errorf("failed to create otps collection: %w", err) + } + + if err = createAuthOriginsCollection(txApp); err != nil { + return fmt.Errorf("failed to create authOrigins collection: %w", err) + } + + err = os.Remove(filepath.Join(txApp.DataDir(), "logs.db")) + if err != nil && !errors.Is(err, os.ErrNotExist) { + txApp.Logger().Warn("Failed to delete old logs.db file", "error", err) + } + + return nil + }, nil) +} + +// ------------------------------------------------------------------- + +func migrateSuperusers(txApp core.App, oldSettings *oldSettingsModel) error { + // create new superusers collection and table + err := createSuperusersCollection(txApp) + if err != nil { + return err + } + + // update with the token options from the old settings + superusersCollection, err := txApp.FindCollectionByNameOrId(core.CollectionNameSuperusers) + if err != nil { + return err + } + + superusersCollection.AuthToken.Secret = zeroFallback( + cast.ToString(getMapVal(oldSettings.Value, "adminAuthToken", "secret")), + superusersCollection.AuthToken.Secret, + ) + superusersCollection.AuthToken.Duration = zeroFallback( + cast.ToInt64(getMapVal(oldSettings.Value, "adminAuthToken", "duration")), + superusersCollection.AuthToken.Duration, + ) + superusersCollection.PasswordResetToken.Secret = zeroFallback( + cast.ToString(getMapVal(oldSettings.Value, "adminPasswordResetToken", "secret")), + superusersCollection.PasswordResetToken.Secret, + ) + superusersCollection.PasswordResetToken.Duration = zeroFallback( + cast.ToInt64(getMapVal(oldSettings.Value, "adminPasswordResetToken", "duration")), + superusersCollection.PasswordResetToken.Duration, + ) + superusersCollection.FileToken.Secret = zeroFallback( + cast.ToString(getMapVal(oldSettings.Value, "adminFileToken", "secret")), + superusersCollection.FileToken.Secret, + ) + superusersCollection.FileToken.Duration = zeroFallback( + cast.ToInt64(getMapVal(oldSettings.Value, "adminFileToken", "duration")), + superusersCollection.FileToken.Duration, + ) + if err = txApp.Save(superusersCollection); err != nil { + return fmt.Errorf("failed to migrate token configs: %w", err) + } + + // copy old admins records into the new one + _, err = txApp.DB().NewQuery(` + INSERT INTO {{` + core.CollectionNameSuperusers + `}} ([[id]], [[verified]], [[email]], [[password]], [[tokenKey]], [[created]], [[updated]]) + SELECT [[id]], true, [[email]], [[passwordHash]], [[tokenKey]], [[created]], [[updated]] FROM {{_admins}}; + `).Execute() + if err != nil { + return err + } + + // remove old admins table + _, err = txApp.DB().DropTable("_admins").Execute() + if err != nil { + return err + } + + return nil +} + +// ------------------------------------------------------------------- + +type oldSettingsModel struct { + Id string `db:"id" json:"id"` + Key string `db:"key" json:"key"` + RawValue types.JSONRaw `db:"value" json:"value"` + Value map[string]any `db:"-" json:"-"` +} + +func loadOldSettings(txApp core.App) (*oldSettingsModel, error) { + oldSettings := &oldSettingsModel{Value: map[string]any{}} + err := txApp.DB().Select().From("_params").Where(dbx.HashExp{"key": "settings"}).One(oldSettings) + if err != nil { + return nil, err + } + + // try without decrypt + plainDecodeErr := json.Unmarshal(oldSettings.RawValue, &oldSettings.Value) + + // failed, try to decrypt + if plainDecodeErr != nil { + encryptionKey := os.Getenv(txApp.EncryptionEnv()) + + // load without decryption has failed and there is no encryption key to use for decrypt + if encryptionKey == "" { + return nil, fmt.Errorf("invalid settings db data or missing encryption key %q", txApp.EncryptionEnv()) + } + + // decrypt + decrypted, decryptErr := security.Decrypt(string(oldSettings.RawValue), encryptionKey) + if decryptErr != nil { + return nil, decryptErr + } + + // decode again + decryptedDecodeErr := json.Unmarshal(decrypted, &oldSettings.Value) + if decryptedDecodeErr != nil { + return nil, decryptedDecodeErr + } + } + + return oldSettings, nil +} + +func migrateSettings(txApp core.App, oldSettings *oldSettingsModel) error { + // renamed old params collection + _, err := txApp.DB().RenameTable("_params", "_params_old").Execute() + if err != nil { + return err + } + + // create new params table + err = createParamsTable(txApp) + if err != nil { + return err + } + + // migrate old settings + newSettings := txApp.Settings() + // --- + newSettings.Meta.AppName = cast.ToString(getMapVal(oldSettings.Value, "meta", "appName")) + newSettings.Meta.AppURL = strings.TrimSuffix(cast.ToString(getMapVal(oldSettings.Value, "meta", "appUrl")), "/") + newSettings.Meta.HideControls = cast.ToBool(getMapVal(oldSettings.Value, "meta", "hideControls")) + newSettings.Meta.SenderName = cast.ToString(getMapVal(oldSettings.Value, "meta", "senderName")) + newSettings.Meta.SenderAddress = cast.ToString(getMapVal(oldSettings.Value, "meta", "senderAddress")) + // --- + newSettings.Logs.MaxDays = cast.ToInt(getMapVal(oldSettings.Value, "logs", "maxDays")) + newSettings.Logs.MinLevel = cast.ToInt(getMapVal(oldSettings.Value, "logs", "minLevel")) + newSettings.Logs.LogIP = cast.ToBool(getMapVal(oldSettings.Value, "logs", "logIp")) + // --- + newSettings.SMTP.Enabled = cast.ToBool(getMapVal(oldSettings.Value, "smtp", "enabled")) + newSettings.SMTP.Port = cast.ToInt(getMapVal(oldSettings.Value, "smtp", "port")) + newSettings.SMTP.Host = cast.ToString(getMapVal(oldSettings.Value, "smtp", "host")) + newSettings.SMTP.Username = cast.ToString(getMapVal(oldSettings.Value, "smtp", "username")) + newSettings.SMTP.Password = cast.ToString(getMapVal(oldSettings.Value, "smtp", "password")) + newSettings.SMTP.AuthMethod = cast.ToString(getMapVal(oldSettings.Value, "smtp", "authMethod")) + newSettings.SMTP.TLS = cast.ToBool(getMapVal(oldSettings.Value, "smtp", "tls")) + newSettings.SMTP.LocalName = cast.ToString(getMapVal(oldSettings.Value, "smtp", "localName")) + // --- + newSettings.Backups.Cron = cast.ToString(getMapVal(oldSettings.Value, "backups", "cron")) + newSettings.Backups.CronMaxKeep = cast.ToInt(getMapVal(oldSettings.Value, "backups", "cronMaxKeep")) + newSettings.Backups.S3 = core.S3Config{ + Enabled: cast.ToBool(getMapVal(oldSettings.Value, "backups", "s3", "enabled")), + Bucket: cast.ToString(getMapVal(oldSettings.Value, "backups", "s3", "bucket")), + Region: cast.ToString(getMapVal(oldSettings.Value, "backups", "s3", "region")), + Endpoint: cast.ToString(getMapVal(oldSettings.Value, "backups", "s3", "endpoint")), + AccessKey: cast.ToString(getMapVal(oldSettings.Value, "backups", "s3", "accessKey")), + Secret: cast.ToString(getMapVal(oldSettings.Value, "backups", "s3", "secret")), + ForcePathStyle: cast.ToBool(getMapVal(oldSettings.Value, "backups", "s3", "forcePathStyle")), + } + // --- + newSettings.S3 = core.S3Config{ + Enabled: cast.ToBool(getMapVal(oldSettings.Value, "s3", "enabled")), + Bucket: cast.ToString(getMapVal(oldSettings.Value, "s3", "bucket")), + Region: cast.ToString(getMapVal(oldSettings.Value, "s3", "region")), + Endpoint: cast.ToString(getMapVal(oldSettings.Value, "s3", "endpoint")), + AccessKey: cast.ToString(getMapVal(oldSettings.Value, "s3", "accessKey")), + Secret: cast.ToString(getMapVal(oldSettings.Value, "s3", "secret")), + ForcePathStyle: cast.ToBool(getMapVal(oldSettings.Value, "s3", "forcePathStyle")), + } + // --- + err = txApp.Save(newSettings) + if err != nil { + return err + } + + // remove old params table + _, err = txApp.DB().DropTable("_params_old").Execute() + if err != nil { + return err + } + + return nil +} + +// ------------------------------------------------------------------- + +func migrateExternalAuths(txApp core.App) error { + // renamed old externalAuths table + _, err := txApp.DB().RenameTable("_externalAuths", "_externalAuths_old").Execute() + if err != nil { + return err + } + + // create new externalAuths collection and table + err = createExternalAuthsCollection(txApp) + if err != nil { + return err + } + + // copy old externalAuths records into the new one + _, err = txApp.DB().NewQuery(` + INSERT INTO {{` + core.CollectionNameExternalAuths + `}} ([[id]], [[collectionRef]], [[recordRef]], [[provider]], [[providerId]], [[created]], [[updated]]) + SELECT [[id]], [[collectionId]], [[recordId]], [[provider]], [[providerId]], [[created]], [[updated]] FROM {{_externalAuths_old}}; + `).Execute() + if err != nil { + return err + } + + // remove old externalAuths table + _, err = txApp.DB().DropTable("_externalAuths_old").Execute() + if err != nil { + return err + } + + return nil +} + +// ------------------------------------------------------------------- + +func migrateOldCollections(txApp core.App, oldSettings *oldSettingsModel) error { + oldCollections := []*OldCollectionModel{} + err := txApp.DB().Select().From("_collections").All(&oldCollections) + if err != nil { + return err + } + + for _, c := range oldCollections { + dummyAuthCollection := core.NewAuthCollection("test") + + options := c.Options + c.Options = types.JSONMap[any]{} // reset + + // update rules + // --- + c.ListRule = migrateRule(c.ListRule) + c.ViewRule = migrateRule(c.ViewRule) + c.CreateRule = migrateRule(c.CreateRule) + c.UpdateRule = migrateRule(c.UpdateRule) + c.DeleteRule = migrateRule(c.DeleteRule) + + // migrate fields + // --- + for i, field := range c.Schema { + switch cast.ToString(field["type"]) { + case "bool": + field = toBoolField(field) + case "number": + field = toNumberField(field) + case "text": + field = toTextField(field) + case "url": + field = toURLField(field) + case "email": + field = toEmailField(field) + case "editor": + field = toEditorField(field) + case "date": + field = toDateField(field) + case "select": + field = toSelectField(field) + case "json": + field = toJSONField(field) + case "relation": + field = toRelationField(field) + case "file": + field = toFileField(field) + } + c.Schema[i] = field + } + + // type specific changes + switch c.Type { + case "auth": + // token configs + // --- + c.Options["authToken"] = map[string]any{ + "secret": zeroFallback(cast.ToString(getMapVal(oldSettings.Value, "recordAuthToken", "secret")), dummyAuthCollection.AuthToken.Secret), + "duration": zeroFallback(cast.ToInt64(getMapVal(oldSettings.Value, "recordAuthToken", "duration")), dummyAuthCollection.AuthToken.Duration), + } + c.Options["passwordResetToken"] = map[string]any{ + "secret": zeroFallback(cast.ToString(getMapVal(oldSettings.Value, "recordPasswordResetToken", "secret")), dummyAuthCollection.PasswordResetToken.Secret), + "duration": zeroFallback(cast.ToInt64(getMapVal(oldSettings.Value, "recordPasswordResetToken", "duration")), dummyAuthCollection.PasswordResetToken.Duration), + } + c.Options["emailChangeToken"] = map[string]any{ + "secret": zeroFallback(cast.ToString(getMapVal(oldSettings.Value, "recordEmailChangeToken", "secret")), dummyAuthCollection.EmailChangeToken.Secret), + "duration": zeroFallback(cast.ToInt64(getMapVal(oldSettings.Value, "recordEmailChangeToken", "duration")), dummyAuthCollection.EmailChangeToken.Duration), + } + c.Options["verificationToken"] = map[string]any{ + "secret": zeroFallback(cast.ToString(getMapVal(oldSettings.Value, "recordVerificationToken", "secret")), dummyAuthCollection.VerificationToken.Secret), + "duration": zeroFallback(cast.ToInt64(getMapVal(oldSettings.Value, "recordVerificationToken", "duration")), dummyAuthCollection.VerificationToken.Duration), + } + c.Options["fileToken"] = map[string]any{ + "secret": zeroFallback(cast.ToString(getMapVal(oldSettings.Value, "recordFileToken", "secret")), dummyAuthCollection.FileToken.Secret), + "duration": zeroFallback(cast.ToInt64(getMapVal(oldSettings.Value, "recordFileToken", "duration")), dummyAuthCollection.FileToken.Duration), + } + + onlyVerified := cast.ToBool(options["onlyVerified"]) + if onlyVerified { + c.Options["authRule"] = "verified=true" + } else { + c.Options["authRule"] = "" + } + + c.Options["manageRule"] = nil + if options["manageRule"] != nil { + manageRule, err := cast.ToStringE(options["manageRule"]) + if err == nil && manageRule != "" { + c.Options["manageRule"] = migrateRule(&manageRule) + } + } + + // passwordAuth + identityFields := []string{} + if cast.ToBool(options["allowEmailAuth"]) { + identityFields = append(identityFields, "email") + } + if cast.ToBool(options["allowUsernameAuth"]) { + identityFields = append(identityFields, "username") + } + c.Options["passwordAuth"] = map[string]any{ + "enabled": len(identityFields) > 0, + "identityFields": identityFields, + } + + // oauth2 + // --- + oauth2Providers := []map[string]any{} + providerNames := []string{ + "googleAuth", + "facebookAuth", + "githubAuth", + "gitlabAuth", + "discordAuth", + "twitterAuth", + "microsoftAuth", + "spotifyAuth", + "kakaoAuth", + "twitchAuth", + "stravaAuth", + "giteeAuth", + "livechatAuth", + "giteaAuth", + "oidcAuth", + "oidc2Auth", + "oidc3Auth", + "appleAuth", + "instagramAuth", + "vkAuth", + "yandexAuth", + "patreonAuth", + "mailcowAuth", + "bitbucketAuth", + "planningcenterAuth", + } + for _, name := range providerNames { + if !cast.ToBool(getMapVal(oldSettings.Value, name, "enabled")) { + continue + } + oauth2Providers = append(oauth2Providers, map[string]any{ + "name": strings.TrimSuffix(name, "Auth"), + "clientId": cast.ToString(getMapVal(oldSettings.Value, name, "clientId")), + "clientSecret": cast.ToString(getMapVal(oldSettings.Value, name, "clientSecret")), + "authURL": cast.ToString(getMapVal(oldSettings.Value, name, "authUrl")), + "tokenURL": cast.ToString(getMapVal(oldSettings.Value, name, "tokenUrl")), + "userInfoURL": cast.ToString(getMapVal(oldSettings.Value, name, "userApiUrl")), + "displayName": cast.ToString(getMapVal(oldSettings.Value, name, "displayName")), + "pkce": getMapVal(oldSettings.Value, name, "pkce"), + }) + } + + c.Options["oauth2"] = map[string]any{ + "enabled": cast.ToBool(options["allowOAuth2Auth"]) && len(oauth2Providers) > 0, + "providers": oauth2Providers, + "mappedFields": map[string]string{ + "username": "username", + }, + } + + // default email templates + // --- + emailTemplates := map[string]core.EmailTemplate{ + "verificationTemplate": dummyAuthCollection.VerificationTemplate, + "resetPasswordTemplate": dummyAuthCollection.ResetPasswordTemplate, + "confirmEmailChangeTemplate": dummyAuthCollection.ConfirmEmailChangeTemplate, + } + for name, fallback := range emailTemplates { + c.Options[name] = map[string]any{ + "subject": zeroFallback( + cast.ToString(getMapVal(oldSettings.Value, "meta", name, "subject")), + fallback.Subject, + ), + "body": zeroFallback( + strings.ReplaceAll( + cast.ToString(getMapVal(oldSettings.Value, "meta", name, "body")), + "{ACTION_URL}", + cast.ToString(getMapVal(oldSettings.Value, "meta", name, "actionUrl")), + ), + fallback.Body, + ), + } + } + + // mfa + // --- + c.Options["mfa"] = map[string]any{ + "enabled": dummyAuthCollection.MFA.Enabled, + "duration": dummyAuthCollection.MFA.Duration, + "rule": dummyAuthCollection.MFA.Rule, + } + + // otp + // --- + c.Options["otp"] = map[string]any{ + "enabled": dummyAuthCollection.OTP.Enabled, + "duration": dummyAuthCollection.OTP.Duration, + "length": dummyAuthCollection.OTP.Length, + "emailTemplate": map[string]any{ + "subject": dummyAuthCollection.OTP.EmailTemplate.Subject, + "body": dummyAuthCollection.OTP.EmailTemplate.Body, + }, + } + + // auth alerts + // --- + c.Options["authAlert"] = map[string]any{ + "enabled": dummyAuthCollection.AuthAlert.Enabled, + "emailTemplate": map[string]any{ + "subject": dummyAuthCollection.AuthAlert.EmailTemplate.Subject, + "body": dummyAuthCollection.AuthAlert.EmailTemplate.Body, + }, + } + + // add system field indexes + // --- + c.Indexes = append(types.JSONArray[string]{ + fmt.Sprintf("CREATE UNIQUE INDEX `_%s_username_idx` ON `%s` (username COLLATE NOCASE)", c.Id, c.Name), + fmt.Sprintf("CREATE UNIQUE INDEX `_%s_email_idx` ON `%s` (`email`) WHERE `email` != ''", c.Id, c.Name), + fmt.Sprintf("CREATE UNIQUE INDEX `_%s_tokenKey_idx` ON `%s` (`tokenKey`)", c.Id, c.Name), + }, c.Indexes...) + + // prepend the auth system fields + // --- + tokenKeyField := map[string]any{ + "id": fieldIdChecksum("text", "tokenKey"), + "type": "text", + "name": "tokenKey", + "system": true, + "hidden": true, + "required": true, + "presentable": false, + "primaryKey": false, + "min": 30, + "max": 60, + "pattern": "", + "autogeneratePattern": "[a-zA-Z0-9_]{50}", + } + passwordField := map[string]any{ + "id": fieldIdChecksum("password", "password"), + "type": "password", + "name": "password", + "presentable": false, + "system": true, + "hidden": true, + "required": true, + "pattern": "", + "min": cast.ToInt(options["minPasswordLength"]), + "cost": bcrypt.DefaultCost, // new default + } + emailField := map[string]any{ + "id": fieldIdChecksum("email", "email"), + "type": "email", + "name": "email", + "system": true, + "hidden": false, + "presentable": false, + "required": cast.ToBool(options["requireEmail"]), + "exceptDomains": cast.ToStringSlice(options["exceptEmailDomains"]), + "onlyDomains": cast.ToStringSlice(options["onlyEmailDomains"]), + } + emailVisibilityField := map[string]any{ + "id": fieldIdChecksum("bool", "emailVisibility"), + "type": "bool", + "name": "emailVisibility", + "system": true, + "hidden": false, + "presentable": false, + "required": false, + } + verifiedField := map[string]any{ + "id": fieldIdChecksum("bool", "verified"), + "type": "bool", + "name": "verified", + "system": true, + "hidden": false, + "presentable": false, + "required": false, + } + usernameField := map[string]any{ + "id": fieldIdChecksum("text", "username"), + "type": "text", + "name": "username", + "system": false, + "hidden": false, + "required": true, + "presentable": false, + "primaryKey": false, + "min": 3, + "max": 150, + "pattern": `^[\w][\w\.\-]*$`, + "autogeneratePattern": "users[0-9]{6}", + } + c.Schema = append(types.JSONArray[types.JSONMap[any]]{ + passwordField, + tokenKeyField, + emailField, + emailVisibilityField, + verifiedField, + usernameField, + }, c.Schema...) + + // rename passwordHash records rable column to password + // --- + _, err = txApp.DB().RenameColumn(c.Name, "passwordHash", "password").Execute() + if err != nil { + return err + } + + // delete unnecessary auth columns + dropColumns := []string{"lastResetSentAt", "lastVerificationSentAt", "lastLoginAlertSentAt"} + for _, drop := range dropColumns { + // ignore errors in case the columns don't exist + _, _ = txApp.DB().DropColumn(c.Name, drop).Execute() + } + case "view": + c.Options["viewQuery"] = cast.ToString(options["query"]) + } + + // prepend the id field + idField := map[string]any{ + "id": fieldIdChecksum("text", "id"), + "type": "text", + "name": "id", + "system": true, + "required": true, + "presentable": false, + "hidden": false, + "primaryKey": true, + "min": 15, + "max": 15, + "pattern": "^[a-z0-9]+$", + "autogeneratePattern": "[a-z0-9]{15}", + } + c.Schema = append(types.JSONArray[types.JSONMap[any]]{idField}, c.Schema...) + + var addCreated, addUpdated bool + + if c.Type == "view" { + // manually check if the view has created/updated columns + columns, _ := txApp.TableColumns(c.Name) + for _, c := range columns { + if strings.EqualFold(c, "created") { + addCreated = true + } else if strings.EqualFold(c, "updated") { + addUpdated = true + } + } + } else { + addCreated = true + addUpdated = true + } + + if addCreated { + createdField := map[string]any{ + "id": fieldIdChecksum("autodate", "created"), + "type": "autodate", + "name": "created", + "system": false, + "presentable": false, + "hidden": false, + "onCreate": true, + "onUpdate": false, + } + c.Schema = append(c.Schema, createdField) + } + + if addUpdated { + updatedField := map[string]any{ + "id": fieldIdChecksum("autodate", "updated"), + "type": "autodate", + "name": "updated", + "system": false, + "presentable": false, + "hidden": false, + "onCreate": true, + "onUpdate": true, + } + c.Schema = append(c.Schema, updatedField) + } + + if err = txApp.DB().Model(c).Update(); err != nil { + return err + } + } + + _, err = txApp.DB().RenameColumn("_collections", "schema", "fields").Execute() + if err != nil { + return err + } + + // run collection validations + collections, err := txApp.FindAllCollections() + if err != nil { + return fmt.Errorf("failed to retrieve all collections: %w", err) + } + for _, c := range collections { + err = txApp.Validate(c) + if err != nil { + return fmt.Errorf("migrated collection %q validation failure: %w", c.Name, err) + } + } + + return nil +} + +type OldCollectionModel struct { + Id string `db:"id" json:"id"` + Created types.DateTime `db:"created" json:"created"` + Updated types.DateTime `db:"updated" json:"updated"` + Name string `db:"name" json:"name"` + Type string `db:"type" json:"type"` + System bool `db:"system" json:"system"` + Schema types.JSONArray[types.JSONMap[any]] `db:"schema" json:"schema"` + Indexes types.JSONArray[string] `db:"indexes" json:"indexes"` + ListRule *string `db:"listRule" json:"listRule"` + ViewRule *string `db:"viewRule" json:"viewRule"` + CreateRule *string `db:"createRule" json:"createRule"` + UpdateRule *string `db:"updateRule" json:"updateRule"` + DeleteRule *string `db:"deleteRule" json:"deleteRule"` + Options types.JSONMap[any] `db:"options" json:"options"` +} + +func (c OldCollectionModel) TableName() string { + return "_collections" +} + +func migrateRule(rule *string) *string { + if rule == nil { + return nil + } + + str := strings.ReplaceAll(*rule, "@request.data", "@request.body") + + return &str +} + +func toBoolField(data map[string]any) map[string]any { + return map[string]any{ + "type": "bool", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + } +} + +func toNumberField(data map[string]any) map[string]any { + return map[string]any{ + "type": "number", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "onlyInt": cast.ToBool(getMapVal(data, "options", "noDecimal")), + "min": getMapVal(data, "options", "min"), + "max": getMapVal(data, "options", "max"), + } +} + +func toTextField(data map[string]any) map[string]any { + return map[string]any{ + "type": "text", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "primaryKey": cast.ToBool(data["primaryKey"]), + "hidden": cast.ToBool(data["hidden"]), + "presentable": cast.ToBool(data["presentable"]), + "required": cast.ToBool(data["required"]), + "min": cast.ToInt(getMapVal(data, "options", "min")), + "max": cast.ToInt(getMapVal(data, "options", "max")), + "pattern": cast.ToString(getMapVal(data, "options", "pattern")), + "autogeneratePattern": cast.ToString(getMapVal(data, "options", "autogeneratePattern")), + } +} + +func toEmailField(data map[string]any) map[string]any { + return map[string]any{ + "type": "email", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "exceptDomains": cast.ToStringSlice(getMapVal(data, "options", "exceptDomains")), + "onlyDomains": cast.ToStringSlice(getMapVal(data, "options", "onlyDomains")), + } +} + +func toURLField(data map[string]any) map[string]any { + return map[string]any{ + "type": "url", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "exceptDomains": cast.ToStringSlice(getMapVal(data, "options", "exceptDomains")), + "onlyDomains": cast.ToStringSlice(getMapVal(data, "options", "onlyDomains")), + } +} + +func toEditorField(data map[string]any) map[string]any { + return map[string]any{ + "type": "editor", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "convertURLs": cast.ToBool(getMapVal(data, "options", "convertUrls")), + } +} + +func toDateField(data map[string]any) map[string]any { + return map[string]any{ + "type": "date", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "min": cast.ToString(getMapVal(data, "options", "min")), + "max": cast.ToString(getMapVal(data, "options", "max")), + } +} + +func toJSONField(data map[string]any) map[string]any { + return map[string]any{ + "type": "json", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "maxSize": cast.ToInt64(getMapVal(data, "options", "maxSize")), + } +} + +func toSelectField(data map[string]any) map[string]any { + return map[string]any{ + "type": "select", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "values": cast.ToStringSlice(getMapVal(data, "options", "values")), + "maxSelect": cast.ToInt(getMapVal(data, "options", "maxSelect")), + } +} + +func toRelationField(data map[string]any) map[string]any { + maxSelect := cast.ToInt(getMapVal(data, "options", "maxSelect")) + if maxSelect <= 0 { + maxSelect = 2147483647 + } + + return map[string]any{ + "type": "relation", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "collectionId": cast.ToString(getMapVal(data, "options", "collectionId")), + "cascadeDelete": cast.ToBool(getMapVal(data, "options", "cascadeDelete")), + "minSelect": cast.ToInt(getMapVal(data, "options", "minSelect")), + "maxSelect": maxSelect, + } +} + +func toFileField(data map[string]any) map[string]any { + return map[string]any{ + "type": "file", + "id": cast.ToString(data["id"]), + "name": cast.ToString(data["name"]), + "system": cast.ToBool(data["system"]), + "required": cast.ToBool(data["required"]), + "presentable": cast.ToBool(data["presentable"]), + "hidden": false, + "maxSelect": cast.ToInt(getMapVal(data, "options", "maxSelect")), + "maxSize": cast.ToInt64(getMapVal(data, "options", "maxSize")), + "thumbs": cast.ToStringSlice(getMapVal(data, "options", "thumbs")), + "mimeTypes": cast.ToStringSlice(getMapVal(data, "options", "mimeTypes")), + "protected": cast.ToBool(getMapVal(data, "options", "protected")), + } +} + +func getMapVal(m map[string]any, keys ...string) any { + if len(keys) == 0 { + return nil + } + + result, ok := m[keys[0]] + if !ok { + return nil + } + + // end key reached + if len(keys) == 1 { + return result + } + + if m, ok = result.(map[string]any); !ok { + return nil + } + + return getMapVal(m, keys[1:]...) +} + +func zeroFallback[T comparable](v T, fallback T) T { + var zero T + + if v == zero { + return fallback + } + + return v +} diff --git a/migrations/1717233557_v0.23_migrate2.go b/migrations/1717233557_v0.23_migrate2.go new file mode 100644 index 0000000..6a26e9c --- /dev/null +++ b/migrations/1717233557_v0.23_migrate2.go @@ -0,0 +1,35 @@ +package migrations + +import ( + "github.com/pocketbase/pocketbase/core" +) + +// note: this migration will be deleted in future version + +func init() { + core.SystemMigrations.Register(func(txApp core.App) error { + _, err := txApp.DB().NewQuery("CREATE INDEX IF NOT EXISTS idx__collections_type on {{_collections}} ([[type]]);").Execute() + if err != nil { + return err + } + + // reset mfas and otps delete rule + collectionNames := []string{core.CollectionNameMFAs, core.CollectionNameOTPs} + for _, name := range collectionNames { + col, err := txApp.FindCollectionByNameOrId(name) + if err != nil { + return err + } + + if col.DeleteRule != nil { + col.DeleteRule = nil + err = txApp.SaveNoValidate(col) + if err != nil { + return err + } + } + } + + return nil + }, nil) +} diff --git a/migrations/1717233558_v0.23_migrate3.go b/migrations/1717233558_v0.23_migrate3.go new file mode 100644 index 0000000..e14675a --- /dev/null +++ b/migrations/1717233558_v0.23_migrate3.go @@ -0,0 +1,145 @@ +package migrations + +import ( + "hash/crc32" + "strconv" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" +) + +// note: this migration will be deleted in future version + +func collectionIdChecksum(typ, name string) string { + return "pbc_" + strconv.FormatInt(int64(crc32.ChecksumIEEE([]byte(typ+name))), 10) +} + +func fieldIdChecksum(typ, name string) string { + return typ + strconv.FormatInt(int64(crc32.ChecksumIEEE([]byte(name))), 10) +} + +// normalize system collection and field ids +func init() { + core.SystemMigrations.Register(func(txApp core.App) error { + collections := []*core.Collection{} + err := txApp.CollectionQuery(). + AndWhere(dbx.In( + "name", + core.CollectionNameMFAs, + core.CollectionNameOTPs, + core.CollectionNameExternalAuths, + core.CollectionNameAuthOrigins, + core.CollectionNameSuperusers, + )). + All(&collections) + if err != nil { + return err + } + + for _, c := range collections { + var needUpdate bool + + references, err := txApp.FindCollectionReferences(c, c.Id) + if err != nil { + return err + } + + authOrigins, err := txApp.FindAllAuthOriginsByCollection(c) + if err != nil { + return err + } + + mfas, err := txApp.FindAllMFAsByCollection(c) + if err != nil { + return err + } + + otps, err := txApp.FindAllOTPsByCollection(c) + if err != nil { + return err + } + + originalId := c.Id + + // normalize collection id + if checksum := collectionIdChecksum(c.Type, c.Name); c.Id != checksum { + c.Id = checksum + needUpdate = true + } + + // normalize system fields + for _, f := range c.Fields { + if !f.GetSystem() { + continue + } + + if checksum := fieldIdChecksum(f.Type(), f.GetName()); f.GetId() != checksum { + f.SetId(checksum) + needUpdate = true + } + } + + if !needUpdate { + continue + } + + rawExport, err := c.DBExport(txApp) + if err != nil { + return err + } + + _, err = txApp.DB().Update("_collections", rawExport, dbx.HashExp{"id": originalId}).Execute() + if err != nil { + return err + } + + // make sure that the cached collection id is also updated + cached, err := txApp.FindCachedCollectionByNameOrId(c.Name) + if err != nil { + return err + } + cached.Id = c.Id + + // update collection references + for refCollection, fields := range references { + for _, f := range fields { + relationField, ok := f.(*core.RelationField) + if !ok || relationField.CollectionId == originalId { + continue + } + + relationField.CollectionId = c.Id + } + if err = txApp.SaveNoValidate(refCollection); err != nil { + return err + } + } + + // update mfas references + for _, item := range mfas { + item.SetCollectionRef(c.Id) + if err = txApp.SaveNoValidate(item); err != nil { + return err + } + } + + // update otps references + for _, item := range otps { + item.SetCollectionRef(c.Id) + if err = txApp.SaveNoValidate(item); err != nil { + return err + } + } + + // update authOrigins references + for _, item := range authOrigins { + item.SetCollectionRef(c.Id) + if err = txApp.SaveNoValidate(item); err != nil { + return err + } + } + } + + return nil + }, nil) +} diff --git a/migrations/1717233559_v0.23_migrate4.go b/migrations/1717233559_v0.23_migrate4.go new file mode 100644 index 0000000..b471ddc --- /dev/null +++ b/migrations/1717233559_v0.23_migrate4.go @@ -0,0 +1,30 @@ +package migrations + +import ( + "github.com/pocketbase/pocketbase/core" +) + +// note: this migration will be deleted in future version + +// add new OTP sentTo text field (if not already) +func init() { + core.SystemMigrations.Register(func(txApp core.App) error { + otpCollection, err := txApp.FindCollectionByNameOrId(core.CollectionNameOTPs) + if err != nil { + return err + } + + field := otpCollection.Fields.GetByName("sentTo") + if field != nil { + return nil // already exists + } + + otpCollection.Fields.Add(&core.TextField{ + Name: "sentTo", + System: true, + Hidden: true, + }) + + return txApp.Save(otpCollection) + }, nil) +} diff --git a/modernc_versions_check.go b/modernc_versions_check.go new file mode 100644 index 0000000..a855a2e --- /dev/null +++ b/modernc_versions_check.go @@ -0,0 +1,83 @@ +package pocketbase + +import ( + "fmt" + "log/slog" + "runtime/debug" + + "github.com/fatih/color" + "github.com/pocketbase/pocketbase/core" +) + +const ( + expectedDriverVersion = "v1.37.0" + expectedLibcVersion = "v1.62.1" + + // ModerncDepsCheckHookId is the id of the hook that performs the modernc.org/* deps checks. + // It could be used for removing/unbinding the hook if you don't want the checks. + ModerncDepsCheckHookId = "pbModerncDepsCheck" +) + +// checkModerncDeps checks whether the current binary was buit with the +// expected and tested modernc driver dependencies. +// +// This is needed because modernc.org/libc doesn't follow semantic versioning +// and using a version different from the one in the go.mod of modernc.org/sqlite +// could have unintended side-effects and cause obscure build and runtime bugs +// (https://github.com/pocketbase/pocketbase/issues/6136). +func checkModerncDeps(app core.App) { + info, ok := debug.ReadBuildInfo() + if !ok { + return // no build info (probably compiled without module support) + } + + var driverVersion, libcVersion string + + for _, dep := range info.Deps { + switch dep.Path { + case "modernc.org/libc": + libcVersion = dep.Version + case "modernc.org/sqlite": + driverVersion = dep.Version + } + + // no need to further search if both deps are located + if driverVersion != "" && libcVersion != "" { + break + } + } + + // not using the default driver + if driverVersion == "" { + return + } + + var msg string + if driverVersion != expectedDriverVersion { + msg = fmt.Sprintf( + "You are using modernc.org/sqlite %s which differs from the expected and tested %s.\n"+ + "Make sure to either manually update in your go.mod the dependency version to the expected one OR if you want to keep yours "+ + "ensure that its indirect modernc.org/libc dependency has the same version as in the https://gitlab.com/cznic/sqlite/-/blob/master/go.mod, "+ + "otherwise it could result in unexpected build or runtime errors.", + driverVersion, + expectedDriverVersion, + ) + app.Logger().Warn(msg, slog.String("current", driverVersion), slog.String("expected", expectedDriverVersion)) + } else if libcVersion != expectedLibcVersion { + msg = fmt.Sprintf( + "You are using modernc.org/libc %s which differs from the expected and tested %s.\n"+ + "Please update your go.mod and manually set modernc.org/libc to %s, otherwise it could result in unexpected build or runtime errors "+ + "(you may have to also run 'go clean -modcache' to clear the cache if the warning persists).", + libcVersion, + expectedLibcVersion, + expectedLibcVersion, + ) + app.Logger().Warn(msg, slog.String("current", libcVersion), slog.String("expected", expectedLibcVersion)) + } + + // ensure that the message is printed to the default stderr too + // (when in dev mode this is not needed because we print all logs) + if msg != "" && !app.IsDev() { + color.Yellow("\nWARN " + msg + "\n\n") + } +} diff --git a/plugins/ghupdate/ghupdate.go b/plugins/ghupdate/ghupdate.go new file mode 100644 index 0000000..0ffabe6 --- /dev/null +++ b/plugins/ghupdate/ghupdate.go @@ -0,0 +1,417 @@ +// Package ghupdate implements a new command to selfupdate the current +// PocketBase executable with the latest GitHub release. +// +// Example usage: +// +// ghupdate.MustRegister(app, app.RootCmd, ghupdate.Config{}) +package ghupdate + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "io" + "log/slog" + "net/http" + "os" + "path/filepath" + "runtime" + "strconv" + "strings" + + "github.com/fatih/color" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/archive" + "github.com/pocketbase/pocketbase/tools/osutils" + "github.com/spf13/cobra" +) + +// HttpClient is a base HTTP client interface (usually used for test purposes). +type HttpClient interface { + Do(req *http.Request) (*http.Response, error) +} + +// Config defines the config options of the ghupdate plugin. +// +// NB! This plugin is considered experimental and its config options may change in the future. +type Config struct { + // Owner specifies the account owner of the repository (default to "pocketbase"). + Owner string + + // Repo specifies the name of the repository (default to "pocketbase"). + Repo string + + // ArchiveExecutable specifies the name of the executable file in the release archive + // (default to "pocketbase"; an additional ".exe" check is also performed as a fallback). + ArchiveExecutable string + + // Optional context to use when fetching and downloading the latest release. + Context context.Context + + // The HTTP client to use when fetching and downloading the latest release. + // Defaults to `http.DefaultClient`. + HttpClient HttpClient +} + +// MustRegister registers the ghupdate plugin to the provided app instance +// and panic if it fails. +func MustRegister(app core.App, rootCmd *cobra.Command, config Config) { + if err := Register(app, rootCmd, config); err != nil { + panic(err) + } +} + +// Register registers the ghupdate plugin to the provided app instance. +func Register(app core.App, rootCmd *cobra.Command, config Config) error { + p := &plugin{ + app: app, + currentVersion: rootCmd.Version, + config: config, + } + + if p.config.Owner == "" { + p.config.Owner = "pocketbase" + } + + if p.config.Repo == "" { + p.config.Repo = "pocketbase" + } + + if p.config.ArchiveExecutable == "" { + p.config.ArchiveExecutable = "pocketbase" + } + + if p.config.HttpClient == nil { + p.config.HttpClient = http.DefaultClient + } + + if p.config.Context == nil { + p.config.Context = context.Background() + } + + rootCmd.AddCommand(p.updateCmd()) + + return nil +} + +type plugin struct { + app core.App + config Config + currentVersion string +} + +func (p *plugin) updateCmd() *cobra.Command { + var withBackup bool + + command := &cobra.Command{ + Use: "update", + Short: "Automatically updates the current app executable with the latest available version", + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + var needConfirm bool + if isMaybeRunningInDocker() { + needConfirm = true + color.Yellow("NB! It seems that you are in a Docker container.") + color.Yellow("The update command may not work as expected in this context because usually the version of the app is managed by the container image itself.") + } else if isMaybeRunningInNixOS() { + needConfirm = true + color.Yellow("NB! It seems that you are in a NixOS.") + color.Yellow("Due to the non-standard filesystem implementation of the environment, the update command may not work as expected.") + } + + if needConfirm { + confirm := osutils.YesNoPrompt("Do you want to proceed with the update?", false) + if !confirm { + fmt.Println("The command has been cancelled.") + return nil + } + } + + return p.update(withBackup) + }, + } + + command.PersistentFlags().BoolVar( + &withBackup, + "backup", + true, + "Creates a pb_data backup at the end of the update process", + ) + + return command +} + +func (p *plugin) update(withBackup bool) error { + color.Yellow("Fetching release information...") + + latest, err := fetchLatestRelease( + p.config.Context, + p.config.HttpClient, + p.config.Owner, + p.config.Repo, + ) + if err != nil { + return err + } + + if compareVersions(strings.TrimPrefix(p.currentVersion, "v"), strings.TrimPrefix(latest.Tag, "v")) <= 0 { + color.Green("You already have the latest version %s.", p.currentVersion) + return nil + } + + suffix := archiveSuffix(runtime.GOOS, runtime.GOARCH) + if suffix == "" { + return errors.New("unsupported platform") + } + + asset, err := latest.findAssetBySuffix(suffix) + if err != nil { + return err + } + + releaseDir := filepath.Join(p.app.DataDir(), core.LocalTempDirName) + defer os.RemoveAll(releaseDir) + + color.Yellow("Downloading %s...", asset.Name) + + // download the release asset + assetZip := filepath.Join(releaseDir, asset.Name) + if err := downloadFile(p.config.Context, p.config.HttpClient, asset.DownloadUrl, assetZip); err != nil { + return err + } + + color.Yellow("Extracting %s...", asset.Name) + + extractDir := filepath.Join(releaseDir, "extracted_"+asset.Name) + defer os.RemoveAll(extractDir) + + if err := archive.Extract(assetZip, extractDir); err != nil { + return err + } + + color.Yellow("Replacing the executable...") + + oldExec, err := os.Executable() + if err != nil { + return err + } + renamedOldExec := oldExec + ".old" + defer os.Remove(renamedOldExec) + + newExec := filepath.Join(extractDir, p.config.ArchiveExecutable) + if _, err := os.Stat(newExec); err != nil { + // try again with an .exe extension + newExec = newExec + ".exe" + if _, fallbackErr := os.Stat(newExec); fallbackErr != nil { + return fmt.Errorf("the executable in the extracted path is missing or it is inaccessible: %v, %v", err, fallbackErr) + } + } + + // rename the current executable + if err := os.Rename(oldExec, renamedOldExec); err != nil { + return fmt.Errorf("failed to rename the current executable: %w", err) + } + + tryToRevertExecChanges := func() { + if revertErr := os.Rename(renamedOldExec, oldExec); revertErr != nil { + p.app.Logger().Debug( + "Failed to revert executable", + slog.String("old", renamedOldExec), + slog.String("new", oldExec), + slog.String("error", revertErr.Error()), + ) + } + } + + // replace with the extracted binary + if err := os.Rename(newExec, oldExec); err != nil { + tryToRevertExecChanges() + return fmt.Errorf("failed replacing the executable: %w", err) + } + + if withBackup { + color.Yellow("Creating pb_data backup...") + + backupName := fmt.Sprintf("@update_%s.zip", latest.Tag) + if err := p.app.CreateBackup(p.config.Context, backupName); err != nil { + tryToRevertExecChanges() + return err + } + } + + color.HiBlack("---") + color.Green("Update completed successfully! You can start the executable as usual.") + + // print the release notes + if latest.Body != "" { + fmt.Print("\n") + color.Cyan("Here is a list with some of the %s changes:", latest.Tag) + // remove the update command note to avoid "stuttering" + // (@todo consider moving to a config option) + releaseNotes := strings.TrimSpace(strings.Replace(latest.Body, "> _To update the prebuilt executable you can run `./"+p.config.ArchiveExecutable+" update`._", "", 1)) + color.Cyan(releaseNotes) + fmt.Print("\n") + } + + return nil +} + +func fetchLatestRelease( + ctx context.Context, + client HttpClient, + owner string, + repo string, +) (*release, error) { + url := fmt.Sprintf("https://api.github.com/repos/%s/%s/releases/latest", owner, repo) + + req, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return nil, err + } + + res, err := client.Do(req) + if err != nil { + return nil, err + } + defer res.Body.Close() + + rawBody, err := io.ReadAll(res.Body) + if err != nil { + return nil, err + } + + // http.Client doesn't treat non 2xx responses as error + if res.StatusCode >= 400 { + return nil, fmt.Errorf( + "(%d) failed to fetch latest releases:\n%s", + res.StatusCode, + string(rawBody), + ) + } + + result := &release{} + if err := json.Unmarshal(rawBody, result); err != nil { + return nil, err + } + + return result, nil +} + +func downloadFile( + ctx context.Context, + client HttpClient, + url string, + destPath string, +) error { + req, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return err + } + + res, err := client.Do(req) + if err != nil { + return err + } + defer res.Body.Close() + + // http.Client doesn't treat non 2xx responses as error + if res.StatusCode >= 400 { + return fmt.Errorf("(%d) failed to send download file request", res.StatusCode) + } + + // ensure that the dest parent dir(s) exist + if err := os.MkdirAll(filepath.Dir(destPath), os.ModePerm); err != nil { + return err + } + + dest, err := os.Create(destPath) + if err != nil { + return err + } + defer dest.Close() + + if _, err := io.Copy(dest, res.Body); err != nil { + return err + } + + return nil +} + +func archiveSuffix(goos, goarch string) string { + switch goos { + case "linux": + switch goarch { + case "amd64": + return "_linux_amd64.zip" + case "arm64": + return "_linux_arm64.zip" + case "arm": + return "_linux_armv7.zip" + } + case "darwin": + switch goarch { + case "amd64": + return "_darwin_amd64.zip" + case "arm64": + return "_darwin_arm64.zip" + } + case "windows": + switch goarch { + case "amd64": + return "_windows_amd64.zip" + case "arm64": + return "_windows_arm64.zip" + } + } + + return "" +} + +func compareVersions(a, b string) int { + aSplit := strings.Split(a, ".") + aTotal := len(aSplit) + + bSplit := strings.Split(b, ".") + bTotal := len(bSplit) + + limit := aTotal + if bTotal > aTotal { + limit = bTotal + } + + for i := 0; i < limit; i++ { + var x, y int + + if i < aTotal { + x, _ = strconv.Atoi(aSplit[i]) + } + + if i < bTotal { + y, _ = strconv.Atoi(bSplit[i]) + } + + if x < y { + return 1 // b is newer + } + + if x > y { + return -1 // a is newer + } + } + + return 0 // equal +} + +// note: not completely reliable as it may not work on all platforms +// but should at least provide a warning for the most common use cases +func isMaybeRunningInDocker() bool { + _, err := os.Stat("/.dockerenv") + return err == nil +} + +// note: untested +func isMaybeRunningInNixOS() bool { + _, err := os.Stat("/etc/NIXOS") + return err == nil +} diff --git a/plugins/ghupdate/ghupdate_test.go b/plugins/ghupdate/ghupdate_test.go new file mode 100644 index 0000000..e692cc8 --- /dev/null +++ b/plugins/ghupdate/ghupdate_test.go @@ -0,0 +1,38 @@ +package ghupdate + +import "testing" + +func TestCompareVersions(t *testing.T) { + scenarios := []struct { + a string + b string + expected int + }{ + {"", "", 0}, + {"0", "", 0}, + {"1", "1.0.0", 0}, + {"1.1", "1.1.0", 0}, + {"1.1", "1.1.1", 1}, + {"1.1", "1.0.1", -1}, + {"1.0", "1.0.1", 1}, + {"1.10", "1.9", -1}, + {"1.2", "1.12", 1}, + {"3.2", "1.6", -1}, + {"0.0.2", "0.0.1", -1}, + {"0.16.2", "0.17.0", 1}, + {"1.15.0", "0.16.1", -1}, + {"1.2.9", "1.2.10", 1}, + {"3.2", "4.0", 1}, + {"3.2.4", "3.2.3", -1}, + } + + for _, s := range scenarios { + t.Run(s.a+"VS"+s.b, func(t *testing.T) { + result := compareVersions(s.a, s.b) + + if result != s.expected { + t.Fatalf("Expected %q vs %q to result in %d, got %d", s.a, s.b, s.expected, result) + } + }) + } +} diff --git a/plugins/ghupdate/release.go b/plugins/ghupdate/release.go new file mode 100644 index 0000000..2cd84fc --- /dev/null +++ b/plugins/ghupdate/release.go @@ -0,0 +1,36 @@ +package ghupdate + +import ( + "errors" + "strings" +) + +type releaseAsset struct { + Name string `json:"name"` + DownloadUrl string `json:"browser_download_url"` + Id int `json:"id"` + Size int `json:"size"` +} + +type release struct { + Name string `json:"name"` + Tag string `json:"tag_name"` + Published string `json:"published_at"` + Url string `json:"html_url"` + Body string `json:"body"` + Assets []*releaseAsset `json:"assets"` + Id int `json:"id"` +} + +// findAssetBySuffix returns the first available asset containing the specified suffix. +func (r *release) findAssetBySuffix(suffix string) (*releaseAsset, error) { + if suffix != "" { + for _, asset := range r.Assets { + if strings.HasSuffix(asset.Name, suffix) { + return asset, nil + } + } + } + + return nil, errors.New("missing asset containing " + suffix) +} diff --git a/plugins/ghupdate/release_test.go b/plugins/ghupdate/release_test.go new file mode 100644 index 0000000..8fa6fa1 --- /dev/null +++ b/plugins/ghupdate/release_test.go @@ -0,0 +1,23 @@ +package ghupdate + +import "testing" + +func TestReleaseFindAssetBySuffix(t *testing.T) { + r := release{ + Assets: []*releaseAsset{ + {Name: "test1.zip", Id: 1}, + {Name: "test2.zip", Id: 2}, + {Name: "test22.zip", Id: 22}, + {Name: "test3.zip", Id: 3}, + }, + } + + asset, err := r.findAssetBySuffix("2.zip") + if err != nil { + t.Fatalf("Expected nil, got err: %v", err) + } + + if asset.Id != 2 { + t.Fatalf("Expected asset with id %d, got %v", 2, asset) + } +} diff --git a/plugins/jsvm/binds.go b/plugins/jsvm/binds.go new file mode 100644 index 0000000..d5e4892 --- /dev/null +++ b/plugins/jsvm/binds.go @@ -0,0 +1,1141 @@ +package jsvm + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "io" + "log/slog" + "net/http" + "os" + "os/exec" + "path/filepath" + "reflect" + "slices" + "sort" + "strings" + "time" + + "github.com/dop251/goja" + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/forms" + "github.com/pocketbase/pocketbase/mails" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/mailer" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/store" + "github.com/pocketbase/pocketbase/tools/subscriptions" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" + "github.com/spf13/cobra" +) + +// hooksBinds adds wrapped "on*" hook methods by reflecting on core.App. +func hooksBinds(app core.App, loader *goja.Runtime, executors *vmsPool) { + fm := FieldMapper{} + + appType := reflect.TypeOf(app) + appValue := reflect.ValueOf(app) + totalMethods := appType.NumMethod() + excludeHooks := []string{"OnServe"} + + for i := 0; i < totalMethods; i++ { + method := appType.Method(i) + if !strings.HasPrefix(method.Name, "On") || slices.Contains(excludeHooks, method.Name) { + continue // not a hook or excluded + } + + jsName := fm.MethodName(appType, method) + + // register the hook to the loader + loader.Set(jsName, func(callback string, tags ...string) { + // overwrite the global $app with the hook scoped instance + callback = `function(e) { $app = e.app; return (` + callback + `).call(undefined, e) }` + pr := goja.MustCompile(defaultScriptPath, "{("+callback+").apply(undefined, __args)}", true) + + tagsAsValues := make([]reflect.Value, len(tags)) + for i, tag := range tags { + tagsAsValues[i] = reflect.ValueOf(tag) + } + + hookInstance := appValue.MethodByName(method.Name).Call(tagsAsValues)[0] + hookBindFunc := hookInstance.MethodByName("BindFunc") + + handlerType := hookBindFunc.Type().In(0) + + handler := reflect.MakeFunc(handlerType, func(args []reflect.Value) (results []reflect.Value) { + handlerArgs := make([]any, len(args)) + for i, arg := range args { + handlerArgs[i] = arg.Interface() + } + + err := executors.run(func(executor *goja.Runtime) error { + executor.Set("$app", goja.Undefined()) + executor.Set("__args", handlerArgs) + res, err := executor.RunProgram(pr) + executor.Set("__args", goja.Undefined()) + + // check for returned Go error value + if resErr := checkGojaValueForError(app, res); resErr != nil { + return resErr + } + + return normalizeException(err) + }) + + return []reflect.Value{reflect.ValueOf(&err).Elem()} + }) + + // register the wrapped hook handler + hookBindFunc.Call([]reflect.Value{handler}) + }) + } +} + +func cronBinds(app core.App, loader *goja.Runtime, executors *vmsPool) { + cronAdd := func(jobId, cronExpr, handler string) { + pr := goja.MustCompile(defaultScriptPath, "{("+handler+").apply(undefined)}", true) + + err := app.Cron().Add(jobId, cronExpr, func() { + err := executors.run(func(executor *goja.Runtime) error { + _, err := executor.RunProgram(pr) + return err + }) + + if err != nil { + app.Logger().Error( + "[cronAdd] failed to execute cron job", + slog.String("jobId", jobId), + slog.String("error", err.Error()), + ) + } + }) + if err != nil { + panic("[cronAdd] failed to register cron job " + jobId + ": " + err.Error()) + } + } + loader.Set("cronAdd", cronAdd) + + cronRemove := func(jobId string) { + app.Cron().Remove(jobId) + } + loader.Set("cronRemove", cronRemove) + + // register the removal helper also in the executors to allow removing cron jobs from everywhere + oldFactory := executors.factory + executors.factory = func() *goja.Runtime { + vm := oldFactory() + + vm.Set("cronAdd", cronAdd) + vm.Set("cronRemove", cronRemove) + + return vm + } + for _, item := range executors.items { + item.vm.Set("cronAdd", cronAdd) + item.vm.Set("cronRemove", cronRemove) + } +} + +func routerBinds(app core.App, loader *goja.Runtime, executors *vmsPool) { + loader.Set("routerAdd", func(method string, path string, handler goja.Value, middlewares ...goja.Value) { + wrappedMiddlewares, err := wrapMiddlewares(executors, middlewares...) + if err != nil { + panic("[routerAdd] failed to wrap middlewares: " + err.Error()) + } + + wrappedHandler, err := wrapHandlerFunc(executors, handler) + if err != nil { + panic("[routerAdd] failed to wrap handler: " + err.Error()) + } + + app.OnServe().BindFunc(func(e *core.ServeEvent) error { + e.Router.Route(strings.ToUpper(method), path, wrappedHandler).Bind(wrappedMiddlewares...) + + return e.Next() + }) + }) + + loader.Set("routerUse", func(middlewares ...goja.Value) { + wrappedMiddlewares, err := wrapMiddlewares(executors, middlewares...) + if err != nil { + panic("[routerUse] failed to wrap middlewares: " + err.Error()) + } + + app.OnServe().BindFunc(func(e *core.ServeEvent) error { + e.Router.Bind(wrappedMiddlewares...) + return e.Next() + }) + }) +} + +func wrapHandlerFunc(executors *vmsPool, handler goja.Value) (func(*core.RequestEvent) error, error) { + if handler == nil { + return nil, errors.New("handler must be non-nil") + } + + switch h := handler.Export().(type) { + case func(*core.RequestEvent) error: + // "native" handler func - no need to wrap + return h, nil + case func(goja.FunctionCall) goja.Value, string: + pr := goja.MustCompile(defaultScriptPath, "{("+handler.String()+").apply(undefined, __args)}", true) + + wrappedHandler := func(e *core.RequestEvent) error { + return executors.run(func(executor *goja.Runtime) error { + executor.Set("$app", e.App) // overwrite the global $app with the hook scoped instance + executor.Set("__args", []any{e}) + res, err := executor.RunProgram(pr) + executor.Set("__args", goja.Undefined()) + + // check for returned Go error value + if resErr := checkGojaValueForError(e.App, res); resErr != nil { + return resErr + } + + return normalizeException(err) + }) + } + + return wrappedHandler, nil + default: + return nil, errors.New("unsupported goja handler type") + } +} + +type gojaHookHandler struct { + id string + serializedFunc string + priority int +} + +func wrapMiddlewares(executors *vmsPool, rawMiddlewares ...goja.Value) ([]*hook.Handler[*core.RequestEvent], error) { + wrappedMiddlewares := make([]*hook.Handler[*core.RequestEvent], len(rawMiddlewares)) + + for i, m := range rawMiddlewares { + if m == nil { + return nil, errors.New("middleware must be non-nil") + } + + switch v := m.Export().(type) { + case *hook.Handler[*core.RequestEvent]: + // "native" middleware handler - no need to wrap + wrappedMiddlewares[i] = v + case func(*core.RequestEvent) error: + // "native" middleware func - wrap as handler + wrappedMiddlewares[i] = &hook.Handler[*core.RequestEvent]{ + Func: v, + } + case *gojaHookHandler: + if v.serializedFunc == "" { + return nil, errors.New("missing or invalid Middleware function") + } + + pr := goja.MustCompile(defaultScriptPath, "{("+v.serializedFunc+").apply(undefined, __args)}", true) + + wrappedMiddlewares[i] = &hook.Handler[*core.RequestEvent]{ + Id: v.id, + Priority: v.priority, + Func: func(e *core.RequestEvent) error { + return executors.run(func(executor *goja.Runtime) error { + executor.Set("$app", e.App) // overwrite the global $app with the hook scoped instance + executor.Set("__args", []any{e}) + res, err := executor.RunProgram(pr) + executor.Set("__args", goja.Undefined()) + + // check for returned Go error value + if resErr := checkGojaValueForError(e.App, res); resErr != nil { + return resErr + } + + return normalizeException(err) + }) + }, + } + case func(goja.FunctionCall) goja.Value, string: + pr := goja.MustCompile(defaultScriptPath, "{("+m.String()+").apply(undefined, __args)}", true) + + wrappedMiddlewares[i] = &hook.Handler[*core.RequestEvent]{ + Func: func(e *core.RequestEvent) error { + return executors.run(func(executor *goja.Runtime) error { + executor.Set("$app", e.App) // overwrite the global $app with the hook scoped instance + executor.Set("__args", []any{e}) + res, err := executor.RunProgram(pr) + executor.Set("__args", goja.Undefined()) + + // check for returned Go error value + if resErr := checkGojaValueForError(e.App, res); resErr != nil { + return resErr + } + + return normalizeException(err) + }) + }, + } + default: + return nil, errors.New("unsupported goja middleware type") + } + } + + return wrappedMiddlewares, nil +} + +var cachedArrayOfTypes = store.New[reflect.Type, reflect.Type](nil) + +func baseBinds(vm *goja.Runtime) { + vm.SetFieldNameMapper(FieldMapper{}) + + // deprecated: use toString + vm.Set("readerToString", func(r io.Reader, maxBytes int) (string, error) { + if maxBytes == 0 { + maxBytes = router.DefaultMaxMemory + } + + limitReader := io.LimitReader(r, int64(maxBytes)) + + bodyBytes, readErr := io.ReadAll(limitReader) + if readErr != nil { + return "", readErr + } + + return string(bodyBytes), nil + }) + + vm.Set("toString", func(raw any, maxReaderBytes int) (string, error) { + switch v := raw.(type) { + case io.Reader: + if maxReaderBytes == 0 { + maxReaderBytes = router.DefaultMaxMemory + } + + limitReader := io.LimitReader(v, int64(maxReaderBytes)) + + bodyBytes, readErr := io.ReadAll(limitReader) + if readErr != nil { + return "", readErr + } + + return string(bodyBytes), nil + default: + str, err := cast.ToStringE(v) + if err == nil { + return str, nil + } + + // as a last attempt try to json encode the value + rawBytes, _ := json.Marshal(raw) + + return string(rawBytes), nil + } + }) + + vm.Set("sleep", func(milliseconds int64) { + time.Sleep(time.Duration(milliseconds) * time.Millisecond) + }) + + vm.Set("arrayOf", func(model any) any { + mt := reflect.TypeOf(model) + st := cachedArrayOfTypes.GetOrSet(mt, func() reflect.Type { + return reflect.SliceOf(mt) + }) + + return reflect.New(st).Elem().Addr().Interface() + }) + + vm.Set("unmarshal", func(data, dst any) error { + raw, err := json.Marshal(data) + if err != nil { + return err + } + + return json.Unmarshal(raw, &dst) + }) + + vm.Set("Context", func(call goja.ConstructorCall) *goja.Object { + var instance context.Context + + oldCtx, ok := call.Argument(0).Export().(context.Context) + if ok { + instance = oldCtx + } else { + instance = context.Background() + } + + key := call.Argument(1).Export() + if key != nil { + instance = context.WithValue(instance, key, call.Argument(2).Export()) + } + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + vm.Set("DynamicModel", func(call goja.ConstructorCall) *goja.Object { + shape, ok := call.Argument(0).Export().(map[string]any) + if !ok || len(shape) == 0 { + panic("[DynamicModel] missing shape data") + } + + instance := newDynamicModel(shape) + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + vm.Set("Record", func(call goja.ConstructorCall) *goja.Object { + var instance *core.Record + + collection, ok := call.Argument(0).Export().(*core.Collection) + if ok { + instance = core.NewRecord(collection) + data, ok := call.Argument(1).Export().(map[string]any) + if ok { + instance.Load(data) + } + } else { + instance = &core.Record{} + } + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + vm.Set("Collection", func(call goja.ConstructorCall) *goja.Object { + instance := &core.Collection{} + return structConstructorUnmarshal(vm, call, instance) + }) + + vm.Set("FieldsList", func(call goja.ConstructorCall) *goja.Object { + instance := &core.FieldsList{} + return structConstructorUnmarshal(vm, call, instance) + }) + + // fields + // --- + vm.Set("Field", func(call goja.ConstructorCall) *goja.Object { + data, _ := call.Argument(0).Export().(map[string]any) + rawDataSlice, _ := json.Marshal([]any{data}) + + fieldsList := core.NewFieldsList() + _ = fieldsList.UnmarshalJSON(rawDataSlice) + + if len(fieldsList) == 0 { + return nil + } + + field := fieldsList[0] + + fieldValue := vm.ToValue(field).(*goja.Object) + fieldValue.SetPrototype(call.This.Prototype()) + + return fieldValue + }) + vm.Set("NumberField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.NumberField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("BoolField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.BoolField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("TextField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.TextField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("URLField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.URLField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("EmailField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.EmailField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("EditorField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.EditorField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("PasswordField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.PasswordField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("DateField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.DateField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("AutodateField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.AutodateField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("JSONField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.JSONField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("RelationField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.RelationField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("SelectField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.SelectField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("FileField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.FileField{} + return structConstructorUnmarshal(vm, call, instance) + }) + vm.Set("GeoPointField", func(call goja.ConstructorCall) *goja.Object { + instance := &core.GeoPointField{} + return structConstructorUnmarshal(vm, call, instance) + }) + // --- + + vm.Set("MailerMessage", func(call goja.ConstructorCall) *goja.Object { + instance := &mailer.Message{} + return structConstructor(vm, call, instance) + }) + + vm.Set("Command", func(call goja.ConstructorCall) *goja.Object { + instance := &cobra.Command{} + return structConstructor(vm, call, instance) + }) + + vm.Set("RequestInfo", func(call goja.ConstructorCall) *goja.Object { + instance := &core.RequestInfo{Context: core.RequestInfoContextDefault} + return structConstructor(vm, call, instance) + }) + + // ```js + // new Middleware((e) => { + // return e.next() + // }, 100, "example_middleware") + // ``` + vm.Set("Middleware", func(call goja.ConstructorCall) *goja.Object { + instance := &gojaHookHandler{} + + instance.serializedFunc = call.Argument(0).String() + instance.priority = cast.ToInt(call.Argument(1).Export()) + instance.id = cast.ToString(call.Argument(2).Export()) + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + // note: named Timezone to avoid conflicts with the JS Location interface. + vm.Set("Timezone", func(call goja.ConstructorCall) *goja.Object { + name, _ := call.Argument(0).Export().(string) + + instance, err := time.LoadLocation(name) + if err != nil { + instance = time.UTC + } + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + vm.Set("DateTime", func(call goja.ConstructorCall) *goja.Object { + instance := types.NowDateTime() + + rawDate, _ := call.Argument(0).Export().(string) + locName, _ := call.Argument(1).Export().(string) + if rawDate != "" && locName != "" { + loc, err := time.LoadLocation(locName) + if err != nil { + loc = time.UTC + } + + instance, _ = types.ParseDateTime(cast.ToTimeInDefaultLocation(rawDate, loc)) + } else if rawDate != "" { + // forward directly to ParseDateTime to preserve the original behavior + instance, _ = types.ParseDateTime(rawDate) + } + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return structConstructor(vm, call, instance) + }) + + vm.Set("ValidationError", func(call goja.ConstructorCall) *goja.Object { + code, _ := call.Argument(0).Export().(string) + message, _ := call.Argument(1).Export().(string) + + instance := validation.NewError(code, message) + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + vm.Set("Cookie", func(call goja.ConstructorCall) *goja.Object { + instance := &http.Cookie{} + return structConstructor(vm, call, instance) + }) + + vm.Set("SubscriptionMessage", func(call goja.ConstructorCall) *goja.Object { + instance := &subscriptions.Message{} + return structConstructor(vm, call, instance) + }) +} + +func dbxBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$dbx", obj) + + obj.Set("exp", dbx.NewExp) + obj.Set("hashExp", func(data map[string]any) dbx.HashExp { + return dbx.HashExp(data) + }) + obj.Set("not", dbx.Not) + obj.Set("and", dbx.And) + obj.Set("or", dbx.Or) + obj.Set("in", dbx.In) + obj.Set("notIn", dbx.NotIn) + obj.Set("like", dbx.Like) + obj.Set("orLike", dbx.OrLike) + obj.Set("notLike", dbx.NotLike) + obj.Set("orNotLike", dbx.OrNotLike) + obj.Set("exists", dbx.Exists) + obj.Set("notExists", dbx.NotExists) + obj.Set("between", dbx.Between) + obj.Set("notBetween", dbx.NotBetween) +} + +func mailsBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$mails", obj) + + obj.Set("sendRecordPasswordReset", mails.SendRecordPasswordReset) + obj.Set("sendRecordVerification", mails.SendRecordVerification) + obj.Set("sendRecordChangeEmail", mails.SendRecordChangeEmail) + obj.Set("sendRecordOTP", mails.SendRecordOTP) +} + +func securityBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$security", obj) + + // crypto + obj.Set("md5", security.MD5) + obj.Set("sha256", security.SHA256) + obj.Set("sha512", security.SHA512) + obj.Set("hs256", security.HS256) + obj.Set("hs512", security.HS512) + obj.Set("equal", security.Equal) + + // random + obj.Set("randomString", security.RandomString) + obj.Set("randomStringByRegex", security.RandomStringByRegex) + obj.Set("randomStringWithAlphabet", security.RandomStringWithAlphabet) + obj.Set("pseudorandomString", security.PseudorandomString) + obj.Set("pseudorandomStringWithAlphabet", security.PseudorandomStringWithAlphabet) + + // jwt + obj.Set("parseUnverifiedJWT", func(token string) (map[string]any, error) { + return security.ParseUnverifiedJWT(token) + }) + obj.Set("parseJWT", func(token string, verificationKey string) (map[string]any, error) { + return security.ParseJWT(token, verificationKey) + }) + obj.Set("createJWT", func(payload jwt.MapClaims, signingKey string, secDuration int) (string, error) { + return security.NewJWT(payload, signingKey, time.Duration(secDuration)*time.Second) + }) + + // encryption + obj.Set("encrypt", security.Encrypt) + obj.Set("decrypt", func(cipherText, key string) (string, error) { + result, err := security.Decrypt(cipherText, key) + + if err != nil { + return "", err + } + + return string(result), err + }) +} + +func filesystemBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$filesystem", obj) + + obj.Set("fileFromPath", filesystem.NewFileFromPath) + obj.Set("fileFromBytes", filesystem.NewFileFromBytes) + obj.Set("fileFromMultipart", filesystem.NewFileFromMultipart) + obj.Set("fileFromURL", func(url string, secTimeout int) (*filesystem.File, error) { + if secTimeout == 0 { + secTimeout = 120 + } + + ctx, cancel := context.WithTimeout(context.Background(), time.Duration(secTimeout)*time.Second) + defer cancel() + + return filesystem.NewFileFromURL(ctx, url) + }) +} + +func filepathBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$filepath", obj) + + obj.Set("base", filepath.Base) + obj.Set("clean", filepath.Clean) + obj.Set("dir", filepath.Dir) + obj.Set("ext", filepath.Ext) + obj.Set("fromSlash", filepath.FromSlash) + obj.Set("glob", filepath.Glob) + obj.Set("isAbs", filepath.IsAbs) + obj.Set("join", filepath.Join) + obj.Set("match", filepath.Match) + obj.Set("rel", filepath.Rel) + obj.Set("split", filepath.Split) + obj.Set("splitList", filepath.SplitList) + obj.Set("toSlash", filepath.ToSlash) + obj.Set("walk", filepath.Walk) + obj.Set("walkDir", filepath.WalkDir) +} + +func osBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$os", obj) + + obj.Set("args", os.Args) + obj.Set("exec", exec.Command) // @deprecated + obj.Set("cmd", exec.Command) + obj.Set("exit", os.Exit) + obj.Set("getenv", os.Getenv) + obj.Set("dirFS", os.DirFS) + obj.Set("stat", os.Stat) + obj.Set("readFile", os.ReadFile) + obj.Set("writeFile", os.WriteFile) + obj.Set("readDir", os.ReadDir) + obj.Set("tempDir", os.TempDir) + obj.Set("truncate", os.Truncate) + obj.Set("getwd", os.Getwd) + obj.Set("mkdir", os.Mkdir) + obj.Set("mkdirAll", os.MkdirAll) + obj.Set("rename", os.Rename) + obj.Set("remove", os.Remove) + obj.Set("removeAll", os.RemoveAll) +} + +func formsBinds(vm *goja.Runtime) { + registerFactoryAsConstructor(vm, "AppleClientSecretCreateForm", forms.NewAppleClientSecretCreate) + registerFactoryAsConstructor(vm, "RecordUpsertForm", forms.NewRecordUpsert) + registerFactoryAsConstructor(vm, "TestEmailSendForm", forms.NewTestEmailSend) + registerFactoryAsConstructor(vm, "TestS3FilesystemForm", forms.NewTestS3Filesystem) +} + +func apisBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$apis", obj) + + obj.Set("static", func(dir string, indexFallback bool) func(*core.RequestEvent) error { + return apis.Static(os.DirFS(dir), indexFallback) + }) + + // middlewares + obj.Set("requireGuestOnly", apis.RequireGuestOnly) + obj.Set("requireAuth", apis.RequireAuth) + obj.Set("requireSuperuserAuth", apis.RequireSuperuserAuth) + obj.Set("requireSuperuserOrOwnerAuth", apis.RequireSuperuserOrOwnerAuth) + obj.Set("skipSuccessActivityLog", apis.SkipSuccessActivityLog) + obj.Set("gzip", apis.Gzip) + obj.Set("bodyLimit", apis.BodyLimit) + + // record helpers + obj.Set("recordAuthResponse", apis.RecordAuthResponse) + obj.Set("enrichRecord", apis.EnrichRecord) + obj.Set("enrichRecords", apis.EnrichRecords) + + // api errors + registerFactoryAsConstructor(vm, "ApiError", router.NewApiError) + registerFactoryAsConstructor(vm, "NotFoundError", router.NewNotFoundError) + registerFactoryAsConstructor(vm, "BadRequestError", router.NewBadRequestError) + registerFactoryAsConstructor(vm, "ForbiddenError", router.NewForbiddenError) + registerFactoryAsConstructor(vm, "UnauthorizedError", router.NewUnauthorizedError) + registerFactoryAsConstructor(vm, "TooManyRequestsError", router.NewTooManyRequestsError) + registerFactoryAsConstructor(vm, "InternalServerError", router.NewInternalServerError) +} + +func httpClientBinds(vm *goja.Runtime) { + obj := vm.NewObject() + vm.Set("$http", obj) + + vm.Set("FormData", func(call goja.ConstructorCall) *goja.Object { + instance := FormData{} + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue + }) + + type sendResult struct { + JSON any `json:"json"` + Headers map[string][]string `json:"headers"` + Cookies map[string]*http.Cookie `json:"cookies"` + + // Deprecated: consider using Body instead + Raw string `json:"raw"` + + Body []byte `json:"body"` + StatusCode int `json:"statusCode"` + } + + type sendConfig struct { + // Deprecated: consider using Body instead + Data map[string]any + + Body any // raw string or FormData + Headers map[string]string + Method string + Url string + Timeout int // seconds (default to 120) + } + + obj.Set("send", func(params map[string]any) (*sendResult, error) { + config := sendConfig{ + Method: "GET", + } + + if v, ok := params["data"]; ok { + config.Data = cast.ToStringMap(v) + } + + if v, ok := params["body"]; ok { + config.Body = v + } + + if v, ok := params["headers"]; ok { + config.Headers = cast.ToStringMapString(v) + } + + if v, ok := params["method"]; ok { + config.Method = cast.ToString(v) + } + + if v, ok := params["url"]; ok { + config.Url = cast.ToString(v) + } + + if v, ok := params["timeout"]; ok { + config.Timeout = cast.ToInt(v) + } + + if config.Timeout <= 0 { + config.Timeout = 120 + } + + ctx, cancel := context.WithTimeout(context.Background(), time.Duration(config.Timeout)*time.Second) + defer cancel() + + var reqBody io.Reader + var contentType string + + // legacy json body data + if len(config.Data) != 0 { + encoded, err := json.Marshal(config.Data) + if err != nil { + return nil, err + } + reqBody = bytes.NewReader(encoded) + } else { + switch v := config.Body.(type) { + case io.Reader: + reqBody = v + case FormData: + body, mp, err := v.toMultipart() + if err != nil { + return nil, err + } + + reqBody = body + contentType = mp.FormDataContentType() + default: + reqBody = strings.NewReader(cast.ToString(config.Body)) + } + } + + req, err := http.NewRequestWithContext(ctx, strings.ToUpper(config.Method), config.Url, reqBody) + if err != nil { + return nil, err + } + + for k, v := range config.Headers { + req.Header.Add(k, v) + } + + // set the explicit content type + // (overwriting the user provided header value if any) + if contentType != "" { + req.Header.Set("content-type", contentType) + } + + res, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + defer res.Body.Close() + + bodyRaw, _ := io.ReadAll(res.Body) + + result := &sendResult{ + StatusCode: res.StatusCode, + Headers: map[string][]string{}, + Cookies: map[string]*http.Cookie{}, + Raw: string(bodyRaw), + Body: bodyRaw, + } + + for k, v := range res.Header { + result.Headers[k] = v + } + + for _, v := range res.Cookies() { + result.Cookies[v.Name] = v + } + + if len(result.Body) > 0 { + // try as map + result.JSON = map[string]any{} + if err := json.Unmarshal(bodyRaw, &result.JSON); err != nil { + // try as slice + result.JSON = []any{} + if err := json.Unmarshal(bodyRaw, &result.JSON); err != nil { + result.JSON = nil + } + } + } + + return result, nil + }) +} + +// ------------------------------------------------------------------- + +// checkGojaValueForError resolves the provided goja.Value and tries +// to extract its underlying error value (if any). +func checkGojaValueForError(app core.App, value goja.Value) error { + if value == nil { + return nil + } + + exported := value.Export() + switch v := exported.(type) { + case error: + return v + case *goja.Promise: + // Promise as return result is not officially supported but try to + // resolve any thrown exception to avoid silently ignoring it + app.Logger().Warn("the handler must a non-async function and not return a Promise") + if promiseErr, ok := v.Result().Export().(error); ok { + return normalizeException(promiseErr) + } + } + + return nil +} + +// normalizeException checks if the provided error is a goja.Exception +// and attempts to return its underlying Go error. +// +// note: using just goja.Exception.Unwrap() is insufficient and may falsely result in nil. +func normalizeException(err error) error { + if err == nil { + return nil + } + + jsException, ok := err.(*goja.Exception) + if !ok { + return err // no exception + } + + switch v := jsException.Value().Export().(type) { + case error: + err = v + case map[string]any: // goja.GoError + if vErr, ok := v["value"].(error); ok { + err = vErr + } + } + + return err +} + +var cachedFactoryFuncTypes = store.New[string, reflect.Type](nil) + +// registerFactoryAsConstructor registers the factory function as native JS constructor. +// +// If there is missing or nil arguments, their type zero value is used. +func registerFactoryAsConstructor(vm *goja.Runtime, constructorName string, factoryFunc any) { + rv := reflect.ValueOf(factoryFunc) + rt := cachedFactoryFuncTypes.GetOrSet(constructorName, func() reflect.Type { + return reflect.TypeOf(factoryFunc) + }) + totalArgs := rt.NumIn() + + vm.Set(constructorName, func(call goja.ConstructorCall) *goja.Object { + args := make([]reflect.Value, totalArgs) + + for i := 0; i < totalArgs; i++ { + v := call.Argument(i).Export() + + // use the arg type zero value + if v == nil { + args[i] = reflect.New(rt.In(i)).Elem() + } else if number, ok := v.(int64); ok { + // goja uses int64 for "int"-like numbers but we rarely do that and use int most of the times + // (at later stage we can use reflection on the arguments to validate the types in case this is not sufficient anymore) + args[i] = reflect.ValueOf(int(number)) + } else { + args[i] = reflect.ValueOf(v) + } + } + + result := rv.Call(args) + + if len(result) != 1 { + panic("the factory function should return only 1 item") + } + + value := vm.ToValue(result[0].Interface()).(*goja.Object) + value.SetPrototype(call.This.Prototype()) + + return value + }) +} + +// structConstructor wraps the provided struct with a native JS constructor. +// +// If the constructor argument is a map, each entry of the map will be loaded into the wrapped goja.Object. +func structConstructor(vm *goja.Runtime, call goja.ConstructorCall, instance any) *goja.Object { + data, _ := call.Argument(0).Export().(map[string]any) + + instanceValue := vm.ToValue(instance).(*goja.Object) + for k, v := range data { + instanceValue.Set(k, v) + } + + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue +} + +// structConstructorUnmarshal wraps the provided struct with a native JS constructor. +// +// The constructor first argument will be loaded via json.Unmarshal into the instance. +func structConstructorUnmarshal(vm *goja.Runtime, call goja.ConstructorCall, instance any) *goja.Object { + if data := call.Argument(0).Export(); data != nil { + if raw, err := json.Marshal(data); err == nil { + _ = json.Unmarshal(raw, instance) + } + } + + instanceValue := vm.ToValue(instance).(*goja.Object) + instanceValue.SetPrototype(call.This.Prototype()) + + return instanceValue +} + +var cachedDynamicModelStructs = store.New[string, reflect.Type](nil) + +// newDynamicModel creates a new dynamic struct with fields based +// on the specified "shape". +// +// The "shape" values are used as defaults and could be of type: +// - int (ex. 0) +// - float (ex. -0) +// - string (ex. "") +// - bool (ex. false) +// - slice (ex. []) +// - map (ex. map[string]any{}) +// +// Example: +// +// m := newDynamicModel(map[string]any{ +// "title": "", +// "total": 0, +// }) +func newDynamicModel(shape map[string]any) any { + info := make([]*shapeFieldInfo, 0, len(shape)) + + var hash strings.Builder + + sortedKeys := make([]string, 0, len(shape)) + for k := range shape { + sortedKeys = append(sortedKeys, k) + } + sort.Strings(sortedKeys) + + for _, k := range sortedKeys { + v := shape[k] + vt := reflect.TypeOf(v) + + switch vt.Kind() { + case reflect.Map: + raw, _ := json.Marshal(v) + newV := types.JSONMap[any]{} + newV.Scan(raw) + v = newV + vt = reflect.TypeOf(v) + case reflect.Slice, reflect.Array: + raw, _ := json.Marshal(v) + newV := types.JSONArray[any]{} + newV.Scan(raw) + v = newV + vt = reflect.TypeOf(newV) + } + + hash.WriteString(k) + hash.WriteString(":") + hash.WriteString(vt.String()) // it doesn't guarantee to be unique across all types but it should be fine with the primitive types DynamicModel is used + hash.WriteString("|") + + info = append(info, &shapeFieldInfo{key: k, value: v, valueType: vt}) + } + + st := cachedDynamicModelStructs.GetOrSet(hash.String(), func() reflect.Type { + structFields := make([]reflect.StructField, len(info)) + + for i, item := range info { + structFields[i] = reflect.StructField{ + Name: inflector.UcFirst(item.key), // ensures that the field is exportable + Type: item.valueType, + Tag: reflect.StructTag(`db:"` + item.key + `" json:"` + item.key + `" form:"` + item.key + `"`), + } + } + + return reflect.StructOf(structFields) + }) + + elem := reflect.New(st).Elem() + + // load default values into the new model + for i, item := range info { + elem.Field(i).Set(reflect.ValueOf(item.value)) + } + + return elem.Addr().Interface() +} + +type shapeFieldInfo struct { + value any + valueType reflect.Type + key string +} diff --git a/plugins/jsvm/binds_test.go b/plugins/jsvm/binds_test.go new file mode 100644 index 0000000..a7fe46d --- /dev/null +++ b/plugins/jsvm/binds_test.go @@ -0,0 +1,1745 @@ +package jsvm + +import ( + "encoding/json" + "errors" + "fmt" + "io" + "mime/multipart" + "net/http" + "net/http/httptest" + "path/filepath" + "strconv" + "strings" + "testing" + "time" + + "github.com/dop251/goja" + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/mailer" + "github.com/pocketbase/pocketbase/tools/router" + "github.com/spf13/cast" +) + +func testBindsCount(vm *goja.Runtime, namespace string, count int, t *testing.T) { + v, err := vm.RunString(`Object.keys(` + namespace + `).length`) + if err != nil { + t.Fatal(err) + } + + total, _ := v.Export().(int64) + + if int(total) != count { + t.Fatalf("Expected %d %s binds, got %d", count, namespace, total) + } +} + +// note: this test is useful as a reminder to update the tests in case +// a new base binding is added. +func TestBaseBindsCount(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + testBindsCount(vm, "this", 34, t) +} + +func TestBaseBindsSleep(t *testing.T) { + vm := goja.New() + baseBinds(vm) + vm.Set("reader", strings.NewReader("test")) + + start := time.Now() + _, err := vm.RunString(` + sleep(100); + `) + if err != nil { + t.Fatal(err) + } + + lasted := time.Since(start).Milliseconds() + if lasted < 100 || lasted > 150 { + t.Fatalf("Expected to sleep for ~100ms, got %d", lasted) + } +} + +func TestBaseBindsReaderToString(t *testing.T) { + vm := goja.New() + baseBinds(vm) + vm.Set("reader", strings.NewReader("test")) + + _, err := vm.RunString(` + let result = readerToString(reader) + + if (result != "test") { + throw new Error('Expected "test", got ' + result); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsToStringAndToBytes(t *testing.T) { + vm := goja.New() + baseBinds(vm) + vm.Set("scenarios", []struct { + Name string + Value any + Expected string + }{ + {"null", nil, ""}, + {"string", "test", "test"}, + {"number", -12.4, "-12.4"}, + {"bool", true, "true"}, + {"arr", []int{1, 2, 3}, `[1,2,3]`}, + {"obj", map[string]any{"test": 123}, `{"test":123}`}, + {"reader", strings.NewReader("test"), "test"}, + {"struct", struct { + Name string + private string + }{Name: "123", private: "456"}, `{"Name":"123"}`}, + }) + + _, err := vm.RunString(` + for (let s of scenarios) { + let result = toString(s.value) + + if (result != s.expected) { + throw new Error('[' + s.name + '] Expected string ' + s.expected + ', got ' + result); + } + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsUnmarshal(t *testing.T) { + vm := goja.New() + baseBinds(vm) + vm.Set("data", &map[string]any{"a": 123}) + + _, err := vm.RunString(` + unmarshal({"b": 456}, data) + + if (data.a != 123) { + throw new Error('Expected data.a 123, got ' + data.a); + } + + if (data.b != 456) { + throw new Error('Expected data.b 456, got ' + data.b); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsContext(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + const base = new Context(null, "a", 123); + const sub = new Context(base, "b", 456); + + const scenarios = [ + {key: "a", expected: 123}, + {key: "b", expected: 456}, + ]; + + for (let s of scenarios) { + if (sub.value(s.key) != s.expected) { + throw new("Expected " +s.key + " value " + s.expected + ", got " + sub.value(s.key)); + } + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsCookie(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + const cookie = new Cookie({ + name: "example_name", + value: "example_value", + path: "/example_path", + domain: "example.com", + maxAge: 10, + secure: true, + httpOnly: true, + sameSite: 3, + }); + + const result = cookie.string(); + + const expected = "example_name=example_value; Path=/example_path; Domain=example.com; Max-Age=10; HttpOnly; Secure; SameSite=Strict"; + + if (expected != result) { + throw new("Expected \n" + expected + "\ngot\n" + result); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsSubscriptionMessage(t *testing.T) { + vm := goja.New() + baseBinds(vm) + vm.Set("bytesToString", func(b []byte) string { + return string(b) + }) + + _, err := vm.RunString(` + const payload = { + name: "test", + data: '{"test":123}' + } + + const result = new SubscriptionMessage(payload); + + if (result.name != payload.name) { + throw new("Expected name " + payload.name + ", got " + result.name); + } + + if (bytesToString(result.data) != payload.data) { + throw new("Expected data '" + payload.data + "', got '" + bytesToString(result.data) + "'"); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsRecord(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + collection, err := app.FindCachedCollectionByNameOrId("users") + if err != nil { + t.Fatal(err) + } + + vm := goja.New() + baseBinds(vm) + vm.Set("collection", collection) + + // without record data + // --- + v1, err := vm.RunString(`new Record(collection)`) + if err != nil { + t.Fatal(err) + } + + m1, ok := v1.Export().(*core.Record) + if !ok { + t.Fatalf("Expected m1 to be models.Record, got \n%v", m1) + } + + // with record data + // --- + v2, err := vm.RunString(`new Record(collection, { email: "test@example.com" })`) + if err != nil { + t.Fatal(err) + } + + m2, ok := v2.Export().(*core.Record) + if !ok { + t.Fatalf("Expected m2 to be core.Record, got \n%v", m2) + } + + if m2.Collection().Name != "users" { + t.Fatalf("Expected record with collection %q, got \n%v", "users", m2.Collection()) + } + + if m2.Email() != "test@example.com" { + t.Fatalf("Expected record with email field set to %q, got \n%v", "test@example.com", m2) + } +} + +func TestBaseBindsCollection(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + v, err := vm.RunString(`new Collection({ name: "test", createRule: "@request.auth.id != ''", fields: [{name: "title", "type": "text"}] })`) + if err != nil { + t.Fatal(err) + } + + m, ok := v.Export().(*core.Collection) + if !ok { + t.Fatalf("Expected core.Collection, got %v", m) + } + + if m.Name != "test" { + t.Fatalf("Expected collection with name %q, got %q", "test", m.Name) + } + + expectedRule := "@request.auth.id != ''" + if m.CreateRule == nil || *m.CreateRule != expectedRule { + t.Fatalf("Expected create rule %q, got %v", "@request.auth.id != ''", m.CreateRule) + } + + if f := m.Fields.GetByName("title"); f == nil { + t.Fatalf("Expected fields to be set, got %v", m.Fields) + } +} + +func TestBaseBindsFieldsList(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + v, err := vm.RunString(`new FieldsList([{name: "title", "type": "text"}])`) + if err != nil { + t.Fatal(err) + } + + m, ok := v.Export().(*core.FieldsList) + if !ok { + t.Fatalf("Expected core.FieldsList, got %v", m) + } + + if f := m.GetByName("title"); f == nil { + t.Fatalf("Expected fields list to be loaded, got %v", m) + } +} + +func TestBaseBindsField(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + v, err := vm.RunString(`new Field({name: "test", "type": "bool"})`) + if err != nil { + t.Fatal(err) + } + + f, ok := v.Export().(*core.BoolField) + if !ok { + t.Fatalf("Expected *core.BoolField, got %v", f) + } + + if f.Name != "test" { + t.Fatalf("Expected field %q, got %v", "test", f) + } +} + +func isType[T any](v any) bool { + _, ok := v.(T) + return ok +} + +func TestBaseBindsNamedFields(t *testing.T) { + t.Parallel() + + vm := goja.New() + baseBinds(vm) + + scenarios := []struct { + js string + typeFunc func(v any) bool + }{ + { + "new NumberField({name: 'test'})", + isType[*core.NumberField], + }, + { + "new BoolField({name: 'test'})", + isType[*core.BoolField], + }, + { + "new TextField({name: 'test'})", + isType[*core.TextField], + }, + { + "new URLField({name: 'test'})", + isType[*core.URLField], + }, + { + "new EmailField({name: 'test'})", + isType[*core.EmailField], + }, + { + "new EditorField({name: 'test'})", + isType[*core.EditorField], + }, + { + "new PasswordField({name: 'test'})", + isType[*core.PasswordField], + }, + { + "new DateField({name: 'test'})", + isType[*core.DateField], + }, + { + "new AutodateField({name: 'test'})", + isType[*core.AutodateField], + }, + { + "new JSONField({name: 'test'})", + isType[*core.JSONField], + }, + { + "new RelationField({name: 'test'})", + isType[*core.RelationField], + }, + { + "new SelectField({name: 'test'})", + isType[*core.SelectField], + }, + { + "new FileField({name: 'test'})", + isType[*core.FileField], + }, + { + "new GeoPointField({name: 'test'})", + isType[*core.GeoPointField], + }, + } + + for _, s := range scenarios { + t.Run(s.js, func(t *testing.T) { + v, err := vm.RunString(s.js) + if err != nil { + t.Fatal(err) + } + + f, ok := v.Export().(core.Field) + if !ok { + t.Fatalf("Expected core.Field instance, got %T (%v)", f, f) + } + + if !s.typeFunc(f) { + t.Fatalf("Unexpected field type %T (%v)", f, f) + } + + if f.GetName() != "test" { + t.Fatalf("Expected field %q, got %v", "test", f) + } + }) + } +} + +func TestBaseBindsMailerMessage(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + v, err := vm.RunString(`new MailerMessage({ + from: {name: "test_from", address: "test_from@example.com"}, + to: [ + {name: "test_to1", address: "test_to1@example.com"}, + {name: "test_to2", address: "test_to2@example.com"}, + ], + bcc: [ + {name: "test_bcc1", address: "test_bcc1@example.com"}, + {name: "test_bcc2", address: "test_bcc2@example.com"}, + ], + cc: [ + {name: "test_cc1", address: "test_cc1@example.com"}, + {name: "test_cc2", address: "test_cc2@example.com"}, + ], + subject: "test_subject", + html: "test_html", + text: "test_text", + headers: { + header1: "a", + header2: "b", + } + })`) + if err != nil { + t.Fatal(err) + } + + m, ok := v.Export().(*mailer.Message) + if !ok { + t.Fatalf("Expected mailer.Message, got %v", m) + } + + raw, err := json.Marshal(m) + if err != nil { + t.Fatal(err) + } + + expected := `{"from":{"Name":"test_from","Address":"test_from@example.com"},"to":[{"Name":"test_to1","Address":"test_to1@example.com"},{"Name":"test_to2","Address":"test_to2@example.com"}],"bcc":[{"Name":"test_bcc1","Address":"test_bcc1@example.com"},{"Name":"test_bcc2","Address":"test_bcc2@example.com"}],"cc":[{"Name":"test_cc1","Address":"test_cc1@example.com"},{"Name":"test_cc2","Address":"test_cc2@example.com"}],"subject":"test_subject","html":"test_html","text":"test_text","headers":{"header1":"a","header2":"b"},"attachments":null,"inlineAttachments":null}` + + if string(raw) != expected { + t.Fatalf("Expected \n%s, \ngot \n%s", expected, raw) + } +} + +func TestBaseBindsCommand(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + let runCalls = 0; + + let cmd = new Command({ + use: "test", + run: (c, args) => { + runCalls++; + } + }); + + cmd.run(null, []); + + if (cmd.use != "test") { + throw new Error('Expected cmd.use "test", got: ' + cmd.use); + } + + if (runCalls != 1) { + throw new Error('Expected runCalls 1, got: ' + runCalls); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsRequestInfo(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + const info = new RequestInfo({ + body: {"name": "test2"} + }); + + if (info.body?.name != "test2") { + throw new Error('Expected info.body.name to be test2, got: ' + info.body?.name); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsMiddleware(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + const m = new Middleware( + (e) => {}, + 10, + "test" + ); + + if (!m) { + throw new Error('Expected non-empty Middleware instance'); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsTimezone(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + const v0 = (new Timezone()).string(); + if (v0 != "UTC") { + throw new Error("(v0) Expected UTC got " + v0) + } + + const v1 = (new Timezone("invalid")).string(); + if (v1 != "UTC") { + throw new Error("(v1) Expected UTC got " + v1) + } + + const v2 = (new Timezone("EET")).string(); + if (v2 != "EET") { + throw new Error("(v2) Expected EET got " + v2) + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsDateTime(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + _, err := vm.RunString(` + const now = new DateTime(); + if (now.isZero()) { + throw new Error('(now) Expected to fallback to now, got zero value'); + } + + const nowPart = now.string().substring(0, 19) + + const scenarios = [ + // empty datetime string and no custom location + {date: new DateTime(''), expected: nowPart}, + // empty datetime string and custom default location (should be ignored) + {date: new DateTime('', 'Asia/Tokyo'), expected: nowPart}, + // full datetime string and no custom default location + {date: new DateTime('2023-01-01 00:00:00.000Z'), expected: "2023-01-01 00:00:00.000Z"}, + // invalid location (fallback to UTC) + {date: new DateTime('2025-10-26 03:00:00', 'invalid'), expected: "2025-10-26 03:00:00.000Z"}, + // CET + {date: new DateTime('2025-10-26 03:00:00', 'Europe/Amsterdam'), expected: "2025-10-26 02:00:00.000Z"}, + // CEST + {date: new DateTime('2025-10-26 01:00:00', 'Europe/Amsterdam'), expected: "2025-10-25 23:00:00.000Z"}, + // with timezone/offset in the date string (aka. should ignore the custom default location) + {date: new DateTime('2025-10-26 01:00:00 +0200', 'Asia/Tokyo'), expected: "2025-10-25 23:00:00.000Z"}, + ]; + + for (let i = 0; i < scenarios.length; i++) { + const s = scenarios[i]; + if (!s.date.string().includes(s.expected)) { + throw new Error('(' + i + ') ' + s.date.string() + ' does not contain expected ' + s.expected); + } + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestBaseBindsValidationError(t *testing.T) { + vm := goja.New() + baseBinds(vm) + + scenarios := []struct { + js string + expectCode string + expectMessage string + }{ + { + `new ValidationError()`, + "", + "", + }, + { + `new ValidationError("test_code")`, + "test_code", + "", + }, + { + `new ValidationError("test_code", "test_message")`, + "test_code", + "test_message", + }, + } + + for _, s := range scenarios { + v, err := vm.RunString(s.js) + if err != nil { + t.Fatal(err) + } + + m, ok := v.Export().(validation.Error) + if !ok { + t.Fatalf("[%s] Expected validation.Error, got %v", s.js, m) + } + + if m.Code() != s.expectCode { + t.Fatalf("[%s] Expected code %q, got %q", s.js, s.expectCode, m.Code()) + } + + if m.Message() != s.expectMessage { + t.Fatalf("[%s] Expected message %q, got %q", s.js, s.expectMessage, m.Message()) + } + } +} + +func TestDbxBinds(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + vm.Set("db", app.DB()) + baseBinds(vm) + dbxBinds(vm) + + testBindsCount(vm, "$dbx", 15, t) + + sceneraios := []struct { + js string + expected string + }{ + { + `$dbx.exp("a = 1").build(db, {})`, + "a = 1", + }, + { + `$dbx.hashExp({ + "a": 1, + b: null, + c: [1, 2, 3], + }).build(db, {})`, + "`a`={:p0} AND `b` IS NULL AND `c` IN ({:p1}, {:p2}, {:p3})", + }, + { + `$dbx.not($dbx.exp("a = 1")).build(db, {})`, + "NOT (a = 1)", + }, + { + `$dbx.and($dbx.exp("a = 1"), $dbx.exp("b = 2")).build(db, {})`, + "(a = 1) AND (b = 2)", + }, + { + `$dbx.or($dbx.exp("a = 1"), $dbx.exp("b = 2")).build(db, {})`, + "(a = 1) OR (b = 2)", + }, + { + `$dbx.in("a", 1, 2, 3).build(db, {})`, + "`a` IN ({:p0}, {:p1}, {:p2})", + }, + { + `$dbx.notIn("a", 1, 2, 3).build(db, {})`, + "`a` NOT IN ({:p0}, {:p1}, {:p2})", + }, + { + `$dbx.like("a", "test1", "test2").match(true, false).build(db, {})`, + "`a` LIKE {:p0} AND `a` LIKE {:p1}", + }, + { + `$dbx.orLike("a", "test1", "test2").match(false, true).build(db, {})`, + "`a` LIKE {:p0} OR `a` LIKE {:p1}", + }, + { + `$dbx.notLike("a", "test1", "test2").match(true, false).build(db, {})`, + "`a` NOT LIKE {:p0} AND `a` NOT LIKE {:p1}", + }, + { + `$dbx.orNotLike("a", "test1", "test2").match(false, false).build(db, {})`, + "`a` NOT LIKE {:p0} OR `a` NOT LIKE {:p1}", + }, + { + `$dbx.exists($dbx.exp("a = 1")).build(db, {})`, + "EXISTS (a = 1)", + }, + { + `$dbx.notExists($dbx.exp("a = 1")).build(db, {})`, + "NOT EXISTS (a = 1)", + }, + { + `$dbx.between("a", 1, 2).build(db, {})`, + "`a` BETWEEN {:p0} AND {:p1}", + }, + { + `$dbx.notBetween("a", 1, 2).build(db, {})`, + "`a` NOT BETWEEN {:p0} AND {:p1}", + }, + } + + for _, s := range sceneraios { + result, err := vm.RunString(s.js) + if err != nil { + t.Fatalf("[%s] Failed to execute js script, got %v", s.js, err) + } + + v, _ := result.Export().(string) + + if v != s.expected { + t.Fatalf("[%s] Expected \n%s, \ngot \n%s", s.js, s.expected, v) + } + } +} + +func TestMailsBindsCount(t *testing.T) { + vm := goja.New() + mailsBinds(vm) + + testBindsCount(vm, "$mails", 4, t) +} + +func TestMailsBinds(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + record, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + t.Fatal(err) + } + + vm := goja.New() + baseBinds(vm) + mailsBinds(vm) + vm.Set("$app", app) + vm.Set("record", record) + + _, vmErr := vm.RunString(` + $mails.sendRecordPasswordReset($app, record); + if (!$app.testMailer.lastMessage().html.includes("/_/#/auth/confirm-password-reset/")) { + throw new Error("Expected record password reset email, got:" + JSON.stringify($app.testMailer.lastMessage())) + } + + $mails.sendRecordVerification($app, record); + if (!$app.testMailer.lastMessage().html.includes("/_/#/auth/confirm-verification/")) { + throw new Error("Expected record verification email, got:" + JSON.stringify($app.testMailer.lastMessage())) + } + + $mails.sendRecordChangeEmail($app, record, "new@example.com"); + if (!$app.testMailer.lastMessage().html.includes("/_/#/auth/confirm-email-change/")) { + throw new Error("Expected record email change email, got:" + JSON.stringify($app.testMailer.lastMessage())) + } + + $mails.sendRecordOTP($app, record, "test_otp_id", "test_otp_pass"); + if (!$app.testMailer.lastMessage().html.includes("test_otp_pass")) { + throw new Error("Expected record OTP email, got:" + JSON.stringify($app.testMailer.lastMessage())) + } + `) + if vmErr != nil { + t.Fatal(vmErr) + } +} + +func TestSecurityBindsCount(t *testing.T) { + vm := goja.New() + securityBinds(vm) + + testBindsCount(vm, "$security", 16, t) +} + +func TestSecurityCryptoBinds(t *testing.T) { + vm := goja.New() + baseBinds(vm) + securityBinds(vm) + + sceneraios := []struct { + js string + expected string + }{ + {`$security.md5("123")`, "202cb962ac59075b964b07152d234b70"}, + {`$security.sha256("123")`, "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"}, + {`$security.sha512("123")`, "3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2"}, + {`$security.hs256("hello", "test")`, "f151ea24bda91a18e89b8bb5793ef324b2a02133cce15a28a719acbd2e58a986"}, + {`$security.hs512("hello", "test")`, "44f280e11103e295c26cd61dd1cdd8178b531b860466867c13b1c37a26b6389f8af110efbe0bb0717b9d9c87f6fe1c97b3b1690936578890e5669abf279fe7fd"}, + {`$security.equal("abc", "abc")`, "true"}, + {`$security.equal("abc", "abcd")`, "false"}, + } + + for _, s := range sceneraios { + t.Run(s.js, func(t *testing.T) { + result, err := vm.RunString(s.js) + if err != nil { + t.Fatalf("Failed to execute js script, got %v", err) + } + + v := cast.ToString(result.Export()) + + if v != s.expected { + t.Fatalf("Expected %v \ngot \n%v", s.expected, v) + } + }) + } +} + +func TestSecurityRandomStringBinds(t *testing.T) { + vm := goja.New() + baseBinds(vm) + securityBinds(vm) + + sceneraios := []struct { + js string + length int + }{ + {`$security.randomString(6)`, 6}, + {`$security.randomStringWithAlphabet(7, "abc")`, 7}, + {`$security.pseudorandomString(8)`, 8}, + {`$security.pseudorandomStringWithAlphabet(9, "abc")`, 9}, + {`$security.randomStringByRegex("abc")`, 3}, + } + + for _, s := range sceneraios { + t.Run(s.js, func(t *testing.T) { + result, err := vm.RunString(s.js) + if err != nil { + t.Fatalf("Failed to execute js script, got %v", err) + } + + v, _ := result.Export().(string) + + if len(v) != s.length { + t.Fatalf("Expected %d length string, \ngot \n%v", s.length, v) + } + }) + } +} + +func TestSecurityJWTBinds(t *testing.T) { + sceneraios := []struct { + name string + js string + }{ + { + "$security.parseUnverifiedJWT", + ` + const result = $security.parseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.aXzC7q7z1lX_hxk5P0R368xEU7H1xRwnBQQcLAmG0EY") + if (result.name != "John Doe") { + throw new Error("Expected result.name 'John Doe', got " + result.name) + } + if (result.sub != "1234567890") { + throw new Error("Expected result.sub '1234567890', got " + result.sub) + } + `, + }, + { + "$security.parseJWT", + ` + const result = $security.parseJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.aXzC7q7z1lX_hxk5P0R368xEU7H1xRwnBQQcLAmG0EY", "test") + if (result.name != "John Doe") { + throw new Error("Expected result.name 'John Doe', got " + result.name) + } + if (result.sub != "1234567890") { + throw new Error("Expected result.sub '1234567890', got " + result.sub) + } + `, + }, + { + "$security.createJWT", + ` + // overwrite the exp claim for static token + const result = $security.createJWT({"exp": 123}, "test", 0) + + const expected = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEyM30.7gbv7w672gApdBRASI6OniCtKwkKjhieSxsr6vxSrtw"; + if (result != expected) { + throw new Error("Expected token \n" + expected + ", got \n" + result) + } + `, + }, + } + + for _, s := range sceneraios { + t.Run(s.name, func(t *testing.T) { + vm := goja.New() + baseBinds(vm) + securityBinds(vm) + + _, err := vm.RunString(s.js) + if err != nil { + t.Fatalf("Failed to execute js script, got %v", err) + } + }) + } +} + +func TestSecurityEncryptAndDecryptBinds(t *testing.T) { + vm := goja.New() + baseBinds(vm) + securityBinds(vm) + + _, err := vm.RunString(` + const key = "abcdabcdabcdabcdabcdabcdabcdabcd" + + const encrypted = $security.encrypt("123", key) + + const decrypted = $security.decrypt(encrypted, key) + + if (decrypted != "123") { + throw new Error("Expected decrypted '123', got " + decrypted) + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestFilesystemBinds(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == "/error" { + w.WriteHeader(http.StatusInternalServerError) + } + + fmt.Fprintf(w, "test") + })) + defer srv.Close() + + vm := goja.New() + vm.Set("mh", &multipart.FileHeader{Filename: "test"}) + vm.Set("testFile", filepath.Join(app.DataDir(), "data.db")) + vm.Set("baseURL", srv.URL) + baseBinds(vm) + filesystemBinds(vm) + + testBindsCount(vm, "$filesystem", 4, t) + + // fileFromPath + { + v, err := vm.RunString(`$filesystem.fileFromPath(testFile)`) + if err != nil { + t.Fatal(err) + } + + file, _ := v.Export().(*filesystem.File) + + if file == nil || file.OriginalName != "data.db" { + t.Fatalf("[fileFromPath] Expected file with name %q, got %v", file.OriginalName, file) + } + } + + // fileFromBytes + { + v, err := vm.RunString(`$filesystem.fileFromBytes([1, 2, 3], "test")`) + if err != nil { + t.Fatal(err) + } + + file, _ := v.Export().(*filesystem.File) + + if file == nil || file.OriginalName != "test" { + t.Fatalf("[fileFromBytes] Expected file with name %q, got %v", file.OriginalName, file) + } + } + + // fileFromMultipart + { + v, err := vm.RunString(`$filesystem.fileFromMultipart(mh)`) + if err != nil { + t.Fatal(err) + } + + file, _ := v.Export().(*filesystem.File) + + if file == nil || file.OriginalName != "test" { + t.Fatalf("[fileFromMultipart] Expected file with name %q, got %v", file.OriginalName, file) + } + } + + // fileFromURL (success) + { + v, err := vm.RunString(`$filesystem.fileFromURL(baseURL + "/test")`) + if err != nil { + t.Fatal(err) + } + + file, _ := v.Export().(*filesystem.File) + + if file == nil || file.OriginalName != "test" { + t.Fatalf("[fileFromURL] Expected file with name %q, got %v", file.OriginalName, file) + } + } + + // fileFromURL (failure) + { + _, err := vm.RunString(`$filesystem.fileFromURL(baseURL + "/error")`) + if err == nil { + t.Fatal("Expected url fetch error") + } + } +} + +func TestFormsBinds(t *testing.T) { + vm := goja.New() + formsBinds(vm) + + testBindsCount(vm, "this", 4, t) +} + +func TestApisBindsCount(t *testing.T) { + vm := goja.New() + apisBinds(vm) + + testBindsCount(vm, "this", 8, t) + testBindsCount(vm, "$apis", 11, t) +} + +func TestApisBindsApiError(t *testing.T) { + vm := goja.New() + apisBinds(vm) + + scenarios := []struct { + js string + expectStatus int + expectMessage string + expectData string + }{ + {"new ApiError()", 0, "", "null"}, + {"new ApiError(100, 'test', {'test': 1})", 100, "Test.", `{"test":1}`}, + {"new NotFoundError()", 404, "The requested resource wasn't found.", "null"}, + {"new NotFoundError('test', {'test': 1})", 404, "Test.", `{"test":1}`}, + {"new BadRequestError()", 400, "Something went wrong while processing your request.", "null"}, + {"new BadRequestError('test', {'test': 1})", 400, "Test.", `{"test":1}`}, + {"new ForbiddenError()", 403, "You are not allowed to perform this request.", "null"}, + {"new ForbiddenError('test', {'test': 1})", 403, "Test.", `{"test":1}`}, + {"new UnauthorizedError()", 401, "Missing or invalid authentication.", "null"}, + {"new UnauthorizedError('test', {'test': 1})", 401, "Test.", `{"test":1}`}, + {"new TooManyRequestsError()", 429, "Too Many Requests.", "null"}, + {"new TooManyRequestsError('test', {'test': 1})", 429, "Test.", `{"test":1}`}, + {"new InternalServerError()", 500, "Something went wrong while processing your request.", "null"}, + {"new InternalServerError('test', {'test': 1})", 500, "Test.", `{"test":1}`}, + } + + for _, s := range scenarios { + v, err := vm.RunString(s.js) + if err != nil { + t.Errorf("[%s] %v", s.js, err) + continue + } + + apiErr, ok := v.Export().(*router.ApiError) + if !ok { + t.Errorf("[%s] Expected ApiError, got %v", s.js, v) + continue + } + + if apiErr.Status != s.expectStatus { + t.Errorf("[%s] Expected Status %d, got %d", s.js, s.expectStatus, apiErr.Status) + } + + if apiErr.Message != s.expectMessage { + t.Errorf("[%s] Expected Message %q, got %q", s.js, s.expectMessage, apiErr.Message) + } + + dataRaw, _ := json.Marshal(apiErr.RawData()) + if string(dataRaw) != s.expectData { + t.Errorf("[%s] Expected Data %q, got %q", s.js, s.expectData, dataRaw) + } + } +} + +func TestLoadingDynamicModel(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + baseBinds(vm) + dbxBinds(vm) + vm.Set("$app", app) + + _, err := vm.RunString(` + let result = new DynamicModel({ + text: "", + bool: false, + number: 0, + select_many: [], + json: [], + // custom map-like field + obj: {}, + }) + + $app.db() + .select("text", "bool", "number", "select_many", "json", "('{\"test\": 1}') as obj") + .from("demo1") + .where($dbx.hashExp({"id": "84nmscqy84lsi1t"})) + .limit(1) + .one(result) + + if (result.text != "test") { + throw new Error('Expected text "test", got ' + result.text); + } + + if (result.bool != true) { + throw new Error('Expected bool true, got ' + result.bool); + } + + if (result.number != 123456) { + throw new Error('Expected number 123456, got ' + result.number); + } + + if (result.select_many.length != 2 || result.select_many[0] != "optionB" || result.select_many[1] != "optionC") { + throw new Error('Expected select_many ["optionB", "optionC"], got ' + result.select_many); + } + + if (result.json.length != 3 || result.json[0] != 1 || result.json[1] != 2 || result.json[2] != 3) { + throw new Error('Expected json [1, 2, 3], got ' + result.json); + } + + if (result.obj.get("test") != 1) { + throw new Error('Expected obj.get("test") 1, got ' + JSON.stringify(result.obj)); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestDynamicModelMapFieldCaching(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + baseBinds(vm) + dbxBinds(vm) + vm.Set("$app", app) + + _, err := vm.RunString(` + let m1 = new DynamicModel({ + int: 0, + float: -0, + text: "", + bool: false, + obj: {}, + arr: [], + }) + + let m2 = new DynamicModel({ + int: 0, + float: -0, + text: "", + bool: false, + obj: {}, + arr: [], + }) + + m1.int = 1 + m1.float = 1.5 + m1.text = "a" + m1.bool = true + m1.obj.set("a", 1) + m1.arr.push(1) + + m2.int = 2 + m2.float = 2.5 + m2.text = "b" + m2.bool = false + m2.obj.set("b", 1) + m2.arr.push(2) + + let m1Expected = '{"arr":[1],"bool":true,"float":1.5,"int":1,"obj":{"a":1},"text":"a"}'; + let m1Serialized = JSON.stringify(m1); + if (m1Serialized != m1Expected) { + throw new Error("Expected m1 \n" + m1Expected + "\ngot\n" + m1Serialized); + } + + let m2Expected = '{"arr":[2],"bool":false,"float":2.5,"int":2,"obj":{"b":1},"text":"b"}'; + let m2Serialized = JSON.stringify(m2); + if (m2Serialized != m2Expected) { + throw new Error("Expected m2 \n" + m2Expected + "\ngot\n" + m2Serialized); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestLoadingArrayOf(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + baseBinds(vm) + dbxBinds(vm) + vm.Set("$app", app) + + _, err := vm.RunString(` + let result = arrayOf(new DynamicModel({ + id: "", + text: "", + })) + + $app.db() + .select("id", "text") + .from("demo1") + .where($dbx.exp("id='84nmscqy84lsi1t' OR id='al1h9ijdeojtsjy'")) + .limit(2) + .orderBy("text ASC") + .all(result) + + if (result.length != 2) { + throw new Error('Expected 2 list items, got ' + result.length); + } + + if (result[0].id != "84nmscqy84lsi1t") { + throw new Error('Expected 0.id "84nmscqy84lsi1t", got ' + result[0].id); + } + if (result[0].text != "test") { + throw new Error('Expected 0.text "test", got ' + result[0].text); + } + + if (result[1].id != "al1h9ijdeojtsjy") { + throw new Error('Expected 1.id "al1h9ijdeojtsjy", got ' + result[1].id); + } + if (result[1].text != "test2") { + throw new Error('Expected 1.text "test2", got ' + result[1].text); + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestHttpClientBindsCount(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + httpClientBinds(vm) + + testBindsCount(vm, "this", 2, t) // + FormData + testBindsCount(vm, "$http", 1, t) +} + +func TestHttpClientBindsSend(t *testing.T) { + t.Parallel() + + // start a test server + server := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + if req.URL.Query().Get("testError") != "" { + res.WriteHeader(400) + return + } + + timeoutStr := req.URL.Query().Get("testTimeout") + timeout, _ := strconv.Atoi(timeoutStr) + if timeout > 0 { + time.Sleep(time.Duration(timeout) * time.Second) + } + + bodyRaw, _ := io.ReadAll(req.Body) + defer req.Body.Close() + + // normalize headers + headers := make(map[string]string, len(req.Header)) + for k, v := range req.Header { + if len(v) > 0 { + headers[strings.ToLower(strings.ReplaceAll(k, "-", "_"))] = v[0] + } + } + + info := map[string]any{ + "method": req.Method, + "headers": headers, + "body": string(bodyRaw), + } + + // add custom headers and cookies + res.Header().Add("X-Custom", "custom_header") + res.Header().Add("Set-Cookie", "sessionId=123456") + + infoRaw, _ := json.Marshal(info) + + // write back the submitted request + res.Write(infoRaw) + })) + defer server.Close() + + vm := goja.New() + baseBinds(vm) + httpClientBinds(vm) + vm.Set("testURL", server.URL) + + _, err := vm.RunString(` + function getNestedVal(data, path) { + let result = data || {}; + let parts = path.split("."); + + for (const part of parts) { + if ( + result == null || + typeof result !== "object" || + typeof result[part] === "undefined" + ) { + return null; + } + + result = result[part]; + } + + return result; + } + + let testTimeout; + try { + $http.send({ + url: testURL + "?testTimeout=3", + timeout: 1 + }) + } catch (err) { + testTimeout = err + } + if (!testTimeout) { + throw new Error("Expected timeout error") + } + + // error response check + const test0 = $http.send({ + url: testURL + "?testError=1", + }) + + // basic fields check + const test1 = $http.send({ + method: "post", + url: testURL, + headers: {"header1": "123", "header2": "456"}, + body: '789', + }) + + // with custom content-type header + const test2 = $http.send({ + url: testURL, + headers: {"content-type": "text/plain"}, + }) + + // with FormData + const formData = new FormData() + formData.append("title", "123") + const test3 = $http.send({ + url: testURL, + body: formData, + headers: {"content-type": "text/plain"}, // should be ignored + }) + + // raw body response field check + const test4 = $http.send({ + method: "post", + url: testURL, + body: 'test', + }) + + const scenarios = [ + [test0, { + "statusCode": "400", + }], + [test1, { + "statusCode": "200", + "headers.X-Custom.0": "custom_header", + "cookies.sessionId.value": "123456", + "json.method": "POST", + "json.headers.header1": "123", + "json.headers.header2": "456", + "json.body": "789", + }], + [test2, { + "statusCode": "200", + "headers.X-Custom.0": "custom_header", + "cookies.sessionId.value": "123456", + "json.method": "GET", + "json.headers.content_type": "text/plain", + }], + [test3, { + "statusCode": "200", + "headers.X-Custom.0": "custom_header", + "cookies.sessionId.value": "123456", + "json.method": "GET", + "json.body": [ + "\r\nContent-Disposition: form-data; name=\"title\"\r\n\r\n123\r\n--", + ], + "json.headers.content_type": [ + "multipart/form-data; boundary=" + ], + }], + [test4, { + "statusCode": "200", + "headers.X-Custom.0": "custom_header", + "cookies.sessionId.value": "123456", + // {"body":"test","headers":{"accept_encoding":"gzip","content_length":"4","user_agent":"Go-http-client/1.1"},"method":"POST"} + "body": [123,34,98,111,100,121,34,58,34,116,101,115,116,34,44,34,104,101,97,100,101,114,115,34,58,123,34,97,99,99,101,112,116,95,101,110,99,111,100,105,110,103,34,58,34,103,122,105,112,34,44,34,99,111,110,116,101,110,116,95,108,101,110,103,116,104,34,58,34,52,34,44,34,117,115,101,114,95,97,103,101,110,116,34,58,34,71,111,45,104,116,116,112,45,99,108,105,101,110,116,47,49,46,49,34,125,44,34,109,101,116,104,111,100,34,58,34,80,79,83,84,34,125], + }], + ] + + for (let scenario of scenarios) { + const result = scenario[0]; + const expectations = scenario[1]; + + for (let key in expectations) { + const value = getNestedVal(result, key); + const expectation = expectations[key] + if (Array.isArray(expectation)) { + // check for partial match(es) + for (let exp of expectation) { + if (!value.includes(exp)) { + throw new Error('Expected ' + key + ' to contain ' + exp + ', got: ' + toString(result.body)); + } + } + } else { + // check for direct match + if (value != expectation) { + throw new Error('Expected ' + key + ' ' + expectation + ', got: ' + toString(result.body)); + } + } + } + } + `) + if err != nil { + t.Fatal(err) + } +} + +func TestCronBindsCount(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + + pool := newPool(1, func() *goja.Runtime { return goja.New() }) + + cronBinds(app, vm, pool) + + testBindsCount(vm, "this", 2, t) + + pool.run(func(poolVM *goja.Runtime) error { + testBindsCount(poolVM, "this", 2, t) + return nil + }) +} + +func TestHooksBindsCount(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + hooksBinds(app, vm, nil) + + testBindsCount(vm, "this", 82, t) +} + +func TestHooksBinds(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + result := &struct { + Called int + }{} + + vmFactory := func() *goja.Runtime { + vm := goja.New() + baseBinds(vm) + vm.Set("$app", app) + vm.Set("result", result) + return vm + } + + pool := newPool(1, vmFactory) + + vm := vmFactory() + hooksBinds(app, vm, pool) + + _, err := vm.RunString(` + onModelUpdate((e) => { + result.called++; + e.next() + }, "demo1") + + onModelUpdate((e) => { + throw new Error("example"); + }, "demo1") + + onModelUpdate((e) => { + result.called++; + e.next(); + }, "demo2") + + onModelUpdate((e) => { + result.called++; + e.next() + }, "demo2") + + onModelUpdate((e) => { + // stop propagation + }, "demo2") + + onModelUpdate((e) => { + result.called++; + e.next(); + }, "demo2") + + onBootstrap((e) => { + e.next() + + // check hooks propagation and tags filtering + const recordA = $app.findFirstRecordByFilter("demo2", "1=1") + recordA.set("title", "update") + $app.save(recordA) + if (result.called != 2) { + throw new Error("Expected result.called to be 2, got " + result.called) + } + + // reset + result.called = 0; + + // check error handling + let hasErr = false + try { + const recordB = $app.findFirstRecordByFilter("demo1", "1=1") + recordB.set("text", "update") + $app.save(recordB) + } catch (err) { + hasErr = true + } + if (!hasErr) { + throw new Error("Expected an error to be thrown") + } + if (result.called != 1) { + throw new Error("Expected result.called to be 1, got " + result.called) + } + }) + + $app.bootstrap(); + `) + if err != nil { + t.Fatal(err) + } +} + +func TestHooksExceptionUnwrapping(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + goErr := errors.New("test") + + vmFactory := func() *goja.Runtime { + vm := goja.New() + baseBinds(vm) + vm.Set("$app", app) + vm.Set("goErr", goErr) + return vm + } + + pool := newPool(1, vmFactory) + + vm := vmFactory() + hooksBinds(app, vm, pool) + + _, err := vm.RunString(` + onModelUpdate((e) => { + throw goErr + }, "demo1") + `) + if err != nil { + t.Fatal(err) + } + + record, err := app.FindFirstRecordByFilter("demo1", "1=1") + if err != nil { + t.Fatal(err) + } + + record.Set("text", "update") + + err = app.Save(record) + if !errors.Is(err, goErr) { + t.Fatalf("Expected goError, got %v", err) + } +} + +func TestRouterBindsCount(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + vm := goja.New() + routerBinds(app, vm, nil) + + testBindsCount(vm, "this", 2, t) +} + +func TestRouterBinds(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + result := &struct { + RouteMiddlewareCalls int + GlobalMiddlewareCalls int + }{} + + vmFactory := func() *goja.Runtime { + vm := goja.New() + baseBinds(vm) + apisBinds(vm) + vm.Set("$app", app) + vm.Set("result", result) + return vm + } + + pool := newPool(1, vmFactory) + + vm := vmFactory() + routerBinds(app, vm, pool) + + _, err := vm.RunString(` + routerAdd("GET", "/test", (e) => { + result.routeMiddlewareCalls++; + }, (e) => { + result.routeMiddlewareCalls++; + return e.next(); + }) + + // Promise is not technically supported as return result + // but we try to resolve it at least for thrown errors + routerAdd("GET", "/error", async (e) => { + throw new ApiError(456, 'test', null) + }) + + routerUse((e) => { + result.globalMiddlewareCalls++; + + return e.next(); + }) + `) + if err != nil { + t.Fatal(err) + } + + pbRouter, err := apis.NewRouter(app) + if err != nil { + t.Fatal(err) + } + + serveEvent := new(core.ServeEvent) + serveEvent.App = app + serveEvent.Router = pbRouter + if err = app.OnServe().Trigger(serveEvent); err != nil { + t.Fatal(err) + } + + mux, err := serveEvent.Router.BuildMux() + if err != nil { + t.Fatalf("Failed to build router mux: %v", err) + } + + scenarios := []struct { + method string + path string + expectedRouteMiddlewareCalls int + expectedGlobalMiddlewareCalls int + expectedCode int + }{ + {"GET", "/test", 2, 1, 200}, + {"GET", "/error", 0, 1, 456}, + } + + for _, s := range scenarios { + t.Run(s.method+" "+s.path, func(t *testing.T) { + // reset + result.RouteMiddlewareCalls = 0 + result.GlobalMiddlewareCalls = 0 + + rec := httptest.NewRecorder() + req := httptest.NewRequest(s.method, s.path, nil) + mux.ServeHTTP(rec, req) + + if result.RouteMiddlewareCalls != s.expectedRouteMiddlewareCalls { + t.Fatalf("Expected RouteMiddlewareCalls %d, got %d", s.expectedRouteMiddlewareCalls, result.RouteMiddlewareCalls) + } + + if result.GlobalMiddlewareCalls != s.expectedGlobalMiddlewareCalls { + t.Fatalf("Expected GlobalMiddlewareCalls %d, got %d", s.expectedGlobalMiddlewareCalls, result.GlobalMiddlewareCalls) + } + + if rec.Code != s.expectedCode { + t.Fatalf("Expected status code %d, got %d", s.expectedCode, rec.Code) + } + }) + } +} + +func TestFilepathBindsCount(t *testing.T) { + vm := goja.New() + filepathBinds(vm) + + testBindsCount(vm, "$filepath", 15, t) +} + +func TestOsBindsCount(t *testing.T) { + vm := goja.New() + osBinds(vm) + + testBindsCount(vm, "$os", 18, t) +} diff --git a/plugins/jsvm/form_data.go b/plugins/jsvm/form_data.go new file mode 100644 index 0000000..4419c68 --- /dev/null +++ b/plugins/jsvm/form_data.go @@ -0,0 +1,149 @@ +package jsvm + +import ( + "bytes" + "io" + "mime/multipart" + + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/spf13/cast" +) + +// FormData represents an interface similar to the browser's [FormData]. +// +// The value of each FormData entry must be a string or [*filesystem.File] instance. +// +// It is intended to be used together with the JSVM `$http.send` when +// sending multipart/form-data requests. +// +// [FormData]: https://developer.mozilla.org/en-US/docs/Web/API/FormData. +type FormData map[string][]any + +// Append appends a new value onto an existing key inside the current FormData, +// or adds the key if it does not already exist. +func (data FormData) Append(key string, value any) { + data[key] = append(data[key], value) +} + +// Set sets a new value for an existing key inside the current FormData, +// or adds the key/value if it does not already exist. +func (data FormData) Set(key string, value any) { + data[key] = []any{value} +} + +// Delete deletes a key and its value(s) from the current FormData. +func (data FormData) Delete(key string) { + delete(data, key) +} + +// Get returns the first value associated with a given key from +// within the current FormData. +// +// If you expect multiple values and want all of them, +// use the [FormData.GetAll] method instead. +func (data FormData) Get(key string) any { + values, ok := data[key] + if !ok || len(values) == 0 { + return nil + } + + return values[0] +} + +// GetAll returns all the values associated with a given key +// from within the current FormData. +func (data FormData) GetAll(key string) []any { + values, ok := data[key] + if !ok { + return nil + } + + return values +} + +// Has returns whether a FormData object contains a certain key. +func (data FormData) Has(key string) bool { + values, ok := data[key] + + return ok && len(values) > 0 +} + +// Keys returns all keys contained in the current FormData. +func (data FormData) Keys() []string { + result := make([]string, 0, len(data)) + + for k := range data { + result = append(result, k) + } + + return result +} + +// Keys returns all values contained in the current FormData. +func (data FormData) Values() []any { + result := make([]any, 0, len(data)) + + for _, values := range data { + result = append(result, values...) + } + + return result +} + +// Entries returns a [key, value] slice pair for each FormData entry. +func (data FormData) Entries() [][]any { + result := make([][]any, 0, len(data)) + + for k, values := range data { + for _, v := range values { + result = append(result, []any{k, v}) + } + } + + return result +} + +// toMultipart converts the current FormData entries into multipart encoded data. +func (data FormData) toMultipart() (*bytes.Buffer, *multipart.Writer, error) { + body := new(bytes.Buffer) + + mp := multipart.NewWriter(body) + defer mp.Close() + + for k, values := range data { + for _, rawValue := range values { + switch v := rawValue.(type) { + case *filesystem.File: + err := func() error { + mpw, err := mp.CreateFormFile(k, v.OriginalName) + if err != nil { + return err + } + + file, err := v.Reader.Open() + if err != nil { + return err + } + defer file.Close() + + _, err = io.Copy(mpw, file) + if err != nil { + return err + } + + return nil + }() + if err != nil { + return nil, nil, err + } + default: + err := mp.WriteField(k, cast.ToString(v)) + if err != nil { + return nil, nil, err + } + } + } + } + + return body, mp, nil +} diff --git a/plugins/jsvm/form_data_test.go b/plugins/jsvm/form_data_test.go new file mode 100644 index 0000000..dbf0f40 --- /dev/null +++ b/plugins/jsvm/form_data_test.go @@ -0,0 +1,225 @@ +package jsvm + +import ( + "bytes" + "encoding/json" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/list" +) + +func TestFormDataAppendAndSet(t *testing.T) { + t.Parallel() + + data := FormData{} + + data.Append("a", 1) + data.Append("a", 2) + + data.Append("b", 3) + data.Append("b", 4) + data.Set("b", 5) // should overwrite the previous 2 calls + + data.Set("c", 6) + data.Set("c", 7) + + if len(data["a"]) != 2 { + t.Fatalf("Expected 2 'a' values, got %v", data["a"]) + } + if data["a"][0] != 1 || data["a"][1] != 2 { + t.Fatalf("Expected 1 and 2 'a' key values, got %v", data["a"]) + } + + if len(data["b"]) != 1 { + t.Fatalf("Expected 1 'b' values, got %v", data["b"]) + } + if data["b"][0] != 5 { + t.Fatalf("Expected 5 as 'b' key value, got %v", data["b"]) + } + + if len(data["c"]) != 1 { + t.Fatalf("Expected 1 'c' values, got %v", data["c"]) + } + if data["c"][0] != 7 { + t.Fatalf("Expected 7 as 'c' key value, got %v", data["c"]) + } +} + +func TestFormDataDelete(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + data.Append("a", 2) + data.Append("b", 3) + + data.Delete("missing") // should do nothing + data.Delete("a") + + if len(data) != 1 { + t.Fatalf("Expected exactly 1 data remaining key, got %v", data) + } + + if data["b"][0] != 3 { + t.Fatalf("Expected 3 as 'b' key value, got %v", data["b"]) + } +} + +func TestFormDataGet(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + data.Append("a", 2) + + if v := data.Get("missing"); v != nil { + t.Fatalf("Expected %v for key 'missing', got %v", nil, v) + } + + if v := data.Get("a"); v != 1 { + t.Fatalf("Expected %v for key 'a', got %v", 1, v) + } +} + +func TestFormDataGetAll(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + data.Append("a", 2) + + if v := data.GetAll("missing"); v != nil { + t.Fatalf("Expected %v for key 'a', got %v", nil, v) + } + + values := data.GetAll("a") + if len(values) != 2 || values[0] != 1 || values[1] != 2 { + t.Fatalf("Expected 1 and 2 values, got %v", values) + } +} + +func TestFormDataHas(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + + if v := data.Has("missing"); v { + t.Fatalf("Expected key 'missing' to not exist: %v", v) + } + + if v := data.Has("a"); !v { + t.Fatalf("Expected key 'a' to exist: %v", v) + } +} + +func TestFormDataKeys(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + data.Append("b", 1) + data.Append("c", 1) + data.Append("a", 1) + + keys := data.Keys() + + expectedKeys := []string{"a", "b", "c"} + + for _, expected := range expectedKeys { + if !list.ExistInSlice(expected, keys) { + t.Fatalf("Expected key %s to exists in %v", expected, keys) + } + } +} + +func TestFormDataValues(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + data.Append("b", 2) + data.Append("c", 3) + data.Append("a", 4) + + values := data.Values() + + expectedKeys := []any{1, 2, 3, 4} + + for _, expected := range expectedKeys { + if !list.ExistInSlice(expected, values) { + t.Fatalf("Expected key %s to exists in %v", expected, values) + } + } +} + +func TestFormDataEntries(t *testing.T) { + t.Parallel() + + data := FormData{} + data.Append("a", 1) + data.Append("b", 2) + data.Append("c", 3) + data.Append("a", 4) + + entries := data.Entries() + + rawEntries, err := json.Marshal(entries) + if err != nil { + t.Fatal(err) + } + + if len(entries) != 4 { + t.Fatalf("Expected 4 entries") + } + + expectedEntries := []string{`["a",1]`, `["a",4]`, `["b",2]`, `["c",3]`} + for _, expected := range expectedEntries { + if !bytes.Contains(rawEntries, []byte(expected)) { + t.Fatalf("Expected entry %s to exists in %s", expected, rawEntries) + } + } +} + +func TestFormDataToMultipart(t *testing.T) { + t.Parallel() + + f, err := filesystem.NewFileFromBytes([]byte("abc"), "test") + if err != nil { + t.Fatal(err) + } + + data := FormData{} + data.Append("a", 1) // should be casted + data.Append("b", "test1") + data.Append("b", "test2") + data.Append("c", f) + + body, mp, err := data.toMultipart() + if err != nil { + t.Fatal(err) + } + bodyStr := body.String() + + // content type checks + contentType := mp.FormDataContentType() + expectedContentType := "multipart/form-data; boundary=" + if !strings.Contains(contentType, expectedContentType) { + t.Fatalf("Expected to find content-type %s in %s", expectedContentType, contentType) + } + + // body checks + expectedBodyParts := []string{ + "Content-Disposition: form-data; name=\"a\"\r\n\r\n1", + "Content-Disposition: form-data; name=\"b\"\r\n\r\ntest1", + "Content-Disposition: form-data; name=\"b\"\r\n\r\ntest2", + "Content-Disposition: form-data; name=\"c\"; filename=\"test\"\r\nContent-Type: application/octet-stream\r\n\r\nabc", + } + for _, part := range expectedBodyParts { + if !strings.Contains(bodyStr, part) { + t.Fatalf("Expected to find %s in body\n%s", part, bodyStr) + } + } +} diff --git a/plugins/jsvm/internal/types/generated/embed.go b/plugins/jsvm/internal/types/generated/embed.go new file mode 100644 index 0000000..b5b9825 --- /dev/null +++ b/plugins/jsvm/internal/types/generated/embed.go @@ -0,0 +1,6 @@ +package generated + +import "embed" + +//go:embed types.d.ts +var Types embed.FS diff --git a/plugins/jsvm/internal/types/generated/types.d.ts b/plugins/jsvm/internal/types/generated/types.d.ts new file mode 100644 index 0000000..2503831 --- /dev/null +++ b/plugins/jsvm/internal/types/generated/types.d.ts @@ -0,0 +1,23030 @@ +// 1746911627 +// GENERATED CODE - DO NOT MODIFY BY HAND + +// ------------------------------------------------------------------- +// cronBinds +// ------------------------------------------------------------------- + +/** + * CronAdd registers a new cron job. + * + * If a cron job with the specified name already exist, it will be + * replaced with the new one. + * + * Example: + * + * ```js + * // prints "Hello world!" on every 30 minutes + * cronAdd("hello", "*\/30 * * * *", () => { + * console.log("Hello world!") + * }) + * ``` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function cronAdd( + jobId: string, + cronExpr: string, + handler: () => void, +): void; + +/** + * CronRemove removes a single registered cron job by its name. + * + * Example: + * + * ```js + * cronRemove("hello") + * ``` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function cronRemove(jobId: string): void; + +// ------------------------------------------------------------------- +// routerBinds +// ------------------------------------------------------------------- + +/** + * RouterAdd registers a new route definition. + * + * Example: + * + * ```js + * routerAdd("GET", "/hello", (e) => { + * return e.json(200, {"message": "Hello!"}) + * }, $apis.requireAuth()) + * ``` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function routerAdd( + method: string, + path: string, + handler: (e: core.RequestEvent) => void, + ...middlewares: Array void)|Middleware>, +): void; + +/** + * RouterUse registers one or more global middlewares that are executed + * along the handler middlewares after a matching route is found. + * + * Example: + * + * ```js + * routerUse((e) => { + * console.log(e.request.url.path) + * return e.next() + * }) + * ``` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function routerUse(...middlewares: Array void)|Middleware>): void; + +// ------------------------------------------------------------------- +// baseBinds +// ------------------------------------------------------------------- + +/** + * Global helper variable that contains the absolute path to the app pb_hooks directory. + * + * @group PocketBase + */ +declare var __hooks: string + +// Utility type to exclude the on* hook methods from a type +// (hooks are separately generated as global methods). +// +// See https://www.typescriptlang.org/docs/handbook/2/mapped-types.html#key-remapping-via-as +type excludeHooks = { + [Property in keyof Type as Exclude]: Type[Property] +}; + +// CoreApp without the on* hook methods +type CoreApp = excludeHooks + +// PocketBase without the on* hook methods +type PocketBase = excludeHooks + +/** + * `$app` is the current running PocketBase instance that is globally + * available in each .pb.js file. + * + * _Note that this variable is available only in pb_hooks context._ + * + * @namespace + * @group PocketBase + */ +declare var $app: PocketBase + +/** + * `$template` is a global helper to load and cache HTML templates on the fly. + * + * The templates uses the standard Go [html/template](https://pkg.go.dev/html/template) + * and [text/template](https://pkg.go.dev/text/template) package syntax. + * + * Example: + * + * ```js + * const html = $template.loadFiles( + * "views/layout.html", + * "views/content.html", + * ).render({"name": "John"}) + * ``` + * + * _Note that this method is available only in pb_hooks context._ + * + * @namespace + * @group PocketBase + */ +declare var $template: template.Registry + +/** + * This method is superseded by toString. + * + * @deprecated + * @group PocketBase + */ +declare function readerToString(reader: any, maxBytes?: number): string; + +/** + * toString stringifies the specified value. + * + * Support optional second maxBytes argument to limit the max read bytes + * when the value is a io.Reader (default to 32MB). + * + * Types that don't have explicit string representation are json serialized. + * + * Example: + * + * ```js + * // io.Reader + * const ex1 = toString(e.request.body) + * + * // slice of bytes ("hello") + * const ex2 = toString([104 101 108 108 111]) + * ``` + * + * @group PocketBase + */ +declare function toString(val: any, maxBytes?: number): string; + +/** + * sleep pauses the current goroutine for at least the specified user duration (in ms). + * A zero or negative duration returns immediately. + * + * Example: + * + * ```js + * sleep(250) // sleeps for 250ms + * ``` + * + * @group PocketBase + */ +declare function sleep(milliseconds: number): void; + +/** + * arrayOf creates a placeholder array of the specified models. + * Usually used to populate DB result into an array of models. + * + * Example: + * + * ```js + * const records = arrayOf(new Record) + * + * $app.recordQuery("articles").limit(10).all(records) + * ``` + * + * @group PocketBase + */ +declare function arrayOf(model: T): Array; + +/** + * DynamicModel creates a new dynamic model with fields from the provided data shape. + * + * Note that in order to use 0 as double/float initialization number you have to use negative zero (`-0`). + * + * Example: + * + * ```js + * const model = new DynamicModel({ + * name: "" + * age: 0, // int64 + * totalSpent: -0, // float64 + * active: false, + * roles: [], + * meta: {} + * }) + * ``` + * + * @group PocketBase + */ +declare class DynamicModel { + constructor(shape?: { [key:string]: any }) +} + +interface Context extends context.Context{} // merge +/** + * Context creates a new empty Go context.Context. + * + * This is usually used as part of some Go transitive bindings. + * + * Example: + * + * ```js + * const blank = new Context() + * + * // with single key-value pair + * const base = new Context(null, "a", 123) + * console.log(base.value("a")) // 123 + * + * // extend with additional key-value pair + * const sub = new Context(base, "b", 456) + * console.log(sub.value("a")) // 123 + * console.log(sub.value("b")) // 456 + * ``` + * + * @group PocketBase + */ +declare class Context implements context.Context { + constructor(parentCtx?: Context, key?: any, value?: any) +} + +/** + * Record model class. + * + * ```js + * const collection = $app.findCollectionByNameOrId("article") + * + * const record = new Record(collection, { + * title: "Lorem ipsum" + * }) + * + * // or set field values after the initialization + * record.set("description", "...") + * ``` + * + * @group PocketBase + */ +declare const Record: { + new(collection?: core.Collection, data?: { [key:string]: any }): core.Record + + // note: declare as "newable" const due to conflict with the Record TS utility type +} + +interface Collection extends core.Collection{ + type: "base" | "view" | "auth" +} // merge +/** + * Collection model class. + * + * ```js + * const collection = new Collection({ + * type: "base", + * name: "article", + * listRule: "@request.auth.id != '' || status = 'public'", + * viewRule: "@request.auth.id != '' || status = 'public'", + * deleteRule: "@request.auth.id != ''", + * fields: [ + * { + * name: "title", + * type: "text", + * required: true, + * min: 6, + * max: 100, + * }, + * { + * name: "description", + * type: "text", + * }, + * ] + * }) + * ``` + * + * @group PocketBase + */ +declare class Collection implements core.Collection { + constructor(data?: Partial) +} + +interface FieldsList extends core.FieldsList{} // merge +/** + * FieldsList model class, usually used to define the Collection.fields. + * + * @group PocketBase + */ +declare class FieldsList implements core.FieldsList { + constructor(data?: Partial) +} + +interface Field extends core.Field{} // merge +/** + * Field model class, usually used as part of the FieldsList model. + * + * @group PocketBase + */ +declare class Field implements core.Field { + constructor(data?: Partial) +} + +interface NumberField extends core.NumberField{} // merge +/** + * {@inheritDoc core.NumberField} + * + * @group PocketBase + */ +declare class NumberField implements core.NumberField { + constructor(data?: Partial) +} + +interface BoolField extends core.BoolField{} // merge +/** + * {@inheritDoc core.BoolField} + * + * @group PocketBase + */ +declare class BoolField implements core.BoolField { + constructor(data?: Partial) +} + +interface TextField extends core.TextField{} // merge +/** + * {@inheritDoc core.TextField} + * + * @group PocketBase + */ +declare class TextField implements core.TextField { + constructor(data?: Partial) +} + +interface URLField extends core.URLField{} // merge +/** + * {@inheritDoc core.URLField} + * + * @group PocketBase + */ +declare class URLField implements core.URLField { + constructor(data?: Partial) +} + +interface EmailField extends core.EmailField{} // merge +/** + * {@inheritDoc core.EmailField} + * + * @group PocketBase + */ +declare class EmailField implements core.EmailField { + constructor(data?: Partial) +} + +interface EditorField extends core.EditorField{} // merge +/** + * {@inheritDoc core.EditorField} + * + * @group PocketBase + */ +declare class EditorField implements core.EditorField { + constructor(data?: Partial) +} + +interface PasswordField extends core.PasswordField{} // merge +/** + * {@inheritDoc core.PasswordField} + * + * @group PocketBase + */ +declare class PasswordField implements core.PasswordField { + constructor(data?: Partial) +} + +interface DateField extends core.DateField{} // merge +/** + * {@inheritDoc core.DateField} + * + * @group PocketBase + */ +declare class DateField implements core.DateField { + constructor(data?: Partial) +} + +interface AutodateField extends core.AutodateField{} // merge +/** + * {@inheritDoc core.AutodateField} + * + * @group PocketBase + */ +declare class AutodateField implements core.AutodateField { + constructor(data?: Partial) +} + +interface JSONField extends core.JSONField{} // merge +/** + * {@inheritDoc core.JSONField} + * + * @group PocketBase + */ +declare class JSONField implements core.JSONField { + constructor(data?: Partial) +} + +interface RelationField extends core.RelationField{} // merge +/** + * {@inheritDoc core.RelationField} + * + * @group PocketBase + */ +declare class RelationField implements core.RelationField { + constructor(data?: Partial) +} + +interface SelectField extends core.SelectField{} // merge +/** + * {@inheritDoc core.SelectField} + * + * @group PocketBase + */ +declare class SelectField implements core.SelectField { + constructor(data?: Partial) +} + +interface FileField extends core.FileField{} // merge +/** + * {@inheritDoc core.FileField} + * + * @group PocketBase + */ +declare class FileField implements core.FileField { + constructor(data?: Partial) +} + +interface GeoPointField extends core.GeoPointField{} // merge +/** + * {@inheritDoc core.GeoPointField} + * + * @group PocketBase + */ +declare class GeoPointField implements core.GeoPointField { + constructor(data?: Partial) +} + +interface MailerMessage extends mailer.Message{} // merge +/** + * MailerMessage defines a single email message. + * + * ```js + * const message = new MailerMessage({ + * from: { + * address: $app.settings().meta.senderAddress, + * name: $app.settings().meta.senderName, + * }, + * to: [{address: "test@example.com"}], + * subject: "YOUR_SUBJECT...", + * html: "YOUR_HTML_BODY...", + * }) + * + * $app.newMailClient().send(message) + * ``` + * + * @group PocketBase + */ +declare class MailerMessage implements mailer.Message { + constructor(message?: Partial) +} + +interface Command extends cobra.Command{} // merge +/** + * Command defines a single console command. + * + * Example: + * + * ```js + * const command = new Command({ + * use: "hello", + * run: (cmd, args) => { console.log("Hello world!") }, + * }) + * + * $app.rootCmd.addCommand(command); + * ``` + * + * @group PocketBase + */ +declare class Command implements cobra.Command { + constructor(cmd?: Partial) +} + +/** + * RequestInfo defines a single core.RequestInfo instance, usually used + * as part of various filter checks. + * + * Example: + * + * ```js + * const authRecord = $app.findAuthRecordByEmail("users", "test@example.com") + * + * const info = new RequestInfo({ + * auth: authRecord, + * body: {"name": 123}, + * headers: {"x-token": "..."}, + * }) + * + * const record = $app.findFirstRecordByData("articles", "slug", "hello") + * + * const canAccess = $app.canAccessRecord(record, info, "@request.auth.id != '' && @request.body.name = 123") + * ``` + * + * @group PocketBase + */ +declare const RequestInfo: { + new(info?: Partial): core.RequestInfo + + // note: declare as "newable" const due to conflict with the RequestInfo TS node type +} + +/** + * Middleware defines a single request middleware handler. + * + * This class is usually used when you want to explicitly specify a priority to your custom route middleware. + * + * Example: + * + * ```js + * routerUse(new Middleware((e) => { + * console.log(e.request.url.path) + * return e.next() + * }, -10)) + * ``` + * + * @group PocketBase + */ +declare class Middleware { + constructor( + func: string|((e: core.RequestEvent) => void), + priority?: number, + id?: string, + ) +} + +interface Timezone extends time.Location{} // merge +/** + * Timezone returns the timezone location with the given name. + * + * The name is expected to be a location name corresponding to a file + * in the IANA Time Zone database, such as "America/New_York". + * + * If the name is "Local", LoadLocation returns Local. + * + * If the name is "", invalid or "UTC", returns UTC. + * + * The constructor is equivalent to calling the Go `time.LoadLocation(name)` method. + * + * Example: + * + * ```js + * const zone = new Timezone("America/New_York") + * $app.cron().setTimezone(zone) + * ``` + * + * @group PocketBase + */ +declare class Timezone implements time.Location { + constructor(name?: string) +} + +interface DateTime extends types.DateTime{} // merge +/** + * DateTime defines a single DateTime type instance. + * The returned date is always represented in UTC. + * + * Example: + * + * ```js + * const dt0 = new DateTime() // now + * + * // full datetime string + * const dt1 = new DateTime('2023-07-01 00:00:00.000Z') + * + * // datetime string with default "parse in" timezone location + * // + * // similar to new DateTime('2023-07-01 00:00:00 +01:00') or new DateTime('2023-07-01 00:00:00 +02:00') + * // but accounts for the daylight saving time (DST) + * const dt2 = new DateTime('2023-07-01 00:00:00', 'Europe/Amsterdam') + * ``` + * + * @group PocketBase + */ +declare class DateTime implements types.DateTime { + constructor(date?: string, defaultParseInLocation?: string) +} + +interface ValidationError extends ozzo_validation.Error{} // merge +/** + * ValidationError defines a single formatted data validation error, + * usually used as part of an error response. + * + * ```js + * new ValidationError("invalid_title", "Title is not valid") + * ``` + * + * @group PocketBase + */ +declare class ValidationError implements ozzo_validation.Error { + constructor(code?: string, message?: string) +} + +interface Cookie extends http.Cookie{} // merge +/** + * A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an + * HTTP response. + * + * Example: + * + * ```js + * routerAdd("POST", "/example", (c) => { + * c.setCookie(new Cookie({ + * name: "example_name", + * value: "example_value", + * path: "/", + * domain: "example.com", + * maxAge: 10, + * secure: true, + * httpOnly: true, + * sameSite: 3, + * })) + * + * return c.redirect(200, "/"); + * }) + * ``` + * + * @group PocketBase + */ +declare class Cookie implements http.Cookie { + constructor(options?: Partial) +} + +interface SubscriptionMessage extends subscriptions.Message{} // merge +/** + * SubscriptionMessage defines a realtime subscription payload. + * + * Example: + * + * ```js + * onRealtimeConnectRequest((e) => { + * e.client.send(new SubscriptionMessage({ + * name: "example", + * data: '{"greeting": "Hello world"}' + * })) + * }) + * ``` + * + * @group PocketBase + */ +declare class SubscriptionMessage implements subscriptions.Message { + constructor(options?: Partial) +} + +// ------------------------------------------------------------------- +// dbxBinds +// ------------------------------------------------------------------- + +/** + * `$dbx` defines common utility for working with the DB abstraction. + * For examples and guides please check the [Database guide](https://pocketbase.io/docs/js-database). + * + * @group PocketBase + */ +declare namespace $dbx { + /** + * {@inheritDoc dbx.HashExp} + */ + export function hashExp(pairs: { [key:string]: any }): dbx.Expression + + let _in: dbx._in + export { _in as in } + + export let exp: dbx.newExp + export let not: dbx.not + export let and: dbx.and + export let or: dbx.or + export let notIn: dbx.notIn + export let like: dbx.like + export let orLike: dbx.orLike + export let notLike: dbx.notLike + export let orNotLike: dbx.orNotLike + export let exists: dbx.exists + export let notExists: dbx.notExists + export let between: dbx.between + export let notBetween: dbx.notBetween +} + +// ------------------------------------------------------------------- +// mailsBinds +// ------------------------------------------------------------------- + +/** + * `$mails` defines helpers to send common + * auth records emails like verification, password reset, etc. + * + * @group PocketBase + */ +declare namespace $mails { + let sendRecordPasswordReset: mails.sendRecordPasswordReset + let sendRecordVerification: mails.sendRecordVerification + let sendRecordChangeEmail: mails.sendRecordChangeEmail + let sendRecordOTP: mails.sendRecordOTP +} + +// ------------------------------------------------------------------- +// securityBinds +// ------------------------------------------------------------------- + +/** + * `$security` defines low level helpers for creating + * and parsing JWTs, random string generation, AES encryption, etc. + * + * @group PocketBase + */ +declare namespace $security { + let randomString: security.randomString + let randomStringWithAlphabet: security.randomStringWithAlphabet + let randomStringByRegex: security.randomStringByRegex + let pseudorandomString: security.pseudorandomString + let pseudorandomStringWithAlphabet: security.pseudorandomStringWithAlphabet + let encrypt: security.encrypt + let decrypt: security.decrypt + let hs256: security.hs256 + let hs512: security.hs512 + let equal: security.equal + let md5: security.md5 + let sha256: security.sha256 + let sha512: security.sha512 + + /** + * {@inheritDoc security.newJWT} + */ + export function createJWT(payload: { [key:string]: any }, signingKey: string, secDuration: number): string + + /** + * {@inheritDoc security.parseUnverifiedJWT} + */ + export function parseUnverifiedJWT(token: string): _TygojaDict + + /** + * {@inheritDoc security.parseJWT} + */ + export function parseJWT(token: string, verificationKey: string): _TygojaDict +} + +// ------------------------------------------------------------------- +// filesystemBinds +// ------------------------------------------------------------------- + +/** + * `$filesystem` defines common helpers for working + * with the PocketBase filesystem abstraction. + * + * @group PocketBase + */ +declare namespace $filesystem { + let fileFromPath: filesystem.newFileFromPath + let fileFromBytes: filesystem.newFileFromBytes + let fileFromMultipart: filesystem.newFileFromMultipart + + /** + * fileFromURL creates a new File from the provided url by + * downloading the resource and creating a BytesReader. + * + * Example: + * + * ```js + * // with default max timeout of 120sec + * const file1 = $filesystem.fileFromURL("https://...") + * + * // with custom timeout of 15sec + * const file2 = $filesystem.fileFromURL("https://...", 15) + * ``` + */ + export function fileFromURL(url: string, secTimeout?: number): filesystem.File +} + +// ------------------------------------------------------------------- +// filepathBinds +// ------------------------------------------------------------------- + +/** + * `$filepath` defines common helpers for manipulating filename + * paths in a way compatible with the target operating system-defined file paths. + * + * @group PocketBase + */ +declare namespace $filepath { + export let base: filepath.base + export let clean: filepath.clean + export let dir: filepath.dir + export let ext: filepath.ext + export let fromSlash: filepath.fromSlash + export let glob: filepath.glob + export let isAbs: filepath.isAbs + export let join: filepath.join + export let match: filepath.match + export let rel: filepath.rel + export let split: filepath.split + export let splitList: filepath.splitList + export let toSlash: filepath.toSlash + export let walk: filepath.walk + export let walkDir: filepath.walkDir +} + +// ------------------------------------------------------------------- +// osBinds +// ------------------------------------------------------------------- + +/** + * `$os` defines common helpers for working with the OS level primitives + * (eg. deleting directories, executing shell commands, etc.). + * + * @group PocketBase + */ +declare namespace $os { + /** + * Legacy alias for $os.cmd(). + */ + export let exec: exec.command + + /** + * Prepares an external OS command. + * + * Example: + * + * ```js + * // prepare the command to execute + * const cmd = $os.cmd('ls', '-sl') + * + * // execute the command and return its standard output as string + * const output = toString(cmd.output()); + * ``` + */ + export let cmd: exec.command + + /** + * Args hold the command-line arguments, starting with the program name. + */ + export let args: Array + + export let exit: os.exit + export let getenv: os.getenv + export let dirFS: os.dirFS + export let readFile: os.readFile + export let writeFile: os.writeFile + export let stat: os.stat + export let readDir: os.readDir + export let tempDir: os.tempDir + export let truncate: os.truncate + export let getwd: os.getwd + export let mkdir: os.mkdir + export let mkdirAll: os.mkdirAll + export let rename: os.rename + export let remove: os.remove + export let removeAll: os.removeAll +} + +// ------------------------------------------------------------------- +// formsBinds +// ------------------------------------------------------------------- + +interface AppleClientSecretCreateForm extends forms.AppleClientSecretCreate{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class AppleClientSecretCreateForm implements forms.AppleClientSecretCreate { + constructor(app: CoreApp) +} + +interface RecordUpsertForm extends forms.RecordUpsert{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class RecordUpsertForm implements forms.RecordUpsert { + constructor(app: CoreApp, record: core.Record) +} + +interface TestEmailSendForm extends forms.TestEmailSend{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class TestEmailSendForm implements forms.TestEmailSend { + constructor(app: CoreApp) +} + +interface TestS3FilesystemForm extends forms.TestS3Filesystem{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class TestS3FilesystemForm implements forms.TestS3Filesystem { + constructor(app: CoreApp) +} + +// ------------------------------------------------------------------- +// apisBinds +// ------------------------------------------------------------------- + +interface ApiError extends router.ApiError{} // merge +/** + * @inheritDoc + * + * @group PocketBase + */ +declare class ApiError implements router.ApiError { + constructor(status?: number, message?: string, data?: any) +} + +interface NotFoundError extends router.ApiError{} // merge +/** + * NotFounderor returns 404 ApiError. + * + * @group PocketBase + */ +declare class NotFoundError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface BadRequestError extends router.ApiError{} // merge +/** + * BadRequestError returns 400 ApiError. + * + * @group PocketBase + */ +declare class BadRequestError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface ForbiddenError extends router.ApiError{} // merge +/** + * ForbiddenError returns 403 ApiError. + * + * @group PocketBase + */ +declare class ForbiddenError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface UnauthorizedError extends router.ApiError{} // merge +/** + * UnauthorizedError returns 401 ApiError. + * + * @group PocketBase + */ +declare class UnauthorizedError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface TooManyRequestsError extends router.ApiError{} // merge +/** + * TooManyRequestsError returns 429 ApiError. + * + * @group PocketBase + */ +declare class TooManyRequestsError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface InternalServerError extends router.ApiError{} // merge +/** + * InternalServerError returns 429 ApiError. + * + * @group PocketBase + */ +declare class InternalServerError implements router.ApiError { + constructor(message?: string, data?: any) +} + +/** + * `$apis` defines commonly used PocketBase api helpers and middlewares. + * + * @group PocketBase + */ +declare namespace $apis { + /** + * Route handler to serve static directory content (html, js, css, etc.). + * + * If a file resource is missing and indexFallback is set, the request + * will be forwarded to the base index.html (useful for SPA). + */ + export function static(dir: string, indexFallback: boolean): (e: core.RequestEvent) => void + + let requireGuestOnly: apis.requireGuestOnly + let requireAuth: apis.requireAuth + let requireSuperuserAuth: apis.requireSuperuserAuth + let requireSuperuserOrOwnerAuth: apis.requireSuperuserOrOwnerAuth + let skipSuccessActivityLog: apis.skipSuccessActivityLog + let gzip: apis.gzip + let bodyLimit: apis.bodyLimit + let enrichRecord: apis.enrichRecord + let enrichRecords: apis.enrichRecords + + /** + * RecordAuthResponse writes standardized json record auth response + * into the specified request event. + * + * The authMethod argument specify the name of the current authentication method (eg. password, oauth2, etc.) + * that it is used primarily as an auth identifier during MFA and for login alerts. + * + * Set authMethod to empty string if you want to ignore the MFA checks and the login alerts + * (can be also adjusted additionally via the onRecordAuthRequest hook). + */ + export function recordAuthResponse(e: core.RequestEvent, authRecord: core.Record, authMethod: string, meta?: any): void +} + +// ------------------------------------------------------------------- +// httpClientBinds +// ------------------------------------------------------------------- + +// extra FormData overload to prevent TS warnings when used with non File/Blob value. +interface FormData { + append(key:string, value:any): void + set(key:string, value:any): void +} + +/** + * `$http` defines common methods for working with HTTP requests. + * + * @group PocketBase + */ +declare namespace $http { + /** + * Sends a single HTTP request. + * + * Example: + * + * ```js + * const res = $http.send({ + * method: "POST", + * url: "https://example.com", + * body: JSON.stringify({"title": "test"}), + * headers: { 'Content-Type': 'application/json' } + * }) + * + * console.log(res.statusCode) // the response HTTP status code + * console.log(res.headers) // the response headers (eg. res.headers['X-Custom'][0]) + * console.log(res.cookies) // the response cookies (eg. res.cookies.sessionId.value) + * console.log(res.body) // the response body as raw bytes slice + * console.log(res.json) // the response body as parsed json array or map + * ``` + */ + function send(config: { + url: string, + body?: string|FormData, + method?: string, // default to "GET" + headers?: { [key:string]: string }, + timeout?: number, // default to 120 + + // @deprecated please use body instead + data?: { [key:string]: any }, + }): { + statusCode: number, + headers: { [key:string]: Array }, + cookies: { [key:string]: http.Cookie }, + json: any, + body: Array, + + // @deprecated please use toString(result.body) instead + raw: string, + }; +} + +// ------------------------------------------------------------------- +// migrate only +// ------------------------------------------------------------------- + +/** + * Migrate defines a single migration upgrade/downgrade action. + * + * _Note that this method is available only in pb_migrations context._ + * + * @group PocketBase + */ +declare function migrate( + up: (txApp: CoreApp) => void, + down?: (txApp: CoreApp) => void +): void; +/** @group PocketBase */declare function onBackupCreate(handler: (e: core.BackupEvent) => void): void +/** @group PocketBase */declare function onBackupRestore(handler: (e: core.BackupEvent) => void): void +/** @group PocketBase */declare function onBatchRequest(handler: (e: core.BatchRequestEvent) => void): void +/** @group PocketBase */declare function onBootstrap(handler: (e: core.BootstrapEvent) => void): void +/** @group PocketBase */declare function onCollectionAfterCreateError(handler: (e: core.CollectionErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionAfterCreateSuccess(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionAfterDeleteError(handler: (e: core.CollectionErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionAfterDeleteSuccess(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionAfterUpdateError(handler: (e: core.CollectionErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionAfterUpdateSuccess(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionCreate(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionCreateExecute(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionCreateRequest(handler: (e: core.CollectionRequestEvent) => void): void +/** @group PocketBase */declare function onCollectionDelete(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionDeleteExecute(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionDeleteRequest(handler: (e: core.CollectionRequestEvent) => void): void +/** @group PocketBase */declare function onCollectionUpdate(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionUpdateExecute(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionUpdateRequest(handler: (e: core.CollectionRequestEvent) => void): void +/** @group PocketBase */declare function onCollectionValidate(handler: (e: core.CollectionEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onCollectionViewRequest(handler: (e: core.CollectionRequestEvent) => void): void +/** @group PocketBase */declare function onCollectionsImportRequest(handler: (e: core.CollectionsImportRequestEvent) => void): void +/** @group PocketBase */declare function onCollectionsListRequest(handler: (e: core.CollectionsListRequestEvent) => void): void +/** @group PocketBase */declare function onFileDownloadRequest(handler: (e: core.FileDownloadRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onFileTokenRequest(handler: (e: core.FileTokenRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onMailerRecordAuthAlertSend(handler: (e: core.MailerRecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onMailerRecordEmailChangeSend(handler: (e: core.MailerRecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onMailerRecordOTPSend(handler: (e: core.MailerRecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onMailerRecordPasswordResetSend(handler: (e: core.MailerRecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onMailerRecordVerificationSend(handler: (e: core.MailerRecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onMailerSend(handler: (e: core.MailerEvent) => void): void +/** @group PocketBase */declare function onModelAfterCreateError(handler: (e: core.ModelErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelAfterCreateSuccess(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelAfterDeleteError(handler: (e: core.ModelErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelAfterDeleteSuccess(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelAfterUpdateError(handler: (e: core.ModelErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelAfterUpdateSuccess(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelCreate(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelCreateExecute(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelDelete(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelDeleteExecute(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelUpdate(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelUpdateExecute(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onModelValidate(handler: (e: core.ModelEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRealtimeConnectRequest(handler: (e: core.RealtimeConnectRequestEvent) => void): void +/** @group PocketBase */declare function onRealtimeMessageSend(handler: (e: core.RealtimeMessageEvent) => void): void +/** @group PocketBase */declare function onRealtimeSubscribeRequest(handler: (e: core.RealtimeSubscribeRequestEvent) => void): void +/** @group PocketBase */declare function onRecordAfterCreateError(handler: (e: core.RecordErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAfterCreateSuccess(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAfterDeleteError(handler: (e: core.RecordErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAfterDeleteSuccess(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAfterUpdateError(handler: (e: core.RecordErrorEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAfterUpdateSuccess(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAuthRefreshRequest(handler: (e: core.RecordAuthRefreshRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAuthRequest(handler: (e: core.RecordAuthRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAuthWithOAuth2Request(handler: (e: core.RecordAuthWithOAuth2RequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAuthWithOTPRequest(handler: (e: core.RecordAuthWithOTPRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordAuthWithPasswordRequest(handler: (e: core.RecordAuthWithPasswordRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordConfirmEmailChangeRequest(handler: (e: core.RecordConfirmEmailChangeRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordConfirmPasswordResetRequest(handler: (e: core.RecordConfirmPasswordResetRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordConfirmVerificationRequest(handler: (e: core.RecordConfirmVerificationRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordCreate(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordCreateExecute(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordCreateRequest(handler: (e: core.RecordRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordDelete(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordDeleteExecute(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordDeleteRequest(handler: (e: core.RecordRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordEnrich(handler: (e: core.RecordEnrichEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordRequestEmailChangeRequest(handler: (e: core.RecordRequestEmailChangeRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordRequestOTPRequest(handler: (e: core.RecordCreateOTPRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordRequestPasswordResetRequest(handler: (e: core.RecordRequestPasswordResetRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordRequestVerificationRequest(handler: (e: core.RecordRequestVerificationRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordUpdate(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordUpdateExecute(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordUpdateRequest(handler: (e: core.RecordRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordValidate(handler: (e: core.RecordEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordViewRequest(handler: (e: core.RecordRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onRecordsListRequest(handler: (e: core.RecordsListRequestEvent) => void, ...tags: string[]): void +/** @group PocketBase */declare function onSettingsListRequest(handler: (e: core.SettingsListRequestEvent) => void): void +/** @group PocketBase */declare function onSettingsReload(handler: (e: core.SettingsReloadEvent) => void): void +/** @group PocketBase */declare function onSettingsUpdateRequest(handler: (e: core.SettingsUpdateRequestEvent) => void): void +/** @group PocketBase */declare function onTerminate(handler: (e: core.TerminateEvent) => void): void +type _TygojaDict = { [key:string | number | symbol]: any; } +type _TygojaAny = any + +/** + * Package os provides a platform-independent interface to operating system + * functionality. The design is Unix-like, although the error handling is + * Go-like; failing calls return values of type error rather than error numbers. + * Often, more information is available within the error. For example, + * if a call that takes a file name fails, such as [Open] or [Stat], the error + * will include the failing file name when printed and will be of type + * [*PathError], which may be unpacked for more information. + * + * The os interface is intended to be uniform across all operating systems. + * Features not generally available appear in the system-specific package syscall. + * + * Here is a simple example, opening a file and reading some of it. + * + * ``` + * file, err := os.Open("file.go") // For read access. + * if err != nil { + * log.Fatal(err) + * } + * ``` + * + * If the open fails, the error string will be self-explanatory, like + * + * ``` + * open file.go: no such file or directory + * ``` + * + * The file's data can then be read into a slice of bytes. Read and + * Write take their byte counts from the length of the argument slice. + * + * ``` + * data := make([]byte, 100) + * count, err := file.Read(data) + * if err != nil { + * log.Fatal(err) + * } + * fmt.Printf("read %d bytes: %q\n", count, data[:count]) + * ``` + * + * # Concurrency + * + * The methods of [File] correspond to file system operations. All are + * safe for concurrent use. The maximum number of concurrent + * operations on a File may be limited by the OS or the system. The + * number should be high, but exceeding it may degrade performance or + * cause other issues. + */ +namespace os { + interface readdirMode extends Number{} + interface File { + /** + * Readdir reads the contents of the directory associated with file and + * returns a slice of up to n [FileInfo] values, as would be returned + * by [Lstat], in directory order. Subsequent calls on the same file will yield + * further FileInfos. + * + * If n > 0, Readdir returns at most n FileInfo structures. In this case, if + * Readdir returns an empty slice, it will return a non-nil error + * explaining why. At the end of a directory, the error is [io.EOF]. + * + * If n <= 0, Readdir returns all the FileInfo from the directory in + * a single slice. In this case, if Readdir succeeds (reads all + * the way to the end of the directory), it returns the slice and a + * nil error. If it encounters an error before the end of the + * directory, Readdir returns the FileInfo read until that point + * and a non-nil error. + * + * Most clients are better served by the more efficient ReadDir method. + */ + readdir(n: number): Array + } + interface File { + /** + * Readdirnames reads the contents of the directory associated with file + * and returns a slice of up to n names of files in the directory, + * in directory order. Subsequent calls on the same file will yield + * further names. + * + * If n > 0, Readdirnames returns at most n names. In this case, if + * Readdirnames returns an empty slice, it will return a non-nil error + * explaining why. At the end of a directory, the error is [io.EOF]. + * + * If n <= 0, Readdirnames returns all the names from the directory in + * a single slice. In this case, if Readdirnames succeeds (reads all + * the way to the end of the directory), it returns the slice and a + * nil error. If it encounters an error before the end of the + * directory, Readdirnames returns the names read until that point and + * a non-nil error. + */ + readdirnames(n: number): Array + } + /** + * A DirEntry is an entry read from a directory + * (using the [ReadDir] function or a [File.ReadDir] method). + */ + interface DirEntry extends fs.DirEntry{} + interface File { + /** + * ReadDir reads the contents of the directory associated with the file f + * and returns a slice of [DirEntry] values in directory order. + * Subsequent calls on the same file will yield later DirEntry records in the directory. + * + * If n > 0, ReadDir returns at most n DirEntry records. + * In this case, if ReadDir returns an empty slice, it will return an error explaining why. + * At the end of a directory, the error is [io.EOF]. + * + * If n <= 0, ReadDir returns all the DirEntry records remaining in the directory. + * When it succeeds, it returns a nil error (not io.EOF). + */ + readDir(n: number): Array + } + interface readDir { + /** + * ReadDir reads the named directory, + * returning all its directory entries sorted by filename. + * If an error occurs reading the directory, + * ReadDir returns the entries it was able to read before the error, + * along with the error. + */ + (name: string): Array + } + interface copyFS { + /** + * CopyFS copies the file system fsys into the directory dir, + * creating dir if necessary. + * + * Files are created with mode 0o666 plus any execute permissions + * from the source, and directories are created with mode 0o777 + * (before umask). + * + * CopyFS will not overwrite existing files. If a file name in fsys + * already exists in the destination, CopyFS will return an error + * such that errors.Is(err, fs.ErrExist) will be true. + * + * Symbolic links in fsys are not supported. A *PathError with Err set + * to ErrInvalid is returned when copying from a symbolic link. + * + * Symbolic links in dir are followed. + * + * Copying stops at and returns the first error encountered. + */ + (dir: string, fsys: fs.FS): void + } + /** + * Auxiliary information if the File describes a directory + */ + interface dirInfo { + } + interface expand { + /** + * Expand replaces ${var} or $var in the string based on the mapping function. + * For example, [os.ExpandEnv](s) is equivalent to [os.Expand](s, [os.Getenv]). + */ + (s: string, mapping: (_arg0: string) => string): string + } + interface expandEnv { + /** + * ExpandEnv replaces ${var} or $var in the string according to the values + * of the current environment variables. References to undefined + * variables are replaced by the empty string. + */ + (s: string): string + } + interface getenv { + /** + * Getenv retrieves the value of the environment variable named by the key. + * It returns the value, which will be empty if the variable is not present. + * To distinguish between an empty value and an unset value, use [LookupEnv]. + */ + (key: string): string + } + interface lookupEnv { + /** + * LookupEnv retrieves the value of the environment variable named + * by the key. If the variable is present in the environment the + * value (which may be empty) is returned and the boolean is true. + * Otherwise the returned value will be empty and the boolean will + * be false. + */ + (key: string): [string, boolean] + } + interface setenv { + /** + * Setenv sets the value of the environment variable named by the key. + * It returns an error, if any. + */ + (key: string, value: string): void + } + interface unsetenv { + /** + * Unsetenv unsets a single environment variable. + */ + (key: string): void + } + interface clearenv { + /** + * Clearenv deletes all environment variables. + */ + (): void + } + interface environ { + /** + * Environ returns a copy of strings representing the environment, + * in the form "key=value". + */ + (): Array + } + interface timeout { + [key:string]: any; + timeout(): boolean + } + /** + * PathError records an error and the operation and file path that caused it. + */ + interface PathError extends fs.PathError{} + /** + * SyscallError records an error from a specific system call. + */ + interface SyscallError { + syscall: string + err: Error + } + interface SyscallError { + error(): string + } + interface SyscallError { + unwrap(): void + } + interface SyscallError { + /** + * Timeout reports whether this error represents a timeout. + */ + timeout(): boolean + } + interface newSyscallError { + /** + * NewSyscallError returns, as an error, a new [SyscallError] + * with the given system call name and error details. + * As a convenience, if err is nil, NewSyscallError returns nil. + */ + (syscall: string, err: Error): void + } + interface isExist { + /** + * IsExist returns a boolean indicating whether its argument is known to report + * that a file or directory already exists. It is satisfied by [ErrExist] as + * well as some syscall errors. + * + * This function predates [errors.Is]. It only supports errors returned by + * the os package. New code should use errors.Is(err, fs.ErrExist). + */ + (err: Error): boolean + } + interface isNotExist { + /** + * IsNotExist returns a boolean indicating whether its argument is known to + * report that a file or directory does not exist. It is satisfied by + * [ErrNotExist] as well as some syscall errors. + * + * This function predates [errors.Is]. It only supports errors returned by + * the os package. New code should use errors.Is(err, fs.ErrNotExist). + */ + (err: Error): boolean + } + interface isPermission { + /** + * IsPermission returns a boolean indicating whether its argument is known to + * report that permission is denied. It is satisfied by [ErrPermission] as well + * as some syscall errors. + * + * This function predates [errors.Is]. It only supports errors returned by + * the os package. New code should use errors.Is(err, fs.ErrPermission). + */ + (err: Error): boolean + } + interface isTimeout { + /** + * IsTimeout returns a boolean indicating whether its argument is known + * to report that a timeout occurred. + * + * This function predates [errors.Is], and the notion of whether an + * error indicates a timeout can be ambiguous. For example, the Unix + * error EWOULDBLOCK sometimes indicates a timeout and sometimes does not. + * New code should use errors.Is with a value appropriate to the call + * returning the error, such as [os.ErrDeadlineExceeded]. + */ + (err: Error): boolean + } + interface syscallErrorType extends syscall.Errno{} + interface processMode extends Number{} + interface processStatus extends Number{} + /** + * Process stores the information about a process created by [StartProcess]. + */ + interface Process { + pid: number + } + /** + * ProcAttr holds the attributes that will be applied to a new process + * started by StartProcess. + */ + interface ProcAttr { + /** + * If Dir is non-empty, the child changes into the directory before + * creating the process. + */ + dir: string + /** + * If Env is non-nil, it gives the environment variables for the + * new process in the form returned by Environ. + * If it is nil, the result of Environ will be used. + */ + env: Array + /** + * Files specifies the open files inherited by the new process. The + * first three entries correspond to standard input, standard output, and + * standard error. An implementation may support additional entries, + * depending on the underlying operating system. A nil entry corresponds + * to that file being closed when the process starts. + * On Unix systems, StartProcess will change these File values + * to blocking mode, which means that SetDeadline will stop working + * and calling Close will not interrupt a Read or Write. + */ + files: Array<(File | undefined)> + /** + * Operating system-specific process creation attributes. + * Note that setting this field means that your program + * may not execute properly or even compile on some + * operating systems. + */ + sys?: syscall.SysProcAttr + } + /** + * A Signal represents an operating system signal. + * The usual underlying implementation is operating system-dependent: + * on Unix it is syscall.Signal. + */ + interface Signal { + [key:string]: any; + string(): string + signal(): void // to distinguish from other Stringers + } + interface getpid { + /** + * Getpid returns the process id of the caller. + */ + (): number + } + interface getppid { + /** + * Getppid returns the process id of the caller's parent. + */ + (): number + } + interface findProcess { + /** + * FindProcess looks for a running process by its pid. + * + * The [Process] it returns can be used to obtain information + * about the underlying operating system process. + * + * On Unix systems, FindProcess always succeeds and returns a Process + * for the given pid, regardless of whether the process exists. To test whether + * the process actually exists, see whether p.Signal(syscall.Signal(0)) reports + * an error. + */ + (pid: number): (Process) + } + interface startProcess { + /** + * StartProcess starts a new process with the program, arguments and attributes + * specified by name, argv and attr. The argv slice will become [os.Args] in the + * new process, so it normally starts with the program name. + * + * If the calling goroutine has locked the operating system thread + * with [runtime.LockOSThread] and modified any inheritable OS-level + * thread state (for example, Linux or Plan 9 name spaces), the new + * process will inherit the caller's thread state. + * + * StartProcess is a low-level interface. The [os/exec] package provides + * higher-level interfaces. + * + * If there is an error, it will be of type [*PathError]. + */ + (name: string, argv: Array, attr: ProcAttr): (Process) + } + interface Process { + /** + * Release releases any resources associated with the [Process] p, + * rendering it unusable in the future. + * Release only needs to be called if [Process.Wait] is not. + */ + release(): void + } + interface Process { + /** + * Kill causes the [Process] to exit immediately. Kill does not wait until + * the Process has actually exited. This only kills the Process itself, + * not any other processes it may have started. + */ + kill(): void + } + interface Process { + /** + * Wait waits for the [Process] to exit, and then returns a + * ProcessState describing its status and an error, if any. + * Wait releases any resources associated with the Process. + * On most operating systems, the Process must be a child + * of the current process or an error will be returned. + */ + wait(): (ProcessState) + } + interface Process { + /** + * Signal sends a signal to the [Process]. + * Sending [Interrupt] on Windows is not implemented. + */ + signal(sig: Signal): void + } + interface ProcessState { + /** + * UserTime returns the user CPU time of the exited process and its children. + */ + userTime(): time.Duration + } + interface ProcessState { + /** + * SystemTime returns the system CPU time of the exited process and its children. + */ + systemTime(): time.Duration + } + interface ProcessState { + /** + * Exited reports whether the program has exited. + * On Unix systems this reports true if the program exited due to calling exit, + * but false if the program terminated due to a signal. + */ + exited(): boolean + } + interface ProcessState { + /** + * Success reports whether the program exited successfully, + * such as with exit status 0 on Unix. + */ + success(): boolean + } + interface ProcessState { + /** + * Sys returns system-dependent exit information about + * the process. Convert it to the appropriate underlying + * type, such as [syscall.WaitStatus] on Unix, to access its contents. + */ + sys(): any + } + interface ProcessState { + /** + * SysUsage returns system-dependent resource usage information about + * the exited process. Convert it to the appropriate underlying + * type, such as [*syscall.Rusage] on Unix, to access its contents. + * (On Unix, *syscall.Rusage matches struct rusage as defined in the + * getrusage(2) manual page.) + */ + sysUsage(): any + } + /** + * ProcessState stores information about a process, as reported by Wait. + */ + interface ProcessState { + } + interface ProcessState { + /** + * Pid returns the process id of the exited process. + */ + pid(): number + } + interface ProcessState { + string(): string + } + interface ProcessState { + /** + * ExitCode returns the exit code of the exited process, or -1 + * if the process hasn't exited or was terminated by a signal. + */ + exitCode(): number + } + interface executable { + /** + * Executable returns the path name for the executable that started + * the current process. There is no guarantee that the path is still + * pointing to the correct executable. If a symlink was used to start + * the process, depending on the operating system, the result might + * be the symlink or the path it pointed to. If a stable result is + * needed, [path/filepath.EvalSymlinks] might help. + * + * Executable returns an absolute path unless an error occurred. + * + * The main use case is finding resources located relative to an + * executable. + */ + (): string + } + interface File { + /** + * Name returns the name of the file as presented to Open. + * + * It is safe to call Name after [Close]. + */ + name(): string + } + /** + * LinkError records an error during a link or symlink or rename + * system call and the paths that caused it. + */ + interface LinkError { + op: string + old: string + new: string + err: Error + } + interface LinkError { + error(): string + } + interface LinkError { + unwrap(): void + } + interface File { + /** + * Read reads up to len(b) bytes from the File and stores them in b. + * It returns the number of bytes read and any error encountered. + * At end of file, Read returns 0, io.EOF. + */ + read(b: string|Array): number + } + interface File { + /** + * ReadAt reads len(b) bytes from the File starting at byte offset off. + * It returns the number of bytes read and the error, if any. + * ReadAt always returns a non-nil error when n < len(b). + * At end of file, that error is io.EOF. + */ + readAt(b: string|Array, off: number): number + } + interface File { + /** + * ReadFrom implements io.ReaderFrom. + */ + readFrom(r: io.Reader): number + } + /** + * noReadFrom can be embedded alongside another type to + * hide the ReadFrom method of that other type. + */ + interface noReadFrom { + } + interface noReadFrom { + /** + * ReadFrom hides another ReadFrom method. + * It should never be called. + */ + readFrom(_arg0: io.Reader): number + } + /** + * fileWithoutReadFrom implements all the methods of *File other + * than ReadFrom. This is used to permit ReadFrom to call io.Copy + * without leading to a recursive call to ReadFrom. + */ + type _snLnyFf = noReadFrom&File + interface fileWithoutReadFrom extends _snLnyFf { + } + interface File { + /** + * Write writes len(b) bytes from b to the File. + * It returns the number of bytes written and an error, if any. + * Write returns a non-nil error when n != len(b). + */ + write(b: string|Array): number + } + interface File { + /** + * WriteAt writes len(b) bytes to the File starting at byte offset off. + * It returns the number of bytes written and an error, if any. + * WriteAt returns a non-nil error when n != len(b). + * + * If file was opened with the O_APPEND flag, WriteAt returns an error. + */ + writeAt(b: string|Array, off: number): number + } + interface File { + /** + * WriteTo implements io.WriterTo. + */ + writeTo(w: io.Writer): number + } + /** + * noWriteTo can be embedded alongside another type to + * hide the WriteTo method of that other type. + */ + interface noWriteTo { + } + interface noWriteTo { + /** + * WriteTo hides another WriteTo method. + * It should never be called. + */ + writeTo(_arg0: io.Writer): number + } + /** + * fileWithoutWriteTo implements all the methods of *File other + * than WriteTo. This is used to permit WriteTo to call io.Copy + * without leading to a recursive call to WriteTo. + */ + type _syNvbJl = noWriteTo&File + interface fileWithoutWriteTo extends _syNvbJl { + } + interface File { + /** + * Seek sets the offset for the next Read or Write on file to offset, interpreted + * according to whence: 0 means relative to the origin of the file, 1 means + * relative to the current offset, and 2 means relative to the end. + * It returns the new offset and an error, if any. + * The behavior of Seek on a file opened with O_APPEND is not specified. + */ + seek(offset: number, whence: number): number + } + interface File { + /** + * WriteString is like Write, but writes the contents of string s rather than + * a slice of bytes. + */ + writeString(s: string): number + } + interface mkdir { + /** + * Mkdir creates a new directory with the specified name and permission + * bits (before umask). + * If there is an error, it will be of type *PathError. + */ + (name: string, perm: FileMode): void + } + interface chdir { + /** + * Chdir changes the current working directory to the named directory. + * If there is an error, it will be of type *PathError. + */ + (dir: string): void + } + interface open { + /** + * Open opens the named file for reading. If successful, methods on + * the returned file can be used for reading; the associated file + * descriptor has mode O_RDONLY. + * If there is an error, it will be of type *PathError. + */ + (name: string): (File) + } + interface create { + /** + * Create creates or truncates the named file. If the file already exists, + * it is truncated. If the file does not exist, it is created with mode 0o666 + * (before umask). If successful, methods on the returned File can + * be used for I/O; the associated file descriptor has mode O_RDWR. + * If there is an error, it will be of type *PathError. + */ + (name: string): (File) + } + interface openFile { + /** + * OpenFile is the generalized open call; most users will use Open + * or Create instead. It opens the named file with specified flag + * (O_RDONLY etc.). If the file does not exist, and the O_CREATE flag + * is passed, it is created with mode perm (before umask). If successful, + * methods on the returned File can be used for I/O. + * If there is an error, it will be of type *PathError. + */ + (name: string, flag: number, perm: FileMode): (File) + } + interface rename { + /** + * Rename renames (moves) oldpath to newpath. + * If newpath already exists and is not a directory, Rename replaces it. + * OS-specific restrictions may apply when oldpath and newpath are in different directories. + * Even within the same directory, on non-Unix platforms Rename is not an atomic operation. + * If there is an error, it will be of type *LinkError. + */ + (oldpath: string, newpath: string): void + } + interface readlink { + /** + * Readlink returns the destination of the named symbolic link. + * If there is an error, it will be of type *PathError. + * + * If the link destination is relative, Readlink returns the relative path + * without resolving it to an absolute one. + */ + (name: string): string + } + interface tempDir { + /** + * TempDir returns the default directory to use for temporary files. + * + * On Unix systems, it returns $TMPDIR if non-empty, else /tmp. + * On Windows, it uses GetTempPath, returning the first non-empty + * value from %TMP%, %TEMP%, %USERPROFILE%, or the Windows directory. + * On Plan 9, it returns /tmp. + * + * The directory is neither guaranteed to exist nor have accessible + * permissions. + */ + (): string + } + interface userCacheDir { + /** + * UserCacheDir returns the default root directory to use for user-specific + * cached data. Users should create their own application-specific subdirectory + * within this one and use that. + * + * On Unix systems, it returns $XDG_CACHE_HOME as specified by + * https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html if + * non-empty, else $HOME/.cache. + * On Darwin, it returns $HOME/Library/Caches. + * On Windows, it returns %LocalAppData%. + * On Plan 9, it returns $home/lib/cache. + * + * If the location cannot be determined (for example, $HOME is not defined), + * then it will return an error. + */ + (): string + } + interface userConfigDir { + /** + * UserConfigDir returns the default root directory to use for user-specific + * configuration data. Users should create their own application-specific + * subdirectory within this one and use that. + * + * On Unix systems, it returns $XDG_CONFIG_HOME as specified by + * https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html if + * non-empty, else $HOME/.config. + * On Darwin, it returns $HOME/Library/Application Support. + * On Windows, it returns %AppData%. + * On Plan 9, it returns $home/lib. + * + * If the location cannot be determined (for example, $HOME is not defined), + * then it will return an error. + */ + (): string + } + interface userHomeDir { + /** + * UserHomeDir returns the current user's home directory. + * + * On Unix, including macOS, it returns the $HOME environment variable. + * On Windows, it returns %USERPROFILE%. + * On Plan 9, it returns the $home environment variable. + * + * If the expected variable is not set in the environment, UserHomeDir + * returns either a platform-specific default value or a non-nil error. + */ + (): string + } + interface chmod { + /** + * Chmod changes the mode of the named file to mode. + * If the file is a symbolic link, it changes the mode of the link's target. + * If there is an error, it will be of type *PathError. + * + * A different subset of the mode bits are used, depending on the + * operating system. + * + * On Unix, the mode's permission bits, ModeSetuid, ModeSetgid, and + * ModeSticky are used. + * + * On Windows, only the 0o200 bit (owner writable) of mode is used; it + * controls whether the file's read-only attribute is set or cleared. + * The other bits are currently unused. For compatibility with Go 1.12 + * and earlier, use a non-zero mode. Use mode 0o400 for a read-only + * file and 0o600 for a readable+writable file. + * + * On Plan 9, the mode's permission bits, ModeAppend, ModeExclusive, + * and ModeTemporary are used. + */ + (name: string, mode: FileMode): void + } + interface File { + /** + * Chmod changes the mode of the file to mode. + * If there is an error, it will be of type *PathError. + */ + chmod(mode: FileMode): void + } + interface File { + /** + * SetDeadline sets the read and write deadlines for a File. + * It is equivalent to calling both SetReadDeadline and SetWriteDeadline. + * + * Only some kinds of files support setting a deadline. Calls to SetDeadline + * for files that do not support deadlines will return ErrNoDeadline. + * On most systems ordinary files do not support deadlines, but pipes do. + * + * A deadline is an absolute time after which I/O operations fail with an + * error instead of blocking. The deadline applies to all future and pending + * I/O, not just the immediately following call to Read or Write. + * After a deadline has been exceeded, the connection can be refreshed + * by setting a deadline in the future. + * + * If the deadline is exceeded a call to Read or Write or to other I/O + * methods will return an error that wraps ErrDeadlineExceeded. + * This can be tested using errors.Is(err, os.ErrDeadlineExceeded). + * That error implements the Timeout method, and calling the Timeout + * method will return true, but there are other possible errors for which + * the Timeout will return true even if the deadline has not been exceeded. + * + * An idle timeout can be implemented by repeatedly extending + * the deadline after successful Read or Write calls. + * + * A zero value for t means I/O operations will not time out. + */ + setDeadline(t: time.Time): void + } + interface File { + /** + * SetReadDeadline sets the deadline for future Read calls and any + * currently-blocked Read call. + * A zero value for t means Read will not time out. + * Not all files support setting deadlines; see SetDeadline. + */ + setReadDeadline(t: time.Time): void + } + interface File { + /** + * SetWriteDeadline sets the deadline for any future Write calls and any + * currently-blocked Write call. + * Even if Write times out, it may return n > 0, indicating that + * some of the data was successfully written. + * A zero value for t means Write will not time out. + * Not all files support setting deadlines; see SetDeadline. + */ + setWriteDeadline(t: time.Time): void + } + interface File { + /** + * SyscallConn returns a raw file. + * This implements the syscall.Conn interface. + */ + syscallConn(): syscall.RawConn + } + interface dirFS { + /** + * DirFS returns a file system (an fs.FS) for the tree of files rooted at the directory dir. + * + * Note that DirFS("/prefix") only guarantees that the Open calls it makes to the + * operating system will begin with "/prefix": DirFS("/prefix").Open("file") is the + * same as os.Open("/prefix/file"). So if /prefix/file is a symbolic link pointing outside + * the /prefix tree, then using DirFS does not stop the access any more than using + * os.Open does. Additionally, the root of the fs.FS returned for a relative path, + * DirFS("prefix"), will be affected by later calls to Chdir. DirFS is therefore not + * a general substitute for a chroot-style security mechanism when the directory tree + * contains arbitrary content. + * + * The directory dir must not be "". + * + * The result implements [io/fs.StatFS], [io/fs.ReadFileFS] and + * [io/fs.ReadDirFS]. + */ + (dir: string): fs.FS + } + interface dirFS extends String{} + interface dirFS { + open(name: string): fs.File + } + interface dirFS { + /** + * The ReadFile method calls the [ReadFile] function for the file + * with the given name in the directory. The function provides + * robust handling for small files and special file systems. + * Through this method, dirFS implements [io/fs.ReadFileFS]. + */ + readFile(name: string): string|Array + } + interface dirFS { + /** + * ReadDir reads the named directory, returning all its directory entries sorted + * by filename. Through this method, dirFS implements [io/fs.ReadDirFS]. + */ + readDir(name: string): Array + } + interface dirFS { + stat(name: string): fs.FileInfo + } + interface readFile { + /** + * ReadFile reads the named file and returns the contents. + * A successful call returns err == nil, not err == EOF. + * Because ReadFile reads the whole file, it does not treat an EOF from Read + * as an error to be reported. + */ + (name: string): string|Array + } + interface writeFile { + /** + * WriteFile writes data to the named file, creating it if necessary. + * If the file does not exist, WriteFile creates it with permissions perm (before umask); + * otherwise WriteFile truncates it before writing, without changing permissions. + * Since WriteFile requires multiple system calls to complete, a failure mid-operation + * can leave the file in a partially written state. + */ + (name: string, data: string|Array, perm: FileMode): void + } + interface File { + /** + * Close closes the [File], rendering it unusable for I/O. + * On files that support [File.SetDeadline], any pending I/O operations will + * be canceled and return immediately with an [ErrClosed] error. + * Close will return an error if it has already been called. + */ + close(): void + } + interface chown { + /** + * Chown changes the numeric uid and gid of the named file. + * If the file is a symbolic link, it changes the uid and gid of the link's target. + * A uid or gid of -1 means to not change that value. + * If there is an error, it will be of type [*PathError]. + * + * On Windows or Plan 9, Chown always returns the [syscall.EWINDOWS] or + * EPLAN9 error, wrapped in *PathError. + */ + (name: string, uid: number, gid: number): void + } + interface lchown { + /** + * Lchown changes the numeric uid and gid of the named file. + * If the file is a symbolic link, it changes the uid and gid of the link itself. + * If there is an error, it will be of type [*PathError]. + * + * On Windows, it always returns the [syscall.EWINDOWS] error, wrapped + * in *PathError. + */ + (name: string, uid: number, gid: number): void + } + interface File { + /** + * Chown changes the numeric uid and gid of the named file. + * If there is an error, it will be of type [*PathError]. + * + * On Windows, it always returns the [syscall.EWINDOWS] error, wrapped + * in *PathError. + */ + chown(uid: number, gid: number): void + } + interface File { + /** + * Truncate changes the size of the file. + * It does not change the I/O offset. + * If there is an error, it will be of type [*PathError]. + */ + truncate(size: number): void + } + interface File { + /** + * Sync commits the current contents of the file to stable storage. + * Typically, this means flushing the file system's in-memory copy + * of recently written data to disk. + */ + sync(): void + } + interface chtimes { + /** + * Chtimes changes the access and modification times of the named + * file, similar to the Unix utime() or utimes() functions. + * A zero [time.Time] value will leave the corresponding file time unchanged. + * + * The underlying filesystem may truncate or round the values to a + * less precise time unit. + * If there is an error, it will be of type [*PathError]. + */ + (name: string, atime: time.Time, mtime: time.Time): void + } + interface File { + /** + * Chdir changes the current working directory to the file, + * which must be a directory. + * If there is an error, it will be of type [*PathError]. + */ + chdir(): void + } + /** + * file is the real representation of *File. + * The extra level of indirection ensures that no clients of os + * can overwrite this data, which could cause the finalizer + * to close the wrong file descriptor. + */ + interface file { + } + interface File { + /** + * Fd returns the integer Unix file descriptor referencing the open file. + * If f is closed, the file descriptor becomes invalid. + * If f is garbage collected, a finalizer may close the file descriptor, + * making it invalid; see [runtime.SetFinalizer] for more information on when + * a finalizer might be run. On Unix systems this will cause the [File.SetDeadline] + * methods to stop working. + * Because file descriptors can be reused, the returned file descriptor may + * only be closed through the [File.Close] method of f, or by its finalizer during + * garbage collection. Otherwise, during garbage collection the finalizer + * may close an unrelated file descriptor with the same (reused) number. + * + * As an alternative, see the f.SyscallConn method. + */ + fd(): number + } + interface newFile { + /** + * NewFile returns a new File with the given file descriptor and + * name. The returned value will be nil if fd is not a valid file + * descriptor. On Unix systems, if the file descriptor is in + * non-blocking mode, NewFile will attempt to return a pollable File + * (one for which the SetDeadline methods work). + * + * After passing it to NewFile, fd may become invalid under the same + * conditions described in the comments of the Fd method, and the same + * constraints apply. + */ + (fd: number, name: string): (File) + } + /** + * newFileKind describes the kind of file to newFile. + */ + interface newFileKind extends Number{} + interface truncate { + /** + * Truncate changes the size of the named file. + * If the file is a symbolic link, it changes the size of the link's target. + * If there is an error, it will be of type *PathError. + */ + (name: string, size: number): void + } + interface remove { + /** + * Remove removes the named file or (empty) directory. + * If there is an error, it will be of type *PathError. + */ + (name: string): void + } + interface link { + /** + * Link creates newname as a hard link to the oldname file. + * If there is an error, it will be of type *LinkError. + */ + (oldname: string, newname: string): void + } + interface symlink { + /** + * Symlink creates newname as a symbolic link to oldname. + * On Windows, a symlink to a non-existent oldname creates a file symlink; + * if oldname is later created as a directory the symlink will not work. + * If there is an error, it will be of type *LinkError. + */ + (oldname: string, newname: string): void + } + interface unixDirent { + } + interface unixDirent { + name(): string + } + interface unixDirent { + isDir(): boolean + } + interface unixDirent { + type(): FileMode + } + interface unixDirent { + info(): FileInfo + } + interface unixDirent { + string(): string + } + interface getwd { + /** + * Getwd returns a rooted path name corresponding to the + * current directory. If the current directory can be + * reached via multiple paths (due to symbolic links), + * Getwd may return any one of them. + */ + (): string + } + interface mkdirAll { + /** + * MkdirAll creates a directory named path, + * along with any necessary parents, and returns nil, + * or else returns an error. + * The permission bits perm (before umask) are used for all + * directories that MkdirAll creates. + * If path is already a directory, MkdirAll does nothing + * and returns nil. + */ + (path: string, perm: FileMode): void + } + interface removeAll { + /** + * RemoveAll removes path and any children it contains. + * It removes everything it can but returns the first error + * it encounters. If the path does not exist, RemoveAll + * returns nil (no error). + * If there is an error, it will be of type [*PathError]. + */ + (path: string): void + } + interface isPathSeparator { + /** + * IsPathSeparator reports whether c is a directory separator character. + */ + (c: number): boolean + } + interface pipe { + /** + * Pipe returns a connected pair of Files; reads from r return bytes written to w. + * It returns the files and an error, if any. + */ + (): [(File), (File)] + } + interface getuid { + /** + * Getuid returns the numeric user id of the caller. + * + * On Windows, it returns -1. + */ + (): number + } + interface geteuid { + /** + * Geteuid returns the numeric effective user id of the caller. + * + * On Windows, it returns -1. + */ + (): number + } + interface getgid { + /** + * Getgid returns the numeric group id of the caller. + * + * On Windows, it returns -1. + */ + (): number + } + interface getegid { + /** + * Getegid returns the numeric effective group id of the caller. + * + * On Windows, it returns -1. + */ + (): number + } + interface getgroups { + /** + * Getgroups returns a list of the numeric ids of groups that the caller belongs to. + * + * On Windows, it returns [syscall.EWINDOWS]. See the [os/user] package + * for a possible alternative. + */ + (): Array + } + interface exit { + /** + * Exit causes the current program to exit with the given status code. + * Conventionally, code zero indicates success, non-zero an error. + * The program terminates immediately; deferred functions are not run. + * + * For portability, the status code should be in the range [0, 125]. + */ + (code: number): void + } + /** + * rawConn implements syscall.RawConn. + */ + interface rawConn { + } + interface rawConn { + control(f: (_arg0: number) => void): void + } + interface rawConn { + read(f: (_arg0: number) => boolean): void + } + interface rawConn { + write(f: (_arg0: number) => boolean): void + } + interface stat { + /** + * Stat returns a [FileInfo] describing the named file. + * If there is an error, it will be of type [*PathError]. + */ + (name: string): FileInfo + } + interface lstat { + /** + * Lstat returns a [FileInfo] describing the named file. + * If the file is a symbolic link, the returned FileInfo + * describes the symbolic link. Lstat makes no attempt to follow the link. + * If there is an error, it will be of type [*PathError]. + * + * On Windows, if the file is a reparse point that is a surrogate for another + * named entity (such as a symbolic link or mounted folder), the returned + * FileInfo describes the reparse point, and makes no attempt to resolve it. + */ + (name: string): FileInfo + } + interface File { + /** + * Stat returns the [FileInfo] structure describing file. + * If there is an error, it will be of type [*PathError]. + */ + stat(): FileInfo + } + interface hostname { + /** + * Hostname returns the host name reported by the kernel. + */ + (): string + } + interface createTemp { + /** + * CreateTemp creates a new temporary file in the directory dir, + * opens the file for reading and writing, and returns the resulting file. + * The filename is generated by taking pattern and adding a random string to the end. + * If pattern includes a "*", the random string replaces the last "*". + * The file is created with mode 0o600 (before umask). + * If dir is the empty string, CreateTemp uses the default directory for temporary files, as returned by [TempDir]. + * Multiple programs or goroutines calling CreateTemp simultaneously will not choose the same file. + * The caller can use the file's Name method to find the pathname of the file. + * It is the caller's responsibility to remove the file when it is no longer needed. + */ + (dir: string, pattern: string): (File) + } + interface mkdirTemp { + /** + * MkdirTemp creates a new temporary directory in the directory dir + * and returns the pathname of the new directory. + * The new directory's name is generated by adding a random string to the end of pattern. + * If pattern includes a "*", the random string replaces the last "*" instead. + * The directory is created with mode 0o700 (before umask). + * If dir is the empty string, MkdirTemp uses the default directory for temporary files, as returned by TempDir. + * Multiple programs or goroutines calling MkdirTemp simultaneously will not choose the same directory. + * It is the caller's responsibility to remove the directory when it is no longer needed. + */ + (dir: string, pattern: string): string + } + interface getpagesize { + /** + * Getpagesize returns the underlying system's memory page size. + */ + (): number + } + /** + * File represents an open file descriptor. + * + * The methods of File are safe for concurrent use. + */ + type _sDzXOPD = file + interface File extends _sDzXOPD { + } + /** + * A FileInfo describes a file and is returned by [Stat] and [Lstat]. + */ + interface FileInfo extends fs.FileInfo{} + /** + * A FileMode represents a file's mode and permission bits. + * The bits have the same definition on all systems, so that + * information about files can be moved from one system + * to another portably. Not all bits apply to all systems. + * The only required bit is [ModeDir] for directories. + */ + interface FileMode extends fs.FileMode{} + interface fileStat { + name(): string + } + interface fileStat { + isDir(): boolean + } + interface sameFile { + /** + * SameFile reports whether fi1 and fi2 describe the same file. + * For example, on Unix this means that the device and inode fields + * of the two underlying structures are identical; on other systems + * the decision may be based on the path names. + * SameFile only applies to results returned by this package's [Stat]. + * It returns false in other cases. + */ + (fi1: FileInfo, fi2: FileInfo): boolean + } + /** + * A fileStat is the implementation of FileInfo returned by Stat and Lstat. + */ + interface fileStat { + } + interface fileStat { + size(): number + } + interface fileStat { + mode(): FileMode + } + interface fileStat { + modTime(): time.Time + } + interface fileStat { + sys(): any + } +} + +/** + * Package filepath implements utility routines for manipulating filename paths + * in a way compatible with the target operating system-defined file paths. + * + * The filepath package uses either forward slashes or backslashes, + * depending on the operating system. To process paths such as URLs + * that always use forward slashes regardless of the operating + * system, see the [path] package. + */ +namespace filepath { + interface match { + /** + * Match reports whether name matches the shell file name pattern. + * The pattern syntax is: + * + * ``` + * pattern: + * { term } + * term: + * '*' matches any sequence of non-Separator characters + * '?' matches any single non-Separator character + * '[' [ '^' ] { character-range } ']' + * character class (must be non-empty) + * c matches character c (c != '*', '?', '\\', '[') + * '\\' c matches character c + * + * character-range: + * c matches character c (c != '\\', '-', ']') + * '\\' c matches character c + * lo '-' hi matches character c for lo <= c <= hi + * ``` + * + * Match requires pattern to match all of name, not just a substring. + * The only possible returned error is [ErrBadPattern], when pattern + * is malformed. + * + * On Windows, escaping is disabled. Instead, '\\' is treated as + * path separator. + */ + (pattern: string, name: string): boolean + } + interface glob { + /** + * Glob returns the names of all files matching pattern or nil + * if there is no matching file. The syntax of patterns is the same + * as in [Match]. The pattern may describe hierarchical names such as + * /usr/*\/bin/ed (assuming the [Separator] is '/'). + * + * Glob ignores file system errors such as I/O errors reading directories. + * The only possible returned error is [ErrBadPattern], when pattern + * is malformed. + */ + (pattern: string): Array + } + interface clean { + /** + * Clean returns the shortest path name equivalent to path + * by purely lexical processing. It applies the following rules + * iteratively until no further processing can be done: + * + * 1. Replace multiple [Separator] elements with a single one. + * 2. Eliminate each . path name element (the current directory). + * 3. Eliminate each inner .. path name element (the parent directory) + * ``` + * along with the non-.. element that precedes it. + * ``` + * 4. Eliminate .. elements that begin a rooted path: + * ``` + * that is, replace "/.." by "/" at the beginning of a path, + * assuming Separator is '/'. + * ``` + * + * The returned path ends in a slash only if it represents a root directory, + * such as "/" on Unix or `C:\` on Windows. + * + * Finally, any occurrences of slash are replaced by Separator. + * + * If the result of this process is an empty string, Clean + * returns the string ".". + * + * On Windows, Clean does not modify the volume name other than to replace + * occurrences of "/" with `\`. + * For example, Clean("//host/share/../x") returns `\\host\share\x`. + * + * See also Rob Pike, “Lexical File Names in Plan 9 or + * Getting Dot-Dot Right,” + * https://9p.io/sys/doc/lexnames.html + */ + (path: string): string + } + interface isLocal { + /** + * IsLocal reports whether path, using lexical analysis only, has all of these properties: + * + * ``` + * - is within the subtree rooted at the directory in which path is evaluated + * - is not an absolute path + * - is not empty + * - on Windows, is not a reserved name such as "NUL" + * ``` + * + * If IsLocal(path) returns true, then + * Join(base, path) will always produce a path contained within base and + * Clean(path) will always produce an unrooted path with no ".." path elements. + * + * IsLocal is a purely lexical operation. + * In particular, it does not account for the effect of any symbolic links + * that may exist in the filesystem. + */ + (path: string): boolean + } + interface localize { + /** + * Localize converts a slash-separated path into an operating system path. + * The input path must be a valid path as reported by [io/fs.ValidPath]. + * + * Localize returns an error if the path cannot be represented by the operating system. + * For example, the path a\b is rejected on Windows, on which \ is a separator + * character and cannot be part of a filename. + * + * The path returned by Localize will always be local, as reported by IsLocal. + */ + (path: string): string + } + interface toSlash { + /** + * ToSlash returns the result of replacing each separator character + * in path with a slash ('/') character. Multiple separators are + * replaced by multiple slashes. + */ + (path: string): string + } + interface fromSlash { + /** + * FromSlash returns the result of replacing each slash ('/') character + * in path with a separator character. Multiple slashes are replaced + * by multiple separators. + * + * See also the Localize function, which converts a slash-separated path + * as used by the io/fs package to an operating system path. + */ + (path: string): string + } + interface splitList { + /** + * SplitList splits a list of paths joined by the OS-specific [ListSeparator], + * usually found in PATH or GOPATH environment variables. + * Unlike strings.Split, SplitList returns an empty slice when passed an empty + * string. + */ + (path: string): Array + } + interface split { + /** + * Split splits path immediately following the final [Separator], + * separating it into a directory and file name component. + * If there is no Separator in path, Split returns an empty dir + * and file set to path. + * The returned values have the property that path = dir+file. + */ + (path: string): [string, string] + } + interface join { + /** + * Join joins any number of path elements into a single path, + * separating them with an OS specific [Separator]. Empty elements + * are ignored. The result is Cleaned. However, if the argument + * list is empty or all its elements are empty, Join returns + * an empty string. + * On Windows, the result will only be a UNC path if the first + * non-empty element is a UNC path. + */ + (...elem: string[]): string + } + interface ext { + /** + * Ext returns the file name extension used by path. + * The extension is the suffix beginning at the final dot + * in the final element of path; it is empty if there is + * no dot. + */ + (path: string): string + } + interface evalSymlinks { + /** + * EvalSymlinks returns the path name after the evaluation of any symbolic + * links. + * If path is relative the result will be relative to the current directory, + * unless one of the components is an absolute symbolic link. + * EvalSymlinks calls [Clean] on the result. + */ + (path: string): string + } + interface isAbs { + /** + * IsAbs reports whether the path is absolute. + */ + (path: string): boolean + } + interface abs { + /** + * Abs returns an absolute representation of path. + * If the path is not absolute it will be joined with the current + * working directory to turn it into an absolute path. The absolute + * path name for a given file is not guaranteed to be unique. + * Abs calls [Clean] on the result. + */ + (path: string): string + } + interface rel { + /** + * Rel returns a relative path that is lexically equivalent to targpath when + * joined to basepath with an intervening separator. That is, + * [Join](basepath, Rel(basepath, targpath)) is equivalent to targpath itself. + * On success, the returned path will always be relative to basepath, + * even if basepath and targpath share no elements. + * An error is returned if targpath can't be made relative to basepath or if + * knowing the current working directory would be necessary to compute it. + * Rel calls [Clean] on the result. + */ + (basepath: string, targpath: string): string + } + /** + * WalkFunc is the type of the function called by [Walk] to visit each + * file or directory. + * + * The path argument contains the argument to Walk as a prefix. + * That is, if Walk is called with root argument "dir" and finds a file + * named "a" in that directory, the walk function will be called with + * argument "dir/a". + * + * The directory and file are joined with Join, which may clean the + * directory name: if Walk is called with the root argument "x/../dir" + * and finds a file named "a" in that directory, the walk function will + * be called with argument "dir/a", not "x/../dir/a". + * + * The info argument is the fs.FileInfo for the named path. + * + * The error result returned by the function controls how Walk continues. + * If the function returns the special value [SkipDir], Walk skips the + * current directory (path if info.IsDir() is true, otherwise path's + * parent directory). If the function returns the special value [SkipAll], + * Walk skips all remaining files and directories. Otherwise, if the function + * returns a non-nil error, Walk stops entirely and returns that error. + * + * The err argument reports an error related to path, signaling that Walk + * will not walk into that directory. The function can decide how to + * handle that error; as described earlier, returning the error will + * cause Walk to stop walking the entire tree. + * + * Walk calls the function with a non-nil err argument in two cases. + * + * First, if an [os.Lstat] on the root directory or any directory or file + * in the tree fails, Walk calls the function with path set to that + * directory or file's path, info set to nil, and err set to the error + * from os.Lstat. + * + * Second, if a directory's Readdirnames method fails, Walk calls the + * function with path set to the directory's path, info, set to an + * [fs.FileInfo] describing the directory, and err set to the error from + * Readdirnames. + */ + interface WalkFunc {(path: string, info: fs.FileInfo, err: Error): void } + interface walkDir { + /** + * WalkDir walks the file tree rooted at root, calling fn for each file or + * directory in the tree, including root. + * + * All errors that arise visiting files and directories are filtered by fn: + * see the [fs.WalkDirFunc] documentation for details. + * + * The files are walked in lexical order, which makes the output deterministic + * but requires WalkDir to read an entire directory into memory before proceeding + * to walk that directory. + * + * WalkDir does not follow symbolic links. + * + * WalkDir calls fn with paths that use the separator character appropriate + * for the operating system. This is unlike [io/fs.WalkDir], which always + * uses slash separated paths. + */ + (root: string, fn: fs.WalkDirFunc): void + } + interface walk { + /** + * Walk walks the file tree rooted at root, calling fn for each file or + * directory in the tree, including root. + * + * All errors that arise visiting files and directories are filtered by fn: + * see the [WalkFunc] documentation for details. + * + * The files are walked in lexical order, which makes the output deterministic + * but requires Walk to read an entire directory into memory before proceeding + * to walk that directory. + * + * Walk does not follow symbolic links. + * + * Walk is less efficient than [WalkDir], introduced in Go 1.16, + * which avoids calling os.Lstat on every visited file or directory. + */ + (root: string, fn: WalkFunc): void + } + interface base { + /** + * Base returns the last element of path. + * Trailing path separators are removed before extracting the last element. + * If the path is empty, Base returns ".". + * If the path consists entirely of separators, Base returns a single separator. + */ + (path: string): string + } + interface dir { + /** + * Dir returns all but the last element of path, typically the path's directory. + * After dropping the final element, Dir calls [Clean] on the path and trailing + * slashes are removed. + * If the path is empty, Dir returns ".". + * If the path consists entirely of separators, Dir returns a single separator. + * The returned path does not end in a separator unless it is the root directory. + */ + (path: string): string + } + interface volumeName { + /** + * VolumeName returns leading volume name. + * Given "C:\foo\bar" it returns "C:" on Windows. + * Given "\\host\share\foo" it returns "\\host\share". + * On other platforms it returns "". + */ + (path: string): string + } + interface hasPrefix { + /** + * HasPrefix exists for historical compatibility and should not be used. + * + * Deprecated: HasPrefix does not respect path boundaries and + * does not ignore case when required. + */ + (p: string, prefix: string): boolean + } +} + +/** + * Package validation provides configurable and extensible rules for validating data of various types. + */ +namespace ozzo_validation { + /** + * Error interface represents an validation error + */ + interface Error { + [key:string]: any; + error(): string + code(): string + message(): string + setMessage(_arg0: string): Error + params(): _TygojaDict + setParams(_arg0: _TygojaDict): Error + } +} + +/** + * Package dbx provides a set of DB-agnostic and easy-to-use query building methods for relational databases. + */ +namespace dbx { + /** + * Builder supports building SQL statements in a DB-agnostic way. + * Builder mainly provides two sets of query building methods: those building SELECT statements + * and those manipulating DB data or schema (e.g. INSERT statements, CREATE TABLE statements). + */ + interface Builder { + [key:string]: any; + /** + * NewQuery creates a new Query object with the given SQL statement. + * The SQL statement may contain parameter placeholders which can be bound with actual parameter + * values before the statement is executed. + */ + newQuery(_arg0: string): (Query) + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(..._arg0: string[]): (SelectQuery) + /** + * ModelQuery returns a new ModelQuery object that can be used to perform model insertion, update, and deletion. + * The parameter to this method should be a pointer to the model struct that needs to be inserted, updated, or deleted. + */ + model(_arg0: { + }): (ModelQuery) + /** + * GeneratePlaceholder generates an anonymous parameter placeholder with the given parameter ID. + */ + generatePlaceholder(_arg0: number): string + /** + * Quote quotes a string so that it can be embedded in a SQL statement as a string value. + */ + quote(_arg0: string): string + /** + * QuoteSimpleTableName quotes a simple table name. + * A simple table name does not contain any schema prefix. + */ + quoteSimpleTableName(_arg0: string): string + /** + * QuoteSimpleColumnName quotes a simple column name. + * A simple column name does not contain any table prefix. + */ + quoteSimpleColumnName(_arg0: string): string + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + /** + * Insert creates a Query that represents an INSERT SQL statement. + * The keys of cols are the column names, while the values of cols are the corresponding column + * values to be inserted. + */ + insert(table: string, cols: Params): (Query) + /** + * Upsert creates a Query that represents an UPSERT SQL statement. + * Upsert inserts a row into the table if the primary key or unique index is not found. + * Otherwise it will update the row with the new values. + * The keys of cols are the column names, while the values of cols are the corresponding column + * values to be inserted. + */ + upsert(table: string, cols: Params, ...constraints: string[]): (Query) + /** + * Update creates a Query that represents an UPDATE SQL statement. + * The keys of cols are the column names, while the values of cols are the corresponding new column + * values. If the "where" expression is nil, the UPDATE SQL statement will have no WHERE clause + * (be careful in this case as the SQL statement will update ALL rows in the table). + */ + update(table: string, cols: Params, where: Expression): (Query) + /** + * Delete creates a Query that represents a DELETE SQL statement. + * If the "where" expression is nil, the DELETE SQL statement will have no WHERE clause + * (be careful in this case as the SQL statement will delete ALL rows in the table). + */ + delete(table: string, where: Expression): (Query) + /** + * CreateTable creates a Query that represents a CREATE TABLE SQL statement. + * The keys of cols are the column names, while the values of cols are the corresponding column types. + * The optional "options" parameters will be appended to the generated SQL statement. + */ + createTable(table: string, cols: _TygojaDict, ...options: string[]): (Query) + /** + * RenameTable creates a Query that can be used to rename a table. + */ + renameTable(oldName: string, newName: string): (Query) + /** + * DropTable creates a Query that can be used to drop a table. + */ + dropTable(table: string): (Query) + /** + * TruncateTable creates a Query that can be used to truncate a table. + */ + truncateTable(table: string): (Query) + /** + * AddColumn creates a Query that can be used to add a column to a table. + */ + addColumn(table: string, col: string, typ: string): (Query) + /** + * DropColumn creates a Query that can be used to drop a column from a table. + */ + dropColumn(table: string, col: string): (Query) + /** + * RenameColumn creates a Query that can be used to rename a column in a table. + */ + renameColumn(table: string, oldName: string, newName: string): (Query) + /** + * AlterColumn creates a Query that can be used to change the definition of a table column. + */ + alterColumn(table: string, col: string, typ: string): (Query) + /** + * AddPrimaryKey creates a Query that can be used to specify primary key(s) for a table. + * The "name" parameter specifies the name of the primary key constraint. + */ + addPrimaryKey(table: string, name: string, ...cols: string[]): (Query) + /** + * DropPrimaryKey creates a Query that can be used to remove the named primary key constraint from a table. + */ + dropPrimaryKey(table: string, name: string): (Query) + /** + * AddForeignKey creates a Query that can be used to add a foreign key constraint to a table. + * The length of cols and refCols must be the same as they refer to the primary and referential columns. + * The optional "options" parameters will be appended to the SQL statement. They can be used to + * specify options such as "ON DELETE CASCADE". + */ + addForeignKey(table: string, name: string, cols: Array, refCols: Array, refTable: string, ...options: string[]): (Query) + /** + * DropForeignKey creates a Query that can be used to remove the named foreign key constraint from a table. + */ + dropForeignKey(table: string, name: string): (Query) + /** + * CreateIndex creates a Query that can be used to create an index for a table. + */ + createIndex(table: string, name: string, ...cols: string[]): (Query) + /** + * CreateUniqueIndex creates a Query that can be used to create a unique index for a table. + */ + createUniqueIndex(table: string, name: string, ...cols: string[]): (Query) + /** + * DropIndex creates a Query that can be used to remove the named index from a table. + */ + dropIndex(table: string, name: string): (Query) + } + /** + * BaseBuilder provides a basic implementation of the Builder interface. + */ + interface BaseBuilder { + } + interface newBaseBuilder { + /** + * NewBaseBuilder creates a new BaseBuilder instance. + */ + (db: DB, executor: Executor): (BaseBuilder) + } + interface BaseBuilder { + /** + * DB returns the DB instance that this builder is associated with. + */ + db(): (DB) + } + interface BaseBuilder { + /** + * Executor returns the executor object (a DB instance or a transaction) for executing SQL statements. + */ + executor(): Executor + } + interface BaseBuilder { + /** + * NewQuery creates a new Query object with the given SQL statement. + * The SQL statement may contain parameter placeholders which can be bound with actual parameter + * values before the statement is executed. + */ + newQuery(sql: string): (Query) + } + interface BaseBuilder { + /** + * GeneratePlaceholder generates an anonymous parameter placeholder with the given parameter ID. + */ + generatePlaceholder(_arg0: number): string + } + interface BaseBuilder { + /** + * Quote quotes a string so that it can be embedded in a SQL statement as a string value. + */ + quote(s: string): string + } + interface BaseBuilder { + /** + * QuoteSimpleTableName quotes a simple table name. + * A simple table name does not contain any schema prefix. + */ + quoteSimpleTableName(s: string): string + } + interface BaseBuilder { + /** + * QuoteSimpleColumnName quotes a simple column name. + * A simple column name does not contain any table prefix. + */ + quoteSimpleColumnName(s: string): string + } + interface BaseBuilder { + /** + * Insert creates a Query that represents an INSERT SQL statement. + * The keys of cols are the column names, while the values of cols are the corresponding column + * values to be inserted. + */ + insert(table: string, cols: Params): (Query) + } + interface BaseBuilder { + /** + * Upsert creates a Query that represents an UPSERT SQL statement. + * Upsert inserts a row into the table if the primary key or unique index is not found. + * Otherwise it will update the row with the new values. + * The keys of cols are the column names, while the values of cols are the corresponding column + * values to be inserted. + */ + upsert(table: string, cols: Params, ...constraints: string[]): (Query) + } + interface BaseBuilder { + /** + * Update creates a Query that represents an UPDATE SQL statement. + * The keys of cols are the column names, while the values of cols are the corresponding new column + * values. If the "where" expression is nil, the UPDATE SQL statement will have no WHERE clause + * (be careful in this case as the SQL statement will update ALL rows in the table). + */ + update(table: string, cols: Params, where: Expression): (Query) + } + interface BaseBuilder { + /** + * Delete creates a Query that represents a DELETE SQL statement. + * If the "where" expression is nil, the DELETE SQL statement will have no WHERE clause + * (be careful in this case as the SQL statement will delete ALL rows in the table). + */ + delete(table: string, where: Expression): (Query) + } + interface BaseBuilder { + /** + * CreateTable creates a Query that represents a CREATE TABLE SQL statement. + * The keys of cols are the column names, while the values of cols are the corresponding column types. + * The optional "options" parameters will be appended to the generated SQL statement. + */ + createTable(table: string, cols: _TygojaDict, ...options: string[]): (Query) + } + interface BaseBuilder { + /** + * RenameTable creates a Query that can be used to rename a table. + */ + renameTable(oldName: string, newName: string): (Query) + } + interface BaseBuilder { + /** + * DropTable creates a Query that can be used to drop a table. + */ + dropTable(table: string): (Query) + } + interface BaseBuilder { + /** + * TruncateTable creates a Query that can be used to truncate a table. + */ + truncateTable(table: string): (Query) + } + interface BaseBuilder { + /** + * AddColumn creates a Query that can be used to add a column to a table. + */ + addColumn(table: string, col: string, typ: string): (Query) + } + interface BaseBuilder { + /** + * DropColumn creates a Query that can be used to drop a column from a table. + */ + dropColumn(table: string, col: string): (Query) + } + interface BaseBuilder { + /** + * RenameColumn creates a Query that can be used to rename a column in a table. + */ + renameColumn(table: string, oldName: string, newName: string): (Query) + } + interface BaseBuilder { + /** + * AlterColumn creates a Query that can be used to change the definition of a table column. + */ + alterColumn(table: string, col: string, typ: string): (Query) + } + interface BaseBuilder { + /** + * AddPrimaryKey creates a Query that can be used to specify primary key(s) for a table. + * The "name" parameter specifies the name of the primary key constraint. + */ + addPrimaryKey(table: string, name: string, ...cols: string[]): (Query) + } + interface BaseBuilder { + /** + * DropPrimaryKey creates a Query that can be used to remove the named primary key constraint from a table. + */ + dropPrimaryKey(table: string, name: string): (Query) + } + interface BaseBuilder { + /** + * AddForeignKey creates a Query that can be used to add a foreign key constraint to a table. + * The length of cols and refCols must be the same as they refer to the primary and referential columns. + * The optional "options" parameters will be appended to the SQL statement. They can be used to + * specify options such as "ON DELETE CASCADE". + */ + addForeignKey(table: string, name: string, cols: Array, refCols: Array, refTable: string, ...options: string[]): (Query) + } + interface BaseBuilder { + /** + * DropForeignKey creates a Query that can be used to remove the named foreign key constraint from a table. + */ + dropForeignKey(table: string, name: string): (Query) + } + interface BaseBuilder { + /** + * CreateIndex creates a Query that can be used to create an index for a table. + */ + createIndex(table: string, name: string, ...cols: string[]): (Query) + } + interface BaseBuilder { + /** + * CreateUniqueIndex creates a Query that can be used to create a unique index for a table. + */ + createUniqueIndex(table: string, name: string, ...cols: string[]): (Query) + } + interface BaseBuilder { + /** + * DropIndex creates a Query that can be used to remove the named index from a table. + */ + dropIndex(table: string, name: string): (Query) + } + /** + * MssqlBuilder is the builder for SQL Server databases. + */ + type _sLlglaO = BaseBuilder + interface MssqlBuilder extends _sLlglaO { + } + /** + * MssqlQueryBuilder is the query builder for SQL Server databases. + */ + type _sIerFva = BaseQueryBuilder + interface MssqlQueryBuilder extends _sIerFva { + } + interface newMssqlBuilder { + /** + * NewMssqlBuilder creates a new MssqlBuilder instance. + */ + (db: DB, executor: Executor): Builder + } + interface MssqlBuilder { + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + } + interface MssqlBuilder { + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(...cols: string[]): (SelectQuery) + } + interface MssqlBuilder { + /** + * Model returns a new ModelQuery object that can be used to perform model-based DB operations. + * The model passed to this method should be a pointer to a model struct. + */ + model(model: { + }): (ModelQuery) + } + interface MssqlBuilder { + /** + * QuoteSimpleTableName quotes a simple table name. + * A simple table name does not contain any schema prefix. + */ + quoteSimpleTableName(s: string): string + } + interface MssqlBuilder { + /** + * QuoteSimpleColumnName quotes a simple column name. + * A simple column name does not contain any table prefix. + */ + quoteSimpleColumnName(s: string): string + } + interface MssqlBuilder { + /** + * RenameTable creates a Query that can be used to rename a table. + */ + renameTable(oldName: string, newName: string): (Query) + } + interface MssqlBuilder { + /** + * RenameColumn creates a Query that can be used to rename a column in a table. + */ + renameColumn(table: string, oldName: string, newName: string): (Query) + } + interface MssqlBuilder { + /** + * AlterColumn creates a Query that can be used to change the definition of a table column. + */ + alterColumn(table: string, col: string, typ: string): (Query) + } + interface MssqlQueryBuilder { + /** + * BuildOrderByAndLimit generates the ORDER BY and LIMIT clauses. + */ + buildOrderByAndLimit(sql: string, cols: Array, limit: number, offset: number): string + } + /** + * MysqlBuilder is the builder for MySQL databases. + */ + type _sJRJGqZ = BaseBuilder + interface MysqlBuilder extends _sJRJGqZ { + } + interface newMysqlBuilder { + /** + * NewMysqlBuilder creates a new MysqlBuilder instance. + */ + (db: DB, executor: Executor): Builder + } + interface MysqlBuilder { + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + } + interface MysqlBuilder { + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(...cols: string[]): (SelectQuery) + } + interface MysqlBuilder { + /** + * Model returns a new ModelQuery object that can be used to perform model-based DB operations. + * The model passed to this method should be a pointer to a model struct. + */ + model(model: { + }): (ModelQuery) + } + interface MysqlBuilder { + /** + * QuoteSimpleTableName quotes a simple table name. + * A simple table name does not contain any schema prefix. + */ + quoteSimpleTableName(s: string): string + } + interface MysqlBuilder { + /** + * QuoteSimpleColumnName quotes a simple column name. + * A simple column name does not contain any table prefix. + */ + quoteSimpleColumnName(s: string): string + } + interface MysqlBuilder { + /** + * Upsert creates a Query that represents an UPSERT SQL statement. + * Upsert inserts a row into the table if the primary key or unique index is not found. + * Otherwise it will update the row with the new values. + * The keys of cols are the column names, while the values of cols are the corresponding column + * values to be inserted. + */ + upsert(table: string, cols: Params, ...constraints: string[]): (Query) + } + interface MysqlBuilder { + /** + * RenameColumn creates a Query that can be used to rename a column in a table. + */ + renameColumn(table: string, oldName: string, newName: string): (Query) + } + interface MysqlBuilder { + /** + * DropPrimaryKey creates a Query that can be used to remove the named primary key constraint from a table. + */ + dropPrimaryKey(table: string, name: string): (Query) + } + interface MysqlBuilder { + /** + * DropForeignKey creates a Query that can be used to remove the named foreign key constraint from a table. + */ + dropForeignKey(table: string, name: string): (Query) + } + /** + * OciBuilder is the builder for Oracle databases. + */ + type _sHTbvIJ = BaseBuilder + interface OciBuilder extends _sHTbvIJ { + } + /** + * OciQueryBuilder is the query builder for Oracle databases. + */ + type _sGNFgrc = BaseQueryBuilder + interface OciQueryBuilder extends _sGNFgrc { + } + interface newOciBuilder { + /** + * NewOciBuilder creates a new OciBuilder instance. + */ + (db: DB, executor: Executor): Builder + } + interface OciBuilder { + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(...cols: string[]): (SelectQuery) + } + interface OciBuilder { + /** + * Model returns a new ModelQuery object that can be used to perform model-based DB operations. + * The model passed to this method should be a pointer to a model struct. + */ + model(model: { + }): (ModelQuery) + } + interface OciBuilder { + /** + * GeneratePlaceholder generates an anonymous parameter placeholder with the given parameter ID. + */ + generatePlaceholder(i: number): string + } + interface OciBuilder { + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + } + interface OciBuilder { + /** + * DropIndex creates a Query that can be used to remove the named index from a table. + */ + dropIndex(table: string, name: string): (Query) + } + interface OciBuilder { + /** + * RenameTable creates a Query that can be used to rename a table. + */ + renameTable(oldName: string, newName: string): (Query) + } + interface OciBuilder { + /** + * AlterColumn creates a Query that can be used to change the definition of a table column. + */ + alterColumn(table: string, col: string, typ: string): (Query) + } + interface OciQueryBuilder { + /** + * BuildOrderByAndLimit generates the ORDER BY and LIMIT clauses. + */ + buildOrderByAndLimit(sql: string, cols: Array, limit: number, offset: number): string + } + /** + * PgsqlBuilder is the builder for PostgreSQL databases. + */ + type _sALdjlO = BaseBuilder + interface PgsqlBuilder extends _sALdjlO { + } + interface newPgsqlBuilder { + /** + * NewPgsqlBuilder creates a new PgsqlBuilder instance. + */ + (db: DB, executor: Executor): Builder + } + interface PgsqlBuilder { + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(...cols: string[]): (SelectQuery) + } + interface PgsqlBuilder { + /** + * Model returns a new ModelQuery object that can be used to perform model-based DB operations. + * The model passed to this method should be a pointer to a model struct. + */ + model(model: { + }): (ModelQuery) + } + interface PgsqlBuilder { + /** + * GeneratePlaceholder generates an anonymous parameter placeholder with the given parameter ID. + */ + generatePlaceholder(i: number): string + } + interface PgsqlBuilder { + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + } + interface PgsqlBuilder { + /** + * Upsert creates a Query that represents an UPSERT SQL statement. + * Upsert inserts a row into the table if the primary key or unique index is not found. + * Otherwise it will update the row with the new values. + * The keys of cols are the column names, while the values of cols are the corresponding column + * values to be inserted. + */ + upsert(table: string, cols: Params, ...constraints: string[]): (Query) + } + interface PgsqlBuilder { + /** + * DropIndex creates a Query that can be used to remove the named index from a table. + */ + dropIndex(table: string, name: string): (Query) + } + interface PgsqlBuilder { + /** + * RenameTable creates a Query that can be used to rename a table. + */ + renameTable(oldName: string, newName: string): (Query) + } + interface PgsqlBuilder { + /** + * AlterColumn creates a Query that can be used to change the definition of a table column. + */ + alterColumn(table: string, col: string, typ: string): (Query) + } + /** + * SqliteBuilder is the builder for SQLite databases. + */ + type _spUmBhh = BaseBuilder + interface SqliteBuilder extends _spUmBhh { + } + interface newSqliteBuilder { + /** + * NewSqliteBuilder creates a new SqliteBuilder instance. + */ + (db: DB, executor: Executor): Builder + } + interface SqliteBuilder { + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + } + interface SqliteBuilder { + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(...cols: string[]): (SelectQuery) + } + interface SqliteBuilder { + /** + * Model returns a new ModelQuery object that can be used to perform model-based DB operations. + * The model passed to this method should be a pointer to a model struct. + */ + model(model: { + }): (ModelQuery) + } + interface SqliteBuilder { + /** + * QuoteSimpleTableName quotes a simple table name. + * A simple table name does not contain any schema prefix. + */ + quoteSimpleTableName(s: string): string + } + interface SqliteBuilder { + /** + * QuoteSimpleColumnName quotes a simple column name. + * A simple column name does not contain any table prefix. + */ + quoteSimpleColumnName(s: string): string + } + interface SqliteBuilder { + /** + * DropIndex creates a Query that can be used to remove the named index from a table. + */ + dropIndex(table: string, name: string): (Query) + } + interface SqliteBuilder { + /** + * TruncateTable creates a Query that can be used to truncate a table. + */ + truncateTable(table: string): (Query) + } + interface SqliteBuilder { + /** + * RenameTable creates a Query that can be used to rename a table. + */ + renameTable(oldName: string, newName: string): (Query) + } + interface SqliteBuilder { + /** + * AlterColumn creates a Query that can be used to change the definition of a table column. + */ + alterColumn(table: string, col: string, typ: string): (Query) + } + interface SqliteBuilder { + /** + * AddPrimaryKey creates a Query that can be used to specify primary key(s) for a table. + * The "name" parameter specifies the name of the primary key constraint. + */ + addPrimaryKey(table: string, name: string, ...cols: string[]): (Query) + } + interface SqliteBuilder { + /** + * DropPrimaryKey creates a Query that can be used to remove the named primary key constraint from a table. + */ + dropPrimaryKey(table: string, name: string): (Query) + } + interface SqliteBuilder { + /** + * AddForeignKey creates a Query that can be used to add a foreign key constraint to a table. + * The length of cols and refCols must be the same as they refer to the primary and referential columns. + * The optional "options" parameters will be appended to the SQL statement. They can be used to + * specify options such as "ON DELETE CASCADE". + */ + addForeignKey(table: string, name: string, cols: Array, refCols: Array, refTable: string, ...options: string[]): (Query) + } + interface SqliteBuilder { + /** + * DropForeignKey creates a Query that can be used to remove the named foreign key constraint from a table. + */ + dropForeignKey(table: string, name: string): (Query) + } + /** + * StandardBuilder is the builder that is used by DB for an unknown driver. + */ + type _sWjnuHQ = BaseBuilder + interface StandardBuilder extends _sWjnuHQ { + } + interface newStandardBuilder { + /** + * NewStandardBuilder creates a new StandardBuilder instance. + */ + (db: DB, executor: Executor): Builder + } + interface StandardBuilder { + /** + * QueryBuilder returns the query builder supporting the current DB. + */ + queryBuilder(): QueryBuilder + } + interface StandardBuilder { + /** + * Select returns a new SelectQuery object that can be used to build a SELECT statement. + * The parameters to this method should be the list column names to be selected. + * A column name may have an optional alias name. For example, Select("id", "my_name AS name"). + */ + select(...cols: string[]): (SelectQuery) + } + interface StandardBuilder { + /** + * Model returns a new ModelQuery object that can be used to perform model-based DB operations. + * The model passed to this method should be a pointer to a model struct. + */ + model(model: { + }): (ModelQuery) + } + /** + * LogFunc logs a message for each SQL statement being executed. + * This method takes one or multiple parameters. If a single parameter + * is provided, it will be treated as the log message. If multiple parameters + * are provided, they will be passed to fmt.Sprintf() to generate the log message. + */ + interface LogFunc {(format: string, ...a: { + }[]): void } + /** + * PerfFunc is called when a query finishes execution. + * The query execution time is passed to this function so that the DB performance + * can be profiled. The "ns" parameter gives the number of nanoseconds that the + * SQL statement takes to execute, while the "execute" parameter indicates whether + * the SQL statement is executed or queried (usually SELECT statements). + */ + interface PerfFunc {(ns: number, sql: string, execute: boolean): void } + /** + * QueryLogFunc is called each time when performing a SQL query. + * The "t" parameter gives the time that the SQL statement takes to execute, + * while rows and err are the result of the query. + */ + interface QueryLogFunc {(ctx: context.Context, t: time.Duration, sql: string, rows: sql.Rows, err: Error): void } + /** + * ExecLogFunc is called each time when a SQL statement is executed. + * The "t" parameter gives the time that the SQL statement takes to execute, + * while result and err refer to the result of the execution. + */ + interface ExecLogFunc {(ctx: context.Context, t: time.Duration, sql: string, result: sql.Result, err: Error): void } + /** + * BuilderFunc creates a Builder instance using the given DB instance and Executor. + */ + interface BuilderFunc {(_arg0: DB, _arg1: Executor): Builder } + /** + * DB enhances sql.DB by providing a set of DB-agnostic query building methods. + * DB allows easier query building and population of data into Go variables. + */ + type _swIUbPb = Builder + interface DB extends _swIUbPb { + /** + * FieldMapper maps struct fields to DB columns. Defaults to DefaultFieldMapFunc. + */ + fieldMapper: FieldMapFunc + /** + * TableMapper maps structs to table names. Defaults to GetTableName. + */ + tableMapper: TableMapFunc + /** + * LogFunc logs the SQL statements being executed. Defaults to nil, meaning no logging. + */ + logFunc: LogFunc + /** + * PerfFunc logs the SQL execution time. Defaults to nil, meaning no performance profiling. + * Deprecated: Please use QueryLogFunc and ExecLogFunc instead. + */ + perfFunc: PerfFunc + /** + * QueryLogFunc is called each time when performing a SQL query that returns data. + */ + queryLogFunc: QueryLogFunc + /** + * ExecLogFunc is called each time when a SQL statement is executed. + */ + execLogFunc: ExecLogFunc + } + /** + * Errors represents a list of errors. + */ + interface Errors extends Array{} + interface newFromDB { + /** + * NewFromDB encapsulates an existing database connection. + */ + (sqlDB: sql.DB, driverName: string): (DB) + } + interface open { + /** + * Open opens a database specified by a driver name and data source name (DSN). + * Note that Open does not check if DSN is specified correctly. It doesn't try to establish a DB connection either. + * Please refer to sql.Open() for more information. + */ + (driverName: string, dsn: string): (DB) + } + interface mustOpen { + /** + * MustOpen opens a database and establishes a connection to it. + * Please refer to sql.Open() and sql.Ping() for more information. + */ + (driverName: string, dsn: string): (DB) + } + interface DB { + /** + * Clone makes a shallow copy of DB. + */ + clone(): (DB) + } + interface DB { + /** + * WithContext returns a new instance of DB associated with the given context. + */ + withContext(ctx: context.Context): (DB) + } + interface DB { + /** + * Context returns the context associated with the DB instance. + * It returns nil if no context is associated. + */ + context(): context.Context + } + interface DB { + /** + * DB returns the sql.DB instance encapsulated by dbx.DB. + */ + db(): (sql.DB) + } + interface DB { + /** + * Close closes the database, releasing any open resources. + * It is rare to Close a DB, as the DB handle is meant to be + * long-lived and shared between many goroutines. + */ + close(): void + } + interface DB { + /** + * Begin starts a transaction. + */ + begin(): (Tx) + } + interface DB { + /** + * BeginTx starts a transaction with the given context and transaction options. + */ + beginTx(ctx: context.Context, opts: sql.TxOptions): (Tx) + } + interface DB { + /** + * Wrap encapsulates an existing transaction. + */ + wrap(sqlTx: sql.Tx): (Tx) + } + interface DB { + /** + * Transactional starts a transaction and executes the given function. + * If the function returns an error, the transaction will be rolled back. + * Otherwise, the transaction will be committed. + */ + transactional(f: (_arg0: Tx) => void): void + } + interface DB { + /** + * TransactionalContext starts a transaction and executes the given function with the given context and transaction options. + * If the function returns an error, the transaction will be rolled back. + * Otherwise, the transaction will be committed. + */ + transactionalContext(ctx: context.Context, opts: sql.TxOptions, f: (_arg0: Tx) => void): void + } + interface DB { + /** + * DriverName returns the name of the DB driver. + */ + driverName(): string + } + interface DB { + /** + * QuoteTableName quotes the given table name appropriately. + * If the table name contains DB schema prefix, it will be handled accordingly. + * This method will do nothing if the table name is already quoted or if it contains parenthesis. + */ + quoteTableName(s: string): string + } + interface DB { + /** + * QuoteColumnName quotes the given column name appropriately. + * If the table name contains table name prefix, it will be handled accordingly. + * This method will do nothing if the column name is already quoted or if it contains parenthesis. + */ + quoteColumnName(s: string): string + } + interface Errors { + /** + * Error returns the error string of Errors. + */ + error(): string + } + /** + * Expression represents a DB expression that can be embedded in a SQL statement. + */ + interface Expression { + [key:string]: any; + /** + * Build converts an expression into a SQL fragment. + * If the expression contains binding parameters, they will be added to the given Params. + */ + build(_arg0: DB, _arg1: Params): string + } + /** + * HashExp represents a hash expression. + * + * A hash expression is a map whose keys are DB column names which need to be filtered according + * to the corresponding values. For example, HashExp{"level": 2, "dept": 10} will generate + * the SQL: "level"=2 AND "dept"=10. + * + * HashExp also handles nil values and slice values. For example, HashExp{"level": []interface{}{1, 2}, "dept": nil} + * will generate: "level" IN (1, 2) AND "dept" IS NULL. + */ + interface HashExp extends _TygojaDict{} + interface newExp { + /** + * NewExp generates an expression with the specified SQL fragment and the optional binding parameters. + */ + (e: string, ...params: Params[]): Expression + } + interface not { + /** + * Not generates a NOT expression which prefixes "NOT" to the specified expression. + */ + (e: Expression): Expression + } + interface and { + /** + * And generates an AND expression which concatenates the given expressions with "AND". + */ + (...exps: Expression[]): Expression + } + interface or { + /** + * Or generates an OR expression which concatenates the given expressions with "OR". + */ + (...exps: Expression[]): Expression + } + interface _in { + /** + * In generates an IN expression for the specified column and the list of allowed values. + * If values is empty, a SQL "0=1" will be generated which represents a false expression. + */ + (col: string, ...values: { + }[]): Expression + } + interface notIn { + /** + * NotIn generates an NOT IN expression for the specified column and the list of disallowed values. + * If values is empty, an empty string will be returned indicating a true expression. + */ + (col: string, ...values: { + }[]): Expression + } + interface like { + /** + * Like generates a LIKE expression for the specified column and the possible strings that the column should be like. + * If multiple values are present, the column should be like *all* of them. For example, Like("name", "key", "word") + * will generate a SQL expression: "name" LIKE "%key%" AND "name" LIKE "%word%". + * + * By default, each value will be surrounded by "%" to enable partial matching. If a value contains special characters + * such as "%", "\", "_", they will also be properly escaped. + * + * You may call Escape() and/or Match() to change the default behavior. For example, Like("name", "key").Match(false, true) + * generates "name" LIKE "key%". + */ + (col: string, ...values: string[]): (LikeExp) + } + interface notLike { + /** + * NotLike generates a NOT LIKE expression. + * For example, NotLike("name", "key", "word") will generate a SQL expression: + * "name" NOT LIKE "%key%" AND "name" NOT LIKE "%word%". Please see Like() for more details. + */ + (col: string, ...values: string[]): (LikeExp) + } + interface orLike { + /** + * OrLike generates an OR LIKE expression. + * This is similar to Like() except that the column should be like one of the possible values. + * For example, OrLike("name", "key", "word") will generate a SQL expression: + * "name" LIKE "%key%" OR "name" LIKE "%word%". Please see Like() for more details. + */ + (col: string, ...values: string[]): (LikeExp) + } + interface orNotLike { + /** + * OrNotLike generates an OR NOT LIKE expression. + * For example, OrNotLike("name", "key", "word") will generate a SQL expression: + * "name" NOT LIKE "%key%" OR "name" NOT LIKE "%word%". Please see Like() for more details. + */ + (col: string, ...values: string[]): (LikeExp) + } + interface exists { + /** + * Exists generates an EXISTS expression by prefixing "EXISTS" to the given expression. + */ + (exp: Expression): Expression + } + interface notExists { + /** + * NotExists generates an EXISTS expression by prefixing "NOT EXISTS" to the given expression. + */ + (exp: Expression): Expression + } + interface between { + /** + * Between generates a BETWEEN expression. + * For example, Between("age", 10, 30) generates: "age" BETWEEN 10 AND 30 + */ + (col: string, from: { + }, to: { + }): Expression + } + interface notBetween { + /** + * NotBetween generates a NOT BETWEEN expression. + * For example, NotBetween("age", 10, 30) generates: "age" NOT BETWEEN 10 AND 30 + */ + (col: string, from: { + }, to: { + }): Expression + } + /** + * Exp represents an expression with a SQL fragment and a list of optional binding parameters. + */ + interface Exp { + } + interface Exp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + interface HashExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * NotExp represents an expression that should prefix "NOT" to a specified expression. + */ + interface NotExp { + } + interface NotExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * AndOrExp represents an expression that concatenates multiple expressions using either "AND" or "OR". + */ + interface AndOrExp { + } + interface AndOrExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * InExp represents an "IN" or "NOT IN" expression. + */ + interface InExp { + } + interface InExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * LikeExp represents a variant of LIKE expressions. + */ + interface LikeExp { + /** + * Like stores the LIKE operator. It can be "LIKE", "NOT LIKE". + * It may also be customized as something like "ILIKE". + */ + like: string + } + interface LikeExp { + /** + * Escape specifies how a LIKE expression should be escaped. + * Each string at position 2i represents a special character and the string at position 2i+1 is + * the corresponding escaped version. + */ + escape(...chars: string[]): (LikeExp) + } + interface LikeExp { + /** + * Match specifies whether to do wildcard matching on the left and/or right of given strings. + */ + match(left: boolean, right: boolean): (LikeExp) + } + interface LikeExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * ExistsExp represents an EXISTS or NOT EXISTS expression. + */ + interface ExistsExp { + } + interface ExistsExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * BetweenExp represents a BETWEEN or a NOT BETWEEN expression. + */ + interface BetweenExp { + } + interface BetweenExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + interface enclose { + /** + * Enclose surrounds the provided nonempty expression with parenthesis "()". + */ + (exp: Expression): Expression + } + /** + * EncloseExp represents a parenthesis enclosed expression. + */ + interface EncloseExp { + } + interface EncloseExp { + /** + * Build converts an expression into a SQL fragment. + */ + build(db: DB, params: Params): string + } + /** + * TableModel is the interface that should be implemented by models which have unconventional table names. + */ + interface TableModel { + [key:string]: any; + tableName(): string + } + /** + * ModelQuery represents a query associated with a struct model. + */ + interface ModelQuery { + } + interface newModelQuery { + (model: { + }, fieldMapFunc: FieldMapFunc, db: DB, builder: Builder): (ModelQuery) + } + interface ModelQuery { + /** + * Context returns the context associated with the query. + */ + context(): context.Context + } + interface ModelQuery { + /** + * WithContext associates a context with the query. + */ + withContext(ctx: context.Context): (ModelQuery) + } + interface ModelQuery { + /** + * Exclude excludes the specified struct fields from being inserted/updated into the DB table. + */ + exclude(...attrs: string[]): (ModelQuery) + } + interface ModelQuery { + /** + * Insert inserts a row in the table using the struct model associated with this query. + * + * By default, it inserts *all* public fields into the table, including those nil or empty ones. + * You may pass a list of the fields to this method to indicate that only those fields should be inserted. + * You may also call Exclude to exclude some fields from being inserted. + * + * If a model has an empty primary key, it is considered auto-incremental and the corresponding struct + * field will be filled with the generated primary key value after a successful insertion. + */ + insert(...attrs: string[]): void + } + interface ModelQuery { + /** + * Update updates a row in the table using the struct model associated with this query. + * The row being updated has the same primary key as specified by the model. + * + * By default, it updates *all* public fields in the table, including those nil or empty ones. + * You may pass a list of the fields to this method to indicate that only those fields should be updated. + * You may also call Exclude to exclude some fields from being updated. + */ + update(...attrs: string[]): void + } + interface ModelQuery { + /** + * Delete deletes a row in the table using the primary key specified by the struct model associated with this query. + */ + delete(): void + } + /** + * ExecHookFunc executes before op allowing custom handling like auto fail/retry. + */ + interface ExecHookFunc {(q: Query, op: () => void): void } + /** + * OneHookFunc executes right before the query populate the row result from One() call (aka. op). + */ + interface OneHookFunc {(q: Query, a: { + }, op: (b: { + }) => void): void } + /** + * AllHookFunc executes right before the query populate the row result from All() call (aka. op). + */ + interface AllHookFunc {(q: Query, sliceA: { + }, op: (sliceB: { + }) => void): void } + /** + * Params represents a list of parameter values to be bound to a SQL statement. + * The map keys are the parameter names while the map values are the corresponding parameter values. + */ + interface Params extends _TygojaDict{} + /** + * Executor prepares, executes, or queries a SQL statement. + */ + interface Executor { + [key:string]: any; + /** + * Exec executes a SQL statement + */ + exec(query: string, ...args: { + }[]): sql.Result + /** + * ExecContext executes a SQL statement with the given context + */ + execContext(ctx: context.Context, query: string, ...args: { + }[]): sql.Result + /** + * Query queries a SQL statement + */ + query(query: string, ...args: { + }[]): (sql.Rows) + /** + * QueryContext queries a SQL statement with the given context + */ + queryContext(ctx: context.Context, query: string, ...args: { + }[]): (sql.Rows) + /** + * Prepare creates a prepared statement + */ + prepare(query: string): (sql.Stmt) + } + /** + * Query represents a SQL statement to be executed. + */ + interface Query { + /** + * FieldMapper maps struct field names to DB column names. + */ + fieldMapper: FieldMapFunc + /** + * LastError contains the last error (if any) of the query. + * LastError is cleared by Execute(), Row(), Rows(), One(), and All(). + */ + lastError: Error + /** + * LogFunc is used to log the SQL statement being executed. + */ + logFunc: LogFunc + /** + * PerfFunc is used to log the SQL execution time. It is ignored if nil. + * Deprecated: Please use QueryLogFunc and ExecLogFunc instead. + */ + perfFunc: PerfFunc + /** + * QueryLogFunc is called each time when performing a SQL query that returns data. + */ + queryLogFunc: QueryLogFunc + /** + * ExecLogFunc is called each time when a SQL statement is executed. + */ + execLogFunc: ExecLogFunc + } + interface newQuery { + /** + * NewQuery creates a new Query with the given SQL statement. + */ + (db: DB, executor: Executor, sql: string): (Query) + } + interface Query { + /** + * SQL returns the original SQL used to create the query. + * The actual SQL (RawSQL) being executed is obtained by replacing the named + * parameter placeholders with anonymous ones. + */ + sql(): string + } + interface Query { + /** + * Context returns the context associated with the query. + */ + context(): context.Context + } + interface Query { + /** + * WithContext associates a context with the query. + */ + withContext(ctx: context.Context): (Query) + } + interface Query { + /** + * WithExecHook associates the provided exec hook function with the query. + * + * It is called for every Query resolver (Execute(), One(), All(), Row(), Column()), + * allowing you to implement auto fail/retry or any other additional handling. + */ + withExecHook(fn: ExecHookFunc): (Query) + } + interface Query { + /** + * WithOneHook associates the provided hook function with the query, + * called on q.One(), allowing you to implement custom struct scan based + * on the One() argument and/or result. + */ + withOneHook(fn: OneHookFunc): (Query) + } + interface Query { + /** + * WithOneHook associates the provided hook function with the query, + * called on q.All(), allowing you to implement custom slice scan based + * on the All() argument and/or result. + */ + withAllHook(fn: AllHookFunc): (Query) + } + interface Query { + /** + * Params returns the parameters to be bound to the SQL statement represented by this query. + */ + params(): Params + } + interface Query { + /** + * Prepare creates a prepared statement for later queries or executions. + * Close() should be called after finishing all queries. + */ + prepare(): (Query) + } + interface Query { + /** + * Close closes the underlying prepared statement. + * Close does nothing if the query has not been prepared before. + */ + close(): void + } + interface Query { + /** + * Bind sets the parameters that should be bound to the SQL statement. + * The parameter placeholders in the SQL statement are in the format of "{:ParamName}". + */ + bind(params: Params): (Query) + } + interface Query { + /** + * Execute executes the SQL statement without retrieving data. + */ + execute(): sql.Result + } + interface Query { + /** + * One executes the SQL statement and populates the first row of the result into a struct or NullStringMap. + * Refer to Rows.ScanStruct() and Rows.ScanMap() for more details on how to specify + * the variable to be populated. + * Note that when the query has no rows in the result set, an sql.ErrNoRows will be returned. + */ + one(a: { + }): void + } + interface Query { + /** + * All executes the SQL statement and populates all the resulting rows into a slice of struct or NullStringMap. + * The slice must be given as a pointer. Each slice element must be either a struct or a NullStringMap. + * Refer to Rows.ScanStruct() and Rows.ScanMap() for more details on how each slice element can be. + * If the query returns no row, the slice will be an empty slice (not nil). + */ + all(slice: { + }): void + } + interface Query { + /** + * Row executes the SQL statement and populates the first row of the result into a list of variables. + * Note that the number of the variables should match to that of the columns in the query result. + * Note that when the query has no rows in the result set, an sql.ErrNoRows will be returned. + */ + row(...a: { + }[]): void + } + interface Query { + /** + * Column executes the SQL statement and populates the first column of the result into a slice. + * Note that the parameter must be a pointer to a slice. + */ + column(a: { + }): void + } + interface Query { + /** + * Rows executes the SQL statement and returns a Rows object to allow retrieving data row by row. + */ + rows(): (Rows) + } + /** + * QueryBuilder builds different clauses for a SELECT SQL statement. + */ + interface QueryBuilder { + [key:string]: any; + /** + * BuildSelect generates a SELECT clause from the given selected column names. + */ + buildSelect(cols: Array, distinct: boolean, option: string): string + /** + * BuildFrom generates a FROM clause from the given tables. + */ + buildFrom(tables: Array): string + /** + * BuildGroupBy generates a GROUP BY clause from the given group-by columns. + */ + buildGroupBy(cols: Array): string + /** + * BuildJoin generates a JOIN clause from the given join information. + */ + buildJoin(_arg0: Array, _arg1: Params): string + /** + * BuildWhere generates a WHERE clause from the given expression. + */ + buildWhere(_arg0: Expression, _arg1: Params): string + /** + * BuildHaving generates a HAVING clause from the given expression. + */ + buildHaving(_arg0: Expression, _arg1: Params): string + /** + * BuildOrderByAndLimit generates the ORDER BY and LIMIT clauses. + */ + buildOrderByAndLimit(_arg0: string, _arg1: Array, _arg2: number, _arg3: number): string + /** + * BuildUnion generates a UNION clause from the given union information. + */ + buildUnion(_arg0: Array, _arg1: Params): string + } + /** + * BaseQueryBuilder provides a basic implementation of QueryBuilder. + */ + interface BaseQueryBuilder { + } + interface newBaseQueryBuilder { + /** + * NewBaseQueryBuilder creates a new BaseQueryBuilder instance. + */ + (db: DB): (BaseQueryBuilder) + } + interface BaseQueryBuilder { + /** + * DB returns the DB instance associated with the query builder. + */ + db(): (DB) + } + interface BaseQueryBuilder { + /** + * BuildSelect generates a SELECT clause from the given selected column names. + */ + buildSelect(cols: Array, distinct: boolean, option: string): string + } + interface BaseQueryBuilder { + /** + * BuildFrom generates a FROM clause from the given tables. + */ + buildFrom(tables: Array): string + } + interface BaseQueryBuilder { + /** + * BuildJoin generates a JOIN clause from the given join information. + */ + buildJoin(joins: Array, params: Params): string + } + interface BaseQueryBuilder { + /** + * BuildWhere generates a WHERE clause from the given expression. + */ + buildWhere(e: Expression, params: Params): string + } + interface BaseQueryBuilder { + /** + * BuildHaving generates a HAVING clause from the given expression. + */ + buildHaving(e: Expression, params: Params): string + } + interface BaseQueryBuilder { + /** + * BuildGroupBy generates a GROUP BY clause from the given group-by columns. + */ + buildGroupBy(cols: Array): string + } + interface BaseQueryBuilder { + /** + * BuildOrderByAndLimit generates the ORDER BY and LIMIT clauses. + */ + buildOrderByAndLimit(sql: string, cols: Array, limit: number, offset: number): string + } + interface BaseQueryBuilder { + /** + * BuildUnion generates a UNION clause from the given union information. + */ + buildUnion(unions: Array, params: Params): string + } + interface BaseQueryBuilder { + /** + * BuildOrderBy generates the ORDER BY clause. + */ + buildOrderBy(cols: Array): string + } + interface BaseQueryBuilder { + /** + * BuildLimit generates the LIMIT clause. + */ + buildLimit(limit: number, offset: number): string + } + /** + * VarTypeError indicates a variable type error when trying to populating a variable with DB result. + */ + interface VarTypeError extends String{} + interface VarTypeError { + /** + * Error returns the error message. + */ + error(): string + } + /** + * NullStringMap is a map of sql.NullString that can be used to hold DB query result. + * The map keys correspond to the DB column names, while the map values are their corresponding column values. + */ + interface NullStringMap extends _TygojaDict{} + /** + * Rows enhances sql.Rows by providing additional data query methods. + * Rows can be obtained by calling Query.Rows(). It is mainly used to populate data row by row. + */ + type _sguxiye = sql.Rows + interface Rows extends _sguxiye { + } + interface Rows { + /** + * ScanMap populates the current row of data into a NullStringMap. + * Note that the NullStringMap must not be nil, or it will panic. + * The NullStringMap will be populated using column names as keys and their values as + * the corresponding element values. + */ + scanMap(a: NullStringMap): void + } + interface Rows { + /** + * ScanStruct populates the current row of data into a struct. + * The struct must be given as a pointer. + * + * ScanStruct associates struct fields with DB table columns through a field mapping function. + * It populates a struct field with the data of its associated column. + * Note that only exported struct fields will be populated. + * + * By default, DefaultFieldMapFunc() is used to map struct fields to table columns. + * This function separates each word in a field name with a underscore and turns every letter into lower case. + * For example, "LastName" is mapped to "last_name", "MyID" is mapped to "my_id", and so on. + * To change the default behavior, set DB.FieldMapper with your custom mapping function. + * You may also set Query.FieldMapper to change the behavior for particular queries. + */ + scanStruct(a: { + }): void + } + /** + * BuildHookFunc defines a callback function that is executed on Query creation. + */ + interface BuildHookFunc {(q: Query): void } + /** + * SelectQuery represents a DB-agnostic SELECT query. + * It can be built into a DB-specific query by calling the Build() method. + */ + interface SelectQuery { + /** + * FieldMapper maps struct field names to DB column names. + */ + fieldMapper: FieldMapFunc + /** + * TableMapper maps structs to DB table names. + */ + tableMapper: TableMapFunc + } + /** + * JoinInfo contains the specification for a JOIN clause. + */ + interface JoinInfo { + join: string + table: string + on: Expression + } + /** + * UnionInfo contains the specification for a UNION clause. + */ + interface UnionInfo { + all: boolean + query?: Query + } + interface newSelectQuery { + /** + * NewSelectQuery creates a new SelectQuery instance. + */ + (builder: Builder, db: DB): (SelectQuery) + } + interface SelectQuery { + /** + * WithBuildHook runs the provided hook function with the query created on Build(). + */ + withBuildHook(fn: BuildHookFunc): (SelectQuery) + } + interface SelectQuery { + /** + * Context returns the context associated with the query. + */ + context(): context.Context + } + interface SelectQuery { + /** + * WithContext associates a context with the query. + */ + withContext(ctx: context.Context): (SelectQuery) + } + interface SelectQuery { + /** + * PreFragment sets SQL fragment that should be prepended before the select query (e.g. WITH clause). + */ + preFragment(fragment: string): (SelectQuery) + } + interface SelectQuery { + /** + * PostFragment sets SQL fragment that should be appended at the end of the select query. + */ + postFragment(fragment: string): (SelectQuery) + } + interface SelectQuery { + /** + * Select specifies the columns to be selected. + * Column names will be automatically quoted. + */ + select(...cols: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * AndSelect adds additional columns to be selected. + * Column names will be automatically quoted. + */ + andSelect(...cols: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * Distinct specifies whether to select columns distinctively. + * By default, distinct is false. + */ + distinct(v: boolean): (SelectQuery) + } + interface SelectQuery { + /** + * SelectOption specifies additional option that should be append to "SELECT". + */ + selectOption(option: string): (SelectQuery) + } + interface SelectQuery { + /** + * From specifies which tables to select from. + * Table names will be automatically quoted. + */ + from(...tables: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * Where specifies the WHERE condition. + */ + where(e: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * AndWhere concatenates a new WHERE condition with the existing one (if any) using "AND". + */ + andWhere(e: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * OrWhere concatenates a new WHERE condition with the existing one (if any) using "OR". + */ + orWhere(e: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * Join specifies a JOIN clause. + * The "typ" parameter specifies the JOIN type (e.g. "INNER JOIN", "LEFT JOIN"). + */ + join(typ: string, table: string, on: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * InnerJoin specifies an INNER JOIN clause. + * This is a shortcut method for Join. + */ + innerJoin(table: string, on: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * LeftJoin specifies a LEFT JOIN clause. + * This is a shortcut method for Join. + */ + leftJoin(table: string, on: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * RightJoin specifies a RIGHT JOIN clause. + * This is a shortcut method for Join. + */ + rightJoin(table: string, on: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * OrderBy specifies the ORDER BY clause. + * Column names will be properly quoted. A column name can contain "ASC" or "DESC" to indicate its ordering direction. + */ + orderBy(...cols: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * AndOrderBy appends additional columns to the existing ORDER BY clause. + * Column names will be properly quoted. A column name can contain "ASC" or "DESC" to indicate its ordering direction. + */ + andOrderBy(...cols: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * GroupBy specifies the GROUP BY clause. + * Column names will be properly quoted. + */ + groupBy(...cols: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * AndGroupBy appends additional columns to the existing GROUP BY clause. + * Column names will be properly quoted. + */ + andGroupBy(...cols: string[]): (SelectQuery) + } + interface SelectQuery { + /** + * Having specifies the HAVING clause. + */ + having(e: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * AndHaving concatenates a new HAVING condition with the existing one (if any) using "AND". + */ + andHaving(e: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * OrHaving concatenates a new HAVING condition with the existing one (if any) using "OR". + */ + orHaving(e: Expression): (SelectQuery) + } + interface SelectQuery { + /** + * Union specifies a UNION clause. + */ + union(q: Query): (SelectQuery) + } + interface SelectQuery { + /** + * UnionAll specifies a UNION ALL clause. + */ + unionAll(q: Query): (SelectQuery) + } + interface SelectQuery { + /** + * Limit specifies the LIMIT clause. + * A negative limit means no limit. + */ + limit(limit: number): (SelectQuery) + } + interface SelectQuery { + /** + * Offset specifies the OFFSET clause. + * A negative offset means no offset. + */ + offset(offset: number): (SelectQuery) + } + interface SelectQuery { + /** + * Bind specifies the parameter values to be bound to the query. + */ + bind(params: Params): (SelectQuery) + } + interface SelectQuery { + /** + * AndBind appends additional parameters to be bound to the query. + */ + andBind(params: Params): (SelectQuery) + } + interface SelectQuery { + /** + * Build builds the SELECT query and returns an executable Query object. + */ + build(): (Query) + } + interface SelectQuery { + /** + * One executes the SELECT query and populates the first row of the result into the specified variable. + * + * If the query does not specify a "from" clause, the method will try to infer the name of the table + * to be selected from by calling getTableName() which will return either the variable type name + * or the TableName() method if the variable implements the TableModel interface. + * + * Note that when the query has no rows in the result set, an sql.ErrNoRows will be returned. + */ + one(a: { + }): void + } + interface SelectQuery { + /** + * Model selects the row with the specified primary key and populates the model with the row data. + * + * The model variable should be a pointer to a struct. If the query does not specify a "from" clause, + * it will use the model struct to determine which table to select data from. It will also use the model + * to infer the name of the primary key column. Only simple primary key is supported. For composite primary keys, + * please use Where() to specify the filtering condition. + */ + model(pk: { + }, model: { + }): void + } + interface SelectQuery { + /** + * All executes the SELECT query and populates all rows of the result into a slice. + * + * Note that the slice must be passed in as a pointer. + * + * If the query does not specify a "from" clause, the method will try to infer the name of the table + * to be selected from by calling getTableName() which will return either the type name of the slice elements + * or the TableName() method if the slice element implements the TableModel interface. + */ + all(slice: { + }): void + } + interface SelectQuery { + /** + * Rows builds and executes the SELECT query and returns a Rows object for data retrieval purpose. + * This is a shortcut to SelectQuery.Build().Rows() + */ + rows(): (Rows) + } + interface SelectQuery { + /** + * Row builds and executes the SELECT query and populates the first row of the result into the specified variables. + * This is a shortcut to SelectQuery.Build().Row() + */ + row(...a: { + }[]): void + } + interface SelectQuery { + /** + * Column builds and executes the SELECT statement and populates the first column of the result into a slice. + * Note that the parameter must be a pointer to a slice. + * This is a shortcut to SelectQuery.Build().Column() + */ + column(a: { + }): void + } + /** + * QueryInfo represents a debug/info struct with exported SelectQuery fields. + */ + interface QueryInfo { + preFragment: string + postFragment: string + builder: Builder + selects: Array + distinct: boolean + selectOption: string + from: Array + where: Expression + join: Array + orderBy: Array + groupBy: Array + having: Expression + union: Array + limit: number + offset: number + params: Params + context: context.Context + buildHook: BuildHookFunc + } + interface SelectQuery { + /** + * Info exports common SelectQuery fields allowing to inspect the + * current select query options. + */ + info(): (QueryInfo) + } + /** + * FieldMapFunc converts a struct field name into a DB column name. + */ + interface FieldMapFunc {(_arg0: string): string } + /** + * TableMapFunc converts a sample struct into a DB table name. + */ + interface TableMapFunc {(a: { + }): string } + interface structInfo { + } + type _sPncttL = structInfo + interface structValue extends _sPncttL { + } + interface fieldInfo { + } + interface structInfoMapKey { + } + /** + * PostScanner is an optional interface used by ScanStruct. + */ + interface PostScanner { + [key:string]: any; + /** + * PostScan executes right after the struct has been populated + * with the DB values, allowing you to further normalize or validate + * the loaded data. + */ + postScan(): void + } + interface defaultFieldMapFunc { + /** + * DefaultFieldMapFunc maps a field name to a DB column name. + * The mapping rule set by this method is that words in a field name will be separated by underscores + * and the name will be turned into lower case. For example, "FirstName" maps to "first_name", and "MyID" becomes "my_id". + * See DB.FieldMapper for more details. + */ + (f: string): string + } + interface getTableName { + /** + * GetTableName implements the default way of determining the table name corresponding to the given model struct + * or slice of structs. To get the actual table name for a model, you should use DB.TableMapFunc() instead. + * Do not call this method in a model's TableName() method because it will cause infinite loop. + */ + (a: { + }): string + } + /** + * Tx enhances sql.Tx with additional querying methods. + */ + type _sbhRiou = Builder + interface Tx extends _sbhRiou { + } + interface Tx { + /** + * Commit commits the transaction. + */ + commit(): void + } + interface Tx { + /** + * Rollback aborts the transaction. + */ + rollback(): void + } +} + +namespace security { + interface s256Challenge { + /** + * S256Challenge creates base64 encoded sha256 challenge string derived from code. + * The padding of the result base64 string is stripped per [RFC 7636]. + * + * [RFC 7636]: https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 + */ + (code: string): string + } + interface md5 { + /** + * MD5 creates md5 hash from the provided plain text. + */ + (text: string): string + } + interface sha256 { + /** + * SHA256 creates sha256 hash as defined in FIPS 180-4 from the provided text. + */ + (text: string): string + } + interface sha512 { + /** + * SHA512 creates sha512 hash as defined in FIPS 180-4 from the provided text. + */ + (text: string): string + } + interface hs256 { + /** + * HS256 creates a HMAC hash with sha256 digest algorithm. + */ + (text: string, secret: string): string + } + interface hs512 { + /** + * HS512 creates a HMAC hash with sha512 digest algorithm. + */ + (text: string, secret: string): string + } + interface equal { + /** + * Equal compares two hash strings for equality without leaking timing information. + */ + (hash1: string, hash2: string): boolean + } + // @ts-ignore + import crand = rand + interface encrypt { + /** + * Encrypt encrypts "data" with the specified "key" (must be valid 32 char AES key). + * + * This method uses AES-256-GCM block cypher mode. + */ + (data: string|Array, key: string): string + } + interface decrypt { + /** + * Decrypt decrypts encrypted text with key (must be valid 32 chars AES key). + * + * This method uses AES-256-GCM block cypher mode. + */ + (cipherText: string, key: string): string|Array + } + interface parseUnverifiedJWT { + /** + * ParseUnverifiedJWT parses JWT and returns its claims + * but DOES NOT verify the signature. + * + * It verifies only the exp, iat and nbf claims. + */ + (token: string): jwt.MapClaims + } + interface parseJWT { + /** + * ParseJWT verifies and parses JWT and returns its claims. + */ + (token: string, verificationKey: string): jwt.MapClaims + } + interface newJWT { + /** + * NewJWT generates and returns new HS256 signed JWT. + */ + (payload: jwt.MapClaims, signingKey: string, duration: time.Duration): string + } + // @ts-ignore + import cryptoRand = rand + // @ts-ignore + import mathRand = rand + interface randomString { + /** + * RandomString generates a cryptographically random string with the specified length. + * + * The generated string matches [A-Za-z0-9]+ and it's transparent to URL-encoding. + */ + (length: number): string + } + interface randomStringWithAlphabet { + /** + * RandomStringWithAlphabet generates a cryptographically random string + * with the specified length and characters set. + * + * It panics if for some reason rand.Int returns a non-nil error. + */ + (length: number, alphabet: string): string + } + interface pseudorandomString { + /** + * PseudorandomString generates a pseudorandom string with the specified length. + * + * The generated string matches [A-Za-z0-9]+ and it's transparent to URL-encoding. + * + * For a cryptographically random string (but a little bit slower) use RandomString instead. + */ + (length: number): string + } + interface pseudorandomStringWithAlphabet { + /** + * PseudorandomStringWithAlphabet generates a pseudorandom string + * with the specified length and characters set. + * + * For a cryptographically random (but a little bit slower) use RandomStringWithAlphabet instead. + */ + (length: number, alphabet: string): string + } + interface randomStringByRegex { + /** + * RandomStringByRegex generates a random string matching the regex pattern. + * If optFlags is not set, fallbacks to [syntax.Perl]. + * + * NB! While the source of the randomness comes from [crypto/rand] this method + * is not recommended to be used on its own in critical secure contexts because + * the generated length could vary too much on the used pattern and may not be + * as secure as simply calling [security.RandomString]. + * If you still insist on using it for such purposes, consider at least + * a large enough minimum length for the generated string, e.g. `[a-z0-9]{30}`. + * + * This function is inspired by github.com/pipe01/revregexp, github.com/lucasjones/reggen and other similar packages. + */ + (pattern: string, ...optFlags: syntax.Flags[]): string + } +} + +namespace filesystem { + /** + * FileReader defines an interface for a file resource reader. + */ + interface FileReader { + [key:string]: any; + open(): io.ReadSeekCloser + } + /** + * File defines a single file [io.ReadSeekCloser] resource. + * + * The file could be from a local path, multipart/form-data header, etc. + */ + interface File { + reader: FileReader + name: string + originalName: string + size: number + } + interface File { + /** + * AsMap implements [core.mapExtractor] and returns a value suitable + * to be used in an API rule expression. + */ + asMap(): _TygojaDict + } + interface newFileFromPath { + /** + * NewFileFromPath creates a new File instance from the provided local file path. + */ + (path: string): (File) + } + interface newFileFromBytes { + /** + * NewFileFromBytes creates a new File instance from the provided byte slice. + */ + (b: string|Array, name: string): (File) + } + interface newFileFromMultipart { + /** + * NewFileFromMultipart creates a new File from the provided multipart header. + */ + (mh: multipart.FileHeader): (File) + } + interface newFileFromURL { + /** + * NewFileFromURL creates a new File from the provided url by + * downloading the resource and load it as BytesReader. + * + * Example + * + * ``` + * ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + * defer cancel() + * + * file, err := filesystem.NewFileFromURL(ctx, "https://example.com/image.png") + * ``` + */ + (ctx: context.Context, url: string): (File) + } + /** + * MultipartReader defines a FileReader from [multipart.FileHeader]. + */ + interface MultipartReader { + header?: multipart.FileHeader + } + interface MultipartReader { + /** + * Open implements the [filesystem.FileReader] interface. + */ + open(): io.ReadSeekCloser + } + /** + * PathReader defines a FileReader from a local file path. + */ + interface PathReader { + path: string + } + interface PathReader { + /** + * Open implements the [filesystem.FileReader] interface. + */ + open(): io.ReadSeekCloser + } + /** + * BytesReader defines a FileReader from bytes content. + */ + interface BytesReader { + bytes: string|Array + } + interface BytesReader { + /** + * Open implements the [filesystem.FileReader] interface. + */ + open(): io.ReadSeekCloser + } + type _sgrUUXz = bytes.Reader + interface bytesReadSeekCloser extends _sgrUUXz { + } + interface bytesReadSeekCloser { + /** + * Close implements the [io.ReadSeekCloser] interface. + */ + close(): void + } + /** + * openFuncAsReader defines a FileReader from a bare Open function. + */ + interface openFuncAsReader {(): io.ReadSeekCloser } + interface openFuncAsReader { + /** + * Open implements the [filesystem.FileReader] interface. + */ + open(): io.ReadSeekCloser + } + interface System { + } + interface newS3 { + /** + * NewS3 initializes an S3 filesystem instance. + * + * NB! Make sure to call `Close()` after you are done working with it. + */ + (bucketName: string, region: string, endpoint: string, accessKey: string, secretKey: string, s3ForcePathStyle: boolean): (System) + } + interface newLocal { + /** + * NewLocal initializes a new local filesystem instance. + * + * NB! Make sure to call `Close()` after you are done working with it. + */ + (dirPath: string): (System) + } + interface System { + /** + * SetContext assigns the specified context to the current filesystem. + */ + setContext(ctx: context.Context): void + } + interface System { + /** + * Close releases any resources used for the related filesystem. + */ + close(): void + } + interface System { + /** + * Exists checks if file with fileKey path exists or not. + */ + exists(fileKey: string): boolean + } + interface System { + /** + * Attributes returns the attributes for the file with fileKey path. + * + * If the file doesn't exist it returns ErrNotFound. + */ + attributes(fileKey: string): (blob.Attributes) + } + interface System { + /** + * GetReader returns a file content reader for the given fileKey. + * + * NB! Make sure to call Close() on the file after you are done working with it. + * + * If the file doesn't exist returns ErrNotFound. + */ + getReader(fileKey: string): (blob.Reader) + } + interface System { + /** + * Deprecated: Please use GetReader(fileKey) instead. + */ + getFile(fileKey: string): (blob.Reader) + } + interface System { + /** + * GetReuploadableFile constructs a new reuploadable File value + * from the associated fileKey blob.Reader. + * + * If preserveName is false then the returned File.Name will have + * a new randomly generated suffix, otherwise it will reuse the original one. + * + * This method could be useful in case you want to clone an existing + * Record file and assign it to a new Record (e.g. in a Record duplicate action). + * + * If you simply want to copy an existing file to a new location you + * could check the Copy(srcKey, dstKey) method. + */ + getReuploadableFile(fileKey: string, preserveName: boolean): (File) + } + interface System { + /** + * Copy copies the file stored at srcKey to dstKey. + * + * If srcKey file doesn't exist, it returns ErrNotFound. + * + * If dstKey file already exists, it is overwritten. + */ + copy(srcKey: string, dstKey: string): void + } + interface System { + /** + * List returns a flat list with info for all files under the specified prefix. + */ + list(prefix: string): Array<(blob.ListObject | undefined)> + } + interface System { + /** + * Upload writes content into the fileKey location. + */ + upload(content: string|Array, fileKey: string): void + } + interface System { + /** + * UploadFile uploads the provided File to the fileKey location. + */ + uploadFile(file: File, fileKey: string): void + } + interface System { + /** + * UploadMultipart uploads the provided multipart file to the fileKey location. + */ + uploadMultipart(fh: multipart.FileHeader, fileKey: string): void + } + interface System { + /** + * Delete deletes stored file at fileKey location. + * + * If the file doesn't exist returns ErrNotFound. + */ + delete(fileKey: string): void + } + interface System { + /** + * DeletePrefix deletes everything starting with the specified prefix. + * + * The prefix could be subpath (ex. "/a/b/") or filename prefix (ex. "/a/b/file_"). + */ + deletePrefix(prefix: string): Array + } + interface System { + /** + * Checks if the provided dir prefix doesn't have any files. + * + * A trailing slash will be appended to a non-empty dir string argument + * to ensure that the checked prefix is a "directory". + * + * Returns "false" in case the has at least one file, otherwise - "true". + */ + isEmptyDir(dir: string): boolean + } + interface System { + /** + * Serve serves the file at fileKey location to an HTTP response. + * + * If the `download` query parameter is used the file will be always served for + * download no matter of its type (aka. with "Content-Disposition: attachment"). + * + * Internally this method uses [http.ServeContent] so Range requests, + * If-Match, If-Unmodified-Since, etc. headers are handled transparently. + */ + serve(res: http.ResponseWriter, req: http.Request, fileKey: string, name: string): void + } + interface System { + /** + * CreateThumb creates a new thumb image for the file at originalKey location. + * The new thumb file is stored at thumbKey location. + * + * thumbSize is in the format: + * - 0xH (eg. 0x100) - resize to H height preserving the aspect ratio + * - Wx0 (eg. 300x0) - resize to W width preserving the aspect ratio + * - WxH (eg. 300x100) - resize and crop to WxH viewbox (from center) + * - WxHt (eg. 300x100t) - resize and crop to WxH viewbox (from top) + * - WxHb (eg. 300x100b) - resize and crop to WxH viewbox (from bottom) + * - WxHf (eg. 300x100f) - fit inside a WxH viewbox (without cropping) + */ + createThumb(originalKey: string, thumbKey: string, thumbSize: string): void + } +} + +/** + * Package exec runs external commands. It wraps os.StartProcess to make it + * easier to remap stdin and stdout, connect I/O with pipes, and do other + * adjustments. + * + * Unlike the "system" library call from C and other languages, the + * os/exec package intentionally does not invoke the system shell and + * does not expand any glob patterns or handle other expansions, + * pipelines, or redirections typically done by shells. The package + * behaves more like C's "exec" family of functions. To expand glob + * patterns, either call the shell directly, taking care to escape any + * dangerous input, or use the [path/filepath] package's Glob function. + * To expand environment variables, use package os's ExpandEnv. + * + * Note that the examples in this package assume a Unix system. + * They may not run on Windows, and they do not run in the Go Playground + * used by golang.org and godoc.org. + * + * # Executables in the current directory + * + * The functions [Command] and [LookPath] look for a program + * in the directories listed in the current path, following the + * conventions of the host operating system. + * Operating systems have for decades included the current + * directory in this search, sometimes implicitly and sometimes + * configured explicitly that way by default. + * Modern practice is that including the current directory + * is usually unexpected and often leads to security problems. + * + * To avoid those security problems, as of Go 1.19, this package will not resolve a program + * using an implicit or explicit path entry relative to the current directory. + * That is, if you run [LookPath]("go"), it will not successfully return + * ./go on Unix nor .\go.exe on Windows, no matter how the path is configured. + * Instead, if the usual path algorithms would result in that answer, + * these functions return an error err satisfying [errors.Is](err, [ErrDot]). + * + * For example, consider these two program snippets: + * + * ``` + * path, err := exec.LookPath("prog") + * if err != nil { + * log.Fatal(err) + * } + * use(path) + * ``` + * + * and + * + * ``` + * cmd := exec.Command("prog") + * if err := cmd.Run(); err != nil { + * log.Fatal(err) + * } + * ``` + * + * These will not find and run ./prog or .\prog.exe, + * no matter how the current path is configured. + * + * Code that always wants to run a program from the current directory + * can be rewritten to say "./prog" instead of "prog". + * + * Code that insists on including results from relative path entries + * can instead override the error using an errors.Is check: + * + * ``` + * path, err := exec.LookPath("prog") + * if errors.Is(err, exec.ErrDot) { + * err = nil + * } + * if err != nil { + * log.Fatal(err) + * } + * use(path) + * ``` + * + * and + * + * ``` + * cmd := exec.Command("prog") + * if errors.Is(cmd.Err, exec.ErrDot) { + * cmd.Err = nil + * } + * if err := cmd.Run(); err != nil { + * log.Fatal(err) + * } + * ``` + * + * Setting the environment variable GODEBUG=execerrdot=0 + * disables generation of ErrDot entirely, temporarily restoring the pre-Go 1.19 + * behavior for programs that are unable to apply more targeted fixes. + * A future version of Go may remove support for this variable. + * + * Before adding such overrides, make sure you understand the + * security implications of doing so. + * See https://go.dev/blog/path-security for more information. + */ +namespace exec { + interface command { + /** + * Command returns the [Cmd] struct to execute the named program with + * the given arguments. + * + * It sets only the Path and Args in the returned structure. + * + * If name contains no path separators, Command uses [LookPath] to + * resolve name to a complete path if possible. Otherwise it uses name + * directly as Path. + * + * The returned Cmd's Args field is constructed from the command name + * followed by the elements of arg, so arg should not include the + * command name itself. For example, Command("echo", "hello"). + * Args[0] is always name, not the possibly resolved Path. + * + * On Windows, processes receive the whole command line as a single string + * and do their own parsing. Command combines and quotes Args into a command + * line string with an algorithm compatible with applications using + * CommandLineToArgvW (which is the most common way). Notable exceptions are + * msiexec.exe and cmd.exe (and thus, all batch files), which have a different + * unquoting algorithm. In these or other similar cases, you can do the + * quoting yourself and provide the full command line in SysProcAttr.CmdLine, + * leaving Args empty. + */ + (name: string, ...arg: string[]): (Cmd) + } +} + +/** + * Package core is the backbone of PocketBase. + * + * It defines the main PocketBase App interface and its base implementation. + */ +namespace core { + /** + * App defines the main PocketBase app interface. + * + * Note that the interface is not intended to be implemented manually by users + * and instead they should use core.BaseApp (either directly or as embedded field in a custom struct). + * + * This interface exists to make testing easier and to allow users to + * create common and pluggable helpers and methods that doesn't rely + * on a specific wrapped app struct (hence the large interface size). + */ + interface App { + [key:string]: any; + /** + * UnsafeWithoutHooks returns a shallow copy of the current app WITHOUT any registered hooks. + * + * NB! Note that using the returned app instance may cause data integrity errors + * since the Record validations and data normalizations (including files uploads) + * rely on the app hooks to work. + */ + unsafeWithoutHooks(): App + /** + * Logger returns the default app logger. + * + * If the application is not bootstrapped yet, fallbacks to slog.Default(). + */ + logger(): (slog.Logger) + /** + * IsBootstrapped checks if the application was initialized + * (aka. whether Bootstrap() was called). + */ + isBootstrapped(): boolean + /** + * IsTransactional checks if the current app instance is part of a transaction. + */ + isTransactional(): boolean + /** + * TxInfo returns the transaction associated with the current app instance (if any). + * + * Could be used if you want to execute indirectly a function after + * the related app transaction completes using `app.TxInfo().OnAfterFunc(callback)`. + */ + txInfo(): (TxAppInfo) + /** + * Bootstrap initializes the application + * (aka. create data dir, open db connections, load settings, etc.). + * + * It will call ResetBootstrapState() if the application was already bootstrapped. + */ + bootstrap(): void + /** + * ResetBootstrapState releases the initialized core app resources + * (closing db connections, stopping cron ticker, etc.). + */ + resetBootstrapState(): void + /** + * DataDir returns the app data directory path. + */ + dataDir(): string + /** + * EncryptionEnv returns the name of the app secret env key + * (currently used primarily for optional settings encryption but this may change in the future). + */ + encryptionEnv(): string + /** + * IsDev returns whether the app is in dev mode. + * + * When enabled logs, executed sql statements, etc. are printed to the stderr. + */ + isDev(): boolean + /** + * Settings returns the loaded app settings. + */ + settings(): (Settings) + /** + * Store returns the app runtime store. + */ + store(): (store.Store) + /** + * Cron returns the app cron instance. + */ + cron(): (cron.Cron) + /** + * SubscriptionsBroker returns the app realtime subscriptions broker instance. + */ + subscriptionsBroker(): (subscriptions.Broker) + /** + * NewMailClient creates and returns a new SMTP or Sendmail client + * based on the current app settings. + */ + newMailClient(): mailer.Mailer + /** + * NewFilesystem creates a new local or S3 filesystem instance + * for managing regular app files (ex. record uploads) + * based on the current app settings. + * + * NB! Make sure to call Close() on the returned result + * after you are done working with it. + */ + newFilesystem(): (filesystem.System) + /** + * NewBackupsFilesystem creates a new local or S3 filesystem instance + * for managing app backups based on the current app settings. + * + * NB! Make sure to call Close() on the returned result + * after you are done working with it. + */ + newBackupsFilesystem(): (filesystem.System) + /** + * ReloadSettings reinitializes and reloads the stored application settings. + */ + reloadSettings(): void + /** + * CreateBackup creates a new backup of the current app pb_data directory. + * + * Backups can be stored on S3 if it is configured in app.Settings().Backups. + * + * Please refer to the godoc of the specific CoreApp implementation + * for details on the backup procedures. + */ + createBackup(ctx: context.Context, name: string): void + /** + * RestoreBackup restores the backup with the specified name and restarts + * the current running application process. + * + * The safely perform the restore it is recommended to have free disk space + * for at least 2x the size of the restored pb_data backup. + * + * Please refer to the godoc of the specific CoreApp implementation + * for details on the restore procedures. + * + * NB! This feature is experimental and currently is expected to work only on UNIX based systems. + */ + restoreBackup(ctx: context.Context, name: string): void + /** + * Restart restarts (aka. replaces) the current running application process. + * + * NB! It relies on execve which is supported only on UNIX based systems. + */ + restart(): void + /** + * RunSystemMigrations applies all new migrations registered in the [core.SystemMigrations] list. + */ + runSystemMigrations(): void + /** + * RunAppMigrations applies all new migrations registered in the [CoreAppMigrations] list. + */ + runAppMigrations(): void + /** + * RunAllMigrations applies all system and app migrations + * (aka. from both [core.SystemMigrations] and [CoreAppMigrations]). + */ + runAllMigrations(): void + /** + * DB returns the default app data.db builder instance. + * + * To minimize SQLITE_BUSY errors, it automatically routes the + * SELECT queries to the underlying concurrent db pool and everything else + * to the nonconcurrent one. + * + * For more finer control over the used connections pools you can + * call directly ConcurrentDB() or NonconcurrentDB(). + */ + db(): dbx.Builder + /** + * ConcurrentDB returns the concurrent app data.db builder instance. + * + * This method is used mainly internally for executing db read + * operations in a concurrent/non-blocking manner. + * + * Most users should use simply DB() as it will automatically + * route the query execution to ConcurrentDB() or NonconcurrentDB(). + * + * In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. + */ + concurrentDB(): dbx.Builder + /** + * NonconcurrentDB returns the nonconcurrent app data.db builder instance. + * + * The returned db instance is limited only to a single open connection, + * meaning that it can process only 1 db operation at a time (other queries queue up). + * + * This method is used mainly internally and in the tests to execute write + * (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. + * + * Most users should use simply DB() as it will automatically + * route the query execution to ConcurrentDB() or NonconcurrentDB(). + * + * In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. + */ + nonconcurrentDB(): dbx.Builder + /** + * AuxDB returns the app auxiliary.db builder instance. + * + * To minimize SQLITE_BUSY errors, it automatically routes the + * SELECT queries to the underlying concurrent db pool and everything else + * to the nonconcurrent one. + * + * For more finer control over the used connections pools you can + * call directly AuxConcurrentDB() or AuxNonconcurrentDB(). + */ + auxDB(): dbx.Builder + /** + * AuxConcurrentDB returns the concurrent app auxiliary.db builder instance. + * + * This method is used mainly internally for executing db read + * operations in a concurrent/non-blocking manner. + * + * Most users should use simply AuxDB() as it will automatically + * route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). + * + * In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. + */ + auxConcurrentDB(): dbx.Builder + /** + * AuxNonconcurrentDB returns the nonconcurrent app auxiliary.db builder instance. + * + * The returned db instance is limited only to a single open connection, + * meaning that it can process only 1 db operation at a time (other queries queue up). + * + * This method is used mainly internally and in the tests to execute write + * (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. + * + * Most users should use simply AuxDB() as it will automatically + * route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). + * + * In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. + */ + auxNonconcurrentDB(): dbx.Builder + /** + * HasTable checks if a table (or view) with the provided name exists (case insensitive). + * in the data.db. + */ + hasTable(tableName: string): boolean + /** + * AuxHasTable checks if a table (or view) with the provided name exists (case insensitive) + * in the auxiliary.db. + */ + auxHasTable(tableName: string): boolean + /** + * TableColumns returns all column names of a single table by its name. + */ + tableColumns(tableName: string): Array + /** + * TableInfo returns the "table_info" pragma result for the specified table. + */ + tableInfo(tableName: string): Array<(TableInfoRow | undefined)> + /** + * TableIndexes returns a name grouped map with all non empty index of the specified table. + * + * Note: This method doesn't return an error on nonexisting table. + */ + tableIndexes(tableName: string): _TygojaDict + /** + * DeleteTable drops the specified table. + * + * This method is a no-op if a table with the provided name doesn't exist. + * + * NB! Be aware that this method is vulnerable to SQL injection and the + * "tableName" argument must come only from trusted input! + */ + deleteTable(tableName: string): void + /** + * DeleteView drops the specified view name. + * + * This method is a no-op if a view with the provided name doesn't exist. + * + * NB! Be aware that this method is vulnerable to SQL injection and the + * "name" argument must come only from trusted input! + */ + deleteView(name: string): void + /** + * SaveView creates (or updates already existing) persistent SQL view. + * + * NB! Be aware that this method is vulnerable to SQL injection and the + * "selectQuery" argument must come only from trusted input! + */ + saveView(name: string, selectQuery: string): void + /** + * CreateViewFields creates a new FieldsList from the provided select query. + * + * There are some caveats: + * - The select query must have an "id" column. + * - Wildcard ("*") columns are not supported to avoid accidentally leaking sensitive data. + */ + createViewFields(selectQuery: string): FieldsList + /** + * FindRecordByViewFile returns the original Record of the provided view collection file. + */ + findRecordByViewFile(viewCollectionModelOrIdentifier: any, fileFieldName: string, filename: string): (Record) + /** + * Vacuum executes VACUUM on the data.db in order to reclaim unused data db disk space. + */ + vacuum(): void + /** + * AuxVacuum executes VACUUM on the auxiliary.db in order to reclaim unused auxiliary db disk space. + */ + auxVacuum(): void + /** + * ModelQuery creates a new preconfigured select data.db query with preset + * SELECT, FROM and other common fields based on the provided model. + */ + modelQuery(model: Model): (dbx.SelectQuery) + /** + * AuxModelQuery creates a new preconfigured select auxiliary.db query with preset + * SELECT, FROM and other common fields based on the provided model. + */ + auxModelQuery(model: Model): (dbx.SelectQuery) + /** + * Delete deletes the specified model from the regular app database. + */ + delete(model: Model): void + /** + * Delete deletes the specified model from the regular app database + * (the context could be used to limit the query execution). + */ + deleteWithContext(ctx: context.Context, model: Model): void + /** + * AuxDelete deletes the specified model from the auxiliary database. + */ + auxDelete(model: Model): void + /** + * AuxDeleteWithContext deletes the specified model from the auxiliary database + * (the context could be used to limit the query execution). + */ + auxDeleteWithContext(ctx: context.Context, model: Model): void + /** + * Save validates and saves the specified model into the regular app database. + * + * If you don't want to run validations, use [App.SaveNoValidate()]. + */ + save(model: Model): void + /** + * SaveWithContext is the same as [App.Save()] but allows specifying a context to limit the db execution. + * + * If you don't want to run validations, use [App.SaveNoValidateWithContext()]. + */ + saveWithContext(ctx: context.Context, model: Model): void + /** + * SaveNoValidate saves the specified model into the regular app database without performing validations. + * + * If you want to also run validations before persisting, use [App.Save()]. + */ + saveNoValidate(model: Model): void + /** + * SaveNoValidateWithContext is the same as [App.SaveNoValidate()] + * but allows specifying a context to limit the db execution. + * + * If you want to also run validations before persisting, use [App.SaveWithContext()]. + */ + saveNoValidateWithContext(ctx: context.Context, model: Model): void + /** + * AuxSave validates and saves the specified model into the auxiliary app database. + * + * If you don't want to run validations, use [App.AuxSaveNoValidate()]. + */ + auxSave(model: Model): void + /** + * AuxSaveWithContext is the same as [App.AuxSave()] but allows specifying a context to limit the db execution. + * + * If you don't want to run validations, use [App.AuxSaveNoValidateWithContext()]. + */ + auxSaveWithContext(ctx: context.Context, model: Model): void + /** + * AuxSaveNoValidate saves the specified model into the auxiliary app database without performing validations. + * + * If you want to also run validations before persisting, use [App.AuxSave()]. + */ + auxSaveNoValidate(model: Model): void + /** + * AuxSaveNoValidateWithContext is the same as [App.AuxSaveNoValidate()] + * but allows specifying a context to limit the db execution. + * + * If you want to also run validations before persisting, use [App.AuxSaveWithContext()]. + */ + auxSaveNoValidateWithContext(ctx: context.Context, model: Model): void + /** + * Validate triggers the OnModelValidate hook for the specified model. + */ + validate(model: Model): void + /** + * ValidateWithContext is the same as Validate but allows specifying the ModelEvent context. + */ + validateWithContext(ctx: context.Context, model: Model): void + /** + * RunInTransaction wraps fn into a transaction for the regular app database. + * + * It is safe to nest RunInTransaction calls as long as you use the callback's txApp. + */ + runInTransaction(fn: (txApp: App) => void): void + /** + * AuxRunInTransaction wraps fn into a transaction for the auxiliary app database. + * + * It is safe to nest RunInTransaction calls as long as you use the callback's txApp. + */ + auxRunInTransaction(fn: (txApp: App) => void): void + /** + * LogQuery returns a new Log select query. + */ + logQuery(): (dbx.SelectQuery) + /** + * FindLogById finds a single Log entry by its id. + */ + findLogById(id: string): (Log) + /** + * LogsStatsItem returns hourly grouped logs statistics. + */ + logsStats(expr: dbx.Expression): Array<(LogsStatsItem | undefined)> + /** + * DeleteOldLogs delete all logs that are created before createdBefore. + */ + deleteOldLogs(createdBefore: time.Time): void + /** + * CollectionQuery returns a new Collection select query. + */ + collectionQuery(): (dbx.SelectQuery) + /** + * FindCollections finds all collections by the given type(s). + * + * If collectionTypes is not set, it returns all collections. + * + * Example: + * + * ``` + * app.FindAllCollections() // all collections + * app.FindAllCollections("auth", "view") // only auth and view collections + * ``` + */ + findAllCollections(...collectionTypes: string[]): Array<(Collection | undefined)> + /** + * ReloadCachedCollections fetches all collections and caches them into the app store. + */ + reloadCachedCollections(): void + /** + * FindCollectionByNameOrId finds a single collection by its name (case insensitive) or id.s + */ + findCollectionByNameOrId(nameOrId: string): (Collection) + /** + * FindCachedCollectionByNameOrId is similar to [App.FindCollectionByNameOrId] + * but retrieves the Collection from the app cache instead of making a db call. + * + * NB! This method is suitable for read-only Collection operations. + * + * Returns [sql.ErrNoRows] if no Collection is found for consistency + * with the [App.FindCollectionByNameOrId] method. + * + * If you plan making changes to the returned Collection model, + * use [App.FindCollectionByNameOrId] instead. + * + * Caveats: + * + * ``` + * - The returned Collection should be used only for read-only operations. + * Avoid directly modifying the returned cached Collection as it will affect + * the global cached value even if you don't persist the changes in the database! + * - If you are updating a Collection in a transaction and then call this method before commit, + * it'll return the cached Collection state and not the one from the uncommitted transaction. + * - The cache is automatically updated on collections db change (create/update/delete). + * To manually reload the cache you can call [App.ReloadCachedCollections] + * ``` + */ + findCachedCollectionByNameOrId(nameOrId: string): (Collection) + /** + * FindCollectionReferences returns information for all relation + * fields referencing the provided collection. + * + * If the provided collection has reference to itself then it will be + * also included in the result. To exclude it, pass the collection id + * as the excludeIds argument. + */ + findCollectionReferences(collection: Collection, ...excludeIds: string[]): _TygojaDict + /** + * FindCachedCollectionReferences is similar to [App.FindCollectionReferences] + * but retrieves the Collection from the app cache instead of making a db call. + * + * NB! This method is suitable for read-only Collection operations. + * + * If you plan making changes to the returned Collection model, + * use [App.FindCollectionReferences] instead. + * + * Caveats: + * + * ``` + * - The returned Collection should be used only for read-only operations. + * Avoid directly modifying the returned cached Collection as it will affect + * the global cached value even if you don't persist the changes in the database! + * - If you are updating a Collection in a transaction and then call this method before commit, + * it'll return the cached Collection state and not the one from the uncommitted transaction. + * - The cache is automatically updated on collections db change (create/update/delete). + * To manually reload the cache you can call [App.ReloadCachedCollections]. + * ``` + */ + findCachedCollectionReferences(collection: Collection, ...excludeIds: string[]): _TygojaDict + /** + * IsCollectionNameUnique checks that there is no existing collection + * with the provided name (case insensitive!). + * + * Note: case insensitive check because the name is used also as + * table name for the records. + */ + isCollectionNameUnique(name: string, ...excludeIds: string[]): boolean + /** + * TruncateCollection deletes all records associated with the provided collection. + * + * The truncate operation is executed in a single transaction, + * aka. either everything is deleted or none. + * + * Note that this method will also trigger the records related + * cascade and file delete actions. + */ + truncateCollection(collection: Collection): void + /** + * ImportCollections imports the provided collections data in a single transaction. + * + * For existing matching collections, the imported data is unmarshaled on top of the existing model. + * + * NB! If deleteMissing is true, ALL NON-SYSTEM COLLECTIONS AND SCHEMA FIELDS, + * that are not present in the imported configuration, WILL BE DELETED + * (this includes their related records data). + */ + importCollections(toImport: Array<_TygojaDict>, deleteMissing: boolean): void + /** + * ImportCollectionsByMarshaledJSON is the same as [ImportCollections] + * but accept marshaled json array as import data (usually used for the autogenerated snapshots). + */ + importCollectionsByMarshaledJSON(rawSliceOfMaps: string|Array, deleteMissing: boolean): void + /** + * SyncRecordTableSchema compares the two provided collections + * and applies the necessary related record table changes. + * + * If oldCollection is null, then only newCollection is used to create the record table. + * + * This method is automatically invoked as part of a collection create/update/delete operation. + */ + syncRecordTableSchema(newCollection: Collection, oldCollection: Collection): void + /** + * FindAllExternalAuthsByRecord returns all ExternalAuth models + * linked to the provided auth record. + */ + findAllExternalAuthsByRecord(authRecord: Record): Array<(ExternalAuth | undefined)> + /** + * FindAllExternalAuthsByCollection returns all ExternalAuth models + * linked to the provided auth collection. + */ + findAllExternalAuthsByCollection(collection: Collection): Array<(ExternalAuth | undefined)> + /** + * FindFirstExternalAuthByExpr returns the first available (the most recent created) + * ExternalAuth model that satisfies the non-nil expression. + */ + findFirstExternalAuthByExpr(expr: dbx.Expression): (ExternalAuth) + /** + * FindAllMFAsByRecord returns all MFA models linked to the provided auth record. + */ + findAllMFAsByRecord(authRecord: Record): Array<(MFA | undefined)> + /** + * FindAllMFAsByCollection returns all MFA models linked to the provided collection. + */ + findAllMFAsByCollection(collection: Collection): Array<(MFA | undefined)> + /** + * FindMFAById returns a single MFA model by its id. + */ + findMFAById(id: string): (MFA) + /** + * DeleteAllMFAsByRecord deletes all MFA models associated with the provided record. + * + * Returns a combined error with the failed deletes. + */ + deleteAllMFAsByRecord(authRecord: Record): void + /** + * DeleteExpiredMFAs deletes the expired MFAs for all auth collections. + */ + deleteExpiredMFAs(): void + /** + * FindAllOTPsByRecord returns all OTP models linked to the provided auth record. + */ + findAllOTPsByRecord(authRecord: Record): Array<(OTP | undefined)> + /** + * FindAllOTPsByCollection returns all OTP models linked to the provided collection. + */ + findAllOTPsByCollection(collection: Collection): Array<(OTP | undefined)> + /** + * FindOTPById returns a single OTP model by its id. + */ + findOTPById(id: string): (OTP) + /** + * DeleteAllOTPsByRecord deletes all OTP models associated with the provided record. + * + * Returns a combined error with the failed deletes. + */ + deleteAllOTPsByRecord(authRecord: Record): void + /** + * DeleteExpiredOTPs deletes the expired OTPs for all auth collections. + */ + deleteExpiredOTPs(): void + /** + * FindAllAuthOriginsByRecord returns all AuthOrigin models linked to the provided auth record (in DESC order). + */ + findAllAuthOriginsByRecord(authRecord: Record): Array<(AuthOrigin | undefined)> + /** + * FindAllAuthOriginsByCollection returns all AuthOrigin models linked to the provided collection (in DESC order). + */ + findAllAuthOriginsByCollection(collection: Collection): Array<(AuthOrigin | undefined)> + /** + * FindAuthOriginById returns a single AuthOrigin model by its id. + */ + findAuthOriginById(id: string): (AuthOrigin) + /** + * FindAuthOriginByRecordAndFingerprint returns a single AuthOrigin model + * by its authRecord relation and fingerprint. + */ + findAuthOriginByRecordAndFingerprint(authRecord: Record, fingerprint: string): (AuthOrigin) + /** + * DeleteAllAuthOriginsByRecord deletes all AuthOrigin models associated with the provided record. + * + * Returns a combined error with the failed deletes. + */ + deleteAllAuthOriginsByRecord(authRecord: Record): void + /** + * RecordQuery returns a new Record select query from a collection model, id or name. + * + * In case a collection id or name is provided and that collection doesn't + * actually exists, the generated query will be created with a cancelled context + * and will fail once an executor (Row(), One(), All(), etc.) is called. + */ + recordQuery(collectionModelOrIdentifier: any): (dbx.SelectQuery) + /** + * FindRecordById finds the Record model by its id. + */ + findRecordById(collectionModelOrIdentifier: any, recordId: string, ...optFilters: ((q: dbx.SelectQuery) => void)[]): (Record) + /** + * FindRecordsByIds finds all records by the specified ids. + * If no records are found, returns an empty slice. + */ + findRecordsByIds(collectionModelOrIdentifier: any, recordIds: Array, ...optFilters: ((q: dbx.SelectQuery) => void)[]): Array<(Record | undefined)> + /** + * FindAllRecords finds all records matching specified db expressions. + * + * Returns all collection records if no expression is provided. + * + * Returns an empty slice if no records are found. + * + * Example: + * + * ``` + * // no extra expressions + * app.FindAllRecords("example") + * + * // with extra expressions + * expr1 := dbx.HashExp{"email": "test@example.com"} + * expr2 := dbx.NewExp("LOWER(username) = {:username}", dbx.Params{"username": "test"}) + * app.FindAllRecords("example", expr1, expr2) + * ``` + */ + findAllRecords(collectionModelOrIdentifier: any, ...exprs: dbx.Expression[]): Array<(Record | undefined)> + /** + * FindFirstRecordByData returns the first found record matching + * the provided key-value pair. + */ + findFirstRecordByData(collectionModelOrIdentifier: any, key: string, value: any): (Record) + /** + * FindRecordsByFilter returns limit number of records matching the + * provided string filter. + * + * NB! Use the last "params" argument to bind untrusted user variables! + * + * The filter argument is optional and can be empty string to target + * all available records. + * + * The sort argument is optional and can be empty string OR the same format + * used in the web APIs, ex. "-created,title". + * + * If the limit argument is <= 0, no limit is applied to the query and + * all matching records are returned. + * + * Returns an empty slice if no records are found. + * + * Example: + * + * ``` + * app.FindRecordsByFilter( + * "posts", + * "title ~ {:title} && visible = {:visible}", + * "-created", + * 10, + * 0, + * dbx.Params{"title": "lorem ipsum", "visible": true} + * ) + * ``` + */ + findRecordsByFilter(collectionModelOrIdentifier: any, filter: string, sort: string, limit: number, offset: number, ...params: dbx.Params[]): Array<(Record | undefined)> + /** + * FindFirstRecordByFilter returns the first available record matching the provided filter (if any). + * + * NB! Use the last params argument to bind untrusted user variables! + * + * Returns sql.ErrNoRows if no record is found. + * + * Example: + * + * ``` + * app.FindFirstRecordByFilter("posts", "") + * app.FindFirstRecordByFilter("posts", "slug={:slug} && status='public'", dbx.Params{"slug": "test"}) + * ``` + */ + findFirstRecordByFilter(collectionModelOrIdentifier: any, filter: string, ...params: dbx.Params[]): (Record) + /** + * CountRecords returns the total number of records in a collection. + */ + countRecords(collectionModelOrIdentifier: any, ...exprs: dbx.Expression[]): number + /** + * FindAuthRecordByToken finds the auth record associated with the provided JWT + * (auth, file, verifyEmail, changeEmail, passwordReset types). + * + * Optionally specify a list of validTypes to check tokens only from those types. + * + * Returns an error if the JWT is invalid, expired or not associated to an auth collection record. + */ + findAuthRecordByToken(token: string, ...validTypes: string[]): (Record) + /** + * FindAuthRecordByEmail finds the auth record associated with the provided email. + * + * Returns an error if it is not an auth collection or the record is not found. + */ + findAuthRecordByEmail(collectionModelOrIdentifier: any, email: string): (Record) + /** + * CanAccessRecord checks if a record is allowed to be accessed by the + * specified requestInfo and accessRule. + * + * Rule and db checks are ignored in case requestInfo.Auth is a superuser. + * + * The returned error indicate that something unexpected happened during + * the check (eg. invalid rule or db query error). + * + * The method always return false on invalid rule or db query error. + * + * Example: + * + * ``` + * requestInfo, _ := e.RequestInfo() + * record, _ := app.FindRecordById("example", "RECORD_ID") + * rule := types.Pointer("@request.auth.id != '' || status = 'public'") + * // ... or use one of the record collection's rule, eg. record.Collection().ViewRule + * + * if ok, _ := app.CanAccessRecord(record, requestInfo, rule); ok { ... } + * ``` + */ + canAccessRecord(record: Record, requestInfo: RequestInfo, accessRule: string): boolean + /** + * ExpandRecord expands the relations of a single Record model. + * + * If optFetchFunc is not set, then a default function will be used + * that returns all relation records. + * + * Returns a map with the failed expand parameters and their errors. + */ + expandRecord(record: Record, expands: Array, optFetchFunc: ExpandFetchFunc): _TygojaDict + /** + * ExpandRecords expands the relations of the provided Record models list. + * + * If optFetchFunc is not set, then a default function will be used + * that returns all relation records. + * + * Returns a map with the failed expand parameters and their errors. + */ + expandRecords(records: Array<(Record | undefined)>, expands: Array, optFetchFunc: ExpandFetchFunc): _TygojaDict + /** + * OnBootstrap hook is triggered when initializing the main application + * resources (db, app settings, etc). + */ + onBootstrap(): (hook.Hook) + /** + * OnServe hook is triggered when the app web server is started + * (after starting the TCP listener but before initializing the blocking serve task), + * allowing you to adjust its options and attach new routes or middlewares. + */ + onServe(): (hook.Hook) + /** + * OnTerminate hook is triggered when the app is in the process + * of being terminated (ex. on SIGTERM signal). + * + * Note that the app could be terminated abruptly without awaiting the hook completion. + */ + onTerminate(): (hook.Hook) + /** + * OnBackupCreate hook is triggered on each [App.CreateBackup] call. + */ + onBackupCreate(): (hook.Hook) + /** + * OnBackupRestore hook is triggered before app backup restore (aka. [App.RestoreBackup] call). + * + * Note that by default on success the application is restarted and the after state of the hook is ignored. + */ + onBackupRestore(): (hook.Hook) + /** + * OnModelValidate is triggered every time when a model is being validated + * (e.g. triggered by App.Validate() or App.Save()). + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelValidate(...tags: string[]): (hook.TaggedHook) + /** + * OnModelCreate is triggered every time when a new model is being created + * (e.g. triggered by App.Save()). + * + * Operations BEFORE the e.Next() execute before the model validation + * and the INSERT DB statement. + * + * Operations AFTER the e.Next() execute after the model validation + * and the INSERT DB statement. + * + * Note that successful execution doesn't guarantee that the model + * is persisted in the database since its wrapping transaction may + * not have been committed yet. + * If you want to listen to only the actual persisted events, you can + * bind to [OnModelAfterCreateSuccess] or [OnModelAfterCreateError] hooks. + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelCreate(...tags: string[]): (hook.TaggedHook) + /** + * OnModelCreateExecute is triggered after successful Model validation + * and right before the model INSERT DB statement execution. + * + * Usually it is triggered as part of the App.Save() in the following firing order: + * OnModelCreate { + * ``` + * -> OnModelValidate (skipped with App.SaveNoValidate()) + * -> OnModelCreateExecute + * ``` + * } + * + * Note that successful execution doesn't guarantee that the model + * is persisted in the database since its wrapping transaction may have been + * committed yet. + * If you want to listen to only the actual persisted events, + * you can bind to [OnModelAfterCreateSuccess] or [OnModelAfterCreateError] hooks. + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelCreateExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnModelAfterCreateSuccess is triggered after each successful + * Model DB create persistence. + * + * Note that when a Model is persisted as part of a transaction, + * this hook is delayed and executed only AFTER the transaction has been committed. + * This hook is NOT triggered in case the transaction rollbacks + * (aka. when the model wasn't persisted). + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelAfterCreateSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnModelAfterCreateError is triggered after each failed + * Model DB create persistence. + * + * Note that the execution of this hook is either immediate or delayed + * depending on the error: + * ``` + * - "immediate" on App.Save() failure + * - "delayed" on transaction rollback + * ``` + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelAfterCreateError(...tags: string[]): (hook.TaggedHook) + /** + * OnModelUpdate is triggered every time when a new model is being updated + * (e.g. triggered by App.Save()). + * + * Operations BEFORE the e.Next() execute before the model validation + * and the UPDATE DB statement. + * + * Operations AFTER the e.Next() execute after the model validation + * and the UPDATE DB statement. + * + * Note that successful execution doesn't guarantee that the model + * is persisted in the database since its wrapping transaction may + * not have been committed yet. + * If you want to listen to only the actual persisted events, you can + * bind to [OnModelAfterUpdateSuccess] or [OnModelAfterUpdateError] hooks. + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelUpdate(...tags: string[]): (hook.TaggedHook) + /** + * OnModelUpdateExecute is triggered after successful Model validation + * and right before the model UPDATE DB statement execution. + * + * Usually it is triggered as part of the App.Save() in the following firing order: + * OnModelUpdate { + * ``` + * -> OnModelValidate (skipped with App.SaveNoValidate()) + * -> OnModelUpdateExecute + * ``` + * } + * + * Note that successful execution doesn't guarantee that the model + * is persisted in the database since its wrapping transaction may have been + * committed yet. + * If you want to listen to only the actual persisted events, + * you can bind to [OnModelAfterUpdateSuccess] or [OnModelAfterUpdateError] hooks. + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelUpdateExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnModelAfterUpdateSuccess is triggered after each successful + * Model DB update persistence. + * + * Note that when a Model is persisted as part of a transaction, + * this hook is delayed and executed only AFTER the transaction has been committed. + * This hook is NOT triggered in case the transaction rollbacks + * (aka. when the model changes weren't persisted). + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelAfterUpdateSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnModelAfterUpdateError is triggered after each failed + * Model DB update persistence. + * + * Note that the execution of this hook is either immediate or delayed + * depending on the error: + * ``` + * - "immediate" on App.Save() failure + * - "delayed" on transaction rollback + * ``` + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelAfterUpdateError(...tags: string[]): (hook.TaggedHook) + /** + * OnModelDelete is triggered every time when a new model is being deleted + * (e.g. triggered by App.Delete()). + * + * Note that successful execution doesn't guarantee that the model + * is deleted from the database since its wrapping transaction may + * not have been committed yet. + * If you want to listen to only the actual persisted deleted events, you can + * bind to [OnModelAfterDeleteSuccess] or [OnModelAfterDeleteError] hooks. + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelDelete(...tags: string[]): (hook.TaggedHook) + /** + * OnModelUpdateExecute is triggered right before the model + * DELETE DB statement execution. + * + * Usually it is triggered as part of the App.Delete() in the following firing order: + * OnModelDelete { + * ``` + * -> (internal delete checks) + * -> OnModelDeleteExecute + * ``` + * } + * + * Note that successful execution doesn't guarantee that the model + * is deleted from the database since its wrapping transaction may + * not have been committed yet. + * If you want to listen to only the actual persisted deleted events, you can + * bind to [OnModelAfterDeleteSuccess] or [OnModelAfterDeleteError] hooks. + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelDeleteExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnModelAfterDeleteSuccess is triggered after each successful + * Model DB delete persistence. + * + * Note that when a Model is deleted as part of a transaction, + * this hook is delayed and executed only AFTER the transaction has been committed. + * This hook is NOT triggered in case the transaction rollbacks + * (aka. when the model delete wasn't persisted). + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelAfterDeleteSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnModelAfterDeleteError is triggered after each failed + * Model DB delete persistence. + * + * Note that the execution of this hook is either immediate or delayed + * depending on the error: + * ``` + * - "immediate" on App.Delete() failure + * - "delayed" on transaction rollback + * ``` + * + * For convenience, if you want to listen to only the Record models + * events without doing manual type assertion, you can attach to the OnRecord* proxy hooks. + * + * If the optional "tags" list (Collection id/name, Model table name, etc.) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onModelAfterDeleteError(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordEnrich is triggered every time when a record is enriched + * (as part of the builtin Record responses, during realtime message seriazation, or when [apis.EnrichRecord] is invoked). + * + * It could be used for example to redact/hide or add computed temporary + * Record model props only for the specific request info. For example: + * + * app.OnRecordEnrich("posts").BindFunc(func(e core.*RecordEnrichEvent) { + * ``` + * // hide one or more fields + * e.Record.Hide("role") + * + * // add new custom field for registered users + * if e.RequestInfo.Auth != nil && e.RequestInfo.Auth.Collection().Name == "users" { + * e.Record.WithCustomData(true) // for security requires explicitly allowing it + * e.Record.Set("computedScore", e.Record.GetInt("score") * e.RequestInfo.Auth.GetInt("baseScore")) + * } + * + * return e.Next() + * ``` + * }) + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordEnrich(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordValidate is a Record proxy model hook of [OnModelValidate]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordValidate(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordCreate is a Record proxy model hook of [OnModelCreate]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordCreate(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordCreateExecute is a Record proxy model hook of [OnModelCreateExecute]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordCreateExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAfterCreateSuccess is a Record proxy model hook of [OnModelAfterCreateSuccess]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAfterCreateSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAfterCreateError is a Record proxy model hook of [OnModelAfterCreateError]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAfterCreateError(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordUpdate is a Record proxy model hook of [OnModelUpdate]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordUpdate(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordUpdateExecute is a Record proxy model hook of [OnModelUpdateExecute]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordUpdateExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAfterUpdateSuccess is a Record proxy model hook of [OnModelAfterUpdateSuccess]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAfterUpdateSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAfterUpdateError is a Record proxy model hook of [OnModelAfterUpdateError]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAfterUpdateError(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordDelete is a Record proxy model hook of [OnModelDelete]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordDelete(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordDeleteExecute is a Record proxy model hook of [OnModelDeleteExecute]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordDeleteExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAfterDeleteSuccess is a Record proxy model hook of [OnModelAfterDeleteSuccess]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAfterDeleteSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAfterDeleteError is a Record proxy model hook of [OnModelAfterDeleteError]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAfterDeleteError(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionValidate is a Collection proxy model hook of [OnModelValidate]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionValidate(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionCreate is a Collection proxy model hook of [OnModelCreate]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionCreate(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionCreateExecute is a Collection proxy model hook of [OnModelCreateExecute]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionCreateExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionAfterCreateSuccess is a Collection proxy model hook of [OnModelAfterCreateSuccess]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionAfterCreateSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionAfterCreateError is a Collection proxy model hook of [OnModelAfterCreateError]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionAfterCreateError(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionUpdate is a Collection proxy model hook of [OnModelUpdate]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionUpdate(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionUpdateExecute is a Collection proxy model hook of [OnModelUpdateExecute]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionUpdateExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionAfterUpdateSuccess is a Collection proxy model hook of [OnModelAfterUpdateSuccess]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionAfterUpdateSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionAfterUpdateError is a Collection proxy model hook of [OnModelAfterUpdateError]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionAfterUpdateError(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionDelete is a Collection proxy model hook of [OnModelDelete]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionDelete(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionDeleteExecute is a Collection proxy model hook of [OnModelDeleteExecute]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionDeleteExecute(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionAfterDeleteSuccess is a Collection proxy model hook of [OnModelAfterDeleteSuccess]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionAfterDeleteSuccess(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionAfterDeleteError is a Collection proxy model hook of [OnModelAfterDeleteError]. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onCollectionAfterDeleteError(...tags: string[]): (hook.TaggedHook) + /** + * OnMailerSend hook is triggered every time when a new email is + * being send using the [App.NewMailClient()] instance. + * + * It allows intercepting the email message or to use a custom mailer client. + */ + onMailerSend(): (hook.Hook) + /** + * OnMailerRecordAuthAlertSend hook is triggered when + * sending a new device login auth alert email, allowing you to + * intercept and customize the email message that is being sent. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onMailerRecordAuthAlertSend(...tags: string[]): (hook.TaggedHook) + /** + * OnMailerBeforeRecordResetPasswordSend hook is triggered when + * sending a password reset email to an auth record, allowing + * you to intercept and customize the email message that is being sent. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onMailerRecordPasswordResetSend(...tags: string[]): (hook.TaggedHook) + /** + * OnMailerBeforeRecordVerificationSend hook is triggered when + * sending a verification email to an auth record, allowing + * you to intercept and customize the email message that is being sent. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onMailerRecordVerificationSend(...tags: string[]): (hook.TaggedHook) + /** + * OnMailerRecordEmailChangeSend hook is triggered when sending a + * confirmation new address email to an auth record, allowing + * you to intercept and customize the email message that is being sent. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onMailerRecordEmailChangeSend(...tags: string[]): (hook.TaggedHook) + /** + * OnMailerRecordOTPSend hook is triggered when sending an OTP email + * to an auth record, allowing you to intercept and customize the + * email message that is being sent. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onMailerRecordOTPSend(...tags: string[]): (hook.TaggedHook) + /** + * OnRealtimeConnectRequest hook is triggered when establishing the SSE client connection. + * + * Any execution after e.Next() of a hook handler happens after the client disconnects. + */ + onRealtimeConnectRequest(): (hook.Hook) + /** + * OnRealtimeMessageSend hook is triggered when sending an SSE message to a client. + */ + onRealtimeMessageSend(): (hook.Hook) + /** + * OnRealtimeSubscribeRequest hook is triggered when updating the + * client subscriptions, allowing you to further validate and + * modify the submitted change. + */ + onRealtimeSubscribeRequest(): (hook.Hook) + /** + * OnSettingsListRequest hook is triggered on each API Settings list request. + * + * Could be used to validate or modify the response before returning it to the client. + */ + onSettingsListRequest(): (hook.Hook) + /** + * OnSettingsUpdateRequest hook is triggered on each API Settings update request. + * + * Could be used to additionally validate the request data or + * implement completely different persistence behavior. + */ + onSettingsUpdateRequest(): (hook.Hook) + /** + * OnSettingsReload hook is triggered every time when the App.Settings() + * is being replaced with a new state. + * + * Calling App.Settings() after e.Next() returns the new state. + */ + onSettingsReload(): (hook.Hook) + /** + * OnFileDownloadRequest hook is triggered before each API File download request. + * + * Could be used to validate or modify the file response before + * returning it to the client. + */ + onFileDownloadRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnFileBeforeTokenRequest hook is triggered on each auth file token API request. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onFileTokenRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAuthRequest hook is triggered on each successful API + * record authentication request (sign-in, token refresh, etc.). + * + * Could be used to additionally validate or modify the authenticated + * record data and token. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAuthRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAuthWithPasswordRequest hook is triggered on each + * Record auth with password API request. + * + * [RecordAuthWithPasswordRequestEvent.Record] could be nil if no matching identity is found, allowing + * you to manually locate a different Record model (by reassigning [RecordAuthWithPasswordRequestEvent.Record]). + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAuthWithPasswordRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAuthWithOAuth2Request hook is triggered on each Record + * OAuth2 sign-in/sign-up API request (after token exchange and before external provider linking). + * + * If [RecordAuthWithOAuth2RequestEvent.Record] is not set, then the OAuth2 + * request will try to create a new auth Record. + * + * To assign or link a different existing record model you can + * change the [RecordAuthWithOAuth2RequestEvent.Record] field. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAuthWithOAuth2Request(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAuthRefreshRequest hook is triggered on each Record + * auth refresh API request (right before generating a new auth token). + * + * Could be used to additionally validate the request data or implement + * completely different auth refresh behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAuthRefreshRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordRequestPasswordResetRequest hook is triggered on + * each Record request password reset API request. + * + * Could be used to additionally validate the request data or implement + * completely different password reset behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordRequestPasswordResetRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordConfirmPasswordResetRequest hook is triggered on + * each Record confirm password reset API request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordConfirmPasswordResetRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordRequestVerificationRequest hook is triggered on + * each Record request verification API request. + * + * Could be used to additionally validate the loaded request data or implement + * completely different verification behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordRequestVerificationRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordConfirmVerificationRequest hook is triggered on each + * Record confirm verification API request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordConfirmVerificationRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordRequestEmailChangeRequest hook is triggered on each + * Record request email change API request. + * + * Could be used to additionally validate the request data or implement + * completely different request email change behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordRequestEmailChangeRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordConfirmEmailChangeRequest hook is triggered on each + * Record confirm email change API request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordConfirmEmailChangeRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordRequestOTPRequest hook is triggered on each Record + * request OTP API request. + * + * [RecordCreateOTPRequestEvent.Record] could be nil if no matching identity is found, allowing + * you to manually create or locate a different Record model (by reassigning [RecordCreateOTPRequestEvent.Record]). + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordRequestOTPRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordAuthWithOTPRequest hook is triggered on each Record + * auth with OTP API request. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordAuthWithOTPRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordsListRequest hook is triggered on each API Records list request. + * + * Could be used to validate or modify the response before returning it to the client. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordsListRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordViewRequest hook is triggered on each API Record view request. + * + * Could be used to validate or modify the response before returning it to the client. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordViewRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordCreateRequest hook is triggered on each API Record create request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordCreateRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordUpdateRequest hook is triggered on each API Record update request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordUpdateRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnRecordDeleteRequest hook is triggered on each API Record delete request. + * + * Could be used to additionally validate the request data or implement + * completely different delete behavior. + * + * If the optional "tags" list (Collection ids or names) is specified, + * then all event handlers registered via the created hook will be + * triggered and called only if their event data origin matches the tags. + */ + onRecordDeleteRequest(...tags: string[]): (hook.TaggedHook) + /** + * OnCollectionsListRequest hook is triggered on each API Collections list request. + * + * Could be used to validate or modify the response before returning it to the client. + */ + onCollectionsListRequest(): (hook.Hook) + /** + * OnCollectionViewRequest hook is triggered on each API Collection view request. + * + * Could be used to validate or modify the response before returning it to the client. + */ + onCollectionViewRequest(): (hook.Hook) + /** + * OnCollectionCreateRequest hook is triggered on each API Collection create request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + */ + onCollectionCreateRequest(): (hook.Hook) + /** + * OnCollectionUpdateRequest hook is triggered on each API Collection update request. + * + * Could be used to additionally validate the request data or implement + * completely different persistence behavior. + */ + onCollectionUpdateRequest(): (hook.Hook) + /** + * OnCollectionDeleteRequest hook is triggered on each API Collection delete request. + * + * Could be used to additionally validate the request data or implement + * completely different delete behavior. + */ + onCollectionDeleteRequest(): (hook.Hook) + /** + * OnCollectionsBeforeImportRequest hook is triggered on each API + * collections import request. + * + * Could be used to additionally validate the imported collections or + * to implement completely different import behavior. + */ + onCollectionsImportRequest(): (hook.Hook) + /** + * OnBatchRequest hook is triggered on each API batch request. + * + * Could be used to additionally validate or modify the submitted batch requests. + */ + onBatchRequest(): (hook.Hook) + } + // @ts-ignore + import validation = ozzo_validation + /** + * AuthOrigin defines a Record proxy for working with the authOrigins collection. + */ + type _sUmzkLl = Record + interface AuthOrigin extends _sUmzkLl { + } + interface newAuthOrigin { + /** + * NewAuthOrigin instantiates and returns a new blank *AuthOrigin model. + * + * Example usage: + * + * ``` + * origin := core.NewOrigin(app) + * origin.SetRecordRef(user.Id) + * origin.SetCollectionRef(user.Collection().Id) + * origin.SetFingerprint("...") + * app.Save(origin) + * ``` + */ + (app: App): (AuthOrigin) + } + interface AuthOrigin { + /** + * PreValidate implements the [PreValidator] interface and checks + * whether the proxy is properly loaded. + */ + preValidate(ctx: context.Context, app: App): void + } + interface AuthOrigin { + /** + * ProxyRecord returns the proxied Record model. + */ + proxyRecord(): (Record) + } + interface AuthOrigin { + /** + * SetProxyRecord loads the specified record model into the current proxy. + */ + setProxyRecord(record: Record): void + } + interface AuthOrigin { + /** + * CollectionRef returns the "collectionRef" field value. + */ + collectionRef(): string + } + interface AuthOrigin { + /** + * SetCollectionRef updates the "collectionRef" record field value. + */ + setCollectionRef(collectionId: string): void + } + interface AuthOrigin { + /** + * RecordRef returns the "recordRef" record field value. + */ + recordRef(): string + } + interface AuthOrigin { + /** + * SetRecordRef updates the "recordRef" record field value. + */ + setRecordRef(recordId: string): void + } + interface AuthOrigin { + /** + * Fingerprint returns the "fingerprint" record field value. + */ + fingerprint(): string + } + interface AuthOrigin { + /** + * SetFingerprint updates the "fingerprint" record field value. + */ + setFingerprint(fingerprint: string): void + } + interface AuthOrigin { + /** + * Created returns the "created" record field value. + */ + created(): types.DateTime + } + interface AuthOrigin { + /** + * Updated returns the "updated" record field value. + */ + updated(): types.DateTime + } + interface BaseApp { + /** + * FindAllAuthOriginsByRecord returns all AuthOrigin models linked to the provided auth record (in DESC order). + */ + findAllAuthOriginsByRecord(authRecord: Record): Array<(AuthOrigin | undefined)> + } + interface BaseApp { + /** + * FindAllAuthOriginsByCollection returns all AuthOrigin models linked to the provided collection (in DESC order). + */ + findAllAuthOriginsByCollection(collection: Collection): Array<(AuthOrigin | undefined)> + } + interface BaseApp { + /** + * FindAuthOriginById returns a single AuthOrigin model by its id. + */ + findAuthOriginById(id: string): (AuthOrigin) + } + interface BaseApp { + /** + * FindAuthOriginByRecordAndFingerprint returns a single AuthOrigin model + * by its authRecord relation and fingerprint. + */ + findAuthOriginByRecordAndFingerprint(authRecord: Record, fingerprint: string): (AuthOrigin) + } + interface BaseApp { + /** + * DeleteAllAuthOriginsByRecord deletes all AuthOrigin models associated with the provided record. + * + * Returns a combined error with the failed deletes. + */ + deleteAllAuthOriginsByRecord(authRecord: Record): void + } + /** + * FilesManager defines an interface with common methods that files manager models should implement. + */ + interface FilesManager { + [key:string]: any; + /** + * BaseFilesPath returns the storage dir path used by the interface instance. + */ + baseFilesPath(): string + } + /** + * DBConnectFunc defines a database connection initialization function. + */ + interface DBConnectFunc {(dbPath: string): (dbx.DB) } + /** + * BaseAppConfig defines a BaseApp configuration option + */ + interface BaseAppConfig { + dbConnect: DBConnectFunc + dataDir: string + encryptionEnv: string + queryTimeout: time.Duration + dataMaxOpenConns: number + dataMaxIdleConns: number + auxMaxOpenConns: number + auxMaxIdleConns: number + isDev: boolean + } + /** + * BaseApp implements CoreApp and defines the base PocketBase app structure. + */ + interface BaseApp { + } + interface newBaseApp { + /** + * NewBaseApp creates and returns a new BaseApp instance + * configured with the provided arguments. + * + * To initialize the app, you need to call `app.Bootstrap()`. + */ + (config: BaseAppConfig): (BaseApp) + } + interface BaseApp { + /** + * UnsafeWithoutHooks returns a shallow copy of the current app WITHOUT any registered hooks. + * + * NB! Note that using the returned app instance may cause data integrity errors + * since the Record validations and data normalizations (including files uploads) + * rely on the app hooks to work. + */ + unsafeWithoutHooks(): App + } + interface BaseApp { + /** + * Logger returns the default app logger. + * + * If the application is not bootstrapped yet, fallbacks to slog.Default(). + */ + logger(): (slog.Logger) + } + interface BaseApp { + /** + * TxInfo returns the transaction associated with the current app instance (if any). + * + * Could be used if you want to execute indirectly a function after + * the related app transaction completes using `app.TxInfo().OnAfterFunc(callback)`. + */ + txInfo(): (TxAppInfo) + } + interface BaseApp { + /** + * IsTransactional checks if the current app instance is part of a transaction. + */ + isTransactional(): boolean + } + interface BaseApp { + /** + * IsBootstrapped checks if the application was initialized + * (aka. whether Bootstrap() was called). + */ + isBootstrapped(): boolean + } + interface BaseApp { + /** + * Bootstrap initializes the application + * (aka. create data dir, open db connections, load settings, etc.). + * + * It will call ResetBootstrapState() if the application was already bootstrapped. + */ + bootstrap(): void + } + interface closer { + [key:string]: any; + close(): void + } + interface BaseApp { + /** + * ResetBootstrapState releases the initialized core app resources + * (closing db connections, stopping cron ticker, etc.). + */ + resetBootstrapState(): void + } + interface BaseApp { + /** + * DB returns the default app data.db builder instance. + * + * To minimize SQLITE_BUSY errors, it automatically routes the + * SELECT queries to the underlying concurrent db pool and everything + * else to the nonconcurrent one. + * + * For more finer control over the used connections pools you can + * call directly ConcurrentDB() or NonconcurrentDB(). + */ + db(): dbx.Builder + } + interface BaseApp { + /** + * ConcurrentDB returns the concurrent app data.db builder instance. + * + * This method is used mainly internally for executing db read + * operations in a concurrent/non-blocking manner. + * + * Most users should use simply DB() as it will automatically + * route the query execution to ConcurrentDB() or NonconcurrentDB(). + * + * In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. + */ + concurrentDB(): dbx.Builder + } + interface BaseApp { + /** + * NonconcurrentDB returns the nonconcurrent app data.db builder instance. + * + * The returned db instance is limited only to a single open connection, + * meaning that it can process only 1 db operation at a time (other queries queue up). + * + * This method is used mainly internally and in the tests to execute write + * (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. + * + * Most users should use simply DB() as it will automatically + * route the query execution to ConcurrentDB() or NonconcurrentDB(). + * + * In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance. + */ + nonconcurrentDB(): dbx.Builder + } + interface BaseApp { + /** + * AuxDB returns the app auxiliary.db builder instance. + * + * To minimize SQLITE_BUSY errors, it automatically routes the + * SELECT queries to the underlying concurrent db pool and everything + * else to the nonconcurrent one. + * + * For more finer control over the used connections pools you can + * call directly AuxConcurrentDB() or AuxNonconcurrentDB(). + */ + auxDB(): dbx.Builder + } + interface BaseApp { + /** + * AuxConcurrentDB returns the concurrent app auxiliary.db builder instance. + * + * This method is used mainly internally for executing db read + * operations in a concurrent/non-blocking manner. + * + * Most users should use simply AuxDB() as it will automatically + * route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). + * + * In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. + */ + auxConcurrentDB(): dbx.Builder + } + interface BaseApp { + /** + * AuxNonconcurrentDB returns the nonconcurrent app auxiliary.db builder instance. + * + * The returned db instance is limited only to a single open connection, + * meaning that it can process only 1 db operation at a time (other queries queue up). + * + * This method is used mainly internally and in the tests to execute write + * (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors. + * + * Most users should use simply AuxDB() as it will automatically + * route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB(). + * + * In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance. + */ + auxNonconcurrentDB(): dbx.Builder + } + interface BaseApp { + /** + * DataDir returns the app data directory path. + */ + dataDir(): string + } + interface BaseApp { + /** + * EncryptionEnv returns the name of the app secret env key + * (currently used primarily for optional settings encryption but this may change in the future). + */ + encryptionEnv(): string + } + interface BaseApp { + /** + * IsDev returns whether the app is in dev mode. + * + * When enabled logs, executed sql statements, etc. are printed to the stderr. + */ + isDev(): boolean + } + interface BaseApp { + /** + * Settings returns the loaded app settings. + */ + settings(): (Settings) + } + interface BaseApp { + /** + * Store returns the app runtime store. + */ + store(): (store.Store) + } + interface BaseApp { + /** + * Cron returns the app cron instance. + */ + cron(): (cron.Cron) + } + interface BaseApp { + /** + * SubscriptionsBroker returns the app realtime subscriptions broker instance. + */ + subscriptionsBroker(): (subscriptions.Broker) + } + interface BaseApp { + /** + * NewMailClient creates and returns a new SMTP or Sendmail client + * based on the current app settings. + */ + newMailClient(): mailer.Mailer + } + interface BaseApp { + /** + * NewFilesystem creates a new local or S3 filesystem instance + * for managing regular app files (ex. record uploads) + * based on the current app settings. + * + * NB! Make sure to call Close() on the returned result + * after you are done working with it. + */ + newFilesystem(): (filesystem.System) + } + interface BaseApp { + /** + * NewBackupsFilesystem creates a new local or S3 filesystem instance + * for managing app backups based on the current app settings. + * + * NB! Make sure to call Close() on the returned result + * after you are done working with it. + */ + newBackupsFilesystem(): (filesystem.System) + } + interface BaseApp { + /** + * Restart restarts (aka. replaces) the current running application process. + * + * NB! It relies on execve which is supported only on UNIX based systems. + */ + restart(): void + } + interface BaseApp { + /** + * RunSystemMigrations applies all new migrations registered in the [core.SystemMigrations] list. + */ + runSystemMigrations(): void + } + interface BaseApp { + /** + * RunAppMigrations applies all new migrations registered in the [CoreAppMigrations] list. + */ + runAppMigrations(): void + } + interface BaseApp { + /** + * RunAllMigrations applies all system and app migrations + * (aka. from both [core.SystemMigrations] and [CoreAppMigrations]). + */ + runAllMigrations(): void + } + interface BaseApp { + onBootstrap(): (hook.Hook) + } + interface BaseApp { + onServe(): (hook.Hook) + } + interface BaseApp { + onTerminate(): (hook.Hook) + } + interface BaseApp { + onBackupCreate(): (hook.Hook) + } + interface BaseApp { + onBackupRestore(): (hook.Hook) + } + interface BaseApp { + onModelCreate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelCreateExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelAfterCreateSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelAfterCreateError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelUpdate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelUpdateExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelAfterUpdateSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelAfterUpdateError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelValidate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelDelete(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelDeleteExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelAfterDeleteSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onModelAfterDeleteError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordEnrich(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordValidate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordCreate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordCreateExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAfterCreateSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAfterCreateError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordUpdate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordUpdateExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAfterUpdateSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAfterUpdateError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordDelete(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordDeleteExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAfterDeleteSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAfterDeleteError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionValidate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionCreate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionCreateExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionAfterCreateSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionAfterCreateError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionUpdate(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionUpdateExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionAfterUpdateSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionAfterUpdateError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionDelete(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionDeleteExecute(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionAfterDeleteSuccess(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionAfterDeleteError(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onMailerSend(): (hook.Hook) + } + interface BaseApp { + onMailerRecordPasswordResetSend(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onMailerRecordVerificationSend(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onMailerRecordEmailChangeSend(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onMailerRecordOTPSend(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onMailerRecordAuthAlertSend(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRealtimeConnectRequest(): (hook.Hook) + } + interface BaseApp { + onRealtimeMessageSend(): (hook.Hook) + } + interface BaseApp { + onRealtimeSubscribeRequest(): (hook.Hook) + } + interface BaseApp { + onSettingsListRequest(): (hook.Hook) + } + interface BaseApp { + onSettingsUpdateRequest(): (hook.Hook) + } + interface BaseApp { + onSettingsReload(): (hook.Hook) + } + interface BaseApp { + onFileDownloadRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onFileTokenRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAuthRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAuthWithPasswordRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAuthWithOAuth2Request(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAuthRefreshRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordRequestPasswordResetRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordConfirmPasswordResetRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordRequestVerificationRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordConfirmVerificationRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordRequestEmailChangeRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordConfirmEmailChangeRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordRequestOTPRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordAuthWithOTPRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordsListRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordViewRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordCreateRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordUpdateRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onRecordDeleteRequest(...tags: string[]): (hook.TaggedHook) + } + interface BaseApp { + onCollectionsListRequest(): (hook.Hook) + } + interface BaseApp { + onCollectionViewRequest(): (hook.Hook) + } + interface BaseApp { + onCollectionCreateRequest(): (hook.Hook) + } + interface BaseApp { + onCollectionUpdateRequest(): (hook.Hook) + } + interface BaseApp { + onCollectionDeleteRequest(): (hook.Hook) + } + interface BaseApp { + onCollectionsImportRequest(): (hook.Hook) + } + interface BaseApp { + onBatchRequest(): (hook.Hook) + } + interface BaseApp { + /** + * CreateBackup creates a new backup of the current app pb_data directory. + * + * If name is empty, it will be autogenerated. + * If backup with the same name exists, the new backup file will replace it. + * + * The backup is executed within a transaction, meaning that new writes + * will be temporary "blocked" until the backup file is generated. + * + * To safely perform the backup, it is recommended to have free disk space + * for at least 2x the size of the pb_data directory. + * + * By default backups are stored in pb_data/backups + * (the backups directory itself is excluded from the generated backup). + * + * When using S3 storage for the uploaded collection files, you have to + * take care manually to backup those since they are not part of the pb_data. + * + * Backups can be stored on S3 if it is configured in app.Settings().Backups. + */ + createBackup(ctx: context.Context, name: string): void + } + interface BaseApp { + /** + * RestoreBackup restores the backup with the specified name and restarts + * the current running application process. + * + * NB! This feature is experimental and currently is expected to work only on UNIX based systems. + * + * To safely perform the restore it is recommended to have free disk space + * for at least 2x the size of the restored pb_data backup. + * + * The performed steps are: + * + * 1. Download the backup with the specified name in a temp location + * ``` + * (this is in case of S3; otherwise it creates a temp copy of the zip) + * ``` + * + * 2. Extract the backup in a temp directory inside the app "pb_data" + * ``` + * (eg. "pb_data/.pb_temp_to_delete/pb_restore"). + * ``` + * + * 3. Move the current app "pb_data" content (excluding the local backups and the special temp dir) + * ``` + * under another temp sub dir that will be deleted on the next app start up + * (eg. "pb_data/.pb_temp_to_delete/old_pb_data"). + * This is because on some environments it may not be allowed + * to delete the currently open "pb_data" files. + * ``` + * + * 4. Move the extracted dir content to the app "pb_data". + * + * 5. Restart the app (on successful app bootstap it will also remove the old pb_data). + * + * If a failure occure during the restore process the dir changes are reverted. + * If for whatever reason the revert is not possible, it panics. + * + * Note that if your pb_data has custom network mounts as subdirectories, then + * it is possible the restore to fail during the `os.Rename` operations + * (see https://github.com/pocketbase/pocketbase/issues/4647). + */ + restoreBackup(ctx: context.Context, name: string): void + } + interface BaseApp { + /** + * ImportCollectionsByMarshaledJSON is the same as [ImportCollections] + * but accept marshaled json array as import data (usually used for the autogenerated snapshots). + */ + importCollectionsByMarshaledJSON(rawSliceOfMaps: string|Array, deleteMissing: boolean): void + } + interface BaseApp { + /** + * ImportCollections imports the provided collections data in a single transaction. + * + * For existing matching collections, the imported data is unmarshaled on top of the existing model. + * + * NB! If deleteMissing is true, ALL NON-SYSTEM COLLECTIONS AND SCHEMA FIELDS, + * that are not present in the imported configuration, WILL BE DELETED + * (this includes their related records data). + */ + importCollections(toImport: Array<_TygojaDict>, deleteMissing: boolean): void + } + /** + * @todo experiment eventually replacing the rules *string with a struct? + */ + type _smUOmdS = BaseModel + interface baseCollection extends _smUOmdS { + listRule?: string + viewRule?: string + createRule?: string + updateRule?: string + deleteRule?: string + /** + * RawOptions represents the raw serialized collection option loaded from the DB. + * NB! This field shouldn't be modified manually. It is automatically updated + * with the collection type specific option before save. + */ + rawOptions: types.JSONRaw + name: string + type: string + fields: FieldsList + indexes: types.JSONArray + created: types.DateTime + updated: types.DateTime + /** + * System prevents the collection rename, deletion and rules change. + * It is used primarily for internal purposes for collections like "_superusers", "_externalAuths", etc. + */ + system: boolean + } + /** + * Collection defines the table, fields and various options related to a set of records. + */ + type _sKRFDEg = baseCollection&collectionAuthOptions&collectionViewOptions + interface Collection extends _sKRFDEg { + } + interface newCollection { + /** + * NewCollection initializes and returns a new Collection model with the specified type and name. + * + * It also loads the minimal default configuration for the collection + * (eg. system fields, indexes, type specific options, etc.). + */ + (typ: string, name: string, ...optId: string[]): (Collection) + } + interface newBaseCollection { + /** + * NewBaseCollection initializes and returns a new "base" Collection model. + * + * It also loads the minimal default configuration for the collection + * (eg. system fields, indexes, type specific options, etc.). + */ + (name: string, ...optId: string[]): (Collection) + } + interface newViewCollection { + /** + * NewViewCollection initializes and returns a new "view" Collection model. + * + * It also loads the minimal default configuration for the collection + * (eg. system fields, indexes, type specific options, etc.). + */ + (name: string, ...optId: string[]): (Collection) + } + interface newAuthCollection { + /** + * NewAuthCollection initializes and returns a new "auth" Collection model. + * + * It also loads the minimal default configuration for the collection + * (eg. system fields, indexes, type specific options, etc.). + */ + (name: string, ...optId: string[]): (Collection) + } + interface Collection { + /** + * TableName returns the Collection model SQL table name. + */ + tableName(): string + } + interface Collection { + /** + * BaseFilesPath returns the storage dir path used by the collection. + */ + baseFilesPath(): string + } + interface Collection { + /** + * IsBase checks if the current collection has "base" type. + */ + isBase(): boolean + } + interface Collection { + /** + * IsAuth checks if the current collection has "auth" type. + */ + isAuth(): boolean + } + interface Collection { + /** + * IsView checks if the current collection has "view" type. + */ + isView(): boolean + } + interface Collection { + /** + * IntegrityChecks toggles the current collection integrity checks (ex. checking references on delete). + */ + integrityChecks(enable: boolean): void + } + interface Collection { + /** + * PostScan implements the [dbx.PostScanner] interface to auto unmarshal + * the raw serialized options into the concrete type specific fields. + */ + postScan(): void + } + interface Collection { + /** + * UnmarshalJSON implements the [json.Unmarshaler] interface. + * + * For new/"blank" Collection models it replaces the model with a factory + * instance and then unmarshal the provided data one on top of it. + */ + unmarshalJSON(b: string|Array): void + } + interface Collection { + /** + * MarshalJSON implements the [json.Marshaler] interface. + * + * Note that non-type related fields are ignored from the serialization + * (ex. for "view" colections the "auth" fields are skipped). + */ + marshalJSON(): string|Array + } + interface Collection { + /** + * String returns a string representation of the current collection. + */ + string(): string + } + interface Collection { + /** + * DBExport prepares and exports the current collection data for db persistence. + */ + dbExport(app: App): _TygojaDict + } + interface Collection { + /** + * GetIndex returns s single Collection index expression by its name. + */ + getIndex(name: string): string + } + interface Collection { + /** + * AddIndex adds a new index into the current collection. + * + * If the collection has an existing index matching the new name it will be replaced with the new one. + */ + addIndex(name: string, unique: boolean, columnsExpr: string, optWhereExpr: string): void + } + interface Collection { + /** + * RemoveIndex removes a single index with the specified name from the current collection. + */ + removeIndex(name: string): void + } + /** + * collectionAuthOptions defines the options for the "auth" type collection. + */ + interface collectionAuthOptions { + /** + * AuthRule could be used to specify additional record constraints + * applied after record authentication and right before returning the + * auth token response to the client. + * + * For example, to allow only verified users you could set it to + * "verified = true". + * + * Set it to empty string to allow any Auth collection record to authenticate. + * + * Set it to nil to disallow authentication altogether for the collection + * (that includes password, OAuth2, etc.). + */ + authRule?: string + /** + * ManageRule gives admin-like permissions to allow fully managing + * the auth record(s), eg. changing the password without requiring + * to enter the old one, directly updating the verified state and email, etc. + * + * This rule is executed in addition to the Create and Update API rules. + */ + manageRule?: string + /** + * AuthAlert defines options related to the auth alerts on new device login. + */ + authAlert: AuthAlertConfig + /** + * OAuth2 specifies whether OAuth2 auth is enabled for the collection + * and which OAuth2 providers are allowed. + */ + oauth2: OAuth2Config + /** + * PasswordAuth defines options related to the collection password authentication. + */ + passwordAuth: PasswordAuthConfig + /** + * MFA defines options related to the Multi-factor authentication (MFA). + */ + mfa: MFAConfig + /** + * OTP defines options related to the One-time password authentication (OTP). + */ + otp: OTPConfig + /** + * Various token configurations + * --- + */ + authToken: TokenConfig + passwordResetToken: TokenConfig + emailChangeToken: TokenConfig + verificationToken: TokenConfig + fileToken: TokenConfig + /** + * Default email templates + * --- + */ + verificationTemplate: EmailTemplate + resetPasswordTemplate: EmailTemplate + confirmEmailChangeTemplate: EmailTemplate + } + interface EmailTemplate { + subject: string + body: string + } + interface EmailTemplate { + /** + * Validate makes EmailTemplate validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface EmailTemplate { + /** + * Resolve replaces the placeholder parameters in the current email + * template and returns its components as ready-to-use strings. + */ + resolve(placeholders: _TygojaDict): [string, string] + } + interface AuthAlertConfig { + enabled: boolean + emailTemplate: EmailTemplate + } + interface AuthAlertConfig { + /** + * Validate makes AuthAlertConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface TokenConfig { + secret: string + /** + * Duration specifies how long an issued token to be valid (in seconds) + */ + duration: number + } + interface TokenConfig { + /** + * Validate makes TokenConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface TokenConfig { + /** + * DurationTime returns the current Duration as [time.Duration]. + */ + durationTime(): time.Duration + } + interface OTPConfig { + enabled: boolean + /** + * Duration specifies how long the OTP to be valid (in seconds) + */ + duration: number + /** + * Length specifies the auto generated password length. + */ + length: number + /** + * EmailTemplate is the default OTP email template that will be send to the auth record. + * + * In addition to the system placeholders you can also make use of + * [core.EmailPlaceholderOTPId] and [core.EmailPlaceholderOTP]. + */ + emailTemplate: EmailTemplate + } + interface OTPConfig { + /** + * Validate makes OTPConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface OTPConfig { + /** + * DurationTime returns the current Duration as [time.Duration]. + */ + durationTime(): time.Duration + } + interface MFAConfig { + enabled: boolean + /** + * Duration specifies how long an issued MFA to be valid (in seconds) + */ + duration: number + /** + * Rule is an optional field to restrict MFA only for the records that satisfy the rule. + * + * Leave it empty to enable MFA for everyone. + */ + rule: string + } + interface MFAConfig { + /** + * Validate makes MFAConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface MFAConfig { + /** + * DurationTime returns the current Duration as [time.Duration]. + */ + durationTime(): time.Duration + } + interface PasswordAuthConfig { + enabled: boolean + /** + * IdentityFields is a list of field names that could be used as + * identity during password authentication. + * + * Usually only fields that has single column UNIQUE index are accepted as values. + */ + identityFields: Array + } + interface PasswordAuthConfig { + /** + * Validate makes PasswordAuthConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface OAuth2KnownFields { + id: string + name: string + username: string + avatarURL: string + } + interface OAuth2Config { + providers: Array + mappedFields: OAuth2KnownFields + enabled: boolean + } + interface OAuth2Config { + /** + * GetProviderConfig returns the first OAuth2ProviderConfig that matches the specified name. + * + * Returns false and zero config if no such provider is available in c.Providers. + */ + getProviderConfig(name: string): [OAuth2ProviderConfig, boolean] + } + interface OAuth2Config { + /** + * Validate makes OAuth2Config validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface OAuth2ProviderConfig { + /** + * PKCE overwrites the default provider PKCE config option. + * + * This usually shouldn't be needed but some OAuth2 vendors, like the LinkedIn OIDC, + * may require manual adjustment due to returning error if extra parameters are added to the request + * (https://github.com/pocketbase/pocketbase/discussions/3799#discussioncomment-7640312) + */ + pkce?: boolean + name: string + clientId: string + clientSecret: string + authURL: string + tokenURL: string + userInfoURL: string + displayName: string + extra: _TygojaDict + } + interface OAuth2ProviderConfig { + /** + * Validate makes OAuth2ProviderConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface OAuth2ProviderConfig { + /** + * InitProvider returns a new auth.Provider instance loaded with the current OAuth2ProviderConfig options. + */ + initProvider(): auth.Provider + } + /** + * collectionBaseOptions defines the options for the "base" type collection. + */ + interface collectionBaseOptions { + } + /** + * collectionViewOptions defines the options for the "view" type collection. + */ + interface collectionViewOptions { + viewQuery: string + } + interface BaseApp { + /** + * CollectionQuery returns a new Collection select query. + */ + collectionQuery(): (dbx.SelectQuery) + } + interface BaseApp { + /** + * FindCollections finds all collections by the given type(s). + * + * If collectionTypes is not set, it returns all collections. + * + * Example: + * + * ``` + * app.FindAllCollections() // all collections + * app.FindAllCollections("auth", "view") // only auth and view collections + * ``` + */ + findAllCollections(...collectionTypes: string[]): Array<(Collection | undefined)> + } + interface BaseApp { + /** + * ReloadCachedCollections fetches all collections and caches them into the app store. + */ + reloadCachedCollections(): void + } + interface BaseApp { + /** + * FindCollectionByNameOrId finds a single collection by its name (case insensitive) or id. + */ + findCollectionByNameOrId(nameOrId: string): (Collection) + } + interface BaseApp { + /** + * FindCachedCollectionByNameOrId is similar to [BaseApp.FindCollectionByNameOrId] + * but retrieves the Collection from the app cache instead of making a db call. + * + * NB! This method is suitable for read-only Collection operations. + * + * Returns [sql.ErrNoRows] if no Collection is found for consistency + * with the [BaseApp.FindCollectionByNameOrId] method. + * + * If you plan making changes to the returned Collection model, + * use [BaseApp.FindCollectionByNameOrId] instead. + * + * Caveats: + * + * ``` + * - The returned Collection should be used only for read-only operations. + * Avoid directly modifying the returned cached Collection as it will affect + * the global cached value even if you don't persist the changes in the database! + * - If you are updating a Collection in a transaction and then call this method before commit, + * it'll return the cached Collection state and not the one from the uncommitted transaction. + * - The cache is automatically updated on collections db change (create/update/delete). + * To manually reload the cache you can call [BaseApp.ReloadCachedCollections]. + * ``` + */ + findCachedCollectionByNameOrId(nameOrId: string): (Collection) + } + interface BaseApp { + /** + * FindCollectionReferences returns information for all relation fields + * referencing the provided collection. + * + * If the provided collection has reference to itself then it will be + * also included in the result. To exclude it, pass the collection id + * as the excludeIds argument. + */ + findCollectionReferences(collection: Collection, ...excludeIds: string[]): _TygojaDict + } + interface BaseApp { + /** + * FindCachedCollectionReferences is similar to [BaseApp.FindCollectionReferences] + * but retrieves the Collection from the app cache instead of making a db call. + * + * NB! This method is suitable for read-only Collection operations. + * + * If you plan making changes to the returned Collection model, + * use [BaseApp.FindCollectionReferences] instead. + * + * Caveats: + * + * ``` + * - The returned Collection should be used only for read-only operations. + * Avoid directly modifying the returned cached Collection as it will affect + * the global cached value even if you don't persist the changes in the database! + * - If you are updating a Collection in a transaction and then call this method before commit, + * it'll return the cached Collection state and not the one from the uncommitted transaction. + * - The cache is automatically updated on collections db change (create/update/delete). + * To manually reload the cache you can call [BaseApp.ReloadCachedCollections]. + * ``` + */ + findCachedCollectionReferences(collection: Collection, ...excludeIds: string[]): _TygojaDict + } + interface BaseApp { + /** + * IsCollectionNameUnique checks that there is no existing collection + * with the provided name (case insensitive!). + * + * Note: case insensitive check because the name is used also as + * table name for the records. + */ + isCollectionNameUnique(name: string, ...excludeIds: string[]): boolean + } + interface BaseApp { + /** + * TruncateCollection deletes all records associated with the provided collection. + * + * The truncate operation is executed in a single transaction, + * aka. either everything is deleted or none. + * + * Note that this method will also trigger the records related + * cascade and file delete actions. + */ + truncateCollection(collection: Collection): void + } + interface BaseApp { + /** + * SyncRecordTableSchema compares the two provided collections + * and applies the necessary related record table changes. + * + * If oldCollection is null, then only newCollection is used to create the record table. + * + * This method is automatically invoked as part of a collection create/update/delete operation. + */ + syncRecordTableSchema(newCollection: Collection, oldCollection: Collection): void + } + interface collectionValidator { + } + interface optionsValidator { + [key:string]: any; + } + /** + * DBExporter defines an interface for custom DB data export. + * Usually used as part of [App.Save]. + */ + interface DBExporter { + [key:string]: any; + /** + * DBExport returns a key-value map with the data to be used when saving the struct in the database. + */ + dbExport(app: App): _TygojaDict + } + /** + * PreValidator defines an optional model interface for registering a + * function that will run BEFORE firing the validation hooks (see [App.ValidateWithContext]). + */ + interface PreValidator { + [key:string]: any; + /** + * PreValidate defines a function that runs BEFORE the validation hooks. + */ + preValidate(ctx: context.Context, app: App): void + } + /** + * PostValidator defines an optional model interface for registering a + * function that will run AFTER executing the validation hooks (see [App.ValidateWithContext]). + */ + interface PostValidator { + [key:string]: any; + /** + * PostValidate defines a function that runs AFTER the successful + * execution of the validation hooks. + */ + postValidate(ctx: context.Context, app: App): void + } + interface generateDefaultRandomId { + /** + * GenerateDefaultRandomId generates a default random id string + * (note: the generated random string is not intended for security purposes). + */ + (): string + } + interface BaseApp { + /** + * ModelQuery creates a new preconfigured select data.db query with preset + * SELECT, FROM and other common fields based on the provided model. + */ + modelQuery(m: Model): (dbx.SelectQuery) + } + interface BaseApp { + /** + * AuxModelQuery creates a new preconfigured select auxiliary.db query with preset + * SELECT, FROM and other common fields based on the provided model. + */ + auxModelQuery(m: Model): (dbx.SelectQuery) + } + interface BaseApp { + /** + * Delete deletes the specified model from the regular app database. + */ + delete(model: Model): void + } + interface BaseApp { + /** + * Delete deletes the specified model from the regular app database + * (the context could be used to limit the query execution). + */ + deleteWithContext(ctx: context.Context, model: Model): void + } + interface BaseApp { + /** + * AuxDelete deletes the specified model from the auxiliary database. + */ + auxDelete(model: Model): void + } + interface BaseApp { + /** + * AuxDeleteWithContext deletes the specified model from the auxiliary database + * (the context could be used to limit the query execution). + */ + auxDeleteWithContext(ctx: context.Context, model: Model): void + } + interface BaseApp { + /** + * Save validates and saves the specified model into the regular app database. + * + * If you don't want to run validations, use [App.SaveNoValidate()]. + */ + save(model: Model): void + } + interface BaseApp { + /** + * SaveWithContext is the same as [App.Save()] but allows specifying a context to limit the db execution. + * + * If you don't want to run validations, use [App.SaveNoValidateWithContext()]. + */ + saveWithContext(ctx: context.Context, model: Model): void + } + interface BaseApp { + /** + * SaveNoValidate saves the specified model into the regular app database without performing validations. + * + * If you want to also run validations before persisting, use [App.Save()]. + */ + saveNoValidate(model: Model): void + } + interface BaseApp { + /** + * SaveNoValidateWithContext is the same as [App.SaveNoValidate()] + * but allows specifying a context to limit the db execution. + * + * If you want to also run validations before persisting, use [App.SaveWithContext()]. + */ + saveNoValidateWithContext(ctx: context.Context, model: Model): void + } + interface BaseApp { + /** + * AuxSave validates and saves the specified model into the auxiliary app database. + * + * If you don't want to run validations, use [App.AuxSaveNoValidate()]. + */ + auxSave(model: Model): void + } + interface BaseApp { + /** + * AuxSaveWithContext is the same as [App.AuxSave()] but allows specifying a context to limit the db execution. + * + * If you don't want to run validations, use [App.AuxSaveNoValidateWithContext()]. + */ + auxSaveWithContext(ctx: context.Context, model: Model): void + } + interface BaseApp { + /** + * AuxSaveNoValidate saves the specified model into the auxiliary app database without performing validations. + * + * If you want to also run validations before persisting, use [App.AuxSave()]. + */ + auxSaveNoValidate(model: Model): void + } + interface BaseApp { + /** + * AuxSaveNoValidateWithContext is the same as [App.AuxSaveNoValidate()] + * but allows specifying a context to limit the db execution. + * + * If you want to also run validations before persisting, use [App.AuxSaveWithContext()]. + */ + auxSaveNoValidateWithContext(ctx: context.Context, model: Model): void + } + interface BaseApp { + /** + * Validate triggers the OnModelValidate hook for the specified model. + */ + validate(model: Model): void + } + interface BaseApp { + /** + * ValidateWithContext is the same as Validate but allows specifying the ModelEvent context. + */ + validateWithContext(ctx: context.Context, model: Model): void + } + /** + * note: expects both builder to use the same driver + */ + interface dualDBBuilder { + } + interface dualDBBuilder { + /** + * Select implements the [dbx.Builder.Select] interface method. + */ + select(...cols: string[]): (dbx.SelectQuery) + } + interface dualDBBuilder { + /** + * Model implements the [dbx.Builder.Model] interface method. + */ + model(data: { + }): (dbx.ModelQuery) + } + interface dualDBBuilder { + /** + * GeneratePlaceholder implements the [dbx.Builder.GeneratePlaceholder] interface method. + */ + generatePlaceholder(i: number): string + } + interface dualDBBuilder { + /** + * Quote implements the [dbx.Builder.Quote] interface method. + */ + quote(str: string): string + } + interface dualDBBuilder { + /** + * QuoteSimpleTableName implements the [dbx.Builder.QuoteSimpleTableName] interface method. + */ + quoteSimpleTableName(table: string): string + } + interface dualDBBuilder { + /** + * QuoteSimpleColumnName implements the [dbx.Builder.QuoteSimpleColumnName] interface method. + */ + quoteSimpleColumnName(col: string): string + } + interface dualDBBuilder { + /** + * QueryBuilder implements the [dbx.Builder.QueryBuilder] interface method. + */ + queryBuilder(): dbx.QueryBuilder + } + interface dualDBBuilder { + /** + * Insert implements the [dbx.Builder.Insert] interface method. + */ + insert(table: string, cols: dbx.Params): (dbx.Query) + } + interface dualDBBuilder { + /** + * Upsert implements the [dbx.Builder.Upsert] interface method. + */ + upsert(table: string, cols: dbx.Params, ...constraints: string[]): (dbx.Query) + } + interface dualDBBuilder { + /** + * Update implements the [dbx.Builder.Update] interface method. + */ + update(table: string, cols: dbx.Params, where: dbx.Expression): (dbx.Query) + } + interface dualDBBuilder { + /** + * Delete implements the [dbx.Builder.Delete] interface method. + */ + delete(table: string, where: dbx.Expression): (dbx.Query) + } + interface dualDBBuilder { + /** + * CreateTable implements the [dbx.Builder.CreateTable] interface method. + */ + createTable(table: string, cols: _TygojaDict, ...options: string[]): (dbx.Query) + } + interface dualDBBuilder { + /** + * RenameTable implements the [dbx.Builder.RenameTable] interface method. + */ + renameTable(oldName: string, newName: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * DropTable implements the [dbx.Builder.DropTable] interface method. + */ + dropTable(table: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * TruncateTable implements the [dbx.Builder.TruncateTable] interface method. + */ + truncateTable(table: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * AddColumn implements the [dbx.Builder.AddColumn] interface method. + */ + addColumn(table: string, col: string, typ: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * DropColumn implements the [dbx.Builder.DropColumn] interface method. + */ + dropColumn(table: string, col: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * RenameColumn implements the [dbx.Builder.RenameColumn] interface method. + */ + renameColumn(table: string, oldName: string, newName: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * AlterColumn implements the [dbx.Builder.AlterColumn] interface method. + */ + alterColumn(table: string, col: string, typ: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * AddPrimaryKey implements the [dbx.Builder.AddPrimaryKey] interface method. + */ + addPrimaryKey(table: string, name: string, ...cols: string[]): (dbx.Query) + } + interface dualDBBuilder { + /** + * DropPrimaryKey implements the [dbx.Builder.DropPrimaryKey] interface method. + */ + dropPrimaryKey(table: string, name: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * AddForeignKey implements the [dbx.Builder.AddForeignKey] interface method. + */ + addForeignKey(table: string, name: string, cols: Array, refCols: Array, refTable: string, ...options: string[]): (dbx.Query) + } + interface dualDBBuilder { + /** + * DropForeignKey implements the [dbx.Builder.DropForeignKey] interface method. + */ + dropForeignKey(table: string, name: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * CreateIndex implements the [dbx.Builder.CreateIndex] interface method. + */ + createIndex(table: string, name: string, ...cols: string[]): (dbx.Query) + } + interface dualDBBuilder { + /** + * CreateUniqueIndex implements the [dbx.Builder.CreateUniqueIndex] interface method. + */ + createUniqueIndex(table: string, name: string, ...cols: string[]): (dbx.Query) + } + interface dualDBBuilder { + /** + * DropIndex implements the [dbx.Builder.DropIndex] interface method. + */ + dropIndex(table: string, name: string): (dbx.Query) + } + interface dualDBBuilder { + /** + * NewQuery implements the [dbx.Builder.NewQuery] interface method by + * routing the SELECT queries to the concurrent builder instance. + */ + newQuery(str: string): (dbx.Query) + } + interface defaultDBConnect { + (dbPath: string): (dbx.DB) + } + /** + * Model defines an interface with common methods that all db models should have. + * + * Note: for simplicity composite pk are not supported. + */ + interface Model { + [key:string]: any; + tableName(): string + pk(): any + lastSavedPK(): any + isNew(): boolean + markAsNew(): void + markAsNotNew(): void + } + /** + * BaseModel defines a base struct that is intended to be embedded into other custom models. + */ + interface BaseModel { + /** + * Id is the primary key of the model. + * It is usually autogenerated by the parent model implementation. + */ + id: string + } + interface BaseModel { + /** + * LastSavedPK returns the last saved primary key of the model. + * + * Its value is updated to the latest PK value after MarkAsNotNew() or PostScan() calls. + */ + lastSavedPK(): any + } + interface BaseModel { + pk(): any + } + interface BaseModel { + /** + * IsNew indicates what type of db query (insert or update) + * should be used with the model instance. + */ + isNew(): boolean + } + interface BaseModel { + /** + * MarkAsNew clears the pk field and marks the current model as "new" + * (aka. forces m.IsNew() to be true). + */ + markAsNew(): void + } + interface BaseModel { + /** + * MarkAsNew set the pk field to the Id value and marks the current model + * as NOT "new" (aka. forces m.IsNew() to be false). + */ + markAsNotNew(): void + } + interface BaseModel { + /** + * PostScan implements the [dbx.PostScanner] interface. + * + * It is usually executed right after the model is populated with the db row values. + */ + postScan(): void + } + interface BaseApp { + /** + * TableColumns returns all column names of a single table by its name. + */ + tableColumns(tableName: string): Array + } + interface TableInfoRow { + /** + * the `db:"pk"` tag has special semantic so we cannot rename + * the original field without specifying a custom mapper + */ + pk: number + index: number + name: string + type: string + notNull: boolean + defaultValue: sql.NullString + } + interface BaseApp { + /** + * TableInfo returns the "table_info" pragma result for the specified table. + */ + tableInfo(tableName: string): Array<(TableInfoRow | undefined)> + } + interface BaseApp { + /** + * TableIndexes returns a name grouped map with all non empty index of the specified table. + * + * Note: This method doesn't return an error on nonexisting table. + */ + tableIndexes(tableName: string): _TygojaDict + } + interface BaseApp { + /** + * DeleteTable drops the specified table. + * + * This method is a no-op if a table with the provided name doesn't exist. + * + * NB! Be aware that this method is vulnerable to SQL injection and the + * "tableName" argument must come only from trusted input! + */ + deleteTable(tableName: string): void + } + interface BaseApp { + /** + * HasTable checks if a table (or view) with the provided name exists (case insensitive). + * in the data.db. + */ + hasTable(tableName: string): boolean + } + interface BaseApp { + /** + * AuxHasTable checks if a table (or view) with the provided name exists (case insensitive) + * in the auixiliary.db. + */ + auxHasTable(tableName: string): boolean + } + interface BaseApp { + /** + * Vacuum executes VACUUM on the data.db in order to reclaim unused data db disk space. + */ + vacuum(): void + } + interface BaseApp { + /** + * AuxVacuum executes VACUUM on the auxiliary.db in order to reclaim unused auxiliary db disk space. + */ + auxVacuum(): void + } + interface BaseApp { + /** + * RunInTransaction wraps fn into a transaction for the regular app database. + * + * It is safe to nest RunInTransaction calls as long as you use the callback's txApp. + */ + runInTransaction(fn: (txApp: App) => void): void + } + interface BaseApp { + /** + * AuxRunInTransaction wraps fn into a transaction for the auxiliary app database. + * + * It is safe to nest RunInTransaction calls as long as you use the callback's txApp. + */ + auxRunInTransaction(fn: (txApp: App) => void): void + } + /** + * TxAppInfo represents an active transaction context associated to an existing app instance. + */ + interface TxAppInfo { + } + interface TxAppInfo { + /** + * OnComplete registers the provided callback that will be invoked + * once the related transaction ends (either completes successfully or rollbacked with an error). + * + * The callback receives the transaction error (if any) as its argument. + * Any additional errors returned by the OnComplete callbacks will be + * joined together with txErr when returning the final transaction result. + */ + onComplete(fn: (txErr: Error) => void): void + } + /** + * RequestEvent defines the PocketBase router handler event. + */ + type _sKhraUa = router.Event + interface RequestEvent extends _sKhraUa { + app: App + auth?: Record + } + interface RequestEvent { + /** + * RealIP returns the "real" IP address from the configured trusted proxy headers. + * + * If Settings.TrustedProxy is not configured or the found IP is empty, + * it fallbacks to e.RemoteIP(). + * + * NB! + * Be careful when used in a security critical context as it relies on + * the trusted proxy to be properly configured and your app to be accessible only through it. + * If you are not sure, use e.RemoteIP(). + */ + realIP(): string + } + interface RequestEvent { + /** + * HasSuperuserAuth checks whether the current RequestEvent has superuser authentication loaded. + */ + hasSuperuserAuth(): boolean + } + interface RequestEvent { + /** + * RequestInfo parses the current request into RequestInfo instance. + * + * Note that the returned result is cached to avoid copying the request data multiple times + * but the auth state and other common store items are always refreshed in case they were changed by another handler. + */ + requestInfo(): (RequestInfo) + } + /** + * RequestInfo defines a HTTP request data struct, usually used + * as part of the `@request.*` filter resolver. + * + * The Query and Headers fields contains only the first value for each found entry. + */ + interface RequestInfo { + query: _TygojaDict + headers: _TygojaDict + body: _TygojaDict + auth?: Record + method: string + context: string + } + interface RequestInfo { + /** + * HasSuperuserAuth checks whether the current RequestInfo instance + * has superuser authentication loaded. + */ + hasSuperuserAuth(): boolean + } + interface RequestInfo { + /** + * Clone creates a new shallow copy of the current RequestInfo and its Auth record (if any). + */ + clone(): (RequestInfo) + } + type _sbXFFhl = hook.Event&RequestEvent + interface BatchRequestEvent extends _sbXFFhl { + batch: Array<(InternalRequest | undefined)> + } + interface InternalRequest { + /** + * note: for uploading files the value must be either *filesystem.File or []*filesystem.File + */ + body: _TygojaDict + headers: _TygojaDict + method: string + url: string + } + interface InternalRequest { + validate(): void + } + interface HookTagger { + [key:string]: any; + hookTags(): Array + } + interface baseModelEventData { + model: Model + } + interface baseModelEventData { + tags(): Array + } + interface baseRecordEventData { + record?: Record + } + interface baseRecordEventData { + tags(): Array + } + interface baseCollectionEventData { + collection?: Collection + } + interface baseCollectionEventData { + tags(): Array + } + type _spyRtBo = hook.Event + interface BootstrapEvent extends _spyRtBo { + app: App + } + type _scmVEbS = hook.Event + interface TerminateEvent extends _scmVEbS { + app: App + isRestart: boolean + } + type _sLJKyMQ = hook.Event + interface BackupEvent extends _sLJKyMQ { + app: App + context: context.Context + name: string // the name of the backup to create/restore. + exclude: Array // list of dir entries to exclude from the backup create/restore. + } + type _sZsAFoN = hook.Event + interface ServeEvent extends _sZsAFoN { + app: App + router?: router.Router + server?: http.Server + certManager?: any + /** + * InstallerFunc is the "installer" function that is called after + * successful server tcp bind but only if there is no explicit + * superuser record created yet. + * + * It runs in a separate goroutine and its default value is [apis.DefaultInstallerFunc]. + * + * It receives a system superuser record as argument that you can use to generate + * a short-lived auth token (e.g. systemSuperuser.NewStaticAuthToken(30 * time.Minute)) + * and concatenate it as query param for your installer page + * (if you are using the client-side SDKs, you can then load the + * token with pb.authStore.save(token) and perform any Web API request + * e.g. creating a new superuser). + * + * Set it to nil if you want to skip the installer. + */ + installerFunc: (app: App, systemSuperuser: Record, baseURL: string) => void + } + type _szpyhbL = hook.Event&RequestEvent + interface SettingsListRequestEvent extends _szpyhbL { + settings?: Settings + } + type _sUrpTPz = hook.Event&RequestEvent + interface SettingsUpdateRequestEvent extends _sUrpTPz { + oldSettings?: Settings + newSettings?: Settings + } + type _sOIBUYK = hook.Event + interface SettingsReloadEvent extends _sOIBUYK { + app: App + } + type _srxGkIn = hook.Event + interface MailerEvent extends _srxGkIn { + app: App + mailer: mailer.Mailer + message?: mailer.Message + } + type _spcbBxx = MailerEvent&baseRecordEventData + interface MailerRecordEvent extends _spcbBxx { + meta: _TygojaDict + } + type _seMeelk = hook.Event&baseModelEventData + interface ModelEvent extends _seMeelk { + app: App + context: context.Context + /** + * Could be any of the ModelEventType* constants, like: + * - create + * - update + * - delete + * - validate + */ + type: string + } + type _stQeXll = ModelEvent + interface ModelErrorEvent extends _stQeXll { + error: Error + } + type _sLYFFhx = hook.Event&baseRecordEventData + interface RecordEvent extends _sLYFFhx { + app: App + context: context.Context + /** + * Could be any of the ModelEventType* constants, like: + * - create + * - update + * - delete + * - validate + */ + type: string + } + type _sWPmnLi = RecordEvent + interface RecordErrorEvent extends _sWPmnLi { + error: Error + } + type _seGYfWU = hook.Event&baseCollectionEventData + interface CollectionEvent extends _seGYfWU { + app: App + context: context.Context + /** + * Could be any of the ModelEventType* constants, like: + * - create + * - update + * - delete + * - validate + */ + type: string + } + type _sOEsoWv = CollectionEvent + interface CollectionErrorEvent extends _sOEsoWv { + error: Error + } + type _swJRVXC = hook.Event&RequestEvent&baseRecordEventData + interface FileTokenRequestEvent extends _swJRVXC { + token: string + } + type _skWTzPe = hook.Event&RequestEvent&baseCollectionEventData + interface FileDownloadRequestEvent extends _skWTzPe { + record?: Record + fileField?: FileField + servedPath: string + servedName: string + } + type _sjZNtLd = hook.Event&RequestEvent + interface CollectionsListRequestEvent extends _sjZNtLd { + collections: Array<(Collection | undefined)> + result?: search.Result + } + type _sQwJwmj = hook.Event&RequestEvent + interface CollectionsImportRequestEvent extends _sQwJwmj { + collectionsData: Array<_TygojaDict> + deleteMissing: boolean + } + type _ssHWEJn = hook.Event&RequestEvent&baseCollectionEventData + interface CollectionRequestEvent extends _ssHWEJn { + } + type _sZMxaAS = hook.Event&RequestEvent + interface RealtimeConnectRequestEvent extends _sZMxaAS { + client: subscriptions.Client + /** + * note: modifying it after the connect has no effect + */ + idleTimeout: time.Duration + } + type _sirsirI = hook.Event&RequestEvent + interface RealtimeMessageEvent extends _sirsirI { + client: subscriptions.Client + message?: subscriptions.Message + } + type _sGVLXGI = hook.Event&RequestEvent + interface RealtimeSubscribeRequestEvent extends _sGVLXGI { + client: subscriptions.Client + subscriptions: Array + } + type _sNkctgx = hook.Event&RequestEvent&baseCollectionEventData + interface RecordsListRequestEvent extends _sNkctgx { + /** + * @todo consider removing and maybe add as generic to the search.Result? + */ + records: Array<(Record | undefined)> + result?: search.Result + } + type _sesXIeC = hook.Event&RequestEvent&baseCollectionEventData + interface RecordRequestEvent extends _sesXIeC { + record?: Record + } + type _sNqEfxw = hook.Event&baseRecordEventData + interface RecordEnrichEvent extends _sNqEfxw { + app: App + requestInfo?: RequestInfo + } + type _saJisDV = hook.Event&RequestEvent&baseCollectionEventData + interface RecordCreateOTPRequestEvent extends _saJisDV { + record?: Record + password: string + } + type _sOSfgvh = hook.Event&RequestEvent&baseCollectionEventData + interface RecordAuthWithOTPRequestEvent extends _sOSfgvh { + record?: Record + otp?: OTP + } + type _sAHiJnG = hook.Event&RequestEvent&baseCollectionEventData + interface RecordAuthRequestEvent extends _sAHiJnG { + record?: Record + token: string + meta: any + authMethod: string + } + type _syiXgiO = hook.Event&RequestEvent&baseCollectionEventData + interface RecordAuthWithPasswordRequestEvent extends _syiXgiO { + record?: Record + identity: string + identityField: string + password: string + } + type _sRauTZa = hook.Event&RequestEvent&baseCollectionEventData + interface RecordAuthWithOAuth2RequestEvent extends _sRauTZa { + providerName: string + providerClient: auth.Provider + record?: Record + oAuth2User?: auth.AuthUser + createData: _TygojaDict + isNewRecord: boolean + } + type _srGgmEJ = hook.Event&RequestEvent&baseCollectionEventData + interface RecordAuthRefreshRequestEvent extends _srGgmEJ { + record?: Record + } + type _sFfmUxk = hook.Event&RequestEvent&baseCollectionEventData + interface RecordRequestPasswordResetRequestEvent extends _sFfmUxk { + record?: Record + } + type _sLGZbki = hook.Event&RequestEvent&baseCollectionEventData + interface RecordConfirmPasswordResetRequestEvent extends _sLGZbki { + record?: Record + } + type _sQcbAzh = hook.Event&RequestEvent&baseCollectionEventData + interface RecordRequestVerificationRequestEvent extends _sQcbAzh { + record?: Record + } + type _sIJpEBx = hook.Event&RequestEvent&baseCollectionEventData + interface RecordConfirmVerificationRequestEvent extends _sIJpEBx { + record?: Record + } + type _sGcXDVI = hook.Event&RequestEvent&baseCollectionEventData + interface RecordRequestEmailChangeRequestEvent extends _sGcXDVI { + record?: Record + newEmail: string + } + type _sFyRDNw = hook.Event&RequestEvent&baseCollectionEventData + interface RecordConfirmEmailChangeRequestEvent extends _sFyRDNw { + record?: Record + newEmail: string + } + /** + * ExternalAuth defines a Record proxy for working with the externalAuths collection. + */ + type _sBktZEa = Record + interface ExternalAuth extends _sBktZEa { + } + interface newExternalAuth { + /** + * NewExternalAuth instantiates and returns a new blank *ExternalAuth model. + * + * Example usage: + * + * ``` + * ea := core.NewExternalAuth(app) + * ea.SetRecordRef(user.Id) + * ea.SetCollectionRef(user.Collection().Id) + * ea.SetProvider("google") + * ea.SetProviderId("...") + * app.Save(ea) + * ``` + */ + (app: App): (ExternalAuth) + } + interface ExternalAuth { + /** + * PreValidate implements the [PreValidator] interface and checks + * whether the proxy is properly loaded. + */ + preValidate(ctx: context.Context, app: App): void + } + interface ExternalAuth { + /** + * ProxyRecord returns the proxied Record model. + */ + proxyRecord(): (Record) + } + interface ExternalAuth { + /** + * SetProxyRecord loads the specified record model into the current proxy. + */ + setProxyRecord(record: Record): void + } + interface ExternalAuth { + /** + * CollectionRef returns the "collectionRef" field value. + */ + collectionRef(): string + } + interface ExternalAuth { + /** + * SetCollectionRef updates the "collectionRef" record field value. + */ + setCollectionRef(collectionId: string): void + } + interface ExternalAuth { + /** + * RecordRef returns the "recordRef" record field value. + */ + recordRef(): string + } + interface ExternalAuth { + /** + * SetRecordRef updates the "recordRef" record field value. + */ + setRecordRef(recordId: string): void + } + interface ExternalAuth { + /** + * Provider returns the "provider" record field value. + */ + provider(): string + } + interface ExternalAuth { + /** + * SetProvider updates the "provider" record field value. + */ + setProvider(provider: string): void + } + interface ExternalAuth { + /** + * Provider returns the "providerId" record field value. + */ + providerId(): string + } + interface ExternalAuth { + /** + * SetProvider updates the "providerId" record field value. + */ + setProviderId(providerId: string): void + } + interface ExternalAuth { + /** + * Created returns the "created" record field value. + */ + created(): types.DateTime + } + interface ExternalAuth { + /** + * Updated returns the "updated" record field value. + */ + updated(): types.DateTime + } + interface BaseApp { + /** + * FindAllExternalAuthsByRecord returns all ExternalAuth models + * linked to the provided auth record. + */ + findAllExternalAuthsByRecord(authRecord: Record): Array<(ExternalAuth | undefined)> + } + interface BaseApp { + /** + * FindAllExternalAuthsByCollection returns all ExternalAuth models + * linked to the provided auth collection. + */ + findAllExternalAuthsByCollection(collection: Collection): Array<(ExternalAuth | undefined)> + } + interface BaseApp { + /** + * FindFirstExternalAuthByExpr returns the first available (the most recent created) + * ExternalAuth model that satisfies the non-nil expression. + */ + findFirstExternalAuthByExpr(expr: dbx.Expression): (ExternalAuth) + } + /** + * FieldFactoryFunc defines a simple function to construct a specific Field instance. + */ + interface FieldFactoryFunc {(): Field } + /** + * Field defines a common interface that all Collection fields should implement. + */ + interface Field { + [key:string]: any; + /** + * GetId returns the field id. + */ + getId(): string + /** + * SetId changes the field id. + */ + setId(id: string): void + /** + * GetName returns the field name. + */ + getName(): string + /** + * SetName changes the field name. + */ + setName(name: string): void + /** + * GetSystem returns the field system flag state. + */ + getSystem(): boolean + /** + * SetSystem changes the field system flag state. + */ + setSystem(system: boolean): void + /** + * GetHidden returns the field hidden flag state. + */ + getHidden(): boolean + /** + * SetHidden changes the field hidden flag state. + */ + setHidden(hidden: boolean): void + /** + * Type returns the unique type of the field. + */ + type(): string + /** + * ColumnType returns the DB column definition of the field. + */ + columnType(app: App): string + /** + * PrepareValue returns a properly formatted field value based on the provided raw one. + * + * This method is also called on record construction to initialize its default field value. + */ + prepareValue(record: Record, raw: any): any + /** + * ValidateSettings validates the current field value associated with the provided record. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + /** + * ValidateSettings validates the current field settings. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + /** + * MaxBodySizeCalculator defines an optional field interface for + * specifying the max size of a field value. + */ + interface MaxBodySizeCalculator { + [key:string]: any; + /** + * CalculateMaxBodySize returns the approximate max body size of a field value. + */ + calculateMaxBodySize(): number + } + interface SetterFunc {(record: Record, raw: any): void } + /** + * SetterFinder defines a field interface for registering custom field value setters. + */ + interface SetterFinder { + [key:string]: any; + /** + * FindSetter returns a single field value setter function + * by performing pattern-like field matching using the specified key. + * + * The key is usually just the field name but it could also + * contains "modifier" characters based on which you can perform custom set operations + * (ex. "users+" could be mapped to a function that will append new user to the existing field value). + * + * Return nil if you want to fallback to the default field value setter. + */ + findSetter(key: string): SetterFunc + } + interface GetterFunc {(record: Record): any } + /** + * GetterFinder defines a field interface for registering custom field value getters. + */ + interface GetterFinder { + [key:string]: any; + /** + * FindGetter returns a single field value getter function + * by performing pattern-like field matching using the specified key. + * + * The key is usually just the field name but it could also + * contains "modifier" characters based on which you can perform custom get operations + * (ex. "description:excerpt" could be mapped to a function that will return an excerpt of the current field value). + * + * Return nil if you want to fallback to the default field value setter. + */ + findGetter(key: string): GetterFunc + } + /** + * DriverValuer defines a Field interface for exporting and formatting + * a field value for the database. + */ + interface DriverValuer { + [key:string]: any; + /** + * DriverValue exports a single field value for persistence in the database. + */ + driverValue(record: Record): any + } + /** + * MultiValuer defines a field interface that every multi-valued (eg. with MaxSelect) field has. + */ + interface MultiValuer { + [key:string]: any; + /** + * IsMultiple checks whether the field is configured to support multiple or single values. + */ + isMultiple(): boolean + } + /** + * RecordInterceptor defines a field interface for reacting to various + * Record related operations (create, delete, validate, etc.). + */ + interface RecordInterceptor { + [key:string]: any; + /** + * Interceptor is invoked when a specific record action occurs + * allowing you to perform extra validations and normalization + * (ex. uploading or deleting files). + * + * Note that users must call actionFunc() manually if they want to + * execute the specific record action. + */ + intercept(ctx: context.Context, app: App, record: Record, actionName: string, actionFunc: () => void): void + } + interface defaultFieldIdValidationRule { + /** + * DefaultFieldIdValidationRule performs base validation on a field id value. + */ + (value: any): void + } + interface defaultFieldNameValidationRule { + /** + * DefaultFieldIdValidationRule performs base validation on a field name value. + */ + (value: any): void + } + /** + * AutodateField defines an "autodate" type field, aka. + * field which datetime value could be auto set on record create/update. + * + * This field is usually used for defining timestamp fields like "created" and "updated". + * + * Requires either both or at least one of the OnCreate or OnUpdate options to be set. + */ + interface AutodateField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * OnCreate auto sets the current datetime as field value on record create. + */ + onCreate: boolean + /** + * OnUpdate auto sets the current datetime as field value on record update. + */ + onUpdate: boolean + } + interface AutodateField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface AutodateField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface AutodateField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface AutodateField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface AutodateField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface AutodateField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface AutodateField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface AutodateField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface AutodateField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface AutodateField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface AutodateField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface AutodateField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface AutodateField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface AutodateField { + /** + * FindSetter implements the [SetterFinder] interface. + */ + findSetter(key: string): SetterFunc + } + interface AutodateField { + /** + * Intercept implements the [RecordInterceptor] interface. + */ + intercept(ctx: context.Context, app: App, record: Record, actionName: string, actionFunc: () => void): void + } + /** + * BoolField defines "bool" type field to store a single true/false value. + * + * The respective zero record field value is false. + */ + interface BoolField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Required will require the field value to be always "true". + */ + required: boolean + } + interface BoolField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface BoolField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface BoolField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface BoolField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface BoolField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface BoolField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface BoolField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface BoolField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface BoolField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface BoolField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface BoolField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface BoolField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface BoolField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + /** + * DateField defines "date" type field to store a single [types.DateTime] value. + * + * The respective zero record field value is the zero [types.DateTime]. + */ + interface DateField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Min specifies the min allowed field value. + * + * Leave it empty to skip the validator. + */ + min: types.DateTime + /** + * Max specifies the max allowed field value. + * + * Leave it empty to skip the validator. + */ + max: types.DateTime + /** + * Required will require the field value to be non-zero [types.DateTime]. + */ + required: boolean + } + interface DateField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface DateField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface DateField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface DateField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface DateField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface DateField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface DateField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface DateField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface DateField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface DateField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface DateField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface DateField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface DateField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + /** + * EditorField defines "editor" type field to store HTML formatted text. + * + * The respective zero record field value is empty string. + */ + interface EditorField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * MaxSize specifies the maximum size of the allowed field value (in bytes and up to 2^53-1). + * + * If zero, a default limit of ~5MB is applied. + */ + maxSize: number + /** + * ConvertURLs is usually used to instruct the editor whether to + * apply url conversion (eg. stripping the domain name in case the + * urls are using the same domain as the one where the editor is loaded). + * + * (see also https://www.tiny.cloud/docs/tinymce/6/url-handling/#convert_urls) + */ + convertURLs: boolean + /** + * Required will require the field value to be non-empty string. + */ + required: boolean + } + interface EditorField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface EditorField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface EditorField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface EditorField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface EditorField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface EditorField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface EditorField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface EditorField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface EditorField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface EditorField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface EditorField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface EditorField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface EditorField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface EditorField { + /** + * CalculateMaxBodySize implements the [MaxBodySizeCalculator] interface. + */ + calculateMaxBodySize(): number + } + /** + * EmailField defines "email" type field for storing a single email string address. + * + * The respective zero record field value is empty string. + */ + interface EmailField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * ExceptDomains will require the email domain to NOT be included in the listed ones. + * + * This validator can be set only if OnlyDomains is empty. + */ + exceptDomains: Array + /** + * OnlyDomains will require the email domain to be included in the listed ones. + * + * This validator can be set only if ExceptDomains is empty. + */ + onlyDomains: Array + /** + * Required will require the field value to be non-empty email string. + */ + required: boolean + } + interface EmailField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface EmailField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface EmailField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface EmailField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface EmailField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface EmailField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface EmailField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface EmailField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface EmailField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface EmailField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface EmailField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface EmailField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface EmailField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + /** + * FileField defines "file" type field for managing record file(s). + * + * Only the file name is stored as part of the record value. + * New files (aka. files to upload) are expected to be of *filesytem.File. + * + * If MaxSelect is not set or <= 1, then the field value is expected to be a single record id. + * + * If MaxSelect is > 1, then the field value is expected to be a slice of record ids. + * + * The respective zero record field value is either empty string (single) or empty string slice (multiple). + * + * --- + * + * The following additional setter keys are available: + * + * ``` + * - "fieldName+" - append one or more files to the existing record one. For example: + * + * // []string{"old1.txt", "old2.txt", "new1_ajkvass.txt", "new2_klhfnwd.txt"} + * record.Set("documents+", []*filesystem.File{new1, new2}) + * + * - "+fieldName" - prepend one or more files to the existing record one. For example: + * + * // []string{"new1_ajkvass.txt", "new2_klhfnwd.txt", "old1.txt", "old2.txt",} + * record.Set("+documents", []*filesystem.File{new1, new2}) + * + * - "fieldName-" - subtract/delete one or more files from the existing record one. For example: + * + * // []string{"old2.txt",} + * record.Set("documents-", "old1.txt") + * ``` + */ + interface FileField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * MaxSize specifies the maximum size of a single uploaded file (in bytes and up to 2^53-1). + * + * If zero, a default limit of 5MB is applied. + */ + maxSize: number + /** + * MaxSelect specifies the max allowed files. + * + * For multiple files the value must be > 1, otherwise fallbacks to single (default). + */ + maxSelect: number + /** + * MimeTypes specifies an optional list of the allowed file mime types. + * + * Leave it empty to disable the validator. + */ + mimeTypes: Array + /** + * Thumbs specifies an optional list of the supported thumbs for image based files. + * + * Each entry must be in one of the following formats: + * + * ``` + * - WxH (eg. 100x300) - crop to WxH viewbox (from center) + * - WxHt (eg. 100x300t) - crop to WxH viewbox (from top) + * - WxHb (eg. 100x300b) - crop to WxH viewbox (from bottom) + * - WxHf (eg. 100x300f) - fit inside a WxH viewbox (without cropping) + * - 0xH (eg. 0x300) - resize to H height preserving the aspect ratio + * - Wx0 (eg. 100x0) - resize to W width preserving the aspect ratio + * ``` + */ + thumbs: Array + /** + * Protected will require the users to provide a special file token to access the file. + * + * Note that by default all files are publicly accessible. + * + * For the majority of the cases this is fine because by default + * all file names have random part appended to their name which + * need to be known by the user before accessing the file. + */ + protected: boolean + /** + * Required will require the field value to have at least one file. + */ + required: boolean + } + interface FileField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface FileField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface FileField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface FileField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface FileField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface FileField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface FileField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface FileField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface FileField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface FileField { + /** + * IsMultiple implements MultiValuer interface and checks whether the + * current field options support multiple values. + */ + isMultiple(): boolean + } + interface FileField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface FileField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface FileField { + /** + * DriverValue implements the [DriverValuer] interface. + */ + driverValue(record: Record): any + } + interface FileField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface FileField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface FileField { + /** + * CalculateMaxBodySize implements the [MaxBodySizeCalculator] interface. + */ + calculateMaxBodySize(): number + } + interface FileField { + /** + * Intercept implements the [RecordInterceptor] interface. + * + * note: files delete after records deletion is handled globally by the app FileManager hook + */ + intercept(ctx: context.Context, app: App, record: Record, actionName: string, actionFunc: () => void): void + } + interface FileField { + /** + * FindGetter implements the [GetterFinder] interface. + */ + findGetter(key: string): GetterFunc + } + interface FileField { + /** + * FindSetter implements the [SetterFinder] interface. + */ + findSetter(key: string): SetterFunc + } + /** + * GeoPointField defines "geoPoint" type field for storing latitude and longitude GPS coordinates. + * + * You can set the record field value as [types.GeoPoint], map or serialized json object with lat-lon props. + * The stored value is always converted to [types.GeoPoint]. + * Nil, empty map, empty bytes slice, etc. results in zero [types.GeoPoint]. + * + * Examples of updating a record's GeoPointField value programmatically: + * + * ``` + * record.Set("location", types.GeoPoint{Lat: 123, Lon: 456}) + * record.Set("location", map[string]any{"lat":123, "lon":456}) + * record.Set("location", []byte(`{"lat":123, "lon":456}`) + * ``` + */ + interface GeoPointField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Required will require the field coordinates to be non-zero (aka. not "Null Island"). + */ + required: boolean + } + interface GeoPointField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface GeoPointField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface GeoPointField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface GeoPointField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface GeoPointField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface GeoPointField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface GeoPointField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface GeoPointField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface GeoPointField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface GeoPointField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface GeoPointField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface GeoPointField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface GeoPointField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + /** + * JSONField defines "json" type field for storing any serialized JSON value. + * + * The respective zero record field value is the zero [types.JSONRaw]. + */ + interface JSONField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * MaxSize specifies the maximum size of the allowed field value (in bytes and up to 2^53-1). + * + * If zero, a default limit of 1MB is applied. + */ + maxSize: number + /** + * Required will require the field value to be non-empty JSON value + * (aka. not "null", `""`, "[]", "{}"). + */ + required: boolean + } + interface JSONField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface JSONField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface JSONField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface JSONField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface JSONField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface JSONField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface JSONField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface JSONField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface JSONField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface JSONField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface JSONField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface JSONField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface JSONField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface JSONField { + /** + * CalculateMaxBodySize implements the [MaxBodySizeCalculator] interface. + */ + calculateMaxBodySize(): number + } + /** + * NumberField defines "number" type field for storing numeric (float64) value. + * + * The respective zero record field value is 0. + * + * The following additional setter keys are available: + * + * ``` + * - "fieldName+" - appends to the existing record value. For example: + * record.Set("total+", 5) + * - "fieldName-" - subtracts from the existing record value. For example: + * record.Set("total-", 5) + * ``` + */ + interface NumberField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Min specifies the min allowed field value. + * + * Leave it nil to skip the validator. + */ + min?: number + /** + * Max specifies the max allowed field value. + * + * Leave it nil to skip the validator. + */ + max?: number + /** + * OnlyInt will require the field value to be integer. + */ + onlyInt: boolean + /** + * Required will require the field value to be non-zero. + */ + required: boolean + } + interface NumberField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface NumberField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface NumberField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface NumberField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface NumberField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface NumberField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface NumberField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface NumberField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface NumberField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface NumberField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface NumberField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface NumberField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface NumberField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface NumberField { + /** + * FindSetter implements the [SetterFinder] interface. + */ + findSetter(key: string): SetterFunc + } + /** + * PasswordField defines "password" type field for storing bcrypt hashed strings + * (usually used only internally for the "password" auth collection system field). + * + * If you want to set a direct bcrypt hash as record field value you can use the SetRaw method, for example: + * + * ``` + * // generates a bcrypt hash of "123456" and set it as field value + * // (record.GetString("password") returns the plain password until persisted, otherwise empty string) + * record.Set("password", "123456") + * + * // set directly a bcrypt hash of "123456" as field value + * // (record.GetString("password") returns empty string) + * record.SetRaw("password", "$2a$10$.5Elh8fgxypNUWhpUUr/xOa2sZm0VIaE0qWuGGl9otUfobb46T1Pq") + * ``` + * + * The following additional getter keys are available: + * + * ``` + * - "fieldName:hash" - returns the bcrypt hash string of the record field value (if any). For example: + * record.GetString("password:hash") + * ``` + */ + interface PasswordField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Pattern specifies an optional regex pattern to match against the field value. + * + * Leave it empty to skip the pattern check. + */ + pattern: string + /** + * Min specifies an optional required field string length. + */ + min: number + /** + * Max specifies an optional required field string length. + * + * If zero, fallback to max 71 bytes. + */ + max: number + /** + * Cost specifies the cost/weight/iteration/etc. bcrypt factor. + * + * If zero, fallback to [bcrypt.DefaultCost]. + * + * If explicitly set, must be between [bcrypt.MinCost] and [bcrypt.MaxCost]. + */ + cost: number + /** + * Required will require the field value to be non-empty string. + */ + required: boolean + } + interface PasswordField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface PasswordField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface PasswordField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface PasswordField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface PasswordField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface PasswordField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface PasswordField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface PasswordField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface PasswordField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface PasswordField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface PasswordField { + /** + * DriverValue implements the [DriverValuer] interface. + */ + driverValue(record: Record): any + } + interface PasswordField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface PasswordField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface PasswordField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface PasswordField { + /** + * Intercept implements the [RecordInterceptor] interface. + */ + intercept(ctx: context.Context, app: App, record: Record, actionName: string, actionFunc: () => void): void + } + interface PasswordField { + /** + * FindGetter implements the [GetterFinder] interface. + */ + findGetter(key: string): GetterFunc + } + interface PasswordField { + /** + * FindSetter implements the [SetterFinder] interface. + */ + findSetter(key: string): SetterFunc + } + interface PasswordFieldValue { + lastError: Error + hash: string + plain: string + } + interface PasswordFieldValue { + validate(pass: string): boolean + } + /** + * RelationField defines "relation" type field for storing single or + * multiple collection record references. + * + * Requires the CollectionId option to be set. + * + * If MaxSelect is not set or <= 1, then the field value is expected to be a single record id. + * + * If MaxSelect is > 1, then the field value is expected to be a slice of record ids. + * + * The respective zero record field value is either empty string (single) or empty string slice (multiple). + * + * --- + * + * The following additional setter keys are available: + * + * ``` + * - "fieldName+" - append one or more values to the existing record one. For example: + * + * record.Set("categories+", []string{"new1", "new2"}) // []string{"old1", "old2", "new1", "new2"} + * + * - "+fieldName" - prepend one or more values to the existing record one. For example: + * + * record.Set("+categories", []string{"new1", "new2"}) // []string{"new1", "new2", "old1", "old2"} + * + * - "fieldName-" - subtract one or more values from the existing record one. For example: + * + * record.Set("categories-", "old1") // []string{"old2"} + * ``` + */ + interface RelationField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * CollectionId is the id of the related collection. + */ + collectionId: string + /** + * CascadeDelete indicates whether the root model should be deleted + * in case of delete of all linked relations. + */ + cascadeDelete: boolean + /** + * MinSelect indicates the min number of allowed relation records + * that could be linked to the main model. + * + * No min limit is applied if it is zero or negative value. + */ + minSelect: number + /** + * MaxSelect indicates the max number of allowed relation records + * that could be linked to the main model. + * + * For multiple select the value must be > 1, otherwise fallbacks to single (default). + * + * If MinSelect is set, MaxSelect must be at least >= MinSelect. + */ + maxSelect: number + /** + * Required will require the field value to be non-empty. + */ + required: boolean + } + interface RelationField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface RelationField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface RelationField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface RelationField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface RelationField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface RelationField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface RelationField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface RelationField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface RelationField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface RelationField { + /** + * IsMultiple implements [MultiValuer] interface and checks whether the + * current field options support multiple values. + */ + isMultiple(): boolean + } + interface RelationField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface RelationField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface RelationField { + /** + * DriverValue implements the [DriverValuer] interface. + */ + driverValue(record: Record): any + } + interface RelationField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface RelationField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface RelationField { + /** + * FindSetter implements [SetterFinder] interface method. + */ + findSetter(key: string): SetterFunc + } + /** + * SelectField defines "select" type field for storing single or + * multiple string values from a predefined list. + * + * Requires the Values option to be set. + * + * If MaxSelect is not set or <= 1, then the field value is expected to be a single Values element. + * + * If MaxSelect is > 1, then the field value is expected to be a subset of Values slice. + * + * The respective zero record field value is either empty string (single) or empty string slice (multiple). + * + * --- + * + * The following additional setter keys are available: + * + * ``` + * - "fieldName+" - append one or more values to the existing record one. For example: + * + * record.Set("roles+", []string{"new1", "new2"}) // []string{"old1", "old2", "new1", "new2"} + * + * - "+fieldName" - prepend one or more values to the existing record one. For example: + * + * record.Set("+roles", []string{"new1", "new2"}) // []string{"new1", "new2", "old1", "old2"} + * + * - "fieldName-" - subtract one or more values from the existing record one. For example: + * + * record.Set("roles-", "old1") // []string{"old2"} + * ``` + */ + interface SelectField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Values specifies the list of accepted values. + */ + values: Array + /** + * MaxSelect specifies the max allowed selected values. + * + * For multiple select the value must be > 1, otherwise fallbacks to single (default). + */ + maxSelect: number + /** + * Required will require the field value to be non-empty. + */ + required: boolean + } + interface SelectField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface SelectField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface SelectField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface SelectField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface SelectField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface SelectField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface SelectField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface SelectField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface SelectField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface SelectField { + /** + * IsMultiple implements [MultiValuer] interface and checks whether the + * current field options support multiple values. + */ + isMultiple(): boolean + } + interface SelectField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface SelectField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface SelectField { + /** + * DriverValue implements the [DriverValuer] interface. + */ + driverValue(record: Record): any + } + interface SelectField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface SelectField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface SelectField { + /** + * FindSetter implements the [SetterFinder] interface. + */ + findSetter(key: string): SetterFunc + } + /** + * TextField defines "text" type field for storing any string value. + * + * The respective zero record field value is empty string. + * + * The following additional setter keys are available: + * + * - "fieldName:autogenerate" - autogenerate field value if AutogeneratePattern is set. For example: + * + * ``` + * record.Set("slug:autogenerate", "") // [random value] + * record.Set("slug:autogenerate", "abc-") // abc-[random value] + * ``` + */ + interface TextField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * Min specifies the minimum required string characters. + * + * if zero value, no min limit is applied. + */ + min: number + /** + * Max specifies the maximum allowed string characters. + * + * If zero, a default limit of 5000 is applied. + */ + max: number + /** + * Pattern specifies an optional regex pattern to match against the field value. + * + * Leave it empty to skip the pattern check. + */ + pattern: string + /** + * AutogeneratePattern specifies an optional regex pattern that could + * be used to generate random string from it and set it automatically + * on record create if no explicit value is set or when the `:autogenerate` modifier is used. + * + * Note: the generated value still needs to satisfy min, max, pattern (if set) + */ + autogeneratePattern: string + /** + * Required will require the field value to be non-empty string. + */ + required: boolean + /** + * PrimaryKey will mark the field as primary key. + * + * A single collection can have only 1 field marked as primary key. + */ + primaryKey: boolean + } + interface TextField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface TextField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface TextField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface TextField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface TextField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface TextField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface TextField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface TextField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface TextField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface TextField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface TextField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface TextField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface TextField { + /** + * ValidatePlainValue validates the provided string against the field options. + */ + validatePlainValue(value: string): void + } + interface TextField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface TextField { + /** + * Intercept implements the [RecordInterceptor] interface. + */ + intercept(ctx: context.Context, app: App, record: Record, actionName: string, actionFunc: () => void): void + } + interface TextField { + /** + * FindSetter implements the [SetterFinder] interface. + */ + findSetter(key: string): SetterFunc + } + /** + * URLField defines "url" type field for storing a single URL string value. + * + * The respective zero record field value is empty string. + */ + interface URLField { + /** + * Name (required) is the unique name of the field. + */ + name: string + /** + * Id is the unique stable field identifier. + * + * It is automatically generated from the name when adding to a collection FieldsList. + */ + id: string + /** + * System prevents the renaming and removal of the field. + */ + system: boolean + /** + * Hidden hides the field from the API response. + */ + hidden: boolean + /** + * Presentable hints the Dashboard UI to use the underlying + * field record value in the relation preview label. + */ + presentable: boolean + /** + * ExceptDomains will require the URL domain to NOT be included in the listed ones. + * + * This validator can be set only if OnlyDomains is empty. + */ + exceptDomains: Array + /** + * OnlyDomains will require the URL domain to be included in the listed ones. + * + * This validator can be set only if ExceptDomains is empty. + */ + onlyDomains: Array + /** + * Required will require the field value to be non-empty URL string. + */ + required: boolean + } + interface URLField { + /** + * Type implements [Field.Type] interface method. + */ + type(): string + } + interface URLField { + /** + * GetId implements [Field.GetId] interface method. + */ + getId(): string + } + interface URLField { + /** + * SetId implements [Field.SetId] interface method. + */ + setId(id: string): void + } + interface URLField { + /** + * GetName implements [Field.GetName] interface method. + */ + getName(): string + } + interface URLField { + /** + * SetName implements [Field.SetName] interface method. + */ + setName(name: string): void + } + interface URLField { + /** + * GetSystem implements [Field.GetSystem] interface method. + */ + getSystem(): boolean + } + interface URLField { + /** + * SetSystem implements [Field.SetSystem] interface method. + */ + setSystem(system: boolean): void + } + interface URLField { + /** + * GetHidden implements [Field.GetHidden] interface method. + */ + getHidden(): boolean + } + interface URLField { + /** + * SetHidden implements [Field.SetHidden] interface method. + */ + setHidden(hidden: boolean): void + } + interface URLField { + /** + * ColumnType implements [Field.ColumnType] interface method. + */ + columnType(app: App): string + } + interface URLField { + /** + * PrepareValue implements [Field.PrepareValue] interface method. + */ + prepareValue(record: Record, raw: any): any + } + interface URLField { + /** + * ValidateValue implements [Field.ValidateValue] interface method. + */ + validateValue(ctx: context.Context, app: App, record: Record): void + } + interface URLField { + /** + * ValidateSettings implements [Field.ValidateSettings] interface method. + */ + validateSettings(ctx: context.Context, app: App, collection: Collection): void + } + interface newFieldsList { + /** + * NewFieldsList creates a new FieldsList instance with the provided fields. + */ + (...fields: Field[]): FieldsList + } + /** + * FieldsList defines a Collection slice of fields. + */ + interface FieldsList extends Array{} + interface FieldsList { + /** + * Clone creates a deep clone of the current list. + */ + clone(): FieldsList + } + interface FieldsList { + /** + * FieldNames returns a slice with the name of all list fields. + */ + fieldNames(): Array + } + interface FieldsList { + /** + * AsMap returns a map with all registered list field. + * The returned map is indexed with each field name. + */ + asMap(): _TygojaDict + } + interface FieldsList { + /** + * GetById returns a single field by its id. + */ + getById(fieldId: string): Field + } + interface FieldsList { + /** + * GetByName returns a single field by its name. + */ + getByName(fieldName: string): Field + } + interface FieldsList { + /** + * RemoveById removes a single field by its id. + * + * This method does nothing if field with the specified id doesn't exist. + */ + removeById(fieldId: string): void + } + interface FieldsList { + /** + * RemoveByName removes a single field by its name. + * + * This method does nothing if field with the specified name doesn't exist. + */ + removeByName(fieldName: string): void + } + interface FieldsList { + /** + * Add adds one or more fields to the current list. + * + * By default this method will try to REPLACE existing fields with + * the new ones by their id or by their name if the new field doesn't have an explicit id. + * + * If no matching existing field is found, it will APPEND the field to the end of the list. + * + * In all cases, if any of the new fields don't have an explicit id it will auto generate a default one for them + * (the id value doesn't really matter and it is mostly used as a stable identifier in case of a field rename). + */ + add(...fields: Field[]): void + } + interface FieldsList { + /** + * AddAt is the same as Add but insert/move the fields at the specific position. + * + * If pos < 0, then this method acts the same as calling Add. + * + * If pos > FieldsList total items, then the specified fields are inserted/moved at the end of the list. + */ + addAt(pos: number, ...fields: Field[]): void + } + interface FieldsList { + /** + * AddMarshaledJSON parses the provided raw json data and adds the + * found fields into the current list (following the same rule as the Add method). + * + * The rawJSON argument could be one of: + * ``` + * - serialized array of field objects + * - single field object. + * ``` + * + * Example: + * + * ``` + * l.AddMarshaledJSON([]byte{`{"type":"text", name: "test"}`}) + * l.AddMarshaledJSON([]byte{`[{"type":"text", name: "test1"}, {"type":"text", name: "test2"}]`}) + * ``` + */ + addMarshaledJSON(rawJSON: string|Array): void + } + interface FieldsList { + /** + * AddMarshaledJSONAt is the same as AddMarshaledJSON but insert/move the fields at the specific position. + * + * If pos < 0, then this method acts the same as calling AddMarshaledJSON. + * + * If pos > FieldsList total items, then the specified fields are inserted/moved at the end of the list. + */ + addMarshaledJSONAt(pos: number, rawJSON: string|Array): void + } + interface FieldsList { + /** + * String returns the string representation of the current list. + */ + string(): string + } + interface onlyFieldType { + type: string + } + type _sHqecYH = Field + interface fieldWithType extends _sHqecYH { + type: string + } + interface fieldWithType { + unmarshalJSON(data: string|Array): void + } + interface FieldsList { + /** + * UnmarshalJSON implements [json.Unmarshaler] and + * loads the provided json data into the current FieldsList. + */ + unmarshalJSON(data: string|Array): void + } + interface FieldsList { + /** + * MarshalJSON implements the [json.Marshaler] interface. + */ + marshalJSON(): string|Array + } + interface FieldsList { + /** + * Value implements the [driver.Valuer] interface. + */ + value(): any + } + interface FieldsList { + /** + * Scan implements [sql.Scanner] interface to scan the provided value + * into the current FieldsList instance. + */ + scan(value: any): void + } + type _sUWXjNf = BaseModel + interface Log extends _sUWXjNf { + created: types.DateTime + data: types.JSONMap + message: string + level: number + } + interface Log { + tableName(): string + } + interface BaseApp { + /** + * LogQuery returns a new Log select query. + */ + logQuery(): (dbx.SelectQuery) + } + interface BaseApp { + /** + * FindLogById finds a single Log entry by its id. + */ + findLogById(id: string): (Log) + } + /** + * LogsStatsItem defines the total number of logs for a specific time period. + */ + interface LogsStatsItem { + date: types.DateTime + total: number + } + interface BaseApp { + /** + * LogsStats returns hourly grouped logs statistics. + */ + logsStats(expr: dbx.Expression): Array<(LogsStatsItem | undefined)> + } + interface BaseApp { + /** + * DeleteOldLogs delete all logs that are created before createdBefore. + * + * For better performance the logs delete is executed as plain SQL statement, + * aka. no delete model hook events will be fired. + */ + deleteOldLogs(createdBefore: time.Time): void + } + /** + * MFA defines a Record proxy for working with the mfas collection. + */ + type _sobFmjd = Record + interface MFA extends _sobFmjd { + } + interface newMFA { + /** + * NewMFA instantiates and returns a new blank *MFA model. + * + * Example usage: + * + * ``` + * mfa := core.NewMFA(app) + * mfa.SetRecordRef(user.Id) + * mfa.SetCollectionRef(user.Collection().Id) + * mfa.SetMethod(core.MFAMethodPassword) + * app.Save(mfa) + * ``` + */ + (app: App): (MFA) + } + interface MFA { + /** + * PreValidate implements the [PreValidator] interface and checks + * whether the proxy is properly loaded. + */ + preValidate(ctx: context.Context, app: App): void + } + interface MFA { + /** + * ProxyRecord returns the proxied Record model. + */ + proxyRecord(): (Record) + } + interface MFA { + /** + * SetProxyRecord loads the specified record model into the current proxy. + */ + setProxyRecord(record: Record): void + } + interface MFA { + /** + * CollectionRef returns the "collectionRef" field value. + */ + collectionRef(): string + } + interface MFA { + /** + * SetCollectionRef updates the "collectionRef" record field value. + */ + setCollectionRef(collectionId: string): void + } + interface MFA { + /** + * RecordRef returns the "recordRef" record field value. + */ + recordRef(): string + } + interface MFA { + /** + * SetRecordRef updates the "recordRef" record field value. + */ + setRecordRef(recordId: string): void + } + interface MFA { + /** + * Method returns the "method" record field value. + */ + method(): string + } + interface MFA { + /** + * SetMethod updates the "method" record field value. + */ + setMethod(method: string): void + } + interface MFA { + /** + * Created returns the "created" record field value. + */ + created(): types.DateTime + } + interface MFA { + /** + * Updated returns the "updated" record field value. + */ + updated(): types.DateTime + } + interface MFA { + /** + * HasExpired checks if the mfa is expired, aka. whether it has been + * more than maxElapsed time since its creation. + */ + hasExpired(maxElapsed: time.Duration): boolean + } + interface BaseApp { + /** + * FindAllMFAsByRecord returns all MFA models linked to the provided auth record. + */ + findAllMFAsByRecord(authRecord: Record): Array<(MFA | undefined)> + } + interface BaseApp { + /** + * FindAllMFAsByCollection returns all MFA models linked to the provided collection. + */ + findAllMFAsByCollection(collection: Collection): Array<(MFA | undefined)> + } + interface BaseApp { + /** + * FindMFAById returns a single MFA model by its id. + */ + findMFAById(id: string): (MFA) + } + interface BaseApp { + /** + * DeleteAllMFAsByRecord deletes all MFA models associated with the provided record. + * + * Returns a combined error with the failed deletes. + */ + deleteAllMFAsByRecord(authRecord: Record): void + } + interface BaseApp { + /** + * DeleteExpiredMFAs deletes the expired MFAs for all auth collections. + */ + deleteExpiredMFAs(): void + } + interface Migration { + up: (txApp: App) => void + down: (txApp: App) => void + file: string + reapplyCondition: (txApp: App, runner: MigrationsRunner, fileName: string) => boolean + } + /** + * MigrationsList defines a list with migration definitions + */ + interface MigrationsList { + } + interface MigrationsList { + /** + * Item returns a single migration from the list by its index. + */ + item(index: number): (Migration) + } + interface MigrationsList { + /** + * Items returns the internal migrations list slice. + */ + items(): Array<(Migration | undefined)> + } + interface MigrationsList { + /** + * Copy copies all provided list migrations into the current one. + */ + copy(list: MigrationsList): void + } + interface MigrationsList { + /** + * Add adds adds an existing migration definition to the list. + * + * If m.File is not provided, it will try to get the name from its .go file. + * + * The list will be sorted automatically based on the migrations file name. + */ + add(m: Migration): void + } + interface MigrationsList { + /** + * Register adds new migration definition to the list. + * + * If optFilename is not provided, it will try to get the name from its .go file. + * + * The list will be sorted automatically based on the migrations file name. + */ + register(up: (txApp: App) => void, down: (txApp: App) => void, ...optFilename: string[]): void + } + /** + * MigrationsRunner defines a simple struct for managing the execution of db migrations. + */ + interface MigrationsRunner { + } + interface newMigrationsRunner { + /** + * NewMigrationsRunner creates and initializes a new db migrations MigrationsRunner instance. + */ + (app: App, migrationsList: MigrationsList): (MigrationsRunner) + } + interface MigrationsRunner { + /** + * Run interactively executes the current runner with the provided args. + * + * The following commands are supported: + * - up - applies all migrations + * - down [n] - reverts the last n (default 1) applied migrations + * - history-sync - syncs the migrations table with the runner's migrations list + */ + run(...args: string[]): void + } + interface MigrationsRunner { + /** + * Up executes all unapplied migrations for the provided runner. + * + * On success returns list with the applied migrations file names. + */ + up(): Array + } + interface MigrationsRunner { + /** + * Down reverts the last `toRevertCount` applied migrations + * (in the order they were applied). + * + * On success returns list with the reverted migrations file names. + */ + down(toRevertCount: number): Array + } + interface MigrationsRunner { + /** + * RemoveMissingAppliedMigrations removes the db entries of all applied migrations + * that are not listed in the runner's migrations list. + */ + removeMissingAppliedMigrations(): void + } + /** + * OTP defines a Record proxy for working with the otps collection. + */ + type _swyrTJF = Record + interface OTP extends _swyrTJF { + } + interface newOTP { + /** + * NewOTP instantiates and returns a new blank *OTP model. + * + * Example usage: + * + * ``` + * otp := core.NewOTP(app) + * otp.SetRecordRef(user.Id) + * otp.SetCollectionRef(user.Collection().Id) + * otp.SetPassword(security.RandomStringWithAlphabet(6, "1234567890")) + * app.Save(otp) + * ``` + */ + (app: App): (OTP) + } + interface OTP { + /** + * PreValidate implements the [PreValidator] interface and checks + * whether the proxy is properly loaded. + */ + preValidate(ctx: context.Context, app: App): void + } + interface OTP { + /** + * ProxyRecord returns the proxied Record model. + */ + proxyRecord(): (Record) + } + interface OTP { + /** + * SetProxyRecord loads the specified record model into the current proxy. + */ + setProxyRecord(record: Record): void + } + interface OTP { + /** + * CollectionRef returns the "collectionRef" field value. + */ + collectionRef(): string + } + interface OTP { + /** + * SetCollectionRef updates the "collectionRef" record field value. + */ + setCollectionRef(collectionId: string): void + } + interface OTP { + /** + * RecordRef returns the "recordRef" record field value. + */ + recordRef(): string + } + interface OTP { + /** + * SetRecordRef updates the "recordRef" record field value. + */ + setRecordRef(recordId: string): void + } + interface OTP { + /** + * SentTo returns the "sentTo" record field value. + * + * It could be any string value (email, phone, message app id, etc.) + * and usually is used as part of the auth flow to update the verified + * user state in case for example the sentTo value matches with the user record email. + */ + sentTo(): string + } + interface OTP { + /** + * SetSentTo updates the "sentTo" record field value. + */ + setSentTo(val: string): void + } + interface OTP { + /** + * Created returns the "created" record field value. + */ + created(): types.DateTime + } + interface OTP { + /** + * Updated returns the "updated" record field value. + */ + updated(): types.DateTime + } + interface OTP { + /** + * HasExpired checks if the otp is expired, aka. whether it has been + * more than maxElapsed time since its creation. + */ + hasExpired(maxElapsed: time.Duration): boolean + } + interface BaseApp { + /** + * FindAllOTPsByRecord returns all OTP models linked to the provided auth record. + */ + findAllOTPsByRecord(authRecord: Record): Array<(OTP | undefined)> + } + interface BaseApp { + /** + * FindAllOTPsByCollection returns all OTP models linked to the provided collection. + */ + findAllOTPsByCollection(collection: Collection): Array<(OTP | undefined)> + } + interface BaseApp { + /** + * FindOTPById returns a single OTP model by its id. + */ + findOTPById(id: string): (OTP) + } + interface BaseApp { + /** + * DeleteAllOTPsByRecord deletes all OTP models associated with the provided record. + * + * Returns a combined error with the failed deletes. + */ + deleteAllOTPsByRecord(authRecord: Record): void + } + interface BaseApp { + /** + * DeleteExpiredOTPs deletes the expired OTPs for all auth collections. + */ + deleteExpiredOTPs(): void + } + /** + * RecordFieldResolver defines a custom search resolver struct for + * managing Record model search fields. + * + * Usually used together with `search.Provider`. + * Example: + * + * ``` + * resolver := resolvers.NewRecordFieldResolver( + * app, + * myCollection, + * &models.RequestInfo{...}, + * true, + * ) + * provider := search.NewProvider(resolver) + * ... + * ``` + */ + interface RecordFieldResolver { + } + interface RecordFieldResolver { + /** + * AllowedFields returns a copy of the resolver's allowed fields. + */ + allowedFields(): Array + } + interface RecordFieldResolver { + /** + * SetAllowedFields replaces the resolver's allowed fields with the new ones. + */ + setAllowedFields(newAllowedFields: Array): void + } + interface RecordFieldResolver { + /** + * AllowHiddenFields returns whether the current resolver allows filtering hidden fields. + */ + allowHiddenFields(): boolean + } + interface RecordFieldResolver { + /** + * SetAllowHiddenFields enables or disables hidden fields filtering. + */ + setAllowHiddenFields(allowHiddenFields: boolean): void + } + interface newRecordFieldResolver { + /** + * NewRecordFieldResolver creates and initializes a new `RecordFieldResolver`. + */ + (app: App, baseCollection: Collection, requestInfo: RequestInfo, allowHiddenFields: boolean): (RecordFieldResolver) + } + interface RecordFieldResolver { + /** + * UpdateQuery implements `search.FieldResolver` interface. + * + * Conditionally updates the provided search query based on the + * resolved fields (eg. dynamically joining relations). + */ + updateQuery(query: dbx.SelectQuery): void + } + interface RecordFieldResolver { + /** + * Resolve implements `search.FieldResolver` interface. + * + * Example of some resolvable fieldName formats: + * + * ``` + * id + * someSelect.each + * project.screen.status + * screen.project_via_prototype.name + * @request.context + * @request.method + * @request.query.filter + * @request.headers.x_token + * @request.auth.someRelation.name + * @request.body.someRelation.name + * @request.body.someField + * @request.body.someSelect:each + * @request.body.someField:isset + * @collection.product.name + * ``` + */ + resolve(fieldName: string): (search.ResolverResult) + } + interface mapExtractor { + [key:string]: any; + asMap(): _TygojaDict + } + /** + * join defines the specification for a single SQL JOIN clause. + */ + interface join { + } + /** + * multiMatchSubquery defines a record multi-match subquery expression. + */ + interface multiMatchSubquery { + } + interface multiMatchSubquery { + /** + * Build converts the expression into a SQL fragment. + * + * Implements [dbx.Expression] interface. + */ + build(db: dbx.DB, params: dbx.Params): string + } + interface runner { + } + type _sksdbkz = BaseModel + interface Record extends _sksdbkz { + } + interface newRecord { + /** + * NewRecord initializes a new empty Record model. + */ + (collection: Collection): (Record) + } + interface Record { + /** + * Collection returns the Collection model associated with the current Record model. + * + * NB! The returned collection is only for read purposes and it shouldn't be modified + * because it could have unintended side-effects on other Record models from the same collection. + */ + collection(): (Collection) + } + interface Record { + /** + * TableName returns the table name associated with the current Record model. + */ + tableName(): string + } + interface Record { + /** + * PostScan implements the [dbx.PostScanner] interface. + * + * It essentially refreshes/updates the current Record original state + * as if the model was fetched from the databases for the first time. + * + * Or in other words, it means that m.Original().FieldsData() will have + * the same values as m.Record().FieldsData(). + */ + postScan(): void + } + interface Record { + /** + * HookTags returns the hook tags associated with the current record. + */ + hookTags(): Array + } + interface Record { + /** + * BaseFilesPath returns the storage dir path used by the record. + */ + baseFilesPath(): string + } + interface Record { + /** + * Original returns a shallow copy of the current record model populated + * with its ORIGINAL db data state (aka. right after PostScan()) + * and everything else reset to the defaults. + * + * If record was created using NewRecord() the original will be always + * a blank record (until PostScan() is invoked). + */ + original(): (Record) + } + interface Record { + /** + * Fresh returns a shallow copy of the current record model populated + * with its LATEST data state and everything else reset to the defaults + * (aka. no expand, no unknown fields and with default visibility flags). + */ + fresh(): (Record) + } + interface Record { + /** + * Clone returns a shallow copy of the current record model with all of + * its collection and unknown fields data, expand and flags copied. + * + * use [Record.Fresh()] instead if you want a copy with only the latest + * collection fields data and everything else reset to the defaults. + */ + clone(): (Record) + } + interface Record { + /** + * Expand returns a shallow copy of the current Record model expand data (if any). + */ + expand(): _TygojaDict + } + interface Record { + /** + * SetExpand replaces the current Record's expand with the provided expand arg data (shallow copied). + */ + setExpand(expand: _TygojaDict): void + } + interface Record { + /** + * MergeExpand merges recursively the provided expand data into + * the current model's expand (if any). + * + * Note that if an expanded prop with the same key is a slice (old or new expand) + * then both old and new records will be merged into a new slice (aka. a :merge: [b,c] => [a,b,c]). + * Otherwise the "old" expanded record will be replace with the "new" one (aka. a :merge: aNew => aNew). + */ + mergeExpand(expand: _TygojaDict): void + } + interface Record { + /** + * FieldsData returns a shallow copy ONLY of the collection's fields record's data. + */ + fieldsData(): _TygojaDict + } + interface Record { + /** + * CustomData returns a shallow copy ONLY of the custom record fields data, + * aka. fields that are neither defined by the collection, nor special system ones. + * + * Note that custom fields prefixed with "@pbInternal" are always skipped. + */ + customData(): _TygojaDict + } + interface Record { + /** + * WithCustomData toggles the export/serialization of custom data fields + * (false by default). + */ + withCustomData(state: boolean): (Record) + } + interface Record { + /** + * IgnoreEmailVisibility toggles the flag to ignore the auth record email visibility check. + */ + ignoreEmailVisibility(state: boolean): (Record) + } + interface Record { + /** + * IgnoreUnchangedFields toggles the flag to ignore the unchanged fields + * from the DB export for the UPDATE SQL query. + * + * This could be used if you want to save only the record fields that you've changed + * without overwrite other untouched fields in case of concurrent update. + * + * Note that the fields change comparison is based on the current fields against m.Original() + * (aka. if you have performed save on the same Record instance multiple times you may have to refetch it, + * so that m.Original() could reflect the last saved change). + */ + ignoreUnchangedFields(state: boolean): (Record) + } + interface Record { + /** + * Set sets the provided key-value data pair into the current Record + * model directly as it is WITHOUT NORMALIZATIONS. + * + * See also [Record.Set]. + */ + setRaw(key: string, value: any): void + } + interface Record { + /** + * SetIfFieldExists sets the provided key-value data pair into the current Record model + * ONLY if key is existing Collection field name/modifier. + * + * This method does nothing if key is not a known Collection field name/modifier. + * + * On success returns the matched Field, otherwise - nil. + * + * To set any key-value, including custom/unknown fields, use the [Record.Set] method. + */ + setIfFieldExists(key: string, value: any): Field + } + interface Record { + /** + * Set sets the provided key-value data pair into the current Record model. + * + * If the record collection has field with name matching the provided "key", + * the value will be further normalized according to the field setter(s). + */ + set(key: string, value: any): void + } + interface Record { + getRaw(key: string): any + } + interface Record { + /** + * Get returns a normalized single record model data value for "key". + */ + get(key: string): any + } + interface Record { + /** + * Load bulk loads the provided data into the current Record model. + */ + load(data: _TygojaDict): void + } + interface Record { + /** + * GetBool returns the data value for "key" as a bool. + */ + getBool(key: string): boolean + } + interface Record { + /** + * GetString returns the data value for "key" as a string. + */ + getString(key: string): string + } + interface Record { + /** + * GetInt returns the data value for "key" as an int. + */ + getInt(key: string): number + } + interface Record { + /** + * GetFloat returns the data value for "key" as a float64. + */ + getFloat(key: string): number + } + interface Record { + /** + * GetDateTime returns the data value for "key" as a DateTime instance. + */ + getDateTime(key: string): types.DateTime + } + interface Record { + /** + * GetGeoPoint returns the data value for "key" as a GeoPoint instance. + */ + getGeoPoint(key: string): types.GeoPoint + } + interface Record { + /** + * GetStringSlice returns the data value for "key" as a slice of non-zero unique strings. + */ + getStringSlice(key: string): Array + } + interface Record { + /** + * GetUnsavedFiles returns the uploaded files for the provided "file" field key, + * (aka. the current [*filesytem.File] values) so that you can apply further + * validations or modifications (including changing the file name or content before persisting). + * + * Example: + * + * ``` + * files := record.GetUnsavedFiles("documents") + * for _, f := range files { + * f.Name = "doc_" + f.Name // add a prefix to each file name + * } + * app.Save(record) // the files are pointers so the applied changes will transparently reflect on the record value + * ``` + */ + getUnsavedFiles(key: string): Array<(filesystem.File | undefined)> + } + interface Record { + /** + * Deprecated: replaced with GetUnsavedFiles. + */ + getUploadedFiles(key: string): Array<(filesystem.File | undefined)> + } + interface Record { + /** + * Retrieves the "key" json field value and unmarshals it into "result". + * + * Example + * + * ``` + * result := struct { + * FirstName string `json:"first_name"` + * }{} + * err := m.UnmarshalJSONField("my_field_name", &result) + * ``` + */ + unmarshalJSONField(key: string, result: any): void + } + interface Record { + /** + * ExpandedOne retrieves a single relation Record from the already + * loaded expand data of the current model. + * + * If the requested expand relation is multiple, this method returns + * only first available Record from the expanded relation. + * + * Returns nil if there is no such expand relation loaded. + */ + expandedOne(relField: string): (Record) + } + interface Record { + /** + * ExpandedAll retrieves a slice of relation Records from the already + * loaded expand data of the current model. + * + * If the requested expand relation is single, this method normalizes + * the return result and will wrap the single model as a slice. + * + * Returns nil slice if there is no such expand relation loaded. + */ + expandedAll(relField: string): Array<(Record | undefined)> + } + interface Record { + /** + * FindFileFieldByFile returns the first file type field for which + * any of the record's data contains the provided filename. + */ + findFileFieldByFile(filename: string): (FileField) + } + interface Record { + /** + * DBExport implements the [DBExporter] interface and returns a key-value + * map with the data to be persisted when saving the Record in the database. + */ + dbExport(app: App): _TygojaDict + } + interface Record { + /** + * Hide hides the specified fields from the public safe serialization of the record. + */ + hide(...fieldNames: string[]): (Record) + } + interface Record { + /** + * Unhide forces to unhide the specified fields from the public safe serialization + * of the record (even when the collection field itself is marked as hidden). + */ + unhide(...fieldNames: string[]): (Record) + } + interface Record { + /** + * PublicExport exports only the record fields that are safe to be public. + * + * To export unknown data fields you need to set record.WithCustomData(true). + * + * For auth records, to force the export of the email field you need to set + * record.IgnoreEmailVisibility(true). + */ + publicExport(): _TygojaDict + } + interface Record { + /** + * MarshalJSON implements the [json.Marshaler] interface. + * + * Only the data exported by `PublicExport()` will be serialized. + */ + marshalJSON(): string|Array + } + interface Record { + /** + * UnmarshalJSON implements the [json.Unmarshaler] interface. + */ + unmarshalJSON(data: string|Array): void + } + interface Record { + /** + * ReplaceModifiers returns a new map with applied modifier + * values based on the current record and the specified data. + * + * The resolved modifier keys will be removed. + * + * Multiple modifiers will be applied one after another, + * while reusing the previous base key value result (ex. 1; -5; +2 => -2). + * + * Note that because Go doesn't guaranteed the iteration order of maps, + * we would explicitly apply shorter keys first for a more consistent and reproducible behavior. + * + * Example usage: + * + * ``` + * newData := record.ReplaceModifiers(data) + * // record: {"field": 10} + * // data: {"field+": 5} + * // result: {"field": 15} + * ``` + */ + replaceModifiers(data: _TygojaDict): _TygojaDict + } + interface Record { + /** + * Email returns the "email" record field value (usually available with Auth collections). + */ + email(): string + } + interface Record { + /** + * SetEmail sets the "email" record field value (usually available with Auth collections). + */ + setEmail(email: string): void + } + interface Record { + /** + * Verified returns the "emailVisibility" record field value (usually available with Auth collections). + */ + emailVisibility(): boolean + } + interface Record { + /** + * SetEmailVisibility sets the "emailVisibility" record field value (usually available with Auth collections). + */ + setEmailVisibility(visible: boolean): void + } + interface Record { + /** + * Verified returns the "verified" record field value (usually available with Auth collections). + */ + verified(): boolean + } + interface Record { + /** + * SetVerified sets the "verified" record field value (usually available with Auth collections). + */ + setVerified(verified: boolean): void + } + interface Record { + /** + * TokenKey returns the "tokenKey" record field value (usually available with Auth collections). + */ + tokenKey(): string + } + interface Record { + /** + * SetTokenKey sets the "tokenKey" record field value (usually available with Auth collections). + */ + setTokenKey(key: string): void + } + interface Record { + /** + * RefreshTokenKey generates and sets a new random auth record "tokenKey". + */ + refreshTokenKey(): void + } + interface Record { + /** + * SetPassword sets the "password" record field value (usually available with Auth collections). + */ + setPassword(password: string): void + } + interface Record { + /** + * SetRandomPassword sets the "password" auth record field to a random autogenerated value. + * + * The autogenerated password is ~30 characters and it is set directly as hash, + * aka. the field plain password value validators (length, pattern, etc.) are ignored + * (this is usually used as part of the auto created OTP or OAuth2 user flows). + */ + setRandomPassword(): string + } + interface Record { + /** + * ValidatePassword validates a plain password against the "password" record field. + * + * Returns false if the password is incorrect. + */ + validatePassword(password: string): boolean + } + interface Record { + /** + * IsSuperuser returns whether the current record is a superuser, aka. + * whether the record is from the _superusers collection. + */ + isSuperuser(): boolean + } + /** + * RecordProxy defines an interface for a Record proxy/project model, + * aka. custom model struct that acts on behalve the proxied Record to + * allow for example typed getter/setters for the Record fields. + * + * To implement the interface it is usually enough to embed the [BaseRecordProxy] struct. + */ + interface RecordProxy { + [key:string]: any; + /** + * ProxyRecord returns the proxied Record model. + */ + proxyRecord(): (Record) + /** + * SetProxyRecord loads the specified record model into the current proxy. + */ + setProxyRecord(record: Record): void + } + /** + * BaseRecordProxy implements the [RecordProxy] interface and it is intended + * to be used as embed to custom user provided Record proxy structs. + */ + type _sPOlOfX = Record + interface BaseRecordProxy extends _sPOlOfX { + } + interface BaseRecordProxy { + /** + * ProxyRecord returns the proxied Record model. + */ + proxyRecord(): (Record) + } + interface BaseRecordProxy { + /** + * SetProxyRecord loads the specified record model into the current proxy. + */ + setProxyRecord(record: Record): void + } + interface BaseApp { + /** + * RecordQuery returns a new Record select query from a collection model, id or name. + * + * In case a collection id or name is provided and that collection doesn't + * actually exists, the generated query will be created with a cancelled context + * and will fail once an executor (Row(), One(), All(), etc.) is called. + */ + recordQuery(collectionModelOrIdentifier: any): (dbx.SelectQuery) + } + interface BaseApp { + /** + * FindRecordById finds the Record model by its id. + */ + findRecordById(collectionModelOrIdentifier: any, recordId: string, ...optFilters: ((q: dbx.SelectQuery) => void)[]): (Record) + } + interface BaseApp { + /** + * FindRecordsByIds finds all records by the specified ids. + * If no records are found, returns an empty slice. + */ + findRecordsByIds(collectionModelOrIdentifier: any, recordIds: Array, ...optFilters: ((q: dbx.SelectQuery) => void)[]): Array<(Record | undefined)> + } + interface BaseApp { + /** + * FindAllRecords finds all records matching specified db expressions. + * + * Returns all collection records if no expression is provided. + * + * Returns an empty slice if no records are found. + * + * Example: + * + * ``` + * // no extra expressions + * app.FindAllRecords("example") + * + * // with extra expressions + * expr1 := dbx.HashExp{"email": "test@example.com"} + * expr2 := dbx.NewExp("LOWER(username) = {:username}", dbx.Params{"username": "test"}) + * app.FindAllRecords("example", expr1, expr2) + * ``` + */ + findAllRecords(collectionModelOrIdentifier: any, ...exprs: dbx.Expression[]): Array<(Record | undefined)> + } + interface BaseApp { + /** + * FindFirstRecordByData returns the first found record matching + * the provided key-value pair. + */ + findFirstRecordByData(collectionModelOrIdentifier: any, key: string, value: any): (Record) + } + interface BaseApp { + /** + * FindRecordsByFilter returns limit number of records matching the + * provided string filter. + * + * NB! Use the last "params" argument to bind untrusted user variables! + * + * The filter argument is optional and can be empty string to target + * all available records. + * + * The sort argument is optional and can be empty string OR the same format + * used in the web APIs, ex. "-created,title". + * + * If the limit argument is <= 0, no limit is applied to the query and + * all matching records are returned. + * + * Returns an empty slice if no records are found. + * + * Example: + * + * ``` + * app.FindRecordsByFilter( + * "posts", + * "title ~ {:title} && visible = {:visible}", + * "-created", + * 10, + * 0, + * dbx.Params{"title": "lorem ipsum", "visible": true} + * ) + * ``` + */ + findRecordsByFilter(collectionModelOrIdentifier: any, filter: string, sort: string, limit: number, offset: number, ...params: dbx.Params[]): Array<(Record | undefined)> + } + interface BaseApp { + /** + * FindFirstRecordByFilter returns the first available record matching the provided filter (if any). + * + * NB! Use the last params argument to bind untrusted user variables! + * + * Returns sql.ErrNoRows if no record is found. + * + * Example: + * + * ``` + * app.FindFirstRecordByFilter("posts", "") + * app.FindFirstRecordByFilter("posts", "slug={:slug} && status='public'", dbx.Params{"slug": "test"}) + * ``` + */ + findFirstRecordByFilter(collectionModelOrIdentifier: any, filter: string, ...params: dbx.Params[]): (Record) + } + interface BaseApp { + /** + * CountRecords returns the total number of records in a collection. + */ + countRecords(collectionModelOrIdentifier: any, ...exprs: dbx.Expression[]): number + } + interface BaseApp { + /** + * FindAuthRecordByToken finds the auth record associated with the provided JWT + * (auth, file, verifyEmail, changeEmail, passwordReset types). + * + * Optionally specify a list of validTypes to check tokens only from those types. + * + * Returns an error if the JWT is invalid, expired or not associated to an auth collection record. + */ + findAuthRecordByToken(token: string, ...validTypes: string[]): (Record) + } + interface BaseApp { + /** + * FindAuthRecordByEmail finds the auth record associated with the provided email. + * + * The email check would be case-insensitive if the related collection + * email unique index has COLLATE NOCASE specified for the email column. + * + * Returns an error if it is not an auth collection or the record is not found. + */ + findAuthRecordByEmail(collectionModelOrIdentifier: any, email: string): (Record) + } + interface BaseApp { + /** + * CanAccessRecord checks if a record is allowed to be accessed by the + * specified requestInfo and accessRule. + * + * Rule and db checks are ignored in case requestInfo.Auth is a superuser. + * + * The returned error indicate that something unexpected happened during + * the check (eg. invalid rule or db query error). + * + * The method always return false on invalid rule or db query error. + * + * Example: + * + * ``` + * requestInfo, _ := e.RequestInfo() + * record, _ := app.FindRecordById("example", "RECORD_ID") + * rule := types.Pointer("@request.auth.id != '' || status = 'public'") + * // ... or use one of the record collection's rule, eg. record.Collection().ViewRule + * + * if ok, _ := app.CanAccessRecord(record, requestInfo, rule); ok { ... } + * ``` + */ + canAccessRecord(record: Record, requestInfo: RequestInfo, accessRule: string): boolean + } + /** + * ExpandFetchFunc defines the function that is used to fetch the expanded relation records. + */ + interface ExpandFetchFunc {(relCollection: Collection, relIds: Array): Array<(Record | undefined)> } + interface BaseApp { + /** + * ExpandRecord expands the relations of a single Record model. + * + * If optFetchFunc is not set, then a default function will be used + * that returns all relation records. + * + * Returns a map with the failed expand parameters and their errors. + */ + expandRecord(record: Record, expands: Array, optFetchFunc: ExpandFetchFunc): _TygojaDict + } + interface BaseApp { + /** + * ExpandRecords expands the relations of the provided Record models list. + * + * If optFetchFunc is not set, then a default function will be used + * that returns all relation records. + * + * Returns a map with the failed expand parameters and their errors. + */ + expandRecords(records: Array<(Record | undefined)>, expands: Array, optFetchFunc: ExpandFetchFunc): _TygojaDict + } + interface Record { + /** + * NewStaticAuthToken generates and returns a new static record authentication token. + * + * Static auth tokens are similar to the regular auth tokens, but are + * non-refreshable and support custom duration. + * + * Zero or negative duration will fallback to the duration from the auth collection settings. + */ + newStaticAuthToken(duration: time.Duration): string + } + interface Record { + /** + * NewAuthToken generates and returns a new record authentication token. + */ + newAuthToken(): string + } + interface Record { + /** + * NewVerificationToken generates and returns a new record verification token. + */ + newVerificationToken(): string + } + interface Record { + /** + * NewPasswordResetToken generates and returns a new auth record password reset request token. + */ + newPasswordResetToken(): string + } + interface Record { + /** + * NewEmailChangeToken generates and returns a new auth record change email request token. + */ + newEmailChangeToken(newEmail: string): string + } + interface Record { + /** + * NewFileToken generates and returns a new record private file access token. + */ + newFileToken(): string + } + interface settings { + smtp: SMTPConfig + backups: BackupsConfig + s3: S3Config + meta: MetaConfig + rateLimits: RateLimitsConfig + trustedProxy: TrustedProxyConfig + batch: BatchConfig + logs: LogsConfig + } + /** + * Settings defines the PocketBase app settings. + */ + type _sXtvxjh = settings + interface Settings extends _sXtvxjh { + } + interface Settings { + /** + * TableName implements [Model.TableName] interface method. + */ + tableName(): string + } + interface Settings { + /** + * PK implements [Model.LastSavedPK] interface method. + */ + lastSavedPK(): any + } + interface Settings { + /** + * PK implements [Model.PK] interface method. + */ + pk(): any + } + interface Settings { + /** + * IsNew implements [Model.IsNew] interface method. + */ + isNew(): boolean + } + interface Settings { + /** + * MarkAsNew implements [Model.MarkAsNew] interface method. + */ + markAsNew(): void + } + interface Settings { + /** + * MarkAsNew implements [Model.MarkAsNotNew] interface method. + */ + markAsNotNew(): void + } + interface Settings { + /** + * PostScan implements [Model.PostScan] interface method. + */ + postScan(): void + } + interface Settings { + /** + * String returns a serialized string representation of the current settings. + */ + string(): string + } + interface Settings { + /** + * DBExport prepares and exports the current settings for db persistence. + */ + dbExport(app: App): _TygojaDict + } + interface Settings { + /** + * PostValidate implements the [PostValidator] interface and defines + * the Settings model validations. + */ + postValidate(ctx: context.Context, app: App): void + } + interface Settings { + /** + * Merge merges the "other" settings into the current one. + */ + merge(other: Settings): void + } + interface Settings { + /** + * Clone creates a new deep copy of the current settings. + */ + clone(): (Settings) + } + interface Settings { + /** + * MarshalJSON implements the [json.Marshaler] interface. + * + * Note that sensitive fields (S3 secret, SMTP password, etc.) are excluded. + */ + marshalJSON(): string|Array + } + interface SMTPConfig { + enabled: boolean + port: number + host: string + username: string + password: string + /** + * SMTP AUTH - PLAIN (default) or LOGIN + */ + authMethod: string + /** + * Whether to enforce TLS encryption for the mail server connection. + * + * When set to false StartTLS command is send, leaving the server + * to decide whether to upgrade the connection or not. + */ + tls: boolean + /** + * LocalName is optional domain name or IP address used for the + * EHLO/HELO exchange (if not explicitly set, defaults to "localhost"). + * + * This is required only by some SMTP servers, such as Gmail SMTP-relay. + */ + localName: string + } + interface SMTPConfig { + /** + * Validate makes SMTPConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface S3Config { + enabled: boolean + bucket: string + region: string + endpoint: string + accessKey: string + secret: string + forcePathStyle: boolean + } + interface S3Config { + /** + * Validate makes S3Config validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface BatchConfig { + enabled: boolean + /** + * MaxRequests is the maximum allowed batch request to execute. + */ + maxRequests: number + /** + * Timeout is the the max duration in seconds to wait before cancelling the batch transaction. + */ + timeout: number + /** + * MaxBodySize is the maximum allowed batch request body size in bytes. + * + * If not set, fallbacks to max ~128MB. + */ + maxBodySize: number + } + interface BatchConfig { + /** + * Validate makes BatchConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface BackupsConfig { + /** + * Cron is a cron expression to schedule auto backups, eg. "* * * * *". + * + * Leave it empty to disable the auto backups functionality. + */ + cron: string + /** + * CronMaxKeep is the the max number of cron generated backups to + * keep before removing older entries. + * + * This field works only when the cron config has valid cron expression. + */ + cronMaxKeep: number + /** + * S3 is an optional S3 storage config specifying where to store the app backups. + */ + s3: S3Config + } + interface BackupsConfig { + /** + * Validate makes BackupsConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface MetaConfig { + appName: string + appURL: string + senderName: string + senderAddress: string + hideControls: boolean + } + interface MetaConfig { + /** + * Validate makes MetaConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface LogsConfig { + maxDays: number + minLevel: number + logIP: boolean + logAuthId: boolean + } + interface LogsConfig { + /** + * Validate makes LogsConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface TrustedProxyConfig { + /** + * Headers is a list of explicit trusted header(s) to check. + */ + headers: Array + /** + * UseLeftmostIP specifies to use the left-mostish IP from the trusted headers. + * + * Note that this could be insecure when used with X-Forwarded-For header + * because some proxies like AWS ELB allow users to prepend their own header value + * before appending the trusted ones. + */ + useLeftmostIP: boolean + } + interface TrustedProxyConfig { + /** + * MarshalJSON implements the [json.Marshaler] interface. + */ + marshalJSON(): string|Array + } + interface TrustedProxyConfig { + /** + * Validate makes RateLimitRule validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface RateLimitsConfig { + rules: Array + enabled: boolean + } + interface RateLimitsConfig { + /** + * FindRateLimitRule returns the first matching rule based on the provided labels. + * + * Optionally you can further specify a list of valid RateLimitRule.Audience values to further filter the matching rule + * (aka. the rule Audience will have to exist in one of the specified options). + */ + findRateLimitRule(searchLabels: Array, ...optOnlyAudience: string[]): [RateLimitRule, boolean] + } + interface RateLimitsConfig { + /** + * MarshalJSON implements the [json.Marshaler] interface. + */ + marshalJSON(): string|Array + } + interface RateLimitsConfig { + /** + * Validate makes RateLimitsConfig validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface RateLimitRule { + /** + * Label is the identifier of the current rule. + * + * It could be a tag, complete path or path prerefix (when ends with `/`). + * + * Example supported labels: + * ``` + * - test_a (plain text "tag") + * - users:create + * - *:create + * - / + * - /api + * - POST /api/collections/ + * ``` + */ + label: string + /** + * Audience specifies the auth group the rule should apply for: + * ``` + * - "" - both guests and authenticated users (default) + * - "guest" - only for guests + * - "auth" - only for authenticated users + * ``` + */ + audience: string + /** + * Duration specifies the interval (in seconds) per which to reset + * the counted/accumulated rate limiter tokens. + */ + duration: number + /** + * MaxRequests is the max allowed number of requests per Duration. + */ + maxRequests: number + } + interface RateLimitRule { + /** + * Validate makes RateLimitRule validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface RateLimitRule { + /** + * DurationTime returns the tag's Duration as [time.Duration]. + */ + durationTime(): time.Duration + } + type _sCbDiPV = BaseModel + interface Param extends _sCbDiPV { + created: types.DateTime + updated: types.DateTime + value: types.JSONRaw + } + interface Param { + tableName(): string + } + interface BaseApp { + /** + * ReloadSettings initializes and reloads the stored application settings. + * + * If no settings were stored it will persist the current app ones. + */ + reloadSettings(): void + } + interface BaseApp { + /** + * DeleteView drops the specified view name. + * + * This method is a no-op if a view with the provided name doesn't exist. + * + * NB! Be aware that this method is vulnerable to SQL injection and the + * "name" argument must come only from trusted input! + */ + deleteView(name: string): void + } + interface BaseApp { + /** + * SaveView creates (or updates already existing) persistent SQL view. + * + * NB! Be aware that this method is vulnerable to SQL injection and the + * "selectQuery" argument must come only from trusted input! + */ + saveView(name: string, selectQuery: string): void + } + interface BaseApp { + /** + * CreateViewFields creates a new FieldsList from the provided select query. + * + * There are some caveats: + * - The select query must have an "id" column. + * - Wildcard ("*") columns are not supported to avoid accidentally leaking sensitive data. + */ + createViewFields(selectQuery: string): FieldsList + } + interface BaseApp { + /** + * FindRecordByViewFile returns the original Record of the provided view collection file. + */ + findRecordByViewFile(viewCollectionModelOrIdentifier: any, fileFieldName: string, filename: string): (Record) + } + interface queryField { + } + interface identifier { + } + interface identifiersParser { + } +} + +/** + * Package mails implements various helper methods for sending common + * emails like forgotten password, verification, etc. + */ +namespace mails { + interface sendRecordAuthAlert { + /** + * SendRecordAuthAlert sends a new device login alert to the specified auth record. + */ + (app: CoreApp, authRecord: core.Record): void + } + interface sendRecordOTP { + /** + * SendRecordOTP sends OTP email to the specified auth record. + * + * This method will also update the "sentTo" field of the related OTP record to the mail sent To address (if the OTP exists and not already assigned). + */ + (app: CoreApp, authRecord: core.Record, otpId: string, pass: string): void + } + interface sendRecordPasswordReset { + /** + * SendRecordPasswordReset sends a password reset request email to the specified auth record. + */ + (app: CoreApp, authRecord: core.Record): void + } + interface sendRecordVerification { + /** + * SendRecordVerification sends a verification request email to the specified auth record. + */ + (app: CoreApp, authRecord: core.Record): void + } + interface sendRecordChangeEmail { + /** + * SendRecordChangeEmail sends a change email confirmation email to the specified auth record. + */ + (app: CoreApp, authRecord: core.Record, newEmail: string): void + } +} + +namespace forms { + // @ts-ignore + import validation = ozzo_validation + /** + * AppleClientSecretCreate is a form struct to generate a new Apple Client Secret. + * + * Reference: https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens + */ + interface AppleClientSecretCreate { + /** + * ClientId is the identifier of your app (aka. Service ID). + */ + clientId: string + /** + * TeamId is a 10-character string associated with your developer account + * (usually could be found next to your name in the Apple Developer site). + */ + teamId: string + /** + * KeyId is a 10-character key identifier generated for the "Sign in with Apple" + * private key associated with your developer account. + */ + keyId: string + /** + * PrivateKey is the private key associated to your app. + * Usually wrapped within -----BEGIN PRIVATE KEY----- X -----END PRIVATE KEY-----. + */ + privateKey: string + /** + * Duration specifies how long the generated JWT should be considered valid. + * The specified value must be in seconds and max 15777000 (~6months). + */ + duration: number + } + interface newAppleClientSecretCreate { + /** + * NewAppleClientSecretCreate creates a new [AppleClientSecretCreate] form with initializer + * config created from the provided [CoreApp] instances. + */ + (app: CoreApp): (AppleClientSecretCreate) + } + interface AppleClientSecretCreate { + /** + * Validate makes the form validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface AppleClientSecretCreate { + /** + * Submit validates the form and returns a new Apple Client Secret JWT. + */ + submit(): string + } + interface RecordUpsert { + } + interface newRecordUpsert { + /** + * NewRecordUpsert creates a new [RecordUpsert] form from the provided [CoreApp] and [core.Record] instances + * (for create you could pass a pointer to an empty Record - core.NewRecord(collection)). + */ + (app: CoreApp, record: core.Record): (RecordUpsert) + } + interface RecordUpsert { + /** + * SetContext assigns ctx as context of the current form. + */ + setContext(ctx: context.Context): void + } + interface RecordUpsert { + /** + * SetApp replaces the current form app instance. + * + * This could be used for example if you want to change at later stage + * before submission to change from regular -> transactional app instance. + */ + setApp(app: CoreApp): void + } + interface RecordUpsert { + /** + * SetRecord replaces the current form record instance. + */ + setRecord(record: core.Record): void + } + interface RecordUpsert { + /** + * ResetAccess resets the form access level to the accessLevelDefault. + */ + resetAccess(): void + } + interface RecordUpsert { + /** + * GrantManagerAccess updates the form access level to "manager" allowing + * directly changing some system record fields (often used with auth collection records). + */ + grantManagerAccess(): void + } + interface RecordUpsert { + /** + * GrantSuperuserAccess updates the form access level to "superuser" allowing + * directly changing all system record fields, including those marked as "Hidden". + */ + grantSuperuserAccess(): void + } + interface RecordUpsert { + /** + * HasManageAccess reports whether the form has "manager" or "superuser" level access. + */ + hasManageAccess(): boolean + } + interface RecordUpsert { + /** + * Load loads the provided data into the form and the related record. + */ + load(data: _TygojaDict): void + } + interface RecordUpsert { + /** + * Deprecated: It was previously used as part of the record create action but it is not needed anymore and will be removed in the future. + * + * DrySubmit performs a temp form submit within a transaction and reverts it at the end. + * For actual record persistence, check the [RecordUpsert.Submit()] method. + * + * This method doesn't perform validations, handle file uploads/deletes or trigger app save events! + */ + drySubmit(callback: (txApp: CoreApp, drySavedRecord: core.Record) => void): void + } + interface RecordUpsert { + /** + * Submit validates the form specific validations and attempts to save the form record. + */ + submit(): void + } + /** + * TestEmailSend is a email template test request form. + */ + interface TestEmailSend { + email: string + template: string + collection: string // optional, fallbacks to _superusers + } + interface newTestEmailSend { + /** + * NewTestEmailSend creates and initializes new TestEmailSend form. + */ + (app: CoreApp): (TestEmailSend) + } + interface TestEmailSend { + /** + * Validate makes the form validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface TestEmailSend { + /** + * Submit validates and sends a test email to the form.Email address. + */ + submit(): void + } + /** + * TestS3Filesystem defines a S3 filesystem connection test. + */ + interface TestS3Filesystem { + /** + * The name of the filesystem - storage or backups + */ + filesystem: string + } + interface newTestS3Filesystem { + /** + * NewTestS3Filesystem creates and initializes new TestS3Filesystem form. + */ + (app: CoreApp): (TestS3Filesystem) + } + interface TestS3Filesystem { + /** + * Validate makes the form validatable by implementing [validation.Validatable] interface. + */ + validate(): void + } + interface TestS3Filesystem { + /** + * Submit validates and performs a S3 filesystem connection test. + */ + submit(): void + } +} + +namespace apis { + interface toApiError { + /** + * ToApiError wraps err into ApiError instance (if not already). + */ + (err: Error): (router.ApiError) + } + interface newApiError { + /** + * NewApiError is an alias for [router.NewApiError]. + */ + (status: number, message: string, errData: any): (router.ApiError) + } + interface newBadRequestError { + /** + * NewBadRequestError is an alias for [router.NewBadRequestError]. + */ + (message: string, errData: any): (router.ApiError) + } + interface newNotFoundError { + /** + * NewNotFoundError is an alias for [router.NewNotFoundError]. + */ + (message: string, errData: any): (router.ApiError) + } + interface newForbiddenError { + /** + * NewForbiddenError is an alias for [router.NewForbiddenError]. + */ + (message: string, errData: any): (router.ApiError) + } + interface newUnauthorizedError { + /** + * NewUnauthorizedError is an alias for [router.NewUnauthorizedError]. + */ + (message: string, errData: any): (router.ApiError) + } + interface newTooManyRequestsError { + /** + * NewTooManyRequestsError is an alias for [router.NewTooManyRequestsError]. + */ + (message: string, errData: any): (router.ApiError) + } + interface newInternalServerError { + /** + * NewInternalServerError is an alias for [router.NewInternalServerError]. + */ + (message: string, errData: any): (router.ApiError) + } + interface backupFileInfo { + modified: types.DateTime + key: string + size: number + } + // @ts-ignore + import validation = ozzo_validation + interface backupCreateForm { + name: string + } + interface backupUploadForm { + file?: filesystem.File + } + interface newRouter { + /** + * NewRouter returns a new router instance loaded with the default app middlewares and api routes. + */ + (app: CoreApp): (router.Router) + } + interface wrapStdHandler { + /** + * WrapStdHandler wraps Go [http.Handler] into a PocketBase handler func. + */ + (h: http.Handler): (_arg0: core.RequestEvent) => void + } + interface wrapStdMiddleware { + /** + * WrapStdMiddleware wraps Go [func(http.Handler) http.Handle] into a PocketBase middleware func. + */ + (m: (_arg0: http.Handler) => http.Handler): (_arg0: core.RequestEvent) => void + } + interface mustSubFS { + /** + * MustSubFS returns an [fs.FS] corresponding to the subtree rooted at fsys's dir. + * + * This is similar to [fs.Sub] but panics on failure. + */ + (fsys: fs.FS, dir: string): fs.FS + } + interface _static { + /** + * Static is a handler function to serve static directory content from fsys. + * + * If a file resource is missing and indexFallback is set, the request + * will be forwarded to the base index.html (useful for SPA with pretty urls). + * + * NB! Expects the route to have a "{path...}" wildcard parameter. + * + * Special redirects: + * ``` + * - if "path" is a file that ends in index.html, it is redirected to its non-index.html version (eg. /test/index.html -> /test/) + * - if "path" is a directory that has index.html, the index.html file is rendered, + * otherwise if missing - returns 404 or fallback to the root index.html if indexFallback is set + * ``` + * + * Example: + * + * ``` + * fsys := os.DirFS("./pb_public") + * router.GET("/files/{path...}", apis.Static(fsys, false)) + * ``` + */ + (fsys: fs.FS, indexFallback: boolean): (_arg0: core.RequestEvent) => void + } + interface HandleFunc {(e: core.RequestEvent): void } + interface BatchActionHandlerFunc {(app: CoreApp, ir: core.InternalRequest, params: _TygojaDict, next: (data: any) => void): HandleFunc } + interface BatchRequestResult { + body: any + status: number + } + interface batchRequestsForm { + requests: Array<(core.InternalRequest | undefined)> + } + interface batchProcessor { + } + interface batchProcessor { + process(batch: Array<(core.InternalRequest | undefined)>, timeout: time.Duration): void + } + interface BatchResponseError { + } + interface BatchResponseError { + error(): string + } + interface BatchResponseError { + code(): string + } + interface BatchResponseError { + resolve(errData: _TygojaDict): any + } + interface BatchResponseError { + marshalJSON(): string|Array + } + interface collectionsImportForm { + collections: Array<_TygojaDict> + deleteMissing: boolean + } + interface fileApi { + } + interface defaultInstallerFunc { + /** + * DefaultInstallerFunc is the default PocketBase installer function. + * + * It will attempt to open a link in the browser (with a short-lived auth + * token for the systemSuperuser) to the installer UI so that users can + * create their own custom superuser record. + * + * See https://github.com/pocketbase/pocketbase/discussions/5814. + */ + (app: CoreApp, systemSuperuser: core.Record, baseURL: string): void + } + interface requireGuestOnly { + /** + * RequireGuestOnly middleware requires a request to NOT have a valid + * Authorization header. + * + * This middleware is the opposite of [apis.RequireAuth()]. + */ + (): (hook.Handler) + } + interface requireAuth { + /** + * RequireAuth middleware requires a request to have a valid record Authorization header. + * + * The auth record could be from any collection. + * You can further filter the allowed record auth collections by specifying their names. + * + * Example: + * + * ``` + * apis.RequireAuth() // any auth collection + * apis.RequireAuth("_superusers", "users") // only the listed auth collections + * ``` + */ + (...optCollectionNames: string[]): (hook.Handler) + } + interface requireSuperuserAuth { + /** + * RequireSuperuserAuth middleware requires a request to have + * a valid superuser Authorization header. + */ + (): (hook.Handler) + } + interface requireSuperuserOrOwnerAuth { + /** + * RequireSuperuserOrOwnerAuth middleware requires a request to have + * a valid superuser or regular record owner Authorization header set. + * + * This middleware is similar to [apis.RequireAuth()] but + * for the auth record token expects to have the same id as the path + * parameter ownerIdPathParam (default to "id" if empty). + */ + (ownerIdPathParam: string): (hook.Handler) + } + interface requireSameCollectionContextAuth { + /** + * RequireSameCollectionContextAuth middleware requires a request to have + * a valid record Authorization header and the auth record's collection to + * match the one from the route path parameter (default to "collection" if collectionParam is empty). + */ + (collectionPathParam: string): (hook.Handler) + } + interface skipSuccessActivityLog { + /** + * SkipSuccessActivityLog is a helper middleware that instructs the global + * activity logger to log only requests that have failed/returned an error. + */ + (): (hook.Handler) + } + interface bodyLimit { + /** + * BodyLimit returns a middleware handler that changes the default request body size limit. + * + * If limitBytes <= 0, no limit is applied. + * + * Otherwise, if the request body size exceeds the configured limitBytes, + * it sends 413 error response. + */ + (limitBytes: number): (hook.Handler) + } + type _svzUclG = io.ReadCloser + interface limitedReader extends _svzUclG { + } + interface limitedReader { + read(b: string|Array): number + } + interface limitedReader { + reread(): void + } + /** + * CORSConfig defines the config for CORS middleware. + */ + interface CORSConfig { + /** + * AllowOrigins determines the value of the Access-Control-Allow-Origin + * response header. This header defines a list of origins that may access the + * resource. The wildcard characters '*' and '?' are supported and are + * converted to regex fragments '.*' and '.' accordingly. + * + * Security: use extreme caution when handling the origin, and carefully + * validate any logic. Remember that attackers may register hostile domain names. + * See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + * + * Optional. Default value []string{"*"}. + * + * See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin + */ + allowOrigins: Array + /** + * AllowOriginFunc is a custom function to validate the origin. It takes the + * origin as an argument and returns true if allowed or false otherwise. If + * an error is returned, it is returned by the handler. If this option is + * set, AllowOrigins is ignored. + * + * Security: use extreme caution when handling the origin, and carefully + * validate any logic. Remember that attackers may register hostile domain names. + * See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + * + * Optional. + */ + allowOriginFunc: (origin: string) => boolean + /** + * AllowMethods determines the value of the Access-Control-Allow-Methods + * response header. This header specified the list of methods allowed when + * accessing the resource. This is used in response to a preflight request. + * + * Optional. Default value DefaultCORSConfig.AllowMethods. + * + * See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods + */ + allowMethods: Array + /** + * AllowHeaders determines the value of the Access-Control-Allow-Headers + * response header. This header is used in response to a preflight request to + * indicate which HTTP headers can be used when making the actual request. + * + * Optional. Default value []string{}. + * + * See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers + */ + allowHeaders: Array + /** + * AllowCredentials determines the value of the + * Access-Control-Allow-Credentials response header. This header indicates + * whether or not the response to the request can be exposed when the + * credentials mode (Request.credentials) is true. When used as part of a + * response to a preflight request, this indicates whether or not the actual + * request can be made using credentials. See also + * [MDN: Access-Control-Allow-Credentials]. + * + * Optional. Default value false, in which case the header is not set. + * + * Security: avoid using `AllowCredentials = true` with `AllowOrigins = *`. + * See "Exploiting CORS misconfigurations for Bitcoins and bounties", + * https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + * + * See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials + */ + allowCredentials: boolean + /** + * UnsafeWildcardOriginWithAllowCredentials UNSAFE/INSECURE: allows wildcard '*' origin to be used with AllowCredentials + * flag. In that case we consider any origin allowed and send it back to the client with `Access-Control-Allow-Origin` header. + * + * This is INSECURE and potentially leads to [cross-origin](https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties) + * attacks. See: https://github.com/labstack/echo/issues/2400 for discussion on the subject. + * + * Optional. Default value is false. + */ + unsafeWildcardOriginWithAllowCredentials: boolean + /** + * ExposeHeaders determines the value of Access-Control-Expose-Headers, which + * defines a list of headers that clients are allowed to access. + * + * Optional. Default value []string{}, in which case the header is not set. + * + * See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Header + */ + exposeHeaders: Array + /** + * MaxAge determines the value of the Access-Control-Max-Age response header. + * This header indicates how long (in seconds) the results of a preflight + * request can be cached. + * The header is set only if MaxAge != 0, negative value sends "0" which instructs browsers not to cache that response. + * + * Optional. Default value 0 - meaning header is not sent. + * + * See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age + */ + maxAge: number + } + interface cors { + /** + * CORS returns a CORS middleware. + */ + (config: CORSConfig): (hook.Handler) + } + /** + * GzipConfig defines the config for Gzip middleware. + */ + interface GzipConfig { + /** + * Gzip compression level. + * Optional. Default value -1. + */ + level: number + /** + * Length threshold before gzip compression is applied. + * Optional. Default value 0. + * + * Most of the time you will not need to change the default. Compressing + * a short response might increase the transmitted data because of the + * gzip format overhead. Compressing the response will also consume CPU + * and time on the server and the client (for decompressing). Depending on + * your use case such a threshold might be useful. + * + * See also: + * https://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits + */ + minLength: number + } + interface gzip { + /** + * Gzip returns a middleware which compresses HTTP response using Gzip compression scheme. + */ + (): (hook.Handler) + } + interface gzipWithConfig { + /** + * GzipWithConfig returns a middleware which compresses HTTP response using gzip compression scheme. + */ + (config: GzipConfig): (hook.Handler) + } + type _sGCwxMx = http.ResponseWriter&io.Writer + interface gzipResponseWriter extends _sGCwxMx { + } + interface gzipResponseWriter { + writeHeader(code: number): void + } + interface gzipResponseWriter { + write(b: string|Array): number + } + interface gzipResponseWriter { + flush(): void + } + interface gzipResponseWriter { + hijack(): [net.Conn, (bufio.ReadWriter)] + } + interface gzipResponseWriter { + push(target: string, opts: http.PushOptions): void + } + interface gzipResponseWriter { + unwrap(): http.ResponseWriter + } + type _sXBRDsb = sync.RWMutex + interface rateLimiter extends _sXBRDsb { + } + type _sxuiJKx = sync.Mutex + interface fixedWindow extends _sxuiJKx { + } + interface realtimeSubscribeForm { + clientId: string + subscriptions: Array + } + /** + * recordData represents the broadcasted record subscrition message data. + */ + interface recordData { + record: any // map or core.Record + action: string + } + interface EmailChangeConfirmForm { + token: string + password: string + } + interface emailChangeRequestForm { + newEmail: string + } + interface impersonateForm { + /** + * Duration is the optional custom token duration in seconds. + */ + duration: number + } + interface otpResponse { + enabled: boolean + duration: number // in seconds + } + interface mfaResponse { + enabled: boolean + duration: number // in seconds + } + interface passwordResponse { + identityFields: Array + enabled: boolean + } + interface oauth2Response { + providers: Array + enabled: boolean + } + interface providerInfo { + name: string + displayName: string + state: string + authURL: string + /** + * @todo + * deprecated: use AuthURL instead + * AuthUrl will be removed after dropping v0.22 support + */ + authUrl: string + /** + * technically could be omitted if the provider doesn't support PKCE, + * but to avoid breaking existing typed clients we'll return them as empty string + */ + codeVerifier: string + codeChallenge: string + codeChallengeMethod: string + } + interface authMethodsResponse { + password: passwordResponse + oauth2: oauth2Response + mfa: mfaResponse + otp: otpResponse + /** + * legacy fields + * @todo remove after dropping v0.22 support + */ + authProviders: Array + usernamePassword: boolean + emailPassword: boolean + } + interface createOTPForm { + email: string + } + interface recordConfirmPasswordResetForm { + token: string + password: string + passwordConfirm: string + } + interface recordRequestPasswordResetForm { + email: string + } + interface recordConfirmVerificationForm { + token: string + } + interface recordRequestVerificationForm { + email: string + } + interface recordOAuth2LoginForm { + /** + * Additional data that will be used for creating a new auth record + * if an existing OAuth2 account doesn't exist. + */ + createData: _TygojaDict + /** + * The name of the OAuth2 client provider (eg. "google") + */ + provider: string + /** + * The authorization code returned from the initial request. + */ + code: string + /** + * The optional PKCE code verifier as part of the code_challenge sent with the initial request. + */ + codeVerifier: string + /** + * The redirect url sent with the initial request. + */ + redirectURL: string + /** + * @todo + * deprecated: use RedirectURL instead + * RedirectUrl will be removed after dropping v0.22 support + */ + redirectUrl: string + } + interface oauth2RedirectData { + state: string + code: string + error: string + } + interface authWithOTPForm { + otpId: string + password: string + } + interface authWithPasswordForm { + identity: string + password: string + /** + * IdentityField specifies the field to use to search for the identity + * (leave it empty for "auto" detection). + */ + identityField: string + } + // @ts-ignore + import cryptoRand = rand + interface recordAuthResponse { + /** + * RecordAuthResponse writes standardized json record auth response + * into the specified request context. + * + * The authMethod argument specify the name of the current authentication method (eg. password, oauth2, etc.) + * that it is used primarily as an auth identifier during MFA and for login alerts. + * + * Set authMethod to empty string if you want to ignore the MFA checks and the login alerts + * (can be also adjusted additionally via the OnRecordAuthRequest hook). + */ + (e: core.RequestEvent, authRecord: core.Record, authMethod: string, meta: any): void + } + interface enrichRecord { + /** + * EnrichRecord parses the request context and enrich the provided record: + * ``` + * - expands relations (if defaultExpands and/or ?expand query param is set) + * - ensures that the emails of the auth record and its expanded auth relations + * are visible only for the current logged superuser, record owner or record with manage access + * ``` + */ + (e: core.RequestEvent, record: core.Record, ...defaultExpands: string[]): void + } + interface enrichRecords { + /** + * EnrichRecords parses the request context and enriches the provided records: + * ``` + * - expands relations (if defaultExpands and/or ?expand query param is set) + * - ensures that the emails of the auth records and their expanded auth relations + * are visible only for the current logged superuser, record owner or record with manage access + * ``` + * + * Note: Expects all records to be from the same collection! + */ + (e: core.RequestEvent, records: Array<(core.Record | undefined)>, ...defaultExpands: string[]): void + } + interface iterator { + } + /** + * ServeConfig defines a configuration struct for apis.Serve(). + */ + interface ServeConfig { + /** + * ShowStartBanner indicates whether to show or hide the server start console message. + */ + showStartBanner: boolean + /** + * HttpAddr is the TCP address to listen for the HTTP server (eg. "127.0.0.1:80"). + */ + httpAddr: string + /** + * HttpsAddr is the TCP address to listen for the HTTPS server (eg. "127.0.0.1:443"). + */ + httpsAddr: string + /** + * Optional domains list to use when issuing the TLS certificate. + * + * If not set, the host from the bound server address will be used. + * + * For convenience, for each "non-www" domain a "www" entry and + * redirect will be automatically added. + */ + certificateDomains: Array + /** + * AllowedOrigins is an optional list of CORS origins (default to "*"). + */ + allowedOrigins: Array + } + interface serve { + /** + * Serve starts a new app web server. + * + * NB! The app should be bootstrapped before starting the web server. + * + * Example: + * + * ``` + * app.Bootstrap() + * apis.Serve(app, apis.ServeConfig{ + * HttpAddr: "127.0.0.1:8080", + * ShowStartBanner: false, + * }) + * ``` + */ + (app: CoreApp, config: ServeConfig): void + } + interface serverErrorLogWriter { + } + interface serverErrorLogWriter { + write(p: string|Array): number + } +} + +namespace pocketbase { + /** + * PocketBase defines a PocketBase app launcher. + * + * It implements [CoreApp] via embedding and all of the app interface methods + * could be accessed directly through the instance (eg. PocketBase.DataDir()). + */ + type _sQnaLxt = CoreApp + interface PocketBase extends _sQnaLxt { + /** + * RootCmd is the main console command + */ + rootCmd?: cobra.Command + } + /** + * Config is the PocketBase initialization config struct. + */ + interface Config { + /** + * hide the default console server info on app startup + */ + hideStartBanner: boolean + /** + * optional default values for the console flags + */ + defaultDev: boolean + defaultDataDir: string // if not set, it will fallback to "./pb_data" + defaultEncryptionEnv: string + defaultQueryTimeout: time.Duration // default to core.DefaultQueryTimeout (in seconds) + /** + * optional DB configurations + */ + dataMaxOpenConns: number // default to core.DefaultDataMaxOpenConns + dataMaxIdleConns: number // default to core.DefaultDataMaxIdleConns + auxMaxOpenConns: number // default to core.DefaultAuxMaxOpenConns + auxMaxIdleConns: number // default to core.DefaultAuxMaxIdleConns + dbConnect: core.DBConnectFunc // default to core.dbConnect + } + interface _new { + /** + * New creates a new PocketBase instance with the default configuration. + * Use [NewWithConfig] if you want to provide a custom configuration. + * + * Note that the application will not be initialized/bootstrapped yet, + * aka. DB connections, migrations, app settings, etc. will not be accessible. + * Everything will be initialized when [PocketBase.Start] is executed. + * If you want to initialize the application before calling [PocketBase.Start], + * then you'll have to manually call [PocketBase.Bootstrap]. + */ + (): (PocketBase) + } + interface newWithConfig { + /** + * NewWithConfig creates a new PocketBase instance with the provided config. + * + * Note that the application will not be initialized/bootstrapped yet, + * aka. DB connections, migrations, app settings, etc. will not be accessible. + * Everything will be initialized when [PocketBase.Start] is executed. + * If you want to initialize the application before calling [PocketBase.Start], + * then you'll have to manually call [PocketBase.Bootstrap]. + */ + (config: Config): (PocketBase) + } + interface PocketBase { + /** + * Start starts the application, aka. registers the default system + * commands (serve, superuser, version) and executes pb.RootCmd. + */ + start(): void + } + interface PocketBase { + /** + * Execute initializes the application (if not already) and executes + * the pb.RootCmd with graceful shutdown support. + * + * This method differs from pb.Start() by not registering the default + * system commands! + */ + execute(): void + } + /** + * coloredWriter is a small wrapper struct to construct a [color.Color] writter. + */ + interface coloredWriter { + } + interface coloredWriter { + /** + * Write writes the p bytes using the colored writer. + */ + write(p: string|Array): number + } +} + +/** + * Package template is a thin wrapper around the standard html/template + * and text/template packages that implements a convenient registry to + * load and cache templates on the fly concurrently. + * + * It was created to assist the JSVM plugin HTML rendering, but could be used in other Go code. + * + * Example: + * + * ``` + * registry := template.NewRegistry() + * + * html1, err := registry.LoadFiles( + * // the files set wil be parsed only once and then cached + * "layout.html", + * "content.html", + * ).Render(map[string]any{"name": "John"}) + * + * html2, err := registry.LoadFiles( + * // reuse the already parsed and cached files set + * "layout.html", + * "content.html", + * ).Render(map[string]any{"name": "Jane"}) + * ``` + */ +namespace template { + interface newRegistry { + /** + * NewRegistry creates and initializes a new templates registry with + * some defaults (eg. global "raw" template function for unescaped HTML). + * + * Use the Registry.Load* methods to load templates into the registry. + */ + (): (Registry) + } + /** + * Registry defines a templates registry that is safe to be used by multiple goroutines. + * + * Use the Registry.Load* methods to load templates into the registry. + */ + interface Registry { + } + interface Registry { + /** + * AddFuncs registers new global template functions. + * + * The key of each map entry is the function name that will be used in the templates. + * If a function with the map entry name already exists it will be replaced with the new one. + * + * The value of each map entry is a function that must have either a + * single return value, or two return values of which the second has type error. + * + * Example: + * + * ``` + * r.AddFuncs(map[string]any{ + * "toUpper": func(str string) string { + * return strings.ToUppser(str) + * }, + * ... + * }) + * ``` + */ + addFuncs(funcs: _TygojaDict): (Registry) + } + interface Registry { + /** + * LoadFiles caches (if not already) the specified filenames set as a + * single template and returns a ready to use Renderer instance. + * + * There must be at least 1 filename specified. + */ + loadFiles(...filenames: string[]): (Renderer) + } + interface Registry { + /** + * LoadString caches (if not already) the specified inline string as a + * single template and returns a ready to use Renderer instance. + */ + loadString(text: string): (Renderer) + } + interface Registry { + /** + * LoadFS caches (if not already) the specified fs and globPatterns + * pair as single template and returns a ready to use Renderer instance. + * + * There must be at least 1 file matching the provided globPattern(s) + * (note that most file names serves as glob patterns matching themselves). + */ + loadFS(fsys: fs.FS, ...globPatterns: string[]): (Renderer) + } + /** + * Renderer defines a single parsed template. + */ + interface Renderer { + } + interface Renderer { + /** + * Render executes the template with the specified data as the dot object + * and returns the result as plain string. + */ + render(data: any): string + } +} + +/** + * Package sync provides basic synchronization primitives such as mutual + * exclusion locks. Other than the [Once] and [WaitGroup] types, most are intended + * for use by low-level library routines. Higher-level synchronization is + * better done via channels and communication. + * + * Values containing the types defined in this package should not be copied. + */ +namespace sync { + /** + * A Mutex is a mutual exclusion lock. + * The zero value for a Mutex is an unlocked mutex. + * + * A Mutex must not be copied after first use. + * + * In the terminology of [the Go memory model], + * the n'th call to [Mutex.Unlock] “synchronizes before” the m'th call to [Mutex.Lock] + * for any n < m. + * A successful call to [Mutex.TryLock] is equivalent to a call to Lock. + * A failed call to TryLock does not establish any “synchronizes before” + * relation at all. + * + * [the Go memory model]: https://go.dev/ref/mem + */ + interface Mutex { + } + interface Mutex { + /** + * Lock locks m. + * If the lock is already in use, the calling goroutine + * blocks until the mutex is available. + */ + lock(): void + } + interface Mutex { + /** + * TryLock tries to lock m and reports whether it succeeded. + * + * Note that while correct uses of TryLock do exist, they are rare, + * and use of TryLock is often a sign of a deeper problem + * in a particular use of mutexes. + */ + tryLock(): boolean + } + interface Mutex { + /** + * Unlock unlocks m. + * It is a run-time error if m is not locked on entry to Unlock. + * + * A locked [Mutex] is not associated with a particular goroutine. + * It is allowed for one goroutine to lock a Mutex and then + * arrange for another goroutine to unlock it. + */ + unlock(): void + } + /** + * A RWMutex is a reader/writer mutual exclusion lock. + * The lock can be held by an arbitrary number of readers or a single writer. + * The zero value for a RWMutex is an unlocked mutex. + * + * A RWMutex must not be copied after first use. + * + * If any goroutine calls [RWMutex.Lock] while the lock is already held by + * one or more readers, concurrent calls to [RWMutex.RLock] will block until + * the writer has acquired (and released) the lock, to ensure that + * the lock eventually becomes available to the writer. + * Note that this prohibits recursive read-locking. + * + * In the terminology of [the Go memory model], + * the n'th call to [RWMutex.Unlock] “synchronizes before” the m'th call to Lock + * for any n < m, just as for [Mutex]. + * For any call to RLock, there exists an n such that + * the n'th call to Unlock “synchronizes before” that call to RLock, + * and the corresponding call to [RWMutex.RUnlock] “synchronizes before” + * the n+1'th call to Lock. + * + * [the Go memory model]: https://go.dev/ref/mem + */ + interface RWMutex { + } + interface RWMutex { + /** + * RLock locks rw for reading. + * + * It should not be used for recursive read locking; a blocked Lock + * call excludes new readers from acquiring the lock. See the + * documentation on the [RWMutex] type. + */ + rLock(): void + } + interface RWMutex { + /** + * TryRLock tries to lock rw for reading and reports whether it succeeded. + * + * Note that while correct uses of TryRLock do exist, they are rare, + * and use of TryRLock is often a sign of a deeper problem + * in a particular use of mutexes. + */ + tryRLock(): boolean + } + interface RWMutex { + /** + * RUnlock undoes a single [RWMutex.RLock] call; + * it does not affect other simultaneous readers. + * It is a run-time error if rw is not locked for reading + * on entry to RUnlock. + */ + rUnlock(): void + } + interface RWMutex { + /** + * Lock locks rw for writing. + * If the lock is already locked for reading or writing, + * Lock blocks until the lock is available. + */ + lock(): void + } + interface RWMutex { + /** + * TryLock tries to lock rw for writing and reports whether it succeeded. + * + * Note that while correct uses of TryLock do exist, they are rare, + * and use of TryLock is often a sign of a deeper problem + * in a particular use of mutexes. + */ + tryLock(): boolean + } + interface RWMutex { + /** + * Unlock unlocks rw for writing. It is a run-time error if rw is + * not locked for writing on entry to Unlock. + * + * As with Mutexes, a locked [RWMutex] is not associated with a particular + * goroutine. One goroutine may [RWMutex.RLock] ([RWMutex.Lock]) a RWMutex and then + * arrange for another goroutine to [RWMutex.RUnlock] ([RWMutex.Unlock]) it. + */ + unlock(): void + } + interface RWMutex { + /** + * RLocker returns a [Locker] interface that implements + * the [Locker.Lock] and [Locker.Unlock] methods by calling rw.RLock and rw.RUnlock. + */ + rLocker(): Locker + } +} + +/** + * Package io provides basic interfaces to I/O primitives. + * Its primary job is to wrap existing implementations of such primitives, + * such as those in package os, into shared public interfaces that + * abstract the functionality, plus some other related primitives. + * + * Because these interfaces and primitives wrap lower-level operations with + * various implementations, unless otherwise informed clients should not + * assume they are safe for parallel execution. + */ +namespace io { + /** + * Reader is the interface that wraps the basic Read method. + * + * Read reads up to len(p) bytes into p. It returns the number of bytes + * read (0 <= n <= len(p)) and any error encountered. Even if Read + * returns n < len(p), it may use all of p as scratch space during the call. + * If some data is available but not len(p) bytes, Read conventionally + * returns what is available instead of waiting for more. + * + * When Read encounters an error or end-of-file condition after + * successfully reading n > 0 bytes, it returns the number of + * bytes read. It may return the (non-nil) error from the same call + * or return the error (and n == 0) from a subsequent call. + * An instance of this general case is that a Reader returning + * a non-zero number of bytes at the end of the input stream may + * return either err == EOF or err == nil. The next Read should + * return 0, EOF. + * + * Callers should always process the n > 0 bytes returned before + * considering the error err. Doing so correctly handles I/O errors + * that happen after reading some bytes and also both of the + * allowed EOF behaviors. + * + * If len(p) == 0, Read should always return n == 0. It may return a + * non-nil error if some error condition is known, such as EOF. + * + * Implementations of Read are discouraged from returning a + * zero byte count with a nil error, except when len(p) == 0. + * Callers should treat a return of 0 and nil as indicating that + * nothing happened; in particular it does not indicate EOF. + * + * Implementations must not retain p. + */ + interface Reader { + [key:string]: any; + read(p: string|Array): number + } + /** + * Writer is the interface that wraps the basic Write method. + * + * Write writes len(p) bytes from p to the underlying data stream. + * It returns the number of bytes written from p (0 <= n <= len(p)) + * and any error encountered that caused the write to stop early. + * Write must return a non-nil error if it returns n < len(p). + * Write must not modify the slice data, even temporarily. + * + * Implementations must not retain p. + */ + interface Writer { + [key:string]: any; + write(p: string|Array): number + } + /** + * ReadCloser is the interface that groups the basic Read and Close methods. + */ + interface ReadCloser { + [key:string]: any; + } + /** + * ReadSeekCloser is the interface that groups the basic Read, Seek and Close + * methods. + */ + interface ReadSeekCloser { + [key:string]: any; + } +} + +/** + * Package bytes implements functions for the manipulation of byte slices. + * It is analogous to the facilities of the [strings] package. + */ +namespace bytes { + /** + * A Reader implements the [io.Reader], [io.ReaderAt], [io.WriterTo], [io.Seeker], + * [io.ByteScanner], and [io.RuneScanner] interfaces by reading from + * a byte slice. + * Unlike a [Buffer], a Reader is read-only and supports seeking. + * The zero value for Reader operates like a Reader of an empty slice. + */ + interface Reader { + } + interface Reader { + /** + * Len returns the number of bytes of the unread portion of the + * slice. + */ + len(): number + } + interface Reader { + /** + * Size returns the original length of the underlying byte slice. + * Size is the number of bytes available for reading via [Reader.ReadAt]. + * The result is unaffected by any method calls except [Reader.Reset]. + */ + size(): number + } + interface Reader { + /** + * Read implements the [io.Reader] interface. + */ + read(b: string|Array): number + } + interface Reader { + /** + * ReadAt implements the [io.ReaderAt] interface. + */ + readAt(b: string|Array, off: number): number + } + interface Reader { + /** + * ReadByte implements the [io.ByteReader] interface. + */ + readByte(): number + } + interface Reader { + /** + * UnreadByte complements [Reader.ReadByte] in implementing the [io.ByteScanner] interface. + */ + unreadByte(): void + } + interface Reader { + /** + * ReadRune implements the [io.RuneReader] interface. + */ + readRune(): [number, number] + } + interface Reader { + /** + * UnreadRune complements [Reader.ReadRune] in implementing the [io.RuneScanner] interface. + */ + unreadRune(): void + } + interface Reader { + /** + * Seek implements the [io.Seeker] interface. + */ + seek(offset: number, whence: number): number + } + interface Reader { + /** + * WriteTo implements the [io.WriterTo] interface. + */ + writeTo(w: io.Writer): number + } + interface Reader { + /** + * Reset resets the [Reader] to be reading from b. + */ + reset(b: string|Array): void + } +} + +/** + * Package syscall contains an interface to the low-level operating system + * primitives. The details vary depending on the underlying system, and + * by default, godoc will display the syscall documentation for the current + * system. If you want godoc to display syscall documentation for another + * system, set $GOOS and $GOARCH to the desired system. For example, if + * you want to view documentation for freebsd/arm on linux/amd64, set $GOOS + * to freebsd and $GOARCH to arm. + * The primary use of syscall is inside other packages that provide a more + * portable interface to the system, such as "os", "time" and "net". Use + * those packages rather than this one if you can. + * For details of the functions and data types in this package consult + * the manuals for the appropriate operating system. + * These calls return err == nil to indicate success; otherwise + * err is an operating system error describing the failure. + * On most systems, that error has type [Errno]. + * + * NOTE: Most of the functions, types, and constants defined in + * this package are also available in the [golang.org/x/sys] package. + * That package has more system call support than this one, + * and most new code should prefer that package where possible. + * See https://golang.org/s/go1.4-syscall for more information. + */ +namespace syscall { + interface SysProcAttr { + chroot: string // Chroot. + credential?: Credential // Credential. + /** + * Ptrace tells the child to call ptrace(PTRACE_TRACEME). + * Call runtime.LockOSThread before starting a process with this set, + * and don't call UnlockOSThread until done with PtraceSyscall calls. + */ + ptrace: boolean + setsid: boolean // Create session. + /** + * Setpgid sets the process group ID of the child to Pgid, + * or, if Pgid == 0, to the new child's process ID. + */ + setpgid: boolean + /** + * Setctty sets the controlling terminal of the child to + * file descriptor Ctty. Ctty must be a descriptor number + * in the child process: an index into ProcAttr.Files. + * This is only meaningful if Setsid is true. + */ + setctty: boolean + noctty: boolean // Detach fd 0 from controlling terminal. + ctty: number // Controlling TTY fd. + /** + * Foreground places the child process group in the foreground. + * This implies Setpgid. The Ctty field must be set to + * the descriptor of the controlling TTY. + * Unlike Setctty, in this case Ctty must be a descriptor + * number in the parent process. + */ + foreground: boolean + pgid: number // Child's process group ID if Setpgid. + /** + * Pdeathsig, if non-zero, is a signal that the kernel will send to + * the child process when the creating thread dies. Note that the signal + * is sent on thread termination, which may happen before process termination. + * There are more details at https://go.dev/issue/27505. + */ + pdeathsig: Signal + cloneflags: number // Flags for clone calls. + unshareflags: number // Flags for unshare calls. + uidMappings: Array // User ID mappings for user namespaces. + gidMappings: Array // Group ID mappings for user namespaces. + /** + * GidMappingsEnableSetgroups enabling setgroups syscall. + * If false, then setgroups syscall will be disabled for the child process. + * This parameter is no-op if GidMappings == nil. Otherwise for unprivileged + * users this should be set to false for mappings work. + */ + gidMappingsEnableSetgroups: boolean + ambientCaps: Array // Ambient capabilities. + useCgroupFD: boolean // Whether to make use of the CgroupFD field. + cgroupFD: number // File descriptor of a cgroup to put the new process into. + /** + * PidFD, if not nil, is used to store the pidfd of a child, if the + * functionality is supported by the kernel, or -1. Note *PidFD is + * changed only if the process starts successfully. + */ + pidFD?: number + } + // @ts-ignore + import errorspkg = errors + /** + * A RawConn is a raw network connection. + */ + interface RawConn { + [key:string]: any; + /** + * Control invokes f on the underlying connection's file + * descriptor or handle. + * The file descriptor fd is guaranteed to remain valid while + * f executes but not after f returns. + */ + control(f: (fd: number) => void): void + /** + * Read invokes f on the underlying connection's file + * descriptor or handle; f is expected to try to read from the + * file descriptor. + * If f returns true, Read returns. Otherwise Read blocks + * waiting for the connection to be ready for reading and + * tries again repeatedly. + * The file descriptor is guaranteed to remain valid while f + * executes but not after f returns. + */ + read(f: (fd: number) => boolean): void + /** + * Write is like Read but for writing. + */ + write(f: (fd: number) => boolean): void + } + // @ts-ignore + import runtimesyscall = syscall + /** + * An Errno is an unsigned number describing an error condition. + * It implements the error interface. The zero Errno is by convention + * a non-error, so code to convert from Errno to error should use: + * + * ``` + * err = nil + * if errno != 0 { + * err = errno + * } + * ``` + * + * Errno values can be tested against error values using [errors.Is]. + * For example: + * + * ``` + * _, _, err := syscall.Syscall(...) + * if errors.Is(err, fs.ErrNotExist) ... + * ``` + */ + interface Errno extends Number{} + interface Errno { + error(): string + } + interface Errno { + is(target: Error): boolean + } + interface Errno { + temporary(): boolean + } + interface Errno { + timeout(): boolean + } +} + +/** + * Package time provides functionality for measuring and displaying time. + * + * The calendrical calculations always assume a Gregorian calendar, with + * no leap seconds. + * + * # Monotonic Clocks + * + * Operating systems provide both a “wall clock,” which is subject to + * changes for clock synchronization, and a “monotonic clock,” which is + * not. The general rule is that the wall clock is for telling time and + * the monotonic clock is for measuring time. Rather than split the API, + * in this package the Time returned by [time.Now] contains both a wall + * clock reading and a monotonic clock reading; later time-telling + * operations use the wall clock reading, but later time-measuring + * operations, specifically comparisons and subtractions, use the + * monotonic clock reading. + * + * For example, this code always computes a positive elapsed time of + * approximately 20 milliseconds, even if the wall clock is changed during + * the operation being timed: + * + * ``` + * start := time.Now() + * ... operation that takes 20 milliseconds ... + * t := time.Now() + * elapsed := t.Sub(start) + * ``` + * + * Other idioms, such as [time.Since](start), [time.Until](deadline), and + * time.Now().Before(deadline), are similarly robust against wall clock + * resets. + * + * The rest of this section gives the precise details of how operations + * use monotonic clocks, but understanding those details is not required + * to use this package. + * + * The Time returned by time.Now contains a monotonic clock reading. + * If Time t has a monotonic clock reading, t.Add adds the same duration to + * both the wall clock and monotonic clock readings to compute the result. + * Because t.AddDate(y, m, d), t.Round(d), and t.Truncate(d) are wall time + * computations, they always strip any monotonic clock reading from their results. + * Because t.In, t.Local, and t.UTC are used for their effect on the interpretation + * of the wall time, they also strip any monotonic clock reading from their results. + * The canonical way to strip a monotonic clock reading is to use t = t.Round(0). + * + * If Times t and u both contain monotonic clock readings, the operations + * t.After(u), t.Before(u), t.Equal(u), t.Compare(u), and t.Sub(u) are carried out + * using the monotonic clock readings alone, ignoring the wall clock + * readings. If either t or u contains no monotonic clock reading, these + * operations fall back to using the wall clock readings. + * + * On some systems the monotonic clock will stop if the computer goes to sleep. + * On such a system, t.Sub(u) may not accurately reflect the actual + * time that passed between t and u. The same applies to other functions and + * methods that subtract times, such as [Since], [Until], [Before], [After], + * [Add], [Sub], [Equal] and [Compare]. In some cases, you may need to strip + * the monotonic clock to get accurate results. + * + * Because the monotonic clock reading has no meaning outside + * the current process, the serialized forms generated by t.GobEncode, + * t.MarshalBinary, t.MarshalJSON, and t.MarshalText omit the monotonic + * clock reading, and t.Format provides no format for it. Similarly, the + * constructors [time.Date], [time.Parse], [time.ParseInLocation], and [time.Unix], + * as well as the unmarshalers t.GobDecode, t.UnmarshalBinary. + * t.UnmarshalJSON, and t.UnmarshalText always create times with + * no monotonic clock reading. + * + * The monotonic clock reading exists only in [Time] values. It is not + * a part of [Duration] values or the Unix times returned by t.Unix and + * friends. + * + * Note that the Go == operator compares not just the time instant but + * also the [Location] and the monotonic clock reading. See the + * documentation for the Time type for a discussion of equality + * testing for Time values. + * + * For debugging, the result of t.String does include the monotonic + * clock reading if present. If t != u because of different monotonic clock readings, + * that difference will be visible when printing t.String() and u.String(). + * + * # Timer Resolution + * + * [Timer] resolution varies depending on the Go runtime, the operating system + * and the underlying hardware. + * On Unix, the resolution is ~1ms. + * On Windows version 1803 and newer, the resolution is ~0.5ms. + * On older Windows versions, the default resolution is ~16ms, but + * a higher resolution may be requested using [golang.org/x/sys/windows.TimeBeginPeriod]. + */ +namespace time { + interface Time { + /** + * String returns the time formatted using the format string + * + * ``` + * "2006-01-02 15:04:05.999999999 -0700 MST" + * ``` + * + * If the time has a monotonic clock reading, the returned string + * includes a final field "m=±", where value is the monotonic + * clock reading formatted as a decimal number of seconds. + * + * The returned string is meant for debugging; for a stable serialized + * representation, use t.MarshalText, t.MarshalBinary, or t.Format + * with an explicit format string. + */ + string(): string + } + interface Time { + /** + * GoString implements [fmt.GoStringer] and formats t to be printed in Go source + * code. + */ + goString(): string + } + interface Time { + /** + * Format returns a textual representation of the time value formatted according + * to the layout defined by the argument. See the documentation for the + * constant called [Layout] to see how to represent the layout format. + * + * The executable example for [Time.Format] demonstrates the working + * of the layout string in detail and is a good reference. + */ + format(layout: string): string + } + interface Time { + /** + * AppendFormat is like [Time.Format] but appends the textual + * representation to b and returns the extended buffer. + */ + appendFormat(b: string|Array, layout: string): string|Array + } + /** + * A Time represents an instant in time with nanosecond precision. + * + * Programs using times should typically store and pass them as values, + * not pointers. That is, time variables and struct fields should be of + * type [time.Time], not *time.Time. + * + * A Time value can be used by multiple goroutines simultaneously except + * that the methods [Time.GobDecode], [Time.UnmarshalBinary], [Time.UnmarshalJSON] and + * [Time.UnmarshalText] are not concurrency-safe. + * + * Time instants can be compared using the [Time.Before], [Time.After], and [Time.Equal] methods. + * The [Time.Sub] method subtracts two instants, producing a [Duration]. + * The [Time.Add] method adds a Time and a Duration, producing a Time. + * + * The zero value of type Time is January 1, year 1, 00:00:00.000000000 UTC. + * As this time is unlikely to come up in practice, the [Time.IsZero] method gives + * a simple way of detecting a time that has not been initialized explicitly. + * + * Each time has an associated [Location]. The methods [Time.Local], [Time.UTC], and Time.In return a + * Time with a specific Location. Changing the Location of a Time value with + * these methods does not change the actual instant it represents, only the time + * zone in which to interpret it. + * + * Representations of a Time value saved by the [Time.GobEncode], [Time.MarshalBinary], + * [Time.MarshalJSON], and [Time.MarshalText] methods store the [Time.Location]'s offset, but not + * the location name. They therefore lose information about Daylight Saving Time. + * + * In addition to the required “wall clock” reading, a Time may contain an optional + * reading of the current process's monotonic clock, to provide additional precision + * for comparison or subtraction. + * See the “Monotonic Clocks” section in the package documentation for details. + * + * Note that the Go == operator compares not just the time instant but also the + * Location and the monotonic clock reading. Therefore, Time values should not + * be used as map or database keys without first guaranteeing that the + * identical Location has been set for all values, which can be achieved + * through use of the UTC or Local method, and that the monotonic clock reading + * has been stripped by setting t = t.Round(0). In general, prefer t.Equal(u) + * to t == u, since t.Equal uses the most accurate comparison available and + * correctly handles the case when only one of its arguments has a monotonic + * clock reading. + */ + interface Time { + } + interface Time { + /** + * After reports whether the time instant t is after u. + */ + after(u: Time): boolean + } + interface Time { + /** + * Before reports whether the time instant t is before u. + */ + before(u: Time): boolean + } + interface Time { + /** + * Compare compares the time instant t with u. If t is before u, it returns -1; + * if t is after u, it returns +1; if they're the same, it returns 0. + */ + compare(u: Time): number + } + interface Time { + /** + * Equal reports whether t and u represent the same time instant. + * Two times can be equal even if they are in different locations. + * For example, 6:00 +0200 and 4:00 UTC are Equal. + * See the documentation on the Time type for the pitfalls of using == with + * Time values; most code should use Equal instead. + */ + equal(u: Time): boolean + } + interface Time { + /** + * IsZero reports whether t represents the zero time instant, + * January 1, year 1, 00:00:00 UTC. + */ + isZero(): boolean + } + interface Time { + /** + * Date returns the year, month, and day in which t occurs. + */ + date(): [number, Month, number] + } + interface Time { + /** + * Year returns the year in which t occurs. + */ + year(): number + } + interface Time { + /** + * Month returns the month of the year specified by t. + */ + month(): Month + } + interface Time { + /** + * Day returns the day of the month specified by t. + */ + day(): number + } + interface Time { + /** + * Weekday returns the day of the week specified by t. + */ + weekday(): Weekday + } + interface Time { + /** + * ISOWeek returns the ISO 8601 year and week number in which t occurs. + * Week ranges from 1 to 53. Jan 01 to Jan 03 of year n might belong to + * week 52 or 53 of year n-1, and Dec 29 to Dec 31 might belong to week 1 + * of year n+1. + */ + isoWeek(): [number, number] + } + interface Time { + /** + * Clock returns the hour, minute, and second within the day specified by t. + */ + clock(): [number, number, number] + } + interface Time { + /** + * Hour returns the hour within the day specified by t, in the range [0, 23]. + */ + hour(): number + } + interface Time { + /** + * Minute returns the minute offset within the hour specified by t, in the range [0, 59]. + */ + minute(): number + } + interface Time { + /** + * Second returns the second offset within the minute specified by t, in the range [0, 59]. + */ + second(): number + } + interface Time { + /** + * Nanosecond returns the nanosecond offset within the second specified by t, + * in the range [0, 999999999]. + */ + nanosecond(): number + } + interface Time { + /** + * YearDay returns the day of the year specified by t, in the range [1,365] for non-leap years, + * and [1,366] in leap years. + */ + yearDay(): number + } + /** + * A Duration represents the elapsed time between two instants + * as an int64 nanosecond count. The representation limits the + * largest representable duration to approximately 290 years. + */ + interface Duration extends Number{} + interface Duration { + /** + * String returns a string representing the duration in the form "72h3m0.5s". + * Leading zero units are omitted. As a special case, durations less than one + * second format use a smaller unit (milli-, micro-, or nanoseconds) to ensure + * that the leading digit is non-zero. The zero duration formats as 0s. + */ + string(): string + } + interface Duration { + /** + * Nanoseconds returns the duration as an integer nanosecond count. + */ + nanoseconds(): number + } + interface Duration { + /** + * Microseconds returns the duration as an integer microsecond count. + */ + microseconds(): number + } + interface Duration { + /** + * Milliseconds returns the duration as an integer millisecond count. + */ + milliseconds(): number + } + interface Duration { + /** + * Seconds returns the duration as a floating point number of seconds. + */ + seconds(): number + } + interface Duration { + /** + * Minutes returns the duration as a floating point number of minutes. + */ + minutes(): number + } + interface Duration { + /** + * Hours returns the duration as a floating point number of hours. + */ + hours(): number + } + interface Duration { + /** + * Truncate returns the result of rounding d toward zero to a multiple of m. + * If m <= 0, Truncate returns d unchanged. + */ + truncate(m: Duration): Duration + } + interface Duration { + /** + * Round returns the result of rounding d to the nearest multiple of m. + * The rounding behavior for halfway values is to round away from zero. + * If the result exceeds the maximum (or minimum) + * value that can be stored in a [Duration], + * Round returns the maximum (or minimum) duration. + * If m <= 0, Round returns d unchanged. + */ + round(m: Duration): Duration + } + interface Duration { + /** + * Abs returns the absolute value of d. + * As a special case, [math.MinInt64] is converted to [math.MaxInt64]. + */ + abs(): Duration + } + interface Time { + /** + * Add returns the time t+d. + */ + add(d: Duration): Time + } + interface Time { + /** + * Sub returns the duration t-u. If the result exceeds the maximum (or minimum) + * value that can be stored in a [Duration], the maximum (or minimum) duration + * will be returned. + * To compute t-d for a duration d, use t.Add(-d). + */ + sub(u: Time): Duration + } + interface Time { + /** + * AddDate returns the time corresponding to adding the + * given number of years, months, and days to t. + * For example, AddDate(-1, 2, 3) applied to January 1, 2011 + * returns March 4, 2010. + * + * Note that dates are fundamentally coupled to timezones, and calendrical + * periods like days don't have fixed durations. AddDate uses the Location of + * the Time value to determine these durations. That means that the same + * AddDate arguments can produce a different shift in absolute time depending on + * the base Time value and its Location. For example, AddDate(0, 0, 1) applied + * to 12:00 on March 27 always returns 12:00 on March 28. At some locations and + * in some years this is a 24 hour shift. In others it's a 23 hour shift due to + * daylight savings time transitions. + * + * AddDate normalizes its result in the same way that Date does, + * so, for example, adding one month to October 31 yields + * December 1, the normalized form for November 31. + */ + addDate(years: number, months: number, days: number): Time + } + interface Time { + /** + * UTC returns t with the location set to UTC. + */ + utc(): Time + } + interface Time { + /** + * Local returns t with the location set to local time. + */ + local(): Time + } + interface Time { + /** + * In returns a copy of t representing the same time instant, but + * with the copy's location information set to loc for display + * purposes. + * + * In panics if loc is nil. + */ + in(loc: Location): Time + } + interface Time { + /** + * Location returns the time zone information associated with t. + */ + location(): (Location) + } + interface Time { + /** + * Zone computes the time zone in effect at time t, returning the abbreviated + * name of the zone (such as "CET") and its offset in seconds east of UTC. + */ + zone(): [string, number] + } + interface Time { + /** + * ZoneBounds returns the bounds of the time zone in effect at time t. + * The zone begins at start and the next zone begins at end. + * If the zone begins at the beginning of time, start will be returned as a zero Time. + * If the zone goes on forever, end will be returned as a zero Time. + * The Location of the returned times will be the same as t. + */ + zoneBounds(): [Time, Time] + } + interface Time { + /** + * Unix returns t as a Unix time, the number of seconds elapsed + * since January 1, 1970 UTC. The result does not depend on the + * location associated with t. + * Unix-like operating systems often record time as a 32-bit + * count of seconds, but since the method here returns a 64-bit + * value it is valid for billions of years into the past or future. + */ + unix(): number + } + interface Time { + /** + * UnixMilli returns t as a Unix time, the number of milliseconds elapsed since + * January 1, 1970 UTC. The result is undefined if the Unix time in + * milliseconds cannot be represented by an int64 (a date more than 292 million + * years before or after 1970). The result does not depend on the + * location associated with t. + */ + unixMilli(): number + } + interface Time { + /** + * UnixMicro returns t as a Unix time, the number of microseconds elapsed since + * January 1, 1970 UTC. The result is undefined if the Unix time in + * microseconds cannot be represented by an int64 (a date before year -290307 or + * after year 294246). The result does not depend on the location associated + * with t. + */ + unixMicro(): number + } + interface Time { + /** + * UnixNano returns t as a Unix time, the number of nanoseconds elapsed + * since January 1, 1970 UTC. The result is undefined if the Unix time + * in nanoseconds cannot be represented by an int64 (a date before the year + * 1678 or after 2262). Note that this means the result of calling UnixNano + * on the zero Time is undefined. The result does not depend on the + * location associated with t. + */ + unixNano(): number + } + interface Time { + /** + * MarshalBinary implements the encoding.BinaryMarshaler interface. + */ + marshalBinary(): string|Array + } + interface Time { + /** + * UnmarshalBinary implements the encoding.BinaryUnmarshaler interface. + */ + unmarshalBinary(data: string|Array): void + } + interface Time { + /** + * GobEncode implements the gob.GobEncoder interface. + */ + gobEncode(): string|Array + } + interface Time { + /** + * GobDecode implements the gob.GobDecoder interface. + */ + gobDecode(data: string|Array): void + } + interface Time { + /** + * MarshalJSON implements the [json.Marshaler] interface. + * The time is a quoted string in the RFC 3339 format with sub-second precision. + * If the timestamp cannot be represented as valid RFC 3339 + * (e.g., the year is out of range), then an error is reported. + */ + marshalJSON(): string|Array + } + interface Time { + /** + * UnmarshalJSON implements the [json.Unmarshaler] interface. + * The time must be a quoted string in the RFC 3339 format. + */ + unmarshalJSON(data: string|Array): void + } + interface Time { + /** + * MarshalText implements the [encoding.TextMarshaler] interface. + * The time is formatted in RFC 3339 format with sub-second precision. + * If the timestamp cannot be represented as valid RFC 3339 + * (e.g., the year is out of range), then an error is reported. + */ + marshalText(): string|Array + } + interface Time { + /** + * UnmarshalText implements the [encoding.TextUnmarshaler] interface. + * The time must be in the RFC 3339 format. + */ + unmarshalText(data: string|Array): void + } + interface Time { + /** + * IsDST reports whether the time in the configured location is in Daylight Savings Time. + */ + isDST(): boolean + } + interface Time { + /** + * Truncate returns the result of rounding t down to a multiple of d (since the zero time). + * If d <= 0, Truncate returns t stripped of any monotonic clock reading but otherwise unchanged. + * + * Truncate operates on the time as an absolute duration since the + * zero time; it does not operate on the presentation form of the + * time. Thus, Truncate(Hour) may return a time with a non-zero + * minute, depending on the time's Location. + */ + truncate(d: Duration): Time + } + interface Time { + /** + * Round returns the result of rounding t to the nearest multiple of d (since the zero time). + * The rounding behavior for halfway values is to round up. + * If d <= 0, Round returns t stripped of any monotonic clock reading but otherwise unchanged. + * + * Round operates on the time as an absolute duration since the + * zero time; it does not operate on the presentation form of the + * time. Thus, Round(Hour) may return a time with a non-zero + * minute, depending on the time's Location. + */ + round(d: Duration): Time + } +} + +/** + * Package fs defines basic interfaces to a file system. + * A file system can be provided by the host operating system + * but also by other packages. + * + * See the [testing/fstest] package for support with testing + * implementations of file systems. + */ +namespace fs { + /** + * An FS provides access to a hierarchical file system. + * + * The FS interface is the minimum implementation required of the file system. + * A file system may implement additional interfaces, + * such as [ReadFileFS], to provide additional or optimized functionality. + * + * [testing/fstest.TestFS] may be used to test implementations of an FS for + * correctness. + */ + interface FS { + [key:string]: any; + /** + * Open opens the named file. + * + * When Open returns an error, it should be of type *PathError + * with the Op field set to "open", the Path field set to name, + * and the Err field describing the problem. + * + * Open should reject attempts to open names that do not satisfy + * ValidPath(name), returning a *PathError with Err set to + * ErrInvalid or ErrNotExist. + */ + open(name: string): File + } + /** + * A File provides access to a single file. + * The File interface is the minimum implementation required of the file. + * Directory files should also implement [ReadDirFile]. + * A file may implement [io.ReaderAt] or [io.Seeker] as optimizations. + */ + interface File { + [key:string]: any; + stat(): FileInfo + read(_arg0: string|Array): number + close(): void + } + /** + * A DirEntry is an entry read from a directory + * (using the [ReadDir] function or a [ReadDirFile]'s ReadDir method). + */ + interface DirEntry { + [key:string]: any; + /** + * Name returns the name of the file (or subdirectory) described by the entry. + * This name is only the final element of the path (the base name), not the entire path. + * For example, Name would return "hello.go" not "home/gopher/hello.go". + */ + name(): string + /** + * IsDir reports whether the entry describes a directory. + */ + isDir(): boolean + /** + * Type returns the type bits for the entry. + * The type bits are a subset of the usual FileMode bits, those returned by the FileMode.Type method. + */ + type(): FileMode + /** + * Info returns the FileInfo for the file or subdirectory described by the entry. + * The returned FileInfo may be from the time of the original directory read + * or from the time of the call to Info. If the file has been removed or renamed + * since the directory read, Info may return an error satisfying errors.Is(err, ErrNotExist). + * If the entry denotes a symbolic link, Info reports the information about the link itself, + * not the link's target. + */ + info(): FileInfo + } + /** + * A FileInfo describes a file and is returned by [Stat]. + */ + interface FileInfo { + [key:string]: any; + name(): string // base name of the file + size(): number // length in bytes for regular files; system-dependent for others + mode(): FileMode // file mode bits + modTime(): time.Time // modification time + isDir(): boolean // abbreviation for Mode().IsDir() + sys(): any // underlying data source (can return nil) + } + /** + * A FileMode represents a file's mode and permission bits. + * The bits have the same definition on all systems, so that + * information about files can be moved from one system + * to another portably. Not all bits apply to all systems. + * The only required bit is [ModeDir] for directories. + */ + interface FileMode extends Number{} + interface FileMode { + string(): string + } + interface FileMode { + /** + * IsDir reports whether m describes a directory. + * That is, it tests for the [ModeDir] bit being set in m. + */ + isDir(): boolean + } + interface FileMode { + /** + * IsRegular reports whether m describes a regular file. + * That is, it tests that no mode type bits are set. + */ + isRegular(): boolean + } + interface FileMode { + /** + * Perm returns the Unix permission bits in m (m & [ModePerm]). + */ + perm(): FileMode + } + interface FileMode { + /** + * Type returns type bits in m (m & [ModeType]). + */ + type(): FileMode + } + /** + * PathError records an error and the operation and file path that caused it. + */ + interface PathError { + op: string + path: string + err: Error + } + interface PathError { + error(): string + } + interface PathError { + unwrap(): void + } + interface PathError { + /** + * Timeout reports whether this error represents a timeout. + */ + timeout(): boolean + } + /** + * WalkDirFunc is the type of the function called by [WalkDir] to visit + * each file or directory. + * + * The path argument contains the argument to [WalkDir] as a prefix. + * That is, if WalkDir is called with root argument "dir" and finds a file + * named "a" in that directory, the walk function will be called with + * argument "dir/a". + * + * The d argument is the [DirEntry] for the named path. + * + * The error result returned by the function controls how [WalkDir] + * continues. If the function returns the special value [SkipDir], WalkDir + * skips the current directory (path if d.IsDir() is true, otherwise + * path's parent directory). If the function returns the special value + * [SkipAll], WalkDir skips all remaining files and directories. Otherwise, + * if the function returns a non-nil error, WalkDir stops entirely and + * returns that error. + * + * The err argument reports an error related to path, signaling that + * [WalkDir] will not walk into that directory. The function can decide how + * to handle that error; as described earlier, returning the error will + * cause WalkDir to stop walking the entire tree. + * + * [WalkDir] calls the function with a non-nil err argument in two cases. + * + * First, if the initial [Stat] on the root directory fails, WalkDir + * calls the function with path set to root, d set to nil, and err set to + * the error from [fs.Stat]. + * + * Second, if a directory's ReadDir method (see [ReadDirFile]) fails, WalkDir calls the + * function with path set to the directory's path, d set to an + * [DirEntry] describing the directory, and err set to the error from + * ReadDir. In this second case, the function is called twice with the + * path of the directory: the first call is before the directory read is + * attempted and has err set to nil, giving the function a chance to + * return [SkipDir] or [SkipAll] and avoid the ReadDir entirely. The second call + * is after a failed ReadDir and reports the error from ReadDir. + * (If ReadDir succeeds, there is no second call.) + * + * The differences between WalkDirFunc compared to [path/filepath.WalkFunc] are: + * + * ``` + * - The second argument has type [DirEntry] instead of [FileInfo]. + * - The function is called before reading a directory, to allow [SkipDir] + * or [SkipAll] to bypass the directory read entirely or skip all remaining + * files and directories respectively. + * - If a directory read fails, the function is called a second time + * for that directory to report the error. + * ``` + */ + interface WalkDirFunc {(path: string, d: DirEntry, err: Error): void } +} + +/** + * Package context defines the Context type, which carries deadlines, + * cancellation signals, and other request-scoped values across API boundaries + * and between processes. + * + * Incoming requests to a server should create a [Context], and outgoing + * calls to servers should accept a Context. The chain of function + * calls between them must propagate the Context, optionally replacing + * it with a derived Context created using [WithCancel], [WithDeadline], + * [WithTimeout], or [WithValue]. When a Context is canceled, all + * Contexts derived from it are also canceled. + * + * The [WithCancel], [WithDeadline], and [WithTimeout] functions take a + * Context (the parent) and return a derived Context (the child) and a + * [CancelFunc]. Calling the CancelFunc cancels the child and its + * children, removes the parent's reference to the child, and stops + * any associated timers. Failing to call the CancelFunc leaks the + * child and its children until the parent is canceled or the timer + * fires. The go vet tool checks that CancelFuncs are used on all + * control-flow paths. + * + * The [WithCancelCause] function returns a [CancelCauseFunc], which + * takes an error and records it as the cancellation cause. Calling + * [Cause] on the canceled context or any of its children retrieves + * the cause. If no cause is specified, Cause(ctx) returns the same + * value as ctx.Err(). + * + * Programs that use Contexts should follow these rules to keep interfaces + * consistent across packages and enable static analysis tools to check context + * propagation: + * + * Do not store Contexts inside a struct type; instead, pass a Context + * explicitly to each function that needs it. The Context should be the first + * parameter, typically named ctx: + * + * ``` + * func DoSomething(ctx context.Context, arg Arg) error { + * // ... use ctx ... + * } + * ``` + * + * Do not pass a nil [Context], even if a function permits it. Pass [context.TODO] + * if you are unsure about which Context to use. + * + * Use context Values only for request-scoped data that transits processes and + * APIs, not for passing optional parameters to functions. + * + * The same Context may be passed to functions running in different goroutines; + * Contexts are safe for simultaneous use by multiple goroutines. + * + * See https://blog.golang.org/context for example code for a server that uses + * Contexts. + */ +namespace context { + /** + * A Context carries a deadline, a cancellation signal, and other values across + * API boundaries. + * + * Context's methods may be called by multiple goroutines simultaneously. + */ + interface Context { + [key:string]: any; + /** + * Deadline returns the time when work done on behalf of this context + * should be canceled. Deadline returns ok==false when no deadline is + * set. Successive calls to Deadline return the same results. + */ + deadline(): [time.Time, boolean] + /** + * Done returns a channel that's closed when work done on behalf of this + * context should be canceled. Done may return nil if this context can + * never be canceled. Successive calls to Done return the same value. + * The close of the Done channel may happen asynchronously, + * after the cancel function returns. + * + * WithCancel arranges for Done to be closed when cancel is called; + * WithDeadline arranges for Done to be closed when the deadline + * expires; WithTimeout arranges for Done to be closed when the timeout + * elapses. + * + * Done is provided for use in select statements: + * + * // Stream generates values with DoSomething and sends them to out + * // until DoSomething returns an error or ctx.Done is closed. + * func Stream(ctx context.Context, out chan<- Value) error { + * for { + * v, err := DoSomething(ctx) + * if err != nil { + * return err + * } + * select { + * case <-ctx.Done(): + * return ctx.Err() + * case out <- v: + * } + * } + * } + * + * See https://blog.golang.org/pipelines for more examples of how to use + * a Done channel for cancellation. + */ + done(): undefined + /** + * If Done is not yet closed, Err returns nil. + * If Done is closed, Err returns a non-nil error explaining why: + * Canceled if the context was canceled + * or DeadlineExceeded if the context's deadline passed. + * After Err returns a non-nil error, successive calls to Err return the same error. + */ + err(): void + /** + * Value returns the value associated with this context for key, or nil + * if no value is associated with key. Successive calls to Value with + * the same key returns the same result. + * + * Use context values only for request-scoped data that transits + * processes and API boundaries, not for passing optional parameters to + * functions. + * + * A key identifies a specific value in a Context. Functions that wish + * to store values in Context typically allocate a key in a global + * variable then use that key as the argument to context.WithValue and + * Context.Value. A key can be any type that supports equality; + * packages should define keys as an unexported type to avoid + * collisions. + * + * Packages that define a Context key should provide type-safe accessors + * for the values stored using that key: + * + * ``` + * // Package user defines a User type that's stored in Contexts. + * package user + * + * import "context" + * + * // User is the type of value stored in the Contexts. + * type User struct {...} + * + * // key is an unexported type for keys defined in this package. + * // This prevents collisions with keys defined in other packages. + * type key int + * + * // userKey is the key for user.User values in Contexts. It is + * // unexported; clients use user.NewContext and user.FromContext + * // instead of using this key directly. + * var userKey key + * + * // NewContext returns a new Context that carries value u. + * func NewContext(ctx context.Context, u *User) context.Context { + * return context.WithValue(ctx, userKey, u) + * } + * + * // FromContext returns the User value stored in ctx, if any. + * func FromContext(ctx context.Context) (*User, bool) { + * u, ok := ctx.Value(userKey).(*User) + * return u, ok + * } + * ``` + */ + value(key: any): any + } +} + +/** + * Package sql provides a generic interface around SQL (or SQL-like) + * databases. + * + * The sql package must be used in conjunction with a database driver. + * See https://golang.org/s/sqldrivers for a list of drivers. + * + * Drivers that do not support context cancellation will not return until + * after the query is completed. + * + * For usage examples, see the wiki page at + * https://golang.org/s/sqlwiki. + */ +namespace sql { + /** + * TxOptions holds the transaction options to be used in [DB.BeginTx]. + */ + interface TxOptions { + /** + * Isolation is the transaction isolation level. + * If zero, the driver or database's default level is used. + */ + isolation: IsolationLevel + readOnly: boolean + } + /** + * NullString represents a string that may be null. + * NullString implements the [Scanner] interface so + * it can be used as a scan destination: + * + * ``` + * var s NullString + * err := db.QueryRow("SELECT name FROM foo WHERE id=?", id).Scan(&s) + * ... + * if s.Valid { + * // use s.String + * } else { + * // NULL value + * } + * ``` + */ + interface NullString { + string: string + valid: boolean // Valid is true if String is not NULL + } + interface NullString { + /** + * Scan implements the [Scanner] interface. + */ + scan(value: any): void + } + interface NullString { + /** + * Value implements the [driver.Valuer] interface. + */ + value(): any + } + /** + * DB is a database handle representing a pool of zero or more + * underlying connections. It's safe for concurrent use by multiple + * goroutines. + * + * The sql package creates and frees connections automatically; it + * also maintains a free pool of idle connections. If the database has + * a concept of per-connection state, such state can be reliably observed + * within a transaction ([Tx]) or connection ([Conn]). Once [DB.Begin] is called, the + * returned [Tx] is bound to a single connection. Once [Tx.Commit] or + * [Tx.Rollback] is called on the transaction, that transaction's + * connection is returned to [DB]'s idle connection pool. The pool size + * can be controlled with [DB.SetMaxIdleConns]. + */ + interface DB { + } + interface DB { + /** + * PingContext verifies a connection to the database is still alive, + * establishing a connection if necessary. + */ + pingContext(ctx: context.Context): void + } + interface DB { + /** + * Ping verifies a connection to the database is still alive, + * establishing a connection if necessary. + * + * Ping uses [context.Background] internally; to specify the context, use + * [DB.PingContext]. + */ + ping(): void + } + interface DB { + /** + * Close closes the database and prevents new queries from starting. + * Close then waits for all queries that have started processing on the server + * to finish. + * + * It is rare to Close a [DB], as the [DB] handle is meant to be + * long-lived and shared between many goroutines. + */ + close(): void + } + interface DB { + /** + * SetMaxIdleConns sets the maximum number of connections in the idle + * connection pool. + * + * If MaxOpenConns is greater than 0 but less than the new MaxIdleConns, + * then the new MaxIdleConns will be reduced to match the MaxOpenConns limit. + * + * If n <= 0, no idle connections are retained. + * + * The default max idle connections is currently 2. This may change in + * a future release. + */ + setMaxIdleConns(n: number): void + } + interface DB { + /** + * SetMaxOpenConns sets the maximum number of open connections to the database. + * + * If MaxIdleConns is greater than 0 and the new MaxOpenConns is less than + * MaxIdleConns, then MaxIdleConns will be reduced to match the new + * MaxOpenConns limit. + * + * If n <= 0, then there is no limit on the number of open connections. + * The default is 0 (unlimited). + */ + setMaxOpenConns(n: number): void + } + interface DB { + /** + * SetConnMaxLifetime sets the maximum amount of time a connection may be reused. + * + * Expired connections may be closed lazily before reuse. + * + * If d <= 0, connections are not closed due to a connection's age. + */ + setConnMaxLifetime(d: time.Duration): void + } + interface DB { + /** + * SetConnMaxIdleTime sets the maximum amount of time a connection may be idle. + * + * Expired connections may be closed lazily before reuse. + * + * If d <= 0, connections are not closed due to a connection's idle time. + */ + setConnMaxIdleTime(d: time.Duration): void + } + interface DB { + /** + * Stats returns database statistics. + */ + stats(): DBStats + } + interface DB { + /** + * PrepareContext creates a prepared statement for later queries or executions. + * Multiple queries or executions may be run concurrently from the + * returned statement. + * The caller must call the statement's [*Stmt.Close] method + * when the statement is no longer needed. + * + * The provided context is used for the preparation of the statement, not for the + * execution of the statement. + */ + prepareContext(ctx: context.Context, query: string): (Stmt) + } + interface DB { + /** + * Prepare creates a prepared statement for later queries or executions. + * Multiple queries or executions may be run concurrently from the + * returned statement. + * The caller must call the statement's [*Stmt.Close] method + * when the statement is no longer needed. + * + * Prepare uses [context.Background] internally; to specify the context, use + * [DB.PrepareContext]. + */ + prepare(query: string): (Stmt) + } + interface DB { + /** + * ExecContext executes a query without returning any rows. + * The args are for any placeholder parameters in the query. + */ + execContext(ctx: context.Context, query: string, ...args: any[]): Result + } + interface DB { + /** + * Exec executes a query without returning any rows. + * The args are for any placeholder parameters in the query. + * + * Exec uses [context.Background] internally; to specify the context, use + * [DB.ExecContext]. + */ + exec(query: string, ...args: any[]): Result + } + interface DB { + /** + * QueryContext executes a query that returns rows, typically a SELECT. + * The args are for any placeholder parameters in the query. + */ + queryContext(ctx: context.Context, query: string, ...args: any[]): (Rows) + } + interface DB { + /** + * Query executes a query that returns rows, typically a SELECT. + * The args are for any placeholder parameters in the query. + * + * Query uses [context.Background] internally; to specify the context, use + * [DB.QueryContext]. + */ + query(query: string, ...args: any[]): (Rows) + } + interface DB { + /** + * QueryRowContext executes a query that is expected to return at most one row. + * QueryRowContext always returns a non-nil value. Errors are deferred until + * [Row]'s Scan method is called. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, [*Row.Scan] scans the first selected row and discards + * the rest. + */ + queryRowContext(ctx: context.Context, query: string, ...args: any[]): (Row) + } + interface DB { + /** + * QueryRow executes a query that is expected to return at most one row. + * QueryRow always returns a non-nil value. Errors are deferred until + * [Row]'s Scan method is called. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, [*Row.Scan] scans the first selected row and discards + * the rest. + * + * QueryRow uses [context.Background] internally; to specify the context, use + * [DB.QueryRowContext]. + */ + queryRow(query: string, ...args: any[]): (Row) + } + interface DB { + /** + * BeginTx starts a transaction. + * + * The provided context is used until the transaction is committed or rolled back. + * If the context is canceled, the sql package will roll back + * the transaction. [Tx.Commit] will return an error if the context provided to + * BeginTx is canceled. + * + * The provided [TxOptions] is optional and may be nil if defaults should be used. + * If a non-default isolation level is used that the driver doesn't support, + * an error will be returned. + */ + beginTx(ctx: context.Context, opts: TxOptions): (Tx) + } + interface DB { + /** + * Begin starts a transaction. The default isolation level is dependent on + * the driver. + * + * Begin uses [context.Background] internally; to specify the context, use + * [DB.BeginTx]. + */ + begin(): (Tx) + } + interface DB { + /** + * Driver returns the database's underlying driver. + */ + driver(): any + } + interface DB { + /** + * Conn returns a single connection by either opening a new connection + * or returning an existing connection from the connection pool. Conn will + * block until either a connection is returned or ctx is canceled. + * Queries run on the same Conn will be run in the same database session. + * + * Every Conn must be returned to the database pool after use by + * calling [Conn.Close]. + */ + conn(ctx: context.Context): (Conn) + } + /** + * Tx is an in-progress database transaction. + * + * A transaction must end with a call to [Tx.Commit] or [Tx.Rollback]. + * + * After a call to [Tx.Commit] or [Tx.Rollback], all operations on the + * transaction fail with [ErrTxDone]. + * + * The statements prepared for a transaction by calling + * the transaction's [Tx.Prepare] or [Tx.Stmt] methods are closed + * by the call to [Tx.Commit] or [Tx.Rollback]. + */ + interface Tx { + } + interface Tx { + /** + * Commit commits the transaction. + */ + commit(): void + } + interface Tx { + /** + * Rollback aborts the transaction. + */ + rollback(): void + } + interface Tx { + /** + * PrepareContext creates a prepared statement for use within a transaction. + * + * The returned statement operates within the transaction and will be closed + * when the transaction has been committed or rolled back. + * + * To use an existing prepared statement on this transaction, see [Tx.Stmt]. + * + * The provided context will be used for the preparation of the context, not + * for the execution of the returned statement. The returned statement + * will run in the transaction context. + */ + prepareContext(ctx: context.Context, query: string): (Stmt) + } + interface Tx { + /** + * Prepare creates a prepared statement for use within a transaction. + * + * The returned statement operates within the transaction and will be closed + * when the transaction has been committed or rolled back. + * + * To use an existing prepared statement on this transaction, see [Tx.Stmt]. + * + * Prepare uses [context.Background] internally; to specify the context, use + * [Tx.PrepareContext]. + */ + prepare(query: string): (Stmt) + } + interface Tx { + /** + * StmtContext returns a transaction-specific prepared statement from + * an existing statement. + * + * Example: + * + * ``` + * updateMoney, err := db.Prepare("UPDATE balance SET money=money+? WHERE id=?") + * ... + * tx, err := db.Begin() + * ... + * res, err := tx.StmtContext(ctx, updateMoney).Exec(123.45, 98293203) + * ``` + * + * The provided context is used for the preparation of the statement, not for the + * execution of the statement. + * + * The returned statement operates within the transaction and will be closed + * when the transaction has been committed or rolled back. + */ + stmtContext(ctx: context.Context, stmt: Stmt): (Stmt) + } + interface Tx { + /** + * Stmt returns a transaction-specific prepared statement from + * an existing statement. + * + * Example: + * + * ``` + * updateMoney, err := db.Prepare("UPDATE balance SET money=money+? WHERE id=?") + * ... + * tx, err := db.Begin() + * ... + * res, err := tx.Stmt(updateMoney).Exec(123.45, 98293203) + * ``` + * + * The returned statement operates within the transaction and will be closed + * when the transaction has been committed or rolled back. + * + * Stmt uses [context.Background] internally; to specify the context, use + * [Tx.StmtContext]. + */ + stmt(stmt: Stmt): (Stmt) + } + interface Tx { + /** + * ExecContext executes a query that doesn't return rows. + * For example: an INSERT and UPDATE. + */ + execContext(ctx: context.Context, query: string, ...args: any[]): Result + } + interface Tx { + /** + * Exec executes a query that doesn't return rows. + * For example: an INSERT and UPDATE. + * + * Exec uses [context.Background] internally; to specify the context, use + * [Tx.ExecContext]. + */ + exec(query: string, ...args: any[]): Result + } + interface Tx { + /** + * QueryContext executes a query that returns rows, typically a SELECT. + */ + queryContext(ctx: context.Context, query: string, ...args: any[]): (Rows) + } + interface Tx { + /** + * Query executes a query that returns rows, typically a SELECT. + * + * Query uses [context.Background] internally; to specify the context, use + * [Tx.QueryContext]. + */ + query(query: string, ...args: any[]): (Rows) + } + interface Tx { + /** + * QueryRowContext executes a query that is expected to return at most one row. + * QueryRowContext always returns a non-nil value. Errors are deferred until + * [Row]'s Scan method is called. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, the [*Row.Scan] scans the first selected row and discards + * the rest. + */ + queryRowContext(ctx: context.Context, query: string, ...args: any[]): (Row) + } + interface Tx { + /** + * QueryRow executes a query that is expected to return at most one row. + * QueryRow always returns a non-nil value. Errors are deferred until + * [Row]'s Scan method is called. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, the [*Row.Scan] scans the first selected row and discards + * the rest. + * + * QueryRow uses [context.Background] internally; to specify the context, use + * [Tx.QueryRowContext]. + */ + queryRow(query: string, ...args: any[]): (Row) + } + /** + * Stmt is a prepared statement. + * A Stmt is safe for concurrent use by multiple goroutines. + * + * If a Stmt is prepared on a [Tx] or [Conn], it will be bound to a single + * underlying connection forever. If the [Tx] or [Conn] closes, the Stmt will + * become unusable and all operations will return an error. + * If a Stmt is prepared on a [DB], it will remain usable for the lifetime of the + * [DB]. When the Stmt needs to execute on a new underlying connection, it will + * prepare itself on the new connection automatically. + */ + interface Stmt { + } + interface Stmt { + /** + * ExecContext executes a prepared statement with the given arguments and + * returns a [Result] summarizing the effect of the statement. + */ + execContext(ctx: context.Context, ...args: any[]): Result + } + interface Stmt { + /** + * Exec executes a prepared statement with the given arguments and + * returns a [Result] summarizing the effect of the statement. + * + * Exec uses [context.Background] internally; to specify the context, use + * [Stmt.ExecContext]. + */ + exec(...args: any[]): Result + } + interface Stmt { + /** + * QueryContext executes a prepared query statement with the given arguments + * and returns the query results as a [*Rows]. + */ + queryContext(ctx: context.Context, ...args: any[]): (Rows) + } + interface Stmt { + /** + * Query executes a prepared query statement with the given arguments + * and returns the query results as a *Rows. + * + * Query uses [context.Background] internally; to specify the context, use + * [Stmt.QueryContext]. + */ + query(...args: any[]): (Rows) + } + interface Stmt { + /** + * QueryRowContext executes a prepared query statement with the given arguments. + * If an error occurs during the execution of the statement, that error will + * be returned by a call to Scan on the returned [*Row], which is always non-nil. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, the [*Row.Scan] scans the first selected row and discards + * the rest. + */ + queryRowContext(ctx: context.Context, ...args: any[]): (Row) + } + interface Stmt { + /** + * QueryRow executes a prepared query statement with the given arguments. + * If an error occurs during the execution of the statement, that error will + * be returned by a call to Scan on the returned [*Row], which is always non-nil. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, the [*Row.Scan] scans the first selected row and discards + * the rest. + * + * Example usage: + * + * ``` + * var name string + * err := nameByUseridStmt.QueryRow(id).Scan(&name) + * ``` + * + * QueryRow uses [context.Background] internally; to specify the context, use + * [Stmt.QueryRowContext]. + */ + queryRow(...args: any[]): (Row) + } + interface Stmt { + /** + * Close closes the statement. + */ + close(): void + } + /** + * Rows is the result of a query. Its cursor starts before the first row + * of the result set. Use [Rows.Next] to advance from row to row. + */ + interface Rows { + } + interface Rows { + /** + * Next prepares the next result row for reading with the [Rows.Scan] method. It + * returns true on success, or false if there is no next result row or an error + * happened while preparing it. [Rows.Err] should be consulted to distinguish between + * the two cases. + * + * Every call to [Rows.Scan], even the first one, must be preceded by a call to [Rows.Next]. + */ + next(): boolean + } + interface Rows { + /** + * NextResultSet prepares the next result set for reading. It reports whether + * there is further result sets, or false if there is no further result set + * or if there is an error advancing to it. The [Rows.Err] method should be consulted + * to distinguish between the two cases. + * + * After calling NextResultSet, the [Rows.Next] method should always be called before + * scanning. If there are further result sets they may not have rows in the result + * set. + */ + nextResultSet(): boolean + } + interface Rows { + /** + * Err returns the error, if any, that was encountered during iteration. + * Err may be called after an explicit or implicit [Rows.Close]. + */ + err(): void + } + interface Rows { + /** + * Columns returns the column names. + * Columns returns an error if the rows are closed. + */ + columns(): Array + } + interface Rows { + /** + * ColumnTypes returns column information such as column type, length, + * and nullable. Some information may not be available from some drivers. + */ + columnTypes(): Array<(ColumnType | undefined)> + } + interface Rows { + /** + * Scan copies the columns in the current row into the values pointed + * at by dest. The number of values in dest must be the same as the + * number of columns in [Rows]. + * + * Scan converts columns read from the database into the following + * common Go types and special types provided by the sql package: + * + * ``` + * *string + * *[]byte + * *int, *int8, *int16, *int32, *int64 + * *uint, *uint8, *uint16, *uint32, *uint64 + * *bool + * *float32, *float64 + * *interface{} + * *RawBytes + * *Rows (cursor value) + * any type implementing Scanner (see Scanner docs) + * ``` + * + * In the most simple case, if the type of the value from the source + * column is an integer, bool or string type T and dest is of type *T, + * Scan simply assigns the value through the pointer. + * + * Scan also converts between string and numeric types, as long as no + * information would be lost. While Scan stringifies all numbers + * scanned from numeric database columns into *string, scans into + * numeric types are checked for overflow. For example, a float64 with + * value 300 or a string with value "300" can scan into a uint16, but + * not into a uint8, though float64(255) or "255" can scan into a + * uint8. One exception is that scans of some float64 numbers to + * strings may lose information when stringifying. In general, scan + * floating point columns into *float64. + * + * If a dest argument has type *[]byte, Scan saves in that argument a + * copy of the corresponding data. The copy is owned by the caller and + * can be modified and held indefinitely. The copy can be avoided by + * using an argument of type [*RawBytes] instead; see the documentation + * for [RawBytes] for restrictions on its use. + * + * If an argument has type *interface{}, Scan copies the value + * provided by the underlying driver without conversion. When scanning + * from a source value of type []byte to *interface{}, a copy of the + * slice is made and the caller owns the result. + * + * Source values of type [time.Time] may be scanned into values of type + * *time.Time, *interface{}, *string, or *[]byte. When converting to + * the latter two, [time.RFC3339Nano] is used. + * + * Source values of type bool may be scanned into types *bool, + * *interface{}, *string, *[]byte, or [*RawBytes]. + * + * For scanning into *bool, the source may be true, false, 1, 0, or + * string inputs parseable by [strconv.ParseBool]. + * + * Scan can also convert a cursor returned from a query, such as + * "select cursor(select * from my_table) from dual", into a + * [*Rows] value that can itself be scanned from. The parent + * select query will close any cursor [*Rows] if the parent [*Rows] is closed. + * + * If any of the first arguments implementing [Scanner] returns an error, + * that error will be wrapped in the returned error. + */ + scan(...dest: any[]): void + } + interface Rows { + /** + * Close closes the [Rows], preventing further enumeration. If [Rows.Next] is called + * and returns false and there are no further result sets, + * the [Rows] are closed automatically and it will suffice to check the + * result of [Rows.Err]. Close is idempotent and does not affect the result of [Rows.Err]. + */ + close(): void + } + /** + * A Result summarizes an executed SQL command. + */ + interface Result { + [key:string]: any; + /** + * LastInsertId returns the integer generated by the database + * in response to a command. Typically this will be from an + * "auto increment" column when inserting a new row. Not all + * databases support this feature, and the syntax of such + * statements varies. + */ + lastInsertId(): number + /** + * RowsAffected returns the number of rows affected by an + * update, insert, or delete. Not every database or database + * driver may support this. + */ + rowsAffected(): number + } +} + +/** + * Package syntax parses regular expressions into parse trees and compiles + * parse trees into programs. Most clients of regular expressions will use the + * facilities of package [regexp] (such as [regexp.Compile] and [regexp.Match]) instead of this package. + * + * # Syntax + * + * The regular expression syntax understood by this package when parsing with the [Perl] flag is as follows. + * Parts of the syntax can be disabled by passing alternate flags to [Parse]. + * + * Single characters: + * + * ``` + * . any character, possibly including newline (flag s=true) + * [xyz] character class + * [^xyz] negated character class + * \d Perl character class + * \D negated Perl character class + * [[:alpha:]] ASCII character class + * [[:^alpha:]] negated ASCII character class + * \pN Unicode character class (one-letter name) + * \p{Greek} Unicode character class + * \PN negated Unicode character class (one-letter name) + * \P{Greek} negated Unicode character class + * ``` + * + * Composites: + * + * ``` + * xy x followed by y + * x|y x or y (prefer x) + * ``` + * + * Repetitions: + * + * ``` + * x* zero or more x, prefer more + * x+ one or more x, prefer more + * x? zero or one x, prefer one + * x{n,m} n or n+1 or ... or m x, prefer more + * x{n,} n or more x, prefer more + * x{n} exactly n x + * x*? zero or more x, prefer fewer + * x+? one or more x, prefer fewer + * x?? zero or one x, prefer zero + * x{n,m}? n or n+1 or ... or m x, prefer fewer + * x{n,}? n or more x, prefer fewer + * x{n}? exactly n x + * ``` + * + * Implementation restriction: The counting forms x{n,m}, x{n,}, and x{n} + * reject forms that create a minimum or maximum repetition count above 1000. + * Unlimited repetitions are not subject to this restriction. + * + * Grouping: + * + * ``` + * (re) numbered capturing group (submatch) + * (?Pre) named & numbered capturing group (submatch) + * (?re) named & numbered capturing group (submatch) + * (?:re) non-capturing group + * (?flags) set flags within current group; non-capturing + * (?flags:re) set flags during re; non-capturing + * + * Flag syntax is xyz (set) or -xyz (clear) or xy-z (set xy, clear z). The flags are: + * + * i case-insensitive (default false) + * m multi-line mode: ^ and $ match begin/end line in addition to begin/end text (default false) + * s let . match \n (default false) + * U ungreedy: swap meaning of x* and x*?, x+ and x+?, etc (default false) + * ``` + * + * Empty strings: + * + * ``` + * ^ at beginning of text or line (flag m=true) + * $ at end of text (like \z not \Z) or line (flag m=true) + * \A at beginning of text + * \b at ASCII word boundary (\w on one side and \W, \A, or \z on the other) + * \B not at ASCII word boundary + * \z at end of text + * ``` + * + * Escape sequences: + * + * ``` + * \a bell (== \007) + * \f form feed (== \014) + * \t horizontal tab (== \011) + * \n newline (== \012) + * \r carriage return (== \015) + * \v vertical tab character (== \013) + * \* literal *, for any punctuation character * + * \123 octal character code (up to three digits) + * \x7F hex character code (exactly two digits) + * \x{10FFFF} hex character code + * \Q...\E literal text ... even if ... has punctuation + * ``` + * + * Character class elements: + * + * ``` + * x single character + * A-Z character range (inclusive) + * \d Perl character class + * [:foo:] ASCII character class foo + * \p{Foo} Unicode character class Foo + * \pF Unicode character class F (one-letter name) + * ``` + * + * Named character classes as character class elements: + * + * ``` + * [\d] digits (== \d) + * [^\d] not digits (== \D) + * [\D] not digits (== \D) + * [^\D] not not digits (== \d) + * [[:name:]] named ASCII class inside character class (== [:name:]) + * [^[:name:]] named ASCII class inside negated character class (== [:^name:]) + * [\p{Name}] named Unicode property inside character class (== \p{Name}) + * [^\p{Name}] named Unicode property inside negated character class (== \P{Name}) + * ``` + * + * Perl character classes (all ASCII-only): + * + * ``` + * \d digits (== [0-9]) + * \D not digits (== [^0-9]) + * \s whitespace (== [\t\n\f\r ]) + * \S not whitespace (== [^\t\n\f\r ]) + * \w word characters (== [0-9A-Za-z_]) + * \W not word characters (== [^0-9A-Za-z_]) + * ``` + * + * ASCII character classes: + * + * ``` + * [[:alnum:]] alphanumeric (== [0-9A-Za-z]) + * [[:alpha:]] alphabetic (== [A-Za-z]) + * [[:ascii:]] ASCII (== [\x00-\x7F]) + * [[:blank:]] blank (== [\t ]) + * [[:cntrl:]] control (== [\x00-\x1F\x7F]) + * [[:digit:]] digits (== [0-9]) + * [[:graph:]] graphical (== [!-~] == [A-Za-z0-9!"#$%&'()*+,\-./:;<=>?@[\\\]^_`{|}~]) + * [[:lower:]] lower case (== [a-z]) + * [[:print:]] printable (== [ -~] == [ [:graph:]]) + * [[:punct:]] punctuation (== [!-/:-@[-`{-~]) + * [[:space:]] whitespace (== [\t\n\v\f\r ]) + * [[:upper:]] upper case (== [A-Z]) + * [[:word:]] word characters (== [0-9A-Za-z_]) + * [[:xdigit:]] hex digit (== [0-9A-Fa-f]) + * ``` + * + * Unicode character classes are those in [unicode.Categories] and [unicode.Scripts]. + */ +namespace syntax { + /** + * Flags control the behavior of the parser and record information about regexp context. + */ + interface Flags extends Number{} +} + +namespace store { + /** + * Store defines a concurrent safe in memory key-value data store. + */ + interface Store { + } + interface Store { + /** + * Reset clears the store and replaces the store data with a + * shallow copy of the provided newData. + */ + reset(newData: _TygojaDict): void + } + interface Store { + /** + * Length returns the current number of elements in the store. + */ + length(): number + } + interface Store { + /** + * RemoveAll removes all the existing store entries. + */ + removeAll(): void + } + interface Store { + /** + * Remove removes a single entry from the store. + * + * Remove does nothing if key doesn't exist in the store. + */ + remove(key: K): void + } + interface Store { + /** + * Has checks if element with the specified key exist or not. + */ + has(key: K): boolean + } + interface Store { + /** + * Get returns a single element value from the store. + * + * If key is not set, the zero T value is returned. + */ + get(key: K): T + } + interface Store { + /** + * GetOk is similar to Get but returns also a boolean indicating whether the key exists or not. + */ + getOk(key: K): [T, boolean] + } + interface Store { + /** + * GetAll returns a shallow copy of the current store data. + */ + getAll(): _TygojaDict + } + interface Store { + /** + * Values returns a slice with all of the current store values. + */ + values(): Array + } + interface Store { + /** + * Set sets (or overwrite if already exists) a new value for key. + */ + set(key: K, value: T): void + } + interface Store { + /** + * SetFunc sets (or overwrite if already exists) a new value resolved + * from the function callback for the provided key. + * + * The function callback receives as argument the old store element value (if exists). + * If there is no old store element, the argument will be the T zero value. + * + * Example: + * + * ``` + * s := store.New[string, int](nil) + * s.SetFunc("count", func(old int) int { + * return old + 1 + * }) + * ``` + */ + setFunc(key: K, fn: (old: T) => T): void + } + interface Store { + /** + * GetOrSet retrieves a single existing value for the provided key + * or stores a new one if it doesn't exist. + */ + getOrSet(key: K, setFunc: () => T): T + } + interface Store { + /** + * SetIfLessThanLimit sets (or overwrite if already exist) a new value for key. + * + * This method is similar to Set() but **it will skip adding new elements** + * to the store if the store length has reached the specified limit. + * false is returned if maxAllowedElements limit is reached. + */ + setIfLessThanLimit(key: K, value: T, maxAllowedElements: number): boolean + } + interface Store { + /** + * UnmarshalJSON implements [json.Unmarshaler] and imports the + * provided JSON data into the store. + * + * The store entries that match with the ones from the data will be overwritten with the new value. + */ + unmarshalJSON(data: string|Array): void + } + interface Store { + /** + * MarshalJSON implements [json.Marshaler] and export the current + * store data into valid JSON. + */ + marshalJSON(): string|Array + } +} + +/** + * Package net provides a portable interface for network I/O, including + * TCP/IP, UDP, domain name resolution, and Unix domain sockets. + * + * Although the package provides access to low-level networking + * primitives, most clients will need only the basic interface provided + * by the [Dial], [Listen], and Accept functions and the associated + * [Conn] and [Listener] interfaces. The crypto/tls package uses + * the same interfaces and similar Dial and Listen functions. + * + * The Dial function connects to a server: + * + * ``` + * conn, err := net.Dial("tcp", "golang.org:80") + * if err != nil { + * // handle error + * } + * fmt.Fprintf(conn, "GET / HTTP/1.0\r\n\r\n") + * status, err := bufio.NewReader(conn).ReadString('\n') + * // ... + * ``` + * + * The Listen function creates servers: + * + * ``` + * ln, err := net.Listen("tcp", ":8080") + * if err != nil { + * // handle error + * } + * for { + * conn, err := ln.Accept() + * if err != nil { + * // handle error + * } + * go handleConnection(conn) + * } + * ``` + * + * # Name Resolution + * + * The method for resolving domain names, whether indirectly with functions like Dial + * or directly with functions like [LookupHost] and [LookupAddr], varies by operating system. + * + * On Unix systems, the resolver has two options for resolving names. + * It can use a pure Go resolver that sends DNS requests directly to the servers + * listed in /etc/resolv.conf, or it can use a cgo-based resolver that calls C + * library routines such as getaddrinfo and getnameinfo. + * + * On Unix the pure Go resolver is preferred over the cgo resolver, because a blocked DNS + * request consumes only a goroutine, while a blocked C call consumes an operating system thread. + * When cgo is available, the cgo-based resolver is used instead under a variety of + * conditions: on systems that do not let programs make direct DNS requests (OS X), + * when the LOCALDOMAIN environment variable is present (even if empty), + * when the RES_OPTIONS or HOSTALIASES environment variable is non-empty, + * when the ASR_CONFIG environment variable is non-empty (OpenBSD only), + * when /etc/resolv.conf or /etc/nsswitch.conf specify the use of features that the + * Go resolver does not implement. + * + * On all systems (except Plan 9), when the cgo resolver is being used + * this package applies a concurrent cgo lookup limit to prevent the system + * from running out of system threads. Currently, it is limited to 500 concurrent lookups. + * + * The resolver decision can be overridden by setting the netdns value of the + * GODEBUG environment variable (see package runtime) to go or cgo, as in: + * + * ``` + * export GODEBUG=netdns=go # force pure Go resolver + * export GODEBUG=netdns=cgo # force native resolver (cgo, win32) + * ``` + * + * The decision can also be forced while building the Go source tree + * by setting the netgo or netcgo build tag. + * + * A numeric netdns setting, as in GODEBUG=netdns=1, causes the resolver + * to print debugging information about its decisions. + * To force a particular resolver while also printing debugging information, + * join the two settings by a plus sign, as in GODEBUG=netdns=go+1. + * + * The Go resolver will send an EDNS0 additional header with a DNS request, + * to signal a willingness to accept a larger DNS packet size. + * This can reportedly cause sporadic failures with the DNS server run + * by some modems and routers. Setting GODEBUG=netedns0=0 will disable + * sending the additional header. + * + * On macOS, if Go code that uses the net package is built with + * -buildmode=c-archive, linking the resulting archive into a C program + * requires passing -lresolv when linking the C code. + * + * On Plan 9, the resolver always accesses /net/cs and /net/dns. + * + * On Windows, in Go 1.18.x and earlier, the resolver always used C + * library functions, such as GetAddrInfo and DnsQuery. + */ +namespace net { + /** + * Conn is a generic stream-oriented network connection. + * + * Multiple goroutines may invoke methods on a Conn simultaneously. + */ + interface Conn { + [key:string]: any; + /** + * Read reads data from the connection. + * Read can be made to time out and return an error after a fixed + * time limit; see SetDeadline and SetReadDeadline. + */ + read(b: string|Array): number + /** + * Write writes data to the connection. + * Write can be made to time out and return an error after a fixed + * time limit; see SetDeadline and SetWriteDeadline. + */ + write(b: string|Array): number + /** + * Close closes the connection. + * Any blocked Read or Write operations will be unblocked and return errors. + */ + close(): void + /** + * LocalAddr returns the local network address, if known. + */ + localAddr(): Addr + /** + * RemoteAddr returns the remote network address, if known. + */ + remoteAddr(): Addr + /** + * SetDeadline sets the read and write deadlines associated + * with the connection. It is equivalent to calling both + * SetReadDeadline and SetWriteDeadline. + * + * A deadline is an absolute time after which I/O operations + * fail instead of blocking. The deadline applies to all future + * and pending I/O, not just the immediately following call to + * Read or Write. After a deadline has been exceeded, the + * connection can be refreshed by setting a deadline in the future. + * + * If the deadline is exceeded a call to Read or Write or to other + * I/O methods will return an error that wraps os.ErrDeadlineExceeded. + * This can be tested using errors.Is(err, os.ErrDeadlineExceeded). + * The error's Timeout method will return true, but note that there + * are other possible errors for which the Timeout method will + * return true even if the deadline has not been exceeded. + * + * An idle timeout can be implemented by repeatedly extending + * the deadline after successful Read or Write calls. + * + * A zero value for t means I/O operations will not time out. + */ + setDeadline(t: time.Time): void + /** + * SetReadDeadline sets the deadline for future Read calls + * and any currently-blocked Read call. + * A zero value for t means Read will not time out. + */ + setReadDeadline(t: time.Time): void + /** + * SetWriteDeadline sets the deadline for future Write calls + * and any currently-blocked Write call. + * Even if write times out, it may return n > 0, indicating that + * some of the data was successfully written. + * A zero value for t means Write will not time out. + */ + setWriteDeadline(t: time.Time): void + } +} + +/** + * Package jwt is a Go implementation of JSON Web Tokens: http://self-issued.info/docs/draft-jones-json-web-token.html + * + * See README.md for more info. + */ +namespace jwt { + /** + * MapClaims is a claims type that uses the map[string]interface{} for JSON + * decoding. This is the default claims type if you don't supply one + */ + interface MapClaims extends _TygojaDict{} + interface MapClaims { + /** + * GetExpirationTime implements the Claims interface. + */ + getExpirationTime(): (NumericDate) + } + interface MapClaims { + /** + * GetNotBefore implements the Claims interface. + */ + getNotBefore(): (NumericDate) + } + interface MapClaims { + /** + * GetIssuedAt implements the Claims interface. + */ + getIssuedAt(): (NumericDate) + } + interface MapClaims { + /** + * GetAudience implements the Claims interface. + */ + getAudience(): ClaimStrings + } + interface MapClaims { + /** + * GetIssuer implements the Claims interface. + */ + getIssuer(): string + } + interface MapClaims { + /** + * GetSubject implements the Claims interface. + */ + getSubject(): string + } +} + +/** + * Package types implements some commonly used db serializable types + * like datetime, json, etc. + */ +namespace types { + /** + * DateTime represents a [time.Time] instance in UTC that is wrapped + * and serialized using the app default date layout. + */ + interface DateTime { + } + interface DateTime { + /** + * Time returns the internal [time.Time] instance. + */ + time(): time.Time + } + interface DateTime { + /** + * Add returns a new DateTime based on the current DateTime + the specified duration. + */ + add(duration: time.Duration): DateTime + } + interface DateTime { + /** + * Sub returns a [time.Duration] by subtracting the specified DateTime from the current one. + * + * If the result exceeds the maximum (or minimum) value that can be stored in a [time.Duration], + * the maximum (or minimum) duration will be returned. + */ + sub(u: DateTime): time.Duration + } + interface DateTime { + /** + * AddDate returns a new DateTime based on the current one + duration. + * + * It follows the same rules as [time.AddDate]. + */ + addDate(years: number, months: number, days: number): DateTime + } + interface DateTime { + /** + * After reports whether the current DateTime instance is after u. + */ + after(u: DateTime): boolean + } + interface DateTime { + /** + * Before reports whether the current DateTime instance is before u. + */ + before(u: DateTime): boolean + } + interface DateTime { + /** + * Compare compares the current DateTime instance with u. + * If the current instance is before u, it returns -1. + * If the current instance is after u, it returns +1. + * If they're the same, it returns 0. + */ + compare(u: DateTime): number + } + interface DateTime { + /** + * Equal reports whether the current DateTime and u represent the same time instant. + * Two DateTime can be equal even if they are in different locations. + * For example, 6:00 +0200 and 4:00 UTC are Equal. + */ + equal(u: DateTime): boolean + } + interface DateTime { + /** + * Unix returns the current DateTime as a Unix time, aka. + * the number of seconds elapsed since January 1, 1970 UTC. + */ + unix(): number + } + interface DateTime { + /** + * IsZero checks whether the current DateTime instance has zero time value. + */ + isZero(): boolean + } + interface DateTime { + /** + * String serializes the current DateTime instance into a formatted + * UTC date string. + * + * The zero value is serialized to an empty string. + */ + string(): string + } + interface DateTime { + /** + * MarshalJSON implements the [json.Marshaler] interface. + */ + marshalJSON(): string|Array + } + interface DateTime { + /** + * UnmarshalJSON implements the [json.Unmarshaler] interface. + */ + unmarshalJSON(b: string|Array): void + } + interface DateTime { + /** + * Value implements the [driver.Valuer] interface. + */ + value(): any + } + interface DateTime { + /** + * Scan implements [sql.Scanner] interface to scan the provided value + * into the current DateTime instance. + */ + scan(value: any): void + } + /** + * GeoPoint defines a struct for storing geo coordinates as serialized json object + * (e.g. {lon:0,lat:0}). + * + * Note: using object notation and not a plain array to avoid the confusion + * as there doesn't seem to be a fixed standard for the coordinates order. + */ + interface GeoPoint { + lon: number + lat: number + } + interface GeoPoint { + /** + * String returns the string representation of the current GeoPoint instance. + */ + string(): string + } + interface GeoPoint { + /** + * AsMap implements [core.mapExtractor] and returns a value suitable + * to be used in an API rule expression. + */ + asMap(): _TygojaDict + } + interface GeoPoint { + /** + * Value implements the [driver.Valuer] interface. + */ + value(): any + } + interface GeoPoint { + /** + * Scan implements [sql.Scanner] interface to scan the provided value + * into the current GeoPoint instance. + * + * The value argument could be nil (no-op), another GeoPoint instance, + * map or serialized json object with lat-lon props. + */ + scan(value: any): void + } + /** + * JSONArray defines a slice that is safe for json and db read/write. + */ + interface JSONArray extends Array{} + /** + * JSONMap defines a map that is safe for json and db read/write. + */ + interface JSONMap extends _TygojaDict{} + /** + * JSONRaw defines a json value type that is safe for db read/write. + */ + interface JSONRaw extends Array{} + interface JSONRaw { + /** + * String returns the current JSONRaw instance as a json encoded string. + */ + string(): string + } + interface JSONRaw { + /** + * MarshalJSON implements the [json.Marshaler] interface. + */ + marshalJSON(): string|Array + } + interface JSONRaw { + /** + * UnmarshalJSON implements the [json.Unmarshaler] interface. + */ + unmarshalJSON(b: string|Array): void + } + interface JSONRaw { + /** + * Value implements the [driver.Valuer] interface. + */ + value(): any + } + interface JSONRaw { + /** + * Scan implements [sql.Scanner] interface to scan the provided value + * into the current JSONRaw instance. + */ + scan(value: any): void + } +} + +namespace search { + /** + * Result defines the returned search result structure. + */ + interface Result { + items: any + page: number + perPage: number + totalItems: number + totalPages: number + } + /** + * ResolverResult defines a single FieldResolver.Resolve() successfully parsed result. + */ + interface ResolverResult { + /** + * Identifier is the plain SQL identifier/column that will be used + * in the final db expression as left or right operand. + */ + identifier: string + /** + * NoCoalesce instructs to not use COALESCE or NULL fallbacks + * when building the identifier expression. + */ + noCoalesce: boolean + /** + * Params is a map with db placeholder->value pairs that will be added + * to the query when building both resolved operands/sides in a single expression. + */ + params: dbx.Params + /** + * MultiMatchSubQuery is an optional sub query expression that will be added + * in addition to the combined ResolverResult expression during build. + */ + multiMatchSubQuery: dbx.Expression + /** + * AfterBuild is an optional function that will be called after building + * and combining the result of both resolved operands/sides in a single expression. + */ + afterBuild: (expr: dbx.Expression) => dbx.Expression + } +} + +/** + * Package slog provides structured logging, + * in which log records include a message, + * a severity level, and various other attributes + * expressed as key-value pairs. + * + * It defines a type, [Logger], + * which provides several methods (such as [Logger.Info] and [Logger.Error]) + * for reporting events of interest. + * + * Each Logger is associated with a [Handler]. + * A Logger output method creates a [Record] from the method arguments + * and passes it to the Handler, which decides how to handle it. + * There is a default Logger accessible through top-level functions + * (such as [Info] and [Error]) that call the corresponding Logger methods. + * + * A log record consists of a time, a level, a message, and a set of key-value + * pairs, where the keys are strings and the values may be of any type. + * As an example, + * + * ``` + * slog.Info("hello", "count", 3) + * ``` + * + * creates a record containing the time of the call, + * a level of Info, the message "hello", and a single + * pair with key "count" and value 3. + * + * The [Info] top-level function calls the [Logger.Info] method on the default Logger. + * In addition to [Logger.Info], there are methods for Debug, Warn and Error levels. + * Besides these convenience methods for common levels, + * there is also a [Logger.Log] method which takes the level as an argument. + * Each of these methods has a corresponding top-level function that uses the + * default logger. + * + * The default handler formats the log record's message, time, level, and attributes + * as a string and passes it to the [log] package. + * + * ``` + * 2022/11/08 15:28:26 INFO hello count=3 + * ``` + * + * For more control over the output format, create a logger with a different handler. + * This statement uses [New] to create a new logger with a [TextHandler] + * that writes structured records in text form to standard error: + * + * ``` + * logger := slog.New(slog.NewTextHandler(os.Stderr, nil)) + * ``` + * + * [TextHandler] output is a sequence of key=value pairs, easily and unambiguously + * parsed by machine. This statement: + * + * ``` + * logger.Info("hello", "count", 3) + * ``` + * + * produces this output: + * + * ``` + * time=2022-11-08T15:28:26.000-05:00 level=INFO msg=hello count=3 + * ``` + * + * The package also provides [JSONHandler], whose output is line-delimited JSON: + * + * ``` + * logger := slog.New(slog.NewJSONHandler(os.Stdout, nil)) + * logger.Info("hello", "count", 3) + * ``` + * + * produces this output: + * + * ``` + * {"time":"2022-11-08T15:28:26.000000000-05:00","level":"INFO","msg":"hello","count":3} + * ``` + * + * Both [TextHandler] and [JSONHandler] can be configured with [HandlerOptions]. + * There are options for setting the minimum level (see Levels, below), + * displaying the source file and line of the log call, and + * modifying attributes before they are logged. + * + * Setting a logger as the default with + * + * ``` + * slog.SetDefault(logger) + * ``` + * + * will cause the top-level functions like [Info] to use it. + * [SetDefault] also updates the default logger used by the [log] package, + * so that existing applications that use [log.Printf] and related functions + * will send log records to the logger's handler without needing to be rewritten. + * + * Some attributes are common to many log calls. + * For example, you may wish to include the URL or trace identifier of a server request + * with all log events arising from the request. + * Rather than repeat the attribute with every log call, you can use [Logger.With] + * to construct a new Logger containing the attributes: + * + * ``` + * logger2 := logger.With("url", r.URL) + * ``` + * + * The arguments to With are the same key-value pairs used in [Logger.Info]. + * The result is a new Logger with the same handler as the original, but additional + * attributes that will appear in the output of every call. + * + * # Levels + * + * A [Level] is an integer representing the importance or severity of a log event. + * The higher the level, the more severe the event. + * This package defines constants for the most common levels, + * but any int can be used as a level. + * + * In an application, you may wish to log messages only at a certain level or greater. + * One common configuration is to log messages at Info or higher levels, + * suppressing debug logging until it is needed. + * The built-in handlers can be configured with the minimum level to output by + * setting [HandlerOptions.Level]. + * The program's `main` function typically does this. + * The default value is LevelInfo. + * + * Setting the [HandlerOptions.Level] field to a [Level] value + * fixes the handler's minimum level throughout its lifetime. + * Setting it to a [LevelVar] allows the level to be varied dynamically. + * A LevelVar holds a Level and is safe to read or write from multiple + * goroutines. + * To vary the level dynamically for an entire program, first initialize + * a global LevelVar: + * + * ``` + * var programLevel = new(slog.LevelVar) // Info by default + * ``` + * + * Then use the LevelVar to construct a handler, and make it the default: + * + * ``` + * h := slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{Level: programLevel}) + * slog.SetDefault(slog.New(h)) + * ``` + * + * Now the program can change its logging level with a single statement: + * + * ``` + * programLevel.Set(slog.LevelDebug) + * ``` + * + * # Groups + * + * Attributes can be collected into groups. + * A group has a name that is used to qualify the names of its attributes. + * How this qualification is displayed depends on the handler. + * [TextHandler] separates the group and attribute names with a dot. + * [JSONHandler] treats each group as a separate JSON object, with the group name as the key. + * + * Use [Group] to create a Group attribute from a name and a list of key-value pairs: + * + * ``` + * slog.Group("request", + * "method", r.Method, + * "url", r.URL) + * ``` + * + * TextHandler would display this group as + * + * ``` + * request.method=GET request.url=http://example.com + * ``` + * + * JSONHandler would display it as + * + * ``` + * "request":{"method":"GET","url":"http://example.com"} + * ``` + * + * Use [Logger.WithGroup] to qualify all of a Logger's output + * with a group name. Calling WithGroup on a Logger results in a + * new Logger with the same Handler as the original, but with all + * its attributes qualified by the group name. + * + * This can help prevent duplicate attribute keys in large systems, + * where subsystems might use the same keys. + * Pass each subsystem a different Logger with its own group name so that + * potential duplicates are qualified: + * + * ``` + * logger := slog.Default().With("id", systemID) + * parserLogger := logger.WithGroup("parser") + * parseInput(input, parserLogger) + * ``` + * + * When parseInput logs with parserLogger, its keys will be qualified with "parser", + * so even if it uses the common key "id", the log line will have distinct keys. + * + * # Contexts + * + * Some handlers may wish to include information from the [context.Context] that is + * available at the call site. One example of such information + * is the identifier for the current span when tracing is enabled. + * + * The [Logger.Log] and [Logger.LogAttrs] methods take a context as a first + * argument, as do their corresponding top-level functions. + * + * Although the convenience methods on Logger (Info and so on) and the + * corresponding top-level functions do not take a context, the alternatives ending + * in "Context" do. For example, + * + * ``` + * slog.InfoContext(ctx, "message") + * ``` + * + * It is recommended to pass a context to an output method if one is available. + * + * # Attrs and Values + * + * An [Attr] is a key-value pair. The Logger output methods accept Attrs as well as + * alternating keys and values. The statement + * + * ``` + * slog.Info("hello", slog.Int("count", 3)) + * ``` + * + * behaves the same as + * + * ``` + * slog.Info("hello", "count", 3) + * ``` + * + * There are convenience constructors for [Attr] such as [Int], [String], and [Bool] + * for common types, as well as the function [Any] for constructing Attrs of any + * type. + * + * The value part of an Attr is a type called [Value]. + * Like an [any], a Value can hold any Go value, + * but it can represent typical values, including all numbers and strings, + * without an allocation. + * + * For the most efficient log output, use [Logger.LogAttrs]. + * It is similar to [Logger.Log] but accepts only Attrs, not alternating + * keys and values; this allows it, too, to avoid allocation. + * + * The call + * + * ``` + * logger.LogAttrs(ctx, slog.LevelInfo, "hello", slog.Int("count", 3)) + * ``` + * + * is the most efficient way to achieve the same output as + * + * ``` + * slog.InfoContext(ctx, "hello", "count", 3) + * ``` + * + * # Customizing a type's logging behavior + * + * If a type implements the [LogValuer] interface, the [Value] returned from its LogValue + * method is used for logging. You can use this to control how values of the type + * appear in logs. For example, you can redact secret information like passwords, + * or gather a struct's fields in a Group. See the examples under [LogValuer] for + * details. + * + * A LogValue method may return a Value that itself implements [LogValuer]. The [Value.Resolve] + * method handles these cases carefully, avoiding infinite loops and unbounded recursion. + * Handler authors and others may wish to use [Value.Resolve] instead of calling LogValue directly. + * + * # Wrapping output methods + * + * The logger functions use reflection over the call stack to find the file name + * and line number of the logging call within the application. This can produce + * incorrect source information for functions that wrap slog. For instance, if you + * define this function in file mylog.go: + * + * ``` + * func Infof(logger *slog.Logger, format string, args ...any) { + * logger.Info(fmt.Sprintf(format, args...)) + * } + * ``` + * + * and you call it like this in main.go: + * + * ``` + * Infof(slog.Default(), "hello, %s", "world") + * ``` + * + * then slog will report the source file as mylog.go, not main.go. + * + * A correct implementation of Infof will obtain the source location + * (pc) and pass it to NewRecord. + * The Infof function in the package-level example called "wrapping" + * demonstrates how to do this. + * + * # Working with Records + * + * Sometimes a Handler will need to modify a Record + * before passing it on to another Handler or backend. + * A Record contains a mixture of simple public fields (e.g. Time, Level, Message) + * and hidden fields that refer to state (such as attributes) indirectly. This + * means that modifying a simple copy of a Record (e.g. by calling + * [Record.Add] or [Record.AddAttrs] to add attributes) + * may have unexpected effects on the original. + * Before modifying a Record, use [Record.Clone] to + * create a copy that shares no state with the original, + * or create a new Record with [NewRecord] + * and build up its Attrs by traversing the old ones with [Record.Attrs]. + * + * # Performance considerations + * + * If profiling your application demonstrates that logging is taking significant time, + * the following suggestions may help. + * + * If many log lines have a common attribute, use [Logger.With] to create a Logger with + * that attribute. The built-in handlers will format that attribute only once, at the + * call to [Logger.With]. The [Handler] interface is designed to allow that optimization, + * and a well-written Handler should take advantage of it. + * + * The arguments to a log call are always evaluated, even if the log event is discarded. + * If possible, defer computation so that it happens only if the value is actually logged. + * For example, consider the call + * + * ``` + * slog.Info("starting request", "url", r.URL.String()) // may compute String unnecessarily + * ``` + * + * The URL.String method will be called even if the logger discards Info-level events. + * Instead, pass the URL directly: + * + * ``` + * slog.Info("starting request", "url", &r.URL) // calls URL.String only if needed + * ``` + * + * The built-in [TextHandler] will call its String method, but only + * if the log event is enabled. + * Avoiding the call to String also preserves the structure of the underlying value. + * For example [JSONHandler] emits the components of the parsed URL as a JSON object. + * If you want to avoid eagerly paying the cost of the String call + * without causing the handler to potentially inspect the structure of the value, + * wrap the value in a fmt.Stringer implementation that hides its Marshal methods. + * + * You can also use the [LogValuer] interface to avoid unnecessary work in disabled log + * calls. Say you need to log some expensive value: + * + * ``` + * slog.Debug("frobbing", "value", computeExpensiveValue(arg)) + * ``` + * + * Even if this line is disabled, computeExpensiveValue will be called. + * To avoid that, define a type implementing LogValuer: + * + * ``` + * type expensive struct { arg int } + * + * func (e expensive) LogValue() slog.Value { + * return slog.AnyValue(computeExpensiveValue(e.arg)) + * } + * ``` + * + * Then use a value of that type in log calls: + * + * ``` + * slog.Debug("frobbing", "value", expensive{arg}) + * ``` + * + * Now computeExpensiveValue will only be called when the line is enabled. + * + * The built-in handlers acquire a lock before calling [io.Writer.Write] + * to ensure that exactly one [Record] is written at a time in its entirety. + * Although each log record has a timestamp, + * the built-in handlers do not use that time to sort the written records. + * User-defined handlers are responsible for their own locking and sorting. + * + * # Writing a handler + * + * For a guide to writing a custom handler, see https://golang.org/s/slog-handler-guide. + */ +namespace slog { + // @ts-ignore + import loginternal = internal + /** + * A Logger records structured information about each call to its + * Log, Debug, Info, Warn, and Error methods. + * For each call, it creates a [Record] and passes it to a [Handler]. + * + * To create a new Logger, call [New] or a Logger method + * that begins "With". + */ + interface Logger { + } + interface Logger { + /** + * Handler returns l's Handler. + */ + handler(): Handler + } + interface Logger { + /** + * With returns a Logger that includes the given attributes + * in each output operation. Arguments are converted to + * attributes as if by [Logger.Log]. + */ + with(...args: any[]): (Logger) + } + interface Logger { + /** + * WithGroup returns a Logger that starts a group, if name is non-empty. + * The keys of all attributes added to the Logger will be qualified by the given + * name. (How that qualification happens depends on the [Handler.WithGroup] + * method of the Logger's Handler.) + * + * If name is empty, WithGroup returns the receiver. + */ + withGroup(name: string): (Logger) + } + interface Logger { + /** + * Enabled reports whether l emits log records at the given context and level. + */ + enabled(ctx: context.Context, level: Level): boolean + } + interface Logger { + /** + * Log emits a log record with the current time and the given level and message. + * The Record's Attrs consist of the Logger's attributes followed by + * the Attrs specified by args. + * + * The attribute arguments are processed as follows: + * ``` + * - If an argument is an Attr, it is used as is. + * - If an argument is a string and this is not the last argument, + * the following argument is treated as the value and the two are combined + * into an Attr. + * - Otherwise, the argument is treated as a value with key "!BADKEY". + * ``` + */ + log(ctx: context.Context, level: Level, msg: string, ...args: any[]): void + } + interface Logger { + /** + * LogAttrs is a more efficient version of [Logger.Log] that accepts only Attrs. + */ + logAttrs(ctx: context.Context, level: Level, msg: string, ...attrs: Attr[]): void + } + interface Logger { + /** + * Debug logs at [LevelDebug]. + */ + debug(msg: string, ...args: any[]): void + } + interface Logger { + /** + * DebugContext logs at [LevelDebug] with the given context. + */ + debugContext(ctx: context.Context, msg: string, ...args: any[]): void + } + interface Logger { + /** + * Info logs at [LevelInfo]. + */ + info(msg: string, ...args: any[]): void + } + interface Logger { + /** + * InfoContext logs at [LevelInfo] with the given context. + */ + infoContext(ctx: context.Context, msg: string, ...args: any[]): void + } + interface Logger { + /** + * Warn logs at [LevelWarn]. + */ + warn(msg: string, ...args: any[]): void + } + interface Logger { + /** + * WarnContext logs at [LevelWarn] with the given context. + */ + warnContext(ctx: context.Context, msg: string, ...args: any[]): void + } + interface Logger { + /** + * Error logs at [LevelError]. + */ + error(msg: string, ...args: any[]): void + } + interface Logger { + /** + * ErrorContext logs at [LevelError] with the given context. + */ + errorContext(ctx: context.Context, msg: string, ...args: any[]): void + } +} + +/** + * Package bufio implements buffered I/O. It wraps an io.Reader or io.Writer + * object, creating another object (Reader or Writer) that also implements + * the interface but provides buffering and some help for textual I/O. + */ +namespace bufio { + /** + * ReadWriter stores pointers to a [Reader] and a [Writer]. + * It implements [io.ReadWriter]. + */ + type _sFTbWSf = Reader&Writer + interface ReadWriter extends _sFTbWSf { + } +} + +/** + * Package multipart implements MIME multipart parsing, as defined in RFC + * 2046. + * + * The implementation is sufficient for HTTP (RFC 2388) and the multipart + * bodies generated by popular browsers. + * + * # Limits + * + * To protect against malicious inputs, this package sets limits on the size + * of the MIME data it processes. + * + * [Reader.NextPart] and [Reader.NextRawPart] limit the number of headers in a + * part to 10000 and [Reader.ReadForm] limits the total number of headers in all + * FileHeaders to 10000. + * These limits may be adjusted with the GODEBUG=multipartmaxheaders= + * setting. + * + * Reader.ReadForm further limits the number of parts in a form to 1000. + * This limit may be adjusted with the GODEBUG=multipartmaxparts= + * setting. + */ +namespace multipart { + /** + * A FileHeader describes a file part of a multipart request. + */ + interface FileHeader { + filename: string + header: textproto.MIMEHeader + size: number + } + interface FileHeader { + /** + * Open opens and returns the [FileHeader]'s associated File. + */ + open(): File + } +} + +/** + * Package http provides HTTP client and server implementations. + * + * [Get], [Head], [Post], and [PostForm] make HTTP (or HTTPS) requests: + * + * ``` + * resp, err := http.Get("http://example.com/") + * ... + * resp, err := http.Post("http://example.com/upload", "image/jpeg", &buf) + * ... + * resp, err := http.PostForm("http://example.com/form", + * url.Values{"key": {"Value"}, "id": {"123"}}) + * ``` + * + * The caller must close the response body when finished with it: + * + * ``` + * resp, err := http.Get("http://example.com/") + * if err != nil { + * // handle error + * } + * defer resp.Body.Close() + * body, err := io.ReadAll(resp.Body) + * // ... + * ``` + * + * # Clients and Transports + * + * For control over HTTP client headers, redirect policy, and other + * settings, create a [Client]: + * + * ``` + * client := &http.Client{ + * CheckRedirect: redirectPolicyFunc, + * } + * + * resp, err := client.Get("http://example.com") + * // ... + * + * req, err := http.NewRequest("GET", "http://example.com", nil) + * // ... + * req.Header.Add("If-None-Match", `W/"wyzzy"`) + * resp, err := client.Do(req) + * // ... + * ``` + * + * For control over proxies, TLS configuration, keep-alives, + * compression, and other settings, create a [Transport]: + * + * ``` + * tr := &http.Transport{ + * MaxIdleConns: 10, + * IdleConnTimeout: 30 * time.Second, + * DisableCompression: true, + * } + * client := &http.Client{Transport: tr} + * resp, err := client.Get("https://example.com") + * ``` + * + * Clients and Transports are safe for concurrent use by multiple + * goroutines and for efficiency should only be created once and re-used. + * + * # Servers + * + * ListenAndServe starts an HTTP server with a given address and handler. + * The handler is usually nil, which means to use [DefaultServeMux]. + * [Handle] and [HandleFunc] add handlers to [DefaultServeMux]: + * + * ``` + * http.Handle("/foo", fooHandler) + * + * http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) { + * fmt.Fprintf(w, "Hello, %q", html.EscapeString(r.URL.Path)) + * }) + * + * log.Fatal(http.ListenAndServe(":8080", nil)) + * ``` + * + * More control over the server's behavior is available by creating a + * custom Server: + * + * ``` + * s := &http.Server{ + * Addr: ":8080", + * Handler: myHandler, + * ReadTimeout: 10 * time.Second, + * WriteTimeout: 10 * time.Second, + * MaxHeaderBytes: 1 << 20, + * } + * log.Fatal(s.ListenAndServe()) + * ``` + * + * # HTTP/2 + * + * Starting with Go 1.6, the http package has transparent support for the + * HTTP/2 protocol when using HTTPS. Programs that must disable HTTP/2 + * can do so by setting [Transport.TLSNextProto] (for clients) or + * [Server.TLSNextProto] (for servers) to a non-nil, empty + * map. Alternatively, the following GODEBUG settings are + * currently supported: + * + * ``` + * GODEBUG=http2client=0 # disable HTTP/2 client support + * GODEBUG=http2server=0 # disable HTTP/2 server support + * GODEBUG=http2debug=1 # enable verbose HTTP/2 debug logs + * GODEBUG=http2debug=2 # ... even more verbose, with frame dumps + * ``` + * + * Please report any issues before disabling HTTP/2 support: https://golang.org/s/http2bug + * + * The http package's [Transport] and [Server] both automatically enable + * HTTP/2 support for simple configurations. To enable HTTP/2 for more + * complex configurations, to use lower-level HTTP/2 features, or to use + * a newer version of Go's http2 package, import "golang.org/x/net/http2" + * directly and use its ConfigureTransport and/or ConfigureServer + * functions. Manually configuring HTTP/2 via the golang.org/x/net/http2 + * package takes precedence over the net/http package's built-in HTTP/2 + * support. + */ +namespace http { + // @ts-ignore + import mathrand = rand + /** + * PushOptions describes options for [Pusher.Push]. + */ + interface PushOptions { + /** + * Method specifies the HTTP method for the promised request. + * If set, it must be "GET" or "HEAD". Empty means "GET". + */ + method: string + /** + * Header specifies additional promised request headers. This cannot + * include HTTP/2 pseudo header fields like ":path" and ":scheme", + * which will be added automatically. + */ + header: Header + } + // @ts-ignore + import urlpkg = url + /** + * A Request represents an HTTP request received by a server + * or to be sent by a client. + * + * The field semantics differ slightly between client and server + * usage. In addition to the notes on the fields below, see the + * documentation for [Request.Write] and [RoundTripper]. + */ + interface Request { + /** + * Method specifies the HTTP method (GET, POST, PUT, etc.). + * For client requests, an empty string means GET. + */ + method: string + /** + * URL specifies either the URI being requested (for server + * requests) or the URL to access (for client requests). + * + * For server requests, the URL is parsed from the URI + * supplied on the Request-Line as stored in RequestURI. For + * most requests, fields other than Path and RawQuery will be + * empty. (See RFC 7230, Section 5.3) + * + * For client requests, the URL's Host specifies the server to + * connect to, while the Request's Host field optionally + * specifies the Host header value to send in the HTTP + * request. + */ + url?: url.URL + /** + * The protocol version for incoming server requests. + * + * For client requests, these fields are ignored. The HTTP + * client code always uses either HTTP/1.1 or HTTP/2. + * See the docs on Transport for details. + */ + proto: string // "HTTP/1.0" + protoMajor: number // 1 + protoMinor: number // 0 + /** + * Header contains the request header fields either received + * by the server or to be sent by the client. + * + * If a server received a request with header lines, + * + * ``` + * Host: example.com + * accept-encoding: gzip, deflate + * Accept-Language: en-us + * fOO: Bar + * foo: two + * ``` + * + * then + * + * ``` + * Header = map[string][]string{ + * "Accept-Encoding": {"gzip, deflate"}, + * "Accept-Language": {"en-us"}, + * "Foo": {"Bar", "two"}, + * } + * ``` + * + * For incoming requests, the Host header is promoted to the + * Request.Host field and removed from the Header map. + * + * HTTP defines that header names are case-insensitive. The + * request parser implements this by using CanonicalHeaderKey, + * making the first character and any characters following a + * hyphen uppercase and the rest lowercase. + * + * For client requests, certain headers such as Content-Length + * and Connection are automatically written when needed and + * values in Header may be ignored. See the documentation + * for the Request.Write method. + */ + header: Header + /** + * Body is the request's body. + * + * For client requests, a nil body means the request has no + * body, such as a GET request. The HTTP Client's Transport + * is responsible for calling the Close method. + * + * For server requests, the Request Body is always non-nil + * but will return EOF immediately when no body is present. + * The Server will close the request body. The ServeHTTP + * Handler does not need to. + * + * Body must allow Read to be called concurrently with Close. + * In particular, calling Close should unblock a Read waiting + * for input. + */ + body: io.ReadCloser + /** + * GetBody defines an optional func to return a new copy of + * Body. It is used for client requests when a redirect requires + * reading the body more than once. Use of GetBody still + * requires setting Body. + * + * For server requests, it is unused. + */ + getBody: () => io.ReadCloser + /** + * ContentLength records the length of the associated content. + * The value -1 indicates that the length is unknown. + * Values >= 0 indicate that the given number of bytes may + * be read from Body. + * + * For client requests, a value of 0 with a non-nil Body is + * also treated as unknown. + */ + contentLength: number + /** + * TransferEncoding lists the transfer encodings from outermost to + * innermost. An empty list denotes the "identity" encoding. + * TransferEncoding can usually be ignored; chunked encoding is + * automatically added and removed as necessary when sending and + * receiving requests. + */ + transferEncoding: Array + /** + * Close indicates whether to close the connection after + * replying to this request (for servers) or after sending this + * request and reading its response (for clients). + * + * For server requests, the HTTP server handles this automatically + * and this field is not needed by Handlers. + * + * For client requests, setting this field prevents re-use of + * TCP connections between requests to the same hosts, as if + * Transport.DisableKeepAlives were set. + */ + close: boolean + /** + * For server requests, Host specifies the host on which the + * URL is sought. For HTTP/1 (per RFC 7230, section 5.4), this + * is either the value of the "Host" header or the host name + * given in the URL itself. For HTTP/2, it is the value of the + * ":authority" pseudo-header field. + * It may be of the form "host:port". For international domain + * names, Host may be in Punycode or Unicode form. Use + * golang.org/x/net/idna to convert it to either format if + * needed. + * To prevent DNS rebinding attacks, server Handlers should + * validate that the Host header has a value for which the + * Handler considers itself authoritative. The included + * ServeMux supports patterns registered to particular host + * names and thus protects its registered Handlers. + * + * For client requests, Host optionally overrides the Host + * header to send. If empty, the Request.Write method uses + * the value of URL.Host. Host may contain an international + * domain name. + */ + host: string + /** + * Form contains the parsed form data, including both the URL + * field's query parameters and the PATCH, POST, or PUT form data. + * This field is only available after ParseForm is called. + * The HTTP client ignores Form and uses Body instead. + */ + form: url.Values + /** + * PostForm contains the parsed form data from PATCH, POST + * or PUT body parameters. + * + * This field is only available after ParseForm is called. + * The HTTP client ignores PostForm and uses Body instead. + */ + postForm: url.Values + /** + * MultipartForm is the parsed multipart form, including file uploads. + * This field is only available after ParseMultipartForm is called. + * The HTTP client ignores MultipartForm and uses Body instead. + */ + multipartForm?: multipart.Form + /** + * Trailer specifies additional headers that are sent after the request + * body. + * + * For server requests, the Trailer map initially contains only the + * trailer keys, with nil values. (The client declares which trailers it + * will later send.) While the handler is reading from Body, it must + * not reference Trailer. After reading from Body returns EOF, Trailer + * can be read again and will contain non-nil values, if they were sent + * by the client. + * + * For client requests, Trailer must be initialized to a map containing + * the trailer keys to later send. The values may be nil or their final + * values. The ContentLength must be 0 or -1, to send a chunked request. + * After the HTTP request is sent the map values can be updated while + * the request body is read. Once the body returns EOF, the caller must + * not mutate Trailer. + * + * Few HTTP clients, servers, or proxies support HTTP trailers. + */ + trailer: Header + /** + * RemoteAddr allows HTTP servers and other software to record + * the network address that sent the request, usually for + * logging. This field is not filled in by ReadRequest and + * has no defined format. The HTTP server in this package + * sets RemoteAddr to an "IP:port" address before invoking a + * handler. + * This field is ignored by the HTTP client. + */ + remoteAddr: string + /** + * RequestURI is the unmodified request-target of the + * Request-Line (RFC 7230, Section 3.1.1) as sent by the client + * to a server. Usually the URL field should be used instead. + * It is an error to set this field in an HTTP client request. + */ + requestURI: string + /** + * TLS allows HTTP servers and other software to record + * information about the TLS connection on which the request + * was received. This field is not filled in by ReadRequest. + * The HTTP server in this package sets the field for + * TLS-enabled connections before invoking a handler; + * otherwise it leaves the field nil. + * This field is ignored by the HTTP client. + */ + tls?: any + /** + * Cancel is an optional channel whose closure indicates that the client + * request should be regarded as canceled. Not all implementations of + * RoundTripper may support Cancel. + * + * For server requests, this field is not applicable. + * + * Deprecated: Set the Request's context with NewRequestWithContext + * instead. If a Request's Cancel field and context are both + * set, it is undefined whether Cancel is respected. + */ + cancel: undefined + /** + * Response is the redirect response which caused this request + * to be created. This field is only populated during client + * redirects. + */ + response?: Response + /** + * Pattern is the [ServeMux] pattern that matched the request. + * It is empty if the request was not matched against a pattern. + */ + pattern: string + } + interface Request { + /** + * Context returns the request's context. To change the context, use + * [Request.Clone] or [Request.WithContext]. + * + * The returned context is always non-nil; it defaults to the + * background context. + * + * For outgoing client requests, the context controls cancellation. + * + * For incoming server requests, the context is canceled when the + * client's connection closes, the request is canceled (with HTTP/2), + * or when the ServeHTTP method returns. + */ + context(): context.Context + } + interface Request { + /** + * WithContext returns a shallow copy of r with its context changed + * to ctx. The provided ctx must be non-nil. + * + * For outgoing client request, the context controls the entire + * lifetime of a request and its response: obtaining a connection, + * sending the request, and reading the response headers and body. + * + * To create a new request with a context, use [NewRequestWithContext]. + * To make a deep copy of a request with a new context, use [Request.Clone]. + */ + withContext(ctx: context.Context): (Request) + } + interface Request { + /** + * Clone returns a deep copy of r with its context changed to ctx. + * The provided ctx must be non-nil. + * + * Clone only makes a shallow copy of the Body field. + * + * For an outgoing client request, the context controls the entire + * lifetime of a request and its response: obtaining a connection, + * sending the request, and reading the response headers and body. + */ + clone(ctx: context.Context): (Request) + } + interface Request { + /** + * ProtoAtLeast reports whether the HTTP protocol used + * in the request is at least major.minor. + */ + protoAtLeast(major: number, minor: number): boolean + } + interface Request { + /** + * UserAgent returns the client's User-Agent, if sent in the request. + */ + userAgent(): string + } + interface Request { + /** + * Cookies parses and returns the HTTP cookies sent with the request. + */ + cookies(): Array<(Cookie | undefined)> + } + interface Request { + /** + * CookiesNamed parses and returns the named HTTP cookies sent with the request + * or an empty slice if none matched. + */ + cookiesNamed(name: string): Array<(Cookie | undefined)> + } + interface Request { + /** + * Cookie returns the named cookie provided in the request or + * [ErrNoCookie] if not found. + * If multiple cookies match the given name, only one cookie will + * be returned. + */ + cookie(name: string): (Cookie) + } + interface Request { + /** + * AddCookie adds a cookie to the request. Per RFC 6265 section 5.4, + * AddCookie does not attach more than one [Cookie] header field. That + * means all cookies, if any, are written into the same line, + * separated by semicolon. + * AddCookie only sanitizes c's name and value, and does not sanitize + * a Cookie header already present in the request. + */ + addCookie(c: Cookie): void + } + interface Request { + /** + * Referer returns the referring URL, if sent in the request. + * + * Referer is misspelled as in the request itself, a mistake from the + * earliest days of HTTP. This value can also be fetched from the + * [Header] map as Header["Referer"]; the benefit of making it available + * as a method is that the compiler can diagnose programs that use the + * alternate (correct English) spelling req.Referrer() but cannot + * diagnose programs that use Header["Referrer"]. + */ + referer(): string + } + interface Request { + /** + * MultipartReader returns a MIME multipart reader if this is a + * multipart/form-data or a multipart/mixed POST request, else returns nil and an error. + * Use this function instead of [Request.ParseMultipartForm] to + * process the request body as a stream. + */ + multipartReader(): (multipart.Reader) + } + interface Request { + /** + * Write writes an HTTP/1.1 request, which is the header and body, in wire format. + * This method consults the following fields of the request: + * + * ``` + * Host + * URL + * Method (defaults to "GET") + * Header + * ContentLength + * TransferEncoding + * Body + * ``` + * + * If Body is present, Content-Length is <= 0 and [Request.TransferEncoding] + * hasn't been set to "identity", Write adds "Transfer-Encoding: + * chunked" to the header. Body is closed after it is sent. + */ + write(w: io.Writer): void + } + interface Request { + /** + * WriteProxy is like [Request.Write] but writes the request in the form + * expected by an HTTP proxy. In particular, [Request.WriteProxy] writes the + * initial Request-URI line of the request with an absolute URI, per + * section 5.3 of RFC 7230, including the scheme and host. + * In either case, WriteProxy also writes a Host header, using + * either r.Host or r.URL.Host. + */ + writeProxy(w: io.Writer): void + } + interface Request { + /** + * BasicAuth returns the username and password provided in the request's + * Authorization header, if the request uses HTTP Basic Authentication. + * See RFC 2617, Section 2. + */ + basicAuth(): [string, string, boolean] + } + interface Request { + /** + * SetBasicAuth sets the request's Authorization header to use HTTP + * Basic Authentication with the provided username and password. + * + * With HTTP Basic Authentication the provided username and password + * are not encrypted. It should generally only be used in an HTTPS + * request. + * + * The username may not contain a colon. Some protocols may impose + * additional requirements on pre-escaping the username and + * password. For instance, when used with OAuth2, both arguments must + * be URL encoded first with [url.QueryEscape]. + */ + setBasicAuth(username: string, password: string): void + } + interface Request { + /** + * ParseForm populates r.Form and r.PostForm. + * + * For all requests, ParseForm parses the raw query from the URL and updates + * r.Form. + * + * For POST, PUT, and PATCH requests, it also reads the request body, parses it + * as a form and puts the results into both r.PostForm and r.Form. Request body + * parameters take precedence over URL query string values in r.Form. + * + * If the request Body's size has not already been limited by [MaxBytesReader], + * the size is capped at 10MB. + * + * For other HTTP methods, or when the Content-Type is not + * application/x-www-form-urlencoded, the request Body is not read, and + * r.PostForm is initialized to a non-nil, empty value. + * + * [Request.ParseMultipartForm] calls ParseForm automatically. + * ParseForm is idempotent. + */ + parseForm(): void + } + interface Request { + /** + * ParseMultipartForm parses a request body as multipart/form-data. + * The whole request body is parsed and up to a total of maxMemory bytes of + * its file parts are stored in memory, with the remainder stored on + * disk in temporary files. + * ParseMultipartForm calls [Request.ParseForm] if necessary. + * If ParseForm returns an error, ParseMultipartForm returns it but also + * continues parsing the request body. + * After one call to ParseMultipartForm, subsequent calls have no effect. + */ + parseMultipartForm(maxMemory: number): void + } + interface Request { + /** + * FormValue returns the first value for the named component of the query. + * The precedence order: + * 1. application/x-www-form-urlencoded form body (POST, PUT, PATCH only) + * 2. query parameters (always) + * 3. multipart/form-data form body (always) + * + * FormValue calls [Request.ParseMultipartForm] and [Request.ParseForm] + * if necessary and ignores any errors returned by these functions. + * If key is not present, FormValue returns the empty string. + * To access multiple values of the same key, call ParseForm and + * then inspect [Request.Form] directly. + */ + formValue(key: string): string + } + interface Request { + /** + * PostFormValue returns the first value for the named component of the POST, + * PUT, or PATCH request body. URL query parameters are ignored. + * PostFormValue calls [Request.ParseMultipartForm] and [Request.ParseForm] if necessary and ignores + * any errors returned by these functions. + * If key is not present, PostFormValue returns the empty string. + */ + postFormValue(key: string): string + } + interface Request { + /** + * FormFile returns the first file for the provided form key. + * FormFile calls [Request.ParseMultipartForm] and [Request.ParseForm] if necessary. + */ + formFile(key: string): [multipart.File, (multipart.FileHeader)] + } + interface Request { + /** + * PathValue returns the value for the named path wildcard in the [ServeMux] pattern + * that matched the request. + * It returns the empty string if the request was not matched against a pattern + * or there is no such wildcard in the pattern. + */ + pathValue(name: string): string + } + interface Request { + /** + * SetPathValue sets name to value, so that subsequent calls to r.PathValue(name) + * return value. + */ + setPathValue(name: string, value: string): void + } + /** + * A Handler responds to an HTTP request. + * + * [Handler.ServeHTTP] should write reply headers and data to the [ResponseWriter] + * and then return. Returning signals that the request is finished; it + * is not valid to use the [ResponseWriter] or read from the + * [Request.Body] after or concurrently with the completion of the + * ServeHTTP call. + * + * Depending on the HTTP client software, HTTP protocol version, and + * any intermediaries between the client and the Go server, it may not + * be possible to read from the [Request.Body] after writing to the + * [ResponseWriter]. Cautious handlers should read the [Request.Body] + * first, and then reply. + * + * Except for reading the body, handlers should not modify the + * provided Request. + * + * If ServeHTTP panics, the server (the caller of ServeHTTP) assumes + * that the effect of the panic was isolated to the active request. + * It recovers the panic, logs a stack trace to the server error log, + * and either closes the network connection or sends an HTTP/2 + * RST_STREAM, depending on the HTTP protocol. To abort a handler so + * the client sees an interrupted response but the server doesn't log + * an error, panic with the value [ErrAbortHandler]. + */ + interface Handler { + [key:string]: any; + serveHTTP(_arg0: ResponseWriter, _arg1: Request): void + } + /** + * A ResponseWriter interface is used by an HTTP handler to + * construct an HTTP response. + * + * A ResponseWriter may not be used after [Handler.ServeHTTP] has returned. + */ + interface ResponseWriter { + [key:string]: any; + /** + * Header returns the header map that will be sent by + * [ResponseWriter.WriteHeader]. The [Header] map also is the mechanism with which + * [Handler] implementations can set HTTP trailers. + * + * Changing the header map after a call to [ResponseWriter.WriteHeader] (or + * [ResponseWriter.Write]) has no effect unless the HTTP status code was of the + * 1xx class or the modified headers are trailers. + * + * There are two ways to set Trailers. The preferred way is to + * predeclare in the headers which trailers you will later + * send by setting the "Trailer" header to the names of the + * trailer keys which will come later. In this case, those + * keys of the Header map are treated as if they were + * trailers. See the example. The second way, for trailer + * keys not known to the [Handler] until after the first [ResponseWriter.Write], + * is to prefix the [Header] map keys with the [TrailerPrefix] + * constant value. + * + * To suppress automatic response headers (such as "Date"), set + * their value to nil. + */ + header(): Header + /** + * Write writes the data to the connection as part of an HTTP reply. + * + * If [ResponseWriter.WriteHeader] has not yet been called, Write calls + * WriteHeader(http.StatusOK) before writing the data. If the Header + * does not contain a Content-Type line, Write adds a Content-Type set + * to the result of passing the initial 512 bytes of written data to + * [DetectContentType]. Additionally, if the total size of all written + * data is under a few KB and there are no Flush calls, the + * Content-Length header is added automatically. + * + * Depending on the HTTP protocol version and the client, calling + * Write or WriteHeader may prevent future reads on the + * Request.Body. For HTTP/1.x requests, handlers should read any + * needed request body data before writing the response. Once the + * headers have been flushed (due to either an explicit Flusher.Flush + * call or writing enough data to trigger a flush), the request body + * may be unavailable. For HTTP/2 requests, the Go HTTP server permits + * handlers to continue to read the request body while concurrently + * writing the response. However, such behavior may not be supported + * by all HTTP/2 clients. Handlers should read before writing if + * possible to maximize compatibility. + */ + write(_arg0: string|Array): number + /** + * WriteHeader sends an HTTP response header with the provided + * status code. + * + * If WriteHeader is not called explicitly, the first call to Write + * will trigger an implicit WriteHeader(http.StatusOK). + * Thus explicit calls to WriteHeader are mainly used to + * send error codes or 1xx informational responses. + * + * The provided code must be a valid HTTP 1xx-5xx status code. + * Any number of 1xx headers may be written, followed by at most + * one 2xx-5xx header. 1xx headers are sent immediately, but 2xx-5xx + * headers may be buffered. Use the Flusher interface to send + * buffered data. The header map is cleared when 2xx-5xx headers are + * sent, but not with 1xx headers. + * + * The server will automatically send a 100 (Continue) header + * on the first read from the request body if the request has + * an "Expect: 100-continue" header. + */ + writeHeader(statusCode: number): void + } + /** + * A Server defines parameters for running an HTTP server. + * The zero value for Server is a valid configuration. + */ + interface Server { + /** + * Addr optionally specifies the TCP address for the server to listen on, + * in the form "host:port". If empty, ":http" (port 80) is used. + * The service names are defined in RFC 6335 and assigned by IANA. + * See net.Dial for details of the address format. + */ + addr: string + handler: Handler // handler to invoke, http.DefaultServeMux if nil + /** + * DisableGeneralOptionsHandler, if true, passes "OPTIONS *" requests to the Handler, + * otherwise responds with 200 OK and Content-Length: 0. + */ + disableGeneralOptionsHandler: boolean + /** + * TLSConfig optionally provides a TLS configuration for use + * by ServeTLS and ListenAndServeTLS. Note that this value is + * cloned by ServeTLS and ListenAndServeTLS, so it's not + * possible to modify the configuration with methods like + * tls.Config.SetSessionTicketKeys. To use + * SetSessionTicketKeys, use Server.Serve with a TLS Listener + * instead. + */ + tlsConfig?: any + /** + * ReadTimeout is the maximum duration for reading the entire + * request, including the body. A zero or negative value means + * there will be no timeout. + * + * Because ReadTimeout does not let Handlers make per-request + * decisions on each request body's acceptable deadline or + * upload rate, most users will prefer to use + * ReadHeaderTimeout. It is valid to use them both. + */ + readTimeout: time.Duration + /** + * ReadHeaderTimeout is the amount of time allowed to read + * request headers. The connection's read deadline is reset + * after reading the headers and the Handler can decide what + * is considered too slow for the body. If zero, the value of + * ReadTimeout is used. If negative, or if zero and ReadTimeout + * is zero or negative, there is no timeout. + */ + readHeaderTimeout: time.Duration + /** + * WriteTimeout is the maximum duration before timing out + * writes of the response. It is reset whenever a new + * request's header is read. Like ReadTimeout, it does not + * let Handlers make decisions on a per-request basis. + * A zero or negative value means there will be no timeout. + */ + writeTimeout: time.Duration + /** + * IdleTimeout is the maximum amount of time to wait for the + * next request when keep-alives are enabled. If zero, the value + * of ReadTimeout is used. If negative, or if zero and ReadTimeout + * is zero or negative, there is no timeout. + */ + idleTimeout: time.Duration + /** + * MaxHeaderBytes controls the maximum number of bytes the + * server will read parsing the request header's keys and + * values, including the request line. It does not limit the + * size of the request body. + * If zero, DefaultMaxHeaderBytes is used. + */ + maxHeaderBytes: number + /** + * TLSNextProto optionally specifies a function to take over + * ownership of the provided TLS connection when an ALPN + * protocol upgrade has occurred. The map key is the protocol + * name negotiated. The Handler argument should be used to + * handle HTTP requests and will initialize the Request's TLS + * and RemoteAddr if not already set. The connection is + * automatically closed when the function returns. + * If TLSNextProto is not nil, HTTP/2 support is not enabled + * automatically. + */ + tlsNextProto: _TygojaDict + /** + * ConnState specifies an optional callback function that is + * called when a client connection changes state. See the + * ConnState type and associated constants for details. + */ + connState: (_arg0: net.Conn, _arg1: ConnState) => void + /** + * ErrorLog specifies an optional logger for errors accepting + * connections, unexpected behavior from handlers, and + * underlying FileSystem errors. + * If nil, logging is done via the log package's standard logger. + */ + errorLog?: any + /** + * BaseContext optionally specifies a function that returns + * the base context for incoming requests on this server. + * The provided Listener is the specific Listener that's + * about to start accepting requests. + * If BaseContext is nil, the default is context.Background(). + * If non-nil, it must return a non-nil context. + */ + baseContext: (_arg0: net.Listener) => context.Context + /** + * ConnContext optionally specifies a function that modifies + * the context used for a new connection c. The provided ctx + * is derived from the base context and has a ServerContextKey + * value. + */ + connContext: (ctx: context.Context, c: net.Conn) => context.Context + } + interface Server { + /** + * Close immediately closes all active net.Listeners and any + * connections in state [StateNew], [StateActive], or [StateIdle]. For a + * graceful shutdown, use [Server.Shutdown]. + * + * Close does not attempt to close (and does not even know about) + * any hijacked connections, such as WebSockets. + * + * Close returns any error returned from closing the [Server]'s + * underlying Listener(s). + */ + close(): void + } + interface Server { + /** + * Shutdown gracefully shuts down the server without interrupting any + * active connections. Shutdown works by first closing all open + * listeners, then closing all idle connections, and then waiting + * indefinitely for connections to return to idle and then shut down. + * If the provided context expires before the shutdown is complete, + * Shutdown returns the context's error, otherwise it returns any + * error returned from closing the [Server]'s underlying Listener(s). + * + * When Shutdown is called, [Serve], [ListenAndServe], and + * [ListenAndServeTLS] immediately return [ErrServerClosed]. Make sure the + * program doesn't exit and waits instead for Shutdown to return. + * + * Shutdown does not attempt to close nor wait for hijacked + * connections such as WebSockets. The caller of Shutdown should + * separately notify such long-lived connections of shutdown and wait + * for them to close, if desired. See [Server.RegisterOnShutdown] for a way to + * register shutdown notification functions. + * + * Once Shutdown has been called on a server, it may not be reused; + * future calls to methods such as Serve will return ErrServerClosed. + */ + shutdown(ctx: context.Context): void + } + interface Server { + /** + * RegisterOnShutdown registers a function to call on [Server.Shutdown]. + * This can be used to gracefully shutdown connections that have + * undergone ALPN protocol upgrade or that have been hijacked. + * This function should start protocol-specific graceful shutdown, + * but should not wait for shutdown to complete. + */ + registerOnShutdown(f: () => void): void + } + interface Server { + /** + * ListenAndServe listens on the TCP network address srv.Addr and then + * calls [Serve] to handle requests on incoming connections. + * Accepted connections are configured to enable TCP keep-alives. + * + * If srv.Addr is blank, ":http" is used. + * + * ListenAndServe always returns a non-nil error. After [Server.Shutdown] or [Server.Close], + * the returned error is [ErrServerClosed]. + */ + listenAndServe(): void + } + interface Server { + /** + * Serve accepts incoming connections on the Listener l, creating a + * new service goroutine for each. The service goroutines read requests and + * then call srv.Handler to reply to them. + * + * HTTP/2 support is only enabled if the Listener returns [*tls.Conn] + * connections and they were configured with "h2" in the TLS + * Config.NextProtos. + * + * Serve always returns a non-nil error and closes l. + * After [Server.Shutdown] or [Server.Close], the returned error is [ErrServerClosed]. + */ + serve(l: net.Listener): void + } + interface Server { + /** + * ServeTLS accepts incoming connections on the Listener l, creating a + * new service goroutine for each. The service goroutines perform TLS + * setup and then read requests, calling srv.Handler to reply to them. + * + * Files containing a certificate and matching private key for the + * server must be provided if neither the [Server]'s + * TLSConfig.Certificates, TLSConfig.GetCertificate nor + * config.GetConfigForClient are populated. + * If the certificate is signed by a certificate authority, the + * certFile should be the concatenation of the server's certificate, + * any intermediates, and the CA's certificate. + * + * ServeTLS always returns a non-nil error. After [Server.Shutdown] or [Server.Close], the + * returned error is [ErrServerClosed]. + */ + serveTLS(l: net.Listener, certFile: string, keyFile: string): void + } + interface Server { + /** + * SetKeepAlivesEnabled controls whether HTTP keep-alives are enabled. + * By default, keep-alives are always enabled. Only very + * resource-constrained environments or servers in the process of + * shutting down should disable them. + */ + setKeepAlivesEnabled(v: boolean): void + } + interface Server { + /** + * ListenAndServeTLS listens on the TCP network address srv.Addr and + * then calls [ServeTLS] to handle requests on incoming TLS connections. + * Accepted connections are configured to enable TCP keep-alives. + * + * Filenames containing a certificate and matching private key for the + * server must be provided if neither the [Server]'s TLSConfig.Certificates + * nor TLSConfig.GetCertificate are populated. If the certificate is + * signed by a certificate authority, the certFile should be the + * concatenation of the server's certificate, any intermediates, and + * the CA's certificate. + * + * If srv.Addr is blank, ":https" is used. + * + * ListenAndServeTLS always returns a non-nil error. After [Server.Shutdown] or + * [Server.Close], the returned error is [ErrServerClosed]. + */ + listenAndServeTLS(certFile: string, keyFile: string): void + } +} + +namespace hook { + /** + * Event implements [Resolver] and it is intended to be used as a base + * Hook event that you can embed in your custom typed event structs. + * + * Example: + * + * ``` + * type CustomEvent struct { + * hook.Event + * + * SomeField int + * } + * ``` + */ + interface Event { + } + interface Event { + /** + * Next calls the next hook handler. + */ + next(): void + } + /** + * Handler defines a single Hook handler. + * Multiple handlers can share the same id. + * If Id is not explicitly set it will be autogenerated by Hook.Add and Hook.AddHandler. + */ + interface Handler { + /** + * Func defines the handler function to execute. + * + * Note that users need to call e.Next() in order to proceed with + * the execution of the hook chain. + */ + func: (_arg0: T) => void + /** + * Id is the unique identifier of the handler. + * + * It could be used later to remove the handler from a hook via [Hook.Remove]. + * + * If missing, an autogenerated value will be assigned when adding + * the handler to a hook. + */ + id: string + /** + * Priority allows changing the default exec priority of the handler within a hook. + * + * If 0, the handler will be executed in the same order it was registered. + */ + priority: number + } + /** + * Hook defines a generic concurrent safe structure for managing event hooks. + * + * When using custom event it must embed the base [hook.Event]. + * + * Example: + * + * ``` + * type CustomEvent struct { + * hook.Event + * SomeField int + * } + * + * h := Hook[*CustomEvent]{} + * + * h.BindFunc(func(e *CustomEvent) error { + * println(e.SomeField) + * + * return e.Next() + * }) + * + * h.Trigger(&CustomEvent{ SomeField: 123 }) + * ``` + */ + interface Hook { + } + /** + * TaggedHook defines a proxy hook which register handlers that are triggered only + * if the TaggedHook.tags are empty or includes at least one of the event data tag(s). + */ + type _sSpEQZd = mainHook + interface TaggedHook extends _sSpEQZd { + } +} + +namespace exec { + /** + * Cmd represents an external command being prepared or run. + * + * A Cmd cannot be reused after calling its [Cmd.Run], [Cmd.Output] or [Cmd.CombinedOutput] + * methods. + */ + interface Cmd { + /** + * Path is the path of the command to run. + * + * This is the only field that must be set to a non-zero + * value. If Path is relative, it is evaluated relative + * to Dir. + */ + path: string + /** + * Args holds command line arguments, including the command as Args[0]. + * If the Args field is empty or nil, Run uses {Path}. + * + * In typical use, both Path and Args are set by calling Command. + */ + args: Array + /** + * Env specifies the environment of the process. + * Each entry is of the form "key=value". + * If Env is nil, the new process uses the current process's + * environment. + * If Env contains duplicate environment keys, only the last + * value in the slice for each duplicate key is used. + * As a special case on Windows, SYSTEMROOT is always added if + * missing and not explicitly set to the empty string. + */ + env: Array + /** + * Dir specifies the working directory of the command. + * If Dir is the empty string, Run runs the command in the + * calling process's current directory. + */ + dir: string + /** + * Stdin specifies the process's standard input. + * + * If Stdin is nil, the process reads from the null device (os.DevNull). + * + * If Stdin is an *os.File, the process's standard input is connected + * directly to that file. + * + * Otherwise, during the execution of the command a separate + * goroutine reads from Stdin and delivers that data to the command + * over a pipe. In this case, Wait does not complete until the goroutine + * stops copying, either because it has reached the end of Stdin + * (EOF or a read error), or because writing to the pipe returned an error, + * or because a nonzero WaitDelay was set and expired. + */ + stdin: io.Reader + /** + * Stdout and Stderr specify the process's standard output and error. + * + * If either is nil, Run connects the corresponding file descriptor + * to the null device (os.DevNull). + * + * If either is an *os.File, the corresponding output from the process + * is connected directly to that file. + * + * Otherwise, during the execution of the command a separate goroutine + * reads from the process over a pipe and delivers that data to the + * corresponding Writer. In this case, Wait does not complete until the + * goroutine reaches EOF or encounters an error or a nonzero WaitDelay + * expires. + * + * If Stdout and Stderr are the same writer, and have a type that can + * be compared with ==, at most one goroutine at a time will call Write. + */ + stdout: io.Writer + stderr: io.Writer + /** + * ExtraFiles specifies additional open files to be inherited by the + * new process. It does not include standard input, standard output, or + * standard error. If non-nil, entry i becomes file descriptor 3+i. + * + * ExtraFiles is not supported on Windows. + */ + extraFiles: Array<(os.File | undefined)> + /** + * SysProcAttr holds optional, operating system-specific attributes. + * Run passes it to os.StartProcess as the os.ProcAttr's Sys field. + */ + sysProcAttr?: syscall.SysProcAttr + /** + * Process is the underlying process, once started. + */ + process?: os.Process + /** + * ProcessState contains information about an exited process. + * If the process was started successfully, Wait or Run will + * populate its ProcessState when the command completes. + */ + processState?: os.ProcessState + err: Error // LookPath error, if any. + /** + * If Cancel is non-nil, the command must have been created with + * CommandContext and Cancel will be called when the command's + * Context is done. By default, CommandContext sets Cancel to + * call the Kill method on the command's Process. + * + * Typically a custom Cancel will send a signal to the command's + * Process, but it may instead take other actions to initiate cancellation, + * such as closing a stdin or stdout pipe or sending a shutdown request on a + * network socket. + * + * If the command exits with a success status after Cancel is + * called, and Cancel does not return an error equivalent to + * os.ErrProcessDone, then Wait and similar methods will return a non-nil + * error: either an error wrapping the one returned by Cancel, + * or the error from the Context. + * (If the command exits with a non-success status, or Cancel + * returns an error that wraps os.ErrProcessDone, Wait and similar methods + * continue to return the command's usual exit status.) + * + * If Cancel is set to nil, nothing will happen immediately when the command's + * Context is done, but a nonzero WaitDelay will still take effect. That may + * be useful, for example, to work around deadlocks in commands that do not + * support shutdown signals but are expected to always finish quickly. + * + * Cancel will not be called if Start returns a non-nil error. + */ + cancel: () => void + /** + * If WaitDelay is non-zero, it bounds the time spent waiting on two sources + * of unexpected delay in Wait: a child process that fails to exit after the + * associated Context is canceled, and a child process that exits but leaves + * its I/O pipes unclosed. + * + * The WaitDelay timer starts when either the associated Context is done or a + * call to Wait observes that the child process has exited, whichever occurs + * first. When the delay has elapsed, the command shuts down the child process + * and/or its I/O pipes. + * + * If the child process has failed to exit — perhaps because it ignored or + * failed to receive a shutdown signal from a Cancel function, or because no + * Cancel function was set — then it will be terminated using os.Process.Kill. + * + * Then, if the I/O pipes communicating with the child process are still open, + * those pipes are closed in order to unblock any goroutines currently blocked + * on Read or Write calls. + * + * If pipes are closed due to WaitDelay, no Cancel call has occurred, + * and the command has otherwise exited with a successful status, Wait and + * similar methods will return ErrWaitDelay instead of nil. + * + * If WaitDelay is zero (the default), I/O pipes will be read until EOF, + * which might not occur until orphaned subprocesses of the command have + * also closed their descriptors for the pipes. + */ + waitDelay: time.Duration + } + interface Cmd { + /** + * String returns a human-readable description of c. + * It is intended only for debugging. + * In particular, it is not suitable for use as input to a shell. + * The output of String may vary across Go releases. + */ + string(): string + } + interface Cmd { + /** + * Run starts the specified command and waits for it to complete. + * + * The returned error is nil if the command runs, has no problems + * copying stdin, stdout, and stderr, and exits with a zero exit + * status. + * + * If the command starts but does not complete successfully, the error is of + * type [*ExitError]. Other error types may be returned for other situations. + * + * If the calling goroutine has locked the operating system thread + * with [runtime.LockOSThread] and modified any inheritable OS-level + * thread state (for example, Linux or Plan 9 name spaces), the new + * process will inherit the caller's thread state. + */ + run(): void + } + interface Cmd { + /** + * Start starts the specified command but does not wait for it to complete. + * + * If Start returns successfully, the c.Process field will be set. + * + * After a successful call to Start the [Cmd.Wait] method must be called in + * order to release associated system resources. + */ + start(): void + } + interface Cmd { + /** + * Wait waits for the command to exit and waits for any copying to + * stdin or copying from stdout or stderr to complete. + * + * The command must have been started by [Cmd.Start]. + * + * The returned error is nil if the command runs, has no problems + * copying stdin, stdout, and stderr, and exits with a zero exit + * status. + * + * If the command fails to run or doesn't complete successfully, the + * error is of type [*ExitError]. Other error types may be + * returned for I/O problems. + * + * If any of c.Stdin, c.Stdout or c.Stderr are not an [*os.File], Wait also waits + * for the respective I/O loop copying to or from the process to complete. + * + * Wait releases any resources associated with the [Cmd]. + */ + wait(): void + } + interface Cmd { + /** + * Output runs the command and returns its standard output. + * Any returned error will usually be of type [*ExitError]. + * If c.Stderr was nil, Output populates [ExitError.Stderr]. + */ + output(): string|Array + } + interface Cmd { + /** + * CombinedOutput runs the command and returns its combined standard + * output and standard error. + */ + combinedOutput(): string|Array + } + interface Cmd { + /** + * StdinPipe returns a pipe that will be connected to the command's + * standard input when the command starts. + * The pipe will be closed automatically after [Cmd.Wait] sees the command exit. + * A caller need only call Close to force the pipe to close sooner. + * For example, if the command being run will not exit until standard input + * is closed, the caller must close the pipe. + */ + stdinPipe(): io.WriteCloser + } + interface Cmd { + /** + * StdoutPipe returns a pipe that will be connected to the command's + * standard output when the command starts. + * + * [Cmd.Wait] will close the pipe after seeing the command exit, so most callers + * need not close the pipe themselves. It is thus incorrect to call Wait + * before all reads from the pipe have completed. + * For the same reason, it is incorrect to call [Cmd.Run] when using StdoutPipe. + * See the example for idiomatic usage. + */ + stdoutPipe(): io.ReadCloser + } + interface Cmd { + /** + * StderrPipe returns a pipe that will be connected to the command's + * standard error when the command starts. + * + * [Cmd.Wait] will close the pipe after seeing the command exit, so most callers + * need not close the pipe themselves. It is thus incorrect to call Wait + * before all reads from the pipe have completed. + * For the same reason, it is incorrect to use [Cmd.Run] when using StderrPipe. + * See the StdoutPipe example for idiomatic usage. + */ + stderrPipe(): io.ReadCloser + } + interface Cmd { + /** + * Environ returns a copy of the environment in which the command would be run + * as it is currently configured. + */ + environ(): Array + } +} + +namespace mailer { + /** + * Message defines a generic email message struct. + */ + interface Message { + from: { address: string; name?: string; } + to: Array<{ address: string; name?: string; }> + bcc: Array<{ address: string; name?: string; }> + cc: Array<{ address: string; name?: string; }> + subject: string + html: string + text: string + headers: _TygojaDict + attachments: _TygojaDict + inlineAttachments: _TygojaDict + } + /** + * Mailer defines a base mail client interface. + */ + interface Mailer { + [key:string]: any; + /** + * Send sends an email with the provided Message. + */ + send(message: Message): void + } +} + +/** + * Package blob defines a lightweight abstration for interacting with + * various storage services (local filesystem, S3, etc.). + * + * NB! + * For compatibility with earlier PocketBase versions and to prevent + * unnecessary breaking changes, this package is based and implemented + * as a minimal, stripped down version of the previously used gocloud.dev/blob. + * While there is no promise that it won't diverge in the future to accommodate + * better some PocketBase specific use cases, currently it copies and + * tries to follow as close as possible the same implementations, + * conventions and rules for the key escaping/unescaping, blob read/write + * interfaces and struct options as gocloud.dev/blob, therefore the + * credits goes to the original Go Cloud Development Kit Authors. + */ +namespace blob { + /** + * ListObject represents a single blob returned from List. + */ + interface ListObject { + /** + * Key is the key for this blob. + */ + key: string + /** + * ModTime is the time the blob was last modified. + */ + modTime: time.Time + /** + * Size is the size of the blob's content in bytes. + */ + size: number + /** + * MD5 is an MD5 hash of the blob contents or nil if not available. + */ + md5: string|Array + /** + * IsDir indicates that this result represents a "directory" in the + * hierarchical namespace, ending in ListOptions.Delimiter. Key can be + * passed as ListOptions.Prefix to list items in the "directory". + * Fields other than Key and IsDir will not be set if IsDir is true. + */ + isDir: boolean + } + /** + * Attributes contains attributes about a blob. + */ + interface Attributes { + /** + * CacheControl specifies caching attributes that services may use + * when serving the blob. + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control + */ + cacheControl: string + /** + * ContentDisposition specifies whether the blob content is expected to be + * displayed inline or as an attachment. + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition + */ + contentDisposition: string + /** + * ContentEncoding specifies the encoding used for the blob's content, if any. + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding + */ + contentEncoding: string + /** + * ContentLanguage specifies the language used in the blob's content, if any. + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Language + */ + contentLanguage: string + /** + * ContentType is the MIME type of the blob. It will not be empty. + * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type + */ + contentType: string + /** + * Metadata holds key/value pairs associated with the blob. + * Keys are guaranteed to be in lowercase, even if the backend service + * has case-sensitive keys (although note that Metadata written via + * this package will always be lowercased). If there are duplicate + * case-insensitive keys (e.g., "foo" and "FOO"), only one value + * will be kept, and it is undefined which one. + */ + metadata: _TygojaDict + /** + * CreateTime is the time the blob was created, if available. If not available, + * CreateTime will be the zero time. + */ + createTime: time.Time + /** + * ModTime is the time the blob was last modified. + */ + modTime: time.Time + /** + * Size is the size of the blob's content in bytes. + */ + size: number + /** + * MD5 is an MD5 hash of the blob contents or nil if not available. + */ + md5: string|Array + /** + * ETag for the blob; see https://en.wikipedia.org/wiki/HTTP_ETag. + */ + eTag: string + } + /** + * Reader reads bytes from a blob. + * It implements io.ReadSeekCloser, and must be closed after reads are finished. + */ + interface Reader { + } + interface Reader { + /** + * Read implements io.Reader (https://golang.org/pkg/io/#Reader). + */ + read(p: string|Array): number + } + interface Reader { + /** + * Seek implements io.Seeker (https://golang.org/pkg/io/#Seeker). + */ + seek(offset: number, whence: number): number + } + interface Reader { + /** + * Close implements io.Closer (https://golang.org/pkg/io/#Closer). + */ + close(): void + } + interface Reader { + /** + * ContentType returns the MIME type of the blob. + */ + contentType(): string + } + interface Reader { + /** + * ModTime returns the time the blob was last modified. + */ + modTime(): time.Time + } + interface Reader { + /** + * Size returns the size of the blob content in bytes. + */ + size(): number + } + interface Reader { + /** + * WriteTo reads from r and writes to w until there's no more data or + * an error occurs. + * The return value is the number of bytes written to w. + * + * It implements the io.WriterTo interface. + */ + writeTo(w: io.Writer): number + } +} + +/** + * Package cobra is a commander providing a simple interface to create powerful modern CLI interfaces. + * In addition to providing an interface, Cobra simultaneously provides a controller to organize your application code. + */ +namespace cobra { + interface Command { + /** + * GenBashCompletion generates bash completion file and writes to the passed writer. + */ + genBashCompletion(w: io.Writer): void + } + interface Command { + /** + * GenBashCompletionFile generates bash completion file. + */ + genBashCompletionFile(filename: string): void + } + interface Command { + /** + * GenBashCompletionFileV2 generates Bash completion version 2. + */ + genBashCompletionFileV2(filename: string, includeDesc: boolean): void + } + interface Command { + /** + * GenBashCompletionV2 generates Bash completion file version 2 + * and writes it to the passed writer. + */ + genBashCompletionV2(w: io.Writer, includeDesc: boolean): void + } + // @ts-ignore + import flag = pflag + /** + * Command is just that, a command for your application. + * E.g. 'go run ...' - 'run' is the command. Cobra requires + * you to define the usage and description as part of your command + * definition to ensure usability. + */ + interface Command { + /** + * Use is the one-line usage message. + * Recommended syntax is as follows: + * ``` + * [ ] identifies an optional argument. Arguments that are not enclosed in brackets are required. + * ... indicates that you can specify multiple values for the previous argument. + * | indicates mutually exclusive information. You can use the argument to the left of the separator or the + * argument to the right of the separator. You cannot use both arguments in a single use of the command. + * { } delimits a set of mutually exclusive arguments when one of the arguments is required. If the arguments are + * optional, they are enclosed in brackets ([ ]). + * ``` + * Example: add [-F file | -D dir]... [-f format] profile + */ + use: string + /** + * Aliases is an array of aliases that can be used instead of the first word in Use. + */ + aliases: Array + /** + * SuggestFor is an array of command names for which this command will be suggested - + * similar to aliases but only suggests. + */ + suggestFor: Array + /** + * Short is the short description shown in the 'help' output. + */ + short: string + /** + * The group id under which this subcommand is grouped in the 'help' output of its parent. + */ + groupID: string + /** + * Long is the long message shown in the 'help ' output. + */ + long: string + /** + * Example is examples of how to use the command. + */ + example: string + /** + * ValidArgs is list of all valid non-flag arguments that are accepted in shell completions + */ + validArgs: Array + /** + * ValidArgsFunction is an optional function that provides valid non-flag arguments for shell completion. + * It is a dynamic version of using ValidArgs. + * Only one of ValidArgs and ValidArgsFunction can be used for a command. + */ + validArgsFunction: CompletionFunc + /** + * Expected arguments + */ + args: PositionalArgs + /** + * ArgAliases is List of aliases for ValidArgs. + * These are not suggested to the user in the shell completion, + * but accepted if entered manually. + */ + argAliases: Array + /** + * BashCompletionFunction is custom bash functions used by the legacy bash autocompletion generator. + * For portability with other shells, it is recommended to instead use ValidArgsFunction + */ + bashCompletionFunction: string + /** + * Deprecated defines, if this command is deprecated and should print this string when used. + */ + deprecated: string + /** + * Annotations are key/value pairs that can be used by applications to identify or + * group commands or set special options. + */ + annotations: _TygojaDict + /** + * Version defines the version for this command. If this value is non-empty and the command does not + * define a "version" flag, a "version" boolean flag will be added to the command and, if specified, + * will print content of the "Version" variable. A shorthand "v" flag will also be added if the + * command does not define one. + */ + version: string + /** + * The *Run functions are executed in the following order: + * ``` + * * PersistentPreRun() + * * PreRun() + * * Run() + * * PostRun() + * * PersistentPostRun() + * ``` + * All functions get the same args, the arguments after the command name. + * The *PreRun and *PostRun functions will only be executed if the Run function of the current + * command has been declared. + * + * PersistentPreRun: children of this command will inherit and execute. + */ + persistentPreRun: (cmd: Command, args: Array) => void + /** + * PersistentPreRunE: PersistentPreRun but returns an error. + */ + persistentPreRunE: (cmd: Command, args: Array) => void + /** + * PreRun: children of this command will not inherit. + */ + preRun: (cmd: Command, args: Array) => void + /** + * PreRunE: PreRun but returns an error. + */ + preRunE: (cmd: Command, args: Array) => void + /** + * Run: Typically the actual work function. Most commands will only implement this. + */ + run: (cmd: Command, args: Array) => void + /** + * RunE: Run but returns an error. + */ + runE: (cmd: Command, args: Array) => void + /** + * PostRun: run after the Run command. + */ + postRun: (cmd: Command, args: Array) => void + /** + * PostRunE: PostRun but returns an error. + */ + postRunE: (cmd: Command, args: Array) => void + /** + * PersistentPostRun: children of this command will inherit and execute after PostRun. + */ + persistentPostRun: (cmd: Command, args: Array) => void + /** + * PersistentPostRunE: PersistentPostRun but returns an error. + */ + persistentPostRunE: (cmd: Command, args: Array) => void + /** + * FParseErrWhitelist flag parse errors to be ignored + */ + fParseErrWhitelist: FParseErrWhitelist + /** + * CompletionOptions is a set of options to control the handling of shell completion + */ + completionOptions: CompletionOptions + /** + * TraverseChildren parses flags on all parents before executing child command. + */ + traverseChildren: boolean + /** + * Hidden defines, if this command is hidden and should NOT show up in the list of available commands. + */ + hidden: boolean + /** + * SilenceErrors is an option to quiet errors down stream. + */ + silenceErrors: boolean + /** + * SilenceUsage is an option to silence usage when an error occurs. + */ + silenceUsage: boolean + /** + * DisableFlagParsing disables the flag parsing. + * If this is true all flags will be passed to the command as arguments. + */ + disableFlagParsing: boolean + /** + * DisableAutoGenTag defines, if gen tag ("Auto generated by spf13/cobra...") + * will be printed by generating docs for this command. + */ + disableAutoGenTag: boolean + /** + * DisableFlagsInUseLine will disable the addition of [flags] to the usage + * line of a command when printing help or generating docs + */ + disableFlagsInUseLine: boolean + /** + * DisableSuggestions disables the suggestions based on Levenshtein distance + * that go along with 'unknown command' messages. + */ + disableSuggestions: boolean + /** + * SuggestionsMinimumDistance defines minimum levenshtein distance to display suggestions. + * Must be > 0. + */ + suggestionsMinimumDistance: number + } + interface Command { + /** + * Context returns underlying command context. If command was executed + * with ExecuteContext or the context was set with SetContext, the + * previously set context will be returned. Otherwise, nil is returned. + * + * Notice that a call to Execute and ExecuteC will replace a nil context of + * a command with a context.Background, so a background context will be + * returned by Context after one of these functions has been called. + */ + context(): context.Context + } + interface Command { + /** + * SetContext sets context for the command. This context will be overwritten by + * Command.ExecuteContext or Command.ExecuteContextC. + */ + setContext(ctx: context.Context): void + } + interface Command { + /** + * SetArgs sets arguments for the command. It is set to os.Args[1:] by default, if desired, can be overridden + * particularly useful when testing. + */ + setArgs(a: Array): void + } + interface Command { + /** + * SetOutput sets the destination for usage and error messages. + * If output is nil, os.Stderr is used. + * + * Deprecated: Use SetOut and/or SetErr instead + */ + setOutput(output: io.Writer): void + } + interface Command { + /** + * SetOut sets the destination for usage messages. + * If newOut is nil, os.Stdout is used. + */ + setOut(newOut: io.Writer): void + } + interface Command { + /** + * SetErr sets the destination for error messages. + * If newErr is nil, os.Stderr is used. + */ + setErr(newErr: io.Writer): void + } + interface Command { + /** + * SetIn sets the source for input data + * If newIn is nil, os.Stdin is used. + */ + setIn(newIn: io.Reader): void + } + interface Command { + /** + * SetUsageFunc sets usage function. Usage can be defined by application. + */ + setUsageFunc(f: (_arg0: Command) => void): void + } + interface Command { + /** + * SetUsageTemplate sets usage template. Can be defined by Application. + */ + setUsageTemplate(s: string): void + } + interface Command { + /** + * SetFlagErrorFunc sets a function to generate an error when flag parsing + * fails. + */ + setFlagErrorFunc(f: (_arg0: Command, _arg1: Error) => void): void + } + interface Command { + /** + * SetHelpFunc sets help function. Can be defined by Application. + */ + setHelpFunc(f: (_arg0: Command, _arg1: Array) => void): void + } + interface Command { + /** + * SetHelpCommand sets help command. + */ + setHelpCommand(cmd: Command): void + } + interface Command { + /** + * SetHelpCommandGroupID sets the group id of the help command. + */ + setHelpCommandGroupID(groupID: string): void + } + interface Command { + /** + * SetCompletionCommandGroupID sets the group id of the completion command. + */ + setCompletionCommandGroupID(groupID: string): void + } + interface Command { + /** + * SetHelpTemplate sets help template to be used. Application can use it to set custom template. + */ + setHelpTemplate(s: string): void + } + interface Command { + /** + * SetVersionTemplate sets version template to be used. Application can use it to set custom template. + */ + setVersionTemplate(s: string): void + } + interface Command { + /** + * SetErrPrefix sets error message prefix to be used. Application can use it to set custom prefix. + */ + setErrPrefix(s: string): void + } + interface Command { + /** + * SetGlobalNormalizationFunc sets a normalization function to all flag sets and also to child commands. + * The user should not have a cyclic dependency on commands. + */ + setGlobalNormalizationFunc(n: (f: any, name: string) => any): void + } + interface Command { + /** + * OutOrStdout returns output to stdout. + */ + outOrStdout(): io.Writer + } + interface Command { + /** + * OutOrStderr returns output to stderr + */ + outOrStderr(): io.Writer + } + interface Command { + /** + * ErrOrStderr returns output to stderr + */ + errOrStderr(): io.Writer + } + interface Command { + /** + * InOrStdin returns input to stdin + */ + inOrStdin(): io.Reader + } + interface Command { + /** + * UsageFunc returns either the function set by SetUsageFunc for this command + * or a parent, or it returns a default usage function. + */ + usageFunc(): (_arg0: Command) => void + } + interface Command { + /** + * Usage puts out the usage for the command. + * Used when a user provides invalid input. + * Can be defined by user by overriding UsageFunc. + */ + usage(): void + } + interface Command { + /** + * HelpFunc returns either the function set by SetHelpFunc for this command + * or a parent, or it returns a function with default help behavior. + */ + helpFunc(): (_arg0: Command, _arg1: Array) => void + } + interface Command { + /** + * Help puts out the help for the command. + * Used when a user calls help [command]. + * Can be defined by user by overriding HelpFunc. + */ + help(): void + } + interface Command { + /** + * UsageString returns usage string. + */ + usageString(): string + } + interface Command { + /** + * FlagErrorFunc returns either the function set by SetFlagErrorFunc for this + * command or a parent, or it returns a function which returns the original + * error. + */ + flagErrorFunc(): (_arg0: Command, _arg1: Error) => void + } + interface Command { + /** + * UsagePadding return padding for the usage. + */ + usagePadding(): number + } + interface Command { + /** + * CommandPathPadding return padding for the command path. + */ + commandPathPadding(): number + } + interface Command { + /** + * NamePadding returns padding for the name. + */ + namePadding(): number + } + interface Command { + /** + * UsageTemplate returns usage template for the command. + * This function is kept for backwards-compatibility reasons. + */ + usageTemplate(): string + } + interface Command { + /** + * HelpTemplate return help template for the command. + * This function is kept for backwards-compatibility reasons. + */ + helpTemplate(): string + } + interface Command { + /** + * VersionTemplate return version template for the command. + * This function is kept for backwards-compatibility reasons. + */ + versionTemplate(): string + } + interface Command { + /** + * ErrPrefix return error message prefix for the command + */ + errPrefix(): string + } + interface Command { + /** + * Find the target command given the args and command tree + * Meant to be run on the highest node. Only searches down. + */ + find(args: Array): [(Command), Array] + } + interface Command { + /** + * Traverse the command tree to find the command, and parse args for + * each parent. + */ + traverse(args: Array): [(Command), Array] + } + interface Command { + /** + * SuggestionsFor provides suggestions for the typedName. + */ + suggestionsFor(typedName: string): Array + } + interface Command { + /** + * VisitParents visits all parents of the command and invokes fn on each parent. + */ + visitParents(fn: (_arg0: Command) => void): void + } + interface Command { + /** + * Root finds root command. + */ + root(): (Command) + } + interface Command { + /** + * ArgsLenAtDash will return the length of c.Flags().Args at the moment + * when a -- was found during args parsing. + */ + argsLenAtDash(): number + } + interface Command { + /** + * ExecuteContext is the same as Execute(), but sets the ctx on the command. + * Retrieve ctx by calling cmd.Context() inside your *Run lifecycle or ValidArgs + * functions. + */ + executeContext(ctx: context.Context): void + } + interface Command { + /** + * Execute uses the args (os.Args[1:] by default) + * and run through the command tree finding appropriate matches + * for commands and then corresponding flags. + */ + execute(): void + } + interface Command { + /** + * ExecuteContextC is the same as ExecuteC(), but sets the ctx on the command. + * Retrieve ctx by calling cmd.Context() inside your *Run lifecycle or ValidArgs + * functions. + */ + executeContextC(ctx: context.Context): (Command) + } + interface Command { + /** + * ExecuteC executes the command. + */ + executeC(): (Command) + } + interface Command { + validateArgs(args: Array): void + } + interface Command { + /** + * ValidateRequiredFlags validates all required flags are present and returns an error otherwise + */ + validateRequiredFlags(): void + } + interface Command { + /** + * InitDefaultHelpFlag adds default help flag to c. + * It is called automatically by executing the c or by calling help and usage. + * If c already has help flag, it will do nothing. + */ + initDefaultHelpFlag(): void + } + interface Command { + /** + * InitDefaultVersionFlag adds default version flag to c. + * It is called automatically by executing the c. + * If c already has a version flag, it will do nothing. + * If c.Version is empty, it will do nothing. + */ + initDefaultVersionFlag(): void + } + interface Command { + /** + * InitDefaultHelpCmd adds default help command to c. + * It is called automatically by executing the c or by calling help and usage. + * If c already has help command or c has no subcommands, it will do nothing. + */ + initDefaultHelpCmd(): void + } + interface Command { + /** + * ResetCommands delete parent, subcommand and help command from c. + */ + resetCommands(): void + } + interface Command { + /** + * Commands returns a sorted slice of child commands. + */ + commands(): Array<(Command | undefined)> + } + interface Command { + /** + * AddCommand adds one or more commands to this parent command. + */ + addCommand(...cmds: (Command | undefined)[]): void + } + interface Command { + /** + * Groups returns a slice of child command groups. + */ + groups(): Array<(Group | undefined)> + } + interface Command { + /** + * AllChildCommandsHaveGroup returns if all subcommands are assigned to a group + */ + allChildCommandsHaveGroup(): boolean + } + interface Command { + /** + * ContainsGroup return if groupID exists in the list of command groups. + */ + containsGroup(groupID: string): boolean + } + interface Command { + /** + * AddGroup adds one or more command groups to this parent command. + */ + addGroup(...groups: (Group | undefined)[]): void + } + interface Command { + /** + * RemoveCommand removes one or more commands from a parent command. + */ + removeCommand(...cmds: (Command | undefined)[]): void + } + interface Command { + /** + * Print is a convenience method to Print to the defined output, fallback to Stderr if not set. + */ + print(...i: { + }[]): void + } + interface Command { + /** + * Println is a convenience method to Println to the defined output, fallback to Stderr if not set. + */ + println(...i: { + }[]): void + } + interface Command { + /** + * Printf is a convenience method to Printf to the defined output, fallback to Stderr if not set. + */ + printf(format: string, ...i: { + }[]): void + } + interface Command { + /** + * PrintErr is a convenience method to Print to the defined Err output, fallback to Stderr if not set. + */ + printErr(...i: { + }[]): void + } + interface Command { + /** + * PrintErrln is a convenience method to Println to the defined Err output, fallback to Stderr if not set. + */ + printErrln(...i: { + }[]): void + } + interface Command { + /** + * PrintErrf is a convenience method to Printf to the defined Err output, fallback to Stderr if not set. + */ + printErrf(format: string, ...i: { + }[]): void + } + interface Command { + /** + * CommandPath returns the full path to this command. + */ + commandPath(): string + } + interface Command { + /** + * DisplayName returns the name to display in help text. Returns command Name() + * If CommandDisplayNameAnnoation is not set + */ + displayName(): string + } + interface Command { + /** + * UseLine puts out the full usage for a given command (including parents). + */ + useLine(): string + } + interface Command { + /** + * DebugFlags used to determine which flags have been assigned to which commands + * and which persist. + */ + debugFlags(): void + } + interface Command { + /** + * Name returns the command's name: the first word in the use line. + */ + name(): string + } + interface Command { + /** + * HasAlias determines if a given string is an alias of the command. + */ + hasAlias(s: string): boolean + } + interface Command { + /** + * CalledAs returns the command name or alias that was used to invoke + * this command or an empty string if the command has not been called. + */ + calledAs(): string + } + interface Command { + /** + * NameAndAliases returns a list of the command name and all aliases + */ + nameAndAliases(): string + } + interface Command { + /** + * HasExample determines if the command has example. + */ + hasExample(): boolean + } + interface Command { + /** + * Runnable determines if the command is itself runnable. + */ + runnable(): boolean + } + interface Command { + /** + * HasSubCommands determines if the command has children commands. + */ + hasSubCommands(): boolean + } + interface Command { + /** + * IsAvailableCommand determines if a command is available as a non-help command + * (this includes all non deprecated/hidden commands). + */ + isAvailableCommand(): boolean + } + interface Command { + /** + * IsAdditionalHelpTopicCommand determines if a command is an additional + * help topic command; additional help topic command is determined by the + * fact that it is NOT runnable/hidden/deprecated, and has no sub commands that + * are runnable/hidden/deprecated. + * Concrete example: https://github.com/spf13/cobra/issues/393#issuecomment-282741924. + */ + isAdditionalHelpTopicCommand(): boolean + } + interface Command { + /** + * HasHelpSubCommands determines if a command has any available 'help' sub commands + * that need to be shown in the usage/help default template under 'additional help + * topics'. + */ + hasHelpSubCommands(): boolean + } + interface Command { + /** + * HasAvailableSubCommands determines if a command has available sub commands that + * need to be shown in the usage/help default template under 'available commands'. + */ + hasAvailableSubCommands(): boolean + } + interface Command { + /** + * HasParent determines if the command is a child command. + */ + hasParent(): boolean + } + interface Command { + /** + * GlobalNormalizationFunc returns the global normalization function or nil if it doesn't exist. + */ + globalNormalizationFunc(): (f: any, name: string) => any + } + interface Command { + /** + * Flags returns the complete FlagSet that applies + * to this command (local and persistent declared here and by all parents). + */ + flags(): (any) + } + interface Command { + /** + * LocalNonPersistentFlags are flags specific to this command which will NOT persist to subcommands. + * This function does not modify the flags of the current command, it's purpose is to return the current state. + */ + localNonPersistentFlags(): (any) + } + interface Command { + /** + * LocalFlags returns the local FlagSet specifically set in the current command. + * This function does not modify the flags of the current command, it's purpose is to return the current state. + */ + localFlags(): (any) + } + interface Command { + /** + * InheritedFlags returns all flags which were inherited from parent commands. + * This function does not modify the flags of the current command, it's purpose is to return the current state. + */ + inheritedFlags(): (any) + } + interface Command { + /** + * NonInheritedFlags returns all flags which were not inherited from parent commands. + * This function does not modify the flags of the current command, it's purpose is to return the current state. + */ + nonInheritedFlags(): (any) + } + interface Command { + /** + * PersistentFlags returns the persistent FlagSet specifically set in the current command. + */ + persistentFlags(): (any) + } + interface Command { + /** + * ResetFlags deletes all flags from command. + */ + resetFlags(): void + } + interface Command { + /** + * HasFlags checks if the command contains any flags (local plus persistent from the entire structure). + */ + hasFlags(): boolean + } + interface Command { + /** + * HasPersistentFlags checks if the command contains persistent flags. + */ + hasPersistentFlags(): boolean + } + interface Command { + /** + * HasLocalFlags checks if the command has flags specifically declared locally. + */ + hasLocalFlags(): boolean + } + interface Command { + /** + * HasInheritedFlags checks if the command has flags inherited from its parent command. + */ + hasInheritedFlags(): boolean + } + interface Command { + /** + * HasAvailableFlags checks if the command contains any flags (local plus persistent from the entire + * structure) which are not hidden or deprecated. + */ + hasAvailableFlags(): boolean + } + interface Command { + /** + * HasAvailablePersistentFlags checks if the command contains persistent flags which are not hidden or deprecated. + */ + hasAvailablePersistentFlags(): boolean + } + interface Command { + /** + * HasAvailableLocalFlags checks if the command has flags specifically declared locally which are not hidden + * or deprecated. + */ + hasAvailableLocalFlags(): boolean + } + interface Command { + /** + * HasAvailableInheritedFlags checks if the command has flags inherited from its parent command which are + * not hidden or deprecated. + */ + hasAvailableInheritedFlags(): boolean + } + interface Command { + /** + * Flag climbs up the command tree looking for matching flag. + */ + flag(name: string): (any) + } + interface Command { + /** + * ParseFlags parses persistent flag tree and local flags. + */ + parseFlags(args: Array): void + } + interface Command { + /** + * Parent returns a commands parent command. + */ + parent(): (Command) + } + interface Command { + /** + * RegisterFlagCompletionFunc should be called to register a function to provide completion for a flag. + * + * You can use pre-defined completion functions such as [FixedCompletions] or [NoFileCompletions], + * or you can define your own. + */ + registerFlagCompletionFunc(flagName: string, f: CompletionFunc): void + } + interface Command { + /** + * GetFlagCompletionFunc returns the completion function for the given flag of the command, if available. + */ + getFlagCompletionFunc(flagName: string): [CompletionFunc, boolean] + } + interface Command { + /** + * InitDefaultCompletionCmd adds a default 'completion' command to c. + * This function will do nothing if any of the following is true: + * 1- the feature has been explicitly disabled by the program, + * 2- c has no subcommands (to avoid creating one), + * 3- c already has a 'completion' command provided by the program. + */ + initDefaultCompletionCmd(...args: string[]): void + } + interface Command { + /** + * GenFishCompletion generates fish completion file and writes to the passed writer. + */ + genFishCompletion(w: io.Writer, includeDesc: boolean): void + } + interface Command { + /** + * GenFishCompletionFile generates fish completion file. + */ + genFishCompletionFile(filename: string, includeDesc: boolean): void + } + interface Command { + /** + * MarkFlagsRequiredTogether marks the given flags with annotations so that Cobra errors + * if the command is invoked with a subset (but not all) of the given flags. + */ + markFlagsRequiredTogether(...flagNames: string[]): void + } + interface Command { + /** + * MarkFlagsOneRequired marks the given flags with annotations so that Cobra errors + * if the command is invoked without at least one flag from the given set of flags. + */ + markFlagsOneRequired(...flagNames: string[]): void + } + interface Command { + /** + * MarkFlagsMutuallyExclusive marks the given flags with annotations so that Cobra errors + * if the command is invoked with more than one flag from the given set of flags. + */ + markFlagsMutuallyExclusive(...flagNames: string[]): void + } + interface Command { + /** + * ValidateFlagGroups validates the mutuallyExclusive/oneRequired/requiredAsGroup logic and returns the + * first error encountered. + */ + validateFlagGroups(): void + } + interface Command { + /** + * GenPowerShellCompletionFile generates powershell completion file without descriptions. + */ + genPowerShellCompletionFile(filename: string): void + } + interface Command { + /** + * GenPowerShellCompletion generates powershell completion file without descriptions + * and writes it to the passed writer. + */ + genPowerShellCompletion(w: io.Writer): void + } + interface Command { + /** + * GenPowerShellCompletionFileWithDesc generates powershell completion file with descriptions. + */ + genPowerShellCompletionFileWithDesc(filename: string): void + } + interface Command { + /** + * GenPowerShellCompletionWithDesc generates powershell completion file with descriptions + * and writes it to the passed writer. + */ + genPowerShellCompletionWithDesc(w: io.Writer): void + } + interface Command { + /** + * MarkFlagRequired instructs the various shell completion implementations to + * prioritize the named flag when performing completion, + * and causes your command to report an error if invoked without the flag. + */ + markFlagRequired(name: string): void + } + interface Command { + /** + * MarkPersistentFlagRequired instructs the various shell completion implementations to + * prioritize the named persistent flag when performing completion, + * and causes your command to report an error if invoked without the flag. + */ + markPersistentFlagRequired(name: string): void + } + interface Command { + /** + * MarkFlagFilename instructs the various shell completion implementations to + * limit completions for the named flag to the specified file extensions. + */ + markFlagFilename(name: string, ...extensions: string[]): void + } + interface Command { + /** + * MarkFlagCustom adds the BashCompCustom annotation to the named flag, if it exists. + * The bash completion script will call the bash function f for the flag. + * + * This will only work for bash completion. + * It is recommended to instead use c.RegisterFlagCompletionFunc(...) which allows + * to register a Go function which will work across all shells. + */ + markFlagCustom(name: string, f: string): void + } + interface Command { + /** + * MarkPersistentFlagFilename instructs the various shell completion + * implementations to limit completions for the named persistent flag to the + * specified file extensions. + */ + markPersistentFlagFilename(name: string, ...extensions: string[]): void + } + interface Command { + /** + * MarkFlagDirname instructs the various shell completion implementations to + * limit completions for the named flag to directory names. + */ + markFlagDirname(name: string): void + } + interface Command { + /** + * MarkPersistentFlagDirname instructs the various shell completion + * implementations to limit completions for the named persistent flag to + * directory names. + */ + markPersistentFlagDirname(name: string): void + } + interface Command { + /** + * GenZshCompletionFile generates zsh completion file including descriptions. + */ + genZshCompletionFile(filename: string): void + } + interface Command { + /** + * GenZshCompletion generates zsh completion file including descriptions + * and writes it to the passed writer. + */ + genZshCompletion(w: io.Writer): void + } + interface Command { + /** + * GenZshCompletionFileNoDesc generates zsh completion file without descriptions. + */ + genZshCompletionFileNoDesc(filename: string): void + } + interface Command { + /** + * GenZshCompletionNoDesc generates zsh completion file without descriptions + * and writes it to the passed writer. + */ + genZshCompletionNoDesc(w: io.Writer): void + } + interface Command { + /** + * MarkZshCompPositionalArgumentFile only worked for zsh and its behavior was + * not consistent with Bash completion. It has therefore been disabled. + * Instead, when no other completion is specified, file completion is done by + * default for every argument. One can disable file completion on a per-argument + * basis by using ValidArgsFunction and ShellCompDirectiveNoFileComp. + * To achieve file extension filtering, one can use ValidArgsFunction and + * ShellCompDirectiveFilterFileExt. + * + * Deprecated + */ + markZshCompPositionalArgumentFile(argPosition: number, ...patterns: string[]): void + } + interface Command { + /** + * MarkZshCompPositionalArgumentWords only worked for zsh. It has therefore + * been disabled. + * To achieve the same behavior across all shells, one can use + * ValidArgs (for the first argument only) or ValidArgsFunction for + * any argument (can include the first one also). + * + * Deprecated + */ + markZshCompPositionalArgumentWords(argPosition: number, ...words: string[]): void + } +} + +namespace auth { + /** + * Provider defines a common interface for an OAuth2 client. + */ + interface Provider { + [key:string]: any; + /** + * Context returns the context associated with the provider (if any). + */ + context(): context.Context + /** + * SetContext assigns the specified context to the current provider. + */ + setContext(ctx: context.Context): void + /** + * PKCE indicates whether the provider can use the PKCE flow. + */ + pkce(): boolean + /** + * SetPKCE toggles the state whether the provider can use the PKCE flow or not. + */ + setPKCE(enable: boolean): void + /** + * DisplayName usually returns provider name as it is officially written + * and it could be used directly in the UI. + */ + displayName(): string + /** + * SetDisplayName sets the provider's display name. + */ + setDisplayName(displayName: string): void + /** + * Scopes returns the provider access permissions that will be requested. + */ + scopes(): Array + /** + * SetScopes sets the provider access permissions that will be requested later. + */ + setScopes(scopes: Array): void + /** + * ClientId returns the provider client's app ID. + */ + clientId(): string + /** + * SetClientId sets the provider client's ID. + */ + setClientId(clientId: string): void + /** + * ClientSecret returns the provider client's app secret. + */ + clientSecret(): string + /** + * SetClientSecret sets the provider client's app secret. + */ + setClientSecret(secret: string): void + /** + * RedirectURL returns the end address to redirect the user + * going through the OAuth flow. + */ + redirectURL(): string + /** + * SetRedirectURL sets the provider's RedirectURL. + */ + setRedirectURL(url: string): void + /** + * AuthURL returns the provider's authorization service url. + */ + authURL(): string + /** + * SetAuthURL sets the provider's AuthURL. + */ + setAuthURL(url: string): void + /** + * TokenURL returns the provider's token exchange service url. + */ + tokenURL(): string + /** + * SetTokenURL sets the provider's TokenURL. + */ + setTokenURL(url: string): void + /** + * UserInfoURL returns the provider's user info api url. + */ + userInfoURL(): string + /** + * SetUserInfoURL sets the provider's UserInfoURL. + */ + setUserInfoURL(url: string): void + /** + * Extra returns a shallow copy of any custom config data + * that the provider may be need. + */ + extra(): _TygojaDict + /** + * SetExtra updates the provider's custom config data. + */ + setExtra(data: _TygojaDict): void + /** + * Client returns an http client using the provided token. + */ + client(token: oauth2.Token): (any) + /** + * BuildAuthURL returns a URL to the provider's consent page + * that asks for permissions for the required scopes explicitly. + */ + buildAuthURL(state: string, ...opts: oauth2.AuthCodeOption[]): string + /** + * FetchToken converts an authorization code to token. + */ + fetchToken(code: string, ...opts: oauth2.AuthCodeOption[]): (oauth2.Token) + /** + * FetchRawUserInfo requests and marshalizes into `result` the + * the OAuth user api response. + */ + fetchRawUserInfo(token: oauth2.Token): string|Array + /** + * FetchAuthUser is similar to FetchRawUserInfo, but normalizes and + * marshalizes the user api response into a standardized AuthUser struct. + */ + fetchAuthUser(token: oauth2.Token): (AuthUser) + } + /** + * AuthUser defines a standardized OAuth2 user data structure. + */ + interface AuthUser { + expiry: types.DateTime + rawUser: _TygojaDict + id: string + name: string + username: string + email: string + avatarURL: string + accessToken: string + refreshToken: string + /** + * @todo + * deprecated: use AvatarURL instead + * AvatarUrl will be removed after dropping v0.22 support + */ + avatarUrl: string + } + interface AuthUser { + /** + * MarshalJSON implements the [json.Marshaler] interface. + * + * @todo remove after dropping v0.22 support + */ + marshalJSON(): string|Array + } +} + +namespace router { + // @ts-ignore + import validation = ozzo_validation + /** + * ApiError defines the struct for a basic api error response. + */ + interface ApiError { + data: _TygojaDict + message: string + status: number + } + interface ApiError { + /** + * Error makes it compatible with the `error` interface. + */ + error(): string + } + interface ApiError { + /** + * RawData returns the unformatted error data (could be an internal error, text, etc.) + */ + rawData(): any + } + interface ApiError { + /** + * Is reports whether the current ApiError wraps the target. + */ + is(target: Error): boolean + } + /** + * Event specifies based Route handler event that is usually intended + * to be embedded as part of a custom event struct. + * + * NB! It is expected that the Response and Request fields are always set. + */ + type _sZPWzsb = hook.Event + interface Event extends _sZPWzsb { + response: http.ResponseWriter + request?: http.Request + } + interface Event { + /** + * Written reports whether the current response has already been written. + * + * This method always returns false if e.ResponseWritter doesn't implement the WriteTracker interface + * (all router package handlers receives a ResponseWritter that implements it unless explicitly replaced with a custom one). + */ + written(): boolean + } + interface Event { + /** + * Status reports the status code of the current response. + * + * This method always returns 0 if e.Response doesn't implement the StatusTracker interface + * (all router package handlers receives a ResponseWritter that implements it unless explicitly replaced with a custom one). + */ + status(): number + } + interface Event { + /** + * Flush flushes buffered data to the current response. + * + * Returns [http.ErrNotSupported] if e.Response doesn't implement the [http.Flusher] interface + * (all router package handlers receives a ResponseWritter that implements it unless explicitly replaced with a custom one). + */ + flush(): void + } + interface Event { + /** + * IsTLS reports whether the connection on which the request was received is TLS. + */ + isTLS(): boolean + } + interface Event { + /** + * SetCookie is an alias for [http.SetCookie]. + * + * SetCookie adds a Set-Cookie header to the current response's headers. + * The provided cookie must have a valid Name. + * Invalid cookies may be silently dropped. + */ + setCookie(cookie: http.Cookie): void + } + interface Event { + /** + * RemoteIP returns the IP address of the client that sent the request. + * + * IPv6 addresses are returned expanded. + * For example, "2001:db8::1" becomes "2001:0db8:0000:0000:0000:0000:0000:0001". + * + * Note that if you are behind reverse proxy(ies), this method returns + * the IP of the last connecting proxy. + */ + remoteIP(): string + } + interface Event { + /** + * FindUploadedFiles extracts all form files of "key" from a http request + * and returns a slice with filesystem.File instances (if any). + */ + findUploadedFiles(key: string): Array<(filesystem.File | undefined)> + } + interface Event { + /** + * Get retrieves single value from the current event data store. + */ + get(key: string): any + } + interface Event { + /** + * GetAll returns a copy of the current event data store. + */ + getAll(): _TygojaDict + } + interface Event { + /** + * Set saves single value into the current event data store. + */ + set(key: string, value: any): void + } + interface Event { + /** + * SetAll saves all items from m into the current event data store. + */ + setAll(m: _TygojaDict): void + } + interface Event { + /** + * String writes a plain string response. + */ + string(status: number, data: string): void + } + interface Event { + /** + * HTML writes an HTML response. + */ + html(status: number, data: string): void + } + interface Event { + /** + * JSON writes a JSON response. + * + * It also provides a generic response data fields picker if the "fields" query parameter is set. + * For example, if you are requesting `?fields=a,b` for `e.JSON(200, map[string]int{ "a":1, "b":2, "c":3 })`, + * it should result in a JSON response like: `{"a":1, "b": 2}`. + */ + json(status: number, data: any): void + } + interface Event { + /** + * XML writes an XML response. + * It automatically prepends the generic [xml.Header] string to the response. + */ + xml(status: number, data: any): void + } + interface Event { + /** + * Stream streams the specified reader into the response. + */ + stream(status: number, contentType: string, reader: io.Reader): void + } + interface Event { + /** + * Blob writes a blob (bytes slice) response. + */ + blob(status: number, contentType: string, b: string|Array): void + } + interface Event { + /** + * FileFS serves the specified filename from fsys. + * + * It is similar to [echo.FileFS] for consistency with earlier versions. + */ + fileFS(fsys: fs.FS, filename: string): void + } + interface Event { + /** + * NoContent writes a response with no body (ex. 204). + */ + noContent(status: number): void + } + interface Event { + /** + * Redirect writes a redirect response to the specified url. + * The status code must be in between 300 – 399 range. + */ + redirect(status: number, url: string): void + } + interface Event { + error(status: number, message: string, errData: any): (ApiError) + } + interface Event { + badRequestError(message: string, errData: any): (ApiError) + } + interface Event { + notFoundError(message: string, errData: any): (ApiError) + } + interface Event { + forbiddenError(message: string, errData: any): (ApiError) + } + interface Event { + unauthorizedError(message: string, errData: any): (ApiError) + } + interface Event { + tooManyRequestsError(message: string, errData: any): (ApiError) + } + interface Event { + internalServerError(message: string, errData: any): (ApiError) + } + interface Event { + /** + * BindBody unmarshal the request body into the provided dst. + * + * dst must be either a struct pointer or map[string]any. + * + * The rules how the body will be scanned depends on the request Content-Type. + * + * Currently the following Content-Types are supported: + * ``` + * - application/json + * - text/xml, application/xml + * - multipart/form-data, application/x-www-form-urlencoded + * ``` + * + * Respectively the following struct tags are supported (again, which one will be used depends on the Content-Type): + * ``` + * - "json" (json body)- uses the builtin Go json package for unmarshaling. + * - "xml" (xml body) - uses the builtin Go xml package for unmarshaling. + * - "form" (form data) - utilizes the custom [router.UnmarshalRequestData] method. + * ``` + * + * NB! When dst is a struct make sure that it doesn't have public fields + * that shouldn't be bindable and it is advisible such fields to be unexported + * or have a separate struct just for the binding. For example: + * + * ``` + * data := struct{ + * somethingPrivate string + * + * Title string `json:"title" form:"title"` + * Total int `json:"total" form:"total"` + * } + * err := e.BindBody(&data) + * ``` + */ + bindBody(dst: any): void + } + /** + * Router defines a thin wrapper around the standard Go [http.ServeMux] by + * adding support for routing sub-groups, middlewares and other common utils. + * + * Example: + * + * ``` + * r := NewRouter[*MyEvent](eventFactory) + * + * // middlewares + * r.BindFunc(m1, m2) + * + * // routes + * r.GET("/test", handler1) + * + * // sub-routers/groups + * api := r.Group("/api") + * api.GET("/admins", handler2) + * + * // generate a http.ServeMux instance based on the router configurations + * mux, _ := r.BuildMux() + * + * http.ListenAndServe("localhost:8090", mux) + * ``` + */ + type _sAyDGzz = RouterGroup + interface Router extends _sAyDGzz { + } +} + +namespace subscriptions { + /** + * Broker defines a struct for managing subscriptions clients. + */ + interface Broker { + } + interface Broker { + /** + * Clients returns a shallow copy of all registered clients indexed + * with their connection id. + */ + clients(): _TygojaDict + } + interface Broker { + /** + * ChunkedClients splits the current clients into a chunked slice. + */ + chunkedClients(chunkSize: number): Array> + } + interface Broker { + /** + * TotalClients returns the total number of registered clients. + */ + totalClients(): number + } + interface Broker { + /** + * ClientById finds a registered client by its id. + * + * Returns non-nil error when client with clientId is not registered. + */ + clientById(clientId: string): Client + } + interface Broker { + /** + * Register adds a new client to the broker instance. + */ + register(client: Client): void + } + interface Broker { + /** + * Unregister removes a single client by its id and marks it as discarded. + * + * If client with clientId doesn't exist, this method does nothing. + */ + unregister(clientId: string): void + } + /** + * Client is an interface for a generic subscription client. + */ + interface Client { + [key:string]: any; + /** + * Id Returns the unique id of the client. + */ + id(): string + /** + * Channel returns the client's communication channel. + * + * NB! The channel shouldn't be used after calling Discard(). + */ + channel(): undefined + /** + * Subscriptions returns a shallow copy of the client subscriptions matching the prefixes. + * If no prefix is specified, returns all subscriptions. + */ + subscriptions(...prefixes: string[]): _TygojaDict + /** + * Subscribe subscribes the client to the provided subscriptions list. + * + * Each subscription can also have "options" (json serialized SubscriptionOptions) as query parameter. + * + * Example: + * + * ``` + * Subscribe( + * "subscriptionA", + * `subscriptionB?options={"query":{"a":1},"headers":{"x_token":"abc"}}`, + * ) + * ``` + */ + subscribe(...subs: string[]): void + /** + * Unsubscribe unsubscribes the client from the provided subscriptions list. + */ + unsubscribe(...subs: string[]): void + /** + * HasSubscription checks if the client is subscribed to `sub`. + */ + hasSubscription(sub: string): boolean + /** + * Set stores any value to the client's context. + */ + set(key: string, value: any): void + /** + * Unset removes a single value from the client's context. + */ + unset(key: string): void + /** + * Get retrieves the key value from the client's context. + */ + get(key: string): any + /** + * Discard marks the client as "discarded" (and closes its channel), + * meaning that it shouldn't be used anymore for sending new messages. + * + * It is safe to call Discard() multiple times. + */ + discard(): void + /** + * IsDiscarded indicates whether the client has been "discarded" + * and should no longer be used. + */ + isDiscarded(): boolean + /** + * Send sends the specified message to the client's channel (if not discarded). + */ + send(m: Message): void + } + /** + * Message defines a client's channel data. + */ + interface Message { + name: string + data: string|Array + } + interface Message { + /** + * WriteSSE writes the current message in a SSE format into the provided writer. + * + * For example, writing to a router.Event: + * + * ``` + * m := Message{Name: "users/create", Data: []byte{...}} + * m.Write(e.Response, "yourEventId") + * e.Flush() + * ``` + */ + writeSSE(w: io.Writer, eventId: string): void + } +} + +/** + * Package cron implements a crontab-like service to execute and schedule + * repeative tasks/jobs. + * + * Example: + * + * ``` + * c := cron.New() + * c.MustAdd("dailyReport", "0 0 * * *", func() { ... }) + * c.Start() + * ``` + */ +namespace cron { + /** + * Cron is a crontab-like struct for tasks/jobs scheduling. + */ + interface Cron { + } + interface Cron { + /** + * SetInterval changes the current cron tick interval + * (it usually should be >= 1 minute). + */ + setInterval(d: time.Duration): void + } + interface Cron { + /** + * SetTimezone changes the current cron tick timezone. + */ + setTimezone(l: time.Location): void + } + interface Cron { + /** + * MustAdd is similar to Add() but panic on failure. + */ + mustAdd(jobId: string, cronExpr: string, run: () => void): void + } + interface Cron { + /** + * Add registers a single cron job. + * + * If there is already a job with the provided id, then the old job + * will be replaced with the new one. + * + * cronExpr is a regular cron expression, eg. "0 *\/3 * * *" (aka. at minute 0 past every 3rd hour). + * Check cron.NewSchedule() for the supported tokens. + */ + add(jobId: string, cronExpr: string, fn: () => void): void + } + interface Cron { + /** + * Remove removes a single cron job by its id. + */ + remove(jobId: string): void + } + interface Cron { + /** + * RemoveAll removes all registered cron jobs. + */ + removeAll(): void + } + interface Cron { + /** + * Total returns the current total number of registered cron jobs. + */ + total(): number + } + interface Cron { + /** + * Jobs returns a shallow copy of the currently registered cron jobs. + */ + jobs(): Array<(Job | undefined)> + } + interface Cron { + /** + * Stop stops the current cron ticker (if not already). + * + * You can resume the ticker by calling Start(). + */ + stop(): void + } + interface Cron { + /** + * Start starts the cron ticker. + * + * Calling Start() on already started cron will restart the ticker. + */ + start(): void + } + interface Cron { + /** + * HasStarted checks whether the current Cron ticker has been started. + */ + hasStarted(): boolean + } +} + +namespace sync { + /** + * A Locker represents an object that can be locked and unlocked. + */ + interface Locker { + [key:string]: any; + lock(): void + unlock(): void + } +} + +namespace syscall { + /** + * SysProcIDMap holds Container ID to Host ID mappings used for User Namespaces in Linux. + * See user_namespaces(7). + * + * Note that User Namespaces are not available on a number of popular Linux + * versions (due to security issues), or are available but subject to AppArmor + * restrictions like in Ubuntu 24.04. + */ + interface SysProcIDMap { + containerID: number // Container ID. + hostID: number // Host ID. + size: number // Size. + } + // @ts-ignore + import errorspkg = errors + /** + * Credential holds user and group identities to be assumed + * by a child process started by [StartProcess]. + */ + interface Credential { + uid: number // User ID. + gid: number // Group ID. + groups: Array // Supplementary group IDs. + noSetGroups: boolean // If true, don't set supplementary groups + } + // @ts-ignore + import runtimesyscall = syscall + /** + * A Signal is a number describing a process signal. + * It implements the [os.Signal] interface. + */ + interface Signal extends Number{} + interface Signal { + signal(): void + } + interface Signal { + string(): string + } +} + +namespace io { + /** + * WriteCloser is the interface that groups the basic Write and Close methods. + */ + interface WriteCloser { + [key:string]: any; + } +} + +namespace time { + /** + * A Month specifies a month of the year (January = 1, ...). + */ + interface Month extends Number{} + interface Month { + /** + * String returns the English name of the month ("January", "February", ...). + */ + string(): string + } + /** + * A Weekday specifies a day of the week (Sunday = 0, ...). + */ + interface Weekday extends Number{} + interface Weekday { + /** + * String returns the English name of the day ("Sunday", "Monday", ...). + */ + string(): string + } + /** + * A Location maps time instants to the zone in use at that time. + * Typically, the Location represents the collection of time offsets + * in use in a geographical area. For many Locations the time offset varies + * depending on whether daylight savings time is in use at the time instant. + * + * Location is used to provide a time zone in a printed Time value and for + * calculations involving intervals that may cross daylight savings time + * boundaries. + */ + interface Location { + } + interface Location { + /** + * String returns a descriptive name for the time zone information, + * corresponding to the name argument to [LoadLocation] or [FixedZone]. + */ + string(): string + } +} + +namespace fs { +} + +namespace store { +} + +/** + * Package url parses URLs and implements query escaping. + */ +namespace url { + /** + * A URL represents a parsed URL (technically, a URI reference). + * + * The general form represented is: + * + * ``` + * [scheme:][//[userinfo@]host][/]path[?query][#fragment] + * ``` + * + * URLs that do not start with a slash after the scheme are interpreted as: + * + * ``` + * scheme:opaque[?query][#fragment] + * ``` + * + * The Host field contains the host and port subcomponents of the URL. + * When the port is present, it is separated from the host with a colon. + * When the host is an IPv6 address, it must be enclosed in square brackets: + * "[fe80::1]:80". The [net.JoinHostPort] function combines a host and port + * into a string suitable for the Host field, adding square brackets to + * the host when necessary. + * + * Note that the Path field is stored in decoded form: /%47%6f%2f becomes /Go/. + * A consequence is that it is impossible to tell which slashes in the Path were + * slashes in the raw URL and which were %2f. This distinction is rarely important, + * but when it is, the code should use the [URL.EscapedPath] method, which preserves + * the original encoding of Path. + * + * The RawPath field is an optional field which is only set when the default + * encoding of Path is different from the escaped path. See the EscapedPath method + * for more details. + * + * URL's String method uses the EscapedPath method to obtain the path. + */ + interface URL { + scheme: string + opaque: string // encoded opaque data + user?: Userinfo // username and password information + host: string // host or host:port (see Hostname and Port methods) + path: string // path (relative paths may omit leading slash) + rawPath: string // encoded path hint (see EscapedPath method) + omitHost: boolean // do not emit empty host (authority) + forceQuery: boolean // append a query ('?') even if RawQuery is empty + rawQuery: string // encoded query values, without '?' + fragment: string // fragment for references, without '#' + rawFragment: string // encoded fragment hint (see EscapedFragment method) + } + interface URL { + /** + * EscapedPath returns the escaped form of u.Path. + * In general there are multiple possible escaped forms of any path. + * EscapedPath returns u.RawPath when it is a valid escaping of u.Path. + * Otherwise EscapedPath ignores u.RawPath and computes an escaped + * form on its own. + * The [URL.String] and [URL.RequestURI] methods use EscapedPath to construct + * their results. + * In general, code should call EscapedPath instead of + * reading u.RawPath directly. + */ + escapedPath(): string + } + interface URL { + /** + * EscapedFragment returns the escaped form of u.Fragment. + * In general there are multiple possible escaped forms of any fragment. + * EscapedFragment returns u.RawFragment when it is a valid escaping of u.Fragment. + * Otherwise EscapedFragment ignores u.RawFragment and computes an escaped + * form on its own. + * The [URL.String] method uses EscapedFragment to construct its result. + * In general, code should call EscapedFragment instead of + * reading u.RawFragment directly. + */ + escapedFragment(): string + } + interface URL { + /** + * String reassembles the [URL] into a valid URL string. + * The general form of the result is one of: + * + * ``` + * scheme:opaque?query#fragment + * scheme://userinfo@host/path?query#fragment + * ``` + * + * If u.Opaque is non-empty, String uses the first form; + * otherwise it uses the second form. + * Any non-ASCII characters in host are escaped. + * To obtain the path, String uses u.EscapedPath(). + * + * In the second form, the following rules apply: + * ``` + * - if u.Scheme is empty, scheme: is omitted. + * - if u.User is nil, userinfo@ is omitted. + * - if u.Host is empty, host/ is omitted. + * - if u.Scheme and u.Host are empty and u.User is nil, + * the entire scheme://userinfo@host/ is omitted. + * - if u.Host is non-empty and u.Path begins with a /, + * the form host/path does not add its own /. + * - if u.RawQuery is empty, ?query is omitted. + * - if u.Fragment is empty, #fragment is omitted. + * ``` + */ + string(): string + } + interface URL { + /** + * Redacted is like [URL.String] but replaces any password with "xxxxx". + * Only the password in u.User is redacted. + */ + redacted(): string + } + /** + * Values maps a string key to a list of values. + * It is typically used for query parameters and form values. + * Unlike in the http.Header map, the keys in a Values map + * are case-sensitive. + */ + interface Values extends _TygojaDict{} + interface Values { + /** + * Get gets the first value associated with the given key. + * If there are no values associated with the key, Get returns + * the empty string. To access multiple values, use the map + * directly. + */ + get(key: string): string + } + interface Values { + /** + * Set sets the key to value. It replaces any existing + * values. + */ + set(key: string, value: string): void + } + interface Values { + /** + * Add adds the value to key. It appends to any existing + * values associated with key. + */ + add(key: string, value: string): void + } + interface Values { + /** + * Del deletes the values associated with key. + */ + del(key: string): void + } + interface Values { + /** + * Has checks whether a given key is set. + */ + has(key: string): boolean + } + interface Values { + /** + * Encode encodes the values into “URL encoded” form + * ("bar=baz&foo=quux") sorted by key. + */ + encode(): string + } + interface URL { + /** + * IsAbs reports whether the [URL] is absolute. + * Absolute means that it has a non-empty scheme. + */ + isAbs(): boolean + } + interface URL { + /** + * Parse parses a [URL] in the context of the receiver. The provided URL + * may be relative or absolute. Parse returns nil, err on parse + * failure, otherwise its return value is the same as [URL.ResolveReference]. + */ + parse(ref: string): (URL) + } + interface URL { + /** + * ResolveReference resolves a URI reference to an absolute URI from + * an absolute base URI u, per RFC 3986 Section 5.2. The URI reference + * may be relative or absolute. ResolveReference always returns a new + * [URL] instance, even if the returned URL is identical to either the + * base or reference. If ref is an absolute URL, then ResolveReference + * ignores base and returns a copy of ref. + */ + resolveReference(ref: URL): (URL) + } + interface URL { + /** + * Query parses RawQuery and returns the corresponding values. + * It silently discards malformed value pairs. + * To check errors use [ParseQuery]. + */ + query(): Values + } + interface URL { + /** + * RequestURI returns the encoded path?query or opaque?query + * string that would be used in an HTTP request for u. + */ + requestURI(): string + } + interface URL { + /** + * Hostname returns u.Host, stripping any valid port number if present. + * + * If the result is enclosed in square brackets, as literal IPv6 addresses are, + * the square brackets are removed from the result. + */ + hostname(): string + } + interface URL { + /** + * Port returns the port part of u.Host, without the leading colon. + * + * If u.Host doesn't contain a valid numeric port, Port returns an empty string. + */ + port(): string + } + interface URL { + marshalBinary(): string|Array + } + interface URL { + unmarshalBinary(text: string|Array): void + } + interface URL { + /** + * JoinPath returns a new [URL] with the provided path elements joined to + * any existing path and the resulting path cleaned of any ./ or ../ elements. + * Any sequences of multiple / characters will be reduced to a single /. + */ + joinPath(...elem: string[]): (URL) + } +} + +namespace context { +} + +namespace net { + /** + * Addr represents a network end point address. + * + * The two methods [Addr.Network] and [Addr.String] conventionally return strings + * that can be passed as the arguments to [Dial], but the exact form + * and meaning of the strings is up to the implementation. + */ + interface Addr { + [key:string]: any; + network(): string // name of the network (for example, "tcp", "udp") + string(): string // string form of address (for example, "192.0.2.1:25", "[2001:db8::1]:80") + } + /** + * A Listener is a generic network listener for stream-oriented protocols. + * + * Multiple goroutines may invoke methods on a Listener simultaneously. + */ + interface Listener { + [key:string]: any; + /** + * Accept waits for and returns the next connection to the listener. + */ + accept(): Conn + /** + * Close closes the listener. + * Any blocked Accept operations will be unblocked and return errors. + */ + close(): void + /** + * Addr returns the listener's network address. + */ + addr(): Addr + } +} + +namespace jwt { + /** + * NumericDate represents a JSON numeric date value, as referenced at + * https://datatracker.ietf.org/doc/html/rfc7519#section-2. + */ + type _sHxJrxk = time.Time + interface NumericDate extends _sHxJrxk { + } + interface NumericDate { + /** + * MarshalJSON is an implementation of the json.RawMessage interface and serializes the UNIX epoch + * represented in NumericDate to a byte array, using the precision specified in TimePrecision. + */ + marshalJSON(): string|Array + } + interface NumericDate { + /** + * UnmarshalJSON is an implementation of the json.RawMessage interface and + * deserializes a [NumericDate] from a JSON representation, i.e. a + * [json.Number]. This number represents an UNIX epoch with either integer or + * non-integer seconds. + */ + unmarshalJSON(b: string|Array): void + } + /** + * ClaimStrings is basically just a slice of strings, but it can be either + * serialized from a string array or just a string. This type is necessary, + * since the "aud" claim can either be a single string or an array. + */ + interface ClaimStrings extends Array{} + interface ClaimStrings { + unmarshalJSON(data: string|Array): void + } + interface ClaimStrings { + marshalJSON(): string|Array + } +} + +namespace hook { + /** + * wrapped local Hook embedded struct to limit the public API surface. + */ + type _sAafFuB = Hook + interface mainHook extends _sAafFuB { + } +} + +namespace sql { + /** + * IsolationLevel is the transaction isolation level used in [TxOptions]. + */ + interface IsolationLevel extends Number{} + interface IsolationLevel { + /** + * String returns the name of the transaction isolation level. + */ + string(): string + } + /** + * DBStats contains database statistics. + */ + interface DBStats { + maxOpenConnections: number // Maximum number of open connections to the database. + /** + * Pool Status + */ + openConnections: number // The number of established connections both in use and idle. + inUse: number // The number of connections currently in use. + idle: number // The number of idle connections. + /** + * Counters + */ + waitCount: number // The total number of connections waited for. + waitDuration: time.Duration // The total time blocked waiting for a new connection. + maxIdleClosed: number // The total number of connections closed due to SetMaxIdleConns. + maxIdleTimeClosed: number // The total number of connections closed due to SetConnMaxIdleTime. + maxLifetimeClosed: number // The total number of connections closed due to SetConnMaxLifetime. + } + /** + * Conn represents a single database connection rather than a pool of database + * connections. Prefer running queries from [DB] unless there is a specific + * need for a continuous single database connection. + * + * A Conn must call [Conn.Close] to return the connection to the database pool + * and may do so concurrently with a running query. + * + * After a call to [Conn.Close], all operations on the + * connection fail with [ErrConnDone]. + */ + interface Conn { + } + interface Conn { + /** + * PingContext verifies the connection to the database is still alive. + */ + pingContext(ctx: context.Context): void + } + interface Conn { + /** + * ExecContext executes a query without returning any rows. + * The args are for any placeholder parameters in the query. + */ + execContext(ctx: context.Context, query: string, ...args: any[]): Result + } + interface Conn { + /** + * QueryContext executes a query that returns rows, typically a SELECT. + * The args are for any placeholder parameters in the query. + */ + queryContext(ctx: context.Context, query: string, ...args: any[]): (Rows) + } + interface Conn { + /** + * QueryRowContext executes a query that is expected to return at most one row. + * QueryRowContext always returns a non-nil value. Errors are deferred until + * the [*Row.Scan] method is called. + * If the query selects no rows, the [*Row.Scan] will return [ErrNoRows]. + * Otherwise, the [*Row.Scan] scans the first selected row and discards + * the rest. + */ + queryRowContext(ctx: context.Context, query: string, ...args: any[]): (Row) + } + interface Conn { + /** + * PrepareContext creates a prepared statement for later queries or executions. + * Multiple queries or executions may be run concurrently from the + * returned statement. + * The caller must call the statement's [*Stmt.Close] method + * when the statement is no longer needed. + * + * The provided context is used for the preparation of the statement, not for the + * execution of the statement. + */ + prepareContext(ctx: context.Context, query: string): (Stmt) + } + interface Conn { + /** + * Raw executes f exposing the underlying driver connection for the + * duration of f. The driverConn must not be used outside of f. + * + * Once f returns and err is not [driver.ErrBadConn], the [Conn] will continue to be usable + * until [Conn.Close] is called. + */ + raw(f: (driverConn: any) => void): void + } + interface Conn { + /** + * BeginTx starts a transaction. + * + * The provided context is used until the transaction is committed or rolled back. + * If the context is canceled, the sql package will roll back + * the transaction. [Tx.Commit] will return an error if the context provided to + * BeginTx is canceled. + * + * The provided [TxOptions] is optional and may be nil if defaults should be used. + * If a non-default isolation level is used that the driver doesn't support, + * an error will be returned. + */ + beginTx(ctx: context.Context, opts: TxOptions): (Tx) + } + interface Conn { + /** + * Close returns the connection to the connection pool. + * All operations after a Close will return with [ErrConnDone]. + * Close is safe to call concurrently with other operations and will + * block until all other operations finish. It may be useful to first + * cancel any used context and then call close directly after. + */ + close(): void + } + /** + * ColumnType contains the name and type of a column. + */ + interface ColumnType { + } + interface ColumnType { + /** + * Name returns the name or alias of the column. + */ + name(): string + } + interface ColumnType { + /** + * Length returns the column type length for variable length column types such + * as text and binary field types. If the type length is unbounded the value will + * be [math.MaxInt64] (any database limits will still apply). + * If the column type is not variable length, such as an int, or if not supported + * by the driver ok is false. + */ + length(): [number, boolean] + } + interface ColumnType { + /** + * DecimalSize returns the scale and precision of a decimal type. + * If not applicable or if not supported ok is false. + */ + decimalSize(): [number, number, boolean] + } + interface ColumnType { + /** + * ScanType returns a Go type suitable for scanning into using [Rows.Scan]. + * If a driver does not support this property ScanType will return + * the type of an empty interface. + */ + scanType(): any + } + interface ColumnType { + /** + * Nullable reports whether the column may be null. + * If a driver does not support this property ok will be false. + */ + nullable(): [boolean, boolean] + } + interface ColumnType { + /** + * DatabaseTypeName returns the database system name of the column type. If an empty + * string is returned, then the driver type name is not supported. + * Consult your driver documentation for a list of driver data types. [ColumnType.Length] specifiers + * are not included. + * Common type names include "VARCHAR", "TEXT", "NVARCHAR", "DECIMAL", "BOOL", + * "INT", and "BIGINT". + */ + databaseTypeName(): string + } + /** + * Row is the result of calling [DB.QueryRow] to select a single row. + */ + interface Row { + } + interface Row { + /** + * Scan copies the columns from the matched row into the values + * pointed at by dest. See the documentation on [Rows.Scan] for details. + * If more than one row matches the query, + * Scan uses the first row and discards the rest. If no row matches + * the query, Scan returns [ErrNoRows]. + */ + scan(...dest: any[]): void + } + interface Row { + /** + * Err provides a way for wrapping packages to check for + * query errors without calling [Row.Scan]. + * Err returns the error, if any, that was encountered while running the query. + * If this error is not nil, this error will also be returned from [Row.Scan]. + */ + err(): void + } +} + +namespace types { +} + +namespace search { +} + +namespace bufio { + /** + * Reader implements buffering for an io.Reader object. + */ + interface Reader { + } + interface Reader { + /** + * Size returns the size of the underlying buffer in bytes. + */ + size(): number + } + interface Reader { + /** + * Reset discards any buffered data, resets all state, and switches + * the buffered reader to read from r. + * Calling Reset on the zero value of [Reader] initializes the internal buffer + * to the default size. + * Calling b.Reset(b) (that is, resetting a [Reader] to itself) does nothing. + */ + reset(r: io.Reader): void + } + interface Reader { + /** + * Peek returns the next n bytes without advancing the reader. The bytes stop + * being valid at the next read call. If Peek returns fewer than n bytes, it + * also returns an error explaining why the read is short. The error is + * [ErrBufferFull] if n is larger than b's buffer size. + * + * Calling Peek prevents a [Reader.UnreadByte] or [Reader.UnreadRune] call from succeeding + * until the next read operation. + */ + peek(n: number): string|Array + } + interface Reader { + /** + * Discard skips the next n bytes, returning the number of bytes discarded. + * + * If Discard skips fewer than n bytes, it also returns an error. + * If 0 <= n <= b.Buffered(), Discard is guaranteed to succeed without + * reading from the underlying io.Reader. + */ + discard(n: number): number + } + interface Reader { + /** + * Read reads data into p. + * It returns the number of bytes read into p. + * The bytes are taken from at most one Read on the underlying [Reader], + * hence n may be less than len(p). + * To read exactly len(p) bytes, use io.ReadFull(b, p). + * If the underlying [Reader] can return a non-zero count with io.EOF, + * then this Read method can do so as well; see the [io.Reader] docs. + */ + read(p: string|Array): number + } + interface Reader { + /** + * ReadByte reads and returns a single byte. + * If no byte is available, returns an error. + */ + readByte(): number + } + interface Reader { + /** + * UnreadByte unreads the last byte. Only the most recently read byte can be unread. + * + * UnreadByte returns an error if the most recent method called on the + * [Reader] was not a read operation. Notably, [Reader.Peek], [Reader.Discard], and [Reader.WriteTo] are not + * considered read operations. + */ + unreadByte(): void + } + interface Reader { + /** + * ReadRune reads a single UTF-8 encoded Unicode character and returns the + * rune and its size in bytes. If the encoded rune is invalid, it consumes one byte + * and returns unicode.ReplacementChar (U+FFFD) with a size of 1. + */ + readRune(): [number, number] + } + interface Reader { + /** + * UnreadRune unreads the last rune. If the most recent method called on + * the [Reader] was not a [Reader.ReadRune], [Reader.UnreadRune] returns an error. (In this + * regard it is stricter than [Reader.UnreadByte], which will unread the last byte + * from any read operation.) + */ + unreadRune(): void + } + interface Reader { + /** + * Buffered returns the number of bytes that can be read from the current buffer. + */ + buffered(): number + } + interface Reader { + /** + * ReadSlice reads until the first occurrence of delim in the input, + * returning a slice pointing at the bytes in the buffer. + * The bytes stop being valid at the next read. + * If ReadSlice encounters an error before finding a delimiter, + * it returns all the data in the buffer and the error itself (often io.EOF). + * ReadSlice fails with error [ErrBufferFull] if the buffer fills without a delim. + * Because the data returned from ReadSlice will be overwritten + * by the next I/O operation, most clients should use + * [Reader.ReadBytes] or ReadString instead. + * ReadSlice returns err != nil if and only if line does not end in delim. + */ + readSlice(delim: number): string|Array + } + interface Reader { + /** + * ReadLine is a low-level line-reading primitive. Most callers should use + * [Reader.ReadBytes]('\n') or [Reader.ReadString]('\n') instead or use a [Scanner]. + * + * ReadLine tries to return a single line, not including the end-of-line bytes. + * If the line was too long for the buffer then isPrefix is set and the + * beginning of the line is returned. The rest of the line will be returned + * from future calls. isPrefix will be false when returning the last fragment + * of the line. The returned buffer is only valid until the next call to + * ReadLine. ReadLine either returns a non-nil line or it returns an error, + * never both. + * + * The text returned from ReadLine does not include the line end ("\r\n" or "\n"). + * No indication or error is given if the input ends without a final line end. + * Calling [Reader.UnreadByte] after ReadLine will always unread the last byte read + * (possibly a character belonging to the line end) even if that byte is not + * part of the line returned by ReadLine. + */ + readLine(): [string|Array, boolean] + } + interface Reader { + /** + * ReadBytes reads until the first occurrence of delim in the input, + * returning a slice containing the data up to and including the delimiter. + * If ReadBytes encounters an error before finding a delimiter, + * it returns the data read before the error and the error itself (often io.EOF). + * ReadBytes returns err != nil if and only if the returned data does not end in + * delim. + * For simple uses, a Scanner may be more convenient. + */ + readBytes(delim: number): string|Array + } + interface Reader { + /** + * ReadString reads until the first occurrence of delim in the input, + * returning a string containing the data up to and including the delimiter. + * If ReadString encounters an error before finding a delimiter, + * it returns the data read before the error and the error itself (often io.EOF). + * ReadString returns err != nil if and only if the returned data does not end in + * delim. + * For simple uses, a Scanner may be more convenient. + */ + readString(delim: number): string + } + interface Reader { + /** + * WriteTo implements io.WriterTo. + * This may make multiple calls to the [Reader.Read] method of the underlying [Reader]. + * If the underlying reader supports the [Reader.WriteTo] method, + * this calls the underlying [Reader.WriteTo] without buffering. + */ + writeTo(w: io.Writer): number + } + /** + * Writer implements buffering for an [io.Writer] object. + * If an error occurs writing to a [Writer], no more data will be + * accepted and all subsequent writes, and [Writer.Flush], will return the error. + * After all data has been written, the client should call the + * [Writer.Flush] method to guarantee all data has been forwarded to + * the underlying [io.Writer]. + */ + interface Writer { + } + interface Writer { + /** + * Size returns the size of the underlying buffer in bytes. + */ + size(): number + } + interface Writer { + /** + * Reset discards any unflushed buffered data, clears any error, and + * resets b to write its output to w. + * Calling Reset on the zero value of [Writer] initializes the internal buffer + * to the default size. + * Calling w.Reset(w) (that is, resetting a [Writer] to itself) does nothing. + */ + reset(w: io.Writer): void + } + interface Writer { + /** + * Flush writes any buffered data to the underlying [io.Writer]. + */ + flush(): void + } + interface Writer { + /** + * Available returns how many bytes are unused in the buffer. + */ + available(): number + } + interface Writer { + /** + * AvailableBuffer returns an empty buffer with b.Available() capacity. + * This buffer is intended to be appended to and + * passed to an immediately succeeding [Writer.Write] call. + * The buffer is only valid until the next write operation on b. + */ + availableBuffer(): string|Array + } + interface Writer { + /** + * Buffered returns the number of bytes that have been written into the current buffer. + */ + buffered(): number + } + interface Writer { + /** + * Write writes the contents of p into the buffer. + * It returns the number of bytes written. + * If nn < len(p), it also returns an error explaining + * why the write is short. + */ + write(p: string|Array): number + } + interface Writer { + /** + * WriteByte writes a single byte. + */ + writeByte(c: number): void + } + interface Writer { + /** + * WriteRune writes a single Unicode code point, returning + * the number of bytes written and any error. + */ + writeRune(r: number): number + } + interface Writer { + /** + * WriteString writes a string. + * It returns the number of bytes written. + * If the count is less than len(s), it also returns an error explaining + * why the write is short. + */ + writeString(s: string): number + } + interface Writer { + /** + * ReadFrom implements [io.ReaderFrom]. If the underlying writer + * supports the ReadFrom method, this calls the underlying ReadFrom. + * If there is buffered data and an underlying ReadFrom, this fills + * the buffer and writes it before calling ReadFrom. + */ + readFrom(r: io.Reader): number + } +} + +/** + * Package textproto implements generic support for text-based request/response + * protocols in the style of HTTP, NNTP, and SMTP. + * + * The package provides: + * + * [Error], which represents a numeric error response from + * a server. + * + * [Pipeline], to manage pipelined requests and responses + * in a client. + * + * [Reader], to read numeric response code lines, + * key: value headers, lines wrapped with leading spaces + * on continuation lines, and whole text blocks ending + * with a dot on a line by itself. + * + * [Writer], to write dot-encoded text blocks. + * + * [Conn], a convenient packaging of [Reader], [Writer], and [Pipeline] for use + * with a single network connection. + */ +namespace textproto { + /** + * A MIMEHeader represents a MIME-style header mapping + * keys to sets of values. + */ + interface MIMEHeader extends _TygojaDict{} + interface MIMEHeader { + /** + * Add adds the key, value pair to the header. + * It appends to any existing values associated with key. + */ + add(key: string, value: string): void + } + interface MIMEHeader { + /** + * Set sets the header entries associated with key to + * the single element value. It replaces any existing + * values associated with key. + */ + set(key: string, value: string): void + } + interface MIMEHeader { + /** + * Get gets the first value associated with the given key. + * It is case insensitive; [CanonicalMIMEHeaderKey] is used + * to canonicalize the provided key. + * If there are no values associated with the key, Get returns "". + * To use non-canonical keys, access the map directly. + */ + get(key: string): string + } + interface MIMEHeader { + /** + * Values returns all values associated with the given key. + * It is case insensitive; [CanonicalMIMEHeaderKey] is + * used to canonicalize the provided key. To use non-canonical + * keys, access the map directly. + * The returned slice is not a copy. + */ + values(key: string): Array + } + interface MIMEHeader { + /** + * Del deletes the values associated with key. + */ + del(key: string): void + } +} + +namespace multipart { + interface Reader { + /** + * ReadForm parses an entire multipart message whose parts have + * a Content-Disposition of "form-data". + * It stores up to maxMemory bytes + 10MB (reserved for non-file parts) + * in memory. File parts which can't be stored in memory will be stored on + * disk in temporary files. + * It returns [ErrMessageTooLarge] if all non-file parts can't be stored in + * memory. + */ + readForm(maxMemory: number): (Form) + } + /** + * Form is a parsed multipart form. + * Its File parts are stored either in memory or on disk, + * and are accessible via the [*FileHeader]'s Open method. + * Its Value parts are stored as strings. + * Both are keyed by field name. + */ + interface Form { + value: _TygojaDict + file: _TygojaDict + } + interface Form { + /** + * RemoveAll removes any temporary files associated with a [Form]. + */ + removeAll(): void + } + /** + * File is an interface to access the file part of a multipart message. + * Its contents may be either stored in memory or on disk. + * If stored on disk, the File's underlying concrete type will be an *os.File. + */ + interface File { + [key:string]: any; + } + /** + * Reader is an iterator over parts in a MIME multipart body. + * Reader's underlying parser consumes its input as needed. Seeking + * isn't supported. + */ + interface Reader { + } + interface Reader { + /** + * NextPart returns the next part in the multipart or an error. + * When there are no more parts, the error [io.EOF] is returned. + * + * As a special case, if the "Content-Transfer-Encoding" header + * has a value of "quoted-printable", that header is instead + * hidden and the body is transparently decoded during Read calls. + */ + nextPart(): (Part) + } + interface Reader { + /** + * NextRawPart returns the next part in the multipart or an error. + * When there are no more parts, the error [io.EOF] is returned. + * + * Unlike [Reader.NextPart], it does not have special handling for + * "Content-Transfer-Encoding: quoted-printable". + */ + nextRawPart(): (Part) + } +} + +namespace http { + /** + * A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an + * HTTP response or the Cookie header of an HTTP request. + * + * See https://tools.ietf.org/html/rfc6265 for details. + */ + interface Cookie { + name: string + value: string + quoted: boolean // indicates whether the Value was originally quoted + path: string // optional + domain: string // optional + expires: time.Time // optional + rawExpires: string // for reading cookies only + /** + * MaxAge=0 means no 'Max-Age' attribute specified. + * MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0' + * MaxAge>0 means Max-Age attribute present and given in seconds + */ + maxAge: number + secure: boolean + httpOnly: boolean + sameSite: SameSite + partitioned: boolean + raw: string + unparsed: Array // Raw text of unparsed attribute-value pairs + } + interface Cookie { + /** + * String returns the serialization of the cookie for use in a [Cookie] + * header (if only Name and Value are set) or a Set-Cookie response + * header (if other fields are set). + * If c is nil or c.Name is invalid, the empty string is returned. + */ + string(): string + } + interface Cookie { + /** + * Valid reports whether the cookie is valid. + */ + valid(): void + } + // @ts-ignore + import mathrand = rand + /** + * A Header represents the key-value pairs in an HTTP header. + * + * The keys should be in canonical form, as returned by + * [CanonicalHeaderKey]. + */ + interface Header extends _TygojaDict{} + interface Header { + /** + * Add adds the key, value pair to the header. + * It appends to any existing values associated with key. + * The key is case insensitive; it is canonicalized by + * [CanonicalHeaderKey]. + */ + add(key: string, value: string): void + } + interface Header { + /** + * Set sets the header entries associated with key to the + * single element value. It replaces any existing values + * associated with key. The key is case insensitive; it is + * canonicalized by [textproto.CanonicalMIMEHeaderKey]. + * To use non-canonical keys, assign to the map directly. + */ + set(key: string, value: string): void + } + interface Header { + /** + * Get gets the first value associated with the given key. If + * there are no values associated with the key, Get returns "". + * It is case insensitive; [textproto.CanonicalMIMEHeaderKey] is + * used to canonicalize the provided key. Get assumes that all + * keys are stored in canonical form. To use non-canonical keys, + * access the map directly. + */ + get(key: string): string + } + interface Header { + /** + * Values returns all values associated with the given key. + * It is case insensitive; [textproto.CanonicalMIMEHeaderKey] is + * used to canonicalize the provided key. To use non-canonical + * keys, access the map directly. + * The returned slice is not a copy. + */ + values(key: string): Array + } + interface Header { + /** + * Del deletes the values associated with key. + * The key is case insensitive; it is canonicalized by + * [CanonicalHeaderKey]. + */ + del(key: string): void + } + interface Header { + /** + * Write writes a header in wire format. + */ + write(w: io.Writer): void + } + interface Header { + /** + * Clone returns a copy of h or nil if h is nil. + */ + clone(): Header + } + interface Header { + /** + * WriteSubset writes a header in wire format. + * If exclude is not nil, keys where exclude[key] == true are not written. + * Keys are not canonicalized before checking the exclude map. + */ + writeSubset(w: io.Writer, exclude: _TygojaDict): void + } + // @ts-ignore + import urlpkg = url + /** + * Response represents the response from an HTTP request. + * + * The [Client] and [Transport] return Responses from servers once + * the response headers have been received. The response body + * is streamed on demand as the Body field is read. + */ + interface Response { + status: string // e.g. "200 OK" + statusCode: number // e.g. 200 + proto: string // e.g. "HTTP/1.0" + protoMajor: number // e.g. 1 + protoMinor: number // e.g. 0 + /** + * Header maps header keys to values. If the response had multiple + * headers with the same key, they may be concatenated, with comma + * delimiters. (RFC 7230, section 3.2.2 requires that multiple headers + * be semantically equivalent to a comma-delimited sequence.) When + * Header values are duplicated by other fields in this struct (e.g., + * ContentLength, TransferEncoding, Trailer), the field values are + * authoritative. + * + * Keys in the map are canonicalized (see CanonicalHeaderKey). + */ + header: Header + /** + * Body represents the response body. + * + * The response body is streamed on demand as the Body field + * is read. If the network connection fails or the server + * terminates the response, Body.Read calls return an error. + * + * The http Client and Transport guarantee that Body is always + * non-nil, even on responses without a body or responses with + * a zero-length body. It is the caller's responsibility to + * close Body. The default HTTP client's Transport may not + * reuse HTTP/1.x "keep-alive" TCP connections if the Body is + * not read to completion and closed. + * + * The Body is automatically dechunked if the server replied + * with a "chunked" Transfer-Encoding. + * + * As of Go 1.12, the Body will also implement io.Writer + * on a successful "101 Switching Protocols" response, + * as used by WebSockets and HTTP/2's "h2c" mode. + */ + body: io.ReadCloser + /** + * ContentLength records the length of the associated content. The + * value -1 indicates that the length is unknown. Unless Request.Method + * is "HEAD", values >= 0 indicate that the given number of bytes may + * be read from Body. + */ + contentLength: number + /** + * Contains transfer encodings from outer-most to inner-most. Value is + * nil, means that "identity" encoding is used. + */ + transferEncoding: Array + /** + * Close records whether the header directed that the connection be + * closed after reading Body. The value is advice for clients: neither + * ReadResponse nor Response.Write ever closes a connection. + */ + close: boolean + /** + * Uncompressed reports whether the response was sent compressed but + * was decompressed by the http package. When true, reading from + * Body yields the uncompressed content instead of the compressed + * content actually set from the server, ContentLength is set to -1, + * and the "Content-Length" and "Content-Encoding" fields are deleted + * from the responseHeader. To get the original response from + * the server, set Transport.DisableCompression to true. + */ + uncompressed: boolean + /** + * Trailer maps trailer keys to values in the same + * format as Header. + * + * The Trailer initially contains only nil values, one for + * each key specified in the server's "Trailer" header + * value. Those values are not added to Header. + * + * Trailer must not be accessed concurrently with Read calls + * on the Body. + * + * After Body.Read has returned io.EOF, Trailer will contain + * any trailer values sent by the server. + */ + trailer: Header + /** + * Request is the request that was sent to obtain this Response. + * Request's Body is nil (having already been consumed). + * This is only populated for Client requests. + */ + request?: Request + /** + * TLS contains information about the TLS connection on which the + * response was received. It is nil for unencrypted responses. + * The pointer is shared between responses and should not be + * modified. + */ + tls?: any + } + interface Response { + /** + * Cookies parses and returns the cookies set in the Set-Cookie headers. + */ + cookies(): Array<(Cookie | undefined)> + } + interface Response { + /** + * Location returns the URL of the response's "Location" header, + * if present. Relative redirects are resolved relative to + * [Response.Request]. [ErrNoLocation] is returned if no + * Location header is present. + */ + location(): (url.URL) + } + interface Response { + /** + * ProtoAtLeast reports whether the HTTP protocol used + * in the response is at least major.minor. + */ + protoAtLeast(major: number, minor: number): boolean + } + interface Response { + /** + * Write writes r to w in the HTTP/1.x server response format, + * including the status line, headers, body, and optional trailer. + * + * This method consults the following fields of the response r: + * + * ``` + * StatusCode + * ProtoMajor + * ProtoMinor + * Request.Method + * TransferEncoding + * Trailer + * Body + * ContentLength + * Header, values for non-canonical keys will have unpredictable behavior + * ``` + * + * The Response Body is closed after it is sent. + */ + write(w: io.Writer): void + } + /** + * A ConnState represents the state of a client connection to a server. + * It's used by the optional [Server.ConnState] hook. + */ + interface ConnState extends Number{} + interface ConnState { + string(): string + } +} + +/** + * Package oauth2 provides support for making + * OAuth2 authorized and authenticated HTTP requests, + * as specified in RFC 6749. + * It can additionally grant authorization with Bearer JWT. + */ +namespace oauth2 { + /** + * An AuthCodeOption is passed to Config.AuthCodeURL. + */ + interface AuthCodeOption { + [key:string]: any; + } + /** + * Token represents the credentials used to authorize + * the requests to access protected resources on the OAuth 2.0 + * provider's backend. + * + * Most users of this package should not access fields of Token + * directly. They're exported mostly for use by related packages + * implementing derivative OAuth2 flows. + */ + interface Token { + /** + * AccessToken is the token that authorizes and authenticates + * the requests. + */ + accessToken: string + /** + * TokenType is the type of token. + * The Type method returns either this or "Bearer", the default. + */ + tokenType: string + /** + * RefreshToken is a token that's used by the application + * (as opposed to the user) to refresh the access token + * if it expires. + */ + refreshToken: string + /** + * Expiry is the optional expiration time of the access token. + * + * If zero, [TokenSource] implementations will reuse the same + * token forever and RefreshToken or equivalent + * mechanisms for that TokenSource will not be used. + */ + expiry: time.Time + /** + * ExpiresIn is the OAuth2 wire format "expires_in" field, + * which specifies how many seconds later the token expires, + * relative to an unknown time base approximately around "now". + * It is the application's responsibility to populate + * `Expiry` from `ExpiresIn` when required. + */ + expiresIn: number + } + interface Token { + /** + * Type returns t.TokenType if non-empty, else "Bearer". + */ + type(): string + } + interface Token { + /** + * SetAuthHeader sets the Authorization header to r using the access + * token in t. + * + * This method is unnecessary when using [Transport] or an HTTP Client + * returned by this package. + */ + setAuthHeader(r: http.Request): void + } + interface Token { + /** + * WithExtra returns a new [Token] that's a clone of t, but using the + * provided raw extra map. This is only intended for use by packages + * implementing derivative OAuth2 flows. + */ + withExtra(extra: any): (Token) + } + interface Token { + /** + * Extra returns an extra field. + * Extra fields are key-value pairs returned by the server as a + * part of the token retrieval response. + */ + extra(key: string): any + } + interface Token { + /** + * Valid reports whether t is non-nil, has an AccessToken, and is not expired. + */ + valid(): boolean + } +} + +namespace subscriptions { +} + +namespace cron { + /** + * Job defines a single registered cron job. + */ + interface Job { + } + interface Job { + /** + * Id returns the cron job id. + */ + id(): string + } + interface Job { + /** + * Expression returns the plain cron job schedule expression. + */ + expression(): string + } + interface Job { + /** + * Run runs the cron job function. + */ + run(): void + } + interface Job { + /** + * MarshalJSON implements [json.Marshaler] and export the current + * jobs data into valid JSON. + */ + marshalJSON(): string|Array + } +} + +namespace router { + // @ts-ignore + import validation = ozzo_validation + /** + * RouterGroup represents a collection of routes and other sub groups + * that share common pattern prefix and middlewares. + */ + interface RouterGroup { + prefix: string + middlewares: Array<(hook.Handler | undefined)> + } +} + +namespace slog { + /** + * An Attr is a key-value pair. + */ + interface Attr { + key: string + value: Value + } + interface Attr { + /** + * Equal reports whether a and b have equal keys and values. + */ + equal(b: Attr): boolean + } + interface Attr { + string(): string + } + /** + * A Handler handles log records produced by a Logger. + * + * A typical handler may print log records to standard error, + * or write them to a file or database, or perhaps augment them + * with additional attributes and pass them on to another handler. + * + * Any of the Handler's methods may be called concurrently with itself + * or with other methods. It is the responsibility of the Handler to + * manage this concurrency. + * + * Users of the slog package should not invoke Handler methods directly. + * They should use the methods of [Logger] instead. + */ + interface Handler { + [key:string]: any; + /** + * Enabled reports whether the handler handles records at the given level. + * The handler ignores records whose level is lower. + * It is called early, before any arguments are processed, + * to save effort if the log event should be discarded. + * If called from a Logger method, the first argument is the context + * passed to that method, or context.Background() if nil was passed + * or the method does not take a context. + * The context is passed so Enabled can use its values + * to make a decision. + */ + enabled(_arg0: context.Context, _arg1: Level): boolean + /** + * Handle handles the Record. + * It will only be called when Enabled returns true. + * The Context argument is as for Enabled. + * It is present solely to provide Handlers access to the context's values. + * Canceling the context should not affect record processing. + * (Among other things, log messages may be necessary to debug a + * cancellation-related problem.) + * + * Handle methods that produce output should observe the following rules: + * ``` + * - If r.Time is the zero time, ignore the time. + * - If r.PC is zero, ignore it. + * - Attr's values should be resolved. + * - If an Attr's key and value are both the zero value, ignore the Attr. + * This can be tested with attr.Equal(Attr{}). + * - If a group's key is empty, inline the group's Attrs. + * - If a group has no Attrs (even if it has a non-empty key), + * ignore it. + * ``` + */ + handle(_arg0: context.Context, _arg1: Record): void + /** + * WithAttrs returns a new Handler whose attributes consist of + * both the receiver's attributes and the arguments. + * The Handler owns the slice: it may retain, modify or discard it. + */ + withAttrs(attrs: Array): Handler + /** + * WithGroup returns a new Handler with the given group appended to + * the receiver's existing groups. + * The keys of all subsequent attributes, whether added by With or in a + * Record, should be qualified by the sequence of group names. + * + * How this qualification happens is up to the Handler, so long as + * this Handler's attribute keys differ from those of another Handler + * with a different sequence of group names. + * + * A Handler should treat WithGroup as starting a Group of Attrs that ends + * at the end of the log event. That is, + * + * ``` + * logger.WithGroup("s").LogAttrs(ctx, level, msg, slog.Int("a", 1), slog.Int("b", 2)) + * ``` + * + * should behave like + * + * ``` + * logger.LogAttrs(ctx, level, msg, slog.Group("s", slog.Int("a", 1), slog.Int("b", 2))) + * ``` + * + * If the name is empty, WithGroup returns the receiver. + */ + withGroup(name: string): Handler + } + /** + * A Level is the importance or severity of a log event. + * The higher the level, the more important or severe the event. + */ + interface Level extends Number{} + interface Level { + /** + * String returns a name for the level. + * If the level has a name, then that name + * in uppercase is returned. + * If the level is between named values, then + * an integer is appended to the uppercased name. + * Examples: + * + * ``` + * LevelWarn.String() => "WARN" + * (LevelInfo+2).String() => "INFO+2" + * ``` + */ + string(): string + } + interface Level { + /** + * MarshalJSON implements [encoding/json.Marshaler] + * by quoting the output of [Level.String]. + */ + marshalJSON(): string|Array + } + interface Level { + /** + * UnmarshalJSON implements [encoding/json.Unmarshaler] + * It accepts any string produced by [Level.MarshalJSON], + * ignoring case. + * It also accepts numeric offsets that would result in a different string on + * output. For example, "Error-8" would marshal as "INFO". + */ + unmarshalJSON(data: string|Array): void + } + interface Level { + /** + * MarshalText implements [encoding.TextMarshaler] + * by calling [Level.String]. + */ + marshalText(): string|Array + } + interface Level { + /** + * UnmarshalText implements [encoding.TextUnmarshaler]. + * It accepts any string produced by [Level.MarshalText], + * ignoring case. + * It also accepts numeric offsets that would result in a different string on + * output. For example, "Error-8" would marshal as "INFO". + */ + unmarshalText(data: string|Array): void + } + interface Level { + /** + * Level returns the receiver. + * It implements [Leveler]. + */ + level(): Level + } + // @ts-ignore + import loginternal = internal +} + +namespace cobra { + interface PositionalArgs {(cmd: Command, args: Array): void } + // @ts-ignore + import flag = pflag + /** + * FParseErrWhitelist configures Flag parse errors to be ignored + */ + interface FParseErrWhitelist extends _TygojaAny{} + /** + * Group Structure to manage groups for commands + */ + interface Group { + id: string + title: string + } + /** + * CompletionOptions are the options to control shell completion + */ + interface CompletionOptions { + /** + * DisableDefaultCmd prevents Cobra from creating a default 'completion' command + */ + disableDefaultCmd: boolean + /** + * DisableNoDescFlag prevents Cobra from creating the '--no-descriptions' flag + * for shells that support completion descriptions + */ + disableNoDescFlag: boolean + /** + * DisableDescriptions turns off all completion descriptions for shells + * that support them + */ + disableDescriptions: boolean + /** + * HiddenDefaultCmd makes the default 'completion' command hidden + */ + hiddenDefaultCmd: boolean + } + /** + * Completion is a string that can be used for completions + * + * two formats are supported: + * ``` + * - the completion choice + * - the completion choice with a textual description (separated by a TAB). + * ``` + * + * [CompletionWithDesc] can be used to create a completion string with a textual description. + * + * Note: Go type alias is used to provide a more descriptive name in the documentation, but any string can be used. + */ + interface Completion extends String{} + /** + * CompletionFunc is a function that provides completion results. + */ + interface CompletionFunc {(cmd: Command, args: Array, toComplete: string): [Array, ShellCompDirective] } +} + +namespace multipart { + /** + * A Part represents a single part in a multipart body. + */ + interface Part { + /** + * The headers of the body, if any, with the keys canonicalized + * in the same fashion that the Go http.Request headers are. + * For example, "foo-bar" changes case to "Foo-Bar" + */ + header: textproto.MIMEHeader + } + interface Part { + /** + * FormName returns the name parameter if p has a Content-Disposition + * of type "form-data". Otherwise it returns the empty string. + */ + formName(): string + } + interface Part { + /** + * FileName returns the filename parameter of the [Part]'s Content-Disposition + * header. If not empty, the filename is passed through filepath.Base (which is + * platform dependent) before being returned. + */ + fileName(): string + } + interface Part { + /** + * Read reads the body of a part, after its headers and before the + * next part (if any) begins. + */ + read(d: string|Array): number + } + interface Part { + close(): void + } +} + +namespace url { + /** + * The Userinfo type is an immutable encapsulation of username and + * password details for a [URL]. An existing Userinfo value is guaranteed + * to have a username set (potentially empty, as allowed by RFC 2396), + * and optionally a password. + */ + interface Userinfo { + } + interface Userinfo { + /** + * Username returns the username. + */ + username(): string + } + interface Userinfo { + /** + * Password returns the password in case it is set, and whether it is set. + */ + password(): [string, boolean] + } + interface Userinfo { + /** + * String returns the encoded userinfo information in the standard form + * of "username[:password]". + */ + string(): string + } +} + +namespace http { + /** + * SameSite allows a server to define a cookie attribute making it impossible for + * the browser to send this cookie along with cross-site requests. The main + * goal is to mitigate the risk of cross-origin information leakage, and provide + * some protection against cross-site request forgery attacks. + * + * See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 for details. + */ + interface SameSite extends Number{} + // @ts-ignore + import mathrand = rand + // @ts-ignore + import urlpkg = url +} + +namespace oauth2 { +} + +namespace slog { + // @ts-ignore + import loginternal = internal + /** + * A Record holds information about a log event. + * Copies of a Record share state. + * Do not modify a Record after handing out a copy to it. + * Call [NewRecord] to create a new Record. + * Use [Record.Clone] to create a copy with no shared state. + */ + interface Record { + /** + * The time at which the output method (Log, Info, etc.) was called. + */ + time: time.Time + /** + * The log message. + */ + message: string + /** + * The level of the event. + */ + level: Level + /** + * The program counter at the time the record was constructed, as determined + * by runtime.Callers. If zero, no program counter is available. + * + * The only valid use for this value is as an argument to + * [runtime.CallersFrames]. In particular, it must not be passed to + * [runtime.FuncForPC]. + */ + pc: number + } + interface Record { + /** + * Clone returns a copy of the record with no shared state. + * The original record and the clone can both be modified + * without interfering with each other. + */ + clone(): Record + } + interface Record { + /** + * NumAttrs returns the number of attributes in the [Record]. + */ + numAttrs(): number + } + interface Record { + /** + * Attrs calls f on each Attr in the [Record]. + * Iteration stops if f returns false. + */ + attrs(f: (_arg0: Attr) => boolean): void + } + interface Record { + /** + * AddAttrs appends the given Attrs to the [Record]'s list of Attrs. + * It omits empty groups. + */ + addAttrs(...attrs: Attr[]): void + } + interface Record { + /** + * Add converts the args to Attrs as described in [Logger.Log], + * then appends the Attrs to the [Record]'s list of Attrs. + * It omits empty groups. + */ + add(...args: any[]): void + } + /** + * A Value can represent any Go value, but unlike type any, + * it can represent most small values without an allocation. + * The zero Value corresponds to nil. + */ + interface Value { + } + interface Value { + /** + * Kind returns v's Kind. + */ + kind(): Kind + } + interface Value { + /** + * Any returns v's value as an any. + */ + any(): any + } + interface Value { + /** + * String returns Value's value as a string, formatted like [fmt.Sprint]. Unlike + * the methods Int64, Float64, and so on, which panic if v is of the + * wrong kind, String never panics. + */ + string(): string + } + interface Value { + /** + * Int64 returns v's value as an int64. It panics + * if v is not a signed integer. + */ + int64(): number + } + interface Value { + /** + * Uint64 returns v's value as a uint64. It panics + * if v is not an unsigned integer. + */ + uint64(): number + } + interface Value { + /** + * Bool returns v's value as a bool. It panics + * if v is not a bool. + */ + bool(): boolean + } + interface Value { + /** + * Duration returns v's value as a [time.Duration]. It panics + * if v is not a time.Duration. + */ + duration(): time.Duration + } + interface Value { + /** + * Float64 returns v's value as a float64. It panics + * if v is not a float64. + */ + float64(): number + } + interface Value { + /** + * Time returns v's value as a [time.Time]. It panics + * if v is not a time.Time. + */ + time(): time.Time + } + interface Value { + /** + * LogValuer returns v's value as a LogValuer. It panics + * if v is not a LogValuer. + */ + logValuer(): LogValuer + } + interface Value { + /** + * Group returns v's value as a []Attr. + * It panics if v's [Kind] is not [KindGroup]. + */ + group(): Array + } + interface Value { + /** + * Equal reports whether v and w represent the same Go value. + */ + equal(w: Value): boolean + } + interface Value { + /** + * Resolve repeatedly calls LogValue on v while it implements [LogValuer], + * and returns the result. + * If v resolves to a group, the group's attributes' values are not recursively + * resolved. + * If the number of LogValue calls exceeds a threshold, a Value containing an + * error is returned. + * Resolve's return value is guaranteed not to be of Kind [KindLogValuer]. + */ + resolve(): Value + } +} + +namespace cobra { + // @ts-ignore + import flag = pflag + /** + * ShellCompDirective is a bit map representing the different behaviors the shell + * can be instructed to have once completions have been provided. + */ + interface ShellCompDirective extends Number{} +} + +namespace slog { + // @ts-ignore + import loginternal = internal + /** + * Kind is the kind of a [Value]. + */ + interface Kind extends Number{} + interface Kind { + string(): string + } + /** + * A LogValuer is any Go value that can convert itself into a Value for logging. + * + * This mechanism may be used to defer expensive operations until they are + * needed, or to expand a single value into a sequence of components. + */ + interface LogValuer { + [key:string]: any; + logValue(): Value + } +} diff --git a/plugins/jsvm/internal/types/types.go b/plugins/jsvm/internal/types/types.go new file mode 100644 index 0000000..13f4dbb --- /dev/null +++ b/plugins/jsvm/internal/types/types.go @@ -0,0 +1,1258 @@ +package main + +import ( + "fmt" + "log" + "os" + "path/filepath" + "reflect" + "runtime" + "strings" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/plugins/jsvm" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/tygoja" +) + +const heading = ` +// ------------------------------------------------------------------- +// cronBinds +// ------------------------------------------------------------------- + +/** + * CronAdd registers a new cron job. + * + * If a cron job with the specified name already exist, it will be + * replaced with the new one. + * + * Example: + * + * ` + "```" + `js + * // prints "Hello world!" on every 30 minutes + * cronAdd("hello", "*\/30 * * * *", () => { + * console.log("Hello world!") + * }) + * ` + "```" + ` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function cronAdd( + jobId: string, + cronExpr: string, + handler: () => void, +): void; + +/** + * CronRemove removes a single registered cron job by its name. + * + * Example: + * + * ` + "```" + `js + * cronRemove("hello") + * ` + "```" + ` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function cronRemove(jobId: string): void; + +// ------------------------------------------------------------------- +// routerBinds +// ------------------------------------------------------------------- + +/** + * RouterAdd registers a new route definition. + * + * Example: + * + * ` + "```" + `js + * routerAdd("GET", "/hello", (e) => { + * return e.json(200, {"message": "Hello!"}) + * }, $apis.requireAuth()) + * ` + "```" + ` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function routerAdd( + method: string, + path: string, + handler: (e: core.RequestEvent) => void, + ...middlewares: Array void)|Middleware>, +): void; + +/** + * RouterUse registers one or more global middlewares that are executed + * along the handler middlewares after a matching route is found. + * + * Example: + * + * ` + "```" + `js + * routerUse((e) => { + * console.log(e.request.url.path) + * return e.next() + * }) + * ` + "```" + ` + * + * _Note that this method is available only in pb_hooks context._ + * + * @group PocketBase + */ +declare function routerUse(...middlewares: Array void)|Middleware>): void; + +// ------------------------------------------------------------------- +// baseBinds +// ------------------------------------------------------------------- + +/** + * Global helper variable that contains the absolute path to the app pb_hooks directory. + * + * @group PocketBase + */ +declare var __hooks: string + +// Utility type to exclude the on* hook methods from a type +// (hooks are separately generated as global methods). +// +// See https://www.typescriptlang.org/docs/handbook/2/mapped-types.html#key-remapping-via-as +type excludeHooks = { + [Property in keyof Type as Exclude]: Type[Property] +}; + +// core.App without the on* hook methods +type CoreApp = excludeHooks + +// pocketbase.PocketBase without the on* hook methods +type PocketBase = excludeHooks + +/** + * ` + "`$app`" + ` is the current running PocketBase instance that is globally + * available in each .pb.js file. + * + * _Note that this variable is available only in pb_hooks context._ + * + * @namespace + * @group PocketBase + */ +declare var $app: PocketBase + +/** + * ` + "`$template`" + ` is a global helper to load and cache HTML templates on the fly. + * + * The templates uses the standard Go [html/template](https://pkg.go.dev/html/template) + * and [text/template](https://pkg.go.dev/text/template) package syntax. + * + * Example: + * + * ` + "```" + `js + * const html = $template.loadFiles( + * "views/layout.html", + * "views/content.html", + * ).render({"name": "John"}) + * ` + "```" + ` + * + * _Note that this method is available only in pb_hooks context._ + * + * @namespace + * @group PocketBase + */ +declare var $template: template.Registry + +/** + * This method is superseded by toString. + * + * @deprecated + * @group PocketBase + */ +declare function readerToString(reader: any, maxBytes?: number): string; + +/** + * toString stringifies the specified value. + * + * Support optional second maxBytes argument to limit the max read bytes + * when the value is a io.Reader (default to 32MB). + * + * Types that don't have explicit string representation are json serialized. + * + * Example: + * + * ` + "```" + `js + * // io.Reader + * const ex1 = toString(e.request.body) + * + * // slice of bytes ("hello") + * const ex2 = toString([104 101 108 108 111]) + * ` + "```" + ` + * + * @group PocketBase + */ +declare function toString(val: any, maxBytes?: number): string; + +/** + * sleep pauses the current goroutine for at least the specified user duration (in ms). + * A zero or negative duration returns immediately. + * + * Example: + * + * ` + "```" + `js + * sleep(250) // sleeps for 250ms + * ` + "```" + ` + * + * @group PocketBase + */ +declare function sleep(milliseconds: number): void; + +/** + * arrayOf creates a placeholder array of the specified models. + * Usually used to populate DB result into an array of models. + * + * Example: + * + * ` + "```" + `js + * const records = arrayOf(new Record) + * + * $app.recordQuery("articles").limit(10).all(records) + * ` + "```" + ` + * + * @group PocketBase + */ +declare function arrayOf(model: T): Array; + +/** + * DynamicModel creates a new dynamic model with fields from the provided data shape. + * + * Note that in order to use 0 as double/float initialization number you have to use negative zero (` + "`-0`" + `). + * + * Example: + * + * ` + "```" + `js + * const model = new DynamicModel({ + * name: "" + * age: 0, // int64 + * totalSpent: -0, // float64 + * active: false, + * roles: [], + * meta: {} + * }) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class DynamicModel { + constructor(shape?: { [key:string]: any }) +} + +interface Context extends context.Context{} // merge +/** + * Context creates a new empty Go context.Context. + * + * This is usually used as part of some Go transitive bindings. + * + * Example: + * + * ` + "```" + `js + * const blank = new Context() + * + * // with single key-value pair + * const base = new Context(null, "a", 123) + * console.log(base.value("a")) // 123 + * + * // extend with additional key-value pair + * const sub = new Context(base, "b", 456) + * console.log(sub.value("a")) // 123 + * console.log(sub.value("b")) // 456 + * ` + "```" + ` + * + * @group PocketBase + */ +declare class Context implements context.Context { + constructor(parentCtx?: Context, key?: any, value?: any) +} + +/** + * Record model class. + * + * ` + "```" + `js + * const collection = $app.findCollectionByNameOrId("article") + * + * const record = new Record(collection, { + * title: "Lorem ipsum" + * }) + * + * // or set field values after the initialization + * record.set("description", "...") + * ` + "```" + ` + * + * @group PocketBase + */ +declare const Record: { + new(collection?: core.Collection, data?: { [key:string]: any }): core.Record + + // note: declare as "newable" const due to conflict with the Record TS utility type +} + +interface Collection extends core.Collection{ + type: "base" | "view" | "auth" +} // merge +/** + * Collection model class. + * + * ` + "```" + `js + * const collection = new Collection({ + * type: "base", + * name: "article", + * listRule: "@request.auth.id != '' || status = 'public'", + * viewRule: "@request.auth.id != '' || status = 'public'", + * deleteRule: "@request.auth.id != ''", + * fields: [ + * { + * name: "title", + * type: "text", + * required: true, + * min: 6, + * max: 100, + * }, + * { + * name: "description", + * type: "text", + * }, + * ] + * }) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class Collection implements core.Collection { + constructor(data?: Partial) +} + +interface FieldsList extends core.FieldsList{} // merge +/** + * FieldsList model class, usually used to define the Collection.fields. + * + * @group PocketBase + */ +declare class FieldsList implements core.FieldsList { + constructor(data?: Partial) +} + +interface Field extends core.Field{} // merge +/** + * Field model class, usually used as part of the FieldsList model. + * + * @group PocketBase + */ +declare class Field implements core.Field { + constructor(data?: Partial) +} + +interface NumberField extends core.NumberField{} // merge +/** + * {@inheritDoc core.NumberField} + * + * @group PocketBase + */ +declare class NumberField implements core.NumberField { + constructor(data?: Partial) +} + +interface BoolField extends core.BoolField{} // merge +/** + * {@inheritDoc core.BoolField} + * + * @group PocketBase + */ +declare class BoolField implements core.BoolField { + constructor(data?: Partial) +} + +interface TextField extends core.TextField{} // merge +/** + * {@inheritDoc core.TextField} + * + * @group PocketBase + */ +declare class TextField implements core.TextField { + constructor(data?: Partial) +} + +interface URLField extends core.URLField{} // merge +/** + * {@inheritDoc core.URLField} + * + * @group PocketBase + */ +declare class URLField implements core.URLField { + constructor(data?: Partial) +} + +interface EmailField extends core.EmailField{} // merge +/** + * {@inheritDoc core.EmailField} + * + * @group PocketBase + */ +declare class EmailField implements core.EmailField { + constructor(data?: Partial) +} + +interface EditorField extends core.EditorField{} // merge +/** + * {@inheritDoc core.EditorField} + * + * @group PocketBase + */ +declare class EditorField implements core.EditorField { + constructor(data?: Partial) +} + +interface PasswordField extends core.PasswordField{} // merge +/** + * {@inheritDoc core.PasswordField} + * + * @group PocketBase + */ +declare class PasswordField implements core.PasswordField { + constructor(data?: Partial) +} + +interface DateField extends core.DateField{} // merge +/** + * {@inheritDoc core.DateField} + * + * @group PocketBase + */ +declare class DateField implements core.DateField { + constructor(data?: Partial) +} + +interface AutodateField extends core.AutodateField{} // merge +/** + * {@inheritDoc core.AutodateField} + * + * @group PocketBase + */ +declare class AutodateField implements core.AutodateField { + constructor(data?: Partial) +} + +interface JSONField extends core.JSONField{} // merge +/** + * {@inheritDoc core.JSONField} + * + * @group PocketBase + */ +declare class JSONField implements core.JSONField { + constructor(data?: Partial) +} + +interface RelationField extends core.RelationField{} // merge +/** + * {@inheritDoc core.RelationField} + * + * @group PocketBase + */ +declare class RelationField implements core.RelationField { + constructor(data?: Partial) +} + +interface SelectField extends core.SelectField{} // merge +/** + * {@inheritDoc core.SelectField} + * + * @group PocketBase + */ +declare class SelectField implements core.SelectField { + constructor(data?: Partial) +} + +interface FileField extends core.FileField{} // merge +/** + * {@inheritDoc core.FileField} + * + * @group PocketBase + */ +declare class FileField implements core.FileField { + constructor(data?: Partial) +} + +interface GeoPointField extends core.GeoPointField{} // merge +/** + * {@inheritDoc core.GeoPointField} + * + * @group PocketBase + */ +declare class GeoPointField implements core.GeoPointField { + constructor(data?: Partial) +} + +interface MailerMessage extends mailer.Message{} // merge +/** + * MailerMessage defines a single email message. + * + * ` + "```" + `js + * const message = new MailerMessage({ + * from: { + * address: $app.settings().meta.senderAddress, + * name: $app.settings().meta.senderName, + * }, + * to: [{address: "test@example.com"}], + * subject: "YOUR_SUBJECT...", + * html: "YOUR_HTML_BODY...", + * }) + * + * $app.newMailClient().send(message) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class MailerMessage implements mailer.Message { + constructor(message?: Partial) +} + +interface Command extends cobra.Command{} // merge +/** + * Command defines a single console command. + * + * Example: + * + * ` + "```" + `js + * const command = new Command({ + * use: "hello", + * run: (cmd, args) => { console.log("Hello world!") }, + * }) + * + * $app.rootCmd.addCommand(command); + * ` + "```" + ` + * + * @group PocketBase + */ +declare class Command implements cobra.Command { + constructor(cmd?: Partial) +} + +/** + * RequestInfo defines a single core.RequestInfo instance, usually used + * as part of various filter checks. + * + * Example: + * + * ` + "```" + `js + * const authRecord = $app.findAuthRecordByEmail("users", "test@example.com") + * + * const info = new RequestInfo({ + * auth: authRecord, + * body: {"name": 123}, + * headers: {"x-token": "..."}, + * }) + * + * const record = $app.findFirstRecordByData("articles", "slug", "hello") + * + * const canAccess = $app.canAccessRecord(record, info, "@request.auth.id != '' && @request.body.name = 123") + * ` + "```" + ` + * + * @group PocketBase + */ +declare const RequestInfo: { + new(info?: Partial): core.RequestInfo + + // note: declare as "newable" const due to conflict with the RequestInfo TS node type +} + +/** + * Middleware defines a single request middleware handler. + * + * This class is usually used when you want to explicitly specify a priority to your custom route middleware. + * + * Example: + * + * ` + "```" + `js + * routerUse(new Middleware((e) => { + * console.log(e.request.url.path) + * return e.next() + * }, -10)) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class Middleware { + constructor( + func: string|((e: core.RequestEvent) => void), + priority?: number, + id?: string, + ) +} + +interface Timezone extends time.Location{} // merge +/** + * Timezone returns the timezone location with the given name. + * + * The name is expected to be a location name corresponding to a file + * in the IANA Time Zone database, such as "America/New_York". + * + * If the name is "Local", LoadLocation returns Local. + * + * If the name is "", invalid or "UTC", returns UTC. + * + * The constructor is equivalent to calling the Go ` + "`" + `time.LoadLocation(name)` + "`" + ` method. + * + * Example: + * + * ` + "```" + `js + * const zone = new Timezone("America/New_York") + * $app.cron().setTimezone(zone) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class Timezone implements time.Location { + constructor(name?: string) +} + +interface DateTime extends types.DateTime{} // merge +/** + * DateTime defines a single DateTime type instance. + * The returned date is always represented in UTC. + * + * Example: + * + * ` + "```" + `js + * const dt0 = new DateTime() // now + * + * // full datetime string + * const dt1 = new DateTime('2023-07-01 00:00:00.000Z') + * + * // datetime string with default "parse in" timezone location + * // + * // similar to new DateTime('2023-07-01 00:00:00 +01:00') or new DateTime('2023-07-01 00:00:00 +02:00') + * // but accounts for the daylight saving time (DST) + * const dt2 = new DateTime('2023-07-01 00:00:00', 'Europe/Amsterdam') + * ` + "```" + ` + * + * @group PocketBase + */ +declare class DateTime implements types.DateTime { + constructor(date?: string, defaultParseInLocation?: string) +} + +interface ValidationError extends ozzo_validation.Error{} // merge +/** + * ValidationError defines a single formatted data validation error, + * usually used as part of an error response. + * + * ` + "```" + `js + * new ValidationError("invalid_title", "Title is not valid") + * ` + "```" + ` + * + * @group PocketBase + */ +declare class ValidationError implements ozzo_validation.Error { + constructor(code?: string, message?: string) +} + +interface Cookie extends http.Cookie{} // merge +/** + * A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an + * HTTP response. + * + * Example: + * + * ` + "```" + `js + * routerAdd("POST", "/example", (c) => { + * c.setCookie(new Cookie({ + * name: "example_name", + * value: "example_value", + * path: "/", + * domain: "example.com", + * maxAge: 10, + * secure: true, + * httpOnly: true, + * sameSite: 3, + * })) + * + * return c.redirect(200, "/"); + * }) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class Cookie implements http.Cookie { + constructor(options?: Partial) +} + +interface SubscriptionMessage extends subscriptions.Message{} // merge +/** + * SubscriptionMessage defines a realtime subscription payload. + * + * Example: + * + * ` + "```" + `js + * onRealtimeConnectRequest((e) => { + * e.client.send(new SubscriptionMessage({ + * name: "example", + * data: '{"greeting": "Hello world"}' + * })) + * }) + * ` + "```" + ` + * + * @group PocketBase + */ +declare class SubscriptionMessage implements subscriptions.Message { + constructor(options?: Partial) +} + +// ------------------------------------------------------------------- +// dbxBinds +// ------------------------------------------------------------------- + +/** + * ` + "`$dbx`" + ` defines common utility for working with the DB abstraction. + * For examples and guides please check the [Database guide](https://pocketbase.io/docs/js-database). + * + * @group PocketBase + */ +declare namespace $dbx { + /** + * {@inheritDoc dbx.HashExp} + */ + export function hashExp(pairs: { [key:string]: any }): dbx.Expression + + let _in: dbx._in + export { _in as in } + + export let exp: dbx.newExp + export let not: dbx.not + export let and: dbx.and + export let or: dbx.or + export let notIn: dbx.notIn + export let like: dbx.like + export let orLike: dbx.orLike + export let notLike: dbx.notLike + export let orNotLike: dbx.orNotLike + export let exists: dbx.exists + export let notExists: dbx.notExists + export let between: dbx.between + export let notBetween: dbx.notBetween +} + +// ------------------------------------------------------------------- +// mailsBinds +// ------------------------------------------------------------------- + +/** + * ` + "`" + `$mails` + "`" + ` defines helpers to send common + * auth records emails like verification, password reset, etc. + * + * @group PocketBase + */ +declare namespace $mails { + let sendRecordPasswordReset: mails.sendRecordPasswordReset + let sendRecordVerification: mails.sendRecordVerification + let sendRecordChangeEmail: mails.sendRecordChangeEmail + let sendRecordOTP: mails.sendRecordOTP +} + +// ------------------------------------------------------------------- +// securityBinds +// ------------------------------------------------------------------- + +/** + * ` + "`" + `$security` + "`" + ` defines low level helpers for creating + * and parsing JWTs, random string generation, AES encryption, etc. + * + * @group PocketBase + */ +declare namespace $security { + let randomString: security.randomString + let randomStringWithAlphabet: security.randomStringWithAlphabet + let randomStringByRegex: security.randomStringByRegex + let pseudorandomString: security.pseudorandomString + let pseudorandomStringWithAlphabet: security.pseudorandomStringWithAlphabet + let encrypt: security.encrypt + let decrypt: security.decrypt + let hs256: security.hs256 + let hs512: security.hs512 + let equal: security.equal + let md5: security.md5 + let sha256: security.sha256 + let sha512: security.sha512 + + /** + * {@inheritDoc security.newJWT} + */ + export function createJWT(payload: { [key:string]: any }, signingKey: string, secDuration: number): string + + /** + * {@inheritDoc security.parseUnverifiedJWT} + */ + export function parseUnverifiedJWT(token: string): _TygojaDict + + /** + * {@inheritDoc security.parseJWT} + */ + export function parseJWT(token: string, verificationKey: string): _TygojaDict +} + +// ------------------------------------------------------------------- +// filesystemBinds +// ------------------------------------------------------------------- + +/** + * ` + "`" + `$filesystem` + "`" + ` defines common helpers for working + * with the PocketBase filesystem abstraction. + * + * @group PocketBase + */ +declare namespace $filesystem { + let fileFromPath: filesystem.newFileFromPath + let fileFromBytes: filesystem.newFileFromBytes + let fileFromMultipart: filesystem.newFileFromMultipart + + /** + * fileFromURL creates a new File from the provided url by + * downloading the resource and creating a BytesReader. + * + * Example: + * + * ` + "```" + `js + * // with default max timeout of 120sec + * const file1 = $filesystem.fileFromURL("https://...") + * + * // with custom timeout of 15sec + * const file2 = $filesystem.fileFromURL("https://...", 15) + * ` + "```" + ` + */ + export function fileFromURL(url: string, secTimeout?: number): filesystem.File +} + +// ------------------------------------------------------------------- +// filepathBinds +// ------------------------------------------------------------------- + +/** + * ` + "`$filepath`" + ` defines common helpers for manipulating filename + * paths in a way compatible with the target operating system-defined file paths. + * + * @group PocketBase + */ +declare namespace $filepath { + export let base: filepath.base + export let clean: filepath.clean + export let dir: filepath.dir + export let ext: filepath.ext + export let fromSlash: filepath.fromSlash + export let glob: filepath.glob + export let isAbs: filepath.isAbs + export let join: filepath.join + export let match: filepath.match + export let rel: filepath.rel + export let split: filepath.split + export let splitList: filepath.splitList + export let toSlash: filepath.toSlash + export let walk: filepath.walk + export let walkDir: filepath.walkDir +} + +// ------------------------------------------------------------------- +// osBinds +// ------------------------------------------------------------------- + +/** + * ` + "`$os`" + ` defines common helpers for working with the OS level primitives + * (eg. deleting directories, executing shell commands, etc.). + * + * @group PocketBase + */ +declare namespace $os { + /** + * Legacy alias for $os.cmd(). + */ + export let exec: exec.command + + /** + * Prepares an external OS command. + * + * Example: + * + * ` + "```" + `js + * // prepare the command to execute + * const cmd = $os.cmd('ls', '-sl') + * + * // execute the command and return its standard output as string + * const output = toString(cmd.output()); + * ` + "```" + ` + */ + export let cmd: exec.command + + /** + * Args hold the command-line arguments, starting with the program name. + */ + export let args: Array + + export let exit: os.exit + export let getenv: os.getenv + export let dirFS: os.dirFS + export let readFile: os.readFile + export let writeFile: os.writeFile + export let stat: os.stat + export let readDir: os.readDir + export let tempDir: os.tempDir + export let truncate: os.truncate + export let getwd: os.getwd + export let mkdir: os.mkdir + export let mkdirAll: os.mkdirAll + export let rename: os.rename + export let remove: os.remove + export let removeAll: os.removeAll +} + +// ------------------------------------------------------------------- +// formsBinds +// ------------------------------------------------------------------- + +interface AppleClientSecretCreateForm extends forms.AppleClientSecretCreate{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class AppleClientSecretCreateForm implements forms.AppleClientSecretCreate { + constructor(app: CoreApp) +} + +interface RecordUpsertForm extends forms.RecordUpsert{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class RecordUpsertForm implements forms.RecordUpsert { + constructor(app: CoreApp, record: core.Record) +} + +interface TestEmailSendForm extends forms.TestEmailSend{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class TestEmailSendForm implements forms.TestEmailSend { + constructor(app: CoreApp) +} + +interface TestS3FilesystemForm extends forms.TestS3Filesystem{} // merge +/** + * @inheritDoc + * @group PocketBase + */ +declare class TestS3FilesystemForm implements forms.TestS3Filesystem { + constructor(app: CoreApp) +} + +// ------------------------------------------------------------------- +// apisBinds +// ------------------------------------------------------------------- + +interface ApiError extends router.ApiError{} // merge +/** + * @inheritDoc + * + * @group PocketBase + */ +declare class ApiError implements router.ApiError { + constructor(status?: number, message?: string, data?: any) +} + +interface NotFoundError extends router.ApiError{} // merge +/** + * NotFounderor returns 404 ApiError. + * + * @group PocketBase + */ +declare class NotFoundError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface BadRequestError extends router.ApiError{} // merge +/** + * BadRequestError returns 400 ApiError. + * + * @group PocketBase + */ +declare class BadRequestError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface ForbiddenError extends router.ApiError{} // merge +/** + * ForbiddenError returns 403 ApiError. + * + * @group PocketBase + */ +declare class ForbiddenError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface UnauthorizedError extends router.ApiError{} // merge +/** + * UnauthorizedError returns 401 ApiError. + * + * @group PocketBase + */ +declare class UnauthorizedError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface TooManyRequestsError extends router.ApiError{} // merge +/** + * TooManyRequestsError returns 429 ApiError. + * + * @group PocketBase + */ +declare class TooManyRequestsError implements router.ApiError { + constructor(message?: string, data?: any) +} + +interface InternalServerError extends router.ApiError{} // merge +/** + * InternalServerError returns 429 ApiError. + * + * @group PocketBase + */ +declare class InternalServerError implements router.ApiError { + constructor(message?: string, data?: any) +} + +/** + * ` + "`" + `$apis` + "`" + ` defines commonly used PocketBase api helpers and middlewares. + * + * @group PocketBase + */ +declare namespace $apis { + /** + * Route handler to serve static directory content (html, js, css, etc.). + * + * If a file resource is missing and indexFallback is set, the request + * will be forwarded to the base index.html (useful for SPA). + */ + export function static(dir: string, indexFallback: boolean): (e: core.RequestEvent) => void + + let requireGuestOnly: apis.requireGuestOnly + let requireAuth: apis.requireAuth + let requireSuperuserAuth: apis.requireSuperuserAuth + let requireSuperuserOrOwnerAuth: apis.requireSuperuserOrOwnerAuth + let skipSuccessActivityLog: apis.skipSuccessActivityLog + let gzip: apis.gzip + let bodyLimit: apis.bodyLimit + let enrichRecord: apis.enrichRecord + let enrichRecords: apis.enrichRecords + + /** + * RecordAuthResponse writes standardized json record auth response + * into the specified request event. + * + * The authMethod argument specify the name of the current authentication method (eg. password, oauth2, etc.) + * that it is used primarily as an auth identifier during MFA and for login alerts. + * + * Set authMethod to empty string if you want to ignore the MFA checks and the login alerts + * (can be also adjusted additionally via the onRecordAuthRequest hook). + */ + export function recordAuthResponse(e: core.RequestEvent, authRecord: core.Record, authMethod: string, meta?: any): void +} + +// ------------------------------------------------------------------- +// httpClientBinds +// ------------------------------------------------------------------- + +// extra FormData overload to prevent TS warnings when used with non File/Blob value. +interface FormData { + append(key:string, value:any): void + set(key:string, value:any): void +} + +/** + * ` + "`" + `$http` + "`" + ` defines common methods for working with HTTP requests. + * + * @group PocketBase + */ +declare namespace $http { + /** + * Sends a single HTTP request. + * + * Example: + * + * ` + "```" + `js + * const res = $http.send({ + * method: "POST", + * url: "https://example.com", + * body: JSON.stringify({"title": "test"}), + * headers: { 'Content-Type': 'application/json' } + * }) + * + * console.log(res.statusCode) // the response HTTP status code + * console.log(res.headers) // the response headers (eg. res.headers['X-Custom'][0]) + * console.log(res.cookies) // the response cookies (eg. res.cookies.sessionId.value) + * console.log(res.body) // the response body as raw bytes slice + * console.log(res.json) // the response body as parsed json array or map + * ` + "```" + ` + */ + function send(config: { + url: string, + body?: string|FormData, + method?: string, // default to "GET" + headers?: { [key:string]: string }, + timeout?: number, // default to 120 + + // @deprecated please use body instead + data?: { [key:string]: any }, + }): { + statusCode: number, + headers: { [key:string]: Array }, + cookies: { [key:string]: http.Cookie }, + json: any, + body: Array, + + // @deprecated please use toString(result.body) instead + raw: string, + }; +} + +// ------------------------------------------------------------------- +// migrate only +// ------------------------------------------------------------------- + +/** + * Migrate defines a single migration upgrade/downgrade action. + * + * _Note that this method is available only in pb_migrations context._ + * + * @group PocketBase + */ +declare function migrate( + up: (txApp: CoreApp) => void, + down?: (txApp: CoreApp) => void +): void; +` + +var mapper = &jsvm.FieldMapper{} + +func main() { + declarations := heading + hooksDeclarations() + + gen := tygoja.New(tygoja.Config{ + Packages: map[string][]string{ + "github.com/go-ozzo/ozzo-validation/v4": {"Error"}, + "github.com/pocketbase/dbx": {"*"}, + "github.com/pocketbase/pocketbase/tools/security": {"*"}, + "github.com/pocketbase/pocketbase/tools/filesystem": {"*"}, + "github.com/pocketbase/pocketbase/tools/template": {"*"}, + "github.com/pocketbase/pocketbase/mails": {"*"}, + "github.com/pocketbase/pocketbase/apis": {"*"}, + "github.com/pocketbase/pocketbase/core": {"*"}, + "github.com/pocketbase/pocketbase/forms": {"*"}, + "github.com/pocketbase/pocketbase": {"*"}, + "path/filepath": {"*"}, + "os": {"*"}, + "os/exec": {"Command"}, + }, + FieldNameFormatter: func(s string) string { + return mapper.FieldName(nil, reflect.StructField{Name: s}) + }, + MethodNameFormatter: func(s string) string { + return mapper.MethodName(nil, reflect.Method{Name: s}) + }, + TypeMappings: map[string]string{ + "crypto.*": "any", + "acme.*": "any", + "autocert.*": "any", + "driver.*": "any", + "reflect.*": "any", + "fmt.*": "any", + "rand.*": "any", + "tls.*": "any", + "asn1.*": "any", + "pkix.*": "any", + "x509.*": "any", + "pflag.*": "any", + "flag.*": "any", + "log.*": "any", + "http.Client": "any", + "mail.Address": "{ address: string; name?: string; }", // prevents the LSP to complain in case no name is provided + }, + Indent: " ", // use only a single space to reduce slightly the size + WithPackageFunctions: true, + Heading: declarations, + }) + + result, err := gen.Generate() + if err != nil { + log.Fatal(err) + } + + _, filename, _, ok := runtime.Caller(0) + if !ok { + log.Fatal("Failed to get the current docs directory") + } + + // replace the original app interfaces with their non-"on*"" hooks equivalents + result = strings.ReplaceAll(result, "core.App", "CoreApp") + result = strings.ReplaceAll(result, "pocketbase.PocketBase", "PocketBase") + result = strings.ReplaceAll(result, "ORIGINAL_CORE_APP", "core.App") + result = strings.ReplaceAll(result, "ORIGINAL_POCKETBASE", "pocketbase.PocketBase") + + // prepend a timestamp with the generation time + // so that it can be compared without reading the entire file + result = fmt.Sprintf("// %d\n%s", time.Now().Unix(), result) + + parentDir := filepath.Dir(filename) + typesFile := filepath.Join(parentDir, "generated", "types.d.ts") + + if err := os.WriteFile(typesFile, []byte(result), 0644); err != nil { + log.Fatal(err) + } +} + +func hooksDeclarations() string { + var result strings.Builder + + excluded := []string{"OnServe"} + appType := reflect.TypeOf(struct{ core.App }{}) + totalMethods := appType.NumMethod() + + for i := 0; i < totalMethods; i++ { + method := appType.Method(i) + if !strings.HasPrefix(method.Name, "On") || list.ExistInSlice(method.Name, excluded) { + continue // not a hook or excluded + } + + hookType := method.Type.Out(0) + + withTags := strings.HasPrefix(hookType.String(), "*hook.TaggedHook") + + addMethod, ok := hookType.MethodByName("BindFunc") + if !ok { + continue + } + + addHanlder := addMethod.Type.In(1) + eventTypeName := strings.TrimPrefix(addHanlder.In(0).String(), "*") + + jsName := mapper.MethodName(appType, method) + result.WriteString("/** @group PocketBase */") + result.WriteString("declare function ") + result.WriteString(jsName) + result.WriteString("(handler: (e: ") + result.WriteString(eventTypeName) + result.WriteString(") => void") + if withTags { + result.WriteString(", ...tags: string[]") + } + result.WriteString("): void") + result.WriteString("\n") + } + + return result.String() +} diff --git a/plugins/jsvm/jsvm.go b/plugins/jsvm/jsvm.go new file mode 100644 index 0000000..d98f0f1 --- /dev/null +++ b/plugins/jsvm/jsvm.go @@ -0,0 +1,550 @@ +// Package jsvm implements pluggable utilities for binding a JS goja runtime +// to the PocketBase instance (loading migrations, attaching to app hooks, etc.). +// +// Example: +// +// jsvm.MustRegister(app, jsvm.Config{ +// HooksWatch: true, +// }) +package jsvm + +import ( + "bytes" + "errors" + "fmt" + "io" + "io/fs" + "os" + "path/filepath" + "regexp" + "runtime" + "strings" + "time" + + "github.com/dop251/goja" + "github.com/dop251/goja_nodejs/buffer" + "github.com/dop251/goja_nodejs/console" + "github.com/dop251/goja_nodejs/process" + "github.com/dop251/goja_nodejs/require" + "github.com/fatih/color" + "github.com/fsnotify/fsnotify" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/plugins/jsvm/internal/types/generated" + "github.com/pocketbase/pocketbase/tools/template" +) + +const typesFileName = "types.d.ts" + +var defaultScriptPath = "pb.js" + +func init() { + // For backward compatibility and consistency with the Go exposed + // methods that operate with relative paths (e.g. `$os.writeFile`), + // we define the "current JS module" as if it is a file in the current working directory + // (the filename itself doesn't really matter and in our case the hook handlers are executed as separate "programs"). + // + // This is necessary for `require(module)` to properly traverse parents node_modules (goja_nodejs#95). + cwd, err := os.Getwd() + if err != nil { + // truly rare case, log just for debug purposes + color.Yellow("Failed to retrieve the current working directory: %v", err) + } else { + defaultScriptPath = filepath.Join(cwd, defaultScriptPath) + } +} + +// Config defines the config options of the jsvm plugin. +type Config struct { + // OnInit is an optional function that will be called + // after a JS runtime is initialized, allowing you to + // attach custom Go variables and functions. + OnInit func(vm *goja.Runtime) + + // HooksWatch enables auto app restarts when a JS app hook file changes. + // + // Note that currently the application cannot be automatically restarted on Windows + // because the restart process relies on execve. + HooksWatch bool + + // HooksDir specifies the JS app hooks directory. + // + // If not set it fallbacks to a relative "pb_data/../pb_hooks" directory. + HooksDir string + + // HooksFilesPattern specifies a regular expression pattern that + // identify which file to load by the hook vm(s). + // + // If not set it fallbacks to `^.*(\.pb\.js|\.pb\.ts)$`, aka. any + // HookdsDir file ending in ".pb.js" or ".pb.ts" (the last one is to enforce IDE linters). + HooksFilesPattern string + + // HooksPoolSize specifies how many goja.Runtime instances to prewarm + // and keep for the JS app hooks gorotines execution. + // + // Zero or negative value means that it will create a new goja.Runtime + // on every fired goroutine. + HooksPoolSize int + + // MigrationsDir specifies the JS migrations directory. + // + // If not set it fallbacks to a relative "pb_data/../pb_migrations" directory. + MigrationsDir string + + // If not set it fallbacks to `^.*(\.js|\.ts)$`, aka. any MigrationDir file + // ending in ".js" or ".ts" (the last one is to enforce IDE linters). + MigrationsFilesPattern string + + // TypesDir specifies the directory where to store the embedded + // TypeScript declarations file. + // + // If not set it fallbacks to "pb_data". + // + // Note: Avoid using the same directory as the HooksDir when HooksWatch is enabled + // to prevent unnecessary app restarts when the types file is initially created. + TypesDir string +} + +// MustRegister registers the jsvm plugin in the provided app instance +// and panics if it fails. +// +// Example usage: +// +// jsvm.MustRegister(app, jsvm.Config{ +// OnInit: func(vm *goja.Runtime) { +// // register custom bindings +// vm.Set("myCustomVar", 123) +// }, +// }) +func MustRegister(app core.App, config Config) { + if err := Register(app, config); err != nil { + panic(err) + } +} + +// Register registers the jsvm plugin in the provided app instance. +func Register(app core.App, config Config) error { + p := &plugin{app: app, config: config} + + if p.config.HooksDir == "" { + p.config.HooksDir = filepath.Join(app.DataDir(), "../pb_hooks") + } + + if p.config.MigrationsDir == "" { + p.config.MigrationsDir = filepath.Join(app.DataDir(), "../pb_migrations") + } + + if p.config.HooksFilesPattern == "" { + p.config.HooksFilesPattern = `^.*(\.pb\.js|\.pb\.ts)$` + } + + if p.config.MigrationsFilesPattern == "" { + p.config.MigrationsFilesPattern = `^.*(\.js|\.ts)$` + } + + if p.config.TypesDir == "" { + p.config.TypesDir = app.DataDir() + } + + p.app.OnBootstrap().BindFunc(func(e *core.BootstrapEvent) error { + err := e.Next() + if err != nil { + return err + } + + // ensure that the user has the latest types declaration + err = p.refreshTypesFile() + if err != nil { + color.Yellow("Unable to refresh app types file: %v", err) + } + + return nil + }) + + if err := p.registerMigrations(); err != nil { + return fmt.Errorf("registerMigrations: %w", err) + } + + if err := p.registerHooks(); err != nil { + return fmt.Errorf("registerHooks: %w", err) + } + + return nil +} + +type plugin struct { + app core.App + config Config +} + +// registerMigrations registers the JS migrations loader. +func (p *plugin) registerMigrations() error { + // fetch all js migrations sorted by their filename + files, err := filesContent(p.config.MigrationsDir, p.config.MigrationsFilesPattern) + if err != nil { + return err + } + + registry := new(require.Registry) // this can be shared by multiple runtimes + + for file, content := range files { + vm := goja.New() + + registry.Enable(vm) + console.Enable(vm) + process.Enable(vm) + buffer.Enable(vm) + + baseBinds(vm) + dbxBinds(vm) + securityBinds(vm) + osBinds(vm) + filepathBinds(vm) + httpClientBinds(vm) + + vm.Set("migrate", func(up, down func(txApp core.App) error) { + core.AppMigrations.Register(up, down, file) + }) + + if p.config.OnInit != nil { + p.config.OnInit(vm) + } + + _, err := vm.RunScript(defaultScriptPath, string(content)) + if err != nil { + return fmt.Errorf("failed to run migration %s: %w", file, err) + } + } + + return nil +} + +// registerHooks registers the JS app hooks loader. +func (p *plugin) registerHooks() error { + // fetch all js hooks sorted by their filename + files, err := filesContent(p.config.HooksDir, p.config.HooksFilesPattern) + if err != nil { + return err + } + + // prepend the types reference directive + // + // note: it is loaded during startup to handle conveniently also + // the case when the HooksWatch option is enabled and the application + // restart on newly created file + for name, content := range files { + if len(content) != 0 { + // skip non-empty files for now to prevent accidental overwrite + continue + } + path := filepath.Join(p.config.HooksDir, name) + directive := `/// ` + if err := prependToEmptyFile(path, directive+"\n\n"); err != nil { + color.Yellow("Unable to prepend the types reference: %v", err) + } + } + + // initialize the hooks dir watcher + if p.config.HooksWatch { + if err := p.watchHooks(); err != nil { + color.Yellow("Unable to init hooks watcher: %v", err) + } + } + + if len(files) == 0 { + // no need to register the vms since there are no entrypoint files anyway + return nil + } + + absHooksDir, err := filepath.Abs(p.config.HooksDir) + if err != nil { + return err + } + + p.app.OnServe().BindFunc(func(e *core.ServeEvent) error { + e.Router.BindFunc(p.normalizeServeExceptions) + + return e.Next() + }) + + // safe to be shared across multiple vms + requireRegistry := new(require.Registry) + templateRegistry := template.NewRegistry() + + sharedBinds := func(vm *goja.Runtime) { + requireRegistry.Enable(vm) + console.Enable(vm) + process.Enable(vm) + buffer.Enable(vm) + + baseBinds(vm) + dbxBinds(vm) + filesystemBinds(vm) + securityBinds(vm) + osBinds(vm) + filepathBinds(vm) + httpClientBinds(vm) + formsBinds(vm) + apisBinds(vm) + mailsBinds(vm) + + vm.Set("$app", p.app) + vm.Set("$template", templateRegistry) + vm.Set("__hooks", absHooksDir) + + if p.config.OnInit != nil { + p.config.OnInit(vm) + } + } + + // initiliaze the executor vms + executors := newPool(p.config.HooksPoolSize, func() *goja.Runtime { + executor := goja.New() + sharedBinds(executor) + return executor + }) + + // initialize the loader vm + loader := goja.New() + sharedBinds(loader) + hooksBinds(p.app, loader, executors) + cronBinds(p.app, loader, executors) + routerBinds(p.app, loader, executors) + + for file, content := range files { + func() { + defer func() { + if err := recover(); err != nil { + fmtErr := fmt.Errorf("failed to execute %s:\n - %v", file, err) + + if p.config.HooksWatch { + color.Red("%v", fmtErr) + } else { + panic(fmtErr) + } + } + }() + + _, err := loader.RunScript(defaultScriptPath, string(content)) + if err != nil { + panic(err) + } + }() + } + + return nil +} + +// normalizeExceptions registers a global error handler that +// wraps the extracted goja exception error value for consistency +// when throwing or returning errors. +func (p *plugin) normalizeServeExceptions(e *core.RequestEvent) error { + err := e.Next() + + if err == nil || e.Written() { + return err // no error or already committed + } + + return normalizeException(err) +} + +// watchHooks initializes a hooks file watcher that will restart the +// application (*if possible) in case of a change in the hooks directory. +// +// This method does nothing if the hooks directory is missing. +func (p *plugin) watchHooks() error { + watchDir := p.config.HooksDir + + hooksDirInfo, err := os.Lstat(p.config.HooksDir) + if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return nil // no hooks dir to watch + } + return err + } + + if hooksDirInfo.Mode()&os.ModeSymlink == os.ModeSymlink { + watchDir, err = filepath.EvalSymlinks(p.config.HooksDir) + if err != nil { + return fmt.Errorf("failed to resolve hooksDir symink: %w", err) + } + } + + watcher, err := fsnotify.NewWatcher() + if err != nil { + return err + } + + var debounceTimer *time.Timer + + stopDebounceTimer := func() { + if debounceTimer != nil { + debounceTimer.Stop() + debounceTimer = nil + } + } + + p.app.OnTerminate().BindFunc(func(e *core.TerminateEvent) error { + watcher.Close() + + stopDebounceTimer() + + return e.Next() + }) + + // start listening for events. + go func() { + defer stopDebounceTimer() + + for { + select { + case event, ok := <-watcher.Events: + if !ok { + return + } + + stopDebounceTimer() + + debounceTimer = time.AfterFunc(50*time.Millisecond, func() { + // app restart is currently not supported on Windows + if runtime.GOOS == "windows" { + color.Yellow("File %s changed, please restart the app manually", event.Name) + } else { + color.Yellow("File %s changed, restarting...", event.Name) + if err := p.app.Restart(); err != nil { + color.Red("Failed to restart the app:", err) + } + } + }) + case err, ok := <-watcher.Errors: + if !ok { + return + } + color.Red("Watch error:", err) + } + } + }() + + // add directories to watch + // + // @todo replace once recursive watcher is added (https://github.com/fsnotify/fsnotify/issues/18) + dirsErr := filepath.WalkDir(watchDir, func(path string, entry fs.DirEntry, err error) error { + // ignore hidden directories, node_modules, symlinks, sockets, etc. + if !entry.IsDir() || entry.Name() == "node_modules" || strings.HasPrefix(entry.Name(), ".") { + return nil + } + + return watcher.Add(path) + }) + if dirsErr != nil { + watcher.Close() + } + + return dirsErr +} + +// fullTypesPathReturns returns the full path to the generated TS file. +func (p *plugin) fullTypesPath() string { + return filepath.Join(p.config.TypesDir, typesFileName) +} + +// relativeTypesPath returns a path to the generated TS file relative +// to the specified basepath. +// +// It fallbacks to the full path if generating the relative path fails. +func (p *plugin) relativeTypesPath(basepath string) string { + fullPath := p.fullTypesPath() + + rel, err := filepath.Rel(basepath, fullPath) + if err != nil { + // fallback to the full path + rel = fullPath + } + + return rel +} + +// refreshTypesFile saves the embedded TS declarations as a file on the disk. +func (p *plugin) refreshTypesFile() error { + fullPath := p.fullTypesPath() + + // ensure that the types directory exists + dir := filepath.Dir(fullPath) + if err := os.MkdirAll(dir, os.ModePerm); err != nil { + return err + } + + // retrieve the types data to write + data, err := generated.Types.ReadFile(typesFileName) + if err != nil { + return err + } + + // read the first timestamp line of the old file (if exists) and compare it to the embedded one + // (note: ignore errors to allow always overwriting the file if it is invalid) + existingFile, err := os.Open(fullPath) + if err == nil { + timestamp := make([]byte, 13) + io.ReadFull(existingFile, timestamp) + existingFile.Close() + + if len(data) >= len(timestamp) && bytes.Equal(data[:13], timestamp) { + return nil // nothing new to save + } + } + + return os.WriteFile(fullPath, data, 0644) +} + +// prependToEmptyFile prepends the specified text to an empty file. +// +// If the file is not empty this method does nothing. +func prependToEmptyFile(path, text string) error { + info, err := os.Stat(path) + + if err == nil && info.Size() == 0 { + return os.WriteFile(path, []byte(text), 0644) + } + + return err +} + +// filesContent returns a map with all direct files within the specified dir and their content. +// +// If directory with dirPath is missing or no files matching the pattern were found, +// it returns an empty map and no error. +// +// If pattern is empty string it matches all root files. +func filesContent(dirPath string, pattern string) (map[string][]byte, error) { + files, err := os.ReadDir(dirPath) + if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return map[string][]byte{}, nil + } + return nil, err + } + + var exp *regexp.Regexp + if pattern != "" { + var err error + if exp, err = regexp.Compile(pattern); err != nil { + return nil, err + } + } + + result := map[string][]byte{} + + for _, f := range files { + if f.IsDir() || (exp != nil && !exp.MatchString(f.Name())) { + continue + } + + raw, err := os.ReadFile(filepath.Join(dirPath, f.Name())) + if err != nil { + return nil, err + } + + result[f.Name()] = raw + } + + return result, nil +} diff --git a/plugins/jsvm/mapper.go b/plugins/jsvm/mapper.go new file mode 100644 index 0000000..d9c16bb --- /dev/null +++ b/plugins/jsvm/mapper.go @@ -0,0 +1,67 @@ +package jsvm + +import ( + "reflect" + "strings" + "unicode" + + "github.com/dop251/goja" +) + +var ( + _ goja.FieldNameMapper = (*FieldMapper)(nil) +) + +// FieldMapper provides custom mapping between Go and JavaScript property names. +// +// It is similar to the builtin "uncapFieldNameMapper" but also converts +// all uppercase identifiers to their lowercase equivalent (eg. "GET" -> "get"). +type FieldMapper struct { +} + +// FieldName implements the [FieldNameMapper.FieldName] interface method. +func (u FieldMapper) FieldName(_ reflect.Type, f reflect.StructField) string { + return convertGoToJSName(f.Name) +} + +// MethodName implements the [FieldNameMapper.MethodName] interface method. +func (u FieldMapper) MethodName(_ reflect.Type, m reflect.Method) string { + return convertGoToJSName(m.Name) +} + +var nameExceptions = map[string]string{"OAuth2": "oauth2"} + +func convertGoToJSName(name string) string { + if v, ok := nameExceptions[name]; ok { + return v + } + + startUppercase := make([]rune, 0, len(name)) + + for _, c := range name { + if c != '_' && !unicode.IsUpper(c) && !unicode.IsDigit(c) { + break + } + + startUppercase = append(startUppercase, c) + } + + totalStartUppercase := len(startUppercase) + + // all uppercase eg. "JSON" -> "json" + if len(name) == totalStartUppercase { + return strings.ToLower(name) + } + + // eg. "JSONField" -> "jsonField" + if totalStartUppercase > 1 { + return strings.ToLower(name[0:totalStartUppercase-1]) + name[totalStartUppercase-1:] + } + + // eg. "GetField" -> "getField" + if totalStartUppercase == 1 { + return strings.ToLower(name[0:1]) + name[1:] + } + + return name +} diff --git a/plugins/jsvm/mapper_test.go b/plugins/jsvm/mapper_test.go new file mode 100644 index 0000000..0cc020e --- /dev/null +++ b/plugins/jsvm/mapper_test.go @@ -0,0 +1,42 @@ +package jsvm_test + +import ( + "reflect" + "testing" + + "github.com/pocketbase/pocketbase/plugins/jsvm" +) + +func TestFieldMapper(t *testing.T) { + mapper := jsvm.FieldMapper{} + + scenarios := []struct { + name string + expected string + }{ + {"", ""}, + {"test", "test"}, + {"Test", "test"}, + {"miXeD", "miXeD"}, + {"MiXeD", "miXeD"}, + {"ResolveRequestAsJSON", "resolveRequestAsJSON"}, + {"Variable_with_underscore", "variable_with_underscore"}, + {"ALLCAPS", "allcaps"}, + {"ALL_CAPS_WITH_UNDERSCORE", "all_caps_with_underscore"}, + {"OIDCMap", "oidcMap"}, + {"MD5", "md5"}, + {"OAuth2", "oauth2"}, + } + + for i, s := range scenarios { + field := reflect.StructField{Name: s.name} + if v := mapper.FieldName(nil, field); v != s.expected { + t.Fatalf("[%d] Expected FieldName %q, got %q", i, s.expected, v) + } + + method := reflect.Method{Name: s.name} + if v := mapper.MethodName(nil, method); v != s.expected { + t.Fatalf("[%d] Expected MethodName %q, got %q", i, s.expected, v) + } + } +} diff --git a/plugins/jsvm/pool.go b/plugins/jsvm/pool.go new file mode 100644 index 0000000..e0174c5 --- /dev/null +++ b/plugins/jsvm/pool.go @@ -0,0 +1,73 @@ +package jsvm + +import ( + "sync" + + "github.com/dop251/goja" +) + +type poolItem struct { + mux sync.Mutex + busy bool + vm *goja.Runtime +} + +type vmsPool struct { + mux sync.RWMutex + factory func() *goja.Runtime + items []*poolItem +} + +// newPool creates a new pool with pre-warmed vms generated from the specified factory. +func newPool(size int, factory func() *goja.Runtime) *vmsPool { + pool := &vmsPool{ + factory: factory, + items: make([]*poolItem, size), + } + + for i := 0; i < size; i++ { + vm := pool.factory() + pool.items[i] = &poolItem{vm: vm} + } + + return pool +} + +// run executes "call" with a vm created from the pool +// (either from the buffer or a new one if all buffered vms are busy) +func (p *vmsPool) run(call func(vm *goja.Runtime) error) error { + p.mux.RLock() + + // try to find a free item + var freeItem *poolItem + for _, item := range p.items { + item.mux.Lock() + if item.busy { + item.mux.Unlock() + continue + } + item.busy = true + item.mux.Unlock() + freeItem = item + break + } + + p.mux.RUnlock() + + // create a new one-off item if of all of the pool items are currently busy + // + // note: if turned out not efficient we may change this in the future + // by adding the created item in the pool with some timer for removal + if freeItem == nil { + return call(p.factory()) + } + + execErr := call(freeItem.vm) + + // "free" the vm + freeItem.mux.Lock() + freeItem.busy = false + freeItem.mux.Unlock() + + return execErr +} diff --git a/plugins/migratecmd/automigrate.go b/plugins/migratecmd/automigrate.go new file mode 100644 index 0000000..a022a4e --- /dev/null +++ b/plugins/migratecmd/automigrate.go @@ -0,0 +1,106 @@ +package migratecmd + +import ( + "database/sql" + "errors" + "fmt" + "os" + "path/filepath" + "strings" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/core" +) + +// automigrateOnCollectionChange handles the automigration snapshot +// generation on collection change request event (create/update/delete). +func (p *plugin) automigrateOnCollectionChange(e *core.CollectionRequestEvent) error { + var err error + var old *core.Collection + if !e.Collection.IsNew() { + old, err = e.App.FindCollectionByNameOrId(e.Collection.Id) + if err != nil { + return err + } + } + + err = e.Next() + if err != nil { + return err + } + + new, err := p.app.FindCollectionByNameOrId(e.Collection.Id) + if err != nil && !errors.Is(err, sql.ErrNoRows) { + return err + } + + // for now exclude OAuth2 configs from the migration + if old != nil && old.IsAuth() { + old.OAuth2.Providers = nil + } + if new != nil && new.IsAuth() { + new.OAuth2.Providers = nil + } + + var template string + var templateErr error + if p.config.TemplateLang == TemplateLangJS { + template, templateErr = p.jsDiffTemplate(new, old) + } else { + template, templateErr = p.goDiffTemplate(new, old) + } + if templateErr != nil { + if errors.Is(templateErr, ErrEmptyTemplate) { + return nil // no changes + } + return fmt.Errorf("failed to resolve template: %w", templateErr) + } + + var action string + switch { + case new == nil: + action = "deleted_" + normalizeCollectionName(old.Name) + case old == nil: + action = "created_" + normalizeCollectionName(new.Name) + default: + action = "updated_" + normalizeCollectionName(old.Name) + } + + name := fmt.Sprintf("%d_%s.%s", time.Now().Unix(), action, p.config.TemplateLang) + filePath := filepath.Join(p.config.Dir, name) + + return p.app.RunInTransaction(func(txApp core.App) error { + // insert the migration entry + _, err := txApp.DB().Insert(core.DefaultMigrationsTable, dbx.Params{ + "file": name, + // use microseconds for more granular applied time in case + // multiple collection changes happens at the ~exact time + "applied": time.Now().UnixMicro(), + }).Execute() + if err != nil { + return err + } + + // ensure that the local migrations dir exist + if err := os.MkdirAll(p.config.Dir, os.ModePerm); err != nil { + return fmt.Errorf("failed to create migration dir: %w", err) + } + + if err := os.WriteFile(filePath, []byte(template), 0644); err != nil { + return fmt.Errorf("failed to save automigrate file: %w", err) + } + + return nil + }) +} + +func normalizeCollectionName(name string) string { + // adds an extra "_" suffix to the name in case the collection ends + // with "test" to prevent accidentally resulting in "_test.go"/"_test.js" files + if strings.HasSuffix(strings.ToLower(name), "test") { + name += "_" + } + + return name +} diff --git a/plugins/migratecmd/migratecmd.go b/plugins/migratecmd/migratecmd.go new file mode 100644 index 0000000..38485ff --- /dev/null +++ b/plugins/migratecmd/migratecmd.go @@ -0,0 +1,217 @@ +// Package migratecmd adds a new "migrate" command support to a PocketBase instance. +// +// It also comes with automigrations support and templates generation +// (both for JS and GO migration files). +// +// Example usage: +// +// migratecmd.MustRegister(app, app.RootCmd, migratecmd.Config{ +// TemplateLang: migratecmd.TemplateLangJS, // default to migratecmd.TemplateLangGo +// Automigrate: true, +// Dir: "/custom/migrations/dir", // optional template migrations path; default to "pb_migrations" (for JS) and "migrations" (for Go) +// }) +// +// Note: To allow running JS migrations you'll need to enable first +// [jsvm.MustRegister()]. +package migratecmd + +import ( + "errors" + "fmt" + "os" + "path" + "path/filepath" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/osutils" + "github.com/spf13/cobra" +) + +// Config defines the config options of the migratecmd plugin. +type Config struct { + // Dir specifies the directory with the user defined migrations. + // + // If not set it fallbacks to a relative "pb_data/../pb_migrations" (for js) + // or "pb_data/../migrations" (for go) directory. + Dir string + + // Automigrate specifies whether to enable automigrations. + Automigrate bool + + // TemplateLang specifies the template language to use when + // generating migrations - js or go (default). + TemplateLang string +} + +// MustRegister registers the migratecmd plugin to the provided app instance +// and panic if it fails. +// +// Example usage: +// +// migratecmd.MustRegister(app, app.RootCmd, migratecmd.Config{}) +func MustRegister(app core.App, rootCmd *cobra.Command, config Config) { + if err := Register(app, rootCmd, config); err != nil { + panic(err) + } +} + +// Register registers the migratecmd plugin to the provided app instance. +func Register(app core.App, rootCmd *cobra.Command, config Config) error { + p := &plugin{app: app, config: config} + + if p.config.TemplateLang == "" { + p.config.TemplateLang = TemplateLangGo + } + + if p.config.Dir == "" { + if p.config.TemplateLang == TemplateLangJS { + p.config.Dir = filepath.Join(p.app.DataDir(), "../pb_migrations") + } else { + p.config.Dir = filepath.Join(p.app.DataDir(), "../migrations") + } + } + + // attach the migrate command + if rootCmd != nil { + rootCmd.AddCommand(p.createCommand()) + } + + // watch for collection changes + if p.config.Automigrate { + p.app.OnCollectionCreateRequest().BindFunc(p.automigrateOnCollectionChange) + p.app.OnCollectionUpdateRequest().BindFunc(p.automigrateOnCollectionChange) + p.app.OnCollectionDeleteRequest().BindFunc(p.automigrateOnCollectionChange) + } + + return nil +} + +type plugin struct { + app core.App + config Config +} + +func (p *plugin) createCommand() *cobra.Command { + const cmdDesc = `Supported arguments are: +- up - runs all available migrations +- down [number] - reverts the last [number] applied migrations +- create name - creates new blank migration template file +- collections - creates new migration file with snapshot of the local collections configuration +- history-sync - ensures that the _migrations history table doesn't have references to deleted migration files +` + + command := &cobra.Command{ + Use: "migrate", + Short: "Executes app DB migration scripts", + Long: cmdDesc, + ValidArgs: []string{"up", "down", "create", "collections"}, + SilenceUsage: true, + RunE: func(command *cobra.Command, args []string) error { + cmd := "" + if len(args) > 0 { + cmd = args[0] + } + + switch cmd { + case "create": + if _, err := p.migrateCreateHandler("", args[1:], true); err != nil { + return err + } + case "collections": + if _, err := p.migrateCollectionsHandler(args[1:], true); err != nil { + return err + } + default: + // note: system migrations are always applied as part of the bootstrap process + var list = core.MigrationsList{} + list.Copy(core.SystemMigrations) + list.Copy(core.AppMigrations) + + runner := core.NewMigrationsRunner(p.app, list) + + if err := runner.Run(args...); err != nil { + return err + } + } + + return nil + }, + } + + return command +} + +func (p *plugin) migrateCreateHandler(template string, args []string, interactive bool) (string, error) { + if len(args) < 1 { + return "", errors.New("missing migration file name") + } + + name := args[0] + dir := p.config.Dir + + filename := fmt.Sprintf("%d_%s.%s", time.Now().Unix(), inflector.Snakecase(name), p.config.TemplateLang) + + resultFilePath := path.Join(dir, filename) + + if interactive { + confirm := osutils.YesNoPrompt(fmt.Sprintf("Do you really want to create migration %q?", resultFilePath), false) + if !confirm { + fmt.Println("The command has been cancelled") + return "", nil + } + } + + // get default create template + if template == "" { + var templateErr error + if p.config.TemplateLang == TemplateLangJS { + template, templateErr = p.jsBlankTemplate() + } else { + template, templateErr = p.goBlankTemplate() + } + if templateErr != nil { + return "", fmt.Errorf("failed to resolve create template: %v", templateErr) + } + } + + // ensure that the migrations dir exist + if err := os.MkdirAll(dir, os.ModePerm); err != nil { + return "", err + } + + // save the migration file + if err := os.WriteFile(resultFilePath, []byte(template), 0644); err != nil { + return "", fmt.Errorf("failed to save migration file %q: %v", resultFilePath, err) + } + + if interactive { + fmt.Printf("Successfully created file %q\n", resultFilePath) + } + + return filename, nil +} + +func (p *plugin) migrateCollectionsHandler(args []string, interactive bool) (string, error) { + createArgs := []string{"collections_snapshot"} + createArgs = append(createArgs, args...) + + collections := []*core.Collection{} + if err := p.app.CollectionQuery().OrderBy("created ASC").All(&collections); err != nil { + return "", fmt.Errorf("failed to fetch migrations list: %v", err) + } + + var template string + var templateErr error + if p.config.TemplateLang == TemplateLangJS { + template, templateErr = p.jsSnapshotTemplate(collections) + } else { + template, templateErr = p.goSnapshotTemplate(collections) + } + if templateErr != nil { + return "", fmt.Errorf("failed to resolve template: %v", templateErr) + } + + return p.migrateCreateHandler(template, createArgs, interactive) +} diff --git a/plugins/migratecmd/migratecmd_test.go b/plugins/migratecmd/migratecmd_test.go new file mode 100644 index 0000000..e349cb8 --- /dev/null +++ b/plugins/migratecmd/migratecmd_test.go @@ -0,0 +1,1337 @@ +package migratecmd_test + +import ( + "os" + "path/filepath" + "regexp" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/plugins/migratecmd" + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestAutomigrateCollectionCreate(t *testing.T) { + t.Parallel() + + scenarios := []struct { + lang string + expectedTemplate string + }{ + { + migratecmd.TemplateLangJS, + ` +/// +migrate((app) => { + const collection = new Collection({ + "authAlert": { + "emailTemplate": { + "body": "

Hello,

\n

We noticed a login to your {APP_NAME} account from a new location.

\n

If this was you, you may disregard this email.

\n

If this wasn't you, you should immediately change your {APP_NAME} account password to revoke access from all other locations.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Login from a new location" + }, + "enabled": true + }, + "authRule": "", + "authToken": { + "duration": 604800 + }, + "confirmEmailChangeTemplate": { + "body": "

Hello,

\n

Click on the button below to confirm your new email address.

\n

\n Confirm new email\n

\n

If you didn't ask to change your email address, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Confirm your {APP_NAME} new email address" + }, + "createRule": null, + "deleteRule": null, + "emailChangeToken": { + "duration": 1800 + }, + "fields": [ + { + "autogeneratePattern": "[a-z0-9]{15}", + "hidden": false, + "id": "text@TEST_RANDOM", + "max": 15, + "min": 15, + "name": "id", + "pattern": "^[a-z0-9]+$", + "presentable": false, + "primaryKey": true, + "required": true, + "system": true, + "type": "text" + }, + { + "cost": 0, + "hidden": true, + "id": "password@TEST_RANDOM", + "max": 0, + "min": 8, + "name": "password", + "pattern": "", + "presentable": false, + "required": true, + "system": true, + "type": "password" + }, + { + "autogeneratePattern": "[a-zA-Z0-9]{50}", + "hidden": true, + "id": "text@TEST_RANDOM", + "max": 60, + "min": 30, + "name": "tokenKey", + "pattern": "", + "presentable": false, + "primaryKey": false, + "required": true, + "system": true, + "type": "text" + }, + { + "exceptDomains": null, + "hidden": false, + "id": "email@TEST_RANDOM", + "name": "email", + "onlyDomains": null, + "presentable": false, + "required": true, + "system": true, + "type": "email" + }, + { + "hidden": false, + "id": "bool@TEST_RANDOM", + "name": "emailVisibility", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + }, + { + "hidden": false, + "id": "bool@TEST_RANDOM", + "name": "verified", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + } + ], + "fileToken": { + "duration": 180 + }, + "id": "@TEST_RANDOM", + "indexes": [ + "create index test on new_name (id)", + "CREATE UNIQUE INDEX ` + "`" + `idx_tokenKey_@TEST_RANDOM` + "`" + ` ON ` + "`" + `new_name` + "`" + ` (` + "`" + `tokenKey` + "`" + `)", + "CREATE UNIQUE INDEX ` + "`" + `idx_email_@TEST_RANDOM` + "`" + ` ON ` + "`" + `new_name` + "`" + ` (` + "`" + `email` + "`" + `) WHERE ` + "`" + `email` + "`" + ` != ''" + ], + "listRule": "@request.auth.id != '' && 1 > 0 || 'backtick` + "`" + `test' = 0", + "manageRule": "1 != 2", + "mfa": { + "duration": 1800, + "enabled": false, + "rule": "" + }, + "name": "new_name", + "oauth2": { + "enabled": false, + "mappedFields": { + "avatarURL": "", + "id": "", + "name": "", + "username": "" + } + }, + "otp": { + "duration": 180, + "emailTemplate": { + "body": "

Hello,

\n

Your one-time password is: {OTP}

\n

If you didn't ask for the one-time password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "OTP for {APP_NAME}" + }, + "enabled": false, + "length": 8 + }, + "passwordAuth": { + "enabled": true, + "identityFields": [ + "email" + ] + }, + "passwordResetToken": { + "duration": 1800 + }, + "resetPasswordTemplate": { + "body": "

Hello,

\n

Click on the button below to reset your password.

\n

\n Reset password\n

\n

If you didn't ask to reset your password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Reset your {APP_NAME} password" + }, + "system": true, + "type": "auth", + "updateRule": null, + "verificationTemplate": { + "body": "

Hello,

\n

Thank you for joining us at {APP_NAME}.

\n

Click on the button below to verify your email address.

\n

\n Verify\n

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Verify your {APP_NAME} email" + }, + "verificationToken": { + "duration": 259200 + }, + "viewRule": "id = \"1\"" + }); + + return app.save(collection); +}, (app) => { + const collection = app.findCollectionByNameOrId("@TEST_RANDOM"); + + return app.delete(collection); +}) +`, + }, + { + migratecmd.TemplateLangGo, + ` +package _test_migrations + +import ( + "encoding/json" + + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + jsonData := ` + "`" + `{ + "authAlert": { + "emailTemplate": { + "body": "

Hello,

\n

We noticed a login to your {APP_NAME} account from a new location.

\n

If this was you, you may disregard this email.

\n

If this wasn't you, you should immediately change your {APP_NAME} account password to revoke access from all other locations.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Login from a new location" + }, + "enabled": true + }, + "authRule": "", + "authToken": { + "duration": 604800 + }, + "confirmEmailChangeTemplate": { + "body": "

Hello,

\n

Click on the button below to confirm your new email address.

\n

\n Confirm new email\n

\n

If you didn't ask to change your email address, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Confirm your {APP_NAME} new email address" + }, + "createRule": null, + "deleteRule": null, + "emailChangeToken": { + "duration": 1800 + }, + "fields": [ + { + "autogeneratePattern": "[a-z0-9]{15}", + "hidden": false, + "id": "text@TEST_RANDOM", + "max": 15, + "min": 15, + "name": "id", + "pattern": "^[a-z0-9]+$", + "presentable": false, + "primaryKey": true, + "required": true, + "system": true, + "type": "text" + }, + { + "cost": 0, + "hidden": true, + "id": "password@TEST_RANDOM", + "max": 0, + "min": 8, + "name": "password", + "pattern": "", + "presentable": false, + "required": true, + "system": true, + "type": "password" + }, + { + "autogeneratePattern": "[a-zA-Z0-9]{50}", + "hidden": true, + "id": "text@TEST_RANDOM", + "max": 60, + "min": 30, + "name": "tokenKey", + "pattern": "", + "presentable": false, + "primaryKey": false, + "required": true, + "system": true, + "type": "text" + }, + { + "exceptDomains": null, + "hidden": false, + "id": "email@TEST_RANDOM", + "name": "email", + "onlyDomains": null, + "presentable": false, + "required": true, + "system": true, + "type": "email" + }, + { + "hidden": false, + "id": "bool@TEST_RANDOM", + "name": "emailVisibility", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + }, + { + "hidden": false, + "id": "bool@TEST_RANDOM", + "name": "verified", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + } + ], + "fileToken": { + "duration": 180 + }, + "id": "@TEST_RANDOM", + "indexes": [ + "create index test on new_name (id)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_tokenKey_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `new_name` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `tokenKey` + "` + \"`\" + `" + `)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_email_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `new_name` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + `) WHERE ` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + ` != ''" + ], + "listRule": "@request.auth.id != '' && 1 > 0 || 'backtick` + "` + \"`\" + `" + `test' = 0", + "manageRule": "1 != 2", + "mfa": { + "duration": 1800, + "enabled": false, + "rule": "" + }, + "name": "new_name", + "oauth2": { + "enabled": false, + "mappedFields": { + "avatarURL": "", + "id": "", + "name": "", + "username": "" + } + }, + "otp": { + "duration": 180, + "emailTemplate": { + "body": "

Hello,

\n

Your one-time password is: {OTP}

\n

If you didn't ask for the one-time password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "OTP for {APP_NAME}" + }, + "enabled": false, + "length": 8 + }, + "passwordAuth": { + "enabled": true, + "identityFields": [ + "email" + ] + }, + "passwordResetToken": { + "duration": 1800 + }, + "resetPasswordTemplate": { + "body": "

Hello,

\n

Click on the button below to reset your password.

\n

\n Reset password\n

\n

If you didn't ask to reset your password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Reset your {APP_NAME} password" + }, + "system": true, + "type": "auth", + "updateRule": null, + "verificationTemplate": { + "body": "

Hello,

\n

Thank you for joining us at {APP_NAME}.

\n

Click on the button below to verify your email address.

\n

\n Verify\n

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Verify your {APP_NAME} email" + }, + "verificationToken": { + "duration": 259200 + }, + "viewRule": "id = \"1\"" + }` + "`" + ` + + collection := &core.Collection{} + if err := json.Unmarshal([]byte(jsonData), &collection); err != nil { + return err + } + + return app.Save(collection) + }, func(app core.App) error { + collection, err := app.FindCollectionByNameOrId("@TEST_RANDOM") + if err != nil { + return err + } + + return app.Delete(collection) + }) +} +`, + }, + } + + for _, s := range scenarios { + t.Run(s.lang, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + migrationsDir := filepath.Join(app.DataDir(), "_test_migrations") + + migratecmd.MustRegister(app, nil, migratecmd.Config{ + TemplateLang: s.lang, + Automigrate: true, + Dir: migrationsDir, + }) + + app.Bootstrap() + + collection := core.NewAuthCollection("new_name") + collection.System = true + collection.ListRule = types.Pointer("@request.auth.id != '' && 1 > 0 || 'backtick`test' = 0") + collection.ViewRule = types.Pointer(`id = "1"`) + collection.Indexes = types.JSONArray[string]{"create index test on new_name (id)"} + collection.ManageRule = types.Pointer("1 != 2") + // should be ignored + collection.OAuth2.Providers = []core.OAuth2ProviderConfig{{Name: "gitlab", ClientId: "abc", ClientSecret: "123"}} + testSecret := strings.Repeat("a", 30) + collection.AuthToken.Secret = testSecret + collection.FileToken.Secret = testSecret + collection.EmailChangeToken.Secret = testSecret + collection.PasswordResetToken.Secret = testSecret + collection.VerificationToken.Secret = testSecret + + // save the newly created dummy collection (with mock request event) + event := new(core.CollectionRequestEvent) + event.RequestEvent = &core.RequestEvent{} + event.App = app + event.Collection = collection + err := app.OnCollectionCreateRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + return e.App.Save(e.Collection) + }) + if err != nil { + t.Fatalf("Failed to save the created dummy collection, got: %v", err) + } + + files, err := os.ReadDir(migrationsDir) + if err != nil { + t.Fatalf("Expected migrationsDir to be created, got %v", err) + } + + if total := len(files); total != 1 { + t.Fatalf("Expected 1 file to be generated, got %d: %v", total, files) + } + + expectedName := "_created_new_name." + s.lang + if !strings.Contains(files[0].Name(), expectedName) { + t.Fatalf("Expected filename to contains %q, got %q", expectedName, files[0].Name()) + } + + fullPath := filepath.Join(migrationsDir, files[0].Name()) + content, err := os.ReadFile(fullPath) + if err != nil { + t.Fatalf("Failed to read the generated migration file: %v", err) + } + contentStr := strings.TrimSpace(string(content)) + + // replace @TEST_RANDOM placeholder with a regex pattern + expectedTemplate := strings.ReplaceAll( + "^"+regexp.QuoteMeta(strings.TrimSpace(s.expectedTemplate))+"$", + "@TEST_RANDOM", + `\w+`, + ) + if !list.ExistInSliceWithRegex(contentStr, []string{expectedTemplate}) { + t.Fatalf("Expected template \n%v \ngot \n%v", s.expectedTemplate, contentStr) + } + }) + } +} + +func TestAutomigrateCollectionDelete(t *testing.T) { + t.Parallel() + + scenarios := []struct { + lang string + expectedTemplate string + }{ + { + migratecmd.TemplateLangJS, + ` +/// +migrate((app) => { + const collection = app.findCollectionByNameOrId("@TEST_RANDOM"); + + return app.delete(collection); +}, (app) => { + const collection = new Collection({ + "authAlert": { + "emailTemplate": { + "body": "

Hello,

\n

We noticed a login to your {APP_NAME} account from a new location.

\n

If this was you, you may disregard this email.

\n

If this wasn't you, you should immediately change your {APP_NAME} account password to revoke access from all other locations.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Login from a new location" + }, + "enabled": true + }, + "authRule": "", + "authToken": { + "duration": 604800 + }, + "confirmEmailChangeTemplate": { + "body": "

Hello,

\n

Click on the button below to confirm your new email address.

\n

\n Confirm new email\n

\n

If you didn't ask to change your email address, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Confirm your {APP_NAME} new email address" + }, + "createRule": null, + "deleteRule": null, + "emailChangeToken": { + "duration": 1800 + }, + "fields": [ + { + "autogeneratePattern": "[a-z0-9]{15}", + "hidden": false, + "id": "text@TEST_RANDOM", + "max": 15, + "min": 15, + "name": "id", + "pattern": "^[a-z0-9]+$", + "presentable": false, + "primaryKey": true, + "required": true, + "system": true, + "type": "text" + }, + { + "cost": 0, + "hidden": true, + "id": "password@TEST_RANDOM", + "max": 0, + "min": 8, + "name": "password", + "pattern": "", + "presentable": false, + "required": true, + "system": true, + "type": "password" + }, + { + "autogeneratePattern": "[a-zA-Z0-9]{50}", + "hidden": true, + "id": "text@TEST_RANDOM", + "max": 60, + "min": 30, + "name": "tokenKey", + "pattern": "", + "presentable": false, + "primaryKey": false, + "required": true, + "system": true, + "type": "text" + }, + { + "exceptDomains": null, + "hidden": false, + "id": "email3885137012", + "name": "email", + "onlyDomains": null, + "presentable": false, + "required": true, + "system": true, + "type": "email" + }, + { + "hidden": false, + "id": "bool@TEST_RANDOM", + "name": "emailVisibility", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + }, + { + "hidden": false, + "id": "bool256245529", + "name": "verified", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + } + ], + "fileToken": { + "duration": 180 + }, + "id": "@TEST_RANDOM", + "indexes": [ + "create index test on test123 (id)", + "CREATE UNIQUE INDEX ` + "`" + `idx_tokenKey_@TEST_RANDOM` + "`" + ` ON ` + "`" + `test123` + "`" + ` (` + "`" + `tokenKey` + "`" + `)", + "CREATE UNIQUE INDEX ` + "`" + `idx_email_@TEST_RANDOM` + "`" + ` ON ` + "`" + `test123` + "`" + ` (` + "`" + `email` + "`" + `) WHERE ` + "`" + `email` + "`" + ` != ''" + ], + "listRule": "@request.auth.id != '' && 1 > 0 || 'backtick` + "`" + `test' = 0", + "manageRule": "1 != 2", + "mfa": { + "duration": 1800, + "enabled": false, + "rule": "" + }, + "name": "test123", + "oauth2": { + "enabled": false, + "mappedFields": { + "avatarURL": "", + "id": "", + "name": "", + "username": "" + } + }, + "otp": { + "duration": 180, + "emailTemplate": { + "body": "

Hello,

\n

Your one-time password is: {OTP}

\n

If you didn't ask for the one-time password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "OTP for {APP_NAME}" + }, + "enabled": false, + "length": 8 + }, + "passwordAuth": { + "enabled": true, + "identityFields": [ + "email" + ] + }, + "passwordResetToken": { + "duration": 1800 + }, + "resetPasswordTemplate": { + "body": "

Hello,

\n

Click on the button below to reset your password.

\n

\n Reset password\n

\n

If you didn't ask to reset your password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Reset your {APP_NAME} password" + }, + "system": false, + "type": "auth", + "updateRule": null, + "verificationTemplate": { + "body": "

Hello,

\n

Thank you for joining us at {APP_NAME}.

\n

Click on the button below to verify your email address.

\n

\n Verify\n

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Verify your {APP_NAME} email" + }, + "verificationToken": { + "duration": 259200 + }, + "viewRule": "id = \"1\"" + }); + + return app.save(collection); +}) +`, + }, + { + migratecmd.TemplateLangGo, + ` +package _test_migrations + +import ( + "encoding/json" + + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + collection, err := app.FindCollectionByNameOrId("@TEST_RANDOM") + if err != nil { + return err + } + + return app.Delete(collection) + }, func(app core.App) error { + jsonData := ` + "`" + `{ + "authAlert": { + "emailTemplate": { + "body": "

Hello,

\n

We noticed a login to your {APP_NAME} account from a new location.

\n

If this was you, you may disregard this email.

\n

If this wasn't you, you should immediately change your {APP_NAME} account password to revoke access from all other locations.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Login from a new location" + }, + "enabled": true + }, + "authRule": "", + "authToken": { + "duration": 604800 + }, + "confirmEmailChangeTemplate": { + "body": "

Hello,

\n

Click on the button below to confirm your new email address.

\n

\n Confirm new email\n

\n

If you didn't ask to change your email address, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Confirm your {APP_NAME} new email address" + }, + "createRule": null, + "deleteRule": null, + "emailChangeToken": { + "duration": 1800 + }, + "fields": [ + { + "autogeneratePattern": "[a-z0-9]{15}", + "hidden": false, + "id": "text@TEST_RANDOM", + "max": 15, + "min": 15, + "name": "id", + "pattern": "^[a-z0-9]+$", + "presentable": false, + "primaryKey": true, + "required": true, + "system": true, + "type": "text" + }, + { + "cost": 0, + "hidden": true, + "id": "password@TEST_RANDOM", + "max": 0, + "min": 8, + "name": "password", + "pattern": "", + "presentable": false, + "required": true, + "system": true, + "type": "password" + }, + { + "autogeneratePattern": "[a-zA-Z0-9]{50}", + "hidden": true, + "id": "text@TEST_RANDOM", + "max": 60, + "min": 30, + "name": "tokenKey", + "pattern": "", + "presentable": false, + "primaryKey": false, + "required": true, + "system": true, + "type": "text" + }, + { + "exceptDomains": null, + "hidden": false, + "id": "email3885137012", + "name": "email", + "onlyDomains": null, + "presentable": false, + "required": true, + "system": true, + "type": "email" + }, + { + "hidden": false, + "id": "bool@TEST_RANDOM", + "name": "emailVisibility", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + }, + { + "hidden": false, + "id": "bool256245529", + "name": "verified", + "presentable": false, + "required": false, + "system": true, + "type": "bool" + } + ], + "fileToken": { + "duration": 180 + }, + "id": "@TEST_RANDOM", + "indexes": [ + "create index test on test123 (id)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_tokenKey_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `test123` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `tokenKey` + "` + \"`\" + `" + `)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_email_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `test123` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + `) WHERE ` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + ` != ''" + ], + "listRule": "@request.auth.id != '' && 1 > 0 || 'backtick` + "` + \"`\" + `" + `test' = 0", + "manageRule": "1 != 2", + "mfa": { + "duration": 1800, + "enabled": false, + "rule": "" + }, + "name": "test123", + "oauth2": { + "enabled": false, + "mappedFields": { + "avatarURL": "", + "id": "", + "name": "", + "username": "" + } + }, + "otp": { + "duration": 180, + "emailTemplate": { + "body": "

Hello,

\n

Your one-time password is: {OTP}

\n

If you didn't ask for the one-time password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "OTP for {APP_NAME}" + }, + "enabled": false, + "length": 8 + }, + "passwordAuth": { + "enabled": true, + "identityFields": [ + "email" + ] + }, + "passwordResetToken": { + "duration": 1800 + }, + "resetPasswordTemplate": { + "body": "

Hello,

\n

Click on the button below to reset your password.

\n

\n Reset password\n

\n

If you didn't ask to reset your password, you can ignore this email.

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Reset your {APP_NAME} password" + }, + "system": false, + "type": "auth", + "updateRule": null, + "verificationTemplate": { + "body": "

Hello,

\n

Thank you for joining us at {APP_NAME}.

\n

Click on the button below to verify your email address.

\n

\n Verify\n

\n

\n Thanks,
\n {APP_NAME} team\n

", + "subject": "Verify your {APP_NAME} email" + }, + "verificationToken": { + "duration": 259200 + }, + "viewRule": "id = \"1\"" + }` + "`" + ` + + collection := &core.Collection{} + if err := json.Unmarshal([]byte(jsonData), &collection); err != nil { + return err + } + + return app.Save(collection) + }) +} +`, + }, + } + + for _, s := range scenarios { + t.Run(s.lang, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + migrationsDir := filepath.Join(app.DataDir(), "_test_migrations") + + // create dummy collection + collection := core.NewAuthCollection("test123") + collection.ListRule = types.Pointer("@request.auth.id != '' && 1 > 0 || 'backtick`test' = 0") + collection.ViewRule = types.Pointer(`id = "1"`) + collection.Indexes = types.JSONArray[string]{"create index test on test123 (id)"} + collection.ManageRule = types.Pointer("1 != 2") + if err := app.Save(collection); err != nil { + t.Fatalf("Failed to save dummy collection, got: %v", err) + } + + migratecmd.MustRegister(app, nil, migratecmd.Config{ + TemplateLang: s.lang, + Automigrate: true, + Dir: migrationsDir, + }) + + app.Bootstrap() + + // delete the newly created dummy collection (with mock request event) + event := new(core.CollectionRequestEvent) + event.RequestEvent = &core.RequestEvent{} + event.App = app + event.Collection = collection + err := app.OnCollectionDeleteRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + return e.App.Delete(e.Collection) + }) + if err != nil { + t.Fatalf("Failed to delete dummy collection, got: %v", err) + } + + files, err := os.ReadDir(migrationsDir) + if err != nil { + t.Fatalf("Expected migrationsDir to be created, got: %v", err) + } + + if total := len(files); total != 1 { + t.Fatalf("Expected 1 file to be generated, got %d", total) + } + + expectedName := "_deleted_test123." + s.lang + if !strings.Contains(files[0].Name(), expectedName) { + t.Fatalf("Expected filename to contains %q, got %q", expectedName, files[0].Name()) + } + + fullPath := filepath.Join(migrationsDir, files[0].Name()) + content, err := os.ReadFile(fullPath) + if err != nil { + t.Fatalf("Failed to read the generated migration file: %v", err) + } + contentStr := strings.TrimSpace(string(content)) + + // replace @TEST_RANDOM placeholder with a regex pattern + expectedTemplate := strings.ReplaceAll( + "^"+regexp.QuoteMeta(strings.TrimSpace(s.expectedTemplate))+"$", + "@TEST_RANDOM", + `\w+`, + ) + if !list.ExistInSliceWithRegex(contentStr, []string{expectedTemplate}) { + t.Fatalf("Expected template \n%v \ngot \n%v", s.expectedTemplate, contentStr) + } + }) + } +} + +func TestAutomigrateCollectionUpdate(t *testing.T) { + t.Parallel() + + scenarios := []struct { + lang string + expectedTemplate string + }{ + { + migratecmd.TemplateLangJS, + ` +/// +migrate((app) => { + const collection = app.findCollectionByNameOrId("@TEST_RANDOM") + + // update collection data + unmarshal({ + "createRule": "id = \"nil_update\"", + "deleteRule": null, + "fileToken": { + "duration": 10 + }, + "indexes": [ + "create index test1 on test123_update (f1_name)", + "CREATE UNIQUE INDEX ` + "`" + `idx_tokenKey_@TEST_RANDOM` + "`" + ` ON ` + "`" + `test123_update` + "`" + ` (` + "`" + `tokenKey` + "`" + `)", + "CREATE UNIQUE INDEX ` + "`" + `idx_email_@TEST_RANDOM` + "`" + ` ON ` + "`" + `test123_update` + "`" + ` (` + "`" + `email` + "`" + `) WHERE ` + "`" + `email` + "`" + ` != ''" + ], + "listRule": "@request.auth.id != ''", + "name": "test123_update", + "oauth2": { + "enabled": true + }, + "updateRule": "id = \"2_update\"" + }, collection) + + // remove field + collection.fields.removeById("f3_id") + + // add field + collection.fields.addAt(8, new Field({ + "autogeneratePattern": "", + "hidden": false, + "id": "f4_id", + "max": 0, + "min": 0, + "name": "f4_name", + "pattern": "` + "`" + `test backtick` + "`" + `123", + "presentable": false, + "primaryKey": false, + "required": false, + "system": false, + "type": "text" + })) + + // update field + collection.fields.addAt(7, new Field({ + "hidden": false, + "id": "f2_id", + "max": null, + "min": 10, + "name": "f2_name_new", + "onlyInt": false, + "presentable": false, + "required": false, + "system": false, + "type": "number" + })) + + return app.save(collection) +}, (app) => { + const collection = app.findCollectionByNameOrId("@TEST_RANDOM") + + // update collection data + unmarshal({ + "createRule": null, + "deleteRule": "id = \"3\"", + "fileToken": { + "duration": 180 + }, + "indexes": [ + "create index test1 on test123 (f1_name)", + "CREATE UNIQUE INDEX ` + "`" + `idx_tokenKey_@TEST_RANDOM` + "`" + ` ON ` + "`" + `test123` + "`" + ` (` + "`" + `tokenKey` + "`" + `)", + "CREATE UNIQUE INDEX ` + "`" + `idx_email_@TEST_RANDOM` + "`" + ` ON ` + "`" + `test123` + "`" + ` (` + "`" + `email` + "`" + `) WHERE ` + "`" + `email` + "`" + ` != ''" + ], + "listRule": "@request.auth.id != '' && 1 != 2", + "name": "test123", + "oauth2": { + "enabled": false + }, + "updateRule": "id = \"2\"" + }, collection) + + // add field + collection.fields.addAt(8, new Field({ + "hidden": false, + "id": "f3_id", + "name": "f3_name", + "presentable": false, + "required": false, + "system": false, + "type": "bool" + })) + + // remove field + collection.fields.removeById("f4_id") + + // update field + collection.fields.addAt(7, new Field({ + "hidden": false, + "id": "f2_id", + "max": null, + "min": 10, + "name": "f2_name", + "onlyInt": false, + "presentable": false, + "required": false, + "system": false, + "type": "number" + })) + + return app.save(collection) +}) + +`, + }, + { + migratecmd.TemplateLangGo, + ` +package _test_migrations + +import ( + "encoding/json" + + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + collection, err := app.FindCollectionByNameOrId("@TEST_RANDOM") + if err != nil { + return err + } + + // update collection data + if err := json.Unmarshal([]byte(` + "`" + `{ + "createRule": "id = \"nil_update\"", + "deleteRule": null, + "fileToken": { + "duration": 10 + }, + "indexes": [ + "create index test1 on test123_update (f1_name)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_tokenKey_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `test123_update` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `tokenKey` + "` + \"`\" + `" + `)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_email_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `test123_update` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + `) WHERE ` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + ` != ''" + ], + "listRule": "@request.auth.id != ''", + "name": "test123_update", + "oauth2": { + "enabled": true + }, + "updateRule": "id = \"2_update\"" + }` + "`" + `), &collection); err != nil { + return err + } + + // remove field + collection.Fields.RemoveById("f3_id") + + // add field + if err := collection.Fields.AddMarshaledJSONAt(8, []byte(` + "`" + `{ + "autogeneratePattern": "", + "hidden": false, + "id": "f4_id", + "max": 0, + "min": 0, + "name": "f4_name", + "pattern": "` + "` + \"`\" + `" + `test backtick` + "` + \"`\" + `" + `123", + "presentable": false, + "primaryKey": false, + "required": false, + "system": false, + "type": "text" + }` + "`" + `)); err != nil { + return err + } + + // update field + if err := collection.Fields.AddMarshaledJSONAt(7, []byte(` + "`" + `{ + "hidden": false, + "id": "f2_id", + "max": null, + "min": 10, + "name": "f2_name_new", + "onlyInt": false, + "presentable": false, + "required": false, + "system": false, + "type": "number" + }` + "`" + `)); err != nil { + return err + } + + return app.Save(collection) + }, func(app core.App) error { + collection, err := app.FindCollectionByNameOrId("@TEST_RANDOM") + if err != nil { + return err + } + + // update collection data + if err := json.Unmarshal([]byte(` + "`" + `{ + "createRule": null, + "deleteRule": "id = \"3\"", + "fileToken": { + "duration": 180 + }, + "indexes": [ + "create index test1 on test123 (f1_name)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_tokenKey_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `test123` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `tokenKey` + "` + \"`\" + `" + `)", + "CREATE UNIQUE INDEX ` + "` + \"`\" + `" + `idx_email_@TEST_RANDOM` + "` + \"`\" + `" + ` ON ` + "` + \"`\" + `" + `test123` + "` + \"`\" + `" + ` (` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + `) WHERE ` + "` + \"`\" + `" + `email` + "` + \"`\" + `" + ` != ''" + ], + "listRule": "@request.auth.id != '' && 1 != 2", + "name": "test123", + "oauth2": { + "enabled": false + }, + "updateRule": "id = \"2\"" + }` + "`" + `), &collection); err != nil { + return err + } + + // add field + if err := collection.Fields.AddMarshaledJSONAt(8, []byte(` + "`" + `{ + "hidden": false, + "id": "f3_id", + "name": "f3_name", + "presentable": false, + "required": false, + "system": false, + "type": "bool" + }` + "`" + `)); err != nil { + return err + } + + // remove field + collection.Fields.RemoveById("f4_id") + + // update field + if err := collection.Fields.AddMarshaledJSONAt(7, []byte(` + "`" + `{ + "hidden": false, + "id": "f2_id", + "max": null, + "min": 10, + "name": "f2_name", + "onlyInt": false, + "presentable": false, + "required": false, + "system": false, + "type": "number" + }` + "`" + `)); err != nil { + return err + } + + return app.Save(collection) + }) +} +`, + }, + } + + for _, s := range scenarios { + t.Run(s.lang, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + migrationsDir := filepath.Join(app.DataDir(), "_test_migrations") + + // create dummy collection + collection := core.NewAuthCollection("test123") + collection.ListRule = types.Pointer("@request.auth.id != '' && 1 != 2") + collection.ViewRule = types.Pointer(`id = "1"`) + collection.UpdateRule = types.Pointer(`id = "2"`) + collection.CreateRule = nil + collection.DeleteRule = types.Pointer(`id = "3"`) + collection.Indexes = types.JSONArray[string]{"create index test1 on test123 (f1_name)"} + collection.ManageRule = types.Pointer("1 != 2") + collection.Fields.Add(&core.TextField{ + Id: "f1_id", + Name: "f1_name", + Required: true, + }) + collection.Fields.Add(&core.NumberField{ + Id: "f2_id", + Name: "f2_name", + Min: types.Pointer(10.0), + }) + collection.Fields.Add(&core.BoolField{ + Id: "f3_id", + Name: "f3_name", + }) + + if err := app.Save(collection); err != nil { + t.Fatalf("Failed to save dummy collection, got %v", err) + } + + // init plugin + migratecmd.MustRegister(app, nil, migratecmd.Config{ + TemplateLang: s.lang, + Automigrate: true, + Dir: migrationsDir, + }) + app.Bootstrap() + + // update the dummy collection + collection.Name = "test123_update" + collection.ListRule = types.Pointer("@request.auth.id != ''") + collection.ViewRule = types.Pointer(`id = "1"`) // no change + collection.UpdateRule = types.Pointer(`id = "2_update"`) + collection.CreateRule = types.Pointer(`id = "nil_update"`) + collection.DeleteRule = nil + collection.Indexes = types.JSONArray[string]{ + "create index test1 on test123_update (f1_name)", + } + collection.Fields.RemoveById("f3_id") + collection.Fields.Add(&core.TextField{ + Id: "f4_id", + Name: "f4_name", + Pattern: "`test backtick`123", + }) + f := collection.Fields.GetById("f2_id") + f.SetName("f2_name_new") + collection.OAuth2.Enabled = true + collection.FileToken.Duration = 10 + // should be ignored + collection.OAuth2.Providers = []core.OAuth2ProviderConfig{{Name: "gitlab", ClientId: "abc", ClientSecret: "123"}} + testSecret := strings.Repeat("b", 30) + collection.AuthToken.Secret = testSecret + collection.FileToken.Secret = testSecret + collection.EmailChangeToken.Secret = testSecret + collection.PasswordResetToken.Secret = testSecret + collection.VerificationToken.Secret = testSecret + + // save the changes and trigger automigrate (with mock request event) + event := new(core.CollectionRequestEvent) + event.RequestEvent = &core.RequestEvent{} + event.App = app + event.Collection = collection + err := app.OnCollectionUpdateRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + return e.App.Save(e.Collection) + }) + if err != nil { + t.Fatalf("Failed to save dummy collection changes, got %v", err) + } + + files, err := os.ReadDir(migrationsDir) + if err != nil { + t.Fatalf("Expected migrationsDir to be created, got: %v", err) + } + + if total := len(files); total != 1 { + t.Fatalf("Expected 1 file to be generated, got %d", total) + } + + expectedName := "_updated_test123." + s.lang + if !strings.Contains(files[0].Name(), expectedName) { + t.Fatalf("Expected filename to contains %q, got %q", expectedName, files[0].Name()) + } + + fullPath := filepath.Join(migrationsDir, files[0].Name()) + content, err := os.ReadFile(fullPath) + if err != nil { + t.Fatalf("Failed to read the generated migration file: %v", err) + } + contentStr := strings.TrimSpace(string(content)) + + // replace @TEST_RANDOM placeholder with a regex pattern + expectedTemplate := strings.ReplaceAll( + "^"+regexp.QuoteMeta(strings.TrimSpace(s.expectedTemplate))+"$", + "@TEST_RANDOM", + `\w+`, + ) + if !list.ExistInSliceWithRegex(contentStr, []string{expectedTemplate}) { + t.Fatalf("Expected template \n%v \ngot \n%v", s.expectedTemplate, contentStr) + } + }) + } +} + +func TestAutomigrateCollectionNoChanges(t *testing.T) { + t.Parallel() + + scenarios := []struct { + lang string + }{ + { + migratecmd.TemplateLangJS, + }, + { + migratecmd.TemplateLangGo, + }, + } + + for _, s := range scenarios { + t.Run(s.lang, func(t *testing.T) { + app, _ := tests.NewTestApp() + defer app.Cleanup() + + migrationsDir := filepath.Join(app.DataDir(), "_test_migrations") + + // create dummy collection + collection := core.NewAuthCollection("test123") + + if err := app.Save(collection); err != nil { + t.Fatalf("Failed to save dummy collection, got %v", err) + } + + // init plugin + migratecmd.MustRegister(app, nil, migratecmd.Config{ + TemplateLang: s.lang, + Automigrate: true, + Dir: migrationsDir, + }) + app.Bootstrap() + + // should be ignored + collection.OAuth2.Providers = []core.OAuth2ProviderConfig{{Name: "gitlab", ClientId: "abc", ClientSecret: "123"}} + testSecret := strings.Repeat("b", 30) + collection.AuthToken.Secret = testSecret + collection.FileToken.Secret = testSecret + collection.EmailChangeToken.Secret = testSecret + collection.PasswordResetToken.Secret = testSecret + collection.VerificationToken.Secret = testSecret + + // resave without other changes and trigger automigrate (with mock request event) + event := new(core.CollectionRequestEvent) + event.RequestEvent = &core.RequestEvent{} + event.App = app + event.Collection = collection + err := app.OnCollectionUpdateRequest().Trigger(event, func(e *core.CollectionRequestEvent) error { + return e.App.Save(e.Collection) + }) + if err != nil { + t.Fatalf("Failed to save dummy collection update, got %v", err) + } + + files, _ := os.ReadDir(migrationsDir) + if total := len(files); total != 0 { + t.Fatalf("Expected 0 files to be generated, got %d", total) + } + }) + } +} diff --git a/plugins/migratecmd/templates.go b/plugins/migratecmd/templates.go new file mode 100644 index 0000000..3667deb --- /dev/null +++ b/plugins/migratecmd/templates.go @@ -0,0 +1,769 @@ +package migratecmd + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "path/filepath" + "slices" + "strconv" + "strings" + + "github.com/pocketbase/pocketbase/core" +) + +const ( + TemplateLangJS = "js" + TemplateLangGo = "go" + + // note: this usually should be configurable similar to the jsvm plugin, + // but for simplicity is static as users can easily change the + // reference path if they use custom dirs structure + jsTypesDirective = `/// ` + "\n" +) + +var ErrEmptyTemplate = errors.New("empty template") + +// ------------------------------------------------------------------- +// JavaScript templates +// ------------------------------------------------------------------- + +func (p *plugin) jsBlankTemplate() (string, error) { + const template = jsTypesDirective + `migrate((app) => { + // add up queries... +}, (app) => { + // add down queries... +}) +` + + return template, nil +} + +func (p *plugin) jsSnapshotTemplate(collections []*core.Collection) (string, error) { + // unset timestamp fields + var collectionsData = make([]map[string]any, len(collections)) + for i, c := range collections { + data, err := toMap(c) + if err != nil { + return "", fmt.Errorf("failed to serialize %q into a map: %w", c.Name, err) + } + delete(data, "created") + delete(data, "updated") + deleteNestedMapKey(data, "oauth2", "providers") + collectionsData[i] = data + } + + jsonData, err := marhshalWithoutEscape(collectionsData, " ", " ") + if err != nil { + return "", fmt.Errorf("failed to serialize collections list: %w", err) + } + + const template = jsTypesDirective + `migrate((app) => { + const snapshot = %s; + + return app.importCollections(snapshot, false); +}, (app) => { + return null; +}) +` + + return fmt.Sprintf(template, string(jsonData)), nil +} + +func (p *plugin) jsCreateTemplate(collection *core.Collection) (string, error) { + // unset timestamp fields + collectionData, err := toMap(collection) + if err != nil { + return "", err + } + delete(collectionData, "created") + delete(collectionData, "updated") + deleteNestedMapKey(collectionData, "oauth2", "providers") + + jsonData, err := marhshalWithoutEscape(collectionData, " ", " ") + if err != nil { + return "", fmt.Errorf("failed to serialize collection: %w", err) + } + + const template = jsTypesDirective + `migrate((app) => { + const collection = new Collection(%s); + + return app.save(collection); +}, (app) => { + const collection = app.findCollectionByNameOrId(%q); + + return app.delete(collection); +}) +` + + return fmt.Sprintf(template, string(jsonData), collection.Id), nil +} + +func (p *plugin) jsDeleteTemplate(collection *core.Collection) (string, error) { + // unset timestamp fields + collectionData, err := toMap(collection) + if err != nil { + return "", err + } + delete(collectionData, "created") + delete(collectionData, "updated") + deleteNestedMapKey(collectionData, "oauth2", "providers") + + jsonData, err := marhshalWithoutEscape(collectionData, " ", " ") + if err != nil { + return "", fmt.Errorf("failed to serialize collections list: %w", err) + } + + const template = jsTypesDirective + `migrate((app) => { + const collection = app.findCollectionByNameOrId(%q); + + return app.delete(collection); +}, (app) => { + const collection = new Collection(%s); + + return app.save(collection); +}) +` + + return fmt.Sprintf(template, collection.Id, string(jsonData)), nil +} + +func (p *plugin) jsDiffTemplate(new *core.Collection, old *core.Collection) (string, error) { + if new == nil && old == nil { + return "", errors.New("the diff template require at least one of the collection to be non-nil") + } + + if new == nil { + return p.jsDeleteTemplate(old) + } + + if old == nil { + return p.jsCreateTemplate(new) + } + + upParts := []string{} + downParts := []string{} + varName := "collection" + + newMap, err := toMap(new) + if err != nil { + return "", err + } + + oldMap, err := toMap(old) + if err != nil { + return "", err + } + + // non-fields + // ----------------------------------------------------------------- + + upDiff := diffMaps(oldMap, newMap, "fields", "created", "updated") + if len(upDiff) > 0 { + downDiff := diffMaps(newMap, oldMap, "fields", "created", "updated") + + rawUpDiff, err := marhshalWithoutEscape(upDiff, " ", " ") + if err != nil { + return "", err + } + + rawDownDiff, err := marhshalWithoutEscape(downDiff, " ", " ") + if err != nil { + return "", err + } + + upParts = append(upParts, "// update collection data") + upParts = append(upParts, fmt.Sprintf("unmarshal(%s, %s)", string(rawUpDiff), varName)+"\n") + // --- + downParts = append(downParts, "// update collection data") + downParts = append(downParts, fmt.Sprintf("unmarshal(%s, %s)", string(rawDownDiff), varName)+"\n") + } + + // fields + // ----------------------------------------------------------------- + + oldFieldsSlice, ok := oldMap["fields"].([]any) + if !ok { + return "", errors.New(`oldMap["fields"] is not []any`) + } + + newFieldsSlice, ok := newMap["fields"].([]any) + if !ok { + return "", errors.New(`newMap["fields"] is not []any`) + } + + // deleted fields + for i, oldField := range old.Fields { + if new.Fields.GetById(oldField.GetId()) != nil { + continue // exist + } + + rawOldField, err := marhshalWithoutEscape(oldFieldsSlice[i], " ", " ") + if err != nil { + return "", err + } + + upParts = append(upParts, "// remove field") + upParts = append(upParts, fmt.Sprintf("%s.fields.removeById(%q)\n", varName, oldField.GetId())) + + downParts = append(downParts, "// add field") + downParts = append(downParts, fmt.Sprintf("%s.fields.addAt(%d, new Field(%s))\n", varName, i, rawOldField)) + } + + // created fields + for i, newField := range new.Fields { + if old.Fields.GetById(newField.GetId()) != nil { + continue // exist + } + + rawNewField, err := marhshalWithoutEscape(newFieldsSlice[i], " ", " ") + if err != nil { + return "", err + } + + upParts = append(upParts, "// add field") + upParts = append(upParts, fmt.Sprintf("%s.fields.addAt(%d, new Field(%s))\n", varName, i, rawNewField)) + + downParts = append(downParts, "// remove field") + downParts = append(downParts, fmt.Sprintf("%s.fields.removeById(%q)\n", varName, newField.GetId())) + } + + // modified fields + // (note currently ignoring order-only changes as it comes with too many edge-cases) + for i, newField := range new.Fields { + var rawNewField, rawOldField []byte + + rawNewField, err = marhshalWithoutEscape(newFieldsSlice[i], " ", " ") + if err != nil { + return "", err + } + + var oldFieldIndex int + + for j, oldField := range old.Fields { + if oldField.GetId() == newField.GetId() { + rawOldField, err = marhshalWithoutEscape(oldFieldsSlice[j], " ", " ") + if err != nil { + return "", err + } + oldFieldIndex = j + break + } + } + + if rawOldField == nil || bytes.Equal(rawNewField, rawOldField) { + continue // new field or no change + } + + upParts = append(upParts, "// update field") + upParts = append(upParts, fmt.Sprintf("%s.fields.addAt(%d, new Field(%s))\n", varName, i, rawNewField)) + + downParts = append(downParts, "// update field") + downParts = append(downParts, fmt.Sprintf("%s.fields.addAt(%d, new Field(%s))\n", varName, oldFieldIndex, rawOldField)) + } + + // ----------------------------------------------------------------- + + if len(upParts) == 0 && len(downParts) == 0 { + return "", ErrEmptyTemplate + } + + up := strings.Join(upParts, "\n ") + down := strings.Join(downParts, "\n ") + + const template = jsTypesDirective + `migrate((app) => { + const collection = app.findCollectionByNameOrId(%q) + + %s + + return app.save(collection) +}, (app) => { + const collection = app.findCollectionByNameOrId(%q) + + %s + + return app.save(collection) +}) +` + + return fmt.Sprintf( + template, + old.Id, strings.TrimSpace(up), + new.Id, strings.TrimSpace(down), + ), nil +} + +// ------------------------------------------------------------------- +// Go templates +// ------------------------------------------------------------------- + +func (p *plugin) goBlankTemplate() (string, error) { + const template = `package %s + +import ( + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + // add up queries... + + return nil + }, func(app core.App) error { + // add down queries... + + return nil + }) +} +` + + return fmt.Sprintf(template, filepath.Base(p.config.Dir)), nil +} + +func (p *plugin) goSnapshotTemplate(collections []*core.Collection) (string, error) { + // unset timestamp fields + var collectionsData = make([]map[string]any, len(collections)) + for i, c := range collections { + data, err := toMap(c) + if err != nil { + return "", fmt.Errorf("failed to serialize %q into a map: %w", c.Name, err) + } + delete(data, "created") + delete(data, "updated") + deleteNestedMapKey(data, "oauth2", "providers") + collectionsData[i] = data + } + + jsonData, err := marhshalWithoutEscape(collectionsData, "\t\t", "\t") + if err != nil { + return "", fmt.Errorf("failed to serialize collections list: %w", err) + } + + const template = `package %s + +import ( + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + jsonData := ` + "`%s`" + ` + + return app.ImportCollectionsByMarshaledJSON([]byte(jsonData), false) + }, func(app core.App) error { + return nil + }) +} +` + return fmt.Sprintf( + template, + filepath.Base(p.config.Dir), + escapeBacktick(string(jsonData)), + ), nil +} + +func (p *plugin) goCreateTemplate(collection *core.Collection) (string, error) { + // unset timestamp fields + collectionData, err := toMap(collection) + if err != nil { + return "", err + } + delete(collectionData, "created") + delete(collectionData, "updated") + deleteNestedMapKey(collectionData, "oauth2", "providers") + + jsonData, err := marhshalWithoutEscape(collectionData, "\t\t", "\t") + if err != nil { + return "", fmt.Errorf("failed to serialize collections list: %w", err) + } + + const template = `package %s + +import ( + "encoding/json" + + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + jsonData := ` + "`%s`" + ` + + collection := &core.Collection{} + if err := json.Unmarshal([]byte(jsonData), &collection); err != nil { + return err + } + + return app.Save(collection) + }, func(app core.App) error { + collection, err := app.FindCollectionByNameOrId(%q) + if err != nil { + return err + } + + return app.Delete(collection) + }) +} +` + + return fmt.Sprintf( + template, + filepath.Base(p.config.Dir), + escapeBacktick(string(jsonData)), + collection.Id, + ), nil +} + +func (p *plugin) goDeleteTemplate(collection *core.Collection) (string, error) { + // unset timestamp fields + collectionData, err := toMap(collection) + if err != nil { + return "", err + } + delete(collectionData, "created") + delete(collectionData, "updated") + deleteNestedMapKey(collectionData, "oauth2", "providers") + + jsonData, err := marhshalWithoutEscape(collectionData, "\t\t", "\t") + if err != nil { + return "", fmt.Errorf("failed to serialize collections list: %w", err) + } + + const template = `package %s + +import ( + "encoding/json" + + "github.com/pocketbase/pocketbase/core" + m "github.com/pocketbase/pocketbase/migrations" +) + +func init() { + m.Register(func(app core.App) error { + collection, err := app.FindCollectionByNameOrId(%q) + if err != nil { + return err + } + + return app.Delete(collection) + }, func(app core.App) error { + jsonData := ` + "`%s`" + ` + + collection := &core.Collection{} + if err := json.Unmarshal([]byte(jsonData), &collection); err != nil { + return err + } + + return app.Save(collection) + }) +} +` + + return fmt.Sprintf( + template, + filepath.Base(p.config.Dir), + collection.Id, + escapeBacktick(string(jsonData)), + ), nil +} + +func (p *plugin) goDiffTemplate(new *core.Collection, old *core.Collection) (string, error) { + if new == nil && old == nil { + return "", errors.New("the diff template require at least one of the collection to be non-nil") + } + + if new == nil { + return p.goDeleteTemplate(old) + } + + if old == nil { + return p.goCreateTemplate(new) + } + + upParts := []string{} + downParts := []string{} + varName := "collection" + + newMap, err := toMap(new) + if err != nil { + return "", err + } + + oldMap, err := toMap(old) + if err != nil { + return "", err + } + + // non-fields + // ----------------------------------------------------------------- + + upDiff := diffMaps(oldMap, newMap, "fields", "created", "updated") + if len(upDiff) > 0 { + downDiff := diffMaps(newMap, oldMap, "fields", "created", "updated") + + rawUpDiff, err := marhshalWithoutEscape(upDiff, "\t\t", "\t") + if err != nil { + return "", err + } + + rawDownDiff, err := marhshalWithoutEscape(downDiff, "\t\t", "\t") + if err != nil { + return "", err + } + + upParts = append(upParts, "// update collection data") + upParts = append(upParts, goErrIf(fmt.Sprintf("json.Unmarshal([]byte(`%s`), &%s)", escapeBacktick(string(rawUpDiff)), varName))) + // --- + downParts = append(downParts, "// update collection data") + downParts = append(downParts, goErrIf(fmt.Sprintf("json.Unmarshal([]byte(`%s`), &%s)", escapeBacktick(string(rawDownDiff)), varName))) + } + + // fields + // ----------------------------------------------------------------- + + oldFieldsSlice, ok := oldMap["fields"].([]any) + if !ok { + return "", errors.New(`oldMap["fields"] is not []any`) + } + + newFieldsSlice, ok := newMap["fields"].([]any) + if !ok { + return "", errors.New(`newMap["fields"] is not []any`) + } + + // deleted fields + for i, oldField := range old.Fields { + if new.Fields.GetById(oldField.GetId()) != nil { + continue // exist + } + + rawOldField, err := marhshalWithoutEscape(oldFieldsSlice[i], "\t\t", "\t") + if err != nil { + return "", err + } + + upParts = append(upParts, "// remove field") + upParts = append(upParts, fmt.Sprintf("%s.Fields.RemoveById(%q)\n", varName, oldField.GetId())) + + downParts = append(downParts, "// add field") + downParts = append(downParts, goErrIf(fmt.Sprintf("%s.Fields.AddMarshaledJSONAt(%d, []byte(`%s`))", varName, i, escapeBacktick(string(rawOldField))))) + } + + // created fields + for i, newField := range new.Fields { + if old.Fields.GetById(newField.GetId()) != nil { + continue // exist + } + + rawNewField, err := marhshalWithoutEscape(newFieldsSlice[i], "\t\t", "\t") + if err != nil { + return "", err + } + + upParts = append(upParts, "// add field") + upParts = append(upParts, goErrIf(fmt.Sprintf("%s.Fields.AddMarshaledJSONAt(%d, []byte(`%s`))", varName, i, escapeBacktick(string(rawNewField))))) + + downParts = append(downParts, "// remove field") + downParts = append(downParts, fmt.Sprintf("%s.Fields.RemoveById(%q)\n", varName, newField.GetId())) + } + + // modified fields + // (note currently ignoring order-only changes as it comes with too many edge-cases) + for i, newField := range new.Fields { + var rawNewField, rawOldField []byte + + rawNewField, err = marhshalWithoutEscape(newFieldsSlice[i], "\t\t", "\t") + if err != nil { + return "", err + } + + var oldFieldIndex int + + for j, oldField := range old.Fields { + if oldField.GetId() == newField.GetId() { + rawOldField, err = marhshalWithoutEscape(oldFieldsSlice[j], "\t\t", "\t") + if err != nil { + return "", err + } + oldFieldIndex = j + break + } + } + + if rawOldField == nil || bytes.Equal(rawNewField, rawOldField) { + continue // new field or no change + } + + upParts = append(upParts, "// update field") + upParts = append(upParts, goErrIf(fmt.Sprintf("%s.Fields.AddMarshaledJSONAt(%d, []byte(`%s`))", varName, i, escapeBacktick(string(rawNewField))))) + + downParts = append(downParts, "// update field") + downParts = append(downParts, goErrIf(fmt.Sprintf("%s.Fields.AddMarshaledJSONAt(%d, []byte(`%s`))", varName, oldFieldIndex, escapeBacktick(string(rawOldField))))) + } + + // --------------------------------------------------------------- + + if len(upParts) == 0 && len(downParts) == 0 { + return "", ErrEmptyTemplate + } + + up := strings.Join(upParts, "\n\t\t") + down := strings.Join(downParts, "\n\t\t") + combined := up + down + + // generate imports + // --- + var imports string + + if strings.Contains(combined, "json.Unmarshal(") || + strings.Contains(combined, "json.Marshal(") { + imports += "\n\t\"encoding/json\"\n" + } + + imports += "\n\t\"github.com/pocketbase/pocketbase/core\"" + imports += "\n\tm \"github.com/pocketbase/pocketbase/migrations\"" + // --- + + const template = `package %s + +import (%s +) + +func init() { + m.Register(func(app core.App) error { + collection, err := app.FindCollectionByNameOrId(%q) + if err != nil { + return err + } + + %s + + return app.Save(collection) + }, func(app core.App) error { + collection, err := app.FindCollectionByNameOrId(%q) + if err != nil { + return err + } + + %s + + return app.Save(collection) + }) +} +` + + return fmt.Sprintf( + template, + filepath.Base(p.config.Dir), + imports, + old.Id, strings.TrimSpace(up), + new.Id, strings.TrimSpace(down), + ), nil +} + +func marhshalWithoutEscape(v any, prefix string, indent string) ([]byte, error) { + raw, err := json.MarshalIndent(v, prefix, indent) + if err != nil { + return nil, err + } + + // unescape escaped unicode characters + unescaped, err := strconv.Unquote(strings.ReplaceAll(strconv.Quote(string(raw)), `\\u`, `\u`)) + if err != nil { + return nil, err + } + + return []byte(unescaped), nil +} + +func escapeBacktick(v string) string { + return strings.ReplaceAll(v, "`", "` + \"`\" + `") +} + +func goErrIf(v string) string { + return "if err := " + v + "; err != nil {\n\t\t\treturn err\n\t\t}\n" +} + +func toMap(v any) (map[string]any, error) { + raw, err := json.Marshal(v) + if err != nil { + return nil, err + } + + result := map[string]any{} + + err = json.Unmarshal(raw, &result) + if err != nil { + return nil, err + } + + return result, nil +} + +func diffMaps(old, new map[string]any, excludeKeys ...string) map[string]any { + diff := map[string]any{} + + for k, vNew := range new { + if slices.Contains(excludeKeys, k) { + continue + } + + vOld, ok := old[k] + if !ok { + // new field + diff[k] = vNew + continue + } + + // compare the serialized version of the values in case of slice or other custom type + rawOld, _ := json.Marshal(vOld) + rawNew, _ := json.Marshal(vNew) + + if !bytes.Equal(rawOld, rawNew) { + // if both are maps add recursively only the changed fields + vOldMap, ok1 := vOld.(map[string]any) + vNewMap, ok2 := vNew.(map[string]any) + if ok1 && ok2 { + subDiff := diffMaps(vOldMap, vNewMap) + if len(subDiff) > 0 { + diff[k] = subDiff + } + } else { + diff[k] = vNew + } + } + } + + // unset missing fields + for k := range old { + if _, ok := diff[k]; ok || slices.Contains(excludeKeys, k) { + continue // already added + } + + if _, ok := new[k]; !ok { + diff[k] = nil + } + } + + return diff +} + +func deleteNestedMapKey(data map[string]any, parts ...string) { + if len(parts) == 0 { + return + } + + if len(parts) == 1 { + delete(data, parts[0]) + return + } + + v, ok := data[parts[0]].(map[string]any) + if ok { + deleteNestedMapKey(v, parts[1:]...) + } +} diff --git a/pocketbase.go b/pocketbase.go new file mode 100644 index 0000000..cc083a1 --- /dev/null +++ b/pocketbase.go @@ -0,0 +1,328 @@ +package pocketbase + +import ( + "io" + "os" + "os/signal" + "path/filepath" + "strings" + "syscall" + "time" + + "github.com/fatih/color" + "github.com/pocketbase/pocketbase/cmd" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/routine" + "github.com/spf13/cobra" + + _ "github.com/pocketbase/pocketbase/migrations" +) + +var _ core.App = (*PocketBase)(nil) + +// Version of PocketBase +var Version = "(untracked)" + +// PocketBase defines a PocketBase app launcher. +// +// It implements [core.App] via embedding and all of the app interface methods +// could be accessed directly through the instance (eg. PocketBase.DataDir()). +type PocketBase struct { + core.App + + devFlag bool + dataDirFlag string + encryptionEnvFlag string + queryTimeout int + hideStartBanner bool + + // RootCmd is the main console command + RootCmd *cobra.Command +} + +// Config is the PocketBase initialization config struct. +type Config struct { + // hide the default console server info on app startup + HideStartBanner bool + + // optional default values for the console flags + DefaultDev bool + DefaultDataDir string // if not set, it will fallback to "./pb_data" + DefaultEncryptionEnv string + DefaultQueryTimeout time.Duration // default to core.DefaultQueryTimeout (in seconds) + + // optional DB configurations + DataMaxOpenConns int // default to core.DefaultDataMaxOpenConns + DataMaxIdleConns int // default to core.DefaultDataMaxIdleConns + AuxMaxOpenConns int // default to core.DefaultAuxMaxOpenConns + AuxMaxIdleConns int // default to core.DefaultAuxMaxIdleConns + DBConnect core.DBConnectFunc // default to core.dbConnect +} + +// New creates a new PocketBase instance with the default configuration. +// Use [NewWithConfig] if you want to provide a custom configuration. +// +// Note that the application will not be initialized/bootstrapped yet, +// aka. DB connections, migrations, app settings, etc. will not be accessible. +// Everything will be initialized when [PocketBase.Start] is executed. +// If you want to initialize the application before calling [PocketBase.Start], +// then you'll have to manually call [PocketBase.Bootstrap]. +func New() *PocketBase { + _, isUsingGoRun := inspectRuntime() + + return NewWithConfig(Config{ + DefaultDev: isUsingGoRun, + }) +} + +// NewWithConfig creates a new PocketBase instance with the provided config. +// +// Note that the application will not be initialized/bootstrapped yet, +// aka. DB connections, migrations, app settings, etc. will not be accessible. +// Everything will be initialized when [PocketBase.Start] is executed. +// If you want to initialize the application before calling [PocketBase.Start], +// then you'll have to manually call [PocketBase.Bootstrap]. +func NewWithConfig(config Config) *PocketBase { + // initialize a default data directory based on the executable baseDir + if config.DefaultDataDir == "" { + baseDir, _ := inspectRuntime() + config.DefaultDataDir = filepath.Join(baseDir, "pb_data") + } + + if config.DefaultQueryTimeout == 0 { + config.DefaultQueryTimeout = core.DefaultQueryTimeout + } + + executableName := filepath.Base(os.Args[0]) + + pb := &PocketBase{ + RootCmd: &cobra.Command{ + Use: executableName, + Short: executableName + " CLI", + Version: Version, + FParseErrWhitelist: cobra.FParseErrWhitelist{ + UnknownFlags: true, + }, + // no need to provide the default cobra completion command + CompletionOptions: cobra.CompletionOptions{ + DisableDefaultCmd: true, + }, + }, + devFlag: config.DefaultDev, + dataDirFlag: config.DefaultDataDir, + encryptionEnvFlag: config.DefaultEncryptionEnv, + hideStartBanner: config.HideStartBanner, + } + + // replace with a colored stderr writer + pb.RootCmd.SetErr(newErrWriter()) + + // parse base flags + // (errors are ignored, since the full flags parsing happens on Execute()) + pb.eagerParseFlags(&config) + + // initialize the app instance + pb.App = core.NewBaseApp(core.BaseAppConfig{ + IsDev: pb.devFlag, + DataDir: pb.dataDirFlag, + EncryptionEnv: pb.encryptionEnvFlag, + QueryTimeout: time.Duration(pb.queryTimeout) * time.Second, + DataMaxOpenConns: config.DataMaxOpenConns, + DataMaxIdleConns: config.DataMaxIdleConns, + AuxMaxOpenConns: config.AuxMaxOpenConns, + AuxMaxIdleConns: config.AuxMaxIdleConns, + DBConnect: config.DBConnect, + }) + + // hide the default help command (allow only `--help` flag) + pb.RootCmd.SetHelpCommand(&cobra.Command{Hidden: true}) + + // https://github.com/pocketbase/pocketbase/issues/6136 + pb.OnBootstrap().Bind(&hook.Handler[*core.BootstrapEvent]{ + Id: ModerncDepsCheckHookId, + Func: func(be *core.BootstrapEvent) error { + if err := be.Next(); err != nil { + return err + } + + // run separately to avoid blocking + app := be.App + routine.FireAndForget(func() { + checkModerncDeps(app) + }) + + return nil + }, + }) + + return pb +} + +// Start starts the application, aka. registers the default system +// commands (serve, superuser, version) and executes pb.RootCmd. +func (pb *PocketBase) Start() error { + // register system commands + pb.RootCmd.AddCommand(cmd.NewSuperuserCommand(pb)) + pb.RootCmd.AddCommand(cmd.NewServeCommand(pb, !pb.hideStartBanner)) + + return pb.Execute() +} + +// Execute initializes the application (if not already) and executes +// the pb.RootCmd with graceful shutdown support. +// +// This method differs from pb.Start() by not registering the default +// system commands! +func (pb *PocketBase) Execute() error { + if !pb.skipBootstrap() { + if err := pb.Bootstrap(); err != nil { + return err + } + } + + done := make(chan bool, 1) + + // listen for interrupt signal to gracefully shutdown the application + go func() { + sigch := make(chan os.Signal, 1) + signal.Notify(sigch, os.Interrupt, syscall.SIGTERM) + <-sigch + + done <- true + }() + + // execute the root command + go func() { + // note: leave to the commands to decide whether to print their error + pb.RootCmd.Execute() + + done <- true + }() + + <-done + + // trigger cleanups + event := new(core.TerminateEvent) + event.App = pb + return pb.OnTerminate().Trigger(event, func(e *core.TerminateEvent) error { + return e.App.ResetBootstrapState() + }) +} + +// eagerParseFlags parses the global app flags before calling pb.RootCmd.Execute(). +// so we can have all PocketBase flags ready for use on initialization. +func (pb *PocketBase) eagerParseFlags(config *Config) error { + pb.RootCmd.PersistentFlags().StringVar( + &pb.dataDirFlag, + "dir", + config.DefaultDataDir, + "the PocketBase data directory", + ) + + pb.RootCmd.PersistentFlags().StringVar( + &pb.encryptionEnvFlag, + "encryptionEnv", + config.DefaultEncryptionEnv, + "the env variable whose value of 32 characters will be used \nas encryption key for the app settings (default none)", + ) + + pb.RootCmd.PersistentFlags().BoolVar( + &pb.devFlag, + "dev", + config.DefaultDev, + "enable dev mode, aka. printing logs and sql statements to the console", + ) + + pb.RootCmd.PersistentFlags().IntVar( + &pb.queryTimeout, + "queryTimeout", + int(config.DefaultQueryTimeout.Seconds()), + "the default SELECT queries timeout in seconds", + ) + + return pb.RootCmd.ParseFlags(os.Args[1:]) +} + +// skipBootstrap eagerly checks if the app should skip the bootstrap process: +// - already bootstrapped +// - is unknown command +// - is the default help command +// - is the default version command +// +// https://github.com/pocketbase/pocketbase/issues/404 +// https://github.com/pocketbase/pocketbase/discussions/1267 +func (pb *PocketBase) skipBootstrap() bool { + flags := []string{ + "-h", + "--help", + "-v", + "--version", + } + + if pb.IsBootstrapped() { + return true // already bootstrapped + } + + cmd, _, err := pb.RootCmd.Find(os.Args[1:]) + if err != nil { + return true // unknown command + } + + for _, arg := range os.Args { + if !list.ExistInSlice(arg, flags) { + continue + } + + // ensure that there is no user defined flag with the same name/shorthand + trimmed := strings.TrimLeft(arg, "-") + if len(trimmed) > 1 && cmd.Flags().Lookup(trimmed) == nil { + return true + } + if len(trimmed) == 1 && cmd.Flags().ShorthandLookup(trimmed) == nil { + return true + } + } + + return false +} + +// inspectRuntime tries to find the base executable directory and how it was run. +// +// note: we are using os.Args[0] and not os.Executable() since it could +// break existing aliased binaries (eg. the community maintained homebrew package) +func inspectRuntime() (baseDir string, withGoRun bool) { + if strings.HasPrefix(os.Args[0], os.TempDir()) { + // probably ran with go run + withGoRun = true + baseDir, _ = os.Getwd() + } else { + // probably ran with go build + withGoRun = false + baseDir = filepath.Dir(os.Args[0]) + } + return +} + +// newErrWriter returns a red colored stderr writter. +func newErrWriter() *coloredWriter { + return &coloredWriter{ + w: os.Stderr, + c: color.New(color.FgRed), + } +} + +// coloredWriter is a small wrapper struct to construct a [color.Color] writter. +type coloredWriter struct { + w io.Writer + c *color.Color +} + +// Write writes the p bytes using the colored writer. +func (colored *coloredWriter) Write(p []byte) (n int, err error) { + colored.c.SetWriter(colored.w) + defer colored.c.UnsetWriter(colored.w) + + return colored.c.Print(string(p)) +} diff --git a/pocketbase_test.go b/pocketbase_test.go new file mode 100644 index 0000000..101883e --- /dev/null +++ b/pocketbase_test.go @@ -0,0 +1,210 @@ +package pocketbase + +import ( + "os" + "path/filepath" + "testing" + + "github.com/spf13/cobra" +) + +func TestNew(t *testing.T) { + // copy os.Args + originalArgs := make([]string, len(os.Args)) + copy(originalArgs, os.Args) + defer func() { + // restore os.Args + os.Args = originalArgs + }() + + // change os.Args + os.Args = os.Args[:1] + os.Args = append( + os.Args, + "--dir=test_dir", + "--encryptionEnv=test_encryption_env", + "--debug=true", + ) + + app := New() + + if app == nil { + t.Fatal("Expected initialized PocketBase instance, got nil") + } + + if app.RootCmd == nil { + t.Fatal("Expected RootCmd to be initialized, got nil") + } + + if app.App == nil { + t.Fatal("Expected App to be initialized, got nil") + } + + if app.DataDir() != "test_dir" { + t.Fatalf("Expected app.DataDir() %q, got %q", "test_dir", app.DataDir()) + } + + if app.EncryptionEnv() != "test_encryption_env" { + t.Fatalf("Expected app.EncryptionEnv() test_encryption_env, got %q", app.EncryptionEnv()) + } +} + +func TestNewWithConfig(t *testing.T) { + app := NewWithConfig(Config{ + DefaultDataDir: "test_dir", + DefaultEncryptionEnv: "test_encryption_env", + HideStartBanner: true, + }) + + if app == nil { + t.Fatal("Expected initialized PocketBase instance, got nil") + } + + if app.RootCmd == nil { + t.Fatal("Expected RootCmd to be initialized, got nil") + } + + if app.App == nil { + t.Fatal("Expected App to be initialized, got nil") + } + + if app.hideStartBanner != true { + t.Fatal("Expected app.hideStartBanner to be true, got false") + } + + if app.DataDir() != "test_dir" { + t.Fatalf("Expected app.DataDir() %q, got %q", "test_dir", app.DataDir()) + } + + if app.EncryptionEnv() != "test_encryption_env" { + t.Fatalf("Expected app.EncryptionEnv() %q, got %q", "test_encryption_env", app.EncryptionEnv()) + } +} + +func TestNewWithConfigAndFlags(t *testing.T) { + // copy os.Args + originalArgs := make([]string, len(os.Args)) + copy(originalArgs, os.Args) + defer func() { + // restore os.Args + os.Args = originalArgs + }() + + // change os.Args + os.Args = os.Args[:1] + os.Args = append( + os.Args, + "--dir=test_dir_flag", + "--encryptionEnv=test_encryption_env_flag", + "--debug=false", + ) + + app := NewWithConfig(Config{ + DefaultDataDir: "test_dir", + DefaultEncryptionEnv: "test_encryption_env", + HideStartBanner: true, + }) + + if app == nil { + t.Fatal("Expected initialized PocketBase instance, got nil") + } + + if app.RootCmd == nil { + t.Fatal("Expected RootCmd to be initialized, got nil") + } + + if app.App == nil { + t.Fatal("Expected App to be initialized, got nil") + } + + if app.hideStartBanner != true { + t.Fatal("Expected app.hideStartBanner to be true, got false") + } + + if app.DataDir() != "test_dir_flag" { + t.Fatalf("Expected app.DataDir() %q, got %q", "test_dir_flag", app.DataDir()) + } + + if app.EncryptionEnv() != "test_encryption_env_flag" { + t.Fatalf("Expected app.EncryptionEnv() %q, got %q", "test_encryption_env_flag", app.EncryptionEnv()) + } +} + +func TestSkipBootstrap(t *testing.T) { + // copy os.Args + originalArgs := make([]string, len(os.Args)) + copy(originalArgs, os.Args) + defer func() { + // restore os.Args + os.Args = originalArgs + }() + + tempDir := filepath.Join(os.TempDir(), "temp_pb_data") + defer os.RemoveAll(tempDir) + + // already bootstrapped + app0 := NewWithConfig(Config{DefaultDataDir: tempDir}) + app0.Bootstrap() + if v := app0.skipBootstrap(); !v { + t.Fatal("[bootstrapped] Expected true, got false") + } + + // unknown command + os.Args = os.Args[:1] + os.Args = append(os.Args, "demo") + app1 := NewWithConfig(Config{DefaultDataDir: tempDir}) + app1.RootCmd.AddCommand(&cobra.Command{Use: "test"}) + if v := app1.skipBootstrap(); !v { + t.Fatal("[unknown] Expected true, got false") + } + + // default flags + flagScenarios := []struct { + name string + short string + }{ + {"help", "h"}, + {"version", "v"}, + } + + for _, s := range flagScenarios { + // base flag + os.Args = os.Args[:1] + os.Args = append(os.Args, "--"+s.name) + app1 := NewWithConfig(Config{DefaultDataDir: tempDir}) + if v := app1.skipBootstrap(); !v { + t.Fatalf("[--%s] Expected true, got false", s.name) + } + + // short flag + os.Args = os.Args[:1] + os.Args = append(os.Args, "-"+s.short) + app2 := NewWithConfig(Config{DefaultDataDir: tempDir}) + if v := app2.skipBootstrap(); !v { + t.Fatalf("[-%s] Expected true, got false", s.short) + } + + customCmd := &cobra.Command{Use: "custom"} + customCmd.PersistentFlags().BoolP(s.name, s.short, false, "") + + // base flag in custom command + os.Args = os.Args[:1] + os.Args = append(os.Args, "custom") + os.Args = append(os.Args, "--"+s.name) + app3 := NewWithConfig(Config{DefaultDataDir: tempDir}) + app3.RootCmd.AddCommand(customCmd) + if v := app3.skipBootstrap(); v { + t.Fatalf("[--%s custom] Expected false, got true", s.name) + } + + // short flag in custom command + os.Args = os.Args[:1] + os.Args = append(os.Args, "custom") + os.Args = append(os.Args, "-"+s.short) + app4 := NewWithConfig(Config{DefaultDataDir: tempDir}) + app4.RootCmd.AddCommand(customCmd) + if v := app4.skipBootstrap(); v { + t.Fatalf("[-%s custom] Expected false, got true", s.short) + } + } +} diff --git a/tests/api.go b/tests/api.go new file mode 100644 index 0000000..893a085 --- /dev/null +++ b/tests/api.go @@ -0,0 +1,304 @@ +package tests + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "maps" + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/apis" + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" +) + +// ApiScenario defines a single api request test case/scenario. +type ApiScenario struct { + // Name is the test name. + Name string + + // Method is the HTTP method of the test request to use. + Method string + + // URL is the url/path of the endpoint you want to test. + URL string + + // Body specifies the body to send with the request. + // + // For example: + // + // strings.NewReader(`{"title":"abc"}`) + Body io.Reader + + // Headers specifies the headers to send with the request (e.g. "Authorization": "abc") + Headers map[string]string + + // Delay adds a delay before checking the expectations usually + // to ensure that all fired non-awaited go routines have finished + Delay time.Duration + + // Timeout specifies how long to wait before cancelling the request context. + // + // A zero or negative value means that there will be no timeout. + Timeout time.Duration + + // expectations + // --------------------------------------------------------------- + + // ExpectedStatus specifies the expected response HTTP status code. + ExpectedStatus int + + // List of keywords that MUST exist in the response body. + // + // Either ExpectedContent or NotExpectedContent must be set if the response body is non-empty. + // Leave both fields empty if you want to ensure that the response didn't have any body (e.g. 204). + ExpectedContent []string + + // List of keywords that MUST NOT exist in the response body. + // + // Either ExpectedContent or NotExpectedContent must be set if the response body is non-empty. + // Leave both fields empty if you want to ensure that the response didn't have any body (e.g. 204). + NotExpectedContent []string + + // List of hook events to check whether they were fired or not. + // + // You can use the wildcard "*" event key if you want to ensure + // that no other hook events except those listed have been fired. + // + // For example: + // + // map[string]int{ "*": 0 } // no hook events were fired + // map[string]int{ "*": 0, "EventA": 2 } // no hook events, except EventA were fired + // map[string]int{ EventA": 2, "EventB": 0 } // ensures that EventA was fired exactly 2 times and EventB exactly 0 times. + ExpectedEvents map[string]int + + // test hooks + // --------------------------------------------------------------- + + TestAppFactory func(t testing.TB) *TestApp + BeforeTestFunc func(t testing.TB, app *TestApp, e *core.ServeEvent) + AfterTestFunc func(t testing.TB, app *TestApp, res *http.Response) +} + +// Test executes the test scenario. +// +// Example: +// +// func TestListExample(t *testing.T) { +// scenario := tests.ApiScenario{ +// Name: "list example collection", +// Method: http.MethodGet, +// URL: "/api/collections/example/records", +// ExpectedStatus: 200, +// ExpectedContent: []string{ +// `"totalItems":3`, +// `"id":"0yxhwia2amd8gec"`, +// `"id":"achvryl401bhse3"`, +// `"id":"llvuca81nly1qls"`, +// }, +// ExpectedEvents: map[string]int{ +// "OnRecordsListRequest": 1, +// "OnRecordEnrich": 3, +// }, +// } +// +// scenario.Test(t) +// } +func (scenario *ApiScenario) Test(t *testing.T) { + t.Run(scenario.normalizedName(), func(t *testing.T) { + scenario.test(t) + }) +} + +// Benchmark benchmarks the test scenario. +// +// Example: +// +// func BenchmarkListExample(b *testing.B) { +// scenario := tests.ApiScenario{ +// Name: "list example collection", +// Method: http.MethodGet, +// URL: "/api/collections/example/records", +// ExpectedStatus: 200, +// ExpectedContent: []string{ +// `"totalItems":3`, +// `"id":"0yxhwia2amd8gec"`, +// `"id":"achvryl401bhse3"`, +// `"id":"llvuca81nly1qls"`, +// }, +// ExpectedEvents: map[string]int{ +// "OnRecordsListRequest": 1, +// "OnRecordEnrich": 3, +// }, +// } +// +// scenario.Benchmark(b) +// } +func (scenario *ApiScenario) Benchmark(b *testing.B) { + b.Run(scenario.normalizedName(), func(b *testing.B) { + for i := 0; i < b.N; i++ { + scenario.test(b) + } + }) +} + +func (scenario *ApiScenario) normalizedName() string { + var name = scenario.Name + + if name == "" { + name = fmt.Sprintf("%s:%s", scenario.Method, scenario.URL) + } + + return name +} + +func (scenario *ApiScenario) test(t testing.TB) { + var testApp *TestApp + if scenario.TestAppFactory != nil { + testApp = scenario.TestAppFactory(t) + if testApp == nil { + t.Fatal("TestAppFactory must return a non-nill app instance") + } + } else { + var testAppErr error + testApp, testAppErr = NewTestApp() + if testAppErr != nil { + t.Fatalf("Failed to initialize the test app instance: %v", testAppErr) + } + } + defer testApp.Cleanup() + + baseRouter, err := apis.NewRouter(testApp) + if err != nil { + t.Fatal(err) + } + + // manually trigger the serve event to ensure that custom app routes and middlewares are registered + serveEvent := new(core.ServeEvent) + serveEvent.App = testApp + serveEvent.Router = baseRouter + + serveErr := testApp.OnServe().Trigger(serveEvent, func(e *core.ServeEvent) error { + if scenario.BeforeTestFunc != nil { + scenario.BeforeTestFunc(t, testApp, e) + } + + // reset the event counters in case a hook was triggered from a before func (eg. db save) + testApp.ResetEventCalls() + + // add middleware to timeout long-running requests (eg. keep-alive routes) + e.Router.Bind(&hook.Handler[*core.RequestEvent]{ + Func: func(re *core.RequestEvent) error { + slowTimer := time.AfterFunc(3*time.Second, func() { + t.Logf("[WARN] Long running test %q", scenario.Name) + }) + defer slowTimer.Stop() + + if scenario.Timeout > 0 { + ctx, cancelFunc := context.WithTimeout(re.Request.Context(), scenario.Timeout) + defer cancelFunc() + re.Request = re.Request.Clone(ctx) + } + + return re.Next() + }, + Priority: -9999, + }) + + recorder := httptest.NewRecorder() + + req := httptest.NewRequest(scenario.Method, scenario.URL, scenario.Body) + + // set default header + req.Header.Set("content-type", "application/json") + + // set scenario headers + for k, v := range scenario.Headers { + req.Header.Set(k, v) + } + + // execute request + mux, err := e.Router.BuildMux() + if err != nil { + t.Fatalf("Failed to build router mux: %v", err) + } + mux.ServeHTTP(recorder, req) + + res := recorder.Result() + + if res.StatusCode != scenario.ExpectedStatus { + t.Errorf("Expected status code %d, got %d", scenario.ExpectedStatus, res.StatusCode) + } + + if scenario.Delay > 0 { + time.Sleep(scenario.Delay) + } + + if len(scenario.ExpectedContent) == 0 && len(scenario.NotExpectedContent) == 0 { + if len(recorder.Body.Bytes()) != 0 { + t.Errorf("Expected empty body, got \n%v", recorder.Body.String()) + } + } else { + // normalize json response format + buffer := new(bytes.Buffer) + err := json.Compact(buffer, recorder.Body.Bytes()) + var normalizedBody string + if err != nil { + // not a json... + normalizedBody = recorder.Body.String() + } else { + normalizedBody = buffer.String() + } + + for _, item := range scenario.ExpectedContent { + if !strings.Contains(normalizedBody, item) { + t.Errorf("Cannot find %v in response body \n%v", item, normalizedBody) + break + } + } + + for _, item := range scenario.NotExpectedContent { + if strings.Contains(normalizedBody, item) { + t.Errorf("Didn't expect %v in response body \n%v", item, normalizedBody) + break + } + } + } + + remainingEvents := maps.Clone(testApp.EventCalls) + + var noOtherEventsShouldRemain bool + for event, expectedNum := range scenario.ExpectedEvents { + if event == "*" && expectedNum <= 0 { + noOtherEventsShouldRemain = true + continue + } + + actualNum := remainingEvents[event] + if actualNum != expectedNum { + t.Errorf("Expected event %s to be called %d, got %d", event, expectedNum, actualNum) + } + + delete(remainingEvents, event) + } + + if noOtherEventsShouldRemain && len(remainingEvents) > 0 { + t.Errorf("Missing expected remaining events:\n%#v\nAll triggered app events are:\n%#v", remainingEvents, testApp.EventCalls) + } + + if scenario.AfterTestFunc != nil { + scenario.AfterTestFunc(t, testApp, res) + } + + return nil + }) + if serveErr != nil { + t.Fatalf("Failed to trigger app serve hook: %v", serveErr) + } +} diff --git a/tests/app.go b/tests/app.go new file mode 100644 index 0000000..d951753 --- /dev/null +++ b/tests/app.go @@ -0,0 +1,886 @@ +// Package tests provides common helpers and mocks used in PocketBase application tests. +package tests + +import ( + "io" + "os" + "path" + "path/filepath" + "runtime" + "sync" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/hook" + + _ "github.com/pocketbase/pocketbase/migrations" +) + +// TestApp is a wrapper app instance used for testing. +type TestApp struct { + *core.BaseApp + + mux sync.Mutex + + // EventCalls defines a map to inspect which app events + // (and how many times) were triggered. + EventCalls map[string]int + + TestMailer *TestMailer +} + +// Cleanup resets the test application state and removes the test +// app's dataDir from the filesystem. +// +// After this call, the app instance shouldn't be used anymore. +func (t *TestApp) Cleanup() { + event := new(core.TerminateEvent) + event.App = t + + t.OnTerminate().Trigger(event, func(e *core.TerminateEvent) error { + t.TestMailer.Reset() + t.ResetEventCalls() + t.ResetBootstrapState() + + return e.Next() + }) + + if t.DataDir() != "" { + os.RemoveAll(t.DataDir()) + } +} + +// ResetEventCalls resets the EventCalls counter. +func (t *TestApp) ResetEventCalls() { + t.mux.Lock() + defer t.mux.Unlock() + + t.EventCalls = make(map[string]int) +} + +func (t *TestApp) registerEventCall(name string) { + t.mux.Lock() + defer t.mux.Unlock() + + if t.EventCalls == nil { + t.EventCalls = make(map[string]int) + } + + t.EventCalls[name]++ +} + +// NewTestApp creates and initializes a test application instance. +// +// It is the caller's responsibility to call app.Cleanup() when the app is no longer needed. +func NewTestApp(optTestDataDir ...string) (*TestApp, error) { + var testDataDir string + if len(optTestDataDir) > 0 { + testDataDir = optTestDataDir[0] + } + + return NewTestAppWithConfig(core.BaseAppConfig{ + DataDir: testDataDir, + EncryptionEnv: "pb_test_env", + }) +} + +// NewTestAppWithConfig creates and initializes a test application instance +// from the provided config. +// +// If config.DataDir is not set it fallbacks to the default internal test data directory. +// +// config.DataDir is cloned for each new test application instance. +// +// It is the caller's responsibility to call app.Cleanup() when the app is no longer needed. +func NewTestAppWithConfig(config core.BaseAppConfig) (*TestApp, error) { + if config.DataDir == "" { + // fallback to the default test data directory + _, currentFile, _, _ := runtime.Caller(0) + config.DataDir = filepath.Join(path.Dir(currentFile), "data") + } + + tempDir, err := TempDirClone(config.DataDir) + if err != nil { + return nil, err + } + + // replace with the clone + config.DataDir = tempDir + + app := core.NewBaseApp(config) + + // load data dir and db connections + if err := app.Bootstrap(); err != nil { + return nil, err + } + + // ensure that the Dao and DB configurations are properly loaded + if _, err := app.DB().NewQuery("Select 1").Execute(); err != nil { + return nil, err + } + if _, err := app.AuxDB().NewQuery("Select 1").Execute(); err != nil { + return nil, err + } + + // apply any missing migrations + if err := app.RunAllMigrations(); err != nil { + return nil, err + } + + // force disable request logs because the logs db call execute in a separate + // go routine and it is possible to panic due to earlier api test completion. + app.Settings().Logs.MaxDays = 0 + + t := &TestApp{ + BaseApp: app, + EventCalls: make(map[string]int), + TestMailer: &TestMailer{}, + } + + t.OnBootstrap().Bind(&hook.Handler[*core.BootstrapEvent]{ + Func: func(e *core.BootstrapEvent) error { + t.registerEventCall("OnBootstrap") + return e.Next() + }, + Priority: -99999, + }) + + t.OnServe().Bind(&hook.Handler[*core.ServeEvent]{ + Func: func(e *core.ServeEvent) error { + t.registerEventCall("OnServe") + return e.Next() + }, + Priority: -99999, + }) + + t.OnTerminate().Bind(&hook.Handler[*core.TerminateEvent]{ + Func: func(e *core.TerminateEvent) error { + t.registerEventCall("OnTerminate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnBackupCreate().Bind(&hook.Handler[*core.BackupEvent]{ + Func: func(e *core.BackupEvent) error { + t.registerEventCall("OnBackupCreate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnBackupRestore().Bind(&hook.Handler[*core.BackupEvent]{ + Func: func(e *core.BackupEvent) error { + t.registerEventCall("OnBackupRestore") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelCreate().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelCreate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelCreateExecute().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelCreateExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelAfterCreateSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelAfterCreateSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelAfterCreateError().Bind(&hook.Handler[*core.ModelErrorEvent]{ + Func: func(e *core.ModelErrorEvent) error { + t.registerEventCall("OnModelAfterCreateError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelUpdate().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelUpdate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelUpdateExecute().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelUpdateExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelAfterUpdateSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelAfterUpdateSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelAfterUpdateError().Bind(&hook.Handler[*core.ModelErrorEvent]{ + Func: func(e *core.ModelErrorEvent) error { + t.registerEventCall("OnModelAfterUpdateError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelValidate().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelValidate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelDelete().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelDelete") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelDeleteExecute().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelDeleteExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*core.ModelEvent]{ + Func: func(e *core.ModelEvent) error { + t.registerEventCall("OnModelAfterDeleteSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnModelAfterDeleteError().Bind(&hook.Handler[*core.ModelErrorEvent]{ + Func: func(e *core.ModelErrorEvent) error { + t.registerEventCall("OnModelAfterDeleteError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordEnrich().Bind(&hook.Handler[*core.RecordEnrichEvent]{ + Func: func(e *core.RecordEnrichEvent) error { + t.registerEventCall("OnRecordEnrich") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordValidate().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordValidate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordCreate().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordCreate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordCreateExecute().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordCreateExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAfterCreateSuccess().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordAfterCreateSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAfterCreateError().Bind(&hook.Handler[*core.RecordErrorEvent]{ + Func: func(e *core.RecordErrorEvent) error { + t.registerEventCall("OnRecordAfterCreateError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordUpdate().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordUpdate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordUpdateExecute().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordUpdateExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAfterUpdateSuccess().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordAfterUpdateSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAfterUpdateError().Bind(&hook.Handler[*core.RecordErrorEvent]{ + Func: func(e *core.RecordErrorEvent) error { + t.registerEventCall("OnRecordAfterUpdateError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordDelete().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordDelete") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordDeleteExecute().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordDeleteExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAfterDeleteSuccess().Bind(&hook.Handler[*core.RecordEvent]{ + Func: func(e *core.RecordEvent) error { + t.registerEventCall("OnRecordAfterDeleteSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAfterDeleteError().Bind(&hook.Handler[*core.RecordErrorEvent]{ + Func: func(e *core.RecordErrorEvent) error { + t.registerEventCall("OnRecordAfterDeleteError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionValidate().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionValidate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionCreate().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionCreate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionCreateExecute().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionCreateExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionAfterCreateSuccess().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionAfterCreateSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionAfterCreateError().Bind(&hook.Handler[*core.CollectionErrorEvent]{ + Func: func(e *core.CollectionErrorEvent) error { + t.registerEventCall("OnCollectionAfterCreateError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionUpdate().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionUpdate") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionUpdateExecute().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionUpdateExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionAfterUpdateSuccess().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionAfterUpdateSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionAfterUpdateError().Bind(&hook.Handler[*core.CollectionErrorEvent]{ + Func: func(e *core.CollectionErrorEvent) error { + t.registerEventCall("OnCollectionAfterUpdateError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionDelete().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionDelete") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionDeleteExecute().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionDeleteExecute") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionAfterDeleteSuccess().Bind(&hook.Handler[*core.CollectionEvent]{ + Func: func(e *core.CollectionEvent) error { + t.registerEventCall("OnCollectionAfterDeleteSuccess") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionAfterDeleteError().Bind(&hook.Handler[*core.CollectionErrorEvent]{ + Func: func(e *core.CollectionErrorEvent) error { + t.registerEventCall("OnCollectionAfterDeleteError") + return e.Next() + }, + Priority: -99999, + }) + + t.OnMailerSend().Bind(&hook.Handler[*core.MailerEvent]{ + Func: func(e *core.MailerEvent) error { + if t.TestMailer == nil { + t.TestMailer = &TestMailer{} + } + e.Mailer = t.TestMailer + t.registerEventCall("OnMailerSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnMailerRecordAuthAlertSend().Bind(&hook.Handler[*core.MailerRecordEvent]{ + Func: func(e *core.MailerRecordEvent) error { + t.registerEventCall("OnMailerRecordAuthAlertSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnMailerRecordPasswordResetSend().Bind(&hook.Handler[*core.MailerRecordEvent]{ + Func: func(e *core.MailerRecordEvent) error { + t.registerEventCall("OnMailerRecordPasswordResetSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnMailerRecordVerificationSend().Bind(&hook.Handler[*core.MailerRecordEvent]{ + Func: func(e *core.MailerRecordEvent) error { + t.registerEventCall("OnMailerRecordVerificationSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnMailerRecordEmailChangeSend().Bind(&hook.Handler[*core.MailerRecordEvent]{ + Func: func(e *core.MailerRecordEvent) error { + t.registerEventCall("OnMailerRecordEmailChangeSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnMailerRecordOTPSend().Bind(&hook.Handler[*core.MailerRecordEvent]{ + Func: func(e *core.MailerRecordEvent) error { + t.registerEventCall("OnMailerRecordOTPSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRealtimeConnectRequest().Bind(&hook.Handler[*core.RealtimeConnectRequestEvent]{ + Func: func(e *core.RealtimeConnectRequestEvent) error { + t.registerEventCall("OnRealtimeConnectRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRealtimeMessageSend().Bind(&hook.Handler[*core.RealtimeMessageEvent]{ + Func: func(e *core.RealtimeMessageEvent) error { + t.registerEventCall("OnRealtimeMessageSend") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRealtimeSubscribeRequest().Bind(&hook.Handler[*core.RealtimeSubscribeRequestEvent]{ + Func: func(e *core.RealtimeSubscribeRequestEvent) error { + t.registerEventCall("OnRealtimeSubscribeRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnSettingsListRequest().Bind(&hook.Handler[*core.SettingsListRequestEvent]{ + Func: func(e *core.SettingsListRequestEvent) error { + t.registerEventCall("OnSettingsListRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnSettingsUpdateRequest().Bind(&hook.Handler[*core.SettingsUpdateRequestEvent]{ + Func: func(e *core.SettingsUpdateRequestEvent) error { + t.registerEventCall("OnSettingsUpdateRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnSettingsReload().Bind(&hook.Handler[*core.SettingsReloadEvent]{ + Func: func(e *core.SettingsReloadEvent) error { + t.registerEventCall("OnSettingsReload") + return e.Next() + }, + Priority: -99999, + }) + + t.OnFileDownloadRequest().Bind(&hook.Handler[*core.FileDownloadRequestEvent]{ + Func: func(e *core.FileDownloadRequestEvent) error { + t.registerEventCall("OnFileDownloadRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnFileTokenRequest().Bind(&hook.Handler[*core.FileTokenRequestEvent]{ + Func: func(e *core.FileTokenRequestEvent) error { + t.registerEventCall("OnFileTokenRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAuthRequest().Bind(&hook.Handler[*core.RecordAuthRequestEvent]{ + Func: func(e *core.RecordAuthRequestEvent) error { + t.registerEventCall("OnRecordAuthRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAuthWithPasswordRequest().Bind(&hook.Handler[*core.RecordAuthWithPasswordRequestEvent]{ + Func: func(e *core.RecordAuthWithPasswordRequestEvent) error { + t.registerEventCall("OnRecordAuthWithPasswordRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAuthWithOAuth2Request().Bind(&hook.Handler[*core.RecordAuthWithOAuth2RequestEvent]{ + Func: func(e *core.RecordAuthWithOAuth2RequestEvent) error { + t.registerEventCall("OnRecordAuthWithOAuth2Request") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAuthRefreshRequest().Bind(&hook.Handler[*core.RecordAuthRefreshRequestEvent]{ + Func: func(e *core.RecordAuthRefreshRequestEvent) error { + t.registerEventCall("OnRecordAuthRefreshRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordRequestPasswordResetRequest().Bind(&hook.Handler[*core.RecordRequestPasswordResetRequestEvent]{ + Func: func(e *core.RecordRequestPasswordResetRequestEvent) error { + t.registerEventCall("OnRecordRequestPasswordResetRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordConfirmPasswordResetRequest().Bind(&hook.Handler[*core.RecordConfirmPasswordResetRequestEvent]{ + Func: func(e *core.RecordConfirmPasswordResetRequestEvent) error { + t.registerEventCall("OnRecordConfirmPasswordResetRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordRequestVerificationRequest().Bind(&hook.Handler[*core.RecordRequestVerificationRequestEvent]{ + Func: func(e *core.RecordRequestVerificationRequestEvent) error { + t.registerEventCall("OnRecordRequestVerificationRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordConfirmVerificationRequest().Bind(&hook.Handler[*core.RecordConfirmVerificationRequestEvent]{ + Func: func(e *core.RecordConfirmVerificationRequestEvent) error { + t.registerEventCall("OnRecordConfirmVerificationRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordRequestEmailChangeRequest().Bind(&hook.Handler[*core.RecordRequestEmailChangeRequestEvent]{ + Func: func(e *core.RecordRequestEmailChangeRequestEvent) error { + t.registerEventCall("OnRecordRequestEmailChangeRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordConfirmEmailChangeRequest().Bind(&hook.Handler[*core.RecordConfirmEmailChangeRequestEvent]{ + Func: func(e *core.RecordConfirmEmailChangeRequestEvent) error { + t.registerEventCall("OnRecordConfirmEmailChangeRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordRequestOTPRequest().Bind(&hook.Handler[*core.RecordCreateOTPRequestEvent]{ + Func: func(e *core.RecordCreateOTPRequestEvent) error { + t.registerEventCall("OnRecordRequestOTPRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordAuthWithOTPRequest().Bind(&hook.Handler[*core.RecordAuthWithOTPRequestEvent]{ + Func: func(e *core.RecordAuthWithOTPRequestEvent) error { + t.registerEventCall("OnRecordAuthWithOTPRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordsListRequest().Bind(&hook.Handler[*core.RecordsListRequestEvent]{ + Func: func(e *core.RecordsListRequestEvent) error { + t.registerEventCall("OnRecordsListRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordViewRequest().Bind(&hook.Handler[*core.RecordRequestEvent]{ + Func: func(e *core.RecordRequestEvent) error { + t.registerEventCall("OnRecordViewRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordCreateRequest().Bind(&hook.Handler[*core.RecordRequestEvent]{ + Func: func(e *core.RecordRequestEvent) error { + t.registerEventCall("OnRecordCreateRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordUpdateRequest().Bind(&hook.Handler[*core.RecordRequestEvent]{ + Func: func(e *core.RecordRequestEvent) error { + t.registerEventCall("OnRecordUpdateRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnRecordDeleteRequest().Bind(&hook.Handler[*core.RecordRequestEvent]{ + Func: func(e *core.RecordRequestEvent) error { + t.registerEventCall("OnRecordDeleteRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionsListRequest().Bind(&hook.Handler[*core.CollectionsListRequestEvent]{ + Func: func(e *core.CollectionsListRequestEvent) error { + t.registerEventCall("OnCollectionsListRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionViewRequest().Bind(&hook.Handler[*core.CollectionRequestEvent]{ + Func: func(e *core.CollectionRequestEvent) error { + t.registerEventCall("OnCollectionViewRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionCreateRequest().Bind(&hook.Handler[*core.CollectionRequestEvent]{ + Func: func(e *core.CollectionRequestEvent) error { + t.registerEventCall("OnCollectionCreateRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionUpdateRequest().Bind(&hook.Handler[*core.CollectionRequestEvent]{ + Func: func(e *core.CollectionRequestEvent) error { + t.registerEventCall("OnCollectionUpdateRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionDeleteRequest().Bind(&hook.Handler[*core.CollectionRequestEvent]{ + Func: func(e *core.CollectionRequestEvent) error { + t.registerEventCall("OnCollectionDeleteRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnCollectionsImportRequest().Bind(&hook.Handler[*core.CollectionsImportRequestEvent]{ + Func: func(e *core.CollectionsImportRequestEvent) error { + t.registerEventCall("OnCollectionsImportRequest") + return e.Next() + }, + Priority: -99999, + }) + + t.OnBatchRequest().Bind(&hook.Handler[*core.BatchRequestEvent]{ + Func: func(e *core.BatchRequestEvent) error { + t.registerEventCall("OnBatchRequest") + return e.Next() + }, + Priority: -99999, + }) + + return t, nil +} + +// TempDirClone creates a new temporary directory copy from the +// provided directory path. +// +// It is the caller's responsibility to call `os.RemoveAll(tempDir)` +// when the directory is no longer needed! +func TempDirClone(dirToClone string) (string, error) { + tempDir, err := os.MkdirTemp("", "pb_test_*") + if err != nil { + return "", err + } + + // copy everything from testDataDir to tempDir + if err := copyDir(dirToClone, tempDir); err != nil { + return "", err + } + + return tempDir, nil +} + +// ------------------------------------------------------------------- +// Helpers +// ------------------------------------------------------------------- + +func copyDir(src string, dest string) error { + if err := os.MkdirAll(dest, os.ModePerm); err != nil { + return err + } + + sourceDir, err := os.Open(src) + if err != nil { + return err + } + defer sourceDir.Close() + + items, err := sourceDir.Readdir(-1) + if err != nil { + return err + } + + for _, item := range items { + fullSrcPath := filepath.Join(src, item.Name()) + fullDestPath := filepath.Join(dest, item.Name()) + + var copyErr error + if item.IsDir() { + copyErr = copyDir(fullSrcPath, fullDestPath) + } else { + copyErr = copyFile(fullSrcPath, fullDestPath) + } + + if copyErr != nil { + return copyErr + } + } + + return nil +} + +func copyFile(src string, dest string) error { + srcFile, err := os.Open(src) + if err != nil { + return err + } + defer srcFile.Close() + + destFile, err := os.Create(dest) + if err != nil { + return err + } + defer destFile.Close() + + if _, err := io.Copy(destFile, srcFile); err != nil { + return err + } + + return nil +} diff --git a/tests/data/.gitignore b/tests/data/.gitignore new file mode 100644 index 0000000..d3baf10 --- /dev/null +++ b/tests/data/.gitignore @@ -0,0 +1,3 @@ +*.db-shm +*.db-wal +types.d.ts diff --git a/tests/data/auxiliary.db b/tests/data/auxiliary.db new file mode 100644 index 0000000..8c3bc97 Binary files /dev/null and b/tests/data/auxiliary.db differ diff --git a/tests/data/data.db b/tests/data/data.db new file mode 100644 index 0000000..d06471a Binary files /dev/null and b/tests/data/data.db differ diff --git a/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/300_uh_lkx91_hvb_Da8K5pl069.png b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/300_uh_lkx91_hvb_Da8K5pl069.png new file mode 100644 index 0000000..f6ce991 Binary files /dev/null and b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/300_uh_lkx91_hvb_Da8K5pl069.png differ diff --git a/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/300_uh_lkx91_hvb_Da8K5pl069.png.attrs b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/300_uh_lkx91_hvb_Da8K5pl069.png.attrs new file mode 100644 index 0000000..06e64d6 --- /dev/null +++ b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/300_uh_lkx91_hvb_Da8K5pl069.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":{"original-filename":"300_UhLKX91HVb.png"},"md5":"zZhZjzVvCvpcxtMAJie3GQ=="} diff --git a/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/thumbs_300_uh_lkx91_hvb_Da8K5pl069.png/100x100_300_uh_lkx91_hvb_Da8K5pl069.png b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/thumbs_300_uh_lkx91_hvb_Da8K5pl069.png/100x100_300_uh_lkx91_hvb_Da8K5pl069.png new file mode 100644 index 0000000..1b87677 Binary files /dev/null and b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/thumbs_300_uh_lkx91_hvb_Da8K5pl069.png/100x100_300_uh_lkx91_hvb_Da8K5pl069.png differ diff --git a/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/thumbs_300_uh_lkx91_hvb_Da8K5pl069.png/100x100_300_uh_lkx91_hvb_Da8K5pl069.png.attrs b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/thumbs_300_uh_lkx91_hvb_Da8K5pl069.png/100x100_300_uh_lkx91_hvb_Da8K5pl069.png.attrs new file mode 100644 index 0000000..64e4c1d --- /dev/null +++ b/tests/data/storage/9n89pl5vkct6330/la4y2w4o98acwuj/thumbs_300_uh_lkx91_hvb_Da8K5pl069.png/100x100_300_uh_lkx91_hvb_Da8K5pl069.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"R7TqfvF8HP3C4+FO2eZ9tg=="} diff --git a/tests/data/storage/9n89pl5vkct6330/qjeql998mtp1azp/logo_vcf_jjg5_tah_9MtIHytOmZ.svg b/tests/data/storage/9n89pl5vkct6330/qjeql998mtp1azp/logo_vcf_jjg5_tah_9MtIHytOmZ.svg new file mode 100644 index 0000000..5b5de95 --- /dev/null +++ b/tests/data/storage/9n89pl5vkct6330/qjeql998mtp1azp/logo_vcf_jjg5_tah_9MtIHytOmZ.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/tests/data/storage/9n89pl5vkct6330/qjeql998mtp1azp/logo_vcf_jjg5_tah_9MtIHytOmZ.svg.attrs b/tests/data/storage/9n89pl5vkct6330/qjeql998mtp1azp/logo_vcf_jjg5_tah_9MtIHytOmZ.svg.attrs new file mode 100644 index 0000000..749a85e --- /dev/null +++ b/tests/data/storage/9n89pl5vkct6330/qjeql998mtp1azp/logo_vcf_jjg5_tah_9MtIHytOmZ.svg.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/svg+xml","user.metadata":{"original-filename":"logo_vcfJJG5TAh.svg"},"md5":"9/B7afas4c3O6vbFcbpOug=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png new file mode 100644 index 0000000..f6ce991 Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..e78288f --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"zZhZjzVvCvpcxtMAJie3GQ=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png new file mode 100644 index 0000000..21cedaf Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..25de6a1 --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/0x50_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"iqCiUST0LvGibMMM1qxZAA=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/100x100_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/100x100_300_1SEi6Q6U72.png new file mode 100644 index 0000000..1b87677 Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/100x100_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/100x100_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/100x100_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..64e4c1d --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/100x100_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"R7TqfvF8HP3C4+FO2eZ9tg=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png new file mode 100644 index 0000000..8eef56d Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..a382ad3 --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x0_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"XQUKRr4ZwZ9MTo2kR+KfIg=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png new file mode 100644 index 0000000..e261a55 Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..df305ab --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"EoyFICWlQdYZgUYTEMsp/A=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png new file mode 100644 index 0000000..77b1107 Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..0a7f165 --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50b_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"Pb/AI46vKOtcBW9bOsdREA=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png new file mode 100644 index 0000000..21cedaf Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..25de6a1 --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50f_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"iqCiUST0LvGibMMM1qxZAA=="} diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png new file mode 100644 index 0000000..beeaf73 Binary files /dev/null and b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png differ diff --git a/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png.attrs b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png.attrs new file mode 100644 index 0000000..7774ef0 --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/4q1xlclmfloku33/thumbs_300_1SEi6Q6U72.png/70x50t_300_1SEi6Q6U72.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"rcwrlxKlvwTgDpsHLHzBqA=="} diff --git a/tests/data/storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt b/tests/data/storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt.attrs b/tests/data/storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt.attrs new file mode 100644 index 0000000..3396b8b --- /dev/null +++ b/tests/data/storage/_pb_users_auth_/oap640cot4yru2s/test_kfd2wYLxkz.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":null,"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/300_WlbFWSGmW9.png b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/300_WlbFWSGmW9.png new file mode 100644 index 0000000..f6ce991 Binary files /dev/null and b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/300_WlbFWSGmW9.png differ diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/300_WlbFWSGmW9.png.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/300_WlbFWSGmW9.png.attrs new file mode 100644 index 0000000..e78288f --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/300_WlbFWSGmW9.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"zZhZjzVvCvpcxtMAJie3GQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/logo_vcfJJG5TAh.svg b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/logo_vcfJJG5TAh.svg new file mode 100644 index 0000000..5b5de95 --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/logo_vcfJJG5TAh.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/logo_vcfJJG5TAh.svg.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/logo_vcfJJG5TAh.svg.attrs new file mode 100644 index 0000000..7938a5a --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/logo_vcfJJG5TAh.svg.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/svg+xml","user.metadata":null,"md5":"9/B7afas4c3O6vbFcbpOug=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_MaWC6mWyrP.txt b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_MaWC6mWyrP.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_MaWC6mWyrP.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_MaWC6mWyrP.txt.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_MaWC6mWyrP.txt.attrs new file mode 100644 index 0000000..921ce26 --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_MaWC6mWyrP.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":{"original-filename":"test.txt"},"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_QZFjKjXchk.txt b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_QZFjKjXchk.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_QZFjKjXchk.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_QZFjKjXchk.txt.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_QZFjKjXchk.txt.attrs new file mode 100644 index 0000000..3396b8b --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_QZFjKjXchk.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":null,"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_d61b33QdDU.txt b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_d61b33QdDU.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_d61b33QdDU.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_d61b33QdDU.txt.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_d61b33QdDU.txt.attrs new file mode 100644 index 0000000..3396b8b --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_d61b33QdDU.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":null,"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_tC1Yc87DfC.txt b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_tC1Yc87DfC.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_tC1Yc87DfC.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_tC1Yc87DfC.txt.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_tC1Yc87DfC.txt.attrs new file mode 100644 index 0000000..921ce26 --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/test_tC1Yc87DfC.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":{"original-filename":"test.txt"},"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/thumbs_300_WlbFWSGmW9.png/100x100_300_WlbFWSGmW9.png b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/thumbs_300_WlbFWSGmW9.png/100x100_300_WlbFWSGmW9.png new file mode 100644 index 0000000..1b87677 Binary files /dev/null and b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/thumbs_300_WlbFWSGmW9.png/100x100_300_WlbFWSGmW9.png differ diff --git a/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/thumbs_300_WlbFWSGmW9.png/100x100_300_WlbFWSGmW9.png.attrs b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/thumbs_300_WlbFWSGmW9.png/100x100_300_WlbFWSGmW9.png.attrs new file mode 100644 index 0000000..64e4c1d --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/84nmscqy84lsi1t/thumbs_300_WlbFWSGmW9.png/100x100_300_WlbFWSGmW9.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"R7TqfvF8HP3C4+FO2eZ9tg=="} diff --git a/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png new file mode 100644 index 0000000..f6ce991 Binary files /dev/null and b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png differ diff --git a/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png.attrs b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png.attrs new file mode 100644 index 0000000..e78288f --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/300_Jsjq7RdBgA.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"zZhZjzVvCvpcxtMAJie3GQ=="} diff --git a/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/100x100_300_Jsjq7RdBgA.png b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/100x100_300_Jsjq7RdBgA.png new file mode 100644 index 0000000..1b87677 Binary files /dev/null and b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/100x100_300_Jsjq7RdBgA.png differ diff --git a/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/100x100_300_Jsjq7RdBgA.png.attrs b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/100x100_300_Jsjq7RdBgA.png.attrs new file mode 100644 index 0000000..64e4c1d --- /dev/null +++ b/tests/data/storage/wsmn24bux7wo113/al1h9ijdeojtsjy/thumbs_300_Jsjq7RdBgA.png/100x100_300_Jsjq7RdBgA.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"R7TqfvF8HP3C4+FO2eZ9tg=="} diff --git a/tests/data/storage/wzlqyes4orhoygb/7nwo8tuiatetxdm/test_JnXeKEwgwr.txt b/tests/data/storage/wzlqyes4orhoygb/7nwo8tuiatetxdm/test_JnXeKEwgwr.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/7nwo8tuiatetxdm/test_JnXeKEwgwr.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/wzlqyes4orhoygb/7nwo8tuiatetxdm/test_JnXeKEwgwr.txt.attrs b/tests/data/storage/wzlqyes4orhoygb/7nwo8tuiatetxdm/test_JnXeKEwgwr.txt.attrs new file mode 100644 index 0000000..3396b8b --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/7nwo8tuiatetxdm/test_JnXeKEwgwr.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":null,"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/300_UhLKX91HVb.png b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/300_UhLKX91HVb.png new file mode 100644 index 0000000..f6ce991 Binary files /dev/null and b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/300_UhLKX91HVb.png differ diff --git a/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/300_UhLKX91HVb.png.attrs b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/300_UhLKX91HVb.png.attrs new file mode 100644 index 0000000..e78288f --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/300_UhLKX91HVb.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"zZhZjzVvCvpcxtMAJie3GQ=="} diff --git a/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/test_FLurQTgrY8.txt b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/test_FLurQTgrY8.txt new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/test_FLurQTgrY8.txt @@ -0,0 +1 @@ +test diff --git a/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/test_FLurQTgrY8.txt.attrs b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/test_FLurQTgrY8.txt.attrs new file mode 100644 index 0000000..3396b8b --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/test_FLurQTgrY8.txt.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"text/plain; charset=utf-8","user.metadata":null,"md5":"2Oj8otwPiW/Xy0ywAxuiSQ=="} diff --git a/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/thumbs_300_UhLKX91HVb.png/100x100_300_UhLKX91HVb.png b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/thumbs_300_UhLKX91HVb.png/100x100_300_UhLKX91HVb.png new file mode 100644 index 0000000..1b87677 Binary files /dev/null and b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/thumbs_300_UhLKX91HVb.png/100x100_300_UhLKX91HVb.png differ diff --git a/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/thumbs_300_UhLKX91HVb.png/100x100_300_UhLKX91HVb.png.attrs b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/thumbs_300_UhLKX91HVb.png/100x100_300_UhLKX91HVb.png.attrs new file mode 100644 index 0000000..64e4c1d --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/lcl9d87w22ml6jy/thumbs_300_UhLKX91HVb.png/100x100_300_UhLKX91HVb.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"R7TqfvF8HP3C4+FO2eZ9tg=="} diff --git a/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/300_JdfBOieXAW.png b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/300_JdfBOieXAW.png new file mode 100644 index 0000000..f6ce991 Binary files /dev/null and b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/300_JdfBOieXAW.png differ diff --git a/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/300_JdfBOieXAW.png.attrs b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/300_JdfBOieXAW.png.attrs new file mode 100644 index 0000000..e78288f --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/300_JdfBOieXAW.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"zZhZjzVvCvpcxtMAJie3GQ=="} diff --git a/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/thumbs_300_JdfBOieXAW.png/100x100_300_JdfBOieXAW.png b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/thumbs_300_JdfBOieXAW.png/100x100_300_JdfBOieXAW.png new file mode 100644 index 0000000..1b87677 Binary files /dev/null and b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/thumbs_300_JdfBOieXAW.png/100x100_300_JdfBOieXAW.png differ diff --git a/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/thumbs_300_JdfBOieXAW.png/100x100_300_JdfBOieXAW.png.attrs b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/thumbs_300_JdfBOieXAW.png/100x100_300_JdfBOieXAW.png.attrs new file mode 100644 index 0000000..64e4c1d --- /dev/null +++ b/tests/data/storage/wzlqyes4orhoygb/mk5fmymtx4wsprk/thumbs_300_JdfBOieXAW.png/100x100_300_JdfBOieXAW.png.attrs @@ -0,0 +1 @@ +{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null,"md5":"R7TqfvF8HP3C4+FO2eZ9tg=="} diff --git a/tests/dynamic_stubs.go b/tests/dynamic_stubs.go new file mode 100644 index 0000000..6fda676 --- /dev/null +++ b/tests/dynamic_stubs.go @@ -0,0 +1,147 @@ +package tests + +import ( + "strconv" + "time" + + "github.com/pocketbase/pocketbase/core" + "github.com/pocketbase/pocketbase/tools/types" +) + +func StubOTPRecords(app core.App) error { + superuser2, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + return err + } + superuser2.SetRaw("stubId", "superuser2") + + superuser3, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test3@example.com") + if err != nil { + return err + } + superuser3.SetRaw("stubId", "superuser3") + + user1, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + return err + } + user1.SetRaw("stubId", "user1") + + now := types.NowDateTime() + old := types.NowDateTime().Add(-1 * time.Hour) + + stubs := map[*core.Record][]types.DateTime{ + superuser2: {now, now.Add(-1 * time.Millisecond), old, now.Add(-2 * time.Millisecond), old.Add(-1 * time.Millisecond)}, + superuser3: {now.Add(-3 * time.Millisecond), now.Add(-2 * time.Minute)}, + user1: {old}, + } + for record, idDates := range stubs { + for i, date := range idDates { + otp := core.NewOTP(app) + otp.Id = record.GetString("stubId") + "_" + strconv.Itoa(i) + otp.SetRecordRef(record.Id) + otp.SetCollectionRef(record.Collection().Id) + otp.SetPassword("test123") + otp.SetRaw("created", date) + if err := app.SaveNoValidate(otp); err != nil { + return err + } + } + } + + return nil +} + +func StubMFARecords(app core.App) error { + superuser2, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test2@example.com") + if err != nil { + return err + } + superuser2.SetRaw("stubId", "superuser2") + + superuser3, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, "test3@example.com") + if err != nil { + return err + } + superuser3.SetRaw("stubId", "superuser3") + + user1, err := app.FindAuthRecordByEmail("users", "test@example.com") + if err != nil { + return err + } + user1.SetRaw("stubId", "user1") + + now := types.NowDateTime() + old := types.NowDateTime().Add(-1 * time.Hour) + + type mfaData struct { + method string + date types.DateTime + } + + stubs := map[*core.Record][]mfaData{ + superuser2: { + {core.MFAMethodOTP, now}, + {core.MFAMethodOTP, old}, + {core.MFAMethodPassword, now.Add(-2 * time.Minute)}, + {core.MFAMethodPassword, now.Add(-1 * time.Millisecond)}, + {core.MFAMethodOAuth2, old.Add(-1 * time.Millisecond)}, + }, + superuser3: { + {core.MFAMethodOAuth2, now.Add(-3 * time.Millisecond)}, + {core.MFAMethodPassword, now.Add(-3 * time.Minute)}, + }, + user1: { + {core.MFAMethodOAuth2, old}, + }, + } + for record, idDates := range stubs { + for i, data := range idDates { + otp := core.NewMFA(app) + otp.Id = record.GetString("stubId") + "_" + strconv.Itoa(i) + otp.SetRecordRef(record.Id) + otp.SetCollectionRef(record.Collection().Id) + otp.SetMethod(data.method) + otp.SetRaw("created", data.date) + if err := app.SaveNoValidate(otp); err != nil { + return err + } + } + } + + return nil +} + +func StubLogsData(app *TestApp) error { + _, err := app.AuxDB().NewQuery(` + delete from {{_logs}}; + + insert into {{_logs}} ( + [[id]], + [[level]], + [[message]], + [[data]], + [[created]], + [[updated]] + ) + values + ( + "873f2133-9f38-44fb-bf82-c8f53b310d91", + 0, + "test_message1", + '{"status":200}', + "2022-05-01 10:00:00.123Z", + "2022-05-01 10:00:00.123Z" + ), + ( + "f2133873-44fb-9f38-bf82-c918f53b310d", + 8, + "test_message2", + '{"status":400}', + "2022-05-02 10:00:00.123Z", + "2022-05-02 10:00:00.123Z" + ); + `).Execute() + + return err +} diff --git a/tests/mailer.go b/tests/mailer.go new file mode 100644 index 0000000..15d6190 --- /dev/null +++ b/tests/mailer.go @@ -0,0 +1,81 @@ +package tests + +import ( + "slices" + "sync" + + "github.com/pocketbase/pocketbase/tools/mailer" +) + +var _ mailer.Mailer = (*TestMailer)(nil) + +// TestMailer is a mock [mailer.Mailer] implementation. +type TestMailer struct { + mux sync.Mutex + messages []*mailer.Message +} + +// Send implements [mailer.Mailer] interface. +func (tm *TestMailer) Send(m *mailer.Message) error { + tm.mux.Lock() + defer tm.mux.Unlock() + + tm.messages = append(tm.messages, m) + return nil +} + +// Reset clears any previously test collected data. +func (tm *TestMailer) Reset() { + tm.mux.Lock() + defer tm.mux.Unlock() + + tm.messages = nil +} + +// TotalSend returns the total number of sent messages. +func (tm *TestMailer) TotalSend() int { + tm.mux.Lock() + defer tm.mux.Unlock() + + return len(tm.messages) +} + +// Messages returns a shallow copy of all of the collected test messages. +func (tm *TestMailer) Messages() []*mailer.Message { + tm.mux.Lock() + defer tm.mux.Unlock() + + return slices.Clone(tm.messages) +} + +// FirstMessage returns a shallow copy of the first sent message. +// +// Returns an empty mailer.Message struct if there are no sent messages. +func (tm *TestMailer) FirstMessage() mailer.Message { + tm.mux.Lock() + defer tm.mux.Unlock() + + var m mailer.Message + + if len(tm.messages) > 0 { + return *tm.messages[0] + } + + return m +} + +// LastMessage returns a shallow copy of the last sent message. +// +// Returns an empty mailer.Message struct if there are no sent messages. +func (tm *TestMailer) LastMessage() mailer.Message { + tm.mux.Lock() + defer tm.mux.Unlock() + + var m mailer.Message + + if len(tm.messages) > 0 { + return *tm.messages[len(tm.messages)-1] + } + + return m +} diff --git a/tests/request.go b/tests/request.go new file mode 100644 index 0000000..55b16b6 --- /dev/null +++ b/tests/request.go @@ -0,0 +1,63 @@ +package tests + +import ( + "bytes" + "io" + "mime/multipart" + "os" +) + +// MockMultipartData creates a mocked multipart/form-data payload. +// +// Example +// +// data, mp, err := tests.MockMultipartData( +// map[string]string{"title": "new"}, +// "file1", +// "file2", +// ... +// ) +func MockMultipartData(data map[string]string, fileFields ...string) (*bytes.Buffer, *multipart.Writer, error) { + body := new(bytes.Buffer) + mp := multipart.NewWriter(body) + defer mp.Close() + + // write data fields + for k, v := range data { + mp.WriteField(k, v) + } + + // write file fields + for _, fileField := range fileFields { + // create a test temporary file + err := func() error { + tmpFile, err := os.CreateTemp(os.TempDir(), "tmpfile-*.txt") + if err != nil { + return err + } + + if _, err := tmpFile.Write([]byte("test")); err != nil { + return err + } + tmpFile.Seek(0, 0) + defer tmpFile.Close() + defer os.Remove(tmpFile.Name()) + + // stub uploaded file + w, err := mp.CreateFormFile(fileField, tmpFile.Name()) + if err != nil { + return err + } + if _, err := io.Copy(w, tmpFile); err != nil { + return err + } + + return nil + }() + if err != nil { + return nil, nil, err + } + } + + return body, mp, nil +} diff --git a/tests/validation_errors.go b/tests/validation_errors.go new file mode 100644 index 0000000..c0a37f9 --- /dev/null +++ b/tests/validation_errors.go @@ -0,0 +1,32 @@ +package tests + +import ( + "errors" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" +) + +// TestValidationErrors checks whether the provided rawErrors are +// instance of [validation.Errors] and contains the expectedErrors keys. +func TestValidationErrors(t *testing.T, rawErrors error, expectedErrors []string) { + var errs validation.Errors + + if rawErrors != nil && !errors.As(rawErrors, &errs) { + t.Fatalf("Failed to parse errors, expected to find validation.Errors, got %T\n%v", rawErrors, rawErrors) + } + + if len(errs) != len(expectedErrors) { + keys := make([]string, 0, len(errs)) + for k := range errs { + keys = append(keys, k) + } + t.Fatalf("Expected error keys \n%v\ngot\n%v\n%v", expectedErrors, keys, errs) + } + + for _, k := range expectedErrors { + if _, ok := errs[k]; !ok { + t.Fatalf("Missing expected error key %q in %v", k, errs) + } + } +} diff --git a/tools/archive/create.go b/tools/archive/create.go new file mode 100644 index 0000000..fcd20ca --- /dev/null +++ b/tools/archive/create.go @@ -0,0 +1,91 @@ +package archive + +import ( + "archive/zip" + "compress/flate" + "errors" + "io" + "io/fs" + "os" + "path/filepath" + "strings" +) + +// Create creates a new zip archive from src dir content and saves it in dest path. +// +// You can specify skipPaths to skip/ignore certain directories and files (relative to src) +// preventing adding them in the final archive. +func Create(src string, dest string, skipPaths ...string) error { + if err := os.MkdirAll(filepath.Dir(dest), os.ModePerm); err != nil { + return err + } + + zf, err := os.Create(dest) + if err != nil { + return err + } + + zw := zip.NewWriter(zf) + + // register a custom Deflate compressor + zw.RegisterCompressor(zip.Deflate, func(out io.Writer) (io.WriteCloser, error) { + return flate.NewWriter(out, flate.BestSpeed) + }) + + err = zipAddFS(zw, os.DirFS(src), skipPaths...) + if err != nil { + // try to cleanup at least the created zip file + return errors.Join(err, zw.Close(), zf.Close(), os.Remove(dest)) + } + + return errors.Join(zw.Close(), zf.Close()) +} + +// note remove after similar method is added in the std lib (https://github.com/golang/go/issues/54898) +func zipAddFS(w *zip.Writer, fsys fs.FS, skipPaths ...string) error { + return fs.WalkDir(fsys, ".", func(name string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + if d.IsDir() { + return nil + } + + // skip + for _, ignore := range skipPaths { + if ignore == name || + strings.HasPrefix(filepath.Clean(name)+string(os.PathSeparator), filepath.Clean(ignore)+string(os.PathSeparator)) { + return nil + } + } + + info, err := d.Info() + if err != nil { + return err + } + + h, err := zip.FileInfoHeader(info) + if err != nil { + return err + } + + h.Name = name + h.Method = zip.Deflate + + fw, err := w.CreateHeader(h) + if err != nil { + return err + } + + f, err := fsys.Open(name) + if err != nil { + return err + } + defer f.Close() + + _, err = io.Copy(fw, f) + + return err + }) +} diff --git a/tools/archive/create_test.go b/tools/archive/create_test.go new file mode 100644 index 0000000..f75eb8e --- /dev/null +++ b/tools/archive/create_test.go @@ -0,0 +1,125 @@ +package archive_test + +import ( + "os" + "path/filepath" + "testing" + + "github.com/pocketbase/pocketbase/tools/archive" +) + +func TestCreateFailure(t *testing.T) { + testDir := createTestDir(t) + defer os.RemoveAll(testDir) + + zipPath := filepath.Join(os.TempDir(), "pb_test.zip") + defer os.RemoveAll(zipPath) + + missingDir := filepath.Join(os.TempDir(), "missing") + + if err := archive.Create(missingDir, zipPath); err == nil { + t.Fatal("Expected to fail due to missing directory or file") + } + + if _, err := os.Stat(zipPath); err == nil { + t.Fatalf("Expected the zip file not to be created") + } +} + +func TestCreateSuccess(t *testing.T) { + testDir := createTestDir(t) + defer os.RemoveAll(testDir) + + zipName := "pb_test.zip" + zipPath := filepath.Join(os.TempDir(), zipName) + defer os.RemoveAll(zipPath) + + // zip testDir content (excluding test and a/b/c dir) + if err := archive.Create(testDir, zipPath, "a/b/c", "test"); err != nil { + t.Fatalf("Failed to create archive: %v", err) + } + + info, err := os.Stat(zipPath) + if err != nil { + t.Fatalf("Failed to retrieve the generated zip file: %v", err) + } + + if name := info.Name(); name != zipName { + t.Fatalf("Expected zip with name %q, got %q", zipName, name) + } + + expectedSize := int64(544) + if size := info.Size(); size != expectedSize { + t.Fatalf("Expected zip with size %d, got %d", expectedSize, size) + } +} + +// ------------------------------------------------------------------- + +// note: make sure to call os.RemoveAll(dir) after you are done +// working with the created test dir. +func createTestDir(t *testing.T) string { + dir, err := os.MkdirTemp(os.TempDir(), "pb_zip_test") + if err != nil { + t.Fatal(err) + } + + if err := os.MkdirAll(filepath.Join(dir, "a/b/c"), os.ModePerm); err != nil { + t.Fatal(err) + } + + { + f, err := os.OpenFile(filepath.Join(dir, "test"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "test2"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "a/test"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "a/b/sub1"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "a/b/c/sub2"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "a/b/c/sub3"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + // symbolic link + if err := os.Symlink(filepath.Join(dir, "test"), filepath.Join(dir, "test_symlink")); err != nil { + t.Fatal(err) + } + + return dir +} diff --git a/tools/archive/extract.go b/tools/archive/extract.go new file mode 100644 index 0000000..a9d581e --- /dev/null +++ b/tools/archive/extract.go @@ -0,0 +1,77 @@ +package archive + +import ( + "archive/zip" + "fmt" + "io" + "os" + "path/filepath" + "strings" +) + +// Extract extracts the zip archive at "src" to "dest". +// +// Note that only dirs and regular files will be extracted. +// Symbolic links, named pipes, sockets, or any other irregular files +// are skipped because they come with too many edge cases and ambiguities. +func Extract(src, dest string) error { + zr, err := zip.OpenReader(src) + if err != nil { + return err + } + defer zr.Close() + + // normalize dest path to check later for Zip Slip + dest = filepath.Clean(dest) + string(os.PathSeparator) + + for _, f := range zr.File { + err := extractFile(f, dest) + if err != nil { + return err + } + } + + return nil +} + +// extractFile extracts the provided zipFile into "basePath/zipFileName" path, +// creating all the necessary path directories. +func extractFile(zipFile *zip.File, basePath string) error { + path := filepath.Join(basePath, zipFile.Name) + + // check for Zip Slip + if !strings.HasPrefix(path, basePath) { + return fmt.Errorf("invalid file path: %s", path) + } + + r, err := zipFile.Open() + if err != nil { + return err + } + defer r.Close() + + // allow only dirs or regular files + if zipFile.FileInfo().IsDir() { + if err := os.MkdirAll(path, os.ModePerm); err != nil { + return err + } + } else if zipFile.FileInfo().Mode().IsRegular() { + // ensure that the file path directories are created + if err := os.MkdirAll(filepath.Dir(path), os.ModePerm); err != nil { + return err + } + + f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, zipFile.Mode()) + if err != nil { + return err + } + defer f.Close() + + _, err = io.Copy(f, r) + if err != nil { + return err + } + } + + return nil +} diff --git a/tools/archive/extract_test.go b/tools/archive/extract_test.go new file mode 100644 index 0000000..16e2617 --- /dev/null +++ b/tools/archive/extract_test.go @@ -0,0 +1,88 @@ +package archive_test + +import ( + "io/fs" + "os" + "path/filepath" + "testing" + + "github.com/pocketbase/pocketbase/tools/archive" +) + +func TestExtractFailure(t *testing.T) { + testDir := createTestDir(t) + defer os.RemoveAll(testDir) + + missingZipPath := filepath.Join(os.TempDir(), "pb_missing_test.zip") + extractedPath := filepath.Join(os.TempDir(), "pb_zip_extract") + defer os.RemoveAll(extractedPath) + + if err := archive.Extract(missingZipPath, extractedPath); err == nil { + t.Fatal("Expected Extract to fail due to missing zipPath") + } + + if _, err := os.Stat(extractedPath); err == nil { + t.Fatalf("Expected %q to not be created", extractedPath) + } +} + +func TestExtractSuccess(t *testing.T) { + testDir := createTestDir(t) + defer os.RemoveAll(testDir) + + zipPath := filepath.Join(os.TempDir(), "pb_test.zip") + defer os.RemoveAll(zipPath) + + extractedPath := filepath.Join(os.TempDir(), "pb_zip_extract") + defer os.RemoveAll(extractedPath) + + // zip testDir content (with exclude) + if err := archive.Create(testDir, zipPath, "a/b/c", "test2", "sub2"); err != nil { + t.Fatalf("Failed to create archive: %v", err) + } + + if err := archive.Extract(zipPath, extractedPath); err != nil { + t.Fatalf("Failed to extract %q in %q", zipPath, extractedPath) + } + + availableFiles := []string{} + + walkErr := filepath.WalkDir(extractedPath, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + if d.IsDir() { + return nil + } + + availableFiles = append(availableFiles, path) + + return nil + }) + if walkErr != nil { + t.Fatalf("Failed to read the extracted dir: %v", walkErr) + } + + // (note: symbolic links and other regular files should be missing) + expectedFiles := []string{ + filepath.Join(extractedPath, "test"), + filepath.Join(extractedPath, "a/test"), + filepath.Join(extractedPath, "a/b/sub1"), + } + + if len(availableFiles) != len(expectedFiles) { + t.Fatalf("Expected \n%v, \ngot \n%v", expectedFiles, availableFiles) + } + +ExpectedLoop: + for _, expected := range expectedFiles { + for _, available := range availableFiles { + if available == expected { + continue ExpectedLoop + } + } + + t.Fatalf("Missing file %q in \n%v", expected, availableFiles) + } +} diff --git a/tools/auth/apple.go b/tools/auth/apple.go new file mode 100644 index 0000000..fc514d3 --- /dev/null +++ b/tools/auth/apple.go @@ -0,0 +1,166 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "strings" + + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameApple] = wrapFactory(NewAppleProvider) +} + +var _ Provider = (*Apple)(nil) + +// NameApple is the unique name of the Apple provider. +const NameApple string = "apple" + +// Apple allows authentication via Apple OAuth2. +// +// [OIDC differences]: https://bitbucket.org/openid/connect/src/master/How-Sign-in-with-Apple-differs-from-OpenID-Connect.md +type Apple struct { + BaseProvider + + jwksURL string +} + +// NewAppleProvider creates a new Apple provider instance with some defaults. +func NewAppleProvider() *Apple { + return &Apple{ + BaseProvider: BaseProvider{ + ctx: context.Background(), + displayName: "Apple", + pkce: true, + scopes: []string{"name", "email"}, + authURL: "https://appleid.apple.com/auth/authorize", + tokenURL: "https://appleid.apple.com/auth/token", + }, + jwksURL: "https://appleid.apple.com/auth/keys", + } +} + +// FetchAuthUser returns an AuthUser instance based on the provided token. +// +// API reference: https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse. +func (p *Apple) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"sub"` + Name string `json:"name"` + Email string `json:"email"` + EmailVerified any `json:"email_verified"` // could be string or bool + User struct { + Name struct { + FirstName string `json:"firstName"` + LastName string `json:"lastName"` + } `json:"name"` + } `json:"user"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if cast.ToBool(extracted.EmailVerified) { + user.Email = extracted.Email + } + + if user.Name == "" { + user.Name = strings.TrimSpace(extracted.User.Name.FirstName + " " + extracted.User.Name.LastName) + } + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface. +// +// Apple doesn't have a UserInfo endpoint and claims about users +// are instead included in the "id_token" (https://openid.net/specs/openid-connect-core-1_0.html#id_tokenExample) +func (p *Apple) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + idToken, _ := token.Extra("id_token").(string) + + claims, err := p.parseAndVerifyIdToken(idToken) + if err != nil { + return nil, err + } + + // Apple only returns the user object the first time the user authorizes the app + // https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple#3331292 + rawUser, _ := token.Extra("user").(string) + if rawUser != "" { + user := map[string]any{} + err = json.Unmarshal([]byte(rawUser), &user) + if err != nil { + return nil, err + } + claims["user"] = user + } + + return json.Marshal(claims) +} + +func (p *Apple) parseAndVerifyIdToken(idToken string) (jwt.MapClaims, error) { + if idToken == "" { + return nil, errors.New("empty id_token") + } + + // extract the token header params and claims + // --- + claims := jwt.MapClaims{} + t, _, err := jwt.NewParser().ParseUnverified(idToken, claims) + if err != nil { + return nil, err + } + + // validate common claims per https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/verifying_a_user#3383769 + // --- + jwtValidator := jwt.NewValidator( + jwt.WithExpirationRequired(), + jwt.WithIssuedAt(), + jwt.WithLeeway(idTokenLeeway), + jwt.WithIssuer("https://appleid.apple.com"), + jwt.WithAudience(p.clientId), + ) + err = jwtValidator.Validate(claims) + if err != nil { + return nil, err + } + + // validate id_token signature + // + // note: this step could be technically considered optional because we trust + // the token which is a result of direct TLS communication with the provider + // (see also https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) + // --- + kid, _ := t.Header["kid"].(string) + err = validateIdTokenSignature(p.ctx, idToken, p.jwksURL, kid) + if err != nil { + return nil, err + } + + return claims, nil +} diff --git a/tools/auth/auth.go b/tools/auth/auth.go new file mode 100644 index 0000000..4d681f9 --- /dev/null +++ b/tools/auth/auth.go @@ -0,0 +1,157 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "net/http" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +// ProviderFactoryFunc defines a function for initializing a new OAuth2 provider. +type ProviderFactoryFunc func() Provider + +// Providers defines a map with all of the available OAuth2 providers. +// +// To register a new provider append a new entry in the map. +var Providers = map[string]ProviderFactoryFunc{} + +// NewProviderByName returns a new preconfigured provider instance by its name identifier. +func NewProviderByName(name string) (Provider, error) { + factory, ok := Providers[name] + if !ok { + return nil, errors.New("missing provider " + name) + } + + return factory(), nil +} + +// Provider defines a common interface for an OAuth2 client. +type Provider interface { + // Context returns the context associated with the provider (if any). + Context() context.Context + + // SetContext assigns the specified context to the current provider. + SetContext(ctx context.Context) + + // PKCE indicates whether the provider can use the PKCE flow. + PKCE() bool + + // SetPKCE toggles the state whether the provider can use the PKCE flow or not. + SetPKCE(enable bool) + + // DisplayName usually returns provider name as it is officially written + // and it could be used directly in the UI. + DisplayName() string + + // SetDisplayName sets the provider's display name. + SetDisplayName(displayName string) + + // Scopes returns the provider access permissions that will be requested. + Scopes() []string + + // SetScopes sets the provider access permissions that will be requested later. + SetScopes(scopes []string) + + // ClientId returns the provider client's app ID. + ClientId() string + + // SetClientId sets the provider client's ID. + SetClientId(clientId string) + + // ClientSecret returns the provider client's app secret. + ClientSecret() string + + // SetClientSecret sets the provider client's app secret. + SetClientSecret(secret string) + + // RedirectURL returns the end address to redirect the user + // going through the OAuth flow. + RedirectURL() string + + // SetRedirectURL sets the provider's RedirectURL. + SetRedirectURL(url string) + + // AuthURL returns the provider's authorization service url. + AuthURL() string + + // SetAuthURL sets the provider's AuthURL. + SetAuthURL(url string) + + // TokenURL returns the provider's token exchange service url. + TokenURL() string + + // SetTokenURL sets the provider's TokenURL. + SetTokenURL(url string) + + // UserInfoURL returns the provider's user info api url. + UserInfoURL() string + + // SetUserInfoURL sets the provider's UserInfoURL. + SetUserInfoURL(url string) + + // Extra returns a shallow copy of any custom config data + // that the provider may be need. + Extra() map[string]any + + // SetExtra updates the provider's custom config data. + SetExtra(data map[string]any) + + // Client returns an http client using the provided token. + Client(token *oauth2.Token) *http.Client + + // BuildAuthURL returns a URL to the provider's consent page + // that asks for permissions for the required scopes explicitly. + BuildAuthURL(state string, opts ...oauth2.AuthCodeOption) string + + // FetchToken converts an authorization code to token. + FetchToken(code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) + + // FetchRawUserInfo requests and marshalizes into `result` the + // the OAuth user api response. + FetchRawUserInfo(token *oauth2.Token) ([]byte, error) + + // FetchAuthUser is similar to FetchRawUserInfo, but normalizes and + // marshalizes the user api response into a standardized AuthUser struct. + FetchAuthUser(token *oauth2.Token) (user *AuthUser, err error) +} + +// wrapFactory is a helper that wraps a Provider specific factory +// function and returns its result as Provider interface. +func wrapFactory[T Provider](factory func() T) ProviderFactoryFunc { + return func() Provider { + return factory() + } +} + +// AuthUser defines a standardized OAuth2 user data structure. +type AuthUser struct { + Expiry types.DateTime `json:"expiry"` + RawUser map[string]any `json:"rawUser"` + Id string `json:"id"` + Name string `json:"name"` + Username string `json:"username"` + Email string `json:"email"` + AvatarURL string `json:"avatarURL"` + AccessToken string `json:"accessToken"` + RefreshToken string `json:"refreshToken"` + + // @todo + // deprecated: use AvatarURL instead + // AvatarUrl will be removed after dropping v0.22 support + AvatarUrl string `json:"avatarUrl"` +} + +// MarshalJSON implements the [json.Marshaler] interface. +// +// @todo remove after dropping v0.22 support +func (au AuthUser) MarshalJSON() ([]byte, error) { + type alias AuthUser // prevent recursion + + au2 := alias(au) + au2.AvatarUrl = au.AvatarURL // ensure that the legacy field is populated + + return json.Marshal(au2) +} diff --git a/tools/auth/auth_test.go b/tools/auth/auth_test.go new file mode 100644 index 0000000..e860d2e --- /dev/null +++ b/tools/auth/auth_test.go @@ -0,0 +1,299 @@ +package auth_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/tools/auth" +) + +func TestProvidersCount(t *testing.T) { + expected := 30 + + if total := len(auth.Providers); total != expected { + t.Fatalf("Expected %d providers, got %d", expected, total) + } +} + +func TestNewProviderByName(t *testing.T) { + var err error + var p auth.Provider + + // invalid + p, err = auth.NewProviderByName("invalid") + if err == nil { + t.Error("Expected error, got nil") + } + if p != nil { + t.Errorf("Expected provider to be nil, got %v", p) + } + + // google + p, err = auth.NewProviderByName(auth.NameGoogle) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Google); !ok { + t.Error("Expected to be instance of *auth.Google") + } + + // facebook + p, err = auth.NewProviderByName(auth.NameFacebook) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Facebook); !ok { + t.Error("Expected to be instance of *auth.Facebook") + } + + // github + p, err = auth.NewProviderByName(auth.NameGithub) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Github); !ok { + t.Error("Expected to be instance of *auth.Github") + } + + // gitlab + p, err = auth.NewProviderByName(auth.NameGitlab) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Gitlab); !ok { + t.Error("Expected to be instance of *auth.Gitlab") + } + + // twitter + p, err = auth.NewProviderByName(auth.NameTwitter) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Twitter); !ok { + t.Error("Expected to be instance of *auth.Twitter") + } + + // discord + p, err = auth.NewProviderByName(auth.NameDiscord) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Discord); !ok { + t.Error("Expected to be instance of *auth.Discord") + } + + // microsoft + p, err = auth.NewProviderByName(auth.NameMicrosoft) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Microsoft); !ok { + t.Error("Expected to be instance of *auth.Microsoft") + } + + // spotify + p, err = auth.NewProviderByName(auth.NameSpotify) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Spotify); !ok { + t.Error("Expected to be instance of *auth.Spotify") + } + + // kakao + p, err = auth.NewProviderByName(auth.NameKakao) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Kakao); !ok { + t.Error("Expected to be instance of *auth.Kakao") + } + + // twitch + p, err = auth.NewProviderByName(auth.NameTwitch) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Twitch); !ok { + t.Error("Expected to be instance of *auth.Twitch") + } + + // strava + p, err = auth.NewProviderByName(auth.NameStrava) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Strava); !ok { + t.Error("Expected to be instance of *auth.Strava") + } + + // gitee + p, err = auth.NewProviderByName(auth.NameGitee) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Gitee); !ok { + t.Error("Expected to be instance of *auth.Gitee") + } + + // livechat + p, err = auth.NewProviderByName(auth.NameLivechat) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Livechat); !ok { + t.Error("Expected to be instance of *auth.Livechat") + } + + // gitea + p, err = auth.NewProviderByName(auth.NameGitea) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Gitea); !ok { + t.Error("Expected to be instance of *auth.Gitea") + } + + // oidc + p, err = auth.NewProviderByName(auth.NameOIDC) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.OIDC); !ok { + t.Error("Expected to be instance of *auth.OIDC") + } + + // oidc2 + p, err = auth.NewProviderByName(auth.NameOIDC + "2") + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.OIDC); !ok { + t.Error("Expected to be instance of *auth.OIDC") + } + + // oidc3 + p, err = auth.NewProviderByName(auth.NameOIDC + "3") + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.OIDC); !ok { + t.Error("Expected to be instance of *auth.OIDC") + } + + // apple + p, err = auth.NewProviderByName(auth.NameApple) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Apple); !ok { + t.Error("Expected to be instance of *auth.Apple") + } + + // instagram + p, err = auth.NewProviderByName(auth.NameInstagram) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Instagram); !ok { + t.Error("Expected to be instance of *auth.Instagram") + } + + // vk + p, err = auth.NewProviderByName(auth.NameVK) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.VK); !ok { + t.Error("Expected to be instance of *auth.VK") + } + + // yandex + p, err = auth.NewProviderByName(auth.NameYandex) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Yandex); !ok { + t.Error("Expected to be instance of *auth.Yandex") + } + + // patreon + p, err = auth.NewProviderByName(auth.NamePatreon) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Patreon); !ok { + t.Error("Expected to be instance of *auth.Patreon") + } + + // mailcow + p, err = auth.NewProviderByName(auth.NameMailcow) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Mailcow); !ok { + t.Error("Expected to be instance of *auth.Mailcow") + } + + // bitbucket + p, err = auth.NewProviderByName(auth.NameBitbucket) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Bitbucket); !ok { + t.Error("Expected to be instance of *auth.Bitbucket") + } + + // planningcenter + p, err = auth.NewProviderByName(auth.NamePlanningcenter) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Planningcenter); !ok { + t.Error("Expected to be instance of *auth.Planningcenter") + } + + // notion + p, err = auth.NewProviderByName(auth.NameNotion) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Notion); !ok { + t.Error("Expected to be instance of *auth.Notion") + } + + // monday + p, err = auth.NewProviderByName(auth.NameMonday) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Monday); !ok { + t.Error("Expected to be instance of *auth.Monday") + } + + // wakatime + p, err = auth.NewProviderByName(auth.NameWakatime) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Wakatime); !ok { + t.Error("Expected to be instance of *auth.Wakatime") + } + + // linear + p, err = auth.NewProviderByName(auth.NameLinear) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Linear); !ok { + t.Error("Expected to be instance of *auth.Linear") + } + + // trakt + p, err = auth.NewProviderByName(auth.NameTrakt) + if err != nil { + t.Errorf("Expected nil, got error %v", err) + } + if _, ok := p.(*auth.Trakt); !ok { + t.Error("Expected to be instance of *auth.Trakt") + } +} diff --git a/tools/auth/base_provider.go b/tools/auth/base_provider.go new file mode 100644 index 0000000..a99edbc --- /dev/null +++ b/tools/auth/base_provider.go @@ -0,0 +1,203 @@ +package auth + +import ( + "context" + "fmt" + "io" + "maps" + "net/http" + + "golang.org/x/oauth2" +) + +// BaseProvider defines common fields and methods used by OAuth2 client providers. +type BaseProvider struct { + ctx context.Context + clientId string + clientSecret string + displayName string + redirectURL string + authURL string + tokenURL string + userInfoURL string + scopes []string + pkce bool + extra map[string]any +} + +// Context implements Provider.Context() interface method. +func (p *BaseProvider) Context() context.Context { + return p.ctx +} + +// SetContext implements Provider.SetContext() interface method. +func (p *BaseProvider) SetContext(ctx context.Context) { + p.ctx = ctx +} + +// PKCE implements Provider.PKCE() interface method. +func (p *BaseProvider) PKCE() bool { + return p.pkce +} + +// SetPKCE implements Provider.SetPKCE() interface method. +func (p *BaseProvider) SetPKCE(enable bool) { + p.pkce = enable +} + +// DisplayName implements Provider.DisplayName() interface method. +func (p *BaseProvider) DisplayName() string { + return p.displayName +} + +// SetDisplayName implements Provider.SetDisplayName() interface method. +func (p *BaseProvider) SetDisplayName(displayName string) { + p.displayName = displayName +} + +// Scopes implements Provider.Scopes() interface method. +func (p *BaseProvider) Scopes() []string { + return p.scopes +} + +// SetScopes implements Provider.SetScopes() interface method. +func (p *BaseProvider) SetScopes(scopes []string) { + p.scopes = scopes +} + +// ClientId implements Provider.ClientId() interface method. +func (p *BaseProvider) ClientId() string { + return p.clientId +} + +// SetClientId implements Provider.SetClientId() interface method. +func (p *BaseProvider) SetClientId(clientId string) { + p.clientId = clientId +} + +// ClientSecret implements Provider.ClientSecret() interface method. +func (p *BaseProvider) ClientSecret() string { + return p.clientSecret +} + +// SetClientSecret implements Provider.SetClientSecret() interface method. +func (p *BaseProvider) SetClientSecret(secret string) { + p.clientSecret = secret +} + +// RedirectURL implements Provider.RedirectURL() interface method. +func (p *BaseProvider) RedirectURL() string { + return p.redirectURL +} + +// SetRedirectURL implements Provider.SetRedirectURL() interface method. +func (p *BaseProvider) SetRedirectURL(url string) { + p.redirectURL = url +} + +// AuthURL implements Provider.AuthURL() interface method. +func (p *BaseProvider) AuthURL() string { + return p.authURL +} + +// SetAuthURL implements Provider.SetAuthURL() interface method. +func (p *BaseProvider) SetAuthURL(url string) { + p.authURL = url +} + +// TokenURL implements Provider.TokenURL() interface method. +func (p *BaseProvider) TokenURL() string { + return p.tokenURL +} + +// SetTokenURL implements Provider.SetTokenURL() interface method. +func (p *BaseProvider) SetTokenURL(url string) { + p.tokenURL = url +} + +// UserInfoURL implements Provider.UserInfoURL() interface method. +func (p *BaseProvider) UserInfoURL() string { + return p.userInfoURL +} + +// SetUserInfoURL implements Provider.SetUserInfoURL() interface method. +func (p *BaseProvider) SetUserInfoURL(url string) { + p.userInfoURL = url +} + +// Extra implements Provider.Extra() interface method. +func (p *BaseProvider) Extra() map[string]any { + return maps.Clone(p.extra) +} + +// SetExtra implements Provider.SetExtra() interface method. +func (p *BaseProvider) SetExtra(data map[string]any) { + p.extra = data +} + +// BuildAuthURL implements Provider.BuildAuthURL() interface method. +func (p *BaseProvider) BuildAuthURL(state string, opts ...oauth2.AuthCodeOption) string { + return p.oauth2Config().AuthCodeURL(state, opts...) +} + +// FetchToken implements Provider.FetchToken() interface method. +func (p *BaseProvider) FetchToken(code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) { + return p.oauth2Config().Exchange(p.ctx, code, opts...) +} + +// Client implements Provider.Client() interface method. +func (p *BaseProvider) Client(token *oauth2.Token) *http.Client { + return p.oauth2Config().Client(p.ctx, token) +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo() interface method. +func (p *BaseProvider) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + req, err := http.NewRequestWithContext(p.ctx, "GET", p.userInfoURL, nil) + if err != nil { + return nil, err + } + + return p.sendRawUserInfoRequest(req, token) +} + +// sendRawUserInfoRequest sends the specified user info request and return its raw response body. +func (p *BaseProvider) sendRawUserInfoRequest(req *http.Request, token *oauth2.Token) ([]byte, error) { + client := p.Client(token) + + res, err := client.Do(req) + if err != nil { + return nil, err + } + defer res.Body.Close() + + result, err := io.ReadAll(res.Body) + if err != nil { + return nil, err + } + + // http.Client.Get doesn't treat non 2xx responses as error + if res.StatusCode >= 400 { + return nil, fmt.Errorf( + "failed to fetch OAuth2 user profile via %s (%d):\n%s", + p.userInfoURL, + res.StatusCode, + string(result), + ) + } + + return result, nil +} + +// oauth2Config constructs a oauth2.Config instance based on the provider settings. +func (p *BaseProvider) oauth2Config() *oauth2.Config { + return &oauth2.Config{ + RedirectURL: p.redirectURL, + ClientID: p.clientId, + ClientSecret: p.clientSecret, + Scopes: p.scopes, + Endpoint: oauth2.Endpoint{ + AuthURL: p.authURL, + TokenURL: p.tokenURL, + }, + } +} diff --git a/tools/auth/base_provider_test.go b/tools/auth/base_provider_test.go new file mode 100644 index 0000000..047abc3 --- /dev/null +++ b/tools/auth/base_provider_test.go @@ -0,0 +1,269 @@ +package auth + +import ( + "bytes" + "context" + "encoding/json" + "testing" + + "golang.org/x/oauth2" +) + +func TestContext(t *testing.T) { + b := BaseProvider{} + + before := b.Scopes() + if before != nil { + t.Errorf("Expected nil context, got %v", before) + } + + b.SetContext(context.Background()) + + after := b.Scopes() + if after != nil { + t.Error("Expected non-nil context") + } +} + +func TestDisplayName(t *testing.T) { + b := BaseProvider{} + + before := b.DisplayName() + if before != "" { + t.Fatalf("Expected displayName to be empty, got %v", before) + } + + b.SetDisplayName("test") + + after := b.DisplayName() + if after != "test" { + t.Fatalf("Expected displayName to be 'test', got %v", after) + } +} + +func TestPKCE(t *testing.T) { + b := BaseProvider{} + + before := b.PKCE() + if before != false { + t.Fatalf("Expected pkce to be %v, got %v", false, before) + } + + b.SetPKCE(true) + + after := b.PKCE() + if after != true { + t.Fatalf("Expected pkce to be %v, got %v", true, after) + } +} + +func TestScopes(t *testing.T) { + b := BaseProvider{} + + before := b.Scopes() + if len(before) != 0 { + t.Fatalf("Expected 0 scopes, got %v", before) + } + + b.SetScopes([]string{"test1", "test2"}) + + after := b.Scopes() + if len(after) != 2 { + t.Fatalf("Expected 2 scopes, got %v", after) + } +} + +func TestClientId(t *testing.T) { + b := BaseProvider{} + + before := b.ClientId() + if before != "" { + t.Fatalf("Expected clientId to be empty, got %v", before) + } + + b.SetClientId("test") + + after := b.ClientId() + if after != "test" { + t.Fatalf("Expected clientId to be 'test', got %v", after) + } +} + +func TestClientSecret(t *testing.T) { + b := BaseProvider{} + + before := b.ClientSecret() + if before != "" { + t.Fatalf("Expected clientSecret to be empty, got %v", before) + } + + b.SetClientSecret("test") + + after := b.ClientSecret() + if after != "test" { + t.Fatalf("Expected clientSecret to be 'test', got %v", after) + } +} + +func TestRedirectURL(t *testing.T) { + b := BaseProvider{} + + before := b.RedirectURL() + if before != "" { + t.Fatalf("Expected RedirectURL to be empty, got %v", before) + } + + b.SetRedirectURL("test") + + after := b.RedirectURL() + if after != "test" { + t.Fatalf("Expected RedirectURL to be 'test', got %v", after) + } +} + +func TestAuthURL(t *testing.T) { + b := BaseProvider{} + + before := b.AuthURL() + if before != "" { + t.Fatalf("Expected authURL to be empty, got %v", before) + } + + b.SetAuthURL("test") + + after := b.AuthURL() + if after != "test" { + t.Fatalf("Expected authURL to be 'test', got %v", after) + } +} + +func TestTokenURL(t *testing.T) { + b := BaseProvider{} + + before := b.TokenURL() + if before != "" { + t.Fatalf("Expected tokenURL to be empty, got %v", before) + } + + b.SetTokenURL("test") + + after := b.TokenURL() + if after != "test" { + t.Fatalf("Expected tokenURL to be 'test', got %v", after) + } +} + +func TestUserInfoURL(t *testing.T) { + b := BaseProvider{} + + before := b.UserInfoURL() + if before != "" { + t.Fatalf("Expected userInfoURL to be empty, got %v", before) + } + + b.SetUserInfoURL("test") + + after := b.UserInfoURL() + if after != "test" { + t.Fatalf("Expected userInfoURL to be 'test', got %v", after) + } +} + +func TestExtra(t *testing.T) { + b := BaseProvider{} + + before := b.Extra() + if before != nil { + t.Fatalf("Expected extra to be empty, got %v", before) + } + + extra := map[string]any{"a": 1, "b": 2} + + b.SetExtra(extra) + + after := b.Extra() + + rawExtra, err := json.Marshal(extra) + if err != nil { + t.Fatal(err) + } + + rawAfter, err := json.Marshal(after) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(rawExtra, rawAfter) { + t.Fatalf("Expected extra to be\n%s\ngot\n%s", rawExtra, rawAfter) + } + + // ensure that it was shallow copied + after["b"] = 3 + if d := b.Extra(); d["b"] != 2 { + t.Fatalf("Expected extra to remain unchanged, got\n%v", d) + } +} + +func TestBuildAuthURL(t *testing.T) { + b := BaseProvider{ + authURL: "authURL_test", + tokenURL: "tokenURL_test", + redirectURL: "redirectURL_test", + clientId: "clientId_test", + clientSecret: "clientSecret_test", + scopes: []string{"test_scope"}, + } + + expected := "authURL_test?access_type=offline&client_id=clientId_test&prompt=consent&redirect_uri=redirectURL_test&response_type=code&scope=test_scope&state=state_test" + result := b.BuildAuthURL("state_test", oauth2.AccessTypeOffline, oauth2.ApprovalForce) + + if result != expected { + t.Errorf("Expected auth url %q, got %q", expected, result) + } +} + +func TestClient(t *testing.T) { + b := BaseProvider{} + + result := b.Client(&oauth2.Token{}) + if result == nil { + t.Error("Expected *http.Client instance, got nil") + } +} + +func TestOauth2Config(t *testing.T) { + b := BaseProvider{ + authURL: "authURL_test", + tokenURL: "tokenURL_test", + redirectURL: "redirectURL_test", + clientId: "clientId_test", + clientSecret: "clientSecret_test", + scopes: []string{"test"}, + } + + result := b.oauth2Config() + + if result.RedirectURL != b.RedirectURL() { + t.Errorf("Expected redirectURL %s, got %s", b.RedirectURL(), result.RedirectURL) + } + + if result.ClientID != b.ClientId() { + t.Errorf("Expected clientId %s, got %s", b.ClientId(), result.ClientID) + } + + if result.ClientSecret != b.ClientSecret() { + t.Errorf("Expected clientSecret %s, got %s", b.ClientSecret(), result.ClientSecret) + } + + if result.Endpoint.AuthURL != b.AuthURL() { + t.Errorf("Expected authURL %s, got %s", b.AuthURL(), result.Endpoint.AuthURL) + } + + if result.Endpoint.TokenURL != b.TokenURL() { + t.Errorf("Expected authURL %s, got %s", b.TokenURL(), result.Endpoint.TokenURL) + } + + if len(result.Scopes) != len(b.Scopes()) || result.Scopes[0] != b.Scopes()[0] { + t.Errorf("Expected scopes %s, got %s", b.Scopes(), result.Scopes) + } +} diff --git a/tools/auth/bitbucket.go b/tools/auth/bitbucket.go new file mode 100644 index 0000000..ca5d877 --- /dev/null +++ b/tools/auth/bitbucket.go @@ -0,0 +1,136 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "io" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameBitbucket] = wrapFactory(NewBitbucketProvider) +} + +var _ Provider = (*Bitbucket)(nil) + +// NameBitbucket is the unique name of the Bitbucket provider. +const NameBitbucket = "bitbucket" + +// Bitbucket is an auth provider for Bitbucket. +type Bitbucket struct { + BaseProvider +} + +// NewBitbucketProvider creates a new Bitbucket provider instance with some defaults. +func NewBitbucketProvider() *Bitbucket { + return &Bitbucket{BaseProvider{ + ctx: context.Background(), + displayName: "Bitbucket", + pkce: false, + scopes: []string{"account"}, + authURL: "https://bitbucket.org/site/oauth2/authorize", + tokenURL: "https://bitbucket.org/site/oauth2/access_token", + userInfoURL: "https://api.bitbucket.org/2.0/user", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Bitbucket's user API. +// +// API reference: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-get +func (p *Bitbucket) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + UUID string `json:"uuid"` + Username string `json:"username"` + DisplayName string `json:"display_name"` + AccountStatus string `json:"account_status"` + Links struct { + Avatar struct { + Href string `json:"href"` + } `json:"avatar"` + } `json:"links"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if extracted.AccountStatus != "active" { + return nil, errors.New("the Bitbucket user is not active") + } + + email, err := p.fetchPrimaryEmail(token) + if err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.UUID, + Name: extracted.DisplayName, + Username: extracted.Username, + Email: email, + AvatarURL: extracted.Links.Avatar.Href, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} + +// fetchPrimaryEmail sends an API request to retrieve the first +// verified primary email. +// +// NB! This method can succeed and still return an empty email. +// Error responses that are result of insufficient scopes permissions are ignored. +// +// API reference: https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-emails-get +func (p *Bitbucket) fetchPrimaryEmail(token *oauth2.Token) (string, error) { + response, err := p.Client(token).Get(p.userInfoURL + "/emails") + if err != nil { + return "", err + } + defer response.Body.Close() + + // ignore common http errors caused by insufficient scope permissions + // (the email field is optional, aka. return the auth user without it) + if response.StatusCode >= 400 { + return "", nil + } + + data, err := io.ReadAll(response.Body) + if err != nil { + return "", err + } + + expected := struct { + Values []struct { + Email string `json:"email"` + IsPrimary bool `json:"is_primary"` + } `json:"values"` + }{} + if err := json.Unmarshal(data, &expected); err != nil { + return "", err + } + + for _, v := range expected.Values { + if v.IsPrimary { + return v.Email, nil + } + } + + return "", nil +} diff --git a/tools/auth/discord.go b/tools/auth/discord.go new file mode 100644 index 0000000..41e78b4 --- /dev/null +++ b/tools/auth/discord.go @@ -0,0 +1,91 @@ +package auth + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameDiscord] = wrapFactory(NewDiscordProvider) +} + +var _ Provider = (*Discord)(nil) + +// NameDiscord is the unique name of the Discord provider. +const NameDiscord string = "discord" + +// Discord allows authentication via Discord OAuth2. +type Discord struct { + BaseProvider +} + +// NewDiscordProvider creates a new Discord provider instance with some defaults. +func NewDiscordProvider() *Discord { + // https://discord.com/developers/docs/topics/oauth2 + // https://discord.com/developers/docs/resources/user#get-current-user + return &Discord{BaseProvider{ + ctx: context.Background(), + displayName: "Discord", + pkce: true, + scopes: []string{"identify", "email"}, + authURL: "https://discord.com/api/oauth2/authorize", + tokenURL: "https://discord.com/api/oauth2/token", + userInfoURL: "https://discord.com/api/users/@me", + }} +} + +// FetchAuthUser returns an AuthUser instance from Discord's user api. +// +// API reference: https://discord.com/developers/docs/resources/user#user-object +func (p *Discord) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"id"` + Username string `json:"username"` + Discriminator string `json:"discriminator"` + Avatar string `json:"avatar"` + Email string `json:"email"` + Verified bool `json:"verified"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + // Build a full avatar URL using the avatar hash provided in the API response + // https://discord.com/developers/docs/reference#image-formatting + avatarURL := fmt.Sprintf("https://cdn.discordapp.com/avatars/%s/%s.png", extracted.Id, extracted.Avatar) + + // Concatenate the user's username and discriminator into a single username string + username := fmt.Sprintf("%s#%s", extracted.Username, extracted.Discriminator) + + user := &AuthUser{ + Id: extracted.Id, + Name: username, + Username: extracted.Username, + AvatarURL: avatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.Verified { + user.Email = extracted.Email + } + + return user, nil +} diff --git a/tools/auth/facebook.go b/tools/auth/facebook.go new file mode 100644 index 0000000..b3f08c0 --- /dev/null +++ b/tools/auth/facebook.go @@ -0,0 +1,78 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/facebook" +) + +func init() { + Providers[NameFacebook] = wrapFactory(NewFacebookProvider) +} + +var _ Provider = (*Facebook)(nil) + +// NameFacebook is the unique name of the Facebook provider. +const NameFacebook string = "facebook" + +// Facebook allows authentication via Facebook OAuth2. +type Facebook struct { + BaseProvider +} + +// NewFacebookProvider creates new Facebook provider instance with some defaults. +func NewFacebookProvider() *Facebook { + return &Facebook{BaseProvider{ + ctx: context.Background(), + displayName: "Facebook", + pkce: true, + scopes: []string{"email"}, + authURL: facebook.Endpoint.AuthURL, + tokenURL: facebook.Endpoint.TokenURL, + userInfoURL: "https://graph.facebook.com/me?fields=name,email,picture.type(large)", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Facebook's user api. +// +// API reference: https://developers.facebook.com/docs/graph-api/reference/user/ +func (p *Facebook) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string + Name string + Email string + Picture struct { + Data struct{ Url string } + } + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + Email: extracted.Email, + AvatarURL: extracted.Picture.Data.Url, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/gitea.go b/tools/auth/gitea.go new file mode 100644 index 0000000..721efaf --- /dev/null +++ b/tools/auth/gitea.go @@ -0,0 +1,78 @@ +package auth + +import ( + "context" + "encoding/json" + "strconv" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameGitea] = wrapFactory(NewGiteaProvider) +} + +var _ Provider = (*Gitea)(nil) + +// NameGitea is the unique name of the Gitea provider. +const NameGitea string = "gitea" + +// Gitea allows authentication via Gitea OAuth2. +type Gitea struct { + BaseProvider +} + +// NewGiteaProvider creates new Gitea provider instance with some defaults. +func NewGiteaProvider() *Gitea { + return &Gitea{BaseProvider{ + ctx: context.Background(), + displayName: "Gitea", + pkce: true, + scopes: []string{"read:user", "user:email"}, + authURL: "https://gitea.com/login/oauth/authorize", + tokenURL: "https://gitea.com/login/oauth/access_token", + userInfoURL: "https://gitea.com/api/v1/user", + }} +} + +// FetchAuthUser returns an AuthUser instance based on Gitea's user api. +// +// API reference: https://try.gitea.io/api/swagger#/user/userGetCurrent +func (p *Gitea) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Name string `json:"full_name"` + Username string `json:"login"` + Email string `json:"email"` + AvatarURL string `json:"avatar_url"` + Id int64 `json:"id"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: strconv.FormatInt(extracted.Id, 10), + Name: extracted.Name, + Username: extracted.Username, + Email: extracted.Email, + AvatarURL: extracted.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/gitee.go b/tools/auth/gitee.go new file mode 100644 index 0000000..ae0b07b --- /dev/null +++ b/tools/auth/gitee.go @@ -0,0 +1,142 @@ +package auth + +import ( + "context" + "encoding/json" + "io" + "strconv" + + "github.com/go-ozzo/ozzo-validation/v4/is" + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameGitee] = wrapFactory(NewGiteeProvider) +} + +var _ Provider = (*Gitee)(nil) + +// NameGitee is the unique name of the Gitee provider. +const NameGitee string = "gitee" + +// Gitee allows authentication via Gitee OAuth2. +type Gitee struct { + BaseProvider +} + +// NewGiteeProvider creates new Gitee provider instance with some defaults. +func NewGiteeProvider() *Gitee { + return &Gitee{BaseProvider{ + ctx: context.Background(), + displayName: "Gitee", + pkce: true, + scopes: []string{"user_info", "emails"}, + authURL: "https://gitee.com/oauth/authorize", + tokenURL: "https://gitee.com/oauth/token", + userInfoURL: "https://gitee.com/api/v5/user", + }} +} + +// FetchAuthUser returns an AuthUser instance based the Gitee's user api. +// +// API reference: https://gitee.com/api/v5/swagger#/getV5User +func (p *Gitee) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Login string `json:"login"` + Name string `json:"name"` + Email string `json:"email"` + AvatarURL string `json:"avatar_url"` + Id int64 `json:"id"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: strconv.FormatInt(extracted.Id, 10), + Name: extracted.Name, + Username: extracted.Login, + AvatarURL: extracted.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.Email != "" && is.EmailFormat.Validate(extracted.Email) == nil { + // valid public primary email + user.Email = extracted.Email + } else { + // send an additional optional request to retrieve the email + email, err := p.fetchPrimaryEmail(token) + if err != nil { + return nil, err + } + user.Email = email + } + + return user, nil +} + +// fetchPrimaryEmail sends an API request to retrieve the verified primary email, +// in case the user hasn't set "Public email address" or has unchecked +// the "Access your emails data" permission during authentication. +// +// NB! This method can succeed and still return an empty email. +// Error responses that are result of insufficient scopes permissions are ignored. +// +// API reference: https://gitee.com/api/v5/swagger#/getV5Emails +func (p *Gitee) fetchPrimaryEmail(token *oauth2.Token) (string, error) { + client := p.Client(token) + + response, err := client.Get("https://gitee.com/api/v5/emails") + if err != nil { + return "", err + } + defer response.Body.Close() + + // ignore common http errors caused by insufficient scope permissions + if response.StatusCode == 401 || response.StatusCode == 403 || response.StatusCode == 404 { + return "", nil + } + + content, err := io.ReadAll(response.Body) + if err != nil { + return "", err + } + + emails := []struct { + Email string + State string + Scope []string + }{} + if err := json.Unmarshal(content, &emails); err != nil { + // ignore unmarshal error in case "Keep my email address private" + // was set because response.Body will be something like: + // {"email":"12285415+test@user.noreply.gitee.com"} + return "", nil + } + + // extract the first verified primary email + for _, email := range emails { + for _, scope := range email.Scope { + if email.State == "confirmed" && scope == "primary" && is.EmailFormat.Validate(email.Email) == nil { + return email.Email, nil + } + } + } + + return "", nil +} diff --git a/tools/auth/github.go b/tools/auth/github.go new file mode 100644 index 0000000..f4aa72f --- /dev/null +++ b/tools/auth/github.go @@ -0,0 +1,136 @@ +package auth + +import ( + "context" + "encoding/json" + "io" + "strconv" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/github" +) + +func init() { + Providers[NameGithub] = wrapFactory(NewGithubProvider) +} + +var _ Provider = (*Github)(nil) + +// NameGithub is the unique name of the Github provider. +const NameGithub string = "github" + +// Github allows authentication via Github OAuth2. +type Github struct { + BaseProvider +} + +// NewGithubProvider creates new Github provider instance with some defaults. +func NewGithubProvider() *Github { + return &Github{BaseProvider{ + ctx: context.Background(), + displayName: "GitHub", + pkce: true, // technically is not supported yet but it is safe as the PKCE params are just ignored + scopes: []string{"read:user", "user:email"}, + authURL: github.Endpoint.AuthURL, + tokenURL: github.Endpoint.TokenURL, + userInfoURL: "https://api.github.com/user", + }} +} + +// FetchAuthUser returns an AuthUser instance based the Github's user api. +// +// API reference: https://docs.github.com/en/rest/reference/users#get-the-authenticated-user +func (p *Github) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Login string `json:"login"` + Name string `json:"name"` + Email string `json:"email"` + AvatarURL string `json:"avatar_url"` + Id int64 `json:"id"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: strconv.FormatInt(extracted.Id, 10), + Name: extracted.Name, + Username: extracted.Login, + Email: extracted.Email, + AvatarURL: extracted.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + // in case user has set "Keep my email address private", send an + // **optional** API request to retrieve the verified primary email + if user.Email == "" { + email, err := p.fetchPrimaryEmail(token) + if err != nil { + return nil, err + } + user.Email = email + } + + return user, nil +} + +// fetchPrimaryEmail sends an API request to retrieve the verified +// primary email, in case "Keep my email address private" was set. +// +// NB! This method can succeed and still return an empty email. +// Error responses that are result of insufficient scopes permissions are ignored. +// +// API reference: https://docs.github.com/en/rest/users/emails?apiVersion=2022-11-28 +func (p *Github) fetchPrimaryEmail(token *oauth2.Token) (string, error) { + client := p.Client(token) + + response, err := client.Get(p.userInfoURL + "/emails") + if err != nil { + return "", err + } + defer response.Body.Close() + + // ignore common http errors caused by insufficient scope permissions + // (the email field is optional, aka. return the auth user without it) + if response.StatusCode == 401 || response.StatusCode == 403 || response.StatusCode == 404 { + return "", nil + } + + content, err := io.ReadAll(response.Body) + if err != nil { + return "", err + } + + emails := []struct { + Email string + Verified bool + Primary bool + }{} + if err := json.Unmarshal(content, &emails); err != nil { + return "", err + } + + // extract the verified primary email + for _, email := range emails { + if email.Verified && email.Primary { + return email.Email, nil + } + } + + return "", nil +} diff --git a/tools/auth/gitlab.go b/tools/auth/gitlab.go new file mode 100644 index 0000000..837197b --- /dev/null +++ b/tools/auth/gitlab.go @@ -0,0 +1,78 @@ +package auth + +import ( + "context" + "encoding/json" + "strconv" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameGitlab] = wrapFactory(NewGitlabProvider) +} + +var _ Provider = (*Gitlab)(nil) + +// NameGitlab is the unique name of the Gitlab provider. +const NameGitlab string = "gitlab" + +// Gitlab allows authentication via Gitlab OAuth2. +type Gitlab struct { + BaseProvider +} + +// NewGitlabProvider creates new Gitlab provider instance with some defaults. +func NewGitlabProvider() *Gitlab { + return &Gitlab{BaseProvider{ + ctx: context.Background(), + displayName: "GitLab", + pkce: true, + scopes: []string{"read_user"}, + authURL: "https://gitlab.com/oauth/authorize", + tokenURL: "https://gitlab.com/oauth/token", + userInfoURL: "https://gitlab.com/api/v4/user", + }} +} + +// FetchAuthUser returns an AuthUser instance based the Gitlab's user api. +// +// API reference: https://docs.gitlab.com/ee/api/users.html#for-admin +func (p *Gitlab) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Name string `json:"name"` + Username string `json:"username"` + Email string `json:"email"` + AvatarURL string `json:"avatar_url"` + Id int64 `json:"id"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: strconv.FormatInt(extracted.Id, 10), + Name: extracted.Name, + Username: extracted.Username, + Email: extracted.Email, + AvatarURL: extracted.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/google.go b/tools/auth/google.go new file mode 100644 index 0000000..086cc97 --- /dev/null +++ b/tools/auth/google.go @@ -0,0 +1,80 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameGoogle] = wrapFactory(NewGoogleProvider) +} + +var _ Provider = (*Google)(nil) + +// NameGoogle is the unique name of the Google provider. +const NameGoogle string = "google" + +// Google allows authentication via Google OAuth2. +type Google struct { + BaseProvider +} + +// NewGoogleProvider creates new Google provider instance with some defaults. +func NewGoogleProvider() *Google { + return &Google{BaseProvider{ + ctx: context.Background(), + displayName: "Google", + pkce: true, + scopes: []string{ + "https://www.googleapis.com/auth/userinfo.profile", + "https://www.googleapis.com/auth/userinfo.email", + }, + authURL: "https://accounts.google.com/o/oauth2/v2/auth", + tokenURL: "https://oauth2.googleapis.com/token", + userInfoURL: "https://www.googleapis.com/oauth2/v3/userinfo", + }} +} + +// FetchAuthUser returns an AuthUser instance based the Google's user api. +func (p *Google) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"sub"` + Name string `json:"name"` + Picture string `json:"picture"` + Email string `json:"email"` + EmailVerified bool `json:"email_verified"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + AvatarURL: extracted.Picture, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.EmailVerified { + user.Email = extracted.Email + } + + return user, nil +} diff --git a/tools/auth/instagram.go b/tools/auth/instagram.go new file mode 100644 index 0000000..9de0f60 --- /dev/null +++ b/tools/auth/instagram.go @@ -0,0 +1,82 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameInstagram] = wrapFactory(NewInstagramProvider) +} + +var _ Provider = (*Instagram)(nil) + +// NameInstagram is the unique name of the Instagram provider. +const NameInstagram string = "instagram2" // "2" suffix to avoid conflicts with the old deprecated version + +// Instagram allows authentication via Instagram Login OAuth2. +type Instagram struct { + BaseProvider +} + +// NewInstagramProvider creates new Instagram provider instance with some defaults. +func NewInstagramProvider() *Instagram { + return &Instagram{BaseProvider{ + ctx: context.Background(), + displayName: "Instagram", + pkce: true, + scopes: []string{"instagram_business_basic"}, + authURL: "https://www.instagram.com/oauth/authorize", + tokenURL: "https://api.instagram.com/oauth/access_token", + userInfoURL: "https://graph.instagram.com/me?fields=id,username,account_type,user_id,name,profile_picture_url,followers_count,follows_count,media_count", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Instagram Login user api response. +// +// API reference: https://developers.facebook.com/docs/instagram-platform/instagram-api-with-instagram-login/get-started#fields +func (p *Instagram) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + // include list of granted permissions to RawUser's payload + if _, ok := rawUser["permissions"]; !ok { + if permissions := token.Extra("permissions"); permissions != nil { + rawUser["permissions"] = permissions + } + } + + extracted := struct { + Id string `json:"user_id"` + Name string `json:"name"` + Username string `json:"username"` + AvatarURL string `json:"profile_picture_url"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Username: extracted.Username, + Name: extracted.Name, + AvatarURL: extracted.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/kakao.go b/tools/auth/kakao.go new file mode 100644 index 0000000..849718a --- /dev/null +++ b/tools/auth/kakao.go @@ -0,0 +1,86 @@ +package auth + +import ( + "context" + "encoding/json" + "strconv" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/kakao" +) + +func init() { + Providers[NameKakao] = wrapFactory(NewKakaoProvider) +} + +var _ Provider = (*Kakao)(nil) + +// NameKakao is the unique name of the Kakao provider. +const NameKakao string = "kakao" + +// Kakao allows authentication via Kakao OAuth2. +type Kakao struct { + BaseProvider +} + +// NewKakaoProvider creates a new Kakao provider instance with some defaults. +func NewKakaoProvider() *Kakao { + return &Kakao{BaseProvider{ + ctx: context.Background(), + displayName: "Kakao", + pkce: true, + scopes: []string{"account_email", "profile_nickname", "profile_image"}, + authURL: kakao.Endpoint.AuthURL, + tokenURL: kakao.Endpoint.TokenURL, + userInfoURL: "https://kapi.kakao.com/v2/user/me", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Kakao's user api. +// +// API reference: https://developers.kakao.com/docs/latest/en/kakaologin/rest-api#req-user-info-response +func (p *Kakao) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Profile struct { + Nickname string `json:"nickname"` + ImageURL string `json:"profile_image"` + } `json:"properties"` + KakaoAccount struct { + Email string `json:"email"` + IsEmailVerified bool `json:"is_email_verified"` + IsEmailValid bool `json:"is_email_valid"` + } `json:"kakao_account"` + Id int64 `json:"id"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: strconv.FormatInt(extracted.Id, 10), + Username: extracted.Profile.Nickname, + AvatarURL: extracted.Profile.ImageURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.KakaoAccount.IsEmailValid && extracted.KakaoAccount.IsEmailVerified { + user.Email = extracted.KakaoAccount.Email + } + + return user, nil +} diff --git a/tools/auth/linear.go b/tools/auth/linear.go new file mode 100644 index 0000000..d5bab3c --- /dev/null +++ b/tools/auth/linear.go @@ -0,0 +1,109 @@ +package auth + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "net/http" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameLinear] = wrapFactory(NewLinearProvider) +} + +var _ Provider = (*Linear)(nil) + +// NameLinear is the unique name of the Linear provider. +const NameLinear string = "linear" + +// Linear allows authentication via Linear OAuth2. +type Linear struct { + BaseProvider +} + +// NewLinearProvider creates new Linear provider instance with some defaults. +// +// API reference: https://developers.linear.app/docs/oauth/authentication +func NewLinearProvider() *Linear { + return &Linear{BaseProvider{ + ctx: context.Background(), + displayName: "Linear", + pkce: false, // Linear doesn't support PKCE at the moment and returns an error if enabled + scopes: []string{"read"}, + authURL: "https://linear.app/oauth/authorize", + tokenURL: "https://api.linear.app/oauth/token", + userInfoURL: "https://api.linear.app/graphql", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Linear's user api. +// +// API reference: https://developers.linear.app/docs/graphql/working-with-the-graphql-api#authentication +func (p *Linear) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data struct { + Viewer struct { + Id string `json:"id"` + DisplayName string `json:"displayName"` + Name string `json:"name"` + Email string `json:"email"` + AvatarURL string `json:"avatarUrl"` + Active bool `json:"active"` + } `json:"viewer"` + } `json:"data"` + }{} + + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if !extracted.Data.Viewer.Active { + return nil, errors.New("the Linear user account is not active") + } + + user := &AuthUser{ + Id: extracted.Data.Viewer.Id, + Name: extracted.Data.Viewer.Name, + Username: extracted.Data.Viewer.DisplayName, + Email: extracted.Data.Viewer.Email, + AvatarURL: extracted.Data.Viewer.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface method. +// +// Linear doesn't have a UserInfo endpoint and information on the user +// is retrieved using their GraphQL API (https://developers.linear.app/docs/graphql/working-with-the-graphql-api#queries-and-mutations) +func (p *Linear) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + query := []byte(`{"query": "query Me { viewer { id displayName name email avatarUrl active } }"}`) + bodyReader := bytes.NewReader(query) + + req, err := http.NewRequestWithContext(p.ctx, "POST", p.userInfoURL, bodyReader) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", "application/json") + + return p.sendRawUserInfoRequest(req, token) +} diff --git a/tools/auth/livechat.go b/tools/auth/livechat.go new file mode 100644 index 0000000..2272091 --- /dev/null +++ b/tools/auth/livechat.go @@ -0,0 +1,79 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameLivechat] = wrapFactory(NewLivechatProvider) +} + +var _ Provider = (*Livechat)(nil) + +// NameLivechat is the unique name of the Livechat provider. +const NameLivechat = "livechat" + +// Livechat allows authentication via Livechat OAuth2. +type Livechat struct { + BaseProvider +} + +// NewLivechatProvider creates new Livechat provider instance with some defaults. +func NewLivechatProvider() *Livechat { + return &Livechat{BaseProvider{ + ctx: context.Background(), + displayName: "LiveChat", + pkce: true, + scopes: []string{}, // default scopes are specified from the provider dashboard + authURL: "https://accounts.livechat.com/", + tokenURL: "https://accounts.livechat.com/token", + userInfoURL: "https://accounts.livechat.com/v2/accounts/me", + }} +} + +// FetchAuthUser returns an AuthUser based on the Livechat accounts API. +// +// API reference: https://developers.livechat.com/docs/authorization +func (p *Livechat) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"account_id"` + Name string `json:"name"` + Email string `json:"email"` + EmailVerified bool `json:"email_verified"` + AvatarURL string `json:"avatar_url"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + AvatarURL: extracted.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.EmailVerified { + user.Email = extracted.Email + } + + return user, nil +} diff --git a/tools/auth/mailcow.go b/tools/auth/mailcow.go new file mode 100644 index 0000000..7e802be --- /dev/null +++ b/tools/auth/mailcow.go @@ -0,0 +1,84 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "strings" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameMailcow] = wrapFactory(NewMailcowProvider) +} + +var _ Provider = (*Mailcow)(nil) + +// NameMailcow is the unique name of the mailcow provider. +const NameMailcow string = "mailcow" + +// Mailcow allows authentication via mailcow OAuth2. +type Mailcow struct { + BaseProvider +} + +// NewMailcowProvider creates a new mailcow provider instance with some defaults. +func NewMailcowProvider() *Mailcow { + return &Mailcow{BaseProvider{ + ctx: context.Background(), + displayName: "mailcow", + pkce: true, + scopes: []string{"profile"}, + }} +} + +// FetchAuthUser returns an AuthUser instance based on mailcow's user api. +// +// API reference: https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/oauth/profile.php +func (p *Mailcow) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"id"` + Username string `json:"username"` + Email string `json:"email"` + FullName string `json:"full_name"` + Active int `json:"active"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if extracted.Active != 1 { + return nil, errors.New("the mailcow user is not active") + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.FullName, + Username: extracted.Username, + Email: extracted.Email, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + // mailcow usernames are usually just the email adresses, so we just take the part in front of the @ + if strings.Contains(user.Username, "@") { + user.Username = strings.Split(user.Username, "@")[0] + } + + return user, nil +} diff --git a/tools/auth/microsoft.go b/tools/auth/microsoft.go new file mode 100644 index 0000000..9873258 --- /dev/null +++ b/tools/auth/microsoft.go @@ -0,0 +1,76 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/microsoft" +) + +func init() { + Providers[NameMicrosoft] = wrapFactory(NewMicrosoftProvider) +} + +var _ Provider = (*Microsoft)(nil) + +// NameMicrosoft is the unique name of the Microsoft provider. +const NameMicrosoft string = "microsoft" + +// Microsoft allows authentication via AzureADEndpoint OAuth2. +type Microsoft struct { + BaseProvider +} + +// NewMicrosoftProvider creates new Microsoft AD provider instance with some defaults. +func NewMicrosoftProvider() *Microsoft { + endpoints := microsoft.AzureADEndpoint("") + return &Microsoft{BaseProvider{ + ctx: context.Background(), + displayName: "Microsoft", + pkce: true, + scopes: []string{"User.Read"}, + authURL: endpoints.AuthURL, + tokenURL: endpoints.TokenURL, + userInfoURL: "https://graph.microsoft.com/v1.0/me", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Microsoft's user api. +// +// API reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo +// Graph explorer: https://developer.microsoft.com/en-us/graph/graph-explorer +func (p *Microsoft) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"id"` + Name string `json:"displayName"` + Email string `json:"mail"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + Email: extracted.Email, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/monday.go b/tools/auth/monday.go new file mode 100644 index 0000000..3076c49 --- /dev/null +++ b/tools/auth/monday.go @@ -0,0 +1,108 @@ +package auth + +import ( + "bytes" + "context" + "encoding/json" + "errors" + "net/http" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameMonday] = wrapFactory(NewMondayProvider) +} + +var _ Provider = (*Monday)(nil) + +// NameMonday is the unique name of the Monday provider. +const NameMonday = "monday" + +// Monday is an auth provider for monday.com. +type Monday struct { + BaseProvider +} + +// NewMondayProvider creates a new Monday provider instance with some defaults. +func NewMondayProvider() *Monday { + return &Monday{BaseProvider{ + ctx: context.Background(), + displayName: "monday.com", + pkce: true, + scopes: []string{"me:read"}, + authURL: "https://auth.monday.com/oauth2/authorize", + tokenURL: "https://auth.monday.com/oauth2/token", + userInfoURL: "https://api.monday.com/v2", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Monday's user api. +// +// API reference: https://developer.monday.com/api-reference/reference/me +func (p *Monday) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data struct { + Me struct { + Id string `json:"id"` + Enabled bool `json:"enabled"` + Name string `json:"name"` + Email string `json:"email"` + IsVerified bool `json:"is_verified"` + Avatar string `json:"photo_small"` + } `json:"me"` + } `json:"data"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if !extracted.Data.Me.Enabled { + return nil, errors.New("the monday.com user account is not enabled") + } + + user := &AuthUser{ + Id: extracted.Data.Me.Id, + Name: extracted.Data.Me.Name, + AvatarURL: extracted.Data.Me.Avatar, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + if extracted.Data.Me.IsVerified { + user.Email = extracted.Data.Me.Email + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface. +// +// monday.com doesn't have a UserInfo endpoint and information on the user +// is retrieved using their GraphQL API (https://developer.monday.com/api-reference/reference/me#queries) +func (p *Monday) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + query := []byte(`{"query": "query { me { id enabled name email is_verified photo_small }}"}`) + bodyReader := bytes.NewReader(query) + + req, err := http.NewRequestWithContext(p.ctx, "POST", p.userInfoURL, bodyReader) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", "application/json") + + return p.sendRawUserInfoRequest(req, token) +} diff --git a/tools/auth/notion.go b/tools/auth/notion.go new file mode 100644 index 0000000..5138e21 --- /dev/null +++ b/tools/auth/notion.go @@ -0,0 +1,106 @@ +package auth + +import ( + "context" + "encoding/json" + "net/http" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameNotion] = wrapFactory(NewNotionProvider) +} + +var _ Provider = (*Notion)(nil) + +// NameNotion is the unique name of the Notion provider. +const NameNotion string = "notion" + +// Notion allows authentication via Notion OAuth2. +type Notion struct { + BaseProvider +} + +// NewNotionProvider creates new Notion provider instance with some defaults. +func NewNotionProvider() *Notion { + return &Notion{BaseProvider{ + ctx: context.Background(), + displayName: "Notion", + pkce: true, + authURL: "https://api.notion.com/v1/oauth/authorize", + tokenURL: "https://api.notion.com/v1/oauth/token", + userInfoURL: "https://api.notion.com/v1/users/me", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Notion's User api. +// API reference: https://developers.notion.com/reference/get-self +func (p *Notion) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + AvatarURL string `json:"avatar_url"` + Bot struct { + Owner struct { + Type string `json:"type"` + User struct { + AvatarURL string `json:"avatar_url"` + Id string `json:"id"` + Name string `json:"name"` + Person struct { + Email string `json:"email"` + } `json:"person"` + } `json:"user"` + } `json:"owner"` + WorkspaceName string `json:"workspace_name"` + } `json:"bot"` + Id string `json:"id"` + Name string `json:"name"` + Object string `json:"object"` + RequestId string `json:"request_id"` + Type string `json:"type"` + }{} + + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Bot.Owner.User.Id, + Name: extracted.Bot.Owner.User.Name, + Email: extracted.Bot.Owner.User.Person.Email, + AvatarURL: extracted.Bot.Owner.User.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface method. +// +// This differ from BaseProvider because Notion requires a version header for all requests +// (https://developers.notion.com/reference/versioning). +func (p *Notion) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + req, err := http.NewRequestWithContext(p.ctx, "GET", p.userInfoURL, nil) + if err != nil { + return nil, err + } + + req.Header.Set("Notion-Version", "2022-06-28") + + return p.sendRawUserInfoRequest(req, token) +} diff --git a/tools/auth/oidc.go b/tools/auth/oidc.go new file mode 100644 index 0000000..81529ad --- /dev/null +++ b/tools/auth/oidc.go @@ -0,0 +1,292 @@ +package auth + +import ( + "context" + "crypto/rsa" + "encoding/base64" + "encoding/json" + "errors" + "fmt" + "io" + "math/big" + "net/http" + "os" + "strconv" + "strings" + "time" + + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/types" + "github.com/spf13/cast" + "golang.org/x/oauth2" +) + +// idTokenLeeway is the optional leeway for the id_token timestamp fields validation. +// +// It can be changed externally using the PB_ID_TOKEN_LEEWAY env variable +// (the value must be in seconds, e.g. "PB_ID_TOKEN_LEEWAY=60" for 1 minute). +var idTokenLeeway time.Duration = 5 * time.Minute + +func init() { + Providers[NameOIDC] = wrapFactory(NewOIDCProvider) + Providers[NameOIDC+"2"] = wrapFactory(NewOIDCProvider) + Providers[NameOIDC+"3"] = wrapFactory(NewOIDCProvider) + + if leewayStr := os.Getenv("PB_ID_TOKEN_LEEWAY"); leewayStr != "" { + leeway, err := strconv.Atoi(leewayStr) + if err == nil { + idTokenLeeway = time.Duration(leeway) * time.Second + } + } +} + +var _ Provider = (*OIDC)(nil) + +// NameOIDC is the unique name of the OpenID Connect (OIDC) provider. +const NameOIDC string = "oidc" + +// OIDC allows authentication via OpenID Connect (OIDC) OAuth2 provider. +// +// If specified the user data is fetched from the userInfoURL. +// Otherwise - from the id_token payload. +// +// The provider support the following Extra config options: +// - "jwksURL" - url to the keys to validate the id_token signature (optional and used only when reading the user data from the id_token) +// - "issuers" - list of valid issuers for the iss id_token claim (optioanl and used only when reading the user data from the id_token) +type OIDC struct { + BaseProvider +} + +// NewOIDCProvider creates new OpenID Connect (OIDC) provider instance with some defaults. +func NewOIDCProvider() *OIDC { + return &OIDC{BaseProvider{ + ctx: context.Background(), + displayName: "OIDC", + pkce: true, + scopes: []string{ + "openid", // minimal requirement to return the id + "email", + "profile", + }, + }} +} + +// FetchAuthUser returns an AuthUser instance based the provider's user api. +// +// API reference: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims +func (p *OIDC) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"sub"` + Name string `json:"name"` + Username string `json:"preferred_username"` + Picture string `json:"picture"` + Email string `json:"email"` + EmailVerified any `json:"email_verified"` // see #6657 + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + Username: extracted.Username, + AvatarURL: extracted.Picture, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if cast.ToBool(extracted.EmailVerified) { + user.Email = extracted.Email + } + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface method. +// +// It either fetch the data from p.userInfoURL, or if not set - returns the id_token claims. +func (p *OIDC) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + if p.userInfoURL != "" { + return p.BaseProvider.FetchRawUserInfo(token) + } + + claims, err := p.parseIdToken(token) + if err != nil { + return nil, err + } + + return json.Marshal(claims) +} + +func (p *OIDC) parseIdToken(token *oauth2.Token) (jwt.MapClaims, error) { + idToken := token.Extra("id_token").(string) + if idToken == "" { + return nil, errors.New("empty id_token") + } + + claims := jwt.MapClaims{} + t, _, err := jwt.NewParser().ParseUnverified(idToken, claims) + if err != nil { + return nil, err + } + + // validate common claims + jwtValidator := jwt.NewValidator( + jwt.WithIssuedAt(), + jwt.WithLeeway(idTokenLeeway), + jwt.WithAudience(p.clientId), + ) + err = jwtValidator.Validate(claims) + if err != nil { + return nil, err + } + + // validate iss (if "issuers" extra config is set) + issuers := cast.ToStringSlice(p.Extra()["issuers"]) + if len(issuers) > 0 { + var isIssValid bool + claimIssuer, _ := claims.GetIssuer() + + for _, issuer := range issuers { + if security.Equal(claimIssuer, issuer) { + isIssValid = true + break + } + } + + if !isIssValid { + return nil, fmt.Errorf("iss must be one of %v, got %#v", issuers, claims["iss"]) + } + } + + // validate signature (if "jwksURL" extra config is set) + // + // note: this step could be technically considered optional because we trust + // the token which is a result of direct TLS communication with the provider + // (see also https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation) + jwksURL := cast.ToString(p.Extra()["jwksURL"]) + if jwksURL != "" { + kid, _ := t.Header["kid"].(string) + err = validateIdTokenSignature(p.ctx, idToken, jwksURL, kid) + if err != nil { + return nil, err + } + } + + return claims, nil +} + +func validateIdTokenSignature(ctx context.Context, idToken string, jwksURL string, kid string) error { + // fetch the public key set + // --- + if kid == "" { + return errors.New("missing kid header value") + } + + key, err := fetchJWK(ctx, jwksURL, kid) + if err != nil { + return err + } + + // decode the key params per RFC 7518 (https://tools.ietf.org/html/rfc7518#section-6.3) + // and construct a valid publicKey from them + // --- + exponent, err := base64.RawURLEncoding.DecodeString(strings.TrimRight(key.E, "=")) + if err != nil { + return err + } + + modulus, err := base64.RawURLEncoding.DecodeString(strings.TrimRight(key.N, "=")) + if err != nil { + return err + } + + publicKey := &rsa.PublicKey{ + // https://tools.ietf.org/html/rfc7517#appendix-A.1 + E: int(big.NewInt(0).SetBytes(exponent).Uint64()), + N: big.NewInt(0).SetBytes(modulus), + } + + // verify the signiture + // --- + parser := jwt.NewParser(jwt.WithValidMethods([]string{key.Alg})) + + parsedToken, err := parser.Parse(idToken, func(t *jwt.Token) (any, error) { + return publicKey, nil + }) + if err != nil { + return err + } + + if !parsedToken.Valid { + return errors.New("the parsed id_token is invalid") + } + + return nil +} + +type jwk struct { + Kty string + Kid string + Use string + Alg string + N string + E string +} + +func fetchJWK(ctx context.Context, jwksURL string, kid string) (*jwk, error) { + req, err := http.NewRequestWithContext(ctx, "GET", jwksURL, nil) + if err != nil { + return nil, err + } + + res, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + defer res.Body.Close() + + rawBody, err := io.ReadAll(res.Body) + if err != nil { + return nil, err + } + + // http.Client.Get doesn't treat non 2xx responses as error + if res.StatusCode >= 400 { + return nil, fmt.Errorf( + "failed to verify the provided id_token (%d):\n%s", + res.StatusCode, + string(rawBody), + ) + } + + jwks := struct { + Keys []*jwk + }{} + if err := json.Unmarshal(rawBody, &jwks); err != nil { + return nil, err + } + + for _, key := range jwks.Keys { + if key.Kid == kid { + return key, nil + } + } + + return nil, fmt.Errorf("jwk with kid %q was not found", kid) +} diff --git a/tools/auth/patreon.go b/tools/auth/patreon.go new file mode 100644 index 0000000..ccccc79 --- /dev/null +++ b/tools/auth/patreon.go @@ -0,0 +1,88 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/endpoints" +) + +func init() { + Providers[NamePatreon] = wrapFactory(NewPatreonProvider) +} + +var _ Provider = (*Patreon)(nil) + +// NamePatreon is the unique name of the Patreon provider. +const NamePatreon string = "patreon" + +// Patreon allows authentication via Patreon OAuth2. +type Patreon struct { + BaseProvider +} + +// NewPatreonProvider creates new Patreon provider instance with some defaults. +func NewPatreonProvider() *Patreon { + return &Patreon{BaseProvider{ + ctx: context.Background(), + displayName: "Patreon", + pkce: true, + scopes: []string{"identity", "identity[email]"}, + authURL: endpoints.Patreon.AuthURL, + tokenURL: endpoints.Patreon.TokenURL, + userInfoURL: "https://www.patreon.com/api/oauth2/v2/identity?fields%5Buser%5D=full_name,email,vanity,image_url,is_email_verified", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Patreons's identity api. +// +// API reference: +// https://docs.patreon.com/#get-api-oauth2-v2-identity +// https://docs.patreon.com/#user-v2 +func (p *Patreon) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data struct { + Id string `json:"id"` + Attributes struct { + Email string `json:"email"` + Name string `json:"full_name"` + Username string `json:"vanity"` + AvatarURL string `json:"image_url"` + IsEmailVerified bool `json:"is_email_verified"` + } `json:"attributes"` + } `json:"data"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Data.Id, + Username: extracted.Data.Attributes.Username, + Name: extracted.Data.Attributes.Name, + AvatarURL: extracted.Data.Attributes.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.Data.Attributes.IsEmailVerified { + user.Email = extracted.Data.Attributes.Email + } + + return user, nil +} diff --git a/tools/auth/planningcenter.go b/tools/auth/planningcenter.go new file mode 100644 index 0000000..2d834dc --- /dev/null +++ b/tools/auth/planningcenter.go @@ -0,0 +1,85 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NamePlanningcenter] = wrapFactory(NewPlanningcenterProvider) +} + +var _ Provider = (*Planningcenter)(nil) + +// NamePlanningcenter is the unique name of the Planningcenter provider. +const NamePlanningcenter string = "planningcenter" + +// Planningcenter allows authentication via Planningcenter OAuth2. +type Planningcenter struct { + BaseProvider +} + +// NewPlanningcenterProvider creates a new Planningcenter provider instance with some defaults. +func NewPlanningcenterProvider() *Planningcenter { + return &Planningcenter{BaseProvider{ + ctx: context.Background(), + displayName: "Planning Center", + pkce: true, + scopes: []string{"people"}, + authURL: "https://api.planningcenteronline.com/oauth/authorize", + tokenURL: "https://api.planningcenteronline.com/oauth/token", + userInfoURL: "https://api.planningcenteronline.com/people/v2/me", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Planningcenter's user api. +// +// API reference: https://developer.planning.center/docs/#/overview/authentication +func (p *Planningcenter) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data struct { + Id string `json:"id"` + Attributes struct { + Status string `json:"status"` + Name string `json:"name"` + AvatarURL string `json:"avatar"` + // don't map the email because users can have multiple assigned + // and it's not clear if they are verified + } + } + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if extracted.Data.Attributes.Status != "active" { + return nil, errors.New("the user is not active") + } + + user := &AuthUser{ + Id: extracted.Data.Id, + Name: extracted.Data.Attributes.Name, + AvatarURL: extracted.Data.Attributes.AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/spotify.go b/tools/auth/spotify.go new file mode 100644 index 0000000..7e6b970 --- /dev/null +++ b/tools/auth/spotify.go @@ -0,0 +1,87 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/spotify" +) + +func init() { + Providers[NameSpotify] = wrapFactory(NewSpotifyProvider) +} + +var _ Provider = (*Spotify)(nil) + +// NameSpotify is the unique name of the Spotify provider. +const NameSpotify string = "spotify" + +// Spotify allows authentication via Spotify OAuth2. +type Spotify struct { + BaseProvider +} + +// NewSpotifyProvider creates a new Spotify provider instance with some defaults. +func NewSpotifyProvider() *Spotify { + return &Spotify{BaseProvider{ + ctx: context.Background(), + displayName: "Spotify", + pkce: true, + scopes: []string{ + "user-read-private", + // currently Spotify doesn't return information whether the email is verified or not + // "user-read-email", + }, + authURL: spotify.Endpoint.AuthURL, + tokenURL: spotify.Endpoint.TokenURL, + userInfoURL: "https://api.spotify.com/v1/me", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Spotify's user api. +// +// API reference: https://developer.spotify.com/documentation/web-api/reference/#/operations/get-current-users-profile +func (p *Spotify) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"id"` + Name string `json:"display_name"` + Images []struct { + URL string `json:"url"` + } `json:"images"` + // don't map the email because per the official docs + // the email field is "unverified" and there is no proof + // that it actually belongs to the user + // Email string `json:"email"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if len(extracted.Images) > 0 { + user.AvatarURL = extracted.Images[0].URL + } + + return user, nil +} diff --git a/tools/auth/strava.go b/tools/auth/strava.go new file mode 100644 index 0000000..836af0f --- /dev/null +++ b/tools/auth/strava.go @@ -0,0 +1,85 @@ +package auth + +import ( + "context" + "encoding/json" + "strconv" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameStrava] = wrapFactory(NewStravaProvider) +} + +var _ Provider = (*Strava)(nil) + +// NameStrava is the unique name of the Strava provider. +const NameStrava string = "strava" + +// Strava allows authentication via Strava OAuth2. +type Strava struct { + BaseProvider +} + +// NewStravaProvider creates new Strava provider instance with some defaults. +func NewStravaProvider() *Strava { + return &Strava{BaseProvider{ + ctx: context.Background(), + displayName: "Strava", + pkce: true, + scopes: []string{ + "profile:read_all", + }, + authURL: "https://www.strava.com/oauth/authorize", + tokenURL: "https://www.strava.com/api/v3/oauth/token", + userInfoURL: "https://www.strava.com/api/v3/athlete", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Strava's user api. +// +// API reference: https://developers.strava.com/docs/authentication/ +func (p *Strava) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id int64 `json:"id"` + FirstName string `json:"firstname"` + LastName string `json:"lastname"` + Username string `json:"username"` + ProfileImageURL string `json:"profile"` + + // At the time of writing, Strava OAuth2 doesn't support returning the user email address + // Email string `json:"email"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Name: extracted.FirstName + " " + extracted.LastName, + Username: extracted.Username, + AvatarURL: extracted.ProfileImageURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if extracted.Id != 0 { + user.Id = strconv.FormatInt(extracted.Id, 10) + } + + return user, nil +} diff --git a/tools/auth/trakt.go b/tools/auth/trakt.go new file mode 100644 index 0000000..b6bfdcd --- /dev/null +++ b/tools/auth/trakt.go @@ -0,0 +1,102 @@ +package auth + +import ( + "context" + "encoding/json" + "net/http" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameTrakt] = wrapFactory(NewTraktProvider) +} + +var _ Provider = (*Trakt)(nil) + +// NameTrakt is the unique name of the Trakt provider. +const NameTrakt string = "trakt" + +// Trakt allows authentication via Trakt OAuth2. +type Trakt struct { + BaseProvider +} + +// NewTraktProvider creates new Trakt provider instance with some defaults. +func NewTraktProvider() *Trakt { + return &Trakt{BaseProvider{ + ctx: context.Background(), + displayName: "Trakt", + pkce: true, + authURL: "https://trakt.tv/oauth/authorize", + tokenURL: "https://api.trakt.tv/oauth/token", + userInfoURL: "https://api.trakt.tv/users/settings", + }} +} + +// FetchAuthUser returns an AuthUser instance based on Trakt's user settings API. +// API reference: https://trakt.docs.apiary.io/#reference/users/settings/retrieve-settings +func (p *Trakt) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + User struct { + Username string `json:"username"` + Name string `json:"name"` + Ids struct { + Slug string `json:"slug"` + UUID string `json:"uuid"` + } `json:"ids"` + Images struct { + Avatar struct { + Full string `json:"full"` + } `json:"avatar"` + } `json:"images"` + } `json:"user"` + }{} + + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.User.Ids.UUID, + Username: extracted.User.Username, + Name: extracted.User.Name, + AvatarURL: extracted.User.Images.Avatar.Full, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface method. +// +// This differ from BaseProvider because Trakt requires a number of +// mandatory headers for all requests +// (https://trakt.docs.apiary.io/#introduction/required-headers). +func (p *Trakt) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + req, err := http.NewRequestWithContext(p.ctx, "GET", p.userInfoURL, nil) + if err != nil { + return nil, err + } + + req.Header.Set("Content-type", "application/json") + req.Header.Set("trakt-api-key", p.clientId) + req.Header.Set("trakt-api-version", "2") + + return p.sendRawUserInfoRequest(req, token) +} diff --git a/tools/auth/twitch.go b/tools/auth/twitch.go new file mode 100644 index 0000000..17db99e --- /dev/null +++ b/tools/auth/twitch.go @@ -0,0 +1,100 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "net/http" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/twitch" +) + +func init() { + Providers[NameTwitch] = wrapFactory(NewTwitchProvider) +} + +var _ Provider = (*Twitch)(nil) + +// NameTwitch is the unique name of the Twitch provider. +const NameTwitch string = "twitch" + +// Twitch allows authentication via Twitch OAuth2. +type Twitch struct { + BaseProvider +} + +// NewTwitchProvider creates new Twitch provider instance with some defaults. +func NewTwitchProvider() *Twitch { + return &Twitch{BaseProvider{ + ctx: context.Background(), + displayName: "Twitch", + pkce: true, + scopes: []string{"user:read:email"}, + authURL: twitch.Endpoint.AuthURL, + tokenURL: twitch.Endpoint.TokenURL, + userInfoURL: "https://api.twitch.tv/helix/users", + }} +} + +// FetchAuthUser returns an AuthUser instance based the Twitch's user api. +// +// API reference: https://dev.twitch.tv/docs/api/reference#get-users +func (p *Twitch) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data []struct { + Id string `json:"id"` + Login string `json:"login"` + DisplayName string `json:"display_name"` + Email string `json:"email"` + ProfileImageURL string `json:"profile_image_url"` + } `json:"data"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if len(extracted.Data) == 0 { + return nil, errors.New("failed to fetch AuthUser data") + } + + user := &AuthUser{ + Id: extracted.Data[0].Id, + Name: extracted.Data[0].DisplayName, + Username: extracted.Data[0].Login, + Email: extracted.Data[0].Email, + AvatarURL: extracted.Data[0].ProfileImageURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} + +// FetchRawUserInfo implements Provider.FetchRawUserInfo interface method. +// +// This differ from BaseProvider because Twitch requires the Client-Id header. +func (p *Twitch) FetchRawUserInfo(token *oauth2.Token) ([]byte, error) { + req, err := http.NewRequestWithContext(p.ctx, "GET", p.userInfoURL, nil) + if err != nil { + return nil, err + } + + req.Header.Set("Client-Id", p.clientId) + + return p.sendRawUserInfoRequest(req, token) +} diff --git a/tools/auth/twitter.go b/tools/auth/twitter.go new file mode 100644 index 0000000..60a905f --- /dev/null +++ b/tools/auth/twitter.go @@ -0,0 +1,87 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameTwitter] = wrapFactory(NewTwitterProvider) +} + +var _ Provider = (*Twitter)(nil) + +// NameTwitter is the unique name of the Twitter provider. +const NameTwitter string = "twitter" + +// Twitter allows authentication via Twitter OAuth2. +type Twitter struct { + BaseProvider +} + +// NewTwitterProvider creates new Twitter provider instance with some defaults. +func NewTwitterProvider() *Twitter { + return &Twitter{BaseProvider{ + ctx: context.Background(), + displayName: "Twitter", + pkce: true, + scopes: []string{ + "users.read", + + // we don't actually use this scope, but for some reason it is required by the `/2/users/me` endpoint + // (see https://developer.twitter.com/en/docs/twitter-api/users/lookup/api-reference/get-users-me) + "tweet.read", + }, + authURL: "https://twitter.com/i/oauth2/authorize", + tokenURL: "https://api.twitter.com/2/oauth2/token", + userInfoURL: "https://api.twitter.com/2/users/me?user.fields=id,name,username,profile_image_url", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Twitter's user api. +// +// API reference: https://developer.twitter.com/en/docs/twitter-api/users/lookup/api-reference/get-users-me +func (p *Twitter) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data struct { + Id string `json:"id"` + Name string `json:"name"` + Username string `json:"username"` + ProfileImageURL string `json:"profile_image_url"` + + // NB! At the time of writing, Twitter OAuth2 doesn't support returning the user email address + // (see https://twittercommunity.com/t/which-api-to-get-user-after-oauth2-authorization/162417/33) + // Email string `json:"email"` + } `json:"data"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Data.Id, + Name: extracted.Data.Name, + Username: extracted.Data.Username, + AvatarURL: extracted.Data.ProfileImageURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/vk.go b/tools/auth/vk.go new file mode 100644 index 0000000..acba3f5 --- /dev/null +++ b/tools/auth/vk.go @@ -0,0 +1,94 @@ +package auth + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "strconv" + "strings" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/vk" +) + +func init() { + Providers[NameVK] = wrapFactory(NewVKProvider) +} + +var _ Provider = (*VK)(nil) + +// NameVK is the unique name of the VK provider. +const NameVK string = "vk" + +// VK allows authentication via VK OAuth2. +type VK struct { + BaseProvider +} + +// NewVKProvider creates new VK provider instance with some defaults. +// +// Docs: https://dev.vk.com/api/oauth-parameters +func NewVKProvider() *VK { + return &VK{BaseProvider{ + ctx: context.Background(), + displayName: "ВКонтакте", + pkce: false, // VK currently doesn't support PKCE and throws an error if PKCE params are send + scopes: []string{"email"}, + authURL: vk.Endpoint.AuthURL, + tokenURL: vk.Endpoint.TokenURL, + userInfoURL: "https://api.vk.com/method/users.get?fields=photo_max,screen_name&v=5.131", + }} +} + +// FetchAuthUser returns an AuthUser instance based on VK's user api. +// +// API reference: https://dev.vk.com/method/users.get +func (p *VK) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Response []struct { + Id int64 `json:"id"` + FirstName string `json:"first_name"` + LastName string `json:"last_name"` + Username string `json:"screen_name"` + AvatarURL string `json:"photo_max"` + } `json:"response"` + }{} + + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + if len(extracted.Response) == 0 { + return nil, errors.New("missing response entry") + } + + user := &AuthUser{ + Id: strconv.FormatInt(extracted.Response[0].Id, 10), + Name: strings.TrimSpace(extracted.Response[0].FirstName + " " + extracted.Response[0].LastName), + Username: extracted.Response[0].Username, + AvatarURL: extracted.Response[0].AvatarURL, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if email := token.Extra("email"); email != nil { + user.Email = fmt.Sprint(email) + } + + return user, nil +} diff --git a/tools/auth/wakatime.go b/tools/auth/wakatime.go new file mode 100644 index 0000000..a69ead9 --- /dev/null +++ b/tools/auth/wakatime.go @@ -0,0 +1,90 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" +) + +func init() { + Providers[NameWakatime] = wrapFactory(NewWakatimeProvider) +} + +var _ Provider = (*Wakatime)(nil) + +// NameWakatime is the unique name of the Wakatime provider. +const NameWakatime = "wakatime" + +// Wakatime is an auth provider for Wakatime. +type Wakatime struct { + BaseProvider +} + +// NewWakatimeProvider creates a new Wakatime provider instance with some defaults. +func NewWakatimeProvider() *Wakatime { + return &Wakatime{BaseProvider{ + ctx: context.Background(), + displayName: "WakaTime", + pkce: true, + scopes: []string{"email"}, + authURL: "https://wakatime.com/oauth/authorize", + tokenURL: "https://wakatime.com/oauth/token", + userInfoURL: "https://wakatime.com/api/v1/users/current", + }} +} + +// FetchAuthUser returns an AuthUser instance based on the Wakatime's user API. +// +// API reference: https://wakatime.com/developers#users +func (p *Wakatime) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Data struct { + Id string `json:"id"` + DisplayName string `json:"display_name"` + Username string `json:"username"` + Email string `json:"email"` + Photo string `json:"photo"` + IsPhotoPublic bool `json:"photo_public"` + IsEmailConfirmed bool `json:"is_email_confirmed"` + } `json:"data"` + }{} + + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Data.Id, + Name: extracted.Data.DisplayName, + Username: extracted.Data.Username, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + // note: we don't check for is_email_public field because PocketBase + // has its own emailVisibility flag which is false by default + if extracted.Data.IsEmailConfirmed { + user.Email = extracted.Data.Email + } + + if extracted.Data.IsPhotoPublic { + user.AvatarURL = extracted.Data.Photo + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + return user, nil +} diff --git a/tools/auth/yandex.go b/tools/auth/yandex.go new file mode 100644 index 0000000..d4af1fa --- /dev/null +++ b/tools/auth/yandex.go @@ -0,0 +1,84 @@ +package auth + +import ( + "context" + "encoding/json" + + "github.com/pocketbase/pocketbase/tools/types" + "golang.org/x/oauth2" + "golang.org/x/oauth2/yandex" +) + +func init() { + Providers[NameYandex] = wrapFactory(NewYandexProvider) +} + +var _ Provider = (*Yandex)(nil) + +// NameYandex is the unique name of the Yandex provider. +const NameYandex string = "yandex" + +// Yandex allows authentication via Yandex OAuth2. +type Yandex struct { + BaseProvider +} + +// NewYandexProvider creates new Yandex provider instance with some defaults. +// +// Docs: https://yandex.ru/dev/id/doc/en/ +func NewYandexProvider() *Yandex { + return &Yandex{BaseProvider{ + ctx: context.Background(), + displayName: "Yandex", + pkce: true, + scopes: []string{"login:email", "login:avatar", "login:info"}, + authURL: yandex.Endpoint.AuthURL, + tokenURL: yandex.Endpoint.TokenURL, + userInfoURL: "https://login.yandex.ru/info", + }} +} + +// FetchAuthUser returns an AuthUser instance based on Yandex's user api. +// +// API reference: https://yandex.ru/dev/id/doc/en/user-information#response-format +func (p *Yandex) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) { + data, err := p.FetchRawUserInfo(token) + if err != nil { + return nil, err + } + + rawUser := map[string]any{} + if err := json.Unmarshal(data, &rawUser); err != nil { + return nil, err + } + + extracted := struct { + Id string `json:"id"` + Name string `json:"real_name"` + Username string `json:"login"` + Email string `json:"default_email"` + IsAvatarEmpty bool `json:"is_avatar_empty"` + AvatarId string `json:"default_avatar_id"` + }{} + if err := json.Unmarshal(data, &extracted); err != nil { + return nil, err + } + + user := &AuthUser{ + Id: extracted.Id, + Name: extracted.Name, + Username: extracted.Username, + Email: extracted.Email, + RawUser: rawUser, + AccessToken: token.AccessToken, + RefreshToken: token.RefreshToken, + } + + user.Expiry, _ = types.ParseDateTime(token.Expiry) + + if !extracted.IsAvatarEmpty { + user.AvatarURL = "https://avatars.yandex.net/get-yapic/" + extracted.AvatarId + "/islands-200" + } + + return user, nil +} diff --git a/tools/cron/cron.go b/tools/cron/cron.go new file mode 100644 index 0000000..66dd07c --- /dev/null +++ b/tools/cron/cron.go @@ -0,0 +1,228 @@ +// Package cron implements a crontab-like service to execute and schedule +// repeative tasks/jobs. +// +// Example: +// +// c := cron.New() +// c.MustAdd("dailyReport", "0 0 * * *", func() { ... }) +// c.Start() +package cron + +import ( + "errors" + "fmt" + "slices" + "sync" + "time" +) + +// Cron is a crontab-like struct for tasks/jobs scheduling. +type Cron struct { + timezone *time.Location + ticker *time.Ticker + startTimer *time.Timer + tickerDone chan bool + jobs []*Job + interval time.Duration + mux sync.RWMutex +} + +// New create a new Cron struct with default tick interval of 1 minute +// and timezone in UTC. +// +// You can change the default tick interval with Cron.SetInterval(). +// You can change the default timezone with Cron.SetTimezone(). +func New() *Cron { + return &Cron{ + interval: 1 * time.Minute, + timezone: time.UTC, + jobs: []*Job{}, + tickerDone: make(chan bool), + } +} + +// SetInterval changes the current cron tick interval +// (it usually should be >= 1 minute). +func (c *Cron) SetInterval(d time.Duration) { + // update interval + c.mux.Lock() + wasStarted := c.ticker != nil + c.interval = d + c.mux.Unlock() + + // restart the ticker + if wasStarted { + c.Start() + } +} + +// SetTimezone changes the current cron tick timezone. +func (c *Cron) SetTimezone(l *time.Location) { + c.mux.Lock() + defer c.mux.Unlock() + + c.timezone = l +} + +// MustAdd is similar to Add() but panic on failure. +func (c *Cron) MustAdd(jobId string, cronExpr string, run func()) { + if err := c.Add(jobId, cronExpr, run); err != nil { + panic(err) + } +} + +// Add registers a single cron job. +// +// If there is already a job with the provided id, then the old job +// will be replaced with the new one. +// +// cronExpr is a regular cron expression, eg. "0 */3 * * *" (aka. at minute 0 past every 3rd hour). +// Check cron.NewSchedule() for the supported tokens. +func (c *Cron) Add(jobId string, cronExpr string, fn func()) error { + if fn == nil { + return errors.New("failed to add new cron job: fn must be non-nil function") + } + + schedule, err := NewSchedule(cronExpr) + if err != nil { + return fmt.Errorf("failed to add new cron job: %w", err) + } + + c.mux.Lock() + defer c.mux.Unlock() + + // remove previous (if any) + c.jobs = slices.DeleteFunc(c.jobs, func(j *Job) bool { + return j.Id() == jobId + }) + + // add new + c.jobs = append(c.jobs, &Job{ + id: jobId, + fn: fn, + schedule: schedule, + }) + + return nil +} + +// Remove removes a single cron job by its id. +func (c *Cron) Remove(jobId string) { + c.mux.Lock() + defer c.mux.Unlock() + + if c.jobs == nil { + return // nothing to remove + } + + c.jobs = slices.DeleteFunc(c.jobs, func(j *Job) bool { + return j.Id() == jobId + }) +} + +// RemoveAll removes all registered cron jobs. +func (c *Cron) RemoveAll() { + c.mux.Lock() + defer c.mux.Unlock() + + c.jobs = []*Job{} +} + +// Total returns the current total number of registered cron jobs. +func (c *Cron) Total() int { + c.mux.RLock() + defer c.mux.RUnlock() + + return len(c.jobs) +} + +// Jobs returns a shallow copy of the currently registered cron jobs. +func (c *Cron) Jobs() []*Job { + c.mux.RLock() + defer c.mux.RUnlock() + + copy := make([]*Job, len(c.jobs)) + for i, j := range c.jobs { + copy[i] = j + } + + return copy +} + +// Stop stops the current cron ticker (if not already). +// +// You can resume the ticker by calling Start(). +func (c *Cron) Stop() { + c.mux.Lock() + defer c.mux.Unlock() + + if c.startTimer != nil { + c.startTimer.Stop() + c.startTimer = nil + } + + if c.ticker == nil { + return // already stopped + } + + c.tickerDone <- true + c.ticker.Stop() + c.ticker = nil +} + +// Start starts the cron ticker. +// +// Calling Start() on already started cron will restart the ticker. +func (c *Cron) Start() { + c.Stop() + + // delay the ticker to start at 00 of 1 c.interval duration + now := time.Now() + next := now.Add(c.interval).Truncate(c.interval) + delay := next.Sub(now) + + c.mux.Lock() + c.startTimer = time.AfterFunc(delay, func() { + c.mux.Lock() + c.ticker = time.NewTicker(c.interval) + c.mux.Unlock() + + // run immediately at 00 + c.runDue(time.Now()) + + // run after each tick + go func() { + for { + select { + case <-c.tickerDone: + return + case t := <-c.ticker.C: + c.runDue(t) + } + } + }() + }) + c.mux.Unlock() +} + +// HasStarted checks whether the current Cron ticker has been started. +func (c *Cron) HasStarted() bool { + c.mux.RLock() + defer c.mux.RUnlock() + + return c.ticker != nil +} + +// runDue runs all registered jobs that are scheduled for the provided time. +func (c *Cron) runDue(t time.Time) { + c.mux.RLock() + defer c.mux.RUnlock() + + moment := NewMoment(t.In(c.timezone)) + + for _, j := range c.jobs { + if j.schedule.IsDue(moment) { + go j.Run() + } + } +} diff --git a/tools/cron/cron_test.go b/tools/cron/cron_test.go new file mode 100644 index 0000000..6ed73cb --- /dev/null +++ b/tools/cron/cron_test.go @@ -0,0 +1,305 @@ +package cron + +import ( + "encoding/json" + "slices" + "testing" + "time" +) + +func TestCronNew(t *testing.T) { + t.Parallel() + + c := New() + + expectedInterval := 1 * time.Minute + if c.interval != expectedInterval { + t.Fatalf("Expected default interval %v, got %v", expectedInterval, c.interval) + } + + expectedTimezone := time.UTC + if c.timezone.String() != expectedTimezone.String() { + t.Fatalf("Expected default timezone %v, got %v", expectedTimezone, c.timezone) + } + + if len(c.jobs) != 0 { + t.Fatalf("Expected no jobs by default, got \n%v", c.jobs) + } + + if c.ticker != nil { + t.Fatal("Expected the ticker NOT to be initialized") + } +} + +func TestCronSetInterval(t *testing.T) { + t.Parallel() + + c := New() + + interval := 2 * time.Minute + + c.SetInterval(interval) + + if c.interval != interval { + t.Fatalf("Expected interval %v, got %v", interval, c.interval) + } +} + +func TestCronSetTimezone(t *testing.T) { + t.Parallel() + + c := New() + + timezone, _ := time.LoadLocation("Asia/Tokyo") + + c.SetTimezone(timezone) + + if c.timezone.String() != timezone.String() { + t.Fatalf("Expected timezone %v, got %v", timezone, c.timezone) + } +} + +func TestCronAddAndRemove(t *testing.T) { + t.Parallel() + + c := New() + + if err := c.Add("test0", "* * * * *", nil); err == nil { + t.Fatal("Expected nil function error") + } + + if err := c.Add("test1", "invalid", func() {}); err == nil { + t.Fatal("Expected invalid cron expression error") + } + + if err := c.Add("test2", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if err := c.Add("test3", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if err := c.Add("test4", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + // overwrite test2 + if err := c.Add("test2", "1 2 3 4 5", func() {}); err != nil { + t.Fatal(err) + } + + if err := c.Add("test5", "1 2 3 4 5", func() {}); err != nil { + t.Fatal(err) + } + + // mock job deletion + c.Remove("test4") + + // try to remove non-existing (should be no-op) + c.Remove("missing") + + indexedJobs := make(map[string]*Job, len(c.jobs)) + for _, j := range c.jobs { + indexedJobs[j.Id()] = j + } + + // check job keys + { + expectedKeys := []string{"test3", "test2", "test5"} + + if v := len(c.jobs); v != len(expectedKeys) { + t.Fatalf("Expected %d jobs, got %d", len(expectedKeys), v) + } + + for _, k := range expectedKeys { + if indexedJobs[k] == nil { + t.Fatalf("Expected job with key %s, got nil", k) + } + } + } + + // check the jobs schedule + { + expectedSchedules := map[string]string{ + "test2": `{"minutes":{"1":{}},"hours":{"2":{}},"days":{"3":{}},"months":{"4":{}},"daysOfWeek":{"5":{}}}`, + "test3": `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + "test5": `{"minutes":{"1":{}},"hours":{"2":{}},"days":{"3":{}},"months":{"4":{}},"daysOfWeek":{"5":{}}}`, + } + for k, v := range expectedSchedules { + raw, err := json.Marshal(indexedJobs[k].schedule) + if err != nil { + t.Fatal(err) + } + + if string(raw) != v { + t.Fatalf("Expected %q schedule \n%s, \ngot \n%s", k, v, raw) + } + } + } +} + +func TestCronMustAdd(t *testing.T) { + t.Parallel() + + c := New() + + defer func() { + if r := recover(); r == nil { + t.Errorf("test1 didn't panic") + } + }() + + c.MustAdd("test1", "* * * * *", nil) + + c.MustAdd("test2", "* * * * *", func() {}) + + if !slices.ContainsFunc(c.jobs, func(j *Job) bool { return j.Id() == "test2" }) { + t.Fatal("Couldn't find job test2") + } +} + +func TestCronRemoveAll(t *testing.T) { + t.Parallel() + + c := New() + + if err := c.Add("test1", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if err := c.Add("test2", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if err := c.Add("test3", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if v := len(c.jobs); v != 3 { + t.Fatalf("Expected %d jobs, got %d", 3, v) + } + + c.RemoveAll() + + if v := len(c.jobs); v != 0 { + t.Fatalf("Expected %d jobs, got %d", 0, v) + } +} + +func TestCronTotal(t *testing.T) { + t.Parallel() + + c := New() + + if v := c.Total(); v != 0 { + t.Fatalf("Expected 0 jobs, got %v", v) + } + + if err := c.Add("test1", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if err := c.Add("test2", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + // overwrite + if err := c.Add("test1", "* * * * *", func() {}); err != nil { + t.Fatal(err) + } + + if v := c.Total(); v != 2 { + t.Fatalf("Expected 2 jobs, got %v", v) + } +} + +func TestCronJobs(t *testing.T) { + t.Parallel() + + c := New() + + calls := "" + + if err := c.Add("a", "1 * * * *", func() { calls += "a" }); err != nil { + t.Fatal(err) + } + + if err := c.Add("b", "2 * * * *", func() { calls += "b" }); err != nil { + t.Fatal(err) + } + + // overwrite + if err := c.Add("b", "3 * * * *", func() { calls += "b" }); err != nil { + t.Fatal(err) + } + + jobs := c.Jobs() + + if len(jobs) != 2 { + t.Fatalf("Expected 2 jobs, got %v", len(jobs)) + } + + for _, j := range jobs { + j.Run() + } + + expectedCalls := "ab" + if calls != expectedCalls { + t.Fatalf("Expected %q calls, got %q", expectedCalls, calls) + } +} + +func TestCronStartStop(t *testing.T) { + t.Parallel() + + test1 := 0 + test2 := 0 + + c := New() + + c.SetInterval(500 * time.Millisecond) + + c.Add("test1", "* * * * *", func() { + test1++ + }) + + c.Add("test2", "* * * * *", func() { + test2++ + }) + + expectedCalls := 2 + + // call twice Start to check if the previous ticker will be reseted + c.Start() + c.Start() + + time.Sleep(1 * time.Second) + + // call twice Stop to ensure that the second stop is no-op + c.Stop() + c.Stop() + + if test1 != expectedCalls { + t.Fatalf("Expected %d test1, got %d", expectedCalls, test1) + } + if test2 != expectedCalls { + t.Fatalf("Expected %d test2, got %d", expectedCalls, test2) + } + + // resume for 2 seconds + c.Start() + + time.Sleep(2 * time.Second) + + c.Stop() + + expectedCalls += 4 + + if test1 != expectedCalls { + t.Fatalf("Expected %d test1, got %d", expectedCalls, test1) + } + if test2 != expectedCalls { + t.Fatalf("Expected %d test2, got %d", expectedCalls, test2) + } +} diff --git a/tools/cron/job.go b/tools/cron/job.go new file mode 100644 index 0000000..8fcabd9 --- /dev/null +++ b/tools/cron/job.go @@ -0,0 +1,41 @@ +package cron + +import "encoding/json" + +// Job defines a single registered cron job. +type Job struct { + fn func() + schedule *Schedule + id string +} + +// Id returns the cron job id. +func (j *Job) Id() string { + return j.id +} + +// Expression returns the plain cron job schedule expression. +func (j *Job) Expression() string { + return j.schedule.rawExpr +} + +// Run runs the cron job function. +func (j *Job) Run() { + if j.fn != nil { + j.fn() + } +} + +// MarshalJSON implements [json.Marshaler] and export the current +// jobs data into valid JSON. +func (j Job) MarshalJSON() ([]byte, error) { + plain := struct { + Id string `json:"id"` + Expression string `json:"expression"` + }{ + Id: j.Id(), + Expression: j.Expression(), + } + + return json.Marshal(plain) +} diff --git a/tools/cron/job_test.go b/tools/cron/job_test.go new file mode 100644 index 0000000..9ce2e8e --- /dev/null +++ b/tools/cron/job_test.go @@ -0,0 +1,71 @@ +package cron + +import ( + "encoding/json" + "testing" +) + +func TestJobId(t *testing.T) { + expected := "test" + + j := Job{id: expected} + + if j.Id() != expected { + t.Fatalf("Expected job with id %q, got %q", expected, j.Id()) + } +} + +func TestJobExpr(t *testing.T) { + expected := "1 2 3 4 5" + + s, err := NewSchedule(expected) + if err != nil { + t.Fatal(err) + } + + j := Job{schedule: s} + + if j.Expression() != expected { + t.Fatalf("Expected job with cron expression %q, got %q", expected, j.Expression()) + } +} + +func TestJobRun(t *testing.T) { + defer func() { + if r := recover(); r != nil { + t.Errorf("Shouldn't panic: %v", r) + } + }() + + calls := "" + + j1 := Job{} + j2 := Job{fn: func() { calls += "2" }} + + j1.Run() + j2.Run() + + expected := "2" + if calls != expected { + t.Fatalf("Expected calls %q, got %q", expected, calls) + } +} + +func TestJobMarshalJSON(t *testing.T) { + s, err := NewSchedule("1 2 3 4 5") + if err != nil { + t.Fatal(err) + } + + j := Job{id: "test_id", schedule: s} + + raw, err := json.Marshal(j) + if err != nil { + t.Fatal(err) + } + + expected := `{"id":"test_id","expression":"1 2 3 4 5"}` + if str := string(raw); str != expected { + t.Fatalf("Expected\n%s\ngot\n%s", expected, str) + } +} diff --git a/tools/cron/schedule.go b/tools/cron/schedule.go new file mode 100644 index 0000000..d019916 --- /dev/null +++ b/tools/cron/schedule.go @@ -0,0 +1,218 @@ +package cron + +import ( + "errors" + "fmt" + "strconv" + "strings" + "time" +) + +// Moment represents a parsed single time moment. +type Moment struct { + Minute int `json:"minute"` + Hour int `json:"hour"` + Day int `json:"day"` + Month int `json:"month"` + DayOfWeek int `json:"dayOfWeek"` +} + +// NewMoment creates a new Moment from the specified time. +func NewMoment(t time.Time) *Moment { + return &Moment{ + Minute: t.Minute(), + Hour: t.Hour(), + Day: t.Day(), + Month: int(t.Month()), + DayOfWeek: int(t.Weekday()), + } +} + +// Schedule stores parsed information for each time component when a cron job should run. +type Schedule struct { + Minutes map[int]struct{} `json:"minutes"` + Hours map[int]struct{} `json:"hours"` + Days map[int]struct{} `json:"days"` + Months map[int]struct{} `json:"months"` + DaysOfWeek map[int]struct{} `json:"daysOfWeek"` + + rawExpr string +} + +// IsDue checks whether the provided Moment satisfies the current Schedule. +func (s *Schedule) IsDue(m *Moment) bool { + if _, ok := s.Minutes[m.Minute]; !ok { + return false + } + + if _, ok := s.Hours[m.Hour]; !ok { + return false + } + + if _, ok := s.Days[m.Day]; !ok { + return false + } + + if _, ok := s.DaysOfWeek[m.DayOfWeek]; !ok { + return false + } + + if _, ok := s.Months[m.Month]; !ok { + return false + } + + return true +} + +var macros = map[string]string{ + "@yearly": "0 0 1 1 *", + "@annually": "0 0 1 1 *", + "@monthly": "0 0 1 * *", + "@weekly": "0 0 * * 0", + "@daily": "0 0 * * *", + "@midnight": "0 0 * * *", + "@hourly": "0 * * * *", +} + +// NewSchedule creates a new Schedule from a cron expression. +// +// A cron expression could be a macro OR 5 segments separated by space, +// representing: minute, hour, day of the month, month and day of the week. +// +// The following segment formats are supported: +// - wildcard: * +// - range: 1-30 +// - step: */n or 1-30/n +// - list: 1,2,3,10-20/n +// +// The following macros are supported: +// - @yearly (or @annually) +// - @monthly +// - @weekly +// - @daily (or @midnight) +// - @hourly +func NewSchedule(cronExpr string) (*Schedule, error) { + if v, ok := macros[cronExpr]; ok { + cronExpr = v + } + + segments := strings.Split(cronExpr, " ") + if len(segments) != 5 { + return nil, errors.New("invalid cron expression - must be a valid macro or to have exactly 5 space separated segments") + } + + minutes, err := parseCronSegment(segments[0], 0, 59) + if err != nil { + return nil, err + } + + hours, err := parseCronSegment(segments[1], 0, 23) + if err != nil { + return nil, err + } + + days, err := parseCronSegment(segments[2], 1, 31) + if err != nil { + return nil, err + } + + months, err := parseCronSegment(segments[3], 1, 12) + if err != nil { + return nil, err + } + + daysOfWeek, err := parseCronSegment(segments[4], 0, 6) + if err != nil { + return nil, err + } + + return &Schedule{ + Minutes: minutes, + Hours: hours, + Days: days, + Months: months, + DaysOfWeek: daysOfWeek, + rawExpr: cronExpr, + }, nil +} + +// parseCronSegment parses a single cron expression segment and +// returns its time schedule slots. +func parseCronSegment(segment string, min int, max int) (map[int]struct{}, error) { + slots := map[int]struct{}{} + + list := strings.Split(segment, ",") + for _, p := range list { + stepParts := strings.Split(p, "/") + + // step (*/n, 1-30/n) + var step int + switch len(stepParts) { + case 1: + step = 1 + case 2: + parsedStep, err := strconv.Atoi(stepParts[1]) + if err != nil { + return nil, err + } + if parsedStep < 1 || parsedStep > max { + return nil, fmt.Errorf("invalid segment step boundary - the step must be between 1 and the %d", max) + } + step = parsedStep + default: + return nil, errors.New("invalid segment step format - must be in the format */n or 1-30/n") + } + + // find the min and max range of the segment part + var rangeMin, rangeMax int + if stepParts[0] == "*" { + rangeMin = min + rangeMax = max + } else { + // single digit (1) or range (1-30) + rangeParts := strings.Split(stepParts[0], "-") + switch len(rangeParts) { + case 1: + if step != 1 { + return nil, errors.New("invalid segement step - step > 1 could be used only with the wildcard or range format") + } + parsed, err := strconv.Atoi(rangeParts[0]) + if err != nil { + return nil, err + } + if parsed < min || parsed > max { + return nil, errors.New("invalid segment value - must be between the min and max of the segment") + } + rangeMin = parsed + rangeMax = rangeMin + case 2: + parsedMin, err := strconv.Atoi(rangeParts[0]) + if err != nil { + return nil, err + } + if parsedMin < min || parsedMin > max { + return nil, fmt.Errorf("invalid segment range minimum - must be between %d and %d", min, max) + } + rangeMin = parsedMin + + parsedMax, err := strconv.Atoi(rangeParts[1]) + if err != nil { + return nil, err + } + if parsedMax < parsedMin || parsedMax > max { + return nil, fmt.Errorf("invalid segment range maximum - must be between %d and %d", rangeMin, max) + } + rangeMax = parsedMax + default: + return nil, errors.New("invalid segment range format - the range must have 1 or 2 parts") + } + } + + // fill the slots + for i := rangeMin; i <= rangeMax; i += step { + slots[i] = struct{}{} + } + } + + return slots, nil +} diff --git a/tools/cron/schedule_test.go b/tools/cron/schedule_test.go new file mode 100644 index 0000000..edc38e1 --- /dev/null +++ b/tools/cron/schedule_test.go @@ -0,0 +1,409 @@ +package cron_test + +import ( + "encoding/json" + "fmt" + "testing" + "time" + + "github.com/pocketbase/pocketbase/tools/cron" +) + +func TestNewMoment(t *testing.T) { + t.Parallel() + + date, err := time.Parse("2006-01-02 15:04", "2023-05-09 15:20") + if err != nil { + t.Fatal(err) + } + + m := cron.NewMoment(date) + + if m.Minute != 20 { + t.Fatalf("Expected m.Minute %d, got %d", 20, m.Minute) + } + + if m.Hour != 15 { + t.Fatalf("Expected m.Hour %d, got %d", 15, m.Hour) + } + + if m.Day != 9 { + t.Fatalf("Expected m.Day %d, got %d", 9, m.Day) + } + + if m.Month != 5 { + t.Fatalf("Expected m.Month %d, got %d", 5, m.Month) + } + + if m.DayOfWeek != 2 { + t.Fatalf("Expected m.DayOfWeek %d, got %d", 2, m.DayOfWeek) + } +} + +func TestNewSchedule(t *testing.T) { + t.Parallel() + + scenarios := []struct { + cronExpr string + expectError bool + expectSchedule string + }{ + { + "invalid", + true, + "", + }, + { + "* * * *", + true, + "", + }, + { + "* * * * * *", + true, + "", + }, + { + "2/3 * * * *", + true, + "", + }, + { + "* * * * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "*/2 */3 */5 */4 */2", + false, + `{"minutes":{"0":{},"10":{},"12":{},"14":{},"16":{},"18":{},"2":{},"20":{},"22":{},"24":{},"26":{},"28":{},"30":{},"32":{},"34":{},"36":{},"38":{},"4":{},"40":{},"42":{},"44":{},"46":{},"48":{},"50":{},"52":{},"54":{},"56":{},"58":{},"6":{},"8":{}},"hours":{"0":{},"12":{},"15":{},"18":{},"21":{},"3":{},"6":{},"9":{}},"days":{"1":{},"11":{},"16":{},"21":{},"26":{},"31":{},"6":{}},"months":{"1":{},"5":{},"9":{}},"daysOfWeek":{"0":{},"2":{},"4":{},"6":{}}}`, + }, + + // minute segment + { + "-1 * * * *", + true, + "", + }, + { + "60 * * * *", + true, + "", + }, + { + "0 * * * *", + false, + `{"minutes":{"0":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "59 * * * *", + false, + `{"minutes":{"59":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "1,2,5,7,40-50/2 * * * *", + false, + `{"minutes":{"1":{},"2":{},"40":{},"42":{},"44":{},"46":{},"48":{},"5":{},"50":{},"7":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + + // hour segment + { + "* -1 * * *", + true, + "", + }, + { + "* 24 * * *", + true, + "", + }, + { + "* 0 * * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "* 23 * * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"23":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "* 3,4,8-16/3,7 * * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"11":{},"14":{},"3":{},"4":{},"7":{},"8":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + + // day segment + { + "* * 0 * *", + true, + "", + }, + { + "* * 32 * *", + true, + "", + }, + { + "* * 1 * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "* * 31 * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"31":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "* * 5,6,20-30/3,1 * *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"20":{},"23":{},"26":{},"29":{},"5":{},"6":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + + // month segment + { + "* * * 0 *", + true, + "", + }, + { + "* * * 13 *", + true, + "", + }, + { + "* * * 1 *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "* * * 12 *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"12":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "* * * 1,4,5-10/2 *", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"4":{},"5":{},"7":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + + // day of week segment + { + "* * * * -1", + true, + "", + }, + { + "* * * * 7", + true, + "", + }, + { + "* * * * 0", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{}}}`, + }, + { + "* * * * 6", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"6":{}}}`, + }, + { + "* * * * 1,2-5/2", + false, + `{"minutes":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"32":{},"33":{},"34":{},"35":{},"36":{},"37":{},"38":{},"39":{},"4":{},"40":{},"41":{},"42":{},"43":{},"44":{},"45":{},"46":{},"47":{},"48":{},"49":{},"5":{},"50":{},"51":{},"52":{},"53":{},"54":{},"55":{},"56":{},"57":{},"58":{},"59":{},"6":{},"7":{},"8":{},"9":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"1":{},"2":{},"4":{}}}`, + }, + + // macros + { + "@yearly", + false, + `{"minutes":{"0":{}},"hours":{"0":{}},"days":{"1":{}},"months":{"1":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "@annually", + false, + `{"minutes":{"0":{}},"hours":{"0":{}},"days":{"1":{}},"months":{"1":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "@monthly", + false, + `{"minutes":{"0":{}},"hours":{"0":{}},"days":{"1":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "@weekly", + false, + `{"minutes":{"0":{}},"hours":{"0":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{}}}`, + }, + { + "@daily", + false, + `{"minutes":{"0":{}},"hours":{"0":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "@midnight", + false, + `{"minutes":{"0":{}},"hours":{"0":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + { + "@hourly", + false, + `{"minutes":{"0":{}},"hours":{"0":{},"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"days":{"1":{},"10":{},"11":{},"12":{},"13":{},"14":{},"15":{},"16":{},"17":{},"18":{},"19":{},"2":{},"20":{},"21":{},"22":{},"23":{},"24":{},"25":{},"26":{},"27":{},"28":{},"29":{},"3":{},"30":{},"31":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"months":{"1":{},"10":{},"11":{},"12":{},"2":{},"3":{},"4":{},"5":{},"6":{},"7":{},"8":{},"9":{}},"daysOfWeek":{"0":{},"1":{},"2":{},"3":{},"4":{},"5":{},"6":{}}}`, + }, + } + + for _, s := range scenarios { + t.Run(s.cronExpr, func(t *testing.T) { + schedule, err := cron.NewSchedule(s.cronExpr) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + encoded, err := json.Marshal(schedule) + if err != nil { + t.Fatalf("Failed to marshalize the result schedule: %v", err) + } + encodedStr := string(encoded) + + if encodedStr != s.expectSchedule { + t.Fatalf("Expected \n%s, \ngot \n%s", s.expectSchedule, encodedStr) + } + }) + } +} + +func TestScheduleIsDue(t *testing.T) { + t.Parallel() + + scenarios := []struct { + cronExpr string + moment *cron.Moment + expected bool + }{ + { + "* * * * *", + &cron.Moment{}, + false, + }, + { + "* * * * *", + &cron.Moment{ + Minute: 1, + Hour: 1, + Day: 1, + Month: 1, + DayOfWeek: 1, + }, + true, + }, + { + "5 * * * *", + &cron.Moment{ + Minute: 1, + Hour: 1, + Day: 1, + Month: 1, + DayOfWeek: 1, + }, + false, + }, + { + "5 * * * *", + &cron.Moment{ + Minute: 5, + Hour: 1, + Day: 1, + Month: 1, + DayOfWeek: 1, + }, + true, + }, + { + "* 2-6 * * 2,3", + &cron.Moment{ + Minute: 1, + Hour: 2, + Day: 1, + Month: 1, + DayOfWeek: 1, + }, + false, + }, + { + "* 2-6 * * 2,3", + &cron.Moment{ + Minute: 1, + Hour: 2, + Day: 1, + Month: 1, + DayOfWeek: 3, + }, + true, + }, + { + "* * 1,2,5,15-18 * *", + &cron.Moment{ + Minute: 1, + Hour: 1, + Day: 6, + Month: 1, + DayOfWeek: 1, + }, + false, + }, + { + "* * 1,2,5,15-18/2 * *", + &cron.Moment{ + Minute: 1, + Hour: 1, + Day: 2, + Month: 1, + DayOfWeek: 1, + }, + true, + }, + { + "* * 1,2,5,15-18/2 * *", + &cron.Moment{ + Minute: 1, + Hour: 1, + Day: 18, + Month: 1, + DayOfWeek: 1, + }, + false, + }, + { + "* * 1,2,5,15-18/2 * *", + &cron.Moment{ + Minute: 1, + Hour: 1, + Day: 17, + Month: 1, + DayOfWeek: 1, + }, + true, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d-%s", i, s.cronExpr), func(t *testing.T) { + schedule, err := cron.NewSchedule(s.cronExpr) + if err != nil { + t.Fatalf("Unexpected cron error: %v", err) + } + + result := schedule.IsDue(s.moment) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} diff --git a/tools/dbutils/index.go b/tools/dbutils/index.go new file mode 100644 index 0000000..d71098f --- /dev/null +++ b/tools/dbutils/index.go @@ -0,0 +1,217 @@ +package dbutils + +import ( + "regexp" + "strings" + + "github.com/pocketbase/pocketbase/tools/tokenizer" +) + +var ( + indexRegex = regexp.MustCompile(`(?im)create\s+(unique\s+)?\s*index\s*(if\s+not\s+exists\s+)?(\S*)\s+on\s+(\S*)\s*\(([\s\S]*)\)(?:\s*where\s+([\s\S]*))?`) + indexColumnRegex = regexp.MustCompile(`(?im)^([\s\S]+?)(?:\s+collate\s+([\w]+))?(?:\s+(asc|desc))?$`) +) + +// IndexColumn represents a single parsed SQL index column. +type IndexColumn struct { + Name string `json:"name"` // identifier or expression + Collate string `json:"collate"` + Sort string `json:"sort"` +} + +// Index represents a single parsed SQL CREATE INDEX expression. +type Index struct { + SchemaName string `json:"schemaName"` + IndexName string `json:"indexName"` + TableName string `json:"tableName"` + Where string `json:"where"` + Columns []IndexColumn `json:"columns"` + Unique bool `json:"unique"` + Optional bool `json:"optional"` +} + +// IsValid checks if the current Index contains the minimum required fields to be considered valid. +func (idx Index) IsValid() bool { + return idx.IndexName != "" && idx.TableName != "" && len(idx.Columns) > 0 +} + +// Build returns a "CREATE INDEX" SQL string from the current index parts. +// +// Returns empty string if idx.IsValid() is false. +func (idx Index) Build() string { + if !idx.IsValid() { + return "" + } + + var str strings.Builder + + str.WriteString("CREATE ") + + if idx.Unique { + str.WriteString("UNIQUE ") + } + + str.WriteString("INDEX ") + + if idx.Optional { + str.WriteString("IF NOT EXISTS ") + } + + if idx.SchemaName != "" { + str.WriteString("`") + str.WriteString(idx.SchemaName) + str.WriteString("`.") + } + + str.WriteString("`") + str.WriteString(idx.IndexName) + str.WriteString("` ") + + str.WriteString("ON `") + str.WriteString(idx.TableName) + str.WriteString("` (") + + if len(idx.Columns) > 1 { + str.WriteString("\n ") + } + + var hasCol bool + for _, col := range idx.Columns { + trimmedColName := strings.TrimSpace(col.Name) + if trimmedColName == "" { + continue + } + + if hasCol { + str.WriteString(",\n ") + } + + if strings.Contains(col.Name, "(") || strings.Contains(col.Name, " ") { + // most likely an expression + str.WriteString(trimmedColName) + } else { + // regular identifier + str.WriteString("`") + str.WriteString(trimmedColName) + str.WriteString("`") + } + + if col.Collate != "" { + str.WriteString(" COLLATE ") + str.WriteString(col.Collate) + } + + if col.Sort != "" { + str.WriteString(" ") + str.WriteString(strings.ToUpper(col.Sort)) + } + + hasCol = true + } + + if hasCol && len(idx.Columns) > 1 { + str.WriteString("\n") + } + + str.WriteString(")") + + if idx.Where != "" { + str.WriteString(" WHERE ") + str.WriteString(idx.Where) + } + + return str.String() +} + +// ParseIndex parses the provided "CREATE INDEX" SQL string into Index struct. +func ParseIndex(createIndexExpr string) Index { + result := Index{} + + matches := indexRegex.FindStringSubmatch(createIndexExpr) + if len(matches) != 7 { + return result + } + + trimChars := "`\"'[]\r\n\t\f\v " + + // Unique + // --- + result.Unique = strings.TrimSpace(matches[1]) != "" + + // Optional (aka. "IF NOT EXISTS") + // --- + result.Optional = strings.TrimSpace(matches[2]) != "" + + // SchemaName and IndexName + // --- + nameTk := tokenizer.NewFromString(matches[3]) + nameTk.Separators('.') + + nameParts, _ := nameTk.ScanAll() + if len(nameParts) == 2 { + result.SchemaName = strings.Trim(nameParts[0], trimChars) + result.IndexName = strings.Trim(nameParts[1], trimChars) + } else { + result.IndexName = strings.Trim(nameParts[0], trimChars) + } + + // TableName + // --- + result.TableName = strings.Trim(matches[4], trimChars) + + // Columns + // --- + columnsTk := tokenizer.NewFromString(matches[5]) + columnsTk.Separators(',') + + rawColumns, _ := columnsTk.ScanAll() + + result.Columns = make([]IndexColumn, 0, len(rawColumns)) + + for _, col := range rawColumns { + colMatches := indexColumnRegex.FindStringSubmatch(col) + if len(colMatches) != 4 { + continue + } + + trimmedName := strings.Trim(colMatches[1], trimChars) + if trimmedName == "" { + continue + } + + result.Columns = append(result.Columns, IndexColumn{ + Name: trimmedName, + Collate: strings.TrimSpace(colMatches[2]), + Sort: strings.ToUpper(colMatches[3]), + }) + } + + // WHERE expression + // --- + result.Where = strings.TrimSpace(matches[6]) + + return result +} + +// FindSingleColumnUniqueIndex returns the first matching single column unique index. +func FindSingleColumnUniqueIndex(indexes []string, column string) (Index, bool) { + var index Index + + for _, idx := range indexes { + index := ParseIndex(idx) + if index.Unique && len(index.Columns) == 1 && strings.EqualFold(index.Columns[0].Name, column) { + return index, true + } + } + + return index, false +} + +// Deprecated: Use `_, ok := FindSingleColumnUniqueIndex(indexes, column)` instead. +// +// HasColumnUniqueIndex loosely checks whether the specified column has +// a single column unique index (WHERE statements are ignored). +func HasSingleColumnUniqueIndex(column string, indexes []string) bool { + _, ok := FindSingleColumnUniqueIndex(indexes, column) + return ok +} diff --git a/tools/dbutils/index_test.go b/tools/dbutils/index_test.go new file mode 100644 index 0000000..389ddcb --- /dev/null +++ b/tools/dbutils/index_test.go @@ -0,0 +1,405 @@ +package dbutils_test + +import ( + "bytes" + "encoding/json" + "fmt" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/dbutils" +) + +func TestParseIndex(t *testing.T) { + scenarios := []struct { + index string + expected dbutils.Index + }{ + // invalid + { + `invalid`, + dbutils.Index{}, + }, + // simple (multiple spaces between the table and columns list) + { + `create index indexname on tablename (col1)`, + dbutils.Index{ + IndexName: "indexname", + TableName: "tablename", + Columns: []dbutils.IndexColumn{ + {Name: "col1"}, + }, + }, + }, + // simple (no space between the table and the columns list) + { + `create index indexname on tablename(col1)`, + dbutils.Index{ + IndexName: "indexname", + TableName: "tablename", + Columns: []dbutils.IndexColumn{ + {Name: "col1"}, + }, + }, + }, + // all fields + { + `CREATE UNIQUE INDEX IF NOT EXISTS "schemaname".[indexname] on 'tablename' ( + col0, + ` + "`" + `col1` + "`" + `, + json_extract("col2", "$.a") asc, + "col3" collate NOCASE, + "col4" collate RTRIM desc + ) where test = 1`, + dbutils.Index{ + Unique: true, + Optional: true, + SchemaName: "schemaname", + IndexName: "indexname", + TableName: "tablename", + Columns: []dbutils.IndexColumn{ + {Name: "col0"}, + {Name: "col1"}, + {Name: `json_extract("col2", "$.a")`, Sort: "ASC"}, + {Name: `col3`, Collate: "NOCASE"}, + {Name: `col4`, Collate: "RTRIM", Sort: "DESC"}, + }, + Where: "test = 1", + }, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("scenario_%d", i), func(t *testing.T) { + result := dbutils.ParseIndex(s.index) + + resultRaw, err := json.Marshal(result) + if err != nil { + t.Fatalf("Faild to marshalize parse result: %v", err) + } + + expectedRaw, err := json.Marshal(s.expected) + if err != nil { + t.Fatalf("Failed to marshalize expected index: %v", err) + } + + if !bytes.Equal(resultRaw, expectedRaw) { + t.Errorf("Expected \n%s \ngot \n%s", expectedRaw, resultRaw) + } + }) + } +} + +func TestIndexIsValid(t *testing.T) { + scenarios := []struct { + name string + index dbutils.Index + expected bool + }{ + { + "empty", + dbutils.Index{}, + false, + }, + { + "no index name", + dbutils.Index{ + TableName: "table", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + }, + false, + }, + { + "no table name", + dbutils.Index{ + IndexName: "index", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + }, + false, + }, + { + "no columns", + dbutils.Index{ + IndexName: "index", + TableName: "table", + }, + false, + }, + { + "min valid", + dbutils.Index{ + IndexName: "index", + TableName: "table", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + }, + true, + }, + { + "all fields", + dbutils.Index{ + Optional: true, + Unique: true, + SchemaName: "schema", + IndexName: "index", + TableName: "table", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + Where: "test = 1 OR test = 2", + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.index.IsValid() + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestIndexBuild(t *testing.T) { + scenarios := []struct { + name string + index dbutils.Index + expected string + }{ + { + "empty", + dbutils.Index{}, + "", + }, + { + "no index name", + dbutils.Index{ + TableName: "table", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + }, + "", + }, + { + "no table name", + dbutils.Index{ + IndexName: "index", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + }, + "", + }, + { + "no columns", + dbutils.Index{ + IndexName: "index", + TableName: "table", + }, + "", + }, + { + "min valid", + dbutils.Index{ + IndexName: "index", + TableName: "table", + Columns: []dbutils.IndexColumn{{Name: "col"}}, + }, + "CREATE INDEX `index` ON `table` (`col`)", + }, + { + "all fields", + dbutils.Index{ + Optional: true, + Unique: true, + SchemaName: "schema", + IndexName: "index", + TableName: "table", + Columns: []dbutils.IndexColumn{ + {Name: "col1", Collate: "NOCASE", Sort: "asc"}, + {Name: "col2", Sort: "desc"}, + {Name: `json_extract("col3", "$.a")`, Collate: "NOCASE"}, + }, + Where: "test = 1 OR test = 2", + }, + "CREATE UNIQUE INDEX IF NOT EXISTS `schema`.`index` ON `table` (\n `col1` COLLATE NOCASE ASC,\n `col2` DESC,\n " + `json_extract("col3", "$.a")` + " COLLATE NOCASE\n) WHERE test = 1 OR test = 2", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.index.Build() + if result != s.expected { + t.Fatalf("Expected \n%v \ngot \n%v", s.expected, result) + } + }) + } +} + +func TestHasSingleColumnUniqueIndex(t *testing.T) { + scenarios := []struct { + name string + column string + indexes []string + expected bool + }{ + { + "empty indexes", + "test", + nil, + false, + }, + { + "empty column", + "", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`)", + }, + false, + }, + { + "mismatched column", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test2`)", + }, + false, + }, + { + "non unique index", + "test", + []string{ + "CREATE INDEX `index1` ON `example` (`test`)", + }, + false, + }, + { + "matching columnd and unique index", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`)", + }, + true, + }, + { + "multiple columns", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`, `test2`)", + }, + false, + }, + { + "multiple indexes", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`, `test2`)", + "CREATE UNIQUE INDEX `index2` ON `example` (`test`)", + }, + true, + }, + { + "partial unique index", + "test", + []string{ + "CREATE UNIQUE INDEX `index` ON `example` (`test`) where test != ''", + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := dbutils.HasSingleColumnUniqueIndex(s.column, s.indexes) + if result != s.expected { + t.Fatalf("Expected %v got %v", s.expected, result) + } + }) + } +} + +func TestFindSingleColumnUniqueIndex(t *testing.T) { + scenarios := []struct { + name string + column string + indexes []string + expected bool + }{ + { + "empty indexes", + "test", + nil, + false, + }, + { + "empty column", + "", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`)", + }, + false, + }, + { + "mismatched column", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test2`)", + }, + false, + }, + { + "non unique index", + "test", + []string{ + "CREATE INDEX `index1` ON `example` (`test`)", + }, + false, + }, + { + "matching columnd and unique index", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`)", + }, + true, + }, + { + "multiple columns", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`, `test2`)", + }, + false, + }, + { + "multiple indexes", + "test", + []string{ + "CREATE UNIQUE INDEX `index1` ON `example` (`test`, `test2`)", + "CREATE UNIQUE INDEX `index2` ON `example` (`test`)", + }, + true, + }, + { + "partial unique index", + "test", + []string{ + "CREATE UNIQUE INDEX `index` ON `example` (`test`) where test != ''", + }, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + index, exists := dbutils.FindSingleColumnUniqueIndex(s.indexes, s.column) + if exists != s.expected { + t.Fatalf("Expected exists %v got %v", s.expected, exists) + } + + if !exists && len(index.Columns) > 0 { + t.Fatal("Expected index.Columns to be empty") + } + + if exists && !strings.EqualFold(index.Columns[0].Name, s.column) { + t.Fatalf("Expected to find column %q in %v", s.column, index) + } + }) + } +} diff --git a/tools/dbutils/json.go b/tools/dbutils/json.go new file mode 100644 index 0000000..5d40804 --- /dev/null +++ b/tools/dbutils/json.go @@ -0,0 +1,51 @@ +package dbutils + +import ( + "fmt" + "strings" +) + +// JSONEach returns JSON_EACH SQLite string expression with +// some normalizations for non-json columns. +func JSONEach(column string) string { + // note: we are not using the new and shorter "if(x,y)" syntax for + // compatability with custom drivers that use older SQLite version + return fmt.Sprintf( + `json_each(CASE WHEN iif(json_valid([[%s]]), json_type([[%s]])='array', FALSE) THEN [[%s]] ELSE json_array([[%s]]) END)`, + column, column, column, column, + ) +} + +// JSONArrayLength returns JSON_ARRAY_LENGTH SQLite string expression +// with some normalizations for non-json columns. +// +// It works with both json and non-json column values. +// +// Returns 0 for empty string or NULL column values. +func JSONArrayLength(column string) string { + // note: we are not using the new and shorter "if(x,y)" syntax for + // compatability with custom drivers that use older SQLite version + return fmt.Sprintf( + `json_array_length(CASE WHEN iif(json_valid([[%s]]), json_type([[%s]])='array', FALSE) THEN [[%s]] ELSE (CASE WHEN [[%s]] = '' OR [[%s]] IS NULL THEN json_array() ELSE json_array([[%s]]) END) END)`, + column, column, column, column, column, column, + ) +} + +// JSONExtract returns a JSON_EXTRACT SQLite string expression with +// some normalizations for non-json columns. +func JSONExtract(column string, path string) string { + // prefix the path with dot if it is not starting with array notation + if path != "" && !strings.HasPrefix(path, "[") { + path = "." + path + } + + return fmt.Sprintf( + // note: the extra object wrapping is needed to workaround the cases where a json_extract is used with non-json columns. + "(CASE WHEN json_valid([[%s]]) THEN JSON_EXTRACT([[%s]], '$%s') ELSE JSON_EXTRACT(json_object('pb', [[%s]]), '$.pb%s') END)", + column, + column, + path, + column, + path, + ) +} diff --git a/tools/dbutils/json_test.go b/tools/dbutils/json_test.go new file mode 100644 index 0000000..194b9a6 --- /dev/null +++ b/tools/dbutils/json_test.go @@ -0,0 +1,65 @@ +package dbutils_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/tools/dbutils" +) + +func TestJSONEach(t *testing.T) { + result := dbutils.JSONEach("a.b") + + expected := "json_each(CASE WHEN iif(json_valid([[a.b]]), json_type([[a.b]])='array', FALSE) THEN [[a.b]] ELSE json_array([[a.b]]) END)" + + if result != expected { + t.Fatalf("Expected\n%v\ngot\n%v", expected, result) + } +} + +func TestJSONArrayLength(t *testing.T) { + result := dbutils.JSONArrayLength("a.b") + + expected := "json_array_length(CASE WHEN iif(json_valid([[a.b]]), json_type([[a.b]])='array', FALSE) THEN [[a.b]] ELSE (CASE WHEN [[a.b]] = '' OR [[a.b]] IS NULL THEN json_array() ELSE json_array([[a.b]]) END) END)" + + if result != expected { + t.Fatalf("Expected\n%v\ngot\n%v", expected, result) + } +} + +func TestJSONExtract(t *testing.T) { + scenarios := []struct { + name string + column string + path string + expected string + }{ + { + "empty path", + "a.b", + "", + "(CASE WHEN json_valid([[a.b]]) THEN JSON_EXTRACT([[a.b]], '$') ELSE JSON_EXTRACT(json_object('pb', [[a.b]]), '$.pb') END)", + }, + { + "starting with array index", + "a.b", + "[1].a[2]", + "(CASE WHEN json_valid([[a.b]]) THEN JSON_EXTRACT([[a.b]], '$[1].a[2]') ELSE JSON_EXTRACT(json_object('pb', [[a.b]]), '$.pb[1].a[2]') END)", + }, + { + "starting with key", + "a.b", + "a.b[2].c", + "(CASE WHEN json_valid([[a.b]]) THEN JSON_EXTRACT([[a.b]], '$.a.b[2].c') ELSE JSON_EXTRACT(json_object('pb', [[a.b]]), '$.pb.a.b[2].c') END)", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := dbutils.JSONExtract(s.column, s.path) + + if result != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, result) + } + }) + } +} diff --git a/tools/filesystem/blob/bucket.go b/tools/filesystem/blob/bucket.go new file mode 100644 index 0000000..6d744f5 --- /dev/null +++ b/tools/filesystem/blob/bucket.go @@ -0,0 +1,736 @@ +// Package blob defines a lightweight abstration for interacting with +// various storage services (local filesystem, S3, etc.). +// +// NB! +// For compatibility with earlier PocketBase versions and to prevent +// unnecessary breaking changes, this package is based and implemented +// as a minimal, stripped down version of the previously used gocloud.dev/blob. +// While there is no promise that it won't diverge in the future to accommodate +// better some PocketBase specific use cases, currently it copies and +// tries to follow as close as possible the same implementations, +// conventions and rules for the key escaping/unescaping, blob read/write +// interfaces and struct options as gocloud.dev/blob, therefore the +// credits goes to the original Go Cloud Development Kit Authors. +package blob + +import ( + "bytes" + "context" + "crypto/md5" + "errors" + "fmt" + "io" + "log" + "mime" + "runtime" + "strings" + "sync" + "time" + "unicode/utf8" +) + +var ( + ErrNotFound = errors.New("resource not found") + ErrClosed = errors.New("bucket or blob is closed") +) + +// Bucket provides an easy and portable way to interact with blobs +// within a "bucket", including read, write, and list operations. +// To create a Bucket, use constructors found in driver subpackages. +type Bucket struct { + drv Driver + + // mu protects the closed variable. + // Read locks are kept to allow holding a read lock for long-running calls, + // and thereby prevent closing until a call finishes. + mu sync.RWMutex + closed bool +} + +// NewBucket creates a new *Bucket based on a specific driver implementation. +func NewBucket(drv Driver) *Bucket { + return &Bucket{drv: drv} +} + +// ListOptions sets options for listing blobs via Bucket.List. +type ListOptions struct { + // Prefix indicates that only blobs with a key starting with this prefix + // should be returned. + Prefix string + + // Delimiter sets the delimiter used to define a hierarchical namespace, + // like a filesystem with "directories". It is highly recommended that you + // use "" or "/" as the Delimiter. Other values should work through this API, + // but service UIs generally assume "/". + // + // An empty delimiter means that the bucket is treated as a single flat + // namespace. + // + // A non-empty delimiter means that any result with the delimiter in its key + // after Prefix is stripped will be returned with ListObject.IsDir = true, + // ListObject.Key truncated after the delimiter, and zero values for other + // ListObject fields. These results represent "directories". Multiple results + // in a "directory" are returned as a single result. + Delimiter string + + // PageSize sets the maximum number of objects to be returned. + // 0 means no maximum; driver implementations should choose a reasonable + // max. It is guaranteed to be >= 0. + PageSize int + + // PageToken may be filled in with the NextPageToken from a previous + // ListPaged call. + PageToken []byte +} + +// ListPage represents a page of results return from ListPaged. +type ListPage struct { + // Objects is the slice of objects found. If ListOptions.PageSize > 0, + // it should have at most ListOptions.PageSize entries. + // + // Objects should be returned in lexicographical order of UTF-8 encoded keys, + // including across pages. I.e., all objects returned from a ListPage request + // made using a PageToken from a previous ListPage request's NextPageToken + // should have Key >= the Key for all objects from the previous request. + Objects []*ListObject `json:"objects"` + + // NextPageToken should be left empty unless there are more objects + // to return. The value may be returned as ListOptions.PageToken on a + // subsequent ListPaged call, to fetch the next page of results. + // It can be an arbitrary []byte; it need not be a valid key. + NextPageToken []byte `json:"nextPageToken"` +} + +// ListIterator iterates over List results. +type ListIterator struct { + b *Bucket + opts *ListOptions + page *ListPage + nextIdx int +} + +// Next returns a *ListObject for the next blob. +// It returns (nil, io.EOF) if there are no more. +func (i *ListIterator) Next(ctx context.Context) (*ListObject, error) { + if i.page != nil { + // We've already got a page of results. + if i.nextIdx < len(i.page.Objects) { + // Next object is in the page; return it. + dobj := i.page.Objects[i.nextIdx] + i.nextIdx++ + return &ListObject{ + Key: dobj.Key, + ModTime: dobj.ModTime, + Size: dobj.Size, + MD5: dobj.MD5, + IsDir: dobj.IsDir, + }, nil + } + + if len(i.page.NextPageToken) == 0 { + // Done with current page, and there are no more; return io.EOF. + return nil, io.EOF + } + + // We need to load the next page. + i.opts.PageToken = i.page.NextPageToken + } + + i.b.mu.RLock() + defer i.b.mu.RUnlock() + + if i.b.closed { + return nil, ErrClosed + } + + // Loading a new page. + p, err := i.b.drv.ListPaged(ctx, i.opts) + if err != nil { + return nil, wrapError(i.b.drv, err, "") + } + + i.page = p + i.nextIdx = 0 + + return i.Next(ctx) +} + +// ListObject represents a single blob returned from List. +type ListObject struct { + // Key is the key for this blob. + Key string `json:"key"` + + // ModTime is the time the blob was last modified. + ModTime time.Time `json:"modTime"` + + // Size is the size of the blob's content in bytes. + Size int64 `json:"size"` + + // MD5 is an MD5 hash of the blob contents or nil if not available. + MD5 []byte `json:"md5"` + + // IsDir indicates that this result represents a "directory" in the + // hierarchical namespace, ending in ListOptions.Delimiter. Key can be + // passed as ListOptions.Prefix to list items in the "directory". + // Fields other than Key and IsDir will not be set if IsDir is true. + IsDir bool `json:"isDir"` +} + +// List returns a ListIterator that can be used to iterate over blobs in a +// bucket, in lexicographical order of UTF-8 encoded keys. The underlying +// implementation fetches results in pages. +// +// A nil ListOptions is treated the same as the zero value. +// +// List is not guaranteed to include all recently-written blobs; +// some services are only eventually consistent. +func (b *Bucket) List(opts *ListOptions) *ListIterator { + if opts == nil { + opts = &ListOptions{} + } + + dopts := &ListOptions{ + Prefix: opts.Prefix, + Delimiter: opts.Delimiter, + } + + return &ListIterator{b: b, opts: dopts} +} + +// FirstPageToken is the pageToken to pass to ListPage to retrieve the first page of results. +var FirstPageToken = []byte("first page") + +// ListPage returns a page of ListObject results for blobs in a bucket, in lexicographical +// order of UTF-8 encoded keys. +// +// To fetch the first page, pass FirstPageToken as the pageToken. For subsequent pages, pass +// the pageToken returned from a previous call to ListPage. +// It is not possible to "skip ahead" pages. +// +// Each call will return pageSize results, unless there are not enough blobs to fill the +// page, in which case it will return fewer results (possibly 0). +// +// If there are no more blobs available, ListPage will return an empty pageToken. Note that +// this may happen regardless of the number of returned results -- the last page might have +// 0 results (i.e., if the last item was deleted), pageSize results, or anything in between. +// +// Calling ListPage with an empty pageToken will immediately return io.EOF. When looping +// over pages, callers can either check for an empty pageToken, or they can make one more +// call and check for io.EOF. +// +// The underlying implementation fetches results in pages, but one call to ListPage may +// require multiple page fetches (and therefore, multiple calls to the BeforeList callback). +// +// A nil ListOptions is treated the same as the zero value. +// +// ListPage is not guaranteed to include all recently-written blobs; +// some services are only eventually consistent. +func (b *Bucket) ListPage(ctx context.Context, pageToken []byte, pageSize int, opts *ListOptions) (retval []*ListObject, nextPageToken []byte, err error) { + if opts == nil { + opts = &ListOptions{} + } + if pageSize <= 0 { + return nil, nil, fmt.Errorf("pageSize must be > 0 (%d)", pageSize) + } + + // Nil pageToken means no more results. + if len(pageToken) == 0 { + return nil, nil, io.EOF + } + + // FirstPageToken fetches the first page. Drivers use nil. + // The public API doesn't use nil for the first page because it would be too easy to + // keep fetching forever (since the last page return nil for the next pageToken). + if bytes.Equal(pageToken, FirstPageToken) { + pageToken = nil + } + + b.mu.RLock() + defer b.mu.RUnlock() + + if b.closed { + return nil, nil, ErrClosed + } + + dopts := &ListOptions{ + Prefix: opts.Prefix, + Delimiter: opts.Delimiter, + PageToken: pageToken, + PageSize: pageSize, + } + + retval = make([]*ListObject, 0, pageSize) + for len(retval) < pageSize { + p, err := b.drv.ListPaged(ctx, dopts) + if err != nil { + return nil, nil, wrapError(b.drv, err, "") + } + + for _, dobj := range p.Objects { + retval = append(retval, &ListObject{ + Key: dobj.Key, + ModTime: dobj.ModTime, + Size: dobj.Size, + MD5: dobj.MD5, + IsDir: dobj.IsDir, + }) + } + + // ListPaged may return fewer results than pageSize. If there are more results + // available, signalled by non-empty p.NextPageToken, try to fetch the remainder + // of the page. + // It does not work to ask for more results than we need, because then we'd have + // a NextPageToken on a non-page boundary. + dopts.PageSize = pageSize - len(retval) + dopts.PageToken = p.NextPageToken + if len(dopts.PageToken) == 0 { + dopts.PageToken = nil + break + } + } + + return retval, dopts.PageToken, nil +} + +// Attributes contains attributes about a blob. +type Attributes struct { + // CacheControl specifies caching attributes that services may use + // when serving the blob. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control + CacheControl string `json:"cacheControl"` + + // ContentDisposition specifies whether the blob content is expected to be + // displayed inline or as an attachment. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition + ContentDisposition string `json:"contentDisposition"` + + // ContentEncoding specifies the encoding used for the blob's content, if any. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding + ContentEncoding string `json:"contentEncoding"` + + // ContentLanguage specifies the language used in the blob's content, if any. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Language + ContentLanguage string `json:"contentLanguage"` + + // ContentType is the MIME type of the blob. It will not be empty. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type + ContentType string `json:"contentType"` + + // Metadata holds key/value pairs associated with the blob. + // Keys are guaranteed to be in lowercase, even if the backend service + // has case-sensitive keys (although note that Metadata written via + // this package will always be lowercased). If there are duplicate + // case-insensitive keys (e.g., "foo" and "FOO"), only one value + // will be kept, and it is undefined which one. + Metadata map[string]string `json:"metadata"` + + // CreateTime is the time the blob was created, if available. If not available, + // CreateTime will be the zero time. + CreateTime time.Time `json:"createTime"` + + // ModTime is the time the blob was last modified. + ModTime time.Time `json:"modTime"` + + // Size is the size of the blob's content in bytes. + Size int64 `json:"size"` + + // MD5 is an MD5 hash of the blob contents or nil if not available. + MD5 []byte `json:"md5"` + + // ETag for the blob; see https://en.wikipedia.org/wiki/HTTP_ETag. + ETag string `json:"etag"` +} + +// Attributes returns attributes for the blob stored at key. +// +// If the blob does not exist, Attributes returns an error for which +// gcerrors.Code will return gcerrors.NotFound. +func (b *Bucket) Attributes(ctx context.Context, key string) (_ *Attributes, err error) { + if !utf8.ValidString(key) { + return nil, fmt.Errorf("Attributes key must be a valid UTF-8 string: %q", key) + } + + b.mu.RLock() + defer b.mu.RUnlock() + if b.closed { + return nil, ErrClosed + } + + a, err := b.drv.Attributes(ctx, key) + if err != nil { + return nil, wrapError(b.drv, err, key) + } + + var md map[string]string + if len(a.Metadata) > 0 { + // Services are inconsistent, but at least some treat keys + // as case-insensitive. To make the behavior consistent, we + // force-lowercase them when writing and reading. + md = make(map[string]string, len(a.Metadata)) + for k, v := range a.Metadata { + md[strings.ToLower(k)] = v + } + } + + return &Attributes{ + CacheControl: a.CacheControl, + ContentDisposition: a.ContentDisposition, + ContentEncoding: a.ContentEncoding, + ContentLanguage: a.ContentLanguage, + ContentType: a.ContentType, + Metadata: md, + CreateTime: a.CreateTime, + ModTime: a.ModTime, + Size: a.Size, + MD5: a.MD5, + ETag: a.ETag, + }, nil +} + +// Exists returns true if a blob exists at key, false if it does not exist, or +// an error. +// +// It is a shortcut for calling Attributes and checking if it returns an error +// with code ErrNotFound. +func (b *Bucket) Exists(ctx context.Context, key string) (bool, error) { + _, err := b.Attributes(ctx, key) + if err == nil { + return true, nil + } + + if errors.Is(err, ErrNotFound) { + return false, nil + } + + return false, err +} + +// NewReader is a shortcut for NewRangeReader with offset=0 and length=-1. +func (b *Bucket) NewReader(ctx context.Context, key string) (*Reader, error) { + return b.newRangeReader(ctx, key, 0, -1) +} + +// NewRangeReader returns a Reader to read content from the blob stored at key. +// It reads at most length bytes starting at offset (>= 0). +// If length is negative, it will read till the end of the blob. +// +// For the purposes of Seek, the returned Reader will start at offset and +// end at the minimum of the actual end of the blob or (if length > 0) offset + length. +// +// Note that ctx is used for all reads performed during the lifetime of the reader. +// +// If the blob does not exist, NewRangeReader returns an error for which +// gcerrors.Code will return gcerrors.NotFound. Exists is a lighter-weight way +// to check for existence. +// +// A nil ReaderOptions is treated the same as the zero value. +// +// The caller must call Close on the returned Reader when done reading. +func (b *Bucket) NewRangeReader(ctx context.Context, key string, offset, length int64) (_ *Reader, err error) { + return b.newRangeReader(ctx, key, offset, length) +} + +func (b *Bucket) newRangeReader(ctx context.Context, key string, offset, length int64) (_ *Reader, err error) { + b.mu.RLock() + defer b.mu.RUnlock() + if b.closed { + return nil, ErrClosed + } + + if offset < 0 { + return nil, fmt.Errorf("NewRangeReader offset must be non-negative (%d)", offset) + } + + if !utf8.ValidString(key) { + return nil, fmt.Errorf("NewRangeReader key must be a valid UTF-8 string: %q", key) + } + + var dr DriverReader + dr, err = b.drv.NewRangeReader(ctx, key, offset, length) + if err != nil { + return nil, wrapError(b.drv, err, key) + } + + r := &Reader{ + drv: b.drv, + r: dr, + key: key, + ctx: ctx, + baseOffset: offset, + baseLength: length, + savedOffset: -1, + } + + _, file, lineno, ok := runtime.Caller(2) + runtime.SetFinalizer(r, func(r *Reader) { + if !r.closed { + var caller string + if ok { + caller = fmt.Sprintf(" (%s:%d)", file, lineno) + } + log.Printf("A blob.Reader reading from %q was never closed%s", key, caller) + } + }) + + return r, nil +} + +// WriterOptions sets options for NewWriter. +type WriterOptions struct { + // BufferSize changes the default size in bytes of the chunks that + // Writer will upload in a single request; larger blobs will be split into + // multiple requests. + // + // This option may be ignored by some drivers. + // + // If 0, the driver will choose a reasonable default. + // + // If the Writer is used to do many small writes concurrently, using a + // smaller BufferSize may reduce memory usage. + BufferSize int + + // MaxConcurrency changes the default concurrency for parts of an upload. + // + // This option may be ignored by some drivers. + // + // If 0, the driver will choose a reasonable default. + MaxConcurrency int + + // CacheControl specifies caching attributes that services may use + // when serving the blob. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control + CacheControl string + + // ContentDisposition specifies whether the blob content is expected to be + // displayed inline or as an attachment. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition + ContentDisposition string + + // ContentEncoding specifies the encoding used for the blob's content, if any. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding + ContentEncoding string + + // ContentLanguage specifies the language used in the blob's content, if any. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Language + ContentLanguage string + + // ContentType specifies the MIME type of the blob being written. If not set, + // it will be inferred from the content using the algorithm described at + // http://mimesniff.spec.whatwg.org/. + // Set DisableContentTypeDetection to true to disable the above and force + // the ContentType to stay empty. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type + ContentType string + + // When true, if ContentType is the empty string, it will stay the empty + // string rather than being inferred from the content. + // Note that while the blob will be written with an empty string ContentType, + // most providers will fill one in during reads, so don't expect an empty + // ContentType if you read the blob back. + DisableContentTypeDetection bool + + // ContentMD5 is used as a message integrity check. + // If len(ContentMD5) > 0, the MD5 hash of the bytes written must match + // ContentMD5, or Close will return an error without completing the write. + // https://tools.ietf.org/html/rfc1864 + ContentMD5 []byte + + // Metadata holds key/value strings to be associated with the blob, or nil. + // Keys may not be empty, and are lowercased before being written. + // Duplicate case-insensitive keys (e.g., "foo" and "FOO") will result in + // an error. + Metadata map[string]string +} + +// NewWriter returns a Writer that writes to the blob stored at key. +// A nil WriterOptions is treated the same as the zero value. +// +// If a blob with this key already exists, it will be replaced. +// The blob being written is not guaranteed to be readable until Close +// has been called; until then, any previous blob will still be readable. +// Even after Close is called, newly written blobs are not guaranteed to be +// returned from List; some services are only eventually consistent. +// +// The returned Writer will store ctx for later use in Write and/or Close. +// To abort a write, cancel ctx; otherwise, it must remain open until +// Close is called. +// +// The caller must call Close on the returned Writer, even if the write is +// aborted. +func (b *Bucket) NewWriter(ctx context.Context, key string, opts *WriterOptions) (_ *Writer, err error) { + if !utf8.ValidString(key) { + return nil, fmt.Errorf("NewWriter key must be a valid UTF-8 string: %q", key) + } + if opts == nil { + opts = &WriterOptions{} + } + dopts := &WriterOptions{ + CacheControl: opts.CacheControl, + ContentDisposition: opts.ContentDisposition, + ContentEncoding: opts.ContentEncoding, + ContentLanguage: opts.ContentLanguage, + ContentMD5: opts.ContentMD5, + BufferSize: opts.BufferSize, + MaxConcurrency: opts.MaxConcurrency, + DisableContentTypeDetection: opts.DisableContentTypeDetection, + } + + if len(opts.Metadata) > 0 { + // Services are inconsistent, but at least some treat keys + // as case-insensitive. To make the behavior consistent, we + // force-lowercase them when writing and reading. + md := make(map[string]string, len(opts.Metadata)) + for k, v := range opts.Metadata { + if k == "" { + return nil, errors.New("WriterOptions.Metadata keys may not be empty strings") + } + if !utf8.ValidString(k) { + return nil, fmt.Errorf("WriterOptions.Metadata keys must be valid UTF-8 strings: %q", k) + } + if !utf8.ValidString(v) { + return nil, fmt.Errorf("WriterOptions.Metadata values must be valid UTF-8 strings: %q", v) + } + lowerK := strings.ToLower(k) + if _, found := md[lowerK]; found { + return nil, fmt.Errorf("WriterOptions.Metadata has a duplicate case-insensitive metadata key: %q", lowerK) + } + md[lowerK] = v + } + dopts.Metadata = md + } + + b.mu.RLock() + defer b.mu.RUnlock() + if b.closed { + return nil, ErrClosed + } + + ctx, cancel := context.WithCancel(ctx) + + w := &Writer{ + drv: b.drv, + cancel: cancel, + key: key, + contentMD5: opts.ContentMD5, + md5hash: md5.New(), + } + + if opts.ContentType != "" || opts.DisableContentTypeDetection { + var ct string + if opts.ContentType != "" { + t, p, err := mime.ParseMediaType(opts.ContentType) + if err != nil { + cancel() + return nil, err + } + ct = mime.FormatMediaType(t, p) + } + dw, err := b.drv.NewTypedWriter(ctx, key, ct, dopts) + if err != nil { + cancel() + return nil, wrapError(b.drv, err, key) + } + w.w = dw + } else { + // Save the fields needed to called NewTypedWriter later, once we've gotten + // sniffLen bytes; see the comment on Writer. + w.ctx = ctx + w.opts = dopts + w.buf = bytes.NewBuffer([]byte{}) + } + + _, file, lineno, ok := runtime.Caller(1) + runtime.SetFinalizer(w, func(w *Writer) { + if !w.closed { + var caller string + if ok { + caller = fmt.Sprintf(" (%s:%d)", file, lineno) + } + log.Printf("A blob.Writer writing to %q was never closed%s", key, caller) + } + }) + + return w, nil +} + +// Copy the blob stored at srcKey to dstKey. +// A nil CopyOptions is treated the same as the zero value. +// +// If the source blob does not exist, Copy returns an error for which +// gcerrors.Code will return gcerrors.NotFound. +// +// If the destination blob already exists, it is overwritten. +func (b *Bucket) Copy(ctx context.Context, dstKey, srcKey string) (err error) { + if !utf8.ValidString(srcKey) { + return fmt.Errorf("Copy srcKey must be a valid UTF-8 string: %q", srcKey) + } + + if !utf8.ValidString(dstKey) { + return fmt.Errorf("Copy dstKey must be a valid UTF-8 string: %q", dstKey) + } + + b.mu.RLock() + defer b.mu.RUnlock() + + if b.closed { + return ErrClosed + } + + return wrapError(b.drv, b.drv.Copy(ctx, dstKey, srcKey), fmt.Sprintf("%s -> %s", srcKey, dstKey)) +} + +// Delete deletes the blob stored at key. +// +// If the blob does not exist, Delete returns an error for which +// gcerrors.Code will return gcerrors.NotFound. +func (b *Bucket) Delete(ctx context.Context, key string) (err error) { + if !utf8.ValidString(key) { + return fmt.Errorf("Delete key must be a valid UTF-8 string: %q", key) + } + + b.mu.RLock() + defer b.mu.RUnlock() + + if b.closed { + return ErrClosed + } + + return wrapError(b.drv, b.drv.Delete(ctx, key), key) +} + +// Close releases any resources used for the bucket. +// +// @todo Consider removing it. +func (b *Bucket) Close() error { + b.mu.Lock() + prev := b.closed + b.closed = true + b.mu.Unlock() + + if prev { + return ErrClosed + } + + return wrapError(b.drv, b.drv.Close(), "") +} + +func wrapError(b Driver, err error, key string) error { + if err == nil { + return nil + } + + // don't wrap or normalize EOF errors since there are many places + // in the standard library (e.g. io.ReadAll) that rely on checks + // such as "err == io.EOF" and they will fail + if errors.Is(err, io.EOF) { + return err + } + + err = b.NormalizeError(err) + + if key != "" { + err = fmt.Errorf("[key: %s] %w", key, err) + } + + return err +} diff --git a/tools/filesystem/blob/driver.go b/tools/filesystem/blob/driver.go new file mode 100644 index 0000000..7cae2c9 --- /dev/null +++ b/tools/filesystem/blob/driver.go @@ -0,0 +1,107 @@ +package blob + +import ( + "context" + "io" + "time" +) + +// ReaderAttributes contains a subset of attributes about a blob that are +// accessible from Reader. +type ReaderAttributes struct { + // ContentType is the MIME type of the blob object. It must not be empty. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type + ContentType string `json:"contentType"` + + // ModTime is the time the blob object was last modified. + ModTime time.Time `json:"modTime"` + + // Size is the size of the object in bytes. + Size int64 `json:"size"` +} + +// DriverReader reads an object from the blob. +type DriverReader interface { + io.ReadCloser + + // Attributes returns a subset of attributes about the blob. + // The portable type will not modify the returned ReaderAttributes. + Attributes() *ReaderAttributes +} + +// DriverWriter writes an object to the blob. +type DriverWriter interface { + io.WriteCloser +} + +// Driver provides read, write and delete operations on objects within it on the +// blob service. +type Driver interface { + NormalizeError(err error) error + + // Attributes returns attributes for the blob. If the specified object does + // not exist, Attributes must return an error for which ErrorCode returns ErrNotFound. + // The portable type will not modify the returned Attributes. + Attributes(ctx context.Context, key string) (*Attributes, error) + + // ListPaged lists objects in the bucket, in lexicographical order by + // UTF-8-encoded key, returning pages of objects at a time. + // Services are only required to be eventually consistent with respect + // to recently written or deleted objects. That is to say, there is no + // guarantee that an object that's been written will immediately be returned + // from ListPaged. + // opts is guaranteed to be non-nil. + ListPaged(ctx context.Context, opts *ListOptions) (*ListPage, error) + + // NewRangeReader returns a Reader that reads part of an object, reading at + // most length bytes starting at the given offset. If length is negative, it + // will read until the end of the object. If the specified object does not + // exist, NewRangeReader must return an error for which ErrorCode returns ErrNotFound. + // opts is guaranteed to be non-nil. + // + // The returned Reader *may* also implement Downloader if the underlying + // implementation can take advantage of that. The Download call is guaranteed + // to be the only call to the Reader. For such readers, offset will always + // be 0 and length will always be -1. + NewRangeReader(ctx context.Context, key string, offset, length int64) (DriverReader, error) + + // NewTypedWriter returns Writer that writes to an object associated with key. + // + // A new object will be created unless an object with this key already exists. + // Otherwise any previous object with the same key will be replaced. + // The object may not be available (and any previous object will remain) + // until Close has been called. + // + // contentType sets the MIME type of the object to be written. + // opts is guaranteed to be non-nil. + // + // The caller must call Close on the returned Writer when done writing. + // + // Implementations should abort an ongoing write if ctx is later canceled, + // and do any necessary cleanup in Close. Close should then return ctx.Err(). + // + // The returned Writer *may* also implement Uploader if the underlying + // implementation can take advantage of that. The Upload call is guaranteed + // to be the only non-Close call to the Writer.. + NewTypedWriter(ctx context.Context, key, contentType string, opts *WriterOptions) (DriverWriter, error) + + // Copy copies the object associated with srcKey to dstKey. + // + // If the source object does not exist, Copy must return an error for which + // ErrorCode returns ErrNotFound. + // + // If the destination object already exists, it should be overwritten. + // + // opts is guaranteed to be non-nil. + Copy(ctx context.Context, dstKey, srcKey string) error + + // Delete deletes the object associated with key. If the specified object does + // not exist, Delete must return an error for which ErrorCode returns ErrNotFound. + Delete(ctx context.Context, key string) error + + // Close cleans up any resources used by the Bucket. Once Close is called, + // there will be no method calls to the Bucket other than As, ErrorAs, and + // ErrorCode. There may be open readers or writers that will receive calls. + // It is up to the driver as to how these will be handled. + Close() error +} diff --git a/tools/filesystem/blob/hex.go b/tools/filesystem/blob/hex.go new file mode 100644 index 0000000..d41909e --- /dev/null +++ b/tools/filesystem/blob/hex.go @@ -0,0 +1,153 @@ +package blob + +import ( + "fmt" + "strconv" +) + +// Copied from gocloud.dev/blob to avoid nuances around the specific +// HEX escaping/unescaping rules. +// +// ------------------------------------------------------------------- +// Copyright 2019 The Go Cloud Development Kit Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ------------------------------------------------------------------- + +// HexEscape returns s, with all runes for which shouldEscape returns true +// escaped to "__0xXXX__", where XXX is the hex representation of the rune +// value. For example, " " would escape to "__0x20__". +// +// Non-UTF-8 strings will have their non-UTF-8 characters escaped to +// unicode.ReplacementChar; the original value is lost. Please file an +// issue if you need non-UTF8 support. +// +// Note: shouldEscape takes the whole string as a slice of runes and an +// index. Passing it a single byte or a single rune doesn't provide +// enough context for some escape decisions; for example, the caller might +// want to escape the second "/" in "//" but not the first one. +// We pass a slice of runes instead of the string or a slice of bytes +// because some decisions will be made on a rune basis (e.g., encode +// all non-ASCII runes). +func HexEscape(s string, shouldEscape func(s []rune, i int) bool) string { + // Do a first pass to see which runes (if any) need escaping. + runes := []rune(s) + var toEscape []int + for i := range runes { + if shouldEscape(runes, i) { + toEscape = append(toEscape, i) + } + } + if len(toEscape) == 0 { + return s + } + + // Each escaped rune turns into at most 14 runes ("__0x7fffffff__"), + // so allocate an extra 13 for each. We'll reslice at the end + // if we didn't end up using them. + escaped := make([]rune, len(runes)+13*len(toEscape)) + n := 0 // current index into toEscape + j := 0 // current index into escaped + for i, r := range runes { + if n < len(toEscape) && i == toEscape[n] { + // We were asked to escape this rune. + for _, x := range fmt.Sprintf("__%#x__", r) { + escaped[j] = x + j++ + } + n++ + } else { + escaped[j] = r + j++ + } + } + + return string(escaped[0:j]) +} + +// unescape tries to unescape starting at r[i]. +// It returns a boolean indicating whether the unescaping was successful, +// and (if true) the unescaped rune and the last index of r that was used +// during unescaping. +func unescape(r []rune, i int) (bool, rune, int) { + // Look for "__0x". + if r[i] != '_' { + return false, 0, 0 + } + i++ + if i >= len(r) || r[i] != '_' { + return false, 0, 0 + } + i++ + if i >= len(r) || r[i] != '0' { + return false, 0, 0 + } + i++ + if i >= len(r) || r[i] != 'x' { + return false, 0, 0 + } + i++ + + // Capture the digits until the next "_" (if any). + var hexdigits []rune + for ; i < len(r) && r[i] != '_'; i++ { + hexdigits = append(hexdigits, r[i]) + } + + // Look for the trailing "__". + if i >= len(r) || r[i] != '_' { + return false, 0, 0 + } + i++ + if i >= len(r) || r[i] != '_' { + return false, 0, 0 + } + + // Parse the hex digits into an int32. + retval, err := strconv.ParseInt(string(hexdigits), 16, 32) + if err != nil { + return false, 0, 0 + } + + return true, rune(retval), i +} + +// HexUnescape reverses HexEscape. +func HexUnescape(s string) string { + var unescaped []rune + + runes := []rune(s) + for i := 0; i < len(runes); i++ { + if ok, newR, newI := unescape(runes, i); ok { + // We unescaped some runes starting at i, resulting in the + // unescaped rune newR. The last rune used was newI. + if unescaped == nil { + // This is the first rune we've encountered that + // needed unescaping. Allocate a buffer and copy any + // previous runes. + unescaped = make([]rune, i) + copy(unescaped, runes) + } + unescaped = append(unescaped, newR) + i = newI + } else if unescaped != nil { + unescaped = append(unescaped, runes[i]) + } + } + + if unescaped == nil { + return s + } + + return string(unescaped) +} diff --git a/tools/filesystem/blob/reader.go b/tools/filesystem/blob/reader.go new file mode 100644 index 0000000..9995c61 --- /dev/null +++ b/tools/filesystem/blob/reader.go @@ -0,0 +1,196 @@ +package blob + +import ( + "context" + "fmt" + "io" + "log" + "time" +) + +// Largely copied from gocloud.dev/blob.Reader to minimize breaking changes. +// +// ------------------------------------------------------------------- +// Copyright 2019 The Go Cloud Development Kit Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ------------------------------------------------------------------- + +var _ io.ReadSeekCloser = (*Reader)(nil) + +// Reader reads bytes from a blob. +// It implements io.ReadSeekCloser, and must be closed after reads are finished. +type Reader struct { + ctx context.Context // Used to recreate r after Seeks + r DriverReader + drv Driver + key string + baseOffset int64 // The base offset provided to NewRangeReader. + baseLength int64 // The length provided to NewRangeReader (may be negative). + relativeOffset int64 // Current offset (relative to baseOffset). + savedOffset int64 // Last relativeOffset for r, saved after relativeOffset is changed in Seek, or -1 if no Seek. + closed bool +} + +// Read implements io.Reader (https://golang.org/pkg/io/#Reader). +func (r *Reader) Read(p []byte) (int, error) { + if r.savedOffset != -1 { + // We've done one or more Seeks since the last read. We may have + // to recreate the Reader. + // + // Note that remembering the savedOffset and lazily resetting the + // reader like this allows the caller to Seek, then Seek again back, + // to the original offset, without having to recreate the reader. + // We only have to recreate the reader if we actually read after a Seek. + // This is an important optimization because it's common to Seek + // to (SeekEnd, 0) and use the return value to determine the size + // of the data, then Seek back to (SeekStart, 0). + saved := r.savedOffset + if r.relativeOffset == saved { + // Nope! We're at the same place we left off. + r.savedOffset = -1 + } else { + // Yep! We've changed the offset. Recreate the reader. + length := r.baseLength + if length >= 0 { + length -= r.relativeOffset + if length < 0 { + // Shouldn't happen based on checks in Seek. + return 0, fmt.Errorf("invalid Seek (base length %d, relative offset %d)", r.baseLength, r.relativeOffset) + } + } + newR, err := r.drv.NewRangeReader(r.ctx, r.key, r.baseOffset+r.relativeOffset, length) + if err != nil { + return 0, wrapError(r.drv, err, r.key) + } + _ = r.r.Close() + r.savedOffset = -1 + r.r = newR + } + } + n, err := r.r.Read(p) + r.relativeOffset += int64(n) + return n, wrapError(r.drv, err, r.key) +} + +// Seek implements io.Seeker (https://golang.org/pkg/io/#Seeker). +func (r *Reader) Seek(offset int64, whence int) (int64, error) { + if r.savedOffset == -1 { + // Save the current offset for our reader. If the Seek changes the + // offset, and then we try to read, we'll need to recreate the reader. + // See comment above in Read for why we do it lazily. + r.savedOffset = r.relativeOffset + } + // The maximum relative offset is the minimum of: + // 1. The actual size of the blob, minus our initial baseOffset. + // 2. The length provided to NewRangeReader (if it was non-negative). + maxRelativeOffset := r.Size() - r.baseOffset + if r.baseLength >= 0 && r.baseLength < maxRelativeOffset { + maxRelativeOffset = r.baseLength + } + switch whence { + case io.SeekStart: + r.relativeOffset = offset + case io.SeekCurrent: + r.relativeOffset += offset + case io.SeekEnd: + r.relativeOffset = maxRelativeOffset + offset + } + if r.relativeOffset < 0 { + // "Seeking to an offset before the start of the file is an error." + invalidOffset := r.relativeOffset + r.relativeOffset = 0 + return 0, fmt.Errorf("Seek resulted in invalid offset %d, using 0", invalidOffset) + } + if r.relativeOffset > maxRelativeOffset { + // "Seeking to any positive offset is legal, but the behavior of subsequent + // I/O operations on the underlying object is implementation-dependent." + // We'll choose to set the offset to the EOF. + log.Printf("blob.Reader.Seek set an offset after EOF (base offset/length from NewRangeReader %d, %d; actual blob size %d; relative offset %d -> absolute offset %d).", r.baseOffset, r.baseLength, r.Size(), r.relativeOffset, r.baseOffset+r.relativeOffset) + r.relativeOffset = maxRelativeOffset + } + return r.relativeOffset, nil +} + +// Close implements io.Closer (https://golang.org/pkg/io/#Closer). +func (r *Reader) Close() error { + r.closed = true + err := wrapError(r.drv, r.r.Close(), r.key) + return err +} + +// ContentType returns the MIME type of the blob. +func (r *Reader) ContentType() string { + return r.r.Attributes().ContentType +} + +// ModTime returns the time the blob was last modified. +func (r *Reader) ModTime() time.Time { + return r.r.Attributes().ModTime +} + +// Size returns the size of the blob content in bytes. +func (r *Reader) Size() int64 { + return r.r.Attributes().Size +} + +// WriteTo reads from r and writes to w until there's no more data or +// an error occurs. +// The return value is the number of bytes written to w. +// +// It implements the io.WriterTo interface. +func (r *Reader) WriteTo(w io.Writer) (int64, error) { + // If the writer has a ReaderFrom method, use it to do the copy. + // Don't do this for our own *Writer to avoid infinite recursion. + // Avoids an allocation and a copy. + switch w.(type) { + case *Writer: + default: + if rf, ok := w.(io.ReaderFrom); ok { + n, err := rf.ReadFrom(r) + return n, err + } + } + + _, nw, err := readFromWriteTo(r, w) + return nw, err +} + +// readFromWriteTo is a helper for ReadFrom and WriteTo. +// It reads data from r and writes to w, until EOF or a read/write error. +// It returns the number of bytes read from r and the number of bytes +// written to w. +func readFromWriteTo(r io.Reader, w io.Writer) (int64, int64, error) { + // Note: can't use io.Copy because it will try to use r.WriteTo + // or w.WriteTo, which is recursive in this context. + buf := make([]byte, 1024) + var totalRead, totalWritten int64 + for { + numRead, rerr := r.Read(buf) + if numRead > 0 { + totalRead += int64(numRead) + numWritten, werr := w.Write(buf[0:numRead]) + totalWritten += int64(numWritten) + if werr != nil { + return totalRead, totalWritten, werr + } + } + if rerr == io.EOF { + // Done! + return totalRead, totalWritten, nil + } + if rerr != nil { + return totalRead, totalWritten, rerr + } + } +} diff --git a/tools/filesystem/blob/writer.go b/tools/filesystem/blob/writer.go new file mode 100644 index 0000000..718a342 --- /dev/null +++ b/tools/filesystem/blob/writer.go @@ -0,0 +1,184 @@ +package blob + +import ( + "bytes" + "context" + "fmt" + "hash" + "io" + "net/http" +) + +// Largely copied from gocloud.dev/blob.Writer to minimize breaking changes. +// +// ------------------------------------------------------------------- +// Copyright 2019 The Go Cloud Development Kit Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ------------------------------------------------------------------- + +var _ io.WriteCloser = (*Writer)(nil) + +// Writer writes bytes to a blob. +// +// It implements io.WriteCloser (https://golang.org/pkg/io/#Closer), and must be +// closed after all writes are done. +type Writer struct { + drv Driver + w DriverWriter + key string + cancel func() // cancels the ctx provided to NewTypedWriter if contentMD5 verification fails + contentMD5 []byte + md5hash hash.Hash + bytesWritten int + closed bool + + // These fields are non-zero values only when w is nil (not yet created). + // + // A ctx is stored in the Writer since we need to pass it into NewTypedWriter + // when we finish detecting the content type of the blob and create the + // underlying driver.Writer. This step happens inside Write or Close and + // neither of them take a context.Context as an argument. + // + // All 3 fields are only initialized when we create the Writer without + // setting the w field, and are reset to zero values after w is created. + ctx context.Context + opts *WriterOptions + buf *bytes.Buffer +} + +// sniffLen is the byte size of Writer.buf used to detect content-type. +const sniffLen = 512 + +// Write implements the io.Writer interface (https://golang.org/pkg/io/#Writer). +// +// Writes may happen asynchronously, so the returned error can be nil +// even if the actual write eventually fails. The write is only guaranteed to +// have succeeded if Close returns no error. +func (w *Writer) Write(p []byte) (int, error) { + if len(w.contentMD5) > 0 { + if _, err := w.md5hash.Write(p); err != nil { + return 0, err + } + } + + if w.w != nil { + return w.write(p) + } + + // If w is not yet created due to no content-type being passed in, try to sniff + // the MIME type based on at most 512 bytes of the blob content of p. + + // Detect the content-type directly if the first chunk is at least 512 bytes. + if w.buf.Len() == 0 && len(p) >= sniffLen { + return w.open(p) + } + + // Store p in w.buf and detect the content-type when the size of content in + // w.buf is at least 512 bytes. + n, err := w.buf.Write(p) + if err != nil { + return 0, err + } + + if w.buf.Len() >= sniffLen { + // Note that w.open will return the full length of the buffer; we don't want + // to return that as the length of this write since some of them were written in + // previous writes. Instead, we return the n from this write, above. + _, err := w.open(w.buf.Bytes()) + return n, err + } + + return n, nil +} + +// Close closes the blob writer. The write operation is not guaranteed +// to have succeeded until Close returns with no error. +// +// Close may return an error if the context provided to create the +// Writer is canceled or reaches its deadline. +func (w *Writer) Close() (err error) { + w.closed = true + + // Verify the MD5 hash of what was written matches the ContentMD5 provided by the user. + if len(w.contentMD5) > 0 { + md5sum := w.md5hash.Sum(nil) + if !bytes.Equal(md5sum, w.contentMD5) { + // No match! Return an error, but first cancel the context and call the + // driver's Close function to ensure the write is aborted. + w.cancel() + if w.w != nil { + _ = w.w.Close() + } + return fmt.Errorf("the WriterOptions.ContentMD5 you specified (%X) did not match what was written (%X)", w.contentMD5, md5sum) + } + } + + defer w.cancel() + + if w.w != nil { + return wrapError(w.drv, w.w.Close(), w.key) + } + + if _, err := w.open(w.buf.Bytes()); err != nil { + return err + } + + return wrapError(w.drv, w.w.Close(), w.key) +} + +// open tries to detect the MIME type of p and write it to the blob. +// The error it returns is wrapped. +func (w *Writer) open(p []byte) (int, error) { + ct := http.DetectContentType(p) + + var err error + w.w, err = w.drv.NewTypedWriter(w.ctx, w.key, ct, w.opts) + if err != nil { + return 0, wrapError(w.drv, err, w.key) + } + + // Set the 3 fields needed for lazy NewTypedWriter back to zero values + // (see the comment on Writer). + w.buf = nil + w.ctx = nil + w.opts = nil + + return w.write(p) +} + +func (w *Writer) write(p []byte) (int, error) { + n, err := w.w.Write(p) + w.bytesWritten += n + return n, wrapError(w.drv, err, w.key) +} + +// ReadFrom reads from r and writes to w until EOF or error. +// The return value is the number of bytes read from r. +// +// It implements the io.ReaderFrom interface. +func (w *Writer) ReadFrom(r io.Reader) (int64, error) { + // If the reader has a WriteTo method, use it to do the copy. + // Don't do this for our own *Reader to avoid infinite recursion. + // Avoids an allocation and a copy. + switch r.(type) { + case *Reader: + default: + if wt, ok := r.(io.WriterTo); ok { + return wt.WriteTo(w) + } + } + + nr, _, err := readFromWriteTo(r, w) + return nr, err +} diff --git a/tools/filesystem/file.go b/tools/filesystem/file.go new file mode 100644 index 0000000..c177197 --- /dev/null +++ b/tools/filesystem/file.go @@ -0,0 +1,268 @@ +package filesystem + +import ( + "bytes" + "context" + "errors" + "fmt" + "io" + "mime/multipart" + "net/http" + "os" + "path" + "regexp" + "strings" + + "github.com/gabriel-vasile/mimetype" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/security" +) + +// FileReader defines an interface for a file resource reader. +type FileReader interface { + Open() (io.ReadSeekCloser, error) +} + +// File defines a single file [io.ReadSeekCloser] resource. +// +// The file could be from a local path, multipart/form-data header, etc. +type File struct { + Reader FileReader `form:"-" json:"-" xml:"-"` + Name string `form:"name" json:"name" xml:"name"` + OriginalName string `form:"originalName" json:"originalName" xml:"originalName"` + Size int64 `form:"size" json:"size" xml:"size"` +} + +// AsMap implements [core.mapExtractor] and returns a value suitable +// to be used in an API rule expression. +func (f *File) AsMap() map[string]any { + return map[string]any{ + "name": f.Name, + "originalName": f.OriginalName, + "size": f.Size, + } +} + +// NewFileFromPath creates a new File instance from the provided local file path. +func NewFileFromPath(path string) (*File, error) { + f := &File{} + + info, err := os.Stat(path) + if err != nil { + return nil, err + } + + f.Reader = &PathReader{Path: path} + f.Size = info.Size() + f.OriginalName = info.Name() + f.Name = normalizeName(f.Reader, f.OriginalName) + + return f, nil +} + +// NewFileFromBytes creates a new File instance from the provided byte slice. +func NewFileFromBytes(b []byte, name string) (*File, error) { + size := len(b) + if size == 0 { + return nil, errors.New("cannot create an empty file") + } + + f := &File{} + + f.Reader = &BytesReader{b} + f.Size = int64(size) + f.OriginalName = name + f.Name = normalizeName(f.Reader, f.OriginalName) + + return f, nil +} + +// NewFileFromMultipart creates a new File from the provided multipart header. +func NewFileFromMultipart(mh *multipart.FileHeader) (*File, error) { + f := &File{} + + f.Reader = &MultipartReader{Header: mh} + f.Size = mh.Size + f.OriginalName = mh.Filename + f.Name = normalizeName(f.Reader, f.OriginalName) + + return f, nil +} + +// NewFileFromURL creates a new File from the provided url by +// downloading the resource and load it as BytesReader. +// +// Example +// +// ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) +// defer cancel() +// +// file, err := filesystem.NewFileFromURL(ctx, "https://example.com/image.png") +func NewFileFromURL(ctx context.Context, url string) (*File, error) { + req, err := http.NewRequestWithContext(ctx, "GET", url, nil) + if err != nil { + return nil, err + } + + res, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + defer res.Body.Close() + + if res.StatusCode < 200 || res.StatusCode > 399 { + return nil, fmt.Errorf("failed to download url %s (%d)", url, res.StatusCode) + } + + var buf bytes.Buffer + + if _, err = io.Copy(&buf, res.Body); err != nil { + return nil, err + } + + return NewFileFromBytes(buf.Bytes(), path.Base(url)) +} + +// ------------------------------------------------------------------- + +var _ FileReader = (*MultipartReader)(nil) + +// MultipartReader defines a FileReader from [multipart.FileHeader]. +type MultipartReader struct { + Header *multipart.FileHeader +} + +// Open implements the [filesystem.FileReader] interface. +func (r *MultipartReader) Open() (io.ReadSeekCloser, error) { + return r.Header.Open() +} + +// ------------------------------------------------------------------- + +var _ FileReader = (*PathReader)(nil) + +// PathReader defines a FileReader from a local file path. +type PathReader struct { + Path string +} + +// Open implements the [filesystem.FileReader] interface. +func (r *PathReader) Open() (io.ReadSeekCloser, error) { + return os.Open(r.Path) +} + +// ------------------------------------------------------------------- + +var _ FileReader = (*BytesReader)(nil) + +// BytesReader defines a FileReader from bytes content. +type BytesReader struct { + Bytes []byte +} + +// Open implements the [filesystem.FileReader] interface. +func (r *BytesReader) Open() (io.ReadSeekCloser, error) { + return &bytesReadSeekCloser{bytes.NewReader(r.Bytes)}, nil +} + +type bytesReadSeekCloser struct { + *bytes.Reader +} + +// Close implements the [io.ReadSeekCloser] interface. +func (r *bytesReadSeekCloser) Close() error { + return nil +} + +// ------------------------------------------------------------------- + +var _ FileReader = (openFuncAsReader)(nil) + +// openFuncAsReader defines a FileReader from a bare Open function. +type openFuncAsReader func() (io.ReadSeekCloser, error) + +// Open implements the [filesystem.FileReader] interface. +func (r openFuncAsReader) Open() (io.ReadSeekCloser, error) { + return r() +} + +// ------------------------------------------------------------------- + +var extInvalidCharsRegex = regexp.MustCompile(`[^\w\.\*\-\+\=\#]+`) + +const randomAlphabet = "abcdefghijklmnopqrstuvwxyz0123456789" + +func normalizeName(fr FileReader, name string) string { + // extension + // --- + originalExt := extractExtension(name) + cleanExt := extInvalidCharsRegex.ReplaceAllString(originalExt, "") + if cleanExt == "" { + // try to detect the extension from the file content + cleanExt, _ = detectExtension(fr) + } + if extLength := len(cleanExt); extLength > 20 { + // keep only the last 20 characters (it is multibyte safe after the regex replace) + cleanExt = "." + cleanExt[extLength-20:] + } + + // name + // --- + cleanName := inflector.Snakecase(strings.TrimSuffix(name, originalExt)) + if length := len(cleanName); length < 3 { + // the name is too short so we concatenate an additional random part + cleanName += security.RandomStringWithAlphabet(10, randomAlphabet) + } else if length > 100 { + // keep only the first 100 characters (it is multibyte safe after Snakecase) + cleanName = cleanName[:100] + } + + return fmt.Sprintf( + "%s_%s%s", + cleanName, + security.RandomStringWithAlphabet(10, randomAlphabet), // ensure that there is always a random part + cleanExt, + ) +} + +// extractExtension extracts the extension (with leading dot) from name. +// +// This differ from filepath.Ext() by supporting double extensions (eg. ".tar.gz"). +// +// Returns an empty string if no match is found. +// +// Example: +// extractExtension("test.txt") // .txt +// extractExtension("test.tar.gz") // .tar.gz +// extractExtension("test.a.tar.gz") // .tar.gz +func extractExtension(name string) string { + primaryDot := strings.LastIndex(name, ".") + + if primaryDot == -1 { + return "" + } + + // look for secondary extension + secondaryDot := strings.LastIndex(name[:primaryDot], ".") + if secondaryDot >= 0 { + return name[secondaryDot:] + } + + return name[primaryDot:] +} + +// detectExtension tries to detect the extension from file mime type. +func detectExtension(fr FileReader) (string, error) { + r, err := fr.Open() + if err != nil { + return "", err + } + defer r.Close() + + mt, err := mimetype.DetectReader(r) + if err != nil { + return "", err + } + + return mt.Extension(), nil +} diff --git a/tools/filesystem/file_test.go b/tools/filesystem/file_test.go new file mode 100644 index 0000000..43ad31c --- /dev/null +++ b/tools/filesystem/file_test.go @@ -0,0 +1,231 @@ +package filesystem_test + +import ( + "context" + "fmt" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "regexp" + "strconv" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tests" + "github.com/pocketbase/pocketbase/tools/filesystem" +) + +func TestFileAsMap(t *testing.T) { + file, err := filesystem.NewFileFromBytes([]byte("test"), "test123.txt") + if err != nil { + t.Fatal(err) + } + + result := file.AsMap() + + if len(result) != 3 { + t.Fatalf("Expected map with %d keys, got\n%v", 3, result) + } + + if result["size"] != int64(4) { + t.Fatalf("Expected size %d, got %#v", 4, result["size"]) + } + + if str, ok := result["name"].(string); !ok || !strings.HasPrefix(str, "test123") { + t.Fatalf("Expected name to have prefix %q, got %#v", "test123", result["name"]) + } + + if result["originalName"] != "test123.txt" { + t.Fatalf("Expected originalName %q, got %#v", "test123.txt", result["originalName"]) + } +} + +func TestNewFileFromPath(t *testing.T) { + testDir := createTestDir(t) + defer os.RemoveAll(testDir) + + // missing file + _, err := filesystem.NewFileFromPath("missing") + if err == nil { + t.Fatal("Expected error, got nil") + } + + // existing file + originalName := "image_! noext" + normalizedNamePattern := regexp.QuoteMeta("image_noext_") + `\w{10}` + regexp.QuoteMeta(".png") + f, err := filesystem.NewFileFromPath(filepath.Join(testDir, originalName)) + if err != nil { + t.Fatalf("Expected nil error, got %v", err) + } + if f.OriginalName != originalName { + t.Fatalf("Expected OriginalName %q, got %q", originalName, f.OriginalName) + } + if match, err := regexp.Match(normalizedNamePattern, []byte(f.Name)); !match { + t.Fatalf("Expected Name to match %v, got %q (%v)", normalizedNamePattern, f.Name, err) + } + if f.Size != 73 { + t.Fatalf("Expected Size %v, got %v", 73, f.Size) + } + if _, ok := f.Reader.(*filesystem.PathReader); !ok { + t.Fatalf("Expected Reader to be PathReader, got %v", f.Reader) + } +} + +func TestNewFileFromBytes(t *testing.T) { + // nil bytes + if _, err := filesystem.NewFileFromBytes(nil, "photo.jpg"); err == nil { + t.Fatal("Expected error, got nil") + } + + // zero bytes + if _, err := filesystem.NewFileFromBytes([]byte{}, "photo.jpg"); err == nil { + t.Fatal("Expected error, got nil") + } + + originalName := "image_! noext" + normalizedNamePattern := regexp.QuoteMeta("image_noext_") + `\w{10}` + regexp.QuoteMeta(".txt") + f, err := filesystem.NewFileFromBytes([]byte("text\n"), originalName) + if err != nil { + t.Fatal(err) + } + if f.Size != 5 { + t.Fatalf("Expected Size %v, got %v", 5, f.Size) + } + if f.OriginalName != originalName { + t.Fatalf("Expected OriginalName %q, got %q", originalName, f.OriginalName) + } + if match, err := regexp.Match(normalizedNamePattern, []byte(f.Name)); !match { + t.Fatalf("Expected Name to match %v, got %q (%v)", normalizedNamePattern, f.Name, err) + } +} + +func TestNewFileFromMultipart(t *testing.T) { + formData, mp, err := tests.MockMultipartData(nil, "test") + if err != nil { + t.Fatal(err) + } + + req := httptest.NewRequest("", "/", formData) + req.Header.Set("Content-Type", mp.FormDataContentType()) + req.ParseMultipartForm(32 << 20) + + _, mh, err := req.FormFile("test") + if err != nil { + t.Fatal(err) + } + + f, err := filesystem.NewFileFromMultipart(mh) + if err != nil { + t.Fatal(err) + } + + originalNamePattern := regexp.QuoteMeta("tmpfile-") + `\w+` + regexp.QuoteMeta(".txt") + if match, err := regexp.Match(originalNamePattern, []byte(f.OriginalName)); !match { + t.Fatalf("Expected OriginalName to match %v, got %q (%v)", originalNamePattern, f.OriginalName, err) + } + + normalizedNamePattern := regexp.QuoteMeta("tmpfile_") + `\w+\_\w{10}` + regexp.QuoteMeta(".txt") + if match, err := regexp.Match(normalizedNamePattern, []byte(f.Name)); !match { + t.Fatalf("Expected Name to match %v, got %q (%v)", normalizedNamePattern, f.Name, err) + } + + if f.Size != 4 { + t.Fatalf("Expected Size %v, got %v", 4, f.Size) + } + + if _, ok := f.Reader.(*filesystem.MultipartReader); !ok { + t.Fatalf("Expected Reader to be MultipartReader, got %v", f.Reader) + } +} + +func TestNewFileFromURLTimeout(t *testing.T) { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == "/error" { + w.WriteHeader(http.StatusInternalServerError) + } + + fmt.Fprintf(w, "test") + })) + defer srv.Close() + + // cancelled context + { + ctx, cancel := context.WithCancel(context.Background()) + cancel() + f, err := filesystem.NewFileFromURL(ctx, srv.URL+"/cancel") + if err == nil { + t.Fatal("[ctx_cancel] Expected error, got nil") + } + if f != nil { + t.Fatalf("[ctx_cancel] Expected file to be nil, got %v", f) + } + } + + // error response + { + f, err := filesystem.NewFileFromURL(context.Background(), srv.URL+"/error") + if err == nil { + t.Fatal("[error_status] Expected error, got nil") + } + if f != nil { + t.Fatalf("[error_status] Expected file to be nil, got %v", f) + } + } + + // valid response + { + originalName := "image_! noext" + normalizedNamePattern := regexp.QuoteMeta("image_noext_") + `\w{10}` + regexp.QuoteMeta(".txt") + + f, err := filesystem.NewFileFromURL(context.Background(), srv.URL+"/"+originalName) + if err != nil { + t.Fatalf("[valid] Unexpected error %v", err) + } + if f == nil { + t.Fatal("[valid] Expected non-nil file") + } + + // check the created file fields + if f.OriginalName != originalName { + t.Fatalf("Expected OriginalName %q, got %q", originalName, f.OriginalName) + } + if match, err := regexp.Match(normalizedNamePattern, []byte(f.Name)); !match { + t.Fatalf("Expected Name to match %v, got %q (%v)", normalizedNamePattern, f.Name, err) + } + if f.Size != 4 { + t.Fatalf("Expected Size %v, got %v", 4, f.Size) + } + if _, ok := f.Reader.(*filesystem.BytesReader); !ok { + t.Fatalf("Expected Reader to be BytesReader, got %v", f.Reader) + } + } +} + +func TestFileNameNormalizations(t *testing.T) { + scenarios := []struct { + name string + pattern string + }{ + {"", `^\w{10}_\w{10}\.txt$`}, + {".png", `^\w{10}_\w{10}\.png$`}, + {".tar.gz", `^\w{10}_\w{10}\.tar\.gz$`}, + {"a.tar.gz", `^a\w{10}_\w{10}\.tar\.gz$`}, + {"a.b.c.d.tar.gz", `^a_b_c_d_\w{10}\.tar\.gz$`}, + {"abcd", `^abcd_\w{10}\.txt$`}, + {"a b! c d . 456", `^a_b_c_d_\w{10}\.456$`}, // normalize spaces + {strings.Repeat("a", 101) + "." + strings.Repeat("b", 21), `^a{100}_\w{10}\.b{20}$`}, // name and extension length trim + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i)+"_"+s.name, func(t *testing.T) { + f, err := filesystem.NewFileFromBytes([]byte("abc"), s.name) + if err != nil { + t.Fatal(err) + } + if match, err := regexp.Match(s.pattern, []byte(f.Name)); !match { + t.Fatalf("Expected Name to match %v, got %q (%v)", s.pattern, f.Name, err) + } + }) + } +} diff --git a/tools/filesystem/filesystem.go b/tools/filesystem/filesystem.go new file mode 100644 index 0000000..d1aac2e --- /dev/null +++ b/tools/filesystem/filesystem.go @@ -0,0 +1,564 @@ +package filesystem + +import ( + "context" + "errors" + "image" + "io" + "mime/multipart" + "net/http" + "os" + "path" + "path/filepath" + "regexp" + "sort" + "strconv" + "strings" + + "github.com/disintegration/imaging" + "github.com/fatih/color" + "github.com/gabriel-vasile/mimetype" + "github.com/pocketbase/pocketbase/tools/filesystem/blob" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/fileblob" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/list" + + // explicit webp decoder because disintegration/imaging does not support webp + _ "golang.org/x/image/webp" +) + +// note: the same as blob.ErrNotFound for backward compatibility with earlier versions +var ErrNotFound = blob.ErrNotFound + +const metadataOriginalName = "original-filename" + +type System struct { + ctx context.Context + bucket *blob.Bucket +} + +// NewS3 initializes an S3 filesystem instance. +// +// NB! Make sure to call `Close()` after you are done working with it. +func NewS3( + bucketName string, + region string, + endpoint string, + accessKey string, + secretKey string, + s3ForcePathStyle bool, +) (*System, error) { + ctx := context.Background() // default context + + client := &s3.S3{ + Bucket: bucketName, + Region: region, + Endpoint: endpoint, + AccessKey: accessKey, + SecretKey: secretKey, + UsePathStyle: s3ForcePathStyle, + } + + drv, err := s3blob.New(client) + if err != nil { + return nil, err + } + + return &System{ctx: ctx, bucket: blob.NewBucket(drv)}, nil +} + +// NewLocal initializes a new local filesystem instance. +// +// NB! Make sure to call `Close()` after you are done working with it. +func NewLocal(dirPath string) (*System, error) { + ctx := context.Background() // default context + + // makes sure that the directory exist + if err := os.MkdirAll(dirPath, os.ModePerm); err != nil { + return nil, err + } + + drv, err := fileblob.New(dirPath, &fileblob.Options{ + NoTempDir: true, + }) + if err != nil { + return nil, err + } + + return &System{ctx: ctx, bucket: blob.NewBucket(drv)}, nil +} + +// SetContext assigns the specified context to the current filesystem. +func (s *System) SetContext(ctx context.Context) { + s.ctx = ctx +} + +// Close releases any resources used for the related filesystem. +func (s *System) Close() error { + return s.bucket.Close() +} + +// Exists checks if file with fileKey path exists or not. +func (s *System) Exists(fileKey string) (bool, error) { + return s.bucket.Exists(s.ctx, fileKey) +} + +// Attributes returns the attributes for the file with fileKey path. +// +// If the file doesn't exist it returns ErrNotFound. +func (s *System) Attributes(fileKey string) (*blob.Attributes, error) { + return s.bucket.Attributes(s.ctx, fileKey) +} + +// GetReader returns a file content reader for the given fileKey. +// +// NB! Make sure to call Close() on the file after you are done working with it. +// +// If the file doesn't exist returns ErrNotFound. +func (s *System) GetReader(fileKey string) (*blob.Reader, error) { + return s.bucket.NewReader(s.ctx, fileKey) +} + +// Deprecated: Please use GetReader(fileKey) instead. +func (s *System) GetFile(fileKey string) (*blob.Reader, error) { + color.Yellow("Deprecated: Please replace GetFile with GetReader.") + return s.GetReader(fileKey) +} + +// GetReuploadableFile constructs a new reuploadable File value +// from the associated fileKey blob.Reader. +// +// If preserveName is false then the returned File.Name will have +// a new randomly generated suffix, otherwise it will reuse the original one. +// +// This method could be useful in case you want to clone an existing +// Record file and assign it to a new Record (e.g. in a Record duplicate action). +// +// If you simply want to copy an existing file to a new location you +// could check the Copy(srcKey, dstKey) method. +func (s *System) GetReuploadableFile(fileKey string, preserveName bool) (*File, error) { + attrs, err := s.Attributes(fileKey) + if err != nil { + return nil, err + } + + name := path.Base(fileKey) + originalName := attrs.Metadata[metadataOriginalName] + if originalName == "" { + originalName = name + } + + file := &File{} + file.Size = attrs.Size + file.OriginalName = originalName + file.Reader = openFuncAsReader(func() (io.ReadSeekCloser, error) { + return s.GetReader(fileKey) + }) + + if preserveName { + file.Name = name + } else { + file.Name = normalizeName(file.Reader, originalName) + } + + return file, nil +} + +// Copy copies the file stored at srcKey to dstKey. +// +// If srcKey file doesn't exist, it returns ErrNotFound. +// +// If dstKey file already exists, it is overwritten. +func (s *System) Copy(srcKey, dstKey string) error { + return s.bucket.Copy(s.ctx, dstKey, srcKey) +} + +// List returns a flat list with info for all files under the specified prefix. +func (s *System) List(prefix string) ([]*blob.ListObject, error) { + files := []*blob.ListObject{} + + iter := s.bucket.List(&blob.ListOptions{ + Prefix: prefix, + }) + + for { + obj, err := iter.Next(s.ctx) + if err != nil { + if !errors.Is(err, io.EOF) { + return nil, err + } + break + } + files = append(files, obj) + } + + return files, nil +} + +// Upload writes content into the fileKey location. +func (s *System) Upload(content []byte, fileKey string) error { + opts := &blob.WriterOptions{ + ContentType: mimetype.Detect(content).String(), + } + + w, writerErr := s.bucket.NewWriter(s.ctx, fileKey, opts) + if writerErr != nil { + return writerErr + } + + if _, err := w.Write(content); err != nil { + return errors.Join(err, w.Close()) + } + + return w.Close() +} + +// UploadFile uploads the provided File to the fileKey location. +func (s *System) UploadFile(file *File, fileKey string) error { + f, err := file.Reader.Open() + if err != nil { + return err + } + defer f.Close() + + mt, err := mimetype.DetectReader(f) + if err != nil { + return err + } + + // rewind + f.Seek(0, io.SeekStart) + + originalName := file.OriginalName + if len(originalName) > 255 { + // keep only the first 255 chars as a very rudimentary measure + // to prevent the metadata to grow too big in size + originalName = originalName[:255] + } + opts := &blob.WriterOptions{ + ContentType: mt.String(), + Metadata: map[string]string{ + metadataOriginalName: originalName, + }, + } + + w, err := s.bucket.NewWriter(s.ctx, fileKey, opts) + if err != nil { + return err + } + + if _, err := w.ReadFrom(f); err != nil { + w.Close() + return err + } + + return w.Close() +} + +// UploadMultipart uploads the provided multipart file to the fileKey location. +func (s *System) UploadMultipart(fh *multipart.FileHeader, fileKey string) error { + f, err := fh.Open() + if err != nil { + return err + } + defer f.Close() + + mt, err := mimetype.DetectReader(f) + if err != nil { + return err + } + + // rewind + f.Seek(0, io.SeekStart) + + originalName := fh.Filename + if len(originalName) > 255 { + // keep only the first 255 chars as a very rudimentary measure + // to prevent the metadata to grow too big in size + originalName = originalName[:255] + } + opts := &blob.WriterOptions{ + ContentType: mt.String(), + Metadata: map[string]string{ + metadataOriginalName: originalName, + }, + } + + w, err := s.bucket.NewWriter(s.ctx, fileKey, opts) + if err != nil { + return err + } + + _, err = w.ReadFrom(f) + if err != nil { + w.Close() + return err + } + + return w.Close() +} + +// Delete deletes stored file at fileKey location. +// +// If the file doesn't exist returns ErrNotFound. +func (s *System) Delete(fileKey string) error { + return s.bucket.Delete(s.ctx, fileKey) +} + +// DeletePrefix deletes everything starting with the specified prefix. +// +// The prefix could be subpath (ex. "/a/b/") or filename prefix (ex. "/a/b/file_"). +func (s *System) DeletePrefix(prefix string) []error { + failed := []error{} + + if prefix == "" { + failed = append(failed, errors.New("prefix mustn't be empty")) + return failed + } + + dirsMap := map[string]struct{}{} + + var isPrefixDir bool + + // treat the prefix as directory only if it ends with trailing slash + if strings.HasSuffix(prefix, "/") { + isPrefixDir = true + dirsMap[strings.TrimRight(prefix, "/")] = struct{}{} + } + + // delete all files with the prefix + // --- + iter := s.bucket.List(&blob.ListOptions{ + Prefix: prefix, + }) + for { + obj, err := iter.Next(s.ctx) + if err != nil { + if !errors.Is(err, io.EOF) { + failed = append(failed, err) + } + break + } + + if err := s.Delete(obj.Key); err != nil { + failed = append(failed, err) + } else if isPrefixDir { + slashIdx := strings.LastIndex(obj.Key, "/") + if slashIdx > -1 { + dirsMap[obj.Key[:slashIdx]] = struct{}{} + } + } + } + // --- + + // try to delete the empty remaining dir objects + // (this operation usually is optional and there is no need to strictly check the result) + // --- + // fill dirs slice + dirs := make([]string, 0, len(dirsMap)) + for d := range dirsMap { + dirs = append(dirs, d) + } + + // sort the child dirs first, aka. ["a/b/c", "a/b", "a"] + sort.SliceStable(dirs, func(i, j int) bool { + return len(strings.Split(dirs[i], "/")) > len(strings.Split(dirs[j], "/")) + }) + + // delete dirs + for _, d := range dirs { + if d != "" { + s.Delete(d) + } + } + // --- + + return failed +} + +// Checks if the provided dir prefix doesn't have any files. +// +// A trailing slash will be appended to a non-empty dir string argument +// to ensure that the checked prefix is a "directory". +// +// Returns "false" in case the has at least one file, otherwise - "true". +func (s *System) IsEmptyDir(dir string) bool { + if dir != "" && !strings.HasSuffix(dir, "/") { + dir += "/" + } + + iter := s.bucket.List(&blob.ListOptions{ + Prefix: dir, + }) + + _, err := iter.Next(s.ctx) + + return err != nil && errors.Is(err, io.EOF) +} + +var inlineServeContentTypes = []string{ + // image + "image/png", "image/jpg", "image/jpeg", "image/gif", "image/webp", "image/x-icon", "image/bmp", + // video + "video/webm", "video/mp4", "video/3gpp", "video/quicktime", "video/x-ms-wmv", + // audio + "audio/basic", "audio/aiff", "audio/mpeg", "audio/midi", "audio/mp3", "audio/wave", + "audio/wav", "audio/x-wav", "audio/x-mpeg", "audio/x-m4a", "audio/aac", + // document + "application/pdf", "application/x-pdf", +} + +// manualExtensionContentTypes is a map of file extensions to content types. +var manualExtensionContentTypes = map[string]string{ + ".svg": "image/svg+xml", // (see https://github.com/whatwg/mimesniff/issues/7) + ".css": "text/css", // (see https://github.com/gabriel-vasile/mimetype/pull/113) + ".js": "text/javascript", // (see https://github.com/pocketbase/pocketbase/issues/6597) + ".mjs": "text/javascript", +} + +// forceAttachmentParam is the name of the request query parameter to +// force "Content-Disposition: attachment" header. +const forceAttachmentParam = "download" + +// Serve serves the file at fileKey location to an HTTP response. +// +// If the `download` query parameter is used the file will be always served for +// download no matter of its type (aka. with "Content-Disposition: attachment"). +// +// Internally this method uses [http.ServeContent] so Range requests, +// If-Match, If-Unmodified-Since, etc. headers are handled transparently. +func (s *System) Serve(res http.ResponseWriter, req *http.Request, fileKey string, name string) error { + br, readErr := s.GetReader(fileKey) + if readErr != nil { + return readErr + } + defer br.Close() + + var forceAttachment bool + if raw := req.URL.Query().Get(forceAttachmentParam); raw != "" { + forceAttachment, _ = strconv.ParseBool(raw) + } + + disposition := "attachment" + realContentType := br.ContentType() + if !forceAttachment && list.ExistInSlice(realContentType, inlineServeContentTypes) { + disposition = "inline" + } + + // make an exception for specific content types and force a custom + // content type to send in the response so that it can be loaded properly + extContentType := realContentType + if ct, found := manualExtensionContentTypes[filepath.Ext(name)]; found { + extContentType = ct + } + + setHeaderIfMissing(res, "Content-Disposition", disposition+"; filename="+name) + setHeaderIfMissing(res, "Content-Type", extContentType) + setHeaderIfMissing(res, "Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline'; sandbox") + + // set a default cache-control header + // (valid for 30 days but the cache is allowed to reuse the file for any requests + // that are made in the last day while revalidating the res in the background) + setHeaderIfMissing(res, "Cache-Control", "max-age=2592000, stale-while-revalidate=86400") + + http.ServeContent(res, req, name, br.ModTime(), br) + + return nil +} + +// note: expects key to be in a canonical form (eg. "accept-encoding" should be "Accept-Encoding"). +func setHeaderIfMissing(res http.ResponseWriter, key string, value string) { + if _, ok := res.Header()[key]; !ok { + res.Header().Set(key, value) + } +} + +var ThumbSizeRegex = regexp.MustCompile(`^(\d+)x(\d+)(t|b|f)?$`) + +// CreateThumb creates a new thumb image for the file at originalKey location. +// The new thumb file is stored at thumbKey location. +// +// thumbSize is in the format: +// - 0xH (eg. 0x100) - resize to H height preserving the aspect ratio +// - Wx0 (eg. 300x0) - resize to W width preserving the aspect ratio +// - WxH (eg. 300x100) - resize and crop to WxH viewbox (from center) +// - WxHt (eg. 300x100t) - resize and crop to WxH viewbox (from top) +// - WxHb (eg. 300x100b) - resize and crop to WxH viewbox (from bottom) +// - WxHf (eg. 300x100f) - fit inside a WxH viewbox (without cropping) +func (s *System) CreateThumb(originalKey string, thumbKey, thumbSize string) error { + sizeParts := ThumbSizeRegex.FindStringSubmatch(thumbSize) + if len(sizeParts) != 4 { + return errors.New("thumb size must be in WxH, WxHt, WxHb or WxHf format") + } + + width, _ := strconv.Atoi(sizeParts[1]) + height, _ := strconv.Atoi(sizeParts[2]) + resizeType := sizeParts[3] + + if width == 0 && height == 0 { + return errors.New("thumb width and height cannot be zero at the same time") + } + + // fetch the original + r, readErr := s.GetReader(originalKey) + if readErr != nil { + return readErr + } + defer r.Close() + + // create imaging object from the original reader + // (note: only the first frame for animated image formats) + img, decodeErr := imaging.Decode(r, imaging.AutoOrientation(true)) + if decodeErr != nil { + return decodeErr + } + + var thumbImg *image.NRGBA + + if width == 0 || height == 0 { + // force resize preserving aspect ratio + thumbImg = imaging.Resize(img, width, height, imaging.Linear) + } else { + switch resizeType { + case "f": + // fit + thumbImg = imaging.Fit(img, width, height, imaging.Linear) + case "t": + // fill and crop from top + thumbImg = imaging.Fill(img, width, height, imaging.Top, imaging.Linear) + case "b": + // fill and crop from bottom + thumbImg = imaging.Fill(img, width, height, imaging.Bottom, imaging.Linear) + default: + // fill and crop from center + thumbImg = imaging.Fill(img, width, height, imaging.Center, imaging.Linear) + } + } + + opts := &blob.WriterOptions{ + ContentType: r.ContentType(), + } + + // open a thumb storage writer (aka. prepare for upload) + w, writerErr := s.bucket.NewWriter(s.ctx, thumbKey, opts) + if writerErr != nil { + return writerErr + } + + // try to detect the thumb format based on the original file name + // (fallbacks to png on error) + format, err := imaging.FormatFromFilename(thumbKey) + if err != nil { + format = imaging.PNG + } + + // thumb encode (aka. upload) + if err := imaging.Encode(w, thumbImg, format); err != nil { + w.Close() + return err + } + + // check for close errors to ensure that the thumb was really saved + return w.Close() +} diff --git a/tools/filesystem/filesystem_test.go b/tools/filesystem/filesystem_test.go new file mode 100644 index 0000000..257f101 --- /dev/null +++ b/tools/filesystem/filesystem_test.go @@ -0,0 +1,1016 @@ +package filesystem_test + +import ( + "bytes" + "errors" + "image" + "image/jpeg" + "image/png" + "io" + "mime/multipart" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/gabriel-vasile/mimetype" + "github.com/pocketbase/pocketbase/tools/filesystem" +) + +func TestFileSystemExists(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + scenarios := []struct { + file string + exists bool + }{ + {"sub1.txt", false}, + {"test/sub1.txt", true}, + {"test/sub2.txt", true}, + {"image.png", true}, + } + + for _, s := range scenarios { + t.Run(s.file, func(t *testing.T) { + exists, err := fsys.Exists(s.file) + + if err != nil { + t.Fatal(err) + } + + if exists != s.exists { + t.Fatalf("Expected exists %v, got %v", s.exists, exists) + } + }) + } +} + +func TestFileSystemAttributes(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + scenarios := []struct { + file string + expectError bool + expectContentType string + }{ + {"sub1.txt", true, ""}, + {"test/sub1.txt", false, "application/octet-stream"}, + {"test/sub2.txt", false, "application/octet-stream"}, + {"image.png", false, "image/png"}, + } + + for _, s := range scenarios { + t.Run(s.file, func(t *testing.T) { + attr, err := fsys.Attributes(s.file) + + hasErr := err != nil + + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + + if hasErr && !errors.Is(err, filesystem.ErrNotFound) { + t.Fatalf("Expected ErrNotFound err, got %q", err) + } + + if !hasErr && attr.ContentType != s.expectContentType { + t.Fatalf("Expected attr.ContentType to be %q, got %q", s.expectContentType, attr.ContentType) + } + }) + } +} + +func TestFileSystemDelete(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + if err := fsys.Delete("missing.txt"); err == nil || !errors.Is(err, filesystem.ErrNotFound) { + t.Fatalf("Expected ErrNotFound error, got %v", err) + } + + if err := fsys.Delete("image.png"); err != nil { + t.Fatalf("Expected nil, got error %v", err) + } +} + +func TestFileSystemDeletePrefixWithoutTrailingSlash(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + if errs := fsys.DeletePrefix(""); len(errs) == 0 { + t.Fatal("Expected error, got nil", errs) + } + + if errs := fsys.DeletePrefix("missing"); len(errs) != 0 { + t.Fatalf("Not existing prefix shouldn't error, got %v", errs) + } + + if errs := fsys.DeletePrefix("test"); len(errs) != 0 { + t.Fatalf("Expected nil, got errors %v", errs) + } + + // ensure that the test/* files are deleted + if exists, _ := fsys.Exists("test/sub1.txt"); exists { + t.Fatalf("Expected test/sub1.txt to be deleted") + } + if exists, _ := fsys.Exists("test/sub2.txt"); exists { + t.Fatalf("Expected test/sub2.txt to be deleted") + } + + // the test directory should remain since the prefix didn't have trailing slash + if _, err := os.Stat(filepath.Join(dir, "test")); os.IsNotExist(err) { + t.Fatal("Expected the prefix dir to remain") + } +} + +func TestFileSystemDeletePrefixWithTrailingSlash(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + if errs := fsys.DeletePrefix("missing/"); len(errs) != 0 { + t.Fatalf("Not existing prefix shouldn't error, got %v", errs) + } + + if errs := fsys.DeletePrefix("test/"); len(errs) != 0 { + t.Fatalf("Expected nil, got errors %v", errs) + } + + // ensure that the test/* files are deleted + if exists, _ := fsys.Exists("test/sub1.txt"); exists { + t.Fatalf("Expected test/sub1.txt to be deleted") + } + if exists, _ := fsys.Exists("test/sub2.txt"); exists { + t.Fatalf("Expected test/sub2.txt to be deleted") + } + + // the test directory should be also deleted since the prefix has trailing slash + if _, err := os.Stat(filepath.Join(dir, "test")); !os.IsNotExist(err) { + t.Fatal("Expected the prefix dir to be deleted") + } +} + +func TestFileSystemIsEmptyDir(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + scenarios := []struct { + dir string + expected bool + }{ + {"", false}, // special case that shouldn't be suffixed with delimiter to search for any files within the bucket + {"/", true}, + {"missing", true}, + {"missing/", true}, + {"test", false}, + {"test/", false}, + {"empty", true}, + {"empty/", true}, + } + + for _, s := range scenarios { + t.Run(s.dir, func(t *testing.T) { + result := fsys.IsEmptyDir(s.dir) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestFileSystemUploadMultipart(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + // create multipart form file + body := new(bytes.Buffer) + mp := multipart.NewWriter(body) + w, err := mp.CreateFormFile("test", "test") + if err != nil { + t.Fatalf("Failed creating form file: %v", err) + } + w.Write([]byte("demo")) + mp.Close() + + req := httptest.NewRequest(http.MethodPost, "/", body) + req.Header.Add("Content-Type", mp.FormDataContentType()) + + file, fh, err := req.FormFile("test") + if err != nil { + t.Fatalf("Failed to fetch form file: %v", err) + } + defer file.Close() + // --- + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + fileKey := "newdir/newkey.txt" + + uploadErr := fsys.UploadMultipart(fh, fileKey) + if uploadErr != nil { + t.Fatal(uploadErr) + } + + if exists, _ := fsys.Exists(fileKey); !exists { + t.Fatalf("Expected %q to exist", fileKey) + } + + attrs, err := fsys.Attributes(fileKey) + if err != nil { + t.Fatalf("Failed to fetch file attributes: %v", err) + } + if name, ok := attrs.Metadata["original-filename"]; !ok || name != "test" { + t.Fatalf("Expected original-filename to be %q, got %q", "test", name) + } +} + +func TestFileSystemUploadFile(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + fileKey := "newdir/newkey.txt" + + file, err := filesystem.NewFileFromPath(filepath.Join(dir, "image.svg")) + if err != nil { + t.Fatalf("Failed to load test file: %v", err) + } + + file.OriginalName = "test.txt" + + uploadErr := fsys.UploadFile(file, fileKey) + if uploadErr != nil { + t.Fatal(uploadErr) + } + + if exists, _ := fsys.Exists(fileKey); !exists { + t.Fatalf("Expected %q to exist", fileKey) + } + + attrs, err := fsys.Attributes(fileKey) + if err != nil { + t.Fatalf("Failed to fetch file attributes: %v", err) + } + if name, ok := attrs.Metadata["original-filename"]; !ok || name != file.OriginalName { + t.Fatalf("Expected original-filename to be %q, got %q", file.OriginalName, name) + } +} + +func TestFileSystemUpload(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + fileKey := "newdir/newkey.txt" + + uploadErr := fsys.Upload([]byte("demo"), fileKey) + if uploadErr != nil { + t.Fatal(uploadErr) + } + + if exists, _ := fsys.Exists(fileKey); !exists { + t.Fatalf("Expected %s to exist", fileKey) + } +} + +func TestFileSystemServe(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + csp := "default-src 'none'; media-src 'self'; style-src 'unsafe-inline'; sandbox" + cacheControl := "max-age=2592000, stale-while-revalidate=86400" + + scenarios := []struct { + path string + name string + query map[string]string + headers map[string]string + expectError bool + expectHeaders map[string]string + }{ + { + // missing + "missing.txt", + "test_name.txt", + nil, + nil, + true, + nil, + }, + { + // existing regular file + "test/sub1.txt", + "test_name.txt", + nil, + nil, + false, + map[string]string{ + "Content-Disposition": "attachment; filename=test_name.txt", + "Content-Type": "application/octet-stream", + "Content-Length": "4", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // png inline + "image.png", + "test_name.png", + nil, + nil, + false, + map[string]string{ + "Content-Disposition": "inline; filename=test_name.png", + "Content-Type": "image/png", + "Content-Length": "73", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // png with forced attachment + "image.png", + "test_name_download.png", + map[string]string{"download": "1"}, + nil, + false, + map[string]string{ + "Content-Disposition": "attachment; filename=test_name_download.png", + "Content-Type": "image/png", + "Content-Length": "73", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // svg exception + "image.svg", + "test_name.svg", + nil, + nil, + false, + map[string]string{ + "Content-Disposition": "attachment; filename=test_name.svg", + "Content-Type": "image/svg+xml", + "Content-Length": "0", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // css exception + "style.css", + "test_name.css", + nil, + nil, + false, + map[string]string{ + "Content-Disposition": "attachment; filename=test_name.css", + "Content-Type": "text/css", + "Content-Length": "0", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // js exception + "main.js", + "test_name.js", + nil, + nil, + false, + map[string]string{ + "Content-Disposition": "attachment; filename=test_name.js", + "Content-Type": "text/javascript", + "Content-Length": "0", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // mjs exception + "main.mjs", + "test_name.mjs", + nil, + nil, + false, + map[string]string{ + "Content-Disposition": "attachment; filename=test_name.mjs", + "Content-Type": "text/javascript", + "Content-Length": "0", + "Content-Security-Policy": csp, + "Cache-Control": cacheControl, + }, + }, + { + // custom header + "test/sub2.txt", + "test_name.txt", + nil, + map[string]string{ + "Content-Disposition": "1", + "Content-Type": "2", + "Content-Length": "1", + "Content-Security-Policy": "4", + "Cache-Control": "5", + "X-Custom": "6", + }, + false, + map[string]string{ + "Content-Disposition": "1", + "Content-Type": "2", + "Content-Length": "4", // overwriten by http.ServeContent + "Content-Security-Policy": "4", + "Cache-Control": "5", + "X-Custom": "6", + }, + }, + } + + for _, s := range scenarios { + t.Run(s.path, func(t *testing.T) { + res := httptest.NewRecorder() + req := httptest.NewRequest("GET", "/", nil) + + query := req.URL.Query() + for k, v := range s.query { + query.Set(k, v) + } + req.URL.RawQuery = query.Encode() + + for k, v := range s.headers { + res.Header().Set(k, v) + } + + err := fsys.Serve(res, req, s.path, s.name) + hasErr := err != nil + + if hasErr != s.expectError { + t.Fatalf("Expected hasError %v, got %v (%v)", s.expectError, hasErr, err) + } + + if s.expectError { + return + } + + result := res.Result() + defer result.Body.Close() + + for hName, hValue := range s.expectHeaders { + v := result.Header.Get(hName) + if v != hValue { + t.Errorf("Expected value %q for header %q, got %q", hValue, hName, v) + } + } + }) + } +} + +func TestFileSystemGetReader(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + scenarios := []struct { + file string + expectError bool + expectedContent string + }{ + {"test/missing.txt", true, ""}, + {"test/sub1.txt", false, "sub1"}, + } + + for _, s := range scenarios { + t.Run(s.file, func(t *testing.T) { + f, err := fsys.GetReader(s.file) + defer func() { + if f != nil { + f.Close() + } + }() + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + + if hasErr { + if !errors.Is(err, filesystem.ErrNotFound) { + t.Fatalf("Expected ErrNotFound error, got %v", err) + } + return + } + + raw, err := io.ReadAll(f) + if err != nil { + t.Fatal(err) + } + + if str := string(raw); str != s.expectedContent { + t.Fatalf("Expected content\n%s\ngot\n%s", s.expectedContent, str) + } + }) + } +} + +func TestFileSystemGetReuploadableFile(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + t.Run("missing.txt", func(t *testing.T) { + _, err := fsys.GetReuploadableFile("missing.txt", false) + if err == nil { + t.Fatal("Expected error, got nil") + } + }) + + testReader := func(t *testing.T, f *filesystem.File, expectedContent string) { + r, err := f.Reader.Open() + if err != nil { + t.Fatal(err) + } + + raw, err := io.ReadAll(r) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != expectedContent { + t.Fatalf("Expected content %q, got %q", expectedContent, rawStr) + } + } + + t.Run("existing (preserve name)", func(t *testing.T) { + file, err := fsys.GetReuploadableFile("test/sub1.txt", true) + if err != nil { + t.Fatal(err) + } + + if v := file.OriginalName; v != "sub1.txt" { + t.Fatalf("Expected originalName %q, got %q", "sub1.txt", v) + } + + if v := file.Size; v != 4 { + t.Fatalf("Expected size %d, got %d", 4, v) + } + + if v := file.Name; v != "sub1.txt" { + t.Fatalf("Expected name to be preserved, got %q", v) + } + + testReader(t, file, "sub1") + }) + + t.Run("existing (new random suffix name)", func(t *testing.T) { + file, err := fsys.GetReuploadableFile("test/sub1.txt", false) + if err != nil { + t.Fatal(err) + } + + if v := file.OriginalName; v != "sub1.txt" { + t.Fatalf("Expected originalName %q, got %q", "sub1.txt", v) + } + + if v := file.Size; v != 4 { + t.Fatalf("Expected size %d, got %d", 4, v) + } + + if v := file.Name; v == "sub1.txt" || len(v) <= len("sub1.txt.png") { + t.Fatalf("Expected name to have new random suffix, got %q", v) + } + + testReader(t, file, "sub1") + }) +} + +func TestFileSystemCopy(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + src := "image.png" + dst := "image.png_copy" + + // copy missing file + if err := fsys.Copy(dst, src); err == nil { + t.Fatalf("Expected to fail copying %q to %q, got nil", dst, src) + } + + // copy existing file + if err := fsys.Copy(src, dst); err != nil { + t.Fatalf("Failed to copy %q to %q: %v", src, dst, err) + } + f, err := fsys.GetReader(dst) + //nolint + defer f.Close() + if err != nil { + t.Fatalf("Missing copied file %q: %v", dst, err) + } + if f.Size() != 73 { + t.Fatalf("Expected file size %d, got %d", 73, f.Size()) + } +} + +func TestFileSystemList(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + scenarios := []struct { + prefix string + expected []string + }{ + { + "", + []string{ + "image.png", + "image.jpg", + "image.svg", + "image.webp", + "image_! noext", + "style.css", + "main.js", + "main.mjs", + "test/sub1.txt", + "test/sub2.txt", + }, + }, + { + "test", + []string{ + "test/sub1.txt", + "test/sub2.txt", + }, + }, + { + "missing", + []string{}, + }, + } + + for _, s := range scenarios { + t.Run("prefix_"+s.prefix, func(t *testing.T) { + objs, err := fsys.List(s.prefix) + if err != nil { + t.Fatal(err) + } + + if len(s.expected) != len(objs) { + t.Fatalf("Expected %d files, got \n%v", len(s.expected), objs) + } + + for _, obj := range objs { + var exists bool + for _, name := range s.expected { + if name == obj.Key { + exists = true + break + } + } + + if !exists { + t.Fatalf("Unexpected file %q", obj.Key) + } + } + }) + } +} + +func TestFileSystemServeSingleRange(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + res := httptest.NewRecorder() + req := httptest.NewRequest("GET", "/", nil) + req.Header.Add("Range", "bytes=0-20") + + if err := fsys.Serve(res, req, "image.png", "image.png"); err != nil { + t.Fatal(err) + } + + result := res.Result() + + if result.StatusCode != http.StatusPartialContent { + t.Fatalf("Expected StatusCode %d, got %d", http.StatusPartialContent, result.StatusCode) + } + + expectedRange := "bytes 0-20/73" + if cr := result.Header.Get("Content-Range"); cr != expectedRange { + t.Fatalf("Expected Content-Range %q, got %q", expectedRange, cr) + } + + if l := result.Header.Get("Content-Length"); l != "21" { + t.Fatalf("Expected Content-Length %v, got %v", 21, l) + } +} + +func TestFileSystemServeMultiRange(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + res := httptest.NewRecorder() + req := httptest.NewRequest("GET", "/", nil) + req.Header.Add("Range", "bytes=0-20, 25-30") + + if err := fsys.Serve(res, req, "image.png", "image.png"); err != nil { + t.Fatal(err) + } + + result := res.Result() + + if result.StatusCode != http.StatusPartialContent { + t.Fatalf("Expected StatusCode %d, got %d", http.StatusPartialContent, result.StatusCode) + } + + if ct := result.Header.Get("Content-Type"); !strings.HasPrefix(ct, "multipart/byteranges; boundary=") { + t.Fatalf("Expected Content-Type to be multipart/byteranges, got %v", ct) + } +} + +func TestFileSystemCreateThumb(t *testing.T) { + dir := createTestDir(t) + defer os.RemoveAll(dir) + + fsys, err := filesystem.NewLocal(dir) + if err != nil { + t.Fatal(err) + } + defer fsys.Close() + + scenarios := []struct { + file string + thumb string + size string + expectedMimeType string + }{ + // missing + {"missing.txt", "thumb_test_missing", "100x100", ""}, + // non-image existing file + {"test/sub1.txt", "thumb_test_sub1", "100x100", ""}, + // existing image file with existing thumb path = should fail + {"image.png", "test", "100x100", ""}, + // existing image file with invalid thumb size + {"image.png", "thumb0", "invalid", ""}, + // existing image file with 0xH thumb size + {"image.png", "thumb_0xH", "0x100", "image/png"}, + // existing image file with Wx0 thumb size + {"image.png", "thumb_Wx0", "100x0", "image/png"}, + // existing image file with WxH thumb size + {"image.png", "thumb_WxH", "100x100", "image/png"}, + // existing image file with WxHt thumb size + {"image.png", "thumb_WxHt", "100x100t", "image/png"}, + // existing image file with WxHb thumb size + {"image.png", "thumb_WxHb", "100x100b", "image/png"}, + // existing image file with WxHf thumb size + {"image.png", "thumb_WxHf", "100x100f", "image/png"}, + // jpg + {"image.jpg", "thumb.jpg", "100x100", "image/jpeg"}, + // webp (should produce png) + {"image.webp", "thumb.webp", "100x100", "image/png"}, + } + + for _, s := range scenarios { + t.Run(s.file+"_"+s.thumb+"_"+s.size, func(t *testing.T) { + err := fsys.CreateThumb(s.file, s.thumb, s.size) + + expectErr := s.expectedMimeType == "" + + hasErr := err != nil + if hasErr != expectErr { + t.Fatalf("Expected hasErr to be %v, got %v (%v)", expectErr, hasErr, err) + } + + if hasErr { + return + } + + f, err := fsys.GetReader(s.thumb) + if err != nil { + t.Fatalf("Missing expected thumb %s (%v)", s.thumb, err) + } + defer f.Close() + + mt, err := mimetype.DetectReader(f) + if err != nil { + t.Fatalf("Failed to detect thumb %s mimetype (%v)", s.thumb, err) + } + + if mtStr := mt.String(); mtStr != s.expectedMimeType { + t.Fatalf("Expected thumb %s MimeType %q, got %q", s.thumb, s.expectedMimeType, mtStr) + } + }) + } +} + +// --- + +func createTestDir(t *testing.T) string { + dir, err := os.MkdirTemp(os.TempDir(), "pb_test") + if err != nil { + t.Fatal(err) + } + + err = os.MkdirAll(filepath.Join(dir, "empty"), os.ModePerm) + if err != nil { + t.Fatal(err) + } + + err = os.MkdirAll(filepath.Join(dir, "test"), os.ModePerm) + if err != nil { + t.Fatal(err) + } + + err = os.WriteFile(filepath.Join(dir, "test/sub1.txt"), []byte("sub1"), 0644) + if err != nil { + t.Fatal(err) + } + + err = os.WriteFile(filepath.Join(dir, "test/sub2.txt"), []byte("sub2"), 0644) + if err != nil { + t.Fatal(err) + } + + // png + { + file, err := os.OpenFile(filepath.Join(dir, "image.png"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + imgRect := image.Rect(0, 0, 1, 1) // tiny 1x1 png + _ = png.Encode(file, imgRect) + file.Close() + err = os.WriteFile(filepath.Join(dir, "image.png.attrs"), []byte(`{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/png","user.metadata":null}`), 0644) + if err != nil { + t.Fatal(err) + } + } + + // jpg + { + file, err := os.OpenFile(filepath.Join(dir, "image.jpg"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + imgRect := image.Rect(0, 0, 1, 1) // tiny 1x1 jpg + _ = jpeg.Encode(file, imgRect, nil) + file.Close() + err = os.WriteFile(filepath.Join(dir, "image.jpg.attrs"), []byte(`{"user.cache_control":"","user.content_disposition":"","user.content_encoding":"","user.content_language":"","user.content_type":"image/jpeg","user.metadata":null}`), 0644) + if err != nil { + t.Fatal(err) + } + } + + // svg + { + file, err := os.OpenFile(filepath.Join(dir, "image.svg"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + file.Close() + } + + // webp + { + err := os.WriteFile(filepath.Join(dir, "image.webp"), []byte{ + 82, 73, 70, 70, 36, 0, 0, 0, 87, 69, 66, 80, 86, 80, 56, 32, + 24, 0, 0, 0, 48, 1, 0, 157, 1, 42, 1, 0, 1, 0, 2, 0, 52, 37, + 164, 0, 3, 112, 0, 254, 251, 253, 80, 0, + }, 0644) + if err != nil { + t.Fatal(err) + } + } + + // no extension and invalid characters + { + file, err := os.OpenFile(filepath.Join(dir, "image_! noext"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + _ = png.Encode(file, image.Rect(0, 0, 1, 1)) // tiny 1x1 png + file.Close() + } + + // css + { + file, err := os.OpenFile(filepath.Join(dir, "style.css"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + file.Close() + } + + // js + { + file, err := os.OpenFile(filepath.Join(dir, "main.js"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + file.Close() + } + + // mjs + { + file, err := os.OpenFile(filepath.Join(dir, "main.mjs"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + file.Close() + } + + return dir +} diff --git a/tools/filesystem/internal/fileblob/attrs.go b/tools/filesystem/internal/fileblob/attrs.go new file mode 100644 index 0000000..3f30ed3 --- /dev/null +++ b/tools/filesystem/internal/fileblob/attrs.go @@ -0,0 +1,84 @@ +package fileblob + +import ( + "encoding/json" + "fmt" + "os" +) + +// Largely copied from gocloud.dev/blob/fileblob to apply the same +// retrieve and write side-car .attrs rules. +// +// ------------------------------------------------------------------- +// Copyright 2018 The Go Cloud Development Kit Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ------------------------------------------------------------------- + +const attrsExt = ".attrs" + +var errAttrsExt = fmt.Errorf("file extension %q is reserved", attrsExt) + +// xattrs stores extended attributes for an object. The format is like +// filesystem extended attributes, see +// https://www.freedesktop.org/wiki/CommonExtendedAttributes. +type xattrs struct { + CacheControl string `json:"user.cache_control"` + ContentDisposition string `json:"user.content_disposition"` + ContentEncoding string `json:"user.content_encoding"` + ContentLanguage string `json:"user.content_language"` + ContentType string `json:"user.content_type"` + Metadata map[string]string `json:"user.metadata"` + MD5 []byte `json:"md5"` +} + +// setAttrs creates a "path.attrs" file along with blob to store the attributes, +// it uses JSON format. +func setAttrs(path string, xa xattrs) error { + f, err := os.Create(path + attrsExt) + if err != nil { + return err + } + + if err := json.NewEncoder(f).Encode(xa); err != nil { + f.Close() + os.Remove(f.Name()) + return err + } + + return f.Close() +} + +// getAttrs looks at the "path.attrs" file to retrieve the attributes and +// decodes them into a xattrs struct. It doesn't return error when there is no +// such .attrs file. +func getAttrs(path string) (xattrs, error) { + f, err := os.Open(path + attrsExt) + if err != nil { + if os.IsNotExist(err) { + // Handle gracefully for non-existent .attr files. + return xattrs{ + ContentType: "application/octet-stream", + }, nil + } + return xattrs{}, err + } + + xa := new(xattrs) + if err := json.NewDecoder(f).Decode(xa); err != nil { + f.Close() + return xattrs{}, err + } + + return *xa, f.Close() +} diff --git a/tools/filesystem/internal/fileblob/fileblob.go b/tools/filesystem/internal/fileblob/fileblob.go new file mode 100644 index 0000000..0daa3a8 --- /dev/null +++ b/tools/filesystem/internal/fileblob/fileblob.go @@ -0,0 +1,713 @@ +// Package fileblob provides a blob.Bucket driver implementation. +// +// NB! To minimize breaking changes with older PocketBase releases, +// the driver is a stripped down and adapted version of the previously +// used gocloud.dev/blob/fileblob, hence many of the below doc comments, +// struct options and interface implementations are the same. +// +// To avoid partial writes, fileblob writes to a temporary file and then renames +// the temporary file to the final path on Close. By default, it creates these +// temporary files in `os.TempDir`. If `os.TempDir` is on a different mount than +// your base bucket path, the `os.Rename` will fail with `invalid cross-device link`. +// To avoid this, either configure the temp dir to use by setting the environment +// variable `TMPDIR`, or set `Options.NoTempDir` to `true` (fileblob will create +// the temporary files next to the actual files instead of in a temporary directory). +// +// By default fileblob stores blob metadata in "sidecar" files under the original +// filename with an additional ".attrs" suffix. +// This behaviour can be changed via `Options.Metadata`; +// writing of those metadata files can be suppressed by setting it to +// `MetadataDontWrite` or its equivalent "metadata=skip" in the URL for the opener. +// In either case, absent any stored metadata many `blob.Attributes` fields +// will be set to default values. +// +// The blob abstraction supports all UTF-8 strings; to make this work with services lacking +// full UTF-8 support, strings must be escaped (during writes) and unescaped +// (during reads). The following escapes are performed for fileblob: +// - Blob keys: ASCII characters 0-31 are escaped to "__0x__". +// If os.PathSeparator != "/", it is also escaped. +// Additionally, the "/" in "../", the trailing "/" in "//", and a trailing +// "/" is key names are escaped in the same way. +// On Windows, the characters "<>:"|?*" are also escaped. +// +// Example: +// +// drv, _ := fileblob.New("/path/to/dir", nil) +// bucket := blob.NewBucket(drv) +package fileblob + +import ( + "context" + "crypto/md5" + "errors" + "fmt" + "hash" + "io" + "io/fs" + "os" + "path/filepath" + "strconv" + "strings" + "time" + + "github.com/pocketbase/pocketbase/tools/filesystem/blob" +) + +const defaultPageSize = 1000 + +type metadataOption string // Not exported as subject to change. + +// Settings for Options.Metadata. +const ( + // Metadata gets written to a separate file. + MetadataInSidecar metadataOption = "" + + // Writes won't carry metadata, as per the package docstring. + MetadataDontWrite metadataOption = "skip" +) + +// Options sets options for constructing a *blob.Bucket backed by fileblob. +type Options struct { + // Refers to the strategy for how to deal with metadata (such as blob.Attributes). + // For supported values please see the Metadata* constants. + // If left unchanged, 'MetadataInSidecar' will be used. + Metadata metadataOption + + // The FileMode to use when creating directories for the top-level directory + // backing the bucket (when CreateDir is true), and for subdirectories for keys. + // Defaults to 0777. + DirFileMode os.FileMode + + // If true, create the directory backing the Bucket if it does not exist + // (using os.MkdirAll). + CreateDir bool + + // If true, don't use os.TempDir for temporary files, but instead place them + // next to the actual files. This may result in "stranded" temporary files + // (e.g., if the application is killed before the file cleanup runs). + // + // If your bucket directory is on a different mount than os.TempDir, you will + // need to set this to true, as os.Rename will fail across mount points. + NoTempDir bool +} + +// New creates a new instance of the fileblob driver backed by the +// filesystem and rooted at dir, which must exist. +func New(dir string, opts *Options) (blob.Driver, error) { + if opts == nil { + opts = &Options{} + } + if opts.DirFileMode == 0 { + opts.DirFileMode = os.FileMode(0o777) + } + + absdir, err := filepath.Abs(dir) + if err != nil { + return nil, fmt.Errorf("failed to convert %s into an absolute path: %v", dir, err) + } + + // Optionally, create the directory if it does not already exist. + info, err := os.Stat(absdir) + if err != nil && opts.CreateDir && os.IsNotExist(err) { + err = os.MkdirAll(absdir, opts.DirFileMode) + if err != nil { + return nil, fmt.Errorf("tried to create directory but failed: %v", err) + } + info, err = os.Stat(absdir) + } + if err != nil { + return nil, err + } + + if !info.IsDir() { + return nil, fmt.Errorf("%s is not a directory", absdir) + } + + return &driver{dir: absdir, opts: opts}, nil +} + +type driver struct { + opts *Options + dir string +} + +// Close implements [blob/Driver.Close]. +func (drv *driver) Close() error { + return nil +} + +// NormalizeError implements [blob/Driver.NormalizeError]. +func (drv *driver) NormalizeError(err error) error { + if os.IsNotExist(err) { + return errors.Join(err, blob.ErrNotFound) + } + + return err +} + +// path returns the full path for a key. +func (drv *driver) path(key string) (string, error) { + path := filepath.Join(drv.dir, escapeKey(key)) + + if strings.HasSuffix(path, attrsExt) { + return "", errAttrsExt + } + + return path, nil +} + +// forKey returns the full path, os.FileInfo, and attributes for key. +func (drv *driver) forKey(key string) (string, os.FileInfo, *xattrs, error) { + path, err := drv.path(key) + if err != nil { + return "", nil, nil, err + } + + info, err := os.Stat(path) + if err != nil { + return "", nil, nil, err + } + + if info.IsDir() { + return "", nil, nil, os.ErrNotExist + } + + xa, err := getAttrs(path) + if err != nil { + return "", nil, nil, err + } + + return path, info, &xa, nil +} + +// ListPaged implements [blob/Driver.ListPaged]. +func (drv *driver) ListPaged(ctx context.Context, opts *blob.ListOptions) (*blob.ListPage, error) { + var pageToken string + if len(opts.PageToken) > 0 { + pageToken = string(opts.PageToken) + } + + pageSize := opts.PageSize + if pageSize == 0 { + pageSize = defaultPageSize + } + + // If opts.Delimiter != "", lastPrefix contains the last "directory" key we + // added. It is used to avoid adding it again; all files in this "directory" + // are collapsed to the single directory entry. + var lastPrefix string + var lastKeyAdded string + + // If the Prefix contains a "/", we can set the root of the Walk + // to the path specified by the Prefix as any files below the path will not + // match the Prefix. + // Note that we use "/" explicitly and not os.PathSeparator, as the opts.Prefix + // is in the unescaped form. + root := drv.dir + if i := strings.LastIndex(opts.Prefix, "/"); i > -1 { + root = filepath.Join(root, opts.Prefix[:i]) + } + + var result blob.ListPage + + // Do a full recursive scan of the root directory. + err := filepath.WalkDir(root, func(path string, info fs.DirEntry, err error) error { + if err != nil { + // Couldn't read this file/directory for some reason; just skip it. + return nil + } + + // Skip the self-generated attribute files. + if strings.HasSuffix(path, attrsExt) { + return nil + } + + // os.Walk returns the root directory; skip it. + if path == drv.dir { + return nil + } + + // Strip the prefix from path. + prefixLen := len(drv.dir) + // Include the separator for non-root. + if drv.dir != "/" { + prefixLen++ + } + path = path[prefixLen:] + + // Unescape the path to get the key. + key := unescapeKey(path) + + // Skip all directories. If opts.Delimiter is set, we'll create + // pseudo-directories later. + // Note that returning nil means that we'll still recurse into it; + // we're just not adding a result for the directory itself. + if info.IsDir() { + key += "/" + // Avoid recursing into subdirectories if the directory name already + // doesn't match the prefix; any files in it are guaranteed not to match. + if len(key) > len(opts.Prefix) && !strings.HasPrefix(key, opts.Prefix) { + return filepath.SkipDir + } + // Similarly, avoid recursing into subdirectories if we're making + // "directories" and all of the files in this subdirectory are guaranteed + // to collapse to a "directory" that we've already added. + if lastPrefix != "" && strings.HasPrefix(key, lastPrefix) { + return filepath.SkipDir + } + return nil + } + + // Skip files/directories that don't match the Prefix. + if !strings.HasPrefix(key, opts.Prefix) { + return nil + } + + var md5 []byte + if xa, err := getAttrs(path); err == nil { + // Note: we only have the MD5 hash for blobs that we wrote. + // For other blobs, md5 will remain nil. + md5 = xa.MD5 + } + + fi, err := info.Info() + if err != nil { + return err + } + + obj := &blob.ListObject{ + Key: key, + ModTime: fi.ModTime(), + Size: fi.Size(), + MD5: md5, + } + + // If using Delimiter, collapse "directories". + if opts.Delimiter != "" { + // Strip the prefix, which may contain Delimiter. + keyWithoutPrefix := key[len(opts.Prefix):] + // See if the key still contains Delimiter. + // If no, it's a file and we just include it. + // If yes, it's a file in a "sub-directory" and we want to collapse + // all files in that "sub-directory" into a single "directory" result. + if idx := strings.Index(keyWithoutPrefix, opts.Delimiter); idx != -1 { + prefix := opts.Prefix + keyWithoutPrefix[0:idx+len(opts.Delimiter)] + // We've already included this "directory"; don't add it. + if prefix == lastPrefix { + return nil + } + // Update the object to be a "directory". + obj = &blob.ListObject{ + Key: prefix, + IsDir: true, + } + lastPrefix = prefix + } + } + + // If there's a pageToken, skip anything before it. + if pageToken != "" && obj.Key <= pageToken { + return nil + } + + // If we've already got a full page of results, set NextPageToken and stop. + // Unless the current object is a directory, in which case there may + // still be objects coming that are alphabetically before it (since + // we appended the delimiter). In that case, keep going; we'll trim the + // extra entries (if any) before returning. + if len(result.Objects) == pageSize && !obj.IsDir { + result.NextPageToken = []byte(result.Objects[pageSize-1].Key) + return io.EOF + } + + result.Objects = append(result.Objects, obj) + + // Normally, objects are added in the correct order (by Key). + // However, sometimes adding the file delimiter messes that up + // (e.g., if the file delimiter is later in the alphabet than the last character of a key). + // Detect if this happens and swap if needed. + if len(result.Objects) > 1 && obj.Key < lastKeyAdded { + i := len(result.Objects) - 1 + result.Objects[i-1], result.Objects[i] = result.Objects[i], result.Objects[i-1] + lastKeyAdded = result.Objects[i].Key + } else { + lastKeyAdded = obj.Key + } + + return nil + }) + if err != nil && err != io.EOF { + return nil, err + } + + if len(result.Objects) > pageSize { + result.Objects = result.Objects[0:pageSize] + result.NextPageToken = []byte(result.Objects[pageSize-1].Key) + } + + return &result, nil +} + +// Attributes implements [blob/Driver.Attributes]. +func (drv *driver) Attributes(ctx context.Context, key string) (*blob.Attributes, error) { + _, info, xa, err := drv.forKey(key) + if err != nil { + return nil, err + } + + return &blob.Attributes{ + CacheControl: xa.CacheControl, + ContentDisposition: xa.ContentDisposition, + ContentEncoding: xa.ContentEncoding, + ContentLanguage: xa.ContentLanguage, + ContentType: xa.ContentType, + Metadata: xa.Metadata, + // CreateTime left as the zero time. + ModTime: info.ModTime(), + Size: info.Size(), + MD5: xa.MD5, + ETag: fmt.Sprintf("\"%x-%x\"", info.ModTime().UnixNano(), info.Size()), + }, nil +} + +// NewRangeReader implements [blob/Driver.NewRangeReader]. +func (drv *driver) NewRangeReader(ctx context.Context, key string, offset, length int64) (blob.DriverReader, error) { + path, info, xa, err := drv.forKey(key) + if err != nil { + return nil, err + } + + f, err := os.Open(path) + if err != nil { + return nil, err + } + + if offset > 0 { + if _, err := f.Seek(offset, io.SeekStart); err != nil { + return nil, err + } + } + + r := io.Reader(f) + if length >= 0 { + r = io.LimitReader(r, length) + } + + return &reader{ + r: r, + c: f, + attrs: &blob.ReaderAttributes{ + ContentType: xa.ContentType, + ModTime: info.ModTime(), + Size: info.Size(), + }, + }, nil +} + +func createTemp(path string, noTempDir bool) (*os.File, error) { + // Use a custom createTemp function rather than os.CreateTemp() as + // os.CreateTemp() sets the permissions of the tempfile to 0600, rather than + // 0666, making it inconsistent with the directories and attribute files. + try := 0 + for { + // Append the current time with nanosecond precision and .tmp to the + // base path. If the file already exists try again. Nanosecond changes enough + // between each iteration to make a conflict unlikely. Using the full + // time lowers the chance of a collision with a file using a similar + // pattern, but has undefined behavior after the year 2262. + var name string + if noTempDir { + name = path + } else { + name = filepath.Join(os.TempDir(), filepath.Base(path)) + } + name += "." + strconv.FormatInt(time.Now().UnixNano(), 16) + ".tmp" + + f, err := os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o666) + if os.IsExist(err) { + if try++; try < 10000 { + continue + } + return nil, &os.PathError{Op: "createtemp", Path: path + ".*.tmp", Err: os.ErrExist} + } + + return f, err + } +} + +// NewTypedWriter implements [blob/Driver.NewTypedWriter]. +func (drv *driver) NewTypedWriter(ctx context.Context, key, contentType string, opts *blob.WriterOptions) (blob.DriverWriter, error) { + path, err := drv.path(key) + if err != nil { + return nil, err + } + + err = os.MkdirAll(filepath.Dir(path), drv.opts.DirFileMode) + if err != nil { + return nil, err + } + + f, err := createTemp(path, drv.opts.NoTempDir) + if err != nil { + return nil, err + } + + if drv.opts.Metadata == MetadataDontWrite { + w := &writer{ + ctx: ctx, + File: f, + path: path, + } + return w, nil + } + + var metadata map[string]string + if len(opts.Metadata) > 0 { + metadata = opts.Metadata + } + + return &writerWithSidecar{ + ctx: ctx, + f: f, + path: path, + contentMD5: opts.ContentMD5, + md5hash: md5.New(), + attrs: xattrs{ + CacheControl: opts.CacheControl, + ContentDisposition: opts.ContentDisposition, + ContentEncoding: opts.ContentEncoding, + ContentLanguage: opts.ContentLanguage, + ContentType: contentType, + Metadata: metadata, + }, + }, nil +} + +// Copy implements [blob/Driver.Copy]. +func (drv *driver) Copy(ctx context.Context, dstKey, srcKey string) error { + // Note: we could use NewRangeReader here, but since we need to copy all of + // the metadata (from xa), it's more efficient to do it directly. + srcPath, _, xa, err := drv.forKey(srcKey) + if err != nil { + return err + } + + f, err := os.Open(srcPath) + if err != nil { + return err + } + defer f.Close() + + // We'll write the copy using Writer, to avoid re-implementing making of a + // temp file, cleaning up after partial failures, etc. + wopts := blob.WriterOptions{ + CacheControl: xa.CacheControl, + ContentDisposition: xa.ContentDisposition, + ContentEncoding: xa.ContentEncoding, + ContentLanguage: xa.ContentLanguage, + Metadata: xa.Metadata, + } + + // Create a cancelable context so we can cancel the write if there are problems. + writeCtx, cancel := context.WithCancel(ctx) + defer cancel() + + w, err := drv.NewTypedWriter(writeCtx, dstKey, xa.ContentType, &wopts) + if err != nil { + return err + } + + _, err = io.Copy(w, f) + if err != nil { + cancel() // cancel before Close cancels the write + w.Close() + return err + } + + return w.Close() +} + +// Delete implements [blob/Driver.Delete]. +func (b *driver) Delete(ctx context.Context, key string) error { + path, err := b.path(key) + if err != nil { + return err + } + + err = os.Remove(path) + if err != nil { + return err + } + + err = os.Remove(path + attrsExt) + if err != nil && !os.IsNotExist(err) { + return err + } + + return nil +} + +// ------------------------------------------------------------------- + +type reader struct { + r io.Reader + c io.Closer + attrs *blob.ReaderAttributes +} + +func (r *reader) Read(p []byte) (int, error) { + if r.r == nil { + return 0, io.EOF + } + return r.r.Read(p) +} + +func (r *reader) Close() error { + if r.c == nil { + return nil + } + return r.c.Close() +} + +// Attributes implements [blob/DriverReader.Attributes]. +func (r *reader) Attributes() *blob.ReaderAttributes { + return r.attrs +} + +// ------------------------------------------------------------------- + +// writerWithSidecar implements the strategy of storing metadata in a distinct file. +type writerWithSidecar struct { + ctx context.Context + md5hash hash.Hash + f *os.File + path string + attrs xattrs + contentMD5 []byte +} + +func (w *writerWithSidecar) Write(p []byte) (n int, err error) { + n, err = w.f.Write(p) + if err != nil { + // Don't hash the unwritten tail twice when writing is resumed. + w.md5hash.Write(p[:n]) + return n, err + } + + if _, err := w.md5hash.Write(p); err != nil { + return n, err + } + + return n, nil +} + +func (w *writerWithSidecar) Close() error { + err := w.f.Close() + if err != nil { + return err + } + + // Always delete the temp file. On success, it will have been + // renamed so the Remove will fail. + defer func() { + _ = os.Remove(w.f.Name()) + }() + + // Check if the write was cancelled. + if err := w.ctx.Err(); err != nil { + return err + } + + md5sum := w.md5hash.Sum(nil) + w.attrs.MD5 = md5sum + + // Write the attributes file. + if err := setAttrs(w.path, w.attrs); err != nil { + return err + } + + // Rename the temp file to path. + if err := os.Rename(w.f.Name(), w.path); err != nil { + _ = os.Remove(w.path + attrsExt) + return err + } + + return nil +} + +// writer is a file with a temporary name until closed. +// +// Embedding os.File allows the likes of io.Copy to use optimizations, +// which is why it is not folded into writerWithSidecar. +type writer struct { + *os.File + ctx context.Context + path string +} + +func (w *writer) Close() error { + err := w.File.Close() + if err != nil { + return err + } + + // Always delete the temp file. On success, it will have been renamed so + // the Remove will fail. + tempname := w.Name() + defer os.Remove(tempname) + + // Check if the write was cancelled. + if err := w.ctx.Err(); err != nil { + return err + } + + // Rename the temp file to path. + return os.Rename(tempname, w.path) +} + +// ------------------------------------------------------------------- + +// escapeKey does all required escaping for UTF-8 strings to work the filesystem. +func escapeKey(s string) string { + s = blob.HexEscape(s, func(r []rune, i int) bool { + c := r[i] + switch { + case c < 32: + return true + // We're going to replace '/' with os.PathSeparator below. In order for this + // to be reversible, we need to escape raw os.PathSeparators. + case os.PathSeparator != '/' && c == os.PathSeparator: + return true + // For "../", escape the trailing slash. + case i > 1 && c == '/' && r[i-1] == '.' && r[i-2] == '.': + return true + // For "//", escape the trailing slash. + case i > 0 && c == '/' && r[i-1] == '/': + return true + // Escape the trailing slash in a key. + case c == '/' && i == len(r)-1: + return true + // https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file + case os.PathSeparator == '\\' && (c == '>' || c == '<' || c == ':' || c == '"' || c == '|' || c == '?' || c == '*'): + return true + } + return false + }) + + // Replace "/" with os.PathSeparator if needed, so that the local filesystem + // can use subdirectories. + if os.PathSeparator != '/' { + s = strings.ReplaceAll(s, "/", string(os.PathSeparator)) + } + + return s +} + +// unescapeKey reverses escapeKey. +func unescapeKey(s string) string { + if os.PathSeparator != '/' { + s = strings.ReplaceAll(s, string(os.PathSeparator), "/") + } + + return blob.HexUnescape(s) +} diff --git a/tools/filesystem/internal/s3blob/s3/copy_object.go b/tools/filesystem/internal/s3blob/s3/copy_object.go new file mode 100644 index 0000000..de26bad --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/copy_object.go @@ -0,0 +1,59 @@ +package s3 + +import ( + "context" + "encoding/xml" + "net/http" + "net/url" + "strings" + "time" +) + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html#API_CopyObject_ResponseSyntax +type CopyObjectResponse struct { + CopyObjectResult xml.Name `json:"copyObjectResult" xml:"CopyObjectResult"` + ETag string `json:"etag" xml:"ETag"` + LastModified time.Time `json:"lastModified" xml:"LastModified"` + ChecksumType string `json:"checksumType" xml:"ChecksumType"` + ChecksumCRC32 string `json:"checksumCRC32" xml:"ChecksumCRC32"` + ChecksumCRC32C string `json:"checksumCRC32C" xml:"ChecksumCRC32C"` + ChecksumCRC64NVME string `json:"checksumCRC64NVME" xml:"ChecksumCRC64NVME"` + ChecksumSHA1 string `json:"checksumSHA1" xml:"ChecksumSHA1"` + ChecksumSHA256 string `json:"checksumSHA256" xml:"ChecksumSHA256"` +} + +// CopyObject copies a single object from srcKey to dstKey destination. +// (both keys are expected to be operating within the same bucket). +// +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html +func (s3 *S3) CopyObject(ctx context.Context, srcKey string, dstKey string, optReqFuncs ...func(*http.Request)) (*CopyObjectResponse, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodPut, s3.URL(dstKey), nil) + if err != nil { + return nil, err + } + + // per the doc the header value must be URL-encoded + req.Header.Set("x-amz-copy-source", url.PathEscape(s3.Bucket+"/"+strings.TrimLeft(srcKey, "/"))) + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := s3.SignAndSend(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + result := &CopyObjectResponse{} + + err = xml.NewDecoder(resp.Body).Decode(result) + if err != nil { + return nil, err + } + + return result, nil +} diff --git a/tools/filesystem/internal/s3blob/s3/copy_object_test.go b/tools/filesystem/internal/s3blob/s3/copy_object_test.go new file mode 100644 index 0000000..968f818 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/copy_object_test.go @@ -0,0 +1,67 @@ +package s3_test + +import ( + "context" + "io" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestS3CopyObject(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/@dst_test", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "x-amz-copy-source": "test_bucket%2F@src_test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Body: io.NopCloser(strings.NewReader(` + + 2025-01-01T01:02:03.456Z + test_etag + + `)), + }, + }, + ) + + s3Client := &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + } + + copyResp, err := s3Client.CopyObject(context.Background(), "@src_test", "@dst_test", func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } + + if copyResp.ETag != "test_etag" { + t.Fatalf("Expected ETag %q, got %q", "test_etag", copyResp.ETag) + } + + if date := copyResp.LastModified.Format("2006-01-02T15:04:05.000Z"); date != "2025-01-01T01:02:03.456Z" { + t.Fatalf("Expected LastModified %q, got %q", "2025-01-01T01:02:03.456Z", date) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/delete_object.go b/tools/filesystem/internal/s3blob/s3/delete_object.go new file mode 100644 index 0000000..a46c8ab --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/delete_object.go @@ -0,0 +1,31 @@ +package s3 + +import ( + "context" + "net/http" +) + +// DeleteObject deletes a single object by its key. +// +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html +func (s3 *S3) DeleteObject(ctx context.Context, key string, optFuncs ...func(*http.Request)) error { + req, err := http.NewRequestWithContext(ctx, http.MethodDelete, s3.URL(key), nil) + if err != nil { + return err + } + + // apply optional request funcs + for _, fn := range optFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := s3.SignAndSend(req) + if err != nil { + return err + } + defer resp.Body.Close() + + return nil +} diff --git a/tools/filesystem/internal/s3blob/s3/delete_object_test.go b/tools/filesystem/internal/s3blob/s3/delete_object_test.go new file mode 100644 index 0000000..48d245c --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/delete_object_test.go @@ -0,0 +1,48 @@ +package s3_test + +import ( + "context" + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestS3DeleteObject(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodDelete, + URL: "http://test_bucket.example.com/test_key", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + }, + ) + + s3Client := &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + } + + err := s3Client.DeleteObject(context.Background(), "test_key", func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/error.go b/tools/filesystem/internal/s3blob/s3/error.go new file mode 100644 index 0000000..e8d76af --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/error.go @@ -0,0 +1,49 @@ +package s3 + +import ( + "encoding/xml" + "strconv" + "strings" +) + +var _ error = (*ResponseError)(nil) + +// ResponseError defines a general S3 response error. +// +// https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html +type ResponseError struct { + XMLName xml.Name `json:"-" xml:"Error"` + Code string `json:"code" xml:"Code"` + Message string `json:"message" xml:"Message"` + RequestId string `json:"requestId" xml:"RequestId"` + Resource string `json:"resource" xml:"Resource"` + Raw []byte `json:"-" xml:"-"` + Status int `json:"status" xml:"Status"` +} + +// Error implements the std error interface. +func (err *ResponseError) Error() string { + var strBuilder strings.Builder + + strBuilder.WriteString(strconv.Itoa(err.Status)) + strBuilder.WriteString(" ") + + if err.Code != "" { + strBuilder.WriteString(err.Code) + } else { + strBuilder.WriteString("S3ResponseError") + } + + if err.Message != "" { + strBuilder.WriteString(": ") + strBuilder.WriteString(err.Message) + } + + if len(err.Raw) > 0 { + strBuilder.WriteString("\n(RAW: ") + strBuilder.Write(err.Raw) + strBuilder.WriteString(")") + } + + return strBuilder.String() +} diff --git a/tools/filesystem/internal/s3blob/s3/error_test.go b/tools/filesystem/internal/s3blob/s3/error_test.go new file mode 100644 index 0000000..4728c39 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/error_test.go @@ -0,0 +1,86 @@ +package s3_test + +import ( + "encoding/json" + "encoding/xml" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" +) + +func TestResponseErrorSerialization(t *testing.T) { + raw := ` + + + test_code + test_message + test_request_id + test_resource + + ` + + respErr := &s3.ResponseError{ + Status: 123, + Raw: []byte("test"), + } + + err := xml.Unmarshal([]byte(raw), &respErr) + if err != nil { + t.Fatal(err) + } + + jsonRaw, err := json.Marshal(respErr) + if err != nil { + t.Fatal(err) + } + jsonStr := string(jsonRaw) + + expected := `{"code":"test_code","message":"test_message","requestId":"test_request_id","resource":"test_resource","status":123}` + + if expected != jsonStr { + t.Fatalf("Expected JSON\n%s\ngot\n%s", expected, jsonStr) + } +} + +func TestResponseErrorErrorInterface(t *testing.T) { + scenarios := []struct { + name string + err *s3.ResponseError + expected string + }{ + { + "empty", + &s3.ResponseError{}, + "0 S3ResponseError", + }, + { + "with code and message (nil raw)", + &s3.ResponseError{ + Status: 123, + Code: "test_code", + Message: "test_message", + }, + "123 test_code: test_message", + }, + { + "with code and message (non-nil raw)", + &s3.ResponseError{ + Status: 123, + Code: "test_code", + Message: "test_message", + Raw: []byte("test_raw"), + }, + "123 test_code: test_message\n(RAW: test_raw)", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.err.Error() + + if result != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, result) + } + }) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/get_object.go b/tools/filesystem/internal/s3blob/s3/get_object.go new file mode 100644 index 0000000..e83f38f --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/get_object.go @@ -0,0 +1,43 @@ +package s3 + +import ( + "context" + "io" + "net/http" +) + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html#API_GetObject_ResponseElements +type GetObjectResponse struct { + Body io.ReadCloser `json:"-" xml:"-"` + + HeadObjectResponse +} + +// GetObject retrieves a single object by its key. +// +// NB! Make sure to call GetObjectResponse.Body.Close() after done working with the result. +// +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html +func (s3 *S3) GetObject(ctx context.Context, key string, optFuncs ...func(*http.Request)) (*GetObjectResponse, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodGet, s3.URL(key), nil) + if err != nil { + return nil, err + } + + // apply optional request funcs + for _, fn := range optFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := s3.SignAndSend(req) + if err != nil { + return nil, err + } + + result := &GetObjectResponse{Body: resp.Body} + result.load(resp.Header) + + return result, nil +} diff --git a/tools/filesystem/internal/s3blob/s3/get_object_test.go b/tools/filesystem/internal/s3blob/s3/get_object_test.go new file mode 100644 index 0000000..3dde3b0 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/get_object_test.go @@ -0,0 +1,92 @@ +package s3_test + +import ( + "context" + "encoding/json" + "io" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestS3GetObject(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodGet, + URL: "http://test_bucket.example.com/test_key", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Cache-Control": []string{"test_cache"}, + "Content-Disposition": []string{"test_disposition"}, + "Content-Encoding": []string{"test_encoding"}, + "Content-Language": []string{"test_language"}, + "Content-Type": []string{"test_type"}, + "Content-Range": []string{"test_range"}, + "Etag": []string{"test_etag"}, + "Content-Length": []string{"100"}, + "x-amz-meta-AbC": []string{"test_meta_a"}, + "x-amz-meta-Def": []string{"test_meta_b"}, + }, + Body: io.NopCloser(strings.NewReader("test")), + }, + }, + ) + + s3Client := &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + } + + resp, err := s3Client.GetObject(context.Background(), "test_key", func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + defer resp.Body.Close() + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } + + // check body + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatal(err) + } + bodyStr := string(body) + + if bodyStr != "test" { + t.Fatalf("Expected body\n%q\ngot\n%q", "test", bodyStr) + } + + // check serialized attributes + raw, err := json.Marshal(resp) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + expected := `{"metadata":{"abc":"test_meta_a","def":"test_meta_b"},"lastModified":"2025-02-01T03:04:05Z","cacheControl":"test_cache","contentDisposition":"test_disposition","contentEncoding":"test_encoding","contentLanguage":"test_language","contentType":"test_type","contentRange":"test_range","etag":"test_etag","contentLength":100}` + + if rawStr != expected { + t.Fatalf("Expected attributes\n%s\ngot\n%s", expected, rawStr) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/head_object.go b/tools/filesystem/internal/s3blob/s3/head_object.go new file mode 100644 index 0000000..ff5d7ab --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/head_object.go @@ -0,0 +1,89 @@ +package s3 + +import ( + "context" + "net/http" + "strconv" + "time" +) + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html#API_HeadObject_ResponseElements +type HeadObjectResponse struct { + // Metadata is the extra data that is stored with the S3 object (aka. the "x-amz-meta-*" header values). + // + // The map keys are normalized to lower-case. + Metadata map[string]string `json:"metadata"` + + // LastModified date and time when the object was last modified. + LastModified time.Time `json:"lastModified"` + + // CacheControl specifies caching behavior along the request/reply chain. + CacheControl string `json:"cacheControl"` + + // ContentDisposition specifies presentational information for the object. + ContentDisposition string `json:"contentDisposition"` + + // ContentEncoding indicates what content encodings have been applied to the object + // and thus what decoding mechanisms must be applied to obtain the + // media-type referenced by the Content-Type header field. + ContentEncoding string `json:"contentEncoding"` + + // ContentLanguage indicates the language the content is in. + ContentLanguage string `json:"contentLanguage"` + + // ContentType is a standard MIME type describing the format of the object data. + ContentType string `json:"contentType"` + + // ContentRange is the portion of the object usually returned in the response for a GET request. + ContentRange string `json:"contentRange"` + + // ETag is an opaque identifier assigned by a web + // server to a specific version of a resource found at a URL. + ETag string `json:"etag"` + + // ContentLength is size of the body in bytes. + ContentLength int64 `json:"contentLength"` +} + +// load parses and load the header values into the current HeadObjectResponse fields. +func (o *HeadObjectResponse) load(headers http.Header) { + o.LastModified, _ = time.Parse(time.RFC1123, headers.Get("Last-Modified")) + o.CacheControl = headers.Get("Cache-Control") + o.ContentDisposition = headers.Get("Content-Disposition") + o.ContentEncoding = headers.Get("Content-Encoding") + o.ContentLanguage = headers.Get("Content-Language") + o.ContentType = headers.Get("Content-Type") + o.ContentRange = headers.Get("Content-Range") + o.ETag = headers.Get("ETag") + o.ContentLength, _ = strconv.ParseInt(headers.Get("Content-Length"), 10, 0) + o.Metadata = extractMetadata(headers) +} + +// HeadObject sends a HEAD request for a single object to check its +// existence and to retrieve its metadata. +// +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html +func (s3 *S3) HeadObject(ctx context.Context, key string, optFuncs ...func(*http.Request)) (*HeadObjectResponse, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodHead, s3.URL(key), nil) + if err != nil { + return nil, err + } + + // apply optional request funcs + for _, fn := range optFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := s3.SignAndSend(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + result := &HeadObjectResponse{} + result.load(resp.Header) + + return result, nil +} diff --git a/tools/filesystem/internal/s3blob/s3/head_object_test.go b/tools/filesystem/internal/s3blob/s3/head_object_test.go new file mode 100644 index 0000000..e2bf979 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/head_object_test.go @@ -0,0 +1,77 @@ +package s3_test + +import ( + "context" + "encoding/json" + "net/http" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestS3HeadObject(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodHead, + URL: "http://test_bucket.example.com/test_key", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Cache-Control": []string{"test_cache"}, + "Content-Disposition": []string{"test_disposition"}, + "Content-Encoding": []string{"test_encoding"}, + "Content-Language": []string{"test_language"}, + "Content-Type": []string{"test_type"}, + "Content-Range": []string{"test_range"}, + "Etag": []string{"test_etag"}, + "Content-Length": []string{"100"}, + "x-amz-meta-AbC": []string{"test_meta_a"}, + "x-amz-meta-Def": []string{"test_meta_b"}, + }, + Body: http.NoBody, + }, + }, + ) + + s3Client := &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + } + + resp, err := s3Client.HeadObject(context.Background(), "test_key", func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(resp) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + expected := `{"metadata":{"abc":"test_meta_a","def":"test_meta_b"},"lastModified":"2025-02-01T03:04:05Z","cacheControl":"test_cache","contentDisposition":"test_disposition","contentEncoding":"test_encoding","contentLanguage":"test_language","contentType":"test_type","contentRange":"test_range","etag":"test_etag","contentLength":100}` + + if rawStr != expected { + t.Fatalf("Expected response\n%s\ngot\n%s", expected, rawStr) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/list_objects.go b/tools/filesystem/internal/s3blob/s3/list_objects.go new file mode 100644 index 0000000..77c2794 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/list_objects.go @@ -0,0 +1,165 @@ +package s3 + +import ( + "context" + "encoding/xml" + "net/http" + "net/url" + "strconv" + "time" +) + +// ListParams defines optional parameters for the ListObject request. +type ListParams struct { + // ContinuationToken indicates that the list is being continued on this bucket with a token. + // ContinuationToken is obfuscated and is not a real key. + // You can use this ContinuationToken for pagination of the list results. + ContinuationToken string `json:"continuationToken"` + + // Delimiter is a character that you use to group keys. + // + // For directory buckets, "/" is the only supported delimiter. + Delimiter string `json:"delimiter"` + + // Prefix limits the response to keys that begin with the specified prefix. + Prefix string `json:"prefix"` + + // Encoding type is used to encode the object keys in the response. + // Responses are encoded only in UTF-8. + // An object key can contain any Unicode character. + // However, the XML 1.0 parser can't parse certain characters, + // such as characters with an ASCII value from 0 to 10. + // For characters that aren't supported in XML 1.0, you can add + // this parameter to request that S3 encode the keys in the response. + // + // Valid Values: url + EncodingType string `json:"encodingType"` + + // StartAfter is where you want S3 to start listing from. + // S3 starts listing after this specified key. + // StartAfter can be any key in the bucket. + // + // This functionality is not supported for directory buckets. + StartAfter string `json:"startAfter"` + + // MaxKeys Sets the maximum number of keys returned in the response. + // By default, the action returns up to 1,000 key names. + // The response might contain fewer keys but will never contain more. + MaxKeys int `json:"maxKeys"` + + // FetchOwner returns the owner field with each key in the result. + FetchOwner bool `json:"fetchOwner"` +} + +// Encode encodes the parameters in a properly formatted query string. +func (l *ListParams) Encode() string { + query := url.Values{} + + query.Add("list-type", "2") + + if l.ContinuationToken != "" { + query.Add("continuation-token", l.ContinuationToken) + } + + if l.Delimiter != "" { + query.Add("delimiter", l.Delimiter) + } + + if l.Prefix != "" { + query.Add("prefix", l.Prefix) + } + + if l.EncodingType != "" { + query.Add("encoding-type", l.EncodingType) + } + + if l.FetchOwner { + query.Add("fetch-owner", "true") + } + + if l.MaxKeys > 0 { + query.Add("max-keys", strconv.Itoa(l.MaxKeys)) + } + + if l.StartAfter != "" { + query.Add("start-after", l.StartAfter) + } + + return query.Encode() +} + +// ListObjects retrieves paginated objects list. +// +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html +func (s3 *S3) ListObjects(ctx context.Context, params ListParams, optReqFuncs ...func(*http.Request)) (*ListObjectsResponse, error) { + req, err := http.NewRequestWithContext(ctx, http.MethodGet, s3.URL("?"+params.Encode()), nil) + if err != nil { + return nil, err + } + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := s3.SignAndSend(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + result := &ListObjectsResponse{} + + err = xml.NewDecoder(resp.Body).Decode(result) + if err != nil { + return nil, err + } + + return result, nil +} + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html#API_ListObjectsV2_ResponseSyntax +type ListObjectsResponse struct { + XMLName xml.Name `json:"-" xml:"ListBucketResult"` + EncodingType string `json:"encodingType" xml:"EncodingType"` + Name string `json:"name" xml:"Name"` + Prefix string `json:"prefix" xml:"Prefix"` + Delimiter string `json:"delimiter" xml:"Delimiter"` + ContinuationToken string `json:"continuationToken" xml:"ContinuationToken"` + NextContinuationToken string `json:"nextContinuationToken" xml:"NextContinuationToken"` + StartAfter string `json:"startAfter" xml:"StartAfter"` + + CommonPrefixes []*ListObjectCommonPrefix `json:"commonPrefixes" xml:"CommonPrefixes"` + + Contents []*ListObjectContent `json:"contents" xml:"Contents"` + + KeyCount int `json:"keyCount" xml:"KeyCount"` + MaxKeys int `json:"maxKeys" xml:"MaxKeys"` + IsTruncated bool `json:"isTruncated" xml:"IsTruncated"` +} + +type ListObjectCommonPrefix struct { + Prefix string `json:"prefix" xml:"Prefix"` +} + +type ListObjectContent struct { + Owner struct { + DisplayName string `json:"displayName" xml:"DisplayName"` + ID string `json:"id" xml:"ID"` + } `json:"owner" xml:"Owner"` + + ChecksumAlgorithm string `json:"checksumAlgorithm" xml:"ChecksumAlgorithm"` + ETag string `json:"etag" xml:"ETag"` + Key string `json:"key" xml:"Key"` + StorageClass string `json:"storageClass" xml:"StorageClass"` + LastModified time.Time `json:"lastModified" xml:"LastModified"` + + RestoreStatus struct { + RestoreExpiryDate time.Time `json:"restoreExpiryDate" xml:"RestoreExpiryDate"` + IsRestoreInProgress bool `json:"isRestoreInProgress" xml:"IsRestoreInProgress"` + } `json:"restoreStatus" xml:"RestoreStatus"` + + Size int64 `json:"size" xml:"Size"` +} diff --git a/tools/filesystem/internal/s3blob/s3/list_objects_test.go b/tools/filesystem/internal/s3blob/s3/list_objects_test.go new file mode 100644 index 0000000..cd0b7f7 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/list_objects_test.go @@ -0,0 +1,157 @@ +package s3_test + +import ( + "context" + "encoding/json" + "io" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestS3ListParamsEncode(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + params s3.ListParams + expected string + }{ + { + "blank", + s3.ListParams{}, + "list-type=2", + }, + { + "filled", + s3.ListParams{ + ContinuationToken: "test_ct", + Delimiter: "test_delimiter", + Prefix: "test_prefix", + EncodingType: "test_et", + StartAfter: "test_sa", + MaxKeys: 1, + FetchOwner: true, + }, + "continuation-token=test_ct&delimiter=test_delimiter&encoding-type=test_et&fetch-owner=true&list-type=2&max-keys=1&prefix=test_prefix&start-after=test_sa", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.params.Encode() + if result != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, result) + } + }) + } +} + +func TestS3ListObjects(t *testing.T) { + t.Parallel() + + listParams := s3.ListParams{ + ContinuationToken: "test_ct", + Delimiter: "test_delimiter", + Prefix: "test_prefix", + EncodingType: "test_et", + StartAfter: "test_sa", + MaxKeys: 10, + FetchOwner: true, + } + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodGet, + URL: "http://test_bucket.example.com/?" + listParams.Encode(), + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Body: io.NopCloser(strings.NewReader(` + + + example + test_encoding + a/ + / + ct + nct + example0.txt + 1 + 3 + true + + example1.txt + 2025-01-01T01:02:03.123Z + test_ca + test_etag1 + 123 + STANDARD + + owner_dn + owner_id + + + 2025-01-02T01:02:03.123Z + true + + + + example2.txt + 2025-01-02T01:02:03.123Z + test_etag2 + 456 + STANDARD + + + a/b/ + + + a/c/ + + + `)), + }, + }, + ) + + s3Client := &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + } + + resp, err := s3Client.ListObjects(context.Background(), listParams, func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(resp) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + expected := `{"encodingType":"test_encoding","name":"example","prefix":"a/","delimiter":"/","continuationToken":"ct","nextContinuationToken":"nct","startAfter":"example0.txt","commonPrefixes":[{"prefix":"a/b/"},{"prefix":"a/c/"}],"contents":[{"owner":{"displayName":"owner_dn","id":"owner_id"},"checksumAlgorithm":"test_ca","etag":"test_etag1","key":"example1.txt","storageClass":"STANDARD","lastModified":"2025-01-01T01:02:03.123Z","restoreStatus":{"restoreExpiryDate":"2025-01-02T01:02:03.123Z","isRestoreInProgress":true},"size":123},{"owner":{"displayName":"","id":""},"checksumAlgorithm":"","etag":"test_etag2","key":"example2.txt","storageClass":"STANDARD","lastModified":"2025-01-02T01:02:03.123Z","restoreStatus":{"restoreExpiryDate":"0001-01-01T00:00:00Z","isRestoreInProgress":false},"size":456}],"keyCount":1,"maxKeys":3,"isTruncated":true}` + + if rawStr != expected { + t.Fatalf("Expected response\n%s\ngot\n%s", expected, rawStr) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/s3.go b/tools/filesystem/internal/s3blob/s3/s3.go new file mode 100644 index 0000000..3a60b35 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/s3.go @@ -0,0 +1,370 @@ +// Package s3 implements a lightweight client for interacting with the +// REST APIs of any S3 compatible service. +// +// It implements only the minimal functionality required by PocketBase +// such as objects list, get, copy, delete and upload. +// +// For more details why we don't use the official aws-sdk-go-v2, you could check +// https://github.com/pocketbase/pocketbase/discussions/6562. +// +// Example: +// +// client := &s3.S3{ +// Endpoint: "example.com", +// Region: "us-east-1", +// Bucket: "test", +// AccessKey: "...", +// SecretKey: "...", +// UsePathStyle: true, +// } +// resp, err := client.GetObject(context.Background(), "abc.txt") +package s3 + +import ( + "crypto/hmac" + "crypto/sha256" + "encoding/hex" + "encoding/xml" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "slices" + "strings" + "time" +) + +const ( + awsS3ServiceCode = "s3" + awsSignAlgorithm = "AWS4-HMAC-SHA256" + awsTerminationString = "aws4_request" + metadataPrefix = "x-amz-meta-" + dateTimeFormat = "20060102T150405Z" +) + +type HTTPClient interface { + Do(req *http.Request) (*http.Response, error) +} + +type S3 struct { + // Client specifies a custom HTTP client to send the request with. + // + // If not explicitly set, fallbacks to http.DefaultClient. + Client HTTPClient + + Bucket string + Region string + Endpoint string // can be with or without the schema + AccessKey string + SecretKey string + UsePathStyle bool +} + +// URL constructs an S3 request URL based on the current configuration. +func (s3 *S3) URL(path string) string { + scheme := "https" + endpoint := strings.TrimRight(s3.Endpoint, "/") + if after, ok := strings.CutPrefix(endpoint, "https://"); ok { + endpoint = after + } else if after, ok := strings.CutPrefix(endpoint, "http://"); ok { + endpoint = after + scheme = "http" + } + + path = strings.TrimLeft(path, "/") + + if s3.UsePathStyle { + return fmt.Sprintf("%s://%s/%s/%s", scheme, endpoint, s3.Bucket, path) + } + + return fmt.Sprintf("%s://%s.%s/%s", scheme, s3.Bucket, endpoint, path) +} + +// SignAndSend signs the provided request per AWS Signature v4 and sends it. +// +// It automatically normalizes all 40x/50x responses to ResponseError. +// +// Note: Don't forget to call resp.Body.Close() after done with the result. +func (s3 *S3) SignAndSend(req *http.Request) (*http.Response, error) { + s3.sign(req) + + client := s3.Client + if client == nil { + client = http.DefaultClient + } + + resp, err := client.Do(req) + if err != nil { + return nil, err + } + + if resp.StatusCode >= 400 { + defer resp.Body.Close() + + respErr := &ResponseError{ + Status: resp.StatusCode, + } + + respErr.Raw, err = io.ReadAll(resp.Body) + if err != nil && !errors.Is(err, io.EOF) { + return nil, errors.Join(err, respErr) + } + + if len(respErr.Raw) > 0 { + err = xml.Unmarshal(respErr.Raw, respErr) + if err != nil { + return nil, errors.Join(err, respErr) + } + } + + return nil, respErr + } + + return resp, nil +} + +// https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-signed-request-steps +func (s3 *S3) sign(req *http.Request) { + // fallback to the Unsigned payload option + // (data integrity checks could be still applied via the content-md5 or x-amz-checksum-* headers) + if req.Header.Get("x-amz-content-sha256") == "" { + req.Header.Set("x-amz-content-sha256", "UNSIGNED-PAYLOAD") + } + + reqDateTime, _ := time.Parse(dateTimeFormat, req.Header.Get("x-amz-date")) + if reqDateTime.IsZero() { + reqDateTime = time.Now().UTC() + req.Header.Set("x-amz-date", reqDateTime.Format(dateTimeFormat)) + } + + req.Header.Set("host", req.URL.Host) + + date := reqDateTime.Format("20060102") + + dateTime := reqDateTime.Format(dateTimeFormat) + + // 1. Create canonical request + // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request + // --------------------------------------------------------------- + canonicalHeaders, signedHeaders := canonicalAndSignedHeaders(req) + + canonicalParts := []string{ + req.Method, + escapePath(req.URL.Path), + escapeQuery(req.URL.Query()), + canonicalHeaders, + signedHeaders, + req.Header.Get("x-amz-content-sha256"), + } + + // 2. Create a hash of the canonical request + // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request-hash + // --------------------------------------------------------------- + hashedCanonicalRequest := sha256Hex([]byte(strings.Join(canonicalParts, "\n"))) + + // 3. Create a string to sign + // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-string-to-sign + // --------------------------------------------------------------- + scope := strings.Join([]string{ + date, + s3.Region, + awsS3ServiceCode, + awsTerminationString, + }, "/") + + stringToSign := strings.Join([]string{ + awsSignAlgorithm, + dateTime, + scope, + hashedCanonicalRequest, + }, "\n") + + // 4. Derive a signing key for SigV4 + // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#derive-signing-key + // --------------------------------------------------------------- + dateKey := hmacSHA256([]byte("AWS4"+s3.SecretKey), date) + dateRegionKey := hmacSHA256(dateKey, s3.Region) + dateRegionServiceKey := hmacSHA256(dateRegionKey, awsS3ServiceCode) + signingKey := hmacSHA256(dateRegionServiceKey, awsTerminationString) + signature := hex.EncodeToString(hmacSHA256(signingKey, stringToSign)) + + // 5. Add the signature to the request + // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#add-signature-to-request + authorization := fmt.Sprintf( + "%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", + awsSignAlgorithm, + s3.AccessKey, + scope, + signedHeaders, + signature, + ) + + req.Header.Set("authorization", authorization) +} + +func sha256Hex(content []byte) string { + h := sha256.New() + h.Write(content) + return hex.EncodeToString(h.Sum(nil)) +} + +func hmacSHA256(key []byte, content string) []byte { + mac := hmac.New(sha256.New, key) + mac.Write([]byte(content)) + return mac.Sum(nil) +} + +func canonicalAndSignedHeaders(req *http.Request) (string, string) { + signed := []string{} + canonical := map[string]string{} + + for key, values := range req.Header { + normalizedKey := strings.ToLower(key) + + if normalizedKey != "host" && + normalizedKey != "content-type" && + !strings.HasPrefix(normalizedKey, "x-amz-") { + continue + } + + signed = append(signed, normalizedKey) + + // for each value: + // trim any leading or trailing spaces + // convert sequential spaces to a single space + normalizedValues := make([]string, len(values)) + for i, v := range values { + normalizedValues[i] = strings.ReplaceAll(strings.TrimSpace(v), " ", " ") + } + + canonical[normalizedKey] = strings.Join(normalizedValues, ",") + } + + slices.Sort(signed) + + var sortedCanonical strings.Builder + for _, key := range signed { + sortedCanonical.WriteString(key) + sortedCanonical.WriteString(":") + sortedCanonical.WriteString(canonical[key]) + sortedCanonical.WriteString("\n") + } + + return sortedCanonical.String(), strings.Join(signed, ";") +} + +// extractMetadata parses and extracts and the metadata from the specified request headers. +// +// The metadata keys are all lowercased and without the "x-amz-meta-" prefix. +func extractMetadata(headers http.Header) map[string]string { + result := map[string]string{} + + for k, v := range headers { + if len(v) == 0 { + continue + } + + metadataKey, ok := strings.CutPrefix(strings.ToLower(k), metadataPrefix) + if !ok { + continue + } + + result[metadataKey] = v[0] + } + + return result +} + +// escapeQuery returns the URI encoded request query parameters according to the AWS S3 spec requirements +// (it is similar to url.Values.Encode but instead of url.QueryEscape uses our own escape method). +func escapeQuery(values url.Values) string { + if len(values) == 0 { + return "" + } + + var buf strings.Builder + + keys := make([]string, 0, len(values)) + for k := range values { + keys = append(keys, k) + } + slices.Sort(keys) + + for _, k := range keys { + vs := values[k] + keyEscaped := escape(k) + for _, values := range vs { + if buf.Len() > 0 { + buf.WriteByte('&') + } + buf.WriteString(keyEscaped) + buf.WriteByte('=') + buf.WriteString(escape(values)) + } + } + + return buf.String() +} + +// escapePath returns the URI encoded request path according to the AWS S3 spec requirements. +func escapePath(path string) string { + parts := strings.Split(path, "/") + + for i, part := range parts { + parts[i] = escape(part) + } + + return strings.Join(parts, "/") +} + +const upperhex = "0123456789ABCDEF" + +// escape is similar to the std url.escape but implements the AWS [UriEncode requirements]: +// - URI encode every byte except the unreserved characters: 'A'-'Z', 'a'-'z', '0'-'9', '-', '.', '_', and '~'. +// - The space character is a reserved character and must be encoded as "%20" (and not as "+"). +// - Each URI encoded byte is formed by a '%' and the two-digit hexadecimal value of the byte. +// - Letters in the hexadecimal value must be uppercase, for example "%1A". +// +// [UriEncode requirements]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html +func escape(s string) string { + hexCount := 0 + for i := 0; i < len(s); i++ { + c := s[i] + if shouldEscape(c) { + hexCount++ + } + } + + if hexCount == 0 { + return s + } + + result := make([]byte, len(s)+2*hexCount) + + j := 0 + for i := 0; i < len(s); i++ { + c := s[i] + if shouldEscape(c) { + result[j] = '%' + result[j+1] = upperhex[c>>4] + result[j+2] = upperhex[c&15] + j += 3 + } else { + result[j] = c + j++ + } + } + + return string(result) +} + +// > "URI encode every byte except the unreserved characters: 'A'-'Z', 'a'-'z', '0'-'9', '-', '.', '_', and '~'." +func shouldEscape(c byte) bool { + isUnreserved := (c >= 'A' && c <= 'Z') || + (c >= 'a' && c <= 'z') || + (c >= '0' && c <= '9') || + c == '-' || c == '.' || c == '_' || c == '~' + + return !isUnreserved +} diff --git a/tools/filesystem/internal/s3blob/s3/s3_escape_test.go b/tools/filesystem/internal/s3blob/s3/s3_escape_test.go new file mode 100644 index 0000000..fedc330 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/s3_escape_test.go @@ -0,0 +1,35 @@ +package s3 + +import ( + "net/url" + "testing" +) + +func TestEscapePath(t *testing.T) { + t.Parallel() + + escaped := escapePath("/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~ !@#$%^&*()+={}[]?><\\|,`'\"/@sub1/@sub2/a/b/c/1/2/3") + + expected := "/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~%20%21%40%23%24%25%5E%26%2A%28%29%2B%3D%7B%7D%5B%5D%3F%3E%3C%5C%7C%2C%60%27%22/%40sub1/%40sub2/a/b/c/1/2/3" + + if escaped != expected { + t.Fatalf("Expected\n%s\ngot\n%s", expected, escaped) + } +} + +func TestEscapeQuery(t *testing.T) { + t.Parallel() + + escaped := escapeQuery(url.Values{ + "abc": []string{"123"}, + "/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~ !@#$%^&*()+={}[]?><\\|,`'\"": []string{ + "/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~ !@#$%^&*()+={}[]?><\\|,`'\"", + }, + }) + + expected := "%2FABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~%20%21%40%23%24%25%5E%26%2A%28%29%2B%3D%7B%7D%5B%5D%3F%3E%3C%5C%7C%2C%60%27%22=%2FABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~%20%21%40%23%24%25%5E%26%2A%28%29%2B%3D%7B%7D%5B%5D%3F%3E%3C%5C%7C%2C%60%27%22&abc=123" + + if escaped != expected { + t.Fatalf("Expected\n%s\ngot\n%s", expected, escaped) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/s3_test.go b/tools/filesystem/internal/s3blob/s3/s3_test.go new file mode 100644 index 0000000..c2d7659 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/s3_test.go @@ -0,0 +1,256 @@ +package s3_test + +import ( + "io" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestS3URL(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + s3Client *s3.S3 + expected string + }{ + { + "no schema", + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "example.com/", + AccessKey: "123", + SecretKey: "abc", + }, + "https://test_bucket.example.com/test_key/a/b/c?q=1", + }, + { + "with https schema", + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "https://example.com/", + AccessKey: "123", + SecretKey: "abc", + }, + "https://test_bucket.example.com/test_key/a/b/c?q=1", + }, + { + "with http schema", + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com/", + AccessKey: "123", + SecretKey: "abc", + }, + "http://test_bucket.example.com/test_key/a/b/c?q=1", + }, + { + "path style addressing (non-explicit schema)", + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "example.com/", + AccessKey: "123", + SecretKey: "abc", + UsePathStyle: true, + }, + "https://example.com/test_bucket/test_key/a/b/c?q=1", + }, + { + "path style addressing (explicit schema)", + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com/", + AccessKey: "123", + SecretKey: "abc", + UsePathStyle: true, + }, + "http://example.com/test_bucket/test_key/a/b/c?q=1", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.s3Client.URL("/test_key/a/b/c?q=1") + if result != s.expected { + t.Fatalf("Expected URL\n%s\ngot\n%s", s.expected, result) + } + }) + } +} + +func TestS3SignAndSend(t *testing.T) { + t.Parallel() + + testResponse := func() *http.Response { + return &http.Response{ + Body: io.NopCloser(strings.NewReader("test_response")), + } + } + + scenarios := []struct { + name string + path string + reqFunc func(req *http.Request) + s3Client *s3.S3 + }{ + { + "minimal", + "/test", + func(req *http.Request) { + req.Header.Set("x-amz-date", "20250102T150405Z") + }, + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "https://example.com/", + AccessKey: "123", + SecretKey: "abc", + Client: tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/test", + Response: testResponse(), + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Authorization": "AWS4-HMAC-SHA256 Credential=123/20250102/test_region/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=ea093662bc1deef08dfb4ac35453dfaad5ea89edf102e9dd3b7156c9a27e4c1f", + "Host": "test_bucket.example.com", + "X-Amz-Content-Sha256": "UNSIGNED-PAYLOAD", + "X-Amz-Date": "20250102T150405Z", + }) + }, + }), + }, + }, + { + "minimal with different access and secret keys", + "/test", + func(req *http.Request) { + req.Header.Set("x-amz-date", "20250102T150405Z") + }, + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "https://example.com/", + AccessKey: "456", + SecretKey: "def", + Client: tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/test", + Response: testResponse(), + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Authorization": "AWS4-HMAC-SHA256 Credential=456/20250102/test_region/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=17510fa1f724403dd0a563b61c9b31d1d718f877fcbd75455620d17a8afce5fb", + "Host": "test_bucket.example.com", + "X-Amz-Content-Sha256": "UNSIGNED-PAYLOAD", + "X-Amz-Date": "20250102T150405Z", + }) + }, + }), + }, + }, + { + "minimal with special characters", + "/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~!@#$^&*()=/@sub?a=1&@b=@2", + func(req *http.Request) { + req.Header.Set("x-amz-date", "20250102T150405Z") + }, + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "https://example.com/", + AccessKey: "456", + SecretKey: "def", + Client: tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.~!@#$%5E&*()=/@sub?a=1&@b=@2", + Response: testResponse(), + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Authorization": "AWS4-HMAC-SHA256 Credential=456/20250102/test_region/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e0001982deef1652704f74503203e77d83d4c88369421f9fca644d96f2a62a3c", + "Host": "test_bucket.example.com", + "X-Amz-Content-Sha256": "UNSIGNED-PAYLOAD", + "X-Amz-Date": "20250102T150405Z", + }) + }, + }), + }, + }, + { + "with extra headers", + "/test", + func(req *http.Request) { + req.Header.Set("x-amz-date", "20250102T150405Z") + req.Header.Set("x-amz-content-sha256", "test_sha256") + req.Header.Set("x-amz-example", "123") + req.Header.Set("x-amz-meta-a", "456") + req.Header.Set("content-type", "image/png") + req.Header.Set("x-test", "789") // shouldn't be included in the signing headers + }, + &s3.S3{ + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "https://example.com/", + AccessKey: "123", + SecretKey: "abc", + Client: tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/test", + Response: testResponse(), + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "authorization": "AWS4-HMAC-SHA256 Credential=123/20250102/test_region/s3/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-example;x-amz-meta-a, Signature=86dccbcd012c33073dc99e9d0a9e0b717a4d8c11c37848cfa9a4a02716bc0db3", + "host": "test_bucket.example.com", + "x-amz-date": "20250102T150405Z", + "x-amz-content-sha256": "test_sha256", + "x-amz-example": "123", + "x-amz-meta-a": "456", + "x-test": "789", + }) + }, + }), + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + req, err := http.NewRequest(http.MethodGet, s.s3Client.URL(s.path), strings.NewReader("test_request")) + if err != nil { + t.Fatal(err) + } + + if s.reqFunc != nil { + s.reqFunc(req) + } + + resp, err := s.s3Client.SignAndSend(req) + if err != nil { + t.Fatal(err) + } + defer resp.Body.Close() + + err = s.s3Client.Client.(*tests.Client).AssertNoRemaining() + if err != nil { + t.Fatal(err) + } + + expectedBody := "test_response" + + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatal(err) + } + if str := string(body); str != expectedBody { + t.Fatalf("Expected body %q, got %q", expectedBody, str) + } + }) + } +} diff --git a/tools/filesystem/internal/s3blob/s3/tests/client.go b/tools/filesystem/internal/s3blob/s3/tests/client.go new file mode 100644 index 0000000..b06fb22 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/tests/client.go @@ -0,0 +1,111 @@ +// Package tests contains various tests helpers and utilities to assist +// with the S3 client testing. +package tests + +import ( + "errors" + "fmt" + "io" + "net/http" + "regexp" + "slices" + "strings" + "sync" +) + +// NewClient creates a new test Client loaded with the specified RequestStubs. +func NewClient(stubs ...*RequestStub) *Client { + return &Client{stubs: stubs} +} + +type RequestStub struct { + Method string + URL string // plain string or regex pattern wrapped in "^pattern$" + Match func(req *http.Request) bool + Response *http.Response +} + +type Client struct { + stubs []*RequestStub + mu sync.Mutex +} + +// AssertNoRemaining asserts that current client has no unprocessed requests remaining. +func (c *Client) AssertNoRemaining() error { + c.mu.Lock() + defer c.mu.Unlock() + + if len(c.stubs) == 0 { + return nil + } + + msgParts := make([]string, 0, len(c.stubs)+1) + msgParts = append(msgParts, "not all stub requests were processed:") + for _, stub := range c.stubs { + msgParts = append(msgParts, "- "+stub.Method+" "+stub.URL) + } + + return errors.New(strings.Join(msgParts, "\n")) +} + +// Do implements the [s3.HTTPClient] interface. +func (c *Client) Do(req *http.Request) (*http.Response, error) { + c.mu.Lock() + defer c.mu.Unlock() + + for i, stub := range c.stubs { + if req.Method != stub.Method { + continue + } + + urlPattern := stub.URL + if !strings.HasPrefix(urlPattern, "^") && !strings.HasSuffix(urlPattern, "$") { + urlPattern = "^" + regexp.QuoteMeta(urlPattern) + "$" + } + + urlRegex, err := regexp.Compile(urlPattern) + if err != nil { + return nil, err + } + + if !urlRegex.MatchString(req.URL.String()) { + continue + } + + if stub.Match != nil && !stub.Match(req) { + continue + } + + // remove from the remaining stubs + c.stubs = slices.Delete(c.stubs, i, i+1) + + response := stub.Response + if response == nil { + response = &http.Response{} + } + if response.Header == nil { + response.Header = http.Header{} + } + if response.Body == nil { + response.Body = http.NoBody + } + + response.Request = req + + return response, nil + } + + var body []byte + if req.Body != nil { + defer req.Body.Close() + body, _ = io.ReadAll(req.Body) + } + + return nil, fmt.Errorf( + "the below request doesn't have a corresponding stub:\n%s %s\nHeaders: %v\nBody: %q", + req.Method, + req.URL.String(), + req.Header, + body, + ) +} diff --git a/tools/filesystem/internal/s3blob/s3/tests/headers.go b/tools/filesystem/internal/s3blob/s3/tests/headers.go new file mode 100644 index 0000000..21464c7 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/tests/headers.go @@ -0,0 +1,33 @@ +package tests + +import ( + "net/http" + "regexp" + "strings" +) + +// ExpectHeaders checks whether specified headers match the expectations. +// The expectations map entry key is the header name. +// The expectations map entry value is the first header value. If wrapped with `^...$` +// it is compared as regular expression. +func ExpectHeaders(headers http.Header, expectations map[string]string) bool { + for h, expected := range expectations { + v := headers.Get(h) + + pattern := expected + if !strings.HasPrefix(pattern, "^") && !strings.HasSuffix(pattern, "$") { + pattern = "^" + regexp.QuoteMeta(pattern) + "$" + } + + expectedRegex, err := regexp.Compile(pattern) + if err != nil { + return false + } + + if !expectedRegex.MatchString(v) { + return false + } + } + + return true +} diff --git a/tools/filesystem/internal/s3blob/s3/uploader.go b/tools/filesystem/internal/s3blob/s3/uploader.go new file mode 100644 index 0000000..afc5428 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/uploader.go @@ -0,0 +1,414 @@ +package s3 + +import ( + "bytes" + "context" + "encoding/xml" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "slices" + "strconv" + "strings" + "sync" + + "golang.org/x/sync/errgroup" +) + +var ErrUsedUploader = errors.New("the Uploader has been already used") + +const ( + defaultMaxConcurrency int = 5 + defaultMinPartSize int = 6 << 20 +) + +// Uploader handles the upload of a single S3 object. +// +// If the Payload size is less than the configured MinPartSize it sends +// a single (PutObject) request, otherwise performs chunked/multipart upload. +type Uploader struct { + // S3 is the S3 client instance performing the upload object request (required). + S3 *S3 + + // Payload is the object content to upload (required). + Payload io.Reader + + // Key is the destination key of the uploaded object (required). + Key string + + // Metadata specifies the optional metadata to write with the object upload. + Metadata map[string]string + + // MaxConcurrency specifies the max number of workers to use when + // performing chunked/multipart upload. + // + // If zero or negative, defaults to 5. + // + // This option is used only when the Payload size is > MinPartSize. + MaxConcurrency int + + // MinPartSize specifies the min Payload size required to perform + // chunked/multipart upload. + // + // If zero or negative, defaults to ~6MB. + MinPartSize int + + uploadId string + uploadedParts []*mpPart + lastPartNumber int + mu sync.Mutex // guards lastPartNumber and the uploadedParts slice + used bool +} + +// Upload processes the current Uploader instance. +// +// Users can specify an optional optReqFuncs that will be passed down to all Upload internal requests +// (single upload, multipart init, multipart parts upload, multipart complete, multipart abort). +// +// Note that after this call the Uploader should be discarded (aka. no longer can be used). +func (u *Uploader) Upload(ctx context.Context, optReqFuncs ...func(*http.Request)) error { + if u.used { + return ErrUsedUploader + } + + err := u.validateAndNormalize() + if err != nil { + return err + } + + initPart, _, err := u.nextPart() + if err != nil && !errors.Is(err, io.EOF) { + return err + } + + if len(initPart) < u.MinPartSize { + return u.singleUpload(ctx, initPart, optReqFuncs...) + } + + err = u.multipartInit(ctx, optReqFuncs...) + if err != nil { + return fmt.Errorf("multipart init error: %w", err) + } + + err = u.multipartUpload(ctx, initPart, optReqFuncs...) + if err != nil { + return errors.Join( + u.multipartAbort(ctx, optReqFuncs...), + fmt.Errorf("multipart upload error: %w", err), + ) + } + + err = u.multipartComplete(ctx, optReqFuncs...) + if err != nil { + return errors.Join( + u.multipartAbort(ctx, optReqFuncs...), + fmt.Errorf("multipart complete error: %w", err), + ) + } + + return nil +} + +// ------------------------------------------------------------------- + +func (u *Uploader) validateAndNormalize() error { + if u.S3 == nil { + return errors.New("Uploader.S3 must be a non-empty and properly initialized S3 client instance") + } + + if u.Key == "" { + return errors.New("Uploader.Key is required") + } + + if u.Payload == nil { + return errors.New("Uploader.Payload must be non-nill") + } + + if u.MaxConcurrency <= 0 { + u.MaxConcurrency = defaultMaxConcurrency + } + + if u.MinPartSize <= 0 { + u.MinPartSize = defaultMinPartSize + } + + return nil +} + +func (u *Uploader) singleUpload(ctx context.Context, part []byte, optReqFuncs ...func(*http.Request)) error { + if u.used { + return ErrUsedUploader + } + + req, err := http.NewRequestWithContext(ctx, http.MethodPut, u.S3.URL(u.Key), bytes.NewReader(part)) + if err != nil { + return err + } + + req.Header.Set("Content-Length", strconv.Itoa(len(part))) + + for k, v := range u.Metadata { + req.Header.Set(metadataPrefix+k, v) + } + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := u.S3.SignAndSend(req) + if err != nil { + return err + } + defer resp.Body.Close() + + return nil +} + +// ------------------------------------------------------------------- + +type mpPart struct { + XMLName xml.Name `xml:"Part"` + ETag string `xml:"ETag"` + PartNumber int `xml:"PartNumber"` +} + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html +func (u *Uploader) multipartInit(ctx context.Context, optReqFuncs ...func(*http.Request)) error { + if u.used { + return ErrUsedUploader + } + + req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.S3.URL(u.Key+"?uploads"), nil) + if err != nil { + return err + } + + for k, v := range u.Metadata { + req.Header.Set(metadataPrefix+k, v) + } + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := u.S3.SignAndSend(req) + if err != nil { + return err + } + defer resp.Body.Close() + + body := &struct { + XMLName xml.Name `xml:"InitiateMultipartUploadResult"` + UploadId string `xml:"UploadId"` + }{} + + err = xml.NewDecoder(resp.Body).Decode(body) + if err != nil { + return err + } + + u.uploadId = body.UploadId + + return nil +} + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html +func (u *Uploader) multipartAbort(ctx context.Context, optReqFuncs ...func(*http.Request)) error { + u.mu.Lock() + defer u.mu.Unlock() + + u.used = true + + // ensure that the specified abort context is always valid to allow cleanup + var abortCtx = ctx + if abortCtx.Err() != nil { + abortCtx = context.Background() + } + + query := url.Values{"uploadId": []string{u.uploadId}} + + req, err := http.NewRequestWithContext(abortCtx, http.MethodDelete, u.S3.URL(u.Key+"?"+query.Encode()), nil) + if err != nil { + return err + } + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := u.S3.SignAndSend(req) + if err != nil { + return err + } + defer resp.Body.Close() + + return nil +} + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_CompleteMultipartUpload.html +func (u *Uploader) multipartComplete(ctx context.Context, optReqFuncs ...func(*http.Request)) error { + u.mu.Lock() + defer u.mu.Unlock() + + u.used = true + + // the list of parts must be sorted in ascending order + slices.SortFunc(u.uploadedParts, func(a, b *mpPart) int { + if a.PartNumber < b.PartNumber { + return -1 + } + if a.PartNumber > b.PartNumber { + return 1 + } + return 0 + }) + + // build a request payload with the uploaded parts + xmlParts := &struct { + XMLName xml.Name `xml:"CompleteMultipartUpload"` + Parts []*mpPart + }{ + Parts: u.uploadedParts, + } + rawXMLParts, err := xml.Marshal(xmlParts) + if err != nil { + return err + } + reqPayload := strings.NewReader(xml.Header + string(rawXMLParts)) + + query := url.Values{"uploadId": []string{u.uploadId}} + req, err := http.NewRequestWithContext(ctx, http.MethodPost, u.S3.URL(u.Key+"?"+query.Encode()), reqPayload) + if err != nil { + return err + } + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := u.S3.SignAndSend(req) + if err != nil { + return err + } + defer resp.Body.Close() + + return nil +} + +func (u *Uploader) nextPart() ([]byte, int, error) { + u.mu.Lock() + defer u.mu.Unlock() + + part := make([]byte, u.MinPartSize) + n, err := io.ReadFull(u.Payload, part) + + // normalize io.EOF errors and ensure that io.EOF is returned only when there were no read bytes + if err != nil && (errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF)) { + if n == 0 { + err = io.EOF + } else { + err = nil + } + } + + u.lastPartNumber++ + + return part[0:n], u.lastPartNumber, err +} + +func (u *Uploader) multipartUpload(ctx context.Context, initPart []byte, optReqFuncs ...func(*http.Request)) error { + var g errgroup.Group + g.SetLimit(u.MaxConcurrency) + + totalParallel := u.MaxConcurrency + + if len(initPart) != 0 { + totalParallel-- + initPartNumber := u.lastPartNumber + g.Go(func() error { + mp, err := u.uploadPart(ctx, initPartNumber, initPart, optReqFuncs...) + if err != nil { + return err + } + + u.mu.Lock() + u.uploadedParts = append(u.uploadedParts, mp) + u.mu.Unlock() + + return nil + }) + } + + for i := 0; i < totalParallel; i++ { + g.Go(func() error { + for { + part, num, err := u.nextPart() + if err != nil { + if errors.Is(err, io.EOF) { + break + } + return err + } + + mp, err := u.uploadPart(ctx, num, part, optReqFuncs...) + if err != nil { + return err + } + + u.mu.Lock() + u.uploadedParts = append(u.uploadedParts, mp) + u.mu.Unlock() + } + + return nil + }) + } + + return g.Wait() +} + +// https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html +func (u *Uploader) uploadPart(ctx context.Context, partNumber int, partData []byte, optReqFuncs ...func(*http.Request)) (*mpPart, error) { + query := url.Values{} + query.Set("uploadId", u.uploadId) + query.Set("partNumber", strconv.Itoa(partNumber)) + + req, err := http.NewRequestWithContext(ctx, http.MethodPut, u.S3.URL(u.Key+"?"+query.Encode()), bytes.NewReader(partData)) + if err != nil { + return nil, err + } + + req.Header.Set("Content-Length", strconv.Itoa(len(partData))) + + // apply optional request funcs + for _, fn := range optReqFuncs { + if fn != nil { + fn(req) + } + } + + resp, err := u.S3.SignAndSend(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + return &mpPart{ + PartNumber: partNumber, + ETag: resp.Header.Get("ETag"), + }, nil +} diff --git a/tools/filesystem/internal/s3blob/s3/uploader_test.go b/tools/filesystem/internal/s3blob/s3/uploader_test.go new file mode 100644 index 0000000..9231485 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3/uploader_test.go @@ -0,0 +1,463 @@ +package s3_test + +import ( + "context" + "io" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestUploaderRequiredFields(t *testing.T) { + t.Parallel() + + s3Client := &s3.S3{ + Client: tests.NewClient(&tests.RequestStub{Method: "PUT", URL: `^.+$`}), // match every upload + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + } + + payload := strings.NewReader("test") + + scenarios := []struct { + name string + uploader *s3.Uploader + expectedError bool + }{ + { + "blank", + &s3.Uploader{}, + true, + }, + { + "no Key", + &s3.Uploader{S3: s3Client, Payload: payload}, + true, + }, + { + "no S3", + &s3.Uploader{Key: "abc", Payload: payload}, + true, + }, + { + "no Payload", + &s3.Uploader{S3: s3Client, Key: "abc"}, + true, + }, + { + "with S3, Key and Payload", + &s3.Uploader{S3: s3Client, Key: "abc", Payload: payload}, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := s.uploader.Upload(context.Background()) + + hasErr := err != nil + if hasErr != s.expectedError { + t.Fatalf("Expected hasErr %v, got %v", s.expectedError, hasErr) + } + }) + } +} + +func TestUploaderSingleUpload(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + + return string(body) == "abcdefg" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "7", + "x-amz-meta-a": "123", + "x-amz-meta-b": "456", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + }, + ) + + uploader := &s3.Uploader{ + S3: &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + }, + Key: "test_key", + Payload: strings.NewReader("abcdefg"), + Metadata: map[string]string{"a": "123", "b": "456"}, + MinPartSize: 8, + } + + err := uploader.Upload(context.Background(), func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestUploaderMultipartUploadSuccess(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodPost, + URL: "http://test_bucket.example.com/test_key?uploads", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "x-amz-meta-a": "123", + "x-amz-meta-b": "456", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Body: io.NopCloser(strings.NewReader(` + + + test_bucket + test_key + test_id + + `)), + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=1&uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + + return string(body) == "abc" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "3", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{"Etag": []string{"etag1"}}, + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=2&uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + + return string(body) == "def" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "3", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{"Etag": []string{"etag2"}}, + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=3&uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + return string(body) == "g" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "1", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{"Etag": []string{"etag3"}}, + }, + }, + &tests.RequestStub{ + Method: http.MethodPost, + URL: "http://test_bucket.example.com/test_key?uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + + expected := `etag11etag22etag33` + + return strings.Contains(string(body), expected) && tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + }, + ) + + uploader := &s3.Uploader{ + S3: &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + }, + Key: "test_key", + Payload: strings.NewReader("abcdefg"), + Metadata: map[string]string{"a": "123", "b": "456"}, + MinPartSize: 3, + } + + err := uploader.Upload(context.Background(), func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestUploaderMultipartUploadPartFailure(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodPost, + URL: "http://test_bucket.example.com/test_key?uploads", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "x-amz-meta-a": "123", + "x-amz-meta-b": "456", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Body: io.NopCloser(strings.NewReader(` + + + test_bucket + test_key + test_id + + `)), + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=1&uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + return string(body) == "abc" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "3", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{"Etag": []string{"etag1"}}, + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=2&uploadId=test_id", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + StatusCode: 400, + }, + }, + &tests.RequestStub{ + Method: http.MethodDelete, + URL: "http://test_bucket.example.com/test_key?uploadId=test_id", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + }, + ) + + uploader := &s3.Uploader{ + S3: &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + }, + Key: "test_key", + Payload: strings.NewReader("abcdefg"), + Metadata: map[string]string{"a": "123", "b": "456"}, + MinPartSize: 3, + } + + err := uploader.Upload(context.Background(), func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err == nil { + t.Fatal("Expected non-nil error") + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestUploaderMultipartUploadCompleteFailure(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodPost, + URL: "http://test_bucket.example.com/test_key?uploads", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "x-amz-meta-a": "123", + "x-amz-meta-b": "456", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Body: io.NopCloser(strings.NewReader(` + + + test_bucket + test_key + test_id + + `)), + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=1&uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + return string(body) == "abc" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "3", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{"Etag": []string{"etag1"}}, + }, + }, + &tests.RequestStub{ + Method: http.MethodPut, + URL: "http://test_bucket.example.com/test_key?partNumber=2&uploadId=test_id", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + return string(body) == "def" && tests.ExpectHeaders(req.Header, map[string]string{ + "Content-Length": "3", + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + Header: http.Header{"Etag": []string{"etag2"}}, + }, + }, + &tests.RequestStub{ + Method: http.MethodPost, + URL: "http://test_bucket.example.com/test_key?uploadId=test_id", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + Response: &http.Response{ + StatusCode: 400, + }, + }, + &tests.RequestStub{ + Method: http.MethodDelete, + URL: "http://test_bucket.example.com/test_key?uploadId=test_id", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "test_header": "test", + "Authorization": "^.+Credential=123/.+$", + }) + }, + }, + ) + + uploader := &s3.Uploader{ + S3: &s3.S3{ + Client: httpClient, + Region: "test_region", + Bucket: "test_bucket", + Endpoint: "http://example.com", + AccessKey: "123", + SecretKey: "abc", + }, + Key: "test_key", + Payload: strings.NewReader("abcdef"), + Metadata: map[string]string{"a": "123", "b": "456"}, + MinPartSize: 3, + } + + err := uploader.Upload(context.Background(), func(r *http.Request) { + r.Header.Set("test_header", "test") + }) + if err == nil { + t.Fatal("Expected non-nil error") + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} diff --git a/tools/filesystem/internal/s3blob/s3blob.go b/tools/filesystem/internal/s3blob/s3blob.go new file mode 100644 index 0000000..ceaebd1 --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3blob.go @@ -0,0 +1,485 @@ +// Package s3blob provides a blob.Bucket S3 driver implementation. +// +// NB! To minimize breaking changes with older PocketBase releases, +// the driver is based of the previously used gocloud.dev/blob/s3blob, +// hence many of the below doc comments, struct options and interface +// implementations are the same. +// +// The blob abstraction supports all UTF-8 strings; to make this work with services lacking +// full UTF-8 support, strings must be escaped (during writes) and unescaped +// (during reads). The following escapes are performed for s3blob: +// - Blob keys: ASCII characters 0-31 are escaped to "__0x__". +// Additionally, the "/" in "../" is escaped in the same way. +// - Metadata keys: Escaped using URL encoding, then additionally "@:=" are +// escaped using "__0x__". These characters were determined by +// experimentation. +// - Metadata values: Escaped using URL encoding. +// +// Example: +// +// drv, _ := s3blob.New(&s3.S3{ +// Bucket: "bucketName", +// Region: "region", +// Endpoint: "endpoint", +// AccessKey: "accessKey", +// SecretKey: "secretKey", +// }) +// bucket := blob.NewBucket(drv) +package s3blob + +import ( + "context" + "encoding/base64" + "encoding/hex" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "sort" + "strconv" + "strings" + + "github.com/pocketbase/pocketbase/tools/filesystem/blob" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" +) + +const defaultPageSize = 1000 + +// New creates a new instance of the S3 driver backed by the the internal S3 client. +func New(s3Client *s3.S3) (blob.Driver, error) { + if s3Client.Bucket == "" { + return nil, errors.New("s3blob.New: missing bucket name") + } + + if s3Client.Endpoint == "" { + return nil, errors.New("s3blob.New: missing endpoint") + } + + if s3Client.Region == "" { + return nil, errors.New("s3blob.New: missing region") + } + + return &driver{s3: s3Client}, nil +} + +type driver struct { + s3 *s3.S3 +} + +// Close implements [blob/Driver.Close]. +func (drv *driver) Close() error { + return nil // nothing to close +} + +// NormalizeError implements [blob/Driver.NormalizeError]. +func (drv *driver) NormalizeError(err error) error { + // already normalized + if errors.Is(err, blob.ErrNotFound) { + return err + } + + // normalize base on its S3 error status or code + var ae *s3.ResponseError + if errors.As(err, &ae) { + if ae.Status == 404 { + return errors.Join(err, blob.ErrNotFound) + } + + switch ae.Code { + case "NoSuchBucket", "NoSuchKey", "NotFound": + return errors.Join(err, blob.ErrNotFound) + } + } + + return err +} + +// ListPaged implements [blob/Driver.ListPaged]. +func (drv *driver) ListPaged(ctx context.Context, opts *blob.ListOptions) (*blob.ListPage, error) { + pageSize := opts.PageSize + if pageSize == 0 { + pageSize = defaultPageSize + } + + listParams := s3.ListParams{ + MaxKeys: pageSize, + } + if len(opts.PageToken) > 0 { + listParams.ContinuationToken = string(opts.PageToken) + } + if opts.Prefix != "" { + listParams.Prefix = escapeKey(opts.Prefix) + } + if opts.Delimiter != "" { + listParams.Delimiter = escapeKey(opts.Delimiter) + } + + resp, err := drv.s3.ListObjects(ctx, listParams) + if err != nil { + return nil, err + } + + page := blob.ListPage{} + if resp.NextContinuationToken != "" { + page.NextPageToken = []byte(resp.NextContinuationToken) + } + + if n := len(resp.Contents) + len(resp.CommonPrefixes); n > 0 { + page.Objects = make([]*blob.ListObject, n) + for i, obj := range resp.Contents { + page.Objects[i] = &blob.ListObject{ + Key: unescapeKey(obj.Key), + ModTime: obj.LastModified, + Size: obj.Size, + MD5: eTagToMD5(obj.ETag), + } + } + + for i, prefix := range resp.CommonPrefixes { + page.Objects[i+len(resp.Contents)] = &blob.ListObject{ + Key: unescapeKey(prefix.Prefix), + IsDir: true, + } + } + + if len(resp.Contents) > 0 && len(resp.CommonPrefixes) > 0 { + // S3 gives us blobs and "directories" in separate lists; sort them. + sort.Slice(page.Objects, func(i, j int) bool { + return page.Objects[i].Key < page.Objects[j].Key + }) + } + } + + return &page, nil +} + +// Attributes implements [blob/Driver.Attributes]. +func (drv *driver) Attributes(ctx context.Context, key string) (*blob.Attributes, error) { + key = escapeKey(key) + + resp, err := drv.s3.HeadObject(ctx, key) + if err != nil { + return nil, err + } + + md := make(map[string]string, len(resp.Metadata)) + for k, v := range resp.Metadata { + // See the package comments for more details on escaping of metadata keys & values. + md[blob.HexUnescape(urlUnescape(k))] = urlUnescape(v) + } + + return &blob.Attributes{ + CacheControl: resp.CacheControl, + ContentDisposition: resp.ContentDisposition, + ContentEncoding: resp.ContentEncoding, + ContentLanguage: resp.ContentLanguage, + ContentType: resp.ContentType, + Metadata: md, + // CreateTime not supported; left as the zero time. + ModTime: resp.LastModified, + Size: resp.ContentLength, + MD5: eTagToMD5(resp.ETag), + ETag: resp.ETag, + }, nil +} + +// NewRangeReader implements [blob/Driver.NewRangeReader]. +func (drv *driver) NewRangeReader(ctx context.Context, key string, offset, length int64) (blob.DriverReader, error) { + key = escapeKey(key) + + var byteRange string + if offset > 0 && length < 0 { + byteRange = fmt.Sprintf("bytes=%d-", offset) + } else if length == 0 { + // AWS doesn't support a zero-length read; we'll read 1 byte and then + // ignore it in favor of http.NoBody below. + byteRange = fmt.Sprintf("bytes=%d-%d", offset, offset) + } else if length >= 0 { + byteRange = fmt.Sprintf("bytes=%d-%d", offset, offset+length-1) + } + + reqOpt := func(req *http.Request) { + req.Header.Set("Range", byteRange) + } + + resp, err := drv.s3.GetObject(ctx, key, reqOpt) + if err != nil { + return nil, err + } + + body := resp.Body + if length == 0 { + body = http.NoBody + } + + return &reader{ + body: body, + attrs: &blob.ReaderAttributes{ + ContentType: resp.ContentType, + ModTime: resp.LastModified, + Size: getSize(resp.ContentLength, resp.ContentRange), + }, + }, nil +} + +// NewTypedWriter implements [blob/Driver.NewTypedWriter]. +func (drv *driver) NewTypedWriter(ctx context.Context, key string, contentType string, opts *blob.WriterOptions) (blob.DriverWriter, error) { + key = escapeKey(key) + + u := &s3.Uploader{ + S3: drv.s3, + Key: key, + } + + if opts.BufferSize != 0 { + u.MinPartSize = opts.BufferSize + } + + if opts.MaxConcurrency != 0 { + u.MaxConcurrency = opts.MaxConcurrency + } + + md := make(map[string]string, len(opts.Metadata)) + for k, v := range opts.Metadata { + // See the package comments for more details on escaping of metadata keys & values. + k = blob.HexEscape(url.PathEscape(k), func(runes []rune, i int) bool { + c := runes[i] + return c == '@' || c == ':' || c == '=' + }) + md[k] = url.PathEscape(v) + } + u.Metadata = md + + var reqOptions []func(*http.Request) + reqOptions = append(reqOptions, func(r *http.Request) { + r.Header.Set("Content-Type", contentType) + + if opts.CacheControl != "" { + r.Header.Set("Cache-Control", opts.CacheControl) + } + if opts.ContentDisposition != "" { + r.Header.Set("Content-Disposition", opts.ContentDisposition) + } + if opts.ContentEncoding != "" { + r.Header.Set("Content-Encoding", opts.ContentEncoding) + } + if opts.ContentLanguage != "" { + r.Header.Set("Content-Language", opts.ContentLanguage) + } + if len(opts.ContentMD5) > 0 { + r.Header.Set("Content-MD5", base64.StdEncoding.EncodeToString(opts.ContentMD5)) + } + }) + + return &writer{ + ctx: ctx, + uploader: u, + donec: make(chan struct{}), + reqOptions: reqOptions, + }, nil +} + +// Copy implements [blob/Driver.Copy]. +func (drv *driver) Copy(ctx context.Context, dstKey, srcKey string) error { + dstKey = escapeKey(dstKey) + srcKey = escapeKey(srcKey) + _, err := drv.s3.CopyObject(ctx, srcKey, dstKey) + return err +} + +// Delete implements [blob/Driver.Delete]. +func (drv *driver) Delete(ctx context.Context, key string) error { + key = escapeKey(key) + return drv.s3.DeleteObject(ctx, key) +} + +// ------------------------------------------------------------------- + +// reader reads an S3 object. It implements io.ReadCloser. +type reader struct { + attrs *blob.ReaderAttributes + body io.ReadCloser +} + +// Read implements [io/ReadCloser.Read]. +func (r *reader) Read(p []byte) (int, error) { + return r.body.Read(p) +} + +// Close closes the reader itself. It must be called when done reading. +func (r *reader) Close() error { + return r.body.Close() +} + +// Attributes implements [blob/DriverReader.Attributes]. +func (r *reader) Attributes() *blob.ReaderAttributes { + return r.attrs +} + +// ------------------------------------------------------------------- + +// writer writes an S3 object, it implements io.WriteCloser. +type writer struct { + ctx context.Context + err error // written before donec closes + uploader *s3.Uploader + + // Ends of an io.Pipe, created when the first byte is written. + pw *io.PipeWriter + pr *io.PipeReader + + donec chan struct{} // closed when done writing + + reqOptions []func(*http.Request) +} + +// Write appends p to w.pw. User must call Close to close the w after done writing. +func (w *writer) Write(p []byte) (int, error) { + // Avoid opening the pipe for a zero-length write; + // the concrete can do these for empty blobs. + if len(p) == 0 { + return 0, nil + } + + if w.pw == nil { + // We'll write into pw and use pr as an io.Reader for the + // Upload call to S3. + w.pr, w.pw = io.Pipe() + w.open(w.pr, true) + } + + return w.pw.Write(p) +} + +// r may be nil if we're Closing and no data was written. +// If closePipeOnError is true, w.pr will be closed if there's an +// error uploading to S3. +func (w *writer) open(r io.Reader, closePipeOnError bool) { + // This goroutine will keep running until Close, unless there's an error. + go func() { + defer func() { + close(w.donec) + }() + + if r == nil { + // AWS doesn't like a nil Body. + r = http.NoBody + } + + w.uploader.Payload = r + + err := w.uploader.Upload(w.ctx, w.reqOptions...) + if err != nil { + if closePipeOnError { + w.pr.CloseWithError(err) + } + w.err = err + } + }() +} + +// Close completes the writer and closes it. Any error occurring during write +// will be returned. If a writer is closed before any Write is called, Close +// will create an empty file at the given key. +func (w *writer) Close() error { + if w.pr != nil { + defer w.pr.Close() + } + + if w.pw == nil { + // We never got any bytes written. We'll write an http.NoBody. + w.open(nil, false) + } else if err := w.pw.Close(); err != nil { + return err + } + + <-w.donec + + return w.err +} + +// ------------------------------------------------------------------- + +// etagToMD5 processes an ETag header and returns an MD5 hash if possible. +// S3's ETag header is sometimes a quoted hexstring of the MD5. Other times, +// notably when the object was uploaded in multiple parts, it is not. +// We do the best we can. +// Some links about ETag: +// https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html +// https://github.com/aws/aws-sdk-net/issues/815 +// https://teppen.io/2018/06/23/aws_s3_etags/ +func eTagToMD5(etag string) []byte { + // No header at all. + if etag == "" { + return nil + } + + // Strip the expected leading and trailing quotes. + if len(etag) < 2 || etag[0] != '"' || etag[len(etag)-1] != '"' { + return nil + } + unquoted := etag[1 : len(etag)-1] + + // Un-hex; we return nil on error. In particular, we'll get an error here + // for multi-part uploaded blobs, whose ETag will contain a "-" and so will + // never be a legal hex encoding. + md5, err := hex.DecodeString(unquoted) + if err != nil { + return nil + } + + return md5 +} + +func getSize(contentLength int64, contentRange string) int64 { + // Default size to ContentLength, but that's incorrect for partial-length reads, + // where ContentLength refers to the size of the returned Body, not the entire + // size of the blob. ContentRange has the full size. + size := contentLength + if contentRange != "" { + // Sample: bytes 10-14/27 (where 27 is the full size). + parts := strings.Split(contentRange, "/") + if len(parts) == 2 { + if i, err := strconv.ParseInt(parts[1], 10, 64); err == nil { + size = i + } + } + } + + return size +} + +// escapeKey does all required escaping for UTF-8 strings to work with S3. +func escapeKey(key string) string { + return blob.HexEscape(key, func(r []rune, i int) bool { + c := r[i] + + // S3 doesn't handle these characters (determined via experimentation). + if c < 32 { + return true + } + + // For "../", escape the trailing slash. + if i > 1 && c == '/' && r[i-1] == '.' && r[i-2] == '.' { + return true + } + + return false + }) +} + +// unescapeKey reverses escapeKey. +func unescapeKey(key string) string { + return blob.HexUnescape(key) +} + +// urlUnescape reverses URLEscape using url.PathUnescape. If the unescape +// returns an error, it returns s. +func urlUnescape(s string) string { + if u, err := url.PathUnescape(s); err == nil { + return u + } + + return s +} diff --git a/tools/filesystem/internal/s3blob/s3blob_test.go b/tools/filesystem/internal/s3blob/s3blob_test.go new file mode 100644 index 0000000..20d0f3b --- /dev/null +++ b/tools/filesystem/internal/s3blob/s3blob_test.go @@ -0,0 +1,605 @@ +package s3blob_test + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/filesystem/blob" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3" + "github.com/pocketbase/pocketbase/tools/filesystem/internal/s3blob/s3/tests" +) + +func TestNew(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + s3Client *s3.S3 + expectError bool + }{ + { + "blank", + &s3.S3{}, + true, + }, + { + "no bucket", + &s3.S3{Region: "b", Endpoint: "c"}, + true, + }, + { + "no endpoint", + &s3.S3{Bucket: "a", Region: "b"}, + true, + }, + { + "no region", + &s3.S3{Bucket: "a", Endpoint: "c"}, + true, + }, + { + "with bucket, endpoint and region", + &s3.S3{Bucket: "a", Region: "b", Endpoint: "c"}, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + drv, err := s3blob.New(s.s3Client) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if err == nil && drv == nil { + t.Fatal("Expected non-nil driver instance") + } + }) + } +} + +func TestDriverClose(t *testing.T) { + t.Parallel() + + drv, err := s3blob.New(&s3.S3{Bucket: "a", Region: "b", Endpoint: "c"}) + if err != nil { + t.Fatal(err) + } + + err = drv.Close() + if err != nil { + t.Fatalf("Expected nil, got error %v", err) + } +} + +func TestDriverNormilizeError(t *testing.T) { + t.Parallel() + + drv, err := s3blob.New(&s3.S3{Bucket: "a", Region: "b", Endpoint: "c"}) + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + err error + expectErrNotFound bool + }{ + { + "plain error", + errors.New("test"), + false, + }, + { + "response error with only status (non-404)", + &s3.ResponseError{Status: 123}, + false, + }, + { + "response error with only status (404)", + &s3.ResponseError{Status: 404}, + true, + }, + { + "response error with custom code", + &s3.ResponseError{Code: "test"}, + false, + }, + { + "response error with NoSuchBucket code", + &s3.ResponseError{Code: "NoSuchBucket"}, + true, + }, + { + "response error with NoSuchKey code", + &s3.ResponseError{Code: "NoSuchKey"}, + true, + }, + { + "response error with NotFound code", + &s3.ResponseError{Code: "NotFound"}, + true, + }, + { + "wrapped response error with NotFound code", // ensures that the entire error's tree is checked + fmt.Errorf("test: %w", &s3.ResponseError{Code: "NotFound"}), + true, + }, + { + "already normalized error", + fmt.Errorf("test: %w", blob.ErrNotFound), + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := drv.NormalizeError(s.err) + if err == nil { + t.Fatal("Expected non-nil error") + } + + isErrNotFound := errors.Is(err, blob.ErrNotFound) + if isErrNotFound != s.expectErrNotFound { + t.Fatalf("Expected isErrNotFound %v, got %v (%v)", s.expectErrNotFound, isErrNotFound, err) + } + }) + } +} + +func TestDriverDeleteEscaping(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient(&tests.RequestStub{ + Method: http.MethodDelete, + URL: "https://test_bucket.example.com/..__0x2f__abc/test/", + }) + + drv, err := s3blob.New(&s3.S3{ + Bucket: "test_bucket", + Region: "test_region", + Endpoint: "https://example.com", + Client: httpClient, + }) + if err != nil { + t.Fatal(err) + } + + err = drv.Delete(context.Background(), "../abc/test/") + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestDriverCopyEscaping(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient(&tests.RequestStub{ + Method: http.MethodPut, + URL: "https://test_bucket.example.com/..__0x2f__a/", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "x-amz-copy-source": "test_bucket%2F..__0x2f__b%2F", + }) + }, + Response: &http.Response{ + Body: io.NopCloser(strings.NewReader(``)), + }, + }) + + drv, err := s3blob.New(&s3.S3{ + Bucket: "test_bucket", + Region: "test_region", + Endpoint: "https://example.com", + Client: httpClient, + }) + if err != nil { + t.Fatal(err) + } + + err = drv.Copy(context.Background(), "../a/", "../b/") + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestDriverAttributes(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient(&tests.RequestStub{ + Method: http.MethodHead, + URL: "https://test_bucket.example.com/..__0x2f__a/", + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Cache-Control": []string{"test_cache"}, + "Content-Disposition": []string{"test_disposition"}, + "Content-Encoding": []string{"test_encoding"}, + "Content-Language": []string{"test_language"}, + "Content-Type": []string{"test_type"}, + "Content-Range": []string{"test_range"}, + "Etag": []string{`"ce5be8b6f53645c596306c4572ece521"`}, + "Content-Length": []string{"100"}, + "x-amz-meta-AbC%40": []string{"%40test_meta_a"}, + "x-amz-meta-Def": []string{"test_meta_b"}, + }, + Body: http.NoBody, + }, + }) + + drv, err := s3blob.New(&s3.S3{ + Bucket: "test_bucket", + Region: "test_region", + Endpoint: "https://example.com", + Client: httpClient, + }) + if err != nil { + t.Fatal(err) + } + + attrs, err := drv.Attributes(context.Background(), "../a/") + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(attrs) + if err != nil { + t.Fatal(err) + } + + expected := `{"cacheControl":"test_cache","contentDisposition":"test_disposition","contentEncoding":"test_encoding","contentLanguage":"test_language","contentType":"test_type","metadata":{"abc@":"@test_meta_a","def":"test_meta_b"},"createTime":"0001-01-01T00:00:00Z","modTime":"2025-02-01T03:04:05Z","size":100,"md5":"zlvotvU2RcWWMGxFcuzlIQ==","etag":"\"ce5be8b6f53645c596306c4572ece521\""}` + if str := string(raw); str != expected { + t.Fatalf("Expected attributes\n%s\ngot\n%s", expected, str) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestDriverListPaged(t *testing.T) { + t.Parallel() + + listResponse := func() *http.Response { + return &http.Response{ + Body: io.NopCloser(strings.NewReader(` + + + example + ct + test_next + example0.txt + 1 + 3 + + ..__0x2f__prefixB/test/example.txt + 2025-01-01T01:02:03.123Z + "ce5be8b6f53645c596306c4572ece521" + 123 + + + prefixA/..__0x2f__escape.txt + 2025-01-02T01:02:03.123Z + 456 + + + prefixA + + + ..__0x2f__prefixB + + + `)), + } + } + + expectedPage := `{"objects":[{"key":"../prefixB","modTime":"0001-01-01T00:00:00Z","size":0,"md5":null,"isDir":true},{"key":"../prefixB/test/example.txt","modTime":"2025-01-01T01:02:03.123Z","size":123,"md5":"zlvotvU2RcWWMGxFcuzlIQ==","isDir":false},{"key":"prefixA","modTime":"0001-01-01T00:00:00Z","size":0,"md5":null,"isDir":true},{"key":"prefixA/../escape.txt","modTime":"2025-01-02T01:02:03.123Z","size":456,"md5":null,"isDir":false}],"nextPageToken":"dGVzdF9uZXh0"}` + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/?list-type=2&max-keys=1000", + Response: listResponse(), + }, + &tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/?continuation-token=test_token&delimiter=test_delimiter&list-type=2&max-keys=123&prefix=test_prefix", + Response: listResponse(), + }, + ) + + drv, err := s3blob.New(&s3.S3{ + Bucket: "test_bucket", + Region: "test_region", + Endpoint: "https://example.com", + Client: httpClient, + }) + if err != nil { + t.Fatal(err) + } + + scenarios := []struct { + name string + opts *blob.ListOptions + expected string + }{ + { + "empty options", + &blob.ListOptions{}, + expectedPage, + }, + { + "filled options", + &blob.ListOptions{Prefix: "test_prefix", Delimiter: "test_delimiter", PageSize: 123, PageToken: []byte("test_token")}, + expectedPage, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + page, err := drv.ListPaged(context.Background(), s.opts) + if err != nil { + t.Fatal(err) + } + + raw, err := json.Marshal(page) + if err != nil { + t.Fatal(err) + } + + if str := string(raw); s.expected != str { + t.Fatalf("Expected page result\n%s\ngot\n%s", s.expected, str) + } + }) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} + +func TestDriverNewRangeReader(t *testing.T) { + t.Parallel() + + scenarios := []struct { + offset int64 + length int64 + httpClient *tests.Client + expectedAttrs string + }{ + { + 0, + 0, + tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/..__0x2f__abc/test.txt", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Range": "bytes=0-0", + }) + }, + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Content-Type": []string{"test_ct"}, + "Content-Length": []string{"123"}, + }, + Body: io.NopCloser(strings.NewReader("test")), + }, + }), + `{"contentType":"test_ct","modTime":"2025-02-01T03:04:05Z","size":123}`, + }, + { + 10, + -1, + tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/..__0x2f__abc/test.txt", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Range": "bytes=10-", + }) + }, + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Content-Type": []string{"test_ct"}, + "Content-Range": []string{"bytes 1-1/456"}, // should take precedence over content-length + "Content-Length": []string{"123"}, + }, + Body: io.NopCloser(strings.NewReader("test")), + }, + }), + `{"contentType":"test_ct","modTime":"2025-02-01T03:04:05Z","size":456}`, + }, + { + 10, + 0, + tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/..__0x2f__abc/test.txt", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Range": "bytes=10-10", + }) + }, + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Content-Type": []string{"test_ct"}, + // no range and length headers + // "Content-Range": []string{"bytes 1-1/456"}, + // "Content-Length": []string{"123"}, + }, + Body: io.NopCloser(strings.NewReader("test")), + }, + }), + `{"contentType":"test_ct","modTime":"2025-02-01T03:04:05Z","size":0}`, + }, + { + 10, + 20, + tests.NewClient(&tests.RequestStub{ + Method: http.MethodGet, + URL: "https://test_bucket.example.com/..__0x2f__abc/test.txt", + Match: func(req *http.Request) bool { + return tests.ExpectHeaders(req.Header, map[string]string{ + "Range": "bytes=10-29", + }) + }, + Response: &http.Response{ + Header: http.Header{ + "Last-Modified": []string{"Mon, 01 Feb 2025 03:04:05 GMT"}, + "Content-Type": []string{"test_ct"}, + // with range header but invalid format -> content-length takes precedence + "Content-Range": []string{"bytes invalid-456"}, + "Content-Length": []string{"123"}, + }, + Body: io.NopCloser(strings.NewReader("test")), + }, + }), + `{"contentType":"test_ct","modTime":"2025-02-01T03:04:05Z","size":123}`, + }, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("offset_%d_length_%d", s.offset, s.length), func(t *testing.T) { + drv, err := s3blob.New(&s3.S3{ + Bucket: "test_bucket", + Region: "tesst_region", + Endpoint: "https://example.com", + Client: s.httpClient, + }) + if err != nil { + t.Fatal(err) + } + + r, err := drv.NewRangeReader(context.Background(), "../abc/test.txt", s.offset, s.length) + if err != nil { + t.Fatal(err) + } + defer r.Close() + + // the response body should be always replaced with http.NoBody + if s.length == 0 { + body := make([]byte, 1) + n, err := r.Read(body) + if n != 0 || !errors.Is(err, io.EOF) { + t.Fatalf("Expected body to be http.NoBody, got %v (%v)", body, err) + } + } + + rawAttrs, err := json.Marshal(r.Attributes()) + if err != nil { + t.Fatal(err) + } + + if str := string(rawAttrs); str != s.expectedAttrs { + t.Fatalf("Expected attributes\n%s\ngot\n%s", s.expectedAttrs, str) + } + + err = s.httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } + }) + } +} + +func TestDriverNewTypedWriter(t *testing.T) { + t.Parallel() + + httpClient := tests.NewClient( + &tests.RequestStub{ + Method: http.MethodPut, + URL: "https://test_bucket.example.com/..__0x2f__abc/test/", + Match: func(req *http.Request) bool { + body, err := io.ReadAll(req.Body) + if err != nil { + return false + } + + return string(body) == "test" && tests.ExpectHeaders(req.Header, map[string]string{ + "cache-control": "test_cache_control", + "content-disposition": "test_content_disposition", + "content-encoding": "test_content_encoding", + "content-language": "test_content_language", + "content-type": "test_ct", + "content-md5": "dGVzdA==", + }) + }, + }, + ) + + drv, err := s3blob.New(&s3.S3{ + Bucket: "test_bucket", + Region: "test_region", + Endpoint: "https://example.com", + Client: httpClient, + }) + if err != nil { + t.Fatal(err) + } + + options := &blob.WriterOptions{ + CacheControl: "test_cache_control", + ContentDisposition: "test_content_disposition", + ContentEncoding: "test_content_encoding", + ContentLanguage: "test_content_language", + ContentType: "test_content_type", // should be ignored + ContentMD5: []byte("test"), + Metadata: map[string]string{"@test_meta_a": "@test"}, + } + + w, err := drv.NewTypedWriter(context.Background(), "../abc/test/", "test_ct", options) + if err != nil { + t.Fatal(err) + } + + n, err := w.Write(nil) + if err != nil { + t.Fatal(err) + } + if n != 0 { + t.Fatalf("Expected nil write to result in %d written bytes, got %d", 0, n) + } + + n, err = w.Write([]byte("test")) + if err != nil { + t.Fatal(err) + } + if n != 4 { + t.Fatalf("Expected nil write to result in %d written bytes, got %d", 4, n) + } + + err = w.Close() + if err != nil { + t.Fatal(err) + } + + err = httpClient.AssertNoRemaining() + if err != nil { + t.Fatal(err) + } +} diff --git a/tools/hook/event.go b/tools/hook/event.go new file mode 100644 index 0000000..12bceec --- /dev/null +++ b/tools/hook/event.go @@ -0,0 +1,45 @@ +package hook + +// Resolver defines a common interface for a Hook event (see [Event]). +type Resolver interface { + // Next triggers the next handler in the hook's chain (if any). + Next() error + + // note: kept only for the generic interface; may get removed in the future + nextFunc() func() error + setNextFunc(f func() error) +} + +var _ Resolver = (*Event)(nil) + +// Event implements [Resolver] and it is intended to be used as a base +// Hook event that you can embed in your custom typed event structs. +// +// Example: +// +// type CustomEvent struct { +// hook.Event +// +// SomeField int +// } +type Event struct { + next func() error +} + +// Next calls the next hook handler. +func (e *Event) Next() error { + if e.next != nil { + return e.next() + } + return nil +} + +// nextFunc returns the function that Next calls. +func (e *Event) nextFunc() func() error { + return e.next +} + +// setNextFunc sets the function that Next calls. +func (e *Event) setNextFunc(f func() error) { + e.next = f +} diff --git a/tools/hook/event_test.go b/tools/hook/event_test.go new file mode 100644 index 0000000..89b15ef --- /dev/null +++ b/tools/hook/event_test.go @@ -0,0 +1,29 @@ +package hook + +import "testing" + +func TestEventNext(t *testing.T) { + calls := 0 + + e := Event{} + + if e.nextFunc() != nil { + t.Fatalf("Expected nextFunc to be nil") + } + + e.setNextFunc(func() error { + calls++ + return nil + }) + + if e.nextFunc() == nil { + t.Fatalf("Expected nextFunc to be non-nil") + } + + e.Next() + e.Next() + + if calls != 2 { + t.Fatalf("Expected %d calls, got %d", 2, calls) + } +} diff --git a/tools/hook/hook.go b/tools/hook/hook.go new file mode 100644 index 0000000..722ed9f --- /dev/null +++ b/tools/hook/hook.go @@ -0,0 +1,178 @@ +package hook + +import ( + "sort" + "sync" + + "github.com/pocketbase/pocketbase/tools/security" +) + +// Handler defines a single Hook handler. +// Multiple handlers can share the same id. +// If Id is not explicitly set it will be autogenerated by Hook.Add and Hook.AddHandler. +type Handler[T Resolver] struct { + // Func defines the handler function to execute. + // + // Note that users need to call e.Next() in order to proceed with + // the execution of the hook chain. + Func func(T) error + + // Id is the unique identifier of the handler. + // + // It could be used later to remove the handler from a hook via [Hook.Remove]. + // + // If missing, an autogenerated value will be assigned when adding + // the handler to a hook. + Id string + + // Priority allows changing the default exec priority of the handler within a hook. + // + // If 0, the handler will be executed in the same order it was registered. + Priority int +} + +// Hook defines a generic concurrent safe structure for managing event hooks. +// +// When using custom event it must embed the base [hook.Event]. +// +// Example: +// +// type CustomEvent struct { +// hook.Event +// SomeField int +// } +// +// h := Hook[*CustomEvent]{} +// +// h.BindFunc(func(e *CustomEvent) error { +// println(e.SomeField) +// +// return e.Next() +// }) +// +// h.Trigger(&CustomEvent{ SomeField: 123 }) +type Hook[T Resolver] struct { + handlers []*Handler[T] + mu sync.RWMutex +} + +// Bind registers the provided handler to the current hooks queue. +// +// If handler.Id is empty it is updated with autogenerated value. +// +// If a handler from the current hook list has Id matching handler.Id +// then the old handler is replaced with the new one. +func (h *Hook[T]) Bind(handler *Handler[T]) string { + h.mu.Lock() + defer h.mu.Unlock() + + var exists bool + + if handler.Id == "" { + handler.Id = generateHookId() + + // ensure that it doesn't exist + DUPLICATE_CHECK: + for _, existing := range h.handlers { + if existing.Id == handler.Id { + handler.Id = generateHookId() + goto DUPLICATE_CHECK + } + } + } else { + // replace existing + for i, existing := range h.handlers { + if existing.Id == handler.Id { + h.handlers[i] = handler + exists = true + break + } + } + } + + // append new + if !exists { + h.handlers = append(h.handlers, handler) + } + + // sort handlers by Priority, preserving the original order of equal items + sort.SliceStable(h.handlers, func(i, j int) bool { + return h.handlers[i].Priority < h.handlers[j].Priority + }) + + return handler.Id +} + +// BindFunc is similar to Bind but registers a new handler from just the provided function. +// +// The registered handler is added with a default 0 priority and the id will be autogenerated. +// +// If you want to register a handler with custom priority or id use the [Hook.Bind] method. +func (h *Hook[T]) BindFunc(fn func(e T) error) string { + return h.Bind(&Handler[T]{Func: fn}) +} + +// Unbind removes one or many hook handler by their id. +func (h *Hook[T]) Unbind(idsToRemove ...string) { + h.mu.Lock() + defer h.mu.Unlock() + + for _, id := range idsToRemove { + for i := len(h.handlers) - 1; i >= 0; i-- { + if h.handlers[i].Id == id { + h.handlers = append(h.handlers[:i], h.handlers[i+1:]...) + break // for now stop on the first occurrence since we don't allow handlers with duplicated ids + } + } + } +} + +// UnbindAll removes all registered handlers. +func (h *Hook[T]) UnbindAll() { + h.mu.Lock() + defer h.mu.Unlock() + + h.handlers = nil +} + +// Length returns to total number of registered hook handlers. +func (h *Hook[T]) Length() int { + h.mu.RLock() + defer h.mu.RUnlock() + + return len(h.handlers) +} + +// Trigger executes all registered hook handlers one by one +// with the specified event as an argument. +// +// Optionally, this method allows also to register additional one off +// handler funcs that will be temporary appended to the handlers queue. +// +// NB! Each hook handler must call event.Next() in order the hook chain to proceed. +func (h *Hook[T]) Trigger(event T, oneOffHandlerFuncs ...func(T) error) error { + h.mu.RLock() + handlers := make([]func(T) error, 0, len(h.handlers)+len(oneOffHandlerFuncs)) + for _, handler := range h.handlers { + handlers = append(handlers, handler.Func) + } + handlers = append(handlers, oneOffHandlerFuncs...) + h.mu.RUnlock() + + event.setNextFunc(nil) // reset in case the event is being reused + + for i := len(handlers) - 1; i >= 0; i-- { + i := i + old := event.nextFunc() + event.setNextFunc(func() error { + event.setNextFunc(old) + return handlers[i](event) + }) + } + + return event.Next() +} + +func generateHookId() string { + return security.PseudorandomString(20) +} diff --git a/tools/hook/hook_test.go b/tools/hook/hook_test.go new file mode 100644 index 0000000..36bd945 --- /dev/null +++ b/tools/hook/hook_test.go @@ -0,0 +1,162 @@ +package hook + +import ( + "errors" + "testing" +) + +func TestHookAddHandlerAndAdd(t *testing.T) { + calls := "" + + h := Hook[*Event]{} + + h.BindFunc(func(e *Event) error { calls += "1"; return e.Next() }) + h.BindFunc(func(e *Event) error { calls += "2"; return e.Next() }) + h3Id := h.BindFunc(func(e *Event) error { calls += "3"; return e.Next() }) + h.Bind(&Handler[*Event]{ + Id: h3Id, // should replace 3 + Func: func(e *Event) error { calls += "3'"; return e.Next() }, + }) + h.Bind(&Handler[*Event]{ + Func: func(e *Event) error { calls += "4"; return e.Next() }, + Priority: -2, + }) + h.Bind(&Handler[*Event]{ + Func: func(e *Event) error { calls += "5"; return e.Next() }, + Priority: -1, + }) + h.Bind(&Handler[*Event]{ + Func: func(e *Event) error { calls += "6"; return e.Next() }, + }) + h.Bind(&Handler[*Event]{ + Func: func(e *Event) error { calls += "7"; e.Next(); return errors.New("test") }, // error shouldn't stop the chain + }) + + h.Trigger( + &Event{}, + func(e *Event) error { calls += "8"; return e.Next() }, + func(e *Event) error { calls += "9"; return nil }, // skip next + func(e *Event) error { calls += "10"; return e.Next() }, + ) + + if total := len(h.handlers); total != 7 { + t.Fatalf("Expected %d handlers, found %d", 7, total) + } + + expectedCalls := "45123'6789" + + if calls != expectedCalls { + t.Fatalf("Expected calls sequence %q, got %q", expectedCalls, calls) + } +} + +func TestHookLength(t *testing.T) { + h := Hook[*Event]{} + + if l := h.Length(); l != 0 { + t.Fatalf("Expected 0 hook handlers, got %d", l) + } + + h.BindFunc(func(e *Event) error { return e.Next() }) + h.BindFunc(func(e *Event) error { return e.Next() }) + + if l := h.Length(); l != 2 { + t.Fatalf("Expected 2 hook handlers, got %d", l) + } +} + +func TestHookUnbind(t *testing.T) { + h := Hook[*Event]{} + + calls := "" + + id0 := h.BindFunc(func(e *Event) error { calls += "0"; return e.Next() }) + id1 := h.BindFunc(func(e *Event) error { calls += "1"; return e.Next() }) + h.BindFunc(func(e *Event) error { calls += "2"; return e.Next() }) + h.Bind(&Handler[*Event]{ + Func: func(e *Event) error { calls += "3"; return e.Next() }, + }) + + h.Unbind("missing") // should do nothing and not panic + + if total := len(h.handlers); total != 4 { + t.Fatalf("Expected %d handlers, got %d", 4, total) + } + + h.Unbind(id1, id0) + + if total := len(h.handlers); total != 2 { + t.Fatalf("Expected %d handlers, got %d", 2, total) + } + + err := h.Trigger(&Event{}, func(e *Event) error { calls += "4"; return e.Next() }) + if err != nil { + t.Fatal(err) + } + + expectedCalls := "234" + + if calls != expectedCalls { + t.Fatalf("Expected calls sequence %q, got %q", expectedCalls, calls) + } +} + +func TestHookUnbindAll(t *testing.T) { + h := Hook[*Event]{} + + h.UnbindAll() // should do nothing and not panic + + h.BindFunc(func(e *Event) error { return nil }) + h.BindFunc(func(e *Event) error { return nil }) + + if total := len(h.handlers); total != 2 { + t.Fatalf("Expected %d handlers before UnbindAll, found %d", 2, total) + } + + h.UnbindAll() + + if total := len(h.handlers); total != 0 { + t.Fatalf("Expected no handlers after UnbindAll, found %d", total) + } +} + +func TestHookTriggerErrorPropagation(t *testing.T) { + err := errors.New("test") + + scenarios := []struct { + name string + handlers []func(*Event) error + expectedError error + }{ + { + "without error", + []func(*Event) error{ + func(e *Event) error { return e.Next() }, + func(e *Event) error { return e.Next() }, + }, + nil, + }, + { + "with error", + []func(*Event) error{ + func(e *Event) error { return e.Next() }, + func(e *Event) error { e.Next(); return err }, + func(e *Event) error { return e.Next() }, + }, + err, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + h := Hook[*Event]{} + for _, handler := range s.handlers { + h.BindFunc(handler) + } + result := h.Trigger(&Event{}) + if result != s.expectedError { + t.Fatalf("Expected %v, got %v", s.expectedError, result) + } + }) + } +} diff --git a/tools/hook/tagged.go b/tools/hook/tagged.go new file mode 100644 index 0000000..4363979 --- /dev/null +++ b/tools/hook/tagged.go @@ -0,0 +1,84 @@ +package hook + +import ( + "github.com/pocketbase/pocketbase/tools/list" +) + +// Tagger defines an interface for event data structs that support tags/groups/categories/etc. +// Usually used together with TaggedHook. +type Tagger interface { + Resolver + + Tags() []string +} + +// wrapped local Hook embedded struct to limit the public API surface. +type mainHook[T Tagger] struct { + *Hook[T] +} + +// NewTaggedHook creates a new TaggedHook with the provided main hook and optional tags. +func NewTaggedHook[T Tagger](hook *Hook[T], tags ...string) *TaggedHook[T] { + return &TaggedHook[T]{ + mainHook[T]{hook}, + tags, + } +} + +// TaggedHook defines a proxy hook which register handlers that are triggered only +// if the TaggedHook.tags are empty or includes at least one of the event data tag(s). +type TaggedHook[T Tagger] struct { + mainHook[T] + + tags []string +} + +// CanTriggerOn checks if the current TaggedHook can be triggered with +// the provided event data tags. +// +// It returns always true if the hook doens't have any tags. +func (h *TaggedHook[T]) CanTriggerOn(tagsToCheck []string) bool { + if len(h.tags) == 0 { + return true // match all + } + + for _, t := range tagsToCheck { + if list.ExistInSlice(t, h.tags) { + return true + } + } + + return false +} + +// Bind registers the provided handler to the current hooks queue. +// +// It is similar to [Hook.Bind] with the difference that the handler +// function is invoked only if the event data tags satisfy h.CanTriggerOn. +func (h *TaggedHook[T]) Bind(handler *Handler[T]) string { + fn := handler.Func + + handler.Func = func(e T) error { + if h.CanTriggerOn(e.Tags()) { + return fn(e) + } + + return e.Next() + } + + return h.mainHook.Bind(handler) +} + +// BindFunc registers a new handler with the specified function. +// +// It is similar to [Hook.Bind] with the difference that the handler +// function is invoked only if the event data tags satisfy h.CanTriggerOn. +func (h *TaggedHook[T]) BindFunc(fn func(e T) error) string { + return h.mainHook.BindFunc(func(e T) error { + if h.CanTriggerOn(e.Tags()) { + return fn(e) + } + + return e.Next() + }) +} diff --git a/tools/hook/tagged_test.go b/tools/hook/tagged_test.go new file mode 100644 index 0000000..7fa4ce3 --- /dev/null +++ b/tools/hook/tagged_test.go @@ -0,0 +1,84 @@ +package hook + +import ( + "strings" + "testing" +) + +type mockTagsEvent struct { + Event + tags []string +} + +func (m mockTagsEvent) Tags() []string { + return m.tags +} + +func TestTaggedHook(t *testing.T) { + calls := "" + + base := &Hook[*mockTagsEvent]{} + base.BindFunc(func(e *mockTagsEvent) error { calls += "f0"; return e.Next() }) + + hA := NewTaggedHook(base) + hA.BindFunc(func(e *mockTagsEvent) error { calls += "a1"; return e.Next() }) + hA.Bind(&Handler[*mockTagsEvent]{ + Func: func(e *mockTagsEvent) error { calls += "a2"; return e.Next() }, + Priority: -1, + }) + + hB := NewTaggedHook(base, "b1", "b2") + hB.BindFunc(func(e *mockTagsEvent) error { calls += "b1"; return e.Next() }) + hB.Bind(&Handler[*mockTagsEvent]{ + Func: func(e *mockTagsEvent) error { calls += "b2"; return e.Next() }, + Priority: -2, + }) + + hC := NewTaggedHook(base, "c1", "c2") + hC.BindFunc(func(e *mockTagsEvent) error { calls += "c1"; return e.Next() }) + hC.Bind(&Handler[*mockTagsEvent]{ + Func: func(e *mockTagsEvent) error { calls += "c2"; return e.Next() }, + Priority: -3, + }) + + scenarios := []struct { + event *mockTagsEvent + expectedCalls string + }{ + { + &mockTagsEvent{}, + "a2f0a1", + }, + { + &mockTagsEvent{tags: []string{"missing"}}, + "a2f0a1", + }, + { + &mockTagsEvent{tags: []string{"b2"}}, + "b2a2f0a1b1", + }, + { + &mockTagsEvent{tags: []string{"c1"}}, + "c2a2f0a1c1", + }, + { + &mockTagsEvent{tags: []string{"b1", "c2"}}, + "c2b2a2f0a1b1c1", + }, + } + + for _, s := range scenarios { + t.Run(strings.Join(s.event.tags, "_"), func(t *testing.T) { + calls = "" // reset + + err := base.Trigger(s.event) + if err != nil { + t.Fatalf("Unexpected trigger error: %v", err) + } + + if calls != s.expectedCalls { + t.Fatalf("Expected calls sequence %q, got %q", s.expectedCalls, calls) + } + }) + } +} diff --git a/tools/inflector/inflector.go b/tools/inflector/inflector.go new file mode 100644 index 0000000..6458af1 --- /dev/null +++ b/tools/inflector/inflector.go @@ -0,0 +1,113 @@ +package inflector + +import ( + "regexp" + "strings" + "unicode" +) + +var columnifyRemoveRegex = regexp.MustCompile(`[^\w\.\*\-\_\@\#]+`) +var snakecaseSplitRegex = regexp.MustCompile(`[\W_]+`) + +// UcFirst converts the first character of a string into uppercase. +func UcFirst(str string) string { + if str == "" { + return "" + } + + s := []rune(str) + + return string(unicode.ToUpper(s[0])) + string(s[1:]) +} + +// Columnify strips invalid db identifier characters. +func Columnify(str string) string { + return columnifyRemoveRegex.ReplaceAllString(str, "") +} + +// Sentenize converts and normalizes string into a sentence. +func Sentenize(str string) string { + str = strings.TrimSpace(str) + if str == "" { + return "" + } + + str = UcFirst(str) + + lastChar := str[len(str)-1:] + if lastChar != "." && lastChar != "?" && lastChar != "!" { + return str + "." + } + + return str +} + +// Sanitize sanitizes `str` by removing all characters satisfying `removePattern`. +// Returns an error if the pattern is not valid regex string. +func Sanitize(str string, removePattern string) (string, error) { + exp, err := regexp.Compile(removePattern) + if err != nil { + return "", err + } + + return exp.ReplaceAllString(str, ""), nil +} + +// Snakecase removes all non word characters and converts any english text into a snakecase. +// "ABBREVIATIONS" are preserved, eg. "myTestDB" will become "my_test_db". +func Snakecase(str string) string { + var result strings.Builder + + // split at any non word character and underscore + words := snakecaseSplitRegex.Split(str, -1) + + for _, word := range words { + if word == "" { + continue + } + + if result.Len() > 0 { + result.WriteString("_") + } + + for i, c := range word { + if unicode.IsUpper(c) && i > 0 && + // is not a following uppercase character + !unicode.IsUpper(rune(word[i-1])) { + result.WriteString("_") + } + + result.WriteRune(c) + } + } + + return strings.ToLower(result.String()) +} + +// Camelize converts the provided string to its "CamelCased" version +// (non alphanumeric characters are removed). +// +// For example: +// +// inflector.Camelize("send_email") // "SendEmail" +func Camelize(str string) string { + var result strings.Builder + + var isPrevSpecial bool + + for _, c := range str { + if !unicode.IsLetter(c) && !unicode.IsNumber(c) { + isPrevSpecial = true + continue + } + + if isPrevSpecial || result.Len() == 0 { + isPrevSpecial = false + result.WriteRune(unicode.ToUpper(c)) + } else { + result.WriteRune(c) + } + } + + return result.String() +} diff --git a/tools/inflector/inflector_test.go b/tools/inflector/inflector_test.go new file mode 100644 index 0000000..0b96dd2 --- /dev/null +++ b/tools/inflector/inflector_test.go @@ -0,0 +1,175 @@ +package inflector_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/inflector" +) + +func TestUcFirst(t *testing.T) { + scenarios := []struct { + val string + expected string + }{ + {"", ""}, + {" ", " "}, + {"Test", "Test"}, + {"test", "Test"}, + {"test test2", "Test test2"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + result := inflector.UcFirst(s.val) + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestColumnify(t *testing.T) { + scenarios := []struct { + val string + expected string + }{ + {"", ""}, + {" ", ""}, + {"123", "123"}, + {"Test.", "Test."}, + {" test ", "test"}, + {"test1.test2", "test1.test2"}, + {"@test!abc", "@testabc"}, + {"#test?abc", "#testabc"}, + {"123test(123)#", "123test123#"}, + {"test1--test2", "test1--test2"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + result := inflector.Columnify(s.val) + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestSentenize(t *testing.T) { + scenarios := []struct { + val string + expected string + }{ + {"", ""}, + {" ", ""}, + {".", "."}, + {"?", "?"}, + {"!", "!"}, + {"Test", "Test."}, + {" test ", "Test."}, + {"hello world", "Hello world."}, + {"hello world.", "Hello world."}, + {"hello world!", "Hello world!"}, + {"hello world?", "Hello world?"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + result := inflector.Sentenize(s.val) + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestSanitize(t *testing.T) { + scenarios := []struct { + val string + pattern string + expected string + expectErr bool + }{ + {"", ``, "", false}, + {" ", ``, " ", false}, + {" ", ` `, "", false}, + {"", `[A-Z]`, "", false}, + {"abcABC", `[A-Z]`, "abc", false}, + {"abcABC", `[A-Z`, "", true}, // invalid pattern + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + result, err := inflector.Sanitize(s.val, s.pattern) + hasErr := err != nil + + if s.expectErr != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectErr, hasErr, err) + } + + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestSnakecase(t *testing.T) { + scenarios := []struct { + val string + expected string + }{ + {"", ""}, + {" ", ""}, + {"!@#$%^", ""}, + {"...", ""}, + {"_", ""}, + {"John Doe", "john_doe"}, + {"John_Doe", "john_doe"}, + {".a!b@c#d$e%123. ", "a_b_c_d_e_123"}, + {"HelloWorld", "hello_world"}, + {"HelloWorld1HelloWorld2", "hello_world1_hello_world2"}, + {"TEST", "test"}, + {"testABR", "test_abr"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + result := inflector.Snakecase(s.val) + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestCamelize(t *testing.T) { + scenarios := []struct { + val string + expected string + }{ + {"", ""}, + {" ", ""}, + {"Test", "Test"}, + {"test", "Test"}, + {"testTest2", "TestTest2"}, + {"TestTest2", "TestTest2"}, + {"test test2", "TestTest2"}, + {"test-test2", "TestTest2"}, + {"test'test2", "TestTest2"}, + {"test1test2", "Test1test2"}, + {"1test-test2", "1testTest2"}, + {"123", "123"}, + {"123a", "123a"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.val), func(t *testing.T) { + result := inflector.Camelize(s.val) + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} diff --git a/tools/inflector/singularize.go b/tools/inflector/singularize.go new file mode 100644 index 0000000..07aab24 --- /dev/null +++ b/tools/inflector/singularize.go @@ -0,0 +1,89 @@ +package inflector + +import ( + "log" + "regexp" + + "github.com/pocketbase/pocketbase/tools/store" +) + +var compiledPatterns = store.New[string, *regexp.Regexp](nil) + +// note: the patterns are extracted from popular Ruby/PHP/Node.js inflector packages +var singularRules = []struct { + pattern string // lazily compiled + replacement string +}{ + {"(?i)([nrlm]ese|deer|fish|sheep|measles|ois|pox|media|ss)$", "${1}"}, + {"(?i)^(sea[- ]bass)$", "${1}"}, + {"(?i)(s)tatuses$", "${1}tatus"}, + {"(?i)(f)eet$", "${1}oot"}, + {"(?i)(t)eeth$", "${1}ooth"}, + {"(?i)^(.*)(menu)s$", "${1}${2}"}, + {"(?i)(quiz)zes$", "${1}"}, + {"(?i)(matr)ices$", "${1}ix"}, + {"(?i)(vert|ind)ices$", "${1}ex"}, + {"(?i)^(ox)en", "${1}"}, + {"(?i)(alias)es$", "${1}"}, + {"(?i)(alumn|bacill|cact|foc|fung|nucle|radi|stimul|syllab|termin|viri?)i$", "${1}us"}, + {"(?i)([ftw]ax)es", "${1}"}, + {"(?i)(cris|ax|test)es$", "${1}is"}, + {"(?i)(shoe)s$", "${1}"}, + {"(?i)(o)es$", "${1}"}, + {"(?i)ouses$", "ouse"}, + {"(?i)([^a])uses$", "${1}us"}, + {"(?i)([m|l])ice$", "${1}ouse"}, + {"(?i)(x|ch|ss|sh)es$", "${1}"}, + {"(?i)(m)ovies$", "${1}ovie"}, + {"(?i)(s)eries$", "${1}eries"}, + {"(?i)([^aeiouy]|qu)ies$", "${1}y"}, + {"(?i)([lr])ves$", "${1}f"}, + {"(?i)(tive)s$", "${1}"}, + {"(?i)(hive)s$", "${1}"}, + {"(?i)(drive)s$", "${1}"}, + {"(?i)([^fo])ves$", "${1}fe"}, + {"(?i)(^analy)ses$", "${1}sis"}, + {"(?i)(analy|diagno|^ba|(p)arenthe|(p)rogno|(s)ynop|(t)he)ses$", "${1}${2}sis"}, + {"(?i)([ti])a$", "${1}um"}, + {"(?i)(p)eople$", "${1}erson"}, + {"(?i)(m)en$", "${1}an"}, + {"(?i)(c)hildren$", "${1}hild"}, + {"(?i)(n)ews$", "${1}ews"}, + {"(?i)(n)etherlands$", "${1}etherlands"}, + {"(?i)eaus$", "eau"}, + {"(?i)(currenc)ies$", "${1}y"}, + {"(?i)^(.*us)$", "${1}"}, + {"(?i)s$", ""}, +} + +// Singularize converts the specified word into its singular version. +// +// For example: +// +// inflector.Singularize("people") // "person" +func Singularize(word string) string { + if word == "" { + return "" + } + + for _, rule := range singularRules { + re := compiledPatterns.GetOrSet(rule.pattern, func() *regexp.Regexp { + re, err := regexp.Compile(rule.pattern) + if err != nil { + return nil + } + return re + }) + if re == nil { + // log only for debug purposes + log.Println("[Singularize] failed to retrieve/compile rule pattern " + rule.pattern) + continue + } + + if re.MatchString(word) { + return re.ReplaceAllString(word, rule.replacement) + } + } + + return word +} diff --git a/tools/inflector/singularize_test.go b/tools/inflector/singularize_test.go new file mode 100644 index 0000000..70ed2ab --- /dev/null +++ b/tools/inflector/singularize_test.go @@ -0,0 +1,76 @@ +package inflector_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/tools/inflector" +) + +func TestSingularize(t *testing.T) { + scenarios := []struct { + word string + expected string + }{ + {"abcnese", "abcnese"}, + {"deer", "deer"}, + {"sheep", "sheep"}, + {"measles", "measles"}, + {"pox", "pox"}, + {"media", "media"}, + {"bliss", "bliss"}, + {"sea-bass", "sea-bass"}, + {"Statuses", "Status"}, + {"Feet", "Foot"}, + {"Teeth", "Tooth"}, + {"abcmenus", "abcmenu"}, + {"Quizzes", "Quiz"}, + {"Matrices", "Matrix"}, + {"Vertices", "Vertex"}, + {"Indices", "Index"}, + {"Aliases", "Alias"}, + {"Alumni", "Alumnus"}, + {"Bacilli", "Bacillus"}, + {"Cacti", "Cactus"}, + {"Fungi", "Fungus"}, + {"Nuclei", "Nucleus"}, + {"Radii", "Radius"}, + {"Stimuli", "Stimulus"}, + {"Syllabi", "Syllabus"}, + {"Termini", "Terminus"}, + {"Viri", "Virus"}, + {"Faxes", "Fax"}, + {"Crises", "Crisis"}, + {"Axes", "Axis"}, + {"Shoes", "Shoe"}, + {"abcoes", "abco"}, + {"Houses", "House"}, + {"Mice", "Mouse"}, + {"abcxes", "abcx"}, + {"Movies", "Movie"}, + {"Series", "Series"}, + {"abcquies", "abcquy"}, + {"Relatives", "Relative"}, + {"Drives", "Drive"}, + {"aardwolves", "aardwolf"}, + {"Analyses", "Analysis"}, + {"Diagnoses", "Diagnosis"}, + {"People", "Person"}, + {"Men", "Man"}, + {"Children", "Child"}, + {"News", "News"}, + {"Netherlands", "Netherlands"}, + {"Tableaus", "Tableau"}, + {"Currencies", "Currency"}, + {"abcs", "abc"}, + {"abc", "abc"}, + } + + for _, s := range scenarios { + t.Run(s.word, func(t *testing.T) { + result := inflector.Singularize(s.word) + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} diff --git a/tools/list/list.go b/tools/list/list.go new file mode 100644 index 0000000..76c41ee --- /dev/null +++ b/tools/list/list.go @@ -0,0 +1,163 @@ +package list + +import ( + "encoding/json" + "regexp" + "strings" + + "github.com/pocketbase/pocketbase/tools/store" + "github.com/spf13/cast" +) + +var cachedPatterns = store.New[string, *regexp.Regexp](nil) + +// SubtractSlice returns a new slice with only the "base" elements +// that don't exist in "subtract". +func SubtractSlice[T comparable](base []T, subtract []T) []T { + var result = make([]T, 0, len(base)) + + for _, b := range base { + if !ExistInSlice(b, subtract) { + result = append(result, b) + } + } + + return result +} + +// ExistInSlice checks whether a comparable element exists in a slice of the same type. +func ExistInSlice[T comparable](item T, list []T) bool { + for _, v := range list { + if v == item { + return true + } + } + + return false +} + +// ExistInSliceWithRegex checks whether a string exists in a slice +// either by direct match, or by a regular expression (eg. `^\w+$`). +// +// Note: Only list items starting with '^' and ending with '$' are treated as regular expressions! +func ExistInSliceWithRegex(str string, list []string) bool { + for _, field := range list { + isRegex := strings.HasPrefix(field, "^") && strings.HasSuffix(field, "$") + + if !isRegex { + // check for direct match + if str == field { + return true + } + continue + } + + // check for regex match + pattern := cachedPatterns.Get(field) + if pattern == nil { + var err error + pattern, err = regexp.Compile(field) + if err != nil { + continue + } + // "cache" the pattern to avoid compiling it every time + // (the limit size is arbitrary and it is there to prevent the cache growing too big) + // + // @todo consider replacing with TTL or LRU type cache + cachedPatterns.SetIfLessThanLimit(field, pattern, 500) + } + + if pattern != nil && pattern.MatchString(str) { + return true + } + } + + return false +} + +// ToInterfaceSlice converts a generic slice to slice of interfaces. +func ToInterfaceSlice[T any](list []T) []any { + result := make([]any, len(list)) + + for i := range list { + result[i] = list[i] + } + + return result +} + +// NonzeroUniques returns only the nonzero unique values from a slice. +func NonzeroUniques[T comparable](list []T) []T { + result := make([]T, 0, len(list)) + existMap := make(map[T]struct{}, len(list)) + + var zeroVal T + + for _, val := range list { + if val == zeroVal { + continue + } + if _, ok := existMap[val]; ok { + continue + } + existMap[val] = struct{}{} + result = append(result, val) + } + + return result +} + +// ToUniqueStringSlice casts `value` to a slice of non-zero unique strings. +func ToUniqueStringSlice(value any) (result []string) { + switch val := value.(type) { + case nil: + // nothing to cast + case []string: + result = val + case string: + if val == "" { + break + } + + // check if it is a json encoded array of strings + if strings.Contains(val, "[") { + if err := json.Unmarshal([]byte(val), &result); err != nil { + // not a json array, just add the string as single array element + result = append(result, val) + } + } else { + // just add the string as single array element + result = append(result, val) + } + case json.Marshaler: // eg. JSONArray + raw, _ := val.MarshalJSON() + _ = json.Unmarshal(raw, &result) + default: + result = cast.ToStringSlice(value) + } + + return NonzeroUniques(result) +} + +// ToChunks splits list into chunks. +// +// Zero or negative chunkSize argument is normalized to 1. +// +// See https://go.dev/wiki/SliceTricks#batching-with-minimal-allocation. +func ToChunks[T any](list []T, chunkSize int) [][]T { + if chunkSize <= 0 { + chunkSize = 1 + } + + chunks := make([][]T, 0, (len(list)+chunkSize-1)/chunkSize) + + if len(list) == 0 { + return chunks + } + + for chunkSize < len(list) { + list, chunks = list[chunkSize:], append(chunks, list[0:chunkSize:chunkSize]) + } + + return append(chunks, list) +} diff --git a/tools/list/list_test.go b/tools/list/list_test.go new file mode 100644 index 0000000..d169a75 --- /dev/null +++ b/tools/list/list_test.go @@ -0,0 +1,310 @@ +package list_test + +import ( + "encoding/json" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestSubtractSliceString(t *testing.T) { + scenarios := []struct { + base []string + subtract []string + expected string + }{ + { + []string{}, + []string{}, + `[]`, + }, + { + []string{}, + []string{"1", "2", "3", "4"}, + `[]`, + }, + { + []string{"1", "2", "3", "4"}, + []string{}, + `["1","2","3","4"]`, + }, + { + []string{"1", "2", "3", "4"}, + []string{"1", "2", "3", "4"}, + `[]`, + }, + { + []string{"1", "2", "3", "4", "7"}, + []string{"2", "4", "5", "6"}, + `["1","3","7"]`, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.expected), func(t *testing.T) { + result := list.SubtractSlice(s.base, s.subtract) + + raw, err := json.Marshal(result) + if err != nil { + t.Fatalf("Failed to serialize: %v", err) + } + + strResult := string(raw) + + if strResult != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, strResult) + } + }) + } +} + +func TestSubtractSliceInt(t *testing.T) { + scenarios := []struct { + base []int + subtract []int + expected string + }{ + { + []int{}, + []int{}, + `[]`, + }, + { + []int{}, + []int{1, 2, 3, 4}, + `[]`, + }, + { + []int{1, 2, 3, 4}, + []int{}, + `[1,2,3,4]`, + }, + { + []int{1, 2, 3, 4}, + []int{1, 2, 3, 4}, + `[]`, + }, + { + []int{1, 2, 3, 4, 7}, + []int{2, 4, 5, 6}, + `[1,3,7]`, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.expected), func(t *testing.T) { + result := list.SubtractSlice(s.base, s.subtract) + + raw, err := json.Marshal(result) + if err != nil { + t.Fatalf("Failed to serialize: %v", err) + } + + strResult := string(raw) + + if strResult != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, strResult) + } + }) + } +} + +func TestExistInSliceString(t *testing.T) { + scenarios := []struct { + item string + list []string + expected bool + }{ + {"", []string{""}, true}, + {"", []string{"1", "2", "test 123"}, false}, + {"test", []string{}, false}, + {"test", []string{"TEST"}, false}, + {"test", []string{"1", "2", "test 123"}, false}, + {"test", []string{"1", "2", "test"}, true}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.item), func(t *testing.T) { + result := list.ExistInSlice(s.item, s.list) + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestExistInSliceInt(t *testing.T) { + scenarios := []struct { + item int + list []int + expected bool + }{ + {0, []int{}, false}, + {0, []int{0}, true}, + {4, []int{1, 2, 3}, false}, + {1, []int{1, 2, 3}, true}, + {-1, []int{0, 1, 2, 3}, false}, + {-1, []int{0, -1, -2, -3, -4}, true}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%d", i, s.item), func(t *testing.T) { + result := list.ExistInSlice(s.item, s.list) + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestExistInSliceWithRegex(t *testing.T) { + scenarios := []struct { + item string + list []string + expected bool + }{ + {"", []string{``}, true}, + {"", []string{`^\W+$`}, false}, + {" ", []string{`^\W+$`}, true}, + {"test", []string{`^\invalid[+$`}, false}, // invalid regex + {"test", []string{`^\W+$`, "test"}, true}, + {`^\W+$`, []string{`^\W+$`, "test"}, false}, // direct match shouldn't work for this case + {`\W+$`, []string{`\W+$`, "test"}, true}, // direct match should work for this case because it is not an actual supported pattern format + {"!?@", []string{`\W+$`, "test"}, false}, // the method requires the pattern elems to start with '^' + {"!?@", []string{`^\W+`, "test"}, false}, // the method requires the pattern elems to end with '$' + {"!?@", []string{`^\W+$`, "test"}, true}, + {"!?@test", []string{`^\W+$`, "test"}, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.item), func(t *testing.T) { + result := list.ExistInSliceWithRegex(s.item, s.list) + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestToInterfaceSlice(t *testing.T) { + scenarios := []struct { + items []string + }{ + {[]string{}}, + {[]string{""}}, + {[]string{"1", "test"}}, + {[]string{"test1", "test1", "test2", "test3"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.items), func(t *testing.T) { + result := list.ToInterfaceSlice(s.items) + + if len(result) != len(s.items) { + t.Fatalf("Expected length %d, got %d", len(s.items), len(result)) + } + + for j, v := range result { + if v != s.items[j] { + t.Fatalf("Result list item doesn't match with the original list item, got %v VS %v", v, s.items[j]) + } + } + }) + } +} + +func TestNonzeroUniquesString(t *testing.T) { + scenarios := []struct { + items []string + expected []string + }{ + {[]string{}, []string{}}, + {[]string{""}, []string{}}, + {[]string{"1", "test"}, []string{"1", "test"}}, + {[]string{"test1", "", "test2", "Test2", "test1", "test3"}, []string{"test1", "test2", "Test2", "test3"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.items), func(t *testing.T) { + result := list.NonzeroUniques(s.items) + + if len(result) != len(s.expected) { + t.Fatalf("Expected length %d, got %d", len(s.expected), len(result)) + } + + for j, v := range result { + if v != s.expected[j] { + t.Fatalf("Result list item doesn't match with the expected list item, got %v VS %v", v, s.expected[j]) + } + } + }) + } +} + +func TestToUniqueStringSlice(t *testing.T) { + scenarios := []struct { + value any + expected []string + }{ + {nil, []string{}}, + {"", []string{}}, + {[]any{}, []string{}}, + {[]int{}, []string{}}, + {"test", []string{"test"}}, + {[]int{1, 2, 3}, []string{"1", "2", "3"}}, + {[]any{0, 1, "test", ""}, []string{"0", "1", "test"}}, + {[]string{"test1", "test2", "test1"}, []string{"test1", "test2"}}, + {`["test1", "test2", "test2"]`, []string{"test1", "test2"}}, + {types.JSONArray[string]{"test1", "test2", "test1"}, []string{"test1", "test2"}}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + result := list.ToUniqueStringSlice(s.value) + + if len(result) != len(s.expected) { + t.Fatalf("Expected length %d, got %d", len(s.expected), len(result)) + } + + for j, v := range result { + if v != s.expected[j] { + t.Fatalf("Result list item doesn't match with the expected list item, got %v vs %v", v, s.expected[j]) + } + } + }) + } +} + +func TestToChunks(t *testing.T) { + scenarios := []struct { + items []any + chunkSize int + expected string + }{ + {nil, 2, "[]"}, + {[]any{}, 2, "[]"}, + {[]any{1, 2, 3, 4}, -1, "[[1],[2],[3],[4]]"}, + {[]any{1, 2, 3, 4}, 0, "[[1],[2],[3],[4]]"}, + {[]any{1, 2, 3, 4}, 2, "[[1,2],[3,4]]"}, + {[]any{1, 2, 3, 4, 5}, 2, "[[1,2],[3,4],[5]]"}, + {[]any{1, 2, 3, 4, 5}, 10, "[[1,2,3,4,5]]"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.items), func(t *testing.T) { + result := list.ToChunks(s.items, s.chunkSize) + + raw, err := json.Marshal(result) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, rawStr) + } + }) + } +} diff --git a/tools/logger/batch_handler.go b/tools/logger/batch_handler.go new file mode 100644 index 0000000..e4d3437 --- /dev/null +++ b/tools/logger/batch_handler.go @@ -0,0 +1,325 @@ +package logger + +import ( + "context" + "encoding/json" + "errors" + "log/slog" + "sync" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/types" +) + +var _ slog.Handler = (*BatchHandler)(nil) + +// BatchOptions are options for the BatchHandler. +type BatchOptions struct { + // WriteFunc processes the batched logs. + WriteFunc func(ctx context.Context, logs []*Log) error + + // BeforeAddFunc is optional function that is invoked every time + // before a new log is added to the batch queue. + // + // Return false to skip adding the log into the batch queue. + BeforeAddFunc func(ctx context.Context, log *Log) bool + + // Level reports the minimum level to log. + // Levels with lower levels are discarded. + // If nil, the Handler uses [slog.LevelInfo]. + Level slog.Leveler + + // BatchSize specifies how many logs to accumulate before calling WriteFunc. + // If not set or 0, fallback to 100 by default. + BatchSize int +} + +// NewBatchHandler creates a slog compatible handler that writes JSON +// logs on batches (default to 100), using the given options. +// +// Panics if [BatchOptions.WriteFunc] is not defined. +// +// Example: +// +// l := slog.New(logger.NewBatchHandler(logger.BatchOptions{ +// WriteFunc: func(ctx context.Context, logs []*Log) error { +// for _, l := range logs { +// fmt.Println(l.Level, l.Message, l.Data) +// } +// return nil +// } +// })) +// l.Info("Example message", "title", "lorem ipsum") +func NewBatchHandler(options BatchOptions) *BatchHandler { + h := &BatchHandler{ + mux: &sync.Mutex{}, + options: &options, + } + + if h.options.WriteFunc == nil { + panic("options.WriteFunc must be set") + } + + if h.options.Level == nil { + h.options.Level = slog.LevelInfo + } + + if h.options.BatchSize == 0 { + h.options.BatchSize = 100 + } + + h.logs = make([]*Log, 0, h.options.BatchSize) + + return h +} + +// BatchHandler is a slog handler that writes records on batches. +// +// The log records attributes are formatted in JSON. +// +// Requires the [BatchOptions.WriteFunc] option to be defined. +type BatchHandler struct { + mux *sync.Mutex + parent *BatchHandler + options *BatchOptions + group string + attrs []slog.Attr + logs []*Log +} + +// Enabled reports whether the handler handles records at the given level. +// +// The handler ignores records whose level is lower. +func (h *BatchHandler) Enabled(ctx context.Context, level slog.Level) bool { + return level >= h.options.Level.Level() +} + +// WithGroup returns a new BatchHandler that starts a group. +// +// All logger attributes will be resolved under the specified group name. +func (h *BatchHandler) WithGroup(name string) slog.Handler { + if name == "" { + return h + } + + return &BatchHandler{ + parent: h, + mux: h.mux, + options: h.options, + group: name, + } +} + +// WithAttrs returns a new BatchHandler loaded with the specified attributes. +func (h *BatchHandler) WithAttrs(attrs []slog.Attr) slog.Handler { + if len(attrs) == 0 { + return h + } + + return &BatchHandler{ + parent: h, + mux: h.mux, + options: h.options, + attrs: attrs, + } +} + +// Handle formats the slog.Record argument as JSON object and adds it +// to the batch queue. +// +// If the batch queue threshold has been reached, the WriteFunc option +// is invoked with the accumulated logs which in turn will reset the batch queue. +func (h *BatchHandler) Handle(ctx context.Context, r slog.Record) error { + if h.group != "" { + h.mux.Lock() + attrs := make([]any, 0, len(h.attrs)+r.NumAttrs()) + for _, a := range h.attrs { + attrs = append(attrs, a) + } + h.mux.Unlock() + + r.Attrs(func(a slog.Attr) bool { + attrs = append(attrs, a) + return true + }) + + r = slog.NewRecord(r.Time, r.Level, r.Message, r.PC) + r.AddAttrs(slog.Group(h.group, attrs...)) + } else if len(h.attrs) > 0 { + r = r.Clone() + + h.mux.Lock() + r.AddAttrs(h.attrs...) + h.mux.Unlock() + } + + if h.parent != nil { + return h.parent.Handle(ctx, r) + } + + data := make(map[string]any, r.NumAttrs()) + + r.Attrs(func(a slog.Attr) bool { + if err := h.resolveAttr(data, a); err != nil { + return false + } + return true + }) + + log := &Log{ + Time: r.Time, + Level: r.Level, + Message: r.Message, + Data: types.JSONMap[any](data), + } + + if h.options.BeforeAddFunc != nil && !h.options.BeforeAddFunc(ctx, log) { + return nil + } + + h.mux.Lock() + h.logs = append(h.logs, log) + totalLogs := len(h.logs) + h.mux.Unlock() + + if totalLogs >= h.options.BatchSize { + if err := h.WriteAll(ctx); err != nil { + return err + } + } + + return nil +} + +// SetLevel updates the handler options level to the specified one. +func (h *BatchHandler) SetLevel(level slog.Level) { + h.mux.Lock() + h.options.Level = level + h.mux.Unlock() +} + +// WriteAll writes all accumulated Log entries and resets the batch queue. +func (h *BatchHandler) WriteAll(ctx context.Context) error { + if h.parent != nil { + // invoke recursively the parent level handler since the most + // top level one is holding the logs queue. + return h.parent.WriteAll(ctx) + } + + h.mux.Lock() + + totalLogs := len(h.logs) + + // no logs to write + if totalLogs == 0 { + h.mux.Unlock() + return nil + } + + // create a copy of the logs slice to prevent blocking during write + logs := make([]*Log, totalLogs) + copy(logs, h.logs) + h.logs = h.logs[:0] // reset + + h.mux.Unlock() + + return h.options.WriteFunc(ctx, logs) +} + +// resolveAttr writes attr into data. +func (h *BatchHandler) resolveAttr(data map[string]any, attr slog.Attr) error { + // ensure that the attr value is resolved before doing anything else + attr.Value = attr.Value.Resolve() + + if attr.Equal(slog.Attr{}) { + return nil // ignore empty attrs + } + + switch attr.Value.Kind() { + case slog.KindGroup: + attrs := attr.Value.Group() + if len(attrs) == 0 { + return nil // ignore empty groups + } + + // create a submap to wrap the resolved group attributes + groupData := make(map[string]any, len(attrs)) + + for _, subAttr := range attrs { + h.resolveAttr(groupData, subAttr) + } + + if len(groupData) > 0 { + data[attr.Key] = groupData + } + default: + data[attr.Key] = normalizeLogAttrValue(attr.Value.Any()) + } + + return nil +} + +func normalizeLogAttrValue(rawAttrValue any) any { + switch attrV := rawAttrValue.(type) { + case validation.Errors: + out := make(map[string]any, len(attrV)) + for k, v := range attrV { + out[k] = serializeLogError(v) + } + return out + case map[string]validation.Error: + out := make(map[string]any, len(attrV)) + for k, v := range attrV { + out[k] = serializeLogError(v) + } + return out + case map[string]error: + out := make(map[string]any, len(attrV)) + for k, v := range attrV { + out[k] = serializeLogError(v) + } + return out + case map[string]any: + out := make(map[string]any, len(attrV)) + for k, v := range attrV { + switch vv := v.(type) { + case error: + out[k] = serializeLogError(vv) + default: + out[k] = normalizeLogAttrValue(vv) + } + } + return out + case error: + // check for wrapped validation.Errors + var ve validation.Errors + if errors.As(attrV, &ve) { + out := make(map[string]any, len(ve)) + for k, v := range ve { + out[k] = serializeLogError(v) + } + return map[string]any{ + "data": out, + "raw": serializeLogError(attrV), + } + } + return serializeLogError(attrV) + default: + return attrV + } +} + +func serializeLogError(err error) any { + if err == nil { + return nil + } + + // prioritize a json structured format (e.g. validation.Errors) + jsonErr, ok := err.(json.Marshaler) + if ok { + return jsonErr + } + + // fallback to its original string representation + return err.Error() +} diff --git a/tools/logger/batch_handler_test.go b/tools/logger/batch_handler_test.go new file mode 100644 index 0000000..c394ec4 --- /dev/null +++ b/tools/logger/batch_handler_test.go @@ -0,0 +1,354 @@ +package logger + +import ( + "context" + "errors" + "fmt" + "log/slog" + "testing" + "time" + + validation "github.com/go-ozzo/ozzo-validation/v4" +) + +func TestNewBatchHandlerPanic(t *testing.T) { + defer func() { + if r := recover(); r == nil { + t.Errorf("Expected to panic.") + } + }() + + NewBatchHandler(BatchOptions{}) +} + +func TestNewBatchHandlerDefaults(t *testing.T) { + h := NewBatchHandler(BatchOptions{ + WriteFunc: func(ctx context.Context, logs []*Log) error { + return nil + }, + }) + + if h.options.BatchSize != 100 { + t.Fatalf("Expected default BatchSize %d, got %d", 100, h.options.BatchSize) + } + + if h.options.Level != slog.LevelInfo { + t.Fatalf("Expected default Level Info, got %v", h.options.Level) + } + + if h.options.BeforeAddFunc != nil { + t.Fatal("Expected default BeforeAddFunc to be nil") + } + + if h.options.WriteFunc == nil { + t.Fatal("Expected default WriteFunc to be set") + } + + if h.group != "" { + t.Fatalf("Expected empty group, got %s", h.group) + } + + if len(h.attrs) != 0 { + t.Fatalf("Expected empty attrs, got %v", h.attrs) + } + + if len(h.logs) != 0 { + t.Fatalf("Expected empty logs queue, got %v", h.logs) + } +} + +func TestBatchHandlerEnabled(t *testing.T) { + h := NewBatchHandler(BatchOptions{ + Level: slog.LevelWarn, + WriteFunc: func(ctx context.Context, logs []*Log) error { + return nil + }, + }) + + l := slog.New(h) + + scenarios := []struct { + level slog.Level + expected bool + }{ + {slog.LevelDebug, false}, + {slog.LevelInfo, false}, + {slog.LevelWarn, true}, + {slog.LevelError, true}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("Level %v", s.level), func(t *testing.T) { + result := l.Enabled(context.Background(), s.level) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestBatchHandlerSetLevel(t *testing.T) { + h := NewBatchHandler(BatchOptions{ + Level: slog.LevelWarn, + WriteFunc: func(ctx context.Context, logs []*Log) error { + return nil + }, + }) + + if h.options.Level != slog.LevelWarn { + t.Fatalf("Expected the initial level to be %d, got %d", slog.LevelWarn, h.options.Level) + } + + h.SetLevel(slog.LevelDebug) + + if h.options.Level != slog.LevelDebug { + t.Fatalf("Expected the updated level to be %d, got %d", slog.LevelDebug, h.options.Level) + } +} + +func TestBatchHandlerWithAttrsAndWithGroup(t *testing.T) { + h0 := NewBatchHandler(BatchOptions{ + WriteFunc: func(ctx context.Context, logs []*Log) error { + return nil + }, + }) + + h1 := h0.WithAttrs([]slog.Attr{slog.Int("test1", 1)}).(*BatchHandler) + h2 := h1.WithGroup("h2_group").(*BatchHandler) + h3 := h2.WithAttrs([]slog.Attr{slog.Int("test2", 2)}).(*BatchHandler) + + scenarios := []struct { + name string + handler *BatchHandler + expectedParent *BatchHandler + expectedGroup string + expectedAttrs int + }{ + { + "h0", + h0, + nil, + "", + 0, + }, + { + "h1", + h1, + h0, + "", + 1, + }, + { + "h2", + h2, + h1, + "h2_group", + 0, + }, + { + "h3", + h3, + h2, + "", + 1, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + if s.handler.group != s.expectedGroup { + t.Fatalf("Expected group %q, got %q", s.expectedGroup, s.handler.group) + } + + if s.handler.parent != s.expectedParent { + t.Fatalf("Expected parent %v, got %v", s.expectedParent, s.handler.parent) + } + + if totalAttrs := len(s.handler.attrs); totalAttrs != s.expectedAttrs { + t.Fatalf("Expected %d attrs, got %d", s.expectedAttrs, totalAttrs) + } + }) + } +} + +func TestBatchHandlerHandle(t *testing.T) { + ctx := context.Background() + + beforeLogs := []*Log{} + writeLogs := []*Log{} + + h := NewBatchHandler(BatchOptions{ + BatchSize: 3, + BeforeAddFunc: func(_ context.Context, log *Log) bool { + beforeLogs = append(beforeLogs, log) + + // skip test2 log + return log.Message != "test2" + }, + WriteFunc: func(_ context.Context, logs []*Log) error { + writeLogs = logs + return nil + }, + }) + + h.Handle(ctx, slog.NewRecord(time.Now(), slog.LevelInfo, "test1", 0)) + h.Handle(ctx, slog.NewRecord(time.Now(), slog.LevelInfo, "test2", 0)) + h.Handle(ctx, slog.NewRecord(time.Now(), slog.LevelInfo, "test3", 0)) + + // no batch write + { + checkLogMessages([]string{"test1", "test2", "test3"}, beforeLogs, t) + + checkLogMessages([]string{"test1", "test3"}, h.logs, t) + + // should be empty because no batch write has happened yet + if totalWriteLogs := len(writeLogs); totalWriteLogs != 0 { + t.Fatalf("Expected %d writeLogs, got %d", 0, totalWriteLogs) + } + } + + // add one more log to trigger the batch write + { + h.Handle(ctx, slog.NewRecord(time.Now(), slog.LevelInfo, "test4", 0)) + + // should be empty after the batch write + checkLogMessages([]string{}, h.logs, t) + + checkLogMessages([]string{"test1", "test3", "test4"}, writeLogs, t) + } +} + +func TestBatchHandlerWriteAll(t *testing.T) { + ctx := context.Background() + + beforeLogs := []*Log{} + writeLogs := []*Log{} + + h := NewBatchHandler(BatchOptions{ + BatchSize: 3, + BeforeAddFunc: func(_ context.Context, log *Log) bool { + beforeLogs = append(beforeLogs, log) + return true + }, + WriteFunc: func(_ context.Context, logs []*Log) error { + writeLogs = logs + return nil + }, + }) + + h.Handle(ctx, slog.NewRecord(time.Now(), slog.LevelInfo, "test1", 0)) + h.Handle(ctx, slog.NewRecord(time.Now(), slog.LevelInfo, "test2", 0)) + + checkLogMessages([]string{"test1", "test2"}, beforeLogs, t) + checkLogMessages([]string{"test1", "test2"}, h.logs, t) + checkLogMessages([]string{}, writeLogs, t) // empty because the batch size hasn't been reached + + // force trigger the batch write + h.WriteAll(ctx) + + checkLogMessages([]string{"test1", "test2"}, beforeLogs, t) + checkLogMessages([]string{}, h.logs, t) // reset + checkLogMessages([]string{"test1", "test2"}, writeLogs, t) +} + +func TestBatchHandlerAttrsFormat(t *testing.T) { + ctx := context.Background() + + beforeLogs := []*Log{} + + h0 := NewBatchHandler(BatchOptions{ + BeforeAddFunc: func(_ context.Context, log *Log) bool { + beforeLogs = append(beforeLogs, log) + return true + }, + WriteFunc: func(_ context.Context, logs []*Log) error { + return nil + }, + }) + + h1 := h0.WithAttrs([]slog.Attr{slog.Int("a", 1), slog.String("b", "123")}) + + h2 := h1.WithGroup("sub").WithAttrs([]slog.Attr{ + slog.Int("c", 3), + slog.Any("d", map[string]any{"d.1": 1}), + slog.Any("e", errors.New("example error")), + }) + + record := slog.NewRecord(time.Now(), slog.LevelInfo, "hello", 0) + record.AddAttrs(slog.String("name", "test")) + + h0.Handle(ctx, record) + h1.Handle(ctx, record) + h2.Handle(ctx, record) + + // errors serialization checks + errorsRecord := slog.NewRecord(time.Now(), slog.LevelError, "details", 0) + errorsRecord.Add("validation.Errors", validation.Errors{ + "a": validation.NewError("validation_code", "validation_message"), + "b": errors.New("plain"), + }) + errorsRecord.Add("wrapped_validation.Errors", fmt.Errorf("wrapped: %w", validation.Errors{ + "a": validation.NewError("validation_code", "validation_message"), + "b": errors.New("plain"), + })) + errorsRecord.Add("map[string]any", map[string]any{ + "a": validation.NewError("validation_code", "validation_message"), + "b": errors.New("plain"), + "c": "test_any", + "d": map[string]any{ + "nestedA": validation.NewError("nested_code", "nested_message"), + "nestedB": errors.New("nested_plain"), + }, + }) + errorsRecord.Add("map[string]error", map[string]error{ + "a": validation.NewError("validation_code", "validation_message"), + "b": errors.New("plain"), + }) + errorsRecord.Add("map[string]validation.Error", map[string]validation.Error{ + "a": validation.NewError("validation_code", "validation_message"), + "b": nil, + }) + errorsRecord.Add("plain_error", errors.New("plain")) + h0.Handle(ctx, errorsRecord) + + expected := []string{ + `{"name":"test"}`, + `{"a":1,"b":"123","name":"test"}`, + `{"a":1,"b":"123","sub":{"c":3,"d":{"d.1":1},"e":"example error","name":"test"}}`, + `{"map[string]any":{"a":"validation_message","b":"plain","c":"test_any","d":{"nestedA":"nested_message","nestedB":"nested_plain"}},"map[string]error":{"a":"validation_message","b":"plain"},"map[string]validation.Error":{"a":"validation_message","b":null},"plain_error":"plain","validation.Errors":{"a":"validation_message","b":"plain"},"wrapped_validation.Errors":{"data":{"a":"validation_message","b":"plain"},"raw":"wrapped: a: validation_message; b: plain."}}`, + } + + if len(beforeLogs) != len(expected) { + t.Fatalf("Expected %d logs, got %d", len(expected), len(beforeLogs)) + } + + for i, data := range expected { + t.Run(fmt.Sprintf("log handler %d", i), func(t *testing.T) { + log := beforeLogs[i] + raw, _ := log.Data.MarshalJSON() + if string(raw) != data { + t.Fatalf("Expected \n%s \ngot \n%s", data, raw) + } + }) + } +} + +func checkLogMessages(expected []string, logs []*Log, t *testing.T) { + if len(logs) != len(expected) { + t.Fatalf("Expected %d batched logs, got %d (expected: %v)", len(expected), len(logs), expected) + } + + for _, message := range expected { + exists := false + for _, l := range logs { + if l.Message == message { + exists = true + continue + } + } + if !exists { + t.Fatalf("Missing %q log message", message) + } + } +} diff --git a/tools/logger/log.go b/tools/logger/log.go new file mode 100644 index 0000000..e017ff1 --- /dev/null +++ b/tools/logger/log.go @@ -0,0 +1,17 @@ +package logger + +import ( + "log/slog" + "time" + + "github.com/pocketbase/pocketbase/tools/types" +) + +// Log is similar to [slog.Record] bit contains the log attributes as +// preformatted JSON map. +type Log struct { + Time time.Time + Data types.JSONMap[any] + Message string + Level slog.Level +} diff --git a/tools/mailer/html2text.go b/tools/mailer/html2text.go new file mode 100644 index 0000000..1f1f02f --- /dev/null +++ b/tools/mailer/html2text.go @@ -0,0 +1,118 @@ +package mailer + +import ( + "regexp" + "strings" + + "github.com/pocketbase/pocketbase/tools/list" + "golang.org/x/net/html" +) + +var whitespaceRegex = regexp.MustCompile(`\s+`) + +var tagsToSkip = []string{ + "style", "script", "iframe", "applet", "object", "svg", "img", + "button", "form", "textarea", "input", "select", "option", "template", +} + +var inlineTags = []string{ + "a", "span", "small", "strike", "strong", + "sub", "sup", "em", "b", "u", "i", +} + +// Very rudimentary auto HTML to Text mail body converter. +// +// Caveats: +// - This method doesn't check for correctness of the HTML document. +// - Links will be converted to "[text](url)" format. +// - List items (
  • ) are prefixed with "- ". +// - Indentation is stripped (both tabs and spaces). +// - Trailing spaces are preserved. +// - Multiple consequence newlines are collapsed as one unless multiple
    tags are used. +func html2Text(htmlDocument string) (string, error) { + doc, err := html.Parse(strings.NewReader(htmlDocument)) + if err != nil { + return "", err + } + + var builder strings.Builder + var canAddNewLine bool + + // see https://pkg.go.dev/golang.org/x/net/html#Parse + var f func(*html.Node, *strings.Builder) + f = func(n *html.Node, activeBuilder *strings.Builder) { + isLink := n.Type == html.ElementNode && n.Data == "a" + + if isLink { + var linkBuilder strings.Builder + activeBuilder = &linkBuilder + } else if activeBuilder == nil { + activeBuilder = &builder + } + + switch n.Type { + case html.TextNode: + txt := whitespaceRegex.ReplaceAllString(n.Data, " ") + + // the prev node has new line so it is safe to trim the indentation + if !canAddNewLine { + txt = strings.TrimLeft(txt, " ") + } + + if txt != "" { + activeBuilder.WriteString(txt) + canAddNewLine = true + } + case html.ElementNode: + if n.Data == "br" { + // always write new lines when
    tag is used + activeBuilder.WriteString("\r\n") + canAddNewLine = false + } else if canAddNewLine && !list.ExistInSlice(n.Data, inlineTags) { + activeBuilder.WriteString("\r\n") + canAddNewLine = false + } + + // prefix list items with dash + if n.Data == "li" { + activeBuilder.WriteString("- ") + } + } + + for c := n.FirstChild; c != nil; c = c.NextSibling { + if c.Type != html.ElementNode || !list.ExistInSlice(c.Data, tagsToSkip) { + f(c, activeBuilder) + } + } + + // format links as [label](href) + if isLink { + linkTxt := strings.TrimSpace(activeBuilder.String()) + if linkTxt == "" { + linkTxt = "LINK" + } + + builder.WriteString("[") + builder.WriteString(linkTxt) + builder.WriteString("]") + + // link href attr extraction + for _, a := range n.Attr { + if a.Key == "href" { + if a.Val != "" { + builder.WriteString("(") + builder.WriteString(a.Val) + builder.WriteString(")") + } + break + } + } + + activeBuilder.Reset() + } + } + + f(doc, &builder) + + return strings.TrimSpace(builder.String()), nil +} diff --git a/tools/mailer/html2text_test.go b/tools/mailer/html2text_test.go new file mode 100644 index 0000000..d6304d2 --- /dev/null +++ b/tools/mailer/html2text_test.go @@ -0,0 +1,131 @@ +package mailer + +import ( + "testing" +) + +func TestHTML2Text(t *testing.T) { + scenarios := []struct { + html string + expected string + }{ + { + "", + "", + }, + { + "ab c", + "ab c", + }, + { + "", + "", + }, + { + " a ", + "a", + }, + { + "abc", + "abc", + }, + { + `test`, + "[test](a/b/c)", + }, + { + `test`, + "[test]", + }, + { + "a b", + "a b", + }, + { + "a b c", + "a b c", + }, + { + "a b
    c
    ", + "a b \r\nc", + }, + { + ` + + + + + + + + + + +
    +
    +

    Lorem ipsum

    +

    Dolor sit amet

    +

    + Verify +

    +
    +

    + Verify2.1 Verify2.2 +

    +
    +
    +
    +
    +
    +
      +
    • ul.test1
      • +
    • ul.test2
      • +
    • ul.test3
      • +
    +
      +
    1. ol.test1
      2. +
    2. ol.test2
      3. +
    3. ol.test3
      4. +
    +
    +
    +
    + + + + +

    + Thanks,
    + PocketBase team +

    +
    +
    + + + `, + "Lorem ipsum \r\nDolor sit amet \r\n[Verify](a/b/c) \r\n[Verify2.1 Verify2.2](a/b/c) \r\n\r\n- ul.test1 \r\n- ul.test2 \r\n- ul.test3 \r\n- ol.test1 \r\n- ol.test2 \r\n- ol.test3 \r\nThanks,\r\nPocketBase team", + }, + } + + for i, s := range scenarios { + result, err := html2Text(s.html) + if err != nil { + t.Errorf("(%d) Unexpected error %v", i, err) + } + + if result != s.expected { + t.Errorf("(%d) Expected \n(%q)\n%v,\n\ngot:\n\n(%q)\n%v", i, s.expected, s.expected, result, result) + } + } +} diff --git a/tools/mailer/mailer.go b/tools/mailer/mailer.go new file mode 100644 index 0000000..c87e2e8 --- /dev/null +++ b/tools/mailer/mailer.go @@ -0,0 +1,72 @@ +package mailer + +import ( + "bytes" + "io" + "net/mail" + + "github.com/gabriel-vasile/mimetype" + "github.com/pocketbase/pocketbase/tools/hook" +) + +// Message defines a generic email message struct. +type Message struct { + From mail.Address `json:"from"` + To []mail.Address `json:"to"` + Bcc []mail.Address `json:"bcc"` + Cc []mail.Address `json:"cc"` + Subject string `json:"subject"` + HTML string `json:"html"` + Text string `json:"text"` + Headers map[string]string `json:"headers"` + Attachments map[string]io.Reader `json:"attachments"` + InlineAttachments map[string]io.Reader `json:"inlineAttachments"` +} + +// Mailer defines a base mail client interface. +type Mailer interface { + // Send sends an email with the provided Message. + Send(message *Message) error +} + +// SendInterceptor is optional interface for registering mail send hooks. +type SendInterceptor interface { + OnSend() *hook.Hook[*SendEvent] +} + +type SendEvent struct { + hook.Event + Message *Message +} + +// addressesToStrings converts the provided address to a list of serialized RFC 5322 strings. +// +// To export only the email part of mail.Address, you can set withName to false. +func addressesToStrings(addresses []mail.Address, withName bool) []string { + result := make([]string, len(addresses)) + + for i, addr := range addresses { + if withName && addr.Name != "" { + result[i] = addr.String() + } else { + // keep only the email part to avoid wrapping in angle-brackets + result[i] = addr.Address + } + } + + return result +} + +// detectReaderMimeType reads the first couple bytes of the reader to detect its MIME type. +// +// Returns a new combined reader from the partial read + the remaining of the original reader. +func detectReaderMimeType(r io.Reader) (io.Reader, string, error) { + readCopy := new(bytes.Buffer) + + mime, err := mimetype.DetectReader(io.TeeReader(r, readCopy)) + if err != nil { + return nil, "", err + } + + return io.MultiReader(readCopy, r), mime.String(), nil +} diff --git a/tools/mailer/mailer_test.go b/tools/mailer/mailer_test.go new file mode 100644 index 0000000..571f9ea --- /dev/null +++ b/tools/mailer/mailer_test.go @@ -0,0 +1,77 @@ +package mailer + +import ( + "fmt" + "io" + "net/mail" + "strings" + "testing" +) + +func TestAddressesToStrings(t *testing.T) { + t.Parallel() + + scenarios := []struct { + withName bool + addresses []mail.Address + expected []string + }{ + { + true, + []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Name: "Jane Doe", Address: "test2@example.com"}}, + []string{`"John Doe" `, `"Jane Doe" `}, + }, + { + true, + []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Address: "test2@example.com"}}, + []string{`"John Doe" `, `test2@example.com`}, + }, + { + false, + []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Name: "Jane Doe", Address: "test2@example.com"}}, + []string{`test1@example.com`, `test2@example.com`}, + }, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%v_%v", s.withName, s.addresses), func(t *testing.T) { + result := addressesToStrings(s.addresses, s.withName) + + if len(s.expected) != len(result) { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, result) + } + + for k, v := range s.expected { + if v != result[k] { + t.Fatalf("Expected %d address %q, got %q", k, v, result[k]) + } + } + }) + } +} + +func TestDetectReaderMimeType(t *testing.T) { + t.Parallel() + + str := "#!/bin/node\n" + strings.Repeat("a", 10000) // ensure that it is large enough to remain after the signature sniffing + + r, mime, err := detectReaderMimeType(strings.NewReader(str)) + if err != nil { + t.Fatal(err) + } + + expectedMime := "text/javascript" + if mime != expectedMime { + t.Fatalf("Expected mime %q, got %q", expectedMime, mime) + } + + raw, err := io.ReadAll(r) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != str { + t.Fatalf("Expected content\n%s\ngot\n%s", str, rawStr) + } +} diff --git a/tools/mailer/sendmail.go b/tools/mailer/sendmail.go new file mode 100644 index 0000000..b1dbaec --- /dev/null +++ b/tools/mailer/sendmail.go @@ -0,0 +1,99 @@ +package mailer + +import ( + "bytes" + "errors" + "mime" + "net/http" + "os/exec" + "strings" + + "github.com/pocketbase/pocketbase/tools/hook" +) + +var _ Mailer = (*Sendmail)(nil) + +// Sendmail implements [mailer.Mailer] interface and defines a mail +// client that sends emails via the "sendmail" *nix command. +// +// This client is usually recommended only for development and testing. +type Sendmail struct { + onSend *hook.Hook[*SendEvent] +} + +// OnSend implements [mailer.SendInterceptor] interface. +func (c *Sendmail) OnSend() *hook.Hook[*SendEvent] { + if c.onSend == nil { + c.onSend = &hook.Hook[*SendEvent]{} + } + return c.onSend +} + +// Send implements [mailer.Mailer] interface. +func (c *Sendmail) Send(m *Message) error { + if c.onSend != nil { + return c.onSend.Trigger(&SendEvent{Message: m}, func(e *SendEvent) error { + return c.send(e.Message) + }) + } + + return c.send(m) +} + +func (c *Sendmail) send(m *Message) error { + toAddresses := addressesToStrings(m.To, false) + + headers := make(http.Header) + headers.Set("Subject", mime.QEncoding.Encode("utf-8", m.Subject)) + headers.Set("From", m.From.String()) + headers.Set("Content-Type", "text/html; charset=UTF-8") + headers.Set("To", strings.Join(toAddresses, ",")) + + cmdPath, err := findSendmailPath() + if err != nil { + return err + } + + var buffer bytes.Buffer + + // write + // --- + if err := headers.Write(&buffer); err != nil { + return err + } + if _, err := buffer.Write([]byte("\r\n")); err != nil { + return err + } + if m.HTML != "" { + if _, err := buffer.Write([]byte(m.HTML)); err != nil { + return err + } + } else { + if _, err := buffer.Write([]byte(m.Text)); err != nil { + return err + } + } + // --- + + sendmail := exec.Command(cmdPath, strings.Join(toAddresses, ",")) + sendmail.Stdin = &buffer + + return sendmail.Run() +} + +func findSendmailPath() (string, error) { + options := []string{ + "/usr/sbin/sendmail", + "/usr/bin/sendmail", + "sendmail", + } + + for _, option := range options { + path, err := exec.LookPath(option) + if err == nil { + return path, err + } + } + + return "", errors.New("failed to locate a sendmail executable path") +} diff --git a/tools/mailer/smtp.go b/tools/mailer/smtp.go new file mode 100644 index 0000000..3f1f745 --- /dev/null +++ b/tools/mailer/smtp.go @@ -0,0 +1,211 @@ +package mailer + +import ( + "errors" + "fmt" + "net/smtp" + "strings" + + "github.com/domodwyer/mailyak/v3" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/security" +) + +var _ Mailer = (*SMTPClient)(nil) + +const ( + SMTPAuthPlain = "PLAIN" + SMTPAuthLogin = "LOGIN" +) + +// SMTPClient defines a SMTP mail client structure that implements +// `mailer.Mailer` interface. +type SMTPClient struct { + onSend *hook.Hook[*SendEvent] + + TLS bool + Port int + Host string + Username string + Password string + + // SMTP auth method to use + // (if not explicitly set, defaults to "PLAIN") + AuthMethod string + + // LocalName is optional domain name used for the EHLO/HELO exchange + // (if not explicitly set, defaults to "localhost"). + // + // This is required only by some SMTP servers, such as Gmail SMTP-relay. + LocalName string +} + +// OnSend implements [mailer.SendInterceptor] interface. +func (c *SMTPClient) OnSend() *hook.Hook[*SendEvent] { + if c.onSend == nil { + c.onSend = &hook.Hook[*SendEvent]{} + } + return c.onSend +} + +// Send implements [mailer.Mailer] interface. +func (c *SMTPClient) Send(m *Message) error { + if c.onSend != nil { + return c.onSend.Trigger(&SendEvent{Message: m}, func(e *SendEvent) error { + return c.send(e.Message) + }) + } + + return c.send(m) +} + +func (c *SMTPClient) send(m *Message) error { + var smtpAuth smtp.Auth + if c.Username != "" || c.Password != "" { + switch c.AuthMethod { + case SMTPAuthLogin: + smtpAuth = &smtpLoginAuth{c.Username, c.Password} + default: + smtpAuth = smtp.PlainAuth("", c.Username, c.Password, c.Host) + } + } + + // create mail instance + var yak *mailyak.MailYak + if c.TLS { + var tlsErr error + yak, tlsErr = mailyak.NewWithTLS(fmt.Sprintf("%s:%d", c.Host, c.Port), smtpAuth, nil) + if tlsErr != nil { + return tlsErr + } + } else { + yak = mailyak.New(fmt.Sprintf("%s:%d", c.Host, c.Port), smtpAuth) + } + + if c.LocalName != "" { + yak.LocalName(c.LocalName) + } + + if m.From.Name != "" { + yak.FromName(m.From.Name) + } + yak.From(m.From.Address) + yak.Subject(m.Subject) + yak.HTML().Set(m.HTML) + + if m.Text == "" { + // try to generate a plain text version of the HTML + if plain, err := html2Text(m.HTML); err == nil { + yak.Plain().Set(plain) + } + } else { + yak.Plain().Set(m.Text) + } + + if len(m.To) > 0 { + yak.To(addressesToStrings(m.To, true)...) + } + + if len(m.Bcc) > 0 { + yak.Bcc(addressesToStrings(m.Bcc, true)...) + } + + if len(m.Cc) > 0 { + yak.Cc(addressesToStrings(m.Cc, true)...) + } + + // add regular attachements (if any) + for name, data := range m.Attachments { + r, mime, err := detectReaderMimeType(data) + if err != nil { + return err + } + yak.AttachWithMimeType(name, r, mime) + } + + // add inline attachments (if any) + for name, data := range m.InlineAttachments { + r, mime, err := detectReaderMimeType(data) + if err != nil { + return err + } + yak.AttachInlineWithMimeType(name, r, mime) + } + + // add custom headers (if any) + var hasMessageId bool + for k, v := range m.Headers { + if strings.EqualFold(k, "Message-ID") { + hasMessageId = true + } + yak.AddHeader(k, v) + } + if !hasMessageId { + // add a default message id if missing + fromParts := strings.Split(m.From.Address, "@") + if len(fromParts) == 2 { + yak.AddHeader("Message-ID", fmt.Sprintf("<%s@%s>", + security.PseudorandomString(15), + fromParts[1], + )) + } + } + + return yak.Send() +} + +// ------------------------------------------------------------------- +// AUTH LOGIN +// ------------------------------------------------------------------- + +var _ smtp.Auth = (*smtpLoginAuth)(nil) + +// smtpLoginAuth defines an AUTH that implements the LOGIN authentication mechanism. +// +// AUTH LOGIN is obsolete[1] but some mail services like outlook requires it [2]. +// +// NB! +// It will only send the credentials if the connection is using TLS or is connected to localhost. +// Otherwise authentication will fail with an error, without sending the credentials. +// +// [1]: https://github.com/golang/go/issues/40817 +// [2]: https://support.microsoft.com/en-us/office/outlook-com-no-longer-supports-auth-plain-authentication-07f7d5e9-1697-465f-84d2-4513d4ff0145?ui=en-us&rs=en-us&ad=us +type smtpLoginAuth struct { + username, password string +} + +// Start initializes an authentication with the server. +// +// It is part of the [smtp.Auth] interface. +func (a *smtpLoginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) { + // Must have TLS, or else localhost server. + // Note: If TLS is not true, then we can't trust ANYTHING in ServerInfo. + // In particular, it doesn't matter if the server advertises LOGIN auth. + // That might just be the attacker saying + // "it's ok, you can trust me with your password." + if !server.TLS && !isLocalhost(server.Name) { + return "", nil, errors.New("unencrypted connection") + } + + return "LOGIN", nil, nil +} + +// Next "continues" the auth process by feeding the server with the requested data. +// +// It is part of the [smtp.Auth] interface. +func (a *smtpLoginAuth) Next(fromServer []byte, more bool) ([]byte, error) { + if more { + switch strings.ToLower(string(fromServer)) { + case "username:": + return []byte(a.username), nil + case "password:": + return []byte(a.password), nil + } + } + + return nil, nil +} + +func isLocalhost(name string) bool { + return name == "localhost" || name == "127.0.0.1" || name == "::1" +} diff --git a/tools/mailer/smtp_test.go b/tools/mailer/smtp_test.go new file mode 100644 index 0000000..49797d5 --- /dev/null +++ b/tools/mailer/smtp_test.go @@ -0,0 +1,166 @@ +package mailer + +import ( + "net/smtp" + "testing" +) + +func TestLoginAuthStart(t *testing.T) { + auth := smtpLoginAuth{username: "test", password: "123456"} + + scenarios := []struct { + name string + serverInfo *smtp.ServerInfo + expectError bool + }{ + { + "localhost without tls", + &smtp.ServerInfo{TLS: false, Name: "localhost"}, + false, + }, + { + "localhost with tls", + &smtp.ServerInfo{TLS: true, Name: "localhost"}, + false, + }, + { + "127.0.0.1 without tls", + &smtp.ServerInfo{TLS: false, Name: "127.0.0.1"}, + false, + }, + { + "127.0.0.1 with tls", + &smtp.ServerInfo{TLS: false, Name: "127.0.0.1"}, + false, + }, + { + "::1 without tls", + &smtp.ServerInfo{TLS: false, Name: "::1"}, + false, + }, + { + "::1 with tls", + &smtp.ServerInfo{TLS: false, Name: "::1"}, + false, + }, + { + "non-localhost without tls", + &smtp.ServerInfo{TLS: false, Name: "example.com"}, + true, + }, + { + "non-localhost with tls", + &smtp.ServerInfo{TLS: true, Name: "example.com"}, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + method, resp, err := auth.Start(s.serverInfo) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + + if hasErr { + return + } + + if len(resp) != 0 { + t.Fatalf("Expected empty data response, got %v", resp) + } + + if method != "LOGIN" { + t.Fatalf("Expected LOGIN, got %v", method) + } + }) + } +} + +func TestLoginAuthNext(t *testing.T) { + auth := smtpLoginAuth{username: "test", password: "123456"} + + { + // example|false + r1, err := auth.Next([]byte("example:"), false) + if err != nil { + t.Fatalf("[example|false] Unexpected error %v", err) + } + if len(r1) != 0 { + t.Fatalf("[example|false] Expected empty part, got %v", r1) + } + + // example|true + r2, err := auth.Next([]byte("example:"), true) + if err != nil { + t.Fatalf("[example|true] Unexpected error %v", err) + } + if len(r2) != 0 { + t.Fatalf("[example|true] Expected empty part, got %v", r2) + } + } + + // --------------------------------------------------------------- + + { + // username:|false + r1, err := auth.Next([]byte("username:"), false) + if err != nil { + t.Fatalf("[username|false] Unexpected error %v", err) + } + if len(r1) != 0 { + t.Fatalf("[username|false] Expected empty part, got %v", r1) + } + + // username:|true + r2, err := auth.Next([]byte("username:"), true) + if err != nil { + t.Fatalf("[username|true] Unexpected error %v", err) + } + if str := string(r2); str != auth.username { + t.Fatalf("[username|true] Expected %s, got %s", auth.username, str) + } + + // uSeRnAmE:|true + r3, err := auth.Next([]byte("uSeRnAmE:"), true) + if err != nil { + t.Fatalf("[uSeRnAmE|true] Unexpected error %v", err) + } + if str := string(r3); str != auth.username { + t.Fatalf("[uSeRnAmE|true] Expected %s, got %s", auth.username, str) + } + } + + // --------------------------------------------------------------- + + { + // password:|false + r1, err := auth.Next([]byte("password:"), false) + if err != nil { + t.Fatalf("[password|false] Unexpected error %v", err) + } + if len(r1) != 0 { + t.Fatalf("[password|false] Expected empty part, got %v", r1) + } + + // password:|true + r2, err := auth.Next([]byte("password:"), true) + if err != nil { + t.Fatalf("[password|true] Unexpected error %v", err) + } + if str := string(r2); str != auth.password { + t.Fatalf("[password|true] Expected %s, got %s", auth.password, str) + } + + // pAsSwOrD:|true + r3, err := auth.Next([]byte("pAsSwOrD:"), true) + if err != nil { + t.Fatalf("[pAsSwOrD|true] Unexpected error %v", err) + } + if str := string(r3); str != auth.password { + t.Fatalf("[pAsSwOrD|true] Expected %s, got %s", auth.password, str) + } + } +} diff --git a/tools/osutils/cmd.go b/tools/osutils/cmd.go new file mode 100644 index 0000000..d21f886 --- /dev/null +++ b/tools/osutils/cmd.go @@ -0,0 +1,65 @@ +package osutils + +import ( + "bufio" + "fmt" + "os" + "os/exec" + "runtime" + "strings" + + "github.com/go-ozzo/ozzo-validation/v4/is" +) + +// LaunchURL attempts to open the provided url in the user's default browser. +// +// It is platform dependent and it uses: +// - "open" on macOS +// - "rundll32" on Windows +// - "xdg-open" on everything else (Linux, FreeBSD, etc.) +func LaunchURL(url string) error { + if err := is.URL.Validate(url); err != nil { + return err + } + + switch runtime.GOOS { + case "darwin": + return exec.Command("open", url).Start() + case "windows": + // not sure if this is the best command but seems to be the most reliable based on the comments in + // https://stackoverflow.com/questions/3739327/launching-a-website-via-the-windows-commandline#answer-49115945 + return exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start() + default: + return exec.Command("xdg-open", url).Start() + } +} + +// YesNoPrompt performs a console prompt that asks the user for Yes/No answer. +// +// If the user just press Enter (aka. doesn't type anything) it returns the fallback value. +func YesNoPrompt(message string, fallback bool) bool { + options := "Y/n" + if !fallback { + options = "y/N" + } + + r := bufio.NewReader(os.Stdin) + + var s string + for { + fmt.Fprintf(os.Stderr, "%s (%s) ", message, options) + + s, _ = r.ReadString('\n') + + s = strings.ToLower(strings.TrimSpace(s)) + + switch s { + case "": + return fallback + case "y", "yes": + return true + case "n", "no": + return false + } + } +} diff --git a/tools/osutils/cmd_test.go b/tools/osutils/cmd_test.go new file mode 100644 index 0000000..38beeab --- /dev/null +++ b/tools/osutils/cmd_test.go @@ -0,0 +1,66 @@ +package osutils_test + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/osutils" +) + +func TestYesNoPrompt(t *testing.T) { + scenarios := []struct { + stdin string + fallback bool + expected bool + }{ + {"", false, false}, + {"", true, true}, + + // yes + {"y", false, true}, + {"Y", false, true}, + {"Yes", false, true}, + {"yes", false, true}, + + // no + {"n", true, false}, + {"N", true, false}, + {"No", true, false}, + {"no", true, false}, + + // invalid -> no/yes + {"invalid|no", true, false}, + {"invalid|yes", false, true}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%s_%v", s.stdin, s.fallback), func(t *testing.T) { + stdinread, stdinwrite, err := os.Pipe() + if err != nil { + t.Fatal(err) + } + + parts := strings.Split(s.stdin, "|") + for _, p := range parts { + if _, err := stdinwrite.WriteString(p + "\n"); err != nil { + t.Fatalf("Failed to write test stdin part %q: %v", p, err) + } + } + + if err = stdinwrite.Close(); err != nil { + t.Fatal(err) + } + + defer func(oldStdin *os.File) { os.Stdin = oldStdin }(os.Stdin) + os.Stdin = stdinread + + result := osutils.YesNoPrompt("test", s.fallback) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} diff --git a/tools/osutils/dir.go b/tools/osutils/dir.go new file mode 100644 index 0000000..2d2c819 --- /dev/null +++ b/tools/osutils/dir.go @@ -0,0 +1,79 @@ +package osutils + +import ( + "errors" + "os" + "path/filepath" + + "github.com/pocketbase/pocketbase/tools/list" +) + +// MoveDirContent moves the src dir content, that is not listed in the exclude list, +// to dest dir (it will be created if missing). +// +// The rootExclude argument is used to specify a list of src root entries to exclude. +// +// Note that this method doesn't delete the old src dir. +// +// It is an alternative to os.Rename() for the cases where we can't +// rename/delete the src dir (see https://github.com/pocketbase/pocketbase/issues/2519). +func MoveDirContent(src string, dest string, rootExclude ...string) error { + entries, err := os.ReadDir(src) + if err != nil { + return err + } + + // make sure that the dest dir exist + manuallyCreatedDestDir := false + if _, err := os.Stat(dest); err != nil { + if err := os.Mkdir(dest, os.ModePerm); err != nil { + return err + } + manuallyCreatedDestDir = true + } + + moved := map[string]string{} + + tryRollback := func() []error { + errs := []error{} + + for old, new := range moved { + if err := os.Rename(new, old); err != nil { + errs = append(errs, err) + } + } + + // try to delete manually the created dest dir if all moved files were restored + if manuallyCreatedDestDir && len(errs) == 0 { + if err := os.Remove(dest); err != nil { + errs = append(errs, err) + } + } + + return errs + } + + for _, entry := range entries { + basename := entry.Name() + + if list.ExistInSlice(basename, rootExclude) { + continue + } + + old := filepath.Join(src, basename) + new := filepath.Join(dest, basename) + + if err := os.Rename(old, new); err != nil { + if errs := tryRollback(); len(errs) > 0 { + errs = append(errs, err) + err = errors.Join(errs...) + } + + return err + } + + moved[old] = new + } + + return nil +} diff --git a/tools/osutils/dir_test.go b/tools/osutils/dir_test.go new file mode 100644 index 0000000..f690e99 --- /dev/null +++ b/tools/osutils/dir_test.go @@ -0,0 +1,142 @@ +package osutils_test + +import ( + "io/fs" + "os" + "path/filepath" + "testing" + + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/osutils" + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestMoveDirContent(t *testing.T) { + testDir := createTestDir(t) + defer os.RemoveAll(testDir) + + exclude := []string{ + "missing", + "test2", + "b", + } + + // missing dest path + // --- + dir1 := filepath.Join(filepath.Dir(testDir), "a", "b", "c", "d", "_pb_move_dir_content_test_"+security.PseudorandomString(4)) + defer os.RemoveAll(dir1) + + if err := osutils.MoveDirContent(testDir, dir1, exclude...); err == nil { + t.Fatal("Expected path error, got nil") + } + + // existing parent dir + // --- + dir2 := filepath.Join(filepath.Dir(testDir), "_pb_move_dir_content_test_"+security.PseudorandomString(4)) + defer os.RemoveAll(dir2) + + if err := osutils.MoveDirContent(testDir, dir2, exclude...); err != nil { + t.Fatalf("Expected dir2 to be created, got error: %v", err) + } + + // find all files + files := []string{} + filepath.WalkDir(dir2, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + if d.IsDir() { + return nil + } + + files = append(files, path) + + return nil + }) + + expectedFiles := []string{ + filepath.Join(dir2, "test1"), + filepath.Join(dir2, "a", "a1"), + filepath.Join(dir2, "a", "a2"), + } + + if len(files) != len(expectedFiles) { + t.Fatalf("Expected %d files, got %d: \n%v", len(expectedFiles), len(files), files) + } + + for _, expected := range expectedFiles { + if !list.ExistInSlice(expected, files) { + t.Fatalf("Missing expected file %q in \n%v", expected, files) + } + } +} + +// ------------------------------------------------------------------- + +// note: make sure to call os.RemoveAll(dir) after you are done +// working with the created test dir. +func createTestDir(t *testing.T) string { + dir, err := os.MkdirTemp(os.TempDir(), "test_dir") + if err != nil { + t.Fatal(err) + } + + // create sub directories + if err := os.MkdirAll(filepath.Join(dir, "a"), os.ModePerm); err != nil { + t.Fatal(err) + } + if err := os.MkdirAll(filepath.Join(dir, "b"), os.ModePerm); err != nil { + t.Fatal(err) + } + + { + f, err := os.OpenFile(filepath.Join(dir, "test1"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "test2"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "a/a1"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "a/a2"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "b/b2"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + { + f, err := os.OpenFile(filepath.Join(dir, "b/b2"), os.O_WRONLY|os.O_CREATE, 0644) + if err != nil { + t.Fatal(err) + } + f.Close() + } + + return dir +} diff --git a/tools/picker/excerpt_modifier.go b/tools/picker/excerpt_modifier.go new file mode 100644 index 0000000..a60c842 --- /dev/null +++ b/tools/picker/excerpt_modifier.go @@ -0,0 +1,150 @@ +package picker + +import ( + "errors" + "regexp" + "strings" + + "github.com/pocketbase/pocketbase/tools/list" + "github.com/spf13/cast" + "golang.org/x/net/html" +) + +func init() { + Modifiers["excerpt"] = func(args ...string) (Modifier, error) { + return newExcerptModifier(args...) + } +} + +var whitespaceRegex = regexp.MustCompile(`\s+`) + +var excludeTags = []string{ + "head", "style", "script", "iframe", "embed", "applet", "object", + "svg", "img", "picture", "dialog", "template", "button", "form", + "textarea", "input", "select", "option", +} + +var inlineTags = []string{ + "a", "abbr", "acronym", "b", "bdo", "big", "br", "button", + "cite", "code", "em", "i", "label", "q", "small", "span", + "strong", "strike", "sub", "sup", "time", +} + +var _ Modifier = (*excerptModifier)(nil) + +type excerptModifier struct { + max int // approximate max excerpt length + withEllipsis bool // if enabled will add ellipsis when the plain text length > max +} + +// newExcerptModifier validates the specified raw string arguments and +// initializes a new excerptModifier. +// +// This method is usually invoked in initModifer(). +func newExcerptModifier(args ...string) (*excerptModifier, error) { + totalArgs := len(args) + + if totalArgs == 0 { + return nil, errors.New("max argument is required - expected (max, withEllipsis?)") + } + + if totalArgs > 2 { + return nil, errors.New("too many arguments - expected (max, withEllipsis?)") + } + + max := cast.ToInt(args[0]) + if max == 0 { + return nil, errors.New("max argument must be > 0") + } + + var withEllipsis bool + if totalArgs > 1 { + withEllipsis = cast.ToBool(args[1]) + } + + return &excerptModifier{max, withEllipsis}, nil +} + +// Modify implements the [Modifier.Modify] interface method. +// +// It returns a plain text excerpt/short-description from a formatted +// html string (non-string values are kept untouched). +func (m *excerptModifier) Modify(value any) (any, error) { + strValue, ok := value.(string) + if !ok { + // not a string -> return as it is without applying the modifier + // (we don't throw an error because the modifier could be applied for a missing expand field) + return value, nil + } + + var builder strings.Builder + + doc, err := html.Parse(strings.NewReader(strValue)) + if err != nil { + return "", err + } + + var hasPrevSpace bool + + // for all node types and more details check + // https://pkg.go.dev/golang.org/x/net/html#Parse + var stripTags func(*html.Node) + stripTags = func(n *html.Node) { + switch n.Type { + case html.TextNode: + // collapse multiple spaces into one + txt := whitespaceRegex.ReplaceAllString(n.Data, " ") + + if hasPrevSpace { + txt = strings.TrimLeft(txt, " ") + } + + if txt != "" { + hasPrevSpace = strings.HasSuffix(txt, " ") + + builder.WriteString(txt) + } + } + + // excerpt max has been reached => no need to further iterate + // (+2 for the extra whitespace suffix/prefix that will be trimmed later) + if builder.Len() > m.max+2 { + return + } + + for c := n.FirstChild; c != nil; c = c.NextSibling { + if c.Type != html.ElementNode || !list.ExistInSlice(c.Data, excludeTags) { + isBlock := c.Type == html.ElementNode && !list.ExistInSlice(c.Data, inlineTags) + + if isBlock && !hasPrevSpace { + builder.WriteString(" ") + hasPrevSpace = true + } + + stripTags(c) + + if isBlock && !hasPrevSpace { + builder.WriteString(" ") + hasPrevSpace = true + } + } + } + } + stripTags(doc) + + result := strings.TrimSpace(builder.String()) + + if len(result) > m.max { + // note: casted to []rune to properly account for multi-byte chars + runes := []rune(result) + if len(runes) > m.max { + result = string(runes[:m.max]) + result = strings.TrimSpace(result) + if m.withEllipsis { + result += "..." + } + } + } + + return result, nil +} diff --git a/tools/picker/excerpt_modifier_test.go b/tools/picker/excerpt_modifier_test.go new file mode 100644 index 0000000..7e5fe70 --- /dev/null +++ b/tools/picker/excerpt_modifier_test.go @@ -0,0 +1,170 @@ +package picker + +import ( + "fmt" + "testing" + + "github.com/spf13/cast" +) + +func TestNewExcerptModifier(t *testing.T) { + scenarios := []struct { + name string + args []string + expectError bool + }{ + { + "no arguments", + nil, + true, + }, + { + "too many arguments", + []string{"12", "false", "something"}, + true, + }, + { + "non-numeric max argument", + []string{"something"}, // should fallback to 0 which is not allowed + true, + }, + { + "numeric max argument", + []string{"12"}, + false, + }, + { + "non-bool withEllipsis argument", + []string{"12", "something"}, // should fallback to false which is allowed + false, + }, + { + "truthy withEllipsis argument", + []string{"12", "t"}, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + m, err := newExcerptModifier(s.args...) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + if m != nil { + t.Fatalf("Expected nil modifier, got %v", m) + } + + return + } + + var argMax int + if len(s.args) > 0 { + argMax = cast.ToInt(s.args[0]) + } + + var argWithEllipsis bool + if len(s.args) > 1 { + argWithEllipsis = cast.ToBool(s.args[1]) + } + + if m.max != argMax { + t.Fatalf("Expected max %d, got %d", argMax, m.max) + } + + if m.withEllipsis != argWithEllipsis { + t.Fatalf("Expected withEllipsis %v, got %v", argWithEllipsis, m.withEllipsis) + } + }) + } +} + +func TestExcerptModifierModify(t *testing.T) { + html := `

    Hello

    t est12 + 3456
    word 7 89!? a b c#

    title

    ` + + plainText := "Hello t est12 3456 word 7 89!? a b c# title" + + scenarios := []struct { + name string + args []string + value string + expected string + }{ + // without ellipsis + { + "only max < len(plainText)", + []string{"2"}, + html, + plainText[:2], + }, + { + "only max = len(plainText)", + []string{fmt.Sprint(len(plainText))}, + html, + plainText, + }, + { + "only max > len(plainText)", + []string{fmt.Sprint(len(plainText) + 5)}, + html, + plainText, + }, + + // with ellipsis + { + "with ellipsis and max < len(plainText)", + []string{"2", "t"}, + html, + plainText[:2] + "...", + }, + { + "with ellipsis and max = len(plainText)", + []string{fmt.Sprint(len(plainText)), "t"}, + html, + plainText, + }, + { + "with ellipsis and max > len(plainText)", + []string{fmt.Sprint(len(plainText) + 5), "t"}, + html, + plainText, + }, + + // multibyte chars + { + "mutibyte chars <= max", + []string{"4", "t"}, + "аб\nв ", + "аб в", + }, + { + "mutibyte chars > max", + []string{"3", "t"}, + "аб\nв ", + "аб...", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + m, err := newExcerptModifier(s.args...) + if err != nil { + t.Fatal(err) + } + + raw, err := m.Modify(s.value) + if err != nil { + t.Fatal(err) + } + + if v := cast.ToString(raw); v != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, v) + } + }) + } +} diff --git a/tools/picker/modifiers.go b/tools/picker/modifiers.go new file mode 100644 index 0000000..6572e0c --- /dev/null +++ b/tools/picker/modifiers.go @@ -0,0 +1,41 @@ +package picker + +import ( + "fmt" + + "github.com/pocketbase/pocketbase/tools/tokenizer" +) + +var Modifiers = map[string]ModifierFactoryFunc{} + +type ModifierFactoryFunc func(args ...string) (Modifier, error) + +type Modifier interface { + // Modify executes the modifier and returns a new modified value. + Modify(value any) (any, error) +} + +func initModifer(rawModifier string) (Modifier, error) { + t := tokenizer.NewFromString(rawModifier) + t.Separators('(', ')', ',', ' ') + t.IgnoreParenthesis(true) + + parts, err := t.ScanAll() + if err != nil { + return nil, err + } + + if len(parts) == 0 { + return nil, fmt.Errorf("invalid or empty modifier expression %q", rawModifier) + } + + name := parts[0] + args := parts[1:] + + factory, ok := Modifiers[name] + if !ok { + return nil, fmt.Errorf("missing or invalid modifier %q", name) + } + + return factory(args...) +} diff --git a/tools/picker/pick.go b/tools/picker/pick.go new file mode 100644 index 0000000..2cd23aa --- /dev/null +++ b/tools/picker/pick.go @@ -0,0 +1,184 @@ +package picker + +import ( + "encoding/json" + "strings" + + "github.com/pocketbase/pocketbase/tools/search" + "github.com/pocketbase/pocketbase/tools/tokenizer" +) + +// Pick converts data into a []any, map[string]any, etc. (using json marshal->unmarshal) +// containing only the fields from the parsed rawFields expression. +// +// rawFields is a comma separated string of the fields to include. +// Nested fields should be listed with dot-notation. +// Fields value modifiers are also supported using the `:modifier(args)` format (see Modifiers). +// +// Example: +// +// data := map[string]any{"a": 1, "b": 2, "c": map[string]any{"c1": 11, "c2": 22}} +// Pick(data, "a,c.c1") // map[string]any{"a": 1, "c": map[string]any{"c1": 11}} +func Pick(data any, rawFields string) (any, error) { + parsedFields, err := parseFields(rawFields) + if err != nil { + return nil, err + } + + // marshalize the provided data to ensure that the related json.Marshaler + // implementations are invoked, and then convert it back to a plain + // json value that we can further operate on. + // + // @todo research other approaches to avoid the double serialization + // --- + encoded, err := json.Marshal(data) + if err != nil { + return nil, err + } + + var decoded any + if err := json.Unmarshal(encoded, &decoded); err != nil { + return nil, err + } + // --- + + // special cases to preserve the same fields format when used with single item or search results data. + var isSearchResult bool + switch data.(type) { + case search.Result, *search.Result: + isSearchResult = true + } + + if isSearchResult { + if decodedMap, ok := decoded.(map[string]any); ok { + pickParsedFields(decodedMap["items"], parsedFields) + } + } else { + pickParsedFields(decoded, parsedFields) + } + + return decoded, nil +} + +func parseFields(rawFields string) (map[string]Modifier, error) { + t := tokenizer.NewFromString(rawFields) + + fields, err := t.ScanAll() + if err != nil { + return nil, err + } + + result := make(map[string]Modifier, len(fields)) + + for _, f := range fields { + parts := strings.SplitN(strings.TrimSpace(f), ":", 2) + + if len(parts) > 1 { + m, err := initModifer(parts[1]) + if err != nil { + return nil, err + } + result[parts[0]] = m + } else { + result[parts[0]] = nil + } + } + + return result, nil +} + +func pickParsedFields(data any, fields map[string]Modifier) error { + switch v := data.(type) { + case map[string]any: + pickMapFields(v, fields) + case []map[string]any: + for _, item := range v { + if err := pickMapFields(item, fields); err != nil { + return err + } + } + case []any: + if len(v) == 0 { + return nil // nothing to pick + } + + if _, ok := v[0].(map[string]any); !ok { + return nil // for now ignore non-map values + } + + for _, item := range v { + if err := pickMapFields(item.(map[string]any), fields); err != nil { + return nil + } + } + } + + return nil +} + +func pickMapFields(data map[string]any, fields map[string]Modifier) error { + if len(fields) == 0 { + return nil // nothing to pick + } + + if m, ok := fields["*"]; ok { + // append all missing root level data keys + for k := range data { + var exists bool + + for f := range fields { + if strings.HasPrefix(f+".", k+".") { + exists = true + break + } + } + + if !exists { + fields[k] = m + } + } + } + +DataLoop: + for k := range data { + matchingFields := make(map[string]Modifier, len(fields)) + for f, m := range fields { + if strings.HasPrefix(f+".", k+".") { + matchingFields[f] = m + continue + } + } + + if len(matchingFields) == 0 { + delete(data, k) + continue DataLoop + } + + // remove the current key from the matching fields path + for f, m := range matchingFields { + remains := strings.TrimSuffix(strings.TrimPrefix(f+".", k+"."), ".") + + // final key + if remains == "" { + if m != nil { + var err error + data[k], err = m.Modify(data[k]) + if err != nil { + return err + } + } + continue DataLoop + } + + // cleanup the old field key and continue with the rest of the field path + delete(matchingFields, f) + matchingFields[remains] = m + } + + if err := pickParsedFields(data[k], matchingFields); err != nil { + return err + } + } + + return nil +} diff --git a/tools/picker/pick_test.go b/tools/picker/pick_test.go new file mode 100644 index 0000000..95add58 --- /dev/null +++ b/tools/picker/pick_test.go @@ -0,0 +1,276 @@ +package picker_test + +import ( + "encoding/json" + "testing" + + "github.com/pocketbase/pocketbase/tools/picker" + "github.com/pocketbase/pocketbase/tools/search" +) + +func TestPickFields(t *testing.T) { + scenarios := []struct { + name string + data any + fields string + expectError bool + result string + }{ + { + "empty fields", + map[string]any{"a": 1, "b": 2, "c": "test"}, + "", + false, + `{"a":1,"b":2,"c":"test"}`, + }, + { + "missing fields", + map[string]any{"a": 1, "b": 2, "c": "test"}, + "missing", + false, + `{}`, + }, + { + "non map data", + "test", + "a,b,test", + false, + `"test"`, + }, + { + "non slice of map data", + []any{"a", "b", "test"}, + "a,test", + false, + `["a","b","test"]`, + }, + { + "map with no matching field", + map[string]any{"a": 1, "b": 2, "c": "test"}, + "missing", // test individual fields trim + false, + `{}`, + }, + { + "map with existing and missing fields", + map[string]any{"a": 1, "b": 2, "c": "test"}, + "a, c ,missing", // test individual fields trim + false, + `{"a":1,"c":"test"}`, + }, + { + "slice of maps with existing and missing fields", + []any{ + map[string]any{"a": 11, "b": 11, "c": "test1"}, + map[string]any{"a": 22, "b": 22, "c": "test2"}, + }, + "a, c ,missing", // test individual fields trim + false, + `[{"a":11,"c":"test1"},{"a":22,"c":"test2"}]`, + }, + { + "nested fields with mixed map and any slices", + map[string]any{ + "a": 1, + "b": 2, + "c": "test", + "anySlice": []any{ + map[string]any{ + "A": []int{1, 2, 3}, + "B": []any{"1", "2", 3}, + "C": "test", + "D": map[string]any{ + "DA": 1, + "DB": 2, + }, + }, + map[string]any{ + "A": "test", + }, + }, + "mapSlice": []map[string]any{ + { + "A": []int{1, 2, 3}, + "B": []any{"1", "2", 3}, + "C": "test", + "D": []any{ + map[string]any{"DA": 1}, + }, + }, + { + "B": []any{"1", "2", 3}, + "D": []any{ + map[string]any{"DA": 2}, + map[string]any{"DA": 3}, + map[string]any{"DB": 4}, // will result to empty since there is no DA + }, + }, + }, + "fullMap": []map[string]any{ + { + "A": []int{1, 2, 3}, + "B": []any{"1", "2", 3}, + "C": "test", + }, + { + "B": []any{"1", "2", 3}, + "D": []any{ + map[string]any{"DA": 2}, + map[string]any{"DA": 3}, // will result to empty since there is no DA + }, + }, + }, + }, + "a, c, anySlice.A, mapSlice.C, mapSlice.D.DA, anySlice.D,fullMap", + false, + `{"a":1,"anySlice":[{"A":[1,2,3],"D":{"DA":1,"DB":2}},{"A":"test"}],"c":"test","fullMap":[{"A":[1,2,3],"B":["1","2",3],"C":"test"},{"B":["1","2",3],"D":[{"DA":2},{"DA":3}]}],"mapSlice":[{"C":"test","D":[{"DA":1}]},{"D":[{"DA":2},{"DA":3},{}]}]}`, + }, + { + "SearchResult", + search.Result{ + Page: 1, + PerPage: 10, + TotalItems: 20, + TotalPages: 30, + Items: []any{ + map[string]any{"a": 11, "b": 11, "c": "test1"}, + map[string]any{"a": 22, "b": 22, "c": "test2"}, + }, + }, + "a,c,missing", + false, + `{"items":[{"a":11,"c":"test1"},{"a":22,"c":"test2"}],"page":1,"perPage":10,"totalItems":20,"totalPages":30}`, + }, + { + "*SearchResult", + &search.Result{ + Page: 1, + PerPage: 10, + TotalItems: 20, + TotalPages: 30, + Items: []any{ + map[string]any{"a": 11, "b": 11, "c": "test1"}, + map[string]any{"a": 22, "b": 22, "c": "test2"}, + }, + }, + "a,c", + false, + `{"items":[{"a":11,"c":"test1"},{"a":22,"c":"test2"}],"page":1,"perPage":10,"totalItems":20,"totalPages":30}`, + }, + { + "root wildcard", + &search.Result{ + Page: 1, + PerPage: 10, + TotalItems: 20, + TotalPages: 30, + Items: []any{ + map[string]any{"a": 11, "b": 11, "c": "test1"}, + map[string]any{"a": 22, "b": 22, "c": "test2"}, + }, + }, + "*", + false, + `{"items":[{"a":11,"b":11,"c":"test1"},{"a":22,"b":22,"c":"test2"}],"page":1,"perPage":10,"totalItems":20,"totalPages":30}`, + }, + { + "root wildcard with nested exception", + map[string]any{ + "id": "123", + "title": "lorem", + "rel": map[string]any{ + "id": "456", + "title": "rel_title", + }, + }, + "*,rel.id", + false, + `{"id":"123","rel":{"id":"456"},"title":"lorem"}`, + }, + { + "sub wildcard", + map[string]any{ + "id": "123", + "title": "lorem", + "rel": map[string]any{ + "id": "456", + "title": "rel_title", + "sub": map[string]any{ + "id": "789", + "title": "sub_title", + }, + }, + }, + "id,rel.*", + false, + `{"id":"123","rel":{"id":"456","sub":{"id":"789","title":"sub_title"},"title":"rel_title"}}`, + }, + { + "sub wildcard with nested exception", + map[string]any{ + "id": "123", + "title": "lorem", + "rel": map[string]any{ + "id": "456", + "title": "rel_title", + "sub": map[string]any{ + "id": "789", + "title": "sub_title", + }, + }, + }, + "id,rel.*,rel.sub.id", + false, + `{"id":"123","rel":{"id":"456","sub":{"id":"789"},"title":"rel_title"}}`, + }, + { + "invalid excerpt modifier", + map[string]any{"a": 1, "b": 2, "c": "test"}, + "*:excerpt", + true, + `{"a":1,"b":2,"c":"test"}`, + }, + { + "valid excerpt modifier", + map[string]any{ + "id": "123", + "title": "lorem", + "rel": map[string]any{ + "id": "456", + "title": "

    rel_title

    ", + "sub": map[string]any{ + "id": "789", + "title": "sub_title", + }, + }, + }, + "*:excerpt(2),rel.title:excerpt(3, true)", + false, + `{"id":"12","rel":{"title":"rel..."},"title":"lo"}`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result, err := picker.Pick(s.data, s.fields) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + serialized, err := json.Marshal(result) + if err != nil { + t.Fatal(err) + } + + if v := string(serialized); v != s.result { + t.Fatalf("Expected body\n%s \ngot \n%s", s.result, v) + } + }) + } +} diff --git a/tools/router/error.go b/tools/router/error.go new file mode 100644 index 0000000..2c437cd --- /dev/null +++ b/tools/router/error.go @@ -0,0 +1,231 @@ +package router + +import ( + "database/sql" + "errors" + "io/fs" + "net/http" + "strings" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/inflector" +) + +// SafeErrorItem defines a common error interface for a printable public safe error. +type SafeErrorItem interface { + // Code represents a fixed unique identifier of the error (usually used as translation key). + Code() string + + // Error is the default English human readable error message that will be returned. + Error() string +} + +// SafeErrorParamsResolver defines an optional interface for specifying dynamic error parameters. +type SafeErrorParamsResolver interface { + // Params defines a map with dynamic parameters to return as part of the public safe error view. + Params() map[string]any +} + +// SafeErrorResolver defines an error interface for resolving the public safe error fields. +type SafeErrorResolver interface { + // Resolve allows modifying and returning a new public safe error data map. + Resolve(errData map[string]any) any +} + +// ApiError defines the struct for a basic api error response. +type ApiError struct { + rawData any + + Data map[string]any `json:"data"` + Message string `json:"message"` + Status int `json:"status"` +} + +// Error makes it compatible with the `error` interface. +func (e *ApiError) Error() string { + return e.Message +} + +// RawData returns the unformatted error data (could be an internal error, text, etc.) +func (e *ApiError) RawData() any { + return e.rawData +} + +// Is reports whether the current ApiError wraps the target. +func (e *ApiError) Is(target error) bool { + err, ok := e.rawData.(error) + if ok { + return errors.Is(err, target) + } + + apiErr, ok := target.(*ApiError) + + return ok && e == apiErr +} + +// NewNotFoundError creates and returns 404 ApiError. +func NewNotFoundError(message string, rawErrData any) *ApiError { + if message == "" { + message = "The requested resource wasn't found." + } + + return NewApiError(http.StatusNotFound, message, rawErrData) +} + +// NewBadRequestError creates and returns 400 ApiError. +func NewBadRequestError(message string, rawErrData any) *ApiError { + if message == "" { + message = "Something went wrong while processing your request." + } + + return NewApiError(http.StatusBadRequest, message, rawErrData) +} + +// NewForbiddenError creates and returns 403 ApiError. +func NewForbiddenError(message string, rawErrData any) *ApiError { + if message == "" { + message = "You are not allowed to perform this request." + } + + return NewApiError(http.StatusForbidden, message, rawErrData) +} + +// NewUnauthorizedError creates and returns 401 ApiError. +func NewUnauthorizedError(message string, rawErrData any) *ApiError { + if message == "" { + message = "Missing or invalid authentication." + } + + return NewApiError(http.StatusUnauthorized, message, rawErrData) +} + +// NewInternalServerError creates and returns 500 ApiError. +func NewInternalServerError(message string, rawErrData any) *ApiError { + if message == "" { + message = "Something went wrong while processing your request." + } + + return NewApiError(http.StatusInternalServerError, message, rawErrData) +} + +func NewTooManyRequestsError(message string, rawErrData any) *ApiError { + if message == "" { + message = "Too Many Requests." + } + + return NewApiError(http.StatusTooManyRequests, message, rawErrData) +} + +// NewApiError creates and returns new normalized ApiError instance. +func NewApiError(status int, message string, rawErrData any) *ApiError { + if message == "" { + message = http.StatusText(status) + } + + return &ApiError{ + rawData: rawErrData, + Data: safeErrorsData(rawErrData), + Status: status, + Message: strings.TrimSpace(inflector.Sentenize(message)), + } +} + +// ToApiError wraps err into ApiError instance (if not already). +func ToApiError(err error) *ApiError { + var apiErr *ApiError + + if !errors.As(err, &apiErr) { + // no ApiError found -> assign a generic one + if errors.Is(err, sql.ErrNoRows) || errors.Is(err, fs.ErrNotExist) { + apiErr = NewNotFoundError("", err) + } else { + apiErr = NewBadRequestError("", err) + } + } + + return apiErr +} + +// ------------------------------------------------------------------- + +func safeErrorsData(data any) map[string]any { + switch v := data.(type) { + case validation.Errors: + return resolveSafeErrorsData(v) + case error: + validationErrors := validation.Errors{} + if errors.As(v, &validationErrors) { + return resolveSafeErrorsData(validationErrors) + } + return map[string]any{} // not nil to ensure that is json serialized as object + case map[string]validation.Error: + return resolveSafeErrorsData(v) + case map[string]SafeErrorItem: + return resolveSafeErrorsData(v) + case map[string]error: + return resolveSafeErrorsData(v) + case map[string]string: + return resolveSafeErrorsData(v) + case map[string]any: + return resolveSafeErrorsData(v) + default: + return map[string]any{} // not nil to ensure that is json serialized as object + } +} + +func resolveSafeErrorsData[T any](data map[string]T) map[string]any { + result := map[string]any{} + + for name, err := range data { + if isNestedError(err) { + result[name] = safeErrorsData(err) + } else { + result[name] = resolveSafeErrorItem(err) + } + } + + return result +} + +func isNestedError(err any) bool { + switch err.(type) { + case validation.Errors, + map[string]validation.Error, + map[string]SafeErrorItem, + map[string]error, + map[string]string, + map[string]any: + return true + } + + return false +} + +// resolveSafeErrorItem extracts from each validation error its +// public safe error code and message. +func resolveSafeErrorItem(err any) any { + data := map[string]any{} + + if obj, ok := err.(SafeErrorItem); ok { + // extract the specific error code and message + data["code"] = obj.Code() + data["message"] = inflector.Sentenize(obj.Error()) + } else { + // fallback to the default public safe values + data["code"] = "validation_invalid_value" + data["message"] = "Invalid value." + } + + if s, ok := err.(SafeErrorParamsResolver); ok { + params := s.Params() + if len(params) > 0 { + data["params"] = params + } + } + + if s, ok := err.(SafeErrorResolver); ok { + return s.Resolve(data) + } + + return data +} diff --git a/tools/router/error_test.go b/tools/router/error_test.go new file mode 100644 index 0000000..8ced893 --- /dev/null +++ b/tools/router/error_test.go @@ -0,0 +1,358 @@ +package router_test + +import ( + "database/sql" + "encoding/json" + "errors" + "fmt" + "io/fs" + "strconv" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/router" +) + +func TestNewApiErrorWithRawData(t *testing.T) { + t.Parallel() + + e := router.NewApiError( + 300, + "message_test", + "rawData_test", + ) + + result, _ := json.Marshal(e) + expected := `{"data":{},"message":"Message_test.","status":300}` + + if string(result) != expected { + t.Errorf("Expected\n%v\ngot\n%v", expected, string(result)) + } + + if e.Error() != "Message_test." { + t.Errorf("Expected %q, got %q", "Message_test.", e.Error()) + } + + if e.RawData() != "rawData_test" { + t.Errorf("Expected rawData\n%v\ngot\n%v", "rawData_test", e.RawData()) + } +} + +func TestNewApiErrorWithValidationData(t *testing.T) { + t.Parallel() + + e := router.NewApiError( + 300, + "message_test", + map[string]any{ + "err1": errors.New("test error"), // should be normalized + "err2": validation.ErrRequired, + "err3": validation.Errors{ + "err3.1": errors.New("test error"), // should be normalized + "err3.2": validation.ErrRequired, + "err3.3": validation.Errors{ + "err3.3.1": validation.ErrRequired, + }, + }, + "err4": &mockSafeErrorItem{}, + "err5": map[string]error{ + "err5.1": validation.ErrRequired, + }, + }, + ) + + result, _ := json.Marshal(e) + expected := `{"data":{"err1":{"code":"validation_invalid_value","message":"Invalid value."},"err2":{"code":"validation_required","message":"Cannot be blank."},"err3":{"err3.1":{"code":"validation_invalid_value","message":"Invalid value."},"err3.2":{"code":"validation_required","message":"Cannot be blank."},"err3.3":{"err3.3.1":{"code":"validation_required","message":"Cannot be blank."}}},"err4":{"code":"mock_code","message":"Mock_error.","mock_resolve":123},"err5":{"err5.1":{"code":"validation_required","message":"Cannot be blank."}}},"message":"Message_test.","status":300}` + + if string(result) != expected { + t.Errorf("Expected \n%v, \ngot \n%v", expected, string(result)) + } + + if e.Error() != "Message_test." { + t.Errorf("Expected %q, got %q", "Message_test.", e.Error()) + } + + if e.RawData() == nil { + t.Error("Expected non-nil rawData") + } +} + +func TestNewNotFoundError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + message string + data any + expected string + }{ + {"", nil, `{"data":{},"message":"The requested resource wasn't found.","status":404}`}, + {"demo", "rawData_test", `{"data":{},"message":"Demo.","status":404}`}, + {"demo", validation.Errors{"err1": validation.NewError("test_code", "test_message")}, `{"data":{"err1":{"code":"test_code","message":"Test_message."}},"message":"Demo.","status":404}`}, + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + e := router.NewNotFoundError(s.message, s.data) + result, _ := json.Marshal(e) + + if str := string(result); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestNewBadRequestError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + message string + data any + expected string + }{ + {"", nil, `{"data":{},"message":"Something went wrong while processing your request.","status":400}`}, + {"demo", "rawData_test", `{"data":{},"message":"Demo.","status":400}`}, + {"demo", validation.Errors{"err1": validation.NewError("test_code", "test_message")}, `{"data":{"err1":{"code":"test_code","message":"Test_message."}},"message":"Demo.","status":400}`}, + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + e := router.NewBadRequestError(s.message, s.data) + result, _ := json.Marshal(e) + + if str := string(result); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestNewForbiddenError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + message string + data any + expected string + }{ + {"", nil, `{"data":{},"message":"You are not allowed to perform this request.","status":403}`}, + {"demo", "rawData_test", `{"data":{},"message":"Demo.","status":403}`}, + {"demo", validation.Errors{"err1": validation.NewError("test_code", "test_message")}, `{"data":{"err1":{"code":"test_code","message":"Test_message."}},"message":"Demo.","status":403}`}, + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + e := router.NewForbiddenError(s.message, s.data) + result, _ := json.Marshal(e) + + if str := string(result); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestNewUnauthorizedError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + message string + data any + expected string + }{ + {"", nil, `{"data":{},"message":"Missing or invalid authentication.","status":401}`}, + {"demo", "rawData_test", `{"data":{},"message":"Demo.","status":401}`}, + {"demo", validation.Errors{"err1": validation.NewError("test_code", "test_message")}, `{"data":{"err1":{"code":"test_code","message":"Test_message."}},"message":"Demo.","status":401}`}, + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + e := router.NewUnauthorizedError(s.message, s.data) + result, _ := json.Marshal(e) + + if str := string(result); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestNewInternalServerError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + message string + data any + expected string + }{ + {"", nil, `{"data":{},"message":"Something went wrong while processing your request.","status":500}`}, + {"demo", "rawData_test", `{"data":{},"message":"Demo.","status":500}`}, + {"demo", validation.Errors{"err1": validation.NewError("test_code", "test_message")}, `{"data":{"err1":{"code":"test_code","message":"Test_message."}},"message":"Demo.","status":500}`}, + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + e := router.NewInternalServerError(s.message, s.data) + result, _ := json.Marshal(e) + + if str := string(result); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestNewTooManyRequestsError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + message string + data any + expected string + }{ + {"", nil, `{"data":{},"message":"Too Many Requests.","status":429}`}, + {"demo", "rawData_test", `{"data":{},"message":"Demo.","status":429}`}, + {"demo", validation.Errors{"err1": validation.NewError("test_code", "test_message").SetParams(map[string]any{"test": 123})}, `{"data":{"err1":{"code":"test_code","message":"Test_message.","params":{"test":123}}},"message":"Demo.","status":429}`}, + } + + for i, s := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + e := router.NewTooManyRequestsError(s.message, s.data) + result, _ := json.Marshal(e) + + if str := string(result); str != s.expected { + t.Fatalf("Expected\n%v\ngot\n%v", s.expected, str) + } + }) + } +} + +func TestApiErrorIs(t *testing.T) { + t.Parallel() + + err0 := router.NewInternalServerError("", nil) + err1 := router.NewInternalServerError("", nil) + err2 := errors.New("test") + err3 := fmt.Errorf("wrapped: %w", err0) + + scenarios := []struct { + name string + err error + target error + expected bool + }{ + { + "nil error", + err0, + nil, + false, + }, + { + "non ApiError", + err0, + err1, + false, + }, + { + "different ApiError", + err0, + err2, + false, + }, + { + "same ApiError", + err0, + err0, + true, + }, + { + "wrapped ApiError", + err3, + err0, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + is := errors.Is(s.err, s.target) + + if is != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, is) + } + }) + } +} + +func TestToApiError(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + err error + expected string + }{ + { + "regular error", + errors.New("test"), + `{"data":{},"message":"Something went wrong while processing your request.","status":400}`, + }, + { + "fs.ErrNotExist", + fs.ErrNotExist, + `{"data":{},"message":"The requested resource wasn't found.","status":404}`, + }, + { + "sql.ErrNoRows", + sql.ErrNoRows, + `{"data":{},"message":"The requested resource wasn't found.","status":404}`, + }, + { + "ApiError", + router.NewForbiddenError("test", nil), + `{"data":{},"message":"Test.","status":403}`, + }, + { + "wrapped ApiError", + fmt.Errorf("wrapped: %w", router.NewForbiddenError("test", nil)), + `{"data":{},"message":"Test.","status":403}`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + raw, err := json.Marshal(router.ToApiError(s.err)) + if err != nil { + t.Fatal(err) + } + rawStr := string(raw) + + if rawStr != s.expected { + t.Fatalf("Expected error\n%vgot\n%v", s.expected, rawStr) + } + }) + } +} + +// ------------------------------------------------------------------- + +var ( + _ router.SafeErrorItem = (*mockSafeErrorItem)(nil) + _ router.SafeErrorResolver = (*mockSafeErrorItem)(nil) +) + +type mockSafeErrorItem struct { +} + +func (m *mockSafeErrorItem) Code() string { + return "mock_code" +} + +func (m *mockSafeErrorItem) Error() string { + return "mock_error" +} + +func (m *mockSafeErrorItem) Resolve(errData map[string]any) any { + errData["mock_resolve"] = 123 + return errData +} diff --git a/tools/router/event.go b/tools/router/event.go new file mode 100644 index 0000000..a822c59 --- /dev/null +++ b/tools/router/event.go @@ -0,0 +1,398 @@ +package router + +import ( + "encoding/json" + "encoding/xml" + "errors" + "io" + "io/fs" + "net" + "net/http" + "net/netip" + "path/filepath" + "strings" + + "github.com/pocketbase/pocketbase/tools/filesystem" + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/picker" + "github.com/pocketbase/pocketbase/tools/store" +) + +var ErrUnsupportedContentType = NewBadRequestError("Unsupported Content-Type", nil) +var ErrInvalidRedirectStatusCode = NewInternalServerError("Invalid redirect status code", nil) +var ErrFileNotFound = NewNotFoundError("File not found", nil) + +const IndexPage = "index.html" + +// Event specifies based Route handler event that is usually intended +// to be embedded as part of a custom event struct. +// +// NB! It is expected that the Response and Request fields are always set. +type Event struct { + Response http.ResponseWriter + Request *http.Request + + hook.Event + + data store.Store[string, any] +} + +// RWUnwrapper specifies that an http.ResponseWriter could be "unwrapped" +// (usually used with [http.ResponseController]). +type RWUnwrapper interface { + Unwrap() http.ResponseWriter +} + +// Written reports whether the current response has already been written. +// +// This method always returns false if e.ResponseWritter doesn't implement the WriteTracker interface +// (all router package handlers receives a ResponseWritter that implements it unless explicitly replaced with a custom one). +func (e *Event) Written() bool { + written, _ := getWritten(e.Response) + return written +} + +// Status reports the status code of the current response. +// +// This method always returns 0 if e.Response doesn't implement the StatusTracker interface +// (all router package handlers receives a ResponseWritter that implements it unless explicitly replaced with a custom one). +func (e *Event) Status() int { + status, _ := getStatus(e.Response) + return status +} + +// Flush flushes buffered data to the current response. +// +// Returns [http.ErrNotSupported] if e.Response doesn't implement the [http.Flusher] interface +// (all router package handlers receives a ResponseWritter that implements it unless explicitly replaced with a custom one). +func (e *Event) Flush() error { + return http.NewResponseController(e.Response).Flush() +} + +// IsTLS reports whether the connection on which the request was received is TLS. +func (e *Event) IsTLS() bool { + return e.Request.TLS != nil +} + +// SetCookie is an alias for [http.SetCookie]. +// +// SetCookie adds a Set-Cookie header to the current response's headers. +// The provided cookie must have a valid Name. +// Invalid cookies may be silently dropped. +func (e *Event) SetCookie(cookie *http.Cookie) { + http.SetCookie(e.Response, cookie) +} + +// RemoteIP returns the IP address of the client that sent the request. +// +// IPv6 addresses are returned expanded. +// For example, "2001:db8::1" becomes "2001:0db8:0000:0000:0000:0000:0000:0001". +// +// Note that if you are behind reverse proxy(ies), this method returns +// the IP of the last connecting proxy. +func (e *Event) RemoteIP() string { + ip, _, _ := net.SplitHostPort(e.Request.RemoteAddr) + parsed, _ := netip.ParseAddr(ip) + return parsed.StringExpanded() +} + +// FindUploadedFiles extracts all form files of "key" from a http request +// and returns a slice with filesystem.File instances (if any). +func (e *Event) FindUploadedFiles(key string) ([]*filesystem.File, error) { + if e.Request.MultipartForm == nil { + err := e.Request.ParseMultipartForm(DefaultMaxMemory) + if err != nil { + return nil, err + } + } + + if e.Request.MultipartForm == nil || e.Request.MultipartForm.File == nil || len(e.Request.MultipartForm.File[key]) == 0 { + return nil, http.ErrMissingFile + } + + result := make([]*filesystem.File, 0, len(e.Request.MultipartForm.File[key])) + + for _, fh := range e.Request.MultipartForm.File[key] { + file, err := filesystem.NewFileFromMultipart(fh) + if err != nil { + return nil, err + } + + result = append(result, file) + } + + return result, nil +} + +// Store +// ------------------------------------------------------------------- + +// Get retrieves single value from the current event data store. +func (e *Event) Get(key string) any { + return e.data.Get(key) +} + +// GetAll returns a copy of the current event data store. +func (e *Event) GetAll() map[string]any { + return e.data.GetAll() +} + +// Set saves single value into the current event data store. +func (e *Event) Set(key string, value any) { + e.data.Set(key, value) +} + +// SetAll saves all items from m into the current event data store. +func (e *Event) SetAll(m map[string]any) { + for k, v := range m { + e.Set(k, v) + } +} + +// Response writers +// ------------------------------------------------------------------- + +const headerContentType = "Content-Type" + +func (e *Event) setResponseHeaderIfEmpty(key, value string) { + header := e.Response.Header() + if header.Get(key) == "" { + header.Set(key, value) + } +} + +// String writes a plain string response. +func (e *Event) String(status int, data string) error { + e.setResponseHeaderIfEmpty(headerContentType, "text/plain; charset=utf-8") + e.Response.WriteHeader(status) + _, err := e.Response.Write([]byte(data)) + return err +} + +// HTML writes an HTML response. +func (e *Event) HTML(status int, data string) error { + e.setResponseHeaderIfEmpty(headerContentType, "text/html; charset=utf-8") + e.Response.WriteHeader(status) + _, err := e.Response.Write([]byte(data)) + return err +} + +const jsonFieldsParam = "fields" + +// JSON writes a JSON response. +// +// It also provides a generic response data fields picker if the "fields" query parameter is set. +// For example, if you are requesting `?fields=a,b` for `e.JSON(200, map[string]int{ "a":1, "b":2, "c":3 })`, +// it should result in a JSON response like: `{"a":1, "b": 2}`. +func (e *Event) JSON(status int, data any) error { + e.setResponseHeaderIfEmpty(headerContentType, "application/json") + e.Response.WriteHeader(status) + + rawFields := e.Request.URL.Query().Get(jsonFieldsParam) + + // error response or no fields to pick + if rawFields == "" || status < 200 || status > 299 { + return json.NewEncoder(e.Response).Encode(data) + } + + // pick only the requested fields + modified, err := picker.Pick(data, rawFields) + if err != nil { + return err + } + + return json.NewEncoder(e.Response).Encode(modified) +} + +// XML writes an XML response. +// It automatically prepends the generic [xml.Header] string to the response. +func (e *Event) XML(status int, data any) error { + e.setResponseHeaderIfEmpty(headerContentType, "application/xml; charset=utf-8") + e.Response.WriteHeader(status) + if _, err := e.Response.Write([]byte(xml.Header)); err != nil { + return err + } + return xml.NewEncoder(e.Response).Encode(data) +} + +// Stream streams the specified reader into the response. +func (e *Event) Stream(status int, contentType string, reader io.Reader) error { + e.Response.Header().Set(headerContentType, contentType) + e.Response.WriteHeader(status) + _, err := io.Copy(e.Response, reader) + return err +} + +// Blob writes a blob (bytes slice) response. +func (e *Event) Blob(status int, contentType string, b []byte) error { + e.setResponseHeaderIfEmpty(headerContentType, contentType) + e.Response.WriteHeader(status) + _, err := e.Response.Write(b) + return err +} + +// FileFS serves the specified filename from fsys. +// +// It is similar to [echo.FileFS] for consistency with earlier versions. +func (e *Event) FileFS(fsys fs.FS, filename string) error { + f, err := fsys.Open(filename) + if err != nil { + return ErrFileNotFound + } + defer f.Close() + + fi, err := f.Stat() + if err != nil { + return err + } + + // if it is a directory try to open its index.html file + if fi.IsDir() { + filename = filepath.ToSlash(filepath.Join(filename, IndexPage)) + f, err = fsys.Open(filename) + if err != nil { + return ErrFileNotFound + } + defer f.Close() + + fi, err = f.Stat() + if err != nil { + return err + } + } + + ff, ok := f.(io.ReadSeeker) + if !ok { + return errors.New("[FileFS] file does not implement io.ReadSeeker") + } + + http.ServeContent(e.Response, e.Request, fi.Name(), fi.ModTime(), ff) + + return nil +} + +// NoContent writes a response with no body (ex. 204). +func (e *Event) NoContent(status int) error { + e.Response.WriteHeader(status) + return nil +} + +// Redirect writes a redirect response to the specified url. +// The status code must be in between 300 – 399 range. +func (e *Event) Redirect(status int, url string) error { + if status < 300 || status > 399 { + return ErrInvalidRedirectStatusCode + } + e.Response.Header().Set("Location", url) + e.Response.WriteHeader(status) + return nil +} + +// ApiError helpers +// ------------------------------------------------------------------- + +func (e *Event) Error(status int, message string, errData any) *ApiError { + return NewApiError(status, message, errData) +} + +func (e *Event) BadRequestError(message string, errData any) *ApiError { + return NewBadRequestError(message, errData) +} + +func (e *Event) NotFoundError(message string, errData any) *ApiError { + return NewNotFoundError(message, errData) +} + +func (e *Event) ForbiddenError(message string, errData any) *ApiError { + return NewForbiddenError(message, errData) +} + +func (e *Event) UnauthorizedError(message string, errData any) *ApiError { + return NewUnauthorizedError(message, errData) +} + +func (e *Event) TooManyRequestsError(message string, errData any) *ApiError { + return NewTooManyRequestsError(message, errData) +} + +func (e *Event) InternalServerError(message string, errData any) *ApiError { + return NewInternalServerError(message, errData) +} + +// Binders +// ------------------------------------------------------------------- + +const DefaultMaxMemory = 32 << 20 // 32mb + +// BindBody unmarshal the request body into the provided dst. +// +// dst must be either a struct pointer or map[string]any. +// +// The rules how the body will be scanned depends on the request Content-Type. +// +// Currently the following Content-Types are supported: +// - application/json +// - text/xml, application/xml +// - multipart/form-data, application/x-www-form-urlencoded +// +// Respectively the following struct tags are supported (again, which one will be used depends on the Content-Type): +// - "json" (json body)- uses the builtin Go json package for unmarshaling. +// - "xml" (xml body) - uses the builtin Go xml package for unmarshaling. +// - "form" (form data) - utilizes the custom [router.UnmarshalRequestData] method. +// +// NB! When dst is a struct make sure that it doesn't have public fields +// that shouldn't be bindable and it is advisible such fields to be unexported +// or have a separate struct just for the binding. For example: +// +// data := struct{ +// somethingPrivate string +// +// Title string `json:"title" form:"title"` +// Total int `json:"total" form:"total"` +// } +// err := e.BindBody(&data) +func (e *Event) BindBody(dst any) error { + if e.Request.ContentLength == 0 { + return nil + } + + contentType := e.Request.Header.Get(headerContentType) + + if strings.HasPrefix(contentType, "application/json") { + dec := json.NewDecoder(e.Request.Body) + err := dec.Decode(dst) + if err == nil { + // manually call Reread because single call of json.Decoder.Decode() + // doesn't ensure that the entire body is a valid json string + // and it is not guaranteed that it will reach EOF to trigger the reread reset + // (ex. in case of trailing spaces or invalid trailing parts like: `{"test":1},something`) + if body, ok := e.Request.Body.(Rereader); ok { + body.Reread() + } + } + return err + } + + if strings.HasPrefix(contentType, "multipart/form-data") { + if err := e.Request.ParseMultipartForm(DefaultMaxMemory); err != nil { + return err + } + + return UnmarshalRequestData(e.Request.Form, dst, "", "") + } + + if strings.HasPrefix(contentType, "application/x-www-form-urlencoded") { + if err := e.Request.ParseForm(); err != nil { + return err + } + + return UnmarshalRequestData(e.Request.Form, dst, "", "") + } + + if strings.HasPrefix(contentType, "text/xml") || + strings.HasPrefix(contentType, "application/xml") { + return xml.NewDecoder(e.Request.Body).Decode(dst) + } + + return ErrUnsupportedContentType +} diff --git a/tools/router/event_test.go b/tools/router/event_test.go new file mode 100644 index 0000000..8068ee1 --- /dev/null +++ b/tools/router/event_test.go @@ -0,0 +1,959 @@ +package router_test + +import ( + "bytes" + "crypto/tls" + "encoding/json" + "encoding/xml" + "errors" + "fmt" + "io" + "mime/multipart" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "regexp" + "strconv" + "strings" + "testing" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/pocketbase/pocketbase/tools/router" +) + +type unwrapTester struct { + http.ResponseWriter +} + +func (ut unwrapTester) Unwrap() http.ResponseWriter { + return ut.ResponseWriter +} + +func TestEventWritten(t *testing.T) { + t.Parallel() + + res1 := httptest.NewRecorder() + + res2 := httptest.NewRecorder() + res2.Write([]byte("test")) + + res3 := &router.ResponseWriter{ResponseWriter: unwrapTester{httptest.NewRecorder()}} + + res4 := &router.ResponseWriter{ResponseWriter: unwrapTester{httptest.NewRecorder()}} + res4.Write([]byte("test")) + + scenarios := []struct { + name string + response http.ResponseWriter + expected bool + }{ + { + name: "non-written non-WriteTracker", + response: res1, + expected: false, + }, + { + name: "written non-WriteTracker", + response: res2, + expected: false, + }, + { + name: "non-written WriteTracker", + response: res3, + expected: false, + }, + { + name: "written WriteTracker", + response: res4, + expected: true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + event := router.Event{ + Response: s.response, + } + + result := event.Written() + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestEventStatus(t *testing.T) { + t.Parallel() + + res1 := httptest.NewRecorder() + + res2 := httptest.NewRecorder() + res2.WriteHeader(123) + + res3 := &router.ResponseWriter{ResponseWriter: unwrapTester{httptest.NewRecorder()}} + + res4 := &router.ResponseWriter{ResponseWriter: unwrapTester{httptest.NewRecorder()}} + res4.WriteHeader(123) + + scenarios := []struct { + name string + response http.ResponseWriter + expected int + }{ + { + name: "non-written non-StatusTracker", + response: res1, + expected: 0, + }, + { + name: "written non-StatusTracker", + response: res2, + expected: 0, + }, + { + name: "non-written StatusTracker", + response: res3, + expected: 0, + }, + { + name: "written StatusTracker", + response: res4, + expected: 123, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + event := router.Event{ + Response: s.response, + } + + result := event.Status() + + if result != s.expected { + t.Fatalf("Expected %d, got %d", s.expected, result) + } + }) + } +} + +func TestEventIsTLS(t *testing.T) { + t.Parallel() + + req, err := http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatal(err) + } + + event := router.Event{Request: req} + + // without TLS + if event.IsTLS() { + t.Fatalf("Expected IsTLS false") + } + + // dummy TLS state + req.TLS = new(tls.ConnectionState) + + // with TLS + if !event.IsTLS() { + t.Fatalf("Expected IsTLS true") + } +} + +func TestEventSetCookie(t *testing.T) { + t.Parallel() + + event := router.Event{ + Response: httptest.NewRecorder(), + } + + cookie := event.Response.Header().Get("set-cookie") + if cookie != "" { + t.Fatalf("Expected empty cookie string, got %q", cookie) + } + + event.SetCookie(&http.Cookie{Name: "test", Value: "a"}) + + expected := "test=a" + + cookie = event.Response.Header().Get("set-cookie") + if cookie != expected { + t.Fatalf("Expected cookie %q, got %q", expected, cookie) + } +} + +func TestEventRemoteIP(t *testing.T) { + t.Parallel() + + scenarios := []struct { + remoteAddr string + expected string + }{ + {"", "invalid IP"}, + {"1.2.3.4", "invalid IP"}, + {"1.2.3.4:8090", "1.2.3.4"}, + {"[0000:0000:0000:0000:0000:0000:0000:0002]:80", "0000:0000:0000:0000:0000:0000:0000:0002"}, + {"[::2]:80", "0000:0000:0000:0000:0000:0000:0000:0002"}, // should always return the expanded version + } + + for _, s := range scenarios { + t.Run(s.remoteAddr, func(t *testing.T) { + req, err := http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatal(err) + } + req.RemoteAddr = s.remoteAddr + + event := router.Event{Request: req} + + ip := event.RemoteIP() + + if ip != s.expected { + t.Fatalf("Expected IP %q, got %q", s.expected, ip) + } + }) + } +} + +func TestFindUploadedFiles(t *testing.T) { + scenarios := []struct { + filename string + expectedPattern string + }{ + {"ab.png", `^ab\w{10}_\w{10}\.png$`}, + {"test", `^test_\w{10}\.txt$`}, + {"a b c d!@$.j!@$pg", `^a_b_c_d_\w{10}\.jpg$`}, + {strings.Repeat("a", 150), `^a{100}_\w{10}\.txt$`}, + } + + for _, s := range scenarios { + t.Run(s.filename, func(t *testing.T) { + // create multipart form file body + body := new(bytes.Buffer) + mp := multipart.NewWriter(body) + w, err := mp.CreateFormFile("test", s.filename) + if err != nil { + t.Fatal(err) + } + w.Write([]byte("test")) + mp.Close() + // --- + + req := httptest.NewRequest(http.MethodPost, "/", body) + req.Header.Add("Content-Type", mp.FormDataContentType()) + + event := router.Event{Request: req} + + result, err := event.FindUploadedFiles("test") + if err != nil { + t.Fatal(err) + } + + if len(result) != 1 { + t.Fatalf("Expected 1 file, got %d", len(result)) + } + + if result[0].Size != 4 { + t.Fatalf("Expected the file size to be 4 bytes, got %d", result[0].Size) + } + + pattern, err := regexp.Compile(s.expectedPattern) + if err != nil { + t.Fatalf("Invalid filename pattern %q: %v", s.expectedPattern, err) + } + if !pattern.MatchString(result[0].Name) { + t.Fatalf("Expected filename to match %s, got filename %s", s.expectedPattern, result[0].Name) + } + }) + } +} + +func TestFindUploadedFilesMissing(t *testing.T) { + body := new(bytes.Buffer) + mp := multipart.NewWriter(body) + mp.Close() + + req := httptest.NewRequest(http.MethodPost, "/", body) + req.Header.Add("Content-Type", mp.FormDataContentType()) + + event := router.Event{Request: req} + + result, err := event.FindUploadedFiles("test") + if err == nil { + t.Error("Expected error, got nil") + } + + if result != nil { + t.Errorf("Expected result to be nil, got %v", result) + } +} + +func TestEventSetGet(t *testing.T) { + event := router.Event{} + + // get before any set (ensures that doesn't panic) + if v := event.Get("test"); v != nil { + t.Fatalf("Expected nil value, got %v", v) + } + + event.Set("a", 123) + event.Set("b", 456) + + scenarios := []struct { + key string + expected any + }{ + {"", nil}, + {"missing", nil}, + {"a", 123}, + {"b", 456}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.key), func(t *testing.T) { + result := event.Get(s.key) + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestEventSetAllGetAll(t *testing.T) { + data := map[string]any{ + "a": 123, + "b": 456, + } + rawData, err := json.Marshal(data) + if err != nil { + t.Fatal(err) + } + + event := router.Event{} + event.SetAll(data) + + // modify the data to ensure that the map was shallow coppied + data["c"] = 789 + + result := event.GetAll() + rawResult, err := json.Marshal(result) + if err != nil { + t.Fatal(err) + } + + if len(rawResult) == 0 || !bytes.Equal(rawData, rawResult) { + t.Fatalf("Expected\n%v\ngot\n%v", rawData, rawResult) + } +} + +func TestEventString(t *testing.T) { + scenarios := []testResponseWriteScenario[string]{ + { + name: "no explicit content-type", + status: 123, + headers: nil, + body: "test", + expectedStatus: 123, + expectedHeaders: map[string]string{"content-type": "text/plain; charset=utf-8"}, + expectedBody: "test", + }, + { + name: "with explicit content-type", + status: 123, + headers: map[string]string{"content-type": "text/test"}, + body: "test", + expectedStatus: 123, + expectedHeaders: map[string]string{"content-type": "text/test"}, + expectedBody: "test", + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.String(s.status, s.body) + }) + } +} + +func TestEventHTML(t *testing.T) { + scenarios := []testResponseWriteScenario[string]{ + { + name: "no explicit content-type", + status: 123, + headers: nil, + body: "test", + expectedStatus: 123, + expectedHeaders: map[string]string{"content-type": "text/html; charset=utf-8"}, + expectedBody: "test", + }, + { + name: "with explicit content-type", + status: 123, + headers: map[string]string{"content-type": "text/test"}, + body: "test", + expectedStatus: 123, + expectedHeaders: map[string]string{"content-type": "text/test"}, + expectedBody: "test", + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.HTML(s.status, s.body) + }) + } +} + +func TestEventJSON(t *testing.T) { + body := map[string]any{"a": 123, "b": 456, "c": "test"} + expectedPickedBody := `{"a":123,"c":"test"}` + "\n" + expectedFullBody := `{"a":123,"b":456,"c":"test"}` + "\n" + + scenarios := []testResponseWriteScenario[any]{ + { + name: "no explicit content-type", + status: 200, + headers: nil, + body: body, + expectedStatus: 200, + expectedHeaders: map[string]string{"content-type": "application/json"}, + expectedBody: expectedPickedBody, + }, + { + name: "with explicit content-type (200)", + status: 200, + headers: map[string]string{"content-type": "application/test"}, + body: body, + expectedStatus: 200, + expectedHeaders: map[string]string{"content-type": "application/test"}, + expectedBody: expectedPickedBody, + }, + { + name: "with explicit content-type (400)", // no fields picker + status: 400, + headers: map[string]string{"content-type": "application/test"}, + body: body, + expectedStatus: 400, + expectedHeaders: map[string]string{"content-type": "application/test"}, + expectedBody: expectedFullBody, + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + e.Request.URL.RawQuery = "fields=a,c" // ensures that the picker is invoked + return e.JSON(s.status, s.body) + }) + } +} + +func TestEventXML(t *testing.T) { + scenarios := []testResponseWriteScenario[string]{ + { + name: "no explicit content-type", + status: 234, + headers: nil, + body: "test", + expectedStatus: 234, + expectedHeaders: map[string]string{"content-type": "application/xml; charset=utf-8"}, + expectedBody: xml.Header + "test", + }, + { + name: "with explicit content-type", + status: 234, + headers: map[string]string{"content-type": "text/test"}, + body: "test", + expectedStatus: 234, + expectedHeaders: map[string]string{"content-type": "text/test"}, + expectedBody: xml.Header + "test", + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.XML(s.status, s.body) + }) + } +} + +func TestEventStream(t *testing.T) { + scenarios := []testResponseWriteScenario[string]{ + { + name: "stream", + status: 234, + headers: map[string]string{"content-type": "text/test"}, + body: "test", + expectedStatus: 234, + expectedHeaders: map[string]string{"content-type": "text/test"}, + expectedBody: "test", + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.Stream(s.status, s.headers["content-type"], strings.NewReader(s.body)) + }) + } +} + +func TestEventBlob(t *testing.T) { + scenarios := []testResponseWriteScenario[[]byte]{ + { + name: "blob", + status: 234, + headers: map[string]string{"content-type": "text/test"}, + body: []byte("test"), + expectedStatus: 234, + expectedHeaders: map[string]string{"content-type": "text/test"}, + expectedBody: "test", + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.Blob(s.status, s.headers["content-type"], s.body) + }) + } +} + +func TestEventNoContent(t *testing.T) { + s := testResponseWriteScenario[any]{ + name: "no content", + status: 234, + headers: map[string]string{"content-type": "text/test"}, + body: nil, + expectedStatus: 234, + expectedHeaders: map[string]string{"content-type": "text/test"}, + expectedBody: "", + } + + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.NoContent(s.status) + }) +} + +func TestEventFlush(t *testing.T) { + rec := httptest.NewRecorder() + + event := &router.Event{ + Response: unwrapTester{&router.ResponseWriter{ResponseWriter: rec}}, + } + event.Response.Write([]byte("test")) + event.Flush() + + if !rec.Flushed { + t.Fatal("Expected response to be flushed") + } +} + +func TestEventRedirect(t *testing.T) { + scenarios := []testResponseWriteScenario[any]{ + { + name: "non-30x status", + status: 200, + expectedStatus: 200, + expectedError: router.ErrInvalidRedirectStatusCode, + }, + { + name: "30x status", + status: 302, + headers: map[string]string{"location": "test"}, // should be overwritten with the argument + expectedStatus: 302, + expectedHeaders: map[string]string{"location": "example"}, + }, + } + + for _, s := range scenarios { + testEventResponseWrite(t, s, func(e *router.Event) error { + return e.Redirect(s.status, "example") + }) + } +} + +func TestEventFileFS(t *testing.T) { + // stub test files + // --- + dir, err := os.MkdirTemp("", "EventFileFS") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(dir) + + err = os.WriteFile(filepath.Join(dir, "index.html"), []byte("index"), 0644) + if err != nil { + t.Fatal(err) + } + + err = os.WriteFile(filepath.Join(dir, "test.txt"), []byte("test"), 0644) + if err != nil { + t.Fatal(err) + } + + // create sub directory with an index.html file inside it + err = os.MkdirAll(filepath.Join(dir, "sub1"), os.ModePerm) + if err != nil { + t.Fatal(err) + } + err = os.WriteFile(filepath.Join(dir, "sub1", "index.html"), []byte("sub1 index"), 0644) + if err != nil { + t.Fatal(err) + } + + err = os.MkdirAll(filepath.Join(dir, "sub2"), os.ModePerm) + if err != nil { + t.Fatal(err) + } + err = os.WriteFile(filepath.Join(dir, "sub2", "test.txt"), []byte("sub2 test"), 0644) + if err != nil { + t.Fatal(err) + } + // --- + + scenarios := []struct { + name string + path string + expected string + }{ + {"missing file", "", ""}, + {"root with no explicit file", "", ""}, + {"root with explicit file", "test.txt", "test"}, + {"sub dir with no explicit file", "sub1", "sub1 index"}, + {"sub dir with no explicit file (no index.html)", "sub2", ""}, + {"sub dir explicit file", "sub2/test.txt", "sub2 test"}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + req, err := http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatal(err) + } + + rec := httptest.NewRecorder() + + event := &router.Event{ + Request: req, + Response: rec, + } + + err = event.FileFS(os.DirFS(dir), s.path) + + hasErr := err != nil + expectErr := s.expected == "" + if hasErr != expectErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", expectErr, hasErr, err) + } + + result := rec.Result() + + raw, err := io.ReadAll(result.Body) + result.Body.Close() + if err != nil { + t.Fatal(err) + } + + if string(raw) != s.expected { + t.Fatalf("Expected body\n%s\ngot\n%s", s.expected, raw) + } + + // ensure that the proper file headers are added + // (aka. http.ServeContent is invoked) + length, _ := strconv.Atoi(result.Header.Get("content-length")) + if length != len(s.expected) { + t.Fatalf("Expected Content-Length %d, got %d", len(s.expected), length) + } + }) + } +} + +func TestEventError(t *testing.T) { + err := new(router.Event).Error(123, "message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":123}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventBadRequestError(t *testing.T) { + err := new(router.Event).BadRequestError("message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":400}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventNotFoundError(t *testing.T) { + err := new(router.Event).NotFoundError("message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":404}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventForbiddenError(t *testing.T) { + err := new(router.Event).ForbiddenError("message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":403}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventUnauthorizedError(t *testing.T) { + err := new(router.Event).UnauthorizedError("message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":401}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventTooManyRequestsError(t *testing.T) { + err := new(router.Event).TooManyRequestsError("message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":429}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventInternalServerError(t *testing.T) { + err := new(router.Event).InternalServerError("message_test", map[string]any{"a": validation.Required, "b": "test"}) + + result, _ := json.Marshal(err) + expected := `{"data":{"a":{"code":"validation_invalid_value","message":"Invalid value."},"b":{"code":"validation_invalid_value","message":"Invalid value."}},"message":"Message_test.","status":500}` + + if string(result) != expected { + t.Errorf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestEventBindBody(t *testing.T) { + type testDstStruct struct { + A int `json:"a" xml:"a" form:"a"` + B int `json:"b" xml:"b" form:"b"` + C string `json:"c" xml:"c" form:"c"` + } + + emptyDst := `{"a":0,"b":0,"c":""}` + + queryDst := `a=123&b=-456&c=test` + + xmlDst := ` + + + 123 + -456 + test + + ` + + jsonDst := `{"a":123,"b":-456,"c":"test"}` + + // multipart + mpBody := &bytes.Buffer{} + mpWriter := multipart.NewWriter(mpBody) + mpWriter.WriteField("@jsonPayload", `{"a":123}`) + mpWriter.WriteField("b", "-456") + mpWriter.WriteField("c", "test") + if err := mpWriter.Close(); err != nil { + t.Fatal(err) + } + + scenarios := []struct { + contentType string + body io.Reader + expectDst string + expectError bool + }{ + { + contentType: "", + body: strings.NewReader(jsonDst), + expectDst: emptyDst, + expectError: true, + }, + { + contentType: "application/rtf", // unsupported + body: strings.NewReader(jsonDst), + expectDst: emptyDst, + expectError: true, + }, + // empty body + { + contentType: "application/json;charset=emptybody", + body: strings.NewReader(""), + expectDst: emptyDst, + }, + // json + { + contentType: "application/json", + body: strings.NewReader(jsonDst), + expectDst: jsonDst, + }, + { + contentType: "application/json;charset=abc", + body: strings.NewReader(jsonDst), + expectDst: jsonDst, + }, + // xml + { + contentType: "text/xml", + body: strings.NewReader(xmlDst), + expectDst: jsonDst, + }, + { + contentType: "text/xml;charset=abc", + body: strings.NewReader(xmlDst), + expectDst: jsonDst, + }, + { + contentType: "application/xml", + body: strings.NewReader(xmlDst), + expectDst: jsonDst, + }, + { + contentType: "application/xml;charset=abc", + body: strings.NewReader(xmlDst), + expectDst: jsonDst, + }, + // x-www-form-urlencoded + { + contentType: "application/x-www-form-urlencoded", + body: strings.NewReader(queryDst), + expectDst: jsonDst, + }, + { + contentType: "application/x-www-form-urlencoded;charset=abc", + body: strings.NewReader(queryDst), + expectDst: jsonDst, + }, + // multipart + { + contentType: mpWriter.FormDataContentType(), + body: mpBody, + expectDst: jsonDst, + }, + } + + for _, s := range scenarios { + t.Run(s.contentType, func(t *testing.T) { + req, err := http.NewRequest(http.MethodPost, "/", s.body) + if err != nil { + t.Fatal(err) + } + req.Header.Add("content-type", s.contentType) + + event := &router.Event{Request: req} + + dst := testDstStruct{} + + err = event.BindBody(&dst) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + dstRaw, err := json.Marshal(dst) + if err != nil { + t.Fatal(err) + } + + if string(dstRaw) != s.expectDst { + t.Fatalf("Expected dst\n%s\ngot\n%s", s.expectDst, dstRaw) + } + }) + } +} + +// ------------------------------------------------------------------- + +type testResponseWriteScenario[T any] struct { + name string + status int + headers map[string]string + body T + expectedStatus int + expectedHeaders map[string]string + expectedBody string + expectedError error +} + +func testEventResponseWrite[T any]( + t *testing.T, + scenario testResponseWriteScenario[T], + writeFunc func(e *router.Event) error, +) { + t.Run(scenario.name, func(t *testing.T) { + req, err := http.NewRequest(http.MethodGet, "/", nil) + if err != nil { + t.Fatal(err) + } + + rec := httptest.NewRecorder() + event := &router.Event{ + Request: req, + Response: &router.ResponseWriter{ResponseWriter: rec}, + } + + for k, v := range scenario.headers { + event.Response.Header().Add(k, v) + } + + err = writeFunc(event) + if (scenario.expectedError != nil || err != nil) && !errors.Is(err, scenario.expectedError) { + t.Fatalf("Expected error %v, got %v", scenario.expectedError, err) + } + + result := rec.Result() + + if result.StatusCode != scenario.expectedStatus { + t.Fatalf("Expected status code %d, got %d", scenario.expectedStatus, result.StatusCode) + } + + resultBody, err := io.ReadAll(result.Body) + result.Body.Close() + if err != nil { + t.Fatalf("Failed to read response body: %v", err) + } + + resultBody, err = json.Marshal(string(resultBody)) + if err != nil { + t.Fatal(err) + } + + expectedBody, err := json.Marshal(scenario.expectedBody) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(resultBody, expectedBody) { + t.Fatalf("Expected body\n%s\ngot\n%s", expectedBody, resultBody) + } + + for k, ev := range scenario.expectedHeaders { + if v := result.Header.Get(k); v != ev { + t.Fatalf("Expected %q header to be %q, got %q", k, ev, v) + } + } + }) +} diff --git a/tools/router/group.go b/tools/router/group.go new file mode 100644 index 0000000..b6f7524 --- /dev/null +++ b/tools/router/group.go @@ -0,0 +1,231 @@ +package router + +import ( + "net/http" + "regexp" + "strings" + + "github.com/pocketbase/pocketbase/tools/hook" +) + +// (note: the struct is named RouterGroup instead of Group so that it can +// be embedded in the Router without conflicting with the Group method) + +// RouterGroup represents a collection of routes and other sub groups +// that share common pattern prefix and middlewares. +type RouterGroup[T hook.Resolver] struct { + excludedMiddlewares map[string]struct{} + children []any // Route or RouterGroup + + Prefix string + Middlewares []*hook.Handler[T] +} + +// Group creates and register a new child Group into the current one +// with the specified prefix. +// +// The prefix follows the standard Go net/http ServeMux pattern format ("[HOST]/[PATH]") +// and will be concatenated recursively into the final route path, meaning that +// only the root level group could have HOST as part of the prefix. +// +// Returns the newly created group to allow chaining and registering +// sub-routes and group specific middlewares. +func (group *RouterGroup[T]) Group(prefix string) *RouterGroup[T] { + newGroup := &RouterGroup[T]{} + newGroup.Prefix = prefix + + group.children = append(group.children, newGroup) + + return newGroup +} + +// BindFunc registers one or multiple middleware functions to the current group. +// +// The registered middleware functions are "anonymous" and with default priority, +// aka. executes in the order they were registered. +// +// If you need to specify a named middleware (ex. so that it can be removed) +// or middleware with custom exec prirority, use [RouterGroup.Bind] method. +func (group *RouterGroup[T]) BindFunc(middlewareFuncs ...func(e T) error) *RouterGroup[T] { + for _, m := range middlewareFuncs { + group.Middlewares = append(group.Middlewares, &hook.Handler[T]{Func: m}) + } + + return group +} + +// Bind registers one or multiple middleware handlers to the current group. +func (group *RouterGroup[T]) Bind(middlewares ...*hook.Handler[T]) *RouterGroup[T] { + group.Middlewares = append(group.Middlewares, middlewares...) + + // unmark the newly added middlewares in case they were previously "excluded" + if group.excludedMiddlewares != nil { + for _, m := range middlewares { + if m.Id != "" { + delete(group.excludedMiddlewares, m.Id) + } + } + } + + return group +} + +// Unbind removes one or more middlewares with the specified id(s) +// from the current group and its children (if any). +// +// Anonymous middlewares are not removable, aka. this method does nothing +// if the middleware id is an empty string. +func (group *RouterGroup[T]) Unbind(middlewareIds ...string) *RouterGroup[T] { + for _, middlewareId := range middlewareIds { + if middlewareId == "" { + continue + } + + // remove from the group middlwares + for i := len(group.Middlewares) - 1; i >= 0; i-- { + if group.Middlewares[i].Id == middlewareId { + group.Middlewares = append(group.Middlewares[:i], group.Middlewares[i+1:]...) + } + } + + // remove from the group children + for i := len(group.children) - 1; i >= 0; i-- { + switch v := group.children[i].(type) { + case *RouterGroup[T]: + v.Unbind(middlewareId) + case *Route[T]: + v.Unbind(middlewareId) + } + } + + // add to the exclude list + if group.excludedMiddlewares == nil { + group.excludedMiddlewares = map[string]struct{}{} + } + group.excludedMiddlewares[middlewareId] = struct{}{} + } + + return group +} + +// Route registers a single route into the current group. +// +// Note that the final route path will be the concatenation of all parent groups prefixes + the route path. +// The path follows the standard Go net/http ServeMux format ("[HOST]/[PATH]"), +// meaning that only a top level group route could have HOST as part of the prefix. +// +// Returns the newly created route to allow attaching route-only middlewares. +func (group *RouterGroup[T]) Route(method string, path string, action func(e T) error) *Route[T] { + route := &Route[T]{ + Method: method, + Path: path, + Action: action, + } + + group.children = append(group.children, route) + + return route +} + +// Any is a shorthand for [RouterGroup.AddRoute] with "" as route method (aka. matches any method). +func (group *RouterGroup[T]) Any(path string, action func(e T) error) *Route[T] { + return group.Route("", path, action) +} + +// GET is a shorthand for [RouterGroup.AddRoute] with GET as route method. +func (group *RouterGroup[T]) GET(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodGet, path, action) +} + +// SEARCH is a shorthand for [RouterGroup.AddRoute] with SEARCH as route method. +func (group *RouterGroup[T]) SEARCH(path string, action func(e T) error) *Route[T] { + return group.Route("SEARCH", path, action) +} + +// POST is a shorthand for [RouterGroup.AddRoute] with POST as route method. +func (group *RouterGroup[T]) POST(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodPost, path, action) +} + +// DELETE is a shorthand for [RouterGroup.AddRoute] with DELETE as route method. +func (group *RouterGroup[T]) DELETE(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodDelete, path, action) +} + +// PATCH is a shorthand for [RouterGroup.AddRoute] with PATCH as route method. +func (group *RouterGroup[T]) PATCH(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodPatch, path, action) +} + +// PUT is a shorthand for [RouterGroup.AddRoute] with PUT as route method. +func (group *RouterGroup[T]) PUT(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodPut, path, action) +} + +// HEAD is a shorthand for [RouterGroup.AddRoute] with HEAD as route method. +func (group *RouterGroup[T]) HEAD(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodHead, path, action) +} + +// OPTIONS is a shorthand for [RouterGroup.AddRoute] with OPTIONS as route method. +func (group *RouterGroup[T]) OPTIONS(path string, action func(e T) error) *Route[T] { + return group.Route(http.MethodOptions, path, action) +} + +// HasRoute checks whether the specified route pattern (method + path) +// is registered in the current group or its children. +// +// This could be useful to conditionally register and checks for routes +// in order prevent panic on duplicated routes. +// +// Note that routes with anonymous and named wildcard placeholder are treated as equal, +// aka. "GET /abc/" is considered the same as "GET /abc/{something...}". +func (group *RouterGroup[T]) HasRoute(method string, path string) bool { + pattern := path + if method != "" { + pattern = strings.ToUpper(method) + " " + pattern + } + + return group.hasRoute(pattern, nil) +} + +func (group *RouterGroup[T]) hasRoute(pattern string, parents []*RouterGroup[T]) bool { + for _, child := range group.children { + switch v := child.(type) { + case *RouterGroup[T]: + if v.hasRoute(pattern, append(parents, group)) { + return true + } + case *Route[T]: + var result string + + if v.Method != "" { + result += v.Method + " " + } + + // add parent groups prefixes + for _, p := range parents { + result += p.Prefix + } + + // add current group prefix + result += group.Prefix + + // add current route path + result += v.Path + + if result == pattern || // direct match + // compares without the named wildcard, aka. /abc/{test...} is equal to /abc/ + stripWildcard(result) == stripWildcard(pattern) { + return true + } + } + } + return false +} + +var wildcardPlaceholderRegex = regexp.MustCompile(`/{.+\.\.\.}$`) + +func stripWildcard(pattern string) string { + return wildcardPlaceholderRegex.ReplaceAllString(pattern, "/") +} diff --git a/tools/router/group_test.go b/tools/router/group_test.go new file mode 100644 index 0000000..aeafca4 --- /dev/null +++ b/tools/router/group_test.go @@ -0,0 +1,430 @@ +package router + +import ( + "errors" + "fmt" + "net/http" + "slices" + "testing" + + "github.com/pocketbase/pocketbase/tools/hook" +) + +func TestRouterGroupGroup(t *testing.T) { + t.Parallel() + + g0 := RouterGroup[*Event]{} + + g1 := g0.Group("test1") + g2 := g0.Group("test2") + + if total := len(g0.children); total != 2 { + t.Fatalf("Expected %d child groups, got %d", 2, total) + } + + if g1.Prefix != "test1" { + t.Fatalf("Expected g1 with prefix %q, got %q", "test1", g1.Prefix) + } + if g2.Prefix != "test2" { + t.Fatalf("Expected g2 with prefix %q, got %q", "test2", g2.Prefix) + } +} + +func TestRouterGroupBindFunc(t *testing.T) { + t.Parallel() + + g := RouterGroup[*Event]{} + + calls := "" + + // append one function + g.BindFunc(func(e *Event) error { + calls += "a" + return nil + }) + + // append multiple functions + g.BindFunc( + func(e *Event) error { + calls += "b" + return nil + }, + func(e *Event) error { + calls += "c" + return nil + }, + ) + + if total := len(g.Middlewares); total != 3 { + t.Fatalf("Expected %d middlewares, got %v", 3, total) + } + + for _, h := range g.Middlewares { + _ = h.Func(nil) + } + + if calls != "abc" { + t.Fatalf("Expected calls sequence %q, got %q", "abc", calls) + } +} + +func TestRouterGroupBind(t *testing.T) { + t.Parallel() + + g := RouterGroup[*Event]{ + // mock excluded middlewares to check whether the entry will be deleted + excludedMiddlewares: map[string]struct{}{"test2": {}}, + } + + calls := "" + + // append one handler + g.Bind(&hook.Handler[*Event]{ + Func: func(e *Event) error { + calls += "a" + return nil + }, + }) + + // append multiple handlers + g.Bind( + &hook.Handler[*Event]{ + Id: "test1", + Func: func(e *Event) error { + calls += "b" + return nil + }, + }, + &hook.Handler[*Event]{ + Id: "test2", + Func: func(e *Event) error { + calls += "c" + return nil + }, + }, + ) + + if total := len(g.Middlewares); total != 3 { + t.Fatalf("Expected %d middlewares, got %v", 3, total) + } + + for _, h := range g.Middlewares { + _ = h.Func(nil) + } + + if calls != "abc" { + t.Fatalf("Expected calls %q, got %q", "abc", calls) + } + + // ensures that the previously excluded middleware was removed + if len(g.excludedMiddlewares) != 0 { + t.Fatalf("Expected test2 to be removed from the excludedMiddlewares list, got %v", g.excludedMiddlewares) + } +} + +func TestRouterGroupUnbind(t *testing.T) { + t.Parallel() + + g := RouterGroup[*Event]{} + + calls := "" + + // anonymous middlewares + g.Bind(&hook.Handler[*Event]{ + Func: func(e *Event) error { + calls += "a" + return nil // unused value + }, + }) + + // middlewares with id + g.Bind(&hook.Handler[*Event]{ + Id: "test1", + Func: func(e *Event) error { + calls += "b" + return nil // unused value + }, + }) + g.Bind(&hook.Handler[*Event]{ + Id: "test2", + Func: func(e *Event) error { + calls += "c" + return nil // unused value + }, + }) + g.Bind(&hook.Handler[*Event]{ + Id: "test3", + Func: func(e *Event) error { + calls += "d" + return nil // unused value + }, + }) + + // remove + g.Unbind("") // should be no-op + g.Unbind("test1", "test3") + + if total := len(g.Middlewares); total != 2 { + t.Fatalf("Expected %d middlewares, got %v", 2, total) + } + + for _, h := range g.Middlewares { + if err := h.Func(nil); err != nil { + continue + } + } + + if calls != "ac" { + t.Fatalf("Expected calls %q, got %q", "ac", calls) + } + + // ensure that the ids were added in the exclude list + excluded := []string{"test1", "test3"} + if len(g.excludedMiddlewares) != len(excluded) { + t.Fatalf("Expected excludes %v, got %v", excluded, g.excludedMiddlewares) + } + for id := range g.excludedMiddlewares { + if !slices.Contains(excluded, id) { + t.Fatalf("Expected %q to be marked as excluded", id) + } + } +} + +func TestRouterGroupRoute(t *testing.T) { + t.Parallel() + + group := RouterGroup[*Event]{} + + sub := group.Group("sub") + + var called bool + route := group.Route(http.MethodPost, "/test", func(e *Event) error { + called = true + return nil + }) + + // ensure that the route was registered only to the main one + // --- + if len(sub.children) != 0 { + t.Fatalf("Expected no sub children, got %d", len(sub.children)) + } + + if len(group.children) != 2 { + t.Fatalf("Expected %d group children, got %d", 2, len(group.children)) + } + // --- + + // check the registered route + // --- + if route != group.children[1] { + t.Fatalf("Expected group children %v, got %v", route, group.children[1]) + } + + if route.Method != http.MethodPost { + t.Fatalf("Expected route method %q, got %q", http.MethodPost, route.Method) + } + + if route.Path != "/test" { + t.Fatalf("Expected route path %q, got %q", "/test", route.Path) + } + + route.Action(nil) + if !called { + t.Fatal("Expected route action to be called") + } +} + +func TestRouterGroupRouteAliases(t *testing.T) { + t.Parallel() + + group := RouterGroup[*Event]{} + + testErr := errors.New("test") + + testAction := func(e *Event) error { + return testErr + } + + scenarios := []struct { + route *Route[*Event] + expectMethod string + expectPath string + }{ + { + group.Any("/test", testAction), + "", + "/test", + }, + { + group.GET("/test", testAction), + http.MethodGet, + "/test", + }, + { + group.SEARCH("/test", testAction), + "SEARCH", + "/test", + }, + { + group.POST("/test", testAction), + http.MethodPost, + "/test", + }, + { + group.DELETE("/test", testAction), + http.MethodDelete, + "/test", + }, + { + group.PATCH("/test", testAction), + http.MethodPatch, + "/test", + }, + { + group.PUT("/test", testAction), + http.MethodPut, + "/test", + }, + { + group.HEAD("/test", testAction), + http.MethodHead, + "/test", + }, + { + group.OPTIONS("/test", testAction), + http.MethodOptions, + "/test", + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s_%s", i, s.expectMethod, s.expectPath), func(t *testing.T) { + if s.route.Method != s.expectMethod { + t.Fatalf("Expected method %q, got %q", s.expectMethod, s.route.Method) + } + + if s.route.Path != s.expectPath { + t.Fatalf("Expected path %q, got %q", s.expectPath, s.route.Path) + } + + if err := s.route.Action(nil); !errors.Is(err, testErr) { + t.Fatal("Expected test action") + } + }) + } +} + +func TestRouterGroupHasRoute(t *testing.T) { + t.Parallel() + + group := RouterGroup[*Event]{} + + group.Any("/any", nil) + + group.GET("/base", nil) + group.DELETE("/base", nil) + + sub := group.Group("/sub1") + sub.GET("/a", nil) + sub.POST("/a", nil) + + sub2 := sub.Group("/sub2") + sub2.GET("/b", nil) + sub2.GET("/b/{test}", nil) + + // special cases to test the normalizations + group.GET("/c/", nil) // the same as /c/{test...} + group.GET("/d/{test...}", nil) // the same as /d/ + + scenarios := []struct { + method string + path string + expected bool + }{ + { + http.MethodGet, + "", + false, + }, + { + "", + "/any", + true, + }, + { + http.MethodPost, + "/base", + false, + }, + { + http.MethodGet, + "/base", + true, + }, + { + http.MethodDelete, + "/base", + true, + }, + { + http.MethodGet, + "/sub1", + false, + }, + { + http.MethodGet, + "/sub1/a", + true, + }, + { + http.MethodPost, + "/sub1/a", + true, + }, + { + http.MethodDelete, + "/sub1/a", + false, + }, + { + http.MethodGet, + "/sub2/b", + false, + }, + { + http.MethodGet, + "/sub1/sub2/b", + true, + }, + { + http.MethodGet, + "/sub1/sub2/b/{test}", + true, + }, + { + http.MethodGet, + "/sub1/sub2/b/{test2}", + false, + }, + { + http.MethodGet, + "/c/{test...}", + true, + }, + { + http.MethodGet, + "/d/", + true, + }, + } + + for _, s := range scenarios { + t.Run(s.method+"_"+s.path, func(t *testing.T) { + has := group.HasRoute(s.method, s.path) + + if has != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, has) + } + }) + } +} diff --git a/tools/router/rereadable_read_closer.go b/tools/router/rereadable_read_closer.go new file mode 100644 index 0000000..0e5f5d8 --- /dev/null +++ b/tools/router/rereadable_read_closer.go @@ -0,0 +1,60 @@ +package router + +import ( + "bytes" + "io" +) + +var ( + _ io.ReadCloser = (*RereadableReadCloser)(nil) + _ Rereader = (*RereadableReadCloser)(nil) +) + +// Rereader defines an interface for rewindable readers. +type Rereader interface { + Reread() +} + +// RereadableReadCloser defines a wrapper around a io.ReadCloser reader +// allowing to read the original reader multiple times. +type RereadableReadCloser struct { + io.ReadCloser + + copy *bytes.Buffer + active io.Reader +} + +// Read implements the standard io.Reader interface. +// +// It reads up to len(b) bytes into b and at at the same time writes +// the read data into an internal bytes buffer. +// +// On EOF the r is "rewinded" to allow reading from r multiple times. +func (r *RereadableReadCloser) Read(b []byte) (int, error) { + if r.active == nil { + if r.copy == nil { + r.copy = &bytes.Buffer{} + } + r.active = io.TeeReader(r.ReadCloser, r.copy) + } + + n, err := r.active.Read(b) + if err == io.EOF { + r.Reread() + } + + return n, err +} + +// Reread satisfies the [Rereader] interface and resets the r internal state to allow rereads. +// +// note: not named Reset to avoid conflicts with other reader interfaces. +func (r *RereadableReadCloser) Reread() { + if r.copy == nil || r.copy.Len() == 0 { + return // nothing to reset or it has been already reset + } + + oldCopy := r.copy + r.copy = &bytes.Buffer{} + r.active = io.TeeReader(oldCopy, r.copy) +} diff --git a/tools/router/rereadable_read_closer_test.go b/tools/router/rereadable_read_closer_test.go new file mode 100644 index 0000000..2334ee6 --- /dev/null +++ b/tools/router/rereadable_read_closer_test.go @@ -0,0 +1,28 @@ +package router_test + +import ( + "io" + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/router" +) + +func TestRereadableReadCloser(t *testing.T) { + content := "test" + + rereadable := &router.RereadableReadCloser{ + ReadCloser: io.NopCloser(strings.NewReader(content)), + } + + // read multiple times + for i := 0; i < 3; i++ { + result, err := io.ReadAll(rereadable) + if err != nil { + t.Fatalf("[read:%d] %v", i, err) + } + if str := string(result); str != content { + t.Fatalf("[read:%d] Expected %q, got %q", i, content, result) + } + } +} diff --git a/tools/router/route.go b/tools/router/route.go new file mode 100644 index 0000000..351096d --- /dev/null +++ b/tools/router/route.go @@ -0,0 +1,73 @@ +package router + +import "github.com/pocketbase/pocketbase/tools/hook" + +type Route[T hook.Resolver] struct { + excludedMiddlewares map[string]struct{} + + Action func(e T) error + Method string + Path string + Middlewares []*hook.Handler[T] +} + +// BindFunc registers one or multiple middleware functions to the current route. +// +// The registered middleware functions are "anonymous" and with default priority, +// aka. executes in the order they were registered. +// +// If you need to specify a named middleware (ex. so that it can be removed) +// or middleware with custom exec prirority, use the [Route.Bind] method. +func (route *Route[T]) BindFunc(middlewareFuncs ...func(e T) error) *Route[T] { + for _, m := range middlewareFuncs { + route.Middlewares = append(route.Middlewares, &hook.Handler[T]{Func: m}) + } + + return route +} + +// Bind registers one or multiple middleware handlers to the current route. +func (route *Route[T]) Bind(middlewares ...*hook.Handler[T]) *Route[T] { + route.Middlewares = append(route.Middlewares, middlewares...) + + // unmark the newly added middlewares in case they were previously "excluded" + if route.excludedMiddlewares != nil { + for _, m := range middlewares { + if m.Id != "" { + delete(route.excludedMiddlewares, m.Id) + } + } + } + + return route +} + +// Unbind removes one or more middlewares with the specified id(s) from the current route. +// +// It also adds the removed middleware ids to an exclude list so that they could be skipped from +// the execution chain in case the middleware is registered in a parent group. +// +// Anonymous middlewares are considered non-removable, aka. this method +// does nothing if the middleware id is an empty string. +func (route *Route[T]) Unbind(middlewareIds ...string) *Route[T] { + for _, middlewareId := range middlewareIds { + if middlewareId == "" { + continue + } + + // remove from the route's middlewares + for i := len(route.Middlewares) - 1; i >= 0; i-- { + if route.Middlewares[i].Id == middlewareId { + route.Middlewares = append(route.Middlewares[:i], route.Middlewares[i+1:]...) + } + } + + // add to the exclude list + if route.excludedMiddlewares == nil { + route.excludedMiddlewares = map[string]struct{}{} + } + route.excludedMiddlewares[middlewareId] = struct{}{} + } + + return route +} diff --git a/tools/router/route_test.go b/tools/router/route_test.go new file mode 100644 index 0000000..ef6e541 --- /dev/null +++ b/tools/router/route_test.go @@ -0,0 +1,168 @@ +package router + +import ( + "slices" + "testing" + + "github.com/pocketbase/pocketbase/tools/hook" +) + +func TestRouteBindFunc(t *testing.T) { + t.Parallel() + + r := Route[*Event]{} + + calls := "" + + // append one function + r.BindFunc(func(e *Event) error { + calls += "a" + return nil + }) + + // append multiple functions + r.BindFunc( + func(e *Event) error { + calls += "b" + return nil + }, + func(e *Event) error { + calls += "c" + return nil + }, + ) + + if total := len(r.Middlewares); total != 3 { + t.Fatalf("Expected %d middlewares, got %v", 3, total) + } + + for _, h := range r.Middlewares { + _ = h.Func(nil) + } + + if calls != "abc" { + t.Fatalf("Expected calls sequence %q, got %q", "abc", calls) + } +} + +func TestRouteBind(t *testing.T) { + t.Parallel() + + r := Route[*Event]{ + // mock excluded middlewares to check whether the entry will be deleted + excludedMiddlewares: map[string]struct{}{"test2": {}}, + } + + calls := "" + + // append one handler + r.Bind(&hook.Handler[*Event]{ + Func: func(e *Event) error { + calls += "a" + return nil + }, + }) + + // append multiple handlers + r.Bind( + &hook.Handler[*Event]{ + Id: "test1", + Func: func(e *Event) error { + calls += "b" + return nil + }, + }, + &hook.Handler[*Event]{ + Id: "test2", + Func: func(e *Event) error { + calls += "c" + return nil + }, + }, + ) + + if total := len(r.Middlewares); total != 3 { + t.Fatalf("Expected %d middlewares, got %v", 3, total) + } + + for _, h := range r.Middlewares { + _ = h.Func(nil) + } + + if calls != "abc" { + t.Fatalf("Expected calls %q, got %q", "abc", calls) + } + + // ensures that the previously excluded middleware was removed + if len(r.excludedMiddlewares) != 0 { + t.Fatalf("Expected test2 to be removed from the excludedMiddlewares list, got %v", r.excludedMiddlewares) + } +} + +func TestRouteUnbind(t *testing.T) { + t.Parallel() + + r := Route[*Event]{} + + calls := "" + + // anonymous middlewares + r.Bind(&hook.Handler[*Event]{ + Func: func(e *Event) error { + calls += "a" + return nil // unused value + }, + }) + + // middlewares with id + r.Bind(&hook.Handler[*Event]{ + Id: "test1", + Func: func(e *Event) error { + calls += "b" + return nil // unused value + }, + }) + r.Bind(&hook.Handler[*Event]{ + Id: "test2", + Func: func(e *Event) error { + calls += "c" + return nil // unused value + }, + }) + r.Bind(&hook.Handler[*Event]{ + Id: "test3", + Func: func(e *Event) error { + calls += "d" + return nil // unused value + }, + }) + + // remove + r.Unbind("") // should be no-op + r.Unbind("test1", "test3") + + if total := len(r.Middlewares); total != 2 { + t.Fatalf("Expected %d middlewares, got %v", 2, total) + } + + for _, h := range r.Middlewares { + if err := h.Func(nil); err != nil { + continue + } + } + + if calls != "ac" { + t.Fatalf("Expected calls %q, got %q", "ac", calls) + } + + // ensure that the id was added in the exclude list + excluded := []string{"test1", "test3"} + if len(r.excludedMiddlewares) != len(excluded) { + t.Fatalf("Expected excludes %v, got %v", excluded, r.excludedMiddlewares) + } + for id := range r.excludedMiddlewares { + if !slices.Contains(excluded, id) { + t.Fatalf("Expected %q to be marked as excluded", id) + } + } +} diff --git a/tools/router/router.go b/tools/router/router.go new file mode 100644 index 0000000..d789ff5 --- /dev/null +++ b/tools/router/router.go @@ -0,0 +1,329 @@ +package router + +import ( + "bufio" + "encoding/json" + "errors" + "io" + "log" + "net" + "net/http" + + "github.com/pocketbase/pocketbase/tools/hook" +) + +type EventCleanupFunc func() + +// EventFactoryFunc defines the function responsible for creating a Route specific event +// based on the provided request handler ServeHTTP data. +// +// Optionally return a clean up function that will be invoked right after the route execution. +type EventFactoryFunc[T hook.Resolver] func(w http.ResponseWriter, r *http.Request) (T, EventCleanupFunc) + +// Router defines a thin wrapper around the standard Go [http.ServeMux] by +// adding support for routing sub-groups, middlewares and other common utils. +// +// Example: +// +// r := NewRouter[*MyEvent](eventFactory) +// +// // middlewares +// r.BindFunc(m1, m2) +// +// // routes +// r.GET("/test", handler1) +// +// // sub-routers/groups +// api := r.Group("/api") +// api.GET("/admins", handler2) +// +// // generate a http.ServeMux instance based on the router configurations +// mux, _ := r.BuildMux() +// +// http.ListenAndServe("localhost:8090", mux) +type Router[T hook.Resolver] struct { + // @todo consider renaming the type to just Group and replace the embed type + // with an alias after Go 1.24 adds support for generic type aliases + *RouterGroup[T] + + eventFactory EventFactoryFunc[T] +} + +// NewRouter creates a new Router instance with the provided event factory function. +func NewRouter[T hook.Resolver](eventFactory EventFactoryFunc[T]) *Router[T] { + return &Router[T]{ + RouterGroup: &RouterGroup[T]{}, + eventFactory: eventFactory, + } +} + +// BuildMux constructs a new mux [http.Handler] instance from the current router configurations. +func (r *Router[T]) BuildMux() (http.Handler, error) { + // Note that some of the default std Go handlers like the [http.NotFoundHandler] + // cannot be currently extended and requires defining a custom "catch-all" route + // so that the group middlewares could be executed. + // + // https://github.com/golang/go/issues/65648 + if !r.HasRoute("", "/") { + r.Route("", "/", func(e T) error { + return NewNotFoundError("", nil) + }) + } + + mux := http.NewServeMux() + + if err := r.loadMux(mux, r.RouterGroup, nil); err != nil { + return nil, err + } + + return mux, nil +} + +func (r *Router[T]) loadMux(mux *http.ServeMux, group *RouterGroup[T], parents []*RouterGroup[T]) error { + for _, child := range group.children { + switch v := child.(type) { + case *RouterGroup[T]: + if err := r.loadMux(mux, v, append(parents, group)); err != nil { + return err + } + case *Route[T]: + routeHook := &hook.Hook[T]{} + + var pattern string + + if v.Method != "" { + pattern = v.Method + " " + } + + // add parent groups middlewares + for _, p := range parents { + pattern += p.Prefix + for _, h := range p.Middlewares { + if _, ok := p.excludedMiddlewares[h.Id]; !ok { + if _, ok = group.excludedMiddlewares[h.Id]; !ok { + if _, ok = v.excludedMiddlewares[h.Id]; !ok { + routeHook.Bind(h) + } + } + } + } + } + + // add current groups middlewares + pattern += group.Prefix + for _, h := range group.Middlewares { + if _, ok := group.excludedMiddlewares[h.Id]; !ok { + if _, ok = v.excludedMiddlewares[h.Id]; !ok { + routeHook.Bind(h) + } + } + } + + // add current route middlewares + pattern += v.Path + for _, h := range v.Middlewares { + if _, ok := v.excludedMiddlewares[h.Id]; !ok { + routeHook.Bind(h) + } + } + + mux.HandleFunc(pattern, func(resp http.ResponseWriter, req *http.Request) { + // wrap the response to add write and status tracking + resp = &ResponseWriter{ResponseWriter: resp} + + // wrap the request body to allow multiple reads + req.Body = &RereadableReadCloser{ReadCloser: req.Body} + + event, cleanupFunc := r.eventFactory(resp, req) + + // trigger the handler hook chain + err := routeHook.Trigger(event, v.Action) + if err != nil { + ErrorHandler(resp, req, err) + } + + if cleanupFunc != nil { + cleanupFunc() + } + }) + default: + return errors.New("invalid Group item type") + } + } + + return nil +} + +func ErrorHandler(resp http.ResponseWriter, req *http.Request, err error) { + if err == nil { + return + } + + if ok, _ := getWritten(resp); ok { + return // a response was already written (aka. already handled) + } + + header := resp.Header() + if header.Get("Content-Type") == "" { + header.Set("Content-Type", "application/json") + } + + apiErr := ToApiError(err) + + resp.WriteHeader(apiErr.Status) + + if req.Method != http.MethodHead { + if jsonErr := json.NewEncoder(resp).Encode(apiErr); jsonErr != nil { + log.Println(jsonErr) // truly rare case, log to stderr only for dev purposes + } + } +} + +// ------------------------------------------------------------------- + +type WriteTracker interface { + // Written reports whether a write operation has occurred. + Written() bool +} + +type StatusTracker interface { + // Status reports the written response status code. + Status() int +} + +type flushErrorer interface { + FlushError() error +} + +var ( + _ WriteTracker = (*ResponseWriter)(nil) + _ StatusTracker = (*ResponseWriter)(nil) + _ http.Flusher = (*ResponseWriter)(nil) + _ http.Hijacker = (*ResponseWriter)(nil) + _ http.Pusher = (*ResponseWriter)(nil) + _ io.ReaderFrom = (*ResponseWriter)(nil) + _ flushErrorer = (*ResponseWriter)(nil) +) + +// ResponseWriter wraps a http.ResponseWriter to track its write state. +type ResponseWriter struct { + http.ResponseWriter + + written bool + status int +} + +func (rw *ResponseWriter) WriteHeader(status int) { + if rw.written { + return + } + + rw.written = true + rw.status = status + rw.ResponseWriter.WriteHeader(status) +} + +func (rw *ResponseWriter) Write(b []byte) (int, error) { + if !rw.written { + rw.WriteHeader(http.StatusOK) + } + + return rw.ResponseWriter.Write(b) +} + +// Written implements [WriteTracker] and returns whether the current response body has been already written. +func (rw *ResponseWriter) Written() bool { + return rw.written +} + +// Written implements [StatusTracker] and returns the written status code of the current response. +func (rw *ResponseWriter) Status() int { + return rw.status +} + +// Flush implements [http.Flusher] and allows an HTTP handler to flush buffered data to the client. +// This method is no-op if the wrapped writer doesn't support it. +func (rw *ResponseWriter) Flush() { + _ = rw.FlushError() +} + +// FlushError is similar to [Flush] but returns [http.ErrNotSupported] +// if the wrapped writer doesn't support it. +func (rw *ResponseWriter) FlushError() error { + err := http.NewResponseController(rw.ResponseWriter).Flush() + if err == nil || !errors.Is(err, http.ErrNotSupported) { + rw.written = true + } + return err +} + +// Hijack implements [http.Hijacker] and allows an HTTP handler to take over the current connection. +func (rw *ResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { + return http.NewResponseController(rw.ResponseWriter).Hijack() +} + +// Pusher implements [http.Pusher] to indicate HTTP/2 server push support. +func (rw *ResponseWriter) Push(target string, opts *http.PushOptions) error { + w := rw.ResponseWriter + for { + switch p := w.(type) { + case http.Pusher: + return p.Push(target, opts) + case RWUnwrapper: + w = p.Unwrap() + default: + return http.ErrNotSupported + } + } +} + +// ReaderFrom implements [io.ReaderFrom] by checking if the underlying writer supports it. +// Otherwise calls [io.Copy]. +func (rw *ResponseWriter) ReadFrom(r io.Reader) (n int64, err error) { + if !rw.written { + rw.WriteHeader(http.StatusOK) + } + + w := rw.ResponseWriter + for { + switch rf := w.(type) { + case io.ReaderFrom: + return rf.ReadFrom(r) + case RWUnwrapper: + w = rf.Unwrap() + default: + return io.Copy(rw.ResponseWriter, r) + } + } +} + +// Unwrap returns the underlying ResponseWritter instance (usually used by [http.ResponseController]). +func (rw *ResponseWriter) Unwrap() http.ResponseWriter { + return rw.ResponseWriter +} + +func getWritten(rw http.ResponseWriter) (bool, error) { + for { + switch w := rw.(type) { + case WriteTracker: + return w.Written(), nil + case RWUnwrapper: + rw = w.Unwrap() + default: + return false, http.ErrNotSupported + } + } +} + +func getStatus(rw http.ResponseWriter) (int, error) { + for { + switch w := rw.(type) { + case StatusTracker: + return w.Status(), nil + case RWUnwrapper: + rw = w.Unwrap() + default: + return 0, http.ErrNotSupported + } + } +} diff --git a/tools/router/router_test.go b/tools/router/router_test.go new file mode 100644 index 0000000..c71cb70 --- /dev/null +++ b/tools/router/router_test.go @@ -0,0 +1,253 @@ +package router_test + +import ( + "errors" + "net/http" + "net/http/httptest" + "testing" + + "github.com/pocketbase/pocketbase/tools/hook" + "github.com/pocketbase/pocketbase/tools/router" +) + +func TestRouter(t *testing.T) { + calls := "" + + r := router.NewRouter(func(w http.ResponseWriter, r *http.Request) (*router.Event, router.EventCleanupFunc) { + return &router.Event{ + Response: w, + Request: r, + }, + func() { + calls += ":cleanup" + } + }) + + r.BindFunc(func(e *router.Event) error { + calls += "root_m:" + + err := e.Next() + + if err != nil { + calls += "/error" + } + + return err + }) + + r.Any("/any", func(e *router.Event) error { + calls += "/any" + return nil + }) + + r.GET("/a", func(e *router.Event) error { + calls += "/a" + return nil + }) + + g1 := r.Group("/a/b").BindFunc(func(e *router.Event) error { + calls += "a_b_group_m:" + return e.Next() + }) + g1.GET("/1", func(e *router.Event) error { + calls += "/1_get" + return nil + }).BindFunc(func(e *router.Event) error { + calls += "1_get_m:" + return e.Next() + }) + g1.POST("/1", func(e *router.Event) error { + calls += "/1_post" + return nil + }) + g1.GET("/{param}", func(e *router.Event) error { + calls += "/" + e.Request.PathValue("param") + return errors.New("test") // should be normalized to an ApiError + }) + + mux, err := r.BuildMux() + if err != nil { + t.Fatal(err) + } + + ts := httptest.NewServer(mux) + defer ts.Close() + + client := ts.Client() + + scenarios := []struct { + method string + path string + calls string + }{ + {http.MethodGet, "/any", "root_m:/any:cleanup"}, + {http.MethodOptions, "/any", "root_m:/any:cleanup"}, + {http.MethodPatch, "/any", "root_m:/any:cleanup"}, + {http.MethodPut, "/any", "root_m:/any:cleanup"}, + {http.MethodPost, "/any", "root_m:/any:cleanup"}, + {http.MethodDelete, "/any", "root_m:/any:cleanup"}, + // --- + {http.MethodPost, "/a", "root_m:/error:cleanup"}, // missing + {http.MethodGet, "/a", "root_m:/a:cleanup"}, + {http.MethodHead, "/a", "root_m:/a:cleanup"}, // auto registered with the GET + {http.MethodGet, "/a/b/1", "root_m:a_b_group_m:1_get_m:/1_get:cleanup"}, + {http.MethodHead, "/a/b/1", "root_m:a_b_group_m:1_get_m:/1_get:cleanup"}, + {http.MethodPost, "/a/b/1", "root_m:a_b_group_m:/1_post:cleanup"}, + {http.MethodGet, "/a/b/456", "root_m:a_b_group_m:/456/error:cleanup"}, + } + + for _, s := range scenarios { + t.Run(s.method+"_"+s.path, func(t *testing.T) { + calls = "" // reset + + req, err := http.NewRequest(s.method, ts.URL+s.path, nil) + if err != nil { + t.Fatal(err) + } + + _, err = client.Do(req) + if err != nil { + t.Fatal(err) + } + + if calls != s.calls { + t.Fatalf("Expected calls\n%q\ngot\n%q", s.calls, calls) + } + }) + } +} + +func TestRouterUnbind(t *testing.T) { + calls := "" + + r := router.NewRouter(func(w http.ResponseWriter, r *http.Request) (*router.Event, router.EventCleanupFunc) { + return &router.Event{ + Response: w, + Request: r, + }, + func() { + calls += ":cleanup" + } + }) + r.Bind(&hook.Handler[*router.Event]{ + Id: "root_1", + Func: func(e *router.Event) error { + calls += "root_1:" + return e.Next() + }, + }) + r.Bind(&hook.Handler[*router.Event]{ + Id: "root_2", + Func: func(e *router.Event) error { + calls += "root_2:" + return e.Next() + }, + }) + r.Bind(&hook.Handler[*router.Event]{ + Id: "root_3", + Func: func(e *router.Event) error { + calls += "root_3:" + return e.Next() + }, + }) + r.GET("/action", func(e *router.Event) error { + calls += "root_action" + return nil + }).Unbind("root_1") + + ga := r.Group("/group_a") + ga.Unbind("root_1") + ga.Bind(&hook.Handler[*router.Event]{ + Id: "group_a_1", + Func: func(e *router.Event) error { + calls += "group_a_1:" + return e.Next() + }, + }) + ga.Bind(&hook.Handler[*router.Event]{ + Id: "group_a_2", + Func: func(e *router.Event) error { + calls += "group_a_2:" + return e.Next() + }, + }) + ga.Bind(&hook.Handler[*router.Event]{ + Id: "group_a_3", + Func: func(e *router.Event) error { + calls += "group_a_3:" + return e.Next() + }, + }) + ga.GET("/action", func(e *router.Event) error { + calls += "group_a_action" + return nil + }).Unbind("root_2", "group_b_1", "group_a_1") + + gb := r.Group("/group_b") + gb.Unbind("root_2") + gb.Bind(&hook.Handler[*router.Event]{ + Id: "group_b_1", + Func: func(e *router.Event) error { + calls += "group_b_1:" + return e.Next() + }, + }) + gb.Bind(&hook.Handler[*router.Event]{ + Id: "group_b_2", + Func: func(e *router.Event) error { + calls += "group_b_2:" + return e.Next() + }, + }) + gb.Bind(&hook.Handler[*router.Event]{ + Id: "group_b_3", + Func: func(e *router.Event) error { + calls += "group_b_3:" + return e.Next() + }, + }) + gb.GET("/action", func(e *router.Event) error { + calls += "group_b_action" + return nil + }).Unbind("group_b_3", "group_a_3", "root_3") + + mux, err := r.BuildMux() + if err != nil { + t.Fatal(err) + } + + ts := httptest.NewServer(mux) + defer ts.Close() + + client := ts.Client() + + scenarios := []struct { + method string + path string + calls string + }{ + {http.MethodGet, "/action", "root_2:root_3:root_action:cleanup"}, + {http.MethodGet, "/group_a/action", "root_3:group_a_2:group_a_3:group_a_action:cleanup"}, + {http.MethodGet, "/group_b/action", "root_1:group_b_1:group_b_2:group_b_action:cleanup"}, + } + + for _, s := range scenarios { + t.Run(s.method+"_"+s.path, func(t *testing.T) { + calls = "" // reset + + req, err := http.NewRequest(s.method, ts.URL+s.path, nil) + if err != nil { + t.Fatal(err) + } + + _, err = client.Do(req) + if err != nil { + t.Fatal(err) + } + + if calls != s.calls { + t.Fatalf("Expected calls\n%q\ngot\n%q", s.calls, calls) + } + }) + } +} diff --git a/tools/router/unmarshal_request_data.go b/tools/router/unmarshal_request_data.go new file mode 100644 index 0000000..0d87715 --- /dev/null +++ b/tools/router/unmarshal_request_data.go @@ -0,0 +1,338 @@ +package router + +import ( + "encoding" + "encoding/json" + "errors" + "reflect" + "regexp" + "strconv" +) + +var textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem() + +// JSONPayloadKey is the key for the special UnmarshalRequestData case +// used for reading serialized json payload without normalization. +const JSONPayloadKey string = "@jsonPayload" + +// UnmarshalRequestData unmarshals url.Values type of data (query, multipart/form-data, etc.) into dst. +// +// dst must be a pointer to a map[string]any or struct. +// +// If dst is a map[string]any, each data value will be inferred and +// converted to its bool, numeric, or string equivalent value +// (refer to inferValue() for the exact rules). +// +// If dst is a struct, the following field types are supported: +// - bool +// - string +// - int, int8, int16, int32, int64 +// - uint, uint8, uint16, uint32, uint64 +// - float32, float64 +// - serialized json string if submitted under the special "@jsonPayload" key +// - encoding.TextUnmarshaler +// - pointer and slice variations of the above primitives (ex. *string, []string, *[]string []*string, etc.) +// - named/anonymous struct fields +// Dot-notation is used to target nested fields, ex. "nestedStructField.title". +// - embedded struct fields +// The embedded struct fields are treated by default as if they were defined in their parent struct. +// If the embedded struct has a tag matching structTagKey then to set its fields the data keys must be prefixed with that tag +// similar to the regular nested struct fields. +// +// structTagKey and structPrefix are used only when dst is a struct. +// +// structTagKey represents the tag to use to match a data entry with a struct field (defaults to "form"). +// If the struct field doesn't have the structTagKey tag, then the exported struct field name will be used as it is. +// +// structPrefix could be provided if all of the data keys are prefixed with a common string +// and you want the struct field to match only the value without the structPrefix +// (ex. for "user.name", "user.email" data keys and structPrefix "user", it will match "name" and "email" struct fields). +// +// Note that while the method was inspired by binders from echo, gorrila/schema, ozzo-routing +// and other similar common routing packages, it is not intended to be a drop-in replacement. +// +// @todo Consider adding support for dot-notation keys, in addition to the prefix, (ex. parent.child.title) to express nested object keys. +func UnmarshalRequestData(data map[string][]string, dst any, structTagKey string, structPrefix string) error { + if len(data) == 0 { + return nil // nothing to unmarshal + } + + dstValue := reflect.ValueOf(dst) + if dstValue.Kind() != reflect.Pointer { + return errors.New("dst must be a pointer") + } + + dstValue = dereference(dstValue) + + dstType := dstValue.Type() + + switch dstType.Kind() { + case reflect.Map: // map[string]any + if dstType.Elem().Kind() != reflect.Interface { + return errors.New("dst map value type must be any/interface{}") + } + + for k, v := range data { + if k == JSONPayloadKey { + continue // unmarshaled separately + } + + total := len(v) + + if total == 1 { + dstValue.SetMapIndex(reflect.ValueOf(k), reflect.ValueOf(inferValue(v[0]))) + } else { + normalized := make([]any, total) + for i, vItem := range v { + normalized[i] = inferValue(vItem) + } + dstValue.SetMapIndex(reflect.ValueOf(k), reflect.ValueOf(normalized)) + } + } + case reflect.Struct: + // set a default tag key + if structTagKey == "" { + structTagKey = "form" + } + + err := unmarshalInStructValue(data, dstValue, structTagKey, structPrefix) + if err != nil { + return err + } + default: + return errors.New("dst must be a map[string]any or struct") + } + + // @jsonPayload + // + // Special case to scan serialized json string without + // normalization alongside the other data values + // --------------------------------------------------------------- + jsonPayloadValues := data[JSONPayloadKey] + for _, payload := range jsonPayloadValues { + if err := json.Unmarshal([]byte(payload), dst); err != nil { + return err + } + } + + return nil +} + +// unmarshalInStructValue unmarshals data into the provided struct reflect.Value fields. +func unmarshalInStructValue( + data map[string][]string, + dstStructValue reflect.Value, + structTagKey string, + structPrefix string, +) error { + dstStructType := dstStructValue.Type() + + for i := 0; i < dstStructValue.NumField(); i++ { + fieldType := dstStructType.Field(i) + + tag := fieldType.Tag.Get(structTagKey) + + if tag == "-" || (!fieldType.Anonymous && !fieldType.IsExported()) { + continue // disabled or unexported non-anonymous struct field + } + + fieldValue := dereference(dstStructValue.Field(i)) + + ft := fieldType.Type + if ft.Kind() == reflect.Ptr { + ft = ft.Elem() + } + + isSlice := ft.Kind() == reflect.Slice + if isSlice { + ft = ft.Elem() + } + + name := tag + if name == "" && !fieldType.Anonymous { + name = fieldType.Name + } + if name != "" && structPrefix != "" { + name = structPrefix + "." + name + } + + // (*)encoding.TextUnmarshaler field + // --- + if ft.Implements(textUnmarshalerType) || reflect.PointerTo(ft).Implements(textUnmarshalerType) { + values, ok := data[name] + if !ok || len(values) == 0 || !fieldValue.CanSet() { + continue // no value to load or the field cannot be set + } + + if isSlice { + n := len(values) + slice := reflect.MakeSlice(fieldValue.Type(), n, n) + for i, v := range values { + unmarshaler, ok := dereference(slice.Index(i)).Addr().Interface().(encoding.TextUnmarshaler) + if ok { + if err := unmarshaler.UnmarshalText([]byte(v)); err != nil { + return err + } + } + } + fieldValue.Set(slice) + } else { + unmarshaler, ok := fieldValue.Addr().Interface().(encoding.TextUnmarshaler) + if ok { + if err := unmarshaler.UnmarshalText([]byte(values[0])); err != nil { + return err + } + } + } + continue + } + + // "regular" field + // --- + if ft.Kind() != reflect.Struct { + values, ok := data[name] + if !ok || len(values) == 0 || !fieldValue.CanSet() { + continue // no value to load + } + + if isSlice { + n := len(values) + slice := reflect.MakeSlice(fieldValue.Type(), n, n) + for i, v := range values { + if err := setRegularReflectedValue(dereference(slice.Index(i)), v); err != nil { + return err + } + } + fieldValue.Set(slice) + } else { + if err := setRegularReflectedValue(fieldValue, values[0]); err != nil { + return err + } + } + continue + } + + // structs (embedded or nested) + // --- + // slice of structs + if isSlice { + // populating slice of structs is not supported at the moment + // because the filling rules are ambiguous + continue + } + + if tag != "" { + structPrefix = tag + } else { + structPrefix = name // name is empty for anonymous structs -> no prefix + } + + if err := unmarshalInStructValue(data, fieldValue, structTagKey, structPrefix); err != nil { + return err + } + } + + return nil +} + +// dereference returns the underlying value v points to. +func dereference(v reflect.Value) reflect.Value { + for v.Kind() == reflect.Ptr { + if v.IsNil() { + // initialize with a new value and continue searching + v.Set(reflect.New(v.Type().Elem())) + } + v = v.Elem() + } + return v +} + +// setRegularReflectedValue sets and casts value into rv. +func setRegularReflectedValue(rv reflect.Value, value string) error { + switch rv.Kind() { + case reflect.String: + rv.SetString(value) + case reflect.Bool: + if value == "" { + value = "f" + } + + v, err := strconv.ParseBool(value) + if err != nil { + return err + } + + rv.SetBool(v) + case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: + if value == "" { + value = "0" + } + + v, err := strconv.ParseInt(value, 0, 64) + if err != nil { + return err + } + + rv.SetInt(v) + case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint: + if value == "" { + value = "0" + } + + v, err := strconv.ParseUint(value, 0, 64) + if err != nil { + return err + } + + rv.SetUint(v) + case reflect.Float32, reflect.Float64: + if value == "" { + value = "0" + } + + v, err := strconv.ParseFloat(value, 64) + if err != nil { + return err + } + + rv.SetFloat(v) + default: + return errors.New("unknown value type " + rv.Kind().String()) + } + + return nil +} + +var inferNumberCharsRegex = regexp.MustCompile(`^[\-\.\d]+$`) + +// In order to support more seamlessly both json and multipart/form-data requests, +// the following normalization rules are applied for plain multipart string values: +// - "true" is converted to the json "true" +// - "false" is converted to the json "false" +// - numeric strings are converted to json number ONLY if the resulted +// minimal number string representation is the same as the provided raw string +// (aka. scientific notations, "Infinity", "0.0", "0001", etc. are kept as string) +// - any other string (empty string too) is left as it is +func inferValue(raw string) any { + switch raw { + case "": + return raw + case "true": + return true + case "false": + return false + default: + // try to convert to number + // + // note: expects the provided raw string to match exactly with the minimal string representation of the parsed float + if (raw[0] == '-' || (raw[0] >= '0' && raw[0] <= '9')) && + inferNumberCharsRegex.Match([]byte(raw)) { + v, err := strconv.ParseFloat(raw, 64) + if err == nil && strconv.FormatFloat(v, 'f', -1, 64) == raw { + return v + } + } + + return raw + } +} diff --git a/tools/router/unmarshal_request_data_test.go b/tools/router/unmarshal_request_data_test.go new file mode 100644 index 0000000..047aa86 --- /dev/null +++ b/tools/router/unmarshal_request_data_test.go @@ -0,0 +1,471 @@ +package router_test + +import ( + "bytes" + "encoding/json" + "testing" + "time" + + "github.com/pocketbase/pocketbase/tools/router" +) + +func pointer[T any](val T) *T { + return &val +} + +func TestUnmarshalRequestData(t *testing.T) { + t.Parallel() + + mapData := map[string][]string{ + "number1": {"1"}, + "number2": {"2", "3"}, + "number3": {"2.1", "-3.4"}, + "number4": {"0", "-0", "0.0001"}, + "string0": {""}, + "string1": {"a"}, + "string2": {"b", "c"}, + "string3": { + "0.0", + "-0.0", + "000.1", + "000001", + "-000001", + "1.6E-35", + "-1.6E-35", + "10e100", + "1_000_000", + "1.000.000", + " 123 ", + "0b1", + "0xFF", + "1234A", + "Infinity", + "-Infinity", + "undefined", + "null", + }, + "bool1": {"true"}, + "bool2": {"true", "false"}, + "mixed": {"true", "123", "test"}, + "@jsonPayload": {`{"json_a":null,"json_b":123}`, `{"json_c":[1,2,3]}`}, + } + + structData := map[string][]string{ + "stringTag": {"a", "b"}, + "StringPtr": {"b"}, + "StringSlice": {"a", "b", "c", ""}, + "stringSlicePtrTag": {"d", "e"}, + "StringSliceOfPtr": {"f", "g"}, + + "boolTag": {"true"}, + "BoolPtr": {"true"}, + "BoolSlice": {"true", "false", ""}, + "boolSlicePtrTag": {"false", "false", "true"}, + "BoolSliceOfPtr": {"false", "true", "false"}, + + "int8Tag": {"-1", "2"}, + "Int8Ptr": {"3"}, + "Int8Slice": {"4", "5", ""}, + "int8SlicePtrTag": {"5", "6"}, + "Int8SliceOfPtr": {"7", "8"}, + + "int16Tag": {"-1", "2"}, + "Int16Ptr": {"3"}, + "Int16Slice": {"4", "5", ""}, + "int16SlicePtrTag": {"5", "6"}, + "Int16SliceOfPtr": {"7", "8"}, + + "int32Tag": {"-1", "2"}, + "Int32Ptr": {"3"}, + "Int32Slice": {"4", "5", ""}, + "int32SlicePtrTag": {"5", "6"}, + "Int32SliceOfPtr": {"7", "8"}, + + "int64Tag": {"-1", "2"}, + "Int64Ptr": {"3"}, + "Int64Slice": {"4", "5", ""}, + "int64SlicePtrTag": {"5", "6"}, + "Int64SliceOfPtr": {"7", "8"}, + + "intTag": {"-1", "2"}, + "IntPtr": {"3"}, + "IntSlice": {"4", "5", ""}, + "intSlicePtrTag": {"5", "6"}, + "IntSliceOfPtr": {"7", "8"}, + + "uint8Tag": {"1", "2"}, + "Uint8Ptr": {"3"}, + "Uint8Slice": {"4", "5", ""}, + "uint8SlicePtrTag": {"5", "6"}, + "Uint8SliceOfPtr": {"7", "8"}, + + "uint16Tag": {"1", "2"}, + "Uint16Ptr": {"3"}, + "Uint16Slice": {"4", "5", ""}, + "uint16SlicePtrTag": {"5", "6"}, + "Uint16SliceOfPtr": {"7", "8"}, + + "uint32Tag": {"1", "2"}, + "Uint32Ptr": {"3"}, + "Uint32Slice": {"4", "5", ""}, + "uint32SlicePtrTag": {"5", "6"}, + "Uint32SliceOfPtr": {"7", "8"}, + + "uint64Tag": {"1", "2"}, + "Uint64Ptr": {"3"}, + "Uint64Slice": {"4", "5", ""}, + "uint64SlicePtrTag": {"5", "6"}, + "Uint64SliceOfPtr": {"7", "8"}, + + "uintTag": {"1", "2"}, + "UintPtr": {"3"}, + "UintSlice": {"4", "5", ""}, + "uintSlicePtrTag": {"5", "6"}, + "UintSliceOfPtr": {"7", "8"}, + + "float32Tag": {"-1.2"}, + "Float32Ptr": {"1.5", "2.0"}, + "Float32Slice": {"1", "2.3", "-0.3", ""}, + "float32SlicePtrTag": {"-1.3", "3"}, + "Float32SliceOfPtr": {"0", "1.2"}, + + "float64Tag": {"-1.2"}, + "Float64Ptr": {"1.5", "2.0"}, + "Float64Slice": {"1", "2.3", "-0.3", ""}, + "float64SlicePtrTag": {"-1.3", "3"}, + "Float64SliceOfPtr": {"0", "1.2"}, + + "timeTag": {"2009-11-10T15:00:00Z"}, + "TimePtr": {"2009-11-10T14:00:00Z", "2009-11-10T15:00:00Z"}, + "TimeSlice": {"2009-11-10T14:00:00Z", "2009-11-10T15:00:00Z"}, + "timeSlicePtrTag": {"2009-11-10T15:00:00Z", "2009-11-10T16:00:00Z"}, + "TimeSliceOfPtr": {"2009-11-10T17:00:00Z", "2009-11-10T18:00:00Z"}, + + // @jsonPayload fields + "@jsonPayload": { + `{"payloadA":"test", "shouldBeIgnored": "abc"}`, + `{"payloadB":[1,2,3], "payloadC":true}`, + }, + + // unexported fields or `-` tags + "unexperted": {"test"}, + "SkipExported": {"test"}, + "unexportedStructFieldWithoutTag.Name": {"test"}, + "unexportedStruct.Name": {"test"}, + + // structs + "StructWithoutTag.Name": {"test1"}, + "exportedStruct.Name": {"test2"}, + + // embedded + "embed_name": {"test3"}, + "embed2.embed_name2": {"test4"}, + } + + type embed1 struct { + Name string `form:"embed_name" json:"embed_name"` + } + + type embed2 struct { + Name string `form:"embed_name2" json:"embed_name2"` + } + + //nolint + type TestStruct struct { + String string `form:"stringTag" query:"stringTag2"` + StringPtr *string + StringSlice []string + StringSlicePtr *[]string `form:"stringSlicePtrTag"` + StringSliceOfPtr []*string + + Bool bool `form:"boolTag" query:"boolTag2"` + BoolPtr *bool + BoolSlice []bool + BoolSlicePtr *[]bool `form:"boolSlicePtrTag"` + BoolSliceOfPtr []*bool + + Int8 int8 `form:"int8Tag" query:"int8Tag2"` + Int8Ptr *int8 + Int8Slice []int8 + Int8SlicePtr *[]int8 `form:"int8SlicePtrTag"` + Int8SliceOfPtr []*int8 + + Int16 int16 `form:"int16Tag" query:"int16Tag2"` + Int16Ptr *int16 + Int16Slice []int16 + Int16SlicePtr *[]int16 `form:"int16SlicePtrTag"` + Int16SliceOfPtr []*int16 + + Int32 int32 `form:"int32Tag" query:"int32Tag2"` + Int32Ptr *int32 + Int32Slice []int32 + Int32SlicePtr *[]int32 `form:"int32SlicePtrTag"` + Int32SliceOfPtr []*int32 + + Int64 int64 `form:"int64Tag" query:"int64Tag2"` + Int64Ptr *int64 + Int64Slice []int64 + Int64SlicePtr *[]int64 `form:"int64SlicePtrTag"` + Int64SliceOfPtr []*int64 + + Int int `form:"intTag" query:"intTag2"` + IntPtr *int + IntSlice []int + IntSlicePtr *[]int `form:"intSlicePtrTag"` + IntSliceOfPtr []*int + + Uint8 uint8 `form:"uint8Tag" query:"uint8Tag2"` + Uint8Ptr *uint8 + Uint8Slice []uint8 + Uint8SlicePtr *[]uint8 `form:"uint8SlicePtrTag"` + Uint8SliceOfPtr []*uint8 + + Uint16 uint16 `form:"uint16Tag" query:"uint16Tag2"` + Uint16Ptr *uint16 + Uint16Slice []uint16 + Uint16SlicePtr *[]uint16 `form:"uint16SlicePtrTag"` + Uint16SliceOfPtr []*uint16 + + Uint32 uint32 `form:"uint32Tag" query:"uint32Tag2"` + Uint32Ptr *uint32 + Uint32Slice []uint32 + Uint32SlicePtr *[]uint32 `form:"uint32SlicePtrTag"` + Uint32SliceOfPtr []*uint32 + + Uint64 uint64 `form:"uint64Tag" query:"uint64Tag2"` + Uint64Ptr *uint64 + Uint64Slice []uint64 + Uint64SlicePtr *[]uint64 `form:"uint64SlicePtrTag"` + Uint64SliceOfPtr []*uint64 + + Uint uint `form:"uintTag" query:"uintTag2"` + UintPtr *uint + UintSlice []uint + UintSlicePtr *[]uint `form:"uintSlicePtrTag"` + UintSliceOfPtr []*uint + + Float32 float32 `form:"float32Tag" query:"float32Tag2"` + Float32Ptr *float32 + Float32Slice []float32 + Float32SlicePtr *[]float32 `form:"float32SlicePtrTag"` + Float32SliceOfPtr []*float32 + + Float64 float64 `form:"float64Tag" query:"float64Tag2"` + Float64Ptr *float64 + Float64Slice []float64 + Float64SlicePtr *[]float64 `form:"float64SlicePtrTag"` + Float64SliceOfPtr []*float64 + + // encoding.TextUnmarshaler + Time time.Time `form:"timeTag" query:"timeTag2"` + TimePtr *time.Time + TimeSlice []time.Time + TimeSlicePtr *[]time.Time `form:"timeSlicePtrTag"` + TimeSliceOfPtr []*time.Time + + // @jsonPayload fields + JSONPayloadA string `form:"shouldBeIgnored" json:"payloadA"` + JSONPayloadB []int `json:"payloadB"` + JSONPayloadC bool `json:"-"` + + // unexported fields or `-` tags + unexported string + SkipExported string `form:"-"` + unexportedStructFieldWithoutTag struct { + Name string `json:"unexportedStructFieldWithoutTag_name"` + } + unexportedStructFieldWithTag struct { + Name string `json:"unexportedStructFieldWithTag_name"` + } `form:"unexportedStruct"` + + // structs + StructWithoutTag struct { + Name string `json:"StructWithoutTag_name"` + } + StructWithTag struct { + Name string `json:"StructWithTag_name"` + } `form:"exportedStruct"` + + // embedded + embed1 + embed2 `form:"embed2"` + } + + scenarios := []struct { + name string + data map[string][]string + dst any + tag string + prefix string + error bool + result string + }{ + { + name: "nil data", + data: nil, + dst: pointer(map[string]any{}), + error: false, + result: `{}`, + }, + { + name: "non-pointer map[string]any", + data: mapData, + dst: map[string]any{}, + error: true, + }, + { + name: "unsupported *map[string]string", + data: mapData, + dst: pointer(map[string]string{}), + error: true, + }, + { + name: "unsupported *map[string][]string", + data: mapData, + dst: pointer(map[string][]string{}), + error: true, + }, + { + name: "*map[string]any", + data: mapData, + dst: pointer(map[string]any{}), + result: `{"bool1":true,"bool2":[true,false],"json_a":null,"json_b":123,"json_c":[1,2,3],"mixed":[true,123,"test"],"number1":1,"number2":[2,3],"number3":[2.1,-3.4],"number4":[0,-0,0.0001],"string0":"","string1":"a","string2":["b","c"],"string3":["0.0","-0.0","000.1","000001","-000001","1.6E-35","-1.6E-35","10e100","1_000_000","1.000.000"," 123 ","0b1","0xFF","1234A","Infinity","-Infinity","undefined","null"]}`, + }, + { + name: "valid pointer struct (all fields)", + data: structData, + dst: &TestStruct{}, + result: `{"String":"a","StringPtr":"b","StringSlice":["a","b","c",""],"StringSlicePtr":["d","e"],"StringSliceOfPtr":["f","g"],"Bool":true,"BoolPtr":true,"BoolSlice":[true,false,false],"BoolSlicePtr":[false,false,true],"BoolSliceOfPtr":[false,true,false],"Int8":-1,"Int8Ptr":3,"Int8Slice":[4,5,0],"Int8SlicePtr":[5,6],"Int8SliceOfPtr":[7,8],"Int16":-1,"Int16Ptr":3,"Int16Slice":[4,5,0],"Int16SlicePtr":[5,6],"Int16SliceOfPtr":[7,8],"Int32":-1,"Int32Ptr":3,"Int32Slice":[4,5,0],"Int32SlicePtr":[5,6],"Int32SliceOfPtr":[7,8],"Int64":-1,"Int64Ptr":3,"Int64Slice":[4,5,0],"Int64SlicePtr":[5,6],"Int64SliceOfPtr":[7,8],"Int":-1,"IntPtr":3,"IntSlice":[4,5,0],"IntSlicePtr":[5,6],"IntSliceOfPtr":[7,8],"Uint8":1,"Uint8Ptr":3,"Uint8Slice":"BAUA","Uint8SlicePtr":"BQY=","Uint8SliceOfPtr":[7,8],"Uint16":1,"Uint16Ptr":3,"Uint16Slice":[4,5,0],"Uint16SlicePtr":[5,6],"Uint16SliceOfPtr":[7,8],"Uint32":1,"Uint32Ptr":3,"Uint32Slice":[4,5,0],"Uint32SlicePtr":[5,6],"Uint32SliceOfPtr":[7,8],"Uint64":1,"Uint64Ptr":3,"Uint64Slice":[4,5,0],"Uint64SlicePtr":[5,6],"Uint64SliceOfPtr":[7,8],"Uint":1,"UintPtr":3,"UintSlice":[4,5,0],"UintSlicePtr":[5,6],"UintSliceOfPtr":[7,8],"Float32":-1.2,"Float32Ptr":1.5,"Float32Slice":[1,2.3,-0.3,0],"Float32SlicePtr":[-1.3,3],"Float32SliceOfPtr":[0,1.2],"Float64":-1.2,"Float64Ptr":1.5,"Float64Slice":[1,2.3,-0.3,0],"Float64SlicePtr":[-1.3,3],"Float64SliceOfPtr":[0,1.2],"Time":"2009-11-10T15:00:00Z","TimePtr":"2009-11-10T14:00:00Z","TimeSlice":["2009-11-10T14:00:00Z","2009-11-10T15:00:00Z"],"TimeSlicePtr":["2009-11-10T15:00:00Z","2009-11-10T16:00:00Z"],"TimeSliceOfPtr":["2009-11-10T17:00:00Z","2009-11-10T18:00:00Z"],"payloadA":"test","payloadB":[1,2,3],"SkipExported":"","StructWithoutTag":{"StructWithoutTag_name":"test1"},"StructWithTag":{"StructWithTag_name":"test2"},"embed_name":"test3","embed_name2":"test4"}`, + }, + { + name: "non-pointer struct", + data: structData, + dst: TestStruct{}, + error: true, + }, + { + name: "invalid struct uint value", + data: map[string][]string{"uintTag": {"-1"}}, + dst: &TestStruct{}, + error: true, + }, + { + name: "invalid struct int value", + data: map[string][]string{"intTag": {"abc"}}, + dst: &TestStruct{}, + error: true, + }, + { + name: "invalid struct bool value", + data: map[string][]string{"boolTag": {"abc"}}, + dst: &TestStruct{}, + error: true, + }, + { + name: "invalid struct float value", + data: map[string][]string{"float64Tag": {"abc"}}, + dst: &TestStruct{}, + error: true, + }, + { + name: "invalid struct TextUnmarshaler value", + data: map[string][]string{"timeTag": {"123"}}, + dst: &TestStruct{}, + error: true, + }, + { + name: "custom tagKey", + data: map[string][]string{ + "tag1": {"a"}, + "tag2": {"b"}, + "tag3": {"c"}, + "Item": {"d"}, + }, + dst: &struct { + Item string `form:"tag1" query:"tag2" json:"tag2"` + }{}, + tag: "query", + result: `{"tag2":"b"}`, + }, + { + name: "custom prefix", + data: map[string][]string{ + "test.A": {"1"}, + "A": {"2"}, + "test.alias": {"3"}, + }, + dst: &struct { + A string + B string `form:"alias"` + }{}, + prefix: "test", + result: `{"A":"1","B":"3"}`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + err := router.UnmarshalRequestData(s.data, s.dst, s.tag, s.prefix) + + hasErr := err != nil + if hasErr != s.error { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.error, hasErr, err) + } + + if hasErr { + return + } + + raw, err := json.Marshal(s.dst) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(raw, []byte(s.result)) { + t.Fatalf("Expected dst \n%s\ngot\n%s", s.result, raw) + } + }) + } +} + +// note: extra unexported checks in addition to the above test as there +// is no easy way to print nested structs with all their fields. +func TestUnmarshalRequestDataUnexportedFields(t *testing.T) { + t.Parallel() + + //nolint:all + type TestStruct struct { + Exported string + + unexported string + // to ensure that the reflection doesn't take tags with higher priority than the exported state + unexportedWithTag string `form:"unexportedWithTag" json:"unexportedWithTag"` + } + + dst := &TestStruct{} + + err := router.UnmarshalRequestData(map[string][]string{ + "Exported": {"test"}, // just for reference + + "Unexported": {"test"}, + "unexported": {"test"}, + "UnexportedWithTag": {"test"}, + "unexportedWithTag": {"test"}, + }, dst, "", "") + + if err != nil { + t.Fatal(err) + } + + if dst.Exported != "test" { + t.Fatalf("Expected the Exported field to be %q, got %q", "test", dst.Exported) + } + + if dst.unexported != "" { + t.Fatalf("Expected the unexported field to remain empty, got %q", dst.unexported) + } + + if dst.unexportedWithTag != "" { + t.Fatalf("Expected the unexportedWithTag field to remain empty, got %q", dst.unexportedWithTag) + } +} diff --git a/tools/routine/routine.go b/tools/routine/routine.go new file mode 100644 index 0000000..afddd30 --- /dev/null +++ b/tools/routine/routine.go @@ -0,0 +1,32 @@ +package routine + +import ( + "log" + "runtime/debug" + "sync" +) + +// FireAndForget executes f() in a new go routine and auto recovers if panic. +// +// **Note:** Use this only if you are not interested in the result of f() +// and don't want to block the parent go routine. +func FireAndForget(f func(), wg ...*sync.WaitGroup) { + if len(wg) > 0 && wg[0] != nil { + wg[0].Add(1) + } + + go func() { + if len(wg) > 0 && wg[0] != nil { + defer wg[0].Done() + } + + defer func() { + if err := recover(); err != nil { + log.Printf("RECOVERED FROM PANIC (safe to ignore): %v", err) + log.Println(string(debug.Stack())) + } + }() + + f() + }() +} diff --git a/tools/routine/routine_test.go b/tools/routine/routine_test.go new file mode 100644 index 0000000..dcb6ace --- /dev/null +++ b/tools/routine/routine_test.go @@ -0,0 +1,27 @@ +package routine_test + +import ( + "sync" + "testing" + + "github.com/pocketbase/pocketbase/tools/routine" +) + +func TestFireAndForget(t *testing.T) { + called := false + + fn := func() { + called = true + panic("test") + } + + wg := &sync.WaitGroup{} + + routine.FireAndForget(fn, wg) + + wg.Wait() + + if !called { + t.Error("Expected fn to be called.") + } +} diff --git a/tools/search/filter.go b/tools/search/filter.go new file mode 100644 index 0000000..1e953a6 --- /dev/null +++ b/tools/search/filter.go @@ -0,0 +1,718 @@ +package search + +import ( + "encoding/json" + "errors" + "fmt" + "strconv" + "strings" + + "github.com/ganigeorgiev/fexpr" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/pocketbase/pocketbase/tools/store" + "github.com/spf13/cast" +) + +// FilterData is a filter expression string following the `fexpr` package grammar. +// +// The filter string can also contain dbx placeholder parameters (eg. "title = {:name}"), +// that will be safely replaced and properly quoted inplace with the placeholderReplacements values. +// +// Example: +// +// var filter FilterData = "id = null || (name = 'test' && status = true) || (total >= {:min} && total <= {:max})" +// resolver := search.NewSimpleFieldResolver("id", "name", "status") +// expr, err := filter.BuildExpr(resolver, dbx.Params{"min": 100, "max": 200}) +type FilterData string + +// parsedFilterData holds a cache with previously parsed filter data expressions +// (initialized with some preallocated empty data map) +var parsedFilterData = store.New(make(map[string][]fexpr.ExprGroup, 50)) + +// BuildExpr parses the current filter data and returns a new db WHERE expression. +// +// The filter string can also contain dbx placeholder parameters (eg. "title = {:name}"), +// that will be safely replaced and properly quoted inplace with the placeholderReplacements values. +// +// The parsed expressions are limited up to DefaultFilterExprLimit. +// Use [FilterData.BuildExprWithLimit] if you want to set a custom limit. +func (f FilterData) BuildExpr( + fieldResolver FieldResolver, + placeholderReplacements ...dbx.Params, +) (dbx.Expression, error) { + return f.BuildExprWithLimit(fieldResolver, DefaultFilterExprLimit, placeholderReplacements...) +} + +// BuildExpr parses the current filter data and returns a new db WHERE expression. +// +// The filter string can also contain dbx placeholder parameters (eg. "title = {:name}"), +// that will be safely replaced and properly quoted inplace with the placeholderReplacements values. +func (f FilterData) BuildExprWithLimit( + fieldResolver FieldResolver, + maxExpressions int, + placeholderReplacements ...dbx.Params, +) (dbx.Expression, error) { + raw := string(f) + + // replace the placeholder params in the raw string filter + for _, p := range placeholderReplacements { + for key, value := range p { + var replacement string + switch v := value.(type) { + case nil: + replacement = "null" + case bool, float64, float32, int, int64, int32, int16, int8, uint, uint64, uint32, uint16, uint8: + replacement = cast.ToString(v) + default: + replacement = cast.ToString(v) + + // try to json serialize as fallback + if replacement == "" { + raw, _ := json.Marshal(v) + replacement = string(raw) + } + + replacement = strconv.Quote(replacement) + } + raw = strings.ReplaceAll(raw, "{:"+key+"}", replacement) + } + } + + cacheKey := raw + "/" + strconv.Itoa(maxExpressions) + + if data, ok := parsedFilterData.GetOk(cacheKey); ok { + return buildParsedFilterExpr(data, fieldResolver, &maxExpressions) + } + + data, err := fexpr.Parse(raw) + if err != nil { + // depending on the users demand we may allow empty expressions + // (aka. expressions consisting only of whitespaces or comments) + // but for now disallow them as it seems unnecessary + // if errors.Is(err, fexpr.ErrEmpty) { + // return dbx.NewExp("1=1"), nil + // } + + return nil, err + } + + // store in cache + // (the limit size is arbitrary and it is there to prevent the cache growing too big) + parsedFilterData.SetIfLessThanLimit(cacheKey, data, 500) + + return buildParsedFilterExpr(data, fieldResolver, &maxExpressions) +} + +func buildParsedFilterExpr(data []fexpr.ExprGroup, fieldResolver FieldResolver, maxExpressions *int) (dbx.Expression, error) { + if len(data) == 0 { + return nil, fexpr.ErrEmpty + } + + result := &concatExpr{separator: " "} + + for _, group := range data { + var expr dbx.Expression + var exprErr error + + switch item := group.Item.(type) { + case fexpr.Expr: + if *maxExpressions <= 0 { + return nil, ErrFilterExprLimit + } + + *maxExpressions-- + + expr, exprErr = resolveTokenizedExpr(item, fieldResolver) + case fexpr.ExprGroup: + expr, exprErr = buildParsedFilterExpr([]fexpr.ExprGroup{item}, fieldResolver, maxExpressions) + case []fexpr.ExprGroup: + expr, exprErr = buildParsedFilterExpr(item, fieldResolver, maxExpressions) + default: + exprErr = errors.New("unsupported expression item") + } + + if exprErr != nil { + return nil, exprErr + } + + if len(result.parts) > 0 { + var op string + if group.Join == fexpr.JoinOr { + op = "OR" + } else { + op = "AND" + } + result.parts = append(result.parts, &opExpr{op}) + } + + result.parts = append(result.parts, expr) + } + + return result, nil +} + +func resolveTokenizedExpr(expr fexpr.Expr, fieldResolver FieldResolver) (dbx.Expression, error) { + lResult, lErr := resolveToken(expr.Left, fieldResolver) + if lErr != nil || lResult.Identifier == "" { + return nil, fmt.Errorf("invalid left operand %q - %v", expr.Left.Literal, lErr) + } + + rResult, rErr := resolveToken(expr.Right, fieldResolver) + if rErr != nil || rResult.Identifier == "" { + return nil, fmt.Errorf("invalid right operand %q - %v", expr.Right.Literal, rErr) + } + + return buildResolversExpr(lResult, expr.Op, rResult) +} + +func buildResolversExpr( + left *ResolverResult, + op fexpr.SignOp, + right *ResolverResult, +) (dbx.Expression, error) { + var expr dbx.Expression + + switch op { + case fexpr.SignEq, fexpr.SignAnyEq: + expr = resolveEqualExpr(true, left, right) + case fexpr.SignNeq, fexpr.SignAnyNeq: + expr = resolveEqualExpr(false, left, right) + case fexpr.SignLike, fexpr.SignAnyLike: + // the right side is a column and therefor wrap it with "%" for contains like behavior + if len(right.Params) == 0 { + expr = dbx.NewExp(fmt.Sprintf("%s LIKE ('%%' || %s || '%%') ESCAPE '\\'", left.Identifier, right.Identifier), left.Params) + } else { + expr = dbx.NewExp(fmt.Sprintf("%s LIKE %s ESCAPE '\\'", left.Identifier, right.Identifier), mergeParams(left.Params, wrapLikeParams(right.Params))) + } + case fexpr.SignNlike, fexpr.SignAnyNlike: + // the right side is a column and therefor wrap it with "%" for not-contains like behavior + if len(right.Params) == 0 { + expr = dbx.NewExp(fmt.Sprintf("%s NOT LIKE ('%%' || %s || '%%') ESCAPE '\\'", left.Identifier, right.Identifier), left.Params) + } else { + expr = dbx.NewExp(fmt.Sprintf("%s NOT LIKE %s ESCAPE '\\'", left.Identifier, right.Identifier), mergeParams(left.Params, wrapLikeParams(right.Params))) + } + case fexpr.SignLt, fexpr.SignAnyLt: + expr = dbx.NewExp(fmt.Sprintf("%s < %s", left.Identifier, right.Identifier), mergeParams(left.Params, right.Params)) + case fexpr.SignLte, fexpr.SignAnyLte: + expr = dbx.NewExp(fmt.Sprintf("%s <= %s", left.Identifier, right.Identifier), mergeParams(left.Params, right.Params)) + case fexpr.SignGt, fexpr.SignAnyGt: + expr = dbx.NewExp(fmt.Sprintf("%s > %s", left.Identifier, right.Identifier), mergeParams(left.Params, right.Params)) + case fexpr.SignGte, fexpr.SignAnyGte: + expr = dbx.NewExp(fmt.Sprintf("%s >= %s", left.Identifier, right.Identifier), mergeParams(left.Params, right.Params)) + } + + if expr == nil { + return nil, fmt.Errorf("unknown expression operator %q", op) + } + + // multi-match expressions + if !isAnyMatchOp(op) { + if left.MultiMatchSubQuery != nil && right.MultiMatchSubQuery != nil { + mm := &manyVsManyExpr{ + left: left, + right: right, + op: op, + } + + expr = dbx.Enclose(dbx.And(expr, mm)) + } else if left.MultiMatchSubQuery != nil { + mm := &manyVsOneExpr{ + noCoalesce: left.NoCoalesce, + subQuery: left.MultiMatchSubQuery, + op: op, + otherOperand: right, + } + + expr = dbx.Enclose(dbx.And(expr, mm)) + } else if right.MultiMatchSubQuery != nil { + mm := &manyVsOneExpr{ + noCoalesce: right.NoCoalesce, + subQuery: right.MultiMatchSubQuery, + op: op, + otherOperand: left, + inverse: true, + } + + expr = dbx.Enclose(dbx.And(expr, mm)) + } + } + + if left.AfterBuild != nil { + expr = left.AfterBuild(expr) + } + + if right.AfterBuild != nil { + expr = right.AfterBuild(expr) + } + + return expr, nil +} + +var normalizedIdentifiers = map[string]string{ + // if `null` field is missing, treat `null` identifier as NULL token + "null": "NULL", + // if `true` field is missing, treat `true` identifier as TRUE token + "true": "1", + // if `false` field is missing, treat `false` identifier as FALSE token + "false": "0", +} + +func resolveToken(token fexpr.Token, fieldResolver FieldResolver) (*ResolverResult, error) { + switch token.Type { + case fexpr.TokenIdentifier: + // check for macros + // --- + if macroFunc, ok := identifierMacros[token.Literal]; ok { + placeholder := "t" + security.PseudorandomString(8) + + macroValue, err := macroFunc() + if err != nil { + return nil, err + } + + return &ResolverResult{ + Identifier: "{:" + placeholder + "}", + Params: dbx.Params{placeholder: macroValue}, + }, nil + } + + // custom resolver + // --- + result, err := fieldResolver.Resolve(token.Literal) + if err != nil || result.Identifier == "" { + for k, v := range normalizedIdentifiers { + if strings.EqualFold(k, token.Literal) { + return &ResolverResult{Identifier: v}, nil + } + } + return nil, err + } + + return result, err + case fexpr.TokenText: + placeholder := "t" + security.PseudorandomString(8) + + return &ResolverResult{ + Identifier: "{:" + placeholder + "}", + Params: dbx.Params{placeholder: token.Literal}, + }, nil + case fexpr.TokenNumber: + placeholder := "t" + security.PseudorandomString(8) + + return &ResolverResult{ + Identifier: "{:" + placeholder + "}", + Params: dbx.Params{placeholder: cast.ToFloat64(token.Literal)}, + }, nil + case fexpr.TokenFunction: + fn, ok := TokenFunctions[token.Literal] + if !ok { + return nil, fmt.Errorf("unknown function %q", token.Literal) + } + + args, _ := token.Meta.([]fexpr.Token) + return fn(func(argToken fexpr.Token) (*ResolverResult, error) { + return resolveToken(argToken, fieldResolver) + }, args...) + } + + return nil, fmt.Errorf("unsupported token type %q", token.Type) +} + +// Resolves = and != expressions in an attempt to minimize the COALESCE +// usage and to gracefully handle null vs empty string normalizations. +// +// The expression `a = "" OR a is null` tends to perform better than +// `COALESCE(a, "") = ""` since the direct match can be accomplished +// with a seek while the COALESCE will induce a table scan. +func resolveEqualExpr(equal bool, left, right *ResolverResult) dbx.Expression { + isLeftEmpty := isEmptyIdentifier(left) || (len(left.Params) == 1 && hasEmptyParamValue(left)) + isRightEmpty := isEmptyIdentifier(right) || (len(right.Params) == 1 && hasEmptyParamValue(right)) + + equalOp := "=" + nullEqualOp := "IS" + concatOp := "OR" + nullExpr := "IS NULL" + if !equal { + // always use `IS NOT` instead of `!=` because direct non-equal comparisons + // to nullable column values that are actually NULL yields to NULL instead of TRUE, eg.: + // `'example' != nullableColumn` -> NULL even if nullableColumn row value is NULL + equalOp = "IS NOT" + nullEqualOp = equalOp + concatOp = "AND" + nullExpr = "IS NOT NULL" + } + + // no coalesce (eg. compare to a json field) + // a IS b + // a IS NOT b + if left.NoCoalesce || right.NoCoalesce { + return dbx.NewExp( + fmt.Sprintf("%s %s %s", left.Identifier, nullEqualOp, right.Identifier), + mergeParams(left.Params, right.Params), + ) + } + + // both operands are empty + if isLeftEmpty && isRightEmpty { + return dbx.NewExp(fmt.Sprintf("'' %s ''", equalOp), mergeParams(left.Params, right.Params)) + } + + // direct compare since at least one of the operands is known to be non-empty + // eg. a = 'example' + if isKnownNonEmptyIdentifier(left) || isKnownNonEmptyIdentifier(right) { + leftIdentifier := left.Identifier + if isLeftEmpty { + leftIdentifier = "''" + } + rightIdentifier := right.Identifier + if isRightEmpty { + rightIdentifier = "''" + } + return dbx.NewExp( + fmt.Sprintf("%s %s %s", leftIdentifier, equalOp, rightIdentifier), + mergeParams(left.Params, right.Params), + ) + } + + // "" = b OR b IS NULL + // "" IS NOT b AND b IS NOT NULL + if isLeftEmpty { + return dbx.NewExp( + fmt.Sprintf("('' %s %s %s %s %s)", equalOp, right.Identifier, concatOp, right.Identifier, nullExpr), + mergeParams(left.Params, right.Params), + ) + } + + // a = "" OR a IS NULL + // a IS NOT "" AND a IS NOT NULL + if isRightEmpty { + return dbx.NewExp( + fmt.Sprintf("(%s %s '' %s %s %s)", left.Identifier, equalOp, concatOp, left.Identifier, nullExpr), + mergeParams(left.Params, right.Params), + ) + } + + // fallback to a COALESCE comparison + return dbx.NewExp( + fmt.Sprintf( + "COALESCE(%s, '') %s COALESCE(%s, '')", + left.Identifier, + equalOp, + right.Identifier, + ), + mergeParams(left.Params, right.Params), + ) +} + +func hasEmptyParamValue(result *ResolverResult) bool { + for _, p := range result.Params { + switch v := p.(type) { + case nil: + return true + case string: + if v == "" { + return true + } + } + } + + return false +} + +func isKnownNonEmptyIdentifier(result *ResolverResult) bool { + switch strings.ToLower(result.Identifier) { + case "1", "0", "false", `true`: + return true + } + + return len(result.Params) > 0 && !hasEmptyParamValue(result) && !isEmptyIdentifier(result) +} + +func isEmptyIdentifier(result *ResolverResult) bool { + switch strings.ToLower(result.Identifier) { + case "", "null", "''", `""`, "``": + return true + default: + return false + } +} + +func isAnyMatchOp(op fexpr.SignOp) bool { + switch op { + case + fexpr.SignAnyEq, + fexpr.SignAnyNeq, + fexpr.SignAnyLike, + fexpr.SignAnyNlike, + fexpr.SignAnyLt, + fexpr.SignAnyLte, + fexpr.SignAnyGt, + fexpr.SignAnyGte: + return true + } + + return false +} + +// mergeParams returns new dbx.Params where each provided params item +// is merged in the order they are specified. +func mergeParams(params ...dbx.Params) dbx.Params { + result := dbx.Params{} + + for _, p := range params { + for k, v := range p { + result[k] = v + } + } + + return result +} + +// @todo consider adding support for custom single character wildcard +// +// wrapLikeParams wraps each provided param value string with `%` +// if the param doesn't contain an explicit wildcard (`%`) character already. +func wrapLikeParams(params dbx.Params) dbx.Params { + result := dbx.Params{} + + for k, v := range params { + vStr := cast.ToString(v) + if !containsUnescapedChar(vStr, '%') { + // note: this is done to minimize the breaking changes and to preserve the original autoescape behavior + vStr = escapeUnescapedChars(vStr, '\\', '%', '_') + vStr = "%" + vStr + "%" + } + result[k] = vStr + } + + return result +} + +func escapeUnescapedChars(str string, escapeChars ...rune) string { + rs := []rune(str) + total := len(rs) + result := make([]rune, 0, total) + + var match bool + + for i := total - 1; i >= 0; i-- { + if match { + // check if already escaped + if rs[i] != '\\' { + result = append(result, '\\') + } + match = false + } else { + for _, ec := range escapeChars { + if rs[i] == ec { + match = true + break + } + } + } + + result = append(result, rs[i]) + + // in case the matching char is at the beginning + if i == 0 && match { + result = append(result, '\\') + } + } + + // reverse + for i, j := 0, len(result)-1; i < j; i, j = i+1, j-1 { + result[i], result[j] = result[j], result[i] + } + + return string(result) +} + +func containsUnescapedChar(str string, ch rune) bool { + var prev rune + + for _, c := range str { + if c == ch && prev != '\\' { + return true + } + + if c == '\\' && prev == '\\' { + prev = rune(0) // reset escape sequence + } else { + prev = c + } + } + + return false +} + +// ------------------------------------------------------------------- + +var _ dbx.Expression = (*opExpr)(nil) + +// opExpr defines an expression that contains a raw sql operator string. +type opExpr struct { + op string +} + +// Build converts the expression into a SQL fragment. +// +// Implements [dbx.Expression] interface. +func (e *opExpr) Build(db *dbx.DB, params dbx.Params) string { + return e.op +} + +// ------------------------------------------------------------------- + +var _ dbx.Expression = (*concatExpr)(nil) + +// concatExpr defines an expression that concatenates multiple +// other expressions with a specified separator. +type concatExpr struct { + separator string + parts []dbx.Expression +} + +// Build converts the expression into a SQL fragment. +// +// Implements [dbx.Expression] interface. +func (e *concatExpr) Build(db *dbx.DB, params dbx.Params) string { + if len(e.parts) == 0 { + return "" + } + + stringParts := make([]string, 0, len(e.parts)) + + for _, p := range e.parts { + if p == nil { + continue + } + + if sql := p.Build(db, params); sql != "" { + stringParts = append(stringParts, sql) + } + } + + // skip extra parenthesis for single concat expression + if len(stringParts) == 1 && + // check for already concatenated raw/plain expressions + !strings.Contains(strings.ToUpper(stringParts[0]), " AND ") && + !strings.Contains(strings.ToUpper(stringParts[0]), " OR ") { + return stringParts[0] + } + + return "(" + strings.Join(stringParts, e.separator) + ")" +} + +// ------------------------------------------------------------------- + +var _ dbx.Expression = (*manyVsManyExpr)(nil) + +// manyVsManyExpr constructs a multi-match many<->many db where expression. +// +// Expects leftSubQuery and rightSubQuery to return a subquery with a +// single "multiMatchValue" column. +type manyVsManyExpr struct { + left *ResolverResult + right *ResolverResult + op fexpr.SignOp +} + +// Build converts the expression into a SQL fragment. +// +// Implements [dbx.Expression] interface. +func (e *manyVsManyExpr) Build(db *dbx.DB, params dbx.Params) string { + if e.left.MultiMatchSubQuery == nil || e.right.MultiMatchSubQuery == nil { + return "0=1" + } + + lAlias := "__ml" + security.PseudorandomString(8) + rAlias := "__mr" + security.PseudorandomString(8) + + whereExpr, buildErr := buildResolversExpr( + &ResolverResult{ + NoCoalesce: e.left.NoCoalesce, + Identifier: "[[" + lAlias + ".multiMatchValue]]", + }, + e.op, + &ResolverResult{ + NoCoalesce: e.right.NoCoalesce, + Identifier: "[[" + rAlias + ".multiMatchValue]]", + // note: the AfterBuild needs to be handled only once and it + // doesn't matter whether it is applied on the left or right subquery operand + AfterBuild: dbx.Not, // inverse for the not-exist expression + }, + ) + + if buildErr != nil { + return "0=1" + } + + return fmt.Sprintf( + "NOT EXISTS (SELECT 1 FROM (%s) {{%s}} LEFT JOIN (%s) {{%s}} WHERE %s)", + e.left.MultiMatchSubQuery.Build(db, params), + lAlias, + e.right.MultiMatchSubQuery.Build(db, params), + rAlias, + whereExpr.Build(db, params), + ) +} + +// ------------------------------------------------------------------- + +var _ dbx.Expression = (*manyVsOneExpr)(nil) + +// manyVsOneExpr constructs a multi-match many<->one db where expression. +// +// Expects subQuery to return a subquery with a single "multiMatchValue" column. +// +// You can set inverse=false to reverse the condition sides (aka. one<->many). +type manyVsOneExpr struct { + otherOperand *ResolverResult + subQuery dbx.Expression + op fexpr.SignOp + inverse bool + noCoalesce bool +} + +// Build converts the expression into a SQL fragment. +// +// Implements [dbx.Expression] interface. +func (e *manyVsOneExpr) Build(db *dbx.DB, params dbx.Params) string { + if e.subQuery == nil { + return "0=1" + } + + alias := "__sm" + security.PseudorandomString(8) + + r1 := &ResolverResult{ + NoCoalesce: e.noCoalesce, + Identifier: "[[" + alias + ".multiMatchValue]]", + AfterBuild: dbx.Not, // inverse for the not-exist expression + } + + r2 := &ResolverResult{ + Identifier: e.otherOperand.Identifier, + Params: e.otherOperand.Params, + } + + var whereExpr dbx.Expression + var buildErr error + + if e.inverse { + whereExpr, buildErr = buildResolversExpr(r2, e.op, r1) + } else { + whereExpr, buildErr = buildResolversExpr(r1, e.op, r2) + } + + if buildErr != nil { + return "0=1" + } + + return fmt.Sprintf( + "NOT EXISTS (SELECT 1 FROM (%s) {{%s}} WHERE %s)", + e.subQuery.Build(db, params), + alias, + whereExpr.Build(db, params), + ) +} diff --git a/tools/search/filter_test.go b/tools/search/filter_test.go new file mode 100644 index 0000000..a5bf81e --- /dev/null +++ b/tools/search/filter_test.go @@ -0,0 +1,341 @@ +package search_test + +import ( + "context" + "database/sql" + "fmt" + "regexp" + "strings" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/search" +) + +func TestFilterDataBuildExpr(t *testing.T) { + resolver := search.NewSimpleFieldResolver("test1", "test2", "test3", `^test4_\w+$`, `^test5\.[\w\.\:]*\w+$`) + + scenarios := []struct { + name string + filterData search.FilterData + expectError bool + expectPattern string + }{ + { + "empty", + "", + true, + "", + }, + { + "invalid format", + "(test1 > 1", + true, + "", + }, + { + "invalid operator", + "test1 + 123", + true, + "", + }, + { + "unknown field", + "test1 = 'example' && unknown > 1", + true, + "", + }, + { + "simple expression", + "test1 > 1", + false, + "[[test1]] > {:TEST}", + }, + { + "empty string vs null", + "'' = null && null != ''", + false, + "('' = '' AND '' IS NOT '')", + }, + { + "like with 2 columns", + "test1 ~ test2", + false, + "[[test1]] LIKE ('%' || [[test2]] || '%') ESCAPE '\\'", + }, + { + "like with right column operand", + "'lorem' ~ test1", + false, + "{:TEST} LIKE ('%' || [[test1]] || '%') ESCAPE '\\'", + }, + { + "like with left column operand and text as right operand", + "test1 ~ 'lorem'", + false, + "[[test1]] LIKE {:TEST} ESCAPE '\\'", + }, + { + "not like with 2 columns", + "test1 !~ test2", + false, + "[[test1]] NOT LIKE ('%' || [[test2]] || '%') ESCAPE '\\'", + }, + { + "not like with right column operand", + "'lorem' !~ test1", + false, + "{:TEST} NOT LIKE ('%' || [[test1]] || '%') ESCAPE '\\'", + }, + { + "like with left column operand and text as right operand", + "test1 !~ 'lorem'", + false, + "[[test1]] NOT LIKE {:TEST} ESCAPE '\\'", + }, + { + "nested json no coalesce", + "test5.a = test5.b || test5.c != test5.d", + false, + "(JSON_EXTRACT([[test5]], '$.a') IS JSON_EXTRACT([[test5]], '$.b') OR JSON_EXTRACT([[test5]], '$.c') IS NOT JSON_EXTRACT([[test5]], '$.d'))", + }, + { + "macros", + ` + test4_1 > @now && + test4_2 > @second && + test4_3 > @minute && + test4_4 > @hour && + test4_5 > @day && + test4_6 > @year && + test4_7 > @month && + test4_9 > @weekday && + test4_9 > @todayStart && + test4_10 > @todayEnd && + test4_11 > @monthStart && + test4_12 > @monthEnd && + test4_13 > @yearStart && + test4_14 > @yearEnd + `, + false, + "([[test4_1]] > {:TEST} AND [[test4_2]] > {:TEST} AND [[test4_3]] > {:TEST} AND [[test4_4]] > {:TEST} AND [[test4_5]] > {:TEST} AND [[test4_6]] > {:TEST} AND [[test4_7]] > {:TEST} AND [[test4_9]] > {:TEST} AND [[test4_9]] > {:TEST} AND [[test4_10]] > {:TEST} AND [[test4_11]] > {:TEST} AND [[test4_12]] > {:TEST} AND [[test4_13]] > {:TEST} AND [[test4_14]] > {:TEST})", + }, + { + "complex expression", + "((test1 > 1) || (test2 != 2)) && test3 ~ '%%example' && test4_sub = null", + false, + "(([[test1]] > {:TEST} OR [[test2]] IS NOT {:TEST}) AND [[test3]] LIKE {:TEST} ESCAPE '\\' AND ([[test4_sub]] = '' OR [[test4_sub]] IS NULL))", + }, + { + "combination of special literals (null, true, false)", + "test1=true && test2 != false && null = test3 || null != test4_sub", + false, + "([[test1]] = 1 AND [[test2]] IS NOT 0 AND ('' = [[test3]] OR [[test3]] IS NULL) OR ('' IS NOT [[test4_sub]] AND [[test4_sub]] IS NOT NULL))", + }, + { + "all operators", + "(test1 = test2 || test2 != test3) && (test2 ~ 'example' || test2 !~ '%%abc') && 'switch1%%' ~ test1 && 'switch2' !~ test2 && test3 > 1 && test3 >= 0 && test3 <= 4 && 2 < 5", + false, + "((COALESCE([[test1]], '') = COALESCE([[test2]], '') OR COALESCE([[test2]], '') IS NOT COALESCE([[test3]], '')) AND ([[test2]] LIKE {:TEST} ESCAPE '\\' OR [[test2]] NOT LIKE {:TEST} ESCAPE '\\') AND {:TEST} LIKE ('%' || [[test1]] || '%') ESCAPE '\\' AND {:TEST} NOT LIKE ('%' || [[test2]] || '%') ESCAPE '\\' AND [[test3]] > {:TEST} AND [[test3]] >= {:TEST} AND [[test3]] <= {:TEST} AND {:TEST} < {:TEST})", + }, + { + "geoDistance function", + "geoDistance(1,2,3,4) < 567", + false, + "(6371 * acos(cos(radians({:TEST})) * cos(radians({:TEST})) * cos(radians({:TEST}) - radians({:TEST})) + sin(radians({:TEST})) * sin(radians({:TEST})))) < {:TEST}", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + expr, err := s.filterData.BuildExpr(resolver) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("[%s] Expected hasErr %v, got %v (%v)", s.name, s.expectError, hasErr, err) + } + + if hasErr { + return + } + + dummyDB := &dbx.DB{} + + rawSql := expr.Build(dummyDB, dbx.Params{}) + + // replace TEST placeholder with .+ regex pattern + expectPattern := strings.ReplaceAll( + "^"+regexp.QuoteMeta(s.expectPattern)+"$", + "TEST", + `\w+`, + ) + + pattern := regexp.MustCompile(expectPattern) + if !pattern.MatchString(rawSql) { + t.Fatalf("[%s] Pattern %v don't match with expression: \n%v", s.name, expectPattern, rawSql) + } + }) + } +} + +func TestFilterDataBuildExprWithParams(t *testing.T) { + // create a dummy db + sqlDB, err := sql.Open("sqlite", "file::memory:?cache=shared") + if err != nil { + t.Fatal(err) + } + db := dbx.NewFromDB(sqlDB, "sqlite") + + calledQueries := []string{} + db.QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + calledQueries = append(calledQueries, sql) + } + db.ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + calledQueries = append(calledQueries, sql) + } + + date, err := time.Parse("2006-01-02", "2023-01-01") + if err != nil { + t.Fatal(err) + } + + resolver := search.NewSimpleFieldResolver(`^test\w+$`) + + filter := search.FilterData(` + test1 = {:test1} || + test2 = {:test2} || + test3a = {:test3} || + test3b = {:test3} || + test4 = {:test4} || + test5 = {:test5} || + test6 = {:test6} || + test7 = {:test7} || + test8 = {:test8} || + test9 = {:test9} || + test10 = {:test10} || + test11 = {:test11} || + test12 = {:test12} + `) + + replacements := []dbx.Params{ + {"test1": true}, + {"test2": false}, + {"test3": 123.456}, + {"test4": nil}, + {"test5": "", "test6": "simple", "test7": `'single_quotes'`, "test8": `"double_quotes"`, "test9": `escape\"quote`}, + {"test10": date}, + {"test11": []string{"a", "b", `"quote`}}, + {"test12": map[string]any{"a": 123, "b": `quote"`}}, + } + + expr, err := filter.BuildExpr(resolver, replacements...) + if err != nil { + t.Fatal(err) + } + + db.Select().Where(expr).Build().Execute() + + if len(calledQueries) != 1 { + t.Fatalf("Expected 1 query, got %d", len(calledQueries)) + } + + expectedQuery := `SELECT * WHERE ([[test1]] = 1 OR [[test2]] = 0 OR [[test3a]] = 123.456 OR [[test3b]] = 123.456 OR ([[test4]] = '' OR [[test4]] IS NULL) OR [[test5]] = '""' OR [[test6]] = 'simple' OR [[test7]] = '''single_quotes''' OR [[test8]] = '"double_quotes"' OR [[test9]] = 'escape\\"quote' OR [[test10]] = '2023-01-01 00:00:00 +0000 UTC' OR [[test11]] = '["a","b","\\"quote"]' OR [[test12]] = '{"a":123,"b":"quote\\""}')` + if expectedQuery != calledQueries[0] { + t.Fatalf("Expected query \n%s, \ngot \n%s", expectedQuery, calledQueries[0]) + } +} + +func TestFilterDataBuildExprWithLimit(t *testing.T) { + resolver := search.NewSimpleFieldResolver(`^\w+$`) + + scenarios := []struct { + limit int + filter search.FilterData + expectError bool + }{ + {1, "1 = 1", false}, + {0, "1 = 1", true}, // new cache entry should be created + {2, "1 = 1 || 1 = 1", false}, + {1, "1 = 1 || 1 = 1", true}, + {3, "1 = 1 || 1 = 1", false}, + {6, "(1=1 || 1=1) && (1=1 || (1=1 || 1=1)) && (1=1)", false}, + {5, "(1=1 || 1=1) && (1=1 || (1=1 || 1=1)) && (1=1)", true}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("limit_%d:%d", i, s.limit), func(t *testing.T) { + _, err := s.filter.BuildExprWithLimit(resolver, s.limit) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + }) + } +} + +func TestLikeParamsWrapping(t *testing.T) { + // create a dummy db + sqlDB, err := sql.Open("sqlite", "file::memory:?cache=shared") + if err != nil { + t.Fatal(err) + } + db := dbx.NewFromDB(sqlDB, "sqlite") + + calledQueries := []string{} + db.QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + calledQueries = append(calledQueries, sql) + } + db.ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) { + calledQueries = append(calledQueries, sql) + } + + resolver := search.NewSimpleFieldResolver(`^test\w+$`) + + filter := search.FilterData(` + test1 ~ {:p1} || + test2 ~ {:p2} || + test3 ~ {:p3} || + test4 ~ {:p4} || + test5 ~ {:p5} || + test6 ~ {:p6} || + test7 ~ {:p7} || + test8 ~ {:p8} || + test9 ~ {:p9} || + test10 ~ {:p10} || + test11 ~ {:p11} || + test12 ~ {:p12} + `) + + replacements := []dbx.Params{ + {"p1": `abc`}, + {"p2": `ab%c`}, + {"p3": `ab\%c`}, + {"p4": `%ab\%c`}, + {"p5": `ab\\%c`}, + {"p6": `ab\\\%c`}, + {"p7": `ab_c`}, + {"p8": `ab\_c`}, + {"p9": `%ab_c`}, + {"p10": `ab\c`}, + {"p11": `_ab\c_`}, + {"p12": `ab\c%`}, + } + + expr, err := filter.BuildExpr(resolver, replacements...) + if err != nil { + t.Fatal(err) + } + + db.Select().Where(expr).Build().Execute() + + if len(calledQueries) != 1 { + t.Fatalf("Expected 1 query, got %d", len(calledQueries)) + } + + expectedQuery := `SELECT * WHERE ([[test1]] LIKE '%abc%' ESCAPE '\' OR [[test2]] LIKE 'ab%c' ESCAPE '\' OR [[test3]] LIKE 'ab\\%c' ESCAPE '\' OR [[test4]] LIKE '%ab\\%c' ESCAPE '\' OR [[test5]] LIKE 'ab\\\\%c' ESCAPE '\' OR [[test6]] LIKE 'ab\\\\\\%c' ESCAPE '\' OR [[test7]] LIKE '%ab\_c%' ESCAPE '\' OR [[test8]] LIKE '%ab\\\_c%' ESCAPE '\' OR [[test9]] LIKE '%ab_c' ESCAPE '\' OR [[test10]] LIKE '%ab\\c%' ESCAPE '\' OR [[test11]] LIKE '%\_ab\\c\_%' ESCAPE '\' OR [[test12]] LIKE 'ab\\c%' ESCAPE '\')` + if expectedQuery != calledQueries[0] { + t.Fatalf("Expected query \n%s, \ngot \n%s", expectedQuery, calledQueries[0]) + } +} diff --git a/tools/search/identifier_macros.go b/tools/search/identifier_macros.go new file mode 100644 index 0000000..b0314de --- /dev/null +++ b/tools/search/identifier_macros.go @@ -0,0 +1,135 @@ +package search + +import ( + "fmt" + "time" + + "github.com/pocketbase/pocketbase/tools/types" +) + +// note: used primarily for the tests +var timeNow = func() time.Time { + return time.Now() +} + +var identifierMacros = map[string]func() (any, error){ + "@now": func() (any, error) { + today := timeNow().UTC() + + d, err := types.ParseDateTime(today) + if err != nil { + return "", fmt.Errorf("@now: %w", err) + } + + return d.String(), nil + }, + "@yesterday": func() (any, error) { + yesterday := timeNow().UTC().AddDate(0, 0, -1) + + d, err := types.ParseDateTime(yesterday) + if err != nil { + return "", fmt.Errorf("@yesterday: %w", err) + } + + return d.String(), nil + }, + "@tomorrow": func() (any, error) { + tomorrow := timeNow().UTC().AddDate(0, 0, 1) + + d, err := types.ParseDateTime(tomorrow) + if err != nil { + return "", fmt.Errorf("@tomorrow: %w", err) + } + + return d.String(), nil + }, + "@second": func() (any, error) { + return timeNow().UTC().Second(), nil + }, + "@minute": func() (any, error) { + return timeNow().UTC().Minute(), nil + }, + "@hour": func() (any, error) { + return timeNow().UTC().Hour(), nil + }, + "@day": func() (any, error) { + return timeNow().UTC().Day(), nil + }, + "@month": func() (any, error) { + return int(timeNow().UTC().Month()), nil + }, + "@weekday": func() (any, error) { + return int(timeNow().UTC().Weekday()), nil + }, + "@year": func() (any, error) { + return timeNow().UTC().Year(), nil + }, + "@todayStart": func() (any, error) { + today := timeNow().UTC() + start := time.Date(today.Year(), today.Month(), today.Day(), 0, 0, 0, 0, time.UTC) + + d, err := types.ParseDateTime(start) + if err != nil { + return "", fmt.Errorf("@todayStart: %w", err) + } + + return d.String(), nil + }, + "@todayEnd": func() (any, error) { + today := timeNow().UTC() + + start := time.Date(today.Year(), today.Month(), today.Day(), 23, 59, 59, 999999999, time.UTC) + + d, err := types.ParseDateTime(start) + if err != nil { + return "", fmt.Errorf("@todayEnd: %w", err) + } + + return d.String(), nil + }, + "@monthStart": func() (any, error) { + today := timeNow().UTC() + start := time.Date(today.Year(), today.Month(), 1, 0, 0, 0, 0, time.UTC) + + d, err := types.ParseDateTime(start) + if err != nil { + return "", fmt.Errorf("@monthStart: %w", err) + } + + return d.String(), nil + }, + "@monthEnd": func() (any, error) { + today := timeNow().UTC() + start := time.Date(today.Year(), today.Month(), 1, 23, 59, 59, 999999999, time.UTC) + end := start.AddDate(0, 1, -1) + + d, err := types.ParseDateTime(end) + if err != nil { + return "", fmt.Errorf("@monthEnd: %w", err) + } + + return d.String(), nil + }, + "@yearStart": func() (any, error) { + today := timeNow().UTC() + start := time.Date(today.Year(), 1, 1, 0, 0, 0, 0, time.UTC) + + d, err := types.ParseDateTime(start) + if err != nil { + return "", fmt.Errorf("@yearStart: %w", err) + } + + return d.String(), nil + }, + "@yearEnd": func() (any, error) { + today := timeNow().UTC() + end := time.Date(today.Year(), 12, 31, 23, 59, 59, 999999999, time.UTC) + + d, err := types.ParseDateTime(end) + if err != nil { + return "", fmt.Errorf("@yearEnd: %w", err) + } + + return d.String(), nil + }, +} diff --git a/tools/search/identifier_macros_test.go b/tools/search/identifier_macros_test.go new file mode 100644 index 0000000..0c58df4 --- /dev/null +++ b/tools/search/identifier_macros_test.go @@ -0,0 +1,58 @@ +package search + +import ( + "testing" + "time" +) + +func TestIdentifierMacros(t *testing.T) { + originalTimeNow := timeNow + + timeNow = func() time.Time { + return time.Date(2023, 2, 3, 4, 5, 6, 7, time.UTC) + } + + testMacros := map[string]any{ + "@now": "2023-02-03 04:05:06.000Z", + "@yesterday": "2023-02-02 04:05:06.000Z", + "@tomorrow": "2023-02-04 04:05:06.000Z", + "@second": 6, + "@minute": 5, + "@hour": 4, + "@day": 3, + "@month": 2, + "@weekday": 5, + "@year": 2023, + "@todayStart": "2023-02-03 00:00:00.000Z", + "@todayEnd": "2023-02-03 23:59:59.999Z", + "@monthStart": "2023-02-01 00:00:00.000Z", + "@monthEnd": "2023-02-28 23:59:59.999Z", + "@yearStart": "2023-01-01 00:00:00.000Z", + "@yearEnd": "2023-12-31 23:59:59.999Z", + } + + if len(testMacros) != len(identifierMacros) { + t.Fatalf("Expected %d macros, got %d", len(testMacros), len(identifierMacros)) + } + + for key, expected := range testMacros { + t.Run(key, func(t *testing.T) { + macro, ok := identifierMacros[key] + if !ok { + t.Fatalf("Missing macro %s", key) + } + + result, err := macro() + if err != nil { + t.Fatal(err) + } + + if result != expected { + t.Fatalf("Expected %q, got %q", expected, result) + } + }) + } + + // restore + timeNow = originalTimeNow +} diff --git a/tools/search/provider.go b/tools/search/provider.go new file mode 100644 index 0000000..a9acc15 --- /dev/null +++ b/tools/search/provider.go @@ -0,0 +1,361 @@ +package search + +import ( + "errors" + "math" + "net/url" + "strconv" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/inflector" + "golang.org/x/sync/errgroup" +) + +const ( + // DefaultPerPage specifies the default number of returned search result items. + DefaultPerPage int = 30 + + // DefaultFilterExprLimit specifies the default filter expressions limit. + DefaultFilterExprLimit int = 200 + + // DefaultSortExprLimit specifies the default sort expressions limit. + DefaultSortExprLimit int = 8 + + // MaxPerPage specifies the max allowed search result items returned in a single page. + MaxPerPage int = 1000 + + // MaxFilterLength specifies the max allowed individual search filter parsable length. + MaxFilterLength int = 3500 + + // MaxSortFieldLength specifies the max allowed individual sort field parsable length. + MaxSortFieldLength int = 255 +) + +// Common search errors. +var ( + ErrEmptyQuery = errors.New("search query is not set") + ErrSortExprLimit = errors.New("max sort expressions limit reached") + ErrFilterExprLimit = errors.New("max filter expressions limit reached") + ErrFilterLengthLimit = errors.New("max filter length limit reached") + ErrSortFieldLengthLimit = errors.New("max sort field length limit reached") +) + +// URL search query params +const ( + PageQueryParam string = "page" + PerPageQueryParam string = "perPage" + SortQueryParam string = "sort" + FilterQueryParam string = "filter" + SkipTotalQueryParam string = "skipTotal" +) + +// Result defines the returned search result structure. +type Result struct { + Items any `json:"items"` + Page int `json:"page"` + PerPage int `json:"perPage"` + TotalItems int `json:"totalItems"` + TotalPages int `json:"totalPages"` +} + +// Provider represents a single configured search provider instance. +type Provider struct { + fieldResolver FieldResolver + query *dbx.SelectQuery + countCol string + sort []SortField + filter []FilterData + page int + perPage int + skipTotal bool + maxFilterExprLimit int + maxSortExprLimit int +} + +// NewProvider initializes and returns a new search provider. +// +// Example: +// +// baseQuery := db.Select("*").From("user") +// fieldResolver := search.NewSimpleFieldResolver("id", "name") +// models := []*YourDataStruct{} +// +// result, err := search.NewProvider(fieldResolver). +// Query(baseQuery). +// ParseAndExec("page=2&filter=id>0&sort=-email", &models) +func NewProvider(fieldResolver FieldResolver) *Provider { + return &Provider{ + fieldResolver: fieldResolver, + countCol: "id", + page: 1, + perPage: DefaultPerPage, + sort: []SortField{}, + filter: []FilterData{}, + maxFilterExprLimit: DefaultFilterExprLimit, + maxSortExprLimit: DefaultSortExprLimit, + } +} + +// MaxFilterExprLimit changes the default max allowed filter expressions. +// +// Note that currently the limit is applied individually for each separate filter. +func (s *Provider) MaxFilterExprLimit(max int) *Provider { + s.maxFilterExprLimit = max + return s +} + +// MaxSortExprLimit changes the default max allowed sort expressions. +func (s *Provider) MaxSortExprLimit(max int) *Provider { + s.maxSortExprLimit = max + return s +} + +// Query sets the base query that will be used to fetch the search items. +func (s *Provider) Query(query *dbx.SelectQuery) *Provider { + s.query = query + return s +} + +// SkipTotal changes the `skipTotal` field of the current search provider. +func (s *Provider) SkipTotal(skipTotal bool) *Provider { + s.skipTotal = skipTotal + return s +} + +// CountCol allows changing the default column (id) that is used +// to generate the COUNT SQL query statement. +// +// This field is ignored if skipTotal is true. +func (s *Provider) CountCol(name string) *Provider { + s.countCol = name + return s +} + +// Page sets the `page` field of the current search provider. +// +// Normalization on the `page` value is done during `Exec()`. +func (s *Provider) Page(page int) *Provider { + s.page = page + return s +} + +// PerPage sets the `perPage` field of the current search provider. +// +// Normalization on the `perPage` value is done during `Exec()`. +func (s *Provider) PerPage(perPage int) *Provider { + s.perPage = perPage + return s +} + +// Sort sets the `sort` field of the current search provider. +func (s *Provider) Sort(sort []SortField) *Provider { + s.sort = sort + return s +} + +// AddSort appends the provided SortField to the existing provider's sort field. +func (s *Provider) AddSort(field SortField) *Provider { + s.sort = append(s.sort, field) + return s +} + +// Filter sets the `filter` field of the current search provider. +func (s *Provider) Filter(filter []FilterData) *Provider { + s.filter = filter + return s +} + +// AddFilter appends the provided FilterData to the existing provider's filter field. +func (s *Provider) AddFilter(filter FilterData) *Provider { + if filter != "" { + s.filter = append(s.filter, filter) + } + return s +} + +// Parse parses the search query parameter from the provided query string +// and assigns the found fields to the current search provider. +// +// The data from the "sort" and "filter" query parameters are appended +// to the existing provider's `sort` and `filter` fields +// (aka. using `AddSort` and `AddFilter`). +func (s *Provider) Parse(urlQuery string) error { + params, err := url.ParseQuery(urlQuery) + if err != nil { + return err + } + + if raw := params.Get(SkipTotalQueryParam); raw != "" { + v, err := strconv.ParseBool(raw) + if err != nil { + return err + } + s.SkipTotal(v) + } + + if raw := params.Get(PageQueryParam); raw != "" { + v, err := strconv.Atoi(raw) + if err != nil { + return err + } + s.Page(v) + } + + if raw := params.Get(PerPageQueryParam); raw != "" { + v, err := strconv.Atoi(raw) + if err != nil { + return err + } + s.PerPage(v) + } + + if raw := params.Get(SortQueryParam); raw != "" { + for _, sortField := range ParseSortFromString(raw) { + s.AddSort(sortField) + } + } + + if raw := params.Get(FilterQueryParam); raw != "" { + s.AddFilter(FilterData(raw)) + } + + return nil +} + +// Exec executes the search provider and fills/scans +// the provided `items` slice with the found models. +func (s *Provider) Exec(items any) (*Result, error) { + if s.query == nil { + return nil, ErrEmptyQuery + } + + // shallow clone the provider's query + modelsQuery := *s.query + + // build filters + for _, f := range s.filter { + if len(f) > MaxFilterLength { + return nil, ErrFilterLengthLimit + } + expr, err := f.BuildExprWithLimit(s.fieldResolver, s.maxFilterExprLimit) + if err != nil { + return nil, err + } + if expr != nil { + modelsQuery.AndWhere(expr) + } + } + + // apply sorting + if len(s.sort) > s.maxSortExprLimit { + return nil, ErrSortExprLimit + } + for _, sortField := range s.sort { + if len(sortField.Name) > MaxSortFieldLength { + return nil, ErrSortFieldLengthLimit + } + expr, err := sortField.BuildExpr(s.fieldResolver) + if err != nil { + return nil, err + } + if expr != "" { + // ensure that _rowid_ expressions are always prefixed with the first FROM table + if sortField.Name == rowidSortKey && !strings.Contains(expr, ".") { + queryInfo := modelsQuery.Info() + if len(queryInfo.From) > 0 { + expr = "[[" + inflector.Columnify(queryInfo.From[0]) + "]]." + expr + } + } + + modelsQuery.AndOrderBy(expr) + } + } + + // apply field resolver query modifications (if any) + if err := s.fieldResolver.UpdateQuery(&modelsQuery); err != nil { + return nil, err + } + + // normalize page + if s.page <= 0 { + s.page = 1 + } + + // normalize perPage + if s.perPage <= 0 { + s.perPage = DefaultPerPage + } else if s.perPage > MaxPerPage { + s.perPage = MaxPerPage + } + + // negative value to differentiate from the zero default + totalCount := -1 + totalPages := -1 + + // prepare a count query from the base one + countQuery := modelsQuery // shallow clone + countExec := func() error { + queryInfo := countQuery.Info() + countCol := s.countCol + if len(queryInfo.From) > 0 { + countCol = queryInfo.From[0] + "." + countCol + } + + // note: countQuery is shallow cloned and slice/map in-place modifications should be avoided + err := countQuery.Distinct(false). + Select("COUNT(DISTINCT [[" + countCol + "]])"). + OrderBy( /* reset */ ). + Row(&totalCount) + if err != nil { + return err + } + + totalPages = int(math.Ceil(float64(totalCount) / float64(s.perPage))) + + return nil + } + + // apply pagination to the original query and fetch the models + modelsExec := func() error { + modelsQuery.Limit(int64(s.perPage)) + modelsQuery.Offset(int64(s.perPage * (s.page - 1))) + + return modelsQuery.All(items) + } + + if !s.skipTotal { + // execute the 2 queries concurrently + errg := new(errgroup.Group) + errg.SetLimit(2) + errg.Go(countExec) + errg.Go(modelsExec) + if err := errg.Wait(); err != nil { + return nil, err + } + } else { + if err := modelsExec(); err != nil { + return nil, err + } + } + + result := &Result{ + Page: s.page, + PerPage: s.perPage, + TotalItems: totalCount, + TotalPages: totalPages, + Items: items, + } + + return result, nil +} + +// ParseAndExec is a short convenient method to trigger both +// `Parse()` and `Exec()` in a single call. +func (s *Provider) ParseAndExec(urlQuery string, modelsSlice any) (*Result, error) { + if err := s.Parse(urlQuery); err != nil { + return nil, err + } + + return s.Exec(modelsSlice) +} diff --git a/tools/search/provider_test.go b/tools/search/provider_test.go new file mode 100644 index 0000000..0a52398 --- /dev/null +++ b/tools/search/provider_test.go @@ -0,0 +1,794 @@ +package search + +import ( + "context" + "database/sql" + "encoding/json" + "errors" + "fmt" + "strconv" + "strings" + "testing" + "time" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/list" + _ "modernc.org/sqlite" +) + +func TestNewProvider(t *testing.T) { + r := &testFieldResolver{} + p := NewProvider(r) + + if p.page != 1 { + t.Fatalf("Expected page %d, got %d", 1, p.page) + } + + if p.perPage != DefaultPerPage { + t.Fatalf("Expected perPage %d, got %d", DefaultPerPage, p.perPage) + } + + if p.maxFilterExprLimit != DefaultFilterExprLimit { + t.Fatalf("Expected maxFilterExprLimit %d, got %d", DefaultFilterExprLimit, p.maxFilterExprLimit) + } + + if p.maxSortExprLimit != DefaultSortExprLimit { + t.Fatalf("Expected maxSortExprLimit %d, got %d", DefaultSortExprLimit, p.maxSortExprLimit) + } +} + +func TestMaxFilterExprLimit(t *testing.T) { + p := NewProvider(&testFieldResolver{}) + + testVals := []int{0, -10, 10} + + for _, val := range testVals { + t.Run("max_"+strconv.Itoa(val), func(t *testing.T) { + p.MaxFilterExprLimit(val) + + if p.maxFilterExprLimit != val { + t.Fatalf("Expected maxFilterExprLimit to change to %d, got %d", val, p.maxFilterExprLimit) + } + }) + } +} + +func TestMaxSortExprLimit(t *testing.T) { + p := NewProvider(&testFieldResolver{}) + + testVals := []int{0, -10, 10} + + for _, val := range testVals { + t.Run("max_"+strconv.Itoa(val), func(t *testing.T) { + p.MaxSortExprLimit(val) + + if p.maxSortExprLimit != val { + t.Fatalf("Expected maxSortExprLimit to change to %d, got %d", val, p.maxSortExprLimit) + } + }) + } +} + +func TestProviderQuery(t *testing.T) { + db := dbx.NewFromDB(nil, "") + query := db.Select("id").From("test") + querySql := query.Build().SQL() + + r := &testFieldResolver{} + p := NewProvider(r).Query(query) + + expected := p.query.Build().SQL() + + if querySql != expected { + t.Fatalf("Expected %v, got %v", expected, querySql) + } +} + +func TestProviderSkipTotal(t *testing.T) { + p := NewProvider(&testFieldResolver{}) + + if p.skipTotal { + t.Fatalf("Expected the default skipTotal to be %v, got %v", false, p.skipTotal) + } + + p.SkipTotal(true) + + if !p.skipTotal { + t.Fatalf("Expected skipTotal to change to %v, got %v", true, p.skipTotal) + } +} + +func TestProviderCountCol(t *testing.T) { + p := NewProvider(&testFieldResolver{}) + + if p.countCol != "id" { + t.Fatalf("Expected the default countCol to be %s, got %s", "id", p.countCol) + } + + p.CountCol("test") + + if p.countCol != "test" { + t.Fatalf("Expected colCount to change to %s, got %s", "test", p.countCol) + } +} + +func TestProviderPage(t *testing.T) { + r := &testFieldResolver{} + p := NewProvider(r).Page(10) + + if p.page != 10 { + t.Fatalf("Expected page %v, got %v", 10, p.page) + } +} + +func TestProviderPerPage(t *testing.T) { + r := &testFieldResolver{} + p := NewProvider(r).PerPage(456) + + if p.perPage != 456 { + t.Fatalf("Expected perPage %v, got %v", 456, p.perPage) + } +} + +func TestProviderSort(t *testing.T) { + initialSort := []SortField{{"test1", SortAsc}, {"test2", SortAsc}} + r := &testFieldResolver{} + p := NewProvider(r). + Sort(initialSort). + AddSort(SortField{"test3", SortDesc}) + + encoded, _ := json.Marshal(p.sort) + expected := `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"ASC"},{"name":"test3","direction":"DESC"}]` + + if string(encoded) != expected { + t.Fatalf("Expected sort %v, got \n%v", expected, string(encoded)) + } +} + +func TestProviderFilter(t *testing.T) { + initialFilter := []FilterData{"test1", "test2"} + r := &testFieldResolver{} + p := NewProvider(r). + Filter(initialFilter). + AddFilter("test3") + + encoded, _ := json.Marshal(p.filter) + expected := `["test1","test2","test3"]` + + if string(encoded) != expected { + t.Fatalf("Expected filter %v, got \n%v", expected, string(encoded)) + } +} + +func TestProviderParse(t *testing.T) { + initialPage := 2 + initialPerPage := 123 + initialSort := []SortField{{"test1", SortAsc}, {"test2", SortAsc}} + initialFilter := []FilterData{"test1", "test2"} + + scenarios := []struct { + query string + expectError bool + expectPage int + expectPerPage int + expectSort string + expectFilter string + }{ + // empty + { + "", + false, + initialPage, + initialPerPage, + `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"ASC"}]`, + `["test1","test2"]`, + }, + // invalid query + { + "invalid;", + true, + initialPage, + initialPerPage, + `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"ASC"}]`, + `["test1","test2"]`, + }, + // invalid page + { + "page=a", + true, + initialPage, + initialPerPage, + `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"ASC"}]`, + `["test1","test2"]`, + }, + // invalid perPage + { + "perPage=a", + true, + initialPage, + initialPerPage, + `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"ASC"}]`, + `["test1","test2"]`, + }, + // valid query parameters + { + "page=3&perPage=456&filter=test3&sort=-a,b,+c&other=123", + false, + 3, + 456, + `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"ASC"},{"name":"a","direction":"DESC"},{"name":"b","direction":"ASC"},{"name":"c","direction":"ASC"}]`, + `["test1","test2","test3"]`, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.query), func(t *testing.T) { + r := &testFieldResolver{} + p := NewProvider(r). + Page(initialPage). + PerPage(initialPerPage). + Sort(initialSort). + Filter(initialFilter) + + err := p.Parse(s.query) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if p.page != s.expectPage { + t.Fatalf("Expected page %v, got %v", s.expectPage, p.page) + } + + if p.perPage != s.expectPerPage { + t.Fatalf("Expected perPage %v, got %v", s.expectPerPage, p.perPage) + } + + encodedSort, _ := json.Marshal(p.sort) + if string(encodedSort) != s.expectSort { + t.Fatalf("Expected sort %v, got \n%v", s.expectSort, string(encodedSort)) + } + + encodedFilter, _ := json.Marshal(p.filter) + if string(encodedFilter) != s.expectFilter { + t.Fatalf("Expected filter %v, got \n%v", s.expectFilter, string(encodedFilter)) + } + }) + } +} + +func TestProviderExecEmptyQuery(t *testing.T) { + p := NewProvider(&testFieldResolver{}). + Query(nil) + + _, err := p.Exec(&[]testTableStruct{}) + if err == nil { + t.Fatalf("Expected error with empty query, got nil") + } +} + +func TestProviderExecNonEmptyQuery(t *testing.T) { + testDB, err := createTestDB() + if err != nil { + t.Fatal(err) + } + defer testDB.Close() + + query := testDB.Select("*"). + From("test"). + Where(dbx.Not(dbx.HashExp{"test1": nil})). + OrderBy("test1 ASC") + + scenarios := []struct { + name string + page int + perPage int + sort []SortField + filter []FilterData + skipTotal bool + expectError bool + expectResult string + expectQueries []string + }{ + { + "page normalization", + -1, + 10, + []SortField{}, + []FilterData{}, + false, + false, + `{"items":[{"test1":1,"test2":"test2.1","test3":""},{"test1":2,"test2":"test2.2","test3":""}],"page":1,"perPage":10,"totalItems":2,"totalPages":1}`, + []string{ + "SELECT COUNT(DISTINCT [[test.id]]) FROM `test` WHERE NOT (`test1` IS NULL)", + "SELECT * FROM `test` WHERE NOT (`test1` IS NULL) ORDER BY `test1` ASC LIMIT 10", + }, + }, + { + "perPage normalization", + 10, + 0, // fallback to default + []SortField{}, + []FilterData{}, + false, + false, + `{"items":[],"page":10,"perPage":30,"totalItems":2,"totalPages":1}`, + []string{ + "SELECT COUNT(DISTINCT [[test.id]]) FROM `test` WHERE NOT (`test1` IS NULL)", + "SELECT * FROM `test` WHERE NOT (`test1` IS NULL) ORDER BY `test1` ASC LIMIT 30 OFFSET 270", + }, + }, + { + "invalid sort field", + 1, + 10, + []SortField{{"unknown", SortAsc}}, + []FilterData{}, + false, + true, + "", + nil, + }, + { + "invalid filter", + 1, + 10, + []SortField{}, + []FilterData{"test2 = 'test2.1'", "invalid"}, + false, + true, + "", + nil, + }, + { + "valid sort and filter fields", + 1, + 5555, // will be limited by MaxPerPage + []SortField{{"test2", SortDesc}}, + []FilterData{"test2 != null", "test1 >= 2"}, + false, + false, + `{"items":[{"test1":2,"test2":"test2.2","test3":""}],"page":1,"perPage":` + fmt.Sprint(MaxPerPage) + `,"totalItems":1,"totalPages":1}`, + []string{ + "SELECT COUNT(DISTINCT [[test.id]]) FROM `test` WHERE ((NOT (`test1` IS NULL)) AND (((test2 IS NOT '' AND test2 IS NOT NULL)))) AND (test1 >= 2)", + "SELECT * FROM `test` WHERE ((NOT (`test1` IS NULL)) AND (((test2 IS NOT '' AND test2 IS NOT NULL)))) AND (test1 >= 2) ORDER BY `test1` ASC, `test2` DESC LIMIT " + fmt.Sprint(MaxPerPage), + }, + }, + { + "valid sort and filter fields (skipTotal=1)", + 1, + 5555, // will be limited by MaxPerPage + []SortField{{"test2", SortDesc}}, + []FilterData{"test2 != null", "test1 >= 2"}, + true, + false, + `{"items":[{"test1":2,"test2":"test2.2","test3":""}],"page":1,"perPage":` + fmt.Sprint(MaxPerPage) + `,"totalItems":-1,"totalPages":-1}`, + []string{ + "SELECT * FROM `test` WHERE ((NOT (`test1` IS NULL)) AND (((test2 IS NOT '' AND test2 IS NOT NULL)))) AND (test1 >= 2) ORDER BY `test1` ASC, `test2` DESC LIMIT " + fmt.Sprint(MaxPerPage), + }, + }, + { + "valid sort and filter fields (zero results)", + 1, + 10, + []SortField{{"test3", SortAsc}}, + []FilterData{"test3 != ''"}, + false, + false, + `{"items":[],"page":1,"perPage":10,"totalItems":0,"totalPages":0}`, + []string{ + "SELECT COUNT(DISTINCT [[test.id]]) FROM `test` WHERE (NOT (`test1` IS NULL)) AND (((test3 IS NOT '' AND test3 IS NOT NULL)))", + "SELECT * FROM `test` WHERE (NOT (`test1` IS NULL)) AND (((test3 IS NOT '' AND test3 IS NOT NULL))) ORDER BY `test1` ASC, `test3` ASC LIMIT 10", + }, + }, + { + "valid sort and filter fields (zero results; skipTotal=1)", + 1, + 10, + []SortField{{"test3", SortAsc}}, + []FilterData{"test3 != ''"}, + true, + false, + `{"items":[],"page":1,"perPage":10,"totalItems":-1,"totalPages":-1}`, + []string{ + "SELECT * FROM `test` WHERE (NOT (`test1` IS NULL)) AND (((test3 IS NOT '' AND test3 IS NOT NULL))) ORDER BY `test1` ASC, `test3` ASC LIMIT 10", + }, + }, + { + "pagination test", + 2, + 1, + []SortField{}, + []FilterData{}, + false, + false, + `{"items":[{"test1":2,"test2":"test2.2","test3":""}],"page":2,"perPage":1,"totalItems":2,"totalPages":2}`, + []string{ + "SELECT COUNT(DISTINCT [[test.id]]) FROM `test` WHERE NOT (`test1` IS NULL)", + "SELECT * FROM `test` WHERE NOT (`test1` IS NULL) ORDER BY `test1` ASC LIMIT 1 OFFSET 1", + }, + }, + { + "pagination test (skipTotal=1)", + 2, + 1, + []SortField{}, + []FilterData{}, + true, + false, + `{"items":[{"test1":2,"test2":"test2.2","test3":""}],"page":2,"perPage":1,"totalItems":-1,"totalPages":-1}`, + []string{ + "SELECT * FROM `test` WHERE NOT (`test1` IS NULL) ORDER BY `test1` ASC LIMIT 1 OFFSET 1", + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testDB.CalledQueries = []string{} // reset + + testResolver := &testFieldResolver{} + p := NewProvider(testResolver). + Query(query). + Page(s.page). + PerPage(s.perPage). + Sort(s.sort). + SkipTotal(s.skipTotal). + Filter(s.filter) + + result, err := p.Exec(&[]testTableStruct{}) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if testResolver.UpdateQueryCalls != 1 { + t.Fatalf("Expected resolver.Update to be called %d, got %d", 1, testResolver.UpdateQueryCalls) + } + + encoded, _ := json.Marshal(result) + if string(encoded) != s.expectResult { + t.Fatalf("Expected result %v, got \n%v", s.expectResult, string(encoded)) + } + + if len(s.expectQueries) != len(testDB.CalledQueries) { + t.Fatalf("Expected %d queries, got %d: \n%v", len(s.expectQueries), len(testDB.CalledQueries), testDB.CalledQueries) + } + + for _, q := range testDB.CalledQueries { + if !list.ExistInSliceWithRegex(q, s.expectQueries) { + t.Fatalf("Didn't expect query \n%v \nin \n%v", q, s.expectQueries) + } + } + }) + } +} + +func TestProviderFilterAndSortLimits(t *testing.T) { + testDB, err := createTestDB() + if err != nil { + t.Fatal(err) + } + defer testDB.Close() + + query := testDB.Select("*"). + From("test"). + Where(dbx.Not(dbx.HashExp{"test1": nil})). + OrderBy("test1 ASC") + + scenarios := []struct { + name string + filter []FilterData + sort []SortField + maxFilterExprLimit int + maxSortExprLimit int + expectError bool + }{ + // filter + { + "<= max filter length", + []FilterData{ + "1=2", + FilterData("1='" + strings.Repeat("a", MaxFilterLength-4) + "'"), + }, + []SortField{}, + 1, + 0, + false, + }, + { + "> max filter length", + []FilterData{ + "1=2", + FilterData("1='" + strings.Repeat("a", MaxFilterLength-3) + "'"), + }, + []SortField{}, + 1, + 0, + true, + }, + { + "<= max filter exprs", + []FilterData{ + "1=2", + "(1=1 || 1=1) && (1=1 || (1=1 || 1=1)) && (1=1)", + }, + []SortField{}, + 6, + 0, + false, + }, + { + "> max filter exprs", + []FilterData{ + "1=2", + "(1=1 || 1=1) && (1=1 || (1=1 || 1=1)) && (1=1)", + }, + []SortField{}, + 5, + 0, + true, + }, + + // sort + { + "<= max sort field length", + []FilterData{}, + []SortField{ + {"id", SortAsc}, + {"test1", SortDesc}, + {strings.Repeat("a", MaxSortFieldLength), SortDesc}, + }, + 0, + 10, + false, + }, + { + "> max sort field length", + []FilterData{}, + []SortField{ + {"id", SortAsc}, + {"test1", SortDesc}, + {strings.Repeat("b", MaxSortFieldLength+1), SortDesc}, + }, + 0, + 10, + true, + }, + { + "<= max sort exprs", + []FilterData{}, + []SortField{ + {"id", SortAsc}, + {"test1", SortDesc}, + }, + 0, + 2, + false, + }, + { + "> max sort exprs", + []FilterData{}, + []SortField{ + {"id", SortAsc}, + {"test1", SortDesc}, + }, + 0, + 1, + true, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testResolver := &testFieldResolver{} + p := NewProvider(testResolver). + Query(query). + Sort(s.sort). + Filter(s.filter). + MaxFilterExprLimit(s.maxFilterExprLimit). + MaxSortExprLimit(s.maxSortExprLimit) + + _, err := p.Exec(&[]testTableStruct{}) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v", s.expectError, hasErr) + } + }) + } +} + +func TestProviderParseAndExec(t *testing.T) { + testDB, err := createTestDB() + if err != nil { + t.Fatal(err) + } + defer testDB.Close() + + query := testDB.Select("*"). + From("test"). + Where(dbx.Not(dbx.HashExp{"test1": nil})). + OrderBy("test1 ASC") + + scenarios := []struct { + name string + queryString string + expectError bool + expectResult string + }{ + { + "no extra query params (aka. use the provider presets)", + "", + false, + `{"items":[],"page":2,"perPage":123,"totalItems":2,"totalPages":1}`, + }, + { + "invalid query", + "invalid;", + true, + "", + }, + { + "invalid page", + "page=a", + true, + "", + }, + { + "invalid perPage", + "perPage=a", + true, + "", + }, + { + "invalid skipTotal", + "skipTotal=a", + true, + "", + }, + { + "invalid sorting field", + "sort=-unknown", + true, + "", + }, + { + "invalid filter field", + "filter=unknown>1", + true, + "", + }, + { + "page > existing", + "page=3&perPage=9999", + false, + `{"items":[],"page":3,"perPage":1000,"totalItems":2,"totalPages":1}`, + }, + { + "valid query params", + "page=1&perPage=9999&filter=test1>1&sort=-test2,test3", + false, + `{"items":[{"test1":2,"test2":"test2.2","test3":""}],"page":1,"perPage":1000,"totalItems":1,"totalPages":1}`, + }, + { + "valid query params with skipTotal=1", + "page=1&perPage=9999&filter=test1>1&sort=-test2,test3&skipTotal=1", + false, + `{"items":[{"test1":2,"test2":"test2.2","test3":""}],"page":1,"perPage":1000,"totalItems":-1,"totalPages":-1}`, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + testDB.CalledQueries = []string{} // reset + + testResolver := &testFieldResolver{} + provider := NewProvider(testResolver). + Query(query). + Page(2). + PerPage(123). + Sort([]SortField{{"test2", SortAsc}}). + Filter([]FilterData{"test1 > 0"}) + + result, err := provider.ParseAndExec(s.queryString, &[]testTableStruct{}) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if testResolver.UpdateQueryCalls != 1 { + t.Fatalf("Expected resolver.Update to be called %d, got %d", 1, testResolver.UpdateQueryCalls) + } + + expectedQueries := 2 + if provider.skipTotal { + expectedQueries = 1 + } + + if len(testDB.CalledQueries) != expectedQueries { + t.Fatalf("Expected %d db queries, got %d: \n%v", expectedQueries, len(testDB.CalledQueries), testDB.CalledQueries) + } + + encoded, _ := json.Marshal(result) + if string(encoded) != s.expectResult { + t.Fatalf("Expected result \n%v\ngot\n%v", s.expectResult, string(encoded)) + } + }) + } +} + +// ------------------------------------------------------------------- +// Helpers +// ------------------------------------------------------------------- + +type testTableStruct struct { + Test1 int `db:"test1" json:"test1"` + Test2 string `db:"test2" json:"test2"` + Test3 string `db:"test3" json:"test3"` +} + +type testDB struct { + *dbx.DB + CalledQueries []string +} + +// NB! Don't forget to call `db.Close()` at the end of the test. +func createTestDB() (*testDB, error) { + // using a shared cache to allow multiple connections access to + // the same in memory database https://www.sqlite.org/inmemorydb.html + sqlDB, err := sql.Open("sqlite", "file::memory:?cache=shared") + if err != nil { + return nil, err + } + + db := testDB{DB: dbx.NewFromDB(sqlDB, "sqlite")} + db.CreateTable("test", map[string]string{ + "id": "int default 0", + "test1": "int default 0", + "test2": "text default ''", + "test3": "text default ''", + strings.Repeat("a", MaxSortFieldLength): "text default ''", + strings.Repeat("b", MaxSortFieldLength+1): "text default ''", + }).Execute() + db.Insert("test", dbx.Params{"id": 1, "test1": 1, "test2": "test2.1"}).Execute() + db.Insert("test", dbx.Params{"id": 2, "test1": 2, "test2": "test2.2"}).Execute() + db.QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) { + db.CalledQueries = append(db.CalledQueries, sql) + } + + return &db, nil +} + +// --- + +type testFieldResolver struct { + UpdateQueryCalls int + ResolveCalls int +} + +func (t *testFieldResolver) UpdateQuery(query *dbx.SelectQuery) error { + t.UpdateQueryCalls++ + return nil +} + +func (t *testFieldResolver) Resolve(field string) (*ResolverResult, error) { + t.ResolveCalls++ + + if field == "unknown" { + return nil, errors.New("test error") + } + + return &ResolverResult{Identifier: field}, nil +} diff --git a/tools/search/simple_field_resolver.go b/tools/search/simple_field_resolver.go new file mode 100644 index 0000000..bfd96ad --- /dev/null +++ b/tools/search/simple_field_resolver.go @@ -0,0 +1,113 @@ +package search + +import ( + "fmt" + "strconv" + "strings" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/list" +) + +// ResolverResult defines a single FieldResolver.Resolve() successfully parsed result. +type ResolverResult struct { + // Identifier is the plain SQL identifier/column that will be used + // in the final db expression as left or right operand. + Identifier string + + // NoCoalesce instructs to not use COALESCE or NULL fallbacks + // when building the identifier expression. + NoCoalesce bool + + // Params is a map with db placeholder->value pairs that will be added + // to the query when building both resolved operands/sides in a single expression. + Params dbx.Params + + // MultiMatchSubQuery is an optional sub query expression that will be added + // in addition to the combined ResolverResult expression during build. + MultiMatchSubQuery dbx.Expression + + // AfterBuild is an optional function that will be called after building + // and combining the result of both resolved operands/sides in a single expression. + AfterBuild func(expr dbx.Expression) dbx.Expression +} + +// FieldResolver defines an interface for managing search fields. +type FieldResolver interface { + // UpdateQuery allows to updated the provided db query based on the + // resolved search fields (eg. adding joins aliases, etc.). + // + // Called internally by `search.Provider` before executing the search request. + UpdateQuery(query *dbx.SelectQuery) error + + // Resolve parses the provided field and returns a properly + // formatted db identifier (eg. NULL, quoted column, placeholder parameter, etc.). + Resolve(field string) (*ResolverResult, error) +} + +// NewSimpleFieldResolver creates a new `SimpleFieldResolver` with the +// provided `allowedFields`. +// +// Each `allowedFields` could be a plain string (eg. "name") +// or a regexp pattern (eg. `^\w+[\w\.]*$`). +func NewSimpleFieldResolver(allowedFields ...string) *SimpleFieldResolver { + return &SimpleFieldResolver{ + allowedFields: allowedFields, + } +} + +// SimpleFieldResolver defines a generic search resolver that allows +// only its listed fields to be resolved and take part in a search query. +// +// If `allowedFields` are empty no fields filtering is applied. +type SimpleFieldResolver struct { + allowedFields []string +} + +// UpdateQuery implements `search.UpdateQuery` interface. +func (r *SimpleFieldResolver) UpdateQuery(query *dbx.SelectQuery) error { + // nothing to update... + return nil +} + +// Resolve implements `search.Resolve` interface. +// +// Returns error if `field` is not in `r.allowedFields`. +func (r *SimpleFieldResolver) Resolve(field string) (*ResolverResult, error) { + if !list.ExistInSliceWithRegex(field, r.allowedFields) { + return nil, fmt.Errorf("failed to resolve field %q", field) + } + + parts := strings.Split(field, ".") + + // single regular field + if len(parts) == 1 { + return &ResolverResult{ + Identifier: "[[" + inflector.Columnify(parts[0]) + "]]", + }, nil + } + + // treat as json path + var jsonPath strings.Builder + jsonPath.WriteString("$") + for _, part := range parts[1:] { + if _, err := strconv.Atoi(part); err == nil { + jsonPath.WriteString("[") + jsonPath.WriteString(inflector.Columnify(part)) + jsonPath.WriteString("]") + } else { + jsonPath.WriteString(".") + jsonPath.WriteString(inflector.Columnify(part)) + } + } + + return &ResolverResult{ + NoCoalesce: true, + Identifier: fmt.Sprintf( + "JSON_EXTRACT([[%s]], '%s')", + inflector.Columnify(parts[0]), + jsonPath.String(), + ), + }, nil +} diff --git a/tools/search/simple_field_resolver_test.go b/tools/search/simple_field_resolver_test.go new file mode 100644 index 0000000..c5543e0 --- /dev/null +++ b/tools/search/simple_field_resolver_test.go @@ -0,0 +1,87 @@ +package search_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/search" +) + +func TestSimpleFieldResolverUpdateQuery(t *testing.T) { + r := search.NewSimpleFieldResolver("test") + + scenarios := []struct { + fieldName string + expectQuery string + }{ + // missing field (the query shouldn't change) + {"", `SELECT "id" FROM "test"`}, + // unknown field (the query shouldn't change) + {"unknown", `SELECT "id" FROM "test"`}, + // allowed field (the query shouldn't change) + {"test", `SELECT "id" FROM "test"`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.fieldName), func(t *testing.T) { + db := dbx.NewFromDB(nil, "") + query := db.Select("id").From("test") + + r.Resolve(s.fieldName) + + if err := r.UpdateQuery(nil); err != nil { + t.Fatalf("UpdateQuery failed with error %v", err) + } + + rawQuery := query.Build().SQL() + + if rawQuery != s.expectQuery { + t.Fatalf("Expected query %v, got \n%v", s.expectQuery, rawQuery) + } + }) + } +} + +func TestSimpleFieldResolverResolve(t *testing.T) { + r := search.NewSimpleFieldResolver("test", `^test_regex\d+$`, "Test columnify!", "data.test") + + scenarios := []struct { + fieldName string + expectError bool + expectName string + }{ + {"", true, ""}, + {" ", true, ""}, + {"unknown", true, ""}, + {"test", false, "[[test]]"}, + {"test.sub", true, ""}, + {"test_regex", true, ""}, + {"test_regex1", false, "[[test_regex1]]"}, + {"Test columnify!", false, "[[Testcolumnify]]"}, + {"data.test", false, "JSON_EXTRACT([[data]], '$.test')"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.fieldName), func(t *testing.T) { + r, err := r.Resolve(s.fieldName) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if r.Identifier != s.expectName { + t.Fatalf("Expected r.Identifier %q, got %q", s.expectName, r.Identifier) + } + + if len(r.Params) != 0 { + t.Fatalf("r.Params should be empty, got %v", r.Params) + } + }) + } +} diff --git a/tools/search/sort.go b/tools/search/sort.go new file mode 100644 index 0000000..bd600d1 --- /dev/null +++ b/tools/search/sort.go @@ -0,0 +1,67 @@ +package search + +import ( + "fmt" + "strings" +) + +const ( + randomSortKey string = "@random" + rowidSortKey string = "@rowid" +) + +// sort field directions +const ( + SortAsc string = "ASC" + SortDesc string = "DESC" +) + +// SortField defines a single search sort field. +type SortField struct { + Name string `json:"name"` + Direction string `json:"direction"` +} + +// BuildExpr resolves the sort field into a valid db sort expression. +func (s *SortField) BuildExpr(fieldResolver FieldResolver) (string, error) { + // special case for random sort + if s.Name == randomSortKey { + return "RANDOM()", nil + } + + // special case for the builtin SQLite rowid column + if s.Name == rowidSortKey { + return fmt.Sprintf("[[_rowid_]] %s", s.Direction), nil + } + + result, err := fieldResolver.Resolve(s.Name) + + // invalidate empty fields and non-column identifiers + if err != nil || len(result.Params) > 0 || result.Identifier == "" || strings.ToLower(result.Identifier) == "null" { + return "", fmt.Errorf("invalid sort field %q", s.Name) + } + + return fmt.Sprintf("%s %s", result.Identifier, s.Direction), nil +} + +// ParseSortFromString parses the provided string expression +// into a slice of SortFields. +// +// Example: +// +// fields := search.ParseSortFromString("-name,+created") +func ParseSortFromString(str string) (fields []SortField) { + data := strings.Split(str, ",") + + for _, field := range data { + // trim whitespaces + field = strings.TrimSpace(field) + if strings.HasPrefix(field, "-") { + fields = append(fields, SortField{strings.TrimPrefix(field, "-"), SortDesc}) + } else { + fields = append(fields, SortField{strings.TrimPrefix(field, "+"), SortAsc}) + } + } + + return +} diff --git a/tools/search/sort_test.go b/tools/search/sort_test.go new file mode 100644 index 0000000..1c23cc4 --- /dev/null +++ b/tools/search/sort_test.go @@ -0,0 +1,78 @@ +package search_test + +import ( + "encoding/json" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/search" +) + +func TestSortFieldBuildExpr(t *testing.T) { + resolver := search.NewSimpleFieldResolver("test1", "test2", "test3", "test4.sub") + + scenarios := []struct { + sortField search.SortField + expectError bool + expectExpression string + }{ + // empty + {search.SortField{"", search.SortDesc}, true, ""}, + // unknown field + {search.SortField{"unknown", search.SortAsc}, true, ""}, + // placeholder field + {search.SortField{"'test'", search.SortAsc}, true, ""}, + // null field + {search.SortField{"null", search.SortAsc}, true, ""}, + // allowed field - asc + {search.SortField{"test1", search.SortAsc}, false, "[[test1]] ASC"}, + // allowed field - desc + {search.SortField{"test1", search.SortDesc}, false, "[[test1]] DESC"}, + // special @random field (ignore direction) + {search.SortField{"@random", search.SortDesc}, false, "RANDOM()"}, + // special _rowid_ field + {search.SortField{"@rowid", search.SortDesc}, false, "[[_rowid_]] DESC"}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%s_%s", s.sortField.Name, s.sortField.Name), func(t *testing.T) { + result, err := s.sortField.BuildExpr(resolver) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if result != s.expectExpression { + t.Fatalf("Expected expression %v, got %v", s.expectExpression, result) + } + }) + } +} + +func TestParseSortFromString(t *testing.T) { + scenarios := []struct { + value string + expected string + }{ + {"", `[{"name":"","direction":"ASC"}]`}, + {"test", `[{"name":"test","direction":"ASC"}]`}, + {"+test", `[{"name":"test","direction":"ASC"}]`}, + {"-test", `[{"name":"test","direction":"DESC"}]`}, + {"test1,-test2,+test3", `[{"name":"test1","direction":"ASC"},{"name":"test2","direction":"DESC"},{"name":"test3","direction":"ASC"}]`}, + {"@random,-test", `[{"name":"@random","direction":"ASC"},{"name":"test","direction":"DESC"}]`}, + {"-@rowid,-test", `[{"name":"@rowid","direction":"DESC"},{"name":"test","direction":"DESC"}]`}, + } + + for _, s := range scenarios { + t.Run(s.value, func(t *testing.T) { + result := search.ParseSortFromString(s.value) + encoded, _ := json.Marshal(result) + encodedStr := string(encoded) + + if encodedStr != s.expected { + t.Fatalf("Expected expression %s, got %s", s.expected, encodedStr) + } + }) + } +} diff --git a/tools/search/token_functions.go b/tools/search/token_functions.go new file mode 100644 index 0000000..15f2471 --- /dev/null +++ b/tools/search/token_functions.go @@ -0,0 +1,56 @@ +package search + +import ( + "fmt" + + "github.com/ganigeorgiev/fexpr" +) + +var TokenFunctions = map[string]func( + argTokenResolverFunc func(fexpr.Token) (*ResolverResult, error), + args ...fexpr.Token, +) (*ResolverResult, error){ + // geoDistance(lonA, latA, lonB, latB) calculates the Haversine + // distance between 2 points in kilometres (https://www.movable-type.co.uk/scripts/latlong.html). + // + // The accepted arguments at the moment could be either a plain number or a column identifier (including NULL). + // If the column identifier cannot be resolved and converted to a numeric value, it resolves to NULL. + // + // Similar to the built-in SQLite functions, geoDistance doesn't apply + // a "match-all" constraints in case there are multiple relation fields arguments. + // Or in other words, if a collection has "orgs" multiple relation field pointing to "orgs" collection that has "office" as "geoPoint" field, + // then the filter: `geoDistance(orgs.office.lon, orgs.office.lat, 1, 2) < 200` + // will evaluate to true if for at-least-one of the "orgs.office" records the function result in a value satisfying the condition (aka. "result < 200"). + "geoDistance": func(argTokenResolverFunc func(fexpr.Token) (*ResolverResult, error), args ...fexpr.Token) (*ResolverResult, error) { + if len(args) != 4 { + return nil, fmt.Errorf("[geoDistance] expected 4 arguments, got %d", len(args)) + } + + resolvedArgs := make([]*ResolverResult, 4) + for i, arg := range args { + if arg.Type != fexpr.TokenIdentifier && arg.Type != fexpr.TokenNumber { + return nil, fmt.Errorf("[geoDistance] argument %d must be an identifier or number", i) + } + resolved, err := argTokenResolverFunc(arg) + if err != nil { + return nil, fmt.Errorf("[geoDistance] failed to resolve argument %d: %w", i, err) + } + resolvedArgs[i] = resolved + } + + lonA := resolvedArgs[0].Identifier + latA := resolvedArgs[1].Identifier + lonB := resolvedArgs[2].Identifier + latB := resolvedArgs[3].Identifier + + return &ResolverResult{ + NoCoalesce: true, + Identifier: `(6371 * acos(` + + `cos(radians(` + latA + `)) * cos(radians(` + latB + `)) * ` + + `cos(radians(` + lonB + `) - radians(` + lonA + `)) + ` + + `sin(radians(` + latA + `)) * sin(radians(` + latB + `))` + + `))`, + Params: mergeParams(resolvedArgs[0].Params, resolvedArgs[1].Params, resolvedArgs[2].Params, resolvedArgs[3].Params), + }, nil + }, +} diff --git a/tools/search/token_functions_test.go b/tools/search/token_functions_test.go new file mode 100644 index 0000000..bc92f12 --- /dev/null +++ b/tools/search/token_functions_test.go @@ -0,0 +1,277 @@ +package search + +import ( + "errors" + "fmt" + "strings" + "testing" + + "github.com/ganigeorgiev/fexpr" + "github.com/pocketbase/dbx" + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestTokenFunctionsGeoDistance(t *testing.T) { + t.Parallel() + + testDB, err := createTestDB() + if err != nil { + t.Fatal(err) + } + defer testDB.Close() + + fn, ok := TokenFunctions["geoDistance"] + if !ok { + t.Error("Expected geoDistance token function to be registered.") + } + + baseTokenResolver := func(t fexpr.Token) (*ResolverResult, error) { + placeholder := "t" + security.PseudorandomString(5) + return &ResolverResult{Identifier: "{:" + placeholder + "}", Params: map[string]any{placeholder: t.Literal}}, nil + } + + scenarios := []struct { + name string + args []fexpr.Token + resolver func(t fexpr.Token) (*ResolverResult, error) + result *ResolverResult + expectErr bool + }{ + { + "no args", + nil, + baseTokenResolver, + nil, + true, + }, + { + "< 4 args", + []fexpr.Token{ + {Literal: "1", Type: fexpr.TokenNumber}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "3", Type: fexpr.TokenNumber}, + }, + baseTokenResolver, + nil, + true, + }, + { + "> 4 args", + []fexpr.Token{ + {Literal: "1", Type: fexpr.TokenNumber}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "3", Type: fexpr.TokenNumber}, + {Literal: "4", Type: fexpr.TokenNumber}, + {Literal: "5", Type: fexpr.TokenNumber}, + }, + baseTokenResolver, + nil, + true, + }, + { + "unsupported function argument", + []fexpr.Token{ + {Literal: "1", Type: fexpr.TokenFunction}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "3", Type: fexpr.TokenNumber}, + {Literal: "4", Type: fexpr.TokenNumber}, + }, + baseTokenResolver, + nil, + true, + }, + { + "unsupported text argument", + []fexpr.Token{ + {Literal: "1", Type: fexpr.TokenText}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "3", Type: fexpr.TokenNumber}, + {Literal: "4", Type: fexpr.TokenNumber}, + }, + baseTokenResolver, + nil, + true, + }, + { + "4 valid arguments but with resolver error", + []fexpr.Token{ + {Literal: "1", Type: fexpr.TokenNumber}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "3", Type: fexpr.TokenNumber}, + {Literal: "4", Type: fexpr.TokenNumber}, + }, + func(t fexpr.Token) (*ResolverResult, error) { + return nil, errors.New("test") + }, + nil, + true, + }, + { + "4 valid arguments", + []fexpr.Token{ + {Literal: "1", Type: fexpr.TokenNumber}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "3", Type: fexpr.TokenNumber}, + {Literal: "4", Type: fexpr.TokenNumber}, + }, + baseTokenResolver, + &ResolverResult{ + NoCoalesce: true, + Identifier: `(6371 * acos(cos(radians({:latA})) * cos(radians({:latB})) * cos(radians({:lonB}) - radians({:lonA})) + sin(radians({:latA})) * sin(radians({:latB}))))`, + Params: map[string]any{ + "lonA": 1, + "latA": 2, + "lonB": 3, + "latB": 4, + }, + }, + false, + }, + { + "mixed arguments", + []fexpr.Token{ + {Literal: "null", Type: fexpr.TokenIdentifier}, + {Literal: "2", Type: fexpr.TokenNumber}, + {Literal: "false", Type: fexpr.TokenIdentifier}, + {Literal: "4", Type: fexpr.TokenNumber}, + }, + baseTokenResolver, + &ResolverResult{ + NoCoalesce: true, + Identifier: `(6371 * acos(cos(radians({:latA})) * cos(radians({:latB})) * cos(radians({:lonB}) - radians({:lonA})) + sin(radians({:latA})) * sin(radians({:latB}))))`, + Params: map[string]any{ + "lonA": "null", + "latA": 2, + "lonB": false, + "latB": 4, + }, + }, + false, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result, err := fn(s.resolver, s.args...) + + hasErr := err != nil + if hasErr != s.expectErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectErr, hasErr, err) + } + + testCompareResults(t, s.result, result) + }) + } +} + +func TestTokenFunctionsGeoDistanceExec(t *testing.T) { + t.Parallel() + + testDB, err := createTestDB() + if err != nil { + t.Fatal(err) + } + defer testDB.Close() + + fn, ok := TokenFunctions["geoDistance"] + if !ok { + t.Error("Expected geoDistance token function to be registered.") + } + + result, err := fn( + func(t fexpr.Token) (*ResolverResult, error) { + placeholder := "t" + security.PseudorandomString(5) + return &ResolverResult{Identifier: "{:" + placeholder + "}", Params: map[string]any{placeholder: t.Literal}}, nil + }, + fexpr.Token{Literal: "23.23033854945808", Type: fexpr.TokenNumber}, + fexpr.Token{Literal: "42.713146090563384", Type: fexpr.TokenNumber}, + fexpr.Token{Literal: "23.44920680886216", Type: fexpr.TokenNumber}, + fexpr.Token{Literal: "42.7078484153991", Type: fexpr.TokenNumber}, + ) + if err != nil { + t.Fatal(err) + } + + column := []float64{} + err = testDB.NewQuery("select " + result.Identifier).Bind(result.Params).Column(&column) + if err != nil { + t.Fatal(err) + } + + if len(column) != 1 { + t.Fatalf("Expected exactly 1 column value as result, got %v", column) + } + + expected := "17.89" + distance := fmt.Sprintf("%.2f", column[0]) + if distance != expected { + t.Fatalf("Expected distance value %s, got %s", expected, distance) + } +} + +// ------------------------------------------------------------------- + +func testCompareResults(t *testing.T, a, b *ResolverResult) { + testDB, err := createTestDB() + if err != nil { + t.Fatal(err) + } + defer testDB.Close() + + aIsNil := a == nil + bIsNil := b == nil + if aIsNil != bIsNil { + t.Fatalf("Expected aIsNil and bIsNil to be the same, got %v vs %v", aIsNil, bIsNil) + } + + if aIsNil && bIsNil { + return + } + + aHasAfterBuild := a.AfterBuild == nil + bHasAfterBuild := b.AfterBuild == nil + if aHasAfterBuild != bHasAfterBuild { + t.Fatalf("Expected aHasAfterBuild and bHasAfterBuild to be the same, got %v vs %v", aHasAfterBuild, bHasAfterBuild) + } + + var aAfterBuild string + if a.AfterBuild != nil { + aAfterBuild = a.AfterBuild(dbx.NewExp("test")).Build(testDB.DB, a.Params) + } + var bAfterBuild string + if b.AfterBuild != nil { + bAfterBuild = b.AfterBuild(dbx.NewExp("test")).Build(testDB.DB, a.Params) + } + if aAfterBuild != bAfterBuild { + t.Fatalf("Expected bAfterBuild and bAfterBuild to be the same, got\n%s\nvs\n%s", aAfterBuild, bAfterBuild) + } + + var aMultiMatchSubQuery string + if a.MultiMatchSubQuery != nil { + aMultiMatchSubQuery = a.MultiMatchSubQuery.Build(testDB.DB, a.Params) + } + var bMultiMatchSubQuery string + if b.MultiMatchSubQuery != nil { + bMultiMatchSubQuery = b.MultiMatchSubQuery.Build(testDB.DB, b.Params) + } + if aMultiMatchSubQuery != bMultiMatchSubQuery { + t.Fatalf("Expected bMultiMatchSubQuery and bMultiMatchSubQuery to be the same, got\n%s\nvs\n%s", aMultiMatchSubQuery, bMultiMatchSubQuery) + } + + if a.NoCoalesce != b.NoCoalesce { + t.Fatalf("Expected NoCoalesce to match, got %v vs %v", a.NoCoalesce, b.NoCoalesce) + } + + // loose placeholders replacement + var aResolved = a.Identifier + for k, v := range a.Params { + aResolved = strings.ReplaceAll(aResolved, "{:"+k+"}", fmt.Sprintf("%v", v)) + } + var bResolved = b.Identifier + for k, v := range b.Params { + bResolved = strings.ReplaceAll(bResolved, "{:"+k+"}", fmt.Sprintf("%v", v)) + } + if aResolved != bResolved { + t.Fatalf("Expected resolved identifiers to match, got\n%s\nvs\n%s", aResolved, bResolved) + } +} diff --git a/tools/security/crypto.go b/tools/security/crypto.go new file mode 100644 index 0000000..4577873 --- /dev/null +++ b/tools/security/crypto.go @@ -0,0 +1,62 @@ +package security + +import ( + "crypto/hmac" + "crypto/md5" + "crypto/sha256" + "crypto/sha512" + "crypto/subtle" + "encoding/base64" + "fmt" + "strings" +) + +// S256Challenge creates base64 encoded sha256 challenge string derived from code. +// The padding of the result base64 string is stripped per [RFC 7636]. +// +// [RFC 7636]: https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 +func S256Challenge(code string) string { + h := sha256.New() + h.Write([]byte(code)) + return strings.TrimRight(base64.URLEncoding.EncodeToString(h.Sum(nil)), "=") +} + +// MD5 creates md5 hash from the provided plain text. +func MD5(text string) string { + h := md5.New() + h.Write([]byte(text)) + return fmt.Sprintf("%x", h.Sum(nil)) +} + +// SHA256 creates sha256 hash as defined in FIPS 180-4 from the provided text. +func SHA256(text string) string { + h := sha256.New() + h.Write([]byte(text)) + return fmt.Sprintf("%x", h.Sum(nil)) +} + +// SHA512 creates sha512 hash as defined in FIPS 180-4 from the provided text. +func SHA512(text string) string { + h := sha512.New() + h.Write([]byte(text)) + return fmt.Sprintf("%x", h.Sum(nil)) +} + +// HS256 creates a HMAC hash with sha256 digest algorithm. +func HS256(text string, secret string) string { + h := hmac.New(sha256.New, []byte(secret)) + h.Write([]byte(text)) + return fmt.Sprintf("%x", h.Sum(nil)) +} + +// HS512 creates a HMAC hash with sha512 digest algorithm. +func HS512(text string, secret string) string { + h := hmac.New(sha512.New, []byte(secret)) + h.Write([]byte(text)) + return fmt.Sprintf("%x", h.Sum(nil)) +} + +// Equal compares two hash strings for equality without leaking timing information. +func Equal(hash1 string, hash2 string) bool { + return subtle.ConstantTimeCompare([]byte(hash1), []byte(hash2)) == 1 +} diff --git a/tools/security/crypto_test.go b/tools/security/crypto_test.go new file mode 100644 index 0000000..36134d4 --- /dev/null +++ b/tools/security/crypto_test.go @@ -0,0 +1,156 @@ +package security_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestS256Challenge(t *testing.T) { + scenarios := []struct { + code string + expected string + }{ + {"", "47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU"}, + {"123", "pmWkWSBCL51Bfkhn79xPuKBKHz__H6B-mY6G9_eieuM"}, + } + + for _, s := range scenarios { + t.Run(s.code, func(t *testing.T) { + result := security.S256Challenge(s.code) + + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestMD5(t *testing.T) { + scenarios := []struct { + code string + expected string + }{ + {"", "d41d8cd98f00b204e9800998ecf8427e"}, + {"123", "202cb962ac59075b964b07152d234b70"}, + } + + for _, s := range scenarios { + t.Run(s.code, func(t *testing.T) { + result := security.MD5(s.code) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestSHA256(t *testing.T) { + scenarios := []struct { + code string + expected string + }{ + {"", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"}, + {"123", "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"}, + } + + for _, s := range scenarios { + t.Run(s.code, func(t *testing.T) { + result := security.SHA256(s.code) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestSHA512(t *testing.T) { + scenarios := []struct { + code string + expected string + }{ + {"", "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"}, + {"123", "3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2"}, + } + + for _, s := range scenarios { + t.Run(s.code, func(t *testing.T) { + result := security.SHA512(s.code) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} + +func TestHS256(t *testing.T) { + scenarios := []struct { + text string + secret string + expected string + }{ + {" ", "test", "9fb4e4a12d50728683a222b4fc466a69ee977332cfcdd6b9ebb44c7121dbd99f"}, + {" ", "test2", "d792417a504716e22805d940125ec12e68e8cb18fc84674703bd96c59f1e1228"}, + {"hello", "test", "f151ea24bda91a18e89b8bb5793ef324b2a02133cce15a28a719acbd2e58a986"}, + {"hello", "test2", "16436e8dcbf3d7b5b0455573b27e6372699beb5bfe94e6a2a371b14b4ae068f4"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d-%s", i, s.text), func(t *testing.T) { + result := security.HS256(s.text, s.secret) + + if result != s.expected { + t.Fatalf("Expected \n%v, \ngot \n%v", s.expected, result) + } + }) + } +} + +func TestHS512(t *testing.T) { + scenarios := []struct { + text string + secret string + expected string + }{ + {" ", "test", "eb3bdb0352c95c38880c1f645fc7e1d1332644f938f50de0d73876e42d6f302e599bb526531ba79940e8b314369aaef3675322d8d851f9fc6ea9ed121286d196"}, + {" ", "test2", "8b69e84e9252af78ae8b1c4bed3c9f737f69a3df33064cfbefe76b36d19d1827285e543cdf066cdc8bd556cc0cd0e212d52e9c12a50cd16046181ff127f4cf7f"}, + {"hello", "test", "44f280e11103e295c26cd61dd1cdd8178b531b860466867c13b1c37a26b6389f8af110efbe0bb0717b9d9c87f6fe1c97b3b1690936578890e5669abf279fe7fd"}, + {"hello", "test2", "d7f10b1b66941b20817689b973ca9dfc971090e28cfb8becbddd6824569b323eca6a0cdf2c387aa41e15040007dca5a011dd4e4bb61cfd5011aa7354d866f6ef"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d-%q", i, s.text), func(t *testing.T) { + result := security.HS512(s.text, s.secret) + + if result != s.expected { + t.Fatalf("Expected \n%v, \ngot \n%v", s.expected, result) + } + }) + } +} + +func TestEqual(t *testing.T) { + scenarios := []struct { + hash1 string + hash2 string + expected bool + }{ + {"", "", true}, + {"abc", "abd", false}, + {"abc", "abc", true}, + } + + for _, s := range scenarios { + t.Run(fmt.Sprintf("%qVS%q", s.hash1, s.hash2), func(t *testing.T) { + result := security.Equal(s.hash1, s.hash2) + + if result != s.expected { + t.Fatalf("Expected %v, got %v", s.expected, result) + } + }) + } +} diff --git a/tools/security/encrypt.go b/tools/security/encrypt.go new file mode 100644 index 0000000..7e25e9e --- /dev/null +++ b/tools/security/encrypt.go @@ -0,0 +1,62 @@ +package security + +import ( + "crypto/aes" + "crypto/cipher" + crand "crypto/rand" + "encoding/base64" + "io" +) + +// Encrypt encrypts "data" with the specified "key" (must be valid 32 char AES key). +// +// This method uses AES-256-GCM block cypher mode. +func Encrypt(data []byte, key string) (string, error) { + block, err := aes.NewCipher([]byte(key)) + if err != nil { + return "", err + } + + gcm, err := cipher.NewGCM(block) + if err != nil { + return "", err + } + + nonce := make([]byte, gcm.NonceSize()) + + // populates the nonce with a cryptographically secure random sequence + if _, err := io.ReadFull(crand.Reader, nonce); err != nil { + return "", err + } + + cipherByte := gcm.Seal(nonce, nonce, data, nil) + + result := base64.StdEncoding.EncodeToString(cipherByte) + + return result, nil +} + +// Decrypt decrypts encrypted text with key (must be valid 32 chars AES key). +// +// This method uses AES-256-GCM block cypher mode. +func Decrypt(cipherText string, key string) ([]byte, error) { + block, err := aes.NewCipher([]byte(key)) + if err != nil { + return nil, err + } + + gcm, err := cipher.NewGCM(block) + if err != nil { + return nil, err + } + + nonceSize := gcm.NonceSize() + + cipherByte, err := base64.StdEncoding.DecodeString(cipherText) + if err != nil { + return nil, err + } + + nonce, cipherByteClean := cipherByte[:nonceSize], cipherByte[nonceSize:] + return gcm.Open(nil, nonce, cipherByteClean, nil) +} diff --git a/tools/security/encrypt_test.go b/tools/security/encrypt_test.go new file mode 100644 index 0000000..1931672 --- /dev/null +++ b/tools/security/encrypt_test.go @@ -0,0 +1,80 @@ +package security_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestEncrypt(t *testing.T) { + scenarios := []struct { + data string + key string + expectError bool + }{ + {"", "", true}, + {"123", "test", true}, // key must be valid 32 char aes string + {"123", "abcdabcdabcdabcdabcdabcdabcdabcd", false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.data), func(t *testing.T) { + result, err := security.Encrypt([]byte(s.data), s.key) + + hasErr := err != nil + + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + if result != "" { + t.Fatalf("Expected empty Encrypt result on error, got %q", result) + } + + return + } + + // try to decrypt + decrypted, err := security.Decrypt(result, s.key) + if err != nil || string(decrypted) != s.data { + t.Fatalf("Expected decrypted value to match with the data input, got %q (%v)", decrypted, err) + } + }) + } +} + +func TestDecrypt(t *testing.T) { + scenarios := []struct { + cipher string + key string + expectError bool + expectedData string + }{ + {"", "", true, ""}, + {"123", "test", true, ""}, // key must be valid 32 char aes string + {"8kcEqilvvYKYcfnSr0aSC54gmnQCsB02SaB8ATlnA==", "abcdabcdabcdabcdabcdabcdabcdabcd", true, ""}, // illegal base64 encoded cipherText + {"8kcEqilvv+YKYcfnSr0aSC54gmnQCsB02SaB8ATlnA==", "abcdabcdabcdabcdabcdabcdabcdabcd", false, "123"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.key), func(t *testing.T) { + result, err := security.Decrypt(s.cipher, s.key) + + hasErr := err != nil + + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + if str := string(result); str != s.expectedData { + t.Fatalf("Expected %q, got %q", s.expectedData, str) + } + }) + } +} diff --git a/tools/security/jwt.go b/tools/security/jwt.go new file mode 100644 index 0000000..9169468 --- /dev/null +++ b/tools/security/jwt.go @@ -0,0 +1,56 @@ +package security + +import ( + "errors" + "time" + + "github.com/golang-jwt/jwt/v5" +) + +// ParseUnverifiedJWT parses JWT and returns its claims +// but DOES NOT verify the signature. +// +// It verifies only the exp, iat and nbf claims. +func ParseUnverifiedJWT(token string) (jwt.MapClaims, error) { + claims := jwt.MapClaims{} + + parser := &jwt.Parser{} + _, _, err := parser.ParseUnverified(token, claims) + + if err == nil { + err = jwt.NewValidator(jwt.WithIssuedAt()).Validate(claims) + } + + return claims, err +} + +// ParseJWT verifies and parses JWT and returns its claims. +func ParseJWT(token string, verificationKey string) (jwt.MapClaims, error) { + parser := jwt.NewParser(jwt.WithValidMethods([]string{"HS256"})) + + parsedToken, err := parser.Parse(token, func(t *jwt.Token) (any, error) { + return []byte(verificationKey), nil + }) + if err != nil { + return nil, err + } + + if claims, ok := parsedToken.Claims.(jwt.MapClaims); ok && parsedToken.Valid { + return claims, nil + } + + return nil, errors.New("unable to parse token") +} + +// NewJWT generates and returns new HS256 signed JWT. +func NewJWT(payload jwt.MapClaims, signingKey string, duration time.Duration) (string, error) { + claims := jwt.MapClaims{ + "exp": time.Now().Add(duration).Unix(), + } + + for k, v := range payload { + claims[k] = v + } + + return jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte(signingKey)) +} diff --git a/tools/security/jwt_test.go b/tools/security/jwt_test.go new file mode 100644 index 0000000..c2b44fa --- /dev/null +++ b/tools/security/jwt_test.go @@ -0,0 +1,196 @@ +package security_test + +import ( + "fmt" + "strconv" + "testing" + "time" + + "github.com/golang-jwt/jwt/v5" + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestParseUnverifiedJWT(t *testing.T) { + // invalid formatted JWT + result1, err1 := security.ParseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCJ9") + if err1 == nil { + t.Error("Expected error got nil") + } + if len(result1) > 0 { + t.Error("Expected no parsed claims, got", result1) + } + + // properly formatted JWT with INVALID claims + // {"name": "test", "exp":1516239022} + result2, err2 := security.ParseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6MTUxNjIzOTAyMn0.xYHirwESfSEW3Cq2BL47CEASvD_p_ps3QCA54XtNktU") + if err2 == nil { + t.Error("Expected error got nil") + } + if len(result2) != 2 || result2["name"] != "test" { + t.Errorf("Expected to have 2 claims, got %v", result2) + } + + // properly formatted JWT with VALID claims (missing exp) + // {"name": "test"} + result3, err3 := security.ParseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCJ9.ml0QsTms3K9wMygTu41ZhKlTyjmW9zHQtoS8FUsCCjU") + if err3 != nil { + t.Error("Expected nil, got", err3) + } + if len(result3) != 1 || result3["name"] != "test" { + t.Errorf("Expected to have 1 claim, got %v", result3) + } + + // properly formatted JWT with VALID claims (valid exp) + // {"name": "test", "exp": 2208985261} + result4, err4 := security.ParseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6MjIwODk4NTI2MX0._0KQu60hYNx5wkBIpEaoX35shXRicb0X_0VdWKWb-3k") + if err4 != nil { + t.Error("Expected nil, got", err4) + } + if len(result4) != 2 || result4["name"] != "test" { + t.Errorf("Expected to have 2 claims, got %v", result4) + } +} + +func TestParseJWT(t *testing.T) { + scenarios := []struct { + token string + secret string + expectError bool + expectClaims jwt.MapClaims + }{ + // invalid formatted JWT + { + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCJ9", + "test", + true, + nil, + }, + // properly formatted JWT with INVALID claims and INVALID secret + // {"name": "test", "exp": 1516239022} + { + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6MTUxNjIzOTAyMn0.xYHirwESfSEW3Cq2BL47CEASvD_p_ps3QCA54XtNktU", + "invalid", + true, + nil, + }, + // properly formatted JWT with INVALID claims and VALID secret + // {"name": "test", "exp": 1516239022} + { + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6MTUxNjIzOTAyMn0.xYHirwESfSEW3Cq2BL47CEASvD_p_ps3QCA54XtNktU", + "test", + true, + nil, + }, + // properly formatted JWT with VALID claims and INVALID secret + // {"name": "test", "exp": 1898636137} + { + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6MTg5ODYzNjEzN30.gqRkHjpK5s1PxxBn9qPaWEWxTbpc1PPSD-an83TsXRY", + "invalid", + true, + nil, + }, + // properly formatted EXPIRED JWT with VALID secret + // {"name": "test", "exp": 1652097610} + { + "eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6OTU3ODczMzc0fQ.0oUUKUnsQHs4nZO1pnxQHahKtcHspHu4_AplN2sGC4A", + "test", + true, + nil, + }, + // properly formatted JWT with VALID claims and VALID secret + // {"name": "test", "exp": 1898636137} + { + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCIsImV4cCI6MTg5ODYzNjEzN30.gqRkHjpK5s1PxxBn9qPaWEWxTbpc1PPSD-an83TsXRY", + "test", + false, + jwt.MapClaims{"name": "test", "exp": 1898636137.0}, + }, + // properly formatted JWT with VALID claims (without exp) and VALID secret + // {"name": "test"} + { + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdCJ9.ml0QsTms3K9wMygTu41ZhKlTyjmW9zHQtoS8FUsCCjU", + "test", + false, + jwt.MapClaims{"name": "test"}, + }, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.token), func(t *testing.T) { + result, err := security.ParseJWT(s.token, s.secret) + + hasErr := err != nil + + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if len(result) != len(s.expectClaims) { + t.Fatalf("Expected %v claims got %v", s.expectClaims, result) + } + + for k, v := range s.expectClaims { + v2, ok := result[k] + if !ok { + t.Fatalf("Missing expected claim %q", k) + } + if v != v2 { + t.Fatalf("Expected %v for %q claim, got %v", v, k, v2) + } + } + }) + } +} + +func TestNewJWT(t *testing.T) { + scenarios := []struct { + claims jwt.MapClaims + key string + duration time.Duration + expectError bool + }{ + // empty, zero duration + {jwt.MapClaims{}, "", 0, true}, + // empty, 10 seconds duration + {jwt.MapClaims{}, "", 10 * time.Second, false}, + // non-empty, 10 seconds duration + {jwt.MapClaims{"name": "test"}, "test", 10 * time.Second, false}, + } + + for i, scenario := range scenarios { + t.Run(strconv.Itoa(i), func(t *testing.T) { + token, tokenErr := security.NewJWT(scenario.claims, scenario.key, scenario.duration) + if tokenErr != nil { + t.Fatalf("Expected NewJWT to succeed, got error %v", tokenErr) + } + + claims, parseErr := security.ParseJWT(token, scenario.key) + + hasParseErr := parseErr != nil + if hasParseErr != scenario.expectError { + t.Fatalf("Expected hasParseErr to be %v, got %v (%v)", scenario.expectError, hasParseErr, parseErr) + } + + if scenario.expectError { + return + } + + if _, ok := claims["exp"]; !ok { + t.Fatalf("Missing required claim exp, got %v", claims) + } + + // clear exp claim to match with the scenario ones + delete(claims, "exp") + + if len(claims) != len(scenario.claims) { + t.Fatalf("Expected %v claims, got %v", scenario.claims, claims) + } + + for j, k := range claims { + if claims[j] != scenario.claims[j] { + t.Fatalf("Expected %v for %q claim, got %v", claims[j], k, scenario.claims[j]) + } + } + }) + } +} diff --git a/tools/security/random.go b/tools/security/random.go new file mode 100644 index 0000000..cc00a2d --- /dev/null +++ b/tools/security/random.go @@ -0,0 +1,59 @@ +package security + +import ( + cryptoRand "crypto/rand" + "math/big" + mathRand "math/rand" // @todo replace with rand/v2? +) + +const defaultRandomAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" + +// RandomString generates a cryptographically random string with the specified length. +// +// The generated string matches [A-Za-z0-9]+ and it's transparent to URL-encoding. +func RandomString(length int) string { + return RandomStringWithAlphabet(length, defaultRandomAlphabet) +} + +// RandomStringWithAlphabet generates a cryptographically random string +// with the specified length and characters set. +// +// It panics if for some reason rand.Int returns a non-nil error. +func RandomStringWithAlphabet(length int, alphabet string) string { + b := make([]byte, length) + max := big.NewInt(int64(len(alphabet))) + + for i := range b { + n, err := cryptoRand.Int(cryptoRand.Reader, max) + if err != nil { + panic(err) + } + b[i] = alphabet[n.Int64()] + } + + return string(b) +} + +// PseudorandomString generates a pseudorandom string with the specified length. +// +// The generated string matches [A-Za-z0-9]+ and it's transparent to URL-encoding. +// +// For a cryptographically random string (but a little bit slower) use RandomString instead. +func PseudorandomString(length int) string { + return PseudorandomStringWithAlphabet(length, defaultRandomAlphabet) +} + +// PseudorandomStringWithAlphabet generates a pseudorandom string +// with the specified length and characters set. +// +// For a cryptographically random (but a little bit slower) use RandomStringWithAlphabet instead. +func PseudorandomStringWithAlphabet(length int, alphabet string) string { + b := make([]byte, length) + max := len(alphabet) + + for i := range b { + b[i] = alphabet[mathRand.Intn(max)] + } + + return string(b) +} diff --git a/tools/security/random_by_regex.go b/tools/security/random_by_regex.go new file mode 100644 index 0000000..41cdaff --- /dev/null +++ b/tools/security/random_by_regex.go @@ -0,0 +1,152 @@ +package security + +import ( + cryptoRand "crypto/rand" + "fmt" + "math/big" + "regexp/syntax" + "strings" +) + +const defaultMaxRepeat = 6 + +var anyCharNotNLPairs = []rune{'A', 'Z', 'a', 'z', '0', '9'} + +// RandomStringByRegex generates a random string matching the regex pattern. +// If optFlags is not set, fallbacks to [syntax.Perl]. +// +// NB! While the source of the randomness comes from [crypto/rand] this method +// is not recommended to be used on its own in critical secure contexts because +// the generated length could vary too much on the used pattern and may not be +// as secure as simply calling [security.RandomString]. +// If you still insist on using it for such purposes, consider at least +// a large enough minimum length for the generated string, e.g. `[a-z0-9]{30}`. +// +// This function is inspired by github.com/pipe01/revregexp, github.com/lucasjones/reggen and other similar packages. +func RandomStringByRegex(pattern string, optFlags ...syntax.Flags) (string, error) { + var flags syntax.Flags + if len(optFlags) == 0 { + flags = syntax.Perl + } else { + for _, f := range optFlags { + flags |= f + } + } + + r, err := syntax.Parse(pattern, flags) + if err != nil { + return "", err + } + + var sb = new(strings.Builder) + + err = writeRandomStringByRegex(r, sb) + if err != nil { + return "", err + } + + return sb.String(), nil +} + +func writeRandomStringByRegex(r *syntax.Regexp, sb *strings.Builder) error { + // https://pkg.go.dev/regexp/syntax#Op + switch r.Op { + case syntax.OpCharClass: + c, err := randomRuneFromPairs(r.Rune) + if err != nil { + return err + } + _, err = sb.WriteRune(c) + return err + case syntax.OpAnyChar, syntax.OpAnyCharNotNL: + c, err := randomRuneFromPairs(anyCharNotNLPairs) + if err != nil { + return err + } + _, err = sb.WriteRune(c) + return err + case syntax.OpAlternate: + idx, err := randomNumber(len(r.Sub)) + if err != nil { + return err + } + return writeRandomStringByRegex(r.Sub[idx], sb) + case syntax.OpConcat: + var err error + for _, sub := range r.Sub { + err = writeRandomStringByRegex(sub, sb) + if err != nil { + break + } + } + return err + case syntax.OpRepeat: + return repeatRandomStringByRegex(r.Sub[0], sb, r.Min, r.Max) + case syntax.OpQuest: + return repeatRandomStringByRegex(r.Sub[0], sb, 0, 1) + case syntax.OpPlus: + return repeatRandomStringByRegex(r.Sub[0], sb, 1, -1) + case syntax.OpStar: + return repeatRandomStringByRegex(r.Sub[0], sb, 0, -1) + case syntax.OpCapture: + return writeRandomStringByRegex(r.Sub[0], sb) + case syntax.OpLiteral: + _, err := sb.WriteString(string(r.Rune)) + return err + default: + return fmt.Errorf("unsupported pattern operator %d", r.Op) + } +} + +func repeatRandomStringByRegex(r *syntax.Regexp, sb *strings.Builder, min int, max int) error { + if max < 0 { + max = defaultMaxRepeat + } + + if max < min { + max = min + } + + n := min + if max != min { + randRange, err := randomNumber(max - min) + if err != nil { + return err + } + n += randRange + } + + var err error + for i := 0; i < n; i++ { + err = writeRandomStringByRegex(r, sb) + if err != nil { + return err + } + } + + return nil +} + +func randomRuneFromPairs(pairs []rune) (rune, error) { + idx, err := randomNumber(len(pairs) / 2) + if err != nil { + return 0, err + } + + return randomRuneFromRange(pairs[idx*2], pairs[idx*2+1]) +} + +func randomRuneFromRange(min rune, max rune) (rune, error) { + offset, err := randomNumber(int(max - min + 1)) + if err != nil { + return min, err + } + + return min + rune(offset), nil +} + +func randomNumber(maxSoft int) (int, error) { + randRange, err := cryptoRand.Int(cryptoRand.Reader, big.NewInt(int64(maxSoft))) + + return int(randRange.Int64()), err +} diff --git a/tools/security/random_by_regex_test.go b/tools/security/random_by_regex_test.go new file mode 100644 index 0000000..cac7ae1 --- /dev/null +++ b/tools/security/random_by_regex_test.go @@ -0,0 +1,66 @@ +package security_test + +import ( + "fmt" + "regexp" + "regexp/syntax" + "slices" + "testing" + + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestRandomStringByRegex(t *testing.T) { + generated := []string{} + + scenarios := []struct { + pattern string + flags []syntax.Flags + expectError bool + }{ + {``, nil, true}, + {`test`, nil, false}, + {`\d+`, []syntax.Flags{syntax.POSIX}, true}, + {`\d+`, nil, false}, + {`\d*`, nil, false}, + {`\d{1,10}`, nil, false}, + {`\d{3}`, nil, false}, + {`\d{0,}-abc`, nil, false}, + {`[a-zA-Z]*`, nil, false}, + {`[^a-zA-Z]{5,30}`, nil, false}, + {`\w+_abc`, nil, false}, + {`[a-zA-Z_]*`, nil, false}, + {`[2-9]{5}-\w+`, nil, false}, + {`(a|b|c)`, nil, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%q", i, s.pattern), func(t *testing.T) { + str, err := security.RandomStringByRegex(s.pattern, s.flags...) + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if hasErr { + return + } + + r, err := regexp.Compile(s.pattern) + if err != nil { + t.Fatal(err) + } + + if !r.Match([]byte(str)) { + t.Fatalf("Expected %q to match pattern %v", str, s.pattern) + } + + if slices.Contains(generated, str) { + t.Fatalf("The generated string %q already exists in\n%v", str, generated) + } + + generated = append(generated, str) + }) + } +} diff --git a/tools/security/random_test.go b/tools/security/random_test.go new file mode 100644 index 0000000..5560f9d --- /dev/null +++ b/tools/security/random_test.go @@ -0,0 +1,89 @@ +package security_test + +import ( + "regexp" + "testing" + + "github.com/pocketbase/pocketbase/tools/security" +) + +func TestRandomString(t *testing.T) { + testRandomString(t, security.RandomString) +} + +func TestRandomStringWithAlphabet(t *testing.T) { + testRandomStringWithAlphabet(t, security.RandomStringWithAlphabet) +} + +func TestPseudorandomString(t *testing.T) { + testRandomString(t, security.PseudorandomString) +} + +func TestPseudorandomStringWithAlphabet(t *testing.T) { + testRandomStringWithAlphabet(t, security.PseudorandomStringWithAlphabet) +} + +// ------------------------------------------------------------------- + +func testRandomStringWithAlphabet(t *testing.T, randomFunc func(n int, alphabet string) string) { + scenarios := []struct { + alphabet string + expectPattern string + }{ + {"0123456789_", `[0-9_]+`}, + {"abcdef123", `[abcdef123]+`}, + {"!@#$%^&*()", `[\!\@\#\$\%\^\&\*\(\)]+`}, + } + + for i, s := range scenarios { + generated := make([]string, 0, 1000) + length := 10 + + for j := 0; j < 1000; j++ { + result := randomFunc(length, s.alphabet) + + if len(result) != length { + t.Fatalf("(%d:%d) Expected the length of the string to be %d, got %d", i, j, length, len(result)) + } + + reg := regexp.MustCompile(s.expectPattern) + if match := reg.MatchString(result); !match { + t.Fatalf("(%d:%d) The generated string should have only %s characters, got %q", i, j, s.expectPattern, result) + } + + for _, str := range generated { + if str == result { + t.Fatalf("(%d:%d) Repeating random string - found %q in %q", i, j, result, generated) + } + } + + generated = append(generated, result) + } + } +} + +func testRandomString(t *testing.T, randomFunc func(n int) string) { + generated := make([]string, 0, 1000) + reg := regexp.MustCompile(`[a-zA-Z0-9]+`) + length := 10 + + for i := 0; i < 1000; i++ { + result := randomFunc(length) + + if len(result) != length { + t.Fatalf("(%d) Expected the length of the string to be %d, got %d", i, length, len(result)) + } + + if match := reg.MatchString(result); !match { + t.Fatalf("(%d) The generated string should have only [a-zA-Z0-9]+ characters, got %q", i, result) + } + + for _, str := range generated { + if str == result { + t.Fatalf("(%d) Repeating random string - found %q in \n%v", i, result, generated) + } + } + + generated = append(generated, result) + } +} diff --git a/tools/store/store.go b/tools/store/store.go new file mode 100644 index 0000000..0c39571 --- /dev/null +++ b/tools/store/store.go @@ -0,0 +1,250 @@ +package store + +import ( + "encoding/json" + "sync" +) + +// @todo remove after https://github.com/golang/go/issues/20135 +const ShrinkThreshold = 200 // the number is arbitrary chosen + +// Store defines a concurrent safe in memory key-value data store. +type Store[K comparable, T any] struct { + data map[K]T + mu sync.RWMutex + deleted int64 +} + +// New creates a new Store[T] instance with a shallow copy of the provided data (if any). +func New[K comparable, T any](data map[K]T) *Store[K, T] { + s := &Store[K, T]{} + + s.Reset(data) + + return s +} + +// Reset clears the store and replaces the store data with a +// shallow copy of the provided newData. +func (s *Store[K, T]) Reset(newData map[K]T) { + s.mu.Lock() + defer s.mu.Unlock() + + if len(newData) > 0 { + s.data = make(map[K]T, len(newData)) + for k, v := range newData { + s.data[k] = v + } + } else { + s.data = make(map[K]T) + } + + s.deleted = 0 +} + +// Length returns the current number of elements in the store. +func (s *Store[K, T]) Length() int { + s.mu.RLock() + defer s.mu.RUnlock() + + return len(s.data) +} + +// RemoveAll removes all the existing store entries. +func (s *Store[K, T]) RemoveAll() { + s.Reset(nil) +} + +// Remove removes a single entry from the store. +// +// Remove does nothing if key doesn't exist in the store. +func (s *Store[K, T]) Remove(key K) { + s.mu.Lock() + defer s.mu.Unlock() + + delete(s.data, key) + s.deleted++ + + // reassign to a new map so that the old one can be gc-ed because it doesn't shrink + // + // @todo remove after https://github.com/golang/go/issues/20135 + if s.deleted >= ShrinkThreshold { + newData := make(map[K]T, len(s.data)) + for k, v := range s.data { + newData[k] = v + } + s.data = newData + s.deleted = 0 + } +} + +// Has checks if element with the specified key exist or not. +func (s *Store[K, T]) Has(key K) bool { + s.mu.RLock() + defer s.mu.RUnlock() + + _, ok := s.data[key] + + return ok +} + +// Get returns a single element value from the store. +// +// If key is not set, the zero T value is returned. +func (s *Store[K, T]) Get(key K) T { + s.mu.RLock() + defer s.mu.RUnlock() + + return s.data[key] +} + +// GetOk is similar to Get but returns also a boolean indicating whether the key exists or not. +func (s *Store[K, T]) GetOk(key K) (T, bool) { + s.mu.RLock() + defer s.mu.RUnlock() + + v, ok := s.data[key] + + return v, ok +} + +// GetAll returns a shallow copy of the current store data. +func (s *Store[K, T]) GetAll() map[K]T { + s.mu.RLock() + defer s.mu.RUnlock() + + var clone = make(map[K]T, len(s.data)) + + for k, v := range s.data { + clone[k] = v + } + + return clone +} + +// Values returns a slice with all of the current store values. +func (s *Store[K, T]) Values() []T { + s.mu.RLock() + defer s.mu.RUnlock() + + var values = make([]T, 0, len(s.data)) + + for _, v := range s.data { + values = append(values, v) + } + + return values +} + +// Set sets (or overwrite if already exists) a new value for key. +func (s *Store[K, T]) Set(key K, value T) { + s.mu.Lock() + defer s.mu.Unlock() + + if s.data == nil { + s.data = make(map[K]T) + } + + s.data[key] = value +} + +// SetFunc sets (or overwrite if already exists) a new value resolved +// from the function callback for the provided key. +// +// The function callback receives as argument the old store element value (if exists). +// If there is no old store element, the argument will be the T zero value. +// +// Example: +// +// s := store.New[string, int](nil) +// s.SetFunc("count", func(old int) int { +// return old + 1 +// }) +func (s *Store[K, T]) SetFunc(key K, fn func(old T) T) { + s.mu.Lock() + defer s.mu.Unlock() + + if s.data == nil { + s.data = make(map[K]T) + } + + s.data[key] = fn(s.data[key]) +} + +// GetOrSet retrieves a single existing value for the provided key +// or stores a new one if it doesn't exist. +func (s *Store[K, T]) GetOrSet(key K, setFunc func() T) T { + // lock only reads to minimize locks contention + s.mu.RLock() + v, ok := s.data[key] + s.mu.RUnlock() + + if !ok { + s.mu.Lock() + v = setFunc() + if s.data == nil { + s.data = make(map[K]T) + } + s.data[key] = v + s.mu.Unlock() + } + + return v +} + +// SetIfLessThanLimit sets (or overwrite if already exist) a new value for key. +// +// This method is similar to Set() but **it will skip adding new elements** +// to the store if the store length has reached the specified limit. +// false is returned if maxAllowedElements limit is reached. +func (s *Store[K, T]) SetIfLessThanLimit(key K, value T, maxAllowedElements int) bool { + s.mu.Lock() + defer s.mu.Unlock() + + if s.data == nil { + s.data = make(map[K]T) + } + + // check for existing item + _, ok := s.data[key] + + if !ok && len(s.data) >= maxAllowedElements { + // cannot add more items + return false + } + + // add/overwrite item + s.data[key] = value + + return true +} + +// UnmarshalJSON implements [json.Unmarshaler] and imports the +// provided JSON data into the store. +// +// The store entries that match with the ones from the data will be overwritten with the new value. +func (s *Store[K, T]) UnmarshalJSON(data []byte) error { + raw := map[K]T{} + if err := json.Unmarshal(data, &raw); err != nil { + return err + } + + s.mu.Lock() + defer s.mu.Unlock() + + if s.data == nil { + s.data = make(map[K]T) + } + + for k, v := range raw { + s.data[k] = v + } + + return nil +} + +// MarshalJSON implements [json.Marshaler] and export the current +// store data into valid JSON. +func (s *Store[K, T]) MarshalJSON() ([]byte, error) { + return json.Marshal(s.GetAll()) +} diff --git a/tools/store/store_test.go b/tools/store/store_test.go new file mode 100644 index 0000000..24f2874 --- /dev/null +++ b/tools/store/store_test.go @@ -0,0 +1,416 @@ +package store_test + +import ( + "bytes" + "encoding/json" + "slices" + "strconv" + "testing" + + "github.com/pocketbase/pocketbase/tools/store" +) + +func TestNew(t *testing.T) { + data := map[string]int{"test1": 1, "test2": 2} + originalRawData, err := json.Marshal(data) + if err != nil { + t.Fatal(err) + } + + s := store.New(data) + s.Set("test3", 3) // add 1 item + s.Remove("test1") // remove 1 item + + // check if data was shallow copied + rawData, _ := json.Marshal(data) + if !bytes.Equal(originalRawData, rawData) { + t.Fatalf("Expected data \n%s, \ngot \n%s", originalRawData, rawData) + } + + if s.Has("test1") { + t.Fatalf("Expected test1 to be deleted, got %v", s.Get("test1")) + } + + if v := s.Get("test2"); v != 2 { + t.Fatalf("Expected test2 to be %v, got %v", 2, v) + } + + if v := s.Get("test3"); v != 3 { + t.Fatalf("Expected test3 to be %v, got %v", 3, v) + } +} + +func TestReset(t *testing.T) { + s := store.New(map[string]int{"test1": 1}) + + data := map[string]int{"test2": 2} + originalRawData, err := json.Marshal(data) + if err != nil { + t.Fatal(err) + } + + s.Reset(data) + s.Set("test3", 3) + + // check if data was shallow copied + rawData, _ := json.Marshal(data) + if !bytes.Equal(originalRawData, rawData) { + t.Fatalf("Expected data \n%s, \ngot \n%s", originalRawData, rawData) + } + + if s.Has("test1") { + t.Fatalf("Expected test1 to be deleted, got %v", s.Get("test1")) + } + + if v := s.Get("test2"); v != 2 { + t.Fatalf("Expected test2 to be %v, got %v", 2, v) + } + + if v := s.Get("test3"); v != 3 { + t.Fatalf("Expected test3 to be %v, got %v", 3, v) + } +} + +func TestLength(t *testing.T) { + s := store.New(map[string]int{"test1": 1}) + s.Set("test2", 2) + + if v := s.Length(); v != 2 { + t.Fatalf("Expected length %d, got %d", 2, v) + } +} + +func TestRemoveAll(t *testing.T) { + s := store.New(map[string]bool{"test1": true, "test2": true}) + + keys := []string{"test1", "test2"} + + s.RemoveAll() + + for i, key := range keys { + if s.Has(key) { + t.Errorf("(%d) Expected %q to be removed", i, key) + } + } +} + +func TestRemove(t *testing.T) { + s := store.New(map[string]bool{"test": true}) + + keys := []string{"test", "missing"} + + for i, key := range keys { + s.Remove(key) + if s.Has(key) { + t.Errorf("(%d) Expected %q to be removed", i, key) + } + } +} + +func TestHas(t *testing.T) { + s := store.New(map[string]int{"test1": 0, "test2": 1}) + + scenarios := []struct { + key string + exist bool + }{ + {"test1", true}, + {"test2", true}, + {"missing", false}, + } + + for i, scenario := range scenarios { + exist := s.Has(scenario.key) + if exist != scenario.exist { + t.Errorf("(%d) Expected %v, got %v", i, scenario.exist, exist) + } + } +} + +func TestGet(t *testing.T) { + s := store.New(map[string]int{"test1": 0, "test2": 1}) + + scenarios := []struct { + key string + expect int + }{ + {"test1", 0}, + {"test2", 1}, + {"missing", 0}, // should auto fallback to the zero value + } + + for _, scenario := range scenarios { + t.Run(scenario.key, func(t *testing.T) { + val := s.Get(scenario.key) + if val != scenario.expect { + t.Fatalf("Expected %v, got %v", scenario.expect, val) + } + }) + } +} + +func TestGetOk(t *testing.T) { + s := store.New(map[string]int{"test1": 0, "test2": 1}) + + scenarios := []struct { + key string + expectValue int + expectOk bool + }{ + {"test1", 0, true}, + {"test2", 1, true}, + {"missing", 0, false}, // should auto fallback to the zero value + } + + for _, scenario := range scenarios { + t.Run(scenario.key, func(t *testing.T) { + val, ok := s.GetOk(scenario.key) + + if ok != scenario.expectOk { + t.Fatalf("Expected ok %v, got %v", scenario.expectOk, ok) + } + + if val != scenario.expectValue { + t.Fatalf("Expected %v, got %v", scenario.expectValue, val) + } + }) + } +} + +func TestGetAll(t *testing.T) { + data := map[string]int{ + "a": 1, + "b": 2, + } + + s := store.New(data) + + // fetch and delete each key to make sure that it was shallow copied + result := s.GetAll() + for k := range result { + delete(result, k) + } + + // refetch again + result = s.GetAll() + + if len(result) != len(data) { + t.Fatalf("Expected %d, got %d items", len(data), len(result)) + } + + for k := range result { + if result[k] != data[k] { + t.Fatalf("Expected %s to be %v, got %v", k, data[k], result[k]) + } + } +} + +func TestValues(t *testing.T) { + data := map[string]int{ + "a": 1, + "b": 2, + } + + values := store.New(data).Values() + + expected := []int{1, 2} + + if len(values) != len(expected) { + t.Fatalf("Expected %d values, got %d", len(expected), len(values)) + } + + for _, v := range expected { + if !slices.Contains(values, v) { + t.Fatalf("Missing value %v in\n%v", v, values) + } + } +} + +func TestSet(t *testing.T) { + s := store.Store[string, int]{} + + data := map[string]int{"test1": 0, "test2": 1, "test3": 3} + + // set values + for k, v := range data { + s.Set(k, v) + } + + // verify that the values are set + for k, v := range data { + if !s.Has(k) { + t.Errorf("Expected key %q", k) + } + + val := s.Get(k) + if val != v { + t.Errorf("Expected %v, got %v for key %q", v, val, k) + } + } +} + +func TestSetFunc(t *testing.T) { + s := store.Store[string, int]{} + + // non existing value + s.SetFunc("test", func(old int) int { + if old != 0 { + t.Fatalf("Expected old value %d, got %d", 0, old) + } + return old + 2 + }) + if v := s.Get("test"); v != 2 { + t.Fatalf("Expected the stored value to be %d, got %d", 2, v) + } + + // increment existing value + s.SetFunc("test", func(old int) int { + if old != 2 { + t.Fatalf("Expected old value %d, got %d", 2, old) + } + return old + 1 + }) + if v := s.Get("test"); v != 3 { + t.Fatalf("Expected the stored value to be %d, got %d", 3, v) + } +} + +func TestGetOrSet(t *testing.T) { + s := store.New(map[string]int{ + "test1": 0, + "test2": 1, + "test3": 3, + }) + + scenarios := []struct { + key string + value int + expected int + }{ + {"test2", 20, 1}, + {"test3", 2, 3}, + {"test_new", 20, 20}, + {"test_new", 50, 20}, // should return the previously inserted value + } + + for _, scenario := range scenarios { + t.Run(scenario.key, func(t *testing.T) { + result := s.GetOrSet(scenario.key, func() int { + return scenario.value + }) + + if result != scenario.expected { + t.Fatalf("Expected %v, got %v", scenario.expected, result) + } + }) + } +} + +func TestSetIfLessThanLimit(t *testing.T) { + s := store.Store[string, int]{} + + limit := 2 + + // set values + scenarios := []struct { + key string + value int + expected bool + }{ + {"test1", 1, true}, + {"test2", 2, true}, + {"test3", 3, false}, + {"test2", 4, true}, // overwrite + } + + for i, scenario := range scenarios { + result := s.SetIfLessThanLimit(scenario.key, scenario.value, limit) + + if result != scenario.expected { + t.Errorf("(%d) Expected result %v, got %v", i, scenario.expected, result) + } + + if !scenario.expected && s.Has(scenario.key) { + t.Errorf("(%d) Expected key %q to not be set", i, scenario.key) + } + + val := s.Get(scenario.key) + if scenario.expected && val != scenario.value { + t.Errorf("(%d) Expected value %v, got %v", i, scenario.value, val) + } + } +} + +func TestUnmarshalJSON(t *testing.T) { + s := store.Store[string, string]{} + s.Set("b", "old") // should be overwritten + s.Set("c", "test3") // ensures that the old values are not removed + + raw := []byte(`{"a":"test1", "b":"test2"}`) + if err := json.Unmarshal(raw, &s); err != nil { + t.Fatal(err) + } + + if v := s.Get("a"); v != "test1" { + t.Fatalf("Expected store.a to be %q, got %q", "test1", v) + } + + if v := s.Get("b"); v != "test2" { + t.Fatalf("Expected store.b to be %q, got %q", "test2", v) + } + + if v := s.Get("c"); v != "test3" { + t.Fatalf("Expected store.c to be %q, got %q", "test3", v) + } +} + +func TestMarshalJSON(t *testing.T) { + s := &store.Store[string, string]{} + s.Set("a", "test1") + s.Set("b", "test2") + + expected := []byte(`{"a":"test1", "b":"test2"}`) + + result, err := json.Marshal(s) + if err != nil { + t.Fatal(err) + } + + if bytes.Equal(result, expected) { + t.Fatalf("Expected\n%s\ngot\n%s", expected, result) + } +} + +func TestShrink(t *testing.T) { + s := &store.Store[string, int]{} + + total := 1000 + + for i := 0; i < total; i++ { + s.Set(strconv.Itoa(i), i) + } + + if s.Length() != total { + t.Fatalf("Expected %d items, got %d", total, s.Length()) + } + + // trigger map "shrink" + for i := 0; i < store.ShrinkThreshold; i++ { + s.Remove(strconv.Itoa(i)) + } + + // ensure that after the deletion, the new map was copied properly + if s.Length() != total-store.ShrinkThreshold { + t.Fatalf("Expected %d items, got %d", total-store.ShrinkThreshold, s.Length()) + } + + for k := range s.GetAll() { + kInt, err := strconv.Atoi(k) + if err != nil { + t.Fatalf("failed to convert %s into int: %v", k, err) + } + if kInt < store.ShrinkThreshold { + t.Fatalf("Key %q should have been deleted", k) + } + } +} diff --git a/tools/subscriptions/broker.go b/tools/subscriptions/broker.go new file mode 100644 index 0000000..82cf30d --- /dev/null +++ b/tools/subscriptions/broker.go @@ -0,0 +1,65 @@ +package subscriptions + +import ( + "fmt" + + "github.com/pocketbase/pocketbase/tools/list" + "github.com/pocketbase/pocketbase/tools/store" +) + +// Broker defines a struct for managing subscriptions clients. +type Broker struct { + store *store.Store[string, Client] +} + +// NewBroker initializes and returns a new Broker instance. +func NewBroker() *Broker { + return &Broker{ + store: store.New[string, Client](nil), + } +} + +// Clients returns a shallow copy of all registered clients indexed +// with their connection id. +func (b *Broker) Clients() map[string]Client { + return b.store.GetAll() +} + +// ChunkedClients splits the current clients into a chunked slice. +func (b *Broker) ChunkedClients(chunkSize int) [][]Client { + return list.ToChunks(b.store.Values(), chunkSize) +} + +// TotalClients returns the total number of registered clients. +func (b *Broker) TotalClients() int { + return b.store.Length() +} + +// ClientById finds a registered client by its id. +// +// Returns non-nil error when client with clientId is not registered. +func (b *Broker) ClientById(clientId string) (Client, error) { + client, ok := b.store.GetOk(clientId) + if !ok { + return nil, fmt.Errorf("no client associated with connection ID %q", clientId) + } + + return client, nil +} + +// Register adds a new client to the broker instance. +func (b *Broker) Register(client Client) { + b.store.Set(client.Id(), client) +} + +// Unregister removes a single client by its id and marks it as discarded. +// +// If client with clientId doesn't exist, this method does nothing. +func (b *Broker) Unregister(clientId string) { + client := b.store.Get(clientId) + if client == nil { + return + } + client.Discard() + b.store.Remove(clientId) +} diff --git a/tools/subscriptions/broker_test.go b/tools/subscriptions/broker_test.go new file mode 100644 index 0000000..74955d6 --- /dev/null +++ b/tools/subscriptions/broker_test.go @@ -0,0 +1,134 @@ +package subscriptions_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/tools/subscriptions" +) + +func TestNewBroker(t *testing.T) { + b := subscriptions.NewBroker() + + if b.Clients() == nil { + t.Fatal("Expected clients map to be initialized") + } +} + +func TestClients(t *testing.T) { + b := subscriptions.NewBroker() + + if total := len(b.Clients()); total != 0 { + t.Fatalf("Expected no clients, got %v", total) + } + + b.Register(subscriptions.NewDefaultClient()) + b.Register(subscriptions.NewDefaultClient()) + + // check if it is a shallow copy + clients := b.Clients() + for k := range clients { + delete(clients, k) + } + + // should return a new copy + if total := len(b.Clients()); total != 2 { + t.Fatalf("Expected 2 clients, got %v", total) + } +} + +func TestChunkedClients(t *testing.T) { + b := subscriptions.NewBroker() + + chunks := b.ChunkedClients(2) + if total := len(chunks); total != 0 { + t.Fatalf("Expected %d chunks, got %d", 0, total) + } + + b.Register(subscriptions.NewDefaultClient()) + b.Register(subscriptions.NewDefaultClient()) + b.Register(subscriptions.NewDefaultClient()) + + chunks = b.ChunkedClients(2) + if total := len(chunks); total != 2 { + t.Fatalf("Expected %d chunks, got %d", 2, total) + } + + if total := len(chunks[0]); total != 2 { + t.Fatalf("Expected the first chunk to have 2 clients, got %d", total) + } + + if total := len(chunks[1]); total != 1 { + t.Fatalf("Expected the second chunk to have 1 client, got %d", total) + } +} + +func TestTotalClients(t *testing.T) { + b := subscriptions.NewBroker() + + if total := b.TotalClients(); total != 0 { + t.Fatalf("Expected no clients, got %d", total) + } + + b.Register(subscriptions.NewDefaultClient()) + b.Register(subscriptions.NewDefaultClient()) + + if total := b.TotalClients(); total != 2 { + t.Fatalf("Expected %d clients, got %d", 2, total) + } +} + +func TestClientById(t *testing.T) { + b := subscriptions.NewBroker() + + clientA := subscriptions.NewDefaultClient() + clientB := subscriptions.NewDefaultClient() + b.Register(clientA) + b.Register(clientB) + + resultClient, err := b.ClientById(clientA.Id()) + if err != nil { + t.Fatalf("Expected client with id %s, got error %v", clientA.Id(), err) + } + if resultClient.Id() != clientA.Id() { + t.Fatalf("Expected client %s, got %s", clientA.Id(), resultClient.Id()) + } + + if c, err := b.ClientById("missing"); err == nil { + t.Fatalf("Expected error, found client %v", c) + } +} + +func TestRegister(t *testing.T) { + b := subscriptions.NewBroker() + + client := subscriptions.NewDefaultClient() + b.Register(client) + + if _, err := b.ClientById(client.Id()); err != nil { + t.Fatalf("Expected client with id %s, got error %v", client.Id(), err) + } +} + +func TestUnregister(t *testing.T) { + b := subscriptions.NewBroker() + + clientA := subscriptions.NewDefaultClient() + clientB := subscriptions.NewDefaultClient() + b.Register(clientA) + b.Register(clientB) + + if _, err := b.ClientById(clientA.Id()); err != nil { + t.Fatalf("Expected client with id %s, got error %v", clientA.Id(), err) + } + + b.Unregister(clientA.Id()) + + if c, err := b.ClientById(clientA.Id()); err == nil { + t.Fatalf("Expected error, found client %v", c) + } + + // clientB shouldn't have been removed + if _, err := b.ClientById(clientB.Id()); err != nil { + t.Fatalf("Expected client with id %s, got error %v", clientB.Id(), err) + } +} diff --git a/tools/subscriptions/client.go b/tools/subscriptions/client.go new file mode 100644 index 0000000..0f38a1f --- /dev/null +++ b/tools/subscriptions/client.go @@ -0,0 +1,280 @@ +package subscriptions + +import ( + "encoding/json" + "net/url" + "strings" + "sync" + + "github.com/pocketbase/pocketbase/tools/inflector" + "github.com/pocketbase/pocketbase/tools/security" + "github.com/spf13/cast" +) + +const optionsParam = "options" + +// SubscriptionOptions defines the request options (query params, headers, etc.) +// for a single subscription topic. +type SubscriptionOptions struct { + Query map[string]string `json:"query"` + Headers map[string]string `json:"headers"` +} + +// Client is an interface for a generic subscription client. +type Client interface { + // Id Returns the unique id of the client. + Id() string + + // Channel returns the client's communication channel. + // + // NB! The channel shouldn't be used after calling Discard(). + Channel() chan Message + + // Subscriptions returns a shallow copy of the client subscriptions matching the prefixes. + // If no prefix is specified, returns all subscriptions. + Subscriptions(prefixes ...string) map[string]SubscriptionOptions + + // Subscribe subscribes the client to the provided subscriptions list. + // + // Each subscription can also have "options" (json serialized SubscriptionOptions) as query parameter. + // + // Example: + // + // Subscribe( + // "subscriptionA", + // `subscriptionB?options={"query":{"a":1},"headers":{"x_token":"abc"}}`, + // ) + Subscribe(subs ...string) + + // Unsubscribe unsubscribes the client from the provided subscriptions list. + Unsubscribe(subs ...string) + + // HasSubscription checks if the client is subscribed to `sub`. + HasSubscription(sub string) bool + + // Set stores any value to the client's context. + Set(key string, value any) + + // Unset removes a single value from the client's context. + Unset(key string) + + // Get retrieves the key value from the client's context. + Get(key string) any + + // Discard marks the client as "discarded" (and closes its channel), + // meaning that it shouldn't be used anymore for sending new messages. + // + // It is safe to call Discard() multiple times. + Discard() + + // IsDiscarded indicates whether the client has been "discarded" + // and should no longer be used. + IsDiscarded() bool + + // Send sends the specified message to the client's channel (if not discarded). + Send(m Message) +} + +// ensures that DefaultClient satisfies the Client interface +var _ Client = (*DefaultClient)(nil) + +// DefaultClient defines a generic subscription client. +type DefaultClient struct { + store map[string]any + subscriptions map[string]SubscriptionOptions + channel chan Message + id string + mux sync.RWMutex + isDiscarded bool +} + +// NewDefaultClient creates and returns a new DefaultClient instance. +func NewDefaultClient() *DefaultClient { + return &DefaultClient{ + id: security.RandomString(40), + store: map[string]any{}, + channel: make(chan Message), + subscriptions: map[string]SubscriptionOptions{}, + } +} + +// Id implements the [Client.Id] interface method. +func (c *DefaultClient) Id() string { + c.mux.RLock() + defer c.mux.RUnlock() + + return c.id +} + +// Channel implements the [Client.Channel] interface method. +func (c *DefaultClient) Channel() chan Message { + c.mux.RLock() + defer c.mux.RUnlock() + + return c.channel +} + +// Subscriptions implements the [Client.Subscriptions] interface method. +// +// It returns a shallow copy of the client subscriptions matching the prefixes. +// If no prefix is specified, returns all subscriptions. +func (c *DefaultClient) Subscriptions(prefixes ...string) map[string]SubscriptionOptions { + c.mux.RLock() + defer c.mux.RUnlock() + + // no prefix -> return copy of all subscriptions + if len(prefixes) == 0 { + result := make(map[string]SubscriptionOptions, len(c.subscriptions)) + + for s, options := range c.subscriptions { + result[s] = options + } + + return result + } + + result := make(map[string]SubscriptionOptions) + + for _, prefix := range prefixes { + for s, options := range c.subscriptions { + // "?" ensures that the options query start character is always there + // so that it can be used as an end separator when looking only for the main subscription topic + if strings.HasPrefix(s+"?", prefix) { + result[s] = options + } + } + } + + return result +} + +// Subscribe implements the [Client.Subscribe] interface method. +// +// Empty subscriptions (aka. "") are ignored. +func (c *DefaultClient) Subscribe(subs ...string) { + c.mux.Lock() + defer c.mux.Unlock() + + for _, s := range subs { + if s == "" { + continue // skip empty + } + + // extract subscription options (if any) + rawOptions := struct { + // note: any instead of string to minimize the breaking changes with earlier versions + Query map[string]any `json:"query"` + Headers map[string]any `json:"headers"` + }{} + u, err := url.Parse(s) + if err == nil { + raw := u.Query().Get(optionsParam) + if raw != "" { + json.Unmarshal([]byte(raw), &rawOptions) + } + } + + options := SubscriptionOptions{ + Query: make(map[string]string, len(rawOptions.Query)), + Headers: make(map[string]string, len(rawOptions.Headers)), + } + + // normalize query + // (currently only single string values are supported for consistency with the default routes handling) + for k, v := range rawOptions.Query { + options.Query[k] = cast.ToString(v) + } + + // normalize headers name and values, eg. "X-Token" is converted to "x_token" + // (currently only single string values are supported for consistency with the default routes handling) + for k, v := range rawOptions.Headers { + options.Headers[inflector.Snakecase(k)] = cast.ToString(v) + } + + c.subscriptions[s] = options + } +} + +// Unsubscribe implements the [Client.Unsubscribe] interface method. +// +// If subs is not set, this method removes all registered client's subscriptions. +func (c *DefaultClient) Unsubscribe(subs ...string) { + c.mux.Lock() + defer c.mux.Unlock() + + if len(subs) > 0 { + for _, s := range subs { + delete(c.subscriptions, s) + } + } else { + // unsubscribe all + for s := range c.subscriptions { + delete(c.subscriptions, s) + } + } +} + +// HasSubscription implements the [Client.HasSubscription] interface method. +func (c *DefaultClient) HasSubscription(sub string) bool { + c.mux.RLock() + defer c.mux.RUnlock() + + _, ok := c.subscriptions[sub] + + return ok +} + +// Get implements the [Client.Get] interface method. +func (c *DefaultClient) Get(key string) any { + c.mux.RLock() + defer c.mux.RUnlock() + + return c.store[key] +} + +// Set implements the [Client.Set] interface method. +func (c *DefaultClient) Set(key string, value any) { + c.mux.Lock() + defer c.mux.Unlock() + + c.store[key] = value +} + +// Unset implements the [Client.Unset] interface method. +func (c *DefaultClient) Unset(key string) { + c.mux.Lock() + defer c.mux.Unlock() + + delete(c.store, key) +} + +// Discard implements the [Client.Discard] interface method. +func (c *DefaultClient) Discard() { + c.mux.Lock() + defer c.mux.Unlock() + + if c.isDiscarded { + return + } + + close(c.channel) + + c.isDiscarded = true +} + +// IsDiscarded implements the [Client.IsDiscarded] interface method. +func (c *DefaultClient) IsDiscarded() bool { + c.mux.RLock() + defer c.mux.RUnlock() + + return c.isDiscarded +} + +// Send sends the specified message to the client's channel (if not discarded). +func (c *DefaultClient) Send(m Message) { + if c.IsDiscarded() { + return + } + + c.Channel() <- m +} diff --git a/tools/subscriptions/client_test.go b/tools/subscriptions/client_test.go new file mode 100644 index 0000000..1f5a916 --- /dev/null +++ b/tools/subscriptions/client_test.go @@ -0,0 +1,244 @@ +package subscriptions_test + +import ( + "encoding/json" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/tools/subscriptions" +) + +func TestNewDefaultClient(t *testing.T) { + c := subscriptions.NewDefaultClient() + + if c.Channel() == nil { + t.Errorf("Expected channel to be initialized") + } + + if c.Subscriptions() == nil { + t.Errorf("Expected subscriptions map to be initialized") + } + + if c.Id() == "" { + t.Errorf("Expected unique id to be set") + } +} + +func TestId(t *testing.T) { + clients := []*subscriptions.DefaultClient{ + subscriptions.NewDefaultClient(), + subscriptions.NewDefaultClient(), + subscriptions.NewDefaultClient(), + subscriptions.NewDefaultClient(), + } + + ids := map[string]struct{}{} + for i, c := range clients { + // check uniqueness + if _, ok := ids[c.Id()]; ok { + t.Errorf("(%d) Expected unique id, got %v", i, c.Id()) + } else { + ids[c.Id()] = struct{}{} + } + + // check length + if len(c.Id()) != 40 { + t.Errorf("(%d) Expected unique id to have 40 chars length, got %v", i, c.Id()) + } + } +} + +func TestChannel(t *testing.T) { + c := subscriptions.NewDefaultClient() + + if c.Channel() == nil { + t.Fatalf("Expected channel to be initialized, got") + } +} + +func TestSubscriptions(t *testing.T) { + c := subscriptions.NewDefaultClient() + + if len(c.Subscriptions()) != 0 { + t.Fatalf("Expected subscriptions to be empty") + } + + c.Subscribe("sub1", "sub11", "sub2") + + scenarios := []struct { + prefixes []string + expected []string + }{ + {nil, []string{"sub1", "sub11", "sub2"}}, + {[]string{"missing"}, nil}, + {[]string{"sub1"}, []string{"sub1", "sub11"}}, + {[]string{"sub2"}, []string{"sub2"}}, // with extra query start char + } + + for _, s := range scenarios { + t.Run(strings.Join(s.prefixes, ","), func(t *testing.T) { + subs := c.Subscriptions(s.prefixes...) + + if len(subs) != len(s.expected) { + t.Fatalf("Expected %d subscriptions, got %d", len(s.expected), len(subs)) + } + + for _, s := range s.expected { + if _, ok := subs[s]; !ok { + t.Fatalf("Missing subscription %q in \n%v", s, subs) + } + } + }) + } +} + +func TestSubscribe(t *testing.T) { + c := subscriptions.NewDefaultClient() + + subs := []string{"", "sub1", "sub2", "sub3"} + expected := []string{"sub1", "sub2", "sub3"} + + c.Subscribe(subs...) // empty string should be skipped + + if len(c.Subscriptions()) != 3 { + t.Fatalf("Expected 3 subscriptions, got %v", c.Subscriptions()) + } + + for i, s := range expected { + if !c.HasSubscription(s) { + t.Errorf("(%d) Expected sub %s", i, s) + } + } +} + +func TestSubscribeOptions(t *testing.T) { + c := subscriptions.NewDefaultClient() + + sub1 := "test1" + sub2 := `test2?options={"query":{"name":123},"headers":{"X-Token":456}}` + + c.Subscribe(sub1, sub2) + + subs := c.Subscriptions() + + scenarios := []struct { + name string + expectedOptions string + }{ + {sub1, `{"query":{},"headers":{}}`}, + {sub2, `{"query":{"name":"123"},"headers":{"x_token":"456"}}`}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + options, ok := subs[s.name] + if !ok { + t.Fatalf("Missing subscription \n%q \nin \n%v", s.name, subs) + } + + rawBytes, err := json.Marshal(options) + if err != nil { + t.Fatal(err) + } + rawStr := string(rawBytes) + + if rawStr != s.expectedOptions { + t.Fatalf("Expected options\n%v\ngot\n%v", s.expectedOptions, rawStr) + } + }) + } +} + +func TestUnsubscribe(t *testing.T) { + c := subscriptions.NewDefaultClient() + + c.Subscribe("sub1", "sub2", "sub3") + + c.Unsubscribe("sub1") + + if c.HasSubscription("sub1") { + t.Fatalf("Expected sub1 to be removed") + } + + c.Unsubscribe( /* all */ ) + if len(c.Subscriptions()) != 0 { + t.Fatalf("Expected all subscriptions to be removed, got %v", c.Subscriptions()) + } +} + +func TestHasSubscription(t *testing.T) { + c := subscriptions.NewDefaultClient() + + if c.HasSubscription("missing") { + t.Error("Expected false, got true") + } + + c.Subscribe("sub") + + if !c.HasSubscription("sub") { + t.Error("Expected true, got false") + } +} + +func TestSetAndGet(t *testing.T) { + c := subscriptions.NewDefaultClient() + + c.Set("demo", 1) + + result, _ := c.Get("demo").(int) + + if result != 1 { + t.Errorf("Expected 1, got %v", result) + } +} + +func TestDiscard(t *testing.T) { + c := subscriptions.NewDefaultClient() + + if v := c.IsDiscarded(); v { + t.Fatal("Expected false, got true") + } + + c.Discard() + + if v := c.IsDiscarded(); !v { + t.Fatal("Expected true, got false") + } +} + +func TestSend(t *testing.T) { + c := subscriptions.NewDefaultClient() + + received := []string{} + go func() { + for m := range c.Channel() { + received = append(received, m.Name) + } + }() + + c.Send(subscriptions.Message{Name: "m1"}) + c.Send(subscriptions.Message{Name: "m2"}) + c.Discard() + c.Send(subscriptions.Message{Name: "m3"}) + c.Send(subscriptions.Message{Name: "m4"}) + time.Sleep(5 * time.Millisecond) + + expected := []string{"m1", "m2"} + + if len(received) != len(expected) { + t.Fatalf("Expected %d messages, got %d", len(expected), len(received)) + } + for _, name := range expected { + var exists bool + for _, n := range received { + if n == name { + exists = true + break + } + } + if !exists { + t.Fatalf("Missing expected %q message, got %v", name, received) + } + } +} diff --git a/tools/subscriptions/message.go b/tools/subscriptions/message.go new file mode 100644 index 0000000..00265bd --- /dev/null +++ b/tools/subscriptions/message.go @@ -0,0 +1,37 @@ +package subscriptions + +import ( + "io" +) + +// Message defines a client's channel data. +type Message struct { + Name string `json:"name"` + Data []byte `json:"data"` +} + +// WriteSSE writes the current message in a SSE format into the provided writer. +// +// For example, writing to a router.Event: +// +// m := Message{Name: "users/create", Data: []byte{...}} +// m.Write(e.Response, "yourEventId") +// e.Flush() +func (m *Message) WriteSSE(w io.Writer, eventId string) error { + parts := [][]byte{ + []byte("id:" + eventId + "\n"), + []byte("event:" + m.Name + "\n"), + []byte("data:"), + m.Data, + []byte("\n\n"), + } + + for _, part := range parts { + _, err := w.Write(part) + if err != nil { + return err + } + } + + return nil +} diff --git a/tools/subscriptions/message_test.go b/tools/subscriptions/message_test.go new file mode 100644 index 0000000..6483c9b --- /dev/null +++ b/tools/subscriptions/message_test.go @@ -0,0 +1,25 @@ +package subscriptions_test + +import ( + "strings" + "testing" + + "github.com/pocketbase/pocketbase/tools/subscriptions" +) + +func TestMessageWrite(t *testing.T) { + m := subscriptions.Message{ + Name: "test_name", + Data: []byte("test_data"), + } + + var sb strings.Builder + + m.WriteSSE(&sb, "test_id") + + expected := "id:test_id\nevent:test_name\ndata:test_data\n\n" + + if v := sb.String(); v != expected { + t.Fatalf("Expected writer content\n%q\ngot\n%q", expected, v) + } +} diff --git a/tools/template/registry.go b/tools/template/registry.go new file mode 100644 index 0000000..2440206 --- /dev/null +++ b/tools/template/registry.go @@ -0,0 +1,141 @@ +// Package template is a thin wrapper around the standard html/template +// and text/template packages that implements a convenient registry to +// load and cache templates on the fly concurrently. +// +// It was created to assist the JSVM plugin HTML rendering, but could be used in other Go code. +// +// Example: +// +// registry := template.NewRegistry() +// +// html1, err := registry.LoadFiles( +// // the files set wil be parsed only once and then cached +// "layout.html", +// "content.html", +// ).Render(map[string]any{"name": "John"}) +// +// html2, err := registry.LoadFiles( +// // reuse the already parsed and cached files set +// "layout.html", +// "content.html", +// ).Render(map[string]any{"name": "Jane"}) +package template + +import ( + "fmt" + "html/template" + "io/fs" + "path/filepath" + "strings" + + "github.com/pocketbase/pocketbase/tools/store" +) + +// NewRegistry creates and initializes a new templates registry with +// some defaults (eg. global "raw" template function for unescaped HTML). +// +// Use the Registry.Load* methods to load templates into the registry. +func NewRegistry() *Registry { + return &Registry{ + cache: store.New[string, *Renderer](nil), + funcs: template.FuncMap{ + "raw": func(str string) template.HTML { + return template.HTML(str) + }, + }, + } +} + +// Registry defines a templates registry that is safe to be used by multiple goroutines. +// +// Use the Registry.Load* methods to load templates into the registry. +type Registry struct { + cache *store.Store[string, *Renderer] + funcs template.FuncMap +} + +// AddFuncs registers new global template functions. +// +// The key of each map entry is the function name that will be used in the templates. +// If a function with the map entry name already exists it will be replaced with the new one. +// +// The value of each map entry is a function that must have either a +// single return value, or two return values of which the second has type error. +// +// Example: +// +// r.AddFuncs(map[string]any{ +// "toUpper": func(str string) string { +// return strings.ToUppser(str) +// }, +// ... +// }) +func (r *Registry) AddFuncs(funcs map[string]any) *Registry { + for name, f := range funcs { + r.funcs[name] = f + } + + return r +} + +// LoadFiles caches (if not already) the specified filenames set as a +// single template and returns a ready to use Renderer instance. +// +// There must be at least 1 filename specified. +func (r *Registry) LoadFiles(filenames ...string) *Renderer { + key := strings.Join(filenames, ",") + + found := r.cache.Get(key) + + if found == nil { + // parse and cache + tpl, err := template.New(filepath.Base(filenames[0])).Funcs(r.funcs).ParseFiles(filenames...) + found = &Renderer{template: tpl, parseError: err} + r.cache.Set(key, found) + } + + return found +} + +// LoadString caches (if not already) the specified inline string as a +// single template and returns a ready to use Renderer instance. +func (r *Registry) LoadString(text string) *Renderer { + found := r.cache.Get(text) + + if found == nil { + // parse and cache (using the text as key) + tpl, err := template.New("").Funcs(r.funcs).Parse(text) + found = &Renderer{template: tpl, parseError: err} + r.cache.Set(text, found) + } + + return found +} + +// LoadFS caches (if not already) the specified fs and globPatterns +// pair as single template and returns a ready to use Renderer instance. +// +// There must be at least 1 file matching the provided globPattern(s) +// (note that most file names serves as glob patterns matching themselves). +func (r *Registry) LoadFS(fsys fs.FS, globPatterns ...string) *Renderer { + key := fmt.Sprintf("%v%v", fsys, globPatterns) + + found := r.cache.Get(key) + + if found == nil { + // find the first file to use as template name (it is required when specifying Funcs) + var firstFilename string + if len(globPatterns) > 0 { + list, _ := fs.Glob(fsys, globPatterns[0]) + if len(list) > 0 { + firstFilename = filepath.Base(list[0]) + } + } + + tpl, err := template.New(firstFilename).Funcs(r.funcs).ParseFS(fsys, globPatterns...) + found = &Renderer{template: tpl, parseError: err} + r.cache.Set(key, found) + } + + return found +} diff --git a/tools/template/registry_test.go b/tools/template/registry_test.go new file mode 100644 index 0000000..c037fe3 --- /dev/null +++ b/tools/template/registry_test.go @@ -0,0 +1,250 @@ +package template + +import ( + "fmt" + "os" + "path/filepath" + "strings" + "testing" +) + +func checkRegistryFuncs(t *testing.T, r *Registry, expectedFuncs ...string) { + if v := len(r.funcs); v != len(expectedFuncs) { + t.Fatalf("Expected total %d funcs, got %d", len(expectedFuncs), v) + } + + for _, name := range expectedFuncs { + if _, ok := r.funcs[name]; !ok { + t.Fatalf("Missing %q func", name) + } + } +} + +func TestNewRegistry(t *testing.T) { + r := NewRegistry() + + if r.cache == nil { + t.Fatalf("Expected cache store to be initialized, got nil") + } + + if v := r.cache.Length(); v != 0 { + t.Fatalf("Expected cache store length to be 0, got %d", v) + } + + checkRegistryFuncs(t, r, "raw") +} + +func TestRegistryAddFuncs(t *testing.T) { + r := NewRegistry() + + r.AddFuncs(map[string]any{ + "test": func(a string) string { return a + "-TEST" }, + }) + + checkRegistryFuncs(t, r, "raw", "test") + + result, err := r.LoadString(`{{.|test}}`).Render("example") + if err != nil { + t.Fatalf("Unexpected Render() error, got %v", err) + } + + expected := "example-TEST" + if result != expected { + t.Fatalf("Expected Render() result %q, got %q", expected, result) + } +} + +func TestRegistryLoadFiles(t *testing.T) { + r := NewRegistry() + + t.Run("invalid or missing files", func(t *testing.T) { + r.LoadFiles("file1.missing", "file2.missing") + + key := "file1.missing,file2.missing" + renderer := r.cache.Get(key) + + if renderer == nil { + t.Fatal("Expected renderer to be initialized even if invalid, got nil") + } + + if renderer.template != nil { + t.Fatalf("Expected renderer template to be nil, got %v", renderer.template) + } + + if renderer.parseError == nil { + t.Fatalf("Expected renderer parseError to be set, got nil") + } + }) + + t.Run("valid files", func(t *testing.T) { + // create test templates + dir, err := os.MkdirTemp(os.TempDir(), "template_test") + if err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "base.html"), []byte(`Base:{{template "content" .}}`), 0644); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "content.html"), []byte(`{{define "content"}}Content:{{.|raw}}{{end}}`), 0644); err != nil { + t.Fatal(err) + } + defer os.RemoveAll(dir) + + files := []string{filepath.Join(dir, "base.html"), filepath.Join(dir, "content.html")} + + r.LoadFiles(files...) + + renderer := r.cache.Get(strings.Join(files, ",")) + + if renderer == nil { + t.Fatal("Expected renderer to be initialized even if invalid, got nil") + } + + if renderer.template == nil { + t.Fatal("Expected renderer template to be set, got nil") + } + + if renderer.parseError != nil { + t.Fatalf("Expected renderer parseError to be nil, got %v", renderer.parseError) + } + + result, err := renderer.Render("

    123

    ") + if err != nil { + t.Fatalf("Unexpected Render() error, got %v", err) + } + + expected := "Base:Content:

    123

    " + if result != expected { + t.Fatalf("Expected Render() result %q, got %q", expected, result) + } + }) +} + +func TestRegistryLoadString(t *testing.T) { + r := NewRegistry() + + t.Run("invalid template string", func(t *testing.T) { + txt := `test {{define "content"}}` + + r.LoadString(txt) + + renderer := r.cache.Get(txt) + + if renderer == nil { + t.Fatal("Expected renderer to be initialized even if invalid, got nil") + } + + if renderer.template != nil { + t.Fatalf("Expected renderer template to be nil, got %v", renderer.template) + } + + if renderer.parseError == nil { + t.Fatalf("Expected renderer parseError to be set, got nil") + } + }) + + t.Run("valid template string", func(t *testing.T) { + txt := `test {{.|raw}}` + + r.LoadString(txt) + + renderer := r.cache.Get(txt) + + if renderer == nil { + t.Fatal("Expected renderer to be initialized even if invalid, got nil") + } + + if renderer.template == nil { + t.Fatal("Expected renderer template to be set, got nil") + } + + if renderer.parseError != nil { + t.Fatalf("Expected renderer parseError to be nil, got %v", renderer.parseError) + } + + result, err := renderer.Render("

    123

    ") + if err != nil { + t.Fatalf("Unexpected Render() error, got %v", err) + } + + expected := "test

    123

    " + if result != expected { + t.Fatalf("Expected Render() result %q, got %q", expected, result) + } + }) +} + +func TestRegistryLoadFS(t *testing.T) { + r := NewRegistry() + + t.Run("invalid fs", func(t *testing.T) { + fs := os.DirFS("__missing__") + + files := []string{"missing1", "missing2"} + + key := fmt.Sprintf("%v%v", fs, files) + + r.LoadFS(fs, files...) + + renderer := r.cache.Get(key) + + if renderer == nil { + t.Fatal("Expected renderer to be initialized even if invalid, got nil") + } + + if renderer.template != nil { + t.Fatalf("Expected renderer template to be nil, got %v", renderer.template) + } + + if renderer.parseError == nil { + t.Fatalf("Expected renderer parseError to be set, got nil") + } + }) + + t.Run("valid fs", func(t *testing.T) { + // create test templates + dir, err := os.MkdirTemp(os.TempDir(), "template_test2") + if err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "base.html"), []byte(`Base:{{template "content" .}}`), 0644); err != nil { + t.Fatal(err) + } + if err := os.WriteFile(filepath.Join(dir, "content.html"), []byte(`{{define "content"}}Content:{{.|raw}}{{end}}`), 0644); err != nil { + t.Fatal(err) + } + defer os.RemoveAll(dir) + + fs := os.DirFS(dir) + + files := []string{"base.html", "content.html"} + + key := fmt.Sprintf("%v%v", fs, files) + + r.LoadFS(fs, files...) + + renderer := r.cache.Get(key) + + if renderer == nil { + t.Fatal("Expected renderer to be initialized even if invalid, got nil") + } + + if renderer.template == nil { + t.Fatal("Expected renderer template to be set, got nil") + } + + if renderer.parseError != nil { + t.Fatalf("Expected renderer parseError to be nil, got %v", renderer.parseError) + } + + result, err := renderer.Render("

    123

    ") + if err != nil { + t.Fatalf("Unexpected Render() error, got %v", err) + } + + expected := "Base:Content:

    123

    " + if result != expected { + t.Fatalf("Expected Render() result %q, got %q", expected, result) + } + }) +} diff --git a/tools/template/renderer.go b/tools/template/renderer.go new file mode 100644 index 0000000..7a2d85d --- /dev/null +++ b/tools/template/renderer.go @@ -0,0 +1,33 @@ +package template + +import ( + "bytes" + "errors" + "html/template" +) + +// Renderer defines a single parsed template. +type Renderer struct { + template *template.Template + parseError error +} + +// Render executes the template with the specified data as the dot object +// and returns the result as plain string. +func (r *Renderer) Render(data any) (string, error) { + if r.parseError != nil { + return "", r.parseError + } + + if r.template == nil { + return "", errors.New("invalid or nil template") + } + + buf := new(bytes.Buffer) + + if err := r.template.Execute(buf, data); err != nil { + return "", err + } + + return buf.String(), nil +} diff --git a/tools/template/renderer_test.go b/tools/template/renderer_test.go new file mode 100644 index 0000000..7c75111 --- /dev/null +++ b/tools/template/renderer_test.go @@ -0,0 +1,63 @@ +package template + +import ( + "errors" + "html/template" + "testing" +) + +func TestRendererRender(t *testing.T) { + tpl, _ := template.New("").Parse("Hello {{.Name}}!") + tpl.Option("missingkey=error") // enforce execute errors + + scenarios := map[string]struct { + renderer *Renderer + data any + expectedHasErr bool + expectedResult string + }{ + "with nil template": { + &Renderer{}, + nil, + true, + "", + }, + "with parse error": { + &Renderer{ + template: tpl, + parseError: errors.New("test"), + }, + nil, + true, + "", + }, + "with execute error": { + &Renderer{template: tpl}, + nil, + true, + "", + }, + "no error": { + &Renderer{template: tpl}, + struct{ Name string }{"world"}, + false, + "Hello world!", + }, + } + + for name, s := range scenarios { + t.Run(name, func(t *testing.T) { + result, err := s.renderer.Render(s.data) + + hasErr := err != nil + + if s.expectedHasErr != hasErr { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectedHasErr, hasErr, err) + } + + if s.expectedResult != result { + t.Fatalf("Expected result %v, got %v", s.expectedResult, result) + } + }) + } +} diff --git a/tools/tokenizer/tokenizer.go b/tools/tokenizer/tokenizer.go new file mode 100644 index 0000000..934d369 --- /dev/null +++ b/tools/tokenizer/tokenizer.go @@ -0,0 +1,221 @@ +// Package tokenizer implements a rudimentary tokens parser of buffered +// io.Reader while respecting quotes and parenthesis boundaries. +// +// Example +// +// tk := tokenizer.NewFromString("a, b, (c, d)") +// result, _ := tk.ScanAll() // ["a", "b", "(c, d)"] +package tokenizer + +import ( + "bufio" + "bytes" + "fmt" + "io" + "strings" +) + +// eof represents a marker rune for the end of the reader. +const eof = rune(0) + +// DefaultSeparators is a list with the default token separator characters. +var DefaultSeparators = []rune{','} + +var whitespaceChars = []rune{'\t', '\n', '\v', '\f', '\r', ' ', 0x85, 0xA0} + +// NewFromString creates new Tokenizer from the provided string. +func NewFromString(str string) *Tokenizer { + return New(strings.NewReader(str)) +} + +// NewFromBytes creates new Tokenizer from the provided bytes slice. +func NewFromBytes(b []byte) *Tokenizer { + return New(bytes.NewReader(b)) +} + +// New creates new Tokenizer from the provided reader with DefaultSeparators. +func New(r io.Reader) *Tokenizer { + t := &Tokenizer{r: bufio.NewReader(r)} + + t.Separators(DefaultSeparators...) + + return t +} + +// Tokenizer defines a struct that parses a reader into tokens while +// respecting quotes and parenthesis boundaries. +type Tokenizer struct { + r *bufio.Reader + + trimCutset string + separators []rune + keepSeparator bool + keepEmptyTokens bool + ignoreParenthesis bool +} + +// Separators defines the provided separatos of the current Tokenizer. +func (t *Tokenizer) Separators(separators ...rune) { + t.separators = separators + + t.rebuildTrimCutset() +} + +// KeepSeparator defines whether to keep the separator rune as part +// of the token (default to false). +func (t *Tokenizer) KeepSeparator(state bool) { + t.keepSeparator = state +} + +// KeepEmptyTokens defines whether to keep empty tokens on Scan() (default to false). +func (t *Tokenizer) KeepEmptyTokens(state bool) { + t.keepEmptyTokens = state +} + +// IgnoreParenthesis defines whether to ignore the parenthesis boundaries +// and to treat the '(' and ')' as regular characters. +func (t *Tokenizer) IgnoreParenthesis(state bool) { + t.ignoreParenthesis = state +} + +// Scan reads and returns the next available token from the Tokenizer's buffer (trimmed!). +// +// Empty tokens are skipped if t.keepEmptyTokens is not set (which is the default). +// +// Returns [io.EOF] error when there are no more tokens to scan. +func (t *Tokenizer) Scan() (string, error) { + ch := t.read() + if ch == eof { + return "", io.EOF + } + t.unread() + + token, err := t.readToken() + if err != nil { + return "", err + } + + if !t.keepEmptyTokens && token == "" { + return t.Scan() + } + + return token, err +} + +// ScanAll reads the entire Tokenizer's buffer and return all found tokens. +func (t *Tokenizer) ScanAll() ([]string, error) { + tokens := []string{} + + for { + token, err := t.Scan() + if err != nil { + if err == io.EOF { + break + } + + return nil, err + } + + tokens = append(tokens, token) + } + + return tokens, nil +} + +// readToken reads a single token from the buffer and returns it. +func (t *Tokenizer) readToken() (string, error) { + var buf bytes.Buffer + var parenthesis int + var quoteCh rune + var prevCh rune + + for { + ch := t.read() + + if ch == eof { + break + } + + if !t.isEscapeRune(prevCh) { + if !t.ignoreParenthesis && ch == '(' && quoteCh == eof { + parenthesis++ // opening parenthesis + } else if !t.ignoreParenthesis && ch == ')' && parenthesis > 0 && quoteCh == eof { + parenthesis-- // closing parenthesis + } else if t.isQuoteRune(ch) { + switch quoteCh { + case ch: + quoteCh = eof // closing quote + case eof: + quoteCh = ch // opening quote + } + } + } + + if t.isSeperatorRune(ch) && parenthesis == 0 && quoteCh == eof { + if t.keepSeparator { + buf.WriteRune(ch) + } + break + } + + prevCh = ch + buf.WriteRune(ch) + } + + if parenthesis > 0 || quoteCh != eof { + return "", fmt.Errorf("unbalanced parenthesis or quoted expression: %q", buf.String()) + } + + return strings.Trim(buf.String(), t.trimCutset), nil +} + +// read reads the next rune from the buffered reader. +// Returns the `rune(0)` if an error or `io.EOF` occurs. +func (t *Tokenizer) read() rune { + ch, _, err := t.r.ReadRune() + if err != nil { + return eof + } + + return ch +} + +// unread places the previously read rune back on the reader. +func (t *Tokenizer) unread() error { + return t.r.UnreadRune() +} + +// rebuildTrimCutset rebuilds the tokenizer trimCutset based on its separator runes. +func (t *Tokenizer) rebuildTrimCutset() { + var cutset strings.Builder + + for _, w := range whitespaceChars { + if t.isSeperatorRune(w) { + continue + } + cutset.WriteRune(w) + } + + t.trimCutset = cutset.String() +} + +// isSeperatorRune checks if a rune is a token part separator. +func (t *Tokenizer) isSeperatorRune(ch rune) bool { + for _, r := range t.separators { + if ch == r { + return true + } + } + + return false +} + +// isQuoteRune checks if a rune is a quote. +func (t *Tokenizer) isQuoteRune(ch rune) bool { + return ch == '\'' || ch == '"' || ch == '`' +} + +// isEscapeRune checks if a rune is an escape character. +func (t *Tokenizer) isEscapeRune(ch rune) bool { + return ch == '\\' +} diff --git a/tools/tokenizer/tokenizer_test.go b/tools/tokenizer/tokenizer_test.go new file mode 100644 index 0000000..c9aab59 --- /dev/null +++ b/tools/tokenizer/tokenizer_test.go @@ -0,0 +1,303 @@ +package tokenizer + +import ( + "io" + "strings" + "testing" +) + +func TestFactories(t *testing.T) { + expectedContent := "test" + + scenarios := []struct { + name string + tk *Tokenizer + }{ + { + "New()", + New(strings.NewReader(expectedContent)), + }, + { + "NewFromString()", + NewFromString(expectedContent), + }, + { + "NewFromBytes()", + NewFromBytes([]byte(expectedContent)), + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + content, _ := s.tk.r.ReadString(0) + + if content != expectedContent { + t.Fatalf("Expected reader with content %q, got %q", expectedContent, content) + } + + if s.tk.keepSeparator != false { + t.Fatal("Expected keepSeparator false, got true") + } + + if s.tk.ignoreParenthesis != false { + t.Fatal("Expected ignoreParenthesis false, got true") + } + + if len(s.tk.separators) != len(DefaultSeparators) { + t.Fatalf("Expected \n%v, \ngot \n%v", DefaultSeparators, s.tk.separators) + } + + for _, r := range s.tk.separators { + exists := false + for _, def := range s.tk.separators { + if r == def { + exists = true + break + } + } + if !exists { + t.Fatalf("Unexpected sepator %s", string(r)) + } + } + }) + } +} + +func TestScan(t *testing.T) { + tk := NewFromString("abc, 123.456, (abc)") + + expectedTokens := []string{"abc", "123.456", "(abc)"} + + for _, token := range expectedTokens { + result, err := tk.Scan() + if err != nil { + t.Fatalf("Expected token %q, got error %v", token, err) + } + + if result != token { + t.Fatalf("Expected token %q, got error %v", token, result) + } + } + + // scan the last character + token, err := tk.Scan() + if err != io.EOF { + t.Fatalf("Expected EOF error, got %v", err) + } + if token != "" || err != io.EOF { + t.Fatalf("Expected empty token, got %q", token) + } +} + +func TestScanAll(t *testing.T) { + scenarios := []struct { + name string + content string + separators []rune + keepSeparator bool + keepEmptyTokens bool + ignoreParenthesis bool + expectError bool + expectTokens []string + }{ + { + name: "empty string", + content: "", + separators: DefaultSeparators, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: false, + expectError: false, + expectTokens: nil, + }, + { + name: "unbalanced parenthesis", + content: `(a,b() c`, + separators: DefaultSeparators, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: false, + expectError: true, + expectTokens: []string{}, + }, + { + name: "unmatching quotes", + content: `'asd"`, + separators: DefaultSeparators, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: false, + expectError: true, + expectTokens: []string{}, + }, + { + name: "no separators", + content: `a, b, c, d, e 123, "abc"`, + separators: nil, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: false, + expectError: false, + expectTokens: []string{`a, b, c, d, e 123, "abc"`}, + }, + { + name: "default separators", + content: `a, b , c , d e , "a,b, c " , ,, , (123, 456) + `, + separators: DefaultSeparators, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: false, + expectError: false, + expectTokens: []string{ + "a", + "b", + "c", + "d e", + `"a,b, c "`, + `(123, 456)`, + }, + }, + { + name: "keep separators", + content: `a, b, c, d e, "a,b, c ", (123, 456)`, + separators: []rune{',', ' '}, // the space should be removed from the cutset + keepSeparator: true, + keepEmptyTokens: true, + ignoreParenthesis: false, + expectError: false, + expectTokens: []string{ + "a,", + " ", + "b,", + " ", + "c,", + " ", + "d ", + " ", + "e,", + " ", + `"a,b, c ",`, + `(123, 456)`, + }, + }, + { + name: "custom separators", + content: `a | b c d &(e + f) & "g & h" & & &`, + separators: []rune{'|', '&'}, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: false, + expectError: false, + expectTokens: []string{ + "a", + "b c d", + "(e + f)", + `"g & h"`, + }, + }, + { + name: "ignoring parenthesis", + content: `a, b, (c,d)`, + separators: DefaultSeparators, + keepSeparator: false, + keepEmptyTokens: false, + ignoreParenthesis: true, + expectError: false, + expectTokens: []string{ + "a", + "b", + "(c", + "d)", + }, + }, + { + name: "keep empty tokens", + content: `a, b, (c, d), ,, , e, , f`, + separators: DefaultSeparators, + keepSeparator: false, + keepEmptyTokens: true, + ignoreParenthesis: false, + expectError: false, + expectTokens: []string{ + "a", + "b", + "(c, d)", + "", + "", + "", + "e", + "", + "f", + }, + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + tk := NewFromString(s.content) + + tk.Separators(s.separators...) + tk.KeepSeparator(s.keepSeparator) + tk.KeepEmptyTokens(s.keepEmptyTokens) + tk.IgnoreParenthesis(s.ignoreParenthesis) + + tokens, err := tk.ScanAll() + + hasErr := err != nil + if hasErr != s.expectError { + t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err) + } + + if len(tokens) != len(s.expectTokens) { + t.Fatalf("Expected \n%v (%d), \ngot \n%v (%d)", s.expectTokens, len(s.expectTokens), tokens, len(tokens)) + } + + for _, tok := range tokens { + exists := false + for _, def := range s.expectTokens { + if tok == def { + exists = true + break + } + } + if !exists { + t.Fatalf("Unexpected token %q", tok) + } + } + }) + } +} + +func TestTrimCutset(t *testing.T) { + scenarios := []struct { + name string + separators []rune + expectedCutset string + }{ + { + "default factory separators", + nil, + "\t\n\v\f\r \u0085\u00a0", + }, + { + "custom separators", + []rune{'\t', ' ', '\r', ','}, + "\n\v\f\u0085\u00a0", + }, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + tk := NewFromString("") + + if len(s.separators) > 0 { + tk.Separators(s.separators...) + } + + if tk.trimCutset != s.expectedCutset { + t.Fatalf("Expected cutset %q, got %q", s.expectedCutset, tk.trimCutset) + } + }) + } +} diff --git a/tools/types/datetime.go b/tools/types/datetime.go new file mode 100644 index 0000000..2682039 --- /dev/null +++ b/tools/types/datetime.go @@ -0,0 +1,158 @@ +package types + +import ( + "database/sql/driver" + "encoding/json" + "time" + + "github.com/spf13/cast" +) + +// DefaultDateLayout specifies the default app date strings layout. +const DefaultDateLayout = "2006-01-02 15:04:05.000Z" + +// NowDateTime returns new DateTime instance with the current local time. +func NowDateTime() DateTime { + return DateTime{t: time.Now()} +} + +// ParseDateTime creates a new DateTime from the provided value +// (could be [cast.ToTime] supported string, [time.Time], etc.). +func ParseDateTime(value any) (DateTime, error) { + d := DateTime{} + err := d.Scan(value) + return d, err +} + +// DateTime represents a [time.Time] instance in UTC that is wrapped +// and serialized using the app default date layout. +type DateTime struct { + t time.Time +} + +// Time returns the internal [time.Time] instance. +func (d DateTime) Time() time.Time { + return d.t +} + +// Add returns a new DateTime based on the current DateTime + the specified duration. +func (d DateTime) Add(duration time.Duration) DateTime { + d.t = d.t.Add(duration) + return d +} + +// Sub returns a [time.Duration] by subtracting the specified DateTime from the current one. +// +// If the result exceeds the maximum (or minimum) value that can be stored in a [time.Duration], +// the maximum (or minimum) duration will be returned. +func (d DateTime) Sub(u DateTime) time.Duration { + return d.Time().Sub(u.Time()) +} + +// AddDate returns a new DateTime based on the current one + duration. +// +// It follows the same rules as [time.AddDate]. +func (d DateTime) AddDate(years, months, days int) DateTime { + d.t = d.t.AddDate(years, months, days) + return d +} + +// After reports whether the current DateTime instance is after u. +func (d DateTime) After(u DateTime) bool { + return d.Time().After(u.Time()) +} + +// Before reports whether the current DateTime instance is before u. +func (d DateTime) Before(u DateTime) bool { + return d.Time().Before(u.Time()) +} + +// Compare compares the current DateTime instance with u. +// If the current instance is before u, it returns -1. +// If the current instance is after u, it returns +1. +// If they're the same, it returns 0. +func (d DateTime) Compare(u DateTime) int { + return d.Time().Compare(u.Time()) +} + +// Equal reports whether the current DateTime and u represent the same time instant. +// Two DateTime can be equal even if they are in different locations. +// For example, 6:00 +0200 and 4:00 UTC are Equal. +func (d DateTime) Equal(u DateTime) bool { + return d.Time().Equal(u.Time()) +} + +// Unix returns the current DateTime as a Unix time, aka. +// the number of seconds elapsed since January 1, 1970 UTC. +func (d DateTime) Unix() int64 { + return d.Time().Unix() +} + +// IsZero checks whether the current DateTime instance has zero time value. +func (d DateTime) IsZero() bool { + return d.Time().IsZero() +} + +// String serializes the current DateTime instance into a formatted +// UTC date string. +// +// The zero value is serialized to an empty string. +func (d DateTime) String() string { + t := d.Time() + if t.IsZero() { + return "" + } + return t.UTC().Format(DefaultDateLayout) +} + +// MarshalJSON implements the [json.Marshaler] interface. +func (d DateTime) MarshalJSON() ([]byte, error) { + return []byte(`"` + d.String() + `"`), nil +} + +// UnmarshalJSON implements the [json.Unmarshaler] interface. +func (d *DateTime) UnmarshalJSON(b []byte) error { + var raw string + if err := json.Unmarshal(b, &raw); err != nil { + return err + } + return d.Scan(raw) +} + +// Value implements the [driver.Valuer] interface. +func (d DateTime) Value() (driver.Value, error) { + return d.String(), nil +} + +// Scan implements [sql.Scanner] interface to scan the provided value +// into the current DateTime instance. +func (d *DateTime) Scan(value any) error { + switch v := value.(type) { + case time.Time: + d.t = v + case DateTime: + d.t = v.Time() + case string: + if v == "" { + d.t = time.Time{} + } else { + t, err := time.Parse(DefaultDateLayout, v) + if err != nil { + // check for other common date layouts + t = cast.ToTime(v) + } + d.t = t + } + case int, int64, int32, uint, uint64, uint32: + d.t = cast.ToTime(v) + default: + str := cast.ToString(v) + if str == "" { + d.t = time.Time{} + } else { + d.t = cast.ToTime(str) + } + } + + return nil +} diff --git a/tools/types/datetime_test.go b/tools/types/datetime_test.go new file mode 100644 index 0000000..0d6e38b --- /dev/null +++ b/tools/types/datetime_test.go @@ -0,0 +1,417 @@ +package types_test + +import ( + "fmt" + "strings" + "testing" + "time" + + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestNowDateTime(t *testing.T) { + now := time.Now().UTC().Format("2006-01-02 15:04:05") // without ms part for test consistency + dt := types.NowDateTime() + + if !strings.Contains(dt.String(), now) { + t.Fatalf("Expected %q, got %q", now, dt.String()) + } +} + +func TestParseDateTime(t *testing.T) { + nowTime := time.Now().UTC() + nowDateTime, _ := types.ParseDateTime(nowTime) + nowStr := nowTime.Format(types.DefaultDateLayout) + + scenarios := []struct { + value any + expected string + }{ + {nil, ""}, + {"", ""}, + {"invalid", ""}, + {nowDateTime, nowStr}, + {nowTime, nowStr}, + {1641024040, "2022-01-01 08:00:40.000Z"}, + {int32(1641024040), "2022-01-01 08:00:40.000Z"}, + {int64(1641024040), "2022-01-01 08:00:40.000Z"}, + {uint(1641024040), "2022-01-01 08:00:40.000Z"}, + {uint64(1641024040), "2022-01-01 08:00:40.000Z"}, + {uint32(1641024040), "2022-01-01 08:00:40.000Z"}, + {"2022-01-01 11:23:45.678", "2022-01-01 11:23:45.678Z"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + dt, err := types.ParseDateTime(s.value) + if err != nil { + t.Fatalf("Failed to parse %v: %v", s.value, err) + } + + if dt.String() != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, dt.String()) + } + }) + } +} + +func TestDateTimeTime(t *testing.T) { + str := "2022-01-01 11:23:45.678Z" + + expected, err := time.Parse(types.DefaultDateLayout, str) + if err != nil { + t.Fatal(err) + } + + dt, err := types.ParseDateTime(str) + if err != nil { + t.Fatal(err) + } + + result := dt.Time() + + if !expected.Equal(result) { + t.Fatalf("Expected time %v, got %v", expected, result) + } +} + +func TestDateTimeAdd(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + + d2 := d1.Add(1 * time.Hour) + + if d1.String() != "2024-01-01 10:00:00.123Z" { + t.Fatalf("Expected d1 to remain unchanged, got %s", d1.String()) + } + + expected := "2024-01-01 11:00:00.123Z" + if d2.String() != expected { + t.Fatalf("Expected d2 %s, got %s", expected, d2.String()) + } +} + +func TestDateTimeSub(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + d2, _ := types.ParseDateTime("2024-01-01 10:30:00.123Z") + + result := d2.Sub(d1) + + if result.Minutes() != 30 { + t.Fatalf("Expected %v minutes diff, got %v", 30, result.Minutes()) + } +} + +func TestDateTimeAddDate(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + + d2 := d1.AddDate(1, 2, 3) + + if d1.String() != "2024-01-01 10:00:00.123Z" { + t.Fatalf("Expected d1 to remain unchanged, got %s", d1.String()) + } + + expected := "2025-03-04 10:00:00.123Z" + if d2.String() != expected { + t.Fatalf("Expected d2 %s, got %s", expected, d2.String()) + } +} + +func TestDateTimeAfter(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + d2, _ := types.ParseDateTime("2024-01-02 10:00:00.123Z") + d3, _ := types.ParseDateTime("2024-01-03 10:00:00.123Z") + + scenarios := []struct { + a types.DateTime + b types.DateTime + expect bool + }{ + // d1 + {d1, d1, false}, + {d1, d2, false}, + {d1, d3, false}, + // d2 + {d2, d1, true}, + {d2, d2, false}, + {d2, d3, false}, + // d3 + {d3, d1, true}, + {d3, d2, true}, + {d3, d3, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("after_%d", i), func(t *testing.T) { + if v := s.a.After(s.b); v != s.expect { + t.Fatalf("Expected %v, got %v", s.expect, v) + } + }) + } +} + +func TestDateTimeBefore(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + d2, _ := types.ParseDateTime("2024-01-02 10:00:00.123Z") + d3, _ := types.ParseDateTime("2024-01-03 10:00:00.123Z") + + scenarios := []struct { + a types.DateTime + b types.DateTime + expect bool + }{ + // d1 + {d1, d1, false}, + {d1, d2, true}, + {d1, d3, true}, + // d2 + {d2, d1, false}, + {d2, d2, false}, + {d2, d3, true}, + // d3 + {d3, d1, false}, + {d3, d2, false}, + {d3, d3, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("before_%d", i), func(t *testing.T) { + if v := s.a.Before(s.b); v != s.expect { + t.Fatalf("Expected %v, got %v", s.expect, v) + } + }) + } +} + +func TestDateTimeCompare(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + d2, _ := types.ParseDateTime("2024-01-02 10:00:00.123Z") + d3, _ := types.ParseDateTime("2024-01-03 10:00:00.123Z") + + scenarios := []struct { + a types.DateTime + b types.DateTime + expect int + }{ + // d1 + {d1, d1, 0}, + {d1, d2, -1}, + {d1, d3, -1}, + // d2 + {d2, d1, 1}, + {d2, d2, 0}, + {d2, d3, -1}, + // d3 + {d3, d1, 1}, + {d3, d2, 1}, + {d3, d3, 0}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("compare_%d", i), func(t *testing.T) { + if v := s.a.Compare(s.b); v != s.expect { + t.Fatalf("Expected %v, got %v", s.expect, v) + } + }) + } +} + +func TestDateTimeEqual(t *testing.T) { + t.Parallel() + + d1, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + d2, _ := types.ParseDateTime("2024-01-01 10:00:00.123Z") + d3, _ := types.ParseDateTime("2024-01-01 10:00:00.124Z") + + scenarios := []struct { + a types.DateTime + b types.DateTime + expect bool + }{ + {d1, d1, true}, + {d1, d2, true}, + {d1, d3, false}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("equal_%d", i), func(t *testing.T) { + if v := s.a.Equal(s.b); v != s.expect { + t.Fatalf("Expected %v, got %v", s.expect, v) + } + }) + } +} + +func TestDateTimeUnix(t *testing.T) { + scenarios := []struct { + date string + expected int64 + }{ + {"", -62135596800}, + {"2022-01-01 11:23:45.678Z", 1641036225}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.date), func(t *testing.T) { + dt, err := types.ParseDateTime(s.date) + if err != nil { + t.Fatal(err) + } + + v := dt.Unix() + + if v != s.expected { + t.Fatalf("Expected %d, got %d", s.expected, v) + } + }) + } +} + +func TestDateTimeIsZero(t *testing.T) { + dt0 := types.DateTime{} + if !dt0.IsZero() { + t.Fatalf("Expected zero datatime, got %v", dt0) + } + + dt1 := types.NowDateTime() + if dt1.IsZero() { + t.Fatalf("Expected non-zero datatime, got %v", dt1) + } +} + +func TestDateTimeString(t *testing.T) { + dt0 := types.DateTime{} + if dt0.String() != "" { + t.Fatalf("Expected empty string for zer datetime, got %q", dt0.String()) + } + + expected := "2022-01-01 11:23:45.678Z" + dt1, _ := types.ParseDateTime(expected) + if dt1.String() != expected { + t.Fatalf("Expected %q, got %v", expected, dt1) + } +} + +func TestDateTimeMarshalJSON(t *testing.T) { + scenarios := []struct { + date string + expected string + }{ + {"", `""`}, + {"2022-01-01 11:23:45.678", `"2022-01-01 11:23:45.678Z"`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.date), func(t *testing.T) { + dt, err := types.ParseDateTime(s.date) + if err != nil { + t.Fatal(err) + } + + result, err := dt.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + if string(result) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, string(result)) + } + }) + } +} + +func TestDateTimeUnmarshalJSON(t *testing.T) { + scenarios := []struct { + date string + expected string + }{ + {"", ""}, + {"invalid_json", ""}, + {"'123'", ""}, + {"2022-01-01 11:23:45.678", ""}, + {`"2022-01-01 11:23:45.678"`, "2022-01-01 11:23:45.678Z"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.date), func(t *testing.T) { + dt := types.DateTime{} + dt.UnmarshalJSON([]byte(s.date)) + + if dt.String() != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, dt.String()) + } + }) + } +} + +func TestDateTimeValue(t *testing.T) { + scenarios := []struct { + value any + expected string + }{ + {"", ""}, + {"invalid", ""}, + {1641024040, "2022-01-01 08:00:40.000Z"}, + {"2022-01-01 11:23:45.678", "2022-01-01 11:23:45.678Z"}, + {types.NowDateTime(), types.NowDateTime().String()}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.value), func(t *testing.T) { + dt, _ := types.ParseDateTime(s.value) + + result, err := dt.Value() + if err != nil { + t.Fatal(err) + } + + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestDateTimeScan(t *testing.T) { + now := time.Now().UTC().Format("2006-01-02 15:04:05") // without ms part for test consistency + + scenarios := []struct { + value any + expected string + }{ + {nil, ""}, + {"", ""}, + {"invalid", ""}, + {types.NowDateTime(), now}, + {time.Now(), now}, + {1.0, ""}, + {1641024040, "2022-01-01 08:00:40.000Z"}, + {"2022-01-01 11:23:45.678", "2022-01-01 11:23:45.678Z"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + dt := types.DateTime{} + + err := dt.Scan(s.value) + if err != nil { + t.Fatalf("Failed to parse %v: %v", s.value, err) + } + + if !strings.Contains(dt.String(), s.expected) { + t.Fatalf("Expected %q, got %q", s.expected, dt.String()) + } + }) + } +} diff --git a/tools/types/geo_point.go b/tools/types/geo_point.go new file mode 100644 index 0000000..286120d --- /dev/null +++ b/tools/types/geo_point.go @@ -0,0 +1,84 @@ +package types + +import ( + "database/sql/driver" + "encoding/json" + "fmt" +) + +// GeoPoint defines a struct for storing geo coordinates as serialized json object +// (e.g. {lon:0,lat:0}). +// +// Note: using object notation and not a plain array to avoid the confusion +// as there doesn't seem to be a fixed standard for the coordinates order. +type GeoPoint struct { + Lon float64 `form:"lon" json:"lon"` + Lat float64 `form:"lat" json:"lat"` +} + +// String returns the string representation of the current GeoPoint instance. +func (p GeoPoint) String() string { + raw, _ := json.Marshal(p) + return string(raw) +} + +// AsMap implements [core.mapExtractor] and returns a value suitable +// to be used in an API rule expression. +func (p GeoPoint) AsMap() map[string]any { + return map[string]any{ + "lon": p.Lon, + "lat": p.Lat, + } +} + +// Value implements the [driver.Valuer] interface. +func (p GeoPoint) Value() (driver.Value, error) { + data, err := json.Marshal(p) + return string(data), err +} + +// Scan implements [sql.Scanner] interface to scan the provided value +// into the current GeoPoint instance. +// +// The value argument could be nil (no-op), another GeoPoint instance, +// map or serialized json object with lat-lon props. +func (p *GeoPoint) Scan(value any) error { + var err error + + switch v := value.(type) { + case nil: + // no cast needed + case *GeoPoint: + p.Lon = v.Lon + p.Lat = v.Lat + case GeoPoint: + p.Lon = v.Lon + p.Lat = v.Lat + case JSONRaw: + if len(v) != 0 { + err = json.Unmarshal(v, p) + } + case []byte: + if len(v) != 0 { + err = json.Unmarshal(v, p) + } + case string: + if len(v) != 0 { + err = json.Unmarshal([]byte(v), p) + } + default: + var raw []byte + raw, err = json.Marshal(v) + if err != nil { + err = fmt.Errorf("unable to marshalize value for scanning: %w", err) + } else { + err = json.Unmarshal(raw, p) + } + } + + if err != nil { + return fmt.Errorf("[GeoPoint] unable to scan value %v: %w", value, err) + } + + return nil +} diff --git a/tools/types/geo_point_test.go b/tools/types/geo_point_test.go new file mode 100644 index 0000000..fa7c5d5 --- /dev/null +++ b/tools/types/geo_point_test.go @@ -0,0 +1,116 @@ +package types_test + +import ( + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestGeoPointAsMap(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + point types.GeoPoint + expected map[string]any + }{ + {"zero", types.GeoPoint{}, map[string]any{"lon": 0.0, "lat": 0.0}}, + {"non-zero", types.GeoPoint{Lon: -10, Lat: 20.123}, map[string]any{"lon": -10.0, "lat": 20.123}}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + result := s.point.AsMap() + + if len(result) != len(s.expected) { + t.Fatalf("Expected %d keys, got %d: %v", len(s.expected), len(result), result) + } + + for k, v := range s.expected { + found, ok := result[k] + if !ok { + t.Fatalf("Missing expected %q key: %v", k, result) + } + + if found != v { + t.Fatalf("Expected %q key value %v, got %v", k, v, found) + } + } + }) + } +} + +func TestGeoPointStringAndValue(t *testing.T) { + t.Parallel() + + scenarios := []struct { + name string + point types.GeoPoint + expected string + }{ + {"zero", types.GeoPoint{}, `{"lon":0,"lat":0}`}, + {"non-zero", types.GeoPoint{Lon: -10, Lat: 20.123}, `{"lon":-10,"lat":20.123}`}, + } + + for _, s := range scenarios { + t.Run(s.name, func(t *testing.T) { + str := s.point.String() + + val, err := s.point.Value() + if err != nil { + t.Fatal(err) + } + + if str != val { + t.Fatalf("Expected String and Value to return the same value") + } + + if str != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, str) + } + }) + } +} + +func TestGeoPointScan(t *testing.T) { + t.Parallel() + + scenarios := []struct { + value any + expectErr bool + expectStr string + }{ + {nil, false, `{"lon":1,"lat":2}`}, + {"", false, `{"lon":1,"lat":2}`}, + {types.JSONRaw{}, false, `{"lon":1,"lat":2}`}, + {[]byte{}, false, `{"lon":1,"lat":2}`}, + {`{}`, false, `{"lon":1,"lat":2}`}, + {`[]`, true, `{"lon":1,"lat":2}`}, + {0, true, `{"lon":1,"lat":2}`}, + {`{"lon":"1.23","lat":"4.56"}`, true, `{"lon":1,"lat":2}`}, + {`{"lon":1.23,"lat":4.56}`, false, `{"lon":1.23,"lat":4.56}`}, + {[]byte(`{"lon":1.23,"lat":4.56}`), false, `{"lon":1.23,"lat":4.56}`}, + {types.JSONRaw(`{"lon":1.23,"lat":4.56}`), false, `{"lon":1.23,"lat":4.56}`}, + {types.GeoPoint{}, false, `{"lon":0,"lat":0}`}, + {types.GeoPoint{Lon: 1.23, Lat: 4.56}, false, `{"lon":1.23,"lat":4.56}`}, + {&types.GeoPoint{Lon: 1.23, Lat: 4.56}, false, `{"lon":1.23,"lat":4.56}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + point := types.GeoPoint{Lon: 1, Lat: 2} + + err := point.Scan(s.value) + + hasErr := err != nil + if hasErr != s.expectErr { + t.Errorf("Expected hasErr %v, got %v (%v)", s.expectErr, hasErr, err) + } + + if str := point.String(); str != s.expectStr { + t.Errorf("Expected\n%s\ngot\n%s", s.expectStr, str) + } + }) + } +} diff --git a/tools/types/json_array.go b/tools/types/json_array.go new file mode 100644 index 0000000..024fd7b --- /dev/null +++ b/tools/types/json_array.go @@ -0,0 +1,58 @@ +package types + +import ( + "database/sql/driver" + "encoding/json" + "fmt" +) + +// JSONArray defines a slice that is safe for json and db read/write. +type JSONArray[T any] []T + +// internal alias to prevent recursion during marshalization. +type jsonArrayAlias[T any] JSONArray[T] + +// MarshalJSON implements the [json.Marshaler] interface. +func (m JSONArray[T]) MarshalJSON() ([]byte, error) { + // initialize an empty map to ensure that `[]` is returned as json + if m == nil { + m = JSONArray[T]{} + } + + return json.Marshal(jsonArrayAlias[T](m)) +} + +// String returns the string representation of the current json array. +func (m JSONArray[T]) String() string { + v, _ := m.MarshalJSON() + return string(v) +} + +// Value implements the [driver.Valuer] interface. +func (m JSONArray[T]) Value() (driver.Value, error) { + data, err := json.Marshal(m) + + return string(data), err +} + +// Scan implements [sql.Scanner] interface to scan the provided value +// into the current JSONArray[T] instance. +func (m *JSONArray[T]) Scan(value any) error { + var data []byte + switch v := value.(type) { + case nil: + // no cast needed + case []byte: + data = v + case string: + data = []byte(v) + default: + return fmt.Errorf("failed to unmarshal JSONArray value: %q", value) + } + + if len(data) == 0 { + data = []byte("[]") + } + + return json.Unmarshal(data, m) +} diff --git a/tools/types/json_array_test.go b/tools/types/json_array_test.go new file mode 100644 index 0000000..27aa16f --- /dev/null +++ b/tools/types/json_array_test.go @@ -0,0 +1,124 @@ +package types_test + +import ( + "database/sql/driver" + "encoding/json" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestJSONArrayMarshalJSON(t *testing.T) { + scenarios := []struct { + json json.Marshaler + expected string + }{ + {new(types.JSONArray[any]), "[]"}, + {types.JSONArray[any]{}, `[]`}, + {types.JSONArray[int]{1, 2, 3}, `[1,2,3]`}, + {types.JSONArray[string]{"test1", "test2", "test3"}, `["test1","test2","test3"]`}, + {types.JSONArray[any]{1, "test"}, `[1,"test"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.expected), func(t *testing.T) { + result, err := s.json.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + if string(result) != s.expected { + t.Fatalf("Expected %s, got %s", s.expected, result) + } + }) + } +} + +func TestJSONArrayString(t *testing.T) { + scenarios := []struct { + json fmt.Stringer + expected string + }{ + {new(types.JSONArray[any]), "[]"}, + {types.JSONArray[any]{}, `[]`}, + {types.JSONArray[int]{1, 2, 3}, `[1,2,3]`}, + {types.JSONArray[string]{"test1", "test2", "test3"}, `["test1","test2","test3"]`}, + {types.JSONArray[any]{1, "test"}, `[1,"test"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.expected), func(t *testing.T) { + result := s.json.String() + + if result != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, result) + } + }) + } +} + +func TestJSONArrayValue(t *testing.T) { + scenarios := []struct { + json driver.Valuer + expected driver.Value + }{ + {new(types.JSONArray[any]), `[]`}, + {types.JSONArray[any]{}, `[]`}, + {types.JSONArray[int]{1, 2, 3}, `[1,2,3]`}, + {types.JSONArray[string]{"test1", "test2", "test3"}, `["test1","test2","test3"]`}, + {types.JSONArray[any]{1, "test"}, `[1,"test"]`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.expected), func(t *testing.T) { + result, err := s.json.Value() + if err != nil { + t.Fatal(err) + } + + if result != s.expected { + t.Fatalf("Expected %s, got %#v", s.expected, result) + } + }) + } +} + +func TestJSONArrayScan(t *testing.T) { + scenarios := []struct { + value any + expectError bool + expectJSON string + }{ + {``, false, `[]`}, + {[]byte{}, false, `[]`}, + {nil, false, `[]`}, + {123, true, `[]`}, + {`""`, true, `[]`}, + {`invalid_json`, true, `[]`}, + {`"test"`, true, `[]`}, + {`1,2,3`, true, `[]`}, + {`[1, 2, 3`, true, `[]`}, + {`[1, 2, 3]`, false, `[1,2,3]`}, + {[]byte(`[1, 2, 3]`), false, `[1,2,3]`}, + {`[1, "test"]`, false, `[1,"test"]`}, + {`[]`, false, `[]`}, + } + + for i, s := range scenarios { + arr := types.JSONArray[any]{} + scanErr := arr.Scan(s.value) + + hasErr := scanErr != nil + if hasErr != s.expectError { + t.Errorf("(%d) Expected %v, got %v (%v)", i, s.expectError, hasErr, scanErr) + continue + } + + result, _ := arr.MarshalJSON() + + if string(result) != s.expectJSON { + t.Errorf("(%d) Expected %s, got %v", i, s.expectJSON, string(result)) + } + } +} diff --git a/tools/types/json_map.go b/tools/types/json_map.go new file mode 100644 index 0000000..87b0fc8 --- /dev/null +++ b/tools/types/json_map.go @@ -0,0 +1,73 @@ +package types + +import ( + "database/sql/driver" + "encoding/json" + "fmt" +) + +// JSONMap defines a map that is safe for json and db read/write. +type JSONMap[T any] map[string]T + +// MarshalJSON implements the [json.Marshaler] interface. +func (m JSONMap[T]) MarshalJSON() ([]byte, error) { + type alias JSONMap[T] // prevent recursion + + // initialize an empty map to ensure that `{}` is returned as json + if m == nil { + m = JSONMap[T]{} + } + + return json.Marshal(alias(m)) +} + +// String returns the string representation of the current json map. +func (m JSONMap[T]) String() string { + v, _ := m.MarshalJSON() + return string(v) +} + +// Get retrieves a single value from the current JSONMap[T]. +// +// This helper was added primarily to assist the goja integration since custom map types +// don't have direct access to the map keys (https://pkg.go.dev/github.com/dop251/goja#hdr-Maps_with_methods). +func (m JSONMap[T]) Get(key string) T { + return m[key] +} + +// Set sets a single value in the current JSONMap[T]. +// +// This helper was added primarily to assist the goja integration since custom map types +// don't have direct access to the map keys (https://pkg.go.dev/github.com/dop251/goja#hdr-Maps_with_methods). +func (m JSONMap[T]) Set(key string, value T) { + m[key] = value +} + +// Value implements the [driver.Valuer] interface. +func (m JSONMap[T]) Value() (driver.Value, error) { + data, err := json.Marshal(m) + + return string(data), err +} + +// Scan implements [sql.Scanner] interface to scan the provided value +// into the current JSONMap[T] instance. +func (m *JSONMap[T]) Scan(value any) error { + var data []byte + switch v := value.(type) { + case nil: + // no cast needed + case []byte: + data = v + case string: + data = []byte(v) + default: + return fmt.Errorf("failed to unmarshal JSONMap[T] value: %q", value) + } + + if len(data) == 0 { + data = []byte("{}") + } + + return json.Unmarshal(data, m) +} diff --git a/tools/types/json_map_test.go b/tools/types/json_map_test.go new file mode 100644 index 0000000..56ea95a --- /dev/null +++ b/tools/types/json_map_test.go @@ -0,0 +1,164 @@ +package types_test + +import ( + "database/sql/driver" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestJSONMapMarshalJSON(t *testing.T) { + scenarios := []struct { + json types.JSONMap[any] + expected string + }{ + {nil, "{}"}, + {types.JSONMap[any]{}, `{}`}, + {types.JSONMap[any]{"test1": 123, "test2": "lorem"}, `{"test1":123,"test2":"lorem"}`}, + {types.JSONMap[any]{"test": []int{1, 2, 3}}, `{"test":[1,2,3]}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.expected), func(t *testing.T) { + result, err := s.json.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + if string(result) != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, result) + } + }) + } +} + +func TestJSONMapMarshalString(t *testing.T) { + scenarios := []struct { + json types.JSONMap[any] + expected string + }{ + {nil, "{}"}, + {types.JSONMap[any]{}, `{}`}, + {types.JSONMap[any]{"test1": 123, "test2": "lorem"}, `{"test1":123,"test2":"lorem"}`}, + {types.JSONMap[any]{"test": []int{1, 2, 3}}, `{"test":[1,2,3]}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.expected), func(t *testing.T) { + result := s.json.String() + + if result != s.expected { + t.Fatalf("Expected\n%s\ngot\n%s", s.expected, result) + } + }) + } +} + +func TestJSONMapGet(t *testing.T) { + scenarios := []struct { + json types.JSONMap[any] + key string + expected any + }{ + {nil, "test", nil}, + {types.JSONMap[any]{"test": 123}, "test", 123}, + {types.JSONMap[any]{"test": 123}, "missing", nil}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.key), func(t *testing.T) { + result := s.json.Get(s.key) + if result != s.expected { + t.Fatalf("Expected %s, got %#v", s.expected, result) + } + }) + } +} + +func TestJSONMapSet(t *testing.T) { + scenarios := []struct { + key string + value any + }{ + {"a", nil}, + {"a", 123}, + {"b", "test"}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.key), func(t *testing.T) { + j := types.JSONMap[any]{} + + j.Set(s.key, s.value) + + if v := j[s.key]; v != s.value { + t.Fatalf("Expected %s, got %#v", s.value, v) + } + }) + } +} + +func TestJSONMapValue(t *testing.T) { + scenarios := []struct { + json types.JSONMap[any] + expected driver.Value + }{ + {nil, `{}`}, + {types.JSONMap[any]{}, `{}`}, + {types.JSONMap[any]{"test1": 123, "test2": "lorem"}, `{"test1":123,"test2":"lorem"}`}, + {types.JSONMap[any]{"test": []int{1, 2, 3}}, `{"test":[1,2,3]}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.expected), func(t *testing.T) { + result, err := s.json.Value() + if err != nil { + t.Fatal(err) + } + + if result != s.expected { + t.Fatalf("Expected %s, got %#v", s.expected, result) + } + }) + } +} + +func TestJSONArrayMapScan(t *testing.T) { + scenarios := []struct { + value any + expectError bool + expectJSON string + }{ + {``, false, `{}`}, + {nil, false, `{}`}, + {[]byte{}, false, `{}`}, + {`{}`, false, `{}`}, + {123, true, `{}`}, + {`""`, true, `{}`}, + {`invalid_json`, true, `{}`}, + {`"test"`, true, `{}`}, + {`1,2,3`, true, `{}`}, + {`{"test": 1`, true, `{}`}, + {`{"test": 1}`, false, `{"test":1}`}, + {[]byte(`{"test": 1}`), false, `{"test":1}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + arr := types.JSONMap[any]{} + scanErr := arr.Scan(s.value) + + hasErr := scanErr != nil + if hasErr != s.expectError { + t.Fatalf("Expected %v, got %v (%v)", s.expectError, hasErr, scanErr) + } + + result, _ := arr.MarshalJSON() + + if string(result) != s.expectJSON { + t.Fatalf("Expected %s, got %s", s.expectJSON, result) + } + }) + } +} diff --git a/tools/types/json_raw.go b/tools/types/json_raw.go new file mode 100644 index 0000000..8ed58c2 --- /dev/null +++ b/tools/types/json_raw.go @@ -0,0 +1,84 @@ +package types + +import ( + "database/sql/driver" + "encoding/json" + "errors" +) + +// JSONRaw defines a json value type that is safe for db read/write. +type JSONRaw []byte + +// ParseJSONRaw creates a new JSONRaw instance from the provided value +// (could be JSONRaw, int, float, string, []byte, etc.). +func ParseJSONRaw(value any) (JSONRaw, error) { + result := JSONRaw{} + err := result.Scan(value) + return result, err +} + +// String returns the current JSONRaw instance as a json encoded string. +func (j JSONRaw) String() string { + raw, _ := j.MarshalJSON() + return string(raw) +} + +// MarshalJSON implements the [json.Marshaler] interface. +func (j JSONRaw) MarshalJSON() ([]byte, error) { + if len(j) == 0 { + return []byte("null"), nil + } + + return j, nil +} + +// UnmarshalJSON implements the [json.Unmarshaler] interface. +func (j *JSONRaw) UnmarshalJSON(b []byte) error { + if j == nil { + return errors.New("JSONRaw: UnmarshalJSON on nil pointer") + } + + *j = append((*j)[0:0], b...) + + return nil +} + +// Value implements the [driver.Valuer] interface. +func (j JSONRaw) Value() (driver.Value, error) { + if len(j) == 0 { + return nil, nil + } + + return j.String(), nil +} + +// Scan implements [sql.Scanner] interface to scan the provided value +// into the current JSONRaw instance. +func (j *JSONRaw) Scan(value any) error { + var data []byte + + switch v := value.(type) { + case nil: + // no cast is needed + case []byte: + if len(v) != 0 { + data = v + } + case string: + if v != "" { + data = []byte(v) + } + case JSONRaw: + if len(v) != 0 { + data = []byte(v) + } + default: + bytes, err := json.Marshal(v) + if err != nil { + return err + } + data = bytes + } + + return j.UnmarshalJSON(data) +} diff --git a/tools/types/json_raw_test.go b/tools/types/json_raw_test.go new file mode 100644 index 0000000..31c8eb2 --- /dev/null +++ b/tools/types/json_raw_test.go @@ -0,0 +1,189 @@ +package types_test + +import ( + "database/sql/driver" + "fmt" + "testing" + + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestParseJSONRaw(t *testing.T) { + scenarios := []struct { + value any + expectError bool + expectJSON string + }{ + {nil, false, `null`}, + {``, false, `null`}, + {[]byte{}, false, `null`}, + {types.JSONRaw{}, false, `null`}, + {`{}`, false, `{}`}, + {`[]`, false, `[]`}, + {123, false, `123`}, + {`""`, false, `""`}, + {`test`, false, `test`}, + {`{"invalid"`, false, `{"invalid"`}, // treated as a byte casted string + {`{"test":1}`, false, `{"test":1}`}, + {[]byte(`[1,2,3]`), false, `[1,2,3]`}, + {[]int{1, 2, 3}, false, `[1,2,3]`}, + {map[string]int{"test": 1}, false, `{"test":1}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + raw, parseErr := types.ParseJSONRaw(s.value) + + hasErr := parseErr != nil + if hasErr != s.expectError { + t.Fatalf("Expected %v, got %v (%v)", s.expectError, hasErr, parseErr) + } + + result, _ := raw.MarshalJSON() + + if string(result) != s.expectJSON { + t.Fatalf("Expected %s, got %s", s.expectJSON, string(result)) + } + }) + } +} + +func TestJSONRawString(t *testing.T) { + scenarios := []struct { + json types.JSONRaw + expected string + }{ + {nil, `null`}, + {types.JSONRaw{}, `null`}, + {types.JSONRaw([]byte(`123`)), `123`}, + {types.JSONRaw(`{"demo":123}`), `{"demo":123}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.expected), func(t *testing.T) { + result := s.json.String() + if result != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, result) + } + }) + } +} + +func TestJSONRawMarshalJSON(t *testing.T) { + scenarios := []struct { + json types.JSONRaw + expected string + }{ + {nil, `null`}, + {types.JSONRaw{}, `null`}, + {types.JSONRaw([]byte(`123`)), `123`}, + {types.JSONRaw(`{"demo":123}`), `{"demo":123}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.expected), func(t *testing.T) { + result, err := s.json.MarshalJSON() + if err != nil { + t.Fatal(err) + } + + if string(result) != s.expected { + t.Fatalf("Expected %q, got %q", s.expected, string(result)) + } + }) + } +} + +func TestJSONRawUnmarshalJSON(t *testing.T) { + scenarios := []struct { + json []byte + expectString string + }{ + {nil, `null`}, + {[]byte{0, 1, 2}, "\x00\x01\x02"}, + {[]byte("123"), "123"}, + {[]byte("test"), "test"}, + {[]byte(`{"test":123}`), `{"test":123}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%s", i, s.expectString), func(t *testing.T) { + raw := types.JSONRaw{} + + err := raw.UnmarshalJSON(s.json) + if err != nil { + t.Fatal(err) + } + + if raw.String() != s.expectString { + t.Fatalf("Expected %q, got %q", s.expectString, raw.String()) + } + }) + } +} + +func TestJSONRawValue(t *testing.T) { + scenarios := []struct { + json types.JSONRaw + expected driver.Value + }{ + {nil, nil}, + {types.JSONRaw{}, nil}, + {types.JSONRaw(``), nil}, + {types.JSONRaw(`test`), `test`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.json), func(t *testing.T) { + result, err := s.json.Value() + if err != nil { + t.Fatal(err) + } + + if result != s.expected { + t.Fatalf("Expected %s, got %v", s.expected, result) + } + }) + } +} + +func TestJSONRawScan(t *testing.T) { + scenarios := []struct { + value any + expectError bool + expectJSON string + }{ + {nil, false, `null`}, + {``, false, `null`}, + {[]byte{}, false, `null`}, + {types.JSONRaw{}, false, `null`}, + {types.JSONRaw(`test`), false, `test`}, + {`{}`, false, `{}`}, + {`[]`, false, `[]`}, + {123, false, `123`}, + {`""`, false, `""`}, + {`test`, false, `test`}, + {`{"invalid"`, false, `{"invalid"`}, // treated as a byte casted string + {`{"test":1}`, false, `{"test":1}`}, + {[]byte(`[1,2,3]`), false, `[1,2,3]`}, + {[]int{1, 2, 3}, false, `[1,2,3]`}, + {map[string]int{"test": 1}, false, `{"test":1}`}, + } + + for i, s := range scenarios { + t.Run(fmt.Sprintf("%d_%#v", i, s.value), func(t *testing.T) { + raw := types.JSONRaw{} + scanErr := raw.Scan(s.value) + hasErr := scanErr != nil + if hasErr != s.expectError { + t.Fatalf("Expected %v, got %v (%v)", s.expectError, hasErr, scanErr) + } + + result, _ := raw.MarshalJSON() + + if string(result) != s.expectJSON { + t.Fatalf("Expected %s, got %v", s.expectJSON, string(result)) + } + }) + } +} diff --git a/tools/types/types.go b/tools/types/types.go new file mode 100644 index 0000000..c07d805 --- /dev/null +++ b/tools/types/types.go @@ -0,0 +1,8 @@ +// Package types implements some commonly used db serializable types +// like datetime, json, etc. +package types + +// Pointer is a generic helper that returns val as *T. +func Pointer[T any](val T) *T { + return &val +} diff --git a/tools/types/types_test.go b/tools/types/types_test.go new file mode 100644 index 0000000..615ac4c --- /dev/null +++ b/tools/types/types_test.go @@ -0,0 +1,24 @@ +package types_test + +import ( + "testing" + + "github.com/pocketbase/pocketbase/tools/types" +) + +func TestPointer(t *testing.T) { + s1 := types.Pointer("") + if s1 == nil || *s1 != "" { + t.Fatalf("Expected empty string pointer, got %#v", s1) + } + + s2 := types.Pointer("test") + if s2 == nil || *s2 != "test" { + t.Fatalf("Expected 'test' string pointer, got %#v", s2) + } + + s3 := types.Pointer(123) + if s3 == nil || *s3 != 123 { + t.Fatalf("Expected 123 string pointer, got %#v", s3) + } +} diff --git a/ui/.env b/ui/.env new file mode 100644 index 0000000..f1f9012 --- /dev/null +++ b/ui/.env @@ -0,0 +1,12 @@ +# all environments should start with 'PB_' prefix +PB_BACKEND_URL = "../" +PB_MFA_DOCS = "https://pocketbase.io/docs/authentication#multi-factor-authentication" +PB_OAUTH2_EXAMPLE = "https://pocketbase.io/docs/authentication#authenticate-with-oauth2" +PB_RULES_SYNTAX_DOCS = "https://pocketbase.io/docs/api-rules-and-filters" +PB_FILE_UPLOAD_DOCS = "https://pocketbase.io/docs/files-handling" +PB_PROTECTED_FILE_DOCS = "https://pocketbase.io/docs/files-handling#protected-files" +PB_DOCS_URL = "https://pocketbase.io/docs" +PB_JS_SDK_URL = "https://github.com/pocketbase/js-sdk" +PB_DART_SDK_URL = "https://github.com/pocketbase/dart-sdk" +PB_RELEASES = "https://github.com/pocketbase/pocketbase/releases" +PB_VERSION = "v0.28.1" diff --git a/ui/.env.development b/ui/.env.development new file mode 100644 index 0000000..d00088b --- /dev/null +++ b/ui/.env.development @@ -0,0 +1 @@ +PB_BACKEND_URL = "http://127.0.0.1:8090" diff --git a/ui/.gitignore b/ui/.gitignore new file mode 100644 index 0000000..631b5f8 --- /dev/null +++ b/ui/.gitignore @@ -0,0 +1,7 @@ +/node_modules/ +/.vscode/ +.DS_Store + +# exclude local env files +.env.local +.env.*.local diff --git a/ui/README.md b/ui/README.md new file mode 100644 index 0000000..854eea8 --- /dev/null +++ b/ui/README.md @@ -0,0 +1,22 @@ +PocketBase Superuser dashboard UI +====================================================================== + +This is the PocketBase Superuser dashboard UI (built with Svelte and Vite). + +Although it could be used independently, it is mainly intended to be embedded +as part of a PocketBase app executable (hence the `embed.go` file). + +## Development + +Download the repo and run the appropriate console commands: + +```sh +# install dependencies +npm install + +# start a dev server with hot reload at localhost:3000 +npm run dev + +# or generate production ready bundle in dist/ directory +npm run build +``` diff --git a/ui/dist/assets/AuthMethodsDocs-kTmmvbiv.js b/ui/dist/assets/AuthMethodsDocs-kTmmvbiv.js new file mode 100644 index 0000000..989a303 --- /dev/null +++ b/ui/dist/assets/AuthMethodsDocs-kTmmvbiv.js @@ -0,0 +1,39 @@ +import{S as Ce,i as Be,s as Te,V as Le,X as J,h as u,d as ae,t as Q,a as G,I as N,Z as we,_ as Se,C as De,$ as Re,D as Ue,l as d,n as a,m as ne,u as c,A as y,v as k,c as ie,w as h,p as oe,J as je,k as O,o as qe,W as Ee}from"./index-BH0nlDnw.js";import{F as Fe}from"./FieldsQueryParam-DQVKTiQb.js";function ye(n,s,l){const o=n.slice();return o[8]=s[l],o}function Me(n,s,l){const o=n.slice();return o[8]=s[l],o}function Ae(n,s){let l,o=s[8].code+"",p,b,i,f;function m(){return s[6](s[8])}return{key:n,first:null,c(){l=c("button"),p=y(o),b=k(),h(l,"class","tab-item"),O(l,"active",s[1]===s[8].code),this.first=l},m(v,$){d(v,l,$),a(l,p),a(l,b),i||(f=qe(l,"click",m),i=!0)},p(v,$){s=v,$&4&&o!==(o=s[8].code+"")&&N(p,o),$&6&&O(l,"active",s[1]===s[8].code)},d(v){v&&u(l),i=!1,f()}}}function Pe(n,s){let l,o,p,b;return o=new Ee({props:{content:s[8].body}}),{key:n,first:null,c(){l=c("div"),ie(o.$$.fragment),p=k(),h(l,"class","tab-item"),O(l,"active",s[1]===s[8].code),this.first=l},m(i,f){d(i,l,f),ne(o,l,null),a(l,p),b=!0},p(i,f){s=i;const m={};f&4&&(m.content=s[8].body),o.$set(m),(!b||f&6)&&O(l,"active",s[1]===s[8].code)},i(i){b||(G(o.$$.fragment,i),b=!0)},o(i){Q(o.$$.fragment,i),b=!1},d(i){i&&u(l),ae(o)}}}function He(n){var ke,ge;let s,l,o=n[0].name+"",p,b,i,f,m,v,$,g=n[0].name+"",V,ce,W,M,X,L,Z,A,E,re,F,S,ue,z,H=n[0].name+"",K,de,Y,D,x,P,ee,fe,te,T,le,R,se,C,U,w=[],me=new Map,pe,j,_=[],be=new Map,B;M=new Le({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${n[3]}'); + + ... + + const result = await pb.collection('${(ke=n[0])==null?void 0:ke.name}').listAuthMethods(); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${n[3]}'); + + ... + + final result = await pb.collection('${(ge=n[0])==null?void 0:ge.name}').listAuthMethods(); + `}}),T=new Fe({});let I=J(n[2]);const he=e=>e[8].code;for(let e=0;ee[8].code;for(let e=0;eParam Type Description',fe=k(),te=c("tbody"),ie(T.$$.fragment),le=k(),R=c("div"),R.textContent="Responses",se=k(),C=c("div"),U=c("div");for(let e=0;el(1,b=g.code);return n.$$set=g=>{"collection"in g&&l(0,p=g.collection)},n.$$.update=()=>{n.$$.dirty&48&&l(2,i=[{code:200,body:m?"...":JSON.stringify(f,null,2)},{code:404,body:` + { + "status": 404, + "message": "Missing collection context.", + "data": {} + } + `}])},l(3,o=je.getApiExampleUrl(oe.baseURL)),[p,b,i,o,f,m,$]}class Ge extends Ce{constructor(s){super(),Be(this,s,Ie,He,Te,{collection:0})}}export{Ge as default}; diff --git a/ui/dist/assets/AuthRefreshDocs-CN-JUWQG.js b/ui/dist/assets/AuthRefreshDocs-CN-JUWQG.js new file mode 100644 index 0000000..492d6a4 --- /dev/null +++ b/ui/dist/assets/AuthRefreshDocs-CN-JUWQG.js @@ -0,0 +1,79 @@ +import{S as je,i as xe,s as Ie,V as Ke,W as Ue,X as I,h as d,d as K,t as E,a as z,I as de,Z as Oe,_ as Qe,C as We,$ as Xe,D as Ze,l as u,n as o,m as Q,u as s,A as k,v as p,c as W,w as b,J as Ve,p as Ge,k as X,o as Ye}from"./index-BH0nlDnw.js";import{F as et}from"./FieldsQueryParam-DQVKTiQb.js";function Ee(r,a,l){const n=r.slice();return n[5]=a[l],n}function ze(r,a,l){const n=r.slice();return n[5]=a[l],n}function Je(r,a){let l,n=a[5].code+"",m,_,i,h;function g(){return a[4](a[5])}return{key:r,first:null,c(){l=s("button"),m=k(n),_=p(),b(l,"class","tab-item"),X(l,"active",a[1]===a[5].code),this.first=l},m(v,w){u(v,l,w),o(l,m),o(l,_),i||(h=Ye(l,"click",g),i=!0)},p(v,w){a=v,w&4&&n!==(n=a[5].code+"")&&de(m,n),w&6&&X(l,"active",a[1]===a[5].code)},d(v){v&&d(l),i=!1,h()}}}function Ne(r,a){let l,n,m,_;return n=new Ue({props:{content:a[5].body}}),{key:r,first:null,c(){l=s("div"),W(n.$$.fragment),m=p(),b(l,"class","tab-item"),X(l,"active",a[1]===a[5].code),this.first=l},m(i,h){u(i,l,h),Q(n,l,null),o(l,m),_=!0},p(i,h){a=i;const g={};h&4&&(g.content=a[5].body),n.$set(g),(!_||h&6)&&X(l,"active",a[1]===a[5].code)},i(i){_||(z(n.$$.fragment,i),_=!0)},o(i){E(n.$$.fragment,i),_=!1},d(i){i&&d(l),K(n)}}}function tt(r){var qe,Fe;let a,l,n=r[0].name+"",m,_,i,h,g,v,w,D,Z,S,J,ue,N,M,pe,G,U=r[0].name+"",Y,he,fe,j,ee,q,te,T,oe,be,F,C,ae,me,le,_e,f,ke,P,ge,ve,$e,se,ye,ne,Se,we,Te,re,Ce,Re,A,ie,H,ce,R,L,y=[],Pe=new Map,Ae,O,$=[],Be=new Map,B;v=new Ke({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${r[3]}'); + + ... + + const authData = await pb.collection('${(qe=r[0])==null?void 0:qe.name}').authRefresh(); + + // after the above you can also access the refreshed auth data from the authStore + console.log(pb.authStore.isValid); + console.log(pb.authStore.token); + console.log(pb.authStore.record.id); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${r[3]}'); + + ... + + final authData = await pb.collection('${(Fe=r[0])==null?void 0:Fe.name}').authRefresh(); + + // after the above you can also access the refreshed auth data from the authStore + print(pb.authStore.isValid); + print(pb.authStore.token); + print(pb.authStore.record.id); + `}}),P=new Ue({props:{content:"?expand=relField1,relField2.subRelField"}}),A=new et({props:{prefix:"record."}});let x=I(r[2]);const De=e=>e[5].code;for(let e=0;ee[5].code;for(let e=0;eReturns a new auth response (token and record data) for an + already authenticated record.

    This method is usually called by users on page/screen reload to ensure that the previously stored data + in pb.authStore is still valid and up-to-date.

    `,g=p(),W(v.$$.fragment),w=p(),D=s("h6"),D.textContent="API details",Z=p(),S=s("div"),J=s("strong"),J.textContent="POST",ue=p(),N=s("div"),M=s("p"),pe=k("/api/collections/"),G=s("strong"),Y=k(U),he=k("/auth-refresh"),fe=p(),j=s("p"),j.innerHTML="Requires Authorization:TOKEN header",ee=p(),q=s("div"),q.textContent="Query parameters",te=p(),T=s("table"),oe=s("thead"),oe.innerHTML='Param Type Description',be=p(),F=s("tbody"),C=s("tr"),ae=s("td"),ae.textContent="expand",me=p(),le=s("td"),le.innerHTML='String',_e=p(),f=s("td"),ke=k(`Auto expand record relations. Ex.: + `),W(P.$$.fragment),ge=k(` + Supports up to 6-levels depth nested relations expansion. `),ve=s("br"),$e=k(` + The expanded relations will be appended to the record under the + `),se=s("code"),se.textContent="expand",ye=k(" property (eg. "),ne=s("code"),ne.textContent='"expand": {"relField1": {...}, ...}',Se=k(`). + `),we=s("br"),Te=k(` + Only the relations to which the request user has permissions to `),re=s("strong"),re.textContent="view",Ce=k(" will be expanded."),Re=p(),W(A.$$.fragment),ie=p(),H=s("div"),H.textContent="Responses",ce=p(),R=s("div"),L=s("div");for(let e=0;el(1,_=g.code);return r.$$set=g=>{"collection"in g&&l(0,m=g.collection)},r.$$.update=()=>{r.$$.dirty&1&&l(2,i=[{code:200,body:JSON.stringify({token:"JWT_TOKEN",record:Ve.dummyCollectionRecord(m)},null,2)},{code:401,body:` + { + "status": 401, + "message": "The request requires valid record authorization token to be set.", + "data": {} + } + `},{code:403,body:` + { + "status": 403, + "message": "The authorized record model is not allowed to perform this action.", + "data": {} + } + `},{code:404,body:` + { + "status": 404, + "message": "Missing auth record context.", + "data": {} + } + `}])},l(3,n=Ve.getApiExampleUrl(Ge.baseURL)),[m,_,i,n,h]}class st extends je{constructor(a){super(),xe(this,a,ot,tt,Ie,{collection:0})}}export{st as default}; diff --git a/ui/dist/assets/AuthWithOAuth2Docs-DR-QIR8o.js b/ui/dist/assets/AuthWithOAuth2Docs-DR-QIR8o.js new file mode 100644 index 0000000..4b085c5 --- /dev/null +++ b/ui/dist/assets/AuthWithOAuth2Docs-DR-QIR8o.js @@ -0,0 +1,117 @@ +import{S as Je,i as xe,s as Ee,V as Ne,W as je,X as Q,h as r,d as Z,t as j,a as J,I as pe,Z as Ue,_ as Ie,C as Qe,$ as Ze,D as ze,l as c,n as a,m as z,u as o,A as _,v as h,c as K,w as p,J as Be,p as Ke,k as X,o as Xe}from"./index-BH0nlDnw.js";import{F as Ge}from"./FieldsQueryParam-DQVKTiQb.js";function Fe(s,l,n){const i=s.slice();return i[5]=l[n],i}function Le(s,l,n){const i=s.slice();return i[5]=l[n],i}function He(s,l){let n,i=l[5].code+"",f,g,d,b;function k(){return l[4](l[5])}return{key:s,first:null,c(){n=o("button"),f=_(i),g=h(),p(n,"class","tab-item"),X(n,"active",l[1]===l[5].code),this.first=n},m(v,O){c(v,n,O),a(n,f),a(n,g),d||(b=Xe(n,"click",k),d=!0)},p(v,O){l=v,O&4&&i!==(i=l[5].code+"")&&pe(f,i),O&6&&X(n,"active",l[1]===l[5].code)},d(v){v&&r(n),d=!1,b()}}}function Ve(s,l){let n,i,f,g;return i=new je({props:{content:l[5].body}}),{key:s,first:null,c(){n=o("div"),K(i.$$.fragment),f=h(),p(n,"class","tab-item"),X(n,"active",l[1]===l[5].code),this.first=n},m(d,b){c(d,n,b),z(i,n,null),a(n,f),g=!0},p(d,b){l=d;const k={};b&4&&(k.content=l[5].body),i.$set(k),(!g||b&6)&&X(n,"active",l[1]===l[5].code)},i(d){g||(J(i.$$.fragment,d),g=!0)},o(d){j(i.$$.fragment,d),g=!1},d(d){d&&r(n),Z(i)}}}function Ye(s){let l,n,i=s[0].name+"",f,g,d,b,k,v,O,R,G,A,x,be,E,P,me,Y,N=s[0].name+"",ee,fe,te,M,ae,W,le,U,ne,y,oe,ge,B,S,se,_e,ie,ke,m,ve,C,we,$e,Oe,re,Ae,ce,ye,Se,Te,de,Ce,qe,q,ue,F,he,T,L,$=[],De=new Map,Re,H,w=[],Pe=new Map,D;v=new Ne({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${s[3]}'); + + ... + + // OAuth2 authentication with a single realtime call. + // + // Make sure to register ${s[3]}/api/oauth2-redirect as redirect url. + const authData = await pb.collection('${s[0].name}').authWithOAuth2({ provider: 'google' }); + + // OR authenticate with manual OAuth2 code exchange + // const authData = await pb.collection('${s[0].name}').authWithOAuth2Code(...); + + // after the above you can also access the auth data from the authStore + console.log(pb.authStore.isValid); + console.log(pb.authStore.token); + console.log(pb.authStore.record.id); + + // "logout" + pb.authStore.clear(); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + import 'package:url_launcher/url_launcher.dart'; + + final pb = PocketBase('${s[3]}'); + + ... + + // OAuth2 authentication with a single realtime call. + // + // Make sure to register ${s[3]}/api/oauth2-redirect as redirect url. + final authData = await pb.collection('${s[0].name}').authWithOAuth2('google', (url) async { + await launchUrl(url); + }); + + // OR authenticate with manual OAuth2 code exchange + // final authData = await pb.collection('${s[0].name}').authWithOAuth2Code(...); + + // after the above you can also access the auth data from the authStore + print(pb.authStore.isValid); + print(pb.authStore.token); + print(pb.authStore.record.id); + + // "logout" + pb.authStore.clear(); + `}}),C=new je({props:{content:"?expand=relField1,relField2.subRelField"}}),q=new Ge({props:{prefix:"record."}});let I=Q(s[2]);const Me=e=>e[5].code;for(let e=0;ee[5].code;for(let e=0;eAuthenticate with an OAuth2 provider and returns a new auth token and record data.

    For more details please check the + OAuth2 integration documentation + .

    `,k=h(),K(v.$$.fragment),O=h(),R=o("h6"),R.textContent="API details",G=h(),A=o("div"),x=o("strong"),x.textContent="POST",be=h(),E=o("div"),P=o("p"),me=_("/api/collections/"),Y=o("strong"),ee=_(N),fe=_("/auth-with-oauth2"),te=h(),M=o("div"),M.textContent="Body Parameters",ae=h(),W=o("table"),W.innerHTML=`Param Type Description
    Required provider
    String The name of the OAuth2 client provider (eg. "google").
    Required code
    String The authorization code returned from the initial request.
    Required codeVerifier
    String The code verifier sent with the initial request as part of the code_challenge.
    Required redirectURL
    String The redirect url sent with the initial request.
    Optional createData
    Object

    Optional data that will be used when creating the auth record on OAuth2 sign-up.

    The created auth record must comply with the same requirements and validations in the + regular create action. +
    The data can only be in json, aka. multipart/form-data and files + upload currently are not supported during OAuth2 sign-ups.

    `,le=h(),U=o("div"),U.textContent="Query parameters",ne=h(),y=o("table"),oe=o("thead"),oe.innerHTML='Param Type Description',ge=h(),B=o("tbody"),S=o("tr"),se=o("td"),se.textContent="expand",_e=h(),ie=o("td"),ie.innerHTML='String',ke=h(),m=o("td"),ve=_(`Auto expand record relations. Ex.: + `),K(C.$$.fragment),we=_(` + Supports up to 6-levels depth nested relations expansion. `),$e=o("br"),Oe=_(` + The expanded relations will be appended to the record under the + `),re=o("code"),re.textContent="expand",Ae=_(" property (eg. "),ce=o("code"),ce.textContent='"expand": {"relField1": {...}, ...}',ye=_(`). + `),Se=o("br"),Te=_(` + Only the relations to which the request user has permissions to `),de=o("strong"),de.textContent="view",Ce=_(" will be expanded."),qe=h(),K(q.$$.fragment),ue=h(),F=o("div"),F.textContent="Responses",he=h(),T=o("div"),L=o("div");for(let e=0;e<$.length;e+=1)$[e].c();Re=h(),H=o("div");for(let e=0;en(1,g=k.code);return s.$$set=k=>{"collection"in k&&n(0,f=k.collection)},s.$$.update=()=>{s.$$.dirty&1&&n(2,d=[{code:200,body:JSON.stringify({token:"JWT_AUTH_TOKEN",record:Be.dummyCollectionRecord(f),meta:{id:"abc123",name:"John Doe",username:"john.doe",email:"test@example.com",avatarURL:"https://example.com/avatar.png",accessToken:"...",refreshToken:"...",expiry:"2022-01-01 10:00:00.123Z",isNew:!1,rawUser:{}}},null,2)},{code:400,body:` + { + "status": 400, + "message": "An error occurred while submitting the form.", + "data": { + "provider": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}])},n(3,i=Be.getApiExampleUrl(Ke.baseURL)),[f,g,d,i,b]}class lt extends Je{constructor(l){super(),xe(this,l,et,Ye,Ee,{collection:0})}}export{lt as default}; diff --git a/ui/dist/assets/AuthWithOtpDocs-Bf-89h5e.js b/ui/dist/assets/AuthWithOtpDocs-Bf-89h5e.js new file mode 100644 index 0000000..3c04a99 --- /dev/null +++ b/ui/dist/assets/AuthWithOtpDocs-Bf-89h5e.js @@ -0,0 +1,136 @@ +import{S as be,i as _e,s as ve,W as ge,X as V,h as b,d as x,t as j,a as J,I as ce,Z as de,_ as je,C as ue,$ as Qe,D as he,l as _,n as s,m as ee,u as d,v as T,A as R,c as te,w as g,J as ke,k as N,o as $e,V as Ke,Y as De,p as Xe,a0 as Me}from"./index-BH0nlDnw.js";import{F as Ze}from"./FieldsQueryParam-DQVKTiQb.js";function Be(a,t,e){const l=a.slice();return l[4]=t[e],l}function Ie(a,t,e){const l=a.slice();return l[4]=t[e],l}function We(a,t){let e,l=t[4].code+"",h,i,c,n;function m(){return t[3](t[4])}return{key:a,first:null,c(){e=d("button"),h=R(l),i=T(),g(e,"class","tab-item"),N(e,"active",t[1]===t[4].code),this.first=e},m(v,C){_(v,e,C),s(e,h),s(e,i),c||(n=$e(e,"click",m),c=!0)},p(v,C){t=v,C&4&&l!==(l=t[4].code+"")&&ce(h,l),C&6&&N(e,"active",t[1]===t[4].code)},d(v){v&&b(e),c=!1,n()}}}function Fe(a,t){let e,l,h,i;return l=new ge({props:{content:t[4].body}}),{key:a,first:null,c(){e=d("div"),te(l.$$.fragment),h=T(),g(e,"class","tab-item"),N(e,"active",t[1]===t[4].code),this.first=e},m(c,n){_(c,e,n),ee(l,e,null),s(e,h),i=!0},p(c,n){t=c;const m={};n&4&&(m.content=t[4].body),l.$set(m),(!i||n&6)&&N(e,"active",t[1]===t[4].code)},i(c){i||(J(l.$$.fragment,c),i=!0)},o(c){j(l.$$.fragment,c),i=!1},d(c){c&&b(e),x(l)}}}function ze(a){let t,e,l,h,i,c,n,m=a[0].name+"",v,C,F,B,I,D,Q,M,U,y,O,q,k,L,Y,A,X,E,o,$,P,z,u,p,S,w,Z,we,Te,Pe,pe,Oe,ye,le,fe,oe,me,G,ae,K=[],Se=new Map,qe,ne,H=[],Ce=new Map,se;P=new ge({props:{content:"?expand=relField1,relField2.subRelField"}}),le=new Ze({props:{prefix:"record."}});let re=V(a[2]);const Ae=r=>r[4].code;for(let r=0;rr[4].code;for(let r=0;rParam Type Description
    Required otpId
    String The id of the OTP request.
    Required password
    String The one-time password.',Q=T(),M=d("div"),M.textContent="Query parameters",U=T(),y=d("table"),O=d("thead"),O.innerHTML='Param Type Description',q=T(),k=d("tbody"),L=d("tr"),Y=d("td"),Y.textContent="expand",A=T(),X=d("td"),X.innerHTML='String',E=T(),o=d("td"),$=R(`Auto expand record relations. Ex.: + `),te(P.$$.fragment),z=R(` + Supports up to 6-levels depth nested relations expansion. `),u=d("br"),p=R(` + The expanded relations will be appended to the record under the + `),S=d("code"),S.textContent="expand",w=R(" property (eg. "),Z=d("code"),Z.textContent='"expand": {"relField1": {...}, ...}',we=R(`). + `),Te=d("br"),Pe=R(` + Only the relations to which the request user has permissions to `),pe=d("strong"),pe.textContent="view",Oe=R(" will be expanded."),ye=T(),te(le.$$.fragment),fe=T(),oe=d("div"),oe.textContent="Responses",me=T(),G=d("div"),ae=d("div");for(let r=0;re(1,h=n.code);return a.$$set=n=>{"collection"in n&&e(0,l=n.collection)},a.$$.update=()=>{a.$$.dirty&1&&e(2,i=[{code:200,body:JSON.stringify({token:"JWT_TOKEN",record:ke.dummyCollectionRecord(l)},null,2)},{code:400,body:` + { + "status": 400, + "message": "Failed to authenticate.", + "data": { + "otpId": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}])},[l,h,i,c]}class xe extends be{constructor(t){super(),_e(this,t,Ge,ze,ve,{collection:0})}}function Ue(a,t,e){const l=a.slice();return l[4]=t[e],l}function He(a,t,e){const l=a.slice();return l[4]=t[e],l}function Le(a,t){let e,l=t[4].code+"",h,i,c,n;function m(){return t[3](t[4])}return{key:a,first:null,c(){e=d("button"),h=R(l),i=T(),g(e,"class","tab-item"),N(e,"active",t[1]===t[4].code),this.first=e},m(v,C){_(v,e,C),s(e,h),s(e,i),c||(n=$e(e,"click",m),c=!0)},p(v,C){t=v,C&4&&l!==(l=t[4].code+"")&&ce(h,l),C&6&&N(e,"active",t[1]===t[4].code)},d(v){v&&b(e),c=!1,n()}}}function Ye(a,t){let e,l,h,i;return l=new ge({props:{content:t[4].body}}),{key:a,first:null,c(){e=d("div"),te(l.$$.fragment),h=T(),g(e,"class","tab-item"),N(e,"active",t[1]===t[4].code),this.first=e},m(c,n){_(c,e,n),ee(l,e,null),s(e,h),i=!0},p(c,n){t=c;const m={};n&4&&(m.content=t[4].body),l.$set(m),(!i||n&6)&&N(e,"active",t[1]===t[4].code)},i(c){i||(J(l.$$.fragment,c),i=!0)},o(c){j(l.$$.fragment,c),i=!1},d(c){c&&b(e),x(l)}}}function et(a){let t,e,l,h,i,c,n,m=a[0].name+"",v,C,F,B,I,D,Q,M,U,y,O,q=[],k=new Map,L,Y,A=[],X=new Map,E,o=V(a[2]);const $=u=>u[4].code;for(let u=0;uu[4].code;for(let u=0;uParam Type Description
    Required email
    String The auth record email address to send the OTP request (if exists).',Q=T(),M=d("div"),M.textContent="Responses",U=T(),y=d("div"),O=d("div");for(let u=0;ue(1,h=n.code);return a.$$set=n=>{"collection"in n&&e(0,l=n.collection)},e(2,i=[{code:200,body:JSON.stringify({otpId:ke.randomString(15)},null,2)},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "email": { + "code": "validation_is_email", + "message": "Must be a valid email address." + } + } + } + `},{code:429,body:` + { + "status": 429, + "message": "You've send too many OTP requests, please try again later.", + "data": {} + } + `}]),[l,h,i,c]}class lt extends be{constructor(t){super(),_e(this,t,tt,et,ve,{collection:0})}}function Ve(a,t,e){const l=a.slice();return l[5]=t[e],l[7]=e,l}function Je(a,t,e){const l=a.slice();return l[5]=t[e],l[7]=e,l}function Ne(a){let t,e,l,h,i;function c(){return a[4](a[7])}return{c(){t=d("button"),e=d("div"),e.textContent=`${a[5].title}`,l=T(),g(e,"class","txt"),g(t,"class","tab-item"),N(t,"active",a[1]==a[7])},m(n,m){_(n,t,m),s(t,e),s(t,l),h||(i=$e(t,"click",c),h=!0)},p(n,m){a=n,m&2&&N(t,"active",a[1]==a[7])},d(n){n&&b(t),h=!1,i()}}}function Ee(a){let t,e,l,h;var i=a[5].component;function c(n,m){return{props:{collection:n[0]}}}return i&&(e=Me(i,c(a))),{c(){t=d("div"),e&&te(e.$$.fragment),l=T(),g(t,"class","tab-item"),N(t,"active",a[1]==a[7])},m(n,m){_(n,t,m),e&&ee(e,t,null),s(t,l),h=!0},p(n,m){if(i!==(i=n[5].component)){if(e){ue();const v=e;j(v.$$.fragment,1,0,()=>{x(v,1)}),he()}i?(e=Me(i,c(n)),te(e.$$.fragment),J(e.$$.fragment,1),ee(e,t,l)):e=null}else if(i){const v={};m&1&&(v.collection=n[0]),e.$set(v)}(!h||m&2)&&N(t,"active",n[1]==n[7])},i(n){h||(e&&J(e.$$.fragment,n),h=!0)},o(n){e&&j(e.$$.fragment,n),h=!1},d(n){n&&b(t),e&&x(e)}}}function ot(a){var Y,A,X,E;let t,e,l=a[0].name+"",h,i,c,n,m,v,C,F,B,I,D,Q,M,U;v=new Ke({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${a[2]}'); + + ... + + // send OTP email to the provided auth record + const req = await pb.collection('${(Y=a[0])==null?void 0:Y.name}').requestOTP('test@example.com'); + + // ... show a screen/popup to enter the password from the email ... + + // authenticate with the requested OTP id and the email password + const authData = await pb.collection('${(A=a[0])==null?void 0:A.name}').authWithOTP( + req.otpId, + "YOUR_OTP", + ); + + // after the above you can also access the auth data from the authStore + console.log(pb.authStore.isValid); + console.log(pb.authStore.token); + console.log(pb.authStore.record.id); + + // "logout" + pb.authStore.clear(); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${a[2]}'); + + ... + + // send OTP email to the provided auth record + final req = await pb.collection('${(X=a[0])==null?void 0:X.name}').requestOTP('test@example.com'); + + // ... show a screen/popup to enter the password from the email ... + + // authenticate with the requested OTP id and the email password + final authData = await pb.collection('${(E=a[0])==null?void 0:E.name}').authWithOTP( + req.otpId, + "YOUR_OTP", + ); + + // after the above you can also access the auth data from the authStore + print(pb.authStore.isValid); + print(pb.authStore.token); + print(pb.authStore.record.id); + + // "logout" + pb.authStore.clear(); + `}});let y=V(a[3]),O=[];for(let o=0;oj(k[o],1,1,()=>{k[o]=null});return{c(){t=d("h3"),e=R("Auth with OTP ("),h=R(l),i=R(")"),c=T(),n=d("div"),n.innerHTML=`

    Authenticate with an one-time password (OTP).

    Note that when requesting an OTP we return an otpId even if a user with the provided email + doesn't exist as a very basic enumeration protection.

    `,m=T(),te(v.$$.fragment),C=T(),F=d("h6"),F.textContent="API details",B=T(),I=d("div"),D=d("div");for(let o=0;oe(1,c=m);return a.$$set=m=>{"collection"in m&&e(0,h=m.collection)},e(2,l=ke.getApiExampleUrl(Xe.baseURL)),[h,c,l,i,n]}class it extends be{constructor(t){super(),_e(this,t,at,ot,ve,{collection:0})}}export{it as default}; diff --git a/ui/dist/assets/AuthWithPasswordDocs-DDzkR56i.js b/ui/dist/assets/AuthWithPasswordDocs-DDzkR56i.js new file mode 100644 index 0000000..877919a --- /dev/null +++ b/ui/dist/assets/AuthWithPasswordDocs-DDzkR56i.js @@ -0,0 +1,96 @@ +import{S as kt,i as gt,s as vt,V as St,X as L,W as _t,h as c,d as ae,Y as wt,t as X,a as Z,I as z,Z as ct,_ as yt,C as $t,$ as Pt,D as Ct,l as d,n as t,m as oe,u as s,A as f,v as u,c as se,w as k,J as dt,p as Rt,k as ne,o as Ot}from"./index-BH0nlDnw.js";import{F as Tt}from"./FieldsQueryParam-DQVKTiQb.js";function pt(i,o,a){const n=i.slice();return n[7]=o[a],n}function ut(i,o,a){const n=i.slice();return n[7]=o[a],n}function ht(i,o,a){const n=i.slice();return n[12]=o[a],n[14]=a,n}function At(i){let o;return{c(){o=f("or")},m(a,n){d(a,o,n)},d(a){a&&c(o)}}}function bt(i){let o,a,n=i[12]+"",m,b=i[14]>0&&At();return{c(){b&&b.c(),o=u(),a=s("strong"),m=f(n)},m(r,h){b&&b.m(r,h),d(r,o,h),d(r,a,h),t(a,m)},p(r,h){h&2&&n!==(n=r[12]+"")&&z(m,n)},d(r){r&&(c(o),c(a)),b&&b.d(r)}}}function ft(i,o){let a,n=o[7].code+"",m,b,r,h;function g(){return o[6](o[7])}return{key:i,first:null,c(){a=s("button"),m=f(n),b=u(),k(a,"class","tab-item"),ne(a,"active",o[2]===o[7].code),this.first=a},m($,_){d($,a,_),t(a,m),t(a,b),r||(h=Ot(a,"click",g),r=!0)},p($,_){o=$,_&8&&n!==(n=o[7].code+"")&&z(m,n),_&12&&ne(a,"active",o[2]===o[7].code)},d($){$&&c(a),r=!1,h()}}}function mt(i,o){let a,n,m,b;return n=new _t({props:{content:o[7].body}}),{key:i,first:null,c(){a=s("div"),se(n.$$.fragment),m=u(),k(a,"class","tab-item"),ne(a,"active",o[2]===o[7].code),this.first=a},m(r,h){d(r,a,h),oe(n,a,null),t(a,m),b=!0},p(r,h){o=r;const g={};h&8&&(g.content=o[7].body),n.$set(g),(!b||h&12)&&ne(a,"active",o[2]===o[7].code)},i(r){b||(Z(n.$$.fragment,r),b=!0)},o(r){X(n.$$.fragment,r),b=!1},d(r){r&&c(a),ae(n)}}}function Dt(i){var ot,st;let o,a,n=i[0].name+"",m,b,r,h,g,$,_,G=i[1].join("/")+"",ie,De,re,We,ce,C,de,q,pe,R,x,Fe,ee,H,Me,ue,te=i[0].name+"",he,Ue,be,Y,fe,O,me,Be,j,T,_e,Le,ke,qe,V,ge,He,ve,Se,E,we,A,ye,Ye,N,D,$e,je,Pe,Ve,v,Ee,M,Ne,Ie,Je,Ce,Qe,Re,Ke,Xe,Ze,Oe,ze,Ge,U,Te,I,Ae,W,J,P=[],xe=new Map,et,Q,w=[],tt=new Map,F;C=new St({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${i[5]}'); + + ... + + const authData = await pb.collection('${(ot=i[0])==null?void 0:ot.name}').authWithPassword( + '${i[4]}', + 'YOUR_PASSWORD', + ); + + // after the above you can also access the auth data from the authStore + console.log(pb.authStore.isValid); + console.log(pb.authStore.token); + console.log(pb.authStore.record.id); + + // "logout" + pb.authStore.clear(); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${i[5]}'); + + ... + + final authData = await pb.collection('${(st=i[0])==null?void 0:st.name}').authWithPassword( + '${i[4]}', + 'YOUR_PASSWORD', + ); + + // after the above you can also access the auth data from the authStore + print(pb.authStore.isValid); + print(pb.authStore.token); + print(pb.authStore.record.id); + + // "logout" + pb.authStore.clear(); + `}});let B=L(i[1]),S=[];for(let e=0;ee[7].code;for(let e=0;ee[7].code;for(let e=0;eParam Type Description',Be=u(),j=s("tbody"),T=s("tr"),_e=s("td"),_e.innerHTML='
    Required identity
    ',Le=u(),ke=s("td"),ke.innerHTML='String',qe=u(),V=s("td");for(let e=0;e
    Required password
    String The auth record password.',Se=u(),E=s("div"),E.textContent="Query parameters",we=u(),A=s("table"),ye=s("thead"),ye.innerHTML='Param Type Description',Ye=u(),N=s("tbody"),D=s("tr"),$e=s("td"),$e.textContent="expand",je=u(),Pe=s("td"),Pe.innerHTML='String',Ve=u(),v=s("td"),Ee=f(`Auto expand record relations. Ex.: + `),se(M.$$.fragment),Ne=f(` + Supports up to 6-levels depth nested relations expansion. `),Ie=s("br"),Je=f(` + The expanded relations will be appended to the record under the + `),Ce=s("code"),Ce.textContent="expand",Qe=f(" property (eg. "),Re=s("code"),Re.textContent='"expand": {"relField1": {...}, ...}',Ke=f(`). + `),Xe=s("br"),Ze=f(` + Only the relations to which the request user has permissions to `),Oe=s("strong"),Oe.textContent="view",ze=f(" will be expanded."),Ge=u(),se(U.$$.fragment),Te=u(),I=s("div"),I.textContent="Responses",Ae=u(),W=s("div"),J=s("div");for(let e=0;ea(2,h=_.code);return i.$$set=_=>{"collection"in _&&a(0,r=_.collection)},i.$$.update=()=>{var _;i.$$.dirty&1&&a(1,m=((_=r==null?void 0:r.passwordAuth)==null?void 0:_.identityFields)||[]),i.$$.dirty&2&&a(4,b=m.length==0?"NONE":"YOUR_"+m.join("_OR_").toUpperCase()),i.$$.dirty&1&&a(3,g=[{code:200,body:JSON.stringify({token:"JWT_TOKEN",record:dt.dummyCollectionRecord(r)},null,2)},{code:400,body:` + { + "status": 400, + "message": "Failed to authenticate.", + "data": { + "identity": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}])},a(5,n=dt.getApiExampleUrl(Rt.baseURL)),[r,m,h,g,b,n,$]}class Ut extends kt{constructor(o){super(),gt(this,o,Wt,Dt,vt,{collection:0})}}export{Ut as default}; diff --git a/ui/dist/assets/BatchApiDocs-EBhE9vAi.js b/ui/dist/assets/BatchApiDocs-EBhE9vAi.js new file mode 100644 index 0000000..7d48a64 --- /dev/null +++ b/ui/dist/assets/BatchApiDocs-EBhE9vAi.js @@ -0,0 +1,157 @@ +import{S as St,i as At,s as Lt,V as Mt,W as Ht,X as Q,h as d,d as Re,t as Y,a as x,I as jt,Z as Pt,_ as Nt,C as Ut,$ as Jt,D as zt,l as u,n as t,m as Te,E as Wt,G as Gt,u as o,A as _,v as i,c as Pe,w as b,J as Ft,p as Kt,k as ee,o as Vt}from"./index-BH0nlDnw.js";function Bt(a,s,n){const c=a.slice();return c[6]=s[n],c}function Et(a,s,n){const c=a.slice();return c[6]=s[n],c}function Ot(a,s){let n,c,y;function f(){return s[5](s[6])}return{key:a,first:null,c(){n=o("button"),n.textContent=`${s[6].code} `,b(n,"class","tab-item"),ee(n,"active",s[1]===s[6].code),this.first=n},m(r,h){u(r,n,h),c||(y=Vt(n,"click",f),c=!0)},p(r,h){s=r,h&10&&ee(n,"active",s[1]===s[6].code)},d(r){r&&d(n),c=!1,y()}}}function It(a,s){let n,c,y,f;return c=new Ht({props:{content:s[6].body}}),{key:a,first:null,c(){n=o("div"),Pe(c.$$.fragment),y=i(),b(n,"class","tab-item"),ee(n,"active",s[1]===s[6].code),this.first=n},m(r,h){u(r,n,h),Te(c,n,null),t(n,y),f=!0},p(r,h){s=r,(!f||h&10)&&ee(n,"active",s[1]===s[6].code)},i(r){f||(x(c.$$.fragment,r),f=!0)},o(r){Y(c.$$.fragment,r),f=!1},d(r){r&&d(n),Re(c)}}}function Xt(a){var pt,mt,bt,ht,ft,_t,yt,kt;let s,n,c=a[0].name+"",y,f,r,h,F,g,U,Fe,P,B,Be,E,Ee,Oe,te,le,q,oe,O,ae,I,se,H,ne,J,ie,w,ce,Ie,re,S,z,He,k,W,Se,de,Ae,C,G,Le,ue,Me,K,je,pe,Ne,D,Ue,me,Je,ze,We,V,Ge,X,Ke,be,Ve,he,Xe,fe,Ze,p,_e,Qe,ye,Ye,ke,xe,$e,et,ge,tt,ve,lt,ot,at,Ce,st,R,De,A,qe,T,L,v=[],nt=new Map,it,M,$=[],ct=new Map,j,we,rt;q=new Mt({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${a[2]}'); + + ... + + const batch = pb.createBatch(); + + batch.collection('${(pt=a[0])==null?void 0:pt.name}').create({ ... }); + batch.collection('${(mt=a[0])==null?void 0:mt.name}').update('RECORD_ID', { ... }); + batch.collection('${(bt=a[0])==null?void 0:bt.name}').delete('RECORD_ID'); + batch.collection('${(ht=a[0])==null?void 0:ht.name}').upsert({ ... }); + + const result = await batch.send(); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${a[2]}'); + + ... + + final batch = pb.createBatch(); + + batch.collection('${(ft=a[0])==null?void 0:ft.name}').create(body: { ... }); + batch.collection('${(_t=a[0])==null?void 0:_t.name}').update('RECORD_ID', body: { ... }); + batch.collection('${(yt=a[0])==null?void 0:yt.name}').delete('RECORD_ID'); + batch.collection('${(kt=a[0])==null?void 0:kt.name}').upsert(body: { ... }); + + final result = await batch.send(); + `}}),R=new Ht({props:{language:"javascript",content:` + const formData = new FormData(); + + formData.append("@jsonPayload", JSON.stringify({ + requests: [ + { + method: "POST", + url: "/api/collections/${a[0].name}/records?fields=id", + body: { someField: "test1" } + }, + { + method: "PATCH", + url: "/api/collections/${a[0].name}/records/RECORD_ID", + body: { someField: "test2" } + } + ] + })) + + // file for the first request + formData.append("requests.0.someFileField", new File(...)) + + // file for the second request + formData.append("requests.1.someFileField", new File(...)) + `}});let Z=Q(a[3]);const dt=e=>e[6].code;for(let e=0;ee[6].code;for(let e=0;eBatch and transactional create/update/upsert/delete of multiple records in a single request.

    ",F=i(),g=o("div"),U=o("div"),U.innerHTML='',Fe=i(),P=o("div"),B=o("p"),Be=_(`The batch Web API need to be explicitly enabled and configured from the + `),E=o("a"),E.textContent="Dashboard settings",Ee=_("."),Oe=i(),te=o("p"),te.textContent=`Because this endpoint process the requests in a single transaction it could degrade the + performance of your application if not used with proper care and configuration (e.g. too large + allowed execution timeout, large body size limit, etc.).`,le=i(),Pe(q.$$.fragment),oe=i(),O=o("h6"),O.textContent="API details",ae=i(),I=o("div"),I.innerHTML='POST
    /api/batch
    ',se=i(),H=o("div"),H.textContent="Body Parameters",ne=i(),J=o("p"),J.innerHTML=`Body parameters could be sent as application/json or multipart/form-data. +
    + File upload is supported only via multipart/form-data (see below for more details).`,ie=i(),w=o("table"),ce=o("thead"),ce.innerHTML='Param Description',Ie=i(),re=o("tbody"),S=o("tr"),z=o("td"),z.innerHTML='
    Required requests
    ',He=i(),k=o("td"),W=o("span"),W.textContent="Array",Se=_(` - List of the requests to process. + + `),de=o("p"),de.textContent="The supported batch request actions are:",Ae=i(),C=o("ul"),G=o("li"),Le=_("record create - "),ue=o("code"),ue.textContent="POST /api/collections/{collection}/records",Me=i(),K=o("li"),je=_(`record update - + `),pe=o("code"),pe.textContent="PATCH /api/collections/{collection}/records/{id}",Ne=i(),D=o("li"),Ue=_("record upsert - "),me=o("code"),me.textContent="PUT /api/collections/{collection}/records",Je=i(),ze=o("br"),We=i(),V=o("small"),V.innerHTML='(the body must have id field)',Ge=i(),X=o("li"),Ke=_(`record delete - + `),be=o("code"),be.textContent="DELETE /api/collections/{collection}/records/{id}",Ve=i(),he=o("p"),he.textContent="Each batch Request element have the following properties:",Xe=i(),fe=o("ul"),fe.innerHTML=`
  • url path (could include query parameters)
  • method (GET, POST, PUT, PATCH, DELETE)
  • headers
    (custom per-request Authorization header is not supported at the moment, + aka. all batch requests have the same auth state)
  • body
    • `,Ze=i(),p=o("p"),_e=o("strong"),_e.textContent="NB!",Qe=_(` When the batch request is send as + `),ye=o("code"),ye.textContent="multipart/form-data",Ye=_(`, the regular batch action fields are expected to be + submitted as serailized json under the `),ke=o("code"),ke.textContent="@jsonPayload",xe=_(` field and file keys need + to follow the pattern `),$e=o("code"),$e.textContent="requests.N.fileField",et=_(` or + `),ge=o("code"),ge.textContent="requests[N].fileField",tt=i(),ve=o("em"),ve.textContent=`(this is usually handled transparently by the SDKs when their specific object notation + is used) + `,lt=_(`. + `),ot=o("br"),at=_(` + If you don't use the SDKs or prefer manually to construct the `),Ce=o("code"),Ce.textContent="FormData",st=_(` + body, then it could look something like: + `),Pe(R.$$.fragment),De=i(),A=o("div"),A.textContent="Responses",qe=i(),T=o("div"),L=o("div");for(let e=0;en(1,r=g.code);return a.$$set=g=>{"collection"in g&&n(0,f=g.collection)},a.$$.update=()=>{a.$$.dirty&1&&n(4,y=Ft.dummyCollectionRecord(f)),a.$$.dirty&17&&f!=null&&f.id&&(h.push({code:200,body:JSON.stringify([{status:200,body:y},{status:200,body:Object.assign({},y,{id:y.id+"2"})}],null,2)}),h.push({code:400,body:` + { + "status": 400, + "message": "Batch transaction failed.", + "data": { + "requests": { + "1": { + "code": "batch_request_failed", + "message": "Batch request failed.", + "response": { + "status": 400, + "message": "Failed to create record.", + "data": { + "id": { + "code": "validation_min_text_constraint", + "message": "Must be at least 3 character(s).", + "params": { "min": 3 } + } + } + } + } + } + } + } + `}),h.push({code:403,body:` + { + "status": 403, + "message": "Batch requests are not allowed.", + "data": {} + } + `}))},n(2,c=Ft.getApiExampleUrl(Kt.baseURL)),[f,r,c,h,y,F]}class Yt extends St{constructor(s){super(),At(this,s,Zt,Xt,Lt,{collection:0})}}export{Yt as default}; diff --git a/ui/dist/assets/CodeEditor-CHQR53XK.js b/ui/dist/assets/CodeEditor-CHQR53XK.js new file mode 100644 index 0000000..dcb0288 --- /dev/null +++ b/ui/dist/assets/CodeEditor-CHQR53XK.js @@ -0,0 +1,14 @@ +import{S as vt,i as Tt,s as wt,H as IO,h as _t,a1 as OO,l as qt,u as Yt,w as Rt,O as Vt,T as jt,U as zt,Q as Gt,J as Wt,y as Ut}from"./index-BH0nlDnw.js";import{P as Ct,N as Et,w as At,D as Mt,x as RO,T as tO,I as VO,y as Lt,z as I,A as n,L as D,B as J,F as K,G as V,H as jO,J as F,v as U,K as Ye,M as g,E as R,O as Re,Q as Ve,R as je,U as Bt,V as Nt,W as It,X as ze,Y as Dt,b as C,e as Jt,f as Kt,g as Ft,i as Ht,j as Oa,k as ea,l as ta,m as aa,r as ra,n as ia,o as sa,p as la,C as eO,u as na,c as oa,d as ca,s as Qa,h as pa,a as ha,q as DO}from"./index-Bd1MzT5k.js";var JO={};class sO{constructor(O,t,a,r,s,i,l,o,Q,h=0,c){this.p=O,this.stack=t,this.state=a,this.reducePos=r,this.pos=s,this.score=i,this.buffer=l,this.bufferBase=o,this.curContext=Q,this.lookAhead=h,this.parent=c}toString(){return`[${this.stack.filter((O,t)=>t%3==0).concat(this.state)}]@${this.pos}${this.score?"!"+this.score:""}`}static start(O,t,a=0){let r=O.parser.context;return new sO(O,[],t,a,a,0,[],0,r?new KO(r,r.start):null,0,null)}get context(){return this.curContext?this.curContext.context:null}pushState(O,t){this.stack.push(this.state,t,this.bufferBase+this.buffer.length),this.state=O}reduce(O){var t;let a=O>>19,r=O&65535,{parser:s}=this.p,i=this.reducePos=2e3&&!(!((t=this.p.parser.nodeSet.types[r])===null||t===void 0)&&t.isAnonymous)&&(Q==this.p.lastBigReductionStart?(this.p.bigReductionCount++,this.p.lastBigReductionSize=h):this.p.lastBigReductionSizeo;)this.stack.pop();this.reduceContext(r,Q)}storeNode(O,t,a,r=4,s=!1){if(O==0&&(!this.stack.length||this.stack[this.stack.length-1]0&&i.buffer[l-4]==0&&i.buffer[l-1]>-1){if(t==a)return;if(i.buffer[l-2]>=t){i.buffer[l-2]=a;return}}}if(!s||this.pos==a)this.buffer.push(O,t,a,r);else{let i=this.buffer.length;if(i>0&&this.buffer[i-4]!=0){let l=!1;for(let o=i;o>0&&this.buffer[o-2]>a;o-=4)if(this.buffer[o-1]>=0){l=!0;break}if(l)for(;i>0&&this.buffer[i-2]>a;)this.buffer[i]=this.buffer[i-4],this.buffer[i+1]=this.buffer[i-3],this.buffer[i+2]=this.buffer[i-2],this.buffer[i+3]=this.buffer[i-1],i-=4,r>4&&(r-=4)}this.buffer[i]=O,this.buffer[i+1]=t,this.buffer[i+2]=a,this.buffer[i+3]=r}}shift(O,t,a,r){if(O&131072)this.pushState(O&65535,this.pos);else if(O&262144)this.pos=r,this.shiftContext(t,a),t<=this.p.parser.maxNode&&this.buffer.push(t,a,r,4);else{let s=O,{parser:i}=this.p;(r>this.pos||t<=i.maxNode)&&(this.pos=r,i.stateFlag(s,1)||(this.reducePos=r)),this.pushState(s,a),this.shiftContext(t,a),t<=i.maxNode&&this.buffer.push(t,a,r,4)}}apply(O,t,a,r){O&65536?this.reduce(O):this.shift(O,t,a,r)}useNode(O,t){let a=this.p.reused.length-1;(a<0||this.p.reused[a]!=O)&&(this.p.reused.push(O),a++);let r=this.pos;this.reducePos=this.pos=r+O.length,this.pushState(t,r),this.buffer.push(a,r,this.reducePos,-1),this.curContext&&this.updateContext(this.curContext.tracker.reuse(this.curContext.context,O,this,this.p.stream.reset(this.pos-O.length)))}split(){let O=this,t=O.buffer.length;for(;t>0&&O.buffer[t-2]>O.reducePos;)t-=4;let a=O.buffer.slice(t),r=O.bufferBase+t;for(;O&&r==O.bufferBase;)O=O.parent;return new sO(this.p,this.stack.slice(),this.state,this.reducePos,this.pos,this.score,a,r,this.curContext,this.lookAhead,O)}recoverByDelete(O,t){let a=O<=this.p.parser.maxNode;a&&this.storeNode(O,this.pos,t,4),this.storeNode(0,this.pos,t,a?8:4),this.pos=this.reducePos=t,this.score-=190}canShift(O){for(let t=new ua(this);;){let a=this.p.parser.stateSlot(t.state,4)||this.p.parser.hasAction(t.state,O);if(a==0)return!1;if(!(a&65536))return!0;t.reduce(a)}}recoverByInsert(O){if(this.stack.length>=300)return[];let t=this.p.parser.nextStates(this.state);if(t.length>8||this.stack.length>=120){let r=[];for(let s=0,i;so&1&&l==i)||r.push(t[s],i)}t=r}let a=[];for(let r=0;r>19,r=t&65535,s=this.stack.length-a*3;if(s<0||O.getGoto(this.stack[s],r,!1)<0){let i=this.findForcedReduction();if(i==null)return!1;t=i}this.storeNode(0,this.pos,this.pos,4,!0),this.score-=100}return this.reducePos=this.pos,this.reduce(t),!0}findForcedReduction(){let{parser:O}=this.p,t=[],a=(r,s)=>{if(!t.includes(r))return t.push(r),O.allActions(r,i=>{if(!(i&393216))if(i&65536){let l=(i>>19)-s;if(l>1){let o=i&65535,Q=this.stack.length-l*3;if(Q>=0&&O.getGoto(this.stack[Q],o,!1)>=0)return l<<19|65536|o}}else{let l=a(i,s+1);if(l!=null)return l}})};return a(this.state,0)}forceAll(){for(;!this.p.parser.stateFlag(this.state,2);)if(!this.forceReduce()){this.storeNode(0,this.pos,this.pos,4,!0);break}return this}get deadEnd(){if(this.stack.length!=3)return!1;let{parser:O}=this.p;return O.data[O.stateSlot(this.state,1)]==65535&&!O.stateSlot(this.state,4)}restart(){this.storeNode(0,this.pos,this.pos,4,!0),this.state=this.stack[0],this.stack.length=0}sameState(O){if(this.state!=O.state||this.stack.length!=O.stack.length)return!1;for(let t=0;tthis.lookAhead&&(this.emitLookAhead(),this.lookAhead=O)}close(){this.curContext&&this.curContext.tracker.strict&&this.emitContext(),this.lookAhead>0&&this.emitLookAhead()}}class KO{constructor(O,t){this.tracker=O,this.context=t,this.hash=O.strict?O.hash(t):0}}class ua{constructor(O){this.start=O,this.state=O.state,this.stack=O.stack,this.base=this.stack.length}reduce(O){let t=O&65535,a=O>>19;a==0?(this.stack==this.start.stack&&(this.stack=this.stack.slice()),this.stack.push(this.state,0,0),this.base+=3):this.base-=(a-1)*3;let r=this.start.p.parser.getGoto(this.stack[this.base-3],t,!0);this.state=r}}class lO{constructor(O,t,a){this.stack=O,this.pos=t,this.index=a,this.buffer=O.buffer,this.index==0&&this.maybeNext()}static create(O,t=O.bufferBase+O.buffer.length){return new lO(O,t,t-O.bufferBase)}maybeNext(){let O=this.stack.parent;O!=null&&(this.index=this.stack.bufferBase-O.bufferBase,this.stack=O,this.buffer=O.buffer)}get id(){return this.buffer[this.index-4]}get start(){return this.buffer[this.index-3]}get end(){return this.buffer[this.index-2]}get size(){return this.buffer[this.index-1]}next(){this.index-=4,this.pos-=4,this.index==0&&this.maybeNext()}fork(){return new lO(this.stack,this.pos,this.index)}}function M(e,O=Uint16Array){if(typeof e!="string")return e;let t=null;for(let a=0,r=0;a=92&&i--,i>=34&&i--;let o=i-32;if(o>=46&&(o-=46,l=!0),s+=o,l)break;s*=46}t?t[r++]=s:t=new O(s)}return t}class aO{constructor(){this.start=-1,this.value=-1,this.end=-1,this.extended=-1,this.lookAhead=0,this.mask=0,this.context=0}}const FO=new aO;class fa{constructor(O,t){this.input=O,this.ranges=t,this.chunk="",this.chunkOff=0,this.chunk2="",this.chunk2Pos=0,this.next=-1,this.token=FO,this.rangeIndex=0,this.pos=this.chunkPos=t[0].from,this.range=t[0],this.end=t[t.length-1].to,this.readNext()}resolveOffset(O,t){let a=this.range,r=this.rangeIndex,s=this.pos+O;for(;sa.to:s>=a.to;){if(r==this.ranges.length-1)return null;let i=this.ranges[++r];s+=i.from-a.to,a=i}return s}clipPos(O){if(O>=this.range.from&&OO)return Math.max(O,t.from);return this.end}peek(O){let t=this.chunkOff+O,a,r;if(t>=0&&t=this.chunk2Pos&&al.to&&(this.chunk2=this.chunk2.slice(0,l.to-a)),r=this.chunk2.charCodeAt(0)}}return a>=this.token.lookAhead&&(this.token.lookAhead=a+1),r}acceptToken(O,t=0){let a=t?this.resolveOffset(t,-1):this.pos;if(a==null||a=this.chunk2Pos&&this.posthis.range.to?O.slice(0,this.range.to-this.pos):O,this.chunkPos=this.pos,this.chunkOff=0}}readNext(){return this.chunkOff>=this.chunk.length&&(this.getChunk(),this.chunkOff==this.chunk.length)?this.next=-1:this.next=this.chunk.charCodeAt(this.chunkOff)}advance(O=1){for(this.chunkOff+=O;this.pos+O>=this.range.to;){if(this.rangeIndex==this.ranges.length-1)return this.setDone();O-=this.range.to-this.pos,this.range=this.ranges[++this.rangeIndex],this.pos=this.range.from}return this.pos+=O,this.pos>=this.token.lookAhead&&(this.token.lookAhead=this.pos+1),this.readNext()}setDone(){return this.pos=this.chunkPos=this.end,this.range=this.ranges[this.rangeIndex=this.ranges.length-1],this.chunk="",this.next=-1}reset(O,t){if(t?(this.token=t,t.start=O,t.lookAhead=O+1,t.value=t.extended=-1):this.token=FO,this.pos!=O){if(this.pos=O,O==this.end)return this.setDone(),this;for(;O=this.range.to;)this.range=this.ranges[++this.rangeIndex];O>=this.chunkPos&&O=this.chunkPos&&t<=this.chunkPos+this.chunk.length)return this.chunk.slice(O-this.chunkPos,t-this.chunkPos);if(O>=this.chunk2Pos&&t<=this.chunk2Pos+this.chunk2.length)return this.chunk2.slice(O-this.chunk2Pos,t-this.chunk2Pos);if(O>=this.range.from&&t<=this.range.to)return this.input.read(O,t);let a="";for(let r of this.ranges){if(r.from>=t)break;r.to>O&&(a+=this.input.read(Math.max(r.from,O),Math.min(r.to,t)))}return a}}class z{constructor(O,t){this.data=O,this.id=t}token(O,t){let{parser:a}=t.p;Ge(this.data,O,t,this.id,a.data,a.tokenPrecTable)}}z.prototype.contextual=z.prototype.fallback=z.prototype.extend=!1;class nO{constructor(O,t,a){this.precTable=t,this.elseToken=a,this.data=typeof O=="string"?M(O):O}token(O,t){let a=O.pos,r=0;for(;;){let s=O.next<0,i=O.resolveOffset(1,1);if(Ge(this.data,O,t,0,this.data,this.precTable),O.token.value>-1)break;if(this.elseToken==null)return;if(s||r++,i==null)break;O.reset(i,O.token)}r&&(O.reset(a,O.token),O.acceptToken(this.elseToken,r))}}nO.prototype.contextual=z.prototype.fallback=z.prototype.extend=!1;class x{constructor(O,t={}){this.token=O,this.contextual=!!t.contextual,this.fallback=!!t.fallback,this.extend=!!t.extend}}function Ge(e,O,t,a,r,s){let i=0,l=1<0){let f=e[p];if(o.allows(f)&&(O.token.value==-1||O.token.value==f||da(f,O.token.value,r,s))){O.acceptToken(f);break}}let h=O.next,c=0,d=e[i+2];if(O.next<0&&d>c&&e[Q+d*3-3]==65535){i=e[Q+d*3-1];continue O}for(;c>1,f=Q+p+(p<<1),S=e[f],m=e[f+1]||65536;if(h=m)c=p+1;else{i=e[f+2],O.advance();continue O}}break}}function HO(e,O,t){for(let a=O,r;(r=e[a])!=65535;a++)if(r==t)return a-O;return-1}function da(e,O,t,a){let r=HO(t,a,O);return r<0||HO(t,a,e)O)&&!a.type.isError)return t<0?Math.max(0,Math.min(a.to-1,O-25)):Math.min(e.length,Math.max(a.from+1,O+25));if(t<0?a.prevSibling():a.nextSibling())break;if(!a.parent())return t<0?0:e.length}}class $a{constructor(O,t){this.fragments=O,this.nodeSet=t,this.i=0,this.fragment=null,this.safeFrom=-1,this.safeTo=-1,this.trees=[],this.start=[],this.index=[],this.nextFragment()}nextFragment(){let O=this.fragment=this.i==this.fragments.length?null:this.fragments[this.i++];if(O){for(this.safeFrom=O.openStart?Oe(O.tree,O.from+O.offset,1)-O.offset:O.from,this.safeTo=O.openEnd?Oe(O.tree,O.to+O.offset,-1)-O.offset:O.to;this.trees.length;)this.trees.pop(),this.start.pop(),this.index.pop();this.trees.push(O.tree),this.start.push(-O.offset),this.index.push(0),this.nextStart=this.safeFrom}else this.nextStart=1e9}nodeAt(O){if(OO)return this.nextStart=i,null;if(s instanceof tO){if(i==O){if(i=Math.max(this.safeFrom,O)&&(this.trees.push(s),this.start.push(i),this.index.push(0))}else this.index[t]++,this.nextStart=i+s.length}}}class Sa{constructor(O,t){this.stream=t,this.tokens=[],this.mainToken=null,this.actions=[],this.tokens=O.tokenizers.map(a=>new aO)}getActions(O){let t=0,a=null,{parser:r}=O.p,{tokenizers:s}=r,i=r.stateSlot(O.state,3),l=O.curContext?O.curContext.hash:0,o=0;for(let Q=0;Qc.end+25&&(o=Math.max(c.lookAhead,o)),c.value!=0)){let d=t;if(c.extended>-1&&(t=this.addActions(O,c.extended,c.end,t)),t=this.addActions(O,c.value,c.end,t),!h.extend&&(a=c,t>d))break}}for(;this.actions.length>t;)this.actions.pop();return o&&O.setLookAhead(o),!a&&O.pos==this.stream.end&&(a=new aO,a.value=O.p.parser.eofTerm,a.start=a.end=O.pos,t=this.addActions(O,a.value,a.end,t)),this.mainToken=a,this.actions}getMainToken(O){if(this.mainToken)return this.mainToken;let t=new aO,{pos:a,p:r}=O;return t.start=a,t.end=Math.min(a+1,r.stream.end),t.value=a==r.stream.end?r.parser.eofTerm:0,t}updateCachedToken(O,t,a){let r=this.stream.clipPos(a.pos);if(t.token(this.stream.reset(r,O),a),O.value>-1){let{parser:s}=a.p;for(let i=0;i=0&&a.p.parser.dialect.allows(l>>1)){l&1?O.extended=l>>1:O.value=l>>1;break}}}else O.value=0,O.end=this.stream.clipPos(r+1)}putAction(O,t,a,r){for(let s=0;sO.bufferLength*4?new $a(a,O.nodeSet):null}get parsedPos(){return this.minStackPos}advance(){let O=this.stacks,t=this.minStackPos,a=this.stacks=[],r,s;if(this.bigReductionCount>300&&O.length==1){let[i]=O;for(;i.forceReduce()&&i.stack.length&&i.stack[i.stack.length-2]>=this.lastBigReductionStart;);this.bigReductionCount=this.lastBigReductionSize=0}for(let i=0;it)a.push(l);else{if(this.advanceStack(l,a,O))continue;{r||(r=[],s=[]),r.push(l);let o=this.tokens.getMainToken(l);s.push(o.value,o.end)}}break}}if(!a.length){let i=r&&ga(r);if(i)return Z&&console.log("Finish with "+this.stackID(i)),this.stackToTree(i);if(this.parser.strict)throw Z&&r&&console.log("Stuck with token "+(this.tokens.mainToken?this.parser.getName(this.tokens.mainToken.value):"none")),new SyntaxError("No parse at "+t);this.recovering||(this.recovering=5)}if(this.recovering&&r){let i=this.stoppedAt!=null&&r[0].pos>this.stoppedAt?r[0]:this.runRecovery(r,s,a);if(i)return Z&&console.log("Force-finish "+this.stackID(i)),this.stackToTree(i.forceAll())}if(this.recovering){let i=this.recovering==1?1:this.recovering*3;if(a.length>i)for(a.sort((l,o)=>o.score-l.score);a.length>i;)a.pop();a.some(l=>l.reducePos>t)&&this.recovering--}else if(a.length>1){O:for(let i=0;i500&&Q.buffer.length>500)if((l.score-Q.score||l.buffer.length-Q.buffer.length)>0)a.splice(o--,1);else{a.splice(i--,1);continue O}}}a.length>12&&a.splice(12,a.length-12)}this.minStackPos=a[0].pos;for(let i=1;i ":"";if(this.stoppedAt!=null&&r>this.stoppedAt)return O.forceReduce()?O:null;if(this.fragments){let Q=O.curContext&&O.curContext.tracker.strict,h=Q?O.curContext.hash:0;for(let c=this.fragments.nodeAt(r);c;){let d=this.parser.nodeSet.types[c.type.id]==c.type?s.getGoto(O.state,c.type.id):-1;if(d>-1&&c.length&&(!Q||(c.prop(RO.contextHash)||0)==h))return O.useNode(c,d),Z&&console.log(i+this.stackID(O)+` (via reuse of ${s.getName(c.type.id)})`),!0;if(!(c instanceof tO)||c.children.length==0||c.positions[0]>0)break;let p=c.children[0];if(p instanceof tO&&c.positions[0]==0)c=p;else break}}let l=s.stateSlot(O.state,4);if(l>0)return O.reduce(l),Z&&console.log(i+this.stackID(O)+` (via always-reduce ${s.getName(l&65535)})`),!0;if(O.stack.length>=8400)for(;O.stack.length>6e3&&O.forceReduce(););let o=this.tokens.getActions(O);for(let Q=0;Qr?t.push(f):a.push(f)}return!1}advanceFully(O,t){let a=O.pos;for(;;){if(!this.advanceStack(O,null,null))return!1;if(O.pos>a)return ee(O,t),!0}}runRecovery(O,t,a){let r=null,s=!1;for(let i=0;i ":"";if(l.deadEnd&&(s||(s=!0,l.restart(),Z&&console.log(h+this.stackID(l)+" (restarted)"),this.advanceFully(l,a))))continue;let c=l.split(),d=h;for(let p=0;c.forceReduce()&&p<10&&(Z&&console.log(d+this.stackID(c)+" (via force-reduce)"),!this.advanceFully(c,a));p++)Z&&(d=this.stackID(c)+" -> ");for(let p of l.recoverByInsert(o))Z&&console.log(h+this.stackID(p)+" (via recover-insert)"),this.advanceFully(p,a);this.stream.end>l.pos?(Q==l.pos&&(Q++,o=0),l.recoverByDelete(o,Q),Z&&console.log(h+this.stackID(l)+` (via recover-delete ${this.parser.getName(o)})`),ee(l,a)):(!r||r.scoree;class We{constructor(O){this.start=O.start,this.shift=O.shift||fO,this.reduce=O.reduce||fO,this.reuse=O.reuse||fO,this.hash=O.hash||(()=>0),this.strict=O.strict!==!1}}class _ extends Ct{constructor(O){if(super(),this.wrappers=[],O.version!=14)throw new RangeError(`Parser version (${O.version}) doesn't match runtime version (14)`);let t=O.nodeNames.split(" ");this.minRepeatTerm=t.length;for(let l=0;lO.topRules[l][1]),r=[];for(let l=0;l=0)s(h,o,l[Q++]);else{let c=l[Q+-h];for(let d=-h;d>0;d--)s(l[Q++],o,c);Q++}}}this.nodeSet=new Et(t.map((l,o)=>At.define({name:o>=this.minRepeatTerm?void 0:l,id:o,props:r[o],top:a.indexOf(o)>-1,error:o==0,skipped:O.skippedNodes&&O.skippedNodes.indexOf(o)>-1}))),O.propSources&&(this.nodeSet=this.nodeSet.extend(...O.propSources)),this.strict=!1,this.bufferLength=Mt;let i=M(O.tokenData);this.context=O.context,this.specializerSpecs=O.specialized||[],this.specialized=new Uint16Array(this.specializerSpecs.length);for(let l=0;ltypeof l=="number"?new z(i,l):l),this.topRules=O.topRules,this.dialects=O.dialects||{},this.dynamicPrecedences=O.dynamicPrecedences||null,this.tokenPrecTable=O.tokenPrec,this.termNames=O.termNames||null,this.maxNode=this.nodeSet.types.length-1,this.dialect=this.parseDialect(),this.top=this.topRules[Object.keys(this.topRules)[0]]}createParse(O,t,a){let r=new ma(this,O,t,a);for(let s of this.wrappers)r=s(r,O,t,a);return r}getGoto(O,t,a=!1){let r=this.goto;if(t>=r[0])return-1;for(let s=r[t+1];;){let i=r[s++],l=i&1,o=r[s++];if(l&&a)return o;for(let Q=s+(i>>1);s0}validAction(O,t){return!!this.allActions(O,a=>a==t?!0:null)}allActions(O,t){let a=this.stateSlot(O,4),r=a?t(a):void 0;for(let s=this.stateSlot(O,1);r==null;s+=3){if(this.data[s]==65535)if(this.data[s+1]==1)s=T(this.data,s+2);else break;r=t(T(this.data,s+1))}return r}nextStates(O){let t=[];for(let a=this.stateSlot(O,1);;a+=3){if(this.data[a]==65535)if(this.data[a+1]==1)a=T(this.data,a+2);else break;if(!(this.data[a+2]&1)){let r=this.data[a+1];t.some((s,i)=>i&1&&s==r)||t.push(this.data[a],r)}}return t}configure(O){let t=Object.assign(Object.create(_.prototype),this);if(O.props&&(t.nodeSet=this.nodeSet.extend(...O.props)),O.top){let a=this.topRules[O.top];if(!a)throw new RangeError(`Invalid top rule name ${O.top}`);t.top=a}return O.tokenizers&&(t.tokenizers=this.tokenizers.map(a=>{let r=O.tokenizers.find(s=>s.from==a);return r?r.to:a})),O.specializers&&(t.specializers=this.specializers.slice(),t.specializerSpecs=this.specializerSpecs.map((a,r)=>{let s=O.specializers.find(l=>l.from==a.external);if(!s)return a;let i=Object.assign(Object.assign({},a),{external:s.to});return t.specializers[r]=te(i),i})),O.contextTracker&&(t.context=O.contextTracker),O.dialect&&(t.dialect=this.parseDialect(O.dialect)),O.strict!=null&&(t.strict=O.strict),O.wrap&&(t.wrappers=t.wrappers.concat(O.wrap)),O.bufferLength!=null&&(t.bufferLength=O.bufferLength),t}hasWrappers(){return this.wrappers.length>0}getName(O){return this.termNames?this.termNames[O]:String(O<=this.maxNode&&this.nodeSet.types[O].name||O)}get eofTerm(){return this.maxNode+1}get topNode(){return this.nodeSet.types[this.top[1]]}dynamicPrecedence(O){let t=this.dynamicPrecedences;return t==null?0:t[O]||0}parseDialect(O){let t=Object.keys(this.dialects),a=t.map(()=>!1);if(O)for(let s of O.split(" ")){let i=t.indexOf(s);i>=0&&(a[i]=!0)}let r=null;for(let s=0;sa)&&t.p.parser.stateFlag(t.state,2)&&(!O||O.scoree.external(t,a)<<1|O}return e.get}const Za=54,ka=1,xa=55,Xa=2,ba=56,ya=3,ae=4,va=5,oO=6,Ue=7,Ce=8,Ee=9,Ae=10,Ta=11,wa=12,_a=13,dO=57,qa=14,re=58,Me=20,Ya=22,Le=23,Ra=24,bO=26,Be=27,Va=28,ja=31,za=34,Ga=36,Wa=37,Ua=0,Ca=1,Ea={area:!0,base:!0,br:!0,col:!0,command:!0,embed:!0,frame:!0,hr:!0,img:!0,input:!0,keygen:!0,link:!0,meta:!0,param:!0,source:!0,track:!0,wbr:!0,menuitem:!0},Aa={dd:!0,li:!0,optgroup:!0,option:!0,p:!0,rp:!0,rt:!0,tbody:!0,td:!0,tfoot:!0,th:!0,tr:!0},ie={dd:{dd:!0,dt:!0},dt:{dd:!0,dt:!0},li:{li:!0},option:{option:!0,optgroup:!0},optgroup:{optgroup:!0},p:{address:!0,article:!0,aside:!0,blockquote:!0,dir:!0,div:!0,dl:!0,fieldset:!0,footer:!0,form:!0,h1:!0,h2:!0,h3:!0,h4:!0,h5:!0,h6:!0,header:!0,hgroup:!0,hr:!0,menu:!0,nav:!0,ol:!0,p:!0,pre:!0,section:!0,table:!0,ul:!0},rp:{rp:!0,rt:!0},rt:{rp:!0,rt:!0},tbody:{tbody:!0,tfoot:!0},td:{td:!0,th:!0},tfoot:{tbody:!0},th:{td:!0,th:!0},thead:{tbody:!0,tfoot:!0},tr:{tr:!0}};function Ma(e){return e==45||e==46||e==58||e>=65&&e<=90||e==95||e>=97&&e<=122||e>=161}function Ne(e){return e==9||e==10||e==13||e==32}let se=null,le=null,ne=0;function yO(e,O){let t=e.pos+O;if(ne==t&&le==e)return se;let a=e.peek(O);for(;Ne(a);)a=e.peek(++O);let r="";for(;Ma(a);)r+=String.fromCharCode(a),a=e.peek(++O);return le=e,ne=t,se=r?r.toLowerCase():a==La||a==Ba?void 0:null}const Ie=60,cO=62,zO=47,La=63,Ba=33,Na=45;function oe(e,O){this.name=e,this.parent=O}const Ia=[oO,Ae,Ue,Ce,Ee],Da=new We({start:null,shift(e,O,t,a){return Ia.indexOf(O)>-1?new oe(yO(a,1)||"",e):e},reduce(e,O){return O==Me&&e?e.parent:e},reuse(e,O,t,a){let r=O.type.id;return r==oO||r==Ga?new oe(yO(a,1)||"",e):e},strict:!1}),Ja=new x((e,O)=>{if(e.next!=Ie){e.next<0&&O.context&&e.acceptToken(dO);return}e.advance();let t=e.next==zO;t&&e.advance();let a=yO(e,0);if(a===void 0)return;if(!a)return e.acceptToken(t?qa:oO);let r=O.context?O.context.name:null;if(t){if(a==r)return e.acceptToken(Ta);if(r&&Aa[r])return e.acceptToken(dO,-2);if(O.dialectEnabled(Ua))return e.acceptToken(wa);for(let s=O.context;s;s=s.parent)if(s.name==a)return;e.acceptToken(_a)}else{if(a=="script")return e.acceptToken(Ue);if(a=="style")return e.acceptToken(Ce);if(a=="textarea")return e.acceptToken(Ee);if(Ea.hasOwnProperty(a))return e.acceptToken(Ae);r&&ie[r]&&ie[r][a]?e.acceptToken(dO,-1):e.acceptToken(oO)}},{contextual:!0}),Ka=new x(e=>{for(let O=0,t=0;;t++){if(e.next<0){t&&e.acceptToken(re);break}if(e.next==Na)O++;else if(e.next==cO&&O>=2){t>=3&&e.acceptToken(re,-2);break}else O=0;e.advance()}});function Fa(e){for(;e;e=e.parent)if(e.name=="svg"||e.name=="math")return!0;return!1}const Ha=new x((e,O)=>{if(e.next==zO&&e.peek(1)==cO){let t=O.dialectEnabled(Ca)||Fa(O.context);e.acceptToken(t?va:ae,2)}else e.next==cO&&e.acceptToken(ae,1)});function GO(e,O,t){let a=2+e.length;return new x(r=>{for(let s=0,i=0,l=0;;l++){if(r.next<0){l&&r.acceptToken(O);break}if(s==0&&r.next==Ie||s==1&&r.next==zO||s>=2&&si?r.acceptToken(O,-i):r.acceptToken(t,-(i-2));break}else if((r.next==10||r.next==13)&&l){r.acceptToken(O,1);break}else s=i=0;r.advance()}})}const Or=GO("script",Za,ka),er=GO("style",xa,Xa),tr=GO("textarea",ba,ya),ar=I({"Text RawText":n.content,"StartTag StartCloseTag SelfClosingEndTag EndTag":n.angleBracket,TagName:n.tagName,"MismatchedCloseTag/TagName":[n.tagName,n.invalid],AttributeName:n.attributeName,"AttributeValue UnquotedAttributeValue":n.attributeValue,Is:n.definitionOperator,"EntityReference CharacterReference":n.character,Comment:n.blockComment,ProcessingInst:n.processingInstruction,DoctypeDecl:n.documentMeta}),rr=_.deserialize({version:14,states:",xOVO!rOOO!WQ#tO'#CqO!]Q#tO'#CzO!bQ#tO'#C}O!gQ#tO'#DQO!lQ#tO'#DSO!qOaO'#CpO!|ObO'#CpO#XOdO'#CpO$eO!rO'#CpOOO`'#Cp'#CpO$lO$fO'#DTO$tQ#tO'#DVO$yQ#tO'#DWOOO`'#Dk'#DkOOO`'#DY'#DYQVO!rOOO%OQ&rO,59]O%ZQ&rO,59fO%fQ&rO,59iO%qQ&rO,59lO%|Q&rO,59nOOOa'#D^'#D^O&XOaO'#CxO&dOaO,59[OOOb'#D_'#D_O&lObO'#C{O&wObO,59[OOOd'#D`'#D`O'POdO'#DOO'[OdO,59[OOO`'#Da'#DaO'dO!rO,59[O'kQ#tO'#DROOO`,59[,59[OOOp'#Db'#DbO'pO$fO,59oOOO`,59o,59oO'xQ#|O,59qO'}Q#|O,59rOOO`-E7W-E7WO(SQ&rO'#CsOOQW'#DZ'#DZO(bQ&rO1G.wOOOa1G.w1G.wOOO`1G/Y1G/YO(mQ&rO1G/QOOOb1G/Q1G/QO(xQ&rO1G/TOOOd1G/T1G/TO)TQ&rO1G/WOOO`1G/W1G/WO)`Q&rO1G/YOOOa-E7[-E7[O)kQ#tO'#CyOOO`1G.v1G.vOOOb-E7]-E7]O)pQ#tO'#C|OOOd-E7^-E7^O)uQ#tO'#DPOOO`-E7_-E7_O)zQ#|O,59mOOOp-E7`-E7`OOO`1G/Z1G/ZOOO`1G/]1G/]OOO`1G/^1G/^O*PQ,UO,59_OOQW-E7X-E7XOOOa7+$c7+$cOOO`7+$t7+$tOOOb7+$l7+$lOOOd7+$o7+$oOOO`7+$r7+$rO*[Q#|O,59eO*aQ#|O,59hO*fQ#|O,59kOOO`1G/X1G/XO*kO7[O'#CvO*|OMhO'#CvOOQW1G.y1G.yOOO`1G/P1G/POOO`1G/S1G/SOOO`1G/V1G/VOOOO'#D['#D[O+_O7[O,59bOOQW,59b,59bOOOO'#D]'#D]O+pOMhO,59bOOOO-E7Y-E7YOOQW1G.|1G.|OOOO-E7Z-E7Z",stateData:",]~O!^OS~OUSOVPOWQOXROYTO[]O][O^^O`^Oa^Ob^Oc^Ox^O{_O!dZO~OfaO~OfbO~OfcO~OfdO~OfeO~O!WfOPlP!ZlP~O!XiOQoP!ZoP~O!YlORrP!ZrP~OUSOVPOWQOXROYTOZqO[]O][O^^O`^Oa^Ob^Oc^Ox^O!dZO~O!ZrO~P#dO![sO!euO~OfvO~OfwO~OS|OT}OhyO~OS!POT}OhyO~OS!ROT}OhyO~OS!TOT}OhyO~OS}OT}OhyO~O!WfOPlX!ZlX~OP!WO!Z!XO~O!XiOQoX!ZoX~OQ!ZO!Z!XO~O!YlORrX!ZrX~OR!]O!Z!XO~O!Z!XO~P#dOf!_O~O![sO!e!aO~OS!bO~OS!cO~Oi!dOSgXTgXhgX~OS!fOT!gOhyO~OS!hOT!gOhyO~OS!iOT!gOhyO~OS!jOT!gOhyO~OS!gOT!gOhyO~Of!kO~Of!lO~Of!mO~OS!nO~Ok!qO!`!oO!b!pO~OS!rO~OS!sO~OS!tO~Oa!uOb!uOc!uO!`!wO!a!uO~Oa!xOb!xOc!xO!b!wO!c!xO~Oa!uOb!uOc!uO!`!{O!a!uO~Oa!xOb!xOc!xO!b!{O!c!xO~OT~bac!dx{!d~",goto:"%p!`PPPPPPPPPPPPPPPPPPPP!a!gP!mPP!yP!|#P#S#Y#]#`#f#i#l#r#x!aP!a!aP$O$U$l$r$x%O%U%[%bPPPPPPPP%hX^OX`pXUOX`pezabcde{!O!Q!S!UR!q!dRhUR!XhXVOX`pRkVR!XkXWOX`pRnWR!XnXXOX`pQrXR!XpXYOX`pQ`ORx`Q{aQ!ObQ!QcQ!SdQ!UeZ!e{!O!Q!S!UQ!v!oR!z!vQ!y!pR!|!yQgUR!VgQjVR!YjQmWR![mQpXR!^pQtZR!`tS_O`ToXp",nodeNames:"⚠ StartCloseTag StartCloseTag StartCloseTag EndTag SelfClosingEndTag StartTag StartTag StartTag StartTag StartTag StartCloseTag StartCloseTag StartCloseTag IncompleteCloseTag Document Text EntityReference CharacterReference InvalidEntity Element OpenTag TagName Attribute AttributeName Is AttributeValue UnquotedAttributeValue ScriptText CloseTag OpenTag StyleText CloseTag OpenTag TextareaText CloseTag OpenTag CloseTag SelfClosingTag Comment ProcessingInst MismatchedCloseTag CloseTag DoctypeDecl",maxTerm:67,context:Da,nodeProps:[["closedBy",-10,1,2,3,7,8,9,10,11,12,13,"EndTag",6,"EndTag SelfClosingEndTag",-4,21,30,33,36,"CloseTag"],["openedBy",4,"StartTag StartCloseTag",5,"StartTag",-4,29,32,35,37,"OpenTag"],["group",-9,14,17,18,19,20,39,40,41,42,"Entity",16,"Entity TextContent",-3,28,31,34,"TextContent Entity"],["isolate",-11,21,29,30,32,33,35,36,37,38,41,42,"ltr",-3,26,27,39,""]],propSources:[ar],skippedNodes:[0],repeatNodeCount:9,tokenData:"!]tw8twx7Sx!P8t!P!Q5u!Q!]8t!]!^/^!^!a7S!a#S8t#S#T;{#T#s8t#s$f5u$f;'S8t;'S;=`>V<%l?Ah8t?Ah?BY5u?BY?Mn8t?MnO5u!Z5zbkWOX5uXZ7SZ[5u[^7S^p5uqr5urs7Sst+Ptw5uwx7Sx!]5u!]!^7w!^!a7S!a#S5u#S#T7S#T;'S5u;'S;=`8n<%lO5u!R7VVOp7Sqs7St!]7S!]!^7l!^;'S7S;'S;=`7q<%lO7S!R7qOa!R!R7tP;=`<%l7S!Z8OYkWa!ROX+PZ[+P^p+Pqr+Psw+Px!^+P!a#S+P#T;'S+P;'S;=`+t<%lO+P!Z8qP;=`<%l5u!_8{ihSkWOX5uXZ7SZ[5u[^7S^p5uqr8trs7Sst/^tw8twx7Sx!P8t!P!Q5u!Q!]8t!]!^:j!^!a7S!a#S8t#S#T;{#T#s8t#s$f5u$f;'S8t;'S;=`>V<%l?Ah8t?Ah?BY5u?BY?Mn8t?MnO5u!_:sbhSkWa!ROX+PZ[+P^p+Pqr/^sw/^x!P/^!P!Q+P!Q!^/^!a#S/^#S#T0m#T#s/^#s$f+P$f;'S/^;'S;=`1e<%l?Ah/^?Ah?BY+P?BY?Mn/^?MnO+P!VP<%l?Ah;{?Ah?BY7S?BY?Mn;{?MnO7S!V=dXhSa!Rqr0msw0mx!P0m!Q!^0m!a#s0m$f;'S0m;'S;=`1_<%l?Ah0m?BY?Mn0m!V>SP;=`<%l;{!_>YP;=`<%l8t!_>dhhSkWOX@OXZAYZ[@O[^AY^p@OqrBwrsAYswBwwxAYx!PBw!P!Q@O!Q!]Bw!]!^/^!^!aAY!a#SBw#S#TE{#T#sBw#s$f@O$f;'SBw;'S;=`HS<%l?AhBw?Ah?BY@O?BY?MnBw?MnO@O!Z@TakWOX@OXZAYZ[@O[^AY^p@Oqr@OrsAYsw@OwxAYx!]@O!]!^Az!^!aAY!a#S@O#S#TAY#T;'S@O;'S;=`Bq<%lO@O!RA]UOpAYq!]AY!]!^Ao!^;'SAY;'S;=`At<%lOAY!RAtOb!R!RAwP;=`<%lAY!ZBRYkWb!ROX+PZ[+P^p+Pqr+Psw+Px!^+P!a#S+P#T;'S+P;'S;=`+t<%lO+P!ZBtP;=`<%l@O!_COhhSkWOX@OXZAYZ[@O[^AY^p@OqrBwrsAYswBwwxAYx!PBw!P!Q@O!Q!]Bw!]!^Dj!^!aAY!a#SBw#S#TE{#T#sBw#s$f@O$f;'SBw;'S;=`HS<%l?AhBw?Ah?BY@O?BY?MnBw?MnO@O!_DsbhSkWb!ROX+PZ[+P^p+Pqr/^sw/^x!P/^!P!Q+P!Q!^/^!a#S/^#S#T0m#T#s/^#s$f+P$f;'S/^;'S;=`1e<%l?Ah/^?Ah?BY+P?BY?Mn/^?MnO+P!VFQbhSOpAYqrE{rsAYswE{wxAYx!PE{!P!QAY!Q!]E{!]!^GY!^!aAY!a#sE{#s$fAY$f;'SE{;'S;=`G|<%l?AhE{?Ah?BYAY?BY?MnE{?MnOAY!VGaXhSb!Rqr0msw0mx!P0m!Q!^0m!a#s0m$f;'S0m;'S;=`1_<%l?Ah0m?BY?Mn0m!VHPP;=`<%lE{!_HVP;=`<%lBw!ZHcW!bx`P!a`Or(trs'ksv(tw!^(t!^!_)e!_;'S(t;'S;=`*P<%lO(t!aIYlhS`PkW!a`!cpOX$qXZ&XZ[$q[^&X^p$qpq&Xqr-_rs&}sv-_vw/^wx(tx}-_}!OKQ!O!P-_!P!Q$q!Q!^-_!^!_*V!_!a&X!a#S-_#S#T1k#T#s-_#s$f$q$f;'S-_;'S;=`3X<%l?Ah-_?Ah?BY$q?BY?Mn-_?MnO$q!aK_khS`PkW!a`!cpOX$qXZ&XZ[$q[^&X^p$qpq&Xqr-_rs&}sv-_vw/^wx(tx!P-_!P!Q$q!Q!^-_!^!_*V!_!`&X!`!aMS!a#S-_#S#T1k#T#s-_#s$f$q$f;'S-_;'S;=`3X<%l?Ah-_?Ah?BY$q?BY?Mn-_?MnO$q!TM_X`P!a`!cp!eQOr&Xrs&}sv&Xwx(tx!^&X!^!_*V!_;'S&X;'S;=`*y<%lO&X!aNZ!ZhSfQ`PkW!a`!cpOX$qXZ&XZ[$q[^&X^p$qpq&Xqr-_rs&}sv-_vw/^wx(tx}-_}!OMz!O!PMz!P!Q$q!Q![Mz![!]Mz!]!^-_!^!_*V!_!a&X!a!c-_!c!}Mz!}#R-_#R#SMz#S#T1k#T#oMz#o#s-_#s$f$q$f$}-_$}%OMz%O%W-_%W%oMz%o%p-_%p&aMz&a&b-_&b1pMz1p4UMz4U4dMz4d4e-_4e$ISMz$IS$I`-_$I`$IbMz$Ib$Je-_$Je$JgMz$Jg$Kh-_$Kh%#tMz%#t&/x-_&/x&EtMz&Et&FV-_&FV;'SMz;'S;:j!#|;:j;=`3X<%l?&r-_?&r?AhMz?Ah?BY$q?BY?MnMz?MnO$q!a!$PP;=`<%lMz!R!$ZY!a`!cpOq*Vqr!$yrs(Vsv*Vwx)ex!a*V!a!b!4t!b;'S*V;'S;=`*s<%lO*V!R!%Q]!a`!cpOr*Vrs(Vsv*Vwx)ex}*V}!O!%y!O!f*V!f!g!']!g#W*V#W#X!0`#X;'S*V;'S;=`*s<%lO*V!R!&QX!a`!cpOr*Vrs(Vsv*Vwx)ex}*V}!O!&m!O;'S*V;'S;=`*s<%lO*V!R!&vV!a`!cp!dPOr*Vrs(Vsv*Vwx)ex;'S*V;'S;=`*s<%lO*V!R!'dX!a`!cpOr*Vrs(Vsv*Vwx)ex!q*V!q!r!(P!r;'S*V;'S;=`*s<%lO*V!R!(WX!a`!cpOr*Vrs(Vsv*Vwx)ex!e*V!e!f!(s!f;'S*V;'S;=`*s<%lO*V!R!(zX!a`!cpOr*Vrs(Vsv*Vwx)ex!v*V!v!w!)g!w;'S*V;'S;=`*s<%lO*V!R!)nX!a`!cpOr*Vrs(Vsv*Vwx)ex!{*V!{!|!*Z!|;'S*V;'S;=`*s<%lO*V!R!*bX!a`!cpOr*Vrs(Vsv*Vwx)ex!r*V!r!s!*}!s;'S*V;'S;=`*s<%lO*V!R!+UX!a`!cpOr*Vrs(Vsv*Vwx)ex!g*V!g!h!+q!h;'S*V;'S;=`*s<%lO*V!R!+xY!a`!cpOr!+qrs!,hsv!+qvw!-Swx!.[x!`!+q!`!a!/j!a;'S!+q;'S;=`!0Y<%lO!+qq!,mV!cpOv!,hvx!-Sx!`!,h!`!a!-q!a;'S!,h;'S;=`!.U<%lO!,hP!-VTO!`!-S!`!a!-f!a;'S!-S;'S;=`!-k<%lO!-SP!-kO{PP!-nP;=`<%l!-Sq!-xS!cp{POv(Vx;'S(V;'S;=`(h<%lO(Vq!.XP;=`<%l!,ha!.aX!a`Or!.[rs!-Ssv!.[vw!-Sw!`!.[!`!a!.|!a;'S!.[;'S;=`!/d<%lO!.[a!/TT!a`{POr)esv)ew;'S)e;'S;=`)y<%lO)ea!/gP;=`<%l!.[!R!/sV!a`!cp{POr*Vrs(Vsv*Vwx)ex;'S*V;'S;=`*s<%lO*V!R!0]P;=`<%l!+q!R!0gX!a`!cpOr*Vrs(Vsv*Vwx)ex#c*V#c#d!1S#d;'S*V;'S;=`*s<%lO*V!R!1ZX!a`!cpOr*Vrs(Vsv*Vwx)ex#V*V#V#W!1v#W;'S*V;'S;=`*s<%lO*V!R!1}X!a`!cpOr*Vrs(Vsv*Vwx)ex#h*V#h#i!2j#i;'S*V;'S;=`*s<%lO*V!R!2qX!a`!cpOr*Vrs(Vsv*Vwx)ex#m*V#m#n!3^#n;'S*V;'S;=`*s<%lO*V!R!3eX!a`!cpOr*Vrs(Vsv*Vwx)ex#d*V#d#e!4Q#e;'S*V;'S;=`*s<%lO*V!R!4XX!a`!cpOr*Vrs(Vsv*Vwx)ex#X*V#X#Y!+q#Y;'S*V;'S;=`*s<%lO*V!R!4{Y!a`!cpOr!4trs!5ksv!4tvw!6Vwx!8]x!a!4t!a!b!:]!b;'S!4t;'S;=`!;r<%lO!4tq!5pV!cpOv!5kvx!6Vx!a!5k!a!b!7W!b;'S!5k;'S;=`!8V<%lO!5kP!6YTO!a!6V!a!b!6i!b;'S!6V;'S;=`!7Q<%lO!6VP!6lTO!`!6V!`!a!6{!a;'S!6V;'S;=`!7Q<%lO!6VP!7QOxPP!7TP;=`<%l!6Vq!7]V!cpOv!5kvx!6Vx!`!5k!`!a!7r!a;'S!5k;'S;=`!8V<%lO!5kq!7yS!cpxPOv(Vx;'S(V;'S;=`(h<%lO(Vq!8YP;=`<%l!5ka!8bX!a`Or!8]rs!6Vsv!8]vw!6Vw!a!8]!a!b!8}!b;'S!8];'S;=`!:V<%lO!8]a!9SX!a`Or!8]rs!6Vsv!8]vw!6Vw!`!8]!`!a!9o!a;'S!8];'S;=`!:V<%lO!8]a!9vT!a`xPOr)esv)ew;'S)e;'S;=`)y<%lO)ea!:YP;=`<%l!8]!R!:dY!a`!cpOr!4trs!5ksv!4tvw!6Vwx!8]x!`!4t!`!a!;S!a;'S!4t;'S;=`!;r<%lO!4t!R!;]V!a`!cpxPOr*Vrs(Vsv*Vwx)ex;'S*V;'S;=`*s<%lO*V!R!;uP;=`<%l!4t!V!{let Q=l.type.id;if(Q==Va)return $O(l,o,t);if(Q==ja)return $O(l,o,a);if(Q==za)return $O(l,o,r);if(Q==Me&&s.length){let h=l.node,c=h.firstChild,d=c&&ce(c,o),p;if(d){for(let f of s)if(f.tag==d&&(!f.attrs||f.attrs(p||(p=De(c,o))))){let S=h.lastChild,m=S.type.id==Wa?S.from:h.to;if(m>c.to)return{parser:f.parser,overlay:[{from:c.to,to:m}]}}}}if(i&&Q==Le){let h=l.node,c;if(c=h.firstChild){let d=i[o.read(c.from,c.to)];if(d)for(let p of d){if(p.tagName&&p.tagName!=ce(h.parent,o))continue;let f=h.lastChild;if(f.type.id==bO){let S=f.from+1,m=f.lastChild,X=f.to-(m&&m.isError?0:1);if(X>S)return{parser:p.parser,overlay:[{from:S,to:X}]}}else if(f.type.id==Be)return{parser:p.parser,overlay:[{from:f.from,to:f.to}]}}}}return null})}const ir=101,Qe=1,sr=102,lr=103,pe=2,Ke=[9,10,11,12,13,32,133,160,5760,8192,8193,8194,8195,8196,8197,8198,8199,8200,8201,8202,8232,8233,8239,8287,12288],nr=58,or=40,Fe=95,cr=91,rO=45,Qr=46,pr=35,hr=37,ur=38,fr=92,dr=10;function L(e){return e>=65&&e<=90||e>=97&&e<=122||e>=161}function He(e){return e>=48&&e<=57}const $r=new x((e,O)=>{for(let t=!1,a=0,r=0;;r++){let{next:s}=e;if(L(s)||s==rO||s==Fe||t&&He(s))!t&&(s!=rO||r>0)&&(t=!0),a===r&&s==rO&&a++,e.advance();else if(s==fr&&e.peek(1)!=dr)e.advance(),e.next>-1&&e.advance(),t=!0;else{t&&e.acceptToken(s==or?sr:a==2&&O.canShift(pe)?pe:lr);break}}}),Sr=new x(e=>{if(Ke.includes(e.peek(-1))){let{next:O}=e;(L(O)||O==Fe||O==pr||O==Qr||O==cr||O==nr&&L(e.peek(1))||O==rO||O==ur)&&e.acceptToken(ir)}}),mr=new x(e=>{if(!Ke.includes(e.peek(-1))){let{next:O}=e;if(O==hr&&(e.advance(),e.acceptToken(Qe)),L(O)){do e.advance();while(L(e.next)||He(e.next));e.acceptToken(Qe)}}}),Pr=I({"AtKeyword import charset namespace keyframes media supports":n.definitionKeyword,"from to selector":n.keyword,NamespaceName:n.namespace,KeyframeName:n.labelName,KeyframeRangeName:n.operatorKeyword,TagName:n.tagName,ClassName:n.className,PseudoClassName:n.constant(n.className),IdName:n.labelName,"FeatureName PropertyName":n.propertyName,AttributeName:n.attributeName,NumberLiteral:n.number,KeywordQuery:n.keyword,UnaryQueryOp:n.operatorKeyword,"CallTag ValueName":n.atom,VariableName:n.variableName,Callee:n.operatorKeyword,Unit:n.unit,"UniversalSelector NestingSelector":n.definitionOperator,MatchOp:n.compareOperator,"ChildOp SiblingOp, LogicOp":n.logicOperator,BinOp:n.arithmeticOperator,Important:n.modifier,Comment:n.blockComment,ColorLiteral:n.color,"ParenthesizedContent StringLiteral":n.string,":":n.punctuation,"PseudoOp #":n.derefOperator,"; ,":n.separator,"( )":n.paren,"[ ]":n.squareBracket,"{ }":n.brace}),gr={__proto__:null,lang:34,"nth-child":34,"nth-last-child":34,"nth-of-type":34,"nth-last-of-type":34,dir:34,"host-context":34,url:62,"url-prefix":62,domain:62,regexp:62,selector:140},Zr={__proto__:null,"@import":120,"@media":144,"@charset":148,"@namespace":152,"@keyframes":158,"@supports":170},kr={__proto__:null,not:134,only:134},xr=_.deserialize({version:14,states:":|QYQ[OOO#_Q[OOP#fOWOOOOQP'#Cd'#CdOOQP'#Cc'#CcO#kQ[O'#CfO$[QXO'#CaO$fQ[O'#CiO$qQ[O'#DUO$vQ[O'#DXOOQP'#Eo'#EoO${QdO'#DhO%jQ[O'#DuO${QdO'#DwO%{Q[O'#DyO&WQ[O'#D|O&`Q[O'#ESO&nQ[O'#EUOOQS'#En'#EnOOQS'#EX'#EXQYQ[OOO&uQXO'#CdO'jQWO'#DdO'oQWO'#EtO'zQ[O'#EtQOQWOOP(UO#tO'#C_POOO)C@^)C@^OOQP'#Ch'#ChOOQP,59Q,59QO#kQ[O,59QO(aQ[O,59TO$qQ[O,59pO$vQ[O,59sO(lQ[O,59vO(lQ[O,59xO(lQ[O,59yO(lQ[O'#E^O)WQWO,58{O)`Q[O'#DcOOQS,58{,58{OOQP'#Cl'#ClOOQO'#DS'#DSOOQP,59T,59TO)gQWO,59TO)lQWO,59TOOQP'#DW'#DWOOQP,59p,59pOOQO'#DY'#DYO)qQ`O,59sOOQS'#Cq'#CqO${QdO'#CrO)yQvO'#CtO+ZQtO,5:SOOQO'#Cy'#CyO)lQWO'#CxO+oQWO'#CzO+tQ[O'#DPOOQS'#Eq'#EqOOQO'#Dk'#DkO+|Q[O'#DrO,[QWO'#EuO&`Q[O'#DpO,jQWO'#DsOOQO'#Ev'#EvO)ZQWO,5:aO,oQpO,5:cOOQS'#D{'#D{O,wQWO,5:eO,|Q[O,5:eOOQO'#EO'#EOO-UQWO,5:hO-ZQWO,5:nO-cQWO,5:pOOQS-E8V-E8VO-kQdO,5:OO-{Q[O'#E`O.YQWO,5;`O.YQWO,5;`POOO'#EW'#EWP.eO#tO,58yPOOO,58y,58yOOQP1G.l1G.lOOQP1G.o1G.oO)gQWO1G.oO)lQWO1G.oOOQP1G/[1G/[O.pQ`O1G/_O/ZQXO1G/bO/qQXO1G/dO0XQXO1G/eO0oQXO,5:xOOQO-E8[-E8[OOQS1G.g1G.gO0yQWO,59}O1OQ[O'#DTO1VQdO'#CpOOQP1G/_1G/_O${QdO1G/_O1^QpO,59^OOQS,59`,59`O${QdO,59bO1fQWO1G/nOOQS,59d,59dO1kQ!bO,59fOOQS'#DQ'#DQOOQS'#EZ'#EZO1vQ[O,59kOOQS,59k,59kO2OQWO'#DkO2ZQWO,5:WO2`QWO,5:^O&`Q[O,5:YO2hQ[O'#EaO3PQWO,5;aO3[QWO,5:[O(lQ[O,5:_OOQS1G/{1G/{OOQS1G/}1G/}OOQS1G0P1G0PO3mQWO1G0PO3rQdO'#EPOOQS1G0S1G0SOOQS1G0Y1G0YOOQS1G0[1G0[O3}QtO1G/jOOQO1G/j1G/jOOQO,5:z,5:zO4eQ[O,5:zOOQO-E8^-E8^O4rQWO1G0zPOOO-E8U-E8UPOOO1G.e1G.eOOQP7+$Z7+$ZOOQP7+$y7+$yO${QdO7+$yOOQS1G/i1G/iO4}QXO'#EsO5XQWO,59oO5^QtO'#EYO6UQdO'#EpO6`QWO,59[O6eQpO7+$yOOQS1G.x1G.xOOQS1G.|1G.|OOQS7+%Y7+%YOOQS1G/Q1G/QO6mQWO1G/QOOQS-E8X-E8XOOQS1G/V1G/VO${QdO1G/rOOQO1G/x1G/xOOQO1G/t1G/tO6rQWO,5:{OOQO-E8_-E8_O7QQXO1G/yOOQS7+%k7+%kO7XQYO'#CtOOQO'#ER'#ERO7dQ`O'#EQOOQO'#EQ'#EQO7oQWO'#EbO7wQdO,5:kOOQS,5:k,5:kO8SQtO'#E_O${QdO'#E_O9TQdO7+%UOOQO7+%U7+%UOOQO1G0f1G0fO9hQpO<PAN>PO;nQXO,5:wOOQO-E8Z-E8ZO;xQdO,5:vOOQO-E8Y-E8YOOQO<T![;'S%^;'S;=`%o<%lO%^l;TUp`Oy%^z!Q%^!Q![;g![;'S%^;'S;=`%o<%lO%^l;nYp`#f[Oy%^z!Q%^!Q![;g![!g%^!g!h<^!h#X%^#X#Y<^#Y;'S%^;'S;=`%o<%lO%^l[[p`#f[Oy%^z!O%^!O!P;g!P!Q%^!Q![>T![!g%^!g!h<^!h#X%^#X#Y<^#Y;'S%^;'S;=`%o<%lO%^n?VSu^Oy%^z;'S%^;'S;=`%o<%lO%^l?hWkWOy%^z!O%^!O!P;O!P!Q%^!Q![>T![;'S%^;'S;=`%o<%lO%^n@VUZQOy%^z!Q%^!Q![;g![;'S%^;'S;=`%o<%lO%^~@nTkWOy%^z{@}{;'S%^;'S;=`%o<%lO%^~AUSp`#^~Oy%^z;'S%^;'S;=`%o<%lO%^lAg[#f[Oy%^z!O%^!O!P;g!P!Q%^!Q![>T![!g%^!g!h<^!h#X%^#X#Y<^#Y;'S%^;'S;=`%o<%lO%^bBbU^QOy%^z![%^![!]Bt!];'S%^;'S;=`%o<%lO%^bB{S_Qp`Oy%^z;'S%^;'S;=`%o<%lO%^nC^S!Z^Oy%^z;'S%^;'S;=`%o<%lO%^dCoS}SOy%^z;'S%^;'S;=`%o<%lO%^bDQU!PQOy%^z!`%^!`!aDd!a;'S%^;'S;=`%o<%lO%^bDkS!PQp`Oy%^z;'S%^;'S;=`%o<%lO%^bDzWOy%^z!c%^!c!}Ed!}#T%^#T#oEd#o;'S%^;'S;=`%o<%lO%^bEk[!]Qp`Oy%^z}%^}!OEd!O!Q%^!Q![Ed![!c%^!c!}Ed!}#T%^#T#oEd#o;'S%^;'S;=`%o<%lO%^nFfSr^Oy%^z;'S%^;'S;=`%o<%lO%^nFwSq^Oy%^z;'S%^;'S;=`%o<%lO%^bGWUOy%^z#b%^#b#cGj#c;'S%^;'S;=`%o<%lO%^bGoUp`Oy%^z#W%^#W#XHR#X;'S%^;'S;=`%o<%lO%^bHYS!cQp`Oy%^z;'S%^;'S;=`%o<%lO%^bHiUOy%^z#f%^#f#gHR#g;'S%^;'S;=`%o<%lO%^fIQS!UUOy%^z;'S%^;'S;=`%o<%lO%^nIcS!T^Oy%^z;'S%^;'S;=`%o<%lO%^fItU!SQOy%^z!_%^!_!`6y!`;'S%^;'S;=`%o<%lO%^`JZP;=`<%l$}",tokenizers:[Sr,mr,$r,1,2,3,4,new nO("m~RRYZ[z{a~~g~aO#`~~dP!P!Qg~lO#a~~",28,107)],topRules:{StyleSheet:[0,4],Styles:[1,87]},specialized:[{term:102,get:e=>gr[e]||-1},{term:59,get:e=>Zr[e]||-1},{term:103,get:e=>kr[e]||-1}],tokenPrec:1246});let SO=null;function mO(){if(!SO&&typeof document=="object"&&document.body){let{style:e}=document.body,O=[],t=new Set;for(let a in e)a!="cssText"&&a!="cssFloat"&&typeof e[a]=="string"&&(/[A-Z]/.test(a)&&(a=a.replace(/[A-Z]/g,r=>"-"+r.toLowerCase())),t.has(a)||(O.push(a),t.add(a)));SO=O.sort().map(a=>({type:"property",label:a,apply:a+": "}))}return SO||[]}const he=["active","after","any-link","autofill","backdrop","before","checked","cue","default","defined","disabled","empty","enabled","file-selector-button","first","first-child","first-letter","first-line","first-of-type","focus","focus-visible","focus-within","fullscreen","has","host","host-context","hover","in-range","indeterminate","invalid","is","lang","last-child","last-of-type","left","link","marker","modal","not","nth-child","nth-last-child","nth-last-of-type","nth-of-type","only-child","only-of-type","optional","out-of-range","part","placeholder","placeholder-shown","read-only","read-write","required","right","root","scope","selection","slotted","target","target-text","valid","visited","where"].map(e=>({type:"class",label:e})),ue=["above","absolute","activeborder","additive","activecaption","after-white-space","ahead","alias","all","all-scroll","alphabetic","alternate","always","antialiased","appworkspace","asterisks","attr","auto","auto-flow","avoid","avoid-column","avoid-page","avoid-region","axis-pan","background","backwards","baseline","below","bidi-override","blink","block","block-axis","bold","bolder","border","border-box","both","bottom","break","break-all","break-word","bullets","button","button-bevel","buttonface","buttonhighlight","buttonshadow","buttontext","calc","capitalize","caps-lock-indicator","caption","captiontext","caret","cell","center","checkbox","circle","cjk-decimal","clear","clip","close-quote","col-resize","collapse","color","color-burn","color-dodge","column","column-reverse","compact","condensed","contain","content","contents","content-box","context-menu","continuous","copy","counter","counters","cover","crop","cross","crosshair","currentcolor","cursive","cyclic","darken","dashed","decimal","decimal-leading-zero","default","default-button","dense","destination-atop","destination-in","destination-out","destination-over","difference","disc","discard","disclosure-closed","disclosure-open","document","dot-dash","dot-dot-dash","dotted","double","down","e-resize","ease","ease-in","ease-in-out","ease-out","element","ellipse","ellipsis","embed","end","ethiopic-abegede-gez","ethiopic-halehame-aa-er","ethiopic-halehame-gez","ew-resize","exclusion","expanded","extends","extra-condensed","extra-expanded","fantasy","fast","fill","fill-box","fixed","flat","flex","flex-end","flex-start","footnotes","forwards","from","geometricPrecision","graytext","grid","groove","hand","hard-light","help","hidden","hide","higher","highlight","highlighttext","horizontal","hsl","hsla","hue","icon","ignore","inactiveborder","inactivecaption","inactivecaptiontext","infinite","infobackground","infotext","inherit","initial","inline","inline-axis","inline-block","inline-flex","inline-grid","inline-table","inset","inside","intrinsic","invert","italic","justify","keep-all","landscape","large","larger","left","level","lighter","lighten","line-through","linear","linear-gradient","lines","list-item","listbox","listitem","local","logical","loud","lower","lower-hexadecimal","lower-latin","lower-norwegian","lowercase","ltr","luminosity","manipulation","match","matrix","matrix3d","medium","menu","menutext","message-box","middle","min-intrinsic","mix","monospace","move","multiple","multiple_mask_images","multiply","n-resize","narrower","ne-resize","nesw-resize","no-close-quote","no-drop","no-open-quote","no-repeat","none","normal","not-allowed","nowrap","ns-resize","numbers","numeric","nw-resize","nwse-resize","oblique","opacity","open-quote","optimizeLegibility","optimizeSpeed","outset","outside","outside-shape","overlay","overline","padding","padding-box","painted","page","paused","perspective","pinch-zoom","plus-darker","plus-lighter","pointer","polygon","portrait","pre","pre-line","pre-wrap","preserve-3d","progress","push-button","radial-gradient","radio","read-only","read-write","read-write-plaintext-only","rectangle","region","relative","repeat","repeating-linear-gradient","repeating-radial-gradient","repeat-x","repeat-y","reset","reverse","rgb","rgba","ridge","right","rotate","rotate3d","rotateX","rotateY","rotateZ","round","row","row-resize","row-reverse","rtl","run-in","running","s-resize","sans-serif","saturation","scale","scale3d","scaleX","scaleY","scaleZ","screen","scroll","scrollbar","scroll-position","se-resize","self-start","self-end","semi-condensed","semi-expanded","separate","serif","show","single","skew","skewX","skewY","skip-white-space","slide","slider-horizontal","slider-vertical","sliderthumb-horizontal","sliderthumb-vertical","slow","small","small-caps","small-caption","smaller","soft-light","solid","source-atop","source-in","source-out","source-over","space","space-around","space-between","space-evenly","spell-out","square","start","static","status-bar","stretch","stroke","stroke-box","sub","subpixel-antialiased","svg_masks","super","sw-resize","symbolic","symbols","system-ui","table","table-caption","table-cell","table-column","table-column-group","table-footer-group","table-header-group","table-row","table-row-group","text","text-bottom","text-top","textarea","textfield","thick","thin","threeddarkshadow","threedface","threedhighlight","threedlightshadow","threedshadow","to","top","transform","translate","translate3d","translateX","translateY","translateZ","transparent","ultra-condensed","ultra-expanded","underline","unidirectional-pan","unset","up","upper-latin","uppercase","url","var","vertical","vertical-text","view-box","visible","visibleFill","visiblePainted","visibleStroke","visual","w-resize","wait","wave","wider","window","windowframe","windowtext","words","wrap","wrap-reverse","x-large","x-small","xor","xx-large","xx-small"].map(e=>({type:"keyword",label:e})).concat(["aliceblue","antiquewhite","aqua","aquamarine","azure","beige","bisque","black","blanchedalmond","blue","blueviolet","brown","burlywood","cadetblue","chartreuse","chocolate","coral","cornflowerblue","cornsilk","crimson","cyan","darkblue","darkcyan","darkgoldenrod","darkgray","darkgreen","darkkhaki","darkmagenta","darkolivegreen","darkorange","darkorchid","darkred","darksalmon","darkseagreen","darkslateblue","darkslategray","darkturquoise","darkviolet","deeppink","deepskyblue","dimgray","dodgerblue","firebrick","floralwhite","forestgreen","fuchsia","gainsboro","ghostwhite","gold","goldenrod","gray","grey","green","greenyellow","honeydew","hotpink","indianred","indigo","ivory","khaki","lavender","lavenderblush","lawngreen","lemonchiffon","lightblue","lightcoral","lightcyan","lightgoldenrodyellow","lightgray","lightgreen","lightpink","lightsalmon","lightseagreen","lightskyblue","lightslategray","lightsteelblue","lightyellow","lime","limegreen","linen","magenta","maroon","mediumaquamarine","mediumblue","mediumorchid","mediumpurple","mediumseagreen","mediumslateblue","mediumspringgreen","mediumturquoise","mediumvioletred","midnightblue","mintcream","mistyrose","moccasin","navajowhite","navy","oldlace","olive","olivedrab","orange","orangered","orchid","palegoldenrod","palegreen","paleturquoise","palevioletred","papayawhip","peachpuff","peru","pink","plum","powderblue","purple","rebeccapurple","red","rosybrown","royalblue","saddlebrown","salmon","sandybrown","seagreen","seashell","sienna","silver","skyblue","slateblue","slategray","snow","springgreen","steelblue","tan","teal","thistle","tomato","turquoise","violet","wheat","white","whitesmoke","yellow","yellowgreen"].map(e=>({type:"constant",label:e}))),Xr=["a","abbr","address","article","aside","b","bdi","bdo","blockquote","body","br","button","canvas","caption","cite","code","col","colgroup","dd","del","details","dfn","dialog","div","dl","dt","em","figcaption","figure","footer","form","header","hgroup","h1","h2","h3","h4","h5","h6","hr","html","i","iframe","img","input","ins","kbd","label","legend","li","main","meter","nav","ol","output","p","pre","ruby","section","select","small","source","span","strong","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","tr","u","ul"].map(e=>({type:"type",label:e})),br=["@charset","@color-profile","@container","@counter-style","@font-face","@font-feature-values","@font-palette-values","@import","@keyframes","@layer","@media","@namespace","@page","@position-try","@property","@scope","@starting-style","@supports","@view-transition"].map(e=>({type:"keyword",label:e})),v=/^(\w[\w-]*|-\w[\w-]*|)$/,yr=/^-(-[\w-]*)?$/;function vr(e,O){var t;if((e.name=="("||e.type.isError)&&(e=e.parent||e),e.name!="ArgList")return!1;let a=(t=e.parent)===null||t===void 0?void 0:t.firstChild;return(a==null?void 0:a.name)!="Callee"?!1:O.sliceString(a.from,a.to)=="var"}const fe=new Ye,Tr=["Declaration"];function wr(e){for(let O=e;;){if(O.type.isTop)return O;if(!(O=O.parent))return e}}function Ot(e,O,t){if(O.to-O.from>4096){let a=fe.get(O);if(a)return a;let r=[],s=new Set,i=O.cursor(VO.IncludeAnonymous);if(i.firstChild())do for(let l of Ot(e,i.node,t))s.has(l.label)||(s.add(l.label),r.push(l));while(i.nextSibling());return fe.set(O,r),r}else{let a=[],r=new Set;return O.cursor().iterate(s=>{var i;if(t(s)&&s.matchContext(Tr)&&((i=s.node.nextSibling)===null||i===void 0?void 0:i.name)==":"){let l=e.sliceString(s.from,s.to);r.has(l)||(r.add(l),a.push({label:l,type:"variable"}))}}),a}}const _r=e=>O=>{let{state:t,pos:a}=O,r=U(t).resolveInner(a,-1),s=r.type.isError&&r.from==r.to-1&&t.doc.sliceString(r.from,r.to)=="-";if(r.name=="PropertyName"||(s||r.name=="TagName")&&/^(Block|Styles)$/.test(r.resolve(r.to).name))return{from:r.from,options:mO(),validFor:v};if(r.name=="ValueName")return{from:r.from,options:ue,validFor:v};if(r.name=="PseudoClassName")return{from:r.from,options:he,validFor:v};if(e(r)||(O.explicit||s)&&vr(r,t.doc))return{from:e(r)||s?r.from:a,options:Ot(t.doc,wr(r),e),validFor:yr};if(r.name=="TagName"){for(let{parent:o}=r;o;o=o.parent)if(o.name=="Block")return{from:r.from,options:mO(),validFor:v};return{from:r.from,options:Xr,validFor:v}}if(r.name=="AtKeyword")return{from:r.from,options:br,validFor:v};if(!O.explicit)return null;let i=r.resolve(a),l=i.childBefore(a);return l&&l.name==":"&&i.name=="PseudoClassSelector"?{from:a,options:he,validFor:v}:l&&l.name==":"&&i.name=="Declaration"||i.name=="ArgList"?{from:a,options:ue,validFor:v}:i.name=="Block"||i.name=="Styles"?{from:a,options:mO(),validFor:v}:null},qr=_r(e=>e.name=="VariableName"),QO=D.define({name:"css",parser:xr.configure({props:[J.add({Declaration:V()}),K.add({"Block KeyframeList":jO})]}),languageData:{commentTokens:{block:{open:"/*",close:"*/"}},indentOnInput:/^\s*\}$/,wordChars:"-"}});function Yr(){return new F(QO,QO.data.of({autocomplete:qr}))}const Rr=315,Vr=316,de=1,jr=2,zr=3,Gr=4,Wr=317,Ur=319,Cr=320,Er=5,Ar=6,Mr=0,vO=[9,10,11,12,13,32,133,160,5760,8192,8193,8194,8195,8196,8197,8198,8199,8200,8201,8202,8232,8233,8239,8287,12288],et=125,Lr=59,TO=47,Br=42,Nr=43,Ir=45,Dr=60,Jr=44,Kr=63,Fr=46,Hr=91,Oi=new We({start:!1,shift(e,O){return O==Er||O==Ar||O==Ur?e:O==Cr},strict:!1}),ei=new x((e,O)=>{let{next:t}=e;(t==et||t==-1||O.context)&&e.acceptToken(Wr)},{contextual:!0,fallback:!0}),ti=new x((e,O)=>{let{next:t}=e,a;vO.indexOf(t)>-1||t==TO&&((a=e.peek(1))==TO||a==Br)||t!=et&&t!=Lr&&t!=-1&&!O.context&&e.acceptToken(Rr)},{contextual:!0}),ai=new x((e,O)=>{e.next==Hr&&!O.context&&e.acceptToken(Vr)},{contextual:!0}),ri=new x((e,O)=>{let{next:t}=e;if(t==Nr||t==Ir){if(e.advance(),t==e.next){e.advance();let a=!O.context&&O.canShift(de);e.acceptToken(a?de:jr)}}else t==Kr&&e.peek(1)==Fr&&(e.advance(),e.advance(),(e.next<48||e.next>57)&&e.acceptToken(zr))},{contextual:!0});function PO(e,O){return e>=65&&e<=90||e>=97&&e<=122||e==95||e>=192||!O&&e>=48&&e<=57}const ii=new x((e,O)=>{if(e.next!=Dr||!O.dialectEnabled(Mr)||(e.advance(),e.next==TO))return;let t=0;for(;vO.indexOf(e.next)>-1;)e.advance(),t++;if(PO(e.next,!0)){for(e.advance(),t++;PO(e.next,!1);)e.advance(),t++;for(;vO.indexOf(e.next)>-1;)e.advance(),t++;if(e.next==Jr)return;for(let a=0;;a++){if(a==7){if(!PO(e.next,!0))return;break}if(e.next!="extends".charCodeAt(a))break;e.advance(),t++}}e.acceptToken(Gr,-t)}),si=I({"get set async static":n.modifier,"for while do if else switch try catch finally return throw break continue default case":n.controlKeyword,"in of await yield void typeof delete instanceof as satisfies":n.operatorKeyword,"let var const using function class extends":n.definitionKeyword,"import export from":n.moduleKeyword,"with debugger new":n.keyword,TemplateString:n.special(n.string),super:n.atom,BooleanLiteral:n.bool,this:n.self,null:n.null,Star:n.modifier,VariableName:n.variableName,"CallExpression/VariableName TaggedTemplateExpression/VariableName":n.function(n.variableName),VariableDefinition:n.definition(n.variableName),Label:n.labelName,PropertyName:n.propertyName,PrivatePropertyName:n.special(n.propertyName),"CallExpression/MemberExpression/PropertyName":n.function(n.propertyName),"FunctionDeclaration/VariableDefinition":n.function(n.definition(n.variableName)),"ClassDeclaration/VariableDefinition":n.definition(n.className),"NewExpression/VariableName":n.className,PropertyDefinition:n.definition(n.propertyName),PrivatePropertyDefinition:n.definition(n.special(n.propertyName)),UpdateOp:n.updateOperator,"LineComment Hashbang":n.lineComment,BlockComment:n.blockComment,Number:n.number,String:n.string,Escape:n.escape,ArithOp:n.arithmeticOperator,LogicOp:n.logicOperator,BitOp:n.bitwiseOperator,CompareOp:n.compareOperator,RegExp:n.regexp,Equals:n.definitionOperator,Arrow:n.function(n.punctuation),": Spread":n.punctuation,"( )":n.paren,"[ ]":n.squareBracket,"{ }":n.brace,"InterpolationStart InterpolationEnd":n.special(n.brace),".":n.derefOperator,", ;":n.separator,"@":n.meta,TypeName:n.typeName,TypeDefinition:n.definition(n.typeName),"type enum interface implements namespace module declare":n.definitionKeyword,"abstract global Privacy readonly override":n.modifier,"is keyof unique infer asserts":n.operatorKeyword,JSXAttributeValue:n.attributeValue,JSXText:n.content,"JSXStartTag JSXStartCloseTag JSXSelfCloseEndTag JSXEndTag":n.angleBracket,"JSXIdentifier JSXNameSpacedName":n.tagName,"JSXAttribute/JSXIdentifier JSXAttribute/JSXNameSpacedName":n.attributeName,"JSXBuiltin/JSXIdentifier":n.standard(n.tagName)}),li={__proto__:null,export:20,as:25,from:33,default:36,async:41,function:42,in:52,out:55,const:56,extends:60,this:64,true:72,false:72,null:84,void:88,typeof:92,super:108,new:142,delete:154,yield:163,await:167,class:172,public:235,private:235,protected:235,readonly:237,instanceof:256,satisfies:259,import:292,keyof:349,unique:353,infer:359,asserts:395,is:397,abstract:417,implements:419,type:421,let:424,var:426,using:429,interface:435,enum:439,namespace:445,module:447,declare:451,global:455,for:474,of:483,while:486,with:490,do:494,if:498,else:500,switch:504,case:510,try:516,catch:520,finally:524,return:528,throw:532,break:536,continue:540,debugger:544},ni={__proto__:null,async:129,get:131,set:133,declare:195,public:197,private:197,protected:197,static:199,abstract:201,override:203,readonly:209,accessor:211,new:401},oi={__proto__:null,"<":193},ci=_.deserialize({version:14,states:"$EOQ%TQlOOO%[QlOOO'_QpOOP(lO`OOO*zQ!0MxO'#CiO+RO#tO'#CjO+aO&jO'#CjO+oO#@ItO'#DaO.QQlO'#DgO.bQlO'#DrO%[QlO'#DzO0fQlO'#ESOOQ!0Lf'#E['#E[O1PQ`O'#EXOOQO'#Ep'#EpOOQO'#Ik'#IkO1XQ`O'#GsO1dQ`O'#EoO1iQ`O'#EoO3hQ!0MxO'#JqO6[Q!0MxO'#JrO6uQ`O'#F]O6zQ,UO'#FtOOQ!0Lf'#Ff'#FfO7VO7dO'#FfO7eQMhO'#F|O9[Q`O'#F{OOQ!0Lf'#Jr'#JrOOQ!0Lb'#Jq'#JqO9aQ`O'#GwOOQ['#K^'#K^O9lQ`O'#IXO9qQ!0LrO'#IYOOQ['#J_'#J_OOQ['#I^'#I^Q`QlOOQ`QlOOO9yQ!L^O'#DvO:QQlO'#EOO:XQlO'#EQO9gQ`O'#GsO:`QMhO'#CoO:nQ`O'#EnO:yQ`O'#EyO;OQMhO'#FeO;mQ`O'#GsOOQO'#K_'#K_O;rQ`O'#K_O`Q`O'#CeO>pQ`O'#HbO>xQ`O'#HhO>xQ`O'#HjO`QlO'#HlO>xQ`O'#HnO>xQ`O'#HqO>}Q`O'#HwO?SQ!0LsO'#H}O%[QlO'#IPO?_Q!0LsO'#IRO?jQ!0LsO'#ITO9qQ!0LrO'#IVO?uQ!0MxO'#CiO@wQpO'#DlQOQ`OOO%[QlO'#EQOA_Q`O'#ETO:`QMhO'#EnOAjQ`O'#EnOAuQ!bO'#FeOOQ['#Cg'#CgOOQ!0Lb'#Dq'#DqOOQ!0Lb'#Ju'#JuO%[QlO'#JuOOQO'#Jx'#JxOOQO'#Ig'#IgOBuQpO'#EgOOQ!0Lb'#Ef'#EfOOQ!0Lb'#J|'#J|OCqQ!0MSO'#EgOC{QpO'#EWOOQO'#Jw'#JwODaQpO'#JxOEnQpO'#EWOC{QpO'#EgPE{O&2DjO'#CbPOOO)CD|)CD|OOOO'#I_'#I_OFWO#tO,59UOOQ!0Lh,59U,59UOOOO'#I`'#I`OFfO&jO,59UOFtQ!L^O'#DcOOOO'#Ib'#IbOF{O#@ItO,59{OOQ!0Lf,59{,59{OGZQlO'#IcOGnQ`O'#JsOImQ!fO'#JsO+}QlO'#JsOItQ`O,5:ROJ[Q`O'#EpOJiQ`O'#KSOJtQ`O'#KROJtQ`O'#KROJ|Q`O,5;^OKRQ`O'#KQOOQ!0Ln,5:^,5:^OKYQlO,5:^OMWQ!0MxO,5:fOMwQ`O,5:nONbQ!0LrO'#KPONiQ`O'#KOO9aQ`O'#KOON}Q`O'#KOO! VQ`O,5;]O! [Q`O'#KOO!#aQ!fO'#JrOOQ!0Lh'#Ci'#CiO%[QlO'#ESO!$PQ!fO,5:sOOQS'#Jy'#JyOOQO-EsOOQ['#Jg'#JgOOQ[,5>t,5>tOOQ[-E<[-E<[O!nQ!0MxO,5:jO%[QlO,5:jO!AUQ!0MxO,5:lOOQO,5@y,5@yO!AuQMhO,5=_O!BTQ!0LrO'#JhO9[Q`O'#JhO!BfQ!0LrO,59ZO!BqQpO,59ZO!ByQMhO,59ZO:`QMhO,59ZO!CUQ`O,5;ZO!C^Q`O'#HaO!CrQ`O'#KcO%[QlO,5;}O!9xQpO,5}Q`O'#HWO9gQ`O'#HYO!EZQ`O'#HYO:`QMhO'#H[O!E`Q`O'#H[OOQ[,5=p,5=pO!EeQ`O'#H]O!EvQ`O'#CoO!E{Q`O,59PO!FVQ`O,59PO!H[QlO,59POOQ[,59P,59PO!HlQ!0LrO,59PO%[QlO,59PO!JwQlO'#HdOOQ['#He'#HeOOQ['#Hf'#HfO`QlO,5=|O!K_Q`O,5=|O`QlO,5>SO`QlO,5>UO!KdQ`O,5>WO`QlO,5>YO!KiQ`O,5>]O!KnQlO,5>cOOQ[,5>i,5>iO%[QlO,5>iO9qQ!0LrO,5>kOOQ[,5>m,5>mO# xQ`O,5>mOOQ[,5>o,5>oO# xQ`O,5>oOOQ[,5>q,5>qO#!fQpO'#D_O%[QlO'#JuO##XQpO'#JuO##cQpO'#DmO##tQpO'#DmO#&VQlO'#DmO#&^Q`O'#JtO#&fQ`O,5:WO#&kQ`O'#EtO#&yQ`O'#KTO#'RQ`O,5;_O#'WQpO'#DmO#'eQpO'#EVOOQ!0Lf,5:o,5:oO%[QlO,5:oO#'lQ`O,5:oO>}Q`O,5;YO!BqQpO,5;YO!ByQMhO,5;YO:`QMhO,5;YO#'tQ`O,5@aO#'yQ07dO,5:sOOQO-E}O+}QlO,5>}OOQO,5?T,5?TO#+RQlO'#IcOOQO-EOO$5PQ`O,5>OOOQ[1G3h1G3hO`QlO1G3hOOQ[1G3n1G3nOOQ[1G3p1G3pO>xQ`O1G3rO$5UQlO1G3tO$9YQlO'#HsOOQ[1G3w1G3wO$9gQ`O'#HyO>}Q`O'#H{OOQ[1G3}1G3}O$9oQlO1G3}O9qQ!0LrO1G4TOOQ[1G4V1G4VOOQ!0Lb'#G_'#G_O9qQ!0LrO1G4XO9qQ!0LrO1G4ZO$=vQ`O,5@aO!)PQlO,5;`O9aQ`O,5;`O>}Q`O,5:XO!)PQlO,5:XO!BqQpO,5:XO$={Q?MtO,5:XOOQO,5;`,5;`O$>VQpO'#IdO$>mQ`O,5@`OOQ!0Lf1G/r1G/rO$>uQpO'#IjO$?PQ`O,5@oOOQ!0Lb1G0y1G0yO##tQpO,5:XOOQO'#If'#IfO$?XQpO,5:qOOQ!0Ln,5:q,5:qO#'oQ`O1G0ZOOQ!0Lf1G0Z1G0ZO%[QlO1G0ZOOQ!0Lf1G0t1G0tO>}Q`O1G0tO!BqQpO1G0tO!ByQMhO1G0tOOQ!0Lb1G5{1G5{O!BfQ!0LrO1G0^OOQO1G0m1G0mO%[QlO1G0mO$?`Q!0LrO1G0mO$?kQ!0LrO1G0mO!BqQpO1G0^OC{QpO1G0^O$?yQ!0LrO1G0mOOQO1G0^1G0^O$@_Q!0MxO1G0mPOOO-E}O$@{Q`O1G5yO$ATQ`O1G6XO$A]Q!fO1G6YO9aQ`O,5?TO$AgQ!0MxO1G6VO%[QlO1G6VO$AwQ!0LrO1G6VO$BYQ`O1G6UO$BYQ`O1G6UO9aQ`O1G6UO$BbQ`O,5?WO9aQ`O,5?WOOQO,5?W,5?WO$BvQ`O,5?WO$){Q`O,5?WOOQO-E_OOQ[,5>_,5>_O%[QlO'#HtO%>RQ`O'#HvOOQ[,5>e,5>eO9aQ`O,5>eOOQ[,5>g,5>gOOQ[7+)i7+)iOOQ[7+)o7+)oOOQ[7+)s7+)sOOQ[7+)u7+)uO%>WQpO1G5{O%>rQ?MtO1G0zO%>|Q`O1G0zOOQO1G/s1G/sO%?XQ?MtO1G/sO>}Q`O1G/sO!)PQlO'#DmOOQO,5?O,5?OOOQO-E}Q`O7+&`O!BqQpO7+&`OOQO7+%x7+%xO$@_Q!0MxO7+&XOOQO7+&X7+&XO%[QlO7+&XO%?cQ!0LrO7+&XO!BfQ!0LrO7+%xO!BqQpO7+%xO%?nQ!0LrO7+&XO%?|Q!0MxO7++qO%[QlO7++qO%@^Q`O7++pO%@^Q`O7++pOOQO1G4r1G4rO9aQ`O1G4rO%@fQ`O1G4rOOQS7+%}7+%}O#'oQ`O<`OOQ[,5>b,5>bO&=hQ`O1G4PO9aQ`O7+&fO!)PQlO7+&fOOQO7+%_7+%_O&=mQ?MtO1G6YO>}Q`O7+%_OOQ!0Lf<}Q`O<SQ!0MxO<= ]O&>dQ`O<= [OOQO7+*^7+*^O9aQ`O7+*^OOQ[ANAkANAkO&>lQ!fOANAkO!&oQMhOANAkO#'oQ`OANAkO4UQ!fOANAkO&>sQ`OANAkO%[QlOANAkO&>{Q!0MzO7+'zO&A^Q!0MzO,5?`O&CiQ!0MzO,5?bO&EtQ!0MzO7+'|O&HVQ!fO1G4kO&HaQ?MtO7+&aO&JeQ?MvO,5=XO&LlQ?MvO,5=ZO&L|Q?MvO,5=XO&M^Q?MvO,5=ZO&MnQ?MvO,59uO' tQ?MvO,5}Q`O7+)kO'-dQ`O<QPPP!>YHxPPPPPPPPP!AiP!BvPPHx!DXPHxPHxHxHxHxHxPHx!EkP!HuP!K{P!LP!LZ!L_!L_P!HrP!Lc!LcP# iP# mHxPHx# s#$xCW@zP@zP@z@zP#&V@z@z#(i@z#+a@z#-m@z@z#.]#0q#0q#0v#1P#0q#1[PP#0qP@z#1t@z#5s@z@z6bPPP#9xPPP#:c#:cP#:cP#:y#:cPP#;PP#:vP#:v#;d#:v#S#>Y#>d#>j#>t#>z#?[#?b#@S#@f#@l#@r#AQ#Ag#C[#Cj#Cq#E]#Ek#G]#Gk#Gq#Gw#G}#HX#H_#He#Ho#IR#IXPPPPPPPPPPP#I_PPPPPPP#JS#MZ#Ns#Nz$ SPPP$&nP$&w$)p$0Z$0^$0a$1`$1c$1j$1rP$1x$1{P$2i$2m$3e$4s$4x$5`PP$5e$5k$5o$5r$5v$5z$6v$7_$7v$7z$7}$8Q$8W$8Z$8_$8cR!|RoqOXst!Z#d%l&p&r&s&u,n,s2S2VY!vQ'^-`1g5qQ%svQ%{yQ&S|Q&h!VS'U!e-WQ'd!iS'j!r!yU*h$|*X*lQ+l%|Q+y&UQ,_&bQ-^']Q-h'eQ-p'kQ0U*nQ1q,`R < TypeParamList in out const TypeDefinition extends ThisType this LiteralType ArithOp Number BooleanLiteral TemplateType InterpolationEnd Interpolation InterpolationStart NullType null VoidType void TypeofType typeof MemberExpression . PropertyName [ TemplateString Escape Interpolation super RegExp ] ArrayExpression Spread , } { ObjectExpression Property async get set PropertyDefinition Block : NewTarget new NewExpression ) ( ArgList UnaryExpression delete LogicOp BitOp YieldExpression yield AwaitExpression await ParenthesizedExpression ClassExpression class ClassBody MethodDeclaration Decorator @ MemberExpression PrivatePropertyName CallExpression TypeArgList CompareOp < declare Privacy static abstract override PrivatePropertyDefinition PropertyDeclaration readonly accessor Optional TypeAnnotation Equals StaticBlock FunctionExpression ArrowFunction ParamList ParamList ArrayPattern ObjectPattern PatternProperty Privacy readonly Arrow MemberExpression BinaryExpression ArithOp ArithOp ArithOp ArithOp BitOp CompareOp instanceof satisfies CompareOp BitOp BitOp BitOp LogicOp LogicOp ConditionalExpression LogicOp LogicOp AssignmentExpression UpdateOp PostfixExpression CallExpression InstantiationExpression TaggedTemplateExpression DynamicImport import ImportMeta JSXElement JSXSelfCloseEndTag JSXSelfClosingTag JSXIdentifier JSXBuiltin JSXIdentifier JSXNamespacedName JSXMemberExpression JSXSpreadAttribute JSXAttribute JSXAttributeValue JSXEscape JSXEndTag JSXOpenTag JSXFragmentTag JSXText JSXEscape JSXStartCloseTag JSXCloseTag PrefixCast < ArrowFunction TypeParamList SequenceExpression InstantiationExpression KeyofType keyof UniqueType unique ImportType InferredType infer TypeName ParenthesizedType FunctionSignature ParamList NewSignature IndexedType TupleType Label ArrayType ReadonlyType ObjectType MethodType PropertyType IndexSignature PropertyDefinition CallSignature TypePredicate asserts is NewSignature new UnionType LogicOp IntersectionType LogicOp ConditionalType ParameterizedType ClassDeclaration abstract implements type VariableDeclaration let var using TypeAliasDeclaration InterfaceDeclaration interface EnumDeclaration enum EnumBody NamespaceDeclaration namespace module AmbientDeclaration declare GlobalDeclaration global ClassDeclaration ClassBody AmbientFunctionDeclaration ExportGroup VariableName VariableName ImportDeclaration ImportGroup ForStatement for ForSpec ForInSpec ForOfSpec of WhileStatement while WithStatement with DoStatement do IfStatement if else SwitchStatement switch SwitchBody CaseLabel case DefaultLabel TryStatement try CatchClause catch FinallyClause finally ReturnStatement return ThrowStatement throw BreakStatement break ContinueStatement continue DebuggerStatement debugger LabeledStatement ExpressionStatement SingleExpression SingleClassItem",maxTerm:379,context:Oi,nodeProps:[["isolate",-8,5,6,14,37,39,51,53,55,""],["group",-26,9,17,19,68,207,211,215,216,218,221,224,234,236,242,244,246,248,251,257,263,265,267,269,271,273,274,"Statement",-34,13,14,32,35,36,42,51,54,55,57,62,70,72,76,80,82,84,85,110,111,120,121,136,139,141,142,143,144,145,147,148,167,169,171,"Expression",-23,31,33,37,41,43,45,173,175,177,178,180,181,182,184,185,186,188,189,190,201,203,205,206,"Type",-3,88,103,109,"ClassItem"],["openedBy",23,"<",38,"InterpolationStart",56,"[",60,"{",73,"(",160,"JSXStartCloseTag"],["closedBy",-2,24,168,">",40,"InterpolationEnd",50,"]",61,"}",74,")",165,"JSXEndTag"]],propSources:[si],skippedNodes:[0,5,6,277],repeatNodeCount:37,tokenData:"$Fq07[R!bOX%ZXY+gYZ-yZ[+g[]%Z]^.c^p%Zpq+gqr/mrs3cst:_tuEruvJSvwLkwx! Yxy!'iyz!(sz{!)}{|!,q|}!.O}!O!,q!O!P!/Y!P!Q!9j!Q!R#:O!R![#<_![!]#I_!]!^#Jk!^!_#Ku!_!`$![!`!a$$v!a!b$*T!b!c$,r!c!}Er!}#O$-|#O#P$/W#P#Q$4o#Q#R$5y#R#SEr#S#T$7W#T#o$8b#o#p$x#r#s$@U#s$f%Z$f$g+g$g#BYEr#BY#BZ$A`#BZ$ISEr$IS$I_$A`$I_$I|Er$I|$I}$Dk$I}$JO$Dk$JO$JTEr$JT$JU$A`$JU$KVEr$KV$KW$A`$KW&FUEr&FU&FV$A`&FV;'SEr;'S;=`I|<%l?HTEr?HT?HU$A`?HUOEr(n%d_$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z&j&hT$i&jO!^&c!_#o&c#p;'S&c;'S;=`&w<%lO&c&j&zP;=`<%l&c'|'U]$i&j(Y!bOY&}YZ&cZw&}wx&cx!^&}!^!_'}!_#O&}#O#P&c#P#o&}#o#p'}#p;'S&};'S;=`(l<%lO&}!b(SU(Y!bOY'}Zw'}x#O'}#P;'S'};'S;=`(f<%lO'}!b(iP;=`<%l'}'|(oP;=`<%l&}'[(y]$i&j(VpOY(rYZ&cZr(rrs&cs!^(r!^!_)r!_#O(r#O#P&c#P#o(r#o#p)r#p;'S(r;'S;=`*a<%lO(rp)wU(VpOY)rZr)rs#O)r#P;'S)r;'S;=`*Z<%lO)rp*^P;=`<%l)r'[*dP;=`<%l(r#S*nX(Vp(Y!bOY*gZr*grs'}sw*gwx)rx#O*g#P;'S*g;'S;=`+Z<%lO*g#S+^P;=`<%l*g(n+dP;=`<%l%Z07[+rq$i&j(Vp(Y!b'{0/lOX%ZXY+gYZ&cZ[+g[p%Zpq+gqr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p$f%Z$f$g+g$g#BY%Z#BY#BZ+g#BZ$IS%Z$IS$I_+g$I_$JT%Z$JT$JU+g$JU$KV%Z$KV$KW+g$KW&FU%Z&FU&FV+g&FV;'S%Z;'S;=`+a<%l?HT%Z?HT?HU+g?HUO%Z07[.ST(W#S$i&j'|0/lO!^&c!_#o&c#p;'S&c;'S;=`&w<%lO&c07[.n_$i&j(Vp(Y!b'|0/lOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z)3p/x`$i&j!p),Q(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_!`0z!`#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z(KW1V`#v(Ch$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_!`2X!`#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z(KW2d_#v(Ch$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'At3l_(U':f$i&j(Y!bOY4kYZ5qZr4krs7nsw4kwx5qx!^4k!^!_8p!_#O4k#O#P5q#P#o4k#o#p8p#p;'S4k;'S;=`:X<%lO4k(^4r_$i&j(Y!bOY4kYZ5qZr4krs7nsw4kwx5qx!^4k!^!_8p!_#O4k#O#P5q#P#o4k#o#p8p#p;'S4k;'S;=`:X<%lO4k&z5vX$i&jOr5qrs6cs!^5q!^!_6y!_#o5q#o#p6y#p;'S5q;'S;=`7h<%lO5q&z6jT$d`$i&jO!^&c!_#o&c#p;'S&c;'S;=`&w<%lO&c`6|TOr6yrs7]s;'S6y;'S;=`7b<%lO6y`7bO$d``7eP;=`<%l6y&z7kP;=`<%l5q(^7w]$d`$i&j(Y!bOY&}YZ&cZw&}wx&cx!^&}!^!_'}!_#O&}#O#P&c#P#o&}#o#p'}#p;'S&};'S;=`(l<%lO&}!r8uZ(Y!bOY8pYZ6yZr8prs9hsw8pwx6yx#O8p#O#P6y#P;'S8p;'S;=`:R<%lO8p!r9oU$d`(Y!bOY'}Zw'}x#O'}#P;'S'};'S;=`(f<%lO'}!r:UP;=`<%l8p(^:[P;=`<%l4k%9[:hh$i&j(Vp(Y!bOY%ZYZ&cZq%Zqr`#P#o`x!^=^!^!_?q!_#O=^#O#P>`#P#o=^#o#p?q#p;'S=^;'S;=`@h<%lO=^&n>gXWS$i&jOY>`YZ&cZ!^>`!^!_?S!_#o>`#o#p?S#p;'S>`;'S;=`?k<%lO>`S?XSWSOY?SZ;'S?S;'S;=`?e<%lO?SS?hP;=`<%l?S&n?nP;=`<%l>`!f?xWWS(Y!bOY?qZw?qwx?Sx#O?q#O#P?S#P;'S?q;'S;=`@b<%lO?q!f@eP;=`<%l?q(Q@kP;=`<%l=^'`@w]WS$i&j(VpOY@nYZ&cZr@nrs>`s!^@n!^!_Ap!_#O@n#O#P>`#P#o@n#o#pAp#p;'S@n;'S;=`Bg<%lO@ntAwWWS(VpOYApZrAprs?Ss#OAp#O#P?S#P;'SAp;'S;=`Ba<%lOAptBdP;=`<%lAp'`BjP;=`<%l@n#WBvYWS(Vp(Y!bOYBmZrBmrs?qswBmwxApx#OBm#O#P?S#P;'SBm;'S;=`Cf<%lOBm#WCiP;=`<%lBm(rCoP;=`<%l^!Q^$i&j!X7`OY!=yYZ&cZ!P!=y!P!Q!>|!Q!^!=y!^!_!@c!_!}!=y!}#O!CW#O#P!Dy#P#o!=y#o#p!@c#p;'S!=y;'S;=`!Ek<%lO!=y|#X#Z&c#Z#[!>|#[#]&c#]#^!>|#^#a&c#a#b!>|#b#g&c#g#h!>|#h#i&c#i#j!>|#j#k!>|#k#m&c#m#n!>|#n#o&c#p;'S&c;'S;=`&w<%lO&c7`!@hX!X7`OY!@cZ!P!@c!P!Q!AT!Q!}!@c!}#O!Ar#O#P!Bq#P;'S!@c;'S;=`!CQ<%lO!@c7`!AYW!X7`#W#X!AT#Z#[!AT#]#^!AT#a#b!AT#g#h!AT#i#j!AT#j#k!AT#m#n!AT7`!AuVOY!ArZ#O!Ar#O#P!B[#P#Q!@c#Q;'S!Ar;'S;=`!Bk<%lO!Ar7`!B_SOY!ArZ;'S!Ar;'S;=`!Bk<%lO!Ar7`!BnP;=`<%l!Ar7`!BtSOY!@cZ;'S!@c;'S;=`!CQ<%lO!@c7`!CTP;=`<%l!@c^!Ezl$i&j(Y!b!X7`OY&}YZ&cZw&}wx&cx!^&}!^!_'}!_#O&}#O#P&c#P#W&}#W#X!Eq#X#Z&}#Z#[!Eq#[#]&}#]#^!Eq#^#a&}#a#b!Eq#b#g&}#g#h!Eq#h#i&}#i#j!Eq#j#k!Eq#k#m&}#m#n!Eq#n#o&}#o#p'}#p;'S&};'S;=`(l<%lO&}8r!GyZ(Y!b!X7`OY!GrZw!Grwx!@cx!P!Gr!P!Q!Hl!Q!}!Gr!}#O!JU#O#P!Bq#P;'S!Gr;'S;=`!J|<%lO!Gr8r!Hse(Y!b!X7`OY'}Zw'}x#O'}#P#W'}#W#X!Hl#X#Z'}#Z#[!Hl#[#]'}#]#^!Hl#^#a'}#a#b!Hl#b#g'}#g#h!Hl#h#i'}#i#j!Hl#j#k!Hl#k#m'}#m#n!Hl#n;'S'};'S;=`(f<%lO'}8r!JZX(Y!bOY!JUZw!JUwx!Arx#O!JU#O#P!B[#P#Q!Gr#Q;'S!JU;'S;=`!Jv<%lO!JU8r!JyP;=`<%l!JU8r!KPP;=`<%l!Gr>^!KZ^$i&j(Y!bOY!KSYZ&cZw!KSwx!CWx!^!KS!^!_!JU!_#O!KS#O#P!DR#P#Q!^!LYP;=`<%l!KS>^!L`P;=`<%l!_#c#d#Bq#d#l%Z#l#m#Es#m#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#_#c#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#>j_$i&j(Vp(Y!bs'9tOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#?rd$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!Q%Z!Q!R#AQ!R!S#AQ!S!^%Z!^!_*g!_#O%Z#O#P&c#P#R%Z#R#S#AQ#S#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#A]f$i&j(Vp(Y!bs'9tOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!Q%Z!Q!R#AQ!R!S#AQ!S!^%Z!^!_*g!_#O%Z#O#P&c#P#R%Z#R#S#AQ#S#b%Z#b#c#>_#c#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#Bzc$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!Q%Z!Q!Y#DV!Y!^%Z!^!_*g!_#O%Z#O#P&c#P#R%Z#R#S#DV#S#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#Dbe$i&j(Vp(Y!bs'9tOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!Q%Z!Q!Y#DV!Y!^%Z!^!_*g!_#O%Z#O#P&c#P#R%Z#R#S#DV#S#b%Z#b#c#>_#c#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#E|g$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!Q%Z!Q![#Ge![!^%Z!^!_*g!_!c%Z!c!i#Ge!i#O%Z#O#P&c#P#R%Z#R#S#Ge#S#T%Z#T#Z#Ge#Z#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z'Ad#Gpi$i&j(Vp(Y!bs'9tOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!Q%Z!Q![#Ge![!^%Z!^!_*g!_!c%Z!c!i#Ge!i#O%Z#O#P&c#P#R%Z#R#S#Ge#S#T%Z#T#Z#Ge#Z#b%Z#b#c#>_#c#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z*)x#Il_!g$b$i&j$O)Lv(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z)[#Jv_al$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z04f#LS^h#)`#R-v$?V_!^(CdvBr$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z?O$@a_!q7`$i&j(Vp(Y!bOY%ZYZ&cZr%Zrs&}sw%Zwx(rx!^%Z!^!_*g!_#O%Z#O#P&c#P#o%Z#o#p*g#p;'S%Z;'S;=`+a<%lO%Z07[$Aq|$i&j(Vp(Y!b'{0/l$]#t(S,2j(d$I[OX%ZXY+gYZ&cZ[+g[p%Zpq+gqr%Zrs&}st%ZtuEruw%Zwx(rx}%Z}!OGv!O!Q%Z!Q![Er![!^%Z!^!_*g!_!c%Z!c!}Er!}#O%Z#O#P&c#P#R%Z#R#SEr#S#T%Z#T#oEr#o#p*g#p$f%Z$f$g+g$g#BYEr#BY#BZ$A`#BZ$ISEr$IS$I_$A`$I_$JTEr$JT$JU$A`$JU$KVEr$KV$KW$A`$KW&FUEr&FU&FV$A`&FV;'SEr;'S;=`I|<%l?HTEr?HT?HU$A`?HUOEr07[$D|k$i&j(Vp(Y!b'|0/l$]#t(S,2j(d$I[OY%ZYZ&cZr%Zrs&}st%ZtuEruw%Zwx(rx}%Z}!OGv!O!Q%Z!Q![Er![!^%Z!^!_*g!_!c%Z!c!}Er!}#O%Z#O#P&c#P#R%Z#R#SEr#S#T%Z#T#oEr#o#p*g#p$g%Z$g;'SEr;'S;=`I|<%lOEr",tokenizers:[ti,ai,ri,ii,2,3,4,5,6,7,8,9,10,11,12,13,14,ei,new nO("$S~RRtu[#O#Pg#S#T#|~_P#o#pb~gOx~~jVO#i!P#i#j!U#j#l!P#l#m!q#m;'S!P;'S;=`#v<%lO!P~!UO!U~~!XS!Q![!e!c!i!e#T#Z!e#o#p#Z~!hR!Q![!q!c!i!q#T#Z!q~!tR!Q![!}!c!i!}#T#Z!}~#QR!Q![!P!c!i!P#T#Z!P~#^R!Q![#g!c!i#g#T#Z#g~#jS!Q![#g!c!i#g#T#Z#g#q#r!P~#yP;=`<%l!P~$RO(b~~",141,339),new nO("j~RQYZXz{^~^O(P~~aP!P!Qd~iO(Q~~",25,322)],topRules:{Script:[0,7],SingleExpression:[1,275],SingleClassItem:[2,276]},dialects:{jsx:0,ts:15098},dynamicPrecedences:{80:1,82:1,94:1,169:1,199:1},specialized:[{term:326,get:e=>li[e]||-1},{term:342,get:e=>ni[e]||-1},{term:95,get:e=>oi[e]||-1}],tokenPrec:15124}),tt=[g("function ${name}(${params}) {\n ${}\n}",{label:"function",detail:"definition",type:"keyword"}),g("for (let ${index} = 0; ${index} < ${bound}; ${index}++) {\n ${}\n}",{label:"for",detail:"loop",type:"keyword"}),g("for (let ${name} of ${collection}) {\n ${}\n}",{label:"for",detail:"of loop",type:"keyword"}),g("do {\n ${}\n} while (${})",{label:"do",detail:"loop",type:"keyword"}),g("while (${}) {\n ${}\n}",{label:"while",detail:"loop",type:"keyword"}),g(`try { + \${} +} catch (\${error}) { + \${} +}`,{label:"try",detail:"/ catch block",type:"keyword"}),g("if (${}) {\n ${}\n}",{label:"if",detail:"block",type:"keyword"}),g(`if (\${}) { + \${} +} else { + \${} +}`,{label:"if",detail:"/ else block",type:"keyword"}),g(`class \${name} { + constructor(\${params}) { + \${} + } +}`,{label:"class",detail:"definition",type:"keyword"}),g('import {${names}} from "${module}"\n${}',{label:"import",detail:"named",type:"keyword"}),g('import ${name} from "${module}"\n${}',{label:"import",detail:"default",type:"keyword"})],Qi=tt.concat([g("interface ${name} {\n ${}\n}",{label:"interface",detail:"definition",type:"keyword"}),g("type ${name} = ${type}",{label:"type",detail:"definition",type:"keyword"}),g("enum ${name} {\n ${}\n}",{label:"enum",detail:"definition",type:"keyword"})]),$e=new Ye,at=new Set(["Script","Block","FunctionExpression","FunctionDeclaration","ArrowFunction","MethodDeclaration","ForStatement"]);function E(e){return(O,t)=>{let a=O.node.getChild("VariableDefinition");return a&&t(a,e),!0}}const pi=["FunctionDeclaration"],hi={FunctionDeclaration:E("function"),ClassDeclaration:E("class"),ClassExpression:()=>!0,EnumDeclaration:E("constant"),TypeAliasDeclaration:E("type"),NamespaceDeclaration:E("namespace"),VariableDefinition(e,O){e.matchContext(pi)||O(e,"variable")},TypeDefinition(e,O){O(e,"type")},__proto__:null};function rt(e,O){let t=$e.get(O);if(t)return t;let a=[],r=!0;function s(i,l){let o=e.sliceString(i.from,i.to);a.push({label:o,type:l})}return O.cursor(VO.IncludeAnonymous).iterate(i=>{if(r)r=!1;else if(i.name){let l=hi[i.name];if(l&&l(i,s)||at.has(i.name))return!1}else if(i.to-i.from>8192){for(let l of rt(e,i.node))a.push(l);return!1}}),$e.set(O,a),a}const Se=/^[\w$\xa1-\uffff][\w$\d\xa1-\uffff]*$/,it=["TemplateString","String","RegExp","LineComment","BlockComment","VariableDefinition","TypeDefinition","Label","PropertyDefinition","PropertyName","PrivatePropertyDefinition","PrivatePropertyName","JSXText","JSXAttributeValue","JSXOpenTag","JSXCloseTag","JSXSelfClosingTag",".","?."];function ui(e){let O=U(e.state).resolveInner(e.pos,-1);if(it.indexOf(O.name)>-1)return null;let t=O.name=="VariableName"||O.to-O.from<20&&Se.test(e.state.sliceDoc(O.from,O.to));if(!t&&!e.explicit)return null;let a=[];for(let r=O;r;r=r.parent)at.has(r.name)&&(a=a.concat(rt(e.state.doc,r)));return{options:a,from:t?O.from:e.pos,validFor:Se}}const y=D.define({name:"javascript",parser:ci.configure({props:[J.add({IfStatement:V({except:/^\s*({|else\b)/}),TryStatement:V({except:/^\s*({|catch\b|finally\b)/}),LabeledStatement:It,SwitchBody:e=>{let O=e.textAfter,t=/^\s*\}/.test(O),a=/^\s*(case|default)\b/.test(O);return e.baseIndent+(t?0:a?1:2)*e.unit},Block:Nt({closing:"}"}),ArrowFunction:e=>e.baseIndent+e.unit,"TemplateString BlockComment":()=>null,"Statement Property":V({except:/^{/}),JSXElement(e){let O=/^\s*<\//.test(e.textAfter);return e.lineIndent(e.node.from)+(O?0:e.unit)},JSXEscape(e){let O=/\s*\}/.test(e.textAfter);return e.lineIndent(e.node.from)+(O?0:e.unit)},"JSXOpenTag JSXSelfClosingTag"(e){return e.column(e.node.from)+e.unit}}),K.add({"Block ClassBody SwitchBody EnumBody ObjectExpression ArrayExpression ObjectType":jO,BlockComment(e){return{from:e.from+2,to:e.to-2}}})]}),languageData:{closeBrackets:{brackets:["(","[","{","'",'"',"`"]},commentTokens:{line:"//",block:{open:"/*",close:"*/"}},indentOnInput:/^\s*(?:case |default:|\{|\}|<\/)$/,wordChars:"$"}}),st={test:e=>/^JSX/.test(e.name),facet:Bt({commentTokens:{block:{open:"{/*",close:"*/}"}}})},lt=y.configure({dialect:"ts"},"typescript"),nt=y.configure({dialect:"jsx",props:[je.add(e=>e.isTop?[st]:void 0)]}),ot=y.configure({dialect:"jsx ts",props:[je.add(e=>e.isTop?[st]:void 0)]},"typescript");let ct=e=>({label:e,type:"keyword"});const Qt="break case const continue default delete export extends false finally in instanceof let new return static super switch this throw true typeof var yield".split(" ").map(ct),fi=Qt.concat(["declare","implements","private","protected","public"].map(ct));function pt(e={}){let O=e.jsx?e.typescript?ot:nt:e.typescript?lt:y,t=e.typescript?Qi.concat(fi):tt.concat(Qt);return new F(O,[y.data.of({autocomplete:Re(it,Ve(t))}),y.data.of({autocomplete:ui}),e.jsx?Si:[]])}function di(e){for(;;){if(e.name=="JSXOpenTag"||e.name=="JSXSelfClosingTag"||e.name=="JSXFragmentTag")return e;if(e.name=="JSXEscape"||!e.parent)return null;e=e.parent}}function me(e,O,t=e.length){for(let a=O==null?void 0:O.firstChild;a;a=a.nextSibling)if(a.name=="JSXIdentifier"||a.name=="JSXBuiltin"||a.name=="JSXNamespacedName"||a.name=="JSXMemberExpression")return e.sliceString(a.from,Math.min(a.to,t));return""}const $i=typeof navigator=="object"&&/Android\b/.test(navigator.userAgent),Si=R.inputHandler.of((e,O,t,a,r)=>{if(($i?e.composing:e.compositionStarted)||e.state.readOnly||O!=t||a!=">"&&a!="/"||!y.isActiveAt(e.state,O,-1))return!1;let s=r(),{state:i}=s,l=i.changeByRange(o=>{var Q;let{head:h}=o,c=U(i).resolveInner(h-1,-1),d;if(c.name=="JSXStartTag"&&(c=c.parent),!(i.doc.sliceString(h-1,h)!=a||c.name=="JSXAttributeValue"&&c.to>h)){if(a==">"&&c.name=="JSXFragmentTag")return{range:o,changes:{from:h,insert:""}};if(a=="/"&&c.name=="JSXStartCloseTag"){let p=c.parent,f=p.parent;if(f&&p.from==h-2&&((d=me(i.doc,f.firstChild,h))||((Q=f.firstChild)===null||Q===void 0?void 0:Q.name)=="JSXFragmentTag")){let S=`${d}>`;return{range:ze.cursor(h+S.length,-1),changes:{from:h,insert:S}}}}else if(a==">"){let p=di(c);if(p&&p.name=="JSXOpenTag"&&!/^\/?>|^<\//.test(i.doc.sliceString(h,h+2))&&(d=me(i.doc,p,h)))return{range:o,changes:{from:h,insert:``}}}}return{range:o}});return l.changes.empty?!1:(e.dispatch([s,i.update(l,{userEvent:"input.complete",scrollIntoView:!0})]),!0)}),A=["_blank","_self","_top","_parent"],gO=["ascii","utf-8","utf-16","latin1","latin1"],ZO=["get","post","put","delete"],kO=["application/x-www-form-urlencoded","multipart/form-data","text/plain"],k=["true","false"],u={},mi={a:{attrs:{href:null,ping:null,type:null,media:null,target:A,hreflang:null}},abbr:u,address:u,area:{attrs:{alt:null,coords:null,href:null,target:null,ping:null,media:null,hreflang:null,type:null,shape:["default","rect","circle","poly"]}},article:u,aside:u,audio:{attrs:{src:null,mediagroup:null,crossorigin:["anonymous","use-credentials"],preload:["none","metadata","auto"],autoplay:["autoplay"],loop:["loop"],controls:["controls"]}},b:u,base:{attrs:{href:null,target:A}},bdi:u,bdo:u,blockquote:{attrs:{cite:null}},body:u,br:u,button:{attrs:{form:null,formaction:null,name:null,value:null,autofocus:["autofocus"],disabled:["autofocus"],formenctype:kO,formmethod:ZO,formnovalidate:["novalidate"],formtarget:A,type:["submit","reset","button"]}},canvas:{attrs:{width:null,height:null}},caption:u,center:u,cite:u,code:u,col:{attrs:{span:null}},colgroup:{attrs:{span:null}},command:{attrs:{type:["command","checkbox","radio"],label:null,icon:null,radiogroup:null,command:null,title:null,disabled:["disabled"],checked:["checked"]}},data:{attrs:{value:null}},datagrid:{attrs:{disabled:["disabled"],multiple:["multiple"]}},datalist:{attrs:{data:null}},dd:u,del:{attrs:{cite:null,datetime:null}},details:{attrs:{open:["open"]}},dfn:u,div:u,dl:u,dt:u,em:u,embed:{attrs:{src:null,type:null,width:null,height:null}},eventsource:{attrs:{src:null}},fieldset:{attrs:{disabled:["disabled"],form:null,name:null}},figcaption:u,figure:u,footer:u,form:{attrs:{action:null,name:null,"accept-charset":gO,autocomplete:["on","off"],enctype:kO,method:ZO,novalidate:["novalidate"],target:A}},h1:u,h2:u,h3:u,h4:u,h5:u,h6:u,head:{children:["title","base","link","style","meta","script","noscript","command"]},header:u,hgroup:u,hr:u,html:{attrs:{manifest:null}},i:u,iframe:{attrs:{src:null,srcdoc:null,name:null,width:null,height:null,sandbox:["allow-top-navigation","allow-same-origin","allow-forms","allow-scripts"],seamless:["seamless"]}},img:{attrs:{alt:null,src:null,ismap:null,usemap:null,width:null,height:null,crossorigin:["anonymous","use-credentials"]}},input:{attrs:{alt:null,dirname:null,form:null,formaction:null,height:null,list:null,max:null,maxlength:null,min:null,name:null,pattern:null,placeholder:null,size:null,src:null,step:null,value:null,width:null,accept:["audio/*","video/*","image/*"],autocomplete:["on","off"],autofocus:["autofocus"],checked:["checked"],disabled:["disabled"],formenctype:kO,formmethod:ZO,formnovalidate:["novalidate"],formtarget:A,multiple:["multiple"],readonly:["readonly"],required:["required"],type:["hidden","text","search","tel","url","email","password","datetime","date","month","week","time","datetime-local","number","range","color","checkbox","radio","file","submit","image","reset","button"]}},ins:{attrs:{cite:null,datetime:null}},kbd:u,keygen:{attrs:{challenge:null,form:null,name:null,autofocus:["autofocus"],disabled:["disabled"],keytype:["RSA"]}},label:{attrs:{for:null,form:null}},legend:u,li:{attrs:{value:null}},link:{attrs:{href:null,type:null,hreflang:null,media:null,sizes:["all","16x16","16x16 32x32","16x16 32x32 64x64"]}},map:{attrs:{name:null}},mark:u,menu:{attrs:{label:null,type:["list","context","toolbar"]}},meta:{attrs:{content:null,charset:gO,name:["viewport","application-name","author","description","generator","keywords"],"http-equiv":["content-language","content-type","default-style","refresh"]}},meter:{attrs:{value:null,min:null,low:null,high:null,max:null,optimum:null}},nav:u,noscript:u,object:{attrs:{data:null,type:null,name:null,usemap:null,form:null,width:null,height:null,typemustmatch:["typemustmatch"]}},ol:{attrs:{reversed:["reversed"],start:null,type:["1","a","A","i","I"]},children:["li","script","template","ul","ol"]},optgroup:{attrs:{disabled:["disabled"],label:null}},option:{attrs:{disabled:["disabled"],label:null,selected:["selected"],value:null}},output:{attrs:{for:null,form:null,name:null}},p:u,param:{attrs:{name:null,value:null}},pre:u,progress:{attrs:{value:null,max:null}},q:{attrs:{cite:null}},rp:u,rt:u,ruby:u,samp:u,script:{attrs:{type:["text/javascript"],src:null,async:["async"],defer:["defer"],charset:gO}},section:u,select:{attrs:{form:null,name:null,size:null,autofocus:["autofocus"],disabled:["disabled"],multiple:["multiple"]}},slot:{attrs:{name:null}},small:u,source:{attrs:{src:null,type:null,media:null}},span:u,strong:u,style:{attrs:{type:["text/css"],media:null,scoped:null}},sub:u,summary:u,sup:u,table:u,tbody:u,td:{attrs:{colspan:null,rowspan:null,headers:null}},template:u,textarea:{attrs:{dirname:null,form:null,maxlength:null,name:null,placeholder:null,rows:null,cols:null,autofocus:["autofocus"],disabled:["disabled"],readonly:["readonly"],required:["required"],wrap:["soft","hard"]}},tfoot:u,th:{attrs:{colspan:null,rowspan:null,headers:null,scope:["row","col","rowgroup","colgroup"]}},thead:u,time:{attrs:{datetime:null}},title:u,tr:u,track:{attrs:{src:null,label:null,default:null,kind:["subtitles","captions","descriptions","chapters","metadata"],srclang:null}},ul:{children:["li","script","template","ul","ol"]},var:u,video:{attrs:{src:null,poster:null,width:null,height:null,crossorigin:["anonymous","use-credentials"],preload:["auto","metadata","none"],autoplay:["autoplay"],mediagroup:["movie"],muted:["muted"],controls:["controls"]}},wbr:u},ht={accesskey:null,class:null,contenteditable:k,contextmenu:null,dir:["ltr","rtl","auto"],draggable:["true","false","auto"],dropzone:["copy","move","link","string:","file:"],hidden:["hidden"],id:null,inert:["inert"],itemid:null,itemprop:null,itemref:null,itemscope:["itemscope"],itemtype:null,lang:["ar","bn","de","en-GB","en-US","es","fr","hi","id","ja","pa","pt","ru","tr","zh"],spellcheck:k,autocorrect:k,autocapitalize:k,style:null,tabindex:null,title:null,translate:["yes","no"],rel:["stylesheet","alternate","author","bookmark","help","license","next","nofollow","noreferrer","prefetch","prev","search","tag"],role:"alert application article banner button cell checkbox complementary contentinfo dialog document feed figure form grid gridcell heading img list listbox listitem main navigation region row rowgroup search switch tab table tabpanel textbox timer".split(" "),"aria-activedescendant":null,"aria-atomic":k,"aria-autocomplete":["inline","list","both","none"],"aria-busy":k,"aria-checked":["true","false","mixed","undefined"],"aria-controls":null,"aria-describedby":null,"aria-disabled":k,"aria-dropeffect":null,"aria-expanded":["true","false","undefined"],"aria-flowto":null,"aria-grabbed":["true","false","undefined"],"aria-haspopup":k,"aria-hidden":k,"aria-invalid":["true","false","grammar","spelling"],"aria-label":null,"aria-labelledby":null,"aria-level":null,"aria-live":["off","polite","assertive"],"aria-multiline":k,"aria-multiselectable":k,"aria-owns":null,"aria-posinset":null,"aria-pressed":["true","false","mixed","undefined"],"aria-readonly":k,"aria-relevant":null,"aria-required":k,"aria-selected":["true","false","undefined"],"aria-setsize":null,"aria-sort":["ascending","descending","none","other"],"aria-valuemax":null,"aria-valuemin":null,"aria-valuenow":null,"aria-valuetext":null},ut="beforeunload copy cut dragstart dragover dragleave dragenter dragend drag paste focus blur change click load mousedown mouseenter mouseleave mouseup keydown keyup resize scroll unload".split(" ").map(e=>"on"+e);for(let e of ut)ht[e]=null;class pO{constructor(O,t){this.tags=Object.assign(Object.assign({},mi),O),this.globalAttrs=Object.assign(Object.assign({},ht),t),this.allTags=Object.keys(this.tags),this.globalAttrNames=Object.keys(this.globalAttrs)}}pO.default=new pO;function G(e,O,t=e.length){if(!O)return"";let a=O.firstChild,r=a&&a.getChild("TagName");return r?e.sliceString(r.from,Math.min(r.to,t)):""}function W(e,O=!1){for(;e;e=e.parent)if(e.name=="Element")if(O)O=!1;else return e;return null}function ft(e,O,t){let a=t.tags[G(e,W(O))];return(a==null?void 0:a.children)||t.allTags}function WO(e,O){let t=[];for(let a=W(O);a&&!a.type.isTop;a=W(a.parent)){let r=G(e,a);if(r&&a.lastChild.name=="CloseTag")break;r&&t.indexOf(r)<0&&(O.name=="EndTag"||O.from>=a.firstChild.to)&&t.push(r)}return t}const dt=/^[:\-\.\w\u00b7-\uffff]*$/;function Pe(e,O,t,a,r){let s=/\s*>/.test(e.sliceDoc(r,r+5))?"":">",i=W(t,!0);return{from:a,to:r,options:ft(e.doc,i,O).map(l=>({label:l,type:"type"})).concat(WO(e.doc,t).map((l,o)=>({label:"/"+l,apply:"/"+l+s,type:"type",boost:99-o}))),validFor:/^\/?[:\-\.\w\u00b7-\uffff]*$/}}function ge(e,O,t,a){let r=/\s*>/.test(e.sliceDoc(a,a+5))?"":">";return{from:t,to:a,options:WO(e.doc,O).map((s,i)=>({label:s,apply:s+r,type:"type",boost:99-i})),validFor:dt}}function Pi(e,O,t,a){let r=[],s=0;for(let i of ft(e.doc,t,O))r.push({label:"<"+i,type:"type"});for(let i of WO(e.doc,t))r.push({label:"",type:"type",boost:99-s++});return{from:a,to:a,options:r,validFor:/^<\/?[:\-\.\w\u00b7-\uffff]*$/}}function gi(e,O,t,a,r){let s=W(t),i=s?O.tags[G(e.doc,s)]:null,l=i&&i.attrs?Object.keys(i.attrs):[],o=i&&i.globalAttrs===!1?l:l.length?l.concat(O.globalAttrNames):O.globalAttrNames;return{from:a,to:r,options:o.map(Q=>({label:Q,type:"property"})),validFor:dt}}function Zi(e,O,t,a,r){var s;let i=(s=t.parent)===null||s===void 0?void 0:s.getChild("AttributeName"),l=[],o;if(i){let Q=e.sliceDoc(i.from,i.to),h=O.globalAttrs[Q];if(!h){let c=W(t),d=c?O.tags[G(e.doc,c)]:null;h=(d==null?void 0:d.attrs)&&d.attrs[Q]}if(h){let c=e.sliceDoc(a,r).toLowerCase(),d='"',p='"';/^['"]/.test(c)?(o=c[0]=='"'?/^[^"]*$/:/^[^']*$/,d="",p=e.sliceDoc(r,r+1)==c[0]?"":c[0],c=c.slice(1),a++):o=/^[^\s<>='"]*$/;for(let f of h)l.push({label:f,apply:d+f+p,type:"constant"})}}return{from:a,to:r,options:l,validFor:o}}function ki(e,O){let{state:t,pos:a}=O,r=U(t).resolveInner(a,-1),s=r.resolve(a);for(let i=a,l;s==r&&(l=r.childBefore(i));){let o=l.lastChild;if(!o||!o.type.isError||o.fromki(a,r)}const Xi=y.parser.configure({top:"SingleExpression"}),$t=[{tag:"script",attrs:e=>e.type=="text/typescript"||e.lang=="ts",parser:lt.parser},{tag:"script",attrs:e=>e.type=="text/babel"||e.type=="text/jsx",parser:nt.parser},{tag:"script",attrs:e=>e.type=="text/typescript-jsx",parser:ot.parser},{tag:"script",attrs(e){return/^(importmap|speculationrules|application\/(.+\+)?json)$/i.test(e.type)},parser:Xi},{tag:"script",attrs(e){return!e.type||/^(?:text|application)\/(?:x-)?(?:java|ecma)script$|^module$|^$/i.test(e.type)},parser:y.parser},{tag:"style",attrs(e){return(!e.lang||e.lang=="css")&&(!e.type||/^(text\/)?(x-)?(stylesheet|css)$/i.test(e.type))},parser:QO.parser}],St=[{name:"style",parser:QO.parser.configure({top:"Styles"})}].concat(ut.map(e=>({name:e,parser:y.parser}))),mt=D.define({name:"html",parser:rr.configure({props:[J.add({Element(e){let O=/^(\s*)(<\/)?/.exec(e.textAfter);return e.node.to<=e.pos+O[0].length?e.continue():e.lineIndent(e.node.from)+(O[2]?0:e.unit)},"OpenTag CloseTag SelfClosingTag"(e){return e.column(e.node.from)+e.unit},Document(e){if(e.pos+/\s*/.exec(e.textAfter)[0].lengthe.getChild("TagName")})]}),languageData:{commentTokens:{block:{open:""}},indentOnInput:/^\s*<\/\w+\W$/,wordChars:"-._"}}),iO=mt.configure({wrap:Je($t,St)});function bi(e={}){let O="",t;e.matchClosingTags===!1&&(O="noMatch"),e.selfClosingTags===!0&&(O=(O?O+" ":"")+"selfClosing"),(e.nestedLanguages&&e.nestedLanguages.length||e.nestedAttributes&&e.nestedAttributes.length)&&(t=Je((e.nestedLanguages||[]).concat($t),(e.nestedAttributes||[]).concat(St)));let a=t?mt.configure({wrap:t,dialect:O}):O?iO.configure({dialect:O}):iO;return new F(a,[iO.data.of({autocomplete:xi(e)}),e.autoCloseTags!==!1?yi:[],pt().support,Yr().support])}const Ze=new Set("area base br col command embed frame hr img input keygen link meta param source track wbr menuitem".split(" ")),yi=R.inputHandler.of((e,O,t,a,r)=>{if(e.composing||e.state.readOnly||O!=t||a!=">"&&a!="/"||!iO.isActiveAt(e.state,O,-1))return!1;let s=r(),{state:i}=s,l=i.changeByRange(o=>{var Q,h,c;let d=i.doc.sliceString(o.from-1,o.to)==a,{head:p}=o,f=U(i).resolveInner(p,-1),S;if(d&&a==">"&&f.name=="EndTag"){let m=f.parent;if(((h=(Q=m.parent)===null||Q===void 0?void 0:Q.lastChild)===null||h===void 0?void 0:h.name)!="CloseTag"&&(S=G(i.doc,m.parent,p))&&!Ze.has(S)){let X=p+(i.doc.sliceString(p,p+1)===">"?1:0),b=``;return{range:o,changes:{from:p,to:X,insert:b}}}}else if(d&&a=="/"&&f.name=="IncompleteCloseTag"){let m=f.parent;if(f.from==p-2&&((c=m.lastChild)===null||c===void 0?void 0:c.name)!="CloseTag"&&(S=G(i.doc,m,p))&&!Ze.has(S)){let X=p+(i.doc.sliceString(p,p+1)===">"?1:0),b=`${S}>`;return{range:ze.cursor(p+b.length,-1),changes:{from:p,to:X,insert:b}}}}return{range:o}});return l.changes.empty?!1:(e.dispatch([s,i.update(l,{userEvent:"input.complete",scrollIntoView:!0})]),!0)}),vi=I({String:n.string,Number:n.number,"True False":n.bool,PropertyName:n.propertyName,Null:n.null,", :":n.separator,"[ ]":n.squareBracket,"{ }":n.brace}),Ti=_.deserialize({version:14,states:"$bOVQPOOOOQO'#Cb'#CbOnQPO'#CeOvQPO'#ClOOQO'#Cr'#CrQOQPOOOOQO'#Cg'#CgO}QPO'#CfO!SQPO'#CtOOQO,59P,59PO![QPO,59PO!aQPO'#CuOOQO,59W,59WO!iQPO,59WOVQPO,59QOqQPO'#CmO!nQPO,59`OOQO1G.k1G.kOVQPO'#CnO!vQPO,59aOOQO1G.r1G.rOOQO1G.l1G.lOOQO,59X,59XOOQO-E6k-E6kOOQO,59Y,59YOOQO-E6l-E6l",stateData:"#O~OeOS~OQSORSOSSOTSOWQO_ROgPO~OVXOgUO~O^[O~PVO[^O~O]_OVhX~OVaO~O]bO^iX~O^dO~O]_OVha~O]bO^ia~O",goto:"!kjPPPPPPkPPkqwPPPPk{!RPPP!XP!e!hXSOR^bQWQRf_TVQ_Q`WRg`QcZRicQTOQZRQe^RhbRYQR]R",nodeNames:"⚠ JsonText True False Null Number String } { Object Property PropertyName : , ] [ Array",maxTerm:25,nodeProps:[["isolate",-2,6,11,""],["openedBy",7,"{",14,"["],["closedBy",8,"}",15,"]"]],propSources:[vi],skippedNodes:[0],repeatNodeCount:2,tokenData:"(|~RaXY!WYZ!W]^!Wpq!Wrs!]|}$u}!O$z!Q!R%T!R![&c![!]&t!}#O&y#P#Q'O#Y#Z'T#b#c'r#h#i(Z#o#p(r#q#r(w~!]Oe~~!`Wpq!]qr!]rs!xs#O!]#O#P!}#P;'S!];'S;=`$o<%lO!]~!}Og~~#QXrs!]!P!Q!]#O#P!]#U#V!]#Y#Z!]#b#c!]#f#g!]#h#i!]#i#j#m~#pR!Q![#y!c!i#y#T#Z#y~#|R!Q![$V!c!i$V#T#Z$V~$YR!Q![$c!c!i$c#T#Z$c~$fR!Q![!]!c!i!]#T#Z!]~$rP;=`<%l!]~$zO]~~$}Q!Q!R%T!R![&c~%YRT~!O!P%c!g!h%w#X#Y%w~%fP!Q![%i~%nRT~!Q![%i!g!h%w#X#Y%w~%zR{|&T}!O&T!Q![&Z~&WP!Q![&Z~&`PT~!Q![&Z~&hST~!O!P%c!Q![&c!g!h%w#X#Y%w~&yO[~~'OO_~~'TO^~~'WP#T#U'Z~'^P#`#a'a~'dP#g#h'g~'jP#X#Y'm~'rOR~~'uP#i#j'x~'{P#`#a(O~(RP#`#a(U~(ZOS~~(^P#f#g(a~(dP#i#j(g~(jP#X#Y(m~(rOQ~~(wOW~~(|OV~",tokenizers:[0],topRules:{JsonText:[0,1]},tokenPrec:0}),wi=D.define({name:"json",parser:Ti.configure({props:[J.add({Object:V({except:/^\s*\}/}),Array:V({except:/^\s*\]/})}),K.add({"Object Array":jO})]}),languageData:{closeBrackets:{brackets:["[","{",'"']},indentOnInput:/^\s*[\}\]]$/}});function _i(){return new F(wi)}const qi=36,ke=1,Yi=2,j=3,xO=4,Ri=5,Vi=6,ji=7,zi=8,Gi=9,Wi=10,Ui=11,Ci=12,Ei=13,Ai=14,Mi=15,Li=16,Bi=17,xe=18,Ni=19,Pt=20,gt=21,Xe=22,Ii=23,Di=24;function wO(e){return e>=65&&e<=90||e>=97&&e<=122||e>=48&&e<=57}function Ji(e){return e>=48&&e<=57||e>=97&&e<=102||e>=65&&e<=70}function Y(e,O,t){for(let a=!1;;){if(e.next<0)return;if(e.next==O&&!a){e.advance();return}a=t&&!a&&e.next==92,e.advance()}}function Ki(e,O){O:for(;;){if(e.next<0)return;if(e.next==36){e.advance();for(let t=0;t)".charCodeAt(t);for(;;){if(e.next<0)return;if(e.next==a&&e.peek(1)==39){e.advance(2);return}e.advance()}}function _O(e,O){for(;!(e.next!=95&&!wO(e.next));)O!=null&&(O+=String.fromCharCode(e.next)),e.advance();return O}function Hi(e){if(e.next==39||e.next==34||e.next==96){let O=e.next;e.advance(),Y(e,O,!1)}else _O(e)}function be(e,O){for(;e.next==48||e.next==49;)e.advance();O&&e.next==O&&e.advance()}function ye(e,O){for(;;){if(e.next==46){if(O)break;O=!0}else if(e.next<48||e.next>57)break;e.advance()}if(e.next==69||e.next==101)for(e.advance(),(e.next==43||e.next==45)&&e.advance();e.next>=48&&e.next<=57;)e.advance()}function ve(e){for(;!(e.next<0||e.next==10);)e.advance()}function q(e,O){for(let t=0;t!=&|~^/",specialVar:"?",identifierQuotes:'"',caseInsensitiveIdentifiers:!1,words:Zt(es,Os)};function ts(e,O,t,a){let r={};for(let s in qO)r[s]=(e.hasOwnProperty(s)?e:qO)[s];return O&&(r.words=Zt(O,t||"",a)),r}function kt(e){return new x(O=>{var t;let{next:a}=O;if(O.advance(),q(a,XO)){for(;q(O.next,XO);)O.advance();O.acceptToken(qi)}else if(a==36&&e.doubleDollarQuotedStrings){let r=_O(O,"");O.next==36&&(O.advance(),Ki(O,r),O.acceptToken(j))}else if(a==39||a==34&&e.doubleQuotedStrings)Y(O,a,e.backslashEscapes),O.acceptToken(j);else if(a==35&&e.hashComments||a==47&&O.next==47&&e.slashComments)ve(O),O.acceptToken(ke);else if(a==45&&O.next==45&&(!e.spaceAfterDashes||O.peek(1)==32))ve(O),O.acceptToken(ke);else if(a==47&&O.next==42){O.advance();for(let r=1;;){let s=O.next;if(O.next<0)break;if(O.advance(),s==42&&O.next==47){if(r--,O.advance(),!r)break}else s==47&&O.next==42&&(r++,O.advance())}O.acceptToken(Yi)}else if((a==101||a==69)&&O.next==39)O.advance(),Y(O,39,!0),O.acceptToken(j);else if((a==110||a==78)&&O.next==39&&e.charSetCasts)O.advance(),Y(O,39,e.backslashEscapes),O.acceptToken(j);else if(a==95&&e.charSetCasts)for(let r=0;;r++){if(O.next==39&&r>1){O.advance(),Y(O,39,e.backslashEscapes),O.acceptToken(j);break}if(!wO(O.next))break;O.advance()}else if(e.plsqlQuotingMechanism&&(a==113||a==81)&&O.next==39&&O.peek(1)>0&&!q(O.peek(1),XO)){let r=O.peek(1);O.advance(2),Fi(O,r),O.acceptToken(j)}else if(a==40)O.acceptToken(ji);else if(a==41)O.acceptToken(zi);else if(a==123)O.acceptToken(Gi);else if(a==125)O.acceptToken(Wi);else if(a==91)O.acceptToken(Ui);else if(a==93)O.acceptToken(Ci);else if(a==59)O.acceptToken(Ei);else if(e.unquotedBitLiterals&&a==48&&O.next==98)O.advance(),be(O),O.acceptToken(Xe);else if((a==98||a==66)&&(O.next==39||O.next==34)){const r=O.next;O.advance(),e.treatBitsAsBytes?(Y(O,r,e.backslashEscapes),O.acceptToken(Ii)):(be(O,r),O.acceptToken(Xe))}else if(a==48&&(O.next==120||O.next==88)||(a==120||a==88)&&O.next==39){let r=O.next==39;for(O.advance();Ji(O.next);)O.advance();r&&O.next==39&&O.advance(),O.acceptToken(xO)}else if(a==46&&O.next>=48&&O.next<=57)ye(O,!0),O.acceptToken(xO);else if(a==46)O.acceptToken(Ai);else if(a>=48&&a<=57)ye(O,!1),O.acceptToken(xO);else if(q(a,e.operatorChars)){for(;q(O.next,e.operatorChars);)O.advance();O.acceptToken(Mi)}else if(q(a,e.specialVar))O.next==a&&O.advance(),Hi(O),O.acceptToken(Bi);else if(q(a,e.identifierQuotes))Y(O,a,!1),O.acceptToken(Ni);else if(a==58||a==44)O.acceptToken(Li);else if(wO(a)){let r=_O(O,String.fromCharCode(a));O.acceptToken(O.next==46||O.peek(-r.length-1)==46?xe:(t=e.words[r.toLowerCase()])!==null&&t!==void 0?t:xe)}})}const xt=kt(qO),as=_.deserialize({version:14,states:"%vQ]QQOOO#wQRO'#DSO$OQQO'#CwO%eQQO'#CxO%lQQO'#CyO%sQQO'#CzOOQQ'#DS'#DSOOQQ'#C}'#C}O'UQRO'#C{OOQQ'#Cv'#CvOOQQ'#C|'#C|Q]QQOOQOQQOOO'`QQO'#DOO(xQRO,59cO)PQQO,59cO)UQQO'#DSOOQQ,59d,59dO)cQQO,59dOOQQ,59e,59eO)jQQO,59eOOQQ,59f,59fO)qQQO,59fOOQQ-E6{-E6{OOQQ,59b,59bOOQQ-E6z-E6zOOQQ,59j,59jOOQQ-E6|-E6|O+VQRO1G.}O+^QQO,59cOOQQ1G/O1G/OOOQQ1G/P1G/POOQQ1G/Q1G/QP+kQQO'#C}O+rQQO1G.}O)PQQO,59cO,PQQO'#Cw",stateData:",[~OtOSPOSQOS~ORUOSUOTUOUUOVROXSOZTO]XO^QO_UO`UOaPObPOcPOdUOeUOfUOgUOhUO~O^]ORvXSvXTvXUvXVvXXvXZvX]vX_vX`vXavXbvXcvXdvXevXfvXgvXhvX~OsvX~P!jOa_Ob_Oc_O~ORUOSUOTUOUUOVROXSOZTO^tO_UO`UOa`Ob`Oc`OdUOeUOfUOgUOhUO~OWaO~P$ZOYcO~P$ZO[eO~P$ZORUOSUOTUOUUOVROXSOZTO^QO_UO`UOaPObPOcPOdUOeUOfUOgUOhUO~O]hOsoX~P%zOajObjOcjO~O^]ORkaSkaTkaUkaVkaXkaZka]ka_ka`kaakabkackadkaekafkagkahka~Oska~P'kO^]O~OWvXYvX[vX~P!jOWnO~P$ZOYoO~P$ZO[pO~P$ZO^]ORkiSkiTkiUkiVkiXkiZki]ki_ki`kiakibkickidkiekifkigkihki~Oski~P)xOWkaYka[ka~P'kO]hO~P$ZOWkiYki[ki~P)xOasObsOcsO~O",goto:"#hwPPPPPPPPPPPPPPPPPPPPPPPPPPx||||!Y!^!d!xPPP#[TYOZeUORSTWZbdfqT[OZQZORiZSWOZQbRQdSQfTZgWbdfqQ^PWk^lmrQl_Qm`RrseVORSTWZbdfq",nodeNames:"⚠ LineComment BlockComment String Number Bool Null ( ) { } [ ] ; . Operator Punctuation SpecialVar Identifier QuotedIdentifier Keyword Type Bits Bytes Builtin Script Statement CompositeIdentifier Parens Braces Brackets Statement",maxTerm:38,nodeProps:[["isolate",-4,1,2,3,19,""]],skippedNodes:[0,1,2],repeatNodeCount:3,tokenData:"RORO",tokenizers:[0,xt],topRules:{Script:[0,25]},tokenPrec:0});function YO(e){let O=e.cursor().moveTo(e.from,-1);for(;/Comment/.test(O.name);)O.moveTo(O.from,-1);return O.node}function B(e,O){let t=e.sliceString(O.from,O.to),a=/^([`'"])(.*)\1$/.exec(t);return a?a[2]:t}function hO(e){return e&&(e.name=="Identifier"||e.name=="QuotedIdentifier")}function rs(e,O){if(O.name=="CompositeIdentifier"){let t=[];for(let a=O.firstChild;a;a=a.nextSibling)hO(a)&&t.push(B(e,a));return t}return[B(e,O)]}function Te(e,O){for(let t=[];;){if(!O||O.name!=".")return t;let a=YO(O);if(!hO(a))return t;t.unshift(B(e,a)),O=YO(a)}}function is(e,O){let t=U(e).resolveInner(O,-1),a=ls(e.doc,t);return t.name=="Identifier"||t.name=="QuotedIdentifier"||t.name=="Keyword"?{from:t.from,quoted:t.name=="QuotedIdentifier"?e.doc.sliceString(t.from,t.from+1):null,parents:Te(e.doc,YO(t)),aliases:a}:t.name=="."?{from:O,quoted:null,parents:Te(e.doc,t),aliases:a}:{from:O,quoted:null,parents:[],empty:!0,aliases:a}}const ss=new Set("where group having order union intersect except all distinct limit offset fetch for".split(" "));function ls(e,O){let t;for(let r=O;!t;r=r.parent){if(!r)return null;r.name=="Statement"&&(t=r)}let a=null;for(let r=t.firstChild,s=!1,i=null;r;r=r.nextSibling){let l=r.name=="Keyword"?e.sliceString(r.from,r.to).toLowerCase():null,o=null;if(!s)s=l=="from";else if(l=="as"&&i&&hO(r.nextSibling))o=B(e,r.nextSibling);else{if(l&&ss.has(l))break;i&&hO(r)&&(o=B(e,r))}o&&(a||(a=Object.create(null)),a[o]=rs(e,i)),i=/Identifier$/.test(r.name)?r:null}return a}function ns(e,O){return e?O.map(t=>Object.assign(Object.assign({},t),{label:t.label[0]==e?t.label:e+t.label+e,apply:void 0})):O}const os=/^\w*$/,cs=/^[`'"]?\w*[`'"]?$/;function we(e){return e.self&&typeof e.self.label=="string"}class UO{constructor(O,t){this.idQuote=O,this.idCaseInsensitive=t,this.list=[],this.children=void 0}child(O){let t=this.children||(this.children=Object.create(null)),a=t[O];return a||(O&&!this.list.some(r=>r.label==O)&&this.list.push(_e(O,"type",this.idQuote,this.idCaseInsensitive)),t[O]=new UO(this.idQuote,this.idCaseInsensitive))}maybeChild(O){return this.children?this.children[O]:null}addCompletion(O){let t=this.list.findIndex(a=>a.label==O.label);t>-1?this.list[t]=O:this.list.push(O)}addCompletions(O){for(let t of O)this.addCompletion(typeof t=="string"?_e(t,"property",this.idQuote,this.idCaseInsensitive):t)}addNamespace(O){Array.isArray(O)?this.addCompletions(O):we(O)?this.addNamespace(O.children):this.addNamespaceObject(O)}addNamespaceObject(O){for(let t of Object.keys(O)){let a=O[t],r=null,s=t.replace(/\\?\./g,l=>l=="."?"\0":l).split("\0"),i=this;we(a)&&(r=a.self,a=a.children);for(let l=0;l{let{parents:c,from:d,quoted:p,empty:f,aliases:S}=is(h.state,h.pos);if(f&&!h.explicit)return null;S&&c.length==1&&(c=S[c[0]]||c);let m=o;for(let w of c){for(;!m.children||!m.children[w];)if(m==o&&Q)m=Q;else if(m==Q&&a)m=m.child(a);else return null;let H=m.maybeChild(w);if(!H)return null;m=H}let X=p&&h.state.sliceDoc(h.pos,h.pos+1)==p,b=m.list;return m==o&&S&&(b=b.concat(Object.keys(S).map(w=>({label:w,type:"constant"})))),{from:d,to:X?h.pos+1:void 0,options:ns(p,b),validFor:p?cs:os}}}function ps(e){return e==gt?"type":e==Pt?"keyword":"variable"}function hs(e,O,t){let a=Object.keys(e).map(r=>t(O?r.toUpperCase():r,ps(e[r])));return Re(["QuotedIdentifier","SpecialVar","String","LineComment","BlockComment","."],Ve(a))}let us=as.configure({props:[J.add({Statement:V()}),K.add({Statement(e,O){return{from:Math.min(e.from+100,O.doc.lineAt(e.from).to),to:e.to}},BlockComment(e){return{from:e.from+2,to:e.to-2}}}),I({Keyword:n.keyword,Type:n.typeName,Builtin:n.standard(n.name),Bits:n.number,Bytes:n.string,Bool:n.bool,Null:n.null,Number:n.number,String:n.string,Identifier:n.name,QuotedIdentifier:n.special(n.string),SpecialVar:n.special(n.name),LineComment:n.lineComment,BlockComment:n.blockComment,Operator:n.operator,"Semi Punctuation":n.punctuation,"( )":n.paren,"{ }":n.brace,"[ ]":n.squareBracket})]});class N{constructor(O,t,a){this.dialect=O,this.language=t,this.spec=a}get extension(){return this.language.extension}static define(O){let t=ts(O,O.keywords,O.types,O.builtin),a=D.define({name:"sql",parser:us.configure({tokenizers:[{from:xt,to:kt(t)}]}),languageData:{commentTokens:{line:"--",block:{open:"/*",close:"*/"}},closeBrackets:{brackets:["(","[","{","'",'"',"`"]}}});return new N(t,a,O)}}function fs(e,O){return{label:e,type:O,boost:-1}}function ds(e,O=!1,t){return hs(e.dialect.words,O,t||fs)}function $s(e){return e.schema?Qs(e.schema,e.tables,e.schemas,e.defaultTable,e.defaultSchema,e.dialect||CO):()=>null}function Ss(e){return e.schema?(e.dialect||CO).language.data.of({autocomplete:$s(e)}):[]}function qe(e={}){let O=e.dialect||CO;return new F(O.language,[Ss(e),O.language.data.of({autocomplete:ds(O,e.upperCaseKeywords,e.keywordCompletion)})])}const CO=N.define({});function ms(e){let O;return{c(){O=Yt("div"),Rt(O,"class","code-editor"),OO(O,"min-height",e[0]?e[0]+"px":null),OO(O,"max-height",e[1]?e[1]+"px":"auto")},m(t,a){qt(t,O,a),e[11](O)},p(t,[a]){a&1&&OO(O,"min-height",t[0]?t[0]+"px":null),a&2&&OO(O,"max-height",t[1]?t[1]+"px":"auto")},i:IO,o:IO,d(t){t&&_t(O),e[11](null)}}}function Ps(e,O,t){let a;Vt(e,jt,$=>t(12,a=$));const r=zt();let{id:s=""}=O,{value:i=""}=O,{minHeight:l=null}=O,{maxHeight:o=null}=O,{disabled:Q=!1}=O,{placeholder:h=""}=O,{language:c="javascript"}=O,{singleLine:d=!1}=O,p,f,S=new eO,m=new eO,X=new eO,b=new eO;function w(){p==null||p.focus()}function H(){f==null||f.dispatchEvent(new CustomEvent("change",{detail:{value:i},bubbles:!0})),r("change",i)}function EO(){if(!s)return;const $=document.querySelectorAll('[for="'+s+'"]');for(let P of $)P.removeEventListener("click",w)}function AO(){if(!s)return;EO();const $=document.querySelectorAll('[for="'+s+'"]');for(let P of $)P.addEventListener("click",w)}function MO(){switch(c){case"html":return bi();case"json":return _i();case"sql-create-index":return qe({dialect:N.define({keywords:"create unique index if not exists on collate asc desc where like isnull notnull date time datetime unixepoch strftime lower upper substr case when then iif if else json_extract json_each json_tree json_array_length json_valid ",operatorChars:"*+-%<>!=&|/~",identifierQuotes:'`"',specialVar:"@:?$"}),upperCaseKeywords:!0});case"sql-select":let $={};for(let P of a)$[P.name]=Wt.getAllCollectionIdentifiers(P);return qe({dialect:N.define({keywords:"select distinct from where having group by order limit offset join left right inner with like not in match asc desc regexp isnull notnull glob count avg sum min max current random cast as int real text bool date time datetime unixepoch strftime coalesce lower upper substr case when then iif if else json_extract json_each json_tree json_array_length json_valid ",operatorChars:"*+-%<>!=&|/~",identifierQuotes:'`"',specialVar:"@:?$"}),schema:$,upperCaseKeywords:!0});default:return pt()}}Gt(()=>{const $={key:"Enter",run:P=>{d&&r("submit",i)}};return AO(),t(10,p=new R({parent:f,state:C.create({doc:i,extensions:[Jt(),Kt(),Ft(),Ht(),Oa(),C.allowMultipleSelections.of(!0),ea(na,{fallback:!0}),ta(),aa(),ra(),ia(),sa.of([$,...oa,...ca,Qa.find(P=>P.key==="Mod-d"),...pa,...ha]),R.lineWrapping,la({icons:!1}),S.of(MO()),b.of(DO(h)),m.of(R.editable.of(!0)),X.of(C.readOnly.of(!1)),C.transactionFilter.of(P=>{var LO,BO,NO;if(d&&P.newDoc.lines>1){if(!((NO=(BO=(LO=P.changes)==null?void 0:LO.inserted)==null?void 0:BO.filter(bt=>!!bt.text.find(yt=>yt)))!=null&&NO.length))return[];P.newDoc.text=[P.newDoc.text.join(" ")]}return P}),R.updateListener.of(P=>{!P.docChanged||Q||(t(3,i=P.state.doc.toString()),H())})]})})),()=>{EO(),p==null||p.destroy()}});function Xt($){Ut[$?"unshift":"push"](()=>{f=$,t(2,f)})}return e.$$set=$=>{"id"in $&&t(4,s=$.id),"value"in $&&t(3,i=$.value),"minHeight"in $&&t(0,l=$.minHeight),"maxHeight"in $&&t(1,o=$.maxHeight),"disabled"in $&&t(5,Q=$.disabled),"placeholder"in $&&t(6,h=$.placeholder),"language"in $&&t(7,c=$.language),"singleLine"in $&&t(8,d=$.singleLine)},e.$$.update=()=>{e.$$.dirty&16&&s&&AO(),e.$$.dirty&1152&&p&&c&&p.dispatch({effects:[S.reconfigure(MO())]}),e.$$.dirty&1056&&p&&typeof Q<"u"&&p.dispatch({effects:[m.reconfigure(R.editable.of(!Q)),X.reconfigure(C.readOnly.of(Q))]}),e.$$.dirty&1032&&p&&i!=p.state.doc.toString()&&p.dispatch({changes:{from:0,to:p.state.doc.length,insert:i}}),e.$$.dirty&1088&&p&&typeof h<"u"&&p.dispatch({effects:[b.reconfigure(DO(h))]})},[l,o,f,i,s,Q,h,c,d,w,p,Xt]}class ks extends vt{constructor(O){super(),Tt(this,O,Ps,ms,wt,{id:4,value:3,minHeight:0,maxHeight:1,disabled:5,placeholder:6,language:7,singleLine:8,focus:9})}get focus(){return this.$$.ctx[9]}}export{ks as default}; diff --git a/ui/dist/assets/CreateApiDocs-JPvR8N_9.js b/ui/dist/assets/CreateApiDocs-JPvR8N_9.js new file mode 100644 index 0000000..b61a1f8 --- /dev/null +++ b/ui/dist/assets/CreateApiDocs-JPvR8N_9.js @@ -0,0 +1,90 @@ +import{S as $t,i as qt,s as Tt,V as St,X as ce,W as Ct,h as o,d as $e,t as he,a as ve,I as ae,Z as Ne,_ as pt,C as Mt,$ as Pt,D as Lt,l as r,n as i,m as qe,u as a,A as b,v as p,c as Te,w,J as we,p as Ft,k as Se,o as Ht,L as Ot,H as fe}from"./index-BH0nlDnw.js";import{F as Rt}from"./FieldsQueryParam-DQVKTiQb.js";function mt(s,e,t){const l=s.slice();return l[10]=e[t],l}function bt(s,e,t){const l=s.slice();return l[10]=e[t],l}function _t(s,e,t){const l=s.slice();return l[15]=e[t],l}function kt(s){let e;return{c(){e=a("p"),e.innerHTML="Requires superuser Authorization:TOKEN header",w(e,"class","txt-hint txt-sm txt-right")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function yt(s){let e,t,l,c,f,u,_,m,q,y,g,B,S,$,R,P,I,D,M,W,L,T,k,F,ee,z,U,oe,K,X,Y;function ue(h,C){var N,x,O;return C&1&&(u=null),u==null&&(u=!!((O=(x=(N=h[0])==null?void 0:N.fields)==null?void 0:x.find(Yt))!=null&&O.required)),u?Bt:At}let te=ue(s,-1),E=te(s);function Z(h,C){var N,x,O;return C&1&&(I=null),I==null&&(I=!!((O=(x=(N=h[0])==null?void 0:N.fields)==null?void 0:x.find(Xt))!=null&&O.required)),I?Nt:Vt}let G=Z(s,-1),H=G(s);return{c(){e=a("tr"),e.innerHTML='Auth specific fields',t=p(),l=a("tr"),c=a("td"),f=a("div"),E.c(),_=p(),m=a("span"),m.textContent="email",q=p(),y=a("td"),y.innerHTML='String',g=p(),B=a("td"),B.textContent="Auth record email address.",S=p(),$=a("tr"),R=a("td"),P=a("div"),H.c(),D=p(),M=a("span"),M.textContent="emailVisibility",W=p(),L=a("td"),L.innerHTML='Boolean',T=p(),k=a("td"),k.textContent="Whether to show/hide the auth record email when fetching the record data.",F=p(),ee=a("tr"),ee.innerHTML='
    Required password
    String Auth record password.',z=p(),U=a("tr"),U.innerHTML='
    Required passwordConfirm
    String Auth record password confirmation.',oe=p(),K=a("tr"),K.innerHTML=`
    Optional verified
    Boolean Indicates whether the auth record is verified or not. +
    + This field can be set only by superusers or auth records with "Manage" access.`,X=p(),Y=a("tr"),Y.innerHTML='Other fields',w(f,"class","inline-flex"),w(P,"class","inline-flex")},m(h,C){r(h,e,C),r(h,t,C),r(h,l,C),i(l,c),i(c,f),E.m(f,null),i(f,_),i(f,m),i(l,q),i(l,y),i(l,g),i(l,B),r(h,S,C),r(h,$,C),i($,R),i(R,P),H.m(P,null),i(P,D),i(P,M),i($,W),i($,L),i($,T),i($,k),r(h,F,C),r(h,ee,C),r(h,z,C),r(h,U,C),r(h,oe,C),r(h,K,C),r(h,X,C),r(h,Y,C)},p(h,C){te!==(te=ue(h,C))&&(E.d(1),E=te(h),E&&(E.c(),E.m(f,_))),G!==(G=Z(h,C))&&(H.d(1),H=G(h),H&&(H.c(),H.m(P,D)))},d(h){h&&(o(e),o(t),o(l),o(S),o($),o(F),o(ee),o(z),o(U),o(oe),o(K),o(X),o(Y)),E.d(),H.d()}}}function At(s){let e;return{c(){e=a("span"),e.textContent="Optional",w(e,"class","label label-warning")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function Bt(s){let e;return{c(){e=a("span"),e.textContent="Required",w(e,"class","label label-success")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function Vt(s){let e;return{c(){e=a("span"),e.textContent="Optional",w(e,"class","label label-warning")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function Nt(s){let e;return{c(){e=a("span"),e.textContent="Required",w(e,"class","label label-success")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function jt(s){let e;return{c(){e=a("span"),e.textContent="Required",w(e,"class","label label-success")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function Jt(s){let e;return{c(){e=a("span"),e.textContent="Optional",w(e,"class","label label-warning")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function Dt(s){let e,t=s[15].maxSelect===1?"id":"ids",l,c;return{c(){e=b("Relation record "),l=b(t),c=b(".")},m(f,u){r(f,e,u),r(f,l,u),r(f,c,u)},p(f,u){u&32&&t!==(t=f[15].maxSelect===1?"id":"ids")&&ae(l,t)},d(f){f&&(o(e),o(l),o(c))}}}function Et(s){let e,t,l,c,f,u,_,m,q;return{c(){e=b("File object."),t=a("br"),l=b(` + Set to empty value (`),c=a("code"),c.textContent="null",f=b(", "),u=a("code"),u.textContent='""',_=b(" or "),m=a("code"),m.textContent="[]",q=b(`) to delete + already uploaded file(s).`)},m(y,g){r(y,e,g),r(y,t,g),r(y,l,g),r(y,c,g),r(y,f,g),r(y,u,g),r(y,_,g),r(y,m,g),r(y,q,g)},p:fe,d(y){y&&(o(e),o(t),o(l),o(c),o(f),o(u),o(_),o(m),o(q))}}}function It(s){let e,t;return{c(){e=a("code"),e.textContent='{"lon":x,"lat":y}',t=b(" object.")},m(l,c){r(l,e,c),r(l,t,c)},p:fe,d(l){l&&(o(e),o(t))}}}function Ut(s){let e;return{c(){e=b("URL address.")},m(t,l){r(t,e,l)},p:fe,d(t){t&&o(e)}}}function Qt(s){let e;return{c(){e=b("Email address.")},m(t,l){r(t,e,l)},p:fe,d(t){t&&o(e)}}}function Wt(s){let e;return{c(){e=b("JSON array or object.")},m(t,l){r(t,e,l)},p:fe,d(t){t&&o(e)}}}function xt(s){let e;return{c(){e=b("Number value.")},m(t,l){r(t,e,l)},p:fe,d(t){t&&o(e)}}}function zt(s){let e,t,l=s[15].autogeneratePattern&&ht();return{c(){e=b(`Plain text value. + `),l&&l.c(),t=Ot()},m(c,f){r(c,e,f),l&&l.m(c,f),r(c,t,f)},p(c,f){c[15].autogeneratePattern?l||(l=ht(),l.c(),l.m(t.parentNode,t)):l&&(l.d(1),l=null)},d(c){c&&(o(e),o(t)),l&&l.d(c)}}}function ht(s){let e;return{c(){e=b("It is autogenerated if not set.")},m(t,l){r(t,e,l)},d(t){t&&o(e)}}}function vt(s,e){let t,l,c,f,u,_=e[15].name+"",m,q,y,g,B=we.getFieldValueType(e[15])+"",S,$,R,P;function I(k,F){return!k[15].required||k[15].type=="text"&&k[15].autogeneratePattern?Jt:jt}let D=I(e),M=D(e);function W(k,F){if(k[15].type==="text")return zt;if(k[15].type==="number")return xt;if(k[15].type==="json")return Wt;if(k[15].type==="email")return Qt;if(k[15].type==="url")return Ut;if(k[15].type==="geoPoint")return It;if(k[15].type==="file")return Et;if(k[15].type==="relation")return Dt}let L=W(e),T=L&&L(e);return{key:s,first:null,c(){t=a("tr"),l=a("td"),c=a("div"),M.c(),f=p(),u=a("span"),m=b(_),q=p(),y=a("td"),g=a("span"),S=b(B),$=p(),R=a("td"),T&&T.c(),P=p(),w(c,"class","inline-flex"),w(g,"class","label"),this.first=t},m(k,F){r(k,t,F),i(t,l),i(l,c),M.m(c,null),i(c,f),i(c,u),i(u,m),i(t,q),i(t,y),i(y,g),i(g,S),i(t,$),i(t,R),T&&T.m(R,null),i(t,P)},p(k,F){e=k,D!==(D=I(e))&&(M.d(1),M=D(e),M&&(M.c(),M.m(c,f))),F&32&&_!==(_=e[15].name+"")&&ae(m,_),F&32&&B!==(B=we.getFieldValueType(e[15])+"")&&ae(S,B),L===(L=W(e))&&T?T.p(e,F):(T&&T.d(1),T=L&&L(e),T&&(T.c(),T.m(R,null)))},d(k){k&&o(t),M.d(),T&&T.d()}}}function wt(s,e){let t,l=e[10].code+"",c,f,u,_;function m(){return e[9](e[10])}return{key:s,first:null,c(){t=a("button"),c=b(l),f=p(),w(t,"class","tab-item"),Se(t,"active",e[2]===e[10].code),this.first=t},m(q,y){r(q,t,y),i(t,c),i(t,f),u||(_=Ht(t,"click",m),u=!0)},p(q,y){e=q,y&8&&l!==(l=e[10].code+"")&&ae(c,l),y&12&&Se(t,"active",e[2]===e[10].code)},d(q){q&&o(t),u=!1,_()}}}function gt(s,e){let t,l,c,f;return l=new Ct({props:{content:e[10].body}}),{key:s,first:null,c(){t=a("div"),Te(l.$$.fragment),c=p(),w(t,"class","tab-item"),Se(t,"active",e[2]===e[10].code),this.first=t},m(u,_){r(u,t,_),qe(l,t,null),i(t,c),f=!0},p(u,_){e=u;const m={};_&8&&(m.content=e[10].body),l.$set(m),(!f||_&12)&&Se(t,"active",e[2]===e[10].code)},i(u){f||(ve(l.$$.fragment,u),f=!0)},o(u){he(l.$$.fragment,u),f=!1},d(u){u&&o(t),$e(l)}}}function Kt(s){var st,at,ot,rt;let e,t,l=s[0].name+"",c,f,u,_,m,q,y,g=s[0].name+"",B,S,$,R,P,I,D,M,W,L,T,k,F,ee,z,U,oe,K,X=s[0].name+"",Y,ue,te,E,Z,G,H,h,C,N,x,O=[],je=new Map,Me,pe,Pe,le,Le,Je,me,ne,Fe,De,He,Ee,A,Ie,re,Ue,Qe,We,Oe,xe,Re,ze,Ke,Xe,Ae,Ye,Ze,de,Be,be,Ve,ie,_e,Q=[],Ge=new Map,et,ke,j=[],tt=new Map,se;M=new St({props:{js:` +import PocketBase from 'pocketbase'; + +const pb = new PocketBase('${s[4]}'); + +... + +// example create data +const data = ${JSON.stringify(s[7](s[0]),null,4)}; + +const record = await pb.collection('${(st=s[0])==null?void 0:st.name}').create(data); +`+(s[1]?` +// (optional) send an email verification request +await pb.collection('${(at=s[0])==null?void 0:at.name}').requestVerification('test@example.com'); +`:""),dart:` +import 'package:pocketbase/pocketbase.dart'; + +final pb = PocketBase('${s[4]}'); + +... + +// example create body +final body = ${JSON.stringify(s[7](s[0]),null,2)}; + +final record = await pb.collection('${(ot=s[0])==null?void 0:ot.name}').create(body: body); +`+(s[1]?` +// (optional) send an email verification request +await pb.collection('${(rt=s[0])==null?void 0:rt.name}').requestVerification('test@example.com'); +`:"")}});let J=s[6]&&kt(),V=s[1]&&yt(s),ge=ce(s[5]);const lt=n=>n[15].name;for(let n=0;nn[10].code;for(let n=0;nn[10].code;for(let n=0;napplication/json or + multipart/form-data.`,P=p(),I=a("p"),I.innerHTML=`File upload is supported only via multipart/form-data. +
    + For more info and examples you could check the detailed + Files upload and handling docs + .`,D=p(),Te(M.$$.fragment),W=p(),L=a("h6"),L.textContent="API details",T=p(),k=a("div"),F=a("strong"),F.textContent="POST",ee=p(),z=a("div"),U=a("p"),oe=b("/api/collections/"),K=a("strong"),Y=b(X),ue=b("/records"),te=p(),J&&J.c(),E=p(),Z=a("div"),Z.textContent="Body Parameters",G=p(),H=a("table"),h=a("thead"),h.innerHTML='Param Type Description',C=p(),N=a("tbody"),V&&V.c(),x=p();for(let n=0;nParam Type Description',Je=p(),me=a("tbody"),ne=a("tr"),Fe=a("td"),Fe.textContent="expand",De=p(),He=a("td"),He.innerHTML='String',Ee=p(),A=a("td"),Ie=b(`Auto expand relations when returning the created record. Ex.: + `),Te(re.$$.fragment),Ue=b(` + Supports up to 6-levels depth nested relations expansion. `),Qe=a("br"),We=b(` + The expanded relations will be appended to the record under the + `),Oe=a("code"),Oe.textContent="expand",xe=b(" property (eg. "),Re=a("code"),Re.textContent='"expand": {"relField1": {...}, ...}',ze=b(`). + `),Ke=a("br"),Xe=b(` + Only the relations to which the request user has permissions to `),Ae=a("strong"),Ae.textContent="view",Ye=b(" will be expanded."),Ze=p(),Te(de.$$.fragment),Be=p(),be=a("div"),be.textContent="Responses",Ve=p(),ie=a("div"),_e=a("div");for(let n=0;n${JSON.stringify(n[7](n[0]),null,2)}; + +final record = await pb.collection('${(ft=n[0])==null?void 0:ft.name}').create(body: body); +`+(n[1]?` +// (optional) send an email verification request +await pb.collection('${(ut=n[0])==null?void 0:ut.name}').requestVerification('test@example.com'); +`:"")),M.$set(v),(!se||d&1)&&X!==(X=n[0].name+"")&&ae(Y,X),n[6]?J||(J=kt(),J.c(),J.m(k,null)):J&&(J.d(1),J=null),n[1]?V?V.p(n,d):(V=yt(n),V.c(),V.m(N,x)):V&&(V.d(1),V=null),d&32&&(ge=ce(n[5]),O=Ne(O,d,lt,1,n,ge,je,N,pt,vt,null,_t)),d&12&&(Ce=ce(n[3]),Q=Ne(Q,d,nt,1,n,Ce,Ge,_e,pt,wt,null,bt)),d&12&&(ye=ce(n[3]),Mt(),j=Ne(j,d,it,1,n,ye,tt,ke,Pt,gt,null,mt),Lt())},i(n){if(!se){ve(M.$$.fragment,n),ve(re.$$.fragment,n),ve(de.$$.fragment,n);for(let d=0;ds.name=="emailVisibility",Yt=s=>s.name=="email";function Zt(s,e,t){let l,c,f,u,_,{collection:m}=e,q=200,y=[];function g(S){let $=we.dummyCollectionSchemaData(S,!0);return l&&($.password="12345678",$.passwordConfirm="12345678",delete $.verified),$}const B=S=>t(2,q=S.code);return s.$$set=S=>{"collection"in S&&t(0,m=S.collection)},s.$$.update=()=>{var S,$,R;s.$$.dirty&1&&t(1,l=m.type==="auth"),s.$$.dirty&1&&t(6,c=(m==null?void 0:m.createRule)===null),s.$$.dirty&2&&t(8,f=l?["password","verified","email","emailVisibility"]:[]),s.$$.dirty&257&&t(5,u=((S=m==null?void 0:m.fields)==null?void 0:S.filter(P=>!P.hidden&&P.type!="autodate"&&!f.includes(P.name)))||[]),s.$$.dirty&1&&t(3,y=[{code:200,body:JSON.stringify(we.dummyCollectionRecord(m),null,2)},{code:400,body:` + { + "status": 400, + "message": "Failed to create record.", + "data": { + "${(R=($=m==null?void 0:m.fields)==null?void 0:$[0])==null?void 0:R.name}": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `},{code:403,body:` + { + "status": 403, + "message": "You are not allowed to perform this request.", + "data": {} + } + `}])},t(4,_=we.getApiExampleUrl(Ft.baseURL)),[m,l,q,y,_,u,c,g,f,B]}class tl extends $t{constructor(e){super(),qt(this,e,Zt,Kt,Tt,{collection:0})}}export{tl as default}; diff --git a/ui/dist/assets/DeleteApiDocs--Qfsn7Nc.js b/ui/dist/assets/DeleteApiDocs--Qfsn7Nc.js new file mode 100644 index 0000000..08de1f5 --- /dev/null +++ b/ui/dist/assets/DeleteApiDocs--Qfsn7Nc.js @@ -0,0 +1,53 @@ +import{S as Re,i as Ee,s as Pe,V as Te,X as j,h as p,d as De,t as te,a as le,I as ee,Z as he,_ as Be,C as Ie,$ as Oe,D as Ae,l as f,n as i,m as Ce,u as c,A as $,v as k,c as we,w as m,J as Me,p as qe,k as z,o as Le,W as Se}from"./index-BH0nlDnw.js";function ke(a,l,s){const n=a.slice();return n[6]=l[s],n}function ge(a,l,s){const n=a.slice();return n[6]=l[s],n}function ve(a){let l;return{c(){l=c("p"),l.innerHTML="Requires superuser Authorization:TOKEN header",m(l,"class","txt-hint txt-sm txt-right")},m(s,n){f(s,l,n)},d(s){s&&p(l)}}}function $e(a,l){let s,n,h;function r(){return l[5](l[6])}return{key:a,first:null,c(){s=c("button"),s.textContent=`${l[6].code} `,m(s,"class","tab-item"),z(s,"active",l[2]===l[6].code),this.first=s},m(o,d){f(o,s,d),n||(h=Le(s,"click",r),n=!0)},p(o,d){l=o,d&20&&z(s,"active",l[2]===l[6].code)},d(o){o&&p(s),n=!1,h()}}}function ye(a,l){let s,n,h,r;return n=new Se({props:{content:l[6].body}}),{key:a,first:null,c(){s=c("div"),we(n.$$.fragment),h=k(),m(s,"class","tab-item"),z(s,"active",l[2]===l[6].code),this.first=s},m(o,d){f(o,s,d),Ce(n,s,null),i(s,h),r=!0},p(o,d){l=o,(!r||d&20)&&z(s,"active",l[2]===l[6].code)},i(o){r||(le(n.$$.fragment,o),r=!0)},o(o){te(n.$$.fragment,o),r=!1},d(o){o&&p(s),De(n)}}}function He(a){var fe,me;let l,s,n=a[0].name+"",h,r,o,d,y,D,F,q=a[0].name+"",J,se,K,C,N,P,V,g,L,ae,S,E,ne,W,H=a[0].name+"",X,oe,Z,ie,G,T,Q,B,Y,I,x,w,O,v=[],ce=new Map,re,A,b=[],de=new Map,R;C=new Te({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${a[3]}'); + + ... + + await pb.collection('${(fe=a[0])==null?void 0:fe.name}').delete('RECORD_ID'); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${a[3]}'); + + ... + + await pb.collection('${(me=a[0])==null?void 0:me.name}').delete('RECORD_ID'); + `}});let _=a[1]&&ve(),U=j(a[4]);const ue=e=>e[6].code;for(let e=0;ee[6].code;for(let e=0;eParam Type Description id String ID of the record to delete.',Y=k(),I=c("div"),I.textContent="Responses",x=k(),w=c("div"),O=c("div");for(let e=0;es(2,o=D.code);return a.$$set=D=>{"collection"in D&&s(0,r=D.collection)},a.$$.update=()=>{a.$$.dirty&1&&s(1,n=(r==null?void 0:r.deleteRule)===null),a.$$.dirty&3&&r!=null&&r.id&&(d.push({code:204,body:` + null + `}),d.push({code:400,body:` + { + "status": 400, + "message": "Failed to delete record. Make sure that the record is not part of a required relation reference.", + "data": {} + } + `}),n&&d.push({code:403,body:` + { + "status": 403, + "message": "Only superusers can access this action.", + "data": {} + } + `}),d.push({code:404,body:` + { + "status": 404, + "message": "The requested resource wasn't found.", + "data": {} + } + `}))},s(3,h=Me.getApiExampleUrl(qe.baseURL)),[r,n,o,h,d,y]}class ze extends Re{constructor(l){super(),Ee(this,l,Ue,He,Pe,{collection:0})}}export{ze as default}; diff --git a/ui/dist/assets/EmailChangeDocs-_bs_4G0n.js b/ui/dist/assets/EmailChangeDocs-_bs_4G0n.js new file mode 100644 index 0000000..12e388c --- /dev/null +++ b/ui/dist/assets/EmailChangeDocs-_bs_4G0n.js @@ -0,0 +1,120 @@ +import{S as se,i as oe,s as ie,X as K,h as g,t as X,a as V,I as F,Z as le,_ as Re,C as ne,$ as Se,D as ae,l as v,n as u,u as p,v as y,A as U,w as b,k as Y,o as ce,W as Oe,d as x,m as ee,c as te,V as Me,Y as _e,J as Be,p as De,a0 as be}from"./index-BH0nlDnw.js";function ge(n,e,t){const l=n.slice();return l[4]=e[t],l}function ve(n,e,t){const l=n.slice();return l[4]=e[t],l}function ke(n,e){let t,l=e[4].code+"",d,i,r,a;function m(){return e[3](e[4])}return{key:n,first:null,c(){t=p("button"),d=U(l),i=y(),b(t,"class","tab-item"),Y(t,"active",e[1]===e[4].code),this.first=t},m(k,q){v(k,t,q),u(t,d),u(t,i),r||(a=ce(t,"click",m),r=!0)},p(k,q){e=k,q&4&&l!==(l=e[4].code+"")&&F(d,l),q&6&&Y(t,"active",e[1]===e[4].code)},d(k){k&&g(t),r=!1,a()}}}function $e(n,e){let t,l,d,i;return l=new Oe({props:{content:e[4].body}}),{key:n,first:null,c(){t=p("div"),te(l.$$.fragment),d=y(),b(t,"class","tab-item"),Y(t,"active",e[1]===e[4].code),this.first=t},m(r,a){v(r,t,a),ee(l,t,null),u(t,d),i=!0},p(r,a){e=r;const m={};a&4&&(m.content=e[4].body),l.$set(m),(!i||a&6)&&Y(t,"active",e[1]===e[4].code)},i(r){i||(V(l.$$.fragment,r),i=!0)},o(r){X(l.$$.fragment,r),i=!1},d(r){r&&g(t),x(l)}}}function Ne(n){let e,t,l,d,i,r,a,m=n[0].name+"",k,q,G,H,J,L,z,B,D,S,N,A=[],O=new Map,P,j,T=[],W=new Map,w,E=K(n[2]);const M=c=>c[4].code;for(let c=0;cc[4].code;for(let c=0;c<_.length;c+=1){let f=ge(n,_,c),s=Z(f);W.set(s,T[c]=$e(s,f))}return{c(){e=p("div"),t=p("strong"),t.textContent="POST",l=y(),d=p("div"),i=p("p"),r=U("/api/collections/"),a=p("strong"),k=U(m),q=U("/confirm-email-change"),G=y(),H=p("div"),H.textContent="Body Parameters",J=y(),L=p("table"),L.innerHTML='Param Type Description
    Required token
    String The token from the change email request email.
    Required password
    String The account password to confirm the email change.',z=y(),B=p("div"),B.textContent="Responses",D=y(),S=p("div"),N=p("div");for(let c=0;ct(1,d=a.code);return n.$$set=a=>{"collection"in a&&t(0,l=a.collection)},t(2,i=[{code:204,body:"null"},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "token": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}]),[l,d,i,r]}class He extends se{constructor(e){super(),oe(this,e,We,Ne,ie,{collection:0})}}function we(n,e,t){const l=n.slice();return l[4]=e[t],l}function Ce(n,e,t){const l=n.slice();return l[4]=e[t],l}function ye(n,e){let t,l=e[4].code+"",d,i,r,a;function m(){return e[3](e[4])}return{key:n,first:null,c(){t=p("button"),d=U(l),i=y(),b(t,"class","tab-item"),Y(t,"active",e[1]===e[4].code),this.first=t},m(k,q){v(k,t,q),u(t,d),u(t,i),r||(a=ce(t,"click",m),r=!0)},p(k,q){e=k,q&4&&l!==(l=e[4].code+"")&&F(d,l),q&6&&Y(t,"active",e[1]===e[4].code)},d(k){k&&g(t),r=!1,a()}}}function Ee(n,e){let t,l,d,i;return l=new Oe({props:{content:e[4].body}}),{key:n,first:null,c(){t=p("div"),te(l.$$.fragment),d=y(),b(t,"class","tab-item"),Y(t,"active",e[1]===e[4].code),this.first=t},m(r,a){v(r,t,a),ee(l,t,null),u(t,d),i=!0},p(r,a){e=r;const m={};a&4&&(m.content=e[4].body),l.$set(m),(!i||a&6)&&Y(t,"active",e[1]===e[4].code)},i(r){i||(V(l.$$.fragment,r),i=!0)},o(r){X(l.$$.fragment,r),i=!1},d(r){r&&g(t),x(l)}}}function Le(n){let e,t,l,d,i,r,a,m=n[0].name+"",k,q,G,H,J,L,z,B,D,S,N,A,O,P=[],j=new Map,T,W,w=[],E=new Map,M,_=K(n[2]);const Z=s=>s[4].code;for(let s=0;s<_.length;s+=1){let h=Ce(n,_,s),R=Z(h);j.set(R,P[s]=ye(R,h))}let c=K(n[2]);const f=s=>s[4].code;for(let s=0;sAuthorization:TOKEN",J=y(),L=p("div"),L.textContent="Body Parameters",z=y(),B=p("table"),B.innerHTML='Param Type Description
    Required newEmail
    String The new email address to send the change email request.',D=y(),S=p("div"),S.textContent="Responses",N=y(),A=p("div"),O=p("div");for(let s=0;st(1,d=a.code);return n.$$set=a=>{"collection"in a&&t(0,l=a.collection)},t(2,i=[{code:204,body:"null"},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "newEmail": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `},{code:401,body:` + { + "status": 401, + "message": "The request requires valid record authorization token to be set.", + "data": {} + } + `},{code:403,body:` + { + "status": 403, + "message": "The authorized record model is not allowed to perform this action.", + "data": {} + } + `}]),[l,d,i,r]}class Ie extends se{constructor(e){super(),oe(this,e,Ue,Le,ie,{collection:0})}}function Ae(n,e,t){const l=n.slice();return l[5]=e[t],l[7]=t,l}function Te(n,e,t){const l=n.slice();return l[5]=e[t],l[7]=t,l}function qe(n){let e,t,l,d,i;function r(){return n[4](n[7])}return{c(){e=p("button"),t=p("div"),t.textContent=`${n[5].title}`,l=y(),b(t,"class","txt"),b(e,"class","tab-item"),Y(e,"active",n[1]==n[7])},m(a,m){v(a,e,m),u(e,t),u(e,l),d||(i=ce(e,"click",r),d=!0)},p(a,m){n=a,m&2&&Y(e,"active",n[1]==n[7])},d(a){a&&g(e),d=!1,i()}}}function Pe(n){let e,t,l,d;var i=n[5].component;function r(a,m){return{props:{collection:a[0]}}}return i&&(t=be(i,r(n))),{c(){e=p("div"),t&&te(t.$$.fragment),l=y(),b(e,"class","tab-item"),Y(e,"active",n[1]==n[7])},m(a,m){v(a,e,m),t&&ee(t,e,null),u(e,l),d=!0},p(a,m){if(i!==(i=a[5].component)){if(t){ne();const k=t;X(k.$$.fragment,1,0,()=>{x(k,1)}),ae()}i?(t=be(i,r(a)),te(t.$$.fragment),V(t.$$.fragment,1),ee(t,e,l)):t=null}else if(i){const k={};m&1&&(k.collection=a[0]),t.$set(k)}(!d||m&2)&&Y(e,"active",a[1]==a[7])},i(a){d||(t&&V(t.$$.fragment,a),d=!0)},o(a){t&&X(t.$$.fragment,a),d=!1},d(a){a&&g(e),t&&x(t)}}}function Ke(n){var c,f,s,h,R,re;let e,t,l=n[0].name+"",d,i,r,a,m,k,q,G=n[0].name+"",H,J,L,z,B,D,S,N,A,O,P,j,T,W;D=new Me({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${n[2]}'); + + ... + + await pb.collection('${(c=n[0])==null?void 0:c.name}').authWithPassword('test@example.com', '1234567890'); + + await pb.collection('${(f=n[0])==null?void 0:f.name}').requestEmailChange('new@example.com'); + + // --- + // (optional) in your custom confirmation page: + // --- + + // note: after this call all previously issued auth tokens are invalidated + await pb.collection('${(s=n[0])==null?void 0:s.name}').confirmEmailChange( + 'EMAIL_CHANGE_TOKEN', + 'YOUR_PASSWORD', + ); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${n[2]}'); + + ... + + await pb.collection('${(h=n[0])==null?void 0:h.name}').authWithPassword('test@example.com', '1234567890'); + + await pb.collection('${(R=n[0])==null?void 0:R.name}').requestEmailChange('new@example.com'); + + ... + + // --- + // (optional) in your custom confirmation page: + // --- + + // note: after this call all previously issued auth tokens are invalidated + await pb.collection('${(re=n[0])==null?void 0:re.name}').confirmEmailChange( + 'EMAIL_CHANGE_TOKEN', + 'YOUR_PASSWORD', + ); + `}});let w=K(n[3]),E=[];for(let o=0;oX(_[o],1,1,()=>{_[o]=null});return{c(){e=p("h3"),t=U("Email change ("),d=U(l),i=U(")"),r=y(),a=p("div"),m=p("p"),k=U("Sends "),q=p("strong"),H=U(G),J=U(" email change request."),L=y(),z=p("p"),z.textContent=`On successful email change all previously issued auth tokens for the specific record will be + automatically invalidated.`,B=y(),te(D.$$.fragment),S=y(),N=p("h6"),N.textContent="API details",A=y(),O=p("div"),P=p("div");for(let o=0;ot(1,r=m);return n.$$set=m=>{"collection"in m&&t(0,d=m.collection)},t(2,l=Be.getApiExampleUrl(De.baseURL)),[d,r,l,i,a]}class ze extends se{constructor(e){super(),oe(this,e,Ye,Ke,ie,{collection:0})}}export{ze as default}; diff --git a/ui/dist/assets/FieldsQueryParam-DQVKTiQb.js b/ui/dist/assets/FieldsQueryParam-DQVKTiQb.js new file mode 100644 index 0000000..4f9b15e --- /dev/null +++ b/ui/dist/assets/FieldsQueryParam-DQVKTiQb.js @@ -0,0 +1,7 @@ +import{S as J,i as N,s as O,W as P,h as Q,d as R,t as W,a as j,I as z,l as D,n as e,m as G,u as t,v as c,A as i,c as K,w as U}from"./index-BH0nlDnw.js";function V(f){let n,o,u,d,k,s,p,w,g,y,r,F,_,S,b,E,C,a,$,L,q,H,I,M,m,T,v,A,x;return r=new P({props:{content:"?fields=*,"+f[0]+"expand.relField.name"}}),{c(){n=t("tr"),o=t("td"),o.textContent="fields",u=c(),d=t("td"),d.innerHTML='String',k=c(),s=t("td"),p=t("p"),w=i(`Comma separated string of the fields to return in the JSON response + `),g=t("em"),g.textContent="(by default returns all fields)",y=i(`. Ex.: + `),K(r.$$.fragment),F=c(),_=t("p"),_.innerHTML="* targets all keys from the specific depth level.",S=c(),b=t("p"),b.textContent="In addition, the following field modifiers are also supported:",E=c(),C=t("ul"),a=t("li"),$=t("code"),$.textContent=":excerpt(maxLength, withEllipsis?)",L=c(),q=t("br"),H=i(` + Returns a short plain text version of the field string value. + `),I=t("br"),M=i(` + Ex.: + `),m=t("code"),T=i("?fields=*,"),v=i(f[0]),A=i("description:excerpt(200,true)"),U(o,"id","query-page")},m(l,h){D(l,n,h),e(n,o),e(n,u),e(n,d),e(n,k),e(n,s),e(s,p),e(p,w),e(p,g),e(p,y),G(r,p,null),e(s,F),e(s,_),e(s,S),e(s,b),e(s,E),e(s,C),e(C,a),e(a,$),e(a,L),e(a,q),e(a,H),e(a,I),e(a,M),e(a,m),e(m,T),e(m,v),e(m,A),x=!0},p(l,[h]){const B={};h&1&&(B.content="?fields=*,"+l[0]+"expand.relField.name"),r.$set(B),(!x||h&1)&&z(v,l[0])},i(l){x||(j(r.$$.fragment,l),x=!0)},o(l){W(r.$$.fragment,l),x=!1},d(l){l&&Q(n),R(r)}}}function X(f,n,o){let{prefix:u=""}=n;return f.$$set=d=>{"prefix"in d&&o(0,u=d.prefix)},[u]}class Z extends J{constructor(n){super(),N(this,n,X,V,O,{prefix:0})}}export{Z as F}; diff --git a/ui/dist/assets/FilterAutocompleteInput-CBf9aYgb.js b/ui/dist/assets/FilterAutocompleteInput-CBf9aYgb.js new file mode 100644 index 0000000..404c455 --- /dev/null +++ b/ui/dist/assets/FilterAutocompleteInput-CBf9aYgb.js @@ -0,0 +1 @@ +import{S as $,i as ee,s as te,H as M,h as ne,l as re,u as ae,w as ie,O as oe,T as le,U as se,Q as de,J as u,y as ce}from"./index-BH0nlDnw.js";import{c as fe,d as ue,s as ge,h as he,a as ye,E,b as S,e as pe,f as ke,g as me,i as xe,j as be,k as we,l as Ee,m as Se,r as Ke,n as Ce,o as Re,p as Le,C as R,q as G,t as qe,S as ve,u as Oe,v as We}from"./index-Bd1MzT5k.js";function _e(e){return new Worker(""+new URL("autocomplete.worker-SdNqUZMM.js",import.meta.url).href,{name:e==null?void 0:e.name})}function Me(e){Q(e,"start");var r={},t=e.languageData||{},g=!1;for(var h in e)if(h!=t&&e.hasOwnProperty(h))for(var f=r[h]=[],i=e[h],a=0;a2&&i.token&&typeof i.token!="string"){t.pending=[];for(var s=2;s-1)return null;var h=t.indent.length-1,f=e[t.state];e:for(;;){for(var i=0;it(21,g=n));const h=se();let{id:f=""}=r,{value:i=""}=r,{disabled:a=!1}=r,{placeholder:o=""}=r,{baseCollection:s=null}=r,{singleLine:y=!1}=r,{extraAutocompleteKeys:L=[]}=r,{disableRequestKeys:b=!1}=r,{disableCollectionJoinKeys:m=!1}=r,d,p,q=a,T=new R,D=new R,J=new R,A=new R,v=new _e,H=[],I=[],B=[],K="",O="";function W(){d==null||d.focus()}let _=null;v.onmessage=n=>{B=n.data.baseKeys||[],H=n.data.requestKeys||[],I=n.data.collectionJoinKeys||[]};function V(){clearTimeout(_),_=setTimeout(()=>{v.postMessage({baseCollection:s,collections:Z(g),disableRequestKeys:b,disableCollectionJoinKeys:m})},250)}function Z(n){let c=n.slice();return s&&u.pushOrReplaceByKey(c,s,"id"),c}function U(){p==null||p.dispatchEvent(new CustomEvent("change",{detail:{value:i},bubbles:!0}))}function F(){if(!f)return;const n=document.querySelectorAll('[for="'+f+'"]');for(let c of n)c.removeEventListener("click",W)}function N(){if(!f)return;F();const n=document.querySelectorAll('[for="'+f+'"]');for(let c of n)c.addEventListener("click",W)}function j(n=!0,c=!0){let l=[].concat(L);return l=l.concat(B||[]),n&&(l=l.concat(H||[])),c&&(l=l.concat(I||[])),l}function z(n){var w;let c=n.matchBefore(/[\'\"\@\w\.]*/);if(c&&c.from==c.to&&!n.explicit)return null;let l=We(n.state).resolveInner(n.pos,-1);if(((w=l==null?void 0:l.type)==null?void 0:w.name)=="comment")return null;let x=[{label:"false"},{label:"true"},{label:"@now"},{label:"@second"},{label:"@minute"},{label:"@hour"},{label:"@year"},{label:"@day"},{label:"@month"},{label:"@weekday"},{label:"@yesterday"},{label:"@tomorrow"},{label:"@todayStart"},{label:"@todayEnd"},{label:"@monthStart"},{label:"@monthEnd"},{label:"@yearStart"},{label:"@yearEnd"}];m||x.push({label:"@collection.*",apply:"@collection."});let C=j(!b&&c.text.startsWith("@r"),!m&&c.text.startsWith("@c"));for(const k of C)x.push({label:k.endsWith(".")?k+"*":k,apply:k,boost:k.indexOf("_via_")>0?-1:0});return{from:c.from,options:x}}function P(){return ve.define(Me({start:[{regex:/true|false|null/,token:"atom"},{regex:/\/\/.*/,token:"comment"},{regex:/"(?:[^\\]|\\.)*?(?:"|$)/,token:"string"},{regex:/'(?:[^\\]|\\.)*?(?:'|$)/,token:"string"},{regex:/0x[a-f\d]+|[-+]?(?:\.\d+|\d+\.?\d*)(?:e[-+]?\d+)?/i,token:"number"},{regex:/\&\&|\|\||\=|\!\=|\~|\!\~|\>|\<|\>\=|\<\=/,token:"operator"},{regex:/[\{\[\(]/,indent:!0},{regex:/[\}\]\)]/,dedent:!0},{regex:/\w+[\w\.]*\w+/,token:"keyword"},{regex:u.escapeRegExp("@now"),token:"keyword"},{regex:u.escapeRegExp("@second"),token:"keyword"},{regex:u.escapeRegExp("@minute"),token:"keyword"},{regex:u.escapeRegExp("@hour"),token:"keyword"},{regex:u.escapeRegExp("@year"),token:"keyword"},{regex:u.escapeRegExp("@day"),token:"keyword"},{regex:u.escapeRegExp("@month"),token:"keyword"},{regex:u.escapeRegExp("@weekday"),token:"keyword"},{regex:u.escapeRegExp("@todayStart"),token:"keyword"},{regex:u.escapeRegExp("@todayEnd"),token:"keyword"},{regex:u.escapeRegExp("@monthStart"),token:"keyword"},{regex:u.escapeRegExp("@monthEnd"),token:"keyword"},{regex:u.escapeRegExp("@yearStart"),token:"keyword"},{regex:u.escapeRegExp("@yearEnd"),token:"keyword"},{regex:u.escapeRegExp("@request.method"),token:"keyword"}],meta:{lineComment:"//"}}))}de(()=>{const n={key:"Enter",run:l=>{y&&h("submit",i)}};N();let c=[n,...fe,...ue,ge.find(l=>l.key==="Mod-d"),...he,...ye];return y||c.push(qe),t(11,d=new E({parent:p,state:S.create({doc:i,extensions:[pe(),ke(),me(),xe(),be(),S.allowMultipleSelections.of(!0),we(Oe,{fallback:!0}),Ee(),Se(),Ke(),Ce(),Re.of(c),E.lineWrapping,Le({override:[z],icons:!1}),A.of(G(o)),D.of(E.editable.of(!a)),J.of(S.readOnly.of(a)),T.of(P()),S.transactionFilter.of(l=>{var x,C,w;if(y&&l.newDoc.lines>1){if(!((w=(C=(x=l.changes)==null?void 0:x.inserted)==null?void 0:C.filter(k=>!!k.text.find(Y=>Y)))!=null&&w.length))return[];l.newDoc.text=[l.newDoc.text.join(" ")]}return l}),E.updateListener.of(l=>{!l.docChanged||a||(t(1,i=l.state.doc.toString()),U())})]})})),()=>{clearTimeout(_),F(),d==null||d.destroy(),v.terminate()}});function X(n){ce[n?"unshift":"push"](()=>{p=n,t(0,p)})}return e.$$set=n=>{"id"in n&&t(2,f=n.id),"value"in n&&t(1,i=n.value),"disabled"in n&&t(3,a=n.disabled),"placeholder"in n&&t(4,o=n.placeholder),"baseCollection"in n&&t(5,s=n.baseCollection),"singleLine"in n&&t(6,y=n.singleLine),"extraAutocompleteKeys"in n&&t(7,L=n.extraAutocompleteKeys),"disableRequestKeys"in n&&t(8,b=n.disableRequestKeys),"disableCollectionJoinKeys"in n&&t(9,m=n.disableCollectionJoinKeys)},e.$$.update=()=>{e.$$.dirty[0]&32&&t(13,K=Be(s)),e.$$.dirty[0]&25352&&!a&&(O!=K||b!==-1||m!==-1)&&(t(14,O=K),V()),e.$$.dirty[0]&4&&f&&N(),e.$$.dirty[0]&2080&&d&&s!=null&&s.fields&&d.dispatch({effects:[T.reconfigure(P())]}),e.$$.dirty[0]&6152&&d&&q!=a&&(d.dispatch({effects:[D.reconfigure(E.editable.of(!a)),J.reconfigure(S.readOnly.of(a))]}),t(12,q=a),U()),e.$$.dirty[0]&2050&&d&&i!=d.state.doc.toString()&&d.dispatch({changes:{from:0,to:d.state.doc.length,insert:i}}),e.$$.dirty[0]&2064&&d&&typeof o<"u"&&d.dispatch({effects:[A.reconfigure(G(o))]})},[p,i,f,a,o,s,y,L,b,m,W,d,q,K,O,X]}class Pe extends ${constructor(r){super(),ee(this,r,Ue,Ie,te,{id:2,value:1,disabled:3,placeholder:4,baseCollection:5,singleLine:6,extraAutocompleteKeys:7,disableRequestKeys:8,disableCollectionJoinKeys:9,focus:10},null,[-1,-1])}get focus(){return this.$$.ctx[10]}}export{Pe as default}; diff --git a/ui/dist/assets/Leaflet-DCQr6yJv.css b/ui/dist/assets/Leaflet-DCQr6yJv.css new file mode 100644 index 0000000..c4d8330 --- /dev/null +++ b/ui/dist/assets/Leaflet-DCQr6yJv.css @@ -0,0 +1 @@ +.leaflet-pane,.leaflet-tile,.leaflet-marker-icon,.leaflet-marker-shadow,.leaflet-tile-container,.leaflet-pane>svg,.leaflet-pane>canvas,.leaflet-zoom-box,.leaflet-image-layer,.leaflet-layer{position:absolute;left:0;top:0}.leaflet-container{overflow:hidden}.leaflet-tile,.leaflet-marker-icon,.leaflet-marker-shadow{-webkit-user-select:none;-moz-user-select:none;user-select:none;-webkit-user-drag:none}.leaflet-tile::selection{background:transparent}.leaflet-safari .leaflet-tile{image-rendering:-webkit-optimize-contrast}.leaflet-safari .leaflet-tile-container{width:1600px;height:1600px;-webkit-transform-origin:0 0}.leaflet-marker-icon,.leaflet-marker-shadow{display:block}.leaflet-container .leaflet-overlay-pane svg{max-width:none!important;max-height:none!important}.leaflet-container .leaflet-marker-pane img,.leaflet-container .leaflet-shadow-pane img,.leaflet-container .leaflet-tile-pane img,.leaflet-container img.leaflet-image-layer,.leaflet-container .leaflet-tile{max-width:none!important;max-height:none!important;width:auto;padding:0}.leaflet-container img.leaflet-tile{mix-blend-mode:plus-lighter}.leaflet-container.leaflet-touch-zoom{-ms-touch-action:pan-x pan-y;touch-action:pan-x pan-y}.leaflet-container.leaflet-touch-drag{-ms-touch-action:pinch-zoom;touch-action:none;touch-action:pinch-zoom}.leaflet-container.leaflet-touch-drag.leaflet-touch-zoom{-ms-touch-action:none;touch-action:none}.leaflet-container{-webkit-tap-highlight-color:transparent}.leaflet-container a{-webkit-tap-highlight-color:rgba(51,181,229,.4)}.leaflet-tile{filter:inherit;visibility:hidden}.leaflet-tile-loaded{visibility:inherit}.leaflet-zoom-box{width:0;height:0;-moz-box-sizing:border-box;box-sizing:border-box;z-index:800}.leaflet-overlay-pane svg{-moz-user-select:none}.leaflet-pane{z-index:400}.leaflet-tile-pane{z-index:200}.leaflet-overlay-pane{z-index:400}.leaflet-shadow-pane{z-index:500}.leaflet-marker-pane{z-index:600}.leaflet-tooltip-pane{z-index:650}.leaflet-popup-pane{z-index:700}.leaflet-map-pane canvas{z-index:100}.leaflet-map-pane svg{z-index:200}.leaflet-vml-shape{width:1px;height:1px}.lvml{behavior:url(#default#VML);display:inline-block;position:absolute}.leaflet-control{position:relative;z-index:800;pointer-events:visiblePainted;pointer-events:auto}.leaflet-top,.leaflet-bottom{position:absolute;z-index:1000;pointer-events:none}.leaflet-top{top:0}.leaflet-right{right:0}.leaflet-bottom{bottom:0}.leaflet-left{left:0}.leaflet-control{float:left;clear:both}.leaflet-right .leaflet-control{float:right}.leaflet-top .leaflet-control{margin-top:10px}.leaflet-bottom .leaflet-control{margin-bottom:10px}.leaflet-left .leaflet-control{margin-left:10px}.leaflet-right .leaflet-control{margin-right:10px}.leaflet-fade-anim .leaflet-popup{opacity:0;-webkit-transition:opacity .2s linear;-moz-transition:opacity .2s linear;transition:opacity .2s linear}.leaflet-fade-anim .leaflet-map-pane .leaflet-popup{opacity:1}.leaflet-zoom-animated{-webkit-transform-origin:0 0;-ms-transform-origin:0 0;transform-origin:0 0}svg.leaflet-zoom-animated{will-change:transform}.leaflet-zoom-anim .leaflet-zoom-animated{-webkit-transition:-webkit-transform .25s cubic-bezier(0,0,.25,1);-moz-transition:-moz-transform .25s cubic-bezier(0,0,.25,1);transition:transform .25s cubic-bezier(0,0,.25,1)}.leaflet-zoom-anim .leaflet-tile,.leaflet-pan-anim .leaflet-tile{-webkit-transition:none;-moz-transition:none;transition:none}.leaflet-zoom-anim .leaflet-zoom-hide{visibility:hidden}.leaflet-interactive{cursor:pointer}.leaflet-grab{cursor:-webkit-grab;cursor:-moz-grab;cursor:grab}.leaflet-crosshair,.leaflet-crosshair .leaflet-interactive{cursor:crosshair}.leaflet-popup-pane,.leaflet-control{cursor:auto}.leaflet-dragging .leaflet-grab,.leaflet-dragging .leaflet-grab .leaflet-interactive,.leaflet-dragging .leaflet-marker-draggable{cursor:move;cursor:-webkit-grabbing;cursor:-moz-grabbing;cursor:grabbing}.leaflet-marker-icon,.leaflet-marker-shadow,.leaflet-image-layer,.leaflet-pane>svg path,.leaflet-tile-container{pointer-events:none}.leaflet-marker-icon.leaflet-interactive,.leaflet-image-layer.leaflet-interactive,.leaflet-pane>svg path.leaflet-interactive,svg.leaflet-image-layer.leaflet-interactive path{pointer-events:visiblePainted;pointer-events:auto}.leaflet-container{background:#ddd;outline-offset:1px}.leaflet-container a{color:#0078a8}.leaflet-zoom-box{border:2px dotted #38f;background:#ffffff80}.leaflet-container{font-family:Helvetica Neue,Arial,Helvetica,sans-serif;font-size:12px;font-size:.75rem;line-height:1.5}.leaflet-bar{box-shadow:0 1px 5px #000000a6;border-radius:4px}.leaflet-bar a{background-color:#fff;border-bottom:1px solid #ccc;width:26px;height:26px;line-height:26px;display:block;text-align:center;text-decoration:none;color:#000}.leaflet-bar a,.leaflet-control-layers-toggle{background-position:50% 50%;background-repeat:no-repeat;display:block}.leaflet-bar a:hover,.leaflet-bar a:focus{background-color:#f4f4f4}.leaflet-bar a:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.leaflet-bar a:last-child{border-bottom-left-radius:4px;border-bottom-right-radius:4px;border-bottom:none}.leaflet-bar a.leaflet-disabled{cursor:default;background-color:#f4f4f4;color:#bbb}.leaflet-touch .leaflet-bar a{width:30px;height:30px;line-height:30px}.leaflet-touch .leaflet-bar a:first-child{border-top-left-radius:2px;border-top-right-radius:2px}.leaflet-touch .leaflet-bar a:last-child{border-bottom-left-radius:2px;border-bottom-right-radius:2px}.leaflet-control-zoom-in,.leaflet-control-zoom-out{font:700 18px Lucida Console,Monaco,monospace;text-indent:1px}.leaflet-touch .leaflet-control-zoom-in,.leaflet-touch .leaflet-control-zoom-out{font-size:22px}.leaflet-control-layers{box-shadow:0 1px 5px #0006;background:#fff;border-radius:5px}.leaflet-control-layers-toggle{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaCAQAAAADQ4RFAAACf0lEQVR4AY1UM3gkARTePdvdoTxXKc+qTl3aU5U6b2Kbkz3Gtq3Zw6ziLGNPzrYx7946Tr6/ee/XeCQ4D3ykPtL5tHno4n0d/h3+xfuWHGLX81cn7r0iTNzjr7LrlxCqPtkbTQEHeqOrTy4Yyt3VCi/IOB0v7rVC7q45Q3Gr5K6jt+3Gl5nCoDD4MtO+j96Wu8atmhGqcNGHObuf8OM/x3AMx38+4Z2sPqzCxRFK2aF2e5Jol56XTLyggAMTL56XOMoS1W4pOyjUcGGQdZxU6qRh7B9Zp+PfpOFlqt0zyDZckPi1ttmIp03jX8gyJ8a/PG2yutpS/Vol7peZIbZcKBAEEheEIAgFbDkz5H6Zrkm2hVWGiXKiF4Ycw0RWKdtC16Q7qe3X4iOMxruonzegJzWaXFrU9utOSsLUmrc0YjeWYjCW4PDMADElpJSSQ0vQvA1Tm6/JlKnqFs1EGyZiFCqnRZTEJJJiKRYzVYzJck2Rm6P4iH+cmSY0YzimYa8l0EtTODFWhcMIMVqdsI2uiTvKmTisIDHJ3od5GILVhBCarCfVRmo4uTjkhrhzkiBV7SsaqS+TzrzM1qpGGUFt28pIySQHR6h7F6KSwGWm97ay+Z+ZqMcEjEWebE7wxCSQwpkhJqoZA5ivCdZDjJepuJ9IQjGGUmuXJdBFUygxVqVsxFsLMbDe8ZbDYVCGKxs+W080max1hFCarCfV+C1KATwcnvE9gRRuMP2prdbWGowm1KB1y+zwMMENkM755cJ2yPDtqhTI6ED1M/82yIDtC/4j4BijjeObflpO9I9MwXTCsSX8jWAFeHr05WoLTJ5G8IQVS/7vwR6ohirYM7f6HzYpogfS3R2OAAAAAElFTkSuQmCC);width:36px;height:36px}.leaflet-retina .leaflet-control-layers-toggle{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADQAAAA0CAQAAABvcdNgAAAEsklEQVR4AWL4TydIhpZK1kpWOlg0w3ZXP6D2soBtG42jeI6ZmQTHzAxiTbSJsYLjO9HhP+WOmcuhciVnmHVQcJnp7DFvScowZorad/+V/fVzMdMT2g9Cv9guXGv/7pYOrXh2U+RRR3dSd9JRx6bIFc/ekqHI29JC6pJ5ZEh1yWkhkbcFeSjxgx3L2m1cb1C7bceyxA+CNjT/Ifff+/kDk2u/w/33/IeCMOSaWZ4glosqT3DNnNZQ7Cs58/3Ce5HL78iZH/vKVIaYlqzfdLu8Vi7dnvUbEza5Idt36tquZFldl6N5Z/POLof0XLK61mZCmJSWjVF9tEjUluu74IUXvgttuVIHE7YxSkaYhJZam7yiM9Pv82JYfl9nptxZaxMJE4YSPty+vF0+Y2up9d3wwijfjZbabqm/3bZ9ecKHsiGmRflnn1MW4pjHf9oLufyn2z3y1D6n8g8TZhxyzipLNPnAUpsOiuWimg52psrTZYnOWYNDTMuWBWa0tJb4rgq1UvmutpaYEbZlwU3CLJm/ayYjHW5/h7xWLn9Hh1vepDkyf7dE7MtT5LR4e7yYpHrkhOUpEfssBLq2pPhAqoSWKUkk7EDqkmK6RrCEzqDjhNDWNE+XSMvkJRDWlZTmCW0l0PHQGRZY5t1L83kT0Y3l2SItk5JAWHl2dCOBm+fPu3fo5/3v61RMCO9Jx2EEYYhb0rmNQMX/vm7gqOEJLcXTGw3CAuRNeyaPWwjR8PRqKQ1PDA/dpv+on9Shox52WFnx0KY8onHayrJzm87i5h9xGw/tfkev0jGsQizqezUKjk12hBMKJ4kbCqGPVNXudyyrShovGw5CgxsRICxF6aRmSjlBnHRzg7Gx8fKqEubI2rahQYdR1YgDIRQO7JvQyD52hoIQx0mxa0ODtW2Iozn1le2iIRdzwWewedyZzewidueOGqlsn1MvcnQpuVwLGG3/IR1hIKxCjelIDZ8ldqWz25jWAsnldEnK0Zxro19TGVb2ffIZEsIO89EIEDvKMPrzmBOQcKQ+rroye6NgRRxqR4U8EAkz0CL6uSGOm6KQCdWjvjRiSP1BPalCRS5iQYiEIvxuBMJEWgzSoHADcVMuN7IuqqTeyUPq22qFimFtxDyBBJEwNyt6TM88blFHao/6tWWhuuOM4SAK4EI4QmFHA+SEyWlp4EQoJ13cYGzMu7yszEIBOm2rVmHUNqwAIQabISNMRstmdhNWcFLsSm+0tjJH1MdRxO5Nx0WDMhCtgD6OKgZeljJqJKc9po8juskR9XN0Y1lZ3mWjLR9JCO1jRDMd0fpYC2VnvjBSEFg7wBENc0R9HFlb0xvF1+TBEpF68d+DHR6IOWVv2BECtxo46hOFUBd/APU57WIoEwJhIi2CdpyZX0m93BZicktMj1AS9dClteUFAUNUIEygRZCtik5zSxI9MubTBH1GOiHsiLJ3OCoSZkILa9PxiN0EbvhsAo8tdAf9Seepd36lGWHmtNANTv5Jd0z4QYyeo/UEJqxKRpg5LZx6btLPsOaEmdMyxYdlc8LMaJnikDlhclqmPiQnTEpLUIZEwkRagjYkEibQErwhkTAKCLQEbUgkzJQWc/0PstHHcfEdQ+UAAAAASUVORK5CYII=);background-size:26px 26px}.leaflet-touch .leaflet-control-layers-toggle{width:44px;height:44px}.leaflet-control-layers .leaflet-control-layers-list,.leaflet-control-layers-expanded .leaflet-control-layers-toggle{display:none}.leaflet-control-layers-expanded .leaflet-control-layers-list{display:block;position:relative}.leaflet-control-layers-expanded{padding:6px 10px 6px 6px;color:#333;background:#fff}.leaflet-control-layers-scrollbar{overflow-y:scroll;overflow-x:hidden;padding-right:5px}.leaflet-control-layers-selector{margin-top:2px;position:relative;top:1px}.leaflet-control-layers label{display:block;font-size:13px;font-size:1.08333em}.leaflet-control-layers-separator{height:0;border-top:1px solid #ddd;margin:5px -10px 5px -6px}.leaflet-default-icon-path{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAApCAYAAADAk4LOAAAFgUlEQVR4Aa1XA5BjWRTN2oW17d3YaZtr2962HUzbDNpjszW24mRt28p47v7zq/bXZtrp/lWnXr337j3nPCe85NcypgSFdugCpW5YoDAMRaIMqRi6aKq5E3YqDQO3qAwjVWrD8Ncq/RBpykd8oZUb/kaJutow8r1aP9II0WmLKLIsJyv1w/kqw9Ch2MYdB++12Onxee/QMwvf4/Dk/Lfp/i4nxTXtOoQ4pW5Aj7wpici1A9erdAN2OH64x8OSP9j3Ft3b7aWkTg/Fm91siTra0f9on5sQr9INejH6CUUUpavjFNq1B+Oadhxmnfa8RfEmN8VNAsQhPqF55xHkMzz3jSmChWU6f7/XZKNH+9+hBLOHYozuKQPxyMPUKkrX/K0uWnfFaJGS1QPRtZsOPtr3NsW0uyh6NNCOkU3Yz+bXbT3I8G3xE5EXLXtCXbbqwCO9zPQYPRTZ5vIDXD7U+w7rFDEoUUf7ibHIR4y6bLVPXrz8JVZEql13trxwue/uDivd3fkWRbS6/IA2bID4uk0UpF1N8qLlbBlXs4Ee7HLTfV1j54APvODnSfOWBqtKVvjgLKzF5YdEk5ewRkGlK0i33Eofffc7HT56jD7/6U+qH3Cx7SBLNntH5YIPvODnyfIXZYRVDPqgHtLs5ABHD3YzLuespb7t79FY34DjMwrVrcTuwlT55YMPvOBnRrJ4VXTdNnYug5ucHLBjEpt30701A3Ts+HEa73u6dT3FNWwflY86eMHPk+Yu+i6pzUpRrW7SNDg5JHR4KapmM5Wv2E8Tfcb1HoqqHMHU+uWDD7zg54mz5/2BSnizi9T1Dg4QQXLToGNCkb6tb1NU+QAlGr1++eADrzhn/u8Q2YZhQVlZ5+CAOtqfbhmaUCS1ezNFVm2imDbPmPng5wmz+gwh+oHDce0eUtQ6OGDIyR0uUhUsoO3vfDmmgOezH0mZN59x7MBi++WDL1g/eEiU3avlidO671bkLfwbw5XV2P8Pzo0ydy4t2/0eu33xYSOMOD8hTf4CrBtGMSoXfPLchX+J0ruSePw3LZeK0juPJbYzrhkH0io7B3k164hiGvawhOKMLkrQLyVpZg8rHFW7E2uHOL888IBPlNZ1FPzstSJM694fWr6RwpvcJK60+0HCILTBzZLFNdtAzJaohze60T8qBzyh5ZuOg5e7uwQppofEmf2++DYvmySqGBuKaicF1blQjhuHdvCIMvp8whTTfZzI7RldpwtSzL+F1+wkdZ2TBOW2gIF88PBTzD/gpeREAMEbxnJcaJHNHrpzji0gQCS6hdkEeYt9DF/2qPcEC8RM28Hwmr3sdNyht00byAut2k3gufWNtgtOEOFGUwcXWNDbdNbpgBGxEvKkOQsxivJx33iow0Vw5S6SVTrpVq11ysA2Rp7gTfPfktc6zhtXBBC+adRLshf6sG2RfHPZ5EAc4sVZ83yCN00Fk/4kggu40ZTvIEm5g24qtU4KjBrx/BTTH8ifVASAG7gKrnWxJDcU7x8X6Ecczhm3o6YicvsLXWfh3Ch1W0k8x0nXF+0fFxgt4phz8QvypiwCCFKMqXCnqXExjq10beH+UUA7+nG6mdG/Pu0f3LgFcGrl2s0kNNjpmoJ9o4B29CMO8dMT4Q5ox8uitF6fqsrJOr8qnwNbRzv6hSnG5wP+64C7h9lp30hKNtKdWjtdkbuPA19nJ7Tz3zR/ibgARbhb4AlhavcBebmTHcFl2fvYEnW0ox9xMxKBS8btJ+KiEbq9zA4RthQXDhPa0T9TEe69gWupwc6uBUphquXgf+/FrIjweHQS4/pduMe5ERUMHUd9xv8ZR98CxkS4F2n3EUrUZ10EYNw7BWm9x1GiPssi3GgiGRDKWRYZfXlON+dfNbM+GgIwYdwAAAAASUVORK5CYII=)}.leaflet-container .leaflet-control-attribution{background:#fff;background:#fffc;margin:0}.leaflet-control-attribution,.leaflet-control-scale-line{padding:0 5px;color:#333;line-height:1.4}.leaflet-control-attribution a{text-decoration:none}.leaflet-control-attribution a:hover,.leaflet-control-attribution a:focus{text-decoration:underline}.leaflet-attribution-flag{display:inline!important;vertical-align:baseline!important;width:1em;height:.6669em}.leaflet-left .leaflet-control-scale{margin-left:5px}.leaflet-bottom .leaflet-control-scale{margin-bottom:5px}.leaflet-control-scale-line{border:2px solid #777;border-top:none;line-height:1.1;padding:2px 5px 1px;white-space:nowrap;-moz-box-sizing:border-box;box-sizing:border-box;background:#fffc;text-shadow:1px 1px #fff}.leaflet-control-scale-line:not(:first-child){border-top:2px solid #777;border-bottom:none;margin-top:-2px}.leaflet-control-scale-line:not(:first-child):not(:last-child){border-bottom:2px solid #777}.leaflet-touch .leaflet-control-attribution,.leaflet-touch .leaflet-control-layers,.leaflet-touch .leaflet-bar{box-shadow:none}.leaflet-touch .leaflet-control-layers,.leaflet-touch .leaflet-bar{border:2px solid rgba(0,0,0,.2);background-clip:padding-box}.leaflet-popup{position:absolute;text-align:center;margin-bottom:20px}.leaflet-popup-content-wrapper{padding:1px;text-align:left;border-radius:12px}.leaflet-popup-content{margin:13px 24px 13px 20px;line-height:1.3;font-size:13px;font-size:1.08333em;min-height:1px}.leaflet-popup-content p{margin:1.3em 0}.leaflet-popup-tip-container{width:40px;height:20px;position:absolute;left:50%;margin-top:-1px;margin-left:-20px;overflow:hidden;pointer-events:none}.leaflet-popup-tip{width:17px;height:17px;padding:1px;margin:-10px auto 0;pointer-events:auto;-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg)}.leaflet-popup-content-wrapper,.leaflet-popup-tip{background:#fff;color:#333;box-shadow:0 3px 14px #0006}.leaflet-container a.leaflet-popup-close-button{position:absolute;top:0;right:0;border:none;text-align:center;width:24px;height:24px;font:16px/24px Tahoma,Verdana,sans-serif;color:#757575;text-decoration:none;background:transparent}.leaflet-container a.leaflet-popup-close-button:hover,.leaflet-container a.leaflet-popup-close-button:focus{color:#585858}.leaflet-popup-scrolled{overflow:auto}.leaflet-oldie .leaflet-popup-content-wrapper{-ms-zoom:1}.leaflet-oldie .leaflet-popup-tip{width:24px;margin:0 auto;-ms-filter:"progid:DXImageTransform.Microsoft.Matrix(M11=0.70710678, M12=0.70710678, M21=-0.70710678, M22=0.70710678)";filter:progid:DXImageTransform.Microsoft.Matrix(M11=.70710678,M12=.70710678,M21=-.70710678,M22=.70710678)}.leaflet-oldie .leaflet-control-zoom,.leaflet-oldie .leaflet-control-layers,.leaflet-oldie .leaflet-popup-content-wrapper,.leaflet-oldie .leaflet-popup-tip{border:1px solid #999}.leaflet-div-icon{background:#fff;border:1px solid #666}.leaflet-tooltip{position:absolute;padding:6px;background-color:#fff;border:1px solid #fff;border-radius:3px;color:#222;white-space:nowrap;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;pointer-events:none;box-shadow:0 1px 3px #0006}.leaflet-tooltip.leaflet-interactive{cursor:pointer;pointer-events:auto}.leaflet-tooltip-top:before,.leaflet-tooltip-bottom:before,.leaflet-tooltip-left:before,.leaflet-tooltip-right:before{position:absolute;pointer-events:none;border:6px solid transparent;background:transparent;content:""}.leaflet-tooltip-bottom{margin-top:6px}.leaflet-tooltip-top{margin-top:-6px}.leaflet-tooltip-bottom:before,.leaflet-tooltip-top:before{left:50%;margin-left:-6px}.leaflet-tooltip-top:before{bottom:0;margin-bottom:-12px;border-top-color:#fff}.leaflet-tooltip-bottom:before{top:0;margin-top:-12px;margin-left:-6px;border-bottom-color:#fff}.leaflet-tooltip-left{margin-left:-6px}.leaflet-tooltip-right{margin-left:6px}.leaflet-tooltip-left:before,.leaflet-tooltip-right:before{top:50%;margin-top:-6px}.leaflet-tooltip-left:before{right:0;margin-right:-12px;border-left-color:#fff}.leaflet-tooltip-right:before{left:0;margin-left:-12px;border-right-color:#fff}@media print{.leaflet-control{-webkit-print-color-adjust:exact;print-color-adjust:exact}}.map-wrapper.svelte-14gvave.svelte-14gvave{position:relative;display:block;height:100%;width:100%}.map-box.svelte-14gvave.svelte-14gvave{z-index:1;height:100%;width:100%}.map-search.svelte-14gvave.svelte-14gvave{position:absolute;z-index:2;top:10px;width:70%;max-width:400px;margin-left:15%;height:auto}.map-search.svelte-14gvave input.svelte-14gvave{opacity:.7;background:var(--baseColor);border:0;box-shadow:0 0 3px 0 var(--shadowColor);transition:opacity var(--baseAnimationSpeed)}.map-search.svelte-14gvave .dropdown.svelte-14gvave{max-height:150px;border:0;box-shadow:0 0 3px 0 var(--shadowColor)}.map-search.svelte-14gvave:focus-within input.svelte-14gvave{opacity:1} diff --git a/ui/dist/assets/Leaflet-Dlp_i0kf.js b/ui/dist/assets/Leaflet-Dlp_i0kf.js new file mode 100644 index 0000000..91c2414 --- /dev/null +++ b/ui/dist/assets/Leaflet-Dlp_i0kf.js @@ -0,0 +1,4 @@ +import{a2 as ss,a3 as rs,S as as,i as hs,s as us,H as Ee,h as ae,z as Cn,w as Y,l as he,n as gt,o as _i,u as vt,v as Ae,Q as ls,X as kn,Y as cs,y as fs,j as ds,I as _s,E as ms,a4 as ps,A as gs}from"./index-BH0nlDnw.js";var di={exports:{}};/* @preserve + * Leaflet 1.9.4, a JS library for interactive maps. https://leafletjs.com + * (c) 2010-2023 Vladimir Agafonkin, (c) 2010-2011 CloudMade + */(function(C,g){(function(u,v){v(g)})(rs,function(u){var v="1.9.4";function c(t){var e,i,n,o;for(i=1,n=arguments.length;i"u"||!L||!L.Mixin)){t=J(t)?t:[t];for(var e=0;e0?Math.floor(t):Math.ceil(t)};w.prototype={clone:function(){return new w(this.x,this.y)},add:function(t){return this.clone()._add(y(t))},_add:function(t){return this.x+=t.x,this.y+=t.y,this},subtract:function(t){return this.clone()._subtract(y(t))},_subtract:function(t){return this.x-=t.x,this.y-=t.y,this},divideBy:function(t){return this.clone()._divideBy(t)},_divideBy:function(t){return this.x/=t,this.y/=t,this},multiplyBy:function(t){return this.clone()._multiplyBy(t)},_multiplyBy:function(t){return this.x*=t,this.y*=t,this},scaleBy:function(t){return new w(this.x*t.x,this.y*t.y)},unscaleBy:function(t){return new w(this.x/t.x,this.y/t.y)},round:function(){return this.clone()._round()},_round:function(){return this.x=Math.round(this.x),this.y=Math.round(this.y),this},floor:function(){return this.clone()._floor()},_floor:function(){return this.x=Math.floor(this.x),this.y=Math.floor(this.y),this},ceil:function(){return this.clone()._ceil()},_ceil:function(){return this.x=Math.ceil(this.x),this.y=Math.ceil(this.y),this},trunc:function(){return this.clone()._trunc()},_trunc:function(){return this.x=mi(this.x),this.y=mi(this.y),this},distanceTo:function(t){t=y(t);var e=t.x-this.x,i=t.y-this.y;return Math.sqrt(e*e+i*i)},equals:function(t){return t=y(t),t.x===this.x&&t.y===this.y},contains:function(t){return t=y(t),Math.abs(t.x)<=Math.abs(this.x)&&Math.abs(t.y)<=Math.abs(this.y)},toString:function(){return"Point("+H(this.x)+", "+H(this.y)+")"}};function y(t,e,i){return t instanceof w?t:J(t)?new w(t[0],t[1]):t==null?t:typeof t=="object"&&"x"in t&&"y"in t?new w(t.x,t.y):new w(t,e,i)}function R(t,e){if(t)for(var i=e?[t,e]:t,n=0,o=i.length;n=this.min.x&&i.x<=this.max.x&&e.y>=this.min.y&&i.y<=this.max.y},intersects:function(t){t=tt(t);var e=this.min,i=this.max,n=t.min,o=t.max,s=o.x>=e.x&&n.x<=i.x,r=o.y>=e.y&&n.y<=i.y;return s&&r},overlaps:function(t){t=tt(t);var e=this.min,i=this.max,n=t.min,o=t.max,s=o.x>e.x&&n.xe.y&&n.y=e.lat&&o.lat<=i.lat&&n.lng>=e.lng&&o.lng<=i.lng},intersects:function(t){t=W(t);var e=this._southWest,i=this._northEast,n=t.getSouthWest(),o=t.getNorthEast(),s=o.lat>=e.lat&&n.lat<=i.lat,r=o.lng>=e.lng&&n.lng<=i.lng;return s&&r},overlaps:function(t){t=W(t);var e=this._southWest,i=this._northEast,n=t.getSouthWest(),o=t.getNorthEast(),s=o.lat>e.lat&&n.late.lng&&n.lng1,Kn=function(){var t=!1;try{var e=Object.defineProperty({},"passive",{get:function(){t=!0}});window.addEventListener("testPassiveEventSupport",A,e),window.removeEventListener("testPassiveEventSupport",A,e)}catch{}return t}(),jn=function(){return!!document.createElement("canvas").getContext}(),He=!!(document.createElementNS&&gi("svg").createSVGRect),Jn=!!He&&function(){var t=document.createElement("div");return t.innerHTML="",(t.firstChild&&t.firstChild.namespaceURI)==="http://www.w3.org/2000/svg"}(),Yn=!He&&function(){try{var t=document.createElement("div");t.innerHTML='';var e=t.firstChild;return e.style.behavior="url(#default#VML)",e&&typeof e.adj=="object"}catch{return!1}}(),Xn=navigator.platform.indexOf("Mac")===0,Qn=navigator.platform.indexOf("Linux")===0;function dt(t){return navigator.userAgent.toLowerCase().indexOf(t)>=0}var d={ie:ce,ielt9:Bn,edge:yi,webkit:Ne,android:wi,android23:xi,androidStock:Nn,opera:Re,chrome:Pi,gecko:Li,safari:Rn,phantom:bi,opera12:Ti,win:Dn,ie3d:Mi,webkit3d:De,gecko3d:Ci,any3d:Hn,mobile:jt,mobileWebkit:Fn,mobileWebkit3d:Wn,msPointer:ki,pointer:Si,touch:Un,touchNative:zi,mobileOpera:Vn,mobileGecko:qn,retina:Gn,passiveEvents:Kn,canvas:jn,svg:He,vml:Yn,inlineSvg:Jn,mac:Xn,linux:Qn},Ai=d.msPointer?"MSPointerDown":"pointerdown",Ei=d.msPointer?"MSPointerMove":"pointermove",Oi=d.msPointer?"MSPointerUp":"pointerup",Zi=d.msPointer?"MSPointerCancel":"pointercancel",Fe={touchstart:Ai,touchmove:Ei,touchend:Oi,touchcancel:Zi},Bi={touchstart:oo,touchmove:fe,touchend:fe,touchcancel:fe},Bt={},Ii=!1;function $n(t,e,i){return e==="touchstart"&&no(),Bi[e]?(i=Bi[e].bind(this,i),t.addEventListener(Fe[e],i,!1),i):(console.warn("wrong event specified:",e),A)}function to(t,e,i){if(!Fe[e]){console.warn("wrong event specified:",e);return}t.removeEventListener(Fe[e],i,!1)}function eo(t){Bt[t.pointerId]=t}function io(t){Bt[t.pointerId]&&(Bt[t.pointerId]=t)}function Ni(t){delete Bt[t.pointerId]}function no(){Ii||(document.addEventListener(Ai,eo,!0),document.addEventListener(Ei,io,!0),document.addEventListener(Oi,Ni,!0),document.addEventListener(Zi,Ni,!0),Ii=!0)}function fe(t,e){if(e.pointerType!==(e.MSPOINTER_TYPE_MOUSE||"mouse")){e.touches=[];for(var i in Bt)e.touches.push(Bt[i]);e.changedTouches=[e],t(e)}}function oo(t,e){e.MSPOINTER_TYPE_TOUCH&&e.pointerType===e.MSPOINTER_TYPE_TOUCH&&j(e),fe(t,e)}function so(t){var e={},i,n;for(n in t)i=t[n],e[n]=i&&i.bind?i.bind(t):i;return t=e,e.type="dblclick",e.detail=2,e.isTrusted=!1,e._simulated=!0,e}var ro=200;function ao(t,e){t.addEventListener("dblclick",e);var i=0,n;function o(s){if(s.detail!==1){n=s.detail;return}if(!(s.pointerType==="mouse"||s.sourceCapabilities&&!s.sourceCapabilities.firesTouchEvents)){var r=Wi(s);if(!(r.some(function(h){return h instanceof HTMLLabelElement&&h.attributes.for})&&!r.some(function(h){return h instanceof HTMLInputElement||h instanceof HTMLSelectElement}))){var a=Date.now();a-i<=ro?(n++,n===2&&e(so(s))):n=1,i=a}}}return t.addEventListener("click",o),{dblclick:e,simDblclick:o}}function ho(t,e){t.removeEventListener("dblclick",e.dblclick),t.removeEventListener("click",e.simDblclick)}var We=me(["transform","webkitTransform","OTransform","MozTransform","msTransform"]),Jt=me(["webkitTransition","transition","OTransition","MozTransition","msTransition"]),Ri=Jt==="webkitTransition"||Jt==="OTransition"?Jt+"End":"transitionend";function Di(t){return typeof t=="string"?document.getElementById(t):t}function Yt(t,e){var i=t.style[e]||t.currentStyle&&t.currentStyle[e];if((!i||i==="auto")&&document.defaultView){var n=document.defaultView.getComputedStyle(t,null);i=n?n[e]:null}return i==="auto"?null:i}function z(t,e,i){var n=document.createElement(t);return n.className=e||"",i&&i.appendChild(n),n}function D(t){var e=t.parentNode;e&&e.removeChild(t)}function de(t){for(;t.firstChild;)t.removeChild(t.firstChild)}function It(t){var e=t.parentNode;e&&e.lastChild!==t&&e.appendChild(t)}function Nt(t){var e=t.parentNode;e&&e.firstChild!==t&&e.insertBefore(t,e.firstChild)}function Ue(t,e){if(t.classList!==void 0)return t.classList.contains(e);var i=_e(t);return i.length>0&&new RegExp("(^|\\s)"+e+"(\\s|$)").test(i)}function T(t,e){if(t.classList!==void 0)for(var i=Z(e),n=0,o=i.length;n0?2*window.devicePixelRatio:1;function Vi(t){return d.edge?t.wheelDeltaY/2:t.deltaY&&t.deltaMode===0?-t.deltaY/co:t.deltaY&&t.deltaMode===1?-t.deltaY*20:t.deltaY&&t.deltaMode===2?-t.deltaY*60:t.deltaX||t.deltaZ?0:t.wheelDelta?(t.wheelDeltaY||t.wheelDelta)/2:t.detail&&Math.abs(t.detail)<32765?-t.detail*20:t.detail?t.detail/-32765*60:0}function ei(t,e){var i=e.relatedTarget;if(!i)return!0;try{for(;i&&i!==t;)i=i.parentNode}catch{return!1}return i!==t}var fo={__proto__:null,on:x,off:O,stopPropagation:zt,disableScrollPropagation:ti,disableClickPropagation:te,preventDefault:j,stop:At,getPropagationPath:Wi,getMousePosition:Ui,getWheelDelta:Vi,isExternalTarget:ei,addListener:x,removeListener:O},qi=Gt.extend({run:function(t,e,i,n){this.stop(),this._el=t,this._inProgress=!0,this._duration=i||.25,this._easeOutPower=1/Math.max(n||.5,.2),this._startPos=St(t),this._offset=e.subtract(this._startPos),this._startTime=+new Date,this.fire("start"),this._animate()},stop:function(){this._inProgress&&(this._step(!0),this._complete())},_animate:function(){this._animId=q(this._animate,this),this._step()},_step:function(t){var e=+new Date-this._startTime,i=this._duration*1e3;ethis.options.maxZoom)?this.setZoom(t):this},panInsideBounds:function(t,e){this._enforcingBounds=!0;var i=this.getCenter(),n=this._limitCenter(i,this._zoom,W(t));return i.equals(n)||this.panTo(n,e),this._enforcingBounds=!1,this},panInside:function(t,e){e=e||{};var i=y(e.paddingTopLeft||e.padding||[0,0]),n=y(e.paddingBottomRight||e.padding||[0,0]),o=this.project(this.getCenter()),s=this.project(t),r=this.getPixelBounds(),a=tt([r.min.add(i),r.max.subtract(n)]),h=a.getSize();if(!a.contains(s)){this._enforcingBounds=!0;var l=s.subtract(a.getCenter()),f=a.extend(s).getSize().subtract(h);o.x+=l.x<0?-f.x:f.x,o.y+=l.y<0?-f.y:f.y,this.panTo(this.unproject(o),e),this._enforcingBounds=!1}return this},invalidateSize:function(t){if(!this._loaded)return this;t=c({animate:!1,pan:!0},t===!0?{animate:!0}:t);var e=this.getSize();this._sizeChanged=!0,this._lastCenter=null;var i=this.getSize(),n=e.divideBy(2).round(),o=i.divideBy(2).round(),s=n.subtract(o);return!s.x&&!s.y?this:(t.animate&&t.pan?this.panBy(s):(t.pan&&this._rawPanBy(s),this.fire("move"),t.debounceMoveend?(clearTimeout(this._sizeTimer),this._sizeTimer=setTimeout(_(this.fire,this,"moveend"),200)):this.fire("moveend")),this.fire("resize",{oldSize:e,newSize:i}))},stop:function(){return this.setZoom(this._limitZoom(this._zoom)),this.options.zoomSnap||this.fire("viewreset"),this._stop()},locate:function(t){if(t=this._locateOptions=c({timeout:1e4,watch:!1},t),!("geolocation"in navigator))return this._handleGeolocationError({code:0,message:"Geolocation not supported."}),this;var e=_(this._handleGeolocationResponse,this),i=_(this._handleGeolocationError,this);return t.watch?this._locationWatchId=navigator.geolocation.watchPosition(e,i,t):navigator.geolocation.getCurrentPosition(e,i,t),this},stopLocate:function(){return navigator.geolocation&&navigator.geolocation.clearWatch&&navigator.geolocation.clearWatch(this._locationWatchId),this._locateOptions&&(this._locateOptions.setView=!1),this},_handleGeolocationError:function(t){if(this._container._leaflet_id){var e=t.code,i=t.message||(e===1?"permission denied":e===2?"position unavailable":"timeout");this._locateOptions.setView&&!this._loaded&&this.fitWorld(),this.fire("locationerror",{code:e,message:"Geolocation error: "+i+"."})}},_handleGeolocationResponse:function(t){if(this._container._leaflet_id){var e=t.coords.latitude,i=t.coords.longitude,n=new E(e,i),o=n.toBounds(t.coords.accuracy*2),s=this._locateOptions;if(s.setView){var r=this.getBoundsZoom(o);this.setView(n,s.maxZoom?Math.min(r,s.maxZoom):r)}var a={latlng:n,bounds:o,timestamp:t.timestamp};for(var h in t.coords)typeof t.coords[h]=="number"&&(a[h]=t.coords[h]);this.fire("locationfound",a)}},addHandler:function(t,e){if(!e)return this;var i=this[t]=new e(this);return this._handlers.push(i),this.options[t]&&i.enable(),this},remove:function(){if(this._initEvents(!0),this.options.maxBounds&&this.off("moveend",this._panInsideMaxBounds),this._containerId!==this._container._leaflet_id)throw new Error("Map container is being reused by another instance");try{delete this._container._leaflet_id,delete this._containerId}catch{this._container._leaflet_id=void 0,this._containerId=void 0}this._locationWatchId!==void 0&&this.stopLocate(),this._stop(),D(this._mapPane),this._clearControlPos&&this._clearControlPos(),this._resizeRequest&&(at(this._resizeRequest),this._resizeRequest=null),this._clearHandlers(),this._loaded&&this.fire("unload");var t;for(t in this._layers)this._layers[t].remove();for(t in this._panes)D(this._panes[t]);return this._layers=[],this._panes=[],delete this._mapPane,delete this._renderer,this},createPane:function(t,e){var i="leaflet-pane"+(t?" leaflet-"+t.replace("Pane","")+"-pane":""),n=z("div",i,e||this._mapPane);return t&&(this._panes[t]=n),n},getCenter:function(){return this._checkIfLoaded(),this._lastCenter&&!this._moved()?this._lastCenter.clone():this.layerPointToLatLng(this._getCenterLayerPoint())},getZoom:function(){return this._zoom},getBounds:function(){var t=this.getPixelBounds(),e=this.unproject(t.getBottomLeft()),i=this.unproject(t.getTopRight());return new et(e,i)},getMinZoom:function(){return this.options.minZoom===void 0?this._layersMinZoom||0:this.options.minZoom},getMaxZoom:function(){return this.options.maxZoom===void 0?this._layersMaxZoom===void 0?1/0:this._layersMaxZoom:this.options.maxZoom},getBoundsZoom:function(t,e,i){t=W(t),i=y(i||[0,0]);var n=this.getZoom()||0,o=this.getMinZoom(),s=this.getMaxZoom(),r=t.getNorthWest(),a=t.getSouthEast(),h=this.getSize().subtract(i),l=tt(this.project(a,n),this.project(r,n)).getSize(),f=d.any3d?this.options.zoomSnap:1,p=h.x/l.x,M=h.y/l.y,Q=e?Math.max(p,M):Math.min(p,M);return n=this.getScaleZoom(Q,n),f&&(n=Math.round(n/(f/100))*(f/100),n=e?Math.ceil(n/f)*f:Math.floor(n/f)*f),Math.max(o,Math.min(s,n))},getSize:function(){return(!this._size||this._sizeChanged)&&(this._size=new w(this._container.clientWidth||0,this._container.clientHeight||0),this._sizeChanged=!1),this._size.clone()},getPixelBounds:function(t,e){var i=this._getTopLeftPoint(t,e);return new R(i,i.add(this.getSize()))},getPixelOrigin:function(){return this._checkIfLoaded(),this._pixelOrigin},getPixelWorldBounds:function(t){return this.options.crs.getProjectedBounds(t===void 0?this.getZoom():t)},getPane:function(t){return typeof t=="string"?this._panes[t]:t},getPanes:function(){return this._panes},getContainer:function(){return this._container},getZoomScale:function(t,e){var i=this.options.crs;return e=e===void 0?this._zoom:e,i.scale(t)/i.scale(e)},getScaleZoom:function(t,e){var i=this.options.crs;e=e===void 0?this._zoom:e;var n=i.zoom(t*i.scale(e));return isNaN(n)?1/0:n},project:function(t,e){return e=e===void 0?this._zoom:e,this.options.crs.latLngToPoint(k(t),e)},unproject:function(t,e){return e=e===void 0?this._zoom:e,this.options.crs.pointToLatLng(y(t),e)},layerPointToLatLng:function(t){var e=y(t).add(this.getPixelOrigin());return this.unproject(e)},latLngToLayerPoint:function(t){var e=this.project(k(t))._round();return e._subtract(this.getPixelOrigin())},wrapLatLng:function(t){return this.options.crs.wrapLatLng(k(t))},wrapLatLngBounds:function(t){return this.options.crs.wrapLatLngBounds(W(t))},distance:function(t,e){return this.options.crs.distance(k(t),k(e))},containerPointToLayerPoint:function(t){return y(t).subtract(this._getMapPanePos())},layerPointToContainerPoint:function(t){return y(t).add(this._getMapPanePos())},containerPointToLatLng:function(t){var e=this.containerPointToLayerPoint(y(t));return this.layerPointToLatLng(e)},latLngToContainerPoint:function(t){return this.layerPointToContainerPoint(this.latLngToLayerPoint(k(t)))},mouseEventToContainerPoint:function(t){return Ui(t,this._container)},mouseEventToLayerPoint:function(t){return this.containerPointToLayerPoint(this.mouseEventToContainerPoint(t))},mouseEventToLatLng:function(t){return this.layerPointToLatLng(this.mouseEventToLayerPoint(t))},_initContainer:function(t){var e=this._container=Di(t);if(e){if(e._leaflet_id)throw new Error("Map container is already initialized.")}else throw new Error("Map container not found.");x(e,"scroll",this._onScroll,this),this._containerId=m(e)},_initLayout:function(){var t=this._container;this._fadeAnimated=this.options.fadeAnimation&&d.any3d,T(t,"leaflet-container"+(d.touch?" leaflet-touch":"")+(d.retina?" leaflet-retina":"")+(d.ielt9?" leaflet-oldie":"")+(d.safari?" leaflet-safari":"")+(this._fadeAnimated?" leaflet-fade-anim":""));var e=Yt(t,"position");e!=="absolute"&&e!=="relative"&&e!=="fixed"&&e!=="sticky"&&(t.style.position="relative"),this._initPanes(),this._initControlPos&&this._initControlPos()},_initPanes:function(){var t=this._panes={};this._paneRenderers={},this._mapPane=this.createPane("mapPane",this._container),U(this._mapPane,new w(0,0)),this.createPane("tilePane"),this.createPane("overlayPane"),this.createPane("shadowPane"),this.createPane("markerPane"),this.createPane("tooltipPane"),this.createPane("popupPane"),this.options.markerZoomAnimation||(T(t.markerPane,"leaflet-zoom-hide"),T(t.shadowPane,"leaflet-zoom-hide"))},_resetView:function(t,e,i){U(this._mapPane,new w(0,0));var n=!this._loaded;this._loaded=!0,e=this._limitZoom(e),this.fire("viewprereset");var o=this._zoom!==e;this._moveStart(o,i)._move(t,e)._moveEnd(o),this.fire("viewreset"),n&&this.fire("load")},_moveStart:function(t,e){return t&&this.fire("zoomstart"),e||this.fire("movestart"),this},_move:function(t,e,i,n){e===void 0&&(e=this._zoom);var o=this._zoom!==e;return this._zoom=e,this._lastCenter=t,this._pixelOrigin=this._getNewPixelOrigin(t),n?i&&i.pinch&&this.fire("zoom",i):((o||i&&i.pinch)&&this.fire("zoom",i),this.fire("move",i)),this},_moveEnd:function(t){return t&&this.fire("zoomend"),this.fire("moveend")},_stop:function(){return at(this._flyToFrame),this._panAnim&&this._panAnim.stop(),this},_rawPanBy:function(t){U(this._mapPane,this._getMapPanePos().subtract(t))},_getZoomSpan:function(){return this.getMaxZoom()-this.getMinZoom()},_panInsideMaxBounds:function(){this._enforcingBounds||this.panInsideBounds(this.options.maxBounds)},_checkIfLoaded:function(){if(!this._loaded)throw new Error("Set map center and zoom first.")},_initEvents:function(t){this._targets={},this._targets[m(this._container)]=this;var e=t?O:x;e(this._container,"click dblclick mousedown mouseup mouseover mouseout mousemove contextmenu keypress keydown keyup",this._handleDOMEvent,this),this.options.trackResize&&e(window,"resize",this._onResize,this),d.any3d&&this.options.transform3DLimit&&(t?this.off:this.on).call(this,"moveend",this._onMoveEnd)},_onResize:function(){at(this._resizeRequest),this._resizeRequest=q(function(){this.invalidateSize({debounceMoveend:!0})},this)},_onScroll:function(){this._container.scrollTop=0,this._container.scrollLeft=0},_onMoveEnd:function(){var t=this._getMapPanePos();Math.max(Math.abs(t.x),Math.abs(t.y))>=this.options.transform3DLimit&&this._resetView(this.getCenter(),this.getZoom())},_findEventTargets:function(t,e){for(var i=[],n,o=e==="mouseout"||e==="mouseover",s=t.target||t.srcElement,r=!1;s;){if(n=this._targets[m(s)],n&&(e==="click"||e==="preclick")&&this._draggableMoved(n)){r=!0;break}if(n&&n.listens(e,!0)&&(o&&!ei(s,t)||(i.push(n),o))||s===this._container)break;s=s.parentNode}return!i.length&&!r&&!o&&this.listens(e,!0)&&(i=[this]),i},_isClickDisabled:function(t){for(;t&&t!==this._container;){if(t._leaflet_disable_click)return!0;t=t.parentNode}},_handleDOMEvent:function(t){var e=t.target||t.srcElement;if(!(!this._loaded||e._leaflet_disable_events||t.type==="click"&&this._isClickDisabled(e))){var i=t.type;i==="mousedown"&&Je(e),this._fireDOMEvent(t,i)}},_mouseEvents:["click","dblclick","mouseover","mouseout","contextmenu"],_fireDOMEvent:function(t,e,i){if(t.type==="click"){var n=c({},t);n.type="preclick",this._fireDOMEvent(n,n.type,i)}var o=this._findEventTargets(t,e);if(i){for(var s=[],r=0;r0?Math.round(t-e)/2:Math.max(0,Math.ceil(t))-Math.max(0,Math.floor(e))},_limitZoom:function(t){var e=this.getMinZoom(),i=this.getMaxZoom(),n=d.any3d?this.options.zoomSnap:1;return n&&(t=Math.round(t/n)*n),Math.max(e,Math.min(i,t))},_onPanTransitionStep:function(){this.fire("move")},_onPanTransitionEnd:function(){F(this._mapPane,"leaflet-pan-anim"),this.fire("moveend")},_tryAnimatedPan:function(t,e){var i=this._getCenterOffset(t)._trunc();return(e&&e.animate)!==!0&&!this.getSize().contains(i)?!1:(this.panBy(i,e),!0)},_createAnimProxy:function(){var t=this._proxy=z("div","leaflet-proxy leaflet-zoom-animated");this._panes.mapPane.appendChild(t),this.on("zoomanim",function(e){var i=We,n=this._proxy.style[i];kt(this._proxy,this.project(e.center,e.zoom),this.getZoomScale(e.zoom,1)),n===this._proxy.style[i]&&this._animatingZoom&&this._onZoomTransitionEnd()},this),this.on("load moveend",this._animMoveEnd,this),this._on("unload",this._destroyAnimProxy,this)},_destroyAnimProxy:function(){D(this._proxy),this.off("load moveend",this._animMoveEnd,this),delete this._proxy},_animMoveEnd:function(){var t=this.getCenter(),e=this.getZoom();kt(this._proxy,this.project(t,e),this.getZoomScale(e,1))},_catchTransitionEnd:function(t){this._animatingZoom&&t.propertyName.indexOf("transform")>=0&&this._onZoomTransitionEnd()},_nothingToAnimate:function(){return!this._container.getElementsByClassName("leaflet-zoom-animated").length},_tryAnimatedZoom:function(t,e,i){if(this._animatingZoom)return!0;if(i=i||{},!this._zoomAnimated||i.animate===!1||this._nothingToAnimate()||Math.abs(e-this._zoom)>this.options.zoomAnimationThreshold)return!1;var n=this.getZoomScale(e),o=this._getCenterOffset(t)._divideBy(1-1/n);return i.animate!==!0&&!this.getSize().contains(o)?!1:(q(function(){this._moveStart(!0,i.noMoveStart||!1)._animateZoom(t,e,!0)},this),!0)},_animateZoom:function(t,e,i,n){this._mapPane&&(i&&(this._animatingZoom=!0,this._animateToCenter=t,this._animateToZoom=e,T(this._mapPane,"leaflet-zoom-anim")),this.fire("zoomanim",{center:t,zoom:e,noUpdate:n}),this._tempFireZoomEvent||(this._tempFireZoomEvent=this._zoom!==this._animateToZoom),this._move(this._animateToCenter,this._animateToZoom,void 0,!0),setTimeout(_(this._onZoomTransitionEnd,this),250))},_onZoomTransitionEnd:function(){this._animatingZoom&&(this._mapPane&&F(this._mapPane,"leaflet-zoom-anim"),this._animatingZoom=!1,this._move(this._animateToCenter,this._animateToZoom,void 0,!0),this._tempFireZoomEvent&&this.fire("zoom"),delete this._tempFireZoomEvent,this.fire("move"),this._moveEnd(!0))}});function _o(t,e){return new S(t,e)}var ct=yt.extend({options:{position:"topright"},initialize:function(t){b(this,t)},getPosition:function(){return this.options.position},setPosition:function(t){var e=this._map;return e&&e.removeControl(this),this.options.position=t,e&&e.addControl(this),this},getContainer:function(){return this._container},addTo:function(t){this.remove(),this._map=t;var e=this._container=this.onAdd(t),i=this.getPosition(),n=t._controlCorners[i];return T(e,"leaflet-control"),i.indexOf("bottom")!==-1?n.insertBefore(e,n.firstChild):n.appendChild(e),this._map.on("unload",this.remove,this),this},remove:function(){return this._map?(D(this._container),this.onRemove&&this.onRemove(this._map),this._map.off("unload",this.remove,this),this._map=null,this):this},_refocusOnMap:function(t){this._map&&t&&t.screenX>0&&t.screenY>0&&this._map.getContainer().focus()}}),ee=function(t){return new ct(t)};S.include({addControl:function(t){return t.addTo(this),this},removeControl:function(t){return t.remove(),this},_initControlPos:function(){var t=this._controlCorners={},e="leaflet-",i=this._controlContainer=z("div",e+"control-container",this._container);function n(o,s){var r=e+o+" "+e+s;t[o+s]=z("div",r,i)}n("top","left"),n("top","right"),n("bottom","left"),n("bottom","right")},_clearControlPos:function(){for(var t in this._controlCorners)D(this._controlCorners[t]);D(this._controlContainer),delete this._controlCorners,delete this._controlContainer}});var Gi=ct.extend({options:{collapsed:!0,position:"topright",autoZIndex:!0,hideSingleBase:!1,sortLayers:!1,sortFunction:function(t,e,i,n){return i1,this._baseLayersList.style.display=t?"":"none"),this._separator.style.display=e&&t?"":"none",this},_onLayerChange:function(t){this._handlingClick||this._update();var e=this._getLayer(m(t.target)),i=e.overlay?t.type==="add"?"overlayadd":"overlayremove":t.type==="add"?"baselayerchange":null;i&&this._map.fire(i,e)},_createRadioElement:function(t,e){var i='",n=document.createElement("div");return n.innerHTML=i,n.firstChild},_addItem:function(t){var e=document.createElement("label"),i=this._map.hasLayer(t.layer),n;t.overlay?(n=document.createElement("input"),n.type="checkbox",n.className="leaflet-control-layers-selector",n.defaultChecked=i):n=this._createRadioElement("leaflet-base-layers_"+m(this),i),this._layerControlInputs.push(n),n.layerId=m(t.layer),x(n,"click",this._onInputClick,this);var o=document.createElement("span");o.innerHTML=" "+t.name;var s=document.createElement("span");e.appendChild(s),s.appendChild(n),s.appendChild(o);var r=t.overlay?this._overlaysList:this._baseLayersList;return r.appendChild(e),this._checkDisabledLayers(),e},_onInputClick:function(){if(!this._preventClick){var t=this._layerControlInputs,e,i,n=[],o=[];this._handlingClick=!0;for(var s=t.length-1;s>=0;s--)e=t[s],i=this._getLayer(e.layerId).layer,e.checked?n.push(i):e.checked||o.push(i);for(s=0;s=0;o--)e=t[o],i=this._getLayer(e.layerId).layer,e.disabled=i.options.minZoom!==void 0&&ni.options.maxZoom},_expandIfNotCollapsed:function(){return this._map&&!this.options.collapsed&&this.expand(),this},_expandSafely:function(){var t=this._section;this._preventClick=!0,x(t,"click",j),this.expand();var e=this;setTimeout(function(){O(t,"click",j),e._preventClick=!1})}}),mo=function(t,e,i){return new Gi(t,e,i)},ii=ct.extend({options:{position:"topleft",zoomInText:'',zoomInTitle:"Zoom in",zoomOutText:'',zoomOutTitle:"Zoom out"},onAdd:function(t){var e="leaflet-control-zoom",i=z("div",e+" leaflet-bar"),n=this.options;return this._zoomInButton=this._createButton(n.zoomInText,n.zoomInTitle,e+"-in",i,this._zoomIn),this._zoomOutButton=this._createButton(n.zoomOutText,n.zoomOutTitle,e+"-out",i,this._zoomOut),this._updateDisabled(),t.on("zoomend zoomlevelschange",this._updateDisabled,this),i},onRemove:function(t){t.off("zoomend zoomlevelschange",this._updateDisabled,this)},disable:function(){return this._disabled=!0,this._updateDisabled(),this},enable:function(){return this._disabled=!1,this._updateDisabled(),this},_zoomIn:function(t){!this._disabled&&this._map._zoomthis._map.getMinZoom()&&this._map.zoomOut(this._map.options.zoomDelta*(t.shiftKey?3:1))},_createButton:function(t,e,i,n,o){var s=z("a",i,n);return s.innerHTML=t,s.href="#",s.title=e,s.setAttribute("role","button"),s.setAttribute("aria-label",e),te(s),x(s,"click",At),x(s,"click",o,this),x(s,"click",this._refocusOnMap,this),s},_updateDisabled:function(){var t=this._map,e="leaflet-disabled";F(this._zoomInButton,e),F(this._zoomOutButton,e),this._zoomInButton.setAttribute("aria-disabled","false"),this._zoomOutButton.setAttribute("aria-disabled","false"),(this._disabled||t._zoom===t.getMinZoom())&&(T(this._zoomOutButton,e),this._zoomOutButton.setAttribute("aria-disabled","true")),(this._disabled||t._zoom===t.getMaxZoom())&&(T(this._zoomInButton,e),this._zoomInButton.setAttribute("aria-disabled","true"))}});S.mergeOptions({zoomControl:!0}),S.addInitHook(function(){this.options.zoomControl&&(this.zoomControl=new ii,this.addControl(this.zoomControl))});var po=function(t){return new ii(t)},Ki=ct.extend({options:{position:"bottomleft",maxWidth:100,metric:!0,imperial:!0},onAdd:function(t){var e="leaflet-control-scale",i=z("div",e),n=this.options;return this._addScales(n,e+"-line",i),t.on(n.updateWhenIdle?"moveend":"move",this._update,this),t.whenReady(this._update,this),i},onRemove:function(t){t.off(this.options.updateWhenIdle?"moveend":"move",this._update,this)},_addScales:function(t,e,i){t.metric&&(this._mScale=z("div",e,i)),t.imperial&&(this._iScale=z("div",e,i))},_update:function(){var t=this._map,e=t.getSize().y/2,i=t.distance(t.containerPointToLatLng([0,e]),t.containerPointToLatLng([this.options.maxWidth,e]));this._updateScales(i)},_updateScales:function(t){this.options.metric&&t&&this._updateMetric(t),this.options.imperial&&t&&this._updateImperial(t)},_updateMetric:function(t){var e=this._getRoundNum(t),i=e<1e3?e+" m":e/1e3+" km";this._updateScale(this._mScale,i,e/t)},_updateImperial:function(t){var e=t*3.2808399,i,n,o;e>5280?(i=e/5280,n=this._getRoundNum(i),this._updateScale(this._iScale,n+" mi",n/i)):(o=this._getRoundNum(e),this._updateScale(this._iScale,o+" ft",o/e))},_updateScale:function(t,e,i){t.style.width=Math.round(this.options.maxWidth*i)+"px",t.innerHTML=e},_getRoundNum:function(t){var e=Math.pow(10,(Math.floor(t)+"").length-1),i=t/e;return i=i>=10?10:i>=5?5:i>=3?3:i>=2?2:1,e*i}}),go=function(t){return new Ki(t)},vo='',ni=ct.extend({options:{position:"bottomright",prefix:''+(d.inlineSvg?vo+" ":"")+"Leaflet"},initialize:function(t){b(this,t),this._attributions={}},onAdd:function(t){t.attributionControl=this,this._container=z("div","leaflet-control-attribution"),te(this._container);for(var e in t._layers)t._layers[e].getAttribution&&this.addAttribution(t._layers[e].getAttribution());return this._update(),t.on("layeradd",this._addAttribution,this),this._container},onRemove:function(t){t.off("layeradd",this._addAttribution,this)},_addAttribution:function(t){t.layer.getAttribution&&(this.addAttribution(t.layer.getAttribution()),t.layer.once("remove",function(){this.removeAttribution(t.layer.getAttribution())},this))},setPrefix:function(t){return this.options.prefix=t,this._update(),this},addAttribution:function(t){return t?(this._attributions[t]||(this._attributions[t]=0),this._attributions[t]++,this._update(),this):this},removeAttribution:function(t){return t?(this._attributions[t]&&(this._attributions[t]--,this._update()),this):this},_update:function(){if(this._map){var t=[];for(var e in this._attributions)this._attributions[e]&&t.push(e);var i=[];this.options.prefix&&i.push(this.options.prefix),t.length&&i.push(t.join(", ")),this._container.innerHTML=i.join(' ')}}});S.mergeOptions({attributionControl:!0}),S.addInitHook(function(){this.options.attributionControl&&new ni().addTo(this)});var yo=function(t){return new ni(t)};ct.Layers=Gi,ct.Zoom=ii,ct.Scale=Ki,ct.Attribution=ni,ee.layers=mo,ee.zoom=po,ee.scale=go,ee.attribution=yo;var mt=yt.extend({initialize:function(t){this._map=t},enable:function(){return this._enabled?this:(this._enabled=!0,this.addHooks(),this)},disable:function(){return this._enabled?(this._enabled=!1,this.removeHooks(),this):this},enabled:function(){return!!this._enabled}});mt.addTo=function(t,e){return t.addHandler(e,this),this};var wo={Events:rt},ji=d.touch?"touchstart mousedown":"mousedown",Mt=Gt.extend({options:{clickTolerance:3},initialize:function(t,e,i,n){b(this,n),this._element=t,this._dragStartTarget=e||t,this._preventOutline=i},enable:function(){this._enabled||(x(this._dragStartTarget,ji,this._onDown,this),this._enabled=!0)},disable:function(){this._enabled&&(Mt._dragging===this&&this.finishDrag(!0),O(this._dragStartTarget,ji,this._onDown,this),this._enabled=!1,this._moved=!1)},_onDown:function(t){if(this._enabled&&(this._moved=!1,!Ue(this._element,"leaflet-zoom-anim"))){if(t.touches&&t.touches.length!==1){Mt._dragging===this&&this.finishDrag();return}if(!(Mt._dragging||t.shiftKey||t.which!==1&&t.button!==1&&!t.touches)&&(Mt._dragging=this,this._preventOutline&&Je(this._element),Ge(),Xt(),!this._moving)){this.fire("down");var e=t.touches?t.touches[0]:t,i=Hi(this._element);this._startPoint=new w(e.clientX,e.clientY),this._startPos=St(this._element),this._parentScale=Ye(i);var n=t.type==="mousedown";x(document,n?"mousemove":"touchmove",this._onMove,this),x(document,n?"mouseup":"touchend touchcancel",this._onUp,this)}}},_onMove:function(t){if(this._enabled){if(t.touches&&t.touches.length>1){this._moved=!0;return}var e=t.touches&&t.touches.length===1?t.touches[0]:t,i=new w(e.clientX,e.clientY)._subtract(this._startPoint);!i.x&&!i.y||Math.abs(i.x)+Math.abs(i.y)s&&(r=a,s=h);s>i&&(e[r]=1,si(t,e,i,n,r),si(t,e,i,r,o))}function bo(t,e){for(var i=[t[0]],n=1,o=0,s=t.length;ne&&(i.push(t[n]),o=n);return oe.max.x&&(i|=2),t.ye.max.y&&(i|=8),i}function To(t,e){var i=e.x-t.x,n=e.y-t.y;return i*i+n*n}function ie(t,e,i,n){var o=e.x,s=e.y,r=i.x-o,a=i.y-s,h=r*r+a*a,l;return h>0&&(l=((t.x-o)*r+(t.y-s)*a)/h,l>1?(o=i.x,s=i.y):l>0&&(o+=r*l,s+=a*l)),r=t.x-o,a=t.y-s,n?r*r+a*a:new w(o,s)}function ut(t){return!J(t[0])||typeof t[0][0]!="object"&&typeof t[0][0]<"u"}function en(t){return console.warn("Deprecated use of _flat, please use L.LineUtil.isFlat instead."),ut(t)}function nn(t,e){var i,n,o,s,r,a,h,l;if(!t||t.length===0)throw new Error("latlngs not passed");ut(t)||(console.warn("latlngs are not flat! Only the first ring will be used"),t=t[0]);var f=k([0,0]),p=W(t),M=p.getNorthWest().distanceTo(p.getSouthWest())*p.getNorthEast().distanceTo(p.getNorthWest());M<1700&&(f=oi(t));var Q=t.length,G=[];for(i=0;in){h=(s-n)/o,l=[a.x-h*(a.x-r.x),a.y-h*(a.y-r.y)];break}var it=e.unproject(y(l));return k([it.lat+f.lat,it.lng+f.lng])}var Mo={__proto__:null,simplify:Xi,pointToSegmentDistance:Qi,closestPointOnSegment:Po,clipSegment:tn,_getEdgeIntersection:ve,_getBitCode:Et,_sqClosestPointOnSegment:ie,isFlat:ut,_flat:en,polylineCenter:nn},ri={project:function(t){return new w(t.lng,t.lat)},unproject:function(t){return new E(t.y,t.x)},bounds:new R([-180,-90],[180,90])},ai={R:6378137,R_MINOR:6356752314245179e-9,bounds:new R([-2003750834279e-5,-1549657073972e-5],[2003750834279e-5,1876465623138e-5]),project:function(t){var e=Math.PI/180,i=this.R,n=t.lat*e,o=this.R_MINOR/i,s=Math.sqrt(1-o*o),r=s*Math.sin(n),a=Math.tan(Math.PI/4-n/2)/Math.pow((1-r)/(1+r),s/2);return n=-i*Math.log(Math.max(a,1e-10)),new w(t.lng*e*i,n)},unproject:function(t){for(var e=180/Math.PI,i=this.R,n=this.R_MINOR/i,o=Math.sqrt(1-n*n),s=Math.exp(-t.y/i),r=Math.PI/2-2*Math.atan(s),a=0,h=.1,l;a<15&&Math.abs(h)>1e-7;a++)l=o*Math.sin(r),l=Math.pow((1-l)/(1+l),o/2),h=Math.PI/2-2*Math.atan(s*l)-r,r+=h;return new E(r*e,t.x*e/i)}},Co={__proto__:null,LonLat:ri,Mercator:ai,SphericalMercator:Oe},ko=c({},Tt,{code:"EPSG:3395",projection:ai,transformation:function(){var t=.5/(Math.PI*ai.R);return Kt(t,.5,-t,.5)}()}),on=c({},Tt,{code:"EPSG:4326",projection:ri,transformation:Kt(1/180,1,-1/180,.5)}),So=c({},wt,{projection:ri,transformation:Kt(1,0,-1,0),scale:function(t){return Math.pow(2,t)},zoom:function(t){return Math.log(t)/Math.LN2},distance:function(t,e){var i=e.lng-t.lng,n=e.lat-t.lat;return Math.sqrt(i*i+n*n)},infinite:!0});wt.Earth=Tt,wt.EPSG3395=ko,wt.EPSG3857=Be,wt.EPSG900913=Zn,wt.EPSG4326=on,wt.Simple=So;var ft=Gt.extend({options:{pane:"overlayPane",attribution:null,bubblingMouseEvents:!0},addTo:function(t){return t.addLayer(this),this},remove:function(){return this.removeFrom(this._map||this._mapToAdd)},removeFrom:function(t){return t&&t.removeLayer(this),this},getPane:function(t){return this._map.getPane(t?this.options[t]||t:this.options.pane)},addInteractiveTarget:function(t){return this._map._targets[m(t)]=this,this},removeInteractiveTarget:function(t){return delete this._map._targets[m(t)],this},getAttribution:function(){return this.options.attribution},_layerAdd:function(t){var e=t.target;if(e.hasLayer(this)){if(this._map=e,this._zoomAnimated=e._zoomAnimated,this.getEvents){var i=this.getEvents();e.on(i,this),this.once("remove",function(){e.off(i,this)},this)}this.onAdd(e),this.fire("add"),e.fire("layeradd",{layer:this})}}});S.include({addLayer:function(t){if(!t._layerAdd)throw new Error("The provided object is not a Layer.");var e=m(t);return this._layers[e]?this:(this._layers[e]=t,t._mapToAdd=this,t.beforeAdd&&t.beforeAdd(this),this.whenReady(t._layerAdd,t),this)},removeLayer:function(t){var e=m(t);return this._layers[e]?(this._loaded&&t.onRemove(this),delete this._layers[e],this._loaded&&(this.fire("layerremove",{layer:t}),t.fire("remove")),t._map=t._mapToAdd=null,this):this},hasLayer:function(t){return m(t)in this._layers},eachLayer:function(t,e){for(var i in this._layers)t.call(e,this._layers[i]);return this},_addLayers:function(t){t=t?J(t)?t:[t]:[];for(var e=0,i=t.length;ethis._layersMaxZoom&&this.setZoom(this._layersMaxZoom),this.options.minZoom===void 0&&this._layersMinZoom&&this.getZoom()=2&&e[0]instanceof E&&e[0].equals(e[i-1])&&e.pop(),e},_setLatLngs:function(t){Pt.prototype._setLatLngs.call(this,t),ut(this._latlngs)&&(this._latlngs=[this._latlngs])},_defaultShape:function(){return ut(this._latlngs[0])?this._latlngs[0]:this._latlngs[0][0]},_clipPoints:function(){var t=this._renderer._bounds,e=this.options.weight,i=new w(e,e);if(t=new R(t.min.subtract(i),t.max.add(i)),this._parts=[],!(!this._pxBounds||!this._pxBounds.intersects(t))){if(this.options.noClip){this._parts=this._rings;return}for(var n=0,o=this._rings.length,s;nt.y!=o.y>t.y&&t.x<(o.x-n.x)*(t.y-n.y)/(o.y-n.y)+n.x&&(e=!e);return e||Pt.prototype._containsPoint.call(this,t,!0)}});function No(t,e){return new Ht(t,e)}var Lt=xt.extend({initialize:function(t,e){b(this,e),this._layers={},t&&this.addData(t)},addData:function(t){var e=J(t)?t:t.features,i,n,o;if(e){for(i=0,n=e.length;i0&&o.push(o[0].slice()),o}function Ft(t,e){return t.feature?c({},t.feature,{geometry:e}):be(e)}function be(t){return t.type==="Feature"||t.type==="FeatureCollection"?t:{type:"Feature",properties:{},geometry:t}}var ci={toGeoJSON:function(t){return Ft(this,{type:"Point",coordinates:li(this.getLatLng(),t)})}};ye.include(ci),hi.include(ci),we.include(ci),Pt.include({toGeoJSON:function(t){var e=!ut(this._latlngs),i=Le(this._latlngs,e?1:0,!1,t);return Ft(this,{type:(e?"Multi":"")+"LineString",coordinates:i})}}),Ht.include({toGeoJSON:function(t){var e=!ut(this._latlngs),i=e&&!ut(this._latlngs[0]),n=Le(this._latlngs,i?2:e?1:0,!0,t);return e||(n=[n]),Ft(this,{type:(i?"Multi":"")+"Polygon",coordinates:n})}}),Rt.include({toMultiPoint:function(t){var e=[];return this.eachLayer(function(i){e.push(i.toGeoJSON(t).geometry.coordinates)}),Ft(this,{type:"MultiPoint",coordinates:e})},toGeoJSON:function(t){var e=this.feature&&this.feature.geometry&&this.feature.geometry.type;if(e==="MultiPoint")return this.toMultiPoint(t);var i=e==="GeometryCollection",n=[];return this.eachLayer(function(o){if(o.toGeoJSON){var s=o.toGeoJSON(t);if(i)n.push(s.geometry);else{var r=be(s);r.type==="FeatureCollection"?n.push.apply(n,r.features):n.push(r)}}}),i?Ft(this,{geometries:n,type:"GeometryCollection"}):{type:"FeatureCollection",features:n}}});function an(t,e){return new Lt(t,e)}var Ro=an,Te=ft.extend({options:{opacity:1,alt:"",interactive:!1,crossOrigin:!1,errorOverlayUrl:"",zIndex:1,className:""},initialize:function(t,e,i){this._url=t,this._bounds=W(e),b(this,i)},onAdd:function(){this._image||(this._initImage(),this.options.opacity<1&&this._updateOpacity()),this.options.interactive&&(T(this._image,"leaflet-interactive"),this.addInteractiveTarget(this._image)),this.getPane().appendChild(this._image),this._reset()},onRemove:function(){D(this._image),this.options.interactive&&this.removeInteractiveTarget(this._image)},setOpacity:function(t){return this.options.opacity=t,this._image&&this._updateOpacity(),this},setStyle:function(t){return t.opacity&&this.setOpacity(t.opacity),this},bringToFront:function(){return this._map&&It(this._image),this},bringToBack:function(){return this._map&&Nt(this._image),this},setUrl:function(t){return this._url=t,this._image&&(this._image.src=t),this},setBounds:function(t){return this._bounds=W(t),this._map&&this._reset(),this},getEvents:function(){var t={zoom:this._reset,viewreset:this._reset};return this._zoomAnimated&&(t.zoomanim=this._animateZoom),t},setZIndex:function(t){return this.options.zIndex=t,this._updateZIndex(),this},getBounds:function(){return this._bounds},getElement:function(){return this._image},_initImage:function(){var t=this._url.tagName==="IMG",e=this._image=t?this._url:z("img");if(T(e,"leaflet-image-layer"),this._zoomAnimated&&T(e,"leaflet-zoom-animated"),this.options.className&&T(e,this.options.className),e.onselectstart=A,e.onmousemove=A,e.onload=_(this.fire,this,"load"),e.onerror=_(this._overlayOnError,this,"error"),(this.options.crossOrigin||this.options.crossOrigin==="")&&(e.crossOrigin=this.options.crossOrigin===!0?"":this.options.crossOrigin),this.options.zIndex&&this._updateZIndex(),t){this._url=e.src;return}e.src=this._url,e.alt=this.options.alt},_animateZoom:function(t){var e=this._map.getZoomScale(t.zoom),i=this._map._latLngBoundsToNewLayerBounds(this._bounds,t.zoom,t.center).min;kt(this._image,i,e)},_reset:function(){var t=this._image,e=new R(this._map.latLngToLayerPoint(this._bounds.getNorthWest()),this._map.latLngToLayerPoint(this._bounds.getSouthEast())),i=e.getSize();U(t,e.min),t.style.width=i.x+"px",t.style.height=i.y+"px"},_updateOpacity:function(){ht(this._image,this.options.opacity)},_updateZIndex:function(){this._image&&this.options.zIndex!==void 0&&this.options.zIndex!==null&&(this._image.style.zIndex=this.options.zIndex)},_overlayOnError:function(){this.fire("error");var t=this.options.errorOverlayUrl;t&&this._url!==t&&(this._url=t,this._image.src=t)},getCenter:function(){return this._bounds.getCenter()}}),Do=function(t,e,i){return new Te(t,e,i)},hn=Te.extend({options:{autoplay:!0,loop:!0,keepAspectRatio:!0,muted:!1,playsInline:!0},_initImage:function(){var t=this._url.tagName==="VIDEO",e=this._image=t?this._url:z("video");if(T(e,"leaflet-image-layer"),this._zoomAnimated&&T(e,"leaflet-zoom-animated"),this.options.className&&T(e,this.options.className),e.onselectstart=A,e.onmousemove=A,e.onloadeddata=_(this.fire,this,"load"),t){for(var i=e.getElementsByTagName("source"),n=[],o=0;o0?n:[e.src];return}J(this._url)||(this._url=[this._url]),!this.options.keepAspectRatio&&Object.prototype.hasOwnProperty.call(e.style,"objectFit")&&(e.style.objectFit="fill"),e.autoplay=!!this.options.autoplay,e.loop=!!this.options.loop,e.muted=!!this.options.muted,e.playsInline=!!this.options.playsInline;for(var s=0;so?(e.height=o+"px",T(t,s)):F(t,s),this._containerWidth=this._container.offsetWidth},_animateZoom:function(t){var e=this._map._latLngToNewLayerPoint(this._latlng,t.zoom,t.center),i=this._getAnchor();U(this._container,e.add(i))},_adjustPan:function(){if(this.options.autoPan){if(this._map._panAnim&&this._map._panAnim.stop(),this._autopanning){this._autopanning=!1;return}var t=this._map,e=parseInt(Yt(this._container,"marginBottom"),10)||0,i=this._container.offsetHeight+e,n=this._containerWidth,o=new w(this._containerLeft,-i-this._containerBottom);o._add(St(this._container));var s=t.layerPointToContainerPoint(o),r=y(this.options.autoPanPadding),a=y(this.options.autoPanPaddingTopLeft||r),h=y(this.options.autoPanPaddingBottomRight||r),l=t.getSize(),f=0,p=0;s.x+n+h.x>l.x&&(f=s.x+n-l.x+h.x),s.x-f-a.x<0&&(f=s.x-a.x),s.y+i+h.y>l.y&&(p=s.y+i-l.y+h.y),s.y-p-a.y<0&&(p=s.y-a.y),(f||p)&&(this.options.keepInView&&(this._autopanning=!0),t.fire("autopanstart").panBy([f,p]))}},_getAnchor:function(){return y(this._source&&this._source._getPopupAnchor?this._source._getPopupAnchor():[0,0])}}),Wo=function(t,e){return new Me(t,e)};S.mergeOptions({closePopupOnClick:!0}),S.include({openPopup:function(t,e,i){return this._initOverlay(Me,t,e,i).openOn(this),this},closePopup:function(t){return t=arguments.length?t:this._popup,t&&t.close(),this}}),ft.include({bindPopup:function(t,e){return this._popup=this._initOverlay(Me,this._popup,t,e),this._popupHandlersAdded||(this.on({click:this._openPopup,keypress:this._onKeyPress,remove:this.closePopup,move:this._movePopup}),this._popupHandlersAdded=!0),this},unbindPopup:function(){return this._popup&&(this.off({click:this._openPopup,keypress:this._onKeyPress,remove:this.closePopup,move:this._movePopup}),this._popupHandlersAdded=!1,this._popup=null),this},openPopup:function(t){return this._popup&&(this instanceof xt||(this._popup._source=this),this._popup._prepareOpen(t||this._latlng)&&this._popup.openOn(this._map)),this},closePopup:function(){return this._popup&&this._popup.close(),this},togglePopup:function(){return this._popup&&this._popup.toggle(this),this},isPopupOpen:function(){return this._popup?this._popup.isOpen():!1},setPopupContent:function(t){return this._popup&&this._popup.setContent(t),this},getPopup:function(){return this._popup},_openPopup:function(t){if(!(!this._popup||!this._map)){At(t);var e=t.layer||t.target;if(this._popup._source===e&&!(e instanceof Ct)){this._map.hasLayer(this._popup)?this.closePopup():this.openPopup(t.latlng);return}this._popup._source=e,this.openPopup(t.latlng)}},_movePopup:function(t){this._popup.setLatLng(t.latlng)},_onKeyPress:function(t){t.originalEvent.keyCode===13&&this._openPopup(t)}});var Ce=pt.extend({options:{pane:"tooltipPane",offset:[0,0],direction:"auto",permanent:!1,sticky:!1,opacity:.9},onAdd:function(t){pt.prototype.onAdd.call(this,t),this.setOpacity(this.options.opacity),t.fire("tooltipopen",{tooltip:this}),this._source&&(this.addEventParent(this._source),this._source.fire("tooltipopen",{tooltip:this},!0))},onRemove:function(t){pt.prototype.onRemove.call(this,t),t.fire("tooltipclose",{tooltip:this}),this._source&&(this.removeEventParent(this._source),this._source.fire("tooltipclose",{tooltip:this},!0))},getEvents:function(){var t=pt.prototype.getEvents.call(this);return this.options.permanent||(t.preclick=this.close),t},_initLayout:function(){var t="leaflet-tooltip",e=t+" "+(this.options.className||"")+" leaflet-zoom-"+(this._zoomAnimated?"animated":"hide");this._contentNode=this._container=z("div",e),this._container.setAttribute("role","tooltip"),this._container.setAttribute("id","leaflet-tooltip-"+m(this))},_updateLayout:function(){},_adjustPan:function(){},_setPosition:function(t){var e,i,n=this._map,o=this._container,s=n.latLngToContainerPoint(n.getCenter()),r=n.layerPointToContainerPoint(t),a=this.options.direction,h=o.offsetWidth,l=o.offsetHeight,f=y(this.options.offset),p=this._getAnchor();a==="top"?(e=h/2,i=l):a==="bottom"?(e=h/2,i=0):a==="center"?(e=h/2,i=l/2):a==="right"?(e=0,i=l/2):a==="left"?(e=h,i=l/2):r.xthis.options.maxZoom||in?this._retainParent(o,s,r,n):!1)},_retainChildren:function(t,e,i,n){for(var o=2*t;o<2*t+2;o++)for(var s=2*e;s<2*e+2;s++){var r=new w(o,s);r.z=i+1;var a=this._tileCoordsToKey(r),h=this._tiles[a];if(h&&h.active){h.retain=!0;continue}else h&&h.loaded&&(h.retain=!0);i+1this.options.maxZoom||this.options.minZoom!==void 0&&o1){this._setView(t,i);return}for(var p=o.min.y;p<=o.max.y;p++)for(var M=o.min.x;M<=o.max.x;M++){var Q=new w(M,p);if(Q.z=this._tileZoom,!!this._isValidTile(Q)){var G=this._tiles[this._tileCoordsToKey(Q)];G?G.current=!0:r.push(Q)}}if(r.sort(function(it,Ut){return it.distanceTo(s)-Ut.distanceTo(s)}),r.length!==0){this._loading||(this._loading=!0,this.fire("loading"));var lt=document.createDocumentFragment();for(M=0;Mi.max.x)||!e.wrapLat&&(t.yi.max.y))return!1}if(!this.options.bounds)return!0;var n=this._tileCoordsToBounds(t);return W(this.options.bounds).overlaps(n)},_keyToBounds:function(t){return this._tileCoordsToBounds(this._keyToTileCoords(t))},_tileCoordsToNwSe:function(t){var e=this._map,i=this.getTileSize(),n=t.scaleBy(i),o=n.add(i),s=e.unproject(n,t.z),r=e.unproject(o,t.z);return[s,r]},_tileCoordsToBounds:function(t){var e=this._tileCoordsToNwSe(t),i=new et(e[0],e[1]);return this.options.noWrap||(i=this._map.wrapLatLngBounds(i)),i},_tileCoordsToKey:function(t){return t.x+":"+t.y+":"+t.z},_keyToTileCoords:function(t){var e=t.split(":"),i=new w(+e[0],+e[1]);return i.z=+e[2],i},_removeTile:function(t){var e=this._tiles[t];e&&(D(e.el),delete this._tiles[t],this.fire("tileunload",{tile:e.el,coords:this._keyToTileCoords(t)}))},_initTile:function(t){T(t,"leaflet-tile");var e=this.getTileSize();t.style.width=e.x+"px",t.style.height=e.y+"px",t.onselectstart=A,t.onmousemove=A,d.ielt9&&this.options.opacity<1&&ht(t,this.options.opacity)},_addTile:function(t,e){var i=this._getTilePos(t),n=this._tileCoordsToKey(t),o=this.createTile(this._wrapCoords(t),_(this._tileReady,this,t));this._initTile(o),this.createTile.length<2&&q(_(this._tileReady,this,t,null,o)),U(o,i),this._tiles[n]={el:o,coords:t,current:!0},e.appendChild(o),this.fire("tileloadstart",{tile:o,coords:t})},_tileReady:function(t,e,i){e&&this.fire("tileerror",{error:e,tile:i,coords:t});var n=this._tileCoordsToKey(t);i=this._tiles[n],i&&(i.loaded=+new Date,this._map._fadeAnimated?(ht(i.el,0),at(this._fadeFrame),this._fadeFrame=q(this._updateOpacity,this)):(i.active=!0,this._pruneTiles()),e||(T(i.el,"leaflet-tile-loaded"),this.fire("tileload",{tile:i.el,coords:t})),this._noTilesToLoad()&&(this._loading=!1,this.fire("load"),d.ielt9||!this._map._fadeAnimated?q(this._pruneTiles,this):setTimeout(_(this._pruneTiles,this),250)))},_getTilePos:function(t){return t.scaleBy(this.getTileSize()).subtract(this._level.origin)},_wrapCoords:function(t){var e=new w(this._wrapX?X(t.x,this._wrapX):t.x,this._wrapY?X(t.y,this._wrapY):t.y);return e.z=t.z,e},_pxBoundsToTileRange:function(t){var e=this.getTileSize();return new R(t.min.unscaleBy(e).floor(),t.max.unscaleBy(e).ceil().subtract([1,1]))},_noTilesToLoad:function(){for(var t in this._tiles)if(!this._tiles[t].loaded)return!1;return!0}});function qo(t){return new oe(t)}var Wt=oe.extend({options:{minZoom:0,maxZoom:18,subdomains:"abc",errorTileUrl:"",zoomOffset:0,tms:!1,zoomReverse:!1,detectRetina:!1,crossOrigin:!1,referrerPolicy:!1},initialize:function(t,e){this._url=t,e=b(this,e),e.detectRetina&&d.retina&&e.maxZoom>0?(e.tileSize=Math.floor(e.tileSize/2),e.zoomReverse?(e.zoomOffset--,e.minZoom=Math.min(e.maxZoom,e.minZoom+1)):(e.zoomOffset++,e.maxZoom=Math.max(e.minZoom,e.maxZoom-1)),e.minZoom=Math.max(0,e.minZoom)):e.zoomReverse?e.minZoom=Math.min(e.maxZoom,e.minZoom):e.maxZoom=Math.max(e.minZoom,e.maxZoom),typeof e.subdomains=="string"&&(e.subdomains=e.subdomains.split("")),this.on("tileunload",this._onTileRemove)},setUrl:function(t,e){return this._url===t&&e===void 0&&(e=!0),this._url=t,e||this.redraw(),this},createTile:function(t,e){var i=document.createElement("img");return x(i,"load",_(this._tileOnLoad,this,e,i)),x(i,"error",_(this._tileOnError,this,e,i)),(this.options.crossOrigin||this.options.crossOrigin==="")&&(i.crossOrigin=this.options.crossOrigin===!0?"":this.options.crossOrigin),typeof this.options.referrerPolicy=="string"&&(i.referrerPolicy=this.options.referrerPolicy),i.alt="",i.src=this.getTileUrl(t),i},getTileUrl:function(t){var e={r:d.retina?"@2x":"",s:this._getSubdomain(t),x:t.x,y:t.y,z:this._getZoomForUrl()};if(this._map&&!this._map.options.crs.infinite){var i=this._globalTileRange.max.y-t.y;this.options.tms&&(e.y=i),e["-y"]=i}return ue(this._url,c(e,this.options))},_tileOnLoad:function(t,e){d.ielt9?setTimeout(_(t,this,null,e),0):t(null,e)},_tileOnError:function(t,e,i){var n=this.options.errorTileUrl;n&&e.getAttribute("src")!==n&&(e.src=n),t(i,e)},_onTileRemove:function(t){t.tile.onload=null},_getZoomForUrl:function(){var t=this._tileZoom,e=this.options.maxZoom,i=this.options.zoomReverse,n=this.options.zoomOffset;return i&&(t=e-t),t+n},_getSubdomain:function(t){var e=Math.abs(t.x+t.y)%this.options.subdomains.length;return this.options.subdomains[e]},_abortLoading:function(){var t,e;for(t in this._tiles)if(this._tiles[t].coords.z!==this._tileZoom&&(e=this._tiles[t].el,e.onload=A,e.onerror=A,!e.complete)){e.src=Zt;var i=this._tiles[t].coords;D(e),delete this._tiles[t],this.fire("tileabort",{tile:e,coords:i})}},_removeTile:function(t){var e=this._tiles[t];if(e)return e.el.setAttribute("src",Zt),oe.prototype._removeTile.call(this,t)},_tileReady:function(t,e,i){if(!(!this._map||i&&i.getAttribute("src")===Zt))return oe.prototype._tileReady.call(this,t,e,i)}});function cn(t,e){return new Wt(t,e)}var fn=Wt.extend({defaultWmsParams:{service:"WMS",request:"GetMap",layers:"",styles:"",format:"image/jpeg",transparent:!1,version:"1.1.1"},options:{crs:null,uppercase:!1},initialize:function(t,e){this._url=t;var i=c({},this.defaultWmsParams);for(var n in e)n in this.options||(i[n]=e[n]);e=b(this,e);var o=e.detectRetina&&d.retina?2:1,s=this.getTileSize();i.width=s.x*o,i.height=s.y*o,this.wmsParams=i},onAdd:function(t){this._crs=this.options.crs||t.options.crs,this._wmsVersion=parseFloat(this.wmsParams.version);var e=this._wmsVersion>=1.3?"crs":"srs";this.wmsParams[e]=this._crs.code,Wt.prototype.onAdd.call(this,t)},getTileUrl:function(t){var e=this._tileCoordsToNwSe(t),i=this._crs,n=tt(i.project(e[0]),i.project(e[1])),o=n.min,s=n.max,r=(this._wmsVersion>=1.3&&this._crs===on?[o.y,o.x,s.y,s.x]:[o.x,o.y,s.x,s.y]).join(","),a=Wt.prototype.getTileUrl.call(this,t);return a+I(this.wmsParams,a,this.options.uppercase)+(this.options.uppercase?"&BBOX=":"&bbox=")+r},setParams:function(t,e){return c(this.wmsParams,t),e||this.redraw(),this}});function Go(t,e){return new fn(t,e)}Wt.WMS=fn,cn.wms=Go;var bt=ft.extend({options:{padding:.1},initialize:function(t){b(this,t),m(this),this._layers=this._layers||{}},onAdd:function(){this._container||(this._initContainer(),T(this._container,"leaflet-zoom-animated")),this.getPane().appendChild(this._container),this._update(),this.on("update",this._updatePaths,this)},onRemove:function(){this.off("update",this._updatePaths,this),this._destroyContainer()},getEvents:function(){var t={viewreset:this._reset,zoom:this._onZoom,moveend:this._update,zoomend:this._onZoomEnd};return this._zoomAnimated&&(t.zoomanim=this._onAnimZoom),t},_onAnimZoom:function(t){this._updateTransform(t.center,t.zoom)},_onZoom:function(){this._updateTransform(this._map.getCenter(),this._map.getZoom())},_updateTransform:function(t,e){var i=this._map.getZoomScale(e,this._zoom),n=this._map.getSize().multiplyBy(.5+this.options.padding),o=this._map.project(this._center,e),s=n.multiplyBy(-i).add(o).subtract(this._map._getNewPixelOrigin(t,e));d.any3d?kt(this._container,s,i):U(this._container,s)},_reset:function(){this._update(),this._updateTransform(this._center,this._zoom);for(var t in this._layers)this._layers[t]._reset()},_onZoomEnd:function(){for(var t in this._layers)this._layers[t]._project()},_updatePaths:function(){for(var t in this._layers)this._layers[t]._update()},_update:function(){var t=this.options.padding,e=this._map.getSize(),i=this._map.containerPointToLayerPoint(e.multiplyBy(-t)).round();this._bounds=new R(i,i.add(e.multiplyBy(1+t*2)).round()),this._center=this._map.getCenter(),this._zoom=this._map.getZoom()}}),dn=bt.extend({options:{tolerance:0},getEvents:function(){var t=bt.prototype.getEvents.call(this);return t.viewprereset=this._onViewPreReset,t},_onViewPreReset:function(){this._postponeUpdatePaths=!0},onAdd:function(){bt.prototype.onAdd.call(this),this._draw()},_initContainer:function(){var t=this._container=document.createElement("canvas");x(t,"mousemove",this._onMouseMove,this),x(t,"click dblclick mousedown mouseup contextmenu",this._onClick,this),x(t,"mouseout",this._handleMouseOut,this),t._leaflet_disable_events=!0,this._ctx=t.getContext("2d")},_destroyContainer:function(){at(this._redrawRequest),delete this._ctx,D(this._container),O(this._container),delete this._container},_updatePaths:function(){if(!this._postponeUpdatePaths){var t;this._redrawBounds=null;for(var e in this._layers)t=this._layers[e],t._update();this._redraw()}},_update:function(){if(!(this._map._animatingZoom&&this._bounds)){bt.prototype._update.call(this);var t=this._bounds,e=this._container,i=t.getSize(),n=d.retina?2:1;U(e,t.min),e.width=n*i.x,e.height=n*i.y,e.style.width=i.x+"px",e.style.height=i.y+"px",d.retina&&this._ctx.scale(2,2),this._ctx.translate(-t.min.x,-t.min.y),this.fire("update")}},_reset:function(){bt.prototype._reset.call(this),this._postponeUpdatePaths&&(this._postponeUpdatePaths=!1,this._updatePaths())},_initPath:function(t){this._updateDashArray(t),this._layers[m(t)]=t;var e=t._order={layer:t,prev:this._drawLast,next:null};this._drawLast&&(this._drawLast.next=e),this._drawLast=e,this._drawFirst=this._drawFirst||this._drawLast},_addPath:function(t){this._requestRedraw(t)},_removePath:function(t){var e=t._order,i=e.next,n=e.prev;i?i.prev=n:this._drawLast=n,n?n.next=i:this._drawFirst=i,delete t._order,delete this._layers[m(t)],this._requestRedraw(t)},_updatePath:function(t){this._extendRedrawBounds(t),t._project(),t._update(),this._requestRedraw(t)},_updateStyle:function(t){this._updateDashArray(t),this._requestRedraw(t)},_updateDashArray:function(t){if(typeof t.options.dashArray=="string"){var e=t.options.dashArray.split(/[, ]+/),i=[],n,o;for(o=0;o')}}catch{}return function(t){return document.createElement("<"+t+' xmlns="urn:schemas-microsoft.com:vml" class="lvml">')}}(),Ko={_initContainer:function(){this._container=z("div","leaflet-vml-container")},_update:function(){this._map._animatingZoom||(bt.prototype._update.call(this),this.fire("update"))},_initPath:function(t){var e=t._container=se("shape");T(e,"leaflet-vml-shape "+(this.options.className||"")),e.coordsize="1 1",t._path=se("path"),e.appendChild(t._path),this._updateStyle(t),this._layers[m(t)]=t},_addPath:function(t){var e=t._container;this._container.appendChild(e),t.options.interactive&&t.addInteractiveTarget(e)},_removePath:function(t){var e=t._container;D(e),t.removeInteractiveTarget(e),delete this._layers[m(t)]},_updateStyle:function(t){var e=t._stroke,i=t._fill,n=t.options,o=t._container;o.stroked=!!n.stroke,o.filled=!!n.fill,n.stroke?(e||(e=t._stroke=se("stroke")),o.appendChild(e),e.weight=n.weight+"px",e.color=n.color,e.opacity=n.opacity,n.dashArray?e.dashStyle=J(n.dashArray)?n.dashArray.join(" "):n.dashArray.replace(/( *, *)/g," "):e.dashStyle="",e.endcap=n.lineCap.replace("butt","flat"),e.joinstyle=n.lineJoin):e&&(o.removeChild(e),t._stroke=null),n.fill?(i||(i=t._fill=se("fill")),o.appendChild(i),i.color=n.fillColor||n.color,i.opacity=n.fillOpacity):i&&(o.removeChild(i),t._fill=null)},_updateCircle:function(t){var e=t._point.round(),i=Math.round(t._radius),n=Math.round(t._radiusY||i);this._setPath(t,t._empty()?"M0 0":"AL "+e.x+","+e.y+" "+i+","+n+" 0,"+65535*360)},_setPath:function(t,e){t._path.v=e},_bringToFront:function(t){It(t._container)},_bringToBack:function(t){Nt(t._container)}},ke=d.vml?se:gi,re=bt.extend({_initContainer:function(){this._container=ke("svg"),this._container.setAttribute("pointer-events","none"),this._rootGroup=ke("g"),this._container.appendChild(this._rootGroup)},_destroyContainer:function(){D(this._container),O(this._container),delete this._container,delete this._rootGroup,delete this._svgSize},_update:function(){if(!(this._map._animatingZoom&&this._bounds)){bt.prototype._update.call(this);var t=this._bounds,e=t.getSize(),i=this._container;(!this._svgSize||!this._svgSize.equals(e))&&(this._svgSize=e,i.setAttribute("width",e.x),i.setAttribute("height",e.y)),U(i,t.min),i.setAttribute("viewBox",[t.min.x,t.min.y,e.x,e.y].join(" ")),this.fire("update")}},_initPath:function(t){var e=t._path=ke("path");t.options.className&&T(e,t.options.className),t.options.interactive&&T(e,"leaflet-interactive"),this._updateStyle(t),this._layers[m(t)]=t},_addPath:function(t){this._rootGroup||this._initContainer(),this._rootGroup.appendChild(t._path),t.addInteractiveTarget(t._path)},_removePath:function(t){D(t._path),t.removeInteractiveTarget(t._path),delete this._layers[m(t)]},_updatePath:function(t){t._project(),t._update()},_updateStyle:function(t){var e=t._path,i=t.options;e&&(i.stroke?(e.setAttribute("stroke",i.color),e.setAttribute("stroke-opacity",i.opacity),e.setAttribute("stroke-width",i.weight),e.setAttribute("stroke-linecap",i.lineCap),e.setAttribute("stroke-linejoin",i.lineJoin),i.dashArray?e.setAttribute("stroke-dasharray",i.dashArray):e.removeAttribute("stroke-dasharray"),i.dashOffset?e.setAttribute("stroke-dashoffset",i.dashOffset):e.removeAttribute("stroke-dashoffset")):e.setAttribute("stroke","none"),i.fill?(e.setAttribute("fill",i.fillColor||i.color),e.setAttribute("fill-opacity",i.fillOpacity),e.setAttribute("fill-rule",i.fillRule||"evenodd")):e.setAttribute("fill","none"))},_updatePoly:function(t,e){this._setPath(t,vi(t._parts,e))},_updateCircle:function(t){var e=t._point,i=Math.max(Math.round(t._radius),1),n=Math.max(Math.round(t._radiusY),1)||i,o="a"+i+","+n+" 0 1,0 ",s=t._empty()?"M0 0":"M"+(e.x-i)+","+e.y+o+i*2+",0 "+o+-i*2+",0 ";this._setPath(t,s)},_setPath:function(t,e){t._path.setAttribute("d",e)},_bringToFront:function(t){It(t._path)},_bringToBack:function(t){Nt(t._path)}});d.vml&&re.include(Ko);function mn(t){return d.svg||d.vml?new re(t):null}S.include({getRenderer:function(t){var e=t.options.renderer||this._getPaneRenderer(t.options.pane)||this.options.renderer||this._renderer;return e||(e=this._renderer=this._createRenderer()),this.hasLayer(e)||this.addLayer(e),e},_getPaneRenderer:function(t){if(t==="overlayPane"||t===void 0)return!1;var e=this._paneRenderers[t];return e===void 0&&(e=this._createRenderer({pane:t}),this._paneRenderers[t]=e),e},_createRenderer:function(t){return this.options.preferCanvas&&_n(t)||mn(t)}});var pn=Ht.extend({initialize:function(t,e){Ht.prototype.initialize.call(this,this._boundsToLatLngs(t),e)},setBounds:function(t){return this.setLatLngs(this._boundsToLatLngs(t))},_boundsToLatLngs:function(t){return t=W(t),[t.getSouthWest(),t.getNorthWest(),t.getNorthEast(),t.getSouthEast()]}});function jo(t,e){return new pn(t,e)}re.create=ke,re.pointsToPath=vi,Lt.geometryToLayer=xe,Lt.coordsToLatLng=ui,Lt.coordsToLatLngs=Pe,Lt.latLngToCoords=li,Lt.latLngsToCoords=Le,Lt.getFeature=Ft,Lt.asFeature=be,S.mergeOptions({boxZoom:!0});var gn=mt.extend({initialize:function(t){this._map=t,this._container=t._container,this._pane=t._panes.overlayPane,this._resetStateTimeout=0,t.on("unload",this._destroy,this)},addHooks:function(){x(this._container,"mousedown",this._onMouseDown,this)},removeHooks:function(){O(this._container,"mousedown",this._onMouseDown,this)},moved:function(){return this._moved},_destroy:function(){D(this._pane),delete this._pane},_resetState:function(){this._resetStateTimeout=0,this._moved=!1},_clearDeferredResetState:function(){this._resetStateTimeout!==0&&(clearTimeout(this._resetStateTimeout),this._resetStateTimeout=0)},_onMouseDown:function(t){if(!t.shiftKey||t.which!==1&&t.button!==1)return!1;this._clearDeferredResetState(),this._resetState(),Xt(),Ge(),this._startPoint=this._map.mouseEventToContainerPoint(t),x(document,{contextmenu:At,mousemove:this._onMouseMove,mouseup:this._onMouseUp,keydown:this._onKeyDown},this)},_onMouseMove:function(t){this._moved||(this._moved=!0,this._box=z("div","leaflet-zoom-box",this._container),T(this._container,"leaflet-crosshair"),this._map.fire("boxzoomstart")),this._point=this._map.mouseEventToContainerPoint(t);var e=new R(this._point,this._startPoint),i=e.getSize();U(this._box,e.min),this._box.style.width=i.x+"px",this._box.style.height=i.y+"px"},_finish:function(){this._moved&&(D(this._box),F(this._container,"leaflet-crosshair")),Qt(),Ke(),O(document,{contextmenu:At,mousemove:this._onMouseMove,mouseup:this._onMouseUp,keydown:this._onKeyDown},this)},_onMouseUp:function(t){if(!(t.which!==1&&t.button!==1)&&(this._finish(),!!this._moved)){this._clearDeferredResetState(),this._resetStateTimeout=setTimeout(_(this._resetState,this),0);var e=new et(this._map.containerPointToLatLng(this._startPoint),this._map.containerPointToLatLng(this._point));this._map.fitBounds(e).fire("boxzoomend",{boxZoomBounds:e})}},_onKeyDown:function(t){t.keyCode===27&&(this._finish(),this._clearDeferredResetState(),this._resetState())}});S.addInitHook("addHandler","boxZoom",gn),S.mergeOptions({doubleClickZoom:!0});var vn=mt.extend({addHooks:function(){this._map.on("dblclick",this._onDoubleClick,this)},removeHooks:function(){this._map.off("dblclick",this._onDoubleClick,this)},_onDoubleClick:function(t){var e=this._map,i=e.getZoom(),n=e.options.zoomDelta,o=t.originalEvent.shiftKey?i-n:i+n;e.options.doubleClickZoom==="center"?e.setZoom(o):e.setZoomAround(t.containerPoint,o)}});S.addInitHook("addHandler","doubleClickZoom",vn),S.mergeOptions({dragging:!0,inertia:!0,inertiaDeceleration:3400,inertiaMaxSpeed:1/0,easeLinearity:.2,worldCopyJump:!1,maxBoundsViscosity:0});var yn=mt.extend({addHooks:function(){if(!this._draggable){var t=this._map;this._draggable=new Mt(t._mapPane,t._container),this._draggable.on({dragstart:this._onDragStart,drag:this._onDrag,dragend:this._onDragEnd},this),this._draggable.on("predrag",this._onPreDragLimit,this),t.options.worldCopyJump&&(this._draggable.on("predrag",this._onPreDragWrap,this),t.on("zoomend",this._onZoomEnd,this),t.whenReady(this._onZoomEnd,this))}T(this._map._container,"leaflet-grab leaflet-touch-drag"),this._draggable.enable(),this._positions=[],this._times=[]},removeHooks:function(){F(this._map._container,"leaflet-grab"),F(this._map._container,"leaflet-touch-drag"),this._draggable.disable()},moved:function(){return this._draggable&&this._draggable._moved},moving:function(){return this._draggable&&this._draggable._moving},_onDragStart:function(){var t=this._map;if(t._stop(),this._map.options.maxBounds&&this._map.options.maxBoundsViscosity){var e=W(this._map.options.maxBounds);this._offsetLimit=tt(this._map.latLngToContainerPoint(e.getNorthWest()).multiplyBy(-1),this._map.latLngToContainerPoint(e.getSouthEast()).multiplyBy(-1).add(this._map.getSize())),this._viscosity=Math.min(1,Math.max(0,this._map.options.maxBoundsViscosity))}else this._offsetLimit=null;t.fire("movestart").fire("dragstart"),t.options.inertia&&(this._positions=[],this._times=[])},_onDrag:function(t){if(this._map.options.inertia){var e=this._lastTime=+new Date,i=this._lastPos=this._draggable._absPos||this._draggable._newPos;this._positions.push(i),this._times.push(e),this._prunePositions(e)}this._map.fire("move",t).fire("drag",t)},_prunePositions:function(t){for(;this._positions.length>1&&t-this._times[0]>50;)this._positions.shift(),this._times.shift()},_onZoomEnd:function(){var t=this._map.getSize().divideBy(2),e=this._map.latLngToLayerPoint([0,0]);this._initialWorldOffset=e.subtract(t).x,this._worldWidth=this._map.getPixelWorldBounds().getSize().x},_viscousLimit:function(t,e){return t-(t-e)*this._viscosity},_onPreDragLimit:function(){if(!(!this._viscosity||!this._offsetLimit)){var t=this._draggable._newPos.subtract(this._draggable._startPos),e=this._offsetLimit;t.xe.max.x&&(t.x=this._viscousLimit(t.x,e.max.x)),t.y>e.max.y&&(t.y=this._viscousLimit(t.y,e.max.y)),this._draggable._newPos=this._draggable._startPos.add(t)}},_onPreDragWrap:function(){var t=this._worldWidth,e=Math.round(t/2),i=this._initialWorldOffset,n=this._draggable._newPos.x,o=(n-e+i)%t+e-i,s=(n+e+i)%t-e-i,r=Math.abs(o+i)0?s:-s))-e;this._delta=0,this._startTime=null,r&&(t.options.scrollWheelZoom==="center"?t.setZoom(e+r):t.setZoomAround(this._lastMousePos,e+r))}});S.addInitHook("addHandler","scrollWheelZoom",xn);var Jo=600;S.mergeOptions({tapHold:d.touchNative&&d.safari&&d.mobile,tapTolerance:15});var Pn=mt.extend({addHooks:function(){x(this._map._container,"touchstart",this._onDown,this)},removeHooks:function(){O(this._map._container,"touchstart",this._onDown,this)},_onDown:function(t){if(clearTimeout(this._holdTimeout),t.touches.length===1){var e=t.touches[0];this._startPos=this._newPos=new w(e.clientX,e.clientY),this._holdTimeout=setTimeout(_(function(){this._cancel(),this._isTapValid()&&(x(document,"touchend",j),x(document,"touchend touchcancel",this._cancelClickPrevent),this._simulateEvent("contextmenu",e))},this),Jo),x(document,"touchend touchcancel contextmenu",this._cancel,this),x(document,"touchmove",this._onMove,this)}},_cancelClickPrevent:function t(){O(document,"touchend",j),O(document,"touchend touchcancel",t)},_cancel:function(){clearTimeout(this._holdTimeout),O(document,"touchend touchcancel contextmenu",this._cancel,this),O(document,"touchmove",this._onMove,this)},_onMove:function(t){var e=t.touches[0];this._newPos=new w(e.clientX,e.clientY)},_isTapValid:function(){return this._newPos.distanceTo(this._startPos)<=this._map.options.tapTolerance},_simulateEvent:function(t,e){var i=new MouseEvent(t,{bubbles:!0,cancelable:!0,view:window,screenX:e.screenX,screenY:e.screenY,clientX:e.clientX,clientY:e.clientY});i._simulated=!0,e.target.dispatchEvent(i)}});S.addInitHook("addHandler","tapHold",Pn),S.mergeOptions({touchZoom:d.touch,bounceAtZoomLimits:!0});var Ln=mt.extend({addHooks:function(){T(this._map._container,"leaflet-touch-zoom"),x(this._map._container,"touchstart",this._onTouchStart,this)},removeHooks:function(){F(this._map._container,"leaflet-touch-zoom"),O(this._map._container,"touchstart",this._onTouchStart,this)},_onTouchStart:function(t){var e=this._map;if(!(!t.touches||t.touches.length!==2||e._animatingZoom||this._zooming)){var i=e.mouseEventToContainerPoint(t.touches[0]),n=e.mouseEventToContainerPoint(t.touches[1]);this._centerPoint=e.getSize()._divideBy(2),this._startLatLng=e.containerPointToLatLng(this._centerPoint),e.options.touchZoom!=="center"&&(this._pinchStartLatLng=e.containerPointToLatLng(i.add(n)._divideBy(2))),this._startDist=i.distanceTo(n),this._startZoom=e.getZoom(),this._moved=!1,this._zooming=!0,e._stop(),x(document,"touchmove",this._onTouchMove,this),x(document,"touchend touchcancel",this._onTouchEnd,this),j(t)}},_onTouchMove:function(t){if(!(!t.touches||t.touches.length!==2||!this._zooming)){var e=this._map,i=e.mouseEventToContainerPoint(t.touches[0]),n=e.mouseEventToContainerPoint(t.touches[1]),o=i.distanceTo(n)/this._startDist;if(this._zoom=e.getScaleZoom(o,this._startZoom),!e.options.bounceAtZoomLimits&&(this._zoome.getMaxZoom()&&o>1)&&(this._zoom=e._limitZoom(this._zoom)),e.options.touchZoom==="center"){if(this._center=this._startLatLng,o===1)return}else{var s=i._add(n)._divideBy(2)._subtract(this._centerPoint);if(o===1&&s.x===0&&s.y===0)return;this._center=e.unproject(e.project(this._pinchStartLatLng,this._zoom).subtract(s),this._zoom)}this._moved||(e._moveStart(!0,!1),this._moved=!0),at(this._animRequest);var r=_(e._move,e,this._center,this._zoom,{pinch:!0,round:!1},void 0);this._animRequest=q(r,this,!0),j(t)}},_onTouchEnd:function(){if(!this._moved||!this._zooming){this._zooming=!1;return}this._zooming=!1,at(this._animRequest),O(document,"touchmove",this._onTouchMove,this),O(document,"touchend touchcancel",this._onTouchEnd,this),this._map.options.zoomAnimation?this._map._animateZoom(this._center,this._map._limitZoom(this._zoom),!0,this._map.options.zoomSnap):this._map._resetView(this._center,this._map._limitZoom(this._zoom))}});S.addInitHook("addHandler","touchZoom",Ln),S.BoxZoom=gn,S.DoubleClickZoom=vn,S.Drag=yn,S.Keyboard=wn,S.ScrollWheelZoom=xn,S.TapHold=Pn,S.TouchZoom=Ln,u.Bounds=R,u.Browser=d,u.CRS=wt,u.Canvas=dn,u.Circle=hi,u.CircleMarker=we,u.Class=yt,u.Control=ct,u.DivIcon=ln,u.DivOverlay=pt,u.DomEvent=fo,u.DomUtil=lo,u.Draggable=Mt,u.Evented=Gt,u.FeatureGroup=xt,u.GeoJSON=Lt,u.GridLayer=oe,u.Handler=mt,u.Icon=Dt,u.ImageOverlay=Te,u.LatLng=E,u.LatLngBounds=et,u.Layer=ft,u.LayerGroup=Rt,u.LineUtil=Mo,u.Map=S,u.Marker=ye,u.Mixin=wo,u.Path=Ct,u.Point=w,u.PolyUtil=xo,u.Polygon=Ht,u.Polyline=Pt,u.Popup=Me,u.PosAnimation=qi,u.Projection=Co,u.Rectangle=pn,u.Renderer=bt,u.SVG=re,u.SVGOverlay=un,u.TileLayer=Wt,u.Tooltip=Ce,u.Transformation=Ze,u.Util=En,u.VideoOverlay=hn,u.bind=_,u.bounds=tt,u.canvas=_n,u.circle=Bo,u.circleMarker=Zo,u.control=ee,u.divIcon=Vo,u.extend=c,u.featureGroup=Ao,u.geoJSON=an,u.geoJson=Ro,u.gridLayer=qo,u.icon=Eo,u.imageOverlay=Do,u.latLng=k,u.latLngBounds=W,u.layerGroup=zo,u.map=_o,u.marker=Oo,u.point=y,u.polygon=No,u.polyline=Io,u.popup=Wo,u.rectangle=jo,u.setOptions=b,u.stamp=m,u.svg=mn,u.svgOverlay=Fo,u.tileLayer=cn,u.tooltip=Uo,u.transformation=Kt,u.version=v,u.videoOverlay=Ho;var Yo=window.L;u.noConflict=function(){return window.L=Yo,this},window.L=u})})(di,di.exports);var vs=di.exports;const Ot=ss(vs),ys="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABkAAAApCAYAAADAk4LOAAAFgUlEQVR4Aa1XA5BjWRTN2oW17d3YaZtr2962HUzbDNpjszW24mRt28p47v7zq/bXZtrp/lWnXr337j3nPCe85NcypgSFdugCpW5YoDAMRaIMqRi6aKq5E3YqDQO3qAwjVWrD8Ncq/RBpykd8oZUb/kaJutow8r1aP9II0WmLKLIsJyv1w/kqw9Ch2MYdB++12Onxee/QMwvf4/Dk/Lfp/i4nxTXtOoQ4pW5Aj7wpici1A9erdAN2OH64x8OSP9j3Ft3b7aWkTg/Fm91siTra0f9on5sQr9INejH6CUUUpavjFNq1B+Oadhxmnfa8RfEmN8VNAsQhPqF55xHkMzz3jSmChWU6f7/XZKNH+9+hBLOHYozuKQPxyMPUKkrX/K0uWnfFaJGS1QPRtZsOPtr3NsW0uyh6NNCOkU3Yz+bXbT3I8G3xE5EXLXtCXbbqwCO9zPQYPRTZ5vIDXD7U+w7rFDEoUUf7ibHIR4y6bLVPXrz8JVZEql13trxwue/uDivd3fkWRbS6/IA2bID4uk0UpF1N8qLlbBlXs4Ee7HLTfV1j54APvODnSfOWBqtKVvjgLKzF5YdEk5ewRkGlK0i33Eofffc7HT56jD7/6U+qH3Cx7SBLNntH5YIPvODnyfIXZYRVDPqgHtLs5ABHD3YzLuespb7t79FY34DjMwrVrcTuwlT55YMPvOBnRrJ4VXTdNnYug5ucHLBjEpt30701A3Ts+HEa73u6dT3FNWwflY86eMHPk+Yu+i6pzUpRrW7SNDg5JHR4KapmM5Wv2E8Tfcb1HoqqHMHU+uWDD7zg54mz5/2BSnizi9T1Dg4QQXLToGNCkb6tb1NU+QAlGr1++eADrzhn/u8Q2YZhQVlZ5+CAOtqfbhmaUCS1ezNFVm2imDbPmPng5wmz+gwh+oHDce0eUtQ6OGDIyR0uUhUsoO3vfDmmgOezH0mZN59x7MBi++WDL1g/eEiU3avlidO671bkLfwbw5XV2P8Pzo0ydy4t2/0eu33xYSOMOD8hTf4CrBtGMSoXfPLchX+J0ruSePw3LZeK0juPJbYzrhkH0io7B3k164hiGvawhOKMLkrQLyVpZg8rHFW7E2uHOL888IBPlNZ1FPzstSJM694fWr6RwpvcJK60+0HCILTBzZLFNdtAzJaohze60T8qBzyh5ZuOg5e7uwQppofEmf2++DYvmySqGBuKaicF1blQjhuHdvCIMvp8whTTfZzI7RldpwtSzL+F1+wkdZ2TBOW2gIF88PBTzD/gpeREAMEbxnJcaJHNHrpzji0gQCS6hdkEeYt9DF/2qPcEC8RM28Hwmr3sdNyht00byAut2k3gufWNtgtOEOFGUwcXWNDbdNbpgBGxEvKkOQsxivJx33iow0Vw5S6SVTrpVq11ysA2Rp7gTfPfktc6zhtXBBC+adRLshf6sG2RfHPZ5EAc4sVZ83yCN00Fk/4kggu40ZTvIEm5g24qtU4KjBrx/BTTH8ifVASAG7gKrnWxJDcU7x8X6Ecczhm3o6YicvsLXWfh3Ch1W0k8x0nXF+0fFxgt4phz8QvypiwCCFKMqXCnqXExjq10beH+UUA7+nG6mdG/Pu0f3LgFcGrl2s0kNNjpmoJ9o4B29CMO8dMT4Q5ox8uitF6fqsrJOr8qnwNbRzv6hSnG5wP+64C7h9lp30hKNtKdWjtdkbuPA19nJ7Tz3zR/ibgARbhb4AlhavcBebmTHcFl2fvYEnW0ox9xMxKBS8btJ+KiEbq9zA4RthQXDhPa0T9TEe69gWupwc6uBUphquXgf+/FrIjweHQS4/pduMe5ERUMHUd9xv8ZR98CxkS4F2n3EUrUZ10EYNw7BWm9x1GiPssi3GgiGRDKWRYZfXlON+dfNbM+GgIwYdwAAAAASUVORK5CYII=",ws="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAABSCAMAAAAhFXfZAAAC91BMVEVMaXEzeak2f7I4g7g3g7cua5gzeKg8hJo3grY4g7c3grU0gLI2frE0daAubJc2gbQwd6QzeKk2gLMtd5sxdKIua5g1frA2f7IydaM0e6w2fq41fK01eqo3grgubJgta5cxdKI1f7AydaQydaMxc6EubJgvbJkwcZ4ubZkwcJwubZgubJcydqUydKIxapgubJctbJcubZcubJcvbJYubJcvbZkubJctbJctbZcubJg2f7AubJcrbZcubJcubJcua5g3grY0fq8ubJcubJdEkdEwhsw6i88vhswuhcsuhMtBjMgthMsrg8srgss6is8qgcs8i9A9iMYtg8spgcoogMo7hcMngMonf8olfso4gr8kfck5iM8jfMk4iM8he8k1fro7itAgesk2hs8eecgzfLcofssdeMg0hc4cd8g2hcsxeLQbdsgZdcgxeLImfcszhM0vda4xgckzhM4xg84wf8Yxgs4udKsvfcQucqhUndROmdM1fK0wcZ8vb5w0eqpQm9MzeKhXoNVcpdYydKNWn9VZotVKltJFjsIwcJ1Rms9OlslLmtH///8+kc9epdYzd6dbo9VHkMM2f7FHmNBClM8ydqVcpNY9hro3gLM9hLczealQmcw3fa46f7A8gLMxc6I3eagyc6FIldJMl9JSnNRSntNNl9JPnNJFi75UnM9ZodVKksg8kM45jc09e6ZHltFBk883gbRBh7pDk9EwcaBzn784g7dKkcY2i81Om9M7j85Llc81is09g7Q4grY/j9A0eqxKmdFFltBEjcXf6fFImdBCiLxJl9FGlNFBi78yiMxVndEvbpo6js74+vx+psPP3+o/ks5HkcpGmNCjwdZCkNDM3ehYoNJEls+lxNkxh8xHks0+jdC1zd5Lg6r+/v/H2ufz9/o3jM3t8/edvdM/k89Th61OiLBSjbZklbaTt9BfptdjmL1AicBHj8hGk9FAgK1dkLNTjLRekrdClc/k7fM0icy0y9tgp9c4jc2NtM9Dlc8zicxeXZn3AAAAQ3RSTlMAHDdTb4yPA+LtnEQmC4L2EmHqB7XA0d0sr478x4/Yd5i1zOfyPkf1sLVq4Nh3FvjxopQ2/STNuFzUwFIwxKaejILpIBEV9wAABhVJREFUeF6s1NdyFEcYBeBeoQIhRAkLlRDGrhIgY3BJL8CVeKzuyXFzzjkn5ZxzzuScg3PO8cKzu70JkO0LfxdTU//pM9vTu7Xgf6KqOVTb9X7toRrVEfBf1HTVjZccrT/2by1VV928Yty9ZbVuucdz90frG8DBjl9pVApbOstvmMuvVgaNXSfAAd6pGxpy6yxf5ph43pS/4f3uoaGm2rdu72S9xzOvMymkZFq/ptDrk90mhW7e4zl7HLzhxGWPR20xmSxJ/VqldG5m9XhaVOA1DadsNh3Pu5L2N6QtPO/32JpqQBVVk20oy/Pi2s23WEvyfHbe1thadVQttvm7Llf65gGmXK67XtupyoM7HQhmXdLS8oGWJNeOJ3C5fG5XCEJnkez3/oFdsvgJ4l2ANZwhrJKk/7OSXa+3Vw2WJMlKnGkobouYk6T0TyX30klOUnTD9HJ5qpckL3EW/w4XF3Xd0FGywXUrstrclVsqz5Pd/sXFYyDnPdrLcQODmGOK47IZb4CmibmMn+MYRzFZ5jg33ZL/EJrWcszHmANy3ARBK/IXtciJy8VsitPSdE3uuHxzougojcUdr8/32atnz/ev3f/K5wtpxUTpcaI45zusVDpYtZi+jg0oU9b3x74h7+n9ABvYEZeKaVq0sh0AtLKsFtqNBdeT0MrSzwwlq9+x6xAO4tgOtSzbCjrNQQiNvQUbUEubvzBUeGw26yDCsRHCoLkTHDa7IdOLIThs/gHvChszh2CimE8peRs47cxANI0lYNB5y1DljpOF0IhzBDPOZnDOqYYbeGKECbPzWnXludPphw5c2YBq5zlwXphIbO4VDCZ0gnPfUO1TwZoYwAs2ExPCedAu9DAjfQUjzITQb3jNj0KG2Sgt6BHaQUdYzWz+XmBktOHwanXjaSTcwwziBcuMOtwBmqPrTOxFQR/DRKKPqyur0aiW6cULYsx6tBm0jXpR/AUWR6HRq9WVW6MRhIq5jLyjbaCTDCijyYJNpCajdyobP/eTw0iexBAKkJ3gA5KcQb2zBXsIBckn+xVv8jkZSaEFHE+jFEleAEfayRU0MouNoBmB/L50Ai/HSLIHxcrpCvnhSQAuakKp2C/YbCylJjXRVy/z3+Kv/RrNcCo+WUzlVEhzKffnTQnxeN9fWF88fiNCUdSTsaufaChKWInHeysygfpIqagoakW+vV20J8uyl6TyNKEZWV4oRSPyCkWpgOLSbkCObT8o2r6tlG58HQquf6O0v50tB7JM7F4EORd2dx/K0w/KHsVkLPaoYrwgP/y7krr3SSMA4zj+OBgmjYkxcdIJQyQRKgg2viX9Hddi9UBb29LrKR7CVVEEEXWojUkXNyfTNDE14W9gbHJNuhjDettN3ZvbOvdOqCD3Jp/9l+/wJE+9PkYGjx/fqkys3S2rMozM/o2106rfMUINo6hVqz+eu/hd1c4xTg0TAfy5kV+4UG6+IthHTU9woWmxuKNbTfuCSfovBCxq7EtHqvYL4Sm6F8GVxsSXHMQ07TOi1DKtZxjWaaIyi4CXWjxPccUw8WVbMYY5wxC1mzEyXMJWkllpRloi+Kkoq69sxBTlElF6aAxYUbjXNlhlDZilDnM4U5SlN5biRsRHnbx3mbeWjEh4mEyiuJDl5XcWVmX5GvNkFgLWZM5qwsop4/AWfLhU1cR7k1VVvcYCWRkOI6Xy5gmnphCYIkvzuNYzHzosq2oNk2RtSs8khfUOfHIDgR6ysYBaMpl4uEgk2U/oJTs9AaTSwma7dT69geAE2ZpEjUsn2ieJNHeKfrI3EcAGJ2ZaNgVuC8EBctCLc57P5u5led6IOBkIYkuQMrmmjChs4VkfOerHqSBkPzZlhe06RslZ3zMjk2sscqKwY0RcjKK+LWbzd7KiHhkncs/siFJ+V5eXxD34B8nVuJEpGJNmxN2gH3vSvp7J70tF+D1Ej8qUJD1TkErAND2GZwTFg/LubvmgiBG3SOvdlsqFQrkEzJCL1rstlnVFROixZoDDSuXQFHESwVGlcuQcMb/b42NgjLowh5MTDFE3vNB5qStRIErdCQEh6pLPR92anSUb/wAIhldAaDMpGgAAAABJRU5ErkJggg==",xs="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACkAAAApCAQAAAACach9AAACMUlEQVR4Ae3ShY7jQBAE0Aoz/f9/HTMzhg1zrdKUrJbdx+Kd2nD8VNudfsL/Th///dyQN2TH6f3y/BGpC379rV+S+qqetBOxImNQXL8JCAr2V4iMQXHGNJxeCfZXhSRBcQMfvkOWUdtfzlLgAENmZDcmo2TVmt8OSM2eXxBp3DjHSMFutqS7SbmemzBiR+xpKCNUIRkdkkYxhAkyGoBvyQFEJEefwSmmvBfJuJ6aKqKWnAkvGZOaZXTUgFqYULWNSHUckZuR1HIIimUExutRxwzOLROIG4vKmCKQt364mIlhSyzAf1m9lHZHJZrlAOMMztRRiKimp/rpdJDc9Awry5xTZCte7FHtuS8wJgeYGrex28xNTd086Dik7vUMscQOa8y4DoGtCCSkAKlNwpgNtphjrC6MIHUkR6YWxxs6Sc5xqn222mmCRFzIt8lEdKx+ikCtg91qS2WpwVfBelJCiQJwvzixfI9cxZQWgiSJelKnwBElKYtDOb2MFbhmUigbReQBV0Cg4+qMXSxXSyGUn4UbF8l+7qdSGnTC0XLCmahIgUHLhLOhpVCtw4CzYXvLQWQbJNmxoCsOKAxSgBJno75avolkRw8iIAFcsdc02e9iyCd8tHwmeSSoKTowIgvscSGZUOA7PuCN5b2BX9mQM7S0wYhMNU74zgsPBj3HU7wguAfnxxjFQGBE6pwN+GjME9zHY7zGp8wVxMShYX9NXvEWD3HbwJf4giO4CFIQxXScH1/TM+04kkBiAAAAAElFTkSuQmCC";function Sn(C,g,u){const v=C.slice();return v[21]=g[u],v[23]=u,v}function Ps(C){let g,u,v,c;return{c(){g=vt("div"),u=vt("button"),u.innerHTML='',Y(u,"type","button"),Y(u,"class","btn btn-circle btn-xs btn-transparent"),Y(g,"class","form-field-addon")},m(P,_){he(P,g,_),gt(g,u),v||(c=_i(u,"click",C[5]),v=!0)},p:Ee,d(P){P&&ae(g),v=!1,c()}}}function Ls(C){let g;return{c(){g=vt("div"),g.innerHTML='',Y(g,"class","form-field-addon")},m(u,v){he(u,g,v)},p:Ee,d(u){u&&ae(g)}}}function zn(C){let g,u=kn(C[4]),v=[];for(let c=0;c{B==null||B.setLatLng([c.lat,c.lon]),P==null||P.panInside([c.lat,c.lon],{padding:[20,40]})},N)}function b(){const N=[ze(c.lat),ze(c.lon)];P=Ot.map(_,{zoomControl:!1}).setView(N,Ts),Ot.tileLayer("https://tile.openstreetmap.org/{z}/{x}/{y}.png",{attribution:'© OpenStreetMap'}).addTo(P),Ot.Icon.Default.prototype.options.iconUrl=ys,Ot.Icon.Default.prototype.options.iconRetinaUrl=ws,Ot.Icon.Default.prototype.options.shadowUrl=xs,Ot.Icon.Default.imagePath="",B=Ot.marker(N,{draggable:!0,autoPan:!0}).addTo(P),B.bindTooltip("drag or right click anywhere on the map to move"),B.on("moveend",st=>{var $;($=st.sourceTarget)!=null&&$._latlng&&J(st.sourceTarget._latlng.lat,st.sourceTarget._latlng.lng,!1)}),P.on("contextmenu",st=>{J(st.latlng.lat,st.latlng.lng,!1)})}function I(){ot(),B==null||B.remove(),P==null||P.remove()}function ot(){H==null||H.abort(),clearTimeout(A),u(3,m=!1),u(4,X=[]),u(1,K="")}function ue(N,st=1100){if(u(3,m=!0),u(4,X=[]),clearTimeout(A),H==null||H.abort(),!N){u(3,m=!1);return}A=setTimeout(async()=>{H=new AbortController;try{const $=await fetch("https://nominatim.openstreetmap.org/search.php?format=jsonv2&q="+encodeURIComponent(N),{signal:H.signal});if($.status!=200)throw new Error("OpenStreetMap API error "+$.status);const le=await $.json();for(const q of le)X.push({lat:q.lat,lon:q.lon,name:q.display_name})}catch($){console.warn("[address search failed]",$)}u(4,X),u(3,m=!1)},st)}function J(N,st,$=!0){u(7,c.lat=ze(N),c),u(7,c.lon=ze(st),c),$&&(B==null||B.setLatLng([c.lat,c.lon]),P==null||P.panTo([c.lat,c.lon],{animate:!1})),ot()}ls(()=>(b(),()=>{I()}));function Vt(){K=this.value,u(1,K)}const Zt=N=>J(N.lat,N.lon);function qt(N){fs[N?"unshift":"push"](()=>{_=N,u(2,_)})}return C.$$set=N=>{"height"in N&&u(0,v=N.height),"point"in N&&u(7,c=N.point)},C.$$.update=()=>{C.$$.dirty&2&&ue(K),C.$$.dirty&128&&c.lat&&c.lon&&Z()},[v,K,_,m,X,ot,J,c,Vt,Zt,qt]}class ks extends as{constructor(g){super(),hs(this,g,Ms,bs,us,{height:0,point:7})}}export{ks as default}; diff --git a/ui/dist/assets/ListApiDocs-ByASLUZu.css b/ui/dist/assets/ListApiDocs-ByASLUZu.css new file mode 100644 index 0000000..b4b4197 --- /dev/null +++ b/ui/dist/assets/ListApiDocs-ByASLUZu.css @@ -0,0 +1 @@ +.filter-op.svelte-1w7s5nw{display:inline-block;vertical-align:top;margin-right:5px;width:30px;text-align:center;padding-left:0;padding-right:0} diff --git a/ui/dist/assets/ListApiDocs-D97szj_n.js b/ui/dist/assets/ListApiDocs-D97szj_n.js new file mode 100644 index 0000000..8e0624f --- /dev/null +++ b/ui/dist/assets/ListApiDocs-D97szj_n.js @@ -0,0 +1,137 @@ +import{S as el,i as ll,s as sl,H as ze,h as m,l as h,o as nl,u as e,v as s,L as ol,w as a,n as t,A as g,V as al,W as Le,X as ae,d as Kt,Y as il,t as Ct,a as kt,I as ve,Z as Je,_ as rl,C as cl,$ as dl,D as pl,m as Qt,c as Vt,J as Te,p as fl,k as Ae}from"./index-BH0nlDnw.js";import{F as ul}from"./FieldsQueryParam-DQVKTiQb.js";function ml(r){let n,o,i;return{c(){n=e("span"),n.textContent="Show details",o=s(),i=e("i"),a(n,"class","txt"),a(i,"class","ri-arrow-down-s-line")},m(f,b){h(f,n,b),h(f,o,b),h(f,i,b)},d(f){f&&(m(n),m(o),m(i))}}}function hl(r){let n,o,i;return{c(){n=e("span"),n.textContent="Hide details",o=s(),i=e("i"),a(n,"class","txt"),a(i,"class","ri-arrow-up-s-line")},m(f,b){h(f,n,b),h(f,o,b),h(f,i,b)},d(f){f&&(m(n),m(o),m(i))}}}function Ke(r){let n,o,i,f,b,p,u,C,_,x,d,Y,yt,Wt,E,Xt,D,it,P,Z,ie,j,U,re,rt,vt,tt,Ft,ce,ct,dt,et,N,Yt,Lt,k,lt,At,Zt,Tt,z,st,Pt,te,Rt,v,pt,Ot,de,ft,pe,H,St,nt,Et,F,ut,fe,J,Nt,ee,qt,le,Dt,ue,L,mt,me,ht,he,M,be,T,Ht,ot,Mt,K,bt,ge,I,It,y,Bt,at,Gt,_e,Q,gt,we,_t,xe,jt,$e,B,Ut,Ce,G,ke,wt,se,R,xt,V,W,O,zt,ne,X;return{c(){n=e("p"),n.innerHTML=`The syntax basically follows the format + OPERAND OPERATOR OPERAND, where:`,o=s(),i=e("ul"),f=e("li"),f.innerHTML=`OPERAND - could be any of the above field literal, string (single + or double quoted), number, null, true, false`,b=s(),p=e("li"),u=e("code"),u.textContent="OPERATOR",C=g(` - is one of: + `),_=e("br"),x=s(),d=e("ul"),Y=e("li"),yt=e("code"),yt.textContent="=",Wt=s(),E=e("span"),E.textContent="Equal",Xt=s(),D=e("li"),it=e("code"),it.textContent="!=",P=s(),Z=e("span"),Z.textContent="NOT equal",ie=s(),j=e("li"),U=e("code"),U.textContent=">",re=s(),rt=e("span"),rt.textContent="Greater than",vt=s(),tt=e("li"),Ft=e("code"),Ft.textContent=">=",ce=s(),ct=e("span"),ct.textContent="Greater than or equal",dt=s(),et=e("li"),N=e("code"),N.textContent="<",Yt=s(),Lt=e("span"),Lt.textContent="Less than",k=s(),lt=e("li"),At=e("code"),At.textContent="<=",Zt=s(),Tt=e("span"),Tt.textContent="Less than or equal",z=s(),st=e("li"),Pt=e("code"),Pt.textContent="~",te=s(),Rt=e("span"),Rt.textContent=`Like/Contains (if not specified auto wraps the right string OPERAND in a "%" for + wildcard match)`,v=s(),pt=e("li"),Ot=e("code"),Ot.textContent="!~",de=s(),ft=e("span"),ft.textContent=`NOT Like/Contains (if not specified auto wraps the right string OPERAND in a "%" for + wildcard match)`,pe=s(),H=e("li"),St=e("code"),St.textContent="?=",nt=s(),Et=e("em"),Et.textContent="Any/At least one of",F=s(),ut=e("span"),ut.textContent="Equal",fe=s(),J=e("li"),Nt=e("code"),Nt.textContent="?!=",ee=s(),qt=e("em"),qt.textContent="Any/At least one of",le=s(),Dt=e("span"),Dt.textContent="NOT equal",ue=s(),L=e("li"),mt=e("code"),mt.textContent="?>",me=s(),ht=e("em"),ht.textContent="Any/At least one of",he=s(),M=e("span"),M.textContent="Greater than",be=s(),T=e("li"),Ht=e("code"),Ht.textContent="?>=",ot=s(),Mt=e("em"),Mt.textContent="Any/At least one of",K=s(),bt=e("span"),bt.textContent="Greater than or equal",ge=s(),I=e("li"),It=e("code"),It.textContent="?<",y=s(),Bt=e("em"),Bt.textContent="Any/At least one of",at=s(),Gt=e("span"),Gt.textContent="Less than",_e=s(),Q=e("li"),gt=e("code"),gt.textContent="?<=",we=s(),_t=e("em"),_t.textContent="Any/At least one of",xe=s(),jt=e("span"),jt.textContent="Less than or equal",$e=s(),B=e("li"),Ut=e("code"),Ut.textContent="?~",Ce=s(),G=e("em"),G.textContent="Any/At least one of",ke=s(),wt=e("span"),wt.textContent=`Like/Contains (if not specified auto wraps the right string OPERAND in a "%" for + wildcard match)`,se=s(),R=e("li"),xt=e("code"),xt.textContent="?!~",V=s(),W=e("em"),W.textContent="Any/At least one of",O=s(),zt=e("span"),zt.textContent=`NOT Like/Contains (if not specified auto wraps the right string OPERAND in a "%" for + wildcard match)`,ne=s(),X=e("p"),X.innerHTML=`To group and combine several expressions you could use brackets + (...), && (AND) and || (OR) tokens.`,a(u,"class","txt-danger"),a(yt,"class","filter-op svelte-1w7s5nw"),a(E,"class","txt"),a(it,"class","filter-op svelte-1w7s5nw"),a(Z,"class","txt"),a(U,"class","filter-op svelte-1w7s5nw"),a(rt,"class","txt"),a(Ft,"class","filter-op svelte-1w7s5nw"),a(ct,"class","txt"),a(N,"class","filter-op svelte-1w7s5nw"),a(Lt,"class","txt"),a(At,"class","filter-op svelte-1w7s5nw"),a(Tt,"class","txt"),a(Pt,"class","filter-op svelte-1w7s5nw"),a(Rt,"class","txt"),a(Ot,"class","filter-op svelte-1w7s5nw"),a(ft,"class","txt"),a(St,"class","filter-op svelte-1w7s5nw"),a(Et,"class","txt-hint"),a(ut,"class","txt"),a(Nt,"class","filter-op svelte-1w7s5nw"),a(qt,"class","txt-hint"),a(Dt,"class","txt"),a(mt,"class","filter-op svelte-1w7s5nw"),a(ht,"class","txt-hint"),a(M,"class","txt"),a(Ht,"class","filter-op svelte-1w7s5nw"),a(Mt,"class","txt-hint"),a(bt,"class","txt"),a(It,"class","filter-op svelte-1w7s5nw"),a(Bt,"class","txt-hint"),a(Gt,"class","txt"),a(gt,"class","filter-op svelte-1w7s5nw"),a(_t,"class","txt-hint"),a(jt,"class","txt"),a(Ut,"class","filter-op svelte-1w7s5nw"),a(G,"class","txt-hint"),a(wt,"class","txt"),a(xt,"class","filter-op svelte-1w7s5nw"),a(W,"class","txt-hint"),a(zt,"class","txt")},m($,$t){h($,n,$t),h($,o,$t),h($,i,$t),t(i,f),t(i,b),t(i,p),t(p,u),t(p,C),t(p,_),t(p,x),t(p,d),t(d,Y),t(Y,yt),t(Y,Wt),t(Y,E),t(d,Xt),t(d,D),t(D,it),t(D,P),t(D,Z),t(d,ie),t(d,j),t(j,U),t(j,re),t(j,rt),t(d,vt),t(d,tt),t(tt,Ft),t(tt,ce),t(tt,ct),t(d,dt),t(d,et),t(et,N),t(et,Yt),t(et,Lt),t(d,k),t(d,lt),t(lt,At),t(lt,Zt),t(lt,Tt),t(d,z),t(d,st),t(st,Pt),t(st,te),t(st,Rt),t(d,v),t(d,pt),t(pt,Ot),t(pt,de),t(pt,ft),t(d,pe),t(d,H),t(H,St),t(H,nt),t(H,Et),t(H,F),t(H,ut),t(d,fe),t(d,J),t(J,Nt),t(J,ee),t(J,qt),t(J,le),t(J,Dt),t(d,ue),t(d,L),t(L,mt),t(L,me),t(L,ht),t(L,he),t(L,M),t(d,be),t(d,T),t(T,Ht),t(T,ot),t(T,Mt),t(T,K),t(T,bt),t(d,ge),t(d,I),t(I,It),t(I,y),t(I,Bt),t(I,at),t(I,Gt),t(d,_e),t(d,Q),t(Q,gt),t(Q,we),t(Q,_t),t(Q,xe),t(Q,jt),t(d,$e),t(d,B),t(B,Ut),t(B,Ce),t(B,G),t(B,ke),t(B,wt),t(d,se),t(d,R),t(R,xt),t(R,V),t(R,W),t(R,O),t(R,zt),h($,ne,$t),h($,X,$t)},d($){$&&(m(n),m(o),m(i),m(ne),m(X))}}}function bl(r){let n,o,i,f,b;function p(x,d){return x[0]?hl:ml}let u=p(r),C=u(r),_=r[0]&&Ke();return{c(){n=e("button"),C.c(),o=s(),_&&_.c(),i=ol(),a(n,"class","btn btn-sm btn-secondary m-t-10")},m(x,d){h(x,n,d),C.m(n,null),h(x,o,d),_&&_.m(x,d),h(x,i,d),f||(b=nl(n,"click",r[1]),f=!0)},p(x,[d]){u!==(u=p(x))&&(C.d(1),C=u(x),C&&(C.c(),C.m(n,null))),x[0]?_||(_=Ke(),_.c(),_.m(i.parentNode,i)):_&&(_.d(1),_=null)},i:ze,o:ze,d(x){x&&(m(n),m(o),m(i)),C.d(),_&&_.d(x),f=!1,b()}}}function gl(r,n,o){let i=!1;function f(){o(0,i=!i)}return[i,f]}class _l extends el{constructor(n){super(),ll(this,n,gl,bl,sl,{})}}function Qe(r,n,o){const i=r.slice();return i[8]=n[o],i}function Ve(r,n,o){const i=r.slice();return i[8]=n[o],i}function We(r,n,o){const i=r.slice();return i[13]=n[o],i[15]=o,i}function Xe(r){let n;return{c(){n=e("p"),n.innerHTML="Requires superuser Authorization:TOKEN header",a(n,"class","txt-hint txt-sm txt-right")},m(o,i){h(o,n,i)},d(o){o&&m(n)}}}function Ye(r){let n,o=r[13]+"",i,f=r[15]'2022-01-01') + `}}),ot=new _l({}),at=new Le({props:{content:"?expand=relField1,relField2.subRelField"}}),G=new ul({});let Fe=ae(r[5]);const Pe=l=>l[8].code;for(let l=0;ll[8].code;for(let l=0;lParam Type Description',Lt=s(),k=e("tbody"),lt=e("tr"),lt.innerHTML='page Number The page (aka. offset) of the paginated list (default to 1).',At=s(),Zt=e("tr"),Zt.innerHTML='perPage Number Specify the max returned records per page (default to 30).',Tt=s(),z=e("tr"),st=e("td"),st.textContent="sort",Pt=s(),te=e("td"),te.innerHTML='String',Rt=s(),v=e("td"),pt=g("Specify the records order attribute(s). "),Ot=e("br"),de=g(` + Add `),ft=e("code"),ft.textContent="-",pe=g(" / "),H=e("code"),H.textContent="+",St=g(` (default) in front of the attribute for DESC / ASC order. + Ex.: + `),Vt(nt.$$.fragment),Et=s(),F=e("p"),ut=e("strong"),ut.textContent="Supported record sort fields:",fe=s(),J=e("br"),Nt=s(),ee=e("code"),ee.textContent="@random",qt=g(`, + `),le=e("code"),le.textContent="@rowid",Dt=g(`, + `);for(let l=0;lString',he=s(),M=e("td"),be=g(`Filter the returned records. Ex.: + `),Vt(T.$$.fragment),Ht=s(),Vt(ot.$$.fragment),Mt=s(),K=e("tr"),bt=e("td"),bt.textContent="expand",ge=s(),I=e("td"),I.innerHTML='String',It=s(),y=e("td"),Bt=g(`Auto expand record relations. Ex.: + `),Vt(at.$$.fragment),Gt=g(` + Supports up to 6-levels depth nested relations expansion. `),_e=e("br"),Q=g(` + The expanded relations will be appended to each individual record under the + `),gt=e("code"),gt.textContent="expand",we=g(" property (eg. "),_t=e("code"),_t.textContent='"expand": {"relField1": {...}, ...}',xe=g(`). + `),jt=e("br"),$e=g(` + Only the relations to which the request user has permissions to `),B=e("strong"),B.textContent="view",Ut=g(" will be expanded."),Ce=s(),Vt(G.$$.fragment),ke=s(),wt=e("tr"),wt.innerHTML=`skipTotal Boolean If it is set the total counts query will be skipped and the response fields + totalItems and totalPages will have -1 value. +
    + This could drastically speed up the search queries when the total counters are not needed or cursor + based pagination is used. +
    + For optimization purposes, it is set by default for the + getFirstListItem() + and + getFullList() SDKs methods.`,se=s(),R=e("div"),R.textContent="Responses",xt=s(),V=e("div"),W=e("div");for(let l=0;lo(2,C=d.code);return r.$$set=d=>{"collection"in d&&o(0,u=d.collection)},r.$$.update=()=>{r.$$.dirty&1&&o(4,i=Te.getAllCollectionIdentifiers(u)),r.$$.dirty&1&&o(1,f=(u==null?void 0:u.listRule)===null),r.$$.dirty&1&&o(6,p=Te.dummyCollectionRecord(u)),r.$$.dirty&67&&u!=null&&u.id&&(_.push({code:200,body:JSON.stringify({page:1,perPage:30,totalPages:1,totalItems:2,items:[p,Object.assign({},p,{id:p+"2"})]},null,2)}),_.push({code:400,body:` + { + "status": 400, + "message": "Something went wrong while processing your request. Invalid filter.", + "data": {} + } + `}),f&&_.push({code:403,body:` + { + "status": 403, + "message": "Only superusers can access this action.", + "data": {} + } + `}))},o(3,b=Te.getApiExampleUrl(fl.baseURL)),[u,f,C,b,i,_,p,x]}class kl extends el{constructor(n){super(),ll(this,n,xl,wl,sl,{collection:0})}}export{kl as default}; diff --git a/ui/dist/assets/PageInstaller-CLfpknV-.js b/ui/dist/assets/PageInstaller-CLfpknV-.js new file mode 100644 index 0000000..ab04ac5 --- /dev/null +++ b/ui/dist/assets/PageInstaller-CLfpknV-.js @@ -0,0 +1,3 @@ +import{S as W,i as G,s as J,F as Q,d as S,t as E,a as O,m as j,c as D,r as M,g as V,p as C,b as X,e as Y,f as K,h as m,j as Z,k as z,l as h,n as T,o as I,q as x,u as k,v as q,w as r,x as ee,y as U,z as A,A as N,B as te}from"./index-BH0nlDnw.js";function ne(s){let t,o,u,n,e,p,_,d;return{c(){t=k("label"),o=N("Email"),n=q(),e=k("input"),r(t,"for",u=s[20]),r(e,"type","email"),r(e,"autocomplete","off"),r(e,"id",p=s[20]),e.disabled=s[7],e.required=!0},m(a,i){h(a,t,i),T(t,o),h(a,n,i),h(a,e,i),s[11](e),A(e,s[2]),_||(d=I(e,"input",s[12]),_=!0)},p(a,i){i&1048576&&u!==(u=a[20])&&r(t,"for",u),i&1048576&&p!==(p=a[20])&&r(e,"id",p),i&128&&(e.disabled=a[7]),i&4&&e.value!==a[2]&&A(e,a[2])},d(a){a&&(m(t),m(n),m(e)),s[11](null),_=!1,d()}}}function le(s){let t,o,u,n,e,p,_,d,a,i;return{c(){t=k("label"),o=N("Password"),n=q(),e=k("input"),_=q(),d=k("div"),d.textContent="Recommended at least 10 characters.",r(t,"for",u=s[20]),r(e,"type","password"),r(e,"autocomplete","new-password"),r(e,"minlength","10"),r(e,"id",p=s[20]),e.disabled=s[7],e.required=!0,r(d,"class","help-block")},m(c,g){h(c,t,g),T(t,o),h(c,n,g),h(c,e,g),A(e,s[3]),h(c,_,g),h(c,d,g),a||(i=I(e,"input",s[13]),a=!0)},p(c,g){g&1048576&&u!==(u=c[20])&&r(t,"for",u),g&1048576&&p!==(p=c[20])&&r(e,"id",p),g&128&&(e.disabled=c[7]),g&8&&e.value!==c[3]&&A(e,c[3])},d(c){c&&(m(t),m(n),m(e),m(_),m(d)),a=!1,i()}}}function se(s){let t,o,u,n,e,p,_,d;return{c(){t=k("label"),o=N("Password confirm"),n=q(),e=k("input"),r(t,"for",u=s[20]),r(e,"type","password"),r(e,"minlength","10"),r(e,"id",p=s[20]),e.disabled=s[7],e.required=!0},m(a,i){h(a,t,i),T(t,o),h(a,n,i),h(a,e,i),A(e,s[4]),_||(d=I(e,"input",s[14]),_=!0)},p(a,i){i&1048576&&u!==(u=a[20])&&r(t,"for",u),i&1048576&&p!==(p=a[20])&&r(e,"id",p),i&128&&(e.disabled=a[7]),i&16&&e.value!==a[4]&&A(e,a[4])},d(a){a&&(m(t),m(n),m(e)),_=!1,d()}}}function ie(s){let t,o,u,n,e,p,_,d,a,i,c,g,B,w,F,$,v,y,L;return n=new K({props:{class:"form-field required",name:"email",$$slots:{default:[ne,({uniqueId:l})=>({20:l}),({uniqueId:l})=>l?1048576:0]},$$scope:{ctx:s}}}),p=new K({props:{class:"form-field required",name:"password",$$slots:{default:[le,({uniqueId:l})=>({20:l}),({uniqueId:l})=>l?1048576:0]},$$scope:{ctx:s}}}),d=new K({props:{class:"form-field required",name:"passwordConfirm",$$slots:{default:[se,({uniqueId:l})=>({20:l}),({uniqueId:l})=>l?1048576:0]},$$scope:{ctx:s}}}),{c(){t=k("form"),o=k("div"),o.innerHTML="

    Create your first superuser account in order to continue

    ",u=q(),D(n.$$.fragment),e=q(),D(p.$$.fragment),_=q(),D(d.$$.fragment),a=q(),i=k("button"),i.innerHTML='Create superuser and login ',c=q(),g=k("hr"),B=q(),w=k("label"),w.innerHTML=' Or initialize from backup',F=q(),$=k("input"),r(o,"class","content txt-center m-b-base"),r(i,"type","submit"),r(i,"class","btn btn-lg btn-block btn-next"),z(i,"btn-disabled",s[7]),z(i,"btn-loading",s[0]),r(t,"class","block"),r(t,"autocomplete","off"),r(w,"for","backupFileInput"),r(w,"class","btn btn-lg btn-hint btn-transparent btn-block"),z(w,"btn-disabled",s[7]),z(w,"btn-loading",s[1]),r($,"id","backupFileInput"),r($,"type","file"),r($,"class","hidden"),r($,"accept",".zip")},m(l,b){h(l,t,b),T(t,o),T(t,u),j(n,t,null),T(t,e),j(p,t,null),T(t,_),j(d,t,null),T(t,a),T(t,i),h(l,c,b),h(l,g,b),h(l,B,b),h(l,w,b),h(l,F,b),h(l,$,b),s[15]($),v=!0,y||(L=[I(t,"submit",x(s[8])),I($,"change",s[16])],y=!0)},p(l,b){const H={};b&3145892&&(H.$$scope={dirty:b,ctx:l}),n.$set(H);const f={};b&3145864&&(f.$$scope={dirty:b,ctx:l}),p.$set(f);const P={};b&3145872&&(P.$$scope={dirty:b,ctx:l}),d.$set(P),(!v||b&128)&&z(i,"btn-disabled",l[7]),(!v||b&1)&&z(i,"btn-loading",l[0]),(!v||b&128)&&z(w,"btn-disabled",l[7]),(!v||b&2)&&z(w,"btn-loading",l[1])},i(l){v||(O(n.$$.fragment,l),O(p.$$.fragment,l),O(d.$$.fragment,l),v=!0)},o(l){E(n.$$.fragment,l),E(p.$$.fragment,l),E(d.$$.fragment,l),v=!1},d(l){l&&(m(t),m(c),m(g),m(B),m(w),m(F),m($)),S(n),S(p),S(d),s[15](null),y=!1,Z(L)}}}function ae(s){let t,o;return t=new Q({props:{$$slots:{default:[ie]},$$scope:{ctx:s}}}),{c(){D(t.$$.fragment)},m(u,n){j(t,u,n),o=!0},p(u,[n]){const e={};n&2097407&&(e.$$scope={dirty:n,ctx:u}),t.$set(e)},i(u){o||(O(t.$$.fragment,u),o=!0)},o(u){E(t.$$.fragment,u),o=!1},d(u){S(t,u)}}}function oe(s,t,o){let u,{params:n}=t,e="",p="",_="",d=!1,a=!1,i,c;g();async function g(){if(!(n!=null&&n.token))return M("/");o(0,d=!0);try{const f=V(n==null?void 0:n.token);await C.collection("_superusers").getOne(f.id,{requestKey:"installer_token_check",headers:{Authorization:n==null?void 0:n.token}})}catch(f){f!=null&&f.isAbort||(X("The installer token is invalid or has expired."),M("/"))}o(0,d=!1),await Y(),i==null||i.focus()}async function B(){if(!u){o(0,d=!0);try{await C.collection("_superusers").create({email:e,password:p,passwordConfirm:_},{headers:{Authorization:n==null?void 0:n.token}}),await C.collection("_superusers").authWithPassword(e,p),M("/")}catch(f){C.error(f)}o(0,d=!1)}}function w(){c&&o(6,c.value="",c)}function F(f){f&&ee(`Note that we don't perform validations for the uploaded backup files. Proceed with caution and only if you trust the file source. + +Do you really want to upload and initialize "${f.name}"?`,()=>{$(f)},()=>{w()})}async function $(f){if(!(!f||u)){o(1,a=!0);try{await C.backups.upload({file:f},{headers:{Authorization:n==null?void 0:n.token}}),await C.backups.restore(f.name,{headers:{Authorization:n==null?void 0:n.token}}),te("Please wait while extracting the uploaded archive!"),await new Promise(P=>setTimeout(P,2e3)),M("/")}catch(P){C.error(P)}w(),o(1,a=!1)}}function v(f){U[f?"unshift":"push"](()=>{i=f,o(5,i)})}function y(){e=this.value,o(2,e)}function L(){p=this.value,o(3,p)}function l(){_=this.value,o(4,_)}function b(f){U[f?"unshift":"push"](()=>{c=f,o(6,c)})}const H=f=>{var P,R;F((R=(P=f.target)==null?void 0:P.files)==null?void 0:R[0])};return s.$$set=f=>{"params"in f&&o(10,n=f.params)},s.$$.update=()=>{s.$$.dirty&3&&o(7,u=d||a)},[d,a,e,p,_,i,c,u,B,F,n,v,y,L,l,b,H]}class re extends W{constructor(t){super(),G(this,t,oe,ae,J,{params:10})}}export{re as default}; diff --git a/ui/dist/assets/PageOAuth2RedirectFailure-Cto2IvUF.js b/ui/dist/assets/PageOAuth2RedirectFailure-Cto2IvUF.js new file mode 100644 index 0000000..de9b658 --- /dev/null +++ b/ui/dist/assets/PageOAuth2RedirectFailure-Cto2IvUF.js @@ -0,0 +1 @@ +import{S as r,i as c,s as l,H as n,h as u,l as h,u as p,w as d,O as f,P as m,Q as g,R as o}from"./index-BH0nlDnw.js";function _(s){let t;return{c(){t=p("div"),t.innerHTML='

    Auth failed.

    You can close this window and go back to the app to try again.
    ',d(t,"class","content txt-hint txt-center p-base")},m(e,a){h(e,t,a)},p:n,i:n,o:n,d(e){e&&u(t)}}}function b(s,t,e){let a;return f(s,o,i=>e(0,a=i)),m(o,a="OAuth2 auth failed",a),g(()=>{window.close()}),[]}class x extends r{constructor(t){super(),c(this,t,b,_,l,{})}}export{x as default}; diff --git a/ui/dist/assets/PageOAuth2RedirectSuccess-BsldxvgH.js b/ui/dist/assets/PageOAuth2RedirectSuccess-BsldxvgH.js new file mode 100644 index 0000000..0d00d67 --- /dev/null +++ b/ui/dist/assets/PageOAuth2RedirectSuccess-BsldxvgH.js @@ -0,0 +1 @@ +import{S as i,i as r,s as u,H as n,h as l,l as p,u as h,w as d,O as m,P as f,Q as _,R as o}from"./index-BH0nlDnw.js";function b(a){let t;return{c(){t=h("div"),t.innerHTML='

    Auth completed.

    You can close this window and go back to the app.
    ',d(t,"class","content txt-hint txt-center p-base")},m(e,s){p(e,t,s)},p:n,i:n,o:n,d(e){e&&l(t)}}}function g(a,t,e){let s;return m(a,o,c=>e(0,s=c)),f(o,s="OAuth2 auth completed",s),_(()=>{window.close()}),[]}class x extends i{constructor(t){super(),r(this,t,g,b,u,{})}}export{x as default}; diff --git a/ui/dist/assets/PageRecordConfirmEmailChange-56Ppl1sD.js b/ui/dist/assets/PageRecordConfirmEmailChange-56Ppl1sD.js new file mode 100644 index 0000000..76d9ea9 --- /dev/null +++ b/ui/dist/assets/PageRecordConfirmEmailChange-56Ppl1sD.js @@ -0,0 +1,2 @@ +import{S as J,i as M,s as z,F as A,d as L,t as h,a as v,m as S,c as I,J as D,h as _,D as N,l as b,L as R,M as W,g as Y,p as j,H as P,o as q,u as m,v as y,w as p,f as B,k as T,n as g,q as G,A as C,I as K,z as F,C as O}from"./index-BH0nlDnw.js";function Q(i){let e,t,n,l,s,o,f,a,r,u,k,$,d=i[3]&&H(i);return o=new B({props:{class:"form-field required",name:"password",$$slots:{default:[V,({uniqueId:c})=>({8:c}),({uniqueId:c})=>c?256:0]},$$scope:{ctx:i}}}),{c(){e=m("form"),t=m("div"),n=m("h5"),l=C(`Type your password to confirm changing your email address + `),d&&d.c(),s=y(),I(o.$$.fragment),f=y(),a=m("button"),r=m("span"),r.textContent="Confirm new email",p(t,"class","content txt-center m-b-base"),p(r,"class","txt"),p(a,"type","submit"),p(a,"class","btn btn-lg btn-block"),a.disabled=i[1],T(a,"btn-loading",i[1])},m(c,w){b(c,e,w),g(e,t),g(t,n),g(n,l),d&&d.m(n,null),g(e,s),S(o,e,null),g(e,f),g(e,a),g(a,r),u=!0,k||($=q(e,"submit",G(i[4])),k=!0)},p(c,w){c[3]?d?d.p(c,w):(d=H(c),d.c(),d.m(n,null)):d&&(d.d(1),d=null);const E={};w&769&&(E.$$scope={dirty:w,ctx:c}),o.$set(E),(!u||w&2)&&(a.disabled=c[1]),(!u||w&2)&&T(a,"btn-loading",c[1])},i(c){u||(v(o.$$.fragment,c),u=!0)},o(c){h(o.$$.fragment,c),u=!1},d(c){c&&_(e),d&&d.d(),L(o),k=!1,$()}}}function U(i){let e,t,n,l,s;return{c(){e=m("div"),e.innerHTML='

    Successfully changed the user email address.

    You can now sign in with your new email address.

    ',t=y(),n=m("button"),n.textContent="Close",p(e,"class","alert alert-success"),p(n,"type","button"),p(n,"class","btn btn-transparent btn-block")},m(o,f){b(o,e,f),b(o,t,f),b(o,n,f),l||(s=q(n,"click",i[6]),l=!0)},p:P,i:P,o:P,d(o){o&&(_(e),_(t),_(n)),l=!1,s()}}}function H(i){let e,t,n;return{c(){e=C("to "),t=m("strong"),n=C(i[3]),p(t,"class","txt-nowrap")},m(l,s){b(l,e,s),b(l,t,s),g(t,n)},p(l,s){s&8&&K(n,l[3])},d(l){l&&(_(e),_(t))}}}function V(i){let e,t,n,l,s,o,f,a;return{c(){e=m("label"),t=C("Password"),l=y(),s=m("input"),p(e,"for",n=i[8]),p(s,"type","password"),p(s,"id",o=i[8]),s.required=!0,s.autofocus=!0},m(r,u){b(r,e,u),g(e,t),b(r,l,u),b(r,s,u),F(s,i[0]),s.focus(),f||(a=q(s,"input",i[7]),f=!0)},p(r,u){u&256&&n!==(n=r[8])&&p(e,"for",n),u&256&&o!==(o=r[8])&&p(s,"id",o),u&1&&s.value!==r[0]&&F(s,r[0])},d(r){r&&(_(e),_(l),_(s)),f=!1,a()}}}function X(i){let e,t,n,l;const s=[U,Q],o=[];function f(a,r){return a[2]?0:1}return e=f(i),t=o[e]=s[e](i),{c(){t.c(),n=R()},m(a,r){o[e].m(a,r),b(a,n,r),l=!0},p(a,r){let u=e;e=f(a),e===u?o[e].p(a,r):(O(),h(o[u],1,1,()=>{o[u]=null}),N(),t=o[e],t?t.p(a,r):(t=o[e]=s[e](a),t.c()),v(t,1),t.m(n.parentNode,n))},i(a){l||(v(t),l=!0)},o(a){h(t),l=!1},d(a){a&&_(n),o[e].d(a)}}}function Z(i){let e,t;return e=new A({props:{nobranding:!0,$$slots:{default:[X]},$$scope:{ctx:i}}}),{c(){I(e.$$.fragment)},m(n,l){S(e,n,l),t=!0},p(n,[l]){const s={};l&527&&(s.$$scope={dirty:l,ctx:n}),e.$set(s)},i(n){t||(v(e.$$.fragment,n),t=!0)},o(n){h(e.$$.fragment,n),t=!1},d(n){L(e,n)}}}function x(i,e,t){let n,{params:l}=e,s="",o=!1,f=!1;async function a(){if(o)return;t(1,o=!0);const k=new W("../");try{const $=Y(l==null?void 0:l.token);await k.collection($.collectionId).confirmEmailChange(l==null?void 0:l.token,s),t(2,f=!0)}catch($){j.error($)}t(1,o=!1)}const r=()=>window.close();function u(){s=this.value,t(0,s)}return i.$$set=k=>{"params"in k&&t(5,l=k.params)},i.$$.update=()=>{i.$$.dirty&32&&t(3,n=D.getJWTPayload(l==null?void 0:l.token).newEmail||"")},[s,o,f,n,a,l,r,u]}class te extends J{constructor(e){super(),M(this,e,x,Z,z,{params:5})}}export{te as default}; diff --git a/ui/dist/assets/PageRecordConfirmPasswordReset-D4_zIRT3.js b/ui/dist/assets/PageRecordConfirmPasswordReset-D4_zIRT3.js new file mode 100644 index 0000000..b263b83 --- /dev/null +++ b/ui/dist/assets/PageRecordConfirmPasswordReset-D4_zIRT3.js @@ -0,0 +1,2 @@ +import{S as A,i as D,s as W,F as Y,d as H,t as P,a as q,m as L,c as N,J as j,h as _,C as B,D as E,l as m,L as G,M as K,g as O,p as Q,H as F,o as S,u as b,v as C,w as p,f as J,k as M,n as w,q as U,A as y,I as V,z as R}from"./index-BH0nlDnw.js";function X(a){let e,l,s,n,t,o,c,r,i,u,v,g,k,h,d=a[4]&&z(a);return o=new J({props:{class:"form-field required",name:"password",$$slots:{default:[x,({uniqueId:f})=>({10:f}),({uniqueId:f})=>f?1024:0]},$$scope:{ctx:a}}}),r=new J({props:{class:"form-field required",name:"passwordConfirm",$$slots:{default:[ee,({uniqueId:f})=>({10:f}),({uniqueId:f})=>f?1024:0]},$$scope:{ctx:a}}}),{c(){e=b("form"),l=b("div"),s=b("h5"),n=y(`Reset your user password + `),d&&d.c(),t=C(),N(o.$$.fragment),c=C(),N(r.$$.fragment),i=C(),u=b("button"),v=b("span"),v.textContent="Set new password",p(l,"class","content txt-center m-b-base"),p(v,"class","txt"),p(u,"type","submit"),p(u,"class","btn btn-lg btn-block"),u.disabled=a[2],M(u,"btn-loading",a[2])},m(f,$){m(f,e,$),w(e,l),w(l,s),w(s,n),d&&d.m(s,null),w(e,t),L(o,e,null),w(e,c),L(r,e,null),w(e,i),w(e,u),w(u,v),g=!0,k||(h=S(e,"submit",U(a[5])),k=!0)},p(f,$){f[4]?d?d.p(f,$):(d=z(f),d.c(),d.m(s,null)):d&&(d.d(1),d=null);const T={};$&3073&&(T.$$scope={dirty:$,ctx:f}),o.$set(T);const I={};$&3074&&(I.$$scope={dirty:$,ctx:f}),r.$set(I),(!g||$&4)&&(u.disabled=f[2]),(!g||$&4)&&M(u,"btn-loading",f[2])},i(f){g||(q(o.$$.fragment,f),q(r.$$.fragment,f),g=!0)},o(f){P(o.$$.fragment,f),P(r.$$.fragment,f),g=!1},d(f){f&&_(e),d&&d.d(),H(o),H(r),k=!1,h()}}}function Z(a){let e,l,s,n,t;return{c(){e=b("div"),e.innerHTML='

    Successfully changed the user password.

    You can now sign in with your new password.

    ',l=C(),s=b("button"),s.textContent="Close",p(e,"class","alert alert-success"),p(s,"type","button"),p(s,"class","btn btn-transparent btn-block")},m(o,c){m(o,e,c),m(o,l,c),m(o,s,c),n||(t=S(s,"click",a[7]),n=!0)},p:F,i:F,o:F,d(o){o&&(_(e),_(l),_(s)),n=!1,t()}}}function z(a){let e,l,s;return{c(){e=y("for "),l=b("strong"),s=y(a[4])},m(n,t){m(n,e,t),m(n,l,t),w(l,s)},p(n,t){t&16&&V(s,n[4])},d(n){n&&(_(e),_(l))}}}function x(a){let e,l,s,n,t,o,c,r;return{c(){e=b("label"),l=y("New password"),n=C(),t=b("input"),p(e,"for",s=a[10]),p(t,"type","password"),p(t,"id",o=a[10]),t.required=!0,t.autofocus=!0},m(i,u){m(i,e,u),w(e,l),m(i,n,u),m(i,t,u),R(t,a[0]),t.focus(),c||(r=S(t,"input",a[8]),c=!0)},p(i,u){u&1024&&s!==(s=i[10])&&p(e,"for",s),u&1024&&o!==(o=i[10])&&p(t,"id",o),u&1&&t.value!==i[0]&&R(t,i[0])},d(i){i&&(_(e),_(n),_(t)),c=!1,r()}}}function ee(a){let e,l,s,n,t,o,c,r;return{c(){e=b("label"),l=y("New password confirm"),n=C(),t=b("input"),p(e,"for",s=a[10]),p(t,"type","password"),p(t,"id",o=a[10]),t.required=!0},m(i,u){m(i,e,u),w(e,l),m(i,n,u),m(i,t,u),R(t,a[1]),c||(r=S(t,"input",a[9]),c=!0)},p(i,u){u&1024&&s!==(s=i[10])&&p(e,"for",s),u&1024&&o!==(o=i[10])&&p(t,"id",o),u&2&&t.value!==i[1]&&R(t,i[1])},d(i){i&&(_(e),_(n),_(t)),c=!1,r()}}}function te(a){let e,l,s,n;const t=[Z,X],o=[];function c(r,i){return r[3]?0:1}return e=c(a),l=o[e]=t[e](a),{c(){l.c(),s=G()},m(r,i){o[e].m(r,i),m(r,s,i),n=!0},p(r,i){let u=e;e=c(r),e===u?o[e].p(r,i):(B(),P(o[u],1,1,()=>{o[u]=null}),E(),l=o[e],l?l.p(r,i):(l=o[e]=t[e](r),l.c()),q(l,1),l.m(s.parentNode,s))},i(r){n||(q(l),n=!0)},o(r){P(l),n=!1},d(r){r&&_(s),o[e].d(r)}}}function se(a){let e,l;return e=new Y({props:{nobranding:!0,$$slots:{default:[te]},$$scope:{ctx:a}}}),{c(){N(e.$$.fragment)},m(s,n){L(e,s,n),l=!0},p(s,[n]){const t={};n&2079&&(t.$$scope={dirty:n,ctx:s}),e.$set(t)},i(s){l||(q(e.$$.fragment,s),l=!0)},o(s){P(e.$$.fragment,s),l=!1},d(s){H(e,s)}}}function le(a,e,l){let s,{params:n}=e,t="",o="",c=!1,r=!1;async function i(){if(c)return;l(2,c=!0);const k=new K("../");try{const h=O(n==null?void 0:n.token);await k.collection(h.collectionId).confirmPasswordReset(n==null?void 0:n.token,t,o),l(3,r=!0)}catch(h){Q.error(h)}l(2,c=!1)}const u=()=>window.close();function v(){t=this.value,l(0,t)}function g(){o=this.value,l(1,o)}return a.$$set=k=>{"params"in k&&l(6,n=k.params)},a.$$.update=()=>{a.$$.dirty&64&&l(4,s=j.getJWTPayload(n==null?void 0:n.token).email||"")},[t,o,c,r,s,i,n,u,v,g]}class oe extends A{constructor(e){super(),D(this,e,le,se,W,{params:6})}}export{oe as default}; diff --git a/ui/dist/assets/PageRecordConfirmVerification-UHmyDUhs.js b/ui/dist/assets/PageRecordConfirmVerification-UHmyDUhs.js new file mode 100644 index 0000000..2e3b26e --- /dev/null +++ b/ui/dist/assets/PageRecordConfirmVerification-UHmyDUhs.js @@ -0,0 +1 @@ +import{S as M,i as P,s as R,F as I,d as N,t as S,a as V,m as q,c as F,M as w,g as y,N as E,h as r,l as a,L as g,p as j,H as k,u,w as d,o as m,v,k as C,n as z}from"./index-BH0nlDnw.js";function A(o){let e,l,n;function t(i,f){return i[4]?K:J}let s=t(o),c=s(o);return{c(){e=u("div"),e.innerHTML='

    Invalid or expired verification token.

    ',l=v(),c.c(),n=g(),d(e,"class","alert alert-danger")},m(i,f){a(i,e,f),a(i,l,f),c.m(i,f),a(i,n,f)},p(i,f){s===(s=t(i))&&c?c.p(i,f):(c.d(1),c=s(i),c&&(c.c(),c.m(n.parentNode,n)))},d(i){i&&(r(e),r(l),r(n)),c.d(i)}}}function B(o){let e,l,n,t,s;return{c(){e=u("div"),e.innerHTML='

    Please check your email for the new verification link.

    ',l=v(),n=u("button"),n.textContent="Close",d(e,"class","alert alert-success"),d(n,"type","button"),d(n,"class","btn btn-transparent btn-block")},m(c,i){a(c,e,i),a(c,l,i),a(c,n,i),t||(s=m(n,"click",o[8]),t=!0)},p:k,d(c){c&&(r(e),r(l),r(n)),t=!1,s()}}}function D(o){let e,l,n,t,s;return{c(){e=u("div"),e.innerHTML='

    Successfully verified email address.

    ',l=v(),n=u("button"),n.textContent="Close",d(e,"class","alert alert-success"),d(n,"type","button"),d(n,"class","btn btn-transparent btn-block")},m(c,i){a(c,e,i),a(c,l,i),a(c,n,i),t||(s=m(n,"click",o[7]),t=!0)},p:k,d(c){c&&(r(e),r(l),r(n)),t=!1,s()}}}function G(o){let e;return{c(){e=u("div"),e.innerHTML='
    Please wait...
    ',d(e,"class","txt-center")},m(l,n){a(l,e,n)},p:k,d(l){l&&r(e)}}}function J(o){let e,l,n;return{c(){e=u("button"),e.textContent="Close",d(e,"type","button"),d(e,"class","btn btn-transparent btn-block")},m(t,s){a(t,e,s),l||(n=m(e,"click",o[9]),l=!0)},p:k,d(t){t&&r(e),l=!1,n()}}}function K(o){let e,l,n,t;return{c(){e=u("button"),l=u("span"),l.textContent="Resend",d(l,"class","txt"),d(e,"type","button"),d(e,"class","btn btn-transparent btn-block"),e.disabled=o[3],C(e,"btn-loading",o[3])},m(s,c){a(s,e,c),z(e,l),n||(t=m(e,"click",o[5]),n=!0)},p(s,c){c&8&&(e.disabled=s[3]),c&8&&C(e,"btn-loading",s[3])},d(s){s&&r(e),n=!1,t()}}}function O(o){let e;function l(s,c){return s[1]?G:s[0]?D:s[2]?B:A}let n=l(o),t=n(o);return{c(){t.c(),e=g()},m(s,c){t.m(s,c),a(s,e,c)},p(s,c){n===(n=l(s))&&t?t.p(s,c):(t.d(1),t=n(s),t&&(t.c(),t.m(e.parentNode,e)))},d(s){s&&r(e),t.d(s)}}}function Q(o){let e,l;return e=new I({props:{nobranding:!0,$$slots:{default:[O]},$$scope:{ctx:o}}}),{c(){F(e.$$.fragment)},m(n,t){q(e,n,t),l=!0},p(n,[t]){const s={};t&2079&&(s.$$scope={dirty:t,ctx:n}),e.$set(s)},i(n){l||(V(e.$$.fragment,n),l=!0)},o(n){S(e.$$.fragment,n),l=!1},d(n){N(e,n)}}}function U(o,e,l){let n,{params:t}=e,s=!1,c=!1,i=!1,f=!1;x();async function x(){if(c)return;l(1,c=!0);const p=new w("../");try{const b=y(t==null?void 0:t.token);await p.collection(b.collectionId).confirmVerification(t==null?void 0:t.token),l(0,s=!0)}catch{l(0,s=!1)}l(1,c=!1)}async function T(){const p=y(t==null?void 0:t.token);if(f||!p.collectionId||!p.email)return;l(3,f=!0);const b=new w("../");try{const _=y(t==null?void 0:t.token);await b.collection(_.collectionId).requestVerification(_.email),l(2,i=!0)}catch(_){j.error(_),l(2,i=!1)}l(3,f=!1)}const h=()=>window.close(),H=()=>window.close(),L=()=>window.close();return o.$$set=p=>{"params"in p&&l(6,t=p.params)},o.$$.update=()=>{o.$$.dirty&64&&l(4,n=(t==null?void 0:t.token)&&E(t.token))},[s,c,i,f,n,T,t,h,H,L]}class X extends M{constructor(e){super(),P(this,e,U,Q,R,{params:6})}}export{X as default}; diff --git a/ui/dist/assets/PageSuperuserConfirmPasswordReset-BZlKPl6t.js b/ui/dist/assets/PageSuperuserConfirmPasswordReset-BZlKPl6t.js new file mode 100644 index 0000000..ccc3346 --- /dev/null +++ b/ui/dist/assets/PageSuperuserConfirmPasswordReset-BZlKPl6t.js @@ -0,0 +1,2 @@ +import{S as L,i as W,s as y,F as D,d as R,t as J,a as N,m as T,c as j,J as M,f as G,h as b,j as O,k as H,l as w,n as c,o as z,E as Q,q as U,G as V,u as _,A as P,v as h,w as f,p as I,K as X,r as Y,I as Z,z as q}from"./index-BH0nlDnw.js";function K(r){let e,n,s;return{c(){e=P("for "),n=_("strong"),s=P(r[3]),f(n,"class","txt-nowrap")},m(l,t){w(l,e,t),w(l,n,t),c(n,s)},p(l,t){t&8&&Z(s,l[3])},d(l){l&&(b(e),b(n))}}}function x(r){let e,n,s,l,t,i,p,d;return{c(){e=_("label"),n=P("New password"),l=h(),t=_("input"),f(e,"for",s=r[8]),f(t,"type","password"),f(t,"id",i=r[8]),t.required=!0,t.autofocus=!0},m(u,a){w(u,e,a),c(e,n),w(u,l,a),w(u,t,a),q(t,r[0]),t.focus(),p||(d=z(t,"input",r[6]),p=!0)},p(u,a){a&256&&s!==(s=u[8])&&f(e,"for",s),a&256&&i!==(i=u[8])&&f(t,"id",i),a&1&&t.value!==u[0]&&q(t,u[0])},d(u){u&&(b(e),b(l),b(t)),p=!1,d()}}}function ee(r){let e,n,s,l,t,i,p,d;return{c(){e=_("label"),n=P("New password confirm"),l=h(),t=_("input"),f(e,"for",s=r[8]),f(t,"type","password"),f(t,"id",i=r[8]),t.required=!0},m(u,a){w(u,e,a),c(e,n),w(u,l,a),w(u,t,a),q(t,r[1]),p||(d=z(t,"input",r[7]),p=!0)},p(u,a){a&256&&s!==(s=u[8])&&f(e,"for",s),a&256&&i!==(i=u[8])&&f(t,"id",i),a&2&&t.value!==u[1]&&q(t,u[1])},d(u){u&&(b(e),b(l),b(t)),p=!1,d()}}}function te(r){let e,n,s,l,t,i,p,d,u,a,g,S,C,v,k,F,A,m=r[3]&&K(r);return i=new G({props:{class:"form-field required",name:"password",$$slots:{default:[x,({uniqueId:o})=>({8:o}),({uniqueId:o})=>o?256:0]},$$scope:{ctx:r}}}),d=new G({props:{class:"form-field required",name:"passwordConfirm",$$slots:{default:[ee,({uniqueId:o})=>({8:o}),({uniqueId:o})=>o?256:0]},$$scope:{ctx:r}}}),{c(){e=_("form"),n=_("div"),s=_("h4"),l=P(`Reset your superuser password + `),m&&m.c(),t=h(),j(i.$$.fragment),p=h(),j(d.$$.fragment),u=h(),a=_("button"),g=_("span"),g.textContent="Set new password",S=h(),C=_("div"),v=_("a"),v.textContent="Back to login",f(s,"class","m-b-xs"),f(n,"class","content txt-center m-b-sm"),f(g,"class","txt"),f(a,"type","submit"),f(a,"class","btn btn-lg btn-block"),a.disabled=r[2],H(a,"btn-loading",r[2]),f(e,"class","m-b-base"),f(v,"href","/login"),f(v,"class","link-hint"),f(C,"class","content txt-center")},m(o,$){w(o,e,$),c(e,n),c(n,s),c(s,l),m&&m.m(s,null),c(e,t),T(i,e,null),c(e,p),T(d,e,null),c(e,u),c(e,a),c(a,g),w(o,S,$),w(o,C,$),c(C,v),k=!0,F||(A=[z(e,"submit",U(r[4])),Q(V.call(null,v))],F=!0)},p(o,$){o[3]?m?m.p(o,$):(m=K(o),m.c(),m.m(s,null)):m&&(m.d(1),m=null);const B={};$&769&&(B.$$scope={dirty:$,ctx:o}),i.$set(B);const E={};$&770&&(E.$$scope={dirty:$,ctx:o}),d.$set(E),(!k||$&4)&&(a.disabled=o[2]),(!k||$&4)&&H(a,"btn-loading",o[2])},i(o){k||(N(i.$$.fragment,o),N(d.$$.fragment,o),k=!0)},o(o){J(i.$$.fragment,o),J(d.$$.fragment,o),k=!1},d(o){o&&(b(e),b(S),b(C)),m&&m.d(),R(i),R(d),F=!1,O(A)}}}function se(r){let e,n;return e=new D({props:{$$slots:{default:[te]},$$scope:{ctx:r}}}),{c(){j(e.$$.fragment)},m(s,l){T(e,s,l),n=!0},p(s,[l]){const t={};l&527&&(t.$$scope={dirty:l,ctx:s}),e.$set(t)},i(s){n||(N(e.$$.fragment,s),n=!0)},o(s){J(e.$$.fragment,s),n=!1},d(s){R(e,s)}}}function le(r,e,n){let s,{params:l}=e,t="",i="",p=!1;async function d(){if(!p){n(2,p=!0);try{await I.collection("_superusers").confirmPasswordReset(l==null?void 0:l.token,t,i),X("Successfully set a new superuser password."),Y("/")}catch(g){I.error(g)}n(2,p=!1)}}function u(){t=this.value,n(0,t)}function a(){i=this.value,n(1,i)}return r.$$set=g=>{"params"in g&&n(5,l=g.params)},r.$$.update=()=>{r.$$.dirty&32&&n(3,s=M.getJWTPayload(l==null?void 0:l.token).email||"")},[t,i,p,s,d,l,u,a]}class ae extends L{constructor(e){super(),W(this,e,le,se,y,{params:5})}}export{ae as default}; diff --git a/ui/dist/assets/PageSuperuserRequestPasswordReset-Bt6_YOPc.js b/ui/dist/assets/PageSuperuserRequestPasswordReset-Bt6_YOPc.js new file mode 100644 index 0000000..75a3c36 --- /dev/null +++ b/ui/dist/assets/PageSuperuserRequestPasswordReset-Bt6_YOPc.js @@ -0,0 +1 @@ +import{S as M,i as T,s as z,F as A,d as E,t as w,a as y,m as H,c as L,h as g,C as B,D,l as k,n as d,E as G,G as I,v,u as m,w as p,p as C,H as F,I as N,A as h,f as j,k as P,o as R,q as J,z as S}from"./index-BH0nlDnw.js";function K(u){let e,s,n,l,t,r,c,_,i,a,b,f;return l=new j({props:{class:"form-field required",name:"email",$$slots:{default:[Q,({uniqueId:o})=>({5:o}),({uniqueId:o})=>o?32:0]},$$scope:{ctx:u}}}),{c(){e=m("form"),s=m("div"),s.innerHTML='

    Forgotten superuser password

    Enter the email associated with your account and we’ll send you a recovery link:

    ',n=v(),L(l.$$.fragment),t=v(),r=m("button"),c=m("i"),_=v(),i=m("span"),i.textContent="Send recovery link",p(s,"class","content txt-center m-b-sm"),p(c,"class","ri-mail-send-line"),p(i,"class","txt"),p(r,"type","submit"),p(r,"class","btn btn-lg btn-block"),r.disabled=u[1],P(r,"btn-loading",u[1]),p(e,"class","m-b-base")},m(o,$){k(o,e,$),d(e,s),d(e,n),H(l,e,null),d(e,t),d(e,r),d(r,c),d(r,_),d(r,i),a=!0,b||(f=R(e,"submit",J(u[3])),b=!0)},p(o,$){const q={};$&97&&(q.$$scope={dirty:$,ctx:o}),l.$set(q),(!a||$&2)&&(r.disabled=o[1]),(!a||$&2)&&P(r,"btn-loading",o[1])},i(o){a||(y(l.$$.fragment,o),a=!0)},o(o){w(l.$$.fragment,o),a=!1},d(o){o&&g(e),E(l),b=!1,f()}}}function O(u){let e,s,n,l,t,r,c,_,i;return{c(){e=m("div"),s=m("div"),s.innerHTML='',n=v(),l=m("div"),t=m("p"),r=h("Check "),c=m("strong"),_=h(u[0]),i=h(" for the recovery link."),p(s,"class","icon"),p(c,"class","txt-nowrap"),p(l,"class","content"),p(e,"class","alert alert-success")},m(a,b){k(a,e,b),d(e,s),d(e,n),d(e,l),d(l,t),d(t,r),d(t,c),d(c,_),d(t,i)},p(a,b){b&1&&N(_,a[0])},i:F,o:F,d(a){a&&g(e)}}}function Q(u){let e,s,n,l,t,r,c,_;return{c(){e=m("label"),s=h("Email"),l=v(),t=m("input"),p(e,"for",n=u[5]),p(t,"type","email"),p(t,"id",r=u[5]),t.required=!0,t.autofocus=!0},m(i,a){k(i,e,a),d(e,s),k(i,l,a),k(i,t,a),S(t,u[0]),t.focus(),c||(_=R(t,"input",u[4]),c=!0)},p(i,a){a&32&&n!==(n=i[5])&&p(e,"for",n),a&32&&r!==(r=i[5])&&p(t,"id",r),a&1&&t.value!==i[0]&&S(t,i[0])},d(i){i&&(g(e),g(l),g(t)),c=!1,_()}}}function U(u){let e,s,n,l,t,r,c,_;const i=[O,K],a=[];function b(f,o){return f[2]?0:1}return e=b(u),s=a[e]=i[e](u),{c(){s.c(),n=v(),l=m("div"),t=m("a"),t.textContent="Back to login",p(t,"href","/login"),p(t,"class","link-hint"),p(l,"class","content txt-center")},m(f,o){a[e].m(f,o),k(f,n,o),k(f,l,o),d(l,t),r=!0,c||(_=G(I.call(null,t)),c=!0)},p(f,o){let $=e;e=b(f),e===$?a[e].p(f,o):(B(),w(a[$],1,1,()=>{a[$]=null}),D(),s=a[e],s?s.p(f,o):(s=a[e]=i[e](f),s.c()),y(s,1),s.m(n.parentNode,n))},i(f){r||(y(s),r=!0)},o(f){w(s),r=!1},d(f){f&&(g(n),g(l)),a[e].d(f),c=!1,_()}}}function V(u){let e,s;return e=new A({props:{$$slots:{default:[U]},$$scope:{ctx:u}}}),{c(){L(e.$$.fragment)},m(n,l){H(e,n,l),s=!0},p(n,[l]){const t={};l&71&&(t.$$scope={dirty:l,ctx:n}),e.$set(t)},i(n){s||(y(e.$$.fragment,n),s=!0)},o(n){w(e.$$.fragment,n),s=!1},d(n){E(e,n)}}}function W(u,e,s){let n="",l=!1,t=!1;async function r(){if(!l){s(1,l=!0);try{await C.collection("_superusers").requestPasswordReset(n),s(2,t=!0)}catch(_){C.error(_)}s(1,l=!1)}}function c(){n=this.value,s(0,n)}return[n,l,t,r,c]}class Y extends M{constructor(e){super(),T(this,e,W,V,z,{})}}export{Y as default}; diff --git a/ui/dist/assets/PasswordResetDocs-C6_feDjW.js b/ui/dist/assets/PasswordResetDocs-C6_feDjW.js new file mode 100644 index 0000000..68117e6 --- /dev/null +++ b/ui/dist/assets/PasswordResetDocs-C6_feDjW.js @@ -0,0 +1,100 @@ +import{S as se,i as ne,s as oe,X as H,h as b,t as X,a as V,I as Z,Z as ee,_ as ye,C as te,$ as Te,D as le,l as v,n as u,u as p,v as S,A as D,w as k,k as L,o as ae,W as Ee,d as G,m as Q,c as x,V as Ce,Y as fe,J as qe,p as Oe,a0 as pe}from"./index-BH0nlDnw.js";function me(o,t,e){const n=o.slice();return n[4]=t[e],n}function _e(o,t,e){const n=o.slice();return n[4]=t[e],n}function he(o,t){let e,n=t[4].code+"",d,c,r,a;function f(){return t[3](t[4])}return{key:o,first:null,c(){e=p("button"),d=D(n),c=S(),k(e,"class","tab-item"),L(e,"active",t[1]===t[4].code),this.first=e},m(g,y){v(g,e,y),u(e,d),u(e,c),r||(a=ae(e,"click",f),r=!0)},p(g,y){t=g,y&4&&n!==(n=t[4].code+"")&&Z(d,n),y&6&&L(e,"active",t[1]===t[4].code)},d(g){g&&b(e),r=!1,a()}}}function be(o,t){let e,n,d,c;return n=new Ee({props:{content:t[4].body}}),{key:o,first:null,c(){e=p("div"),x(n.$$.fragment),d=S(),k(e,"class","tab-item"),L(e,"active",t[1]===t[4].code),this.first=e},m(r,a){v(r,e,a),Q(n,e,null),u(e,d),c=!0},p(r,a){t=r;const f={};a&4&&(f.content=t[4].body),n.$set(f),(!c||a&6)&&L(e,"active",t[1]===t[4].code)},i(r){c||(V(n.$$.fragment,r),c=!0)},o(r){X(n.$$.fragment,r),c=!1},d(r){r&&b(e),G(n)}}}function Ae(o){let t,e,n,d,c,r,a,f=o[0].name+"",g,y,F,q,J,W,U,O,A,T,C,R=[],M=new Map,j,N,h=[],K=new Map,E,P=H(o[2]);const B=l=>l[4].code;for(let l=0;ll[4].code;for(let l=0;lParam Type Description
    Required token
    String The token from the password reset request email.
    Required password
    String The new password to set.
    Required passwordConfirm
    String The new password confirmation.',U=S(),O=p("div"),O.textContent="Responses",A=S(),T=p("div"),C=p("div");for(let l=0;le(1,d=a.code);return o.$$set=a=>{"collection"in a&&e(0,n=a.collection)},e(2,c=[{code:204,body:"null"},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "token": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}]),[n,d,c,r]}class Ne extends se{constructor(t){super(),ne(this,t,We,Ae,oe,{collection:0})}}function ve(o,t,e){const n=o.slice();return n[4]=t[e],n}function ke(o,t,e){const n=o.slice();return n[4]=t[e],n}function ge(o,t){let e,n=t[4].code+"",d,c,r,a;function f(){return t[3](t[4])}return{key:o,first:null,c(){e=p("button"),d=D(n),c=S(),k(e,"class","tab-item"),L(e,"active",t[1]===t[4].code),this.first=e},m(g,y){v(g,e,y),u(e,d),u(e,c),r||(a=ae(e,"click",f),r=!0)},p(g,y){t=g,y&4&&n!==(n=t[4].code+"")&&Z(d,n),y&6&&L(e,"active",t[1]===t[4].code)},d(g){g&&b(e),r=!1,a()}}}function we(o,t){let e,n,d,c;return n=new Ee({props:{content:t[4].body}}),{key:o,first:null,c(){e=p("div"),x(n.$$.fragment),d=S(),k(e,"class","tab-item"),L(e,"active",t[1]===t[4].code),this.first=e},m(r,a){v(r,e,a),Q(n,e,null),u(e,d),c=!0},p(r,a){t=r;const f={};a&4&&(f.content=t[4].body),n.$set(f),(!c||a&6)&&L(e,"active",t[1]===t[4].code)},i(r){c||(V(n.$$.fragment,r),c=!0)},o(r){X(n.$$.fragment,r),c=!1},d(r){r&&b(e),G(n)}}}function De(o){let t,e,n,d,c,r,a,f=o[0].name+"",g,y,F,q,J,W,U,O,A,T,C,R=[],M=new Map,j,N,h=[],K=new Map,E,P=H(o[2]);const B=l=>l[4].code;for(let l=0;ll[4].code;for(let l=0;lParam Type Description
    Required email
    String The auth record email address to send the password reset request (if exists).',U=S(),O=p("div"),O.textContent="Responses",A=S(),T=p("div"),C=p("div");for(let l=0;le(1,d=a.code);return o.$$set=a=>{"collection"in a&&e(0,n=a.collection)},e(2,c=[{code:204,body:"null"},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "email": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}]),[n,d,c,r]}class Be extends se{constructor(t){super(),ne(this,t,Me,De,oe,{collection:0})}}function $e(o,t,e){const n=o.slice();return n[5]=t[e],n[7]=e,n}function Re(o,t,e){const n=o.slice();return n[5]=t[e],n[7]=e,n}function Pe(o){let t,e,n,d,c;function r(){return o[4](o[7])}return{c(){t=p("button"),e=p("div"),e.textContent=`${o[5].title}`,n=S(),k(e,"class","txt"),k(t,"class","tab-item"),L(t,"active",o[1]==o[7])},m(a,f){v(a,t,f),u(t,e),u(t,n),d||(c=ae(t,"click",r),d=!0)},p(a,f){o=a,f&2&&L(t,"active",o[1]==o[7])},d(a){a&&b(t),d=!1,c()}}}function Se(o){let t,e,n,d;var c=o[5].component;function r(a,f){return{props:{collection:a[0]}}}return c&&(e=pe(c,r(o))),{c(){t=p("div"),e&&x(e.$$.fragment),n=S(),k(t,"class","tab-item"),L(t,"active",o[1]==o[7])},m(a,f){v(a,t,f),e&&Q(e,t,null),u(t,n),d=!0},p(a,f){if(c!==(c=a[5].component)){if(e){te();const g=e;X(g.$$.fragment,1,0,()=>{G(g,1)}),le()}c?(e=pe(c,r(a)),x(e.$$.fragment),V(e.$$.fragment,1),Q(e,t,n)):e=null}else if(c){const g={};f&1&&(g.collection=a[0]),e.$set(g)}(!d||f&2)&&L(t,"active",a[1]==a[7])},i(a){d||(e&&V(e.$$.fragment,a),d=!0)},o(a){e&&X(e.$$.fragment,a),d=!1},d(a){a&&b(t),e&&G(e)}}}function Ie(o){var l,s,_,ie;let t,e,n=o[0].name+"",d,c,r,a,f,g,y,F=o[0].name+"",q,J,W,U,O,A,T,C,R,M,j,N,h,K;A=new Ce({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${o[2]}'); + + ... + + await pb.collection('${(l=o[0])==null?void 0:l.name}').requestPasswordReset('test@example.com'); + + // --- + // (optional) in your custom confirmation page: + // --- + + // note: after this call all previously issued auth tokens are invalidated + await pb.collection('${(s=o[0])==null?void 0:s.name}').confirmPasswordReset( + 'RESET_TOKEN', + 'NEW_PASSWORD', + 'NEW_PASSWORD_CONFIRM', + ); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${o[2]}'); + + ... + + await pb.collection('${(_=o[0])==null?void 0:_.name}').requestPasswordReset('test@example.com'); + + // --- + // (optional) in your custom confirmation page: + // --- + + // note: after this call all previously issued auth tokens are invalidated + await pb.collection('${(ie=o[0])==null?void 0:ie.name}').confirmPasswordReset( + 'RESET_TOKEN', + 'NEW_PASSWORD', + 'NEW_PASSWORD_CONFIRM', + ); + `}});let E=H(o[3]),P=[];for(let i=0;iX(m[i],1,1,()=>{m[i]=null});return{c(){t=p("h3"),e=D("Password reset ("),d=D(n),c=D(")"),r=S(),a=p("div"),f=p("p"),g=D("Sends "),y=p("strong"),q=D(F),J=D(" password reset email request."),W=S(),U=p("p"),U.textContent=`On successful password reset all previously issued auth tokens for the specific record will be + automatically invalidated.`,O=S(),x(A.$$.fragment),T=S(),C=p("h6"),C.textContent="API details",R=S(),M=p("div"),j=p("div");for(let i=0;ie(1,r=f);return o.$$set=f=>{"collection"in f&&e(0,d=f.collection)},e(2,n=qe.getApiExampleUrl(Oe.baseURL)),[d,r,n,c,a]}class He extends se{constructor(t){super(),ne(this,t,Fe,Ie,oe,{collection:0})}}export{He as default}; diff --git a/ui/dist/assets/RealtimeApiDocs-DyIB7QDo.js b/ui/dist/assets/RealtimeApiDocs-DyIB7QDo.js new file mode 100644 index 0000000..d507eb9 --- /dev/null +++ b/ui/dist/assets/RealtimeApiDocs-DyIB7QDo.js @@ -0,0 +1,110 @@ +import{S as re,i as ae,s as be,V as pe,W as ue,J as P,h as s,d as se,t as ne,a as ie,I as me,l as n,n as y,m as ce,u as p,A as I,v as a,c as le,w as u,p as de}from"./index-BH0nlDnw.js";function he(o){var B,U,W,A,L,H,T,q,J,M,j,N;let i,m,c=o[0].name+"",b,d,k,h,D,f,_,l,S,$,w,g,C,v,E,r,R;return l=new pe({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${o[1]}'); + + ... + + // (Optionally) authenticate + await pb.collection('users').authWithPassword('test@example.com', '123456'); + + // Subscribe to changes in any ${(B=o[0])==null?void 0:B.name} record + pb.collection('${(U=o[0])==null?void 0:U.name}').subscribe('*', function (e) { + console.log(e.action); + console.log(e.record); + }, { /* other options like: filter, expand, custom headers, etc. */ }); + + // Subscribe to changes only in the specified record + pb.collection('${(W=o[0])==null?void 0:W.name}').subscribe('RECORD_ID', function (e) { + console.log(e.action); + console.log(e.record); + }, { /* other options like: filter, expand, custom headers, etc. */ }); + + // Unsubscribe + pb.collection('${(A=o[0])==null?void 0:A.name}').unsubscribe('RECORD_ID'); // remove all 'RECORD_ID' subscriptions + pb.collection('${(L=o[0])==null?void 0:L.name}').unsubscribe('*'); // remove all '*' topic subscriptions + pb.collection('${(H=o[0])==null?void 0:H.name}').unsubscribe(); // remove all subscriptions in the collection + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${o[1]}'); + + ... + + // (Optionally) authenticate + await pb.collection('users').authWithPassword('test@example.com', '123456'); + + // Subscribe to changes in any ${(T=o[0])==null?void 0:T.name} record + pb.collection('${(q=o[0])==null?void 0:q.name}').subscribe('*', (e) { + print(e.action); + print(e.record); + }, /* other options like: filter, expand, custom headers, etc. */); + + // Subscribe to changes only in the specified record + pb.collection('${(J=o[0])==null?void 0:J.name}').subscribe('RECORD_ID', (e) { + print(e.action); + print(e.record); + }, /* other options like: filter, expand, custom headers, etc. */); + + // Unsubscribe + pb.collection('${(M=o[0])==null?void 0:M.name}').unsubscribe('RECORD_ID'); // remove all 'RECORD_ID' subscriptions + pb.collection('${(j=o[0])==null?void 0:j.name}').unsubscribe('*'); // remove all '*' topic subscriptions + pb.collection('${(N=o[0])==null?void 0:N.name}').unsubscribe(); // remove all subscriptions in the collection + `}}),r=new ue({props:{content:JSON.stringify({action:"create",record:P.dummyCollectionRecord(o[0])},null,2).replace('"action": "create"','"action": "create" // create, update or delete')}}),{c(){i=p("h3"),m=I("Realtime ("),b=I(c),d=I(")"),k=a(),h=p("div"),h.innerHTML=`

    Subscribe to realtime changes via Server-Sent Events (SSE).

    Events are sent for create, update + and delete record operations (see "Event data format" section below).

    `,D=a(),f=p("div"),f.innerHTML=`

    You could subscribe to a single record or to an entire collection.

    When you subscribe to a single record, the collection's + ViewRule will be used to determine whether the subscriber has access to receive the + event message.

    When you subscribe to an entire collection, the collection's + ListRule will be used to determine whether the subscriber has access to receive the + event message.

    `,_=a(),le(l.$$.fragment),S=a(),$=p("h6"),$.textContent="API details",w=a(),g=p("div"),g.innerHTML='SSE

    /api/realtime

    ',C=a(),v=p("div"),v.textContent="Event data format",E=a(),le(r.$$.fragment),u(i,"class","m-b-sm"),u(h,"class","content txt-lg m-b-sm"),u(f,"class","alert alert-info m-t-10 m-b-sm"),u($,"class","m-b-xs"),u(g,"class","alert"),u(v,"class","section-title")},m(e,t){n(e,i,t),y(i,m),y(i,b),y(i,d),n(e,k,t),n(e,h,t),n(e,D,t),n(e,f,t),n(e,_,t),ce(l,e,t),n(e,S,t),n(e,$,t),n(e,w,t),n(e,g,t),n(e,C,t),n(e,v,t),n(e,E,t),ce(r,e,t),R=!0},p(e,[t]){var Y,z,F,G,K,Q,X,Z,x,ee,te,oe;(!R||t&1)&&c!==(c=e[0].name+"")&&me(b,c);const O={};t&3&&(O.js=` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${e[1]}'); + + ... + + // (Optionally) authenticate + await pb.collection('users').authWithPassword('test@example.com', '123456'); + + // Subscribe to changes in any ${(Y=e[0])==null?void 0:Y.name} record + pb.collection('${(z=e[0])==null?void 0:z.name}').subscribe('*', function (e) { + console.log(e.action); + console.log(e.record); + }, { /* other options like: filter, expand, custom headers, etc. */ }); + + // Subscribe to changes only in the specified record + pb.collection('${(F=e[0])==null?void 0:F.name}').subscribe('RECORD_ID', function (e) { + console.log(e.action); + console.log(e.record); + }, { /* other options like: filter, expand, custom headers, etc. */ }); + + // Unsubscribe + pb.collection('${(G=e[0])==null?void 0:G.name}').unsubscribe('RECORD_ID'); // remove all 'RECORD_ID' subscriptions + pb.collection('${(K=e[0])==null?void 0:K.name}').unsubscribe('*'); // remove all '*' topic subscriptions + pb.collection('${(Q=e[0])==null?void 0:Q.name}').unsubscribe(); // remove all subscriptions in the collection + `),t&3&&(O.dart=` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${e[1]}'); + + ... + + // (Optionally) authenticate + await pb.collection('users').authWithPassword('test@example.com', '123456'); + + // Subscribe to changes in any ${(X=e[0])==null?void 0:X.name} record + pb.collection('${(Z=e[0])==null?void 0:Z.name}').subscribe('*', (e) { + print(e.action); + print(e.record); + }, /* other options like: filter, expand, custom headers, etc. */); + + // Subscribe to changes only in the specified record + pb.collection('${(x=e[0])==null?void 0:x.name}').subscribe('RECORD_ID', (e) { + print(e.action); + print(e.record); + }, /* other options like: filter, expand, custom headers, etc. */); + + // Unsubscribe + pb.collection('${(ee=e[0])==null?void 0:ee.name}').unsubscribe('RECORD_ID'); // remove all 'RECORD_ID' subscriptions + pb.collection('${(te=e[0])==null?void 0:te.name}').unsubscribe('*'); // remove all '*' topic subscriptions + pb.collection('${(oe=e[0])==null?void 0:oe.name}').unsubscribe(); // remove all subscriptions in the collection + `),l.$set(O);const V={};t&1&&(V.content=JSON.stringify({action:"create",record:P.dummyCollectionRecord(e[0])},null,2).replace('"action": "create"','"action": "create" // create, update or delete')),r.$set(V)},i(e){R||(ie(l.$$.fragment,e),ie(r.$$.fragment,e),R=!0)},o(e){ne(l.$$.fragment,e),ne(r.$$.fragment,e),R=!1},d(e){e&&(s(i),s(k),s(h),s(D),s(f),s(_),s(S),s($),s(w),s(g),s(C),s(v),s(E)),se(l,e),se(r,e)}}}function fe(o,i,m){let c,{collection:b}=i;return o.$$set=d=>{"collection"in d&&m(0,b=d.collection)},m(1,c=P.getApiExampleUrl(de.baseURL)),[b,c]}class ge extends re{constructor(i){super(),ae(this,i,fe,he,be,{collection:0})}}export{ge as default}; diff --git a/ui/dist/assets/UpdateApiDocs-DL1jPaKQ.js b/ui/dist/assets/UpdateApiDocs-DL1jPaKQ.js new file mode 100644 index 0000000..bdcb79c --- /dev/null +++ b/ui/dist/assets/UpdateApiDocs-DL1jPaKQ.js @@ -0,0 +1,90 @@ +import{S as $t,i as Mt,s as St,V as Ot,X as se,W as Tt,h as d,d as ge,t as _e,a as he,I as ee,Z as Je,_ as bt,C as qt,$ as Rt,D as Ht,l as o,n as a,m as we,u as s,A as _,v as f,c as Ce,w as k,J as ye,p as Pt,k as Te,o as Lt,H as te}from"./index-BH0nlDnw.js";import{F as Dt}from"./FieldsQueryParam-DQVKTiQb.js";function mt(r,e,t){const n=r.slice();return n[10]=e[t],n}function _t(r,e,t){const n=r.slice();return n[10]=e[t],n}function ht(r,e,t){const n=r.slice();return n[15]=e[t],n}function yt(r){let e;return{c(){e=s("p"),e.innerHTML=`Note that in case of a password change all previously issued tokens for the current record + will be automatically invalidated and if you want your user to remain signed in you need to + reauthenticate manually after the update call.`},m(t,n){o(t,e,n)},d(t){t&&d(e)}}}function kt(r){let e;return{c(){e=s("p"),e.innerHTML="Requires superuser Authorization:TOKEN header",k(e,"class","txt-hint txt-sm txt-right")},m(t,n){o(t,e,n)},d(t){t&&d(e)}}}function vt(r){let e,t,n,b,p,c,u,m,S,T,H,P,$,M,q,L,J,j,O,R,D,v,g,w;function x(h,C){var le,W,ne;return C&1&&(m=null),m==null&&(m=!!((ne=(W=(le=h[0])==null?void 0:le.fields)==null?void 0:W.find(zt))!=null&&ne.required)),m?Bt:Ft}let Q=x(r,-1),B=Q(r);return{c(){e=s("tr"),e.innerHTML='Auth specific fields',t=f(),n=s("tr"),n.innerHTML=`
    Optional email
    String The auth record email address. +
    + This field can be updated only by superusers or auth records with "Manage" access. +
    + Regular accounts can update their email by calling "Request email change".`,b=f(),p=s("tr"),c=s("td"),u=s("div"),B.c(),S=f(),T=s("span"),T.textContent="emailVisibility",H=f(),P=s("td"),P.innerHTML='Boolean',$=f(),M=s("td"),M.textContent="Whether to show/hide the auth record email when fetching the record data.",q=f(),L=s("tr"),L.innerHTML=`
    Optional oldPassword
    String Old auth record password. +
    + This field is required only when changing the record password. Superusers and auth records + with "Manage" access can skip this field.`,J=f(),j=s("tr"),j.innerHTML='
    Optional password
    String New auth record password.',O=f(),R=s("tr"),R.innerHTML='
    Optional passwordConfirm
    String New auth record password confirmation.',D=f(),v=s("tr"),v.innerHTML=`
    Optional verified
    Boolean Indicates whether the auth record is verified or not. +
    + This field can be set only by superusers or auth records with "Manage" access.`,g=f(),w=s("tr"),w.innerHTML='Other fields',k(u,"class","inline-flex")},m(h,C){o(h,e,C),o(h,t,C),o(h,n,C),o(h,b,C),o(h,p,C),a(p,c),a(c,u),B.m(u,null),a(u,S),a(u,T),a(p,H),a(p,P),a(p,$),a(p,M),o(h,q,C),o(h,L,C),o(h,J,C),o(h,j,C),o(h,O,C),o(h,R,C),o(h,D,C),o(h,v,C),o(h,g,C),o(h,w,C)},p(h,C){Q!==(Q=x(h,C))&&(B.d(1),B=Q(h),B&&(B.c(),B.m(u,S)))},d(h){h&&(d(e),d(t),d(n),d(b),d(p),d(q),d(L),d(J),d(j),d(O),d(R),d(D),d(v),d(g),d(w)),B.d()}}}function Ft(r){let e;return{c(){e=s("span"),e.textContent="Optional",k(e,"class","label label-warning")},m(t,n){o(t,e,n)},d(t){t&&d(e)}}}function Bt(r){let e;return{c(){e=s("span"),e.textContent="Required",k(e,"class","label label-success")},m(t,n){o(t,e,n)},d(t){t&&d(e)}}}function Nt(r){let e;return{c(){e=s("span"),e.textContent="Optional",k(e,"class","label label-warning")},m(t,n){o(t,e,n)},d(t){t&&d(e)}}}function At(r){let e;return{c(){e=s("span"),e.textContent="Required",k(e,"class","label label-success")},m(t,n){o(t,e,n)},d(t){t&&d(e)}}}function Et(r){let e,t=r[15].maxSelect==1?"id":"ids",n,b;return{c(){e=_("Relation record "),n=_(t),b=_(".")},m(p,c){o(p,e,c),o(p,n,c),o(p,b,c)},p(p,c){c&32&&t!==(t=p[15].maxSelect==1?"id":"ids")&&ee(n,t)},d(p){p&&(d(e),d(n),d(b))}}}function It(r){let e,t,n,b,p;return{c(){e=_("File object."),t=s("br"),n=_(` + Set to `),b=s("code"),b.textContent="null",p=_(" to delete already uploaded file(s).")},m(c,u){o(c,e,u),o(c,t,u),o(c,n,u),o(c,b,u),o(c,p,u)},p:te,d(c){c&&(d(e),d(t),d(n),d(b),d(p))}}}function jt(r){let e,t;return{c(){e=s("code"),e.textContent='{"lon":x,"lat":y}',t=_(" object.")},m(n,b){o(n,e,b),o(n,t,b)},p:te,d(n){n&&(d(e),d(t))}}}function Jt(r){let e;return{c(){e=_("URL address.")},m(t,n){o(t,e,n)},p:te,d(t){t&&d(e)}}}function Ut(r){let e;return{c(){e=_("Email address.")},m(t,n){o(t,e,n)},p:te,d(t){t&&d(e)}}}function Vt(r){let e;return{c(){e=_("JSON array or object.")},m(t,n){o(t,e,n)},p:te,d(t){t&&d(e)}}}function xt(r){let e;return{c(){e=_("Number value.")},m(t,n){o(t,e,n)},p:te,d(t){t&&d(e)}}}function Qt(r){let e;return{c(){e=_("Plain text value.")},m(t,n){o(t,e,n)},p:te,d(t){t&&d(e)}}}function gt(r,e){let t,n,b,p,c,u=e[15].name+"",m,S,T,H,P=ye.getFieldValueType(e[15])+"",$,M,q,L;function J(g,w){return g[15].required?At:Nt}let j=J(e),O=j(e);function R(g,w){if(g[15].type==="text")return Qt;if(g[15].type==="number")return xt;if(g[15].type==="json")return Vt;if(g[15].type==="email")return Ut;if(g[15].type==="url")return Jt;if(g[15].type==="geoPoint")return jt;if(g[15].type==="file")return It;if(g[15].type==="relation")return Et}let D=R(e),v=D&&D(e);return{key:r,first:null,c(){t=s("tr"),n=s("td"),b=s("div"),O.c(),p=f(),c=s("span"),m=_(u),S=f(),T=s("td"),H=s("span"),$=_(P),M=f(),q=s("td"),v&&v.c(),L=f(),k(b,"class","inline-flex"),k(H,"class","label"),this.first=t},m(g,w){o(g,t,w),a(t,n),a(n,b),O.m(b,null),a(b,p),a(b,c),a(c,m),a(t,S),a(t,T),a(T,H),a(H,$),a(t,M),a(t,q),v&&v.m(q,null),a(t,L)},p(g,w){e=g,j!==(j=J(e))&&(O.d(1),O=j(e),O&&(O.c(),O.m(b,p))),w&32&&u!==(u=e[15].name+"")&&ee(m,u),w&32&&P!==(P=ye.getFieldValueType(e[15])+"")&&ee($,P),D===(D=R(e))&&v?v.p(e,w):(v&&v.d(1),v=D&&D(e),v&&(v.c(),v.m(q,null)))},d(g){g&&d(t),O.d(),v&&v.d()}}}function wt(r,e){let t,n=e[10].code+"",b,p,c,u;function m(){return e[9](e[10])}return{key:r,first:null,c(){t=s("button"),b=_(n),p=f(),k(t,"class","tab-item"),Te(t,"active",e[2]===e[10].code),this.first=t},m(S,T){o(S,t,T),a(t,b),a(t,p),c||(u=Lt(t,"click",m),c=!0)},p(S,T){e=S,T&8&&n!==(n=e[10].code+"")&&ee(b,n),T&12&&Te(t,"active",e[2]===e[10].code)},d(S){S&&d(t),c=!1,u()}}}function Ct(r,e){let t,n,b,p;return n=new Tt({props:{content:e[10].body}}),{key:r,first:null,c(){t=s("div"),Ce(n.$$.fragment),b=f(),k(t,"class","tab-item"),Te(t,"active",e[2]===e[10].code),this.first=t},m(c,u){o(c,t,u),we(n,t,null),a(t,b),p=!0},p(c,u){e=c;const m={};u&8&&(m.content=e[10].body),n.$set(m),(!p||u&12)&&Te(t,"active",e[2]===e[10].code)},i(c){p||(he(n.$$.fragment,c),p=!0)},o(c){_e(n.$$.fragment,c),p=!1},d(c){c&&d(t),ge(n)}}}function Wt(r){var ct,ut;let e,t,n=r[0].name+"",b,p,c,u,m,S,T,H=r[0].name+"",P,$,M,q,L,J,j,O,R,D,v,g,w,x,Q,B,h,C,le,W=r[0].name+"",ne,Ue,$e,Ve,Me,de,Se,oe,Oe,re,qe,z,Re,xe,K,He,U=[],Qe=new Map,Pe,ce,Le,X,De,We,ue,Y,Fe,ze,Be,Ke,N,Xe,ae,Ye,Ze,Ge,Ne,et,Ae,tt,Ee,lt,nt,ie,Ie,pe,je,Z,fe,V=[],at=new Map,it,be,A=[],st=new Map,G,E=r[1]&&yt();R=new Ot({props:{js:` +import PocketBase from 'pocketbase'; + +const pb = new PocketBase('${r[4]}'); + +... + +// example update data +const data = ${JSON.stringify(r[7](r[0]),null,4)}; + +const record = await pb.collection('${(ct=r[0])==null?void 0:ct.name}').update('RECORD_ID', data); + `,dart:` +import 'package:pocketbase/pocketbase.dart'; + +final pb = PocketBase('${r[4]}'); + +... + +// example update body +final body = ${JSON.stringify(r[7](r[0]),null,2)}; + +final record = await pb.collection('${(ut=r[0])==null?void 0:ut.name}').update('RECORD_ID', body: body); + `}});let I=r[6]&&kt(),F=r[1]&&vt(r),ke=se(r[5]);const dt=l=>l[15].name;for(let l=0;ll[10].code;for(let l=0;ll[10].code;for(let l=0;lapplication/json or + multipart/form-data.`,L=f(),J=s("p"),J.innerHTML=`File upload is supported only via multipart/form-data. +
    + For more info and examples you could check the detailed + Files upload and handling docs + .`,j=f(),E&&E.c(),O=f(),Ce(R.$$.fragment),D=f(),v=s("h6"),v.textContent="API details",g=f(),w=s("div"),x=s("strong"),x.textContent="PATCH",Q=f(),B=s("div"),h=s("p"),C=_("/api/collections/"),le=s("strong"),ne=_(W),Ue=_("/records/"),$e=s("strong"),$e.textContent=":id",Ve=f(),I&&I.c(),Me=f(),de=s("div"),de.textContent="Path parameters",Se=f(),oe=s("table"),oe.innerHTML='Param Type Description id String ID of the record to update.',Oe=f(),re=s("div"),re.textContent="Body Parameters",qe=f(),z=s("table"),Re=s("thead"),Re.innerHTML='Param Type Description',xe=f(),K=s("tbody"),F&&F.c(),He=f();for(let l=0;lParam Type Description',We=f(),ue=s("tbody"),Y=s("tr"),Fe=s("td"),Fe.textContent="expand",ze=f(),Be=s("td"),Be.innerHTML='String',Ke=f(),N=s("td"),Xe=_(`Auto expand relations when returning the updated record. Ex.: + `),Ce(ae.$$.fragment),Ye=_(` + Supports up to 6-levels depth nested relations expansion. `),Ze=s("br"),Ge=_(` + The expanded relations will be appended to the record under the + `),Ne=s("code"),Ne.textContent="expand",et=_(" property (eg. "),Ae=s("code"),Ae.textContent='"expand": {"relField1": {...}, ...}',tt=_(`). Only + the relations that the user has permissions to `),Ee=s("strong"),Ee.textContent="view",lt=_(" will be expanded."),nt=f(),Ce(ie.$$.fragment),Ie=f(),pe=s("div"),pe.textContent="Responses",je=f(),Z=s("div"),fe=s("div");for(let l=0;l${JSON.stringify(l[7](l[0]),null,2)}; + +final record = await pb.collection('${(ft=l[0])==null?void 0:ft.name}').update('RECORD_ID', body: body); + `),R.$set(y),(!G||i&1)&&W!==(W=l[0].name+"")&&ee(ne,W),l[6]?I||(I=kt(),I.c(),I.m(w,null)):I&&(I.d(1),I=null),l[1]?F?F.p(l,i):(F=vt(l),F.c(),F.m(K,He)):F&&(F.d(1),F=null),i&32&&(ke=se(l[5]),U=Je(U,i,dt,1,l,ke,Qe,K,bt,gt,null,ht)),i&12&&(ve=se(l[3]),V=Je(V,i,ot,1,l,ve,at,fe,bt,wt,null,_t)),i&12&&(me=se(l[3]),qt(),A=Je(A,i,rt,1,l,me,st,be,Rt,Ct,null,mt),Ht())},i(l){if(!G){he(R.$$.fragment,l),he(ae.$$.fragment,l),he(ie.$$.fragment,l);for(let i=0;ir.name=="emailVisibility";function Kt(r,e,t){let n,b,p,c,u,{collection:m}=e,S=200,T=[];function H($){let M=ye.dummyCollectionSchemaData($,!0);return n&&(M.oldPassword="12345678",M.password="87654321",M.passwordConfirm="87654321",delete M.verified,delete M.email),M}const P=$=>t(2,S=$.code);return r.$$set=$=>{"collection"in $&&t(0,m=$.collection)},r.$$.update=()=>{var $,M,q;r.$$.dirty&1&&t(1,n=(m==null?void 0:m.type)==="auth"),r.$$.dirty&1&&t(6,b=(m==null?void 0:m.updateRule)===null),r.$$.dirty&2&&t(8,p=n?["id","password","verified","email","emailVisibility"]:["id"]),r.$$.dirty&257&&t(5,c=(($=m==null?void 0:m.fields)==null?void 0:$.filter(L=>!L.hidden&&L.type!="autodate"&&!p.includes(L.name)))||[]),r.$$.dirty&1&&t(3,T=[{code:200,body:JSON.stringify(ye.dummyCollectionRecord(m),null,2)},{code:400,body:` + { + "status": 400, + "message": "Failed to update record.", + "data": { + "${(q=(M=m==null?void 0:m.fields)==null?void 0:M[0])==null?void 0:q.name}": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `},{code:403,body:` + { + "status": 403, + "message": "You are not allowed to perform this request.", + "data": {} + } + `},{code:404,body:` + { + "status": 404, + "message": "The requested resource wasn't found.", + "data": {} + } + `}])},t(4,u=ye.getApiExampleUrl(Pt.baseURL)),[m,n,S,T,u,c,b,H,p,P]}class Zt extends $t{constructor(e){super(),Mt(this,e,Kt,Wt,St,{collection:0})}}export{Zt as default}; diff --git a/ui/dist/assets/VerificationDocs-1oXoO_6L.js b/ui/dist/assets/VerificationDocs-1oXoO_6L.js new file mode 100644 index 0000000..7b69e75 --- /dev/null +++ b/ui/dist/assets/VerificationDocs-1oXoO_6L.js @@ -0,0 +1,79 @@ +import{S as le,i as ne,s as ie,X as F,h as b,t as j,a as U,I as Y,Z as x,_ as Te,C as ee,$ as Ce,D as te,l as h,n as u,u as m,v as y,A as M,w as v,k as K,o as oe,W as qe,d as z,m as G,c as Q,V as Ve,Y as fe,J as Ae,p as Ie,a0 as ue}from"./index-BH0nlDnw.js";function de(s,t,e){const o=s.slice();return o[4]=t[e],o}function me(s,t,e){const o=s.slice();return o[4]=t[e],o}function pe(s,t){let e,o=t[4].code+"",f,c,r,a;function d(){return t[3](t[4])}return{key:s,first:null,c(){e=m("button"),f=M(o),c=y(),v(e,"class","tab-item"),K(e,"active",t[1]===t[4].code),this.first=e},m(g,C){h(g,e,C),u(e,f),u(e,c),r||(a=oe(e,"click",d),r=!0)},p(g,C){t=g,C&4&&o!==(o=t[4].code+"")&&Y(f,o),C&6&&K(e,"active",t[1]===t[4].code)},d(g){g&&b(e),r=!1,a()}}}function _e(s,t){let e,o,f,c;return o=new qe({props:{content:t[4].body}}),{key:s,first:null,c(){e=m("div"),Q(o.$$.fragment),f=y(),v(e,"class","tab-item"),K(e,"active",t[1]===t[4].code),this.first=e},m(r,a){h(r,e,a),G(o,e,null),u(e,f),c=!0},p(r,a){t=r;const d={};a&4&&(d.content=t[4].body),o.$set(d),(!c||a&6)&&K(e,"active",t[1]===t[4].code)},i(r){c||(U(o.$$.fragment,r),c=!0)},o(r){j(o.$$.fragment,r),c=!1},d(r){r&&b(e),z(o)}}}function Pe(s){let t,e,o,f,c,r,a,d=s[0].name+"",g,C,D,P,L,R,B,O,N,q,V,$=[],J=new Map,H,I,p=[],T=new Map,A,_=F(s[2]);const X=l=>l[4].code;for(let l=0;l<_.length;l+=1){let i=me(s,_,l),n=X(i);J.set(n,$[l]=pe(n,i))}let E=F(s[2]);const W=l=>l[4].code;for(let l=0;lParam Type Description
    Required token
    String The token from the verification request email.',B=y(),O=m("div"),O.textContent="Responses",N=y(),q=m("div"),V=m("div");for(let l=0;l<$.length;l+=1)$[l].c();H=y(),I=m("div");for(let l=0;le(1,f=a.code);return s.$$set=a=>{"collection"in a&&e(0,o=a.collection)},e(2,c=[{code:204,body:"null"},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "token": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}]),[o,f,c,r]}class Be extends le{constructor(t){super(),ne(this,t,Re,Pe,ie,{collection:0})}}function be(s,t,e){const o=s.slice();return o[4]=t[e],o}function he(s,t,e){const o=s.slice();return o[4]=t[e],o}function ve(s,t){let e,o=t[4].code+"",f,c,r,a;function d(){return t[3](t[4])}return{key:s,first:null,c(){e=m("button"),f=M(o),c=y(),v(e,"class","tab-item"),K(e,"active",t[1]===t[4].code),this.first=e},m(g,C){h(g,e,C),u(e,f),u(e,c),r||(a=oe(e,"click",d),r=!0)},p(g,C){t=g,C&4&&o!==(o=t[4].code+"")&&Y(f,o),C&6&&K(e,"active",t[1]===t[4].code)},d(g){g&&b(e),r=!1,a()}}}function ge(s,t){let e,o,f,c;return o=new qe({props:{content:t[4].body}}),{key:s,first:null,c(){e=m("div"),Q(o.$$.fragment),f=y(),v(e,"class","tab-item"),K(e,"active",t[1]===t[4].code),this.first=e},m(r,a){h(r,e,a),G(o,e,null),u(e,f),c=!0},p(r,a){t=r;const d={};a&4&&(d.content=t[4].body),o.$set(d),(!c||a&6)&&K(e,"active",t[1]===t[4].code)},i(r){c||(U(o.$$.fragment,r),c=!0)},o(r){j(o.$$.fragment,r),c=!1},d(r){r&&b(e),z(o)}}}function Oe(s){let t,e,o,f,c,r,a,d=s[0].name+"",g,C,D,P,L,R,B,O,N,q,V,$=[],J=new Map,H,I,p=[],T=new Map,A,_=F(s[2]);const X=l=>l[4].code;for(let l=0;l<_.length;l+=1){let i=he(s,_,l),n=X(i);J.set(n,$[l]=ve(n,i))}let E=F(s[2]);const W=l=>l[4].code;for(let l=0;lParam Type Description
    Required email
    String The auth record email address to send the verification request (if exists).',B=y(),O=m("div"),O.textContent="Responses",N=y(),q=m("div"),V=m("div");for(let l=0;l<$.length;l+=1)$[l].c();H=y(),I=m("div");for(let l=0;le(1,f=a.code);return s.$$set=a=>{"collection"in a&&e(0,o=a.collection)},e(2,c=[{code:204,body:"null"},{code:400,body:` + { + "status": 400, + "message": "An error occurred while validating the submitted data.", + "data": { + "email": { + "code": "validation_required", + "message": "Missing required value." + } + } + } + `}]),[o,f,c,r]}class Me extends le{constructor(t){super(),ne(this,t,Ee,Oe,ie,{collection:0})}}function ke(s,t,e){const o=s.slice();return o[5]=t[e],o[7]=e,o}function $e(s,t,e){const o=s.slice();return o[5]=t[e],o[7]=e,o}function we(s){let t,e,o,f,c;function r(){return s[4](s[7])}return{c(){t=m("button"),e=m("div"),e.textContent=`${s[5].title}`,o=y(),v(e,"class","txt"),v(t,"class","tab-item"),K(t,"active",s[1]==s[7])},m(a,d){h(a,t,d),u(t,e),u(t,o),f||(c=oe(t,"click",r),f=!0)},p(a,d){s=a,d&2&&K(t,"active",s[1]==s[7])},d(a){a&&b(t),f=!1,c()}}}function ye(s){let t,e,o,f;var c=s[5].component;function r(a,d){return{props:{collection:a[0]}}}return c&&(e=ue(c,r(s))),{c(){t=m("div"),e&&Q(e.$$.fragment),o=y(),v(t,"class","tab-item"),K(t,"active",s[1]==s[7])},m(a,d){h(a,t,d),e&&G(e,t,null),u(t,o),f=!0},p(a,d){if(c!==(c=a[5].component)){if(e){ee();const g=e;j(g.$$.fragment,1,0,()=>{z(g,1)}),te()}c?(e=ue(c,r(a)),Q(e.$$.fragment),U(e.$$.fragment,1),G(e,t,o)):e=null}else if(c){const g={};d&1&&(g.collection=a[0]),e.$set(g)}(!f||d&2)&&K(t,"active",a[1]==a[7])},i(a){f||(e&&U(e.$$.fragment,a),f=!0)},o(a){e&&j(e.$$.fragment,a),f=!1},d(a){a&&b(t),e&&z(e)}}}function Ne(s){var E,W,l,i;let t,e,o=s[0].name+"",f,c,r,a,d,g,C,D=s[0].name+"",P,L,R,B,O,N,q,V,$,J,H,I;B=new Ve({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${s[2]}'); + + ... + + await pb.collection('${(E=s[0])==null?void 0:E.name}').requestVerification('test@example.com'); + + // --- + // (optional) in your custom confirmation page: + // --- + + await pb.collection('${(W=s[0])==null?void 0:W.name}').confirmVerification('VERIFICATION_TOKEN'); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${s[2]}'); + + ... + + await pb.collection('${(l=s[0])==null?void 0:l.name}').requestVerification('test@example.com'); + + // --- + // (optional) in your custom confirmation page: + // --- + + await pb.collection('${(i=s[0])==null?void 0:i.name}').confirmVerification('VERIFICATION_TOKEN'); + `}});let p=F(s[3]),T=[];for(let n=0;nj(_[n],1,1,()=>{_[n]=null});return{c(){t=m("h3"),e=M("Account verification ("),f=M(o),c=M(")"),r=y(),a=m("div"),d=m("p"),g=M("Sends "),C=m("strong"),P=M(D),L=M(" account verification request."),R=y(),Q(B.$$.fragment),O=y(),N=m("h6"),N.textContent="API details",q=y(),V=m("div"),$=m("div");for(let n=0;ne(1,r=d);return s.$$set=d=>{"collection"in d&&e(0,f=d.collection)},e(2,o=Ae.getApiExampleUrl(Ie.baseURL)),[f,r,o,c,a]}class Fe extends le{constructor(t){super(),ne(this,t,Se,Ne,ie,{collection:0})}}export{Fe as default}; diff --git a/ui/dist/assets/ViewApiDocs-wlifUl4N.js b/ui/dist/assets/ViewApiDocs-wlifUl4N.js new file mode 100644 index 0000000..4b01024 --- /dev/null +++ b/ui/dist/assets/ViewApiDocs-wlifUl4N.js @@ -0,0 +1,59 @@ +import{S as lt,i as st,s as nt,V as at,W as tt,X as K,h as r,d as W,t as V,a as j,I as ve,Z as Ge,_ as ot,C as it,$ as rt,D as dt,l as d,n as l,m as X,u as a,A as _,v as b,c as Z,w as m,J as Ke,p as ct,k as Y,o as pt}from"./index-BH0nlDnw.js";import{F as ut}from"./FieldsQueryParam-DQVKTiQb.js";function We(o,s,n){const i=o.slice();return i[6]=s[n],i}function Xe(o,s,n){const i=o.slice();return i[6]=s[n],i}function Ze(o){let s;return{c(){s=a("p"),s.innerHTML="Requires superuser Authorization:TOKEN header",m(s,"class","txt-hint txt-sm txt-right")},m(n,i){d(n,s,i)},d(n){n&&r(s)}}}function Ye(o,s){let n,i,v;function p(){return s[5](s[6])}return{key:o,first:null,c(){n=a("button"),n.textContent=`${s[6].code} `,m(n,"class","tab-item"),Y(n,"active",s[2]===s[6].code),this.first=n},m(c,f){d(c,n,f),i||(v=pt(n,"click",p),i=!0)},p(c,f){s=c,f&20&&Y(n,"active",s[2]===s[6].code)},d(c){c&&r(n),i=!1,v()}}}function et(o,s){let n,i,v,p;return i=new tt({props:{content:s[6].body}}),{key:o,first:null,c(){n=a("div"),Z(i.$$.fragment),v=b(),m(n,"class","tab-item"),Y(n,"active",s[2]===s[6].code),this.first=n},m(c,f){d(c,n,f),X(i,n,null),l(n,v),p=!0},p(c,f){s=c,(!p||f&20)&&Y(n,"active",s[2]===s[6].code)},i(c){p||(j(i.$$.fragment,c),p=!0)},o(c){V(i.$$.fragment,c),p=!1},d(c){c&&r(n),W(i)}}}function ft(o){var Je,Ne;let s,n,i=o[0].name+"",v,p,c,f,w,C,ee,J=o[0].name+"",te,$e,le,F,se,B,ne,$,N,ye,Q,T,we,ae,z=o[0].name+"",oe,Ce,ie,Fe,re,I,de,S,ce,x,pe,R,ue,Re,M,D,fe,De,be,Oe,h,Pe,E,Te,Ee,Ae,me,Be,_e,Ie,Se,xe,he,Me,qe,A,ke,q,ge,O,H,y=[],He=new Map,Le,L,k=[],Ue=new Map,P;F=new at({props:{js:` + import PocketBase from 'pocketbase'; + + const pb = new PocketBase('${o[3]}'); + + ... + + const record = await pb.collection('${(Je=o[0])==null?void 0:Je.name}').getOne('RECORD_ID', { + expand: 'relField1,relField2.subRelField', + }); + `,dart:` + import 'package:pocketbase/pocketbase.dart'; + + final pb = PocketBase('${o[3]}'); + + ... + + final record = await pb.collection('${(Ne=o[0])==null?void 0:Ne.name}').getOne('RECORD_ID', + expand: 'relField1,relField2.subRelField', + ); + `}});let g=o[1]&&Ze();E=new tt({props:{content:"?expand=relField1,relField2.subRelField"}}),A=new ut({});let G=K(o[4]);const Ve=e=>e[6].code;for(let e=0;ee[6].code;for(let e=0;eParam Type Description id String ID of the record to view.',ce=b(),x=a("div"),x.textContent="Query parameters",pe=b(),R=a("table"),ue=a("thead"),ue.innerHTML='Param Type Description',Re=b(),M=a("tbody"),D=a("tr"),fe=a("td"),fe.textContent="expand",De=b(),be=a("td"),be.innerHTML='String',Oe=b(),h=a("td"),Pe=_(`Auto expand record relations. Ex.: + `),Z(E.$$.fragment),Te=_(` + Supports up to 6-levels depth nested relations expansion. `),Ee=a("br"),Ae=_(` + The expanded relations will be appended to the record under the + `),me=a("code"),me.textContent="expand",Be=_(" property (eg. "),_e=a("code"),_e.textContent='"expand": {"relField1": {...}, ...}',Ie=_(`). + `),Se=a("br"),xe=_(` + Only the relations to which the request user has permissions to `),he=a("strong"),he.textContent="view",Me=_(" will be expanded."),qe=b(),Z(A.$$.fragment),ke=b(),q=a("div"),q.textContent="Responses",ge=b(),O=a("div"),H=a("div");for(let e=0;en(2,c=C.code);return o.$$set=C=>{"collection"in C&&n(0,p=C.collection)},o.$$.update=()=>{o.$$.dirty&1&&n(1,i=(p==null?void 0:p.viewRule)===null),o.$$.dirty&3&&p!=null&&p.id&&(f.push({code:200,body:JSON.stringify(Ke.dummyCollectionRecord(p),null,2)}),i&&f.push({code:403,body:` + { + "status": 403, + "message": "Only superusers can access this action.", + "data": {} + } + `}),f.push({code:404,body:` + { + "status": 404, + "message": "The requested resource wasn't found.", + "data": {} + } + `}))},n(3,v=Ke.getApiExampleUrl(ct.baseURL)),[p,i,c,v,f,w]}class ht extends lt{constructor(s){super(),st(this,s,bt,ft,nt,{collection:0})}}export{ht as default}; diff --git a/ui/dist/assets/autocomplete.worker-SdNqUZMM.js b/ui/dist/assets/autocomplete.worker-SdNqUZMM.js new file mode 100644 index 0000000..950a80c --- /dev/null +++ b/ui/dist/assets/autocomplete.worker-SdNqUZMM.js @@ -0,0 +1,4 @@ +(function(){"use strict";class Y extends Error{}class Yn extends Y{constructor(e){super(`Invalid DateTime: ${e.toMessage()}`)}}class Jn extends Y{constructor(e){super(`Invalid Interval: ${e.toMessage()}`)}}class Bn extends Y{constructor(e){super(`Invalid Duration: ${e.toMessage()}`)}}class j extends Y{}class ft extends Y{constructor(e){super(`Invalid unit ${e}`)}}class x extends Y{}class U extends Y{constructor(){super("Zone is an abstract class")}}const c="numeric",W="short",I="long",Se={year:c,month:c,day:c},dt={year:c,month:W,day:c},Gn={year:c,month:W,day:c,weekday:W},ht={year:c,month:I,day:c},mt={year:c,month:I,day:c,weekday:I},yt={hour:c,minute:c},gt={hour:c,minute:c,second:c},pt={hour:c,minute:c,second:c,timeZoneName:W},wt={hour:c,minute:c,second:c,timeZoneName:I},St={hour:c,minute:c,hourCycle:"h23"},kt={hour:c,minute:c,second:c,hourCycle:"h23"},Tt={hour:c,minute:c,second:c,hourCycle:"h23",timeZoneName:W},Ot={hour:c,minute:c,second:c,hourCycle:"h23",timeZoneName:I},Nt={year:c,month:c,day:c,hour:c,minute:c},Et={year:c,month:c,day:c,hour:c,minute:c,second:c},xt={year:c,month:W,day:c,hour:c,minute:c},bt={year:c,month:W,day:c,hour:c,minute:c,second:c},jn={year:c,month:W,day:c,weekday:W,hour:c,minute:c},vt={year:c,month:I,day:c,hour:c,minute:c,timeZoneName:W},It={year:c,month:I,day:c,hour:c,minute:c,second:c,timeZoneName:W},Mt={year:c,month:I,day:c,weekday:I,hour:c,minute:c,timeZoneName:I},Dt={year:c,month:I,day:c,weekday:I,hour:c,minute:c,second:c,timeZoneName:I};class ae{get type(){throw new U}get name(){throw new U}get ianaName(){return this.name}get isUniversal(){throw new U}offsetName(e,t){throw new U}formatOffset(e,t){throw new U}offset(e){throw new U}equals(e){throw new U}get isValid(){throw new U}}let We=null;class ke extends ae{static get instance(){return We===null&&(We=new ke),We}get type(){return"system"}get name(){return new Intl.DateTimeFormat().resolvedOptions().timeZone}get isUniversal(){return!1}offsetName(e,{format:t,locale:n}){return nn(e,t,n)}formatOffset(e,t){return ce(this.offset(e),t)}offset(e){return-new Date(e).getTimezoneOffset()}equals(e){return e.type==="system"}get isValid(){return!0}}const Ce=new Map;function Kn(r){let e=Ce.get(r);return e===void 0&&(e=new Intl.DateTimeFormat("en-US",{hour12:!1,timeZone:r,year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit",second:"2-digit",era:"short"}),Ce.set(r,e)),e}const Hn={year:0,month:1,day:2,era:3,hour:4,minute:5,second:6};function Qn(r,e){const t=r.format(e).replace(/\u200E/g,""),n=/(\d+)\/(\d+)\/(\d+) (AD|BC),? (\d+):(\d+):(\d+)/.exec(t),[,s,i,a,o,u,l,f]=n;return[a,s,i,o,u,l,f]}function _n(r,e){const t=r.formatToParts(e),n=[];for(let s=0;s=0?N:1e3+N,(k-m)/(60*1e3)}equals(e){return e.type==="iana"&&e.name===this.name}get isValid(){return this.valid}}let Ft={};function Xn(r,e={}){const t=JSON.stringify([r,e]);let n=Ft[t];return n||(n=new Intl.ListFormat(r,e),Ft[t]=n),n}const Re=new Map;function $e(r,e={}){const t=JSON.stringify([r,e]);let n=Re.get(t);return n===void 0&&(n=new Intl.DateTimeFormat(r,e),Re.set(t,n)),n}const Ue=new Map;function er(r,e={}){const t=JSON.stringify([r,e]);let n=Ue.get(t);return n===void 0&&(n=new Intl.NumberFormat(r,e),Ue.set(t,n)),n}const Ze=new Map;function tr(r,e={}){const{base:t,...n}=e,s=JSON.stringify([r,n]);let i=Ze.get(s);return i===void 0&&(i=new Intl.RelativeTimeFormat(r,e),Ze.set(s,i)),i}let oe=null;function nr(){return oe||(oe=new Intl.DateTimeFormat().resolvedOptions().locale,oe)}const qe=new Map;function Vt(r){let e=qe.get(r);return e===void 0&&(e=new Intl.DateTimeFormat(r).resolvedOptions(),qe.set(r,e)),e}const ze=new Map;function rr(r){let e=ze.get(r);if(!e){const t=new Intl.Locale(r);e="getWeekInfo"in t?t.getWeekInfo():t.weekInfo,"minimalDays"in e||(e={...At,...e}),ze.set(r,e)}return e}function sr(r){const e=r.indexOf("-x-");e!==-1&&(r=r.substring(0,e));const t=r.indexOf("-u-");if(t===-1)return[r];{let n,s;try{n=$e(r).resolvedOptions(),s=r}catch{const u=r.substring(0,t);n=$e(u).resolvedOptions(),s=u}const{numberingSystem:i,calendar:a}=n;return[s,i,a]}}function ir(r,e,t){return(t||e)&&(r.includes("-u-")||(r+="-u"),t&&(r+=`-ca-${t}`),e&&(r+=`-nu-${e}`)),r}function ar(r){const e=[];for(let t=1;t<=12;t++){const n=y.utc(2009,t,1);e.push(r(n))}return e}function or(r){const e=[];for(let t=1;t<=7;t++){const n=y.utc(2016,11,13+t);e.push(r(n))}return e}function Te(r,e,t,n){const s=r.listingMode();return s==="error"?null:s==="en"?t(e):n(e)}function ur(r){return r.numberingSystem&&r.numberingSystem!=="latn"?!1:r.numberingSystem==="latn"||!r.locale||r.locale.startsWith("en")||Vt(r.locale).numberingSystem==="latn"}class lr{constructor(e,t,n){this.padTo=n.padTo||0,this.floor=n.floor||!1;const{padTo:s,floor:i,...a}=n;if(!t||Object.keys(a).length>0){const o={useGrouping:!1,...n};n.padTo>0&&(o.minimumIntegerDigits=n.padTo),this.inf=er(e,o)}}format(e){if(this.inf){const t=this.floor?Math.floor(e):e;return this.inf.format(t)}else{const t=this.floor?Math.floor(e):Qe(e,3);return E(t,this.padTo)}}}class cr{constructor(e,t,n){this.opts=n,this.originalZone=void 0;let s;if(this.opts.timeZone)this.dt=e;else if(e.zone.type==="fixed"){const a=-1*(e.offset/60),o=a>=0?`Etc/GMT+${a}`:`Etc/GMT${a}`;e.offset!==0&&$.create(o).valid?(s=o,this.dt=e):(s="UTC",this.dt=e.offset===0?e:e.setZone("UTC").plus({minutes:e.offset}),this.originalZone=e.zone)}else e.zone.type==="system"?this.dt=e:e.zone.type==="iana"?(this.dt=e,s=e.zone.name):(s="UTC",this.dt=e.setZone("UTC").plus({minutes:e.offset}),this.originalZone=e.zone);const i={...this.opts};i.timeZone=i.timeZone||s,this.dtf=$e(t,i)}format(){return this.originalZone?this.formatToParts().map(({value:e})=>e).join(""):this.dtf.format(this.dt.toJSDate())}formatToParts(){const e=this.dtf.formatToParts(this.dt.toJSDate());return this.originalZone?e.map(t=>{if(t.type==="timeZoneName"){const n=this.originalZone.offsetName(this.dt.ts,{locale:this.dt.locale,format:this.opts.timeZoneName});return{...t,value:n}}else return t}):e}resolvedOptions(){return this.dtf.resolvedOptions()}}class fr{constructor(e,t,n){this.opts={style:"long",...n},!t&&_t()&&(this.rtf=tr(e,n))}format(e,t){return this.rtf?this.rtf.format(e,t):Ar(t,e,this.opts.numeric,this.opts.style!=="long")}formatToParts(e,t){return this.rtf?this.rtf.formatToParts(e,t):[]}}const At={firstDay:1,minimalDays:4,weekend:[6,7]};class S{static fromOpts(e){return S.create(e.locale,e.numberingSystem,e.outputCalendar,e.weekSettings,e.defaultToEN)}static create(e,t,n,s,i=!1){const a=e||T.defaultLocale,o=a||(i?"en-US":nr()),u=t||T.defaultNumberingSystem,l=n||T.defaultOutputCalendar,f=Ke(s)||T.defaultWeekSettings;return new S(o,u,l,f,a)}static resetCache(){oe=null,Re.clear(),Ue.clear(),Ze.clear(),qe.clear(),ze.clear()}static fromObject({locale:e,numberingSystem:t,outputCalendar:n,weekSettings:s}={}){return S.create(e,t,n,s)}constructor(e,t,n,s,i){const[a,o,u]=sr(e);this.locale=a,this.numberingSystem=t||o||null,this.outputCalendar=n||u||null,this.weekSettings=s,this.intl=ir(this.locale,this.numberingSystem,this.outputCalendar),this.weekdaysCache={format:{},standalone:{}},this.monthsCache={format:{},standalone:{}},this.meridiemCache=null,this.eraCache={},this.specifiedLocale=i,this.fastNumbersCached=null}get fastNumbers(){return this.fastNumbersCached==null&&(this.fastNumbersCached=ur(this)),this.fastNumbersCached}listingMode(){const e=this.isEnglish(),t=(this.numberingSystem===null||this.numberingSystem==="latn")&&(this.outputCalendar===null||this.outputCalendar==="gregory");return e&&t?"en":"intl"}clone(e){return!e||Object.getOwnPropertyNames(e).length===0?this:S.create(e.locale||this.specifiedLocale,e.numberingSystem||this.numberingSystem,e.outputCalendar||this.outputCalendar,Ke(e.weekSettings)||this.weekSettings,e.defaultToEN||!1)}redefaultToEN(e={}){return this.clone({...e,defaultToEN:!0})}redefaultToSystem(e={}){return this.clone({...e,defaultToEN:!1})}months(e,t=!1){return Te(this,e,an,()=>{const n=t?{month:e,day:"numeric"}:{month:e},s=t?"format":"standalone";return this.monthsCache[s][e]||(this.monthsCache[s][e]=ar(i=>this.extract(i,n,"month"))),this.monthsCache[s][e]})}weekdays(e,t=!1){return Te(this,e,ln,()=>{const n=t?{weekday:e,year:"numeric",month:"long",day:"numeric"}:{weekday:e},s=t?"format":"standalone";return this.weekdaysCache[s][e]||(this.weekdaysCache[s][e]=or(i=>this.extract(i,n,"weekday"))),this.weekdaysCache[s][e]})}meridiems(){return Te(this,void 0,()=>cn,()=>{if(!this.meridiemCache){const e={hour:"numeric",hourCycle:"h12"};this.meridiemCache=[y.utc(2016,11,13,9),y.utc(2016,11,13,19)].map(t=>this.extract(t,e,"dayperiod"))}return this.meridiemCache})}eras(e){return Te(this,e,fn,()=>{const t={era:e};return this.eraCache[e]||(this.eraCache[e]=[y.utc(-40,1,1),y.utc(2017,1,1)].map(n=>this.extract(n,t,"era"))),this.eraCache[e]})}extract(e,t,n){const s=this.dtFormatter(e,t),i=s.formatToParts(),a=i.find(o=>o.type.toLowerCase()===n);return a?a.value:null}numberFormatter(e={}){return new lr(this.intl,e.forceSimple||this.fastNumbers,e)}dtFormatter(e,t={}){return new cr(e,this.intl,t)}relFormatter(e={}){return new fr(this.intl,this.isEnglish(),e)}listFormatter(e={}){return Xn(this.intl,e)}isEnglish(){return this.locale==="en"||this.locale.toLowerCase()==="en-us"||Vt(this.intl).locale.startsWith("en-us")}getWeekSettings(){return this.weekSettings?this.weekSettings:Xt()?rr(this.locale):At}getStartOfWeek(){return this.getWeekSettings().firstDay}getMinDaysInFirstWeek(){return this.getWeekSettings().minimalDays}getWeekendDays(){return this.getWeekSettings().weekend}equals(e){return this.locale===e.locale&&this.numberingSystem===e.numberingSystem&&this.outputCalendar===e.outputCalendar}toString(){return`Locale(${this.locale}, ${this.numberingSystem}, ${this.outputCalendar})`}}let Pe=null;class v extends ae{static get utcInstance(){return Pe===null&&(Pe=new v(0)),Pe}static instance(e){return e===0?v.utcInstance:new v(e)}static parseSpecifier(e){if(e){const t=e.match(/^utc(?:([+-]\d{1,2})(?::(\d{2}))?)?$/i);if(t)return new v(be(t[1],t[2]))}return null}constructor(e){super(),this.fixed=e}get type(){return"fixed"}get name(){return this.fixed===0?"UTC":`UTC${ce(this.fixed,"narrow")}`}get ianaName(){return this.fixed===0?"Etc/UTC":`Etc/GMT${ce(-this.fixed,"narrow")}`}offsetName(){return this.name}formatOffset(e,t){return ce(this.fixed,t)}get isUniversal(){return!0}offset(){return this.fixed}equals(e){return e.type==="fixed"&&e.fixed===this.fixed}get isValid(){return!0}}class dr extends ae{constructor(e){super(),this.zoneName=e}get type(){return"invalid"}get name(){return this.zoneName}get isUniversal(){return!1}offsetName(){return null}formatOffset(){return""}offset(){return NaN}equals(){return!1}get isValid(){return!1}}function Z(r,e){if(g(r)||r===null)return e;if(r instanceof ae)return r;if(wr(r)){const t=r.toLowerCase();return t==="default"?e:t==="local"||t==="system"?ke.instance:t==="utc"||t==="gmt"?v.utcInstance:v.parseSpecifier(t)||$.create(r)}else return q(r)?v.instance(r):typeof r=="object"&&"offset"in r&&typeof r.offset=="function"?r:new dr(r)}const Ye={arab:"[٠-٩]",arabext:"[۰-۹]",bali:"[᭐-᭙]",beng:"[০-৯]",deva:"[०-९]",fullwide:"[0-9]",gujr:"[૦-૯]",hanidec:"[〇|一|二|三|四|五|六|七|八|九]",khmr:"[០-៩]",knda:"[೦-೯]",laoo:"[໐-໙]",limb:"[᥆-᥏]",mlym:"[൦-൯]",mong:"[᠐-᠙]",mymr:"[၀-၉]",orya:"[୦-୯]",tamldec:"[௦-௯]",telu:"[౦-౯]",thai:"[๐-๙]",tibt:"[༠-༩]",latn:"\\d"},Wt={arab:[1632,1641],arabext:[1776,1785],bali:[6992,7001],beng:[2534,2543],deva:[2406,2415],fullwide:[65296,65303],gujr:[2790,2799],khmr:[6112,6121],knda:[3302,3311],laoo:[3792,3801],limb:[6470,6479],mlym:[3430,3439],mong:[6160,6169],mymr:[4160,4169],orya:[2918,2927],tamldec:[3046,3055],telu:[3174,3183],thai:[3664,3673],tibt:[3872,3881]},hr=Ye.hanidec.replace(/[\[|\]]/g,"").split("");function mr(r){let e=parseInt(r,10);if(isNaN(e)){e="";for(let t=0;t=i&&n<=a&&(e+=n-i)}}return parseInt(e,10)}else return e}const Je=new Map;function yr(){Je.clear()}function C({numberingSystem:r},e=""){const t=r||"latn";let n=Je.get(t);n===void 0&&(n=new Map,Je.set(t,n));let s=n.get(e);return s===void 0&&(s=new RegExp(`${Ye[t]}${e}`),n.set(e,s)),s}let Ct=()=>Date.now(),Lt="system",Rt=null,$t=null,Ut=null,Zt=60,qt,zt=null;class T{static get now(){return Ct}static set now(e){Ct=e}static set defaultZone(e){Lt=e}static get defaultZone(){return Z(Lt,ke.instance)}static get defaultLocale(){return Rt}static set defaultLocale(e){Rt=e}static get defaultNumberingSystem(){return $t}static set defaultNumberingSystem(e){$t=e}static get defaultOutputCalendar(){return Ut}static set defaultOutputCalendar(e){Ut=e}static get defaultWeekSettings(){return zt}static set defaultWeekSettings(e){zt=Ke(e)}static get twoDigitCutoffYear(){return Zt}static set twoDigitCutoffYear(e){Zt=e%100}static get throwOnInvalid(){return qt}static set throwOnInvalid(e){qt=e}static resetCaches(){S.resetCache(),$.resetCache(),y.resetCache(),yr()}}class L{constructor(e,t){this.reason=e,this.explanation=t}toMessage(){return this.explanation?`${this.reason}: ${this.explanation}`:this.reason}}const Pt=[0,31,59,90,120,151,181,212,243,273,304,334],Yt=[0,31,60,91,121,152,182,213,244,274,305,335];function F(r,e){return new L("unit out of range",`you specified ${e} (of type ${typeof e}) as a ${r}, which is invalid`)}function Be(r,e,t){const n=new Date(Date.UTC(r,e-1,t));r<100&&r>=0&&n.setUTCFullYear(n.getUTCFullYear()-1900);const s=n.getUTCDay();return s===0?7:s}function Jt(r,e,t){return t+(ue(r)?Yt:Pt)[e-1]}function Bt(r,e){const t=ue(r)?Yt:Pt,n=t.findIndex(i=>ile(n,e,t)?(l=n+1,u=1):l=n,{weekYear:l,weekNumber:u,weekday:o,...Ie(r)}}function Gt(r,e=4,t=1){const{weekYear:n,weekNumber:s,weekday:i}=r,a=Ge(Be(n,1,e),t),o=H(n);let u=s*7+i-a-7+e,l;u<1?(l=n-1,u+=H(l)):u>o?(l=n+1,u-=H(n)):l=n;const{month:f,day:h}=Bt(l,u);return{year:l,month:f,day:h,...Ie(r)}}function je(r){const{year:e,month:t,day:n}=r,s=Jt(e,t,n);return{year:e,ordinal:s,...Ie(r)}}function jt(r){const{year:e,ordinal:t}=r,{month:n,day:s}=Bt(e,t);return{year:e,month:n,day:s,...Ie(r)}}function Kt(r,e){if(!g(r.localWeekday)||!g(r.localWeekNumber)||!g(r.localWeekYear)){if(!g(r.weekday)||!g(r.weekNumber)||!g(r.weekYear))throw new j("Cannot mix locale-based week fields with ISO-based week fields");return g(r.localWeekday)||(r.weekday=r.localWeekday),g(r.localWeekNumber)||(r.weekNumber=r.localWeekNumber),g(r.localWeekYear)||(r.weekYear=r.localWeekYear),delete r.localWeekday,delete r.localWeekNumber,delete r.localWeekYear,{minDaysInFirstWeek:e.getMinDaysInFirstWeek(),startOfWeek:e.getStartOfWeek()}}else return{minDaysInFirstWeek:4,startOfWeek:1}}function gr(r,e=4,t=1){const n=Ne(r.weekYear),s=V(r.weekNumber,1,le(r.weekYear,e,t)),i=V(r.weekday,1,7);return n?s?i?!1:F("weekday",r.weekday):F("week",r.weekNumber):F("weekYear",r.weekYear)}function pr(r){const e=Ne(r.year),t=V(r.ordinal,1,H(r.year));return e?t?!1:F("ordinal",r.ordinal):F("year",r.year)}function Ht(r){const e=Ne(r.year),t=V(r.month,1,12),n=V(r.day,1,Ee(r.year,r.month));return e?t?n?!1:F("day",r.day):F("month",r.month):F("year",r.year)}function Qt(r){const{hour:e,minute:t,second:n,millisecond:s}=r,i=V(e,0,23)||e===24&&t===0&&n===0&&s===0,a=V(t,0,59),o=V(n,0,59),u=V(s,0,999);return i?a?o?u?!1:F("millisecond",s):F("second",n):F("minute",t):F("hour",e)}function g(r){return typeof r>"u"}function q(r){return typeof r=="number"}function Ne(r){return typeof r=="number"&&r%1===0}function wr(r){return typeof r=="string"}function Sr(r){return Object.prototype.toString.call(r)==="[object Date]"}function _t(){try{return typeof Intl<"u"&&!!Intl.RelativeTimeFormat}catch{return!1}}function Xt(){try{return typeof Intl<"u"&&!!Intl.Locale&&("weekInfo"in Intl.Locale.prototype||"getWeekInfo"in Intl.Locale.prototype)}catch{return!1}}function kr(r){return Array.isArray(r)?r:[r]}function en(r,e,t){if(r.length!==0)return r.reduce((n,s)=>{const i=[e(s),s];return n&&t(n[0],i[0])===n[0]?n:i},null)[1]}function Tr(r,e){return e.reduce((t,n)=>(t[n]=r[n],t),{})}function K(r,e){return Object.prototype.hasOwnProperty.call(r,e)}function Ke(r){if(r==null)return null;if(typeof r!="object")throw new x("Week settings must be an object");if(!V(r.firstDay,1,7)||!V(r.minimalDays,1,7)||!Array.isArray(r.weekend)||r.weekend.some(e=>!V(e,1,7)))throw new x("Invalid week settings");return{firstDay:r.firstDay,minimalDays:r.minimalDays,weekend:Array.from(r.weekend)}}function V(r,e,t){return Ne(r)&&r>=e&&r<=t}function Or(r,e){return r-e*Math.floor(r/e)}function E(r,e=2){const t=r<0;let n;return t?n="-"+(""+-r).padStart(e,"0"):n=(""+r).padStart(e,"0"),n}function z(r){if(!(g(r)||r===null||r===""))return parseInt(r,10)}function J(r){if(!(g(r)||r===null||r===""))return parseFloat(r)}function He(r){if(!(g(r)||r===null||r==="")){const e=parseFloat("0."+r)*1e3;return Math.floor(e)}}function Qe(r,e,t=!1){const n=10**e;return(t?Math.trunc:Math.round)(r*n)/n}function ue(r){return r%4===0&&(r%100!==0||r%400===0)}function H(r){return ue(r)?366:365}function Ee(r,e){const t=Or(e-1,12)+1,n=r+(e-t)/12;return t===2?ue(n)?29:28:[31,null,31,30,31,30,31,31,30,31,30,31][t-1]}function xe(r){let e=Date.UTC(r.year,r.month-1,r.day,r.hour,r.minute,r.second,r.millisecond);return r.year<100&&r.year>=0&&(e=new Date(e),e.setUTCFullYear(r.year,r.month-1,r.day)),+e}function tn(r,e,t){return-Ge(Be(r,1,e),t)+e-1}function le(r,e=4,t=1){const n=tn(r,e,t),s=tn(r+1,e,t);return(H(r)-n+s)/7}function _e(r){return r>99?r:r>T.twoDigitCutoffYear?1900+r:2e3+r}function nn(r,e,t,n=null){const s=new Date(r),i={hourCycle:"h23",year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit"};n&&(i.timeZone=n);const a={timeZoneName:e,...i},o=new Intl.DateTimeFormat(t,a).formatToParts(s).find(u=>u.type.toLowerCase()==="timezonename");return o?o.value:null}function be(r,e){let t=parseInt(r,10);Number.isNaN(t)&&(t=0);const n=parseInt(e,10)||0,s=t<0||Object.is(t,-0)?-n:n;return t*60+s}function rn(r){const e=Number(r);if(typeof r=="boolean"||r===""||Number.isNaN(e))throw new x(`Invalid unit value ${r}`);return e}function ve(r,e){const t={};for(const n in r)if(K(r,n)){const s=r[n];if(s==null)continue;t[e(n)]=rn(s)}return t}function ce(r,e){const t=Math.trunc(Math.abs(r/60)),n=Math.trunc(Math.abs(r%60)),s=r>=0?"+":"-";switch(e){case"short":return`${s}${E(t,2)}:${E(n,2)}`;case"narrow":return`${s}${t}${n>0?`:${n}`:""}`;case"techie":return`${s}${E(t,2)}${E(n,2)}`;default:throw new RangeError(`Value format ${e} is out of range for property format`)}}function Ie(r){return Tr(r,["hour","minute","second","millisecond"])}const Nr=["January","February","March","April","May","June","July","August","September","October","November","December"],sn=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],Er=["J","F","M","A","M","J","J","A","S","O","N","D"];function an(r){switch(r){case"narrow":return[...Er];case"short":return[...sn];case"long":return[...Nr];case"numeric":return["1","2","3","4","5","6","7","8","9","10","11","12"];case"2-digit":return["01","02","03","04","05","06","07","08","09","10","11","12"];default:return null}}const on=["Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"],un=["Mon","Tue","Wed","Thu","Fri","Sat","Sun"],xr=["M","T","W","T","F","S","S"];function ln(r){switch(r){case"narrow":return[...xr];case"short":return[...un];case"long":return[...on];case"numeric":return["1","2","3","4","5","6","7"];default:return null}}const cn=["AM","PM"],br=["Before Christ","Anno Domini"],vr=["BC","AD"],Ir=["B","A"];function fn(r){switch(r){case"narrow":return[...Ir];case"short":return[...vr];case"long":return[...br];default:return null}}function Mr(r){return cn[r.hour<12?0:1]}function Dr(r,e){return ln(e)[r.weekday-1]}function Fr(r,e){return an(e)[r.month-1]}function Vr(r,e){return fn(e)[r.year<0?0:1]}function Ar(r,e,t="always",n=!1){const s={years:["year","yr."],quarters:["quarter","qtr."],months:["month","mo."],weeks:["week","wk."],days:["day","day","days"],hours:["hour","hr."],minutes:["minute","min."],seconds:["second","sec."]},i=["hours","minutes","seconds"].indexOf(r)===-1;if(t==="auto"&&i){const h=r==="days";switch(e){case 1:return h?"tomorrow":`next ${s[r][0]}`;case-1:return h?"yesterday":`last ${s[r][0]}`;case 0:return h?"today":`this ${s[r][0]}`}}const a=Object.is(e,-0)||e<0,o=Math.abs(e),u=o===1,l=s[r],f=n?u?l[1]:l[2]||l[1]:u?s[r][0]:r;return a?`${o} ${f} ago`:`in ${o} ${f}`}function dn(r,e){let t="";for(const n of r)n.literal?t+=n.val:t+=e(n.val);return t}const Wr={D:Se,DD:dt,DDD:ht,DDDD:mt,t:yt,tt:gt,ttt:pt,tttt:wt,T:St,TT:kt,TTT:Tt,TTTT:Ot,f:Nt,ff:xt,fff:vt,ffff:Mt,F:Et,FF:bt,FFF:It,FFFF:Dt};class b{static create(e,t={}){return new b(e,t)}static parseFormat(e){let t=null,n="",s=!1;const i=[];for(let a=0;a0&&i.push({literal:s||/^\s+$/.test(n),val:n}),t=null,n="",s=!s):s||o===t?n+=o:(n.length>0&&i.push({literal:/^\s+$/.test(n),val:n}),n=o,t=o)}return n.length>0&&i.push({literal:s||/^\s+$/.test(n),val:n}),i}static macroTokenToFormatOpts(e){return Wr[e]}constructor(e,t){this.opts=t,this.loc=e,this.systemLoc=null}formatWithSystemDefault(e,t){return this.systemLoc===null&&(this.systemLoc=this.loc.redefaultToSystem()),this.systemLoc.dtFormatter(e,{...this.opts,...t}).format()}dtFormatter(e,t={}){return this.loc.dtFormatter(e,{...this.opts,...t})}formatDateTime(e,t){return this.dtFormatter(e,t).format()}formatDateTimeParts(e,t){return this.dtFormatter(e,t).formatToParts()}formatInterval(e,t){return this.dtFormatter(e.start,t).dtf.formatRange(e.start.toJSDate(),e.end.toJSDate())}resolvedOptions(e,t){return this.dtFormatter(e,t).resolvedOptions()}num(e,t=0){if(this.opts.forceSimple)return E(e,t);const n={...this.opts};return t>0&&(n.padTo=t),this.loc.numberFormatter(n).format(e)}formatDateTimeFromString(e,t){const n=this.loc.listingMode()==="en",s=this.loc.outputCalendar&&this.loc.outputCalendar!=="gregory",i=(m,N)=>this.loc.extract(e,m,N),a=m=>e.isOffsetFixed&&e.offset===0&&m.allowZ?"Z":e.isValid?e.zone.formatOffset(e.ts,m.format):"",o=()=>n?Mr(e):i({hour:"numeric",hourCycle:"h12"},"dayperiod"),u=(m,N)=>n?Fr(e,m):i(N?{month:m}:{month:m,day:"numeric"},"month"),l=(m,N)=>n?Dr(e,m):i(N?{weekday:m}:{weekday:m,month:"long",day:"numeric"},"weekday"),f=m=>{const N=b.macroTokenToFormatOpts(m);return N?this.formatWithSystemDefault(e,N):m},h=m=>n?Vr(e,m):i({era:m},"era"),k=m=>{switch(m){case"S":return this.num(e.millisecond);case"u":case"SSS":return this.num(e.millisecond,3);case"s":return this.num(e.second);case"ss":return this.num(e.second,2);case"uu":return this.num(Math.floor(e.millisecond/10),2);case"uuu":return this.num(Math.floor(e.millisecond/100));case"m":return this.num(e.minute);case"mm":return this.num(e.minute,2);case"h":return this.num(e.hour%12===0?12:e.hour%12);case"hh":return this.num(e.hour%12===0?12:e.hour%12,2);case"H":return this.num(e.hour);case"HH":return this.num(e.hour,2);case"Z":return a({format:"narrow",allowZ:this.opts.allowZ});case"ZZ":return a({format:"short",allowZ:this.opts.allowZ});case"ZZZ":return a({format:"techie",allowZ:this.opts.allowZ});case"ZZZZ":return e.zone.offsetName(e.ts,{format:"short",locale:this.loc.locale});case"ZZZZZ":return e.zone.offsetName(e.ts,{format:"long",locale:this.loc.locale});case"z":return e.zoneName;case"a":return o();case"d":return s?i({day:"numeric"},"day"):this.num(e.day);case"dd":return s?i({day:"2-digit"},"day"):this.num(e.day,2);case"c":return this.num(e.weekday);case"ccc":return l("short",!0);case"cccc":return l("long",!0);case"ccccc":return l("narrow",!0);case"E":return this.num(e.weekday);case"EEE":return l("short",!1);case"EEEE":return l("long",!1);case"EEEEE":return l("narrow",!1);case"L":return s?i({month:"numeric",day:"numeric"},"month"):this.num(e.month);case"LL":return s?i({month:"2-digit",day:"numeric"},"month"):this.num(e.month,2);case"LLL":return u("short",!0);case"LLLL":return u("long",!0);case"LLLLL":return u("narrow",!0);case"M":return s?i({month:"numeric"},"month"):this.num(e.month);case"MM":return s?i({month:"2-digit"},"month"):this.num(e.month,2);case"MMM":return u("short",!1);case"MMMM":return u("long",!1);case"MMMMM":return u("narrow",!1);case"y":return s?i({year:"numeric"},"year"):this.num(e.year);case"yy":return s?i({year:"2-digit"},"year"):this.num(e.year.toString().slice(-2),2);case"yyyy":return s?i({year:"numeric"},"year"):this.num(e.year,4);case"yyyyyy":return s?i({year:"numeric"},"year"):this.num(e.year,6);case"G":return h("short");case"GG":return h("long");case"GGGGG":return h("narrow");case"kk":return this.num(e.weekYear.toString().slice(-2),2);case"kkkk":return this.num(e.weekYear,4);case"W":return this.num(e.weekNumber);case"WW":return this.num(e.weekNumber,2);case"n":return this.num(e.localWeekNumber);case"nn":return this.num(e.localWeekNumber,2);case"ii":return this.num(e.localWeekYear.toString().slice(-2),2);case"iiii":return this.num(e.localWeekYear,4);case"o":return this.num(e.ordinal);case"ooo":return this.num(e.ordinal,3);case"q":return this.num(e.quarter);case"qq":return this.num(e.quarter,2);case"X":return this.num(Math.floor(e.ts/1e3));case"x":return this.num(e.ts);default:return f(m)}};return dn(b.parseFormat(t),k)}formatDurationFromString(e,t){const n=u=>{switch(u[0]){case"S":return"millisecond";case"s":return"second";case"m":return"minute";case"h":return"hour";case"d":return"day";case"w":return"week";case"M":return"month";case"y":return"year";default:return null}},s=u=>l=>{const f=n(l);return f?this.num(u.get(f),l.length):l},i=b.parseFormat(t),a=i.reduce((u,{literal:l,val:f})=>l?u:u.concat(f),[]),o=e.shiftTo(...a.map(n).filter(u=>u));return dn(i,s(o))}}const hn=/[A-Za-z_+-]{1,256}(?::?\/[A-Za-z0-9_+-]{1,256}(?:\/[A-Za-z0-9_+-]{1,256})?)?/;function Q(...r){const e=r.reduce((t,n)=>t+n.source,"");return RegExp(`^${e}$`)}function _(...r){return e=>r.reduce(([t,n,s],i)=>{const[a,o,u]=i(e,s);return[{...t,...a},o||n,u]},[{},null,1]).slice(0,2)}function X(r,...e){if(r==null)return[null,null];for(const[t,n]of e){const s=t.exec(r);if(s)return n(s)}return[null,null]}function mn(...r){return(e,t)=>{const n={};let s;for(s=0;sm!==void 0&&(N||m&&f)?-m:m;return[{years:k(J(t)),months:k(J(n)),weeks:k(J(s)),days:k(J(i)),hours:k(J(a)),minutes:k(J(o)),seconds:k(J(u),u==="-0"),milliseconds:k(He(l),h)}]}const Gr={GMT:0,EDT:-4*60,EST:-5*60,CDT:-5*60,CST:-6*60,MDT:-6*60,MST:-7*60,PDT:-7*60,PST:-8*60};function tt(r,e,t,n,s,i,a){const o={year:e.length===2?_e(z(e)):z(e),month:sn.indexOf(t)+1,day:z(n),hour:z(s),minute:z(i)};return a&&(o.second=z(a)),r&&(o.weekday=r.length>3?on.indexOf(r)+1:un.indexOf(r)+1),o}const jr=/^(?:(Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s)?(\d{1,2})\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s(\d{2,4})\s(\d\d):(\d\d)(?::(\d\d))?\s(?:(UT|GMT|[ECMP][SD]T)|([Zz])|(?:([+-]\d\d)(\d\d)))$/;function Kr(r){const[,e,t,n,s,i,a,o,u,l,f,h]=r,k=tt(e,s,n,t,i,a,o);let m;return u?m=Gr[u]:l?m=0:m=be(f,h),[k,new v(m)]}function Hr(r){return r.replace(/\([^()]*\)|[\n\t]/g," ").replace(/(\s\s+)/g," ").trim()}const Qr=/^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), (\d\d) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (\d{4}) (\d\d):(\d\d):(\d\d) GMT$/,_r=/^(Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday), (\d\d)-(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)-(\d\d) (\d\d):(\d\d):(\d\d) GMT$/,Xr=/^(Mon|Tue|Wed|Thu|Fri|Sat|Sun) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ( \d|\d\d) (\d\d):(\d\d):(\d\d) (\d{4})$/;function wn(r){const[,e,t,n,s,i,a,o]=r;return[tt(e,s,n,t,i,a,o),v.utcInstance]}function es(r){const[,e,t,n,s,i,a,o]=r;return[tt(e,o,t,n,s,i,a),v.utcInstance]}const ts=Q(Lr,et),ns=Q(Rr,et),rs=Q($r,et),ss=Q(gn),Sn=_(Pr,te,fe,de),is=_(Ur,te,fe,de),as=_(Zr,te,fe,de),os=_(te,fe,de);function us(r){return X(r,[ts,Sn],[ns,is],[rs,as],[ss,os])}function ls(r){return X(Hr(r),[jr,Kr])}function cs(r){return X(r,[Qr,wn],[_r,wn],[Xr,es])}function fs(r){return X(r,[Jr,Br])}const ds=_(te);function hs(r){return X(r,[Yr,ds])}const ms=Q(qr,zr),ys=Q(pn),gs=_(te,fe,de);function ps(r){return X(r,[ms,Sn],[ys,gs])}const kn="Invalid Duration",Tn={weeks:{days:7,hours:7*24,minutes:7*24*60,seconds:7*24*60*60,milliseconds:7*24*60*60*1e3},days:{hours:24,minutes:24*60,seconds:24*60*60,milliseconds:24*60*60*1e3},hours:{minutes:60,seconds:60*60,milliseconds:60*60*1e3},minutes:{seconds:60,milliseconds:60*1e3},seconds:{milliseconds:1e3}},ws={years:{quarters:4,months:12,weeks:52,days:365,hours:365*24,minutes:365*24*60,seconds:365*24*60*60,milliseconds:365*24*60*60*1e3},quarters:{months:3,weeks:13,days:91,hours:91*24,minutes:91*24*60,seconds:91*24*60*60,milliseconds:91*24*60*60*1e3},months:{weeks:4,days:30,hours:30*24,minutes:30*24*60,seconds:30*24*60*60,milliseconds:30*24*60*60*1e3},...Tn},A=146097/400,ne=146097/4800,Ss={years:{quarters:4,months:12,weeks:A/7,days:A,hours:A*24,minutes:A*24*60,seconds:A*24*60*60,milliseconds:A*24*60*60*1e3},quarters:{months:3,weeks:A/28,days:A/4,hours:A*24/4,minutes:A*24*60/4,seconds:A*24*60*60/4,milliseconds:A*24*60*60*1e3/4},months:{weeks:ne/7,days:ne,hours:ne*24,minutes:ne*24*60,seconds:ne*24*60*60,milliseconds:ne*24*60*60*1e3},...Tn},B=["years","quarters","months","weeks","days","hours","minutes","seconds","milliseconds"],ks=B.slice(0).reverse();function P(r,e,t=!1){const n={values:t?e.values:{...r.values,...e.values||{}},loc:r.loc.clone(e.loc),conversionAccuracy:e.conversionAccuracy||r.conversionAccuracy,matrix:e.matrix||r.matrix};return new p(n)}function On(r,e){let t=e.milliseconds??0;for(const n of ks.slice(1))e[n]&&(t+=e[n]*r[n].milliseconds);return t}function Nn(r,e){const t=On(r,e)<0?-1:1;B.reduceRight((n,s)=>{if(g(e[s]))return n;if(n){const i=e[n]*t,a=r[s][n],o=Math.floor(i/a);e[s]+=o*t,e[n]-=o*a*t}return s},null),B.reduce((n,s)=>{if(g(e[s]))return n;if(n){const i=e[n]%1;e[n]-=i,e[s]+=i*r[n][s]}return s},null)}function Ts(r){const e={};for(const[t,n]of Object.entries(r))n!==0&&(e[t]=n);return e}class p{constructor(e){const t=e.conversionAccuracy==="longterm"||!1;let n=t?Ss:ws;e.matrix&&(n=e.matrix),this.values=e.values,this.loc=e.loc||S.create(),this.conversionAccuracy=t?"longterm":"casual",this.invalid=e.invalid||null,this.matrix=n,this.isLuxonDuration=!0}static fromMillis(e,t){return p.fromObject({milliseconds:e},t)}static fromObject(e,t={}){if(e==null||typeof e!="object")throw new x(`Duration.fromObject: argument expected to be an object, got ${e===null?"null":typeof e}`);return new p({values:ve(e,p.normalizeUnit),loc:S.fromObject(t),conversionAccuracy:t.conversionAccuracy,matrix:t.matrix})}static fromDurationLike(e){if(q(e))return p.fromMillis(e);if(p.isDuration(e))return e;if(typeof e=="object")return p.fromObject(e);throw new x(`Unknown duration argument ${e} of type ${typeof e}`)}static fromISO(e,t){const[n]=fs(e);return n?p.fromObject(n,t):p.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static fromISOTime(e,t){const[n]=hs(e);return n?p.fromObject(n,t):p.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static invalid(e,t=null){if(!e)throw new x("need to specify a reason the Duration is invalid");const n=e instanceof L?e:new L(e,t);if(T.throwOnInvalid)throw new Bn(n);return new p({invalid:n})}static normalizeUnit(e){const t={year:"years",years:"years",quarter:"quarters",quarters:"quarters",month:"months",months:"months",week:"weeks",weeks:"weeks",day:"days",days:"days",hour:"hours",hours:"hours",minute:"minutes",minutes:"minutes",second:"seconds",seconds:"seconds",millisecond:"milliseconds",milliseconds:"milliseconds"}[e&&e.toLowerCase()];if(!t)throw new ft(e);return t}static isDuration(e){return e&&e.isLuxonDuration||!1}get locale(){return this.isValid?this.loc.locale:null}get numberingSystem(){return this.isValid?this.loc.numberingSystem:null}toFormat(e,t={}){const n={...t,floor:t.round!==!1&&t.floor!==!1};return this.isValid?b.create(this.loc,n).formatDurationFromString(this,e):kn}toHuman(e={}){if(!this.isValid)return kn;const t=B.map(n=>{const s=this.values[n];return g(s)?null:this.loc.numberFormatter({style:"unit",unitDisplay:"long",...e,unit:n.slice(0,-1)}).format(s)}).filter(n=>n);return this.loc.listFormatter({type:"conjunction",style:e.listStyle||"narrow",...e}).format(t)}toObject(){return this.isValid?{...this.values}:{}}toISO(){if(!this.isValid)return null;let e="P";return this.years!==0&&(e+=this.years+"Y"),(this.months!==0||this.quarters!==0)&&(e+=this.months+this.quarters*3+"M"),this.weeks!==0&&(e+=this.weeks+"W"),this.days!==0&&(e+=this.days+"D"),(this.hours!==0||this.minutes!==0||this.seconds!==0||this.milliseconds!==0)&&(e+="T"),this.hours!==0&&(e+=this.hours+"H"),this.minutes!==0&&(e+=this.minutes+"M"),(this.seconds!==0||this.milliseconds!==0)&&(e+=Qe(this.seconds+this.milliseconds/1e3,3)+"S"),e==="P"&&(e+="T0S"),e}toISOTime(e={}){if(!this.isValid)return null;const t=this.toMillis();return t<0||t>=864e5?null:(e={suppressMilliseconds:!1,suppressSeconds:!1,includePrefix:!1,format:"extended",...e,includeOffset:!1},y.fromMillis(t,{zone:"UTC"}).toISOTime(e))}toJSON(){return this.toISO()}toString(){return this.toISO()}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`Duration { values: ${JSON.stringify(this.values)} }`:`Duration { Invalid, reason: ${this.invalidReason} }`}toMillis(){return this.isValid?On(this.matrix,this.values):NaN}valueOf(){return this.toMillis()}plus(e){if(!this.isValid)return this;const t=p.fromDurationLike(e),n={};for(const s of B)(K(t.values,s)||K(this.values,s))&&(n[s]=t.get(s)+this.get(s));return P(this,{values:n},!0)}minus(e){if(!this.isValid)return this;const t=p.fromDurationLike(e);return this.plus(t.negate())}mapUnits(e){if(!this.isValid)return this;const t={};for(const n of Object.keys(this.values))t[n]=rn(e(this.values[n],n));return P(this,{values:t},!0)}get(e){return this[p.normalizeUnit(e)]}set(e){if(!this.isValid)return this;const t={...this.values,...ve(e,p.normalizeUnit)};return P(this,{values:t})}reconfigure({locale:e,numberingSystem:t,conversionAccuracy:n,matrix:s}={}){const a={loc:this.loc.clone({locale:e,numberingSystem:t}),matrix:s,conversionAccuracy:n};return P(this,a)}as(e){return this.isValid?this.shiftTo(e).get(e):NaN}normalize(){if(!this.isValid)return this;const e=this.toObject();return Nn(this.matrix,e),P(this,{values:e},!0)}rescale(){if(!this.isValid)return this;const e=Ts(this.normalize().shiftToAll().toObject());return P(this,{values:e},!0)}shiftTo(...e){if(!this.isValid)return this;if(e.length===0)return this;e=e.map(a=>p.normalizeUnit(a));const t={},n={},s=this.toObject();let i;for(const a of B)if(e.indexOf(a)>=0){i=a;let o=0;for(const l in n)o+=this.matrix[l][a]*n[l],n[l]=0;q(s[a])&&(o+=s[a]);const u=Math.trunc(o);t[a]=u,n[a]=(o*1e3-u*1e3)/1e3}else q(s[a])&&(n[a]=s[a]);for(const a in n)n[a]!==0&&(t[i]+=a===i?n[a]:n[a]/this.matrix[i][a]);return Nn(this.matrix,t),P(this,{values:t},!0)}shiftToAll(){return this.isValid?this.shiftTo("years","months","weeks","days","hours","minutes","seconds","milliseconds"):this}negate(){if(!this.isValid)return this;const e={};for(const t of Object.keys(this.values))e[t]=this.values[t]===0?0:-this.values[t];return P(this,{values:e},!0)}get years(){return this.isValid?this.values.years||0:NaN}get quarters(){return this.isValid?this.values.quarters||0:NaN}get months(){return this.isValid?this.values.months||0:NaN}get weeks(){return this.isValid?this.values.weeks||0:NaN}get days(){return this.isValid?this.values.days||0:NaN}get hours(){return this.isValid?this.values.hours||0:NaN}get minutes(){return this.isValid?this.values.minutes||0:NaN}get seconds(){return this.isValid?this.values.seconds||0:NaN}get milliseconds(){return this.isValid?this.values.milliseconds||0:NaN}get isValid(){return this.invalid===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}equals(e){if(!this.isValid||!e.isValid||!this.loc.equals(e.loc))return!1;function t(n,s){return n===void 0||n===0?s===void 0||s===0:n===s}for(const n of B)if(!t(this.values[n],e.values[n]))return!1;return!0}}const re="Invalid Interval";function Os(r,e){return!r||!r.isValid?O.invalid("missing or invalid start"):!e||!e.isValid?O.invalid("missing or invalid end"):ee:!1}isBefore(e){return this.isValid?this.e<=e:!1}contains(e){return this.isValid?this.s<=e&&this.e>e:!1}set({start:e,end:t}={}){return this.isValid?O.fromDateTimes(e||this.s,t||this.e):this}splitAt(...e){if(!this.isValid)return[];const t=e.map(ye).filter(a=>this.contains(a)).sort((a,o)=>a.toMillis()-o.toMillis()),n=[];let{s}=this,i=0;for(;s+this.e?this.e:a;n.push(O.fromDateTimes(s,o)),s=o,i+=1}return n}splitBy(e){const t=p.fromDurationLike(e);if(!this.isValid||!t.isValid||t.as("milliseconds")===0)return[];let{s:n}=this,s=1,i;const a=[];for(;nu*s));i=+o>+this.e?this.e:o,a.push(O.fromDateTimes(n,i)),n=i,s+=1}return a}divideEqually(e){return this.isValid?this.splitBy(this.length()/e).slice(0,e):[]}overlaps(e){return this.e>e.s&&this.s=e.e:!1}equals(e){return!this.isValid||!e.isValid?!1:this.s.equals(e.s)&&this.e.equals(e.e)}intersection(e){if(!this.isValid)return this;const t=this.s>e.s?this.s:e.s,n=this.e=n?null:O.fromDateTimes(t,n)}union(e){if(!this.isValid)return this;const t=this.se.e?this.e:e.e;return O.fromDateTimes(t,n)}static merge(e){const[t,n]=e.sort((s,i)=>s.s-i.s).reduce(([s,i],a)=>i?i.overlaps(a)||i.abutsStart(a)?[s,i.union(a)]:[s.concat([i]),a]:[s,a],[[],null]);return n&&t.push(n),t}static xor(e){let t=null,n=0;const s=[],i=e.map(u=>[{time:u.s,type:"s"},{time:u.e,type:"e"}]),a=Array.prototype.concat(...i),o=a.sort((u,l)=>u.time-l.time);for(const u of o)n+=u.type==="s"?1:-1,n===1?t=u.time:(t&&+t!=+u.time&&s.push(O.fromDateTimes(t,u.time)),t=null);return O.merge(s)}difference(...e){return O.xor([this].concat(e)).map(t=>this.intersection(t)).filter(t=>t&&!t.isEmpty())}toString(){return this.isValid?`[${this.s.toISO()} – ${this.e.toISO()})`:re}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`Interval { start: ${this.s.toISO()}, end: ${this.e.toISO()} }`:`Interval { Invalid, reason: ${this.invalidReason} }`}toLocaleString(e=Se,t={}){return this.isValid?b.create(this.s.loc.clone(t),e).formatInterval(this):re}toISO(e){return this.isValid?`${this.s.toISO(e)}/${this.e.toISO(e)}`:re}toISODate(){return this.isValid?`${this.s.toISODate()}/${this.e.toISODate()}`:re}toISOTime(e){return this.isValid?`${this.s.toISOTime(e)}/${this.e.toISOTime(e)}`:re}toFormat(e,{separator:t=" – "}={}){return this.isValid?`${this.s.toFormat(e)}${t}${this.e.toFormat(e)}`:re}toDuration(e,t){return this.isValid?this.e.diff(this.s,e,t):p.invalid(this.invalidReason)}mapEndpoints(e){return O.fromDateTimes(e(this.s),e(this.e))}}class Me{static hasDST(e=T.defaultZone){const t=y.now().setZone(e).set({month:12});return!e.isUniversal&&t.offset!==t.set({month:6}).offset}static isValidIANAZone(e){return $.isValidZone(e)}static normalizeZone(e){return Z(e,T.defaultZone)}static getStartOfWeek({locale:e=null,locObj:t=null}={}){return(t||S.create(e)).getStartOfWeek()}static getMinimumDaysInFirstWeek({locale:e=null,locObj:t=null}={}){return(t||S.create(e)).getMinDaysInFirstWeek()}static getWeekendWeekdays({locale:e=null,locObj:t=null}={}){return(t||S.create(e)).getWeekendDays().slice()}static months(e="long",{locale:t=null,numberingSystem:n=null,locObj:s=null,outputCalendar:i="gregory"}={}){return(s||S.create(t,n,i)).months(e)}static monthsFormat(e="long",{locale:t=null,numberingSystem:n=null,locObj:s=null,outputCalendar:i="gregory"}={}){return(s||S.create(t,n,i)).months(e,!0)}static weekdays(e="long",{locale:t=null,numberingSystem:n=null,locObj:s=null}={}){return(s||S.create(t,n,null)).weekdays(e)}static weekdaysFormat(e="long",{locale:t=null,numberingSystem:n=null,locObj:s=null}={}){return(s||S.create(t,n,null)).weekdays(e,!0)}static meridiems({locale:e=null}={}){return S.create(e).meridiems()}static eras(e="short",{locale:t=null}={}){return S.create(t,null,"gregory").eras(e)}static features(){return{relative:_t(),localeWeek:Xt()}}}function En(r,e){const t=s=>s.toUTC(0,{keepLocalTime:!0}).startOf("day").valueOf(),n=t(e)-t(r);return Math.floor(p.fromMillis(n).as("days"))}function Ns(r,e,t){const n=[["years",(u,l)=>l.year-u.year],["quarters",(u,l)=>l.quarter-u.quarter+(l.year-u.year)*4],["months",(u,l)=>l.month-u.month+(l.year-u.year)*12],["weeks",(u,l)=>{const f=En(u,l);return(f-f%7)/7}],["days",En]],s={},i=r;let a,o;for(const[u,l]of n)t.indexOf(u)>=0&&(a=u,s[u]=l(r,e),o=i.plus(s),o>e?(s[u]--,r=i.plus(s),r>e&&(o=r,s[u]--,r=i.plus(s))):r=o);return[r,s,o,a]}function Es(r,e,t,n){let[s,i,a,o]=Ns(r,e,t);const u=e-s,l=t.filter(h=>["hours","minutes","seconds","milliseconds"].indexOf(h)>=0);l.length===0&&(a0?p.fromMillis(u,n).shiftTo(...l).plus(f):f}const xs="missing Intl.DateTimeFormat.formatToParts support";function w(r,e=t=>t){return{regex:r,deser:([t])=>e(mr(t))}}const xn="[  ]",bn=new RegExp(xn,"g");function bs(r){return r.replace(/\./g,"\\.?").replace(bn,xn)}function vn(r){return r.replace(/\./g,"").replace(bn," ").toLowerCase()}function R(r,e){return r===null?null:{regex:RegExp(r.map(bs).join("|")),deser:([t])=>r.findIndex(n=>vn(t)===vn(n))+e}}function In(r,e){return{regex:r,deser:([,t,n])=>be(t,n),groups:e}}function De(r){return{regex:r,deser:([e])=>e}}function vs(r){return r.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}function Is(r,e){const t=C(e),n=C(e,"{2}"),s=C(e,"{3}"),i=C(e,"{4}"),a=C(e,"{6}"),o=C(e,"{1,2}"),u=C(e,"{1,3}"),l=C(e,"{1,6}"),f=C(e,"{1,9}"),h=C(e,"{2,4}"),k=C(e,"{4,6}"),m=D=>({regex:RegExp(vs(D.val)),deser:([ie])=>ie,literal:!0}),M=(D=>{if(r.literal)return m(D);switch(D.val){case"G":return R(e.eras("short"),0);case"GG":return R(e.eras("long"),0);case"y":return w(l);case"yy":return w(h,_e);case"yyyy":return w(i);case"yyyyy":return w(k);case"yyyyyy":return w(a);case"M":return w(o);case"MM":return w(n);case"MMM":return R(e.months("short",!0),1);case"MMMM":return R(e.months("long",!0),1);case"L":return w(o);case"LL":return w(n);case"LLL":return R(e.months("short",!1),1);case"LLLL":return R(e.months("long",!1),1);case"d":return w(o);case"dd":return w(n);case"o":return w(u);case"ooo":return w(s);case"HH":return w(n);case"H":return w(o);case"hh":return w(n);case"h":return w(o);case"mm":return w(n);case"m":return w(o);case"q":return w(o);case"qq":return w(n);case"s":return w(o);case"ss":return w(n);case"S":return w(u);case"SSS":return w(s);case"u":return De(f);case"uu":return De(o);case"uuu":return w(t);case"a":return R(e.meridiems(),0);case"kkkk":return w(i);case"kk":return w(h,_e);case"W":return w(o);case"WW":return w(n);case"E":case"c":return w(t);case"EEE":return R(e.weekdays("short",!1),1);case"EEEE":return R(e.weekdays("long",!1),1);case"ccc":return R(e.weekdays("short",!0),1);case"cccc":return R(e.weekdays("long",!0),1);case"Z":case"ZZ":return In(new RegExp(`([+-]${o.source})(?::(${n.source}))?`),2);case"ZZZ":return In(new RegExp(`([+-]${o.source})(${n.source})?`),2);case"z":return De(/[a-z_+-/]{1,256}?/i);case" ":return De(/[^\S\n\r]/);default:return m(D)}})(r)||{invalidReason:xs};return M.token=r,M}const Ms={year:{"2-digit":"yy",numeric:"yyyyy"},month:{numeric:"M","2-digit":"MM",short:"MMM",long:"MMMM"},day:{numeric:"d","2-digit":"dd"},weekday:{short:"EEE",long:"EEEE"},dayperiod:"a",dayPeriod:"a",hour12:{numeric:"h","2-digit":"hh"},hour24:{numeric:"H","2-digit":"HH"},minute:{numeric:"m","2-digit":"mm"},second:{numeric:"s","2-digit":"ss"},timeZoneName:{long:"ZZZZZ",short:"ZZZ"}};function Ds(r,e,t){const{type:n,value:s}=r;if(n==="literal"){const u=/^\s+$/.test(s);return{literal:!u,val:u?" ":s}}const i=e[n];let a=n;n==="hour"&&(e.hour12!=null?a=e.hour12?"hour12":"hour24":e.hourCycle!=null?e.hourCycle==="h11"||e.hourCycle==="h12"?a="hour12":a="hour24":a=t.hour12?"hour12":"hour24");let o=Ms[a];if(typeof o=="object"&&(o=o[i]),o)return{literal:!1,val:o}}function Fs(r){return[`^${r.map(t=>t.regex).reduce((t,n)=>`${t}(${n.source})`,"")}$`,r]}function Vs(r,e,t){const n=r.match(e);if(n){const s={};let i=1;for(const a in t)if(K(t,a)){const o=t[a],u=o.groups?o.groups+1:1;!o.literal&&o.token&&(s[o.token.val[0]]=o.deser(n.slice(i,i+u))),i+=u}return[n,s]}else return[n,{}]}function As(r){const e=i=>{switch(i){case"S":return"millisecond";case"s":return"second";case"m":return"minute";case"h":case"H":return"hour";case"d":return"day";case"o":return"ordinal";case"L":case"M":return"month";case"y":return"year";case"E":case"c":return"weekday";case"W":return"weekNumber";case"k":return"weekYear";case"q":return"quarter";default:return null}};let t=null,n;return g(r.z)||(t=$.create(r.z)),g(r.Z)||(t||(t=new v(r.Z)),n=r.Z),g(r.q)||(r.M=(r.q-1)*3+1),g(r.h)||(r.h<12&&r.a===1?r.h+=12:r.h===12&&r.a===0&&(r.h=0)),r.G===0&&r.y&&(r.y=-r.y),g(r.u)||(r.S=He(r.u)),[Object.keys(r).reduce((i,a)=>{const o=e(a);return o&&(i[o]=r[a]),i},{}),t,n]}let nt=null;function Ws(){return nt||(nt=y.fromMillis(1555555555555)),nt}function Cs(r,e){if(r.literal)return r;const t=b.macroTokenToFormatOpts(r.val),n=Vn(t,e);return n==null||n.includes(void 0)?r:n}function Mn(r,e){return Array.prototype.concat(...r.map(t=>Cs(t,e)))}class Dn{constructor(e,t){if(this.locale=e,this.format=t,this.tokens=Mn(b.parseFormat(t),e),this.units=this.tokens.map(n=>Is(n,e)),this.disqualifyingUnit=this.units.find(n=>n.invalidReason),!this.disqualifyingUnit){const[n,s]=Fs(this.units);this.regex=RegExp(n,"i"),this.handlers=s}}explainFromTokens(e){if(this.isValid){const[t,n]=Vs(e,this.regex,this.handlers),[s,i,a]=n?As(n):[null,null,void 0];if(K(n,"a")&&K(n,"H"))throw new j("Can't include meridiem when specifying 24-hour format");return{input:e,tokens:this.tokens,regex:this.regex,rawMatches:t,matches:n,result:s,zone:i,specificOffset:a}}else return{input:e,tokens:this.tokens,invalidReason:this.invalidReason}}get isValid(){return!this.disqualifyingUnit}get invalidReason(){return this.disqualifyingUnit?this.disqualifyingUnit.invalidReason:null}}function Fn(r,e,t){return new Dn(r,t).explainFromTokens(e)}function Ls(r,e,t){const{result:n,zone:s,specificOffset:i,invalidReason:a}=Fn(r,e,t);return[n,s,i,a]}function Vn(r,e){if(!r)return null;const n=b.create(e,r).dtFormatter(Ws()),s=n.formatToParts(),i=n.resolvedOptions();return s.map(a=>Ds(a,r,i))}const rt="Invalid DateTime",Rs=864e13;function he(r){return new L("unsupported zone",`the zone "${r.name}" is not supported`)}function st(r){return r.weekData===null&&(r.weekData=Oe(r.c)),r.weekData}function it(r){return r.localWeekData===null&&(r.localWeekData=Oe(r.c,r.loc.getMinDaysInFirstWeek(),r.loc.getStartOfWeek())),r.localWeekData}function G(r,e){const t={ts:r.ts,zone:r.zone,c:r.c,o:r.o,loc:r.loc,invalid:r.invalid};return new y({...t,...e,old:t})}function An(r,e,t){let n=r-e*60*1e3;const s=t.offset(n);if(e===s)return[n,e];n-=(s-e)*60*1e3;const i=t.offset(n);return s===i?[n,s]:[r-Math.min(s,i)*60*1e3,Math.max(s,i)]}function Fe(r,e){r+=e*60*1e3;const t=new Date(r);return{year:t.getUTCFullYear(),month:t.getUTCMonth()+1,day:t.getUTCDate(),hour:t.getUTCHours(),minute:t.getUTCMinutes(),second:t.getUTCSeconds(),millisecond:t.getUTCMilliseconds()}}function Ve(r,e,t){return An(xe(r),e,t)}function Wn(r,e){const t=r.o,n=r.c.year+Math.trunc(e.years),s=r.c.month+Math.trunc(e.months)+Math.trunc(e.quarters)*3,i={...r.c,year:n,month:s,day:Math.min(r.c.day,Ee(n,s))+Math.trunc(e.days)+Math.trunc(e.weeks)*7},a=p.fromObject({years:e.years-Math.trunc(e.years),quarters:e.quarters-Math.trunc(e.quarters),months:e.months-Math.trunc(e.months),weeks:e.weeks-Math.trunc(e.weeks),days:e.days-Math.trunc(e.days),hours:e.hours,minutes:e.minutes,seconds:e.seconds,milliseconds:e.milliseconds}).as("milliseconds"),o=xe(i);let[u,l]=An(o,t,r.zone);return a!==0&&(u+=a,l=r.zone.offset(u)),{ts:u,o:l}}function se(r,e,t,n,s,i){const{setZone:a,zone:o}=t;if(r&&Object.keys(r).length!==0||e){const u=e||o,l=y.fromObject(r,{...t,zone:u,specificOffset:i});return a?l:l.setZone(o)}else return y.invalid(new L("unparsable",`the input "${s}" can't be parsed as ${n}`))}function Ae(r,e,t=!0){return r.isValid?b.create(S.create("en-US"),{allowZ:t,forceSimple:!0}).formatDateTimeFromString(r,e):null}function at(r,e){const t=r.c.year>9999||r.c.year<0;let n="";return t&&r.c.year>=0&&(n+="+"),n+=E(r.c.year,t?6:4),e?(n+="-",n+=E(r.c.month),n+="-",n+=E(r.c.day)):(n+=E(r.c.month),n+=E(r.c.day)),n}function Cn(r,e,t,n,s,i){let a=E(r.c.hour);return e?(a+=":",a+=E(r.c.minute),(r.c.millisecond!==0||r.c.second!==0||!t)&&(a+=":")):a+=E(r.c.minute),(r.c.millisecond!==0||r.c.second!==0||!t)&&(a+=E(r.c.second),(r.c.millisecond!==0||!n)&&(a+=".",a+=E(r.c.millisecond,3))),s&&(r.isOffsetFixed&&r.offset===0&&!i?a+="Z":r.o<0?(a+="-",a+=E(Math.trunc(-r.o/60)),a+=":",a+=E(Math.trunc(-r.o%60))):(a+="+",a+=E(Math.trunc(r.o/60)),a+=":",a+=E(Math.trunc(r.o%60)))),i&&(a+="["+r.zone.ianaName+"]"),a}const Ln={month:1,day:1,hour:0,minute:0,second:0,millisecond:0},$s={weekNumber:1,weekday:1,hour:0,minute:0,second:0,millisecond:0},Us={ordinal:1,hour:0,minute:0,second:0,millisecond:0},Rn=["year","month","day","hour","minute","second","millisecond"],Zs=["weekYear","weekNumber","weekday","hour","minute","second","millisecond"],qs=["year","ordinal","hour","minute","second","millisecond"];function zs(r){const e={year:"year",years:"year",month:"month",months:"month",day:"day",days:"day",hour:"hour",hours:"hour",minute:"minute",minutes:"minute",quarter:"quarter",quarters:"quarter",second:"second",seconds:"second",millisecond:"millisecond",milliseconds:"millisecond",weekday:"weekday",weekdays:"weekday",weeknumber:"weekNumber",weeksnumber:"weekNumber",weeknumbers:"weekNumber",weekyear:"weekYear",weekyears:"weekYear",ordinal:"ordinal"}[r.toLowerCase()];if(!e)throw new ft(r);return e}function $n(r){switch(r.toLowerCase()){case"localweekday":case"localweekdays":return"localWeekday";case"localweeknumber":case"localweeknumbers":return"localWeekNumber";case"localweekyear":case"localweekyears":return"localWeekYear";default:return zs(r)}}function Ps(r){if(me===void 0&&(me=T.now()),r.type!=="iana")return r.offset(me);const e=r.name;let t=ot.get(e);return t===void 0&&(t=r.offset(me),ot.set(e,t)),t}function Un(r,e){const t=Z(e.zone,T.defaultZone);if(!t.isValid)return y.invalid(he(t));const n=S.fromObject(e);let s,i;if(g(r.year))s=T.now();else{for(const u of Rn)g(r[u])&&(r[u]=Ln[u]);const a=Ht(r)||Qt(r);if(a)return y.invalid(a);const o=Ps(t);[s,i]=Ve(r,o,t)}return new y({ts:s,zone:t,loc:n,o:i})}function Zn(r,e,t){const n=g(t.round)?!0:t.round,s=(a,o)=>(a=Qe(a,n||t.calendary?0:2,!0),e.loc.clone(t).relFormatter(t).format(a,o)),i=a=>t.calendary?e.hasSame(r,a)?0:e.startOf(a).diff(r.startOf(a),a).get(a):e.diff(r,a).get(a);if(t.unit)return s(i(t.unit),t.unit);for(const a of t.units){const o=i(a);if(Math.abs(o)>=1)return s(o,a)}return s(r>e?-0:0,t.units[t.units.length-1])}function qn(r){let e={},t;return r.length>0&&typeof r[r.length-1]=="object"?(e=r[r.length-1],t=Array.from(r).slice(0,r.length-1)):t=Array.from(r),[e,t]}let me;const ot=new Map;class y{constructor(e){const t=e.zone||T.defaultZone;let n=e.invalid||(Number.isNaN(e.ts)?new L("invalid input"):null)||(t.isValid?null:he(t));this.ts=g(e.ts)?T.now():e.ts;let s=null,i=null;if(!n)if(e.old&&e.old.ts===this.ts&&e.old.zone.equals(t))[s,i]=[e.old.c,e.old.o];else{const o=q(e.o)&&!e.old?e.o:t.offset(this.ts);s=Fe(this.ts,o),n=Number.isNaN(s.year)?new L("invalid input"):null,s=n?null:s,i=n?null:o}this._zone=t,this.loc=e.loc||S.create(),this.invalid=n,this.weekData=null,this.localWeekData=null,this.c=s,this.o=i,this.isLuxonDateTime=!0}static now(){return new y({})}static local(){const[e,t]=qn(arguments),[n,s,i,a,o,u,l]=t;return Un({year:n,month:s,day:i,hour:a,minute:o,second:u,millisecond:l},e)}static utc(){const[e,t]=qn(arguments),[n,s,i,a,o,u,l]=t;return e.zone=v.utcInstance,Un({year:n,month:s,day:i,hour:a,minute:o,second:u,millisecond:l},e)}static fromJSDate(e,t={}){const n=Sr(e)?e.valueOf():NaN;if(Number.isNaN(n))return y.invalid("invalid input");const s=Z(t.zone,T.defaultZone);return s.isValid?new y({ts:n,zone:s,loc:S.fromObject(t)}):y.invalid(he(s))}static fromMillis(e,t={}){if(q(e))return e<-864e13||e>Rs?y.invalid("Timestamp out of range"):new y({ts:e,zone:Z(t.zone,T.defaultZone),loc:S.fromObject(t)});throw new x(`fromMillis requires a numerical input, but received a ${typeof e} with value ${e}`)}static fromSeconds(e,t={}){if(q(e))return new y({ts:e*1e3,zone:Z(t.zone,T.defaultZone),loc:S.fromObject(t)});throw new x("fromSeconds requires a numerical input")}static fromObject(e,t={}){e=e||{};const n=Z(t.zone,T.defaultZone);if(!n.isValid)return y.invalid(he(n));const s=S.fromObject(t),i=ve(e,$n),{minDaysInFirstWeek:a,startOfWeek:o}=Kt(i,s),u=T.now(),l=g(t.specificOffset)?n.offset(u):t.specificOffset,f=!g(i.ordinal),h=!g(i.year),k=!g(i.month)||!g(i.day),m=h||k,N=i.weekYear||i.weekNumber;if((m||f)&&N)throw new j("Can't mix weekYear/weekNumber units with year/month/day or ordinals");if(k&&f)throw new j("Can't mix ordinal dates with month/day");const M=N||i.weekday&&!m;let D,ie,ge=Fe(u,l);M?(D=Zs,ie=$s,ge=Oe(ge,a,o)):f?(D=qs,ie=Us,ge=je(ge)):(D=Rn,ie=Ln);let zn=!1;for(const we of D){const ei=i[we];g(ei)?zn?i[we]=ie[we]:i[we]=ge[we]:zn=!0}const Hs=M?gr(i,a,o):f?pr(i):Ht(i),Pn=Hs||Qt(i);if(Pn)return y.invalid(Pn);const Qs=M?Gt(i,a,o):f?jt(i):i,[_s,Xs]=Ve(Qs,l,n),pe=new y({ts:_s,zone:n,o:Xs,loc:s});return i.weekday&&m&&e.weekday!==pe.weekday?y.invalid("mismatched weekday",`you can't specify both a weekday of ${i.weekday} and a date of ${pe.toISO()}`):pe.isValid?pe:y.invalid(pe.invalid)}static fromISO(e,t={}){const[n,s]=us(e);return se(n,s,t,"ISO 8601",e)}static fromRFC2822(e,t={}){const[n,s]=ls(e);return se(n,s,t,"RFC 2822",e)}static fromHTTP(e,t={}){const[n,s]=cs(e);return se(n,s,t,"HTTP",t)}static fromFormat(e,t,n={}){if(g(e)||g(t))throw new x("fromFormat requires an input string and a format");const{locale:s=null,numberingSystem:i=null}=n,a=S.fromOpts({locale:s,numberingSystem:i,defaultToEN:!0}),[o,u,l,f]=Ls(a,e,t);return f?y.invalid(f):se(o,u,n,`format ${t}`,e,l)}static fromString(e,t,n={}){return y.fromFormat(e,t,n)}static fromSQL(e,t={}){const[n,s]=ps(e);return se(n,s,t,"SQL",e)}static invalid(e,t=null){if(!e)throw new x("need to specify a reason the DateTime is invalid");const n=e instanceof L?e:new L(e,t);if(T.throwOnInvalid)throw new Yn(n);return new y({invalid:n})}static isDateTime(e){return e&&e.isLuxonDateTime||!1}static parseFormatForOpts(e,t={}){const n=Vn(e,S.fromObject(t));return n?n.map(s=>s?s.val:null).join(""):null}static expandFormat(e,t={}){return Mn(b.parseFormat(e),S.fromObject(t)).map(s=>s.val).join("")}static resetCache(){me=void 0,ot.clear()}get(e){return this[e]}get isValid(){return this.invalid===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}get locale(){return this.isValid?this.loc.locale:null}get numberingSystem(){return this.isValid?this.loc.numberingSystem:null}get outputCalendar(){return this.isValid?this.loc.outputCalendar:null}get zone(){return this._zone}get zoneName(){return this.isValid?this.zone.name:null}get year(){return this.isValid?this.c.year:NaN}get quarter(){return this.isValid?Math.ceil(this.c.month/3):NaN}get month(){return this.isValid?this.c.month:NaN}get day(){return this.isValid?this.c.day:NaN}get hour(){return this.isValid?this.c.hour:NaN}get minute(){return this.isValid?this.c.minute:NaN}get second(){return this.isValid?this.c.second:NaN}get millisecond(){return this.isValid?this.c.millisecond:NaN}get weekYear(){return this.isValid?st(this).weekYear:NaN}get weekNumber(){return this.isValid?st(this).weekNumber:NaN}get weekday(){return this.isValid?st(this).weekday:NaN}get isWeekend(){return this.isValid&&this.loc.getWeekendDays().includes(this.weekday)}get localWeekday(){return this.isValid?it(this).weekday:NaN}get localWeekNumber(){return this.isValid?it(this).weekNumber:NaN}get localWeekYear(){return this.isValid?it(this).weekYear:NaN}get ordinal(){return this.isValid?je(this.c).ordinal:NaN}get monthShort(){return this.isValid?Me.months("short",{locObj:this.loc})[this.month-1]:null}get monthLong(){return this.isValid?Me.months("long",{locObj:this.loc})[this.month-1]:null}get weekdayShort(){return this.isValid?Me.weekdays("short",{locObj:this.loc})[this.weekday-1]:null}get weekdayLong(){return this.isValid?Me.weekdays("long",{locObj:this.loc})[this.weekday-1]:null}get offset(){return this.isValid?+this.o:NaN}get offsetNameShort(){return this.isValid?this.zone.offsetName(this.ts,{format:"short",locale:this.locale}):null}get offsetNameLong(){return this.isValid?this.zone.offsetName(this.ts,{format:"long",locale:this.locale}):null}get isOffsetFixed(){return this.isValid?this.zone.isUniversal:null}get isInDST(){return this.isOffsetFixed?!1:this.offset>this.set({month:1,day:1}).offset||this.offset>this.set({month:5}).offset}getPossibleOffsets(){if(!this.isValid||this.isOffsetFixed)return[this];const e=864e5,t=6e4,n=xe(this.c),s=this.zone.offset(n-e),i=this.zone.offset(n+e),a=this.zone.offset(n-s*t),o=this.zone.offset(n-i*t);if(a===o)return[this];const u=n-a*t,l=n-o*t,f=Fe(u,a),h=Fe(l,o);return f.hour===h.hour&&f.minute===h.minute&&f.second===h.second&&f.millisecond===h.millisecond?[G(this,{ts:u}),G(this,{ts:l})]:[this]}get isInLeapYear(){return ue(this.year)}get daysInMonth(){return Ee(this.year,this.month)}get daysInYear(){return this.isValid?H(this.year):NaN}get weeksInWeekYear(){return this.isValid?le(this.weekYear):NaN}get weeksInLocalWeekYear(){return this.isValid?le(this.localWeekYear,this.loc.getMinDaysInFirstWeek(),this.loc.getStartOfWeek()):NaN}resolvedLocaleOptions(e={}){const{locale:t,numberingSystem:n,calendar:s}=b.create(this.loc.clone(e),e).resolvedOptions(this);return{locale:t,numberingSystem:n,outputCalendar:s}}toUTC(e=0,t={}){return this.setZone(v.instance(e),t)}toLocal(){return this.setZone(T.defaultZone)}setZone(e,{keepLocalTime:t=!1,keepCalendarTime:n=!1}={}){if(e=Z(e,T.defaultZone),e.equals(this.zone))return this;if(e.isValid){let s=this.ts;if(t||n){const i=e.offset(this.ts),a=this.toObject();[s]=Ve(a,i,e)}return G(this,{ts:s,zone:e})}else return y.invalid(he(e))}reconfigure({locale:e,numberingSystem:t,outputCalendar:n}={}){const s=this.loc.clone({locale:e,numberingSystem:t,outputCalendar:n});return G(this,{loc:s})}setLocale(e){return this.reconfigure({locale:e})}set(e){if(!this.isValid)return this;const t=ve(e,$n),{minDaysInFirstWeek:n,startOfWeek:s}=Kt(t,this.loc),i=!g(t.weekYear)||!g(t.weekNumber)||!g(t.weekday),a=!g(t.ordinal),o=!g(t.year),u=!g(t.month)||!g(t.day),l=o||u,f=t.weekYear||t.weekNumber;if((l||a)&&f)throw new j("Can't mix weekYear/weekNumber units with year/month/day or ordinals");if(u&&a)throw new j("Can't mix ordinal dates with month/day");let h;i?h=Gt({...Oe(this.c,n,s),...t},n,s):g(t.ordinal)?(h={...this.toObject(),...t},g(t.day)&&(h.day=Math.min(Ee(h.year,h.month),h.day))):h=jt({...je(this.c),...t});const[k,m]=Ve(h,this.o,this.zone);return G(this,{ts:k,o:m})}plus(e){if(!this.isValid)return this;const t=p.fromDurationLike(e);return G(this,Wn(this,t))}minus(e){if(!this.isValid)return this;const t=p.fromDurationLike(e).negate();return G(this,Wn(this,t))}startOf(e,{useLocaleWeeks:t=!1}={}){if(!this.isValid)return this;const n={},s=p.normalizeUnit(e);switch(s){case"years":n.month=1;case"quarters":case"months":n.day=1;case"weeks":case"days":n.hour=0;case"hours":n.minute=0;case"minutes":n.second=0;case"seconds":n.millisecond=0;break}if(s==="weeks")if(t){const i=this.loc.getStartOfWeek(),{weekday:a}=this;athis.valueOf(),o=a?this:e,u=a?e:this,l=Es(o,u,i,s);return a?l.negate():l}diffNow(e="milliseconds",t={}){return this.diff(y.now(),e,t)}until(e){return this.isValid?O.fromDateTimes(this,e):this}hasSame(e,t,n){if(!this.isValid)return!1;const s=e.valueOf(),i=this.setZone(e.zone,{keepLocalTime:!0});return i.startOf(t,n)<=s&&s<=i.endOf(t,n)}equals(e){return this.isValid&&e.isValid&&this.valueOf()===e.valueOf()&&this.zone.equals(e.zone)&&this.loc.equals(e.loc)}toRelative(e={}){if(!this.isValid)return null;const t=e.base||y.fromObject({},{zone:this.zone}),n=e.padding?thist.valueOf(),Math.min)}static max(...e){if(!e.every(y.isDateTime))throw new x("max requires all arguments be DateTimes");return en(e,t=>t.valueOf(),Math.max)}static fromFormatExplain(e,t,n={}){const{locale:s=null,numberingSystem:i=null}=n,a=S.fromOpts({locale:s,numberingSystem:i,defaultToEN:!0});return Fn(a,e,t)}static fromStringExplain(e,t,n={}){return y.fromFormatExplain(e,t,n)}static buildFormatParser(e,t={}){const{locale:n=null,numberingSystem:s=null}=t,i=S.fromOpts({locale:n,numberingSystem:s,defaultToEN:!0});return new Dn(i,e)}static fromFormatParser(e,t,n={}){if(g(e)||g(t))throw new x("fromFormatParser requires an input string and a format parser");const{locale:s=null,numberingSystem:i=null}=n,a=S.fromOpts({locale:s,numberingSystem:i,defaultToEN:!0});if(!a.equals(t.locale))throw new x(`fromFormatParser called with a locale of ${a}, but the format parser was created for ${t.locale}`);const{result:o,zone:u,specificOffset:l,invalidReason:f}=t.explainFromTokens(e);return f?y.invalid(f):se(o,u,n,`format ${t.format}`,e,l)}static get DATE_SHORT(){return Se}static get DATE_MED(){return dt}static get DATE_MED_WITH_WEEKDAY(){return Gn}static get DATE_FULL(){return ht}static get DATE_HUGE(){return mt}static get TIME_SIMPLE(){return yt}static get TIME_WITH_SECONDS(){return gt}static get TIME_WITH_SHORT_OFFSET(){return pt}static get TIME_WITH_LONG_OFFSET(){return wt}static get TIME_24_SIMPLE(){return St}static get TIME_24_WITH_SECONDS(){return kt}static get TIME_24_WITH_SHORT_OFFSET(){return Tt}static get TIME_24_WITH_LONG_OFFSET(){return Ot}static get DATETIME_SHORT(){return Nt}static get DATETIME_SHORT_WITH_SECONDS(){return Et}static get DATETIME_MED(){return xt}static get DATETIME_MED_WITH_SECONDS(){return bt}static get DATETIME_MED_WITH_WEEKDAY(){return jn}static get DATETIME_FULL(){return vt}static get DATETIME_FULL_WITH_SECONDS(){return It}static get DATETIME_HUGE(){return Mt}static get DATETIME_HUGE_WITH_SECONDS(){return Dt}}function ye(r){if(y.isDateTime(r))return r;if(r&&r.valueOf&&q(r.valueOf()))return y.fromJSDate(r);if(r&&typeof r=="object")return y.fromObject(r);throw new x(`Unknown datetime argument: ${r}, of type ${typeof r}`)}const Ys=[".jpg",".jpeg",".png",".svg",".gif",".jfif",".webp",".avif"],Js=[".mp4",".avi",".mov",".3gp",".wmv"],Bs=[".aa",".aac",".m4v",".mp3",".ogg",".oga",".mogg",".amr"],Gs=[".pdf",".doc",".docx",".xls",".xlsx",".ppt",".pptx",".odp",".odt",".ods",".txt"],js=["relation","file","select"],Ks=["text","email","url","editor"];class d{static isObject(e){return e!==null&&typeof e=="object"&&e.constructor===Object}static clone(e){return typeof structuredClone<"u"?structuredClone(e):JSON.parse(JSON.stringify(e))}static zeroValue(e){switch(typeof e){case"string":return"";case"number":return 0;case"boolean":return!1;case"object":return e===null?null:Array.isArray(e)?[]:{};case"undefined":return;default:return null}}static isEmpty(e){return e===""||e===null||typeof e>"u"||Array.isArray(e)&&e.length===0||d.isObject(e)&&Object.keys(e).length===0}static isInput(e){let t=e&&e.tagName?e.tagName.toLowerCase():"";return t==="input"||t==="select"||t==="textarea"||(e==null?void 0:e.isContentEditable)}static isFocusable(e){let t=e&&e.tagName?e.tagName.toLowerCase():"";return d.isInput(e)||t==="button"||t==="a"||t==="details"||(e==null?void 0:e.tabIndex)>=0}static hasNonEmptyProps(e){for(let t in e)if(!d.isEmpty(e[t]))return!0;return!1}static toArray(e,t=!1){return Array.isArray(e)?e.slice():(t||!d.isEmpty(e))&&typeof e<"u"?[e]:[]}static inArray(e,t){e=Array.isArray(e)?e:[];for(let n=e.length-1;n>=0;n--)if(e[n]==t)return!0;return!1}static removeByValue(e,t){e=Array.isArray(e)?e:[];for(let n=e.length-1;n>=0;n--)if(e[n]==t){e.splice(n,1);break}}static pushUnique(e,t){d.inArray(e,t)||e.push(t)}static mergeUnique(e,t){for(let n of t)d.pushUnique(e,n);return e}static findByKey(e,t,n){e=Array.isArray(e)?e:[];for(let s in e)if(e[s][t]==n)return e[s];return null}static groupByKey(e,t){e=Array.isArray(e)?e:[];const n={};for(let s in e)n[e[s][t]]=n[e[s][t]]||[],n[e[s][t]].push(e[s]);return n}static removeByKey(e,t,n){for(let s in e)if(e[s][t]==n){e.splice(s,1);break}}static pushOrReplaceByKey(e,t,n="id"){for(let s=e.length-1;s>=0;s--)if(e[s][n]==t[n]){e[s]=t;return}e.push(t)}static filterDuplicatesByKey(e,t="id"){e=Array.isArray(e)?e:[];const n={};for(const s of e)n[s[t]]=s;return Object.values(n)}static filterRedactedProps(e,t="******"){const n=JSON.parse(JSON.stringify(e||{}));for(let s in n)typeof n[s]=="object"&&n[s]!==null?n[s]=d.filterRedactedProps(n[s],t):n[s]===t&&delete n[s];return n}static getNestedVal(e,t,n=null,s="."){let i=e||{},a=(t||"").split(s);for(const o of a){if(!d.isObject(i)&&!Array.isArray(i)||typeof i[o]>"u")return n;i=i[o]}return i}static setByPath(e,t,n,s="."){if(e===null||typeof e!="object"){console.warn("setByPath: data not an object or array.");return}let i=e,a=t.split(s),o=a.pop();for(const u of a)(!d.isObject(i)&&!Array.isArray(i)||!d.isObject(i[u])&&!Array.isArray(i[u]))&&(i[u]={}),i=i[u];i[o]=n}static deleteByPath(e,t,n="."){let s=e||{},i=(t||"").split(n),a=i.pop();for(const o of i)(!d.isObject(s)&&!Array.isArray(s)||!d.isObject(s[o])&&!Array.isArray(s[o]))&&(s[o]={}),s=s[o];Array.isArray(s)?s.splice(a,1):d.isObject(s)&&delete s[a],i.length>0&&(Array.isArray(s)&&!s.length||d.isObject(s)&&!Object.keys(s).length)&&(Array.isArray(e)&&e.length>0||d.isObject(e)&&Object.keys(e).length>0)&&d.deleteByPath(e,i.join(n),n)}static randomString(e=10){let t="",n="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";for(let s=0;s"u")return d.randomString(e);const t=new Uint8Array(e);crypto.getRandomValues(t);const n="-_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";let s="";for(let i=0;ii.replaceAll("{_PB_ESCAPED_}",t));for(let i of s)i=i.trim(),d.isEmpty(i)||n.push(i);return n}static joinNonEmpty(e,t=", "){e=e||[];const n=[],s=t.length>1?t.trim():t;for(let i of e)i=typeof i=="string"?i.trim():"",d.isEmpty(i)||n.push(i.replaceAll(s,"\\"+s));return n.join(t)}static getInitials(e){if(e=(e||"").split("@")[0].trim(),e.length<=2)return e.toUpperCase();const t=e.split(/[\.\_\-\ ]/);return t.length>=2?(t[0][0]+t[1][0]).toUpperCase():e[0].toUpperCase()}static formattedFileSize(e){const t=e?Math.floor(Math.log(e)/Math.log(1024)):0;return(e/Math.pow(1024,t)).toFixed(2)*1+" "+["B","KB","MB","GB","TB"][t]}static getDateTime(e){if(typeof e=="string"){const t={19:"yyyy-MM-dd HH:mm:ss",23:"yyyy-MM-dd HH:mm:ss.SSS",20:"yyyy-MM-dd HH:mm:ss'Z'",24:"yyyy-MM-dd HH:mm:ss.SSS'Z'"},n=t[e.length]||t[19];return y.fromFormat(e,n,{zone:"UTC"})}return typeof e=="number"?y.fromMillis(e):y.fromJSDate(e)}static formatToUTCDate(e,t="yyyy-MM-dd HH:mm:ss"){return d.getDateTime(e).toUTC().toFormat(t)}static formatToLocalDate(e,t="yyyy-MM-dd HH:mm:ss"){return d.getDateTime(e).toLocal().toFormat(t)}static async copyToClipboard(e){var t;if(typeof e=="object")try{e=JSON.stringify(e,null,2)}catch{}if(e=""+e,!(!e.length||!((t=window==null?void 0:window.navigator)!=null&&t.clipboard)))return window.navigator.clipboard.writeText(e).catch(n=>{console.warn("Failed to copy.",n)})}static download(e,t){const n=document.createElement("a");n.setAttribute("href",e),n.setAttribute("download",t),n.setAttribute("target","_blank"),n.click(),n.remove()}static downloadJson(e,t){t=t.endsWith(".json")?t:t+".json";const n=new Blob([JSON.stringify(e,null,2)],{type:"application/json"}),s=window.URL.createObjectURL(n);d.download(s,t)}static getJWTPayload(e){const t=(e||"").split(".")[1]||"";if(t==="")return{};try{const n=decodeURIComponent(atob(t));return JSON.parse(n)||{}}catch(n){console.warn("Failed to parse JWT payload data.",n)}return{}}static hasImageExtension(e){return e=e||"",!!Ys.find(t=>e.toLowerCase().endsWith(t))}static hasVideoExtension(e){return e=e||"",!!Js.find(t=>e.toLowerCase().endsWith(t))}static hasAudioExtension(e){return e=e||"",!!Bs.find(t=>e.toLowerCase().endsWith(t))}static hasDocumentExtension(e){return e=e||"",!!Gs.find(t=>e.toLowerCase().endsWith(t))}static getFileType(e){return d.hasImageExtension(e)?"image":d.hasDocumentExtension(e)?"document":d.hasVideoExtension(e)?"video":d.hasAudioExtension(e)?"audio":"file"}static generateThumb(e,t=100,n=100){return new Promise(s=>{let i=new FileReader;i.onload=function(a){let o=new Image;o.onload=function(){let u=document.createElement("canvas"),l=u.getContext("2d"),f=o.width,h=o.height;return u.width=t,u.height=n,l.drawImage(o,f>h?(f-h)/2:0,0,f>h?h:f,f>h?h:f,0,0,t,n),s(u.toDataURL(e.type))},o.src=a.target.result},i.readAsDataURL(e)})}static addValueToFormData(e,t,n){if(!(typeof n>"u"))if(d.isEmpty(n))e.append(t,"");else if(Array.isArray(n))for(const s of n)d.addValueToFormData(e,t,s);else n instanceof File?e.append(t,n):n instanceof Date?e.append(t,n.toISOString()):d.isObject(n)?e.append(t,JSON.stringify(n)):e.append(t,""+n)}static dummyCollectionRecord(e){return Object.assign({collectionId:e==null?void 0:e.id,collectionName:e==null?void 0:e.name},d.dummyCollectionSchemaData(e))}static dummyCollectionSchemaData(e,t=!1){var i;const n=(e==null?void 0:e.fields)||[],s={};for(const a of n){if(a.hidden||t&&a.primaryKey&&a.autogeneratePattern||t&&a.type==="autodate")continue;let o=null;if(a.type==="number")o=123;else if(a.type==="date"||a.type==="autodate")o="2022-01-01 10:00:00.123Z";else if(a.type=="bool")o=!0;else if(a.type=="email")o="test@example.com";else if(a.type=="url")o="https://example.com";else if(a.type=="json")o="JSON";else if(a.type=="file"){if(t)continue;o="filename.jpg",a.maxSelect!=1&&(o=[o])}else a.type=="select"?(o=(i=a==null?void 0:a.values)==null?void 0:i[0],(a==null?void 0:a.maxSelect)!=1&&(o=[o])):a.type=="relation"?(o="RELATION_RECORD_ID",(a==null?void 0:a.maxSelect)!=1&&(o=[o])):a.type=="geoPoint"?o={lon:0,lat:0}:o="test";s[a.name]=o}return s}static getCollectionTypeIcon(e){switch(e==null?void 0:e.toLowerCase()){case"auth":return"ri-group-line";case"view":return"ri-table-line";default:return"ri-folder-2-line"}}static getFieldTypeIcon(e){switch(e){case"primary":return"ri-key-line";case"text":return"ri-text";case"number":return"ri-hashtag";case"date":return"ri-calendar-line";case"bool":return"ri-toggle-line";case"email":return"ri-mail-line";case"url":return"ri-link";case"editor":return"ri-edit-2-line";case"select":return"ri-list-check";case"json":return"ri-braces-line";case"file":return"ri-image-line";case"relation":return"ri-mind-map";case"password":return"ri-lock-password-line";case"autodate":return"ri-calendar-check-line";case"geoPoint":return"ri-map-pin-2-line";default:return"ri-star-s-line"}}static getFieldValueType(e){switch(e==null?void 0:e.type){case"bool":return"Boolean";case"number":return"Number";case"geoPoint":return"Object";case"file":return"File";case"select":case"relation":return(e==null?void 0:e.maxSelect)==1?"String":"Array";default:return"String"}}static zeroDefaultStr(e){return(e==null?void 0:e.type)==="number"?"0":(e==null?void 0:e.type)==="bool"?"false":(e==null?void 0:e.type)==="geoPoint"?'{"lon":0,"lat":0}':(e==null?void 0:e.type)==="json"?'null, "", [], {}':["select","relation","file"].includes(e==null?void 0:e.type)&&(e==null?void 0:e.maxSelect)!=1?"[]":'""'}static getApiExampleUrl(e){return(window.location.href.substring(0,window.location.href.indexOf("/_"))||e||"/").replace("//localhost","//127.0.0.1")}static hasCollectionChanges(e,t,n=!1){if(e=e||{},t=t||{},e.id!=t.id)return!0;for(let l in e)if(l!=="fields"&&JSON.stringify(e[l])!==JSON.stringify(t[l]))return!0;const s=Array.isArray(e.fields)?e.fields:[],i=Array.isArray(t.fields)?t.fields:[],a=s.filter(l=>(l==null?void 0:l.id)&&!d.findByKey(i,"id",l.id)),o=i.filter(l=>(l==null?void 0:l.id)&&!d.findByKey(s,"id",l.id)),u=i.filter(l=>{const f=d.isObject(l)&&d.findByKey(s,"id",l.id);if(!f)return!1;for(let h in f)if(JSON.stringify(l[h])!=JSON.stringify(f[h]))return!0;return!1});return!!(o.length||u.length||n&&a.length)}static sortCollections(e=[]){const t=[],n=[],s=[];for(const a of e)a.type==="auth"?t.push(a):a.type==="base"?n.push(a):s.push(a);function i(a,o){return a.name>o.name?1:a.namea.id==e.collectionId);if(!i)return s;for(const a of i.fields){if(!a.presentable||a.type!="relation"||n<=0)continue;const o=d.getExpandPresentableRelFields(a,t,n-1);for(const u of o)s.push(e.name+"."+u)}return s.length||s.push(e.name),s}static yieldToMain(){return new Promise(e=>{setTimeout(e,0)})}static defaultFlatpickrOptions(){return{dateFormat:"Y-m-d H:i:S",disableMobile:!0,allowInput:!0,enableTime:!0,time_24hr:!0,locale:{firstDayOfWeek:1}}}static defaultEditorOptions(){const e=["DIV","P","A","EM","B","STRONG","H1","H2","H3","H4","H5","H6","TABLE","TR","TD","TH","TBODY","THEAD","TFOOT","BR","HR","Q","SUP","SUB","DEL","IMG","OL","UL","LI","CODE"];function t(s){let i=s.parentNode;for(;s.firstChild;)i.insertBefore(s.firstChild,s);i.removeChild(s)}function n(s){if(s){for(const i of s.children)n(i);e.includes(s.tagName)?(s.removeAttribute("style"),s.removeAttribute("class")):t(s)}}return{branding:!1,promotion:!1,menubar:!1,min_height:270,height:270,max_height:700,autoresize_bottom_margin:30,convert_unsafe_embeds:!0,skin:"pocketbase",content_style:"body { font-size: 14px }",plugins:["autoresize","autolink","lists","link","image","searchreplace","fullscreen","media","table","code","codesample","directionality"],codesample_global_prismjs:!0,codesample_languages:[{text:"HTML/XML",value:"markup"},{text:"CSS",value:"css"},{text:"SQL",value:"sql"},{text:"JavaScript",value:"javascript"},{text:"Go",value:"go"},{text:"Dart",value:"dart"},{text:"Zig",value:"zig"},{text:"Rust",value:"rust"},{text:"Lua",value:"lua"},{text:"PHP",value:"php"},{text:"Ruby",value:"ruby"},{text:"Python",value:"python"},{text:"Java",value:"java"},{text:"C",value:"c"},{text:"C#",value:"csharp"},{text:"C++",value:"cpp"},{text:"Markdown",value:"markdown"},{text:"Swift",value:"swift"},{text:"Kotlin",value:"kotlin"},{text:"Elixir",value:"elixir"},{text:"Scala",value:"scala"},{text:"Julia",value:"julia"},{text:"Haskell",value:"haskell"}],toolbar:"styles | alignleft aligncenter alignright | bold italic forecolor backcolor | bullist numlist | link image_picker table codesample direction | code fullscreen",paste_postprocess:(s,i)=>{n(i.node)},file_picker_types:"image",file_picker_callback:(s,i,a)=>{const o=document.createElement("input");o.setAttribute("type","file"),o.setAttribute("accept","image/*"),o.addEventListener("change",u=>{const l=u.target.files[0],f=new FileReader;f.addEventListener("load",()=>{if(!tinymce)return;const h="blobid"+new Date().getTime(),k=tinymce.activeEditor.editorUpload.blobCache,m=f.result.split(",")[1],N=k.create(h,l,m);k.add(N),s(N.blobUri(),{title:l.name})}),f.readAsDataURL(l)}),o.click()},setup:s=>{s.on("keydown",a=>{(a.ctrlKey||a.metaKey)&&a.code=="KeyS"&&s.formElement&&(a.preventDefault(),a.stopPropagation(),s.formElement.dispatchEvent(new KeyboardEvent("keydown",a)))});const i="tinymce_last_direction";s.on("init",()=>{var o;const a=(o=window==null?void 0:window.localStorage)==null?void 0:o.getItem(i);!s.isDirty()&&s.getContent()==""&&a=="rtl"&&s.execCommand("mceDirectionRTL")}),s.ui.registry.addMenuButton("direction",{icon:"visualchars",fetch:a=>{a([{type:"menuitem",text:"LTR content",icon:"ltr",onAction:()=>{var u;(u=window==null?void 0:window.localStorage)==null||u.setItem(i,"ltr"),s.execCommand("mceDirectionLTR")}},{type:"menuitem",text:"RTL content",icon:"rtl",onAction:()=>{var u;(u=window==null?void 0:window.localStorage)==null||u.setItem(i,"rtl"),s.execCommand("mceDirectionRTL")}}])}}),s.ui.registry.addMenuButton("image_picker",{icon:"image",fetch:a=>{a([{type:"menuitem",text:"From collection",icon:"gallery",onAction:()=>{s.dispatch("collections_file_picker",{})}},{type:"menuitem",text:"Inline",icon:"browse",onAction:()=>{s.execCommand("mceImage")}}])}})}}}static displayValue(e,t,n="N/A"){e=e||{},t=t||[];let s=[];for(const a of t){let o=e[a];typeof o>"u"||(o=d.stringifyValue(o,n),s.push(o))}if(s.length>0)return s.join(", ");const i=["title","name","slug","email","username","nickname","label","heading","message","key","identifier","id"];for(const a of i){let o=d.stringifyValue(e[a],"");if(o)return o}return n}static stringifyValue(e,t="N/A",n=150){if(d.isEmpty(e))return t;if(typeof e=="number")return""+e;if(typeof e=="boolean")return e?"True":"False";if(typeof e=="string")return e=e.indexOf("<")>=0?d.plainText(e):e,d.truncate(e,n)||t;if(Array.isArray(e)&&typeof e[0]!="object")return d.truncate(e.join(","),n);if(typeof e=="object")try{return d.truncate(JSON.stringify(e),n)||t}catch{return t}return e}static extractColumnsFromQuery(e){var a;const t="__GROUP__";e=(e||"").replace(/\([\s\S]+?\)/gm,t).replace(/[\t\r\n]|(?:\s\s)+/g," ");const n=e.match(/select\s+([\s\S]+)\s+from/),s=((a=n==null?void 0:n[1])==null?void 0:a.split(","))||[],i=[];for(let o of s){const u=o.trim().split(" ").pop();u!=""&&u!=t&&i.push(u.replace(/[\'\"\`\[\]\s]/g,""))}return i}static getAllCollectionIdentifiers(e,t=""){if(!e)return[];let n=[t+"id"];if(e.type==="view")for(let i of d.extractColumnsFromQuery(e.viewQuery))d.pushUnique(n,t+i);const s=e.fields||[];for(const i of s)i.type=="geoPoint"?(d.pushUnique(n,t+i.name+".lon"),d.pushUnique(n,t+i.name+".lat")):d.pushUnique(n,t+i.name);return n}static getCollectionAutocompleteKeys(e,t,n="",s=0){let i=e.find(o=>o.name==t||o.id==t);if(!i||s>=4)return[];i.fields=i.fields||[];let a=d.getAllCollectionIdentifiers(i,n);for(const o of i.fields){const u=n+o.name;if(o.type=="relation"&&o.collectionId){const l=d.getCollectionAutocompleteKeys(e,o.collectionId,u+".",s+1);l.length&&(a=a.concat(l))}o.maxSelect!=1&&js.includes(o.type)?(a.push(u+":each"),a.push(u+":length")):Ks.includes(o.type)&&a.push(u+":lower")}for(const o of e){o.fields=o.fields||[];for(const u of o.fields)if(u.type=="relation"&&u.collectionId==i.id){const l=n+o.name+"_via_"+u.name,f=d.getCollectionAutocompleteKeys(e,o.id,l+".",s+2);f.length&&(a=a.concat(f))}}return a}static getCollectionJoinAutocompleteKeys(e){const t=[];let n,s;for(const i of e)if(!i.system){n="@collection."+i.name+".",s=d.getCollectionAutocompleteKeys(e,i.name,n);for(const a of s)t.push(a)}return t}static getRequestAutocompleteKeys(e,t){const n=[];n.push("@request.context"),n.push("@request.method"),n.push("@request.query."),n.push("@request.body."),n.push("@request.headers."),n.push("@request.auth.collectionId"),n.push("@request.auth.collectionName");const s=e.filter(i=>i.type==="auth");for(const i of s){if(i.system)continue;const a=d.getCollectionAutocompleteKeys(e,i.id,"@request.auth.");for(const o of a)d.pushUnique(n,o)}if(t){const i=d.getCollectionAutocompleteKeys(e,t,"@request.body.");for(const a of i){n.push(a);const o=a.split(".");o.length===3&&o[2].indexOf(":")===-1&&n.push(a+":isset")}}return n}static parseIndex(e){var u,l,f,h,k;const t={unique:!1,optional:!1,schemaName:"",indexName:"",tableName:"",columns:[],where:""},s=/create\s+(unique\s+)?\s*index\s*(if\s+not\s+exists\s+)?(\S*)\s+on\s+(\S*)\s*\(([\s\S]*)\)(?:\s*where\s+([\s\S]*))?/gmi.exec((e||"").trim());if((s==null?void 0:s.length)!=7)return t;const i=/^[\"\'\`\[\{}]|[\"\'\`\]\}]$/gm;t.unique=((u=s[1])==null?void 0:u.trim().toLowerCase())==="unique",t.optional=!d.isEmpty((l=s[2])==null?void 0:l.trim());const a=(s[3]||"").split(".");a.length==2?(t.schemaName=a[0].replace(i,""),t.indexName=a[1].replace(i,"")):(t.schemaName="",t.indexName=a[0].replace(i,"")),t.tableName=(s[4]||"").replace(i,"");const o=(s[5]||"").replace(/,(?=[^\(]*\))/gmi,"{PB_TEMP}").split(",");for(let m of o){m=m.trim().replaceAll("{PB_TEMP}",",");const M=/^([\s\S]+?)(?:\s+collate\s+([\w]+))?(?:\s+(asc|desc))?$/gmi.exec(m);if((M==null?void 0:M.length)!=4)continue;const D=(h=(f=M[1])==null?void 0:f.trim())==null?void 0:h.replace(i,"");D&&t.columns.push({name:D,collate:M[2]||"",sort:((k=M[3])==null?void 0:k.toUpperCase())||""})}return t.where=s[6]||"",t}static buildIndex(e){let t="CREATE ";e.unique&&(t+="UNIQUE "),t+="INDEX ",e.optional&&(t+="IF NOT EXISTS "),e.schemaName&&(t+=`\`${e.schemaName}\`.`),t+=`\`${e.indexName||"idx_"+d.randomString(10)}\` `,t+=`ON \`${e.tableName}\` (`;const n=e.columns.filter(s=>!!(s!=null&&s.name));return n.length>1&&(t+=` + `),t+=n.map(s=>{let i="";return s.name.includes("(")||s.name.includes(" ")?i+=s.name:i+="`"+s.name+"`",s.collate&&(i+=" COLLATE "+s.collate),s.sort&&(i+=" "+s.sort.toUpperCase()),i}).join(`, + `),n.length>1&&(t+=` +`),t+=")",e.where&&(t+=` WHERE ${e.where}`),t}static replaceIndexTableName(e,t){const n=d.parseIndex(e);return n.tableName=t,d.buildIndex(n)}static replaceIndexColumn(e,t,n){if(t===n)return e;const s=d.parseIndex(e);let i=!1;for(let a of s.columns)a.name===t&&(a.name=n,i=!0);return i?d.buildIndex(s):e}static normalizeSearchFilter(e,t){if(e=(e||"").trim(),!e||!t.length)return e;const n=["=","!=","~","!~",">",">=","<","<="];for(const s of n)if(e.includes(s))return e;return e=isNaN(e)&&e!="true"&&e!="false"?`"${e.replace(/^[\"\'\`]|[\"\'\`]$/gm,"")}"`:e,t.map(s=>`${s}~${e}`).join("||")}static normalizeLogsFilter(e,t=[]){return d.normalizeSearchFilter(e,["level","message","data"].concat(t))}static initSchemaField(e){return Object.assign({id:"",name:"",type:"text",system:!1,hidden:!1,required:!1},e)}static triggerResize(){window.dispatchEvent(new Event("resize"))}static getHashQueryParams(){let e="";const t=window.location.hash.indexOf("?");return t>-1&&(e=window.location.hash.substring(t+1)),Object.fromEntries(new URLSearchParams(e))}static replaceHashQueryParams(e){e=e||{};let t="",n=window.location.hash;const s=n.indexOf("?");s>-1&&(t=n.substring(s+1),n=n.substring(0,s));const i=new URLSearchParams(t);for(let u in e){const l=e[u];l===null?i.delete(u):i.set(u,l)}t=i.toString(),t!=""&&(n+="?"+t);let a=window.location.href;const o=a.indexOf("#");o>-1&&(a=a.substring(0,o)),window.location.replace(a+n)}}const ut=11e3;onmessage=r=>{var t,n;if(!r.data.collections)return;const e={};e.baseKeys=d.getCollectionAutocompleteKeys(r.data.collections,(t=r.data.baseCollection)==null?void 0:t.name),e.baseKeys=ct(e.baseKeys.sort(lt),ut),r.data.disableRequestKeys||(e.requestKeys=d.getRequestAutocompleteKeys(r.data.collections,(n=r.data.baseCollection)==null?void 0:n.name),e.requestKeys=ct(e.requestKeys.sort(lt),ut)),r.data.disableCollectionJoinKeys||(e.collectionJoinKeys=d.getCollectionJoinAutocompleteKeys(r.data.collections),e.collectionJoinKeys=ct(e.collectionJoinKeys.sort(lt),ut)),postMessage(e)};function lt(r,e){return r.length-e.length}function ct(r,e){return r.length>e?r.slice(0,e):r}})(); diff --git a/ui/dist/assets/index-BH0nlDnw.js b/ui/dist/assets/index-BH0nlDnw.js new file mode 100644 index 0000000..066f89a --- /dev/null +++ b/ui/dist/assets/index-BH0nlDnw.js @@ -0,0 +1,228 @@ +const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["./FilterAutocompleteInput-CBf9aYgb.js","./index-Bd1MzT5k.js","./ListApiDocs-D97szj_n.js","./FieldsQueryParam-DQVKTiQb.js","./ListApiDocs-ByASLUZu.css","./ViewApiDocs-wlifUl4N.js","./CreateApiDocs-JPvR8N_9.js","./UpdateApiDocs-DL1jPaKQ.js","./AuthMethodsDocs-kTmmvbiv.js","./AuthWithPasswordDocs-DDzkR56i.js","./AuthWithOAuth2Docs-DR-QIR8o.js","./AuthWithOtpDocs-Bf-89h5e.js","./AuthRefreshDocs-CN-JUWQG.js","./CodeEditor-CHQR53XK.js","./Leaflet-Dlp_i0kf.js","./Leaflet-DCQr6yJv.css"])))=>i.map(i=>d[i]); +var By=Object.defineProperty;var Wy=(n,e,t)=>e in n?By(n,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):n[e]=t;var pt=(n,e,t)=>Wy(n,typeof e!="symbol"?e+"":e,t);(function(){const e=document.createElement("link").relList;if(e&&e.supports&&e.supports("modulepreload"))return;for(const s of document.querySelectorAll('link[rel="modulepreload"]'))i(s);new MutationObserver(s=>{for(const l of s)if(l.type==="childList")for(const o of l.addedNodes)o.tagName==="LINK"&&o.rel==="modulepreload"&&i(o)}).observe(document,{childList:!0,subtree:!0});function t(s){const l={};return s.integrity&&(l.integrity=s.integrity),s.referrerPolicy&&(l.referrerPolicy=s.referrerPolicy),s.crossOrigin==="use-credentials"?l.credentials="include":s.crossOrigin==="anonymous"?l.credentials="omit":l.credentials="same-origin",l}function i(s){if(s.ep)return;s.ep=!0;const l=t(s);fetch(s.href,l)}})();function te(){}const lo=n=>n;function je(n,e){for(const t in e)n[t]=e[t];return n}function Yy(n){return!!n&&(typeof n=="object"||typeof n=="function")&&typeof n.then=="function"}function Xb(n){return n()}function mf(){return Object.create(null)}function Ee(n){n.forEach(Xb)}function Lt(n){return typeof n=="function"}function be(n,e){return n!=n?e==e:n!==e||n&&typeof n=="object"||typeof n=="function"}let wo;function Sn(n,e){return n===e?!0:(wo||(wo=document.createElement("a")),wo.href=e,n===wo.href)}function Ky(n){return Object.keys(n).length===0}function pu(n,...e){if(n==null){for(const i of e)i(void 0);return te}const t=n.subscribe(...e);return t.unsubscribe?()=>t.unsubscribe():t}function Qb(n){let e;return pu(n,t=>e=t)(),e}function Ge(n,e,t){n.$$.on_destroy.push(pu(e,t))}function Nt(n,e,t,i){if(n){const s=xb(n,e,t,i);return n[0](s)}}function xb(n,e,t,i){return n[1]&&i?je(t.ctx.slice(),n[1](i(e))):t.ctx}function Rt(n,e,t,i){if(n[2]&&i){const s=n[2](i(t));if(e.dirty===void 0)return s;if(typeof s=="object"){const l=[],o=Math.max(e.dirty.length,s.length);for(let r=0;r32){const e=[],t=n.ctx.length/32;for(let i=0;iwindow.performance.now():()=>Date.now(),mu=e0?n=>requestAnimationFrame(n):te;const Zl=new Set;function t0(n){Zl.forEach(e=>{e.c(n)||(Zl.delete(e),e.f())}),Zl.size!==0&&mu(t0)}function wr(n){let e;return Zl.size===0&&mu(t0),{promise:new Promise(t=>{Zl.add(e={c:n,f:t})}),abort(){Zl.delete(e)}}}function y(n,e){n.appendChild(e)}function n0(n){if(!n)return document;const e=n.getRootNode?n.getRootNode():n.ownerDocument;return e&&e.host?e:n.ownerDocument}function Jy(n){const e=b("style");return e.textContent="/* empty */",Zy(n0(n),e),e.sheet}function Zy(n,e){return y(n.head||n,e),e.sheet}function w(n,e,t){n.insertBefore(e,t||null)}function v(n){n.parentNode&&n.parentNode.removeChild(n)}function dt(n,e){for(let t=0;tn.removeEventListener(e,t,i)}function it(n){return function(e){return e.preventDefault(),n.call(this,e)}}function en(n){return function(e){return e.stopPropagation(),n.call(this,e)}}function p(n,e,t){t==null?n.removeAttribute(e):n.getAttribute(e)!==t&&n.setAttribute(e,t)}const Gy=["width","height"];function ii(n,e){const t=Object.getOwnPropertyDescriptors(n.__proto__);for(const i in e)e[i]==null?n.removeAttribute(i):i==="style"?n.style.cssText=e[i]:i==="__value"?n.value=n[i]=e[i]:t[i]&&t[i].set&&Gy.indexOf(i)===-1?n[i]=e[i]:p(n,i,e[i])}function Xy(n){let e;return{p(...t){e=t,e.forEach(i=>n.push(i))},r(){e.forEach(t=>n.splice(n.indexOf(t),1))}}}function mt(n){return n===""?null:+n}function Qy(n){return Array.from(n.childNodes)}function se(n,e){e=""+e,n.data!==e&&(n.data=e)}function me(n,e){n.value=e??""}function i0(n,e,t,i){t==null?n.style.removeProperty(e):n.style.setProperty(e,t,"")}function x(n,e,t){n.classList.toggle(e,!!t)}function l0(n,e,{bubbles:t=!1,cancelable:i=!1}={}){return new CustomEvent(n,{detail:e,bubbles:t,cancelable:i})}function Ht(n,e){return new n(e)}const sr=new Map;let or=0;function xy(n){let e=5381,t=n.length;for(;t--;)e=(e<<5)-e^n.charCodeAt(t);return e>>>0}function ev(n,e){const t={stylesheet:Jy(e),rules:{}};return sr.set(n,t),t}function Us(n,e,t,i,s,l,o,r=0){const a=16.666/i;let u=`{ +`;for(let _=0;_<=1;_+=a){const k=e+(t-e)*l(_);u+=_*100+`%{${o(k,1-k)}} +`}const f=u+`100% {${o(t,1-t)}} +}`,c=`__svelte_${xy(f)}_${r}`,d=n0(n),{stylesheet:m,rules:h}=sr.get(d)||ev(d,n);h[c]||(h[c]=!0,m.insertRule(`@keyframes ${c} ${f}`,m.cssRules.length));const g=n.style.animation||"";return n.style.animation=`${g?`${g}, `:""}${c} ${i}ms linear ${s}ms 1 both`,or+=1,c}function Vs(n,e){const t=(n.style.animation||"").split(", "),i=t.filter(e?l=>l.indexOf(e)<0:l=>l.indexOf("__svelte")===-1),s=t.length-i.length;s&&(n.style.animation=i.join(", "),or-=s,or||tv())}function tv(){mu(()=>{or||(sr.forEach(n=>{const{ownerNode:e}=n.stylesheet;e&&v(e)}),sr.clear())})}function nv(n,e,t,i){if(!e)return te;const s=n.getBoundingClientRect();if(e.left===s.left&&e.right===s.right&&e.top===s.top&&e.bottom===s.bottom)return te;const{delay:l=0,duration:o=300,easing:r=lo,start:a=vr()+l,end:u=a+o,tick:f=te,css:c}=t(n,{from:e,to:s},i);let d=!0,m=!1,h;function g(){c&&(h=Us(n,0,1,o,l,r,c)),l||(m=!0)}function _(){c&&Vs(n,h),d=!1}return wr(k=>{if(!m&&k>=a&&(m=!0),m&&k>=u&&(f(1,0),_()),!d)return!1;if(m){const S=k-a,$=0+1*r(S/o);f($,1-$)}return!0}),g(),f(0,1),_}function iv(n){const e=getComputedStyle(n);if(e.position!=="absolute"&&e.position!=="fixed"){const{width:t,height:i}=e,s=n.getBoundingClientRect();n.style.position="absolute",n.style.width=t,n.style.height=i,s0(n,s)}}function s0(n,e){const t=n.getBoundingClientRect();if(e.left!==t.left||e.top!==t.top){const i=getComputedStyle(n),s=i.transform==="none"?"":i.transform;n.style.transform=`${s} translate(${e.left-t.left}px, ${e.top-t.top}px)`}}let Bs;function qi(n){Bs=n}function so(){if(!Bs)throw new Error("Function called outside component initialization");return Bs}function an(n){so().$$.on_mount.push(n)}function lv(n){so().$$.after_update.push(n)}function oo(n){so().$$.on_destroy.push(n)}function wt(){const n=so();return(e,t,{cancelable:i=!1}={})=>{const s=n.$$.callbacks[e];if(s){const l=l0(e,t,{cancelable:i});return s.slice().forEach(o=>{o.call(n,l)}),!l.defaultPrevented}return!0}}function Le(n,e){const t=n.$$.callbacks[e.type];t&&t.slice().forEach(i=>i.call(this,e))}const Kl=[],ne=[];let Gl=[];const La=[],o0=Promise.resolve();let Aa=!1;function r0(){Aa||(Aa=!0,o0.then(hu))}function _n(){return r0(),o0}function tt(n){Gl.push(n)}function $e(n){La.push(n)}const Wr=new Set;let zl=0;function hu(){if(zl!==0)return;const n=Bs;do{try{for(;zln.indexOf(i)===-1?e.push(i):t.push(i)),t.forEach(i=>i()),Gl=e}let bs;function _u(){return bs||(bs=Promise.resolve(),bs.then(()=>{bs=null})),bs}function Cl(n,e,t){n.dispatchEvent(l0(`${e?"intro":"outro"}${t}`))}const Zo=new Set;let Ti;function oe(){Ti={r:0,c:[],p:Ti}}function re(){Ti.r||Ee(Ti.c),Ti=Ti.p}function M(n,e){n&&n.i&&(Zo.delete(n),n.i(e))}function D(n,e,t,i){if(n&&n.o){if(Zo.has(n))return;Zo.add(n),Ti.c.push(()=>{Zo.delete(n),i&&(t&&n.d(1),i())}),n.o(e)}else i&&i()}const gu={duration:0};function a0(n,e,t){const i={direction:"in"};let s=e(n,t,i),l=!1,o,r,a=0;function u(){o&&Vs(n,o)}function f(){const{delay:d=0,duration:m=300,easing:h=lo,tick:g=te,css:_}=s||gu;_&&(o=Us(n,0,1,m,d,h,_,a++)),g(0,1);const k=vr()+d,S=k+m;r&&r.abort(),l=!0,tt(()=>Cl(n,!0,"start")),r=wr($=>{if(l){if($>=S)return g(1,0),Cl(n,!0,"end"),u(),l=!1;if($>=k){const T=h(($-k)/m);g(T,1-T)}}return l})}let c=!1;return{start(){c||(c=!0,Vs(n),Lt(s)?(s=s(i),_u().then(f)):f())},invalidate(){c=!1},end(){l&&(u(),l=!1)}}}function bu(n,e,t){const i={direction:"out"};let s=e(n,t,i),l=!0,o;const r=Ti;r.r+=1;let a;function u(){const{delay:f=0,duration:c=300,easing:d=lo,tick:m=te,css:h}=s||gu;h&&(o=Us(n,1,0,c,f,d,h));const g=vr()+f,_=g+c;tt(()=>Cl(n,!1,"start")),"inert"in n&&(a=n.inert,n.inert=!0),wr(k=>{if(l){if(k>=_)return m(0,1),Cl(n,!1,"end"),--r.r||Ee(r.c),!1;if(k>=g){const S=d((k-g)/c);m(1-S,S)}}return l})}return Lt(s)?_u().then(()=>{s=s(i),u()}):u(),{end(f){f&&"inert"in n&&(n.inert=a),f&&s.tick&&s.tick(1,0),l&&(o&&Vs(n,o),l=!1)}}}function qe(n,e,t,i){let l=e(n,t,{direction:"both"}),o=i?0:1,r=null,a=null,u=null,f;function c(){u&&Vs(n,u)}function d(h,g){const _=h.b-o;return g*=Math.abs(_),{a:o,b:h.b,d:_,duration:g,start:h.start,end:h.start+g,group:h.group}}function m(h){const{delay:g=0,duration:_=300,easing:k=lo,tick:S=te,css:$}=l||gu,T={start:vr()+g,b:h};h||(T.group=Ti,Ti.r+=1),"inert"in n&&(h?f!==void 0&&(n.inert=f):(f=n.inert,n.inert=!0)),r||a?a=T:($&&(c(),u=Us(n,o,h,_,g,k,$)),h&&S(0,1),r=d(T,_),tt(()=>Cl(n,h,"start")),wr(O=>{if(a&&O>a.start&&(r=d(a,_),a=null,Cl(n,r.b,"start"),$&&(c(),u=Us(n,o,r.b,r.duration,0,k,l.css))),r){if(O>=r.end)S(o=r.b,1-o),Cl(n,r.b,"end"),a||(r.b?c():--r.group.r||Ee(r.group.c)),r=null;else if(O>=r.start){const E=O-r.start;o=r.a+r.d*k(E/r.duration),S(o,1-o)}}return!!(r||a)}))}return{run(h){Lt(l)?_u().then(()=>{l=l({direction:h?"in":"out"}),m(h)}):m(h)},end(){c(),r=a=null}}}function _f(n,e){const t=e.token={};function i(s,l,o,r){if(e.token!==t)return;e.resolved=r;let a=e.ctx;o!==void 0&&(a=a.slice(),a[o]=r);const u=s&&(e.current=s)(a);let f=!1;e.block&&(e.blocks?e.blocks.forEach((c,d)=>{d!==l&&c&&(oe(),D(c,1,1,()=>{e.blocks[d]===c&&(e.blocks[d]=null)}),re())}):e.block.d(1),u.c(),M(u,1),u.m(e.mount(),e.anchor),f=!0),e.block=u,e.blocks&&(e.blocks[l]=u),f&&hu()}if(Yy(n)){const s=so();if(n.then(l=>{qi(s),i(e.then,1,e.value,l),qi(null)},l=>{if(qi(s),i(e.catch,2,e.error,l),qi(null),!e.hasCatch)throw l}),e.current!==e.pending)return i(e.pending,0),!0}else{if(e.current!==e.then)return i(e.then,1,e.value,n),!0;e.resolved=n}}function rv(n,e,t){const i=e.slice(),{resolved:s}=n;n.current===n.then&&(i[n.value]=s),n.current===n.catch&&(i[n.error]=s),n.block.p(i,t)}function ce(n){return(n==null?void 0:n.length)!==void 0?n:Array.from(n)}function si(n,e){n.d(1),e.delete(n.key)}function Yt(n,e){D(n,1,1,()=>{e.delete(n.key)})}function av(n,e){n.f(),Yt(n,e)}function kt(n,e,t,i,s,l,o,r,a,u,f,c){let d=n.length,m=l.length,h=d;const g={};for(;h--;)g[n[h].key]=h;const _=[],k=new Map,S=new Map,$=[];for(h=m;h--;){const L=c(s,l,h),I=t(L);let A=o.get(I);A?$.push(()=>A.p(L,e)):(A=u(I,L),A.c()),k.set(I,_[h]=A),I in g&&S.set(I,Math.abs(h-g[I]))}const T=new Set,O=new Set;function E(L){M(L,1),L.m(r,f),o.set(L.key,L),f=L.first,m--}for(;d&&m;){const L=_[m-1],I=n[d-1],A=L.key,P=I.key;L===I?(f=L.first,d--,m--):k.has(P)?!o.has(A)||T.has(A)?E(L):O.has(P)?d--:S.get(A)>S.get(P)?(O.add(A),E(L)):(T.add(P),d--):(a(I,o),d--)}for(;d--;){const L=n[d];k.has(L.key)||a(L,o)}for(;m;)E(_[m-1]);return Ee($),_}function vt(n,e){const t={},i={},s={$$scope:1};let l=n.length;for(;l--;){const o=n[l],r=e[l];if(r){for(const a in o)a in r||(i[a]=1);for(const a in r)s[a]||(t[a]=r[a],s[a]=1);n[l]=r}else for(const a in o)s[a]=1}for(const o in i)o in t||(t[o]=void 0);return t}function At(n){return typeof n=="object"&&n!==null?n:{}}function ge(n,e,t){const i=n.$$.props[e];i!==void 0&&(n.$$.bound[i]=t,t(n.$$.ctx[i]))}function H(n){n&&n.c()}function q(n,e,t){const{fragment:i,after_update:s}=n.$$;i&&i.m(e,t),tt(()=>{const l=n.$$.on_mount.map(Xb).filter(Lt);n.$$.on_destroy?n.$$.on_destroy.push(...l):Ee(l),n.$$.on_mount=[]}),s.forEach(tt)}function j(n,e){const t=n.$$;t.fragment!==null&&(ov(t.after_update),Ee(t.on_destroy),t.fragment&&t.fragment.d(e),t.on_destroy=t.fragment=null,t.ctx=[])}function uv(n,e){n.$$.dirty[0]===-1&&(Kl.push(n),r0(),n.$$.dirty.fill(0)),n.$$.dirty[e/31|0]|=1<{const h=m.length?m[0]:d;return u.ctx&&s(u.ctx[c],u.ctx[c]=h)&&(!u.skip_bound&&u.bound[c]&&u.bound[c](h),f&&uv(n,c)),d}):[],u.update(),f=!0,Ee(u.before_update),u.fragment=i?i(u.ctx):!1,e.target){if(e.hydrate){const c=Qy(e.target);u.fragment&&u.fragment.l(c),c.forEach(v)}else u.fragment&&u.fragment.c();e.intro&&M(n.$$.fragment),q(n,e.target,e.anchor),hu()}qi(a)}class we{constructor(){pt(this,"$$");pt(this,"$$set")}$destroy(){j(this,1),this.$destroy=te}$on(e,t){if(!Lt(t))return te;const i=this.$$.callbacks[e]||(this.$$.callbacks[e]=[]);return i.push(t),()=>{const s=i.indexOf(t);s!==-1&&i.splice(s,1)}}$set(e){this.$$set&&!Ky(e)&&(this.$$.skip_bound=!0,this.$$set(e),this.$$.skip_bound=!1)}}const fv="4";typeof window<"u"&&(window.__svelte||(window.__svelte={v:new Set})).v.add(fv);class Al extends Error{}class cv extends Al{constructor(e){super(`Invalid DateTime: ${e.toMessage()}`)}}class dv extends Al{constructor(e){super(`Invalid Interval: ${e.toMessage()}`)}}class pv extends Al{constructor(e){super(`Invalid Duration: ${e.toMessage()}`)}}class Jl extends Al{}class u0 extends Al{constructor(e){super(`Invalid unit ${e}`)}}class bn extends Al{}class Yi extends Al{constructor(){super("Zone is an abstract class")}}const ze="numeric",mi="short",Wn="long",rr={year:ze,month:ze,day:ze},f0={year:ze,month:mi,day:ze},mv={year:ze,month:mi,day:ze,weekday:mi},c0={year:ze,month:Wn,day:ze},d0={year:ze,month:Wn,day:ze,weekday:Wn},p0={hour:ze,minute:ze},m0={hour:ze,minute:ze,second:ze},h0={hour:ze,minute:ze,second:ze,timeZoneName:mi},_0={hour:ze,minute:ze,second:ze,timeZoneName:Wn},g0={hour:ze,minute:ze,hourCycle:"h23"},b0={hour:ze,minute:ze,second:ze,hourCycle:"h23"},k0={hour:ze,minute:ze,second:ze,hourCycle:"h23",timeZoneName:mi},y0={hour:ze,minute:ze,second:ze,hourCycle:"h23",timeZoneName:Wn},v0={year:ze,month:ze,day:ze,hour:ze,minute:ze},w0={year:ze,month:ze,day:ze,hour:ze,minute:ze,second:ze},S0={year:ze,month:mi,day:ze,hour:ze,minute:ze},T0={year:ze,month:mi,day:ze,hour:ze,minute:ze,second:ze},hv={year:ze,month:mi,day:ze,weekday:mi,hour:ze,minute:ze},$0={year:ze,month:Wn,day:ze,hour:ze,minute:ze,timeZoneName:mi},C0={year:ze,month:Wn,day:ze,hour:ze,minute:ze,second:ze,timeZoneName:mi},O0={year:ze,month:Wn,day:ze,weekday:Wn,hour:ze,minute:ze,timeZoneName:Wn},M0={year:ze,month:Wn,day:ze,weekday:Wn,hour:ze,minute:ze,second:ze,timeZoneName:Wn};class ro{get type(){throw new Yi}get name(){throw new Yi}get ianaName(){return this.name}get isUniversal(){throw new Yi}offsetName(e,t){throw new Yi}formatOffset(e,t){throw new Yi}offset(e){throw new Yi}equals(e){throw new Yi}get isValid(){throw new Yi}}let Yr=null;class Sr extends ro{static get instance(){return Yr===null&&(Yr=new Sr),Yr}get type(){return"system"}get name(){return new Intl.DateTimeFormat().resolvedOptions().timeZone}get isUniversal(){return!1}offsetName(e,{format:t,locale:i}){return j0(e,t,i)}formatOffset(e,t){return Is(this.offset(e),t)}offset(e){return-new Date(e).getTimezoneOffset()}equals(e){return e.type==="system"}get isValid(){return!0}}const Pa=new Map;function _v(n){let e=Pa.get(n);return e===void 0&&(e=new Intl.DateTimeFormat("en-US",{hour12:!1,timeZone:n,year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit",second:"2-digit",era:"short"}),Pa.set(n,e)),e}const gv={year:0,month:1,day:2,era:3,hour:4,minute:5,second:6};function bv(n,e){const t=n.format(e).replace(/\u200E/g,""),i=/(\d+)\/(\d+)\/(\d+) (AD|BC),? (\d+):(\d+):(\d+)/.exec(t),[,s,l,o,r,a,u,f]=i;return[o,s,l,r,a,u,f]}function kv(n,e){const t=n.formatToParts(e),i=[];for(let s=0;s=0?h:1e3+h,(d-m)/(60*1e3)}equals(e){return e.type==="iana"&&e.name===this.name}get isValid(){return this.valid}}let gf={};function yv(n,e={}){const t=JSON.stringify([n,e]);let i=gf[t];return i||(i=new Intl.ListFormat(n,e),gf[t]=i),i}const Na=new Map;function Ra(n,e={}){const t=JSON.stringify([n,e]);let i=Na.get(t);return i===void 0&&(i=new Intl.DateTimeFormat(n,e),Na.set(t,i)),i}const Fa=new Map;function vv(n,e={}){const t=JSON.stringify([n,e]);let i=Fa.get(t);return i===void 0&&(i=new Intl.NumberFormat(n,e),Fa.set(t,i)),i}const qa=new Map;function wv(n,e={}){const{base:t,...i}=e,s=JSON.stringify([n,i]);let l=qa.get(s);return l===void 0&&(l=new Intl.RelativeTimeFormat(n,e),qa.set(s,l)),l}let $s=null;function Sv(){return $s||($s=new Intl.DateTimeFormat().resolvedOptions().locale,$s)}const ja=new Map;function E0(n){let e=ja.get(n);return e===void 0&&(e=new Intl.DateTimeFormat(n).resolvedOptions(),ja.set(n,e)),e}const Ha=new Map;function Tv(n){let e=Ha.get(n);if(!e){const t=new Intl.Locale(n);e="getWeekInfo"in t?t.getWeekInfo():t.weekInfo,"minimalDays"in e||(e={...D0,...e}),Ha.set(n,e)}return e}function $v(n){const e=n.indexOf("-x-");e!==-1&&(n=n.substring(0,e));const t=n.indexOf("-u-");if(t===-1)return[n];{let i,s;try{i=Ra(n).resolvedOptions(),s=n}catch{const a=n.substring(0,t);i=Ra(a).resolvedOptions(),s=a}const{numberingSystem:l,calendar:o}=i;return[s,l,o]}}function Cv(n,e,t){return(t||e)&&(n.includes("-u-")||(n+="-u"),t&&(n+=`-ca-${t}`),e&&(n+=`-nu-${e}`)),n}function Ov(n){const e=[];for(let t=1;t<=12;t++){const i=Xe.utc(2009,t,1);e.push(n(i))}return e}function Mv(n){const e=[];for(let t=1;t<=7;t++){const i=Xe.utc(2016,11,13+t);e.push(n(i))}return e}function So(n,e,t,i){const s=n.listingMode();return s==="error"?null:s==="en"?t(e):i(e)}function Ev(n){return n.numberingSystem&&n.numberingSystem!=="latn"?!1:n.numberingSystem==="latn"||!n.locale||n.locale.startsWith("en")||E0(n.locale).numberingSystem==="latn"}class Dv{constructor(e,t,i){this.padTo=i.padTo||0,this.floor=i.floor||!1;const{padTo:s,floor:l,...o}=i;if(!t||Object.keys(o).length>0){const r={useGrouping:!1,...i};i.padTo>0&&(r.minimumIntegerDigits=i.padTo),this.inf=vv(e,r)}}format(e){if(this.inf){const t=this.floor?Math.floor(e):e;return this.inf.format(t)}else{const t=this.floor?Math.floor(e):Su(e,3);return ln(t,this.padTo)}}}class Iv{constructor(e,t,i){this.opts=i,this.originalZone=void 0;let s;if(this.opts.timeZone)this.dt=e;else if(e.zone.type==="fixed"){const o=-1*(e.offset/60),r=o>=0?`Etc/GMT+${o}`:`Etc/GMT${o}`;e.offset!==0&&ji.create(r).valid?(s=r,this.dt=e):(s="UTC",this.dt=e.offset===0?e:e.setZone("UTC").plus({minutes:e.offset}),this.originalZone=e.zone)}else e.zone.type==="system"?this.dt=e:e.zone.type==="iana"?(this.dt=e,s=e.zone.name):(s="UTC",this.dt=e.setZone("UTC").plus({minutes:e.offset}),this.originalZone=e.zone);const l={...this.opts};l.timeZone=l.timeZone||s,this.dtf=Ra(t,l)}format(){return this.originalZone?this.formatToParts().map(({value:e})=>e).join(""):this.dtf.format(this.dt.toJSDate())}formatToParts(){const e=this.dtf.formatToParts(this.dt.toJSDate());return this.originalZone?e.map(t=>{if(t.type==="timeZoneName"){const i=this.originalZone.offsetName(this.dt.ts,{locale:this.dt.locale,format:this.opts.timeZoneName});return{...t,value:i}}else return t}):e}resolvedOptions(){return this.dtf.resolvedOptions()}}class Lv{constructor(e,t,i){this.opts={style:"long",...i},!t&&F0()&&(this.rtf=wv(e,i))}format(e,t){return this.rtf?this.rtf.format(e,t):e2(t,e,this.opts.numeric,this.opts.style!=="long")}formatToParts(e,t){return this.rtf?this.rtf.formatToParts(e,t):[]}}const D0={firstDay:1,minimalDays:4,weekend:[6,7]};class Dt{static fromOpts(e){return Dt.create(e.locale,e.numberingSystem,e.outputCalendar,e.weekSettings,e.defaultToEN)}static create(e,t,i,s,l=!1){const o=e||xt.defaultLocale,r=o||(l?"en-US":Sv()),a=t||xt.defaultNumberingSystem,u=i||xt.defaultOutputCalendar,f=Ua(s)||xt.defaultWeekSettings;return new Dt(r,a,u,f,o)}static resetCache(){$s=null,Na.clear(),Fa.clear(),qa.clear(),ja.clear(),Ha.clear()}static fromObject({locale:e,numberingSystem:t,outputCalendar:i,weekSettings:s}={}){return Dt.create(e,t,i,s)}constructor(e,t,i,s,l){const[o,r,a]=$v(e);this.locale=o,this.numberingSystem=t||r||null,this.outputCalendar=i||a||null,this.weekSettings=s,this.intl=Cv(this.locale,this.numberingSystem,this.outputCalendar),this.weekdaysCache={format:{},standalone:{}},this.monthsCache={format:{},standalone:{}},this.meridiemCache=null,this.eraCache={},this.specifiedLocale=l,this.fastNumbersCached=null}get fastNumbers(){return this.fastNumbersCached==null&&(this.fastNumbersCached=Ev(this)),this.fastNumbersCached}listingMode(){const e=this.isEnglish(),t=(this.numberingSystem===null||this.numberingSystem==="latn")&&(this.outputCalendar===null||this.outputCalendar==="gregory");return e&&t?"en":"intl"}clone(e){return!e||Object.getOwnPropertyNames(e).length===0?this:Dt.create(e.locale||this.specifiedLocale,e.numberingSystem||this.numberingSystem,e.outputCalendar||this.outputCalendar,Ua(e.weekSettings)||this.weekSettings,e.defaultToEN||!1)}redefaultToEN(e={}){return this.clone({...e,defaultToEN:!0})}redefaultToSystem(e={}){return this.clone({...e,defaultToEN:!1})}months(e,t=!1){return So(this,e,U0,()=>{const i=t?{month:e,day:"numeric"}:{month:e},s=t?"format":"standalone";return this.monthsCache[s][e]||(this.monthsCache[s][e]=Ov(l=>this.extract(l,i,"month"))),this.monthsCache[s][e]})}weekdays(e,t=!1){return So(this,e,W0,()=>{const i=t?{weekday:e,year:"numeric",month:"long",day:"numeric"}:{weekday:e},s=t?"format":"standalone";return this.weekdaysCache[s][e]||(this.weekdaysCache[s][e]=Mv(l=>this.extract(l,i,"weekday"))),this.weekdaysCache[s][e]})}meridiems(){return So(this,void 0,()=>Y0,()=>{if(!this.meridiemCache){const e={hour:"numeric",hourCycle:"h12"};this.meridiemCache=[Xe.utc(2016,11,13,9),Xe.utc(2016,11,13,19)].map(t=>this.extract(t,e,"dayperiod"))}return this.meridiemCache})}eras(e){return So(this,e,K0,()=>{const t={era:e};return this.eraCache[e]||(this.eraCache[e]=[Xe.utc(-40,1,1),Xe.utc(2017,1,1)].map(i=>this.extract(i,t,"era"))),this.eraCache[e]})}extract(e,t,i){const s=this.dtFormatter(e,t),l=s.formatToParts(),o=l.find(r=>r.type.toLowerCase()===i);return o?o.value:null}numberFormatter(e={}){return new Dv(this.intl,e.forceSimple||this.fastNumbers,e)}dtFormatter(e,t={}){return new Iv(e,this.intl,t)}relFormatter(e={}){return new Lv(this.intl,this.isEnglish(),e)}listFormatter(e={}){return yv(this.intl,e)}isEnglish(){return this.locale==="en"||this.locale.toLowerCase()==="en-us"||E0(this.intl).locale.startsWith("en-us")}getWeekSettings(){return this.weekSettings?this.weekSettings:q0()?Tv(this.locale):D0}getStartOfWeek(){return this.getWeekSettings().firstDay}getMinDaysInFirstWeek(){return this.getWeekSettings().minimalDays}getWeekendDays(){return this.getWeekSettings().weekend}equals(e){return this.locale===e.locale&&this.numberingSystem===e.numberingSystem&&this.outputCalendar===e.outputCalendar}toString(){return`Locale(${this.locale}, ${this.numberingSystem}, ${this.outputCalendar})`}}let Jr=null;class Mn extends ro{static get utcInstance(){return Jr===null&&(Jr=new Mn(0)),Jr}static instance(e){return e===0?Mn.utcInstance:new Mn(e)}static parseSpecifier(e){if(e){const t=e.match(/^utc(?:([+-]\d{1,2})(?::(\d{2}))?)?$/i);if(t)return new Mn(Cr(t[1],t[2]))}return null}constructor(e){super(),this.fixed=e}get type(){return"fixed"}get name(){return this.fixed===0?"UTC":`UTC${Is(this.fixed,"narrow")}`}get ianaName(){return this.fixed===0?"Etc/UTC":`Etc/GMT${Is(-this.fixed,"narrow")}`}offsetName(){return this.name}formatOffset(e,t){return Is(this.fixed,t)}get isUniversal(){return!0}offset(){return this.fixed}equals(e){return e.type==="fixed"&&e.fixed===this.fixed}get isValid(){return!0}}class Av extends ro{constructor(e){super(),this.zoneName=e}get type(){return"invalid"}get name(){return this.zoneName}get isUniversal(){return!1}offsetName(){return null}formatOffset(){return""}offset(){return NaN}equals(){return!1}get isValid(){return!1}}function Xi(n,e){if(st(n)||n===null)return e;if(n instanceof ro)return n;if(jv(n)){const t=n.toLowerCase();return t==="default"?e:t==="local"||t==="system"?Sr.instance:t==="utc"||t==="gmt"?Mn.utcInstance:Mn.parseSpecifier(t)||ji.create(n)}else return tl(n)?Mn.instance(n):typeof n=="object"&&"offset"in n&&typeof n.offset=="function"?n:new Av(n)}const ku={arab:"[٠-٩]",arabext:"[۰-۹]",bali:"[᭐-᭙]",beng:"[০-৯]",deva:"[०-९]",fullwide:"[0-9]",gujr:"[૦-૯]",hanidec:"[〇|一|二|三|四|五|六|七|八|九]",khmr:"[០-៩]",knda:"[೦-೯]",laoo:"[໐-໙]",limb:"[᥆-᥏]",mlym:"[൦-൯]",mong:"[᠐-᠙]",mymr:"[၀-၉]",orya:"[୦-୯]",tamldec:"[௦-௯]",telu:"[౦-౯]",thai:"[๐-๙]",tibt:"[༠-༩]",latn:"\\d"},bf={arab:[1632,1641],arabext:[1776,1785],bali:[6992,7001],beng:[2534,2543],deva:[2406,2415],fullwide:[65296,65303],gujr:[2790,2799],khmr:[6112,6121],knda:[3302,3311],laoo:[3792,3801],limb:[6470,6479],mlym:[3430,3439],mong:[6160,6169],mymr:[4160,4169],orya:[2918,2927],tamldec:[3046,3055],telu:[3174,3183],thai:[3664,3673],tibt:[3872,3881]},Pv=ku.hanidec.replace(/[\[|\]]/g,"").split("");function Nv(n){let e=parseInt(n,10);if(isNaN(e)){e="";for(let t=0;t=l&&i<=o&&(e+=i-l)}}return parseInt(e,10)}else return e}const za=new Map;function Rv(){za.clear()}function ui({numberingSystem:n},e=""){const t=n||"latn";let i=za.get(t);i===void 0&&(i=new Map,za.set(t,i));let s=i.get(e);return s===void 0&&(s=new RegExp(`${ku[t]}${e}`),i.set(e,s)),s}let kf=()=>Date.now(),yf="system",vf=null,wf=null,Sf=null,Tf=60,$f,Cf=null;class xt{static get now(){return kf}static set now(e){kf=e}static set defaultZone(e){yf=e}static get defaultZone(){return Xi(yf,Sr.instance)}static get defaultLocale(){return vf}static set defaultLocale(e){vf=e}static get defaultNumberingSystem(){return wf}static set defaultNumberingSystem(e){wf=e}static get defaultOutputCalendar(){return Sf}static set defaultOutputCalendar(e){Sf=e}static get defaultWeekSettings(){return Cf}static set defaultWeekSettings(e){Cf=Ua(e)}static get twoDigitCutoffYear(){return Tf}static set twoDigitCutoffYear(e){Tf=e%100}static get throwOnInvalid(){return $f}static set throwOnInvalid(e){$f=e}static resetCaches(){Dt.resetCache(),ji.resetCache(),Xe.resetCache(),Rv()}}class ci{constructor(e,t){this.reason=e,this.explanation=t}toMessage(){return this.explanation?`${this.reason}: ${this.explanation}`:this.reason}}const I0=[0,31,59,90,120,151,181,212,243,273,304,334],L0=[0,31,60,91,121,152,182,213,244,274,305,335];function ti(n,e){return new ci("unit out of range",`you specified ${e} (of type ${typeof e}) as a ${n}, which is invalid`)}function yu(n,e,t){const i=new Date(Date.UTC(n,e-1,t));n<100&&n>=0&&i.setUTCFullYear(i.getUTCFullYear()-1900);const s=i.getUTCDay();return s===0?7:s}function A0(n,e,t){return t+(ao(n)?L0:I0)[e-1]}function P0(n,e){const t=ao(n)?L0:I0,i=t.findIndex(l=>lWs(i,e,t)?(u=i+1,a=1):u=i,{weekYear:u,weekNumber:a,weekday:r,...Or(n)}}function Of(n,e=4,t=1){const{weekYear:i,weekNumber:s,weekday:l}=n,o=vu(yu(i,1,e),t),r=Xl(i);let a=s*7+l-o-7+e,u;a<1?(u=i-1,a+=Xl(u)):a>r?(u=i+1,a-=Xl(i)):u=i;const{month:f,day:c}=P0(u,a);return{year:u,month:f,day:c,...Or(n)}}function Zr(n){const{year:e,month:t,day:i}=n,s=A0(e,t,i);return{year:e,ordinal:s,...Or(n)}}function Mf(n){const{year:e,ordinal:t}=n,{month:i,day:s}=P0(e,t);return{year:e,month:i,day:s,...Or(n)}}function Ef(n,e){if(!st(n.localWeekday)||!st(n.localWeekNumber)||!st(n.localWeekYear)){if(!st(n.weekday)||!st(n.weekNumber)||!st(n.weekYear))throw new Jl("Cannot mix locale-based week fields with ISO-based week fields");return st(n.localWeekday)||(n.weekday=n.localWeekday),st(n.localWeekNumber)||(n.weekNumber=n.localWeekNumber),st(n.localWeekYear)||(n.weekYear=n.localWeekYear),delete n.localWeekday,delete n.localWeekNumber,delete n.localWeekYear,{minDaysInFirstWeek:e.getMinDaysInFirstWeek(),startOfWeek:e.getStartOfWeek()}}else return{minDaysInFirstWeek:4,startOfWeek:1}}function Fv(n,e=4,t=1){const i=Tr(n.weekYear),s=ni(n.weekNumber,1,Ws(n.weekYear,e,t)),l=ni(n.weekday,1,7);return i?s?l?!1:ti("weekday",n.weekday):ti("week",n.weekNumber):ti("weekYear",n.weekYear)}function qv(n){const e=Tr(n.year),t=ni(n.ordinal,1,Xl(n.year));return e?t?!1:ti("ordinal",n.ordinal):ti("year",n.year)}function N0(n){const e=Tr(n.year),t=ni(n.month,1,12),i=ni(n.day,1,ur(n.year,n.month));return e?t?i?!1:ti("day",n.day):ti("month",n.month):ti("year",n.year)}function R0(n){const{hour:e,minute:t,second:i,millisecond:s}=n,l=ni(e,0,23)||e===24&&t===0&&i===0&&s===0,o=ni(t,0,59),r=ni(i,0,59),a=ni(s,0,999);return l?o?r?a?!1:ti("millisecond",s):ti("second",i):ti("minute",t):ti("hour",e)}function st(n){return typeof n>"u"}function tl(n){return typeof n=="number"}function Tr(n){return typeof n=="number"&&n%1===0}function jv(n){return typeof n=="string"}function Hv(n){return Object.prototype.toString.call(n)==="[object Date]"}function F0(){try{return typeof Intl<"u"&&!!Intl.RelativeTimeFormat}catch{return!1}}function q0(){try{return typeof Intl<"u"&&!!Intl.Locale&&("weekInfo"in Intl.Locale.prototype||"getWeekInfo"in Intl.Locale.prototype)}catch{return!1}}function zv(n){return Array.isArray(n)?n:[n]}function Df(n,e,t){if(n.length!==0)return n.reduce((i,s)=>{const l=[e(s),s];return i&&t(i[0],l[0])===i[0]?i:l},null)[1]}function Uv(n,e){return e.reduce((t,i)=>(t[i]=n[i],t),{})}function ns(n,e){return Object.prototype.hasOwnProperty.call(n,e)}function Ua(n){if(n==null)return null;if(typeof n!="object")throw new bn("Week settings must be an object");if(!ni(n.firstDay,1,7)||!ni(n.minimalDays,1,7)||!Array.isArray(n.weekend)||n.weekend.some(e=>!ni(e,1,7)))throw new bn("Invalid week settings");return{firstDay:n.firstDay,minimalDays:n.minimalDays,weekend:Array.from(n.weekend)}}function ni(n,e,t){return Tr(n)&&n>=e&&n<=t}function Vv(n,e){return n-e*Math.floor(n/e)}function ln(n,e=2){const t=n<0;let i;return t?i="-"+(""+-n).padStart(e,"0"):i=(""+n).padStart(e,"0"),i}function Zi(n){if(!(st(n)||n===null||n===""))return parseInt(n,10)}function ml(n){if(!(st(n)||n===null||n===""))return parseFloat(n)}function wu(n){if(!(st(n)||n===null||n==="")){const e=parseFloat("0."+n)*1e3;return Math.floor(e)}}function Su(n,e,t=!1){const i=10**e;return(t?Math.trunc:Math.round)(n*i)/i}function ao(n){return n%4===0&&(n%100!==0||n%400===0)}function Xl(n){return ao(n)?366:365}function ur(n,e){const t=Vv(e-1,12)+1,i=n+(e-t)/12;return t===2?ao(i)?29:28:[31,null,31,30,31,30,31,31,30,31,30,31][t-1]}function $r(n){let e=Date.UTC(n.year,n.month-1,n.day,n.hour,n.minute,n.second,n.millisecond);return n.year<100&&n.year>=0&&(e=new Date(e),e.setUTCFullYear(n.year,n.month-1,n.day)),+e}function If(n,e,t){return-vu(yu(n,1,e),t)+e-1}function Ws(n,e=4,t=1){const i=If(n,e,t),s=If(n+1,e,t);return(Xl(n)-i+s)/7}function Va(n){return n>99?n:n>xt.twoDigitCutoffYear?1900+n:2e3+n}function j0(n,e,t,i=null){const s=new Date(n),l={hourCycle:"h23",year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit"};i&&(l.timeZone=i);const o={timeZoneName:e,...l},r=new Intl.DateTimeFormat(t,o).formatToParts(s).find(a=>a.type.toLowerCase()==="timezonename");return r?r.value:null}function Cr(n,e){let t=parseInt(n,10);Number.isNaN(t)&&(t=0);const i=parseInt(e,10)||0,s=t<0||Object.is(t,-0)?-i:i;return t*60+s}function H0(n){const e=Number(n);if(typeof n=="boolean"||n===""||Number.isNaN(e))throw new bn(`Invalid unit value ${n}`);return e}function fr(n,e){const t={};for(const i in n)if(ns(n,i)){const s=n[i];if(s==null)continue;t[e(i)]=H0(s)}return t}function Is(n,e){const t=Math.trunc(Math.abs(n/60)),i=Math.trunc(Math.abs(n%60)),s=n>=0?"+":"-";switch(e){case"short":return`${s}${ln(t,2)}:${ln(i,2)}`;case"narrow":return`${s}${t}${i>0?`:${i}`:""}`;case"techie":return`${s}${ln(t,2)}${ln(i,2)}`;default:throw new RangeError(`Value format ${e} is out of range for property format`)}}function Or(n){return Uv(n,["hour","minute","second","millisecond"])}const Bv=["January","February","March","April","May","June","July","August","September","October","November","December"],z0=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],Wv=["J","F","M","A","M","J","J","A","S","O","N","D"];function U0(n){switch(n){case"narrow":return[...Wv];case"short":return[...z0];case"long":return[...Bv];case"numeric":return["1","2","3","4","5","6","7","8","9","10","11","12"];case"2-digit":return["01","02","03","04","05","06","07","08","09","10","11","12"];default:return null}}const V0=["Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"],B0=["Mon","Tue","Wed","Thu","Fri","Sat","Sun"],Yv=["M","T","W","T","F","S","S"];function W0(n){switch(n){case"narrow":return[...Yv];case"short":return[...B0];case"long":return[...V0];case"numeric":return["1","2","3","4","5","6","7"];default:return null}}const Y0=["AM","PM"],Kv=["Before Christ","Anno Domini"],Jv=["BC","AD"],Zv=["B","A"];function K0(n){switch(n){case"narrow":return[...Zv];case"short":return[...Jv];case"long":return[...Kv];default:return null}}function Gv(n){return Y0[n.hour<12?0:1]}function Xv(n,e){return W0(e)[n.weekday-1]}function Qv(n,e){return U0(e)[n.month-1]}function xv(n,e){return K0(e)[n.year<0?0:1]}function e2(n,e,t="always",i=!1){const s={years:["year","yr."],quarters:["quarter","qtr."],months:["month","mo."],weeks:["week","wk."],days:["day","day","days"],hours:["hour","hr."],minutes:["minute","min."],seconds:["second","sec."]},l=["hours","minutes","seconds"].indexOf(n)===-1;if(t==="auto"&&l){const c=n==="days";switch(e){case 1:return c?"tomorrow":`next ${s[n][0]}`;case-1:return c?"yesterday":`last ${s[n][0]}`;case 0:return c?"today":`this ${s[n][0]}`}}const o=Object.is(e,-0)||e<0,r=Math.abs(e),a=r===1,u=s[n],f=i?a?u[1]:u[2]||u[1]:a?s[n][0]:n;return o?`${r} ${f} ago`:`in ${r} ${f}`}function Lf(n,e){let t="";for(const i of n)i.literal?t+=i.val:t+=e(i.val);return t}const t2={D:rr,DD:f0,DDD:c0,DDDD:d0,t:p0,tt:m0,ttt:h0,tttt:_0,T:g0,TT:b0,TTT:k0,TTTT:y0,f:v0,ff:S0,fff:$0,ffff:O0,F:w0,FF:T0,FFF:C0,FFFF:M0};class yn{static create(e,t={}){return new yn(e,t)}static parseFormat(e){let t=null,i="",s=!1;const l=[];for(let o=0;o0&&l.push({literal:s||/^\s+$/.test(i),val:i}),t=null,i="",s=!s):s||r===t?i+=r:(i.length>0&&l.push({literal:/^\s+$/.test(i),val:i}),i=r,t=r)}return i.length>0&&l.push({literal:s||/^\s+$/.test(i),val:i}),l}static macroTokenToFormatOpts(e){return t2[e]}constructor(e,t){this.opts=t,this.loc=e,this.systemLoc=null}formatWithSystemDefault(e,t){return this.systemLoc===null&&(this.systemLoc=this.loc.redefaultToSystem()),this.systemLoc.dtFormatter(e,{...this.opts,...t}).format()}dtFormatter(e,t={}){return this.loc.dtFormatter(e,{...this.opts,...t})}formatDateTime(e,t){return this.dtFormatter(e,t).format()}formatDateTimeParts(e,t){return this.dtFormatter(e,t).formatToParts()}formatInterval(e,t){return this.dtFormatter(e.start,t).dtf.formatRange(e.start.toJSDate(),e.end.toJSDate())}resolvedOptions(e,t){return this.dtFormatter(e,t).resolvedOptions()}num(e,t=0){if(this.opts.forceSimple)return ln(e,t);const i={...this.opts};return t>0&&(i.padTo=t),this.loc.numberFormatter(i).format(e)}formatDateTimeFromString(e,t){const i=this.loc.listingMode()==="en",s=this.loc.outputCalendar&&this.loc.outputCalendar!=="gregory",l=(m,h)=>this.loc.extract(e,m,h),o=m=>e.isOffsetFixed&&e.offset===0&&m.allowZ?"Z":e.isValid?e.zone.formatOffset(e.ts,m.format):"",r=()=>i?Gv(e):l({hour:"numeric",hourCycle:"h12"},"dayperiod"),a=(m,h)=>i?Qv(e,m):l(h?{month:m}:{month:m,day:"numeric"},"month"),u=(m,h)=>i?Xv(e,m):l(h?{weekday:m}:{weekday:m,month:"long",day:"numeric"},"weekday"),f=m=>{const h=yn.macroTokenToFormatOpts(m);return h?this.formatWithSystemDefault(e,h):m},c=m=>i?xv(e,m):l({era:m},"era"),d=m=>{switch(m){case"S":return this.num(e.millisecond);case"u":case"SSS":return this.num(e.millisecond,3);case"s":return this.num(e.second);case"ss":return this.num(e.second,2);case"uu":return this.num(Math.floor(e.millisecond/10),2);case"uuu":return this.num(Math.floor(e.millisecond/100));case"m":return this.num(e.minute);case"mm":return this.num(e.minute,2);case"h":return this.num(e.hour%12===0?12:e.hour%12);case"hh":return this.num(e.hour%12===0?12:e.hour%12,2);case"H":return this.num(e.hour);case"HH":return this.num(e.hour,2);case"Z":return o({format:"narrow",allowZ:this.opts.allowZ});case"ZZ":return o({format:"short",allowZ:this.opts.allowZ});case"ZZZ":return o({format:"techie",allowZ:this.opts.allowZ});case"ZZZZ":return e.zone.offsetName(e.ts,{format:"short",locale:this.loc.locale});case"ZZZZZ":return e.zone.offsetName(e.ts,{format:"long",locale:this.loc.locale});case"z":return e.zoneName;case"a":return r();case"d":return s?l({day:"numeric"},"day"):this.num(e.day);case"dd":return s?l({day:"2-digit"},"day"):this.num(e.day,2);case"c":return this.num(e.weekday);case"ccc":return u("short",!0);case"cccc":return u("long",!0);case"ccccc":return u("narrow",!0);case"E":return this.num(e.weekday);case"EEE":return u("short",!1);case"EEEE":return u("long",!1);case"EEEEE":return u("narrow",!1);case"L":return s?l({month:"numeric",day:"numeric"},"month"):this.num(e.month);case"LL":return s?l({month:"2-digit",day:"numeric"},"month"):this.num(e.month,2);case"LLL":return a("short",!0);case"LLLL":return a("long",!0);case"LLLLL":return a("narrow",!0);case"M":return s?l({month:"numeric"},"month"):this.num(e.month);case"MM":return s?l({month:"2-digit"},"month"):this.num(e.month,2);case"MMM":return a("short",!1);case"MMMM":return a("long",!1);case"MMMMM":return a("narrow",!1);case"y":return s?l({year:"numeric"},"year"):this.num(e.year);case"yy":return s?l({year:"2-digit"},"year"):this.num(e.year.toString().slice(-2),2);case"yyyy":return s?l({year:"numeric"},"year"):this.num(e.year,4);case"yyyyyy":return s?l({year:"numeric"},"year"):this.num(e.year,6);case"G":return c("short");case"GG":return c("long");case"GGGGG":return c("narrow");case"kk":return this.num(e.weekYear.toString().slice(-2),2);case"kkkk":return this.num(e.weekYear,4);case"W":return this.num(e.weekNumber);case"WW":return this.num(e.weekNumber,2);case"n":return this.num(e.localWeekNumber);case"nn":return this.num(e.localWeekNumber,2);case"ii":return this.num(e.localWeekYear.toString().slice(-2),2);case"iiii":return this.num(e.localWeekYear,4);case"o":return this.num(e.ordinal);case"ooo":return this.num(e.ordinal,3);case"q":return this.num(e.quarter);case"qq":return this.num(e.quarter,2);case"X":return this.num(Math.floor(e.ts/1e3));case"x":return this.num(e.ts);default:return f(m)}};return Lf(yn.parseFormat(t),d)}formatDurationFromString(e,t){const i=a=>{switch(a[0]){case"S":return"millisecond";case"s":return"second";case"m":return"minute";case"h":return"hour";case"d":return"day";case"w":return"week";case"M":return"month";case"y":return"year";default:return null}},s=a=>u=>{const f=i(u);return f?this.num(a.get(f),u.length):u},l=yn.parseFormat(t),o=l.reduce((a,{literal:u,val:f})=>u?a:a.concat(f),[]),r=e.shiftTo(...o.map(i).filter(a=>a));return Lf(l,s(r))}}const J0=/[A-Za-z_+-]{1,256}(?::?\/[A-Za-z0-9_+-]{1,256}(?:\/[A-Za-z0-9_+-]{1,256})?)?/;function as(...n){const e=n.reduce((t,i)=>t+i.source,"");return RegExp(`^${e}$`)}function us(...n){return e=>n.reduce(([t,i,s],l)=>{const[o,r,a]=l(e,s);return[{...t,...o},r||i,a]},[{},null,1]).slice(0,2)}function fs(n,...e){if(n==null)return[null,null];for(const[t,i]of e){const s=t.exec(n);if(s)return i(s)}return[null,null]}function Z0(...n){return(e,t)=>{const i={};let s;for(s=0;sm!==void 0&&(h||m&&f)?-m:m;return[{years:d(ml(t)),months:d(ml(i)),weeks:d(ml(s)),days:d(ml(l)),hours:d(ml(o)),minutes:d(ml(r)),seconds:d(ml(a),a==="-0"),milliseconds:d(wu(u),c)}]}const m2={GMT:0,EDT:-4*60,EST:-5*60,CDT:-5*60,CST:-6*60,MDT:-6*60,MST:-7*60,PDT:-7*60,PST:-8*60};function Cu(n,e,t,i,s,l,o){const r={year:e.length===2?Va(Zi(e)):Zi(e),month:z0.indexOf(t)+1,day:Zi(i),hour:Zi(s),minute:Zi(l)};return o&&(r.second=Zi(o)),n&&(r.weekday=n.length>3?V0.indexOf(n)+1:B0.indexOf(n)+1),r}const h2=/^(?:(Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s)?(\d{1,2})\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s(\d{2,4})\s(\d\d):(\d\d)(?::(\d\d))?\s(?:(UT|GMT|[ECMP][SD]T)|([Zz])|(?:([+-]\d\d)(\d\d)))$/;function _2(n){const[,e,t,i,s,l,o,r,a,u,f,c]=n,d=Cu(e,s,i,t,l,o,r);let m;return a?m=m2[a]:u?m=0:m=Cr(f,c),[d,new Mn(m)]}function g2(n){return n.replace(/\([^()]*\)|[\n\t]/g," ").replace(/(\s\s+)/g," ").trim()}const b2=/^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), (\d\d) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (\d{4}) (\d\d):(\d\d):(\d\d) GMT$/,k2=/^(Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday), (\d\d)-(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)-(\d\d) (\d\d):(\d\d):(\d\d) GMT$/,y2=/^(Mon|Tue|Wed|Thu|Fri|Sat|Sun) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ( \d|\d\d) (\d\d):(\d\d):(\d\d) (\d{4})$/;function Af(n){const[,e,t,i,s,l,o,r]=n;return[Cu(e,s,i,t,l,o,r),Mn.utcInstance]}function v2(n){const[,e,t,i,s,l,o,r]=n;return[Cu(e,r,t,i,s,l,o),Mn.utcInstance]}const w2=as(i2,$u),S2=as(l2,$u),T2=as(s2,$u),$2=as(X0),x0=us(f2,cs,uo,fo),C2=us(o2,cs,uo,fo),O2=us(r2,cs,uo,fo),M2=us(cs,uo,fo);function E2(n){return fs(n,[w2,x0],[S2,C2],[T2,O2],[$2,M2])}function D2(n){return fs(g2(n),[h2,_2])}function I2(n){return fs(n,[b2,Af],[k2,Af],[y2,v2])}function L2(n){return fs(n,[d2,p2])}const A2=us(cs);function P2(n){return fs(n,[c2,A2])}const N2=as(a2,u2),R2=as(Q0),F2=us(cs,uo,fo);function q2(n){return fs(n,[N2,x0],[R2,F2])}const Pf="Invalid Duration",ek={weeks:{days:7,hours:7*24,minutes:7*24*60,seconds:7*24*60*60,milliseconds:7*24*60*60*1e3},days:{hours:24,minutes:24*60,seconds:24*60*60,milliseconds:24*60*60*1e3},hours:{minutes:60,seconds:60*60,milliseconds:60*60*1e3},minutes:{seconds:60,milliseconds:60*1e3},seconds:{milliseconds:1e3}},j2={years:{quarters:4,months:12,weeks:52,days:365,hours:365*24,minutes:365*24*60,seconds:365*24*60*60,milliseconds:365*24*60*60*1e3},quarters:{months:3,weeks:13,days:91,hours:91*24,minutes:91*24*60,seconds:91*24*60*60,milliseconds:91*24*60*60*1e3},months:{weeks:4,days:30,hours:30*24,minutes:30*24*60,seconds:30*24*60*60,milliseconds:30*24*60*60*1e3},...ek},Xn=146097/400,Ul=146097/4800,H2={years:{quarters:4,months:12,weeks:Xn/7,days:Xn,hours:Xn*24,minutes:Xn*24*60,seconds:Xn*24*60*60,milliseconds:Xn*24*60*60*1e3},quarters:{months:3,weeks:Xn/28,days:Xn/4,hours:Xn*24/4,minutes:Xn*24*60/4,seconds:Xn*24*60*60/4,milliseconds:Xn*24*60*60*1e3/4},months:{weeks:Ul/7,days:Ul,hours:Ul*24,minutes:Ul*24*60,seconds:Ul*24*60*60,milliseconds:Ul*24*60*60*1e3},...ek},Sl=["years","quarters","months","weeks","days","hours","minutes","seconds","milliseconds"],z2=Sl.slice(0).reverse();function Ki(n,e,t=!1){const i={values:t?e.values:{...n.values,...e.values||{}},loc:n.loc.clone(e.loc),conversionAccuracy:e.conversionAccuracy||n.conversionAccuracy,matrix:e.matrix||n.matrix};return new Tt(i)}function tk(n,e){let t=e.milliseconds??0;for(const i of z2.slice(1))e[i]&&(t+=e[i]*n[i].milliseconds);return t}function Nf(n,e){const t=tk(n,e)<0?-1:1;Sl.reduceRight((i,s)=>{if(st(e[s]))return i;if(i){const l=e[i]*t,o=n[s][i],r=Math.floor(l/o);e[s]+=r*t,e[i]-=r*o*t}return s},null),Sl.reduce((i,s)=>{if(st(e[s]))return i;if(i){const l=e[i]%1;e[i]-=l,e[s]+=l*n[i][s]}return s},null)}function U2(n){const e={};for(const[t,i]of Object.entries(n))i!==0&&(e[t]=i);return e}class Tt{constructor(e){const t=e.conversionAccuracy==="longterm"||!1;let i=t?H2:j2;e.matrix&&(i=e.matrix),this.values=e.values,this.loc=e.loc||Dt.create(),this.conversionAccuracy=t?"longterm":"casual",this.invalid=e.invalid||null,this.matrix=i,this.isLuxonDuration=!0}static fromMillis(e,t){return Tt.fromObject({milliseconds:e},t)}static fromObject(e,t={}){if(e==null||typeof e!="object")throw new bn(`Duration.fromObject: argument expected to be an object, got ${e===null?"null":typeof e}`);return new Tt({values:fr(e,Tt.normalizeUnit),loc:Dt.fromObject(t),conversionAccuracy:t.conversionAccuracy,matrix:t.matrix})}static fromDurationLike(e){if(tl(e))return Tt.fromMillis(e);if(Tt.isDuration(e))return e;if(typeof e=="object")return Tt.fromObject(e);throw new bn(`Unknown duration argument ${e} of type ${typeof e}`)}static fromISO(e,t){const[i]=L2(e);return i?Tt.fromObject(i,t):Tt.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static fromISOTime(e,t){const[i]=P2(e);return i?Tt.fromObject(i,t):Tt.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static invalid(e,t=null){if(!e)throw new bn("need to specify a reason the Duration is invalid");const i=e instanceof ci?e:new ci(e,t);if(xt.throwOnInvalid)throw new pv(i);return new Tt({invalid:i})}static normalizeUnit(e){const t={year:"years",years:"years",quarter:"quarters",quarters:"quarters",month:"months",months:"months",week:"weeks",weeks:"weeks",day:"days",days:"days",hour:"hours",hours:"hours",minute:"minutes",minutes:"minutes",second:"seconds",seconds:"seconds",millisecond:"milliseconds",milliseconds:"milliseconds"}[e&&e.toLowerCase()];if(!t)throw new u0(e);return t}static isDuration(e){return e&&e.isLuxonDuration||!1}get locale(){return this.isValid?this.loc.locale:null}get numberingSystem(){return this.isValid?this.loc.numberingSystem:null}toFormat(e,t={}){const i={...t,floor:t.round!==!1&&t.floor!==!1};return this.isValid?yn.create(this.loc,i).formatDurationFromString(this,e):Pf}toHuman(e={}){if(!this.isValid)return Pf;const t=Sl.map(i=>{const s=this.values[i];return st(s)?null:this.loc.numberFormatter({style:"unit",unitDisplay:"long",...e,unit:i.slice(0,-1)}).format(s)}).filter(i=>i);return this.loc.listFormatter({type:"conjunction",style:e.listStyle||"narrow",...e}).format(t)}toObject(){return this.isValid?{...this.values}:{}}toISO(){if(!this.isValid)return null;let e="P";return this.years!==0&&(e+=this.years+"Y"),(this.months!==0||this.quarters!==0)&&(e+=this.months+this.quarters*3+"M"),this.weeks!==0&&(e+=this.weeks+"W"),this.days!==0&&(e+=this.days+"D"),(this.hours!==0||this.minutes!==0||this.seconds!==0||this.milliseconds!==0)&&(e+="T"),this.hours!==0&&(e+=this.hours+"H"),this.minutes!==0&&(e+=this.minutes+"M"),(this.seconds!==0||this.milliseconds!==0)&&(e+=Su(this.seconds+this.milliseconds/1e3,3)+"S"),e==="P"&&(e+="T0S"),e}toISOTime(e={}){if(!this.isValid)return null;const t=this.toMillis();return t<0||t>=864e5?null:(e={suppressMilliseconds:!1,suppressSeconds:!1,includePrefix:!1,format:"extended",...e,includeOffset:!1},Xe.fromMillis(t,{zone:"UTC"}).toISOTime(e))}toJSON(){return this.toISO()}toString(){return this.toISO()}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`Duration { values: ${JSON.stringify(this.values)} }`:`Duration { Invalid, reason: ${this.invalidReason} }`}toMillis(){return this.isValid?tk(this.matrix,this.values):NaN}valueOf(){return this.toMillis()}plus(e){if(!this.isValid)return this;const t=Tt.fromDurationLike(e),i={};for(const s of Sl)(ns(t.values,s)||ns(this.values,s))&&(i[s]=t.get(s)+this.get(s));return Ki(this,{values:i},!0)}minus(e){if(!this.isValid)return this;const t=Tt.fromDurationLike(e);return this.plus(t.negate())}mapUnits(e){if(!this.isValid)return this;const t={};for(const i of Object.keys(this.values))t[i]=H0(e(this.values[i],i));return Ki(this,{values:t},!0)}get(e){return this[Tt.normalizeUnit(e)]}set(e){if(!this.isValid)return this;const t={...this.values,...fr(e,Tt.normalizeUnit)};return Ki(this,{values:t})}reconfigure({locale:e,numberingSystem:t,conversionAccuracy:i,matrix:s}={}){const o={loc:this.loc.clone({locale:e,numberingSystem:t}),matrix:s,conversionAccuracy:i};return Ki(this,o)}as(e){return this.isValid?this.shiftTo(e).get(e):NaN}normalize(){if(!this.isValid)return this;const e=this.toObject();return Nf(this.matrix,e),Ki(this,{values:e},!0)}rescale(){if(!this.isValid)return this;const e=U2(this.normalize().shiftToAll().toObject());return Ki(this,{values:e},!0)}shiftTo(...e){if(!this.isValid)return this;if(e.length===0)return this;e=e.map(o=>Tt.normalizeUnit(o));const t={},i={},s=this.toObject();let l;for(const o of Sl)if(e.indexOf(o)>=0){l=o;let r=0;for(const u in i)r+=this.matrix[u][o]*i[u],i[u]=0;tl(s[o])&&(r+=s[o]);const a=Math.trunc(r);t[o]=a,i[o]=(r*1e3-a*1e3)/1e3}else tl(s[o])&&(i[o]=s[o]);for(const o in i)i[o]!==0&&(t[l]+=o===l?i[o]:i[o]/this.matrix[l][o]);return Nf(this.matrix,t),Ki(this,{values:t},!0)}shiftToAll(){return this.isValid?this.shiftTo("years","months","weeks","days","hours","minutes","seconds","milliseconds"):this}negate(){if(!this.isValid)return this;const e={};for(const t of Object.keys(this.values))e[t]=this.values[t]===0?0:-this.values[t];return Ki(this,{values:e},!0)}get years(){return this.isValid?this.values.years||0:NaN}get quarters(){return this.isValid?this.values.quarters||0:NaN}get months(){return this.isValid?this.values.months||0:NaN}get weeks(){return this.isValid?this.values.weeks||0:NaN}get days(){return this.isValid?this.values.days||0:NaN}get hours(){return this.isValid?this.values.hours||0:NaN}get minutes(){return this.isValid?this.values.minutes||0:NaN}get seconds(){return this.isValid?this.values.seconds||0:NaN}get milliseconds(){return this.isValid?this.values.milliseconds||0:NaN}get isValid(){return this.invalid===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}equals(e){if(!this.isValid||!e.isValid||!this.loc.equals(e.loc))return!1;function t(i,s){return i===void 0||i===0?s===void 0||s===0:i===s}for(const i of Sl)if(!t(this.values[i],e.values[i]))return!1;return!0}}const Vl="Invalid Interval";function V2(n,e){return!n||!n.isValid?Qt.invalid("missing or invalid start"):!e||!e.isValid?Qt.invalid("missing or invalid end"):ee:!1}isBefore(e){return this.isValid?this.e<=e:!1}contains(e){return this.isValid?this.s<=e&&this.e>e:!1}set({start:e,end:t}={}){return this.isValid?Qt.fromDateTimes(e||this.s,t||this.e):this}splitAt(...e){if(!this.isValid)return[];const t=e.map(ks).filter(o=>this.contains(o)).sort((o,r)=>o.toMillis()-r.toMillis()),i=[];let{s}=this,l=0;for(;s+this.e?this.e:o;i.push(Qt.fromDateTimes(s,r)),s=r,l+=1}return i}splitBy(e){const t=Tt.fromDurationLike(e);if(!this.isValid||!t.isValid||t.as("milliseconds")===0)return[];let{s:i}=this,s=1,l;const o=[];for(;ia*s));l=+r>+this.e?this.e:r,o.push(Qt.fromDateTimes(i,l)),i=l,s+=1}return o}divideEqually(e){return this.isValid?this.splitBy(this.length()/e).slice(0,e):[]}overlaps(e){return this.e>e.s&&this.s=e.e:!1}equals(e){return!this.isValid||!e.isValid?!1:this.s.equals(e.s)&&this.e.equals(e.e)}intersection(e){if(!this.isValid)return this;const t=this.s>e.s?this.s:e.s,i=this.e=i?null:Qt.fromDateTimes(t,i)}union(e){if(!this.isValid)return this;const t=this.se.e?this.e:e.e;return Qt.fromDateTimes(t,i)}static merge(e){const[t,i]=e.sort((s,l)=>s.s-l.s).reduce(([s,l],o)=>l?l.overlaps(o)||l.abutsStart(o)?[s,l.union(o)]:[s.concat([l]),o]:[s,o],[[],null]);return i&&t.push(i),t}static xor(e){let t=null,i=0;const s=[],l=e.map(a=>[{time:a.s,type:"s"},{time:a.e,type:"e"}]),o=Array.prototype.concat(...l),r=o.sort((a,u)=>a.time-u.time);for(const a of r)i+=a.type==="s"?1:-1,i===1?t=a.time:(t&&+t!=+a.time&&s.push(Qt.fromDateTimes(t,a.time)),t=null);return Qt.merge(s)}difference(...e){return Qt.xor([this].concat(e)).map(t=>this.intersection(t)).filter(t=>t&&!t.isEmpty())}toString(){return this.isValid?`[${this.s.toISO()} – ${this.e.toISO()})`:Vl}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`Interval { start: ${this.s.toISO()}, end: ${this.e.toISO()} }`:`Interval { Invalid, reason: ${this.invalidReason} }`}toLocaleString(e=rr,t={}){return this.isValid?yn.create(this.s.loc.clone(t),e).formatInterval(this):Vl}toISO(e){return this.isValid?`${this.s.toISO(e)}/${this.e.toISO(e)}`:Vl}toISODate(){return this.isValid?`${this.s.toISODate()}/${this.e.toISODate()}`:Vl}toISOTime(e){return this.isValid?`${this.s.toISOTime(e)}/${this.e.toISOTime(e)}`:Vl}toFormat(e,{separator:t=" – "}={}){return this.isValid?`${this.s.toFormat(e)}${t}${this.e.toFormat(e)}`:Vl}toDuration(e,t){return this.isValid?this.e.diff(this.s,e,t):Tt.invalid(this.invalidReason)}mapEndpoints(e){return Qt.fromDateTimes(e(this.s),e(this.e))}}class To{static hasDST(e=xt.defaultZone){const t=Xe.now().setZone(e).set({month:12});return!e.isUniversal&&t.offset!==t.set({month:6}).offset}static isValidIANAZone(e){return ji.isValidZone(e)}static normalizeZone(e){return Xi(e,xt.defaultZone)}static getStartOfWeek({locale:e=null,locObj:t=null}={}){return(t||Dt.create(e)).getStartOfWeek()}static getMinimumDaysInFirstWeek({locale:e=null,locObj:t=null}={}){return(t||Dt.create(e)).getMinDaysInFirstWeek()}static getWeekendWeekdays({locale:e=null,locObj:t=null}={}){return(t||Dt.create(e)).getWeekendDays().slice()}static months(e="long",{locale:t=null,numberingSystem:i=null,locObj:s=null,outputCalendar:l="gregory"}={}){return(s||Dt.create(t,i,l)).months(e)}static monthsFormat(e="long",{locale:t=null,numberingSystem:i=null,locObj:s=null,outputCalendar:l="gregory"}={}){return(s||Dt.create(t,i,l)).months(e,!0)}static weekdays(e="long",{locale:t=null,numberingSystem:i=null,locObj:s=null}={}){return(s||Dt.create(t,i,null)).weekdays(e)}static weekdaysFormat(e="long",{locale:t=null,numberingSystem:i=null,locObj:s=null}={}){return(s||Dt.create(t,i,null)).weekdays(e,!0)}static meridiems({locale:e=null}={}){return Dt.create(e).meridiems()}static eras(e="short",{locale:t=null}={}){return Dt.create(t,null,"gregory").eras(e)}static features(){return{relative:F0(),localeWeek:q0()}}}function Rf(n,e){const t=s=>s.toUTC(0,{keepLocalTime:!0}).startOf("day").valueOf(),i=t(e)-t(n);return Math.floor(Tt.fromMillis(i).as("days"))}function B2(n,e,t){const i=[["years",(a,u)=>u.year-a.year],["quarters",(a,u)=>u.quarter-a.quarter+(u.year-a.year)*4],["months",(a,u)=>u.month-a.month+(u.year-a.year)*12],["weeks",(a,u)=>{const f=Rf(a,u);return(f-f%7)/7}],["days",Rf]],s={},l=n;let o,r;for(const[a,u]of i)t.indexOf(a)>=0&&(o=a,s[a]=u(n,e),r=l.plus(s),r>e?(s[a]--,n=l.plus(s),n>e&&(r=n,s[a]--,n=l.plus(s))):n=r);return[n,s,r,o]}function W2(n,e,t,i){let[s,l,o,r]=B2(n,e,t);const a=e-s,u=t.filter(c=>["hours","minutes","seconds","milliseconds"].indexOf(c)>=0);u.length===0&&(o0?Tt.fromMillis(a,i).shiftTo(...u).plus(f):f}const Y2="missing Intl.DateTimeFormat.formatToParts support";function Ot(n,e=t=>t){return{regex:n,deser:([t])=>e(Nv(t))}}const K2=" ",nk=`[ ${K2}]`,ik=new RegExp(nk,"g");function J2(n){return n.replace(/\./g,"\\.?").replace(ik,nk)}function Ff(n){return n.replace(/\./g,"").replace(ik," ").toLowerCase()}function fi(n,e){return n===null?null:{regex:RegExp(n.map(J2).join("|")),deser:([t])=>n.findIndex(i=>Ff(t)===Ff(i))+e}}function qf(n,e){return{regex:n,deser:([,t,i])=>Cr(t,i),groups:e}}function $o(n){return{regex:n,deser:([e])=>e}}function Z2(n){return n.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}function G2(n,e){const t=ui(e),i=ui(e,"{2}"),s=ui(e,"{3}"),l=ui(e,"{4}"),o=ui(e,"{6}"),r=ui(e,"{1,2}"),a=ui(e,"{1,3}"),u=ui(e,"{1,6}"),f=ui(e,"{1,9}"),c=ui(e,"{2,4}"),d=ui(e,"{4,6}"),m=_=>({regex:RegExp(Z2(_.val)),deser:([k])=>k,literal:!0}),g=(_=>{if(n.literal)return m(_);switch(_.val){case"G":return fi(e.eras("short"),0);case"GG":return fi(e.eras("long"),0);case"y":return Ot(u);case"yy":return Ot(c,Va);case"yyyy":return Ot(l);case"yyyyy":return Ot(d);case"yyyyyy":return Ot(o);case"M":return Ot(r);case"MM":return Ot(i);case"MMM":return fi(e.months("short",!0),1);case"MMMM":return fi(e.months("long",!0),1);case"L":return Ot(r);case"LL":return Ot(i);case"LLL":return fi(e.months("short",!1),1);case"LLLL":return fi(e.months("long",!1),1);case"d":return Ot(r);case"dd":return Ot(i);case"o":return Ot(a);case"ooo":return Ot(s);case"HH":return Ot(i);case"H":return Ot(r);case"hh":return Ot(i);case"h":return Ot(r);case"mm":return Ot(i);case"m":return Ot(r);case"q":return Ot(r);case"qq":return Ot(i);case"s":return Ot(r);case"ss":return Ot(i);case"S":return Ot(a);case"SSS":return Ot(s);case"u":return $o(f);case"uu":return $o(r);case"uuu":return Ot(t);case"a":return fi(e.meridiems(),0);case"kkkk":return Ot(l);case"kk":return Ot(c,Va);case"W":return Ot(r);case"WW":return Ot(i);case"E":case"c":return Ot(t);case"EEE":return fi(e.weekdays("short",!1),1);case"EEEE":return fi(e.weekdays("long",!1),1);case"ccc":return fi(e.weekdays("short",!0),1);case"cccc":return fi(e.weekdays("long",!0),1);case"Z":case"ZZ":return qf(new RegExp(`([+-]${r.source})(?::(${i.source}))?`),2);case"ZZZ":return qf(new RegExp(`([+-]${r.source})(${i.source})?`),2);case"z":return $o(/[a-z_+-/]{1,256}?/i);case" ":return $o(/[^\S\n\r]/);default:return m(_)}})(n)||{invalidReason:Y2};return g.token=n,g}const X2={year:{"2-digit":"yy",numeric:"yyyyy"},month:{numeric:"M","2-digit":"MM",short:"MMM",long:"MMMM"},day:{numeric:"d","2-digit":"dd"},weekday:{short:"EEE",long:"EEEE"},dayperiod:"a",dayPeriod:"a",hour12:{numeric:"h","2-digit":"hh"},hour24:{numeric:"H","2-digit":"HH"},minute:{numeric:"m","2-digit":"mm"},second:{numeric:"s","2-digit":"ss"},timeZoneName:{long:"ZZZZZ",short:"ZZZ"}};function Q2(n,e,t){const{type:i,value:s}=n;if(i==="literal"){const a=/^\s+$/.test(s);return{literal:!a,val:a?" ":s}}const l=e[i];let o=i;i==="hour"&&(e.hour12!=null?o=e.hour12?"hour12":"hour24":e.hourCycle!=null?e.hourCycle==="h11"||e.hourCycle==="h12"?o="hour12":o="hour24":o=t.hour12?"hour12":"hour24");let r=X2[o];if(typeof r=="object"&&(r=r[l]),r)return{literal:!1,val:r}}function x2(n){return[`^${n.map(t=>t.regex).reduce((t,i)=>`${t}(${i.source})`,"")}$`,n]}function ew(n,e,t){const i=n.match(e);if(i){const s={};let l=1;for(const o in t)if(ns(t,o)){const r=t[o],a=r.groups?r.groups+1:1;!r.literal&&r.token&&(s[r.token.val[0]]=r.deser(i.slice(l,l+a))),l+=a}return[i,s]}else return[i,{}]}function tw(n){const e=l=>{switch(l){case"S":return"millisecond";case"s":return"second";case"m":return"minute";case"h":case"H":return"hour";case"d":return"day";case"o":return"ordinal";case"L":case"M":return"month";case"y":return"year";case"E":case"c":return"weekday";case"W":return"weekNumber";case"k":return"weekYear";case"q":return"quarter";default:return null}};let t=null,i;return st(n.z)||(t=ji.create(n.z)),st(n.Z)||(t||(t=new Mn(n.Z)),i=n.Z),st(n.q)||(n.M=(n.q-1)*3+1),st(n.h)||(n.h<12&&n.a===1?n.h+=12:n.h===12&&n.a===0&&(n.h=0)),n.G===0&&n.y&&(n.y=-n.y),st(n.u)||(n.S=wu(n.u)),[Object.keys(n).reduce((l,o)=>{const r=e(o);return r&&(l[r]=n[o]),l},{}),t,i]}let Gr=null;function nw(){return Gr||(Gr=Xe.fromMillis(1555555555555)),Gr}function iw(n,e){if(n.literal)return n;const t=yn.macroTokenToFormatOpts(n.val),i=rk(t,e);return i==null||i.includes(void 0)?n:i}function lk(n,e){return Array.prototype.concat(...n.map(t=>iw(t,e)))}class sk{constructor(e,t){if(this.locale=e,this.format=t,this.tokens=lk(yn.parseFormat(t),e),this.units=this.tokens.map(i=>G2(i,e)),this.disqualifyingUnit=this.units.find(i=>i.invalidReason),!this.disqualifyingUnit){const[i,s]=x2(this.units);this.regex=RegExp(i,"i"),this.handlers=s}}explainFromTokens(e){if(this.isValid){const[t,i]=ew(e,this.regex,this.handlers),[s,l,o]=i?tw(i):[null,null,void 0];if(ns(i,"a")&&ns(i,"H"))throw new Jl("Can't include meridiem when specifying 24-hour format");return{input:e,tokens:this.tokens,regex:this.regex,rawMatches:t,matches:i,result:s,zone:l,specificOffset:o}}else return{input:e,tokens:this.tokens,invalidReason:this.invalidReason}}get isValid(){return!this.disqualifyingUnit}get invalidReason(){return this.disqualifyingUnit?this.disqualifyingUnit.invalidReason:null}}function ok(n,e,t){return new sk(n,t).explainFromTokens(e)}function lw(n,e,t){const{result:i,zone:s,specificOffset:l,invalidReason:o}=ok(n,e,t);return[i,s,l,o]}function rk(n,e){if(!n)return null;const i=yn.create(e,n).dtFormatter(nw()),s=i.formatToParts(),l=i.resolvedOptions();return s.map(o=>Q2(o,n,l))}const Xr="Invalid DateTime",sw=864e13;function Cs(n){return new ci("unsupported zone",`the zone "${n.name}" is not supported`)}function Qr(n){return n.weekData===null&&(n.weekData=ar(n.c)),n.weekData}function xr(n){return n.localWeekData===null&&(n.localWeekData=ar(n.c,n.loc.getMinDaysInFirstWeek(),n.loc.getStartOfWeek())),n.localWeekData}function hl(n,e){const t={ts:n.ts,zone:n.zone,c:n.c,o:n.o,loc:n.loc,invalid:n.invalid};return new Xe({...t,...e,old:t})}function ak(n,e,t){let i=n-e*60*1e3;const s=t.offset(i);if(e===s)return[i,e];i-=(s-e)*60*1e3;const l=t.offset(i);return s===l?[i,s]:[n-Math.min(s,l)*60*1e3,Math.max(s,l)]}function Co(n,e){n+=e*60*1e3;const t=new Date(n);return{year:t.getUTCFullYear(),month:t.getUTCMonth()+1,day:t.getUTCDate(),hour:t.getUTCHours(),minute:t.getUTCMinutes(),second:t.getUTCSeconds(),millisecond:t.getUTCMilliseconds()}}function Go(n,e,t){return ak($r(n),e,t)}function jf(n,e){const t=n.o,i=n.c.year+Math.trunc(e.years),s=n.c.month+Math.trunc(e.months)+Math.trunc(e.quarters)*3,l={...n.c,year:i,month:s,day:Math.min(n.c.day,ur(i,s))+Math.trunc(e.days)+Math.trunc(e.weeks)*7},o=Tt.fromObject({years:e.years-Math.trunc(e.years),quarters:e.quarters-Math.trunc(e.quarters),months:e.months-Math.trunc(e.months),weeks:e.weeks-Math.trunc(e.weeks),days:e.days-Math.trunc(e.days),hours:e.hours,minutes:e.minutes,seconds:e.seconds,milliseconds:e.milliseconds}).as("milliseconds"),r=$r(l);let[a,u]=ak(r,t,n.zone);return o!==0&&(a+=o,u=n.zone.offset(a)),{ts:a,o:u}}function Bl(n,e,t,i,s,l){const{setZone:o,zone:r}=t;if(n&&Object.keys(n).length!==0||e){const a=e||r,u=Xe.fromObject(n,{...t,zone:a,specificOffset:l});return o?u:u.setZone(r)}else return Xe.invalid(new ci("unparsable",`the input "${s}" can't be parsed as ${i}`))}function Oo(n,e,t=!0){return n.isValid?yn.create(Dt.create("en-US"),{allowZ:t,forceSimple:!0}).formatDateTimeFromString(n,e):null}function ea(n,e){const t=n.c.year>9999||n.c.year<0;let i="";return t&&n.c.year>=0&&(i+="+"),i+=ln(n.c.year,t?6:4),e?(i+="-",i+=ln(n.c.month),i+="-",i+=ln(n.c.day)):(i+=ln(n.c.month),i+=ln(n.c.day)),i}function Hf(n,e,t,i,s,l){let o=ln(n.c.hour);return e?(o+=":",o+=ln(n.c.minute),(n.c.millisecond!==0||n.c.second!==0||!t)&&(o+=":")):o+=ln(n.c.minute),(n.c.millisecond!==0||n.c.second!==0||!t)&&(o+=ln(n.c.second),(n.c.millisecond!==0||!i)&&(o+=".",o+=ln(n.c.millisecond,3))),s&&(n.isOffsetFixed&&n.offset===0&&!l?o+="Z":n.o<0?(o+="-",o+=ln(Math.trunc(-n.o/60)),o+=":",o+=ln(Math.trunc(-n.o%60))):(o+="+",o+=ln(Math.trunc(n.o/60)),o+=":",o+=ln(Math.trunc(n.o%60)))),l&&(o+="["+n.zone.ianaName+"]"),o}const uk={month:1,day:1,hour:0,minute:0,second:0,millisecond:0},ow={weekNumber:1,weekday:1,hour:0,minute:0,second:0,millisecond:0},rw={ordinal:1,hour:0,minute:0,second:0,millisecond:0},fk=["year","month","day","hour","minute","second","millisecond"],aw=["weekYear","weekNumber","weekday","hour","minute","second","millisecond"],uw=["year","ordinal","hour","minute","second","millisecond"];function fw(n){const e={year:"year",years:"year",month:"month",months:"month",day:"day",days:"day",hour:"hour",hours:"hour",minute:"minute",minutes:"minute",quarter:"quarter",quarters:"quarter",second:"second",seconds:"second",millisecond:"millisecond",milliseconds:"millisecond",weekday:"weekday",weekdays:"weekday",weeknumber:"weekNumber",weeksnumber:"weekNumber",weeknumbers:"weekNumber",weekyear:"weekYear",weekyears:"weekYear",ordinal:"ordinal"}[n.toLowerCase()];if(!e)throw new u0(n);return e}function zf(n){switch(n.toLowerCase()){case"localweekday":case"localweekdays":return"localWeekday";case"localweeknumber":case"localweeknumbers":return"localWeekNumber";case"localweekyear":case"localweekyears":return"localWeekYear";default:return fw(n)}}function cw(n){if(Os===void 0&&(Os=xt.now()),n.type!=="iana")return n.offset(Os);const e=n.name;let t=Ba.get(e);return t===void 0&&(t=n.offset(Os),Ba.set(e,t)),t}function Uf(n,e){const t=Xi(e.zone,xt.defaultZone);if(!t.isValid)return Xe.invalid(Cs(t));const i=Dt.fromObject(e);let s,l;if(st(n.year))s=xt.now();else{for(const a of fk)st(n[a])&&(n[a]=uk[a]);const o=N0(n)||R0(n);if(o)return Xe.invalid(o);const r=cw(t);[s,l]=Go(n,r,t)}return new Xe({ts:s,zone:t,loc:i,o:l})}function Vf(n,e,t){const i=st(t.round)?!0:t.round,s=(o,r)=>(o=Su(o,i||t.calendary?0:2,!0),e.loc.clone(t).relFormatter(t).format(o,r)),l=o=>t.calendary?e.hasSame(n,o)?0:e.startOf(o).diff(n.startOf(o),o).get(o):e.diff(n,o).get(o);if(t.unit)return s(l(t.unit),t.unit);for(const o of t.units){const r=l(o);if(Math.abs(r)>=1)return s(r,o)}return s(n>e?-0:0,t.units[t.units.length-1])}function Bf(n){let e={},t;return n.length>0&&typeof n[n.length-1]=="object"?(e=n[n.length-1],t=Array.from(n).slice(0,n.length-1)):t=Array.from(n),[e,t]}let Os;const Ba=new Map;class Xe{constructor(e){const t=e.zone||xt.defaultZone;let i=e.invalid||(Number.isNaN(e.ts)?new ci("invalid input"):null)||(t.isValid?null:Cs(t));this.ts=st(e.ts)?xt.now():e.ts;let s=null,l=null;if(!i)if(e.old&&e.old.ts===this.ts&&e.old.zone.equals(t))[s,l]=[e.old.c,e.old.o];else{const r=tl(e.o)&&!e.old?e.o:t.offset(this.ts);s=Co(this.ts,r),i=Number.isNaN(s.year)?new ci("invalid input"):null,s=i?null:s,l=i?null:r}this._zone=t,this.loc=e.loc||Dt.create(),this.invalid=i,this.weekData=null,this.localWeekData=null,this.c=s,this.o=l,this.isLuxonDateTime=!0}static now(){return new Xe({})}static local(){const[e,t]=Bf(arguments),[i,s,l,o,r,a,u]=t;return Uf({year:i,month:s,day:l,hour:o,minute:r,second:a,millisecond:u},e)}static utc(){const[e,t]=Bf(arguments),[i,s,l,o,r,a,u]=t;return e.zone=Mn.utcInstance,Uf({year:i,month:s,day:l,hour:o,minute:r,second:a,millisecond:u},e)}static fromJSDate(e,t={}){const i=Hv(e)?e.valueOf():NaN;if(Number.isNaN(i))return Xe.invalid("invalid input");const s=Xi(t.zone,xt.defaultZone);return s.isValid?new Xe({ts:i,zone:s,loc:Dt.fromObject(t)}):Xe.invalid(Cs(s))}static fromMillis(e,t={}){if(tl(e))return e<-864e13||e>sw?Xe.invalid("Timestamp out of range"):new Xe({ts:e,zone:Xi(t.zone,xt.defaultZone),loc:Dt.fromObject(t)});throw new bn(`fromMillis requires a numerical input, but received a ${typeof e} with value ${e}`)}static fromSeconds(e,t={}){if(tl(e))return new Xe({ts:e*1e3,zone:Xi(t.zone,xt.defaultZone),loc:Dt.fromObject(t)});throw new bn("fromSeconds requires a numerical input")}static fromObject(e,t={}){e=e||{};const i=Xi(t.zone,xt.defaultZone);if(!i.isValid)return Xe.invalid(Cs(i));const s=Dt.fromObject(t),l=fr(e,zf),{minDaysInFirstWeek:o,startOfWeek:r}=Ef(l,s),a=xt.now(),u=st(t.specificOffset)?i.offset(a):t.specificOffset,f=!st(l.ordinal),c=!st(l.year),d=!st(l.month)||!st(l.day),m=c||d,h=l.weekYear||l.weekNumber;if((m||f)&&h)throw new Jl("Can't mix weekYear/weekNumber units with year/month/day or ordinals");if(d&&f)throw new Jl("Can't mix ordinal dates with month/day");const g=h||l.weekday&&!m;let _,k,S=Co(a,u);g?(_=aw,k=ow,S=ar(S,o,r)):f?(_=uw,k=rw,S=Zr(S)):(_=fk,k=uk);let $=!1;for(const P of _){const N=l[P];st(N)?$?l[P]=k[P]:l[P]=S[P]:$=!0}const T=g?Fv(l,o,r):f?qv(l):N0(l),O=T||R0(l);if(O)return Xe.invalid(O);const E=g?Of(l,o,r):f?Mf(l):l,[L,I]=Go(E,u,i),A=new Xe({ts:L,zone:i,o:I,loc:s});return l.weekday&&m&&e.weekday!==A.weekday?Xe.invalid("mismatched weekday",`you can't specify both a weekday of ${l.weekday} and a date of ${A.toISO()}`):A.isValid?A:Xe.invalid(A.invalid)}static fromISO(e,t={}){const[i,s]=E2(e);return Bl(i,s,t,"ISO 8601",e)}static fromRFC2822(e,t={}){const[i,s]=D2(e);return Bl(i,s,t,"RFC 2822",e)}static fromHTTP(e,t={}){const[i,s]=I2(e);return Bl(i,s,t,"HTTP",t)}static fromFormat(e,t,i={}){if(st(e)||st(t))throw new bn("fromFormat requires an input string and a format");const{locale:s=null,numberingSystem:l=null}=i,o=Dt.fromOpts({locale:s,numberingSystem:l,defaultToEN:!0}),[r,a,u,f]=lw(o,e,t);return f?Xe.invalid(f):Bl(r,a,i,`format ${t}`,e,u)}static fromString(e,t,i={}){return Xe.fromFormat(e,t,i)}static fromSQL(e,t={}){const[i,s]=q2(e);return Bl(i,s,t,"SQL",e)}static invalid(e,t=null){if(!e)throw new bn("need to specify a reason the DateTime is invalid");const i=e instanceof ci?e:new ci(e,t);if(xt.throwOnInvalid)throw new cv(i);return new Xe({invalid:i})}static isDateTime(e){return e&&e.isLuxonDateTime||!1}static parseFormatForOpts(e,t={}){const i=rk(e,Dt.fromObject(t));return i?i.map(s=>s?s.val:null).join(""):null}static expandFormat(e,t={}){return lk(yn.parseFormat(e),Dt.fromObject(t)).map(s=>s.val).join("")}static resetCache(){Os=void 0,Ba.clear()}get(e){return this[e]}get isValid(){return this.invalid===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}get locale(){return this.isValid?this.loc.locale:null}get numberingSystem(){return this.isValid?this.loc.numberingSystem:null}get outputCalendar(){return this.isValid?this.loc.outputCalendar:null}get zone(){return this._zone}get zoneName(){return this.isValid?this.zone.name:null}get year(){return this.isValid?this.c.year:NaN}get quarter(){return this.isValid?Math.ceil(this.c.month/3):NaN}get month(){return this.isValid?this.c.month:NaN}get day(){return this.isValid?this.c.day:NaN}get hour(){return this.isValid?this.c.hour:NaN}get minute(){return this.isValid?this.c.minute:NaN}get second(){return this.isValid?this.c.second:NaN}get millisecond(){return this.isValid?this.c.millisecond:NaN}get weekYear(){return this.isValid?Qr(this).weekYear:NaN}get weekNumber(){return this.isValid?Qr(this).weekNumber:NaN}get weekday(){return this.isValid?Qr(this).weekday:NaN}get isWeekend(){return this.isValid&&this.loc.getWeekendDays().includes(this.weekday)}get localWeekday(){return this.isValid?xr(this).weekday:NaN}get localWeekNumber(){return this.isValid?xr(this).weekNumber:NaN}get localWeekYear(){return this.isValid?xr(this).weekYear:NaN}get ordinal(){return this.isValid?Zr(this.c).ordinal:NaN}get monthShort(){return this.isValid?To.months("short",{locObj:this.loc})[this.month-1]:null}get monthLong(){return this.isValid?To.months("long",{locObj:this.loc})[this.month-1]:null}get weekdayShort(){return this.isValid?To.weekdays("short",{locObj:this.loc})[this.weekday-1]:null}get weekdayLong(){return this.isValid?To.weekdays("long",{locObj:this.loc})[this.weekday-1]:null}get offset(){return this.isValid?+this.o:NaN}get offsetNameShort(){return this.isValid?this.zone.offsetName(this.ts,{format:"short",locale:this.locale}):null}get offsetNameLong(){return this.isValid?this.zone.offsetName(this.ts,{format:"long",locale:this.locale}):null}get isOffsetFixed(){return this.isValid?this.zone.isUniversal:null}get isInDST(){return this.isOffsetFixed?!1:this.offset>this.set({month:1,day:1}).offset||this.offset>this.set({month:5}).offset}getPossibleOffsets(){if(!this.isValid||this.isOffsetFixed)return[this];const e=864e5,t=6e4,i=$r(this.c),s=this.zone.offset(i-e),l=this.zone.offset(i+e),o=this.zone.offset(i-s*t),r=this.zone.offset(i-l*t);if(o===r)return[this];const a=i-o*t,u=i-r*t,f=Co(a,o),c=Co(u,r);return f.hour===c.hour&&f.minute===c.minute&&f.second===c.second&&f.millisecond===c.millisecond?[hl(this,{ts:a}),hl(this,{ts:u})]:[this]}get isInLeapYear(){return ao(this.year)}get daysInMonth(){return ur(this.year,this.month)}get daysInYear(){return this.isValid?Xl(this.year):NaN}get weeksInWeekYear(){return this.isValid?Ws(this.weekYear):NaN}get weeksInLocalWeekYear(){return this.isValid?Ws(this.localWeekYear,this.loc.getMinDaysInFirstWeek(),this.loc.getStartOfWeek()):NaN}resolvedLocaleOptions(e={}){const{locale:t,numberingSystem:i,calendar:s}=yn.create(this.loc.clone(e),e).resolvedOptions(this);return{locale:t,numberingSystem:i,outputCalendar:s}}toUTC(e=0,t={}){return this.setZone(Mn.instance(e),t)}toLocal(){return this.setZone(xt.defaultZone)}setZone(e,{keepLocalTime:t=!1,keepCalendarTime:i=!1}={}){if(e=Xi(e,xt.defaultZone),e.equals(this.zone))return this;if(e.isValid){let s=this.ts;if(t||i){const l=e.offset(this.ts),o=this.toObject();[s]=Go(o,l,e)}return hl(this,{ts:s,zone:e})}else return Xe.invalid(Cs(e))}reconfigure({locale:e,numberingSystem:t,outputCalendar:i}={}){const s=this.loc.clone({locale:e,numberingSystem:t,outputCalendar:i});return hl(this,{loc:s})}setLocale(e){return this.reconfigure({locale:e})}set(e){if(!this.isValid)return this;const t=fr(e,zf),{minDaysInFirstWeek:i,startOfWeek:s}=Ef(t,this.loc),l=!st(t.weekYear)||!st(t.weekNumber)||!st(t.weekday),o=!st(t.ordinal),r=!st(t.year),a=!st(t.month)||!st(t.day),u=r||a,f=t.weekYear||t.weekNumber;if((u||o)&&f)throw new Jl("Can't mix weekYear/weekNumber units with year/month/day or ordinals");if(a&&o)throw new Jl("Can't mix ordinal dates with month/day");let c;l?c=Of({...ar(this.c,i,s),...t},i,s):st(t.ordinal)?(c={...this.toObject(),...t},st(t.day)&&(c.day=Math.min(ur(c.year,c.month),c.day))):c=Mf({...Zr(this.c),...t});const[d,m]=Go(c,this.o,this.zone);return hl(this,{ts:d,o:m})}plus(e){if(!this.isValid)return this;const t=Tt.fromDurationLike(e);return hl(this,jf(this,t))}minus(e){if(!this.isValid)return this;const t=Tt.fromDurationLike(e).negate();return hl(this,jf(this,t))}startOf(e,{useLocaleWeeks:t=!1}={}){if(!this.isValid)return this;const i={},s=Tt.normalizeUnit(e);switch(s){case"years":i.month=1;case"quarters":case"months":i.day=1;case"weeks":case"days":i.hour=0;case"hours":i.minute=0;case"minutes":i.second=0;case"seconds":i.millisecond=0;break}if(s==="weeks")if(t){const l=this.loc.getStartOfWeek(),{weekday:o}=this;othis.valueOf(),r=o?this:e,a=o?e:this,u=W2(r,a,l,s);return o?u.negate():u}diffNow(e="milliseconds",t={}){return this.diff(Xe.now(),e,t)}until(e){return this.isValid?Qt.fromDateTimes(this,e):this}hasSame(e,t,i){if(!this.isValid)return!1;const s=e.valueOf(),l=this.setZone(e.zone,{keepLocalTime:!0});return l.startOf(t,i)<=s&&s<=l.endOf(t,i)}equals(e){return this.isValid&&e.isValid&&this.valueOf()===e.valueOf()&&this.zone.equals(e.zone)&&this.loc.equals(e.loc)}toRelative(e={}){if(!this.isValid)return null;const t=e.base||Xe.fromObject({},{zone:this.zone}),i=e.padding?thist.valueOf(),Math.min)}static max(...e){if(!e.every(Xe.isDateTime))throw new bn("max requires all arguments be DateTimes");return Df(e,t=>t.valueOf(),Math.max)}static fromFormatExplain(e,t,i={}){const{locale:s=null,numberingSystem:l=null}=i,o=Dt.fromOpts({locale:s,numberingSystem:l,defaultToEN:!0});return ok(o,e,t)}static fromStringExplain(e,t,i={}){return Xe.fromFormatExplain(e,t,i)}static buildFormatParser(e,t={}){const{locale:i=null,numberingSystem:s=null}=t,l=Dt.fromOpts({locale:i,numberingSystem:s,defaultToEN:!0});return new sk(l,e)}static fromFormatParser(e,t,i={}){if(st(e)||st(t))throw new bn("fromFormatParser requires an input string and a format parser");const{locale:s=null,numberingSystem:l=null}=i,o=Dt.fromOpts({locale:s,numberingSystem:l,defaultToEN:!0});if(!o.equals(t.locale))throw new bn(`fromFormatParser called with a locale of ${o}, but the format parser was created for ${t.locale}`);const{result:r,zone:a,specificOffset:u,invalidReason:f}=t.explainFromTokens(e);return f?Xe.invalid(f):Bl(r,a,i,`format ${t.format}`,e,u)}static get DATE_SHORT(){return rr}static get DATE_MED(){return f0}static get DATE_MED_WITH_WEEKDAY(){return mv}static get DATE_FULL(){return c0}static get DATE_HUGE(){return d0}static get TIME_SIMPLE(){return p0}static get TIME_WITH_SECONDS(){return m0}static get TIME_WITH_SHORT_OFFSET(){return h0}static get TIME_WITH_LONG_OFFSET(){return _0}static get TIME_24_SIMPLE(){return g0}static get TIME_24_WITH_SECONDS(){return b0}static get TIME_24_WITH_SHORT_OFFSET(){return k0}static get TIME_24_WITH_LONG_OFFSET(){return y0}static get DATETIME_SHORT(){return v0}static get DATETIME_SHORT_WITH_SECONDS(){return w0}static get DATETIME_MED(){return S0}static get DATETIME_MED_WITH_SECONDS(){return T0}static get DATETIME_MED_WITH_WEEKDAY(){return hv}static get DATETIME_FULL(){return $0}static get DATETIME_FULL_WITH_SECONDS(){return C0}static get DATETIME_HUGE(){return O0}static get DATETIME_HUGE_WITH_SECONDS(){return M0}}function ks(n){if(Xe.isDateTime(n))return n;if(n&&n.valueOf&&tl(n.valueOf()))return Xe.fromJSDate(n);if(n&&typeof n=="object")return Xe.fromObject(n);throw new bn(`Unknown datetime argument: ${n}, of type ${typeof n}`)}const dw=[".jpg",".jpeg",".png",".svg",".gif",".jfif",".webp",".avif"],pw=[".mp4",".avi",".mov",".3gp",".wmv"],mw=[".aa",".aac",".m4v",".mp3",".ogg",".oga",".mogg",".amr"],hw=[".pdf",".doc",".docx",".xls",".xlsx",".ppt",".pptx",".odp",".odt",".ods",".txt"],_w=["relation","file","select"],gw=["text","email","url","editor"],ck=[{level:-4,label:"DEBUG",class:""},{level:0,label:"INFO",class:"label-success"},{level:4,label:"WARN",class:"label-warning"},{level:8,label:"ERROR",class:"label-danger"}];class U{static isObject(e){return e!==null&&typeof e=="object"&&e.constructor===Object}static clone(e){return typeof structuredClone<"u"?structuredClone(e):JSON.parse(JSON.stringify(e))}static zeroValue(e){switch(typeof e){case"string":return"";case"number":return 0;case"boolean":return!1;case"object":return e===null?null:Array.isArray(e)?[]:{};case"undefined":return;default:return null}}static isEmpty(e){return e===""||e===null||typeof e>"u"||Array.isArray(e)&&e.length===0||U.isObject(e)&&Object.keys(e).length===0}static isInput(e){let t=e&&e.tagName?e.tagName.toLowerCase():"";return t==="input"||t==="select"||t==="textarea"||(e==null?void 0:e.isContentEditable)}static isFocusable(e){let t=e&&e.tagName?e.tagName.toLowerCase():"";return U.isInput(e)||t==="button"||t==="a"||t==="details"||(e==null?void 0:e.tabIndex)>=0}static hasNonEmptyProps(e){for(let t in e)if(!U.isEmpty(e[t]))return!0;return!1}static toArray(e,t=!1){return Array.isArray(e)?e.slice():(t||!U.isEmpty(e))&&typeof e<"u"?[e]:[]}static inArray(e,t){e=Array.isArray(e)?e:[];for(let i=e.length-1;i>=0;i--)if(e[i]==t)return!0;return!1}static removeByValue(e,t){e=Array.isArray(e)?e:[];for(let i=e.length-1;i>=0;i--)if(e[i]==t){e.splice(i,1);break}}static pushUnique(e,t){U.inArray(e,t)||e.push(t)}static mergeUnique(e,t){for(let i of t)U.pushUnique(e,i);return e}static findByKey(e,t,i){e=Array.isArray(e)?e:[];for(let s in e)if(e[s][t]==i)return e[s];return null}static groupByKey(e,t){e=Array.isArray(e)?e:[];const i={};for(let s in e)i[e[s][t]]=i[e[s][t]]||[],i[e[s][t]].push(e[s]);return i}static removeByKey(e,t,i){for(let s in e)if(e[s][t]==i){e.splice(s,1);break}}static pushOrReplaceByKey(e,t,i="id"){for(let s=e.length-1;s>=0;s--)if(e[s][i]==t[i]){e[s]=t;return}e.push(t)}static filterDuplicatesByKey(e,t="id"){e=Array.isArray(e)?e:[];const i={};for(const s of e)i[s[t]]=s;return Object.values(i)}static filterRedactedProps(e,t="******"){const i=JSON.parse(JSON.stringify(e||{}));for(let s in i)typeof i[s]=="object"&&i[s]!==null?i[s]=U.filterRedactedProps(i[s],t):i[s]===t&&delete i[s];return i}static getNestedVal(e,t,i=null,s="."){let l=e||{},o=(t||"").split(s);for(const r of o){if(!U.isObject(l)&&!Array.isArray(l)||typeof l[r]>"u")return i;l=l[r]}return l}static setByPath(e,t,i,s="."){if(e===null||typeof e!="object"){console.warn("setByPath: data not an object or array.");return}let l=e,o=t.split(s),r=o.pop();for(const a of o)(!U.isObject(l)&&!Array.isArray(l)||!U.isObject(l[a])&&!Array.isArray(l[a]))&&(l[a]={}),l=l[a];l[r]=i}static deleteByPath(e,t,i="."){let s=e||{},l=(t||"").split(i),o=l.pop();for(const r of l)(!U.isObject(s)&&!Array.isArray(s)||!U.isObject(s[r])&&!Array.isArray(s[r]))&&(s[r]={}),s=s[r];Array.isArray(s)?s.splice(o,1):U.isObject(s)&&delete s[o],l.length>0&&(Array.isArray(s)&&!s.length||U.isObject(s)&&!Object.keys(s).length)&&(Array.isArray(e)&&e.length>0||U.isObject(e)&&Object.keys(e).length>0)&&U.deleteByPath(e,l.join(i),i)}static randomString(e=10){let t="",i="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";for(let s=0;s"u")return U.randomString(e);const t=new Uint8Array(e);crypto.getRandomValues(t);const i="-_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";let s="";for(let l=0;ll.replaceAll("{_PB_ESCAPED_}",t));for(let l of s)l=l.trim(),U.isEmpty(l)||i.push(l);return i}static joinNonEmpty(e,t=", "){e=e||[];const i=[],s=t.length>1?t.trim():t;for(let l of e)l=typeof l=="string"?l.trim():"",U.isEmpty(l)||i.push(l.replaceAll(s,"\\"+s));return i.join(t)}static getInitials(e){if(e=(e||"").split("@")[0].trim(),e.length<=2)return e.toUpperCase();const t=e.split(/[\.\_\-\ ]/);return t.length>=2?(t[0][0]+t[1][0]).toUpperCase():e[0].toUpperCase()}static formattedFileSize(e){const t=e?Math.floor(Math.log(e)/Math.log(1024)):0;return(e/Math.pow(1024,t)).toFixed(2)*1+" "+["B","KB","MB","GB","TB"][t]}static getDateTime(e){if(typeof e=="string"){const t={19:"yyyy-MM-dd HH:mm:ss",23:"yyyy-MM-dd HH:mm:ss.SSS",20:"yyyy-MM-dd HH:mm:ss'Z'",24:"yyyy-MM-dd HH:mm:ss.SSS'Z'"},i=t[e.length]||t[19];return Xe.fromFormat(e,i,{zone:"UTC"})}return typeof e=="number"?Xe.fromMillis(e):Xe.fromJSDate(e)}static formatToUTCDate(e,t="yyyy-MM-dd HH:mm:ss"){return U.getDateTime(e).toUTC().toFormat(t)}static formatToLocalDate(e,t="yyyy-MM-dd HH:mm:ss"){return U.getDateTime(e).toLocal().toFormat(t)}static async copyToClipboard(e){var t;if(typeof e=="object")try{e=JSON.stringify(e,null,2)}catch{}if(e=""+e,!(!e.length||!((t=window==null?void 0:window.navigator)!=null&&t.clipboard)))return window.navigator.clipboard.writeText(e).catch(i=>{console.warn("Failed to copy.",i)})}static download(e,t){const i=document.createElement("a");i.setAttribute("href",e),i.setAttribute("download",t),i.setAttribute("target","_blank"),i.click(),i.remove()}static downloadJson(e,t){t=t.endsWith(".json")?t:t+".json";const i=new Blob([JSON.stringify(e,null,2)],{type:"application/json"}),s=window.URL.createObjectURL(i);U.download(s,t)}static getJWTPayload(e){const t=(e||"").split(".")[1]||"";if(t==="")return{};try{const i=decodeURIComponent(atob(t));return JSON.parse(i)||{}}catch(i){console.warn("Failed to parse JWT payload data.",i)}return{}}static hasImageExtension(e){return e=e||"",!!dw.find(t=>e.toLowerCase().endsWith(t))}static hasVideoExtension(e){return e=e||"",!!pw.find(t=>e.toLowerCase().endsWith(t))}static hasAudioExtension(e){return e=e||"",!!mw.find(t=>e.toLowerCase().endsWith(t))}static hasDocumentExtension(e){return e=e||"",!!hw.find(t=>e.toLowerCase().endsWith(t))}static getFileType(e){return U.hasImageExtension(e)?"image":U.hasDocumentExtension(e)?"document":U.hasVideoExtension(e)?"video":U.hasAudioExtension(e)?"audio":"file"}static generateThumb(e,t=100,i=100){return new Promise(s=>{let l=new FileReader;l.onload=function(o){let r=new Image;r.onload=function(){let a=document.createElement("canvas"),u=a.getContext("2d"),f=r.width,c=r.height;return a.width=t,a.height=i,u.drawImage(r,f>c?(f-c)/2:0,0,f>c?c:f,f>c?c:f,0,0,t,i),s(a.toDataURL(e.type))},r.src=o.target.result},l.readAsDataURL(e)})}static addValueToFormData(e,t,i){if(!(typeof i>"u"))if(U.isEmpty(i))e.append(t,"");else if(Array.isArray(i))for(const s of i)U.addValueToFormData(e,t,s);else i instanceof File?e.append(t,i):i instanceof Date?e.append(t,i.toISOString()):U.isObject(i)?e.append(t,JSON.stringify(i)):e.append(t,""+i)}static dummyCollectionRecord(e){return Object.assign({collectionId:e==null?void 0:e.id,collectionName:e==null?void 0:e.name},U.dummyCollectionSchemaData(e))}static dummyCollectionSchemaData(e,t=!1){var l;const i=(e==null?void 0:e.fields)||[],s={};for(const o of i){if(o.hidden||t&&o.primaryKey&&o.autogeneratePattern||t&&o.type==="autodate")continue;let r=null;if(o.type==="number")r=123;else if(o.type==="date"||o.type==="autodate")r="2022-01-01 10:00:00.123Z";else if(o.type=="bool")r=!0;else if(o.type=="email")r="test@example.com";else if(o.type=="url")r="https://example.com";else if(o.type=="json")r="JSON";else if(o.type=="file"){if(t)continue;r="filename.jpg",o.maxSelect!=1&&(r=[r])}else o.type=="select"?(r=(l=o==null?void 0:o.values)==null?void 0:l[0],(o==null?void 0:o.maxSelect)!=1&&(r=[r])):o.type=="relation"?(r="RELATION_RECORD_ID",(o==null?void 0:o.maxSelect)!=1&&(r=[r])):o.type=="geoPoint"?r={lon:0,lat:0}:r="test";s[o.name]=r}return s}static getCollectionTypeIcon(e){switch(e==null?void 0:e.toLowerCase()){case"auth":return"ri-group-line";case"view":return"ri-table-line";default:return"ri-folder-2-line"}}static getFieldTypeIcon(e){switch(e){case"primary":return"ri-key-line";case"text":return"ri-text";case"number":return"ri-hashtag";case"date":return"ri-calendar-line";case"bool":return"ri-toggle-line";case"email":return"ri-mail-line";case"url":return"ri-link";case"editor":return"ri-edit-2-line";case"select":return"ri-list-check";case"json":return"ri-braces-line";case"file":return"ri-image-line";case"relation":return"ri-mind-map";case"password":return"ri-lock-password-line";case"autodate":return"ri-calendar-check-line";case"geoPoint":return"ri-map-pin-2-line";default:return"ri-star-s-line"}}static getFieldValueType(e){switch(e==null?void 0:e.type){case"bool":return"Boolean";case"number":return"Number";case"geoPoint":return"Object";case"file":return"File";case"select":case"relation":return(e==null?void 0:e.maxSelect)==1?"String":"Array";default:return"String"}}static zeroDefaultStr(e){return(e==null?void 0:e.type)==="number"?"0":(e==null?void 0:e.type)==="bool"?"false":(e==null?void 0:e.type)==="geoPoint"?'{"lon":0,"lat":0}':(e==null?void 0:e.type)==="json"?'null, "", [], {}':["select","relation","file"].includes(e==null?void 0:e.type)&&(e==null?void 0:e.maxSelect)!=1?"[]":'""'}static getApiExampleUrl(e){return(window.location.href.substring(0,window.location.href.indexOf("/_"))||e||"/").replace("//localhost","//127.0.0.1")}static hasCollectionChanges(e,t,i=!1){if(e=e||{},t=t||{},e.id!=t.id)return!0;for(let u in e)if(u!=="fields"&&JSON.stringify(e[u])!==JSON.stringify(t[u]))return!0;const s=Array.isArray(e.fields)?e.fields:[],l=Array.isArray(t.fields)?t.fields:[],o=s.filter(u=>(u==null?void 0:u.id)&&!U.findByKey(l,"id",u.id)),r=l.filter(u=>(u==null?void 0:u.id)&&!U.findByKey(s,"id",u.id)),a=l.filter(u=>{const f=U.isObject(u)&&U.findByKey(s,"id",u.id);if(!f)return!1;for(let c in f)if(JSON.stringify(u[c])!=JSON.stringify(f[c]))return!0;return!1});return!!(r.length||a.length||i&&o.length)}static sortCollections(e=[]){const t=[],i=[],s=[];for(const o of e)o.type==="auth"?t.push(o):o.type==="base"?i.push(o):s.push(o);function l(o,r){return o.name>r.name?1:o.nameo.id==e.collectionId);if(!l)return s;for(const o of l.fields){if(!o.presentable||o.type!="relation"||i<=0)continue;const r=U.getExpandPresentableRelFields(o,t,i-1);for(const a of r)s.push(e.name+"."+a)}return s.length||s.push(e.name),s}static yieldToMain(){return new Promise(e=>{setTimeout(e,0)})}static defaultFlatpickrOptions(){return{dateFormat:"Y-m-d H:i:S",disableMobile:!0,allowInput:!0,enableTime:!0,time_24hr:!0,locale:{firstDayOfWeek:1}}}static defaultEditorOptions(){const e=["DIV","P","A","EM","B","STRONG","H1","H2","H3","H4","H5","H6","TABLE","TR","TD","TH","TBODY","THEAD","TFOOT","BR","HR","Q","SUP","SUB","DEL","IMG","OL","UL","LI","CODE"];function t(s){let l=s.parentNode;for(;s.firstChild;)l.insertBefore(s.firstChild,s);l.removeChild(s)}function i(s){if(s){for(const l of s.children)i(l);e.includes(s.tagName)?(s.removeAttribute("style"),s.removeAttribute("class")):t(s)}}return{branding:!1,promotion:!1,menubar:!1,min_height:270,height:270,max_height:700,autoresize_bottom_margin:30,convert_unsafe_embeds:!0,skin:"pocketbase",content_style:"body { font-size: 14px }",plugins:["autoresize","autolink","lists","link","image","searchreplace","fullscreen","media","table","code","codesample","directionality"],codesample_global_prismjs:!0,codesample_languages:[{text:"HTML/XML",value:"markup"},{text:"CSS",value:"css"},{text:"SQL",value:"sql"},{text:"JavaScript",value:"javascript"},{text:"Go",value:"go"},{text:"Dart",value:"dart"},{text:"Zig",value:"zig"},{text:"Rust",value:"rust"},{text:"Lua",value:"lua"},{text:"PHP",value:"php"},{text:"Ruby",value:"ruby"},{text:"Python",value:"python"},{text:"Java",value:"java"},{text:"C",value:"c"},{text:"C#",value:"csharp"},{text:"C++",value:"cpp"},{text:"Markdown",value:"markdown"},{text:"Swift",value:"swift"},{text:"Kotlin",value:"kotlin"},{text:"Elixir",value:"elixir"},{text:"Scala",value:"scala"},{text:"Julia",value:"julia"},{text:"Haskell",value:"haskell"}],toolbar:"styles | alignleft aligncenter alignright | bold italic forecolor backcolor | bullist numlist | link image_picker table codesample direction | code fullscreen",paste_postprocess:(s,l)=>{i(l.node)},file_picker_types:"image",file_picker_callback:(s,l,o)=>{const r=document.createElement("input");r.setAttribute("type","file"),r.setAttribute("accept","image/*"),r.addEventListener("change",a=>{const u=a.target.files[0],f=new FileReader;f.addEventListener("load",()=>{if(!tinymce)return;const c="blobid"+new Date().getTime(),d=tinymce.activeEditor.editorUpload.blobCache,m=f.result.split(",")[1],h=d.create(c,u,m);d.add(h),s(h.blobUri(),{title:u.name})}),f.readAsDataURL(u)}),r.click()},setup:s=>{s.on("keydown",o=>{(o.ctrlKey||o.metaKey)&&o.code=="KeyS"&&s.formElement&&(o.preventDefault(),o.stopPropagation(),s.formElement.dispatchEvent(new KeyboardEvent("keydown",o)))});const l="tinymce_last_direction";s.on("init",()=>{var r;const o=(r=window==null?void 0:window.localStorage)==null?void 0:r.getItem(l);!s.isDirty()&&s.getContent()==""&&o=="rtl"&&s.execCommand("mceDirectionRTL")}),s.ui.registry.addMenuButton("direction",{icon:"visualchars",fetch:o=>{o([{type:"menuitem",text:"LTR content",icon:"ltr",onAction:()=>{var a;(a=window==null?void 0:window.localStorage)==null||a.setItem(l,"ltr"),s.execCommand("mceDirectionLTR")}},{type:"menuitem",text:"RTL content",icon:"rtl",onAction:()=>{var a;(a=window==null?void 0:window.localStorage)==null||a.setItem(l,"rtl"),s.execCommand("mceDirectionRTL")}}])}}),s.ui.registry.addMenuButton("image_picker",{icon:"image",fetch:o=>{o([{type:"menuitem",text:"From collection",icon:"gallery",onAction:()=>{s.dispatch("collections_file_picker",{})}},{type:"menuitem",text:"Inline",icon:"browse",onAction:()=>{s.execCommand("mceImage")}}])}})}}}static displayValue(e,t,i="N/A"){e=e||{},t=t||[];let s=[];for(const o of t){let r=e[o];typeof r>"u"||(r=U.stringifyValue(r,i),s.push(r))}if(s.length>0)return s.join(", ");const l=["title","name","slug","email","username","nickname","label","heading","message","key","identifier","id"];for(const o of l){let r=U.stringifyValue(e[o],"");if(r)return r}return i}static stringifyValue(e,t="N/A",i=150){if(U.isEmpty(e))return t;if(typeof e=="number")return""+e;if(typeof e=="boolean")return e?"True":"False";if(typeof e=="string")return e=e.indexOf("<")>=0?U.plainText(e):e,U.truncate(e,i)||t;if(Array.isArray(e)&&typeof e[0]!="object")return U.truncate(e.join(","),i);if(typeof e=="object")try{return U.truncate(JSON.stringify(e),i)||t}catch{return t}return e}static extractColumnsFromQuery(e){var o;const t="__GROUP__";e=(e||"").replace(/\([\s\S]+?\)/gm,t).replace(/[\t\r\n]|(?:\s\s)+/g," ");const i=e.match(/select\s+([\s\S]+)\s+from/),s=((o=i==null?void 0:i[1])==null?void 0:o.split(","))||[],l=[];for(let r of s){const a=r.trim().split(" ").pop();a!=""&&a!=t&&l.push(a.replace(/[\'\"\`\[\]\s]/g,""))}return l}static getAllCollectionIdentifiers(e,t=""){if(!e)return[];let i=[t+"id"];if(e.type==="view")for(let l of U.extractColumnsFromQuery(e.viewQuery))U.pushUnique(i,t+l);const s=e.fields||[];for(const l of s)l.type=="geoPoint"?(U.pushUnique(i,t+l.name+".lon"),U.pushUnique(i,t+l.name+".lat")):U.pushUnique(i,t+l.name);return i}static getCollectionAutocompleteKeys(e,t,i="",s=0){let l=e.find(r=>r.name==t||r.id==t);if(!l||s>=4)return[];l.fields=l.fields||[];let o=U.getAllCollectionIdentifiers(l,i);for(const r of l.fields){const a=i+r.name;if(r.type=="relation"&&r.collectionId){const u=U.getCollectionAutocompleteKeys(e,r.collectionId,a+".",s+1);u.length&&(o=o.concat(u))}r.maxSelect!=1&&_w.includes(r.type)?(o.push(a+":each"),o.push(a+":length")):gw.includes(r.type)&&o.push(a+":lower")}for(const r of e){r.fields=r.fields||[];for(const a of r.fields)if(a.type=="relation"&&a.collectionId==l.id){const u=i+r.name+"_via_"+a.name,f=U.getCollectionAutocompleteKeys(e,r.id,u+".",s+2);f.length&&(o=o.concat(f))}}return o}static getCollectionJoinAutocompleteKeys(e){const t=[];let i,s;for(const l of e)if(!l.system){i="@collection."+l.name+".",s=U.getCollectionAutocompleteKeys(e,l.name,i);for(const o of s)t.push(o)}return t}static getRequestAutocompleteKeys(e,t){const i=[];i.push("@request.context"),i.push("@request.method"),i.push("@request.query."),i.push("@request.body."),i.push("@request.headers."),i.push("@request.auth.collectionId"),i.push("@request.auth.collectionName");const s=e.filter(l=>l.type==="auth");for(const l of s){if(l.system)continue;const o=U.getCollectionAutocompleteKeys(e,l.id,"@request.auth.");for(const r of o)U.pushUnique(i,r)}if(t){const l=U.getCollectionAutocompleteKeys(e,t,"@request.body.");for(const o of l){i.push(o);const r=o.split(".");r.length===3&&r[2].indexOf(":")===-1&&i.push(o+":isset")}}return i}static parseIndex(e){var a,u,f,c,d;const t={unique:!1,optional:!1,schemaName:"",indexName:"",tableName:"",columns:[],where:""},s=/create\s+(unique\s+)?\s*index\s*(if\s+not\s+exists\s+)?(\S*)\s+on\s+(\S*)\s*\(([\s\S]*)\)(?:\s*where\s+([\s\S]*))?/gmi.exec((e||"").trim());if((s==null?void 0:s.length)!=7)return t;const l=/^[\"\'\`\[\{}]|[\"\'\`\]\}]$/gm;t.unique=((a=s[1])==null?void 0:a.trim().toLowerCase())==="unique",t.optional=!U.isEmpty((u=s[2])==null?void 0:u.trim());const o=(s[3]||"").split(".");o.length==2?(t.schemaName=o[0].replace(l,""),t.indexName=o[1].replace(l,"")):(t.schemaName="",t.indexName=o[0].replace(l,"")),t.tableName=(s[4]||"").replace(l,"");const r=(s[5]||"").replace(/,(?=[^\(]*\))/gmi,"{PB_TEMP}").split(",");for(let m of r){m=m.trim().replaceAll("{PB_TEMP}",",");const g=/^([\s\S]+?)(?:\s+collate\s+([\w]+))?(?:\s+(asc|desc))?$/gmi.exec(m);if((g==null?void 0:g.length)!=4)continue;const _=(c=(f=g[1])==null?void 0:f.trim())==null?void 0:c.replace(l,"");_&&t.columns.push({name:_,collate:g[2]||"",sort:((d=g[3])==null?void 0:d.toUpperCase())||""})}return t.where=s[6]||"",t}static buildIndex(e){let t="CREATE ";e.unique&&(t+="UNIQUE "),t+="INDEX ",e.optional&&(t+="IF NOT EXISTS "),e.schemaName&&(t+=`\`${e.schemaName}\`.`),t+=`\`${e.indexName||"idx_"+U.randomString(10)}\` `,t+=`ON \`${e.tableName}\` (`;const i=e.columns.filter(s=>!!(s!=null&&s.name));return i.length>1&&(t+=` + `),t+=i.map(s=>{let l="";return s.name.includes("(")||s.name.includes(" ")?l+=s.name:l+="`"+s.name+"`",s.collate&&(l+=" COLLATE "+s.collate),s.sort&&(l+=" "+s.sort.toUpperCase()),l}).join(`, + `),i.length>1&&(t+=` +`),t+=")",e.where&&(t+=` WHERE ${e.where}`),t}static replaceIndexTableName(e,t){const i=U.parseIndex(e);return i.tableName=t,U.buildIndex(i)}static replaceIndexColumn(e,t,i){if(t===i)return e;const s=U.parseIndex(e);let l=!1;for(let o of s.columns)o.name===t&&(o.name=i,l=!0);return l?U.buildIndex(s):e}static normalizeSearchFilter(e,t){if(e=(e||"").trim(),!e||!t.length)return e;const i=["=","!=","~","!~",">",">=","<","<="];for(const s of i)if(e.includes(s))return e;return e=isNaN(e)&&e!="true"&&e!="false"?`"${e.replace(/^[\"\'\`]|[\"\'\`]$/gm,"")}"`:e,t.map(s=>`${s}~${e}`).join("||")}static normalizeLogsFilter(e,t=[]){return U.normalizeSearchFilter(e,["level","message","data"].concat(t))}static initSchemaField(e){return Object.assign({id:"",name:"",type:"text",system:!1,hidden:!1,required:!1},e)}static triggerResize(){window.dispatchEvent(new Event("resize"))}static getHashQueryParams(){let e="";const t=window.location.hash.indexOf("?");return t>-1&&(e=window.location.hash.substring(t+1)),Object.fromEntries(new URLSearchParams(e))}static replaceHashQueryParams(e){e=e||{};let t="",i=window.location.hash;const s=i.indexOf("?");s>-1&&(t=i.substring(s+1),i=i.substring(0,s));const l=new URLSearchParams(t);for(let a in e){const u=e[a];u===null?l.delete(a):l.set(a,u)}t=l.toString(),t!=""&&(i+="?"+t);let o=window.location.href;const r=o.indexOf("#");r>-1&&(o=o.substring(0,r)),window.location.replace(o+i)}}let Wa,_l;const Ya="app-tooltip";function Wf(n){return typeof n=="string"?{text:n,position:"bottom",hideOnClick:null}:n||{}}function nl(){return _l=_l||document.querySelector("."+Ya),_l||(_l=document.createElement("div"),_l.classList.add(Ya),document.body.appendChild(_l)),_l}function dk(n,e){let t=nl();if(!t.classList.contains("active")||!(e!=null&&e.text)){Ka();return}t.textContent=e.text,t.className=Ya+" active",e.class&&t.classList.add(e.class),e.position&&t.classList.add(e.position),t.style.top="0px",t.style.left="0px";let i=t.offsetHeight,s=t.offsetWidth,l=n.getBoundingClientRect(),o=0,r=0,a=5;e.position=="left"?(o=l.top+l.height/2-i/2,r=l.left-s-a):e.position=="right"?(o=l.top+l.height/2-i/2,r=l.right+a):e.position=="top"?(o=l.top-i-a,r=l.left+l.width/2-s/2):e.position=="top-left"?(o=l.top-i-a,r=l.left):e.position=="top-right"?(o=l.top-i-a,r=l.right-s):e.position=="bottom-left"?(o=l.top+l.height+a,r=l.left):e.position=="bottom-right"?(o=l.top+l.height+a,r=l.right-s):(o=l.top+l.height+a,r=l.left+l.width/2-s/2),r+s>document.documentElement.clientWidth&&(r=document.documentElement.clientWidth-s),r=r>=0?r:0,o+i>document.documentElement.clientHeight&&(o=document.documentElement.clientHeight-i),o=o>=0?o:0,t.style.top=o+"px",t.style.left=r+"px"}function Ka(){clearTimeout(Wa),nl().classList.remove("active"),nl().activeNode=void 0}function bw(n,e){nl().activeNode=n,clearTimeout(Wa),Wa=setTimeout(()=>{nl().classList.add("active"),dk(n,e)},isNaN(e.delay)?0:e.delay)}function Re(n,e){let t=Wf(e);function i(){bw(n,t)}function s(){Ka()}return n.addEventListener("mouseenter",i),n.addEventListener("mouseleave",s),n.addEventListener("blur",s),(t.hideOnClick===!0||t.hideOnClick===null&&U.isFocusable(n))&&n.addEventListener("click",s),nl(),{update(l){var o,r;t=Wf(l),(r=(o=nl())==null?void 0:o.activeNode)!=null&&r.contains(n)&&dk(n,t)},destroy(){var l,o;(o=(l=nl())==null?void 0:l.activeNode)!=null&&o.contains(n)&&Ka(),n.removeEventListener("mouseenter",i),n.removeEventListener("mouseleave",s),n.removeEventListener("blur",s),n.removeEventListener("click",s)}}}function Mr(n){const e=n-1;return e*e*e+1}function Ys(n,{delay:e=0,duration:t=400,easing:i=lo}={}){const s=+getComputedStyle(n).opacity;return{delay:e,duration:t,easing:i,css:l=>`opacity: ${l*s}`}}function zn(n,{delay:e=0,duration:t=400,easing:i=Mr,x:s=0,y:l=0,opacity:o=0}={}){const r=getComputedStyle(n),a=+r.opacity,u=r.transform==="none"?"":r.transform,f=a*(1-o),[c,d]=hf(s),[m,h]=hf(l);return{delay:e,duration:t,easing:i,css:(g,_)=>` + transform: ${u} translate(${(1-g)*c}${d}, ${(1-g)*m}${h}); + opacity: ${a-f*_}`}}function ht(n,{delay:e=0,duration:t=400,easing:i=Mr,axis:s="y"}={}){const l=getComputedStyle(n),o=+l.opacity,r=s==="y"?"height":"width",a=parseFloat(l[r]),u=s==="y"?["top","bottom"]:["left","right"],f=u.map(k=>`${k[0].toUpperCase()}${k.slice(1)}`),c=parseFloat(l[`padding${f[0]}`]),d=parseFloat(l[`padding${f[1]}`]),m=parseFloat(l[`margin${f[0]}`]),h=parseFloat(l[`margin${f[1]}`]),g=parseFloat(l[`border${f[0]}Width`]),_=parseFloat(l[`border${f[1]}Width`]);return{delay:e,duration:t,easing:i,css:k=>`overflow: hidden;opacity: ${Math.min(k*20,1)*o};${r}: ${k*a}px;padding-${u[0]}: ${k*c}px;padding-${u[1]}: ${k*d}px;margin-${u[0]}: ${k*m}px;margin-${u[1]}: ${k*h}px;border-${u[0]}-width: ${k*g}px;border-${u[1]}-width: ${k*_}px;`}}function Ct(n,{delay:e=0,duration:t=400,easing:i=Mr,start:s=0,opacity:l=0}={}){const o=getComputedStyle(n),r=+o.opacity,a=o.transform==="none"?"":o.transform,u=1-s,f=r*(1-l);return{delay:e,duration:t,easing:i,css:(c,d)=>` + transform: ${a} scale(${1-u*d}); + opacity: ${r-f*d} + `}}const kw=n=>({}),Yf=n=>({}),yw=n=>({}),Kf=n=>({});function Jf(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S,$=n[4]&&!n[2]&&Zf(n);const T=n[19].header,O=Nt(T,n,n[18],Kf);let E=n[4]&&n[2]&&Gf(n);const L=n[19].default,I=Nt(L,n,n[18],null),A=n[19].footer,P=Nt(A,n,n[18],Yf);return{c(){e=b("div"),t=b("div"),s=C(),l=b("div"),o=b("div"),$&&$.c(),r=C(),O&&O.c(),a=C(),E&&E.c(),u=C(),f=b("div"),I&&I.c(),c=C(),d=b("div"),P&&P.c(),p(t,"class","overlay"),p(o,"class","overlay-panel-section panel-header"),p(f,"class","overlay-panel-section panel-content"),p(d,"class","overlay-panel-section panel-footer"),p(l,"class",m="overlay-panel "+n[1]+" "+n[8]),x(l,"popup",n[2]),p(e,"class","overlay-panel-container"),x(e,"padded",n[2]),x(e,"active",n[0])},m(N,R){w(N,e,R),y(e,t),y(e,s),y(e,l),y(l,o),$&&$.m(o,null),y(o,r),O&&O.m(o,null),y(o,a),E&&E.m(o,null),y(l,u),y(l,f),I&&I.m(f,null),n[21](f),y(l,c),y(l,d),P&&P.m(d,null),_=!0,k||(S=[Y(t,"click",it(n[20])),Y(f,"scroll",n[22])],k=!0)},p(N,R){n=N,n[4]&&!n[2]?$?($.p(n,R),R[0]&20&&M($,1)):($=Zf(n),$.c(),M($,1),$.m(o,r)):$&&(oe(),D($,1,1,()=>{$=null}),re()),O&&O.p&&(!_||R[0]&262144)&&Ft(O,T,n,n[18],_?Rt(T,n[18],R,yw):qt(n[18]),Kf),n[4]&&n[2]?E?E.p(n,R):(E=Gf(n),E.c(),E.m(o,null)):E&&(E.d(1),E=null),I&&I.p&&(!_||R[0]&262144)&&Ft(I,L,n,n[18],_?Rt(L,n[18],R,null):qt(n[18]),null),P&&P.p&&(!_||R[0]&262144)&&Ft(P,A,n,n[18],_?Rt(A,n[18],R,kw):qt(n[18]),Yf),(!_||R[0]&258&&m!==(m="overlay-panel "+n[1]+" "+n[8]))&&p(l,"class",m),(!_||R[0]&262)&&x(l,"popup",n[2]),(!_||R[0]&4)&&x(e,"padded",n[2]),(!_||R[0]&1)&&x(e,"active",n[0])},i(N){_||(N&&tt(()=>{_&&(i||(i=qe(t,Ys,{duration:Gi,opacity:0},!0)),i.run(1))}),M($),M(O,N),M(I,N),M(P,N),N&&tt(()=>{_&&(g&&g.end(1),h=a0(l,zn,n[2]?{duration:Gi,y:-10}:{duration:Gi,x:50}),h.start())}),_=!0)},o(N){N&&(i||(i=qe(t,Ys,{duration:Gi,opacity:0},!1)),i.run(0)),D($),D(O,N),D(I,N),D(P,N),h&&h.invalidate(),N&&(g=bu(l,zn,n[2]?{duration:Gi,y:10}:{duration:Gi,x:50})),_=!1},d(N){N&&v(e),N&&i&&i.end(),$&&$.d(),O&&O.d(N),E&&E.d(),I&&I.d(N),n[21](null),P&&P.d(N),N&&g&&g.end(),k=!1,Ee(S)}}}function Zf(n){let e,t,i,s,l;return{c(){e=b("button"),e.innerHTML='',p(e,"type","button"),p(e,"aria-label","Close"),p(e,"class","overlay-close")},m(o,r){w(o,e,r),i=!0,s||(l=Y(e,"click",it(n[5])),s=!0)},p(o,r){n=o},i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,Ys,{duration:Gi},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ys,{duration:Gi},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function Gf(n){let e,t,i;return{c(){e=b("button"),e.innerHTML='',p(e,"type","button"),p(e,"aria-label","Close"),p(e,"class","btn btn-sm btn-circle btn-transparent btn-close m-l-auto")},m(s,l){w(s,e,l),t||(i=Y(e,"click",it(n[5])),t=!0)},p:te,d(s){s&&v(e),t=!1,i()}}}function vw(n){let e,t,i,s,l=n[0]&&Jf(n);return{c(){e=b("div"),l&&l.c(),p(e,"class","overlay-panel-wrapper"),p(e,"tabindex","-1")},m(o,r){w(o,e,r),l&&l.m(e,null),n[23](e),t=!0,i||(s=[Y(window,"resize",n[10]),Y(window,"keydown",n[9])],i=!0)},p(o,r){o[0]?l?(l.p(o,r),r[0]&1&&M(l,1)):(l=Jf(o),l.c(),M(l,1),l.m(e,null)):l&&(oe(),D(l,1,1,()=>{l=null}),re())},i(o){t||(M(l),t=!0)},o(o){D(l),t=!1},d(o){o&&v(e),l&&l.d(),n[23](null),i=!1,Ee(s)}}}let gl,ta=[];function pk(){return gl=gl||document.querySelector(".overlays"),gl||(gl=document.createElement("div"),gl.classList.add("overlays"),document.body.appendChild(gl)),gl}let Gi=150;function Xf(){return 1e3+pk().querySelectorAll(".overlay-panel-container.active").length}function ww(n,e,t){let{$$slots:i={},$$scope:s}=e,{class:l=""}=e,{active:o=!1}=e,{popup:r=!1}=e,{overlayClose:a=!0}=e,{btnClose:u=!0}=e,{escClose:f=!0}=e,{beforeOpen:c=void 0}=e,{beforeHide:d=void 0}=e;const m=wt(),h="op_"+U.randomString(10);let g,_,k,S,$="",T=o;function O(){typeof c=="function"&&c()===!1||t(0,o=!0)}function E(){typeof d=="function"&&d()===!1||t(0,o=!1)}function L(){return o}async function I(G){t(17,T=G),G?(k=document.activeElement,m("show"),g==null||g.focus()):(clearTimeout(S),m("hide"),k==null||k.focus()),await _n(),A()}function A(){g&&(o?t(6,g.style.zIndex=Xf(),g):t(6,g.style="",g))}function P(){U.pushUnique(ta,h),document.body.classList.add("overlay-active")}function N(){U.removeByValue(ta,h),ta.length||document.body.classList.remove("overlay-active")}function R(G){o&&f&&G.code=="Escape"&&!U.isInput(G.target)&&g&&g.style.zIndex==Xf()&&(G.preventDefault(),E())}function z(G){o&&F(_)}function F(G,de){de&&t(8,$=""),!(!G||S)&&(S=setTimeout(()=>{if(clearTimeout(S),S=null,!G)return;if(G.scrollHeight-G.offsetHeight>0)t(8,$="scrollable");else{t(8,$="");return}G.scrollTop==0?t(8,$+=" scroll-top-reached"):G.scrollTop+G.offsetHeight==G.scrollHeight&&t(8,$+=" scroll-bottom-reached")},100))}an(()=>{pk().appendChild(g);let G=g;return()=>{clearTimeout(S),N(),G==null||G.remove()}});const B=()=>a?E():!0;function J(G){ne[G?"unshift":"push"](()=>{_=G,t(7,_)})}const V=G=>F(G.target);function Z(G){ne[G?"unshift":"push"](()=>{g=G,t(6,g)})}return n.$$set=G=>{"class"in G&&t(1,l=G.class),"active"in G&&t(0,o=G.active),"popup"in G&&t(2,r=G.popup),"overlayClose"in G&&t(3,a=G.overlayClose),"btnClose"in G&&t(4,u=G.btnClose),"escClose"in G&&t(12,f=G.escClose),"beforeOpen"in G&&t(13,c=G.beforeOpen),"beforeHide"in G&&t(14,d=G.beforeHide),"$$scope"in G&&t(18,s=G.$$scope)},n.$$.update=()=>{n.$$.dirty[0]&131073&&T!=o&&I(o),n.$$.dirty[0]&128&&F(_,!0),n.$$.dirty[0]&64&&g&&A(),n.$$.dirty[0]&1&&(o?P():N())},[o,l,r,a,u,E,g,_,$,R,z,F,f,c,d,O,L,T,s,i,B,J,V,Z]}class nn extends we{constructor(e){super(),ve(this,e,ww,vw,be,{class:1,active:0,popup:2,overlayClose:3,btnClose:4,escClose:12,beforeOpen:13,beforeHide:14,show:15,hide:5,isActive:16},null,[-1,-1])}get show(){return this.$$.ctx[15]}get hide(){return this.$$.ctx[5]}get isActive(){return this.$$.ctx[16]}}const Wl=[];function mk(n,e){return{subscribe:Un(n,e).subscribe}}function Un(n,e=te){let t;const i=new Set;function s(r){if(be(n,r)&&(n=r,t)){const a=!Wl.length;for(const u of i)u[1](),Wl.push(u,n);if(a){for(let u=0;u{i.delete(u),i.size===0&&t&&(t(),t=null)}}return{set:s,update:l,subscribe:o}}function hk(n,e,t){const i=!Array.isArray(n),s=i?[n]:n;if(!s.every(Boolean))throw new Error("derived() expects stores as input, got a falsy value");const l=e.length<2;return mk(t,(o,r)=>{let a=!1;const u=[];let f=0,c=te;const d=()=>{if(f)return;c();const h=e(i?u[0]:u,o,r);l?o(h):c=Lt(h)?h:te},m=s.map((h,g)=>pu(h,_=>{u[g]=_,f&=~(1<{f|=1<t(1,i=c));let s,l=!1,o=!1;const r=()=>{t(3,o=!1),s==null||s.hide()},a=async()=>{i!=null&&i.yesCallback&&(t(2,l=!0),await Promise.resolve(i.yesCallback()),t(2,l=!1)),t(3,o=!0),s==null||s.hide()};function u(c){ne[c?"unshift":"push"](()=>{s=c,t(0,s)})}const f=async()=>{!o&&(i!=null&&i.noCallback)&&i.noCallback(),await _n(),t(3,o=!1),_k()};return n.$$.update=()=>{n.$$.dirty&3&&i!=null&&i.text&&(t(3,o=!1),s==null||s.show())},[s,i,l,o,r,a,u,f]}class Ow extends we{constructor(e){super(),ve(this,e,Cw,$w,be,{})}}function Mw(n){let e;return{c(){e=b("textarea"),p(e,"id",n[0]),i0(e,"visibility","hidden")},m(t,i){w(t,e,i),n[15](e)},p(t,i){i&1&&p(e,"id",t[0])},d(t){t&&v(e),n[15](null)}}}function Ew(n){let e;return{c(){e=b("div"),p(e,"id",n[0])},m(t,i){w(t,e,i),n[14](e)},p(t,i){i&1&&p(e,"id",t[0])},d(t){t&&v(e),n[14](null)}}}function Dw(n){let e;function t(l,o){return l[1]?Ew:Mw}let i=t(n),s=i(n);return{c(){e=b("div"),s.c(),p(e,"class",n[2])},m(l,o){w(l,e,o),s.m(e,null),n[16](e)},p(l,[o]){i===(i=t(l))&&s?s.p(l,o):(s.d(1),s=i(l),s&&(s.c(),s.m(e,null))),o&4&&p(e,"class",l[2])},i:te,o:te,d(l){l&&v(e),s.d(),n[16](null)}}}function Iw(){let n={listeners:[],scriptLoaded:!1,injected:!1};function e(i,s,l){n.injected=!0;const o=i.createElement("script");o.referrerPolicy="origin",o.type="application/javascript",o.src=s,o.onload=()=>{l()},i.head&&i.head.appendChild(o)}function t(i,s,l){n.scriptLoaded?l():(n.listeners.push(l),n.injected||e(i,s,()=>{n.listeners.forEach(o=>o()),n.scriptLoaded=!0}))}return{load:t}}let Lw=Iw();function na(){return window&&window.tinymce?window.tinymce:null}function Aw(n,e,t){let{id:i="tinymce_svelte"+U.randomString(7)}=e,{inline:s=void 0}=e,{disabled:l=!1}=e,{scriptSrc:o="./libs/tinymce/tinymce.min.js"}=e,{conf:r={}}=e,{modelEvents:a="change input undo redo"}=e,{value:u=""}=e,{text:f=""}=e,{cssClass:c="tinymce-wrapper"}=e;const d=["Activate","AddUndo","BeforeAddUndo","BeforeExecCommand","BeforeGetContent","BeforeRenderUI","BeforeSetContent","BeforePaste","Blur","Change","ClearUndos","Click","ContextMenu","Copy","Cut","Dblclick","Deactivate","Dirty","Drag","DragDrop","DragEnd","DragGesture","DragOver","Drop","ExecCommand","Focus","FocusIn","FocusOut","GetContent","Hide","Init","KeyDown","KeyPress","KeyUp","LoadContent","MouseDown","MouseEnter","MouseLeave","MouseMove","MouseOut","MouseOver","MouseUp","NodeChange","ObjectResizeStart","ObjectResized","ObjectSelected","Paste","PostProcess","PostRender","PreProcess","ProgressState","Redo","Remove","Reset","ResizeEditor","SaveContent","SelectionChange","SetAttrib","SetContent","Show","Submit","Undo","VisualAid"],m=(I,A)=>{d.forEach(P=>{I.on(P,N=>{A(P.toLowerCase(),{eventName:P,event:N,editor:I})})})};let h,g,_,k=u,S=l;const $=wt();function T(){const I={...r,target:g,inline:s!==void 0?s:r.inline!==void 0?r.inline:!1,readonly:l,setup:A=>{t(11,_=A),A.on("init",()=>{A.setContent(u),A.on(a,()=>{t(12,k=A.getContent()),k!==u&&(t(5,u=k),t(6,f=A.getContent({format:"text"})))})}),m(A,$),typeof r.setup=="function"&&r.setup(A)}};t(4,g.style.visibility="",g),na().init(I)}an(()=>(na()!==null?T():Lw.load(h.ownerDocument,o,()=>{h&&T()}),()=>{var I,A;try{_&&((I=_.dom)==null||I.unbind(document),(A=na())==null||A.remove(_))}catch{}}));function O(I){ne[I?"unshift":"push"](()=>{g=I,t(4,g)})}function E(I){ne[I?"unshift":"push"](()=>{g=I,t(4,g)})}function L(I){ne[I?"unshift":"push"](()=>{h=I,t(3,h)})}return n.$$set=I=>{"id"in I&&t(0,i=I.id),"inline"in I&&t(1,s=I.inline),"disabled"in I&&t(7,l=I.disabled),"scriptSrc"in I&&t(8,o=I.scriptSrc),"conf"in I&&t(9,r=I.conf),"modelEvents"in I&&t(10,a=I.modelEvents),"value"in I&&t(5,u=I.value),"text"in I&&t(6,f=I.text),"cssClass"in I&&t(2,c=I.cssClass)},n.$$.update=()=>{var I;if(n.$$.dirty&14496)try{_&&k!==u&&(_.setContent(u),t(6,f=_.getContent({format:"text"}))),_&&l!==S&&(t(13,S=l),typeof((I=_.mode)==null?void 0:I.set)=="function"?_.mode.set(l?"readonly":"design"):_.setMode(l?"readonly":"design"))}catch(A){console.warn("TinyMCE reactive error:",A)}},[i,s,c,h,g,u,f,l,o,r,a,_,k,S,O,E,L]}class Mu extends we{constructor(e){super(),ve(this,e,Aw,Dw,be,{id:0,inline:1,disabled:7,scriptSrc:8,conf:9,modelEvents:10,value:5,text:6,cssClass:2})}}function Pw(n,{from:e,to:t},i={}){const s=getComputedStyle(n),l=s.transform==="none"?"":s.transform,[o,r]=s.transformOrigin.split(" ").map(parseFloat),a=e.left+e.width*o/t.width-(t.left+o),u=e.top+e.height*r/t.height-(t.top+r),{delay:f=0,duration:c=m=>Math.sqrt(m)*120,easing:d=Mr}=i;return{delay:f,duration:Lt(c)?c(Math.sqrt(a*a+u*u)):c,easing:d,css:(m,h)=>{const g=h*a,_=h*u,k=m+h*e.width/t.width,S=m+h*e.height/t.height;return`transform: ${l} translate(${g}px, ${_}px) scale(${k}, ${S});`}}}const Er=Un([]);function Ks(n,e=4e3){return Eu(n,"info",e)}function tn(n,e=3e3){return Eu(n,"success",e)}function Mi(n,e=4500){return Eu(n,"error",e)}function Eu(n,e,t){t=t||4e3;const i={message:n,type:e,duration:t,timeout:setTimeout(()=>{gk(i)},t)};Er.update(s=>(Du(s,i.message),U.pushOrReplaceByKey(s,i,"message"),s))}function gk(n){Er.update(e=>(Du(e,n),e))}function Ls(){Er.update(n=>{for(let e of n)Du(n,e);return[]})}function Du(n,e){let t;typeof e=="string"?t=U.findByKey(n,"message",e):t=e,t&&(clearTimeout(t.timeout),U.removeByKey(n,"message",t.message))}function Qf(n,e,t){const i=n.slice();return i[2]=e[t],i}function Nw(n){let e;return{c(){e=b("i"),p(e,"class","ri-alert-line")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function Rw(n){let e;return{c(){e=b("i"),p(e,"class","ri-error-warning-line")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function Fw(n){let e;return{c(){e=b("i"),p(e,"class","ri-checkbox-circle-line")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function qw(n){let e;return{c(){e=b("i"),p(e,"class","ri-information-line")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function xf(n,e){let t,i,s,l,o=e[2].message+"",r,a,u,f,c,d,m,h=te,g,_,k;function S(E,L){return E[2].type==="info"?qw:E[2].type==="success"?Fw:E[2].type==="warning"?Rw:Nw}let $=S(e),T=$(e);function O(){return e[1](e[2])}return{key:n,first:null,c(){t=b("div"),i=b("div"),T.c(),s=C(),l=b("div"),r=W(o),a=C(),u=b("button"),u.innerHTML='',f=C(),p(i,"class","icon"),p(l,"class","content"),p(u,"type","button"),p(u,"class","close"),p(t,"class","alert txt-break"),x(t,"alert-info",e[2].type=="info"),x(t,"alert-success",e[2].type=="success"),x(t,"alert-danger",e[2].type=="error"),x(t,"alert-warning",e[2].type=="warning"),this.first=t},m(E,L){w(E,t,L),y(t,i),T.m(i,null),y(t,s),y(t,l),y(l,r),y(t,a),y(t,u),y(t,f),g=!0,_||(k=Y(u,"click",it(O)),_=!0)},p(E,L){e=E,$!==($=S(e))&&(T.d(1),T=$(e),T&&(T.c(),T.m(i,null))),(!g||L&1)&&o!==(o=e[2].message+"")&&se(r,o),(!g||L&1)&&x(t,"alert-info",e[2].type=="info"),(!g||L&1)&&x(t,"alert-success",e[2].type=="success"),(!g||L&1)&&x(t,"alert-danger",e[2].type=="error"),(!g||L&1)&&x(t,"alert-warning",e[2].type=="warning")},r(){m=t.getBoundingClientRect()},f(){iv(t),h(),s0(t,m)},a(){h(),h=nv(t,m,Pw,{duration:150})},i(E){g||(E&&tt(()=>{g&&(d&&d.end(1),c=a0(t,ht,{duration:150}),c.start())}),g=!0)},o(E){c&&c.invalidate(),E&&(d=bu(t,Ys,{duration:150})),g=!1},d(E){E&&v(t),T.d(),E&&d&&d.end(),_=!1,k()}}}function jw(n){let e,t=[],i=new Map,s,l=ce(n[0]);const o=r=>r[2].message;for(let r=0;rt(0,i=l)),[i,l=>gk(l)]}class zw extends we{constructor(e){super(),ve(this,e,Hw,jw,be,{})}}function ec(n){let e,t,i;const s=n[18].default,l=Nt(s,n,n[17],null);return{c(){e=b("div"),l&&l.c(),p(e,"class",n[1]),x(e,"active",n[0])},m(o,r){w(o,e,r),l&&l.m(e,null),n[19](e),i=!0},p(o,r){l&&l.p&&(!i||r[0]&131072)&&Ft(l,s,o,o[17],i?Rt(s,o[17],r,null):qt(o[17]),null),(!i||r[0]&2)&&p(e,"class",o[1]),(!i||r[0]&3)&&x(e,"active",o[0])},i(o){i||(M(l,o),o&&tt(()=>{i&&(t||(t=qe(e,zn,{duration:150,y:3},!0)),t.run(1))}),i=!0)},o(o){D(l,o),o&&(t||(t=qe(e,zn,{duration:150,y:3},!1)),t.run(0)),i=!1},d(o){o&&v(e),l&&l.d(o),n[19](null),o&&t&&t.end()}}}function Uw(n){let e,t,i,s,l=n[0]&&ec(n);return{c(){e=b("div"),l&&l.c(),p(e,"class","toggler-container"),p(e,"tabindex","-1"),p(e,"role","menu")},m(o,r){w(o,e,r),l&&l.m(e,null),n[20](e),t=!0,i||(s=[Y(window,"click",n[7]),Y(window,"mousedown",n[6]),Y(window,"keydown",n[5]),Y(window,"focusin",n[4])],i=!0)},p(o,r){o[0]?l?(l.p(o,r),r[0]&1&&M(l,1)):(l=ec(o),l.c(),M(l,1),l.m(e,null)):l&&(oe(),D(l,1,1,()=>{l=null}),re())},i(o){t||(M(l),t=!0)},o(o){D(l),t=!1},d(o){o&&v(e),l&&l.d(),n[20](null),i=!1,Ee(s)}}}function Vw(n,e,t){let{$$slots:i={},$$scope:s}=e,{trigger:l=void 0}=e,{active:o=!1}=e,{escClose:r=!0}=e,{autoScroll:a=!0}=e,{closableClass:u="closable"}=e,{class:f=""}=e,c,d,m,h,g,_=!1;const k=wt();function S(G=0){o&&(clearTimeout(g),g=setTimeout($,G))}function $(){o&&(t(0,o=!1),_=!1,clearTimeout(h),clearTimeout(g))}function T(){clearTimeout(g),clearTimeout(h),!o&&(t(0,o=!0),m!=null&&m.contains(c)||c==null||c.focus(),h=setTimeout(()=>{a&&(d!=null&&d.scrollIntoViewIfNeeded?d==null||d.scrollIntoViewIfNeeded():d!=null&&d.scrollIntoView&&(d==null||d.scrollIntoView({behavior:"smooth",block:"nearest"})))},180))}function O(){o?$():T()}function E(G){return!c||G.classList.contains(u)||c.contains(G)&&G.closest&&G.closest("."+u)}function L(G){I(),c==null||c.addEventListener("click",A),c==null||c.addEventListener("keydown",P),t(16,m=G||(c==null?void 0:c.parentNode)),m==null||m.addEventListener("click",N),m==null||m.addEventListener("keydown",R)}function I(){clearTimeout(h),clearTimeout(g),c==null||c.removeEventListener("click",A),c==null||c.removeEventListener("keydown",P),m==null||m.removeEventListener("click",N),m==null||m.removeEventListener("keydown",R)}function A(G){G.stopPropagation(),E(G.target)&&$()}function P(G){(G.code==="Enter"||G.code==="Space")&&(G.stopPropagation(),E(G.target)&&S(150))}function N(G){G.preventDefault(),G.stopPropagation(),O()}function R(G){(G.code==="Enter"||G.code==="Space")&&(G.preventDefault(),G.stopPropagation(),O())}function z(G){o&&!(m!=null&&m.contains(G.target))&&!(c!=null&&c.contains(G.target))&&O()}function F(G){o&&r&&G.code==="Escape"&&(G.preventDefault(),$())}function B(G){o&&(_=!(c!=null&&c.contains(G.target)))}function J(G){var de;o&&_&&!(c!=null&&c.contains(G.target))&&!(m!=null&&m.contains(G.target))&&!((de=G.target)!=null&&de.closest(".flatpickr-calendar"))&&$()}an(()=>(L(),()=>I()));function V(G){ne[G?"unshift":"push"](()=>{d=G,t(3,d)})}function Z(G){ne[G?"unshift":"push"](()=>{c=G,t(2,c)})}return n.$$set=G=>{"trigger"in G&&t(8,l=G.trigger),"active"in G&&t(0,o=G.active),"escClose"in G&&t(9,r=G.escClose),"autoScroll"in G&&t(10,a=G.autoScroll),"closableClass"in G&&t(11,u=G.closableClass),"class"in G&&t(1,f=G.class),"$$scope"in G&&t(17,s=G.$$scope)},n.$$.update=()=>{var G,de;n.$$.dirty[0]&260&&c&&L(l),n.$$.dirty[0]&65537&&(o?((G=m==null?void 0:m.classList)==null||G.add("active"),m==null||m.setAttribute("aria-expanded",!0),k("show")):((de=m==null?void 0:m.classList)==null||de.remove("active"),m==null||m.setAttribute("aria-expanded",!1),k("hide")))},[o,f,c,d,z,F,B,J,l,r,a,u,S,$,T,O,m,s,i,V,Z]}class Dn extends we{constructor(e){super(),ve(this,e,Vw,Uw,be,{trigger:8,active:0,escClose:9,autoScroll:10,closableClass:11,class:1,hideWithDelay:12,hide:13,show:14,toggle:15},null,[-1,-1])}get hideWithDelay(){return this.$$.ctx[12]}get hide(){return this.$$.ctx[13]}get show(){return this.$$.ctx[14]}get toggle(){return this.$$.ctx[15]}}const rn=Un(""),cr=Un(""),Dl=Un(!1),$n=Un({});function Jt(n){$n.set(n||{})}function Yn(n){$n.update(e=>(U.deleteByPath(e,n),e))}const Dr=Un({});function tc(n){Dr.set(n||{})}class Hn extends Error{constructor(e){var t,i,s,l;super("ClientResponseError"),this.url="",this.status=0,this.response={},this.isAbort=!1,this.originalError=null,Object.setPrototypeOf(this,Hn.prototype),e!==null&&typeof e=="object"&&(this.url=typeof e.url=="string"?e.url:"",this.status=typeof e.status=="number"?e.status:0,this.isAbort=!!e.isAbort,this.originalError=e.originalError,e.response!==null&&typeof e.response=="object"?this.response=e.response:e.data!==null&&typeof e.data=="object"?this.response=e.data:this.response={}),this.originalError||e instanceof Hn||(this.originalError=e),typeof DOMException<"u"&&e instanceof DOMException&&(this.isAbort=!0),this.name="ClientResponseError "+this.status,this.message=(t=this.response)==null?void 0:t.message,this.message||(this.isAbort?this.message="The request was autocancelled. You can find more info in https://github.com/pocketbase/js-sdk#auto-cancellation.":(l=(s=(i=this.originalError)==null?void 0:i.cause)==null?void 0:s.message)!=null&&l.includes("ECONNREFUSED ::1")?this.message="Failed to connect to the PocketBase server. Try changing the SDK URL from localhost to 127.0.0.1 (https://github.com/pocketbase/js-sdk/issues/21).":this.message="Something went wrong while processing your request.")}get data(){return this.response}toJSON(){return{...this}}}const Mo=/^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;function Bw(n,e){const t={};if(typeof n!="string")return t;const i=Object.assign({},{}).decode||Ww;let s=0;for(;s0&&(!t.exp||t.exp-e>Date.now()/1e3))}bk=typeof atob!="function"||Kw?n=>{let e=String(n).replace(/=+$/,"");if(e.length%4==1)throw new Error("'atob' failed: The string to be decoded is not correctly encoded.");for(var t,i,s=0,l=0,o="";i=e.charAt(l++);~i&&(t=s%4?64*t+i:i,s++%4)?o+=String.fromCharCode(255&t>>(-2*s&6)):0)i="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(i);return o}:atob;const ic="pb_auth";class Iu{constructor(){this.baseToken="",this.baseModel=null,this._onChangeCallbacks=[]}get token(){return this.baseToken}get record(){return this.baseModel}get model(){return this.baseModel}get isValid(){return!Ir(this.token)}get isSuperuser(){var t,i;let e=xl(this.token);return e.type=="auth"&&(((t=this.record)==null?void 0:t.collectionName)=="_superusers"||!((i=this.record)!=null&&i.collectionName)&&e.collectionId=="pbc_3142635823")}get isAdmin(){return console.warn("Please replace pb.authStore.isAdmin with pb.authStore.isSuperuser OR simply check the value of pb.authStore.record?.collectionName"),this.isSuperuser}get isAuthRecord(){return console.warn("Please replace pb.authStore.isAuthRecord with !pb.authStore.isSuperuser OR simply check the value of pb.authStore.record?.collectionName"),xl(this.token).type=="auth"&&!this.isSuperuser}save(e,t){this.baseToken=e||"",this.baseModel=t||null,this.triggerChange()}clear(){this.baseToken="",this.baseModel=null,this.triggerChange()}loadFromCookie(e,t=ic){const i=Bw(e||"")[t]||"";let s={};try{s=JSON.parse(i),(typeof s===null||typeof s!="object"||Array.isArray(s))&&(s={})}catch{}this.save(s.token||"",s.record||s.model||null)}exportToCookie(e,t=ic){var a,u;const i={secure:!0,sameSite:!0,httpOnly:!0,path:"/"},s=xl(this.token);i.expires=s!=null&&s.exp?new Date(1e3*s.exp):new Date("1970-01-01"),e=Object.assign({},i,e);const l={token:this.token,record:this.record?JSON.parse(JSON.stringify(this.record)):null};let o=nc(t,JSON.stringify(l),e);const r=typeof Blob<"u"?new Blob([o]).size:o.length;if(l.record&&r>4096){l.record={id:(a=l.record)==null?void 0:a.id,email:(u=l.record)==null?void 0:u.email};const f=["collectionId","collectionName","verified"];for(const c in this.record)f.includes(c)&&(l.record[c]=this.record[c]);o=nc(t,JSON.stringify(l),e)}return o}onChange(e,t=!1){return this._onChangeCallbacks.push(e),t&&e(this.token,this.record),()=>{for(let i=this._onChangeCallbacks.length-1;i>=0;i--)if(this._onChangeCallbacks[i]==e)return delete this._onChangeCallbacks[i],void this._onChangeCallbacks.splice(i,1)}}triggerChange(){for(const e of this._onChangeCallbacks)e&&e(this.token,this.record)}}class kk extends Iu{constructor(e="pocketbase_auth"){super(),this.storageFallback={},this.storageKey=e,this._bindStorageEvent()}get token(){return(this._storageGet(this.storageKey)||{}).token||""}get record(){const e=this._storageGet(this.storageKey)||{};return e.record||e.model||null}get model(){return this.record}save(e,t){this._storageSet(this.storageKey,{token:e,record:t}),super.save(e,t)}clear(){this._storageRemove(this.storageKey),super.clear()}_storageGet(e){if(typeof window<"u"&&(window!=null&&window.localStorage)){const t=window.localStorage.getItem(e)||"";try{return JSON.parse(t)}catch{return t}}return this.storageFallback[e]}_storageSet(e,t){if(typeof window<"u"&&(window!=null&&window.localStorage)){let i=t;typeof t!="string"&&(i=JSON.stringify(t)),window.localStorage.setItem(e,i)}else this.storageFallback[e]=t}_storageRemove(e){var t;typeof window<"u"&&(window!=null&&window.localStorage)&&((t=window.localStorage)==null||t.removeItem(e)),delete this.storageFallback[e]}_bindStorageEvent(){typeof window<"u"&&(window!=null&&window.localStorage)&&window.addEventListener&&window.addEventListener("storage",e=>{if(e.key!=this.storageKey)return;const t=this._storageGet(this.storageKey)||{};super.save(t.token||"",t.record||t.model||null)})}}class Hi{constructor(e){this.client=e}}class Jw extends Hi{async getAll(e){return e=Object.assign({method:"GET"},e),this.client.send("/api/settings",e)}async update(e,t){return t=Object.assign({method:"PATCH",body:e},t),this.client.send("/api/settings",t)}async testS3(e="storage",t){return t=Object.assign({method:"POST",body:{filesystem:e}},t),this.client.send("/api/settings/test/s3",t).then(()=>!0)}async testEmail(e,t,i,s){return s=Object.assign({method:"POST",body:{email:t,template:i,collection:e}},s),this.client.send("/api/settings/test/email",s).then(()=>!0)}async generateAppleClientSecret(e,t,i,s,l,o){return o=Object.assign({method:"POST",body:{clientId:e,teamId:t,keyId:i,privateKey:s,duration:l}},o),this.client.send("/api/settings/apple/generate-client-secret",o)}}const Zw=["requestKey","$cancelKey","$autoCancel","fetch","headers","body","query","params","cache","credentials","headers","integrity","keepalive","method","mode","redirect","referrer","referrerPolicy","signal","window"];function Lu(n){if(n){n.query=n.query||{};for(let e in n)Zw.includes(e)||(n.query[e]=n[e],delete n[e])}}function yk(n){const e=[];for(const t in n){const i=encodeURIComponent(t),s=Array.isArray(n[t])?n[t]:[n[t]];for(let l of s)l=Gw(l),l!==null&&e.push(i+"="+l)}return e.join("&")}function Gw(n){return n==null?null:n instanceof Date?encodeURIComponent(n.toISOString().replace("T"," ")):encodeURIComponent(typeof n=="object"?JSON.stringify(n):n)}class vk extends Hi{constructor(){super(...arguments),this.clientId="",this.eventSource=null,this.subscriptions={},this.lastSentSubscriptions=[],this.maxConnectTimeout=15e3,this.reconnectAttempts=0,this.maxReconnectAttempts=1/0,this.predefinedReconnectIntervals=[200,300,500,1e3,1200,1500,2e3],this.pendingConnects=[]}get isConnected(){return!!this.eventSource&&!!this.clientId&&!this.pendingConnects.length}async subscribe(e,t,i){var o;if(!e)throw new Error("topic must be set.");let s=e;if(i){Lu(i=Object.assign({},i));const r="options="+encodeURIComponent(JSON.stringify({query:i.query,headers:i.headers}));s+=(s.includes("?")?"&":"?")+r}const l=function(r){const a=r;let u;try{u=JSON.parse(a==null?void 0:a.data)}catch{}t(u||{})};return this.subscriptions[s]||(this.subscriptions[s]=[]),this.subscriptions[s].push(l),this.isConnected?this.subscriptions[s].length===1?await this.submitSubscriptions():(o=this.eventSource)==null||o.addEventListener(s,l):await this.connect(),async()=>this.unsubscribeByTopicAndListener(e,l)}async unsubscribe(e){var i;let t=!1;if(e){const s=this.getSubscriptionsByTopic(e);for(let l in s)if(this.hasSubscriptionListeners(l)){for(let o of this.subscriptions[l])(i=this.eventSource)==null||i.removeEventListener(l,o);delete this.subscriptions[l],t||(t=!0)}}else this.subscriptions={};this.hasSubscriptionListeners()?t&&await this.submitSubscriptions():this.disconnect()}async unsubscribeByPrefix(e){var i;let t=!1;for(let s in this.subscriptions)if((s+"?").startsWith(e)){t=!0;for(let l of this.subscriptions[s])(i=this.eventSource)==null||i.removeEventListener(s,l);delete this.subscriptions[s]}t&&(this.hasSubscriptionListeners()?await this.submitSubscriptions():this.disconnect())}async unsubscribeByTopicAndListener(e,t){var l;let i=!1;const s=this.getSubscriptionsByTopic(e);for(let o in s){if(!Array.isArray(this.subscriptions[o])||!this.subscriptions[o].length)continue;let r=!1;for(let a=this.subscriptions[o].length-1;a>=0;a--)this.subscriptions[o][a]===t&&(r=!0,delete this.subscriptions[o][a],this.subscriptions[o].splice(a,1),(l=this.eventSource)==null||l.removeEventListener(o,t));r&&(this.subscriptions[o].length||delete this.subscriptions[o],i||this.hasSubscriptionListeners(o)||(i=!0))}this.hasSubscriptionListeners()?i&&await this.submitSubscriptions():this.disconnect()}hasSubscriptionListeners(e){var t,i;if(this.subscriptions=this.subscriptions||{},e)return!!((t=this.subscriptions[e])!=null&&t.length);for(let s in this.subscriptions)if((i=this.subscriptions[s])!=null&&i.length)return!0;return!1}async submitSubscriptions(){if(this.clientId)return this.addAllSubscriptionListeners(),this.lastSentSubscriptions=this.getNonEmptySubscriptionKeys(),this.client.send("/api/realtime",{method:"POST",body:{clientId:this.clientId,subscriptions:this.lastSentSubscriptions},requestKey:this.getSubscriptionsCancelKey()}).catch(e=>{if(!(e!=null&&e.isAbort))throw e})}getSubscriptionsCancelKey(){return"realtime_"+this.clientId}getSubscriptionsByTopic(e){const t={};e=e.includes("?")?e:e+"?";for(let i in this.subscriptions)(i+"?").startsWith(e)&&(t[i]=this.subscriptions[i]);return t}getNonEmptySubscriptionKeys(){const e=[];for(let t in this.subscriptions)this.subscriptions[t].length&&e.push(t);return e}addAllSubscriptionListeners(){if(this.eventSource){this.removeAllSubscriptionListeners();for(let e in this.subscriptions)for(let t of this.subscriptions[e])this.eventSource.addEventListener(e,t)}}removeAllSubscriptionListeners(){if(this.eventSource)for(let e in this.subscriptions)for(let t of this.subscriptions[e])this.eventSource.removeEventListener(e,t)}async connect(){if(!(this.reconnectAttempts>0))return new Promise((e,t)=>{this.pendingConnects.push({resolve:e,reject:t}),this.pendingConnects.length>1||this.initConnect()})}initConnect(){this.disconnect(!0),clearTimeout(this.connectTimeoutId),this.connectTimeoutId=setTimeout(()=>{this.connectErrorHandler(new Error("EventSource connect took too long."))},this.maxConnectTimeout),this.eventSource=new EventSource(this.client.buildURL("/api/realtime")),this.eventSource.onerror=e=>{this.connectErrorHandler(new Error("Failed to establish realtime connection."))},this.eventSource.addEventListener("PB_CONNECT",e=>{const t=e;this.clientId=t==null?void 0:t.lastEventId,this.submitSubscriptions().then(async()=>{let i=3;for(;this.hasUnsentSubscriptions()&&i>0;)i--,await this.submitSubscriptions()}).then(()=>{for(let s of this.pendingConnects)s.resolve();this.pendingConnects=[],this.reconnectAttempts=0,clearTimeout(this.reconnectTimeoutId),clearTimeout(this.connectTimeoutId);const i=this.getSubscriptionsByTopic("PB_CONNECT");for(let s in i)for(let l of i[s])l(e)}).catch(i=>{this.clientId="",this.connectErrorHandler(i)})})}hasUnsentSubscriptions(){const e=this.getNonEmptySubscriptionKeys();if(e.length!=this.lastSentSubscriptions.length)return!0;for(const t of e)if(!this.lastSentSubscriptions.includes(t))return!0;return!1}connectErrorHandler(e){if(clearTimeout(this.connectTimeoutId),clearTimeout(this.reconnectTimeoutId),!this.clientId&&!this.reconnectAttempts||this.reconnectAttempts>this.maxReconnectAttempts){for(let i of this.pendingConnects)i.reject(new Hn(e));return this.pendingConnects=[],void this.disconnect()}this.disconnect(!0);const t=this.predefinedReconnectIntervals[this.reconnectAttempts]||this.predefinedReconnectIntervals[this.predefinedReconnectIntervals.length-1];this.reconnectAttempts++,this.reconnectTimeoutId=setTimeout(()=>{this.initConnect()},t)}disconnect(e=!1){var t;if(this.clientId&&this.onDisconnect&&this.onDisconnect(Object.keys(this.subscriptions)),clearTimeout(this.connectTimeoutId),clearTimeout(this.reconnectTimeoutId),this.removeAllSubscriptionListeners(),this.client.cancelRequest(this.getSubscriptionsCancelKey()),(t=this.eventSource)==null||t.close(),this.eventSource=null,this.clientId="",!e){this.reconnectAttempts=0;for(let i of this.pendingConnects)i.resolve();this.pendingConnects=[]}}}class wk extends Hi{decode(e){return e}async getFullList(e,t){if(typeof e=="number")return this._getFullList(e,t);let i=500;return(t=Object.assign({},e,t)).batch&&(i=t.batch,delete t.batch),this._getFullList(i,t)}async getList(e=1,t=30,i){return(i=Object.assign({method:"GET"},i)).query=Object.assign({page:e,perPage:t},i.query),this.client.send(this.baseCrudPath,i).then(s=>{var l;return s.items=((l=s.items)==null?void 0:l.map(o=>this.decode(o)))||[],s})}async getFirstListItem(e,t){return(t=Object.assign({requestKey:"one_by_filter_"+this.baseCrudPath+"_"+e},t)).query=Object.assign({filter:e,skipTotal:1},t.query),this.getList(1,1,t).then(i=>{var s;if(!((s=i==null?void 0:i.items)!=null&&s.length))throw new Hn({status:404,response:{code:404,message:"The requested resource wasn't found.",data:{}}});return i.items[0]})}async getOne(e,t){if(!e)throw new Hn({url:this.client.buildURL(this.baseCrudPath+"/"),status:404,response:{code:404,message:"Missing required record id.",data:{}}});return t=Object.assign({method:"GET"},t),this.client.send(this.baseCrudPath+"/"+encodeURIComponent(e),t).then(i=>this.decode(i))}async create(e,t){return t=Object.assign({method:"POST",body:e},t),this.client.send(this.baseCrudPath,t).then(i=>this.decode(i))}async update(e,t,i){return i=Object.assign({method:"PATCH",body:t},i),this.client.send(this.baseCrudPath+"/"+encodeURIComponent(e),i).then(s=>this.decode(s))}async delete(e,t){return t=Object.assign({method:"DELETE"},t),this.client.send(this.baseCrudPath+"/"+encodeURIComponent(e),t).then(()=>!0)}_getFullList(e=500,t){(t=t||{}).query=Object.assign({skipTotal:1},t.query);let i=[],s=async l=>this.getList(l,e||500,t).then(o=>{const r=o.items;return i=i.concat(r),r.length==o.perPage?s(l+1):i});return s(1)}}function Ji(n,e,t,i){const s=i!==void 0;return s||t!==void 0?s?(console.warn(n),e.body=Object.assign({},e.body,t),e.query=Object.assign({},e.query,i),e):Object.assign(e,t):e}function ia(n){var e;(e=n._resetAutoRefresh)==null||e.call(n)}class Xw extends wk{constructor(e,t){super(e),this.collectionIdOrName=t}get baseCrudPath(){return this.baseCollectionPath+"/records"}get baseCollectionPath(){return"/api/collections/"+encodeURIComponent(this.collectionIdOrName)}get isSuperusers(){return this.collectionIdOrName=="_superusers"||this.collectionIdOrName=="_pbc_2773867675"}async subscribe(e,t,i){if(!e)throw new Error("Missing topic.");if(!t)throw new Error("Missing subscription callback.");return this.client.realtime.subscribe(this.collectionIdOrName+"/"+e,t,i)}async unsubscribe(e){return e?this.client.realtime.unsubscribe(this.collectionIdOrName+"/"+e):this.client.realtime.unsubscribeByPrefix(this.collectionIdOrName)}async getFullList(e,t){if(typeof e=="number")return super.getFullList(e,t);const i=Object.assign({},e,t);return super.getFullList(i)}async getList(e=1,t=30,i){return super.getList(e,t,i)}async getFirstListItem(e,t){return super.getFirstListItem(e,t)}async getOne(e,t){return super.getOne(e,t)}async create(e,t){return super.create(e,t)}async update(e,t,i){return super.update(e,t,i).then(s=>{var l,o,r;if(((l=this.client.authStore.record)==null?void 0:l.id)===(s==null?void 0:s.id)&&(((o=this.client.authStore.record)==null?void 0:o.collectionId)===this.collectionIdOrName||((r=this.client.authStore.record)==null?void 0:r.collectionName)===this.collectionIdOrName)){let a=Object.assign({},this.client.authStore.record.expand),u=Object.assign({},this.client.authStore.record,s);a&&(u.expand=Object.assign(a,s.expand)),this.client.authStore.save(this.client.authStore.token,u)}return s})}async delete(e,t){return super.delete(e,t).then(i=>{var s,l,o;return!i||((s=this.client.authStore.record)==null?void 0:s.id)!==e||((l=this.client.authStore.record)==null?void 0:l.collectionId)!==this.collectionIdOrName&&((o=this.client.authStore.record)==null?void 0:o.collectionName)!==this.collectionIdOrName||this.client.authStore.clear(),i})}authResponse(e){const t=this.decode((e==null?void 0:e.record)||{});return this.client.authStore.save(e==null?void 0:e.token,t),Object.assign({},e,{token:(e==null?void 0:e.token)||"",record:t})}async listAuthMethods(e){return e=Object.assign({method:"GET",fields:"mfa,otp,password,oauth2"},e),this.client.send(this.baseCollectionPath+"/auth-methods",e)}async authWithPassword(e,t,i){let s;i=Object.assign({method:"POST",body:{identity:e,password:t}},i),this.isSuperusers&&(s=i.autoRefreshThreshold,delete i.autoRefreshThreshold,i.autoRefresh||ia(this.client));let l=await this.client.send(this.baseCollectionPath+"/auth-with-password",i);return l=this.authResponse(l),s&&this.isSuperusers&&function(r,a,u,f){ia(r);const c=r.beforeSend,d=r.authStore.record,m=r.authStore.onChange((h,g)=>{(!h||(g==null?void 0:g.id)!=(d==null?void 0:d.id)||(g!=null&&g.collectionId||d!=null&&d.collectionId)&&(g==null?void 0:g.collectionId)!=(d==null?void 0:d.collectionId))&&ia(r)});r._resetAutoRefresh=function(){m(),r.beforeSend=c,delete r._resetAutoRefresh},r.beforeSend=async(h,g)=>{var $;const _=r.authStore.token;if(($=g.query)!=null&&$.autoRefresh)return c?c(h,g):{url:h,sendOptions:g};let k=r.authStore.isValid;if(k&&Ir(r.authStore.token,a))try{await u()}catch{k=!1}k||await f();const S=g.headers||{};for(let T in S)if(T.toLowerCase()=="authorization"&&_==S[T]&&r.authStore.token){S[T]=r.authStore.token;break}return g.headers=S,c?c(h,g):{url:h,sendOptions:g}}}(this.client,s,()=>this.authRefresh({autoRefresh:!0}),()=>this.authWithPassword(e,t,Object.assign({autoRefresh:!0},i))),l}async authWithOAuth2Code(e,t,i,s,l,o,r){let a={method:"POST",body:{provider:e,code:t,codeVerifier:i,redirectURL:s,createData:l}};return a=Ji("This form of authWithOAuth2Code(provider, code, codeVerifier, redirectURL, createData?, body?, query?) is deprecated. Consider replacing it with authWithOAuth2Code(provider, code, codeVerifier, redirectURL, createData?, options?).",a,o,r),this.client.send(this.baseCollectionPath+"/auth-with-oauth2",a).then(u=>this.authResponse(u))}authWithOAuth2(...e){if(e.length>1||typeof(e==null?void 0:e[0])=="string")return console.warn("PocketBase: This form of authWithOAuth2() is deprecated and may get removed in the future. Please replace with authWithOAuth2Code() OR use the authWithOAuth2() realtime form as shown in https://pocketbase.io/docs/authentication/#oauth2-integration."),this.authWithOAuth2Code((e==null?void 0:e[0])||"",(e==null?void 0:e[1])||"",(e==null?void 0:e[2])||"",(e==null?void 0:e[3])||"",(e==null?void 0:e[4])||{},(e==null?void 0:e[5])||{},(e==null?void 0:e[6])||{});const t=(e==null?void 0:e[0])||{};let i=null;t.urlCallback||(i=lc(void 0));const s=new vk(this.client);function l(){i==null||i.close(),s.unsubscribe()}const o={},r=t.requestKey;return r&&(o.requestKey=r),this.listAuthMethods(o).then(a=>{var d;const u=a.oauth2.providers.find(m=>m.name===t.provider);if(!u)throw new Hn(new Error(`Missing or invalid provider "${t.provider}".`));const f=this.client.buildURL("/api/oauth2-redirect"),c=r?(d=this.client.cancelControllers)==null?void 0:d[r]:void 0;return c&&(c.signal.onabort=()=>{l()}),new Promise(async(m,h)=>{var g;try{await s.subscribe("@oauth2",async $=>{var O;const T=s.clientId;try{if(!$.state||T!==$.state)throw new Error("State parameters don't match.");if($.error||!$.code)throw new Error("OAuth2 redirect error or missing code: "+$.error);const E=Object.assign({},t);delete E.provider,delete E.scopes,delete E.createData,delete E.urlCallback,(O=c==null?void 0:c.signal)!=null&&O.onabort&&(c.signal.onabort=null);const L=await this.authWithOAuth2Code(u.name,$.code,u.codeVerifier,f,t.createData,E);m(L)}catch(E){h(new Hn(E))}l()});const _={state:s.clientId};(g=t.scopes)!=null&&g.length&&(_.scope=t.scopes.join(" "));const k=this._replaceQueryParams(u.authURL+f,_);await(t.urlCallback||function($){i?i.location.href=$:i=lc($)})(k)}catch(_){l(),h(new Hn(_))}})}).catch(a=>{throw l(),a})}async authRefresh(e,t){let i={method:"POST"};return i=Ji("This form of authRefresh(body?, query?) is deprecated. Consider replacing it with authRefresh(options?).",i,e,t),this.client.send(this.baseCollectionPath+"/auth-refresh",i).then(s=>this.authResponse(s))}async requestPasswordReset(e,t,i){let s={method:"POST",body:{email:e}};return s=Ji("This form of requestPasswordReset(email, body?, query?) is deprecated. Consider replacing it with requestPasswordReset(email, options?).",s,t,i),this.client.send(this.baseCollectionPath+"/request-password-reset",s).then(()=>!0)}async confirmPasswordReset(e,t,i,s,l){let o={method:"POST",body:{token:e,password:t,passwordConfirm:i}};return o=Ji("This form of confirmPasswordReset(token, password, passwordConfirm, body?, query?) is deprecated. Consider replacing it with confirmPasswordReset(token, password, passwordConfirm, options?).",o,s,l),this.client.send(this.baseCollectionPath+"/confirm-password-reset",o).then(()=>!0)}async requestVerification(e,t,i){let s={method:"POST",body:{email:e}};return s=Ji("This form of requestVerification(email, body?, query?) is deprecated. Consider replacing it with requestVerification(email, options?).",s,t,i),this.client.send(this.baseCollectionPath+"/request-verification",s).then(()=>!0)}async confirmVerification(e,t,i){let s={method:"POST",body:{token:e}};return s=Ji("This form of confirmVerification(token, body?, query?) is deprecated. Consider replacing it with confirmVerification(token, options?).",s,t,i),this.client.send(this.baseCollectionPath+"/confirm-verification",s).then(()=>{const l=xl(e),o=this.client.authStore.record;return o&&!o.verified&&o.id===l.id&&o.collectionId===l.collectionId&&(o.verified=!0,this.client.authStore.save(this.client.authStore.token,o)),!0})}async requestEmailChange(e,t,i){let s={method:"POST",body:{newEmail:e}};return s=Ji("This form of requestEmailChange(newEmail, body?, query?) is deprecated. Consider replacing it with requestEmailChange(newEmail, options?).",s,t,i),this.client.send(this.baseCollectionPath+"/request-email-change",s).then(()=>!0)}async confirmEmailChange(e,t,i,s){let l={method:"POST",body:{token:e,password:t}};return l=Ji("This form of confirmEmailChange(token, password, body?, query?) is deprecated. Consider replacing it with confirmEmailChange(token, password, options?).",l,i,s),this.client.send(this.baseCollectionPath+"/confirm-email-change",l).then(()=>{const o=xl(e),r=this.client.authStore.record;return r&&r.id===o.id&&r.collectionId===o.collectionId&&this.client.authStore.clear(),!0})}async listExternalAuths(e,t){return this.client.collection("_externalAuths").getFullList(Object.assign({},t,{filter:this.client.filter("recordRef = {:id}",{id:e})}))}async unlinkExternalAuth(e,t,i){const s=await this.client.collection("_externalAuths").getFirstListItem(this.client.filter("recordRef = {:recordId} && provider = {:provider}",{recordId:e,provider:t}));return this.client.collection("_externalAuths").delete(s.id,i).then(()=>!0)}async requestOTP(e,t){return t=Object.assign({method:"POST",body:{email:e}},t),this.client.send(this.baseCollectionPath+"/request-otp",t)}async authWithOTP(e,t,i){return i=Object.assign({method:"POST",body:{otpId:e,password:t}},i),this.client.send(this.baseCollectionPath+"/auth-with-otp",i).then(s=>this.authResponse(s))}async impersonate(e,t,i){(i=Object.assign({method:"POST",body:{duration:t}},i)).headers=i.headers||{},i.headers.Authorization||(i.headers.Authorization=this.client.authStore.token);const s=new co(this.client.baseURL,new Iu,this.client.lang),l=await s.send(this.baseCollectionPath+"/impersonate/"+encodeURIComponent(e),i);return s.authStore.save(l==null?void 0:l.token,this.decode((l==null?void 0:l.record)||{})),s}_replaceQueryParams(e,t={}){let i=e,s="";e.indexOf("?")>=0&&(i=e.substring(0,e.indexOf("?")),s=e.substring(e.indexOf("?")+1));const l={},o=s.split("&");for(const r of o){if(r=="")continue;const a=r.split("=");l[decodeURIComponent(a[0].replace(/\+/g," "))]=decodeURIComponent((a[1]||"").replace(/\+/g," "))}for(let r in t)t.hasOwnProperty(r)&&(t[r]==null?delete l[r]:l[r]=t[r]);s="";for(let r in l)l.hasOwnProperty(r)&&(s!=""&&(s+="&"),s+=encodeURIComponent(r.replace(/%20/g,"+"))+"="+encodeURIComponent(l[r].replace(/%20/g,"+")));return s!=""?i+"?"+s:i}}function lc(n){if(typeof window>"u"||!(window!=null&&window.open))throw new Hn(new Error("Not in a browser context - please pass a custom urlCallback function."));let e=1024,t=768,i=window.innerWidth,s=window.innerHeight;e=e>i?i:e,t=t>s?s:t;let l=i/2-e/2,o=s/2-t/2;return window.open(n,"popup_window","width="+e+",height="+t+",top="+o+",left="+l+",resizable,menubar=no")}class Qw extends wk{get baseCrudPath(){return"/api/collections"}async import(e,t=!1,i){return i=Object.assign({method:"PUT",body:{collections:e,deleteMissing:t}},i),this.client.send(this.baseCrudPath+"/import",i).then(()=>!0)}async getScaffolds(e){return e=Object.assign({method:"GET"},e),this.client.send(this.baseCrudPath+"/meta/scaffolds",e)}async truncate(e,t){return t=Object.assign({method:"DELETE"},t),this.client.send(this.baseCrudPath+"/"+encodeURIComponent(e)+"/truncate",t).then(()=>!0)}}class xw extends Hi{async getList(e=1,t=30,i){return(i=Object.assign({method:"GET"},i)).query=Object.assign({page:e,perPage:t},i.query),this.client.send("/api/logs",i)}async getOne(e,t){if(!e)throw new Hn({url:this.client.buildURL("/api/logs/"),status:404,response:{code:404,message:"Missing required log id.",data:{}}});return t=Object.assign({method:"GET"},t),this.client.send("/api/logs/"+encodeURIComponent(e),t)}async getStats(e){return e=Object.assign({method:"GET"},e),this.client.send("/api/logs/stats",e)}}class e3 extends Hi{async check(e){return e=Object.assign({method:"GET"},e),this.client.send("/api/health",e)}}class t3 extends Hi{getUrl(e,t,i={}){return console.warn("Please replace pb.files.getUrl() with pb.files.getURL()"),this.getURL(e,t,i)}getURL(e,t,i={}){if(!t||!(e!=null&&e.id)||!(e!=null&&e.collectionId)&&!(e!=null&&e.collectionName))return"";const s=[];s.push("api"),s.push("files"),s.push(encodeURIComponent(e.collectionId||e.collectionName)),s.push(encodeURIComponent(e.id)),s.push(encodeURIComponent(t));let l=this.client.buildURL(s.join("/"));if(Object.keys(i).length){i.download===!1&&delete i.download;const o=new URLSearchParams(i);l+=(l.includes("?")?"&":"?")+o}return l}async getToken(e){return e=Object.assign({method:"POST"},e),this.client.send("/api/files/token",e).then(t=>(t==null?void 0:t.token)||"")}}class n3 extends Hi{async getFullList(e){return e=Object.assign({method:"GET"},e),this.client.send("/api/backups",e)}async create(e,t){return t=Object.assign({method:"POST",body:{name:e}},t),this.client.send("/api/backups",t).then(()=>!0)}async upload(e,t){return t=Object.assign({method:"POST",body:e},t),this.client.send("/api/backups/upload",t).then(()=>!0)}async delete(e,t){return t=Object.assign({method:"DELETE"},t),this.client.send(`/api/backups/${encodeURIComponent(e)}`,t).then(()=>!0)}async restore(e,t){return t=Object.assign({method:"POST"},t),this.client.send(`/api/backups/${encodeURIComponent(e)}/restore`,t).then(()=>!0)}getDownloadUrl(e,t){return console.warn("Please replace pb.backups.getDownloadUrl() with pb.backups.getDownloadURL()"),this.getDownloadURL(e,t)}getDownloadURL(e,t){return this.client.buildURL(`/api/backups/${encodeURIComponent(t)}?token=${encodeURIComponent(e)}`)}}class i3 extends Hi{async getFullList(e){return e=Object.assign({method:"GET"},e),this.client.send("/api/crons",e)}async run(e,t){return t=Object.assign({method:"POST"},t),this.client.send(`/api/crons/${encodeURIComponent(e)}`,t).then(()=>!0)}}function Ja(n){return typeof Blob<"u"&&n instanceof Blob||typeof File<"u"&&n instanceof File||n!==null&&typeof n=="object"&&n.uri&&(typeof navigator<"u"&&navigator.product==="ReactNative"||typeof global<"u"&&global.HermesInternal)}function Za(n){return n&&(n.constructor.name==="FormData"||typeof FormData<"u"&&n instanceof FormData)}function sc(n){for(const e in n){const t=Array.isArray(n[e])?n[e]:[n[e]];for(const i of t)if(Ja(i))return!0}return!1}const l3=/^[\-\.\d]+$/;function oc(n){if(typeof n!="string")return n;if(n=="true")return!0;if(n=="false")return!1;if((n[0]==="-"||n[0]>="0"&&n[0]<="9")&&l3.test(n)){let e=+n;if(""+e===n)return e}return n}class s3 extends Hi{constructor(){super(...arguments),this.requests=[],this.subs={}}collection(e){return this.subs[e]||(this.subs[e]=new o3(this.requests,e)),this.subs[e]}async send(e){const t=new FormData,i=[];for(let s=0;s{if(a==="@jsonPayload"&&typeof r=="string")try{let u=JSON.parse(r);Object.assign(o,u)}catch(u){console.warn("@jsonPayload error:",u)}else o[a]!==void 0?(Array.isArray(o[a])||(o[a]=[o[a]]),o[a].push(oc(r))):o[a]=oc(r)}),o}(i));for(const s in i){const l=i[s];if(Ja(l))e.files[s]=e.files[s]||[],e.files[s].push(l);else if(Array.isArray(l)){const o=[],r=[];for(const a of l)Ja(a)?o.push(a):r.push(a);if(o.length>0&&o.length==l.length){e.files[s]=e.files[s]||[];for(let a of o)e.files[s].push(a)}else if(e.json[s]=r,o.length>0){let a=s;s.startsWith("+")||s.endsWith("+")||(a+="+"),e.files[a]=e.files[a]||[];for(let u of o)e.files[a].push(u)}}else e.json[s]=l}}}class co{get baseUrl(){return this.baseURL}set baseUrl(e){this.baseURL=e}constructor(e="/",t,i="en-US"){this.cancelControllers={},this.recordServices={},this.enableAutoCancellation=!0,this.baseURL=e,this.lang=i,t?this.authStore=t:typeof window<"u"&&window.Deno?this.authStore=new Iu:this.authStore=new kk,this.collections=new Qw(this),this.files=new t3(this),this.logs=new xw(this),this.settings=new Jw(this),this.realtime=new vk(this),this.health=new e3(this),this.backups=new n3(this),this.crons=new i3(this)}get admins(){return this.collection("_superusers")}createBatch(){return new s3(this)}collection(e){return this.recordServices[e]||(this.recordServices[e]=new Xw(this,e)),this.recordServices[e]}autoCancellation(e){return this.enableAutoCancellation=!!e,this}cancelRequest(e){return this.cancelControllers[e]&&(this.cancelControllers[e].abort(),delete this.cancelControllers[e]),this}cancelAllRequests(){for(let e in this.cancelControllers)this.cancelControllers[e].abort();return this.cancelControllers={},this}filter(e,t){if(!t)return e;for(let i in t){let s=t[i];switch(typeof s){case"boolean":case"number":s=""+s;break;case"string":s="'"+s.replace(/'/g,"\\'")+"'";break;default:s=s===null?"null":s instanceof Date?"'"+s.toISOString().replace("T"," ")+"'":"'"+JSON.stringify(s).replace(/'/g,"\\'")+"'"}e=e.replaceAll("{:"+i+"}",s)}return e}getFileUrl(e,t,i={}){return console.warn("Please replace pb.getFileUrl() with pb.files.getURL()"),this.files.getURL(e,t,i)}buildUrl(e){return console.warn("Please replace pb.buildUrl() with pb.buildURL()"),this.buildURL(e)}buildURL(e){var i;let t=this.baseURL;return typeof window>"u"||!window.location||t.startsWith("https://")||t.startsWith("http://")||(t=(i=window.location.origin)!=null&&i.endsWith("/")?window.location.origin.substring(0,window.location.origin.length-1):window.location.origin||"",this.baseURL.startsWith("/")||(t+=window.location.pathname||"/",t+=t.endsWith("/")?"":"/"),t+=this.baseURL),e&&(t+=t.endsWith("/")?"":"/",t+=e.startsWith("/")?e.substring(1):e),t}async send(e,t){t=this.initSendOptions(e,t);let i=this.buildURL(e);if(this.beforeSend){const s=Object.assign({},await this.beforeSend(i,t));s.url!==void 0||s.options!==void 0?(i=s.url||i,t=s.options||t):Object.keys(s).length&&(t=s,console!=null&&console.warn&&console.warn("Deprecated format of beforeSend return: please use `return { url, options }`, instead of `return options`."))}if(t.query!==void 0){const s=yk(t.query);s&&(i+=(i.includes("?")?"&":"?")+s),delete t.query}return this.getHeader(t.headers,"Content-Type")=="application/json"&&t.body&&typeof t.body!="string"&&(t.body=JSON.stringify(t.body)),(t.fetch||fetch)(i,t).then(async s=>{let l={};try{l=await s.json()}catch{}if(this.afterSend&&(l=await this.afterSend(s,l,t)),s.status>=400)throw new Hn({url:s.url,status:s.status,data:l});return l}).catch(s=>{throw new Hn(s)})}initSendOptions(e,t){if((t=Object.assign({method:"GET"},t)).body=function(s){if(typeof FormData>"u"||s===void 0||typeof s!="object"||s===null||Za(s)||!sc(s))return s;const l=new FormData;for(const o in s){const r=s[o];if(typeof r!="object"||sc({data:r})){const a=Array.isArray(r)?r:[r];for(let u of a)l.append(o,u)}else{let a={};a[o]=r,l.append("@jsonPayload",JSON.stringify(a))}}return l}(t.body),Lu(t),t.query=Object.assign({},t.params,t.query),t.requestKey===void 0&&(t.$autoCancel===!1||t.query.$autoCancel===!1?t.requestKey=null:(t.$cancelKey||t.query.$cancelKey)&&(t.requestKey=t.$cancelKey||t.query.$cancelKey)),delete t.$autoCancel,delete t.query.$autoCancel,delete t.$cancelKey,delete t.query.$cancelKey,this.getHeader(t.headers,"Content-Type")!==null||Za(t.body)||(t.headers=Object.assign({},t.headers,{"Content-Type":"application/json"})),this.getHeader(t.headers,"Accept-Language")===null&&(t.headers=Object.assign({},t.headers,{"Accept-Language":this.lang})),this.authStore.token&&this.getHeader(t.headers,"Authorization")===null&&(t.headers=Object.assign({},t.headers,{Authorization:this.authStore.token})),this.enableAutoCancellation&&t.requestKey!==null){const i=t.requestKey||(t.method||"GET")+e;delete t.requestKey,this.cancelRequest(i);const s=new AbortController;this.cancelControllers[i]=s,t.signal=s.signal}return t}getHeader(e,t){e=e||{},t=t.toLowerCase();for(let i in e)if(i.toLowerCase()==t)return e[i];return null}}const In=Un([]),li=Un({}),Js=Un(!1),Sk=Un({}),Au=Un({});let As;typeof BroadcastChannel<"u"&&(As=new BroadcastChannel("collections"),As.onmessage=()=>{var n;Pu((n=Qb(li))==null?void 0:n.id)});function Tk(){As==null||As.postMessage("reload")}function r3(n){In.update(e=>{const t=e.find(i=>i.id==n||i.name==n);return t?li.set(t):e.length&&li.set(e.find(i=>!i.system)||e[0]),e})}function a3(n){li.update(e=>U.isEmpty(e==null?void 0:e.id)||e.id===n.id?n:e),In.update(e=>(U.pushOrReplaceByKey(e,n,"id"),Nu(),Tk(),U.sortCollections(e)))}function u3(n){In.update(e=>(U.removeByKey(e,"id",n.id),li.update(t=>t.id===n.id?e.find(i=>!i.system)||e[0]:t),Nu(),Tk(),e))}async function Pu(n=null){Js.set(!0);try{const e=[];e.push(_e.collections.getScaffolds()),e.push(_e.collections.getFullList());let[t,i]=await Promise.all(e);Au.set(t),i=U.sortCollections(i),In.set(i);const s=n&&i.find(l=>l.id==n||l.name==n);s?li.set(s):i.length&&li.set(i.find(l=>!l.system)||i[0]),Nu()}catch(e){_e.error(e)}Js.set(!1)}function Nu(){Sk.update(n=>(In.update(e=>{var t;for(let i of e)n[i.id]=!!((t=i.fields)!=null&&t.find(s=>s.type=="file"&&s.protected));return e}),n))}function $k(n,e){if(n instanceof RegExp)return{keys:!1,pattern:n};var t,i,s,l,o=[],r="",a=n.split("/");for(a[0]||a.shift();s=a.shift();)t=s[0],t==="*"?(o.push("wild"),r+="/(.*)"):t===":"?(i=s.indexOf("?",1),l=s.indexOf(".",1),o.push(s.substring(1,~i?i:~l?l:s.length)),r+=~i&&!~l?"(?:/([^/]+?))?":"/([^/]+?)",~l&&(r+=(~i?"?":"")+"\\"+s.substring(l))):r+="/"+s;return{keys:o,pattern:new RegExp("^"+r+"/?$","i")}}function f3(n){let e,t,i;const s=[n[2]];var l=n[0];function o(r,a){let u={};for(let f=0;f{j(u,1)}),re()}l?(e=Ht(l,o(r,a)),e.$on("routeEvent",r[7]),H(e.$$.fragment),M(e.$$.fragment,1),q(e,t.parentNode,t)):e=null}else if(l){const u=a&4?vt(s,[At(r[2])]):{};e.$set(u)}},i(r){i||(e&&M(e.$$.fragment,r),i=!0)},o(r){e&&D(e.$$.fragment,r),i=!1},d(r){r&&v(t),e&&j(e,r)}}}function c3(n){let e,t,i;const s=[{params:n[1]},n[2]];var l=n[0];function o(r,a){let u={};for(let f=0;f{j(u,1)}),re()}l?(e=Ht(l,o(r,a)),e.$on("routeEvent",r[6]),H(e.$$.fragment),M(e.$$.fragment,1),q(e,t.parentNode,t)):e=null}else if(l){const u=a&6?vt(s,[a&2&&{params:r[1]},a&4&&At(r[2])]):{};e.$set(u)}},i(r){i||(e&&M(e.$$.fragment,r),i=!0)},o(r){e&&D(e.$$.fragment,r),i=!1},d(r){r&&v(t),e&&j(e,r)}}}function d3(n){let e,t,i,s;const l=[c3,f3],o=[];function r(a,u){return a[1]?0:1}return e=r(n),t=o[e]=l[e](n),{c(){t.c(),i=ke()},m(a,u){o[e].m(a,u),w(a,i,u),s=!0},p(a,[u]){let f=e;e=r(a),e===f?o[e].p(a,u):(oe(),D(o[f],1,1,()=>{o[f]=null}),re(),t=o[e],t?t.p(a,u):(t=o[e]=l[e](a),t.c()),M(t,1),t.m(i.parentNode,i))},i(a){s||(M(t),s=!0)},o(a){D(t),s=!1},d(a){a&&v(i),o[e].d(a)}}}function rc(){const n=window.location.href.indexOf("#/");let e=n>-1?window.location.href.substr(n+1):"/";const t=e.indexOf("?");let i="";return t>-1&&(i=e.substr(t+1),e=e.substr(0,t)),{location:e,querystring:i}}const Lr=mk(null,function(e){e(rc());const t=()=>{e(rc())};return window.addEventListener("hashchange",t,!1),function(){window.removeEventListener("hashchange",t,!1)}});hk(Lr,n=>n.location);const Ru=hk(Lr,n=>n.querystring),ac=Un(void 0);async function is(n){if(!n||n.length<1||n.charAt(0)!="/"&&n.indexOf("#/")!==0)throw Error("Invalid parameter location");await _n();const e=(n.charAt(0)=="#"?"":"#")+n;try{const t={...history.state};delete t.__svelte_spa_router_scrollX,delete t.__svelte_spa_router_scrollY,window.history.replaceState(t,void 0,e)}catch{console.warn("Caught exception while replacing the current page. If you're running this in the Svelte REPL, please note that the `replace` method might not work in this environment.")}window.dispatchEvent(new Event("hashchange"))}function qn(n,e){if(e=fc(e),!n||!n.tagName||n.tagName.toLowerCase()!="a")throw Error('Action "link" can only be used with tags');return uc(n,e),{update(t){t=fc(t),uc(n,t)}}}function p3(n){n?window.scrollTo(n.__svelte_spa_router_scrollX,n.__svelte_spa_router_scrollY):window.scrollTo(0,0)}function uc(n,e){let t=e.href||n.getAttribute("href");if(t&&t.charAt(0)=="/")t="#"+t;else if(!t||t.length<2||t.slice(0,2)!="#/")throw Error('Invalid value for "href" attribute: '+t);n.setAttribute("href",t),n.addEventListener("click",i=>{i.preventDefault(),e.disabled||m3(i.currentTarget.getAttribute("href"))})}function fc(n){return n&&typeof n=="string"?{href:n}:n||{}}function m3(n){history.replaceState({...history.state,__svelte_spa_router_scrollX:window.scrollX,__svelte_spa_router_scrollY:window.scrollY},void 0),window.location.hash=n}function h3(n,e,t){let{routes:i={}}=e,{prefix:s=""}=e,{restoreScrollState:l=!1}=e;class o{constructor(O,E){if(!E||typeof E!="function"&&(typeof E!="object"||E._sveltesparouter!==!0))throw Error("Invalid component object");if(!O||typeof O=="string"&&(O.length<1||O.charAt(0)!="/"&&O.charAt(0)!="*")||typeof O=="object"&&!(O instanceof RegExp))throw Error('Invalid value for "path" argument - strings must start with / or *');const{pattern:L,keys:I}=$k(O);this.path=O,typeof E=="object"&&E._sveltesparouter===!0?(this.component=E.component,this.conditions=E.conditions||[],this.userData=E.userData,this.props=E.props||{}):(this.component=()=>Promise.resolve(E),this.conditions=[],this.props={}),this._pattern=L,this._keys=I}match(O){if(s){if(typeof s=="string")if(O.startsWith(s))O=O.substr(s.length)||"/";else return null;else if(s instanceof RegExp){const A=O.match(s);if(A&&A[0])O=O.substr(A[0].length)||"/";else return null}}const E=this._pattern.exec(O);if(E===null)return null;if(this._keys===!1)return E;const L={};let I=0;for(;I{r.push(new o(O,T))}):Object.keys(i).forEach(T=>{r.push(new o(T,i[T]))});let a=null,u=null,f={};const c=wt();async function d(T,O){await _n(),c(T,O)}let m=null,h=null;l&&(h=T=>{T.state&&(T.state.__svelte_spa_router_scrollY||T.state.__svelte_spa_router_scrollX)?m=T.state:m=null},window.addEventListener("popstate",h),lv(()=>{p3(m)}));let g=null,_=null;const k=Lr.subscribe(async T=>{g=T;let O=0;for(;O{ac.set(u)});return}t(0,a=null),_=null,ac.set(void 0)});oo(()=>{k(),h&&window.removeEventListener("popstate",h)});function S(T){Le.call(this,n,T)}function $(T){Le.call(this,n,T)}return n.$$set=T=>{"routes"in T&&t(3,i=T.routes),"prefix"in T&&t(4,s=T.prefix),"restoreScrollState"in T&&t(5,l=T.restoreScrollState)},n.$$.update=()=>{n.$$.dirty&32&&(history.scrollRestoration=l?"manual":"auto")},[a,u,f,i,s,l,S,$]}class _3 extends we{constructor(e){super(),ve(this,e,h3,d3,be,{routes:3,prefix:4,restoreScrollState:5})}}const la="pb_superuser_file_token";co.prototype.logout=function(n=!0){this.authStore.clear(),n&&is("/login")};co.prototype.error=function(n,e=!0,t=""){if(!n||!(n instanceof Error)||n.isAbort)return;const i=(n==null?void 0:n.status)<<0||400,s=(n==null?void 0:n.data)||{},l=s.message||n.message||t;if(e&&l&&Mi(l),U.isEmpty(s.data)||Jt(s.data),i===401)return this.cancelAllRequests(),this.logout();if(i===403)return this.cancelAllRequests(),is("/")};co.prototype.getSuperuserFileToken=async function(n=""){let e=!0;if(n){const i=Qb(Sk);e=typeof i[n]<"u"?i[n]:!0}if(!e)return"";let t=localStorage.getItem(la)||"";return(!t||Ir(t,10))&&(t&&localStorage.removeItem(la),this._superuserFileTokenRequest||(this._superuserFileTokenRequest=this.files.getToken()),t=await this._superuserFileTokenRequest,localStorage.setItem(la,t),this._superuserFileTokenRequest=null),t};class g3 extends kk{constructor(e="__pb_superuser_auth__"){super(e),this.save(this.token,this.record)}save(e,t){super.save(e,t),(t==null?void 0:t.collectionName)=="_superusers"&&tc(t)}clear(){super.clear(),tc(null)}}const _e=new co("../",new g3);_e.authStore.isValid&&_e.collection(_e.authStore.record.collectionName).authRefresh().catch(n=>{console.warn("Failed to refresh the existing auth token:",n);const e=(n==null?void 0:n.status)<<0;(e==401||e==403)&&_e.authStore.clear()});const Xo=[];let Ck;function Ok(n){const e=n.pattern.test(Ck);cc(n,n.className,e),cc(n,n.inactiveClassName,!e)}function cc(n,e,t){(e||"").split(" ").forEach(i=>{i&&(n.node.classList.remove(i),t&&n.node.classList.add(i))})}Lr.subscribe(n=>{Ck=n.location+(n.querystring?"?"+n.querystring:""),Xo.map(Ok)});function Si(n,e){if(e&&(typeof e=="string"||typeof e=="object"&&e instanceof RegExp)?e={path:e}:e=e||{},!e.path&&n.hasAttribute("href")&&(e.path=n.getAttribute("href"),e.path&&e.path.length>1&&e.path.charAt(0)=="#"&&(e.path=e.path.substring(1))),e.className||(e.className="active"),!e.path||typeof e.path=="string"&&(e.path.length<1||e.path.charAt(0)!="/"&&e.path.charAt(0)!="*"))throw Error('Invalid value for "path" argument');const{pattern:t}=typeof e.path=="string"?$k(e.path):{pattern:e.path},i={node:n,className:e.className,inactiveClassName:e.inactiveClassName,pattern:t};return Xo.push(i),Ok(i),{destroy(){Xo.splice(Xo.indexOf(i),1)}}}const b3="modulepreload",k3=function(n,e){return new URL(n,e).href},dc={},$t=function(e,t,i){let s=Promise.resolve();if(t&&t.length>0){const o=document.getElementsByTagName("link"),r=document.querySelector("meta[property=csp-nonce]"),a=(r==null?void 0:r.nonce)||(r==null?void 0:r.getAttribute("nonce"));s=Promise.allSettled(t.map(u=>{if(u=k3(u,i),u in dc)return;dc[u]=!0;const f=u.endsWith(".css"),c=f?'[rel="stylesheet"]':"";if(!!i)for(let h=o.length-1;h>=0;h--){const g=o[h];if(g.href===u&&(!f||g.rel==="stylesheet"))return}else if(document.querySelector(`link[href="${u}"]${c}`))return;const m=document.createElement("link");if(m.rel=f?"stylesheet":b3,f||(m.as="script"),m.crossOrigin="",m.href=u,a&&m.setAttribute("nonce",a),document.head.appendChild(m),f)return new Promise((h,g)=>{m.addEventListener("load",h),m.addEventListener("error",()=>g(new Error(`Unable to preload CSS for ${u}`)))})}))}function l(o){const r=new Event("vite:preloadError",{cancelable:!0});if(r.payload=o,window.dispatchEvent(r),!r.defaultPrevented)throw o}return s.then(o=>{for(const r of o||[])r.status==="rejected"&&l(r.reason);return e().catch(l)})};function y3(n){e();function e(){_e.authStore.isValid?is("/collections"):_e.logout()}return[]}class v3 extends we{constructor(e){super(),ve(this,e,y3,null,be,{})}}function pc(n,e,t){const i=n.slice();return i[12]=e[t],i}const w3=n=>({}),mc=n=>({uniqueId:n[4]});function S3(n){let e,t,i=ce(n[3]),s=[];for(let o=0;oD(s[o],1,1,()=>{s[o]=null});return{c(){for(let o=0;o{l&&(s||(s=qe(t,Ct,{duration:150,start:.7},!0)),s.run(1))}),l=!0)},o(a){a&&(s||(s=qe(t,Ct,{duration:150,start:.7},!1)),s.run(0)),l=!1},d(a){a&&v(e),a&&s&&s.end(),o=!1,r()}}}function hc(n){let e,t,i=dr(n[12])+"",s,l,o,r;return{c(){e=b("div"),t=b("pre"),s=W(i),l=C(),p(e,"class","help-block help-block-error")},m(a,u){w(a,e,u),y(e,t),y(t,s),y(e,l),r=!0},p(a,u){(!r||u&8)&&i!==(i=dr(a[12])+"")&&se(s,i)},i(a){r||(a&&tt(()=>{r&&(o||(o=qe(e,ht,{duration:150},!0)),o.run(1))}),r=!0)},o(a){a&&(o||(o=qe(e,ht,{duration:150},!1)),o.run(0)),r=!1},d(a){a&&v(e),a&&o&&o.end()}}}function $3(n){let e,t,i,s,l,o,r;const a=n[9].default,u=Nt(a,n,n[8],mc),f=[T3,S3],c=[];function d(m,h){return m[0]&&m[3].length?0:1}return i=d(n),s=c[i]=f[i](n),{c(){e=b("div"),u&&u.c(),t=C(),s.c(),p(e,"class",n[1]),x(e,"error",n[3].length)},m(m,h){w(m,e,h),u&&u.m(e,null),y(e,t),c[i].m(e,null),n[11](e),l=!0,o||(r=Y(e,"click",n[10]),o=!0)},p(m,[h]){u&&u.p&&(!l||h&256)&&Ft(u,a,m,m[8],l?Rt(a,m[8],h,w3):qt(m[8]),mc);let g=i;i=d(m),i===g?c[i].p(m,h):(oe(),D(c[g],1,1,()=>{c[g]=null}),re(),s=c[i],s?s.p(m,h):(s=c[i]=f[i](m),s.c()),M(s,1),s.m(e,null)),(!l||h&2)&&p(e,"class",m[1]),(!l||h&10)&&x(e,"error",m[3].length)},i(m){l||(M(u,m),M(s),l=!0)},o(m){D(u,m),D(s),l=!1},d(m){m&&v(e),u&&u.d(m),c[i].d(),n[11](null),o=!1,r()}}}const _c="Invalid value";function dr(n){return typeof n=="object"?(n==null?void 0:n.message)||(n==null?void 0:n.code)||_c:n||_c}function C3(n,e,t){let i;Ge(n,$n,g=>t(7,i=g));let{$$slots:s={},$$scope:l}=e;const o="field_"+U.randomString(7);let{name:r=""}=e,{inlineError:a=!1}=e,{class:u=void 0}=e,f,c=[];function d(){Yn(r)}an(()=>(f.addEventListener("input",d),f.addEventListener("change",d),()=>{f.removeEventListener("input",d),f.removeEventListener("change",d)}));function m(g){Le.call(this,n,g)}function h(g){ne[g?"unshift":"push"](()=>{f=g,t(2,f)})}return n.$$set=g=>{"name"in g&&t(5,r=g.name),"inlineError"in g&&t(0,a=g.inlineError),"class"in g&&t(1,u=g.class),"$$scope"in g&&t(8,l=g.$$scope)},n.$$.update=()=>{n.$$.dirty&160&&t(3,c=U.toArray(U.getNestedVal(i,r)))},[a,u,f,c,o,r,d,i,l,s,m,h]}class fe extends we{constructor(e){super(),ve(this,e,C3,$3,be,{name:5,inlineError:0,class:1,changed:6})}get changed(){return this.$$.ctx[6]}}const O3=n=>({}),gc=n=>({});function bc(n){let e,t,i,s,l,o;return{c(){e=b("a"),e.innerHTML=' Docs',t=C(),i=b("span"),i.textContent="|",s=C(),l=b("a"),o=b("span"),o.textContent="PocketBase v0.28.1",p(e,"href","https://pocketbase.io/docs"),p(e,"target","_blank"),p(e,"rel","noopener noreferrer"),p(i,"class","delimiter"),p(o,"class","txt"),p(l,"href","https://github.com/pocketbase/pocketbase/releases"),p(l,"target","_blank"),p(l,"rel","noopener noreferrer"),p(l,"title","Releases")},m(r,a){w(r,e,a),w(r,t,a),w(r,i,a),w(r,s,a),w(r,l,a),y(l,o)},d(r){r&&(v(e),v(t),v(i),v(s),v(l))}}}function M3(n){var m;let e,t,i,s,l,o,r;const a=n[4].default,u=Nt(a,n,n[3],null),f=n[4].footer,c=Nt(f,n,n[3],gc);let d=((m=n[2])==null?void 0:m.id)&&bc();return{c(){e=b("div"),t=b("main"),u&&u.c(),i=C(),s=b("footer"),c&&c.c(),l=C(),d&&d.c(),p(t,"class","page-content"),p(s,"class","page-footer"),p(e,"class",o="page-wrapper "+n[1]),x(e,"center-content",n[0])},m(h,g){w(h,e,g),y(e,t),u&&u.m(t,null),y(e,i),y(e,s),c&&c.m(s,null),y(s,l),d&&d.m(s,null),r=!0},p(h,[g]){var _;u&&u.p&&(!r||g&8)&&Ft(u,a,h,h[3],r?Rt(a,h[3],g,null):qt(h[3]),null),c&&c.p&&(!r||g&8)&&Ft(c,f,h,h[3],r?Rt(f,h[3],g,O3):qt(h[3]),gc),(_=h[2])!=null&&_.id?d||(d=bc(),d.c(),d.m(s,null)):d&&(d.d(1),d=null),(!r||g&2&&o!==(o="page-wrapper "+h[1]))&&p(e,"class",o),(!r||g&3)&&x(e,"center-content",h[0])},i(h){r||(M(u,h),M(c,h),r=!0)},o(h){D(u,h),D(c,h),r=!1},d(h){h&&v(e),u&&u.d(h),c&&c.d(h),d&&d.d()}}}function E3(n,e,t){let i;Ge(n,Dr,a=>t(2,i=a));let{$$slots:s={},$$scope:l}=e,{center:o=!1}=e,{class:r=""}=e;return n.$$set=a=>{"center"in a&&t(0,o=a.center),"class"in a&&t(1,r=a.class),"$$scope"in a&&t(3,l=a.$$scope)},[o,r,i,l,s]}class oi extends we{constructor(e){super(),ve(this,e,E3,M3,be,{center:0,class:1})}}function D3(n){let e,t,i,s;return{c(){e=b("input"),p(e,"type","text"),p(e,"id",n[8]),p(e,"placeholder",t=n[0]||n[1])},m(l,o){w(l,e,o),n[13](e),me(e,n[7]),i||(s=Y(e,"input",n[14]),i=!0)},p(l,o){o&3&&t!==(t=l[0]||l[1])&&p(e,"placeholder",t),o&128&&e.value!==l[7]&&me(e,l[7])},i:te,o:te,d(l){l&&v(e),n[13](null),i=!1,s()}}}function I3(n){let e,t,i,s;function l(a){n[12](a)}var o=n[4];function r(a,u){let f={id:a[8],singleLine:!0,disableRequestKeys:!0,disableCollectionJoinKeys:!0,extraAutocompleteKeys:a[3],baseCollection:a[2],placeholder:a[0]||a[1]};return a[7]!==void 0&&(f.value=a[7]),{props:f}}return o&&(e=Ht(o,r(n)),ne.push(()=>ge(e,"value",l)),e.$on("submit",n[10])),{c(){e&&H(e.$$.fragment),i=ke()},m(a,u){e&&q(e,a,u),w(a,i,u),s=!0},p(a,u){if(u&16&&o!==(o=a[4])){if(e){oe();const f=e;D(f.$$.fragment,1,0,()=>{j(f,1)}),re()}o?(e=Ht(o,r(a)),ne.push(()=>ge(e,"value",l)),e.$on("submit",a[10]),H(e.$$.fragment),M(e.$$.fragment,1),q(e,i.parentNode,i)):e=null}else if(o){const f={};u&8&&(f.extraAutocompleteKeys=a[3]),u&4&&(f.baseCollection=a[2]),u&3&&(f.placeholder=a[0]||a[1]),!t&&u&128&&(t=!0,f.value=a[7],$e(()=>t=!1)),e.$set(f)}},i(a){s||(e&&M(e.$$.fragment,a),s=!0)},o(a){e&&D(e.$$.fragment,a),s=!1},d(a){a&&v(i),e&&j(e,a)}}}function kc(n){let e,t,i;return{c(){e=b("button"),e.innerHTML='Search',p(e,"type","submit"),p(e,"class","btn btn-expanded-sm btn-sm btn-warning")},m(s,l){w(s,e,l),i=!0},i(s){i||(s&&tt(()=>{i&&(t||(t=qe(e,zn,{duration:150,x:5},!0)),t.run(1))}),i=!0)},o(s){s&&(t||(t=qe(e,zn,{duration:150,x:5},!1)),t.run(0)),i=!1},d(s){s&&v(e),s&&t&&t.end()}}}function yc(n){let e,t,i,s,l;return{c(){e=b("button"),e.innerHTML='Clear',p(e,"type","button"),p(e,"class","btn btn-transparent btn-sm btn-hint p-l-xs p-r-xs m-l-10")},m(o,r){w(o,e,r),i=!0,s||(l=Y(e,"click",n[15]),s=!0)},p:te,i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,zn,{duration:150,x:5},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,zn,{duration:150,x:5},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function L3(n){let e,t,i,s,l,o,r,a,u,f,c;const d=[I3,D3],m=[];function h(k,S){return k[4]&&!k[5]?0:1}l=h(n),o=m[l]=d[l](n);let g=(n[0].length||n[7].length)&&n[7]!=n[0]&&kc(),_=(n[0].length||n[7].length)&&yc(n);return{c(){e=b("form"),t=b("label"),i=b("i"),s=C(),o.c(),r=C(),g&&g.c(),a=C(),_&&_.c(),p(i,"class","ri-search-line"),p(t,"for",n[8]),p(t,"class","m-l-10 txt-xl"),p(e,"class","searchbar")},m(k,S){w(k,e,S),y(e,t),y(t,i),y(e,s),m[l].m(e,null),y(e,r),g&&g.m(e,null),y(e,a),_&&_.m(e,null),u=!0,f||(c=[Y(e,"click",en(n[11])),Y(e,"submit",it(n[10]))],f=!0)},p(k,[S]){let $=l;l=h(k),l===$?m[l].p(k,S):(oe(),D(m[$],1,1,()=>{m[$]=null}),re(),o=m[l],o?o.p(k,S):(o=m[l]=d[l](k),o.c()),M(o,1),o.m(e,r)),(k[0].length||k[7].length)&&k[7]!=k[0]?g?S&129&&M(g,1):(g=kc(),g.c(),M(g,1),g.m(e,a)):g&&(oe(),D(g,1,1,()=>{g=null}),re()),k[0].length||k[7].length?_?(_.p(k,S),S&129&&M(_,1)):(_=yc(k),_.c(),M(_,1),_.m(e,null)):_&&(oe(),D(_,1,1,()=>{_=null}),re())},i(k){u||(M(o),M(g),M(_),u=!0)},o(k){D(o),D(g),D(_),u=!1},d(k){k&&v(e),m[l].d(),g&&g.d(),_&&_.d(),f=!1,Ee(c)}}}function A3(n,e,t){const i=wt(),s="search_"+U.randomString(7);let{value:l=""}=e,{placeholder:o='Search term or filter like created > "2022-01-01"...'}=e,{autocompleteCollection:r=null}=e,{extraAutocompleteKeys:a=[]}=e,u,f=!1,c,d="";function m(O=!0){t(7,d=""),O&&(c==null||c.focus()),i("clear")}function h(){t(0,l=d),i("submit",l)}async function g(){u||f||(t(5,f=!0),t(4,u=(await $t(async()=>{const{default:O}=await import("./FilterAutocompleteInput-CBf9aYgb.js");return{default:O}},__vite__mapDeps([0,1]),import.meta.url)).default),t(5,f=!1))}an(()=>{g()});function _(O){Le.call(this,n,O)}function k(O){d=O,t(7,d),t(0,l)}function S(O){ne[O?"unshift":"push"](()=>{c=O,t(6,c)})}function $(){d=this.value,t(7,d),t(0,l)}const T=()=>{m(!1),h()};return n.$$set=O=>{"value"in O&&t(0,l=O.value),"placeholder"in O&&t(1,o=O.placeholder),"autocompleteCollection"in O&&t(2,r=O.autocompleteCollection),"extraAutocompleteKeys"in O&&t(3,a=O.extraAutocompleteKeys)},n.$$.update=()=>{n.$$.dirty&1&&typeof l=="string"&&t(7,d=l)},[l,o,r,a,u,f,c,d,s,m,h,_,k,S,$,T]}class Ar extends we{constructor(e){super(),ve(this,e,A3,L3,be,{value:0,placeholder:1,autocompleteCollection:2,extraAutocompleteKeys:3})}}function P3(n){let e,t,i,s,l,o;return{c(){e=b("button"),t=b("i"),p(t,"class","ri-refresh-line svelte-1bvelc2"),p(e,"type","button"),p(e,"aria-label","Refresh"),p(e,"class",i="btn btn-transparent btn-circle "+n[1]+" svelte-1bvelc2"),x(e,"refreshing",n[2])},m(r,a){w(r,e,a),y(e,t),l||(o=[Oe(s=Re.call(null,e,n[0])),Y(e,"click",n[3])],l=!0)},p(r,[a]){a&2&&i!==(i="btn btn-transparent btn-circle "+r[1]+" svelte-1bvelc2")&&p(e,"class",i),s&&Lt(s.update)&&a&1&&s.update.call(null,r[0]),a&6&&x(e,"refreshing",r[2])},i:te,o:te,d(r){r&&v(e),l=!1,Ee(o)}}}function N3(n,e,t){const i=wt();let{tooltip:s={text:"Refresh",position:"right"}}=e,{class:l=""}=e,o=null;function r(){i("refresh");const a=s;t(0,s=null),clearTimeout(o),t(2,o=setTimeout(()=>{t(2,o=null),t(0,s=a)},150))}return an(()=>()=>clearTimeout(o)),n.$$set=a=>{"tooltip"in a&&t(0,s=a.tooltip),"class"in a&&t(1,l=a.class)},[s,l,o,r]}class Pr extends we{constructor(e){super(),ve(this,e,N3,P3,be,{tooltip:0,class:1})}}const R3=n=>({}),vc=n=>({}),F3=n=>({}),wc=n=>({});function q3(n){let e,t,i,s,l,o,r,a;const u=n[11].before,f=Nt(u,n,n[10],wc),c=n[11].default,d=Nt(c,n,n[10],null),m=n[11].after,h=Nt(m,n,n[10],vc);return{c(){e=b("div"),f&&f.c(),t=C(),i=b("div"),d&&d.c(),l=C(),h&&h.c(),p(i,"class",s="scroller "+n[0]+" "+n[3]+" svelte-3a0gfs"),p(e,"class","scroller-wrapper svelte-3a0gfs")},m(g,_){w(g,e,_),f&&f.m(e,null),y(e,t),y(e,i),d&&d.m(i,null),n[12](i),y(e,l),h&&h.m(e,null),o=!0,r||(a=[Y(window,"resize",n[1]),Y(i,"scroll",n[1])],r=!0)},p(g,[_]){f&&f.p&&(!o||_&1024)&&Ft(f,u,g,g[10],o?Rt(u,g[10],_,F3):qt(g[10]),wc),d&&d.p&&(!o||_&1024)&&Ft(d,c,g,g[10],o?Rt(c,g[10],_,null):qt(g[10]),null),(!o||_&9&&s!==(s="scroller "+g[0]+" "+g[3]+" svelte-3a0gfs"))&&p(i,"class",s),h&&h.p&&(!o||_&1024)&&Ft(h,m,g,g[10],o?Rt(m,g[10],_,R3):qt(g[10]),vc)},i(g){o||(M(f,g),M(d,g),M(h,g),o=!0)},o(g){D(f,g),D(d,g),D(h,g),o=!1},d(g){g&&v(e),f&&f.d(g),d&&d.d(g),n[12](null),h&&h.d(g),r=!1,Ee(a)}}}function j3(n,e,t){let{$$slots:i={},$$scope:s}=e;const l=wt();let{class:o=""}=e,{vThreshold:r=0}=e,{hThreshold:a=0}=e,{dispatchOnNoScroll:u=!0}=e,f=null,c="",d=null,m,h,g,_,k;function S(){f&&t(2,f.scrollTop=0,f)}function $(){f&&t(2,f.scrollLeft=0,f)}function T(){f&&(t(3,c=""),g=f.clientWidth+2,_=f.clientHeight+2,m=f.scrollWidth-g,h=f.scrollHeight-_,h>0?(t(3,c+=" v-scroll"),r>=_&&t(4,r=0),f.scrollTop-r<=0&&(t(3,c+=" v-scroll-start"),l("vScrollStart")),f.scrollTop+r>=h&&(t(3,c+=" v-scroll-end"),l("vScrollEnd"))):u&&l("vScrollEnd"),m>0?(t(3,c+=" h-scroll"),a>=g&&t(5,a=0),f.scrollLeft-a<=0&&(t(3,c+=" h-scroll-start"),l("hScrollStart")),f.scrollLeft+a>=m&&(t(3,c+=" h-scroll-end"),l("hScrollEnd"))):u&&l("hScrollEnd"))}function O(){d||(d=setTimeout(()=>{T(),d=null},150))}an(()=>(O(),k=new MutationObserver(O),k.observe(f,{attributeFilter:["width","height"],childList:!0,subtree:!0}),()=>{k==null||k.disconnect(),clearTimeout(d)}));function E(L){ne[L?"unshift":"push"](()=>{f=L,t(2,f)})}return n.$$set=L=>{"class"in L&&t(0,o=L.class),"vThreshold"in L&&t(4,r=L.vThreshold),"hThreshold"in L&&t(5,a=L.hThreshold),"dispatchOnNoScroll"in L&&t(6,u=L.dispatchOnNoScroll),"$$scope"in L&&t(10,s=L.$$scope)},[o,O,f,c,r,a,u,S,$,T,s,i,E]}class Fu extends we{constructor(e){super(),ve(this,e,j3,q3,be,{class:0,vThreshold:4,hThreshold:5,dispatchOnNoScroll:6,resetVerticalScroll:7,resetHorizontalScroll:8,refresh:9,throttleRefresh:1})}get resetVerticalScroll(){return this.$$.ctx[7]}get resetHorizontalScroll(){return this.$$.ctx[8]}get refresh(){return this.$$.ctx[9]}get throttleRefresh(){return this.$$.ctx[1]}}function H3(n){let e,t,i,s,l;const o=n[6].default,r=Nt(o,n,n[5],null);return{c(){e=b("th"),r&&r.c(),p(e,"tabindex","0"),p(e,"title",n[2]),p(e,"class",t="col-sort "+n[1]),x(e,"col-sort-disabled",n[3]),x(e,"sort-active",n[0]==="-"+n[2]||n[0]==="+"+n[2]),x(e,"sort-desc",n[0]==="-"+n[2]),x(e,"sort-asc",n[0]==="+"+n[2])},m(a,u){w(a,e,u),r&&r.m(e,null),i=!0,s||(l=[Y(e,"click",n[7]),Y(e,"keydown",n[8])],s=!0)},p(a,[u]){r&&r.p&&(!i||u&32)&&Ft(r,o,a,a[5],i?Rt(o,a[5],u,null):qt(a[5]),null),(!i||u&4)&&p(e,"title",a[2]),(!i||u&2&&t!==(t="col-sort "+a[1]))&&p(e,"class",t),(!i||u&10)&&x(e,"col-sort-disabled",a[3]),(!i||u&7)&&x(e,"sort-active",a[0]==="-"+a[2]||a[0]==="+"+a[2]),(!i||u&7)&&x(e,"sort-desc",a[0]==="-"+a[2]),(!i||u&7)&&x(e,"sort-asc",a[0]==="+"+a[2])},i(a){i||(M(r,a),i=!0)},o(a){D(r,a),i=!1},d(a){a&&v(e),r&&r.d(a),s=!1,Ee(l)}}}function z3(n,e,t){let{$$slots:i={},$$scope:s}=e,{class:l=""}=e,{name:o}=e,{sort:r=""}=e,{disable:a=!1}=e;function u(){a||("-"+o===r?t(0,r="+"+o):t(0,r="-"+o))}const f=()=>u(),c=d=>{(d.code==="Enter"||d.code==="Space")&&(d.preventDefault(),u())};return n.$$set=d=>{"class"in d&&t(1,l=d.class),"name"in d&&t(2,o=d.name),"sort"in d&&t(0,r=d.sort),"disable"in d&&t(3,a=d.disable),"$$scope"in d&&t(5,s=d.$$scope)},[r,l,o,a,u,s,i,f,c]}class Qo extends we{constructor(e){super(),ve(this,e,z3,H3,be,{class:1,name:2,sort:0,disable:3})}}function U3(n){let e,t=n[0].replace("Z"," UTC")+"",i,s,l;return{c(){e=b("span"),i=W(t),p(e,"class","txt-nowrap")},m(o,r){w(o,e,r),y(e,i),s||(l=Oe(Re.call(null,e,n[1])),s=!0)},p(o,[r]){r&1&&t!==(t=o[0].replace("Z"," UTC")+"")&&se(i,t)},i:te,o:te,d(o){o&&v(e),s=!1,l()}}}function V3(n,e,t){let{date:i}=e;const s={get text(){return U.formatToLocalDate(i,"yyyy-MM-dd HH:mm:ss.SSS")+" Local"}};return n.$$set=l=>{"date"in l&&t(0,i=l.date)},[i,s]}class Mk extends we{constructor(e){super(),ve(this,e,V3,U3,be,{date:0})}}function B3(n){let e,t,i=(n[1]||"UNKN")+"",s,l,o,r,a;return{c(){e=b("div"),t=b("span"),s=W(i),l=W(" ("),o=W(n[0]),r=W(")"),p(t,"class","txt"),p(e,"class",a="label log-level-label level-"+n[0]+" svelte-ha6hme")},m(u,f){w(u,e,f),y(e,t),y(t,s),y(t,l),y(t,o),y(t,r)},p(u,[f]){f&2&&i!==(i=(u[1]||"UNKN")+"")&&se(s,i),f&1&&se(o,u[0]),f&1&&a!==(a="label log-level-label level-"+u[0]+" svelte-ha6hme")&&p(e,"class",a)},i:te,o:te,d(u){u&&v(e)}}}function W3(n,e,t){let i,{level:s}=e;return n.$$set=l=>{"level"in l&&t(0,s=l.level)},n.$$.update=()=>{var l;n.$$.dirty&1&&t(1,i=(l=ck.find(o=>o.level==s))==null?void 0:l.label)},[s,i]}class Ek extends we{constructor(e){super(),ve(this,e,W3,B3,be,{level:0})}}function Sc(n,e,t){var o;const i=n.slice();i[32]=e[t];const s=((o=i[32].data)==null?void 0:o.type)=="request";i[33]=s;const l=iS(i[32]);return i[34]=l,i}function Tc(n,e,t){const i=n.slice();return i[37]=e[t],i}function Y3(n){let e,t,i,s,l,o,r;return{c(){e=b("div"),t=b("input"),s=C(),l=b("label"),p(t,"type","checkbox"),p(t,"id","checkbox_0"),t.disabled=i=!n[3].length,t.checked=n[8],p(l,"for","checkbox_0"),p(e,"class","form-field")},m(a,u){w(a,e,u),y(e,t),y(e,s),y(e,l),o||(r=Y(t,"change",n[19]),o=!0)},p(a,u){u[0]&8&&i!==(i=!a[3].length)&&(t.disabled=i),u[0]&256&&(t.checked=a[8])},d(a){a&&v(e),o=!1,r()}}}function K3(n){let e;return{c(){e=b("span"),p(e,"class","loader loader-sm")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function J3(n){let e;return{c(){e=b("div"),e.innerHTML=' level',p(e,"class","col-header-content")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function Z3(n){let e;return{c(){e=b("div"),e.innerHTML=' message',p(e,"class","col-header-content")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function G3(n){let e;return{c(){e=b("div"),e.innerHTML=` created`,p(e,"class","col-header-content")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function $c(n){let e;function t(l,o){return l[7]?Q3:X3}let i=t(n),s=i(n);return{c(){s.c(),e=ke()},m(l,o){s.m(l,o),w(l,e,o)},p(l,o){i===(i=t(l))&&s?s.p(l,o):(s.d(1),s=i(l),s&&(s.c(),s.m(e.parentNode,e)))},d(l){l&&v(e),s.d(l)}}}function X3(n){var r;let e,t,i,s,l,o=((r=n[0])==null?void 0:r.length)&&Cc(n);return{c(){e=b("tr"),t=b("td"),i=b("h6"),i.textContent="No logs found.",s=C(),o&&o.c(),l=C(),p(t,"colspan","99"),p(t,"class","txt-center txt-hint p-xs")},m(a,u){w(a,e,u),y(e,t),y(t,i),y(t,s),o&&o.m(t,null),y(e,l)},p(a,u){var f;(f=a[0])!=null&&f.length?o?o.p(a,u):(o=Cc(a),o.c(),o.m(t,null)):o&&(o.d(1),o=null)},d(a){a&&v(e),o&&o.d()}}}function Q3(n){let e;return{c(){e=b("tr"),e.innerHTML=' '},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function Cc(n){let e,t,i;return{c(){e=b("button"),e.innerHTML='Clear filters',p(e,"type","button"),p(e,"class","btn btn-hint btn-expanded m-t-sm")},m(s,l){w(s,e,l),t||(i=Y(e,"click",n[26]),t=!0)},p:te,d(s){s&&v(e),t=!1,i()}}}function Oc(n){let e,t=ce(n[34]),i=[];for(let s=0;s',P=C(),p(l,"type","checkbox"),p(l,"id",o="checkbox_"+e[32].id),l.checked=r=e[4][e[32].id],p(u,"for",f="checkbox_"+e[32].id),p(s,"class","form-field"),p(i,"class","bulk-select-col min-width"),p(d,"class","col-type-text col-field-level min-width svelte-91v05h"),p(k,"class","txt-ellipsis"),p(_,"class","flex flex-gap-10"),p(g,"class","col-type-text col-field-message svelte-91v05h"),p(E,"class","col-type-date col-field-created"),p(A,"class","col-type-action min-width"),p(t,"tabindex","0"),p(t,"class","row-handle"),this.first=t},m(Z,G){w(Z,t,G),y(t,i),y(i,s),y(s,l),y(s,a),y(s,u),y(t,c),y(t,d),q(m,d,null),y(t,h),y(t,g),y(g,_),y(_,k),y(k,$),y(g,T),B&&B.m(g,null),y(t,O),y(t,E),q(L,E,null),y(t,I),y(t,A),y(t,P),N=!0,R||(z=[Y(l,"change",F),Y(s,"click",en(e[18])),Y(t,"click",J),Y(t,"keydown",V)],R=!0)},p(Z,G){e=Z,(!N||G[0]&8&&o!==(o="checkbox_"+e[32].id))&&p(l,"id",o),(!N||G[0]&24&&r!==(r=e[4][e[32].id]))&&(l.checked=r),(!N||G[0]&8&&f!==(f="checkbox_"+e[32].id))&&p(u,"for",f);const de={};G[0]&8&&(de.level=e[32].level),m.$set(de),(!N||G[0]&8)&&S!==(S=e[32].message+"")&&se($,S),e[34].length?B?B.p(e,G):(B=Oc(e),B.c(),B.m(g,null)):B&&(B.d(1),B=null);const pe={};G[0]&8&&(pe.date=e[32].created),L.$set(pe)},i(Z){N||(M(m.$$.fragment,Z),M(L.$$.fragment,Z),N=!0)},o(Z){D(m.$$.fragment,Z),D(L.$$.fragment,Z),N=!1},d(Z){Z&&v(t),j(m),B&&B.d(),j(L),R=!1,Ee(z)}}}function tS(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S=[],$=new Map,T;function O(V,Z){return V[7]?K3:Y3}let E=O(n),L=E(n);function I(V){n[20](V)}let A={disable:!0,class:"col-field-level min-width",name:"level",$$slots:{default:[J3]},$$scope:{ctx:n}};n[1]!==void 0&&(A.sort=n[1]),o=new Qo({props:A}),ne.push(()=>ge(o,"sort",I));function P(V){n[21](V)}let N={disable:!0,class:"col-type-text col-field-message",name:"data",$$slots:{default:[Z3]},$$scope:{ctx:n}};n[1]!==void 0&&(N.sort=n[1]),u=new Qo({props:N}),ne.push(()=>ge(u,"sort",P));function R(V){n[22](V)}let z={disable:!0,class:"col-type-date col-field-created",name:"created",$$slots:{default:[G3]},$$scope:{ctx:n}};n[1]!==void 0&&(z.sort=n[1]),d=new Qo({props:z}),ne.push(()=>ge(d,"sort",R));let F=ce(n[3]);const B=V=>V[32].id;for(let V=0;Vr=!1)),o.$set(G);const de={};Z[1]&512&&(de.$$scope={dirty:Z,ctx:V}),!f&&Z[0]&2&&(f=!0,de.sort=V[1],$e(()=>f=!1)),u.$set(de);const pe={};Z[1]&512&&(pe.$$scope={dirty:Z,ctx:V}),!m&&Z[0]&2&&(m=!0,pe.sort=V[1],$e(()=>m=!1)),d.$set(pe),Z[0]&9369&&(F=ce(V[3]),oe(),S=kt(S,Z,B,1,V,F,$,k,Yt,Ec,null,Sc),re(),!F.length&&J?J.p(V,Z):F.length?J&&(J.d(1),J=null):(J=$c(V),J.c(),J.m(k,null))),(!T||Z[0]&128)&&x(e,"table-loading",V[7])},i(V){if(!T){M(o.$$.fragment,V),M(u.$$.fragment,V),M(d.$$.fragment,V);for(let Z=0;ZLoad more',p(t,"type","button"),p(t,"class","btn btn-lg btn-secondary btn-expanded"),x(t,"btn-loading",n[7]),x(t,"btn-disabled",n[7]),p(e,"class","block txt-center m-t-sm")},m(l,o){w(l,e,o),y(e,t),i||(s=Y(t,"click",n[27]),i=!0)},p(l,o){o[0]&128&&x(t,"btn-loading",l[7]),o[0]&128&&x(t,"btn-disabled",l[7])},d(l){l&&v(e),i=!1,s()}}}function Ic(n){let e,t,i,s,l,o,r=n[5]===1?"log":"logs",a,u,f,c,d,m,h,g,_,k,S;return{c(){e=b("div"),t=b("div"),i=W("Selected "),s=b("strong"),l=W(n[5]),o=C(),a=W(r),u=C(),f=b("button"),f.innerHTML='Reset',c=C(),d=b("div"),m=C(),h=b("button"),h.innerHTML='Download as JSON',p(t,"class","txt"),p(f,"type","button"),p(f,"class","btn btn-xs btn-transparent btn-outline p-l-5 p-r-5"),p(d,"class","flex-fill"),p(h,"type","button"),p(h,"class","btn btn-sm"),p(e,"class","bulkbar svelte-91v05h")},m($,T){w($,e,T),y(e,t),y(t,i),y(t,s),y(s,l),y(t,o),y(t,a),y(e,u),y(e,f),y(e,c),y(e,d),y(e,m),y(e,h),_=!0,k||(S=[Y(f,"click",n[28]),Y(h,"click",n[14])],k=!0)},p($,T){(!_||T[0]&32)&&se(l,$[5]),(!_||T[0]&32)&&r!==(r=$[5]===1?"log":"logs")&&se(a,r)},i($){_||($&&tt(()=>{_&&(g||(g=qe(e,zn,{duration:150,y:5},!0)),g.run(1))}),_=!0)},o($){$&&(g||(g=qe(e,zn,{duration:150,y:5},!1)),g.run(0)),_=!1},d($){$&&v(e),$&&g&&g.end(),k=!1,Ee(S)}}}function nS(n){let e,t,i,s,l;e=new Fu({props:{class:"table-wrapper",$$slots:{default:[tS]},$$scope:{ctx:n}}});let o=n[3].length&&n[9]&&Dc(n),r=n[5]&&Ic(n);return{c(){H(e.$$.fragment),t=C(),o&&o.c(),i=C(),r&&r.c(),s=ke()},m(a,u){q(e,a,u),w(a,t,u),o&&o.m(a,u),w(a,i,u),r&&r.m(a,u),w(a,s,u),l=!0},p(a,u){const f={};u[0]&411|u[1]&512&&(f.$$scope={dirty:u,ctx:a}),e.$set(f),a[3].length&&a[9]?o?o.p(a,u):(o=Dc(a),o.c(),o.m(i.parentNode,i)):o&&(o.d(1),o=null),a[5]?r?(r.p(a,u),u[0]&32&&M(r,1)):(r=Ic(a),r.c(),M(r,1),r.m(s.parentNode,s)):r&&(oe(),D(r,1,1,()=>{r=null}),re())},i(a){l||(M(e.$$.fragment,a),M(r),l=!0)},o(a){D(e.$$.fragment,a),D(r),l=!1},d(a){a&&(v(t),v(i),v(s)),j(e,a),o&&o.d(a),r&&r.d(a)}}}const Lc=50,sa=/[-:\. ]/gi;function iS(n){let e=[];if(!n.data)return e;if(n.data.type=="request"){const t=["status","execTime","auth","authId","userIP"];for(let i of t)typeof n.data[i]<"u"&&e.push({key:i});n.data.referer&&!n.data.referer.includes(window.location.host)&&e.push({key:"referer"})}else{const t=Object.keys(n.data);for(const i of t)i!="error"&&i!="details"&&e.length<6&&e.push({key:i})}return n.data.error&&e.push({key:"error",label:"label-danger"}),n.data.details&&e.push({key:"details",label:"label-warning"}),e}function lS(n,e,t){let i,s,l;const o=wt();let{filter:r=""}=e,{presets:a=""}=e,{zoom:u={}}=e,{sort:f="-@rowid"}=e,c=[],d=1,m=0,h=!1,g=0,_={};async function k(G=1,de=!0){t(7,h=!0);const pe=[a,U.normalizeLogsFilter(r)];return u.min&&u.max&&pe.push(`created >= "${u.min}" && created <= "${u.max}"`),_e.logs.getList(G,Lc,{sort:f,skipTotal:1,filter:pe.filter(Boolean).map(ae=>"("+ae+")").join("&&")}).then(async ae=>{var Ye;G<=1&&S();const Ce=U.toArray(ae.items);if(t(7,h=!1),t(6,d=ae.page),t(17,m=((Ye=ae.items)==null?void 0:Ye.length)||0),o("load",c.concat(Ce)),de){const Ke=++g;for(;Ce.length&&g==Ke;){const ct=Ce.splice(0,10);for(let et of ct)U.pushOrReplaceByKey(c,et);t(3,c),await U.yieldToMain()}}else{for(let Ke of Ce)U.pushOrReplaceByKey(c,Ke);t(3,c)}}).catch(ae=>{ae!=null&&ae.isAbort||(t(7,h=!1),console.warn(ae),S(),_e.error(ae,!pe||(ae==null?void 0:ae.status)!=400))})}function S(){t(3,c=[]),t(4,_={}),t(6,d=1),t(17,m=0)}function $(){l?T():O()}function T(){t(4,_={})}function O(){for(const G of c)t(4,_[G.id]=G,_);t(4,_)}function E(G){_[G.id]?delete _[G.id]:t(4,_[G.id]=G,_),t(4,_)}function L(){const G=Object.values(_).sort((ae,Ce)=>ae.createdCe.created?-1:0);if(!G.length)return;if(G.length==1)return U.downloadJson(G[0],"log_"+G[0].created.replaceAll(sa,"")+".json");const de=G[0].created.replaceAll(sa,""),pe=G[G.length-1].created.replaceAll(sa,"");return U.downloadJson(G,`${G.length}_logs_${pe}_to_${de}.json`)}function I(G){Le.call(this,n,G)}const A=()=>$();function P(G){f=G,t(1,f)}function N(G){f=G,t(1,f)}function R(G){f=G,t(1,f)}const z=G=>E(G),F=G=>o("select",G),B=(G,de)=>{de.code==="Enter"&&(de.preventDefault(),o("select",G))},J=()=>t(0,r=""),V=()=>k(d+1),Z=()=>T();return n.$$set=G=>{"filter"in G&&t(0,r=G.filter),"presets"in G&&t(15,a=G.presets),"zoom"in G&&t(16,u=G.zoom),"sort"in G&&t(1,f=G.sort)},n.$$.update=()=>{n.$$.dirty[0]&98307&&(typeof f<"u"||typeof r<"u"||typeof a<"u"||typeof u<"u")&&(S(),k(1)),n.$$.dirty[0]&131072&&t(9,i=m>=Lc),n.$$.dirty[0]&16&&t(5,s=Object.keys(_).length),n.$$.dirty[0]&40&&t(8,l=c.length&&s===c.length)},[r,f,k,c,_,s,d,h,l,i,o,$,T,E,L,a,u,m,I,A,P,N,R,z,F,B,J,V,Z]}class sS extends we{constructor(e){super(),ve(this,e,lS,nS,be,{filter:0,presets:15,zoom:16,sort:1,load:2},null,[-1,-1])}get load(){return this.$$.ctx[2]}}/*! + * @kurkle/color v0.3.4 + * https://github.com/kurkle/color#readme + * (c) 2024 Jukka Kurkela + * Released under the MIT License + */function po(n){return n+.5|0}const Qi=(n,e,t)=>Math.max(Math.min(n,t),e);function Ms(n){return Qi(po(n*2.55),0,255)}function il(n){return Qi(po(n*255),0,255)}function Fi(n){return Qi(po(n/2.55)/100,0,1)}function Ac(n){return Qi(po(n*100),0,100)}const Qn={0:0,1:1,2:2,3:3,4:4,5:5,6:6,7:7,8:8,9:9,A:10,B:11,C:12,D:13,E:14,F:15,a:10,b:11,c:12,d:13,e:14,f:15},Ga=[..."0123456789ABCDEF"],oS=n=>Ga[n&15],rS=n=>Ga[(n&240)>>4]+Ga[n&15],Eo=n=>(n&240)>>4===(n&15),aS=n=>Eo(n.r)&&Eo(n.g)&&Eo(n.b)&&Eo(n.a);function uS(n){var e=n.length,t;return n[0]==="#"&&(e===4||e===5?t={r:255&Qn[n[1]]*17,g:255&Qn[n[2]]*17,b:255&Qn[n[3]]*17,a:e===5?Qn[n[4]]*17:255}:(e===7||e===9)&&(t={r:Qn[n[1]]<<4|Qn[n[2]],g:Qn[n[3]]<<4|Qn[n[4]],b:Qn[n[5]]<<4|Qn[n[6]],a:e===9?Qn[n[7]]<<4|Qn[n[8]]:255})),t}const fS=(n,e)=>n<255?e(n):"";function cS(n){var e=aS(n)?oS:rS;return n?"#"+e(n.r)+e(n.g)+e(n.b)+fS(n.a,e):void 0}const dS=/^(hsla?|hwb|hsv)\(\s*([-+.e\d]+)(?:deg)?[\s,]+([-+.e\d]+)%[\s,]+([-+.e\d]+)%(?:[\s,]+([-+.e\d]+)(%)?)?\s*\)$/;function Dk(n,e,t){const i=e*Math.min(t,1-t),s=(l,o=(l+n/30)%12)=>t-i*Math.max(Math.min(o-3,9-o,1),-1);return[s(0),s(8),s(4)]}function pS(n,e,t){const i=(s,l=(s+n/60)%6)=>t-t*e*Math.max(Math.min(l,4-l,1),0);return[i(5),i(3),i(1)]}function mS(n,e,t){const i=Dk(n,1,.5);let s;for(e+t>1&&(s=1/(e+t),e*=s,t*=s),s=0;s<3;s++)i[s]*=1-e-t,i[s]+=e;return i}function hS(n,e,t,i,s){return n===s?(e-t)/i+(e.5?f/(2-l-o):f/(l+o),a=hS(t,i,s,f,l),a=a*60+.5),[a|0,u||0,r]}function ju(n,e,t,i){return(Array.isArray(e)?n(e[0],e[1],e[2]):n(e,t,i)).map(il)}function Hu(n,e,t){return ju(Dk,n,e,t)}function _S(n,e,t){return ju(mS,n,e,t)}function gS(n,e,t){return ju(pS,n,e,t)}function Ik(n){return(n%360+360)%360}function bS(n){const e=dS.exec(n);let t=255,i;if(!e)return;e[5]!==i&&(t=e[6]?Ms(+e[5]):il(+e[5]));const s=Ik(+e[2]),l=+e[3]/100,o=+e[4]/100;return e[1]==="hwb"?i=_S(s,l,o):e[1]==="hsv"?i=gS(s,l,o):i=Hu(s,l,o),{r:i[0],g:i[1],b:i[2],a:t}}function kS(n,e){var t=qu(n);t[0]=Ik(t[0]+e),t=Hu(t),n.r=t[0],n.g=t[1],n.b=t[2]}function yS(n){if(!n)return;const e=qu(n),t=e[0],i=Ac(e[1]),s=Ac(e[2]);return n.a<255?`hsla(${t}, ${i}%, ${s}%, ${Fi(n.a)})`:`hsl(${t}, ${i}%, ${s}%)`}const Pc={x:"dark",Z:"light",Y:"re",X:"blu",W:"gr",V:"medium",U:"slate",A:"ee",T:"ol",S:"or",B:"ra",C:"lateg",D:"ights",R:"in",Q:"turquois",E:"hi",P:"ro",O:"al",N:"le",M:"de",L:"yello",F:"en",K:"ch",G:"arks",H:"ea",I:"ightg",J:"wh"},Nc={OiceXe:"f0f8ff",antiquewEte:"faebd7",aqua:"ffff",aquamarRe:"7fffd4",azuY:"f0ffff",beige:"f5f5dc",bisque:"ffe4c4",black:"0",blanKedOmond:"ffebcd",Xe:"ff",XeviTet:"8a2be2",bPwn:"a52a2a",burlywood:"deb887",caMtXe:"5f9ea0",KartYuse:"7fff00",KocTate:"d2691e",cSO:"ff7f50",cSnflowerXe:"6495ed",cSnsilk:"fff8dc",crimson:"dc143c",cyan:"ffff",xXe:"8b",xcyan:"8b8b",xgTMnPd:"b8860b",xWay:"a9a9a9",xgYF:"6400",xgYy:"a9a9a9",xkhaki:"bdb76b",xmagFta:"8b008b",xTivegYF:"556b2f",xSange:"ff8c00",xScEd:"9932cc",xYd:"8b0000",xsOmon:"e9967a",xsHgYF:"8fbc8f",xUXe:"483d8b",xUWay:"2f4f4f",xUgYy:"2f4f4f",xQe:"ced1",xviTet:"9400d3",dAppRk:"ff1493",dApskyXe:"bfff",dimWay:"696969",dimgYy:"696969",dodgerXe:"1e90ff",fiYbrick:"b22222",flSOwEte:"fffaf0",foYstWAn:"228b22",fuKsia:"ff00ff",gaRsbSo:"dcdcdc",ghostwEte:"f8f8ff",gTd:"ffd700",gTMnPd:"daa520",Way:"808080",gYF:"8000",gYFLw:"adff2f",gYy:"808080",honeyMw:"f0fff0",hotpRk:"ff69b4",RdianYd:"cd5c5c",Rdigo:"4b0082",ivSy:"fffff0",khaki:"f0e68c",lavFMr:"e6e6fa",lavFMrXsh:"fff0f5",lawngYF:"7cfc00",NmoncEffon:"fffacd",ZXe:"add8e6",ZcSO:"f08080",Zcyan:"e0ffff",ZgTMnPdLw:"fafad2",ZWay:"d3d3d3",ZgYF:"90ee90",ZgYy:"d3d3d3",ZpRk:"ffb6c1",ZsOmon:"ffa07a",ZsHgYF:"20b2aa",ZskyXe:"87cefa",ZUWay:"778899",ZUgYy:"778899",ZstAlXe:"b0c4de",ZLw:"ffffe0",lime:"ff00",limegYF:"32cd32",lRF:"faf0e6",magFta:"ff00ff",maPon:"800000",VaquamarRe:"66cdaa",VXe:"cd",VScEd:"ba55d3",VpurpN:"9370db",VsHgYF:"3cb371",VUXe:"7b68ee",VsprRggYF:"fa9a",VQe:"48d1cc",VviTetYd:"c71585",midnightXe:"191970",mRtcYam:"f5fffa",mistyPse:"ffe4e1",moccasR:"ffe4b5",navajowEte:"ffdead",navy:"80",Tdlace:"fdf5e6",Tive:"808000",TivedBb:"6b8e23",Sange:"ffa500",SangeYd:"ff4500",ScEd:"da70d6",pOegTMnPd:"eee8aa",pOegYF:"98fb98",pOeQe:"afeeee",pOeviTetYd:"db7093",papayawEp:"ffefd5",pHKpuff:"ffdab9",peru:"cd853f",pRk:"ffc0cb",plum:"dda0dd",powMrXe:"b0e0e6",purpN:"800080",YbeccapurpN:"663399",Yd:"ff0000",Psybrown:"bc8f8f",PyOXe:"4169e1",saddNbPwn:"8b4513",sOmon:"fa8072",sandybPwn:"f4a460",sHgYF:"2e8b57",sHshell:"fff5ee",siFna:"a0522d",silver:"c0c0c0",skyXe:"87ceeb",UXe:"6a5acd",UWay:"708090",UgYy:"708090",snow:"fffafa",sprRggYF:"ff7f",stAlXe:"4682b4",tan:"d2b48c",teO:"8080",tEstN:"d8bfd8",tomato:"ff6347",Qe:"40e0d0",viTet:"ee82ee",JHt:"f5deb3",wEte:"ffffff",wEtesmoke:"f5f5f5",Lw:"ffff00",LwgYF:"9acd32"};function vS(){const n={},e=Object.keys(Nc),t=Object.keys(Pc);let i,s,l,o,r;for(i=0;i>16&255,l>>8&255,l&255]}return n}let Do;function wS(n){Do||(Do=vS(),Do.transparent=[0,0,0,0]);const e=Do[n.toLowerCase()];return e&&{r:e[0],g:e[1],b:e[2],a:e.length===4?e[3]:255}}const SS=/^rgba?\(\s*([-+.\d]+)(%)?[\s,]+([-+.e\d]+)(%)?[\s,]+([-+.e\d]+)(%)?(?:[\s,/]+([-+.e\d]+)(%)?)?\s*\)$/;function TS(n){const e=SS.exec(n);let t=255,i,s,l;if(e){if(e[7]!==i){const o=+e[7];t=e[8]?Ms(o):Qi(o*255,0,255)}return i=+e[1],s=+e[3],l=+e[5],i=255&(e[2]?Ms(i):Qi(i,0,255)),s=255&(e[4]?Ms(s):Qi(s,0,255)),l=255&(e[6]?Ms(l):Qi(l,0,255)),{r:i,g:s,b:l,a:t}}}function $S(n){return n&&(n.a<255?`rgba(${n.r}, ${n.g}, ${n.b}, ${Fi(n.a)})`:`rgb(${n.r}, ${n.g}, ${n.b})`)}const oa=n=>n<=.0031308?n*12.92:Math.pow(n,1/2.4)*1.055-.055,Yl=n=>n<=.04045?n/12.92:Math.pow((n+.055)/1.055,2.4);function CS(n,e,t){const i=Yl(Fi(n.r)),s=Yl(Fi(n.g)),l=Yl(Fi(n.b));return{r:il(oa(i+t*(Yl(Fi(e.r))-i))),g:il(oa(s+t*(Yl(Fi(e.g))-s))),b:il(oa(l+t*(Yl(Fi(e.b))-l))),a:n.a+t*(e.a-n.a)}}function Io(n,e,t){if(n){let i=qu(n);i[e]=Math.max(0,Math.min(i[e]+i[e]*t,e===0?360:1)),i=Hu(i),n.r=i[0],n.g=i[1],n.b=i[2]}}function Lk(n,e){return n&&Object.assign(e||{},n)}function Rc(n){var e={r:0,g:0,b:0,a:255};return Array.isArray(n)?n.length>=3&&(e={r:n[0],g:n[1],b:n[2],a:255},n.length>3&&(e.a=il(n[3]))):(e=Lk(n,{r:0,g:0,b:0,a:1}),e.a=il(e.a)),e}function OS(n){return n.charAt(0)==="r"?TS(n):bS(n)}class Zs{constructor(e){if(e instanceof Zs)return e;const t=typeof e;let i;t==="object"?i=Rc(e):t==="string"&&(i=uS(e)||wS(e)||OS(e)),this._rgb=i,this._valid=!!i}get valid(){return this._valid}get rgb(){var e=Lk(this._rgb);return e&&(e.a=Fi(e.a)),e}set rgb(e){this._rgb=Rc(e)}rgbString(){return this._valid?$S(this._rgb):void 0}hexString(){return this._valid?cS(this._rgb):void 0}hslString(){return this._valid?yS(this._rgb):void 0}mix(e,t){if(e){const i=this.rgb,s=e.rgb;let l;const o=t===l?.5:t,r=2*o-1,a=i.a-s.a,u=((r*a===-1?r:(r+a)/(1+r*a))+1)/2;l=1-u,i.r=255&u*i.r+l*s.r+.5,i.g=255&u*i.g+l*s.g+.5,i.b=255&u*i.b+l*s.b+.5,i.a=o*i.a+(1-o)*s.a,this.rgb=i}return this}interpolate(e,t){return e&&(this._rgb=CS(this._rgb,e._rgb,t)),this}clone(){return new Zs(this.rgb)}alpha(e){return this._rgb.a=il(e),this}clearer(e){const t=this._rgb;return t.a*=1-e,this}greyscale(){const e=this._rgb,t=po(e.r*.3+e.g*.59+e.b*.11);return e.r=e.g=e.b=t,this}opaquer(e){const t=this._rgb;return t.a*=1+e,this}negate(){const e=this._rgb;return e.r=255-e.r,e.g=255-e.g,e.b=255-e.b,this}lighten(e){return Io(this._rgb,2,e),this}darken(e){return Io(this._rgb,2,-e),this}saturate(e){return Io(this._rgb,1,e),this}desaturate(e){return Io(this._rgb,1,-e),this}rotate(e){return kS(this._rgb,e),this}}/*! + * Chart.js v4.4.9 + * https://www.chartjs.org + * (c) 2025 Chart.js Contributors + * Released under the MIT License + */function Pi(){}const MS=(()=>{let n=0;return()=>n++})();function Vt(n){return n==null}function cn(n){if(Array.isArray&&Array.isArray(n))return!0;const e=Object.prototype.toString.call(n);return e.slice(0,7)==="[object"&&e.slice(-6)==="Array]"}function St(n){return n!==null&&Object.prototype.toString.call(n)==="[object Object]"}function Tn(n){return(typeof n=="number"||n instanceof Number)&&isFinite(+n)}function gi(n,e){return Tn(n)?n:e}function Et(n,e){return typeof n>"u"?e:n}const ES=(n,e)=>typeof n=="string"&&n.endsWith("%")?parseFloat(n)/100*e:+n;function ft(n,e,t){if(n&&typeof n.call=="function")return n.apply(t,e)}function gt(n,e,t,i){let s,l,o;if(cn(n))for(l=n.length,s=0;sn,x:n=>n.x,y:n=>n.y};function LS(n){const e=n.split("."),t=[];let i="";for(const s of e)i+=s,i.endsWith("\\")?i=i.slice(0,-1)+".":(t.push(i),i="");return t}function AS(n){const e=LS(n);return t=>{for(const i of e){if(i==="")break;t=t&&t[i]}return t}}function hr(n,e){return(Fc[e]||(Fc[e]=AS(e)))(n)}function zu(n){return n.charAt(0).toUpperCase()+n.slice(1)}const _r=n=>typeof n<"u",sl=n=>typeof n=="function",qc=(n,e)=>{if(n.size!==e.size)return!1;for(const t of n)if(!e.has(t))return!1;return!0};function PS(n){return n.type==="mouseup"||n.type==="click"||n.type==="contextmenu"}const wn=Math.PI,Ci=2*wn,NS=Ci+wn,gr=Number.POSITIVE_INFINITY,RS=wn/180,di=wn/2,bl=wn/4,jc=wn*2/3,Pk=Math.log10,ol=Math.sign;function Ol(n,e,t){return Math.abs(n-e)s-l).pop(),e}function qS(n){return typeof n=="symbol"||typeof n=="object"&&n!==null&&!(Symbol.toPrimitive in n||"toString"in n||"valueOf"in n)}function Xs(n){return!qS(n)&&!isNaN(parseFloat(n))&&isFinite(n)}function jS(n,e){const t=Math.round(n);return t-e<=n&&t+e>=n}function HS(n,e,t){let i,s,l;for(i=0,s=n.length;ia&&u=Math.min(e,t)-i&&n<=Math.max(e,t)+i}function Uu(n,e,t){t=t||(o=>n[o]1;)l=s+i>>1,t(l)?s=l:i=l;return{lo:s,hi:i}}const $l=(n,e,t,i)=>Uu(n,t,i?s=>{const l=n[s][e];return ln[s][e]Uu(n,t,i=>n[i][e]>=t);function YS(n,e,t){let i=0,s=n.length;for(;ii&&n[s-1]>t;)s--;return i>0||s{const i="_onData"+zu(t),s=n[t];Object.defineProperty(n,t,{configurable:!0,enumerable:!1,value(...l){const o=s.apply(this,l);return n._chartjs.listeners.forEach(r=>{typeof r[i]=="function"&&r[i](...l)}),o}})})}function Uc(n,e){const t=n._chartjs;if(!t)return;const i=t.listeners,s=i.indexOf(e);s!==-1&&i.splice(s,1),!(i.length>0)&&(Fk.forEach(l=>{delete n[l]}),delete n._chartjs)}function JS(n){const e=new Set(n);return e.size===n.length?n:Array.from(e)}const qk=function(){return typeof window>"u"?function(n){return n()}:window.requestAnimationFrame}();function jk(n,e){let t=[],i=!1;return function(...s){t=s,i||(i=!0,qk.call(window,()=>{i=!1,n.apply(e,t)}))}}function ZS(n,e){let t;return function(...i){return e?(clearTimeout(t),t=setTimeout(n,e,i)):n.apply(this,i),e}}const GS=n=>n==="start"?"left":n==="end"?"right":"center",Vc=(n,e,t)=>n==="start"?e:n==="end"?t:(e+t)/2;function XS(n,e,t){const i=e.length;let s=0,l=i;if(n._sorted){const{iScale:o,vScale:r,_parsed:a}=n,u=n.dataset&&n.dataset.options?n.dataset.options.spanGaps:null,f=o.axis,{min:c,max:d,minDefined:m,maxDefined:h}=o.getUserBounds();if(m){if(s=Math.min($l(a,f,c).lo,t?i:$l(e,f,o.getPixelForValue(c)).lo),u){const g=a.slice(0,s+1).reverse().findIndex(_=>!Vt(_[r.axis]));s-=Math.max(0,g)}s=pi(s,0,i-1)}if(h){let g=Math.max($l(a,o.axis,d,!0).hi+1,t?0:$l(e,f,o.getPixelForValue(d),!0).hi+1);if(u){const _=a.slice(g-1).findIndex(k=>!Vt(k[r.axis]));g+=Math.max(0,_)}l=pi(g,s,i)-s}else l=i-s}return{start:s,count:l}}function QS(n){const{xScale:e,yScale:t,_scaleRanges:i}=n,s={xmin:e.min,xmax:e.max,ymin:t.min,ymax:t.max};if(!i)return n._scaleRanges=s,!0;const l=i.xmin!==e.min||i.xmax!==e.max||i.ymin!==t.min||i.ymax!==t.max;return Object.assign(i,s),l}const Lo=n=>n===0||n===1,Bc=(n,e,t)=>-(Math.pow(2,10*(n-=1))*Math.sin((n-e)*Ci/t)),Wc=(n,e,t)=>Math.pow(2,-10*n)*Math.sin((n-e)*Ci/t)+1,Ns={linear:n=>n,easeInQuad:n=>n*n,easeOutQuad:n=>-n*(n-2),easeInOutQuad:n=>(n/=.5)<1?.5*n*n:-.5*(--n*(n-2)-1),easeInCubic:n=>n*n*n,easeOutCubic:n=>(n-=1)*n*n+1,easeInOutCubic:n=>(n/=.5)<1?.5*n*n*n:.5*((n-=2)*n*n+2),easeInQuart:n=>n*n*n*n,easeOutQuart:n=>-((n-=1)*n*n*n-1),easeInOutQuart:n=>(n/=.5)<1?.5*n*n*n*n:-.5*((n-=2)*n*n*n-2),easeInQuint:n=>n*n*n*n*n,easeOutQuint:n=>(n-=1)*n*n*n*n+1,easeInOutQuint:n=>(n/=.5)<1?.5*n*n*n*n*n:.5*((n-=2)*n*n*n*n+2),easeInSine:n=>-Math.cos(n*di)+1,easeOutSine:n=>Math.sin(n*di),easeInOutSine:n=>-.5*(Math.cos(wn*n)-1),easeInExpo:n=>n===0?0:Math.pow(2,10*(n-1)),easeOutExpo:n=>n===1?1:-Math.pow(2,-10*n)+1,easeInOutExpo:n=>Lo(n)?n:n<.5?.5*Math.pow(2,10*(n*2-1)):.5*(-Math.pow(2,-10*(n*2-1))+2),easeInCirc:n=>n>=1?n:-(Math.sqrt(1-n*n)-1),easeOutCirc:n=>Math.sqrt(1-(n-=1)*n),easeInOutCirc:n=>(n/=.5)<1?-.5*(Math.sqrt(1-n*n)-1):.5*(Math.sqrt(1-(n-=2)*n)+1),easeInElastic:n=>Lo(n)?n:Bc(n,.075,.3),easeOutElastic:n=>Lo(n)?n:Wc(n,.075,.3),easeInOutElastic(n){return Lo(n)?n:n<.5?.5*Bc(n*2,.1125,.45):.5+.5*Wc(n*2-1,.1125,.45)},easeInBack(n){return n*n*((1.70158+1)*n-1.70158)},easeOutBack(n){return(n-=1)*n*((1.70158+1)*n+1.70158)+1},easeInOutBack(n){let e=1.70158;return(n/=.5)<1?.5*(n*n*(((e*=1.525)+1)*n-e)):.5*((n-=2)*n*(((e*=1.525)+1)*n+e)+2)},easeInBounce:n=>1-Ns.easeOutBounce(1-n),easeOutBounce(n){return n<1/2.75?7.5625*n*n:n<2/2.75?7.5625*(n-=1.5/2.75)*n+.75:n<2.5/2.75?7.5625*(n-=2.25/2.75)*n+.9375:7.5625*(n-=2.625/2.75)*n+.984375},easeInOutBounce:n=>n<.5?Ns.easeInBounce(n*2)*.5:Ns.easeOutBounce(n*2-1)*.5+.5};function Vu(n){if(n&&typeof n=="object"){const e=n.toString();return e==="[object CanvasPattern]"||e==="[object CanvasGradient]"}return!1}function Yc(n){return Vu(n)?n:new Zs(n)}function ra(n){return Vu(n)?n:new Zs(n).saturate(.5).darken(.1).hexString()}const xS=["x","y","borderWidth","radius","tension"],e4=["color","borderColor","backgroundColor"];function t4(n){n.set("animation",{delay:void 0,duration:1e3,easing:"easeOutQuart",fn:void 0,from:void 0,loop:void 0,to:void 0,type:void 0}),n.describe("animation",{_fallback:!1,_indexable:!1,_scriptable:e=>e!=="onProgress"&&e!=="onComplete"&&e!=="fn"}),n.set("animations",{colors:{type:"color",properties:e4},numbers:{type:"number",properties:xS}}),n.describe("animations",{_fallback:"animation"}),n.set("transitions",{active:{animation:{duration:400}},resize:{animation:{duration:0}},show:{animations:{colors:{from:"transparent"},visible:{type:"boolean",duration:0}}},hide:{animations:{colors:{to:"transparent"},visible:{type:"boolean",easing:"linear",fn:e=>e|0}}}})}function n4(n){n.set("layout",{autoPadding:!0,padding:{top:0,right:0,bottom:0,left:0}})}const Kc=new Map;function i4(n,e){e=e||{};const t=n+JSON.stringify(e);let i=Kc.get(t);return i||(i=new Intl.NumberFormat(n,e),Kc.set(t,i)),i}function Hk(n,e,t){return i4(e,t).format(n)}const l4={values(n){return cn(n)?n:""+n},numeric(n,e,t){if(n===0)return"0";const i=this.chart.options.locale;let s,l=n;if(t.length>1){const u=Math.max(Math.abs(t[0].value),Math.abs(t[t.length-1].value));(u<1e-4||u>1e15)&&(s="scientific"),l=s4(n,t)}const o=Pk(Math.abs(l)),r=isNaN(o)?1:Math.max(Math.min(-1*Math.floor(o),20),0),a={notation:s,minimumFractionDigits:r,maximumFractionDigits:r};return Object.assign(a,this.options.ticks.format),Hk(n,i,a)}};function s4(n,e){let t=e.length>3?e[2].value-e[1].value:e[1].value-e[0].value;return Math.abs(t)>=1&&n!==Math.floor(n)&&(t=n-Math.floor(n)),t}var zk={formatters:l4};function o4(n){n.set("scale",{display:!0,offset:!1,reverse:!1,beginAtZero:!1,bounds:"ticks",clip:!0,grace:0,grid:{display:!0,lineWidth:1,drawOnChartArea:!0,drawTicks:!0,tickLength:8,tickWidth:(e,t)=>t.lineWidth,tickColor:(e,t)=>t.color,offset:!1},border:{display:!0,dash:[],dashOffset:0,width:1},title:{display:!1,text:"",padding:{top:4,bottom:4}},ticks:{minRotation:0,maxRotation:50,mirror:!1,textStrokeWidth:0,textStrokeColor:"",padding:3,display:!0,autoSkip:!0,autoSkipPadding:3,labelOffset:0,callback:zk.formatters.values,minor:{},major:{},align:"center",crossAlign:"near",showLabelBackdrop:!1,backdropColor:"rgba(255, 255, 255, 0.75)",backdropPadding:2}}),n.route("scale.ticks","color","","color"),n.route("scale.grid","color","","borderColor"),n.route("scale.border","color","","borderColor"),n.route("scale.title","color","","color"),n.describe("scale",{_fallback:!1,_scriptable:e=>!e.startsWith("before")&&!e.startsWith("after")&&e!=="callback"&&e!=="parser",_indexable:e=>e!=="borderDash"&&e!=="tickBorderDash"&&e!=="dash"}),n.describe("scales",{_fallback:"scale"}),n.describe("scale.ticks",{_scriptable:e=>e!=="backdropPadding"&&e!=="callback",_indexable:e=>e!=="backdropPadding"})}const Il=Object.create(null),Qa=Object.create(null);function Rs(n,e){if(!e)return n;const t=e.split(".");for(let i=0,s=t.length;ii.chart.platform.getDevicePixelRatio(),this.elements={},this.events=["mousemove","mouseout","click","touchstart","touchmove"],this.font={family:"'Helvetica Neue', 'Helvetica', 'Arial', sans-serif",size:12,style:"normal",lineHeight:1.2,weight:null},this.hover={},this.hoverBackgroundColor=(i,s)=>ra(s.backgroundColor),this.hoverBorderColor=(i,s)=>ra(s.borderColor),this.hoverColor=(i,s)=>ra(s.color),this.indexAxis="x",this.interaction={mode:"nearest",intersect:!0,includeInvisible:!1},this.maintainAspectRatio=!0,this.onHover=null,this.onClick=null,this.parsing=!0,this.plugins={},this.responsive=!0,this.scale=void 0,this.scales={},this.showLine=!0,this.drawActiveElementsOnTop=!0,this.describe(e),this.apply(t)}set(e,t){return aa(this,e,t)}get(e){return Rs(this,e)}describe(e,t){return aa(Qa,e,t)}override(e,t){return aa(Il,e,t)}route(e,t,i,s){const l=Rs(this,e),o=Rs(this,i),r="_"+t;Object.defineProperties(l,{[r]:{value:l[t],writable:!0},[t]:{enumerable:!0,get(){const a=this[r],u=o[s];return St(a)?Object.assign({},u,a):Et(a,u)},set(a){this[r]=a}}})}apply(e){e.forEach(t=>t(this))}}var on=new r4({_scriptable:n=>!n.startsWith("on"),_indexable:n=>n!=="events",hover:{_fallback:"interaction"},interaction:{_scriptable:!1,_indexable:!1}},[t4,n4,o4]);function a4(n){return!n||Vt(n.size)||Vt(n.family)?null:(n.style?n.style+" ":"")+(n.weight?n.weight+" ":"")+n.size+"px "+n.family}function Jc(n,e,t,i,s){let l=e[s];return l||(l=e[s]=n.measureText(s).width,t.push(s)),l>i&&(i=l),i}function kl(n,e,t){const i=n.currentDevicePixelRatio,s=t!==0?Math.max(t/2,.5):0;return Math.round((e-s)*i)/i+s}function Zc(n,e){!e&&!n||(e=e||n.getContext("2d"),e.save(),e.resetTransform(),e.clearRect(0,0,n.width,n.height),e.restore())}function xa(n,e,t,i){u4(n,e,t,i)}function u4(n,e,t,i,s){let l,o,r,a,u,f,c,d;const m=e.pointStyle,h=e.rotation,g=e.radius;let _=(h||0)*RS;if(m&&typeof m=="object"&&(l=m.toString(),l==="[object HTMLImageElement]"||l==="[object HTMLCanvasElement]")){n.save(),n.translate(t,i),n.rotate(_),n.drawImage(m,-m.width/2,-m.height/2,m.width,m.height),n.restore();return}if(!(isNaN(g)||g<=0)){switch(n.beginPath(),m){default:n.arc(t,i,g,0,Ci),n.closePath();break;case"triangle":f=g,n.moveTo(t+Math.sin(_)*f,i-Math.cos(_)*g),_+=jc,n.lineTo(t+Math.sin(_)*f,i-Math.cos(_)*g),_+=jc,n.lineTo(t+Math.sin(_)*f,i-Math.cos(_)*g),n.closePath();break;case"rectRounded":u=g*.516,a=g-u,o=Math.cos(_+bl)*a,c=Math.cos(_+bl)*a,r=Math.sin(_+bl)*a,d=Math.sin(_+bl)*a,n.arc(t-c,i-r,u,_-wn,_-di),n.arc(t+d,i-o,u,_-di,_),n.arc(t+c,i+r,u,_,_+di),n.arc(t-d,i+o,u,_+di,_+wn),n.closePath();break;case"rect":if(!h){a=Math.SQRT1_2*g,f=a,n.rect(t-f,i-a,2*f,2*a);break}_+=bl;case"rectRot":c=Math.cos(_)*g,o=Math.cos(_)*g,r=Math.sin(_)*g,d=Math.sin(_)*g,n.moveTo(t-c,i-r),n.lineTo(t+d,i-o),n.lineTo(t+c,i+r),n.lineTo(t-d,i+o),n.closePath();break;case"crossRot":_+=bl;case"cross":c=Math.cos(_)*g,o=Math.cos(_)*g,r=Math.sin(_)*g,d=Math.sin(_)*g,n.moveTo(t-c,i-r),n.lineTo(t+c,i+r),n.moveTo(t+d,i-o),n.lineTo(t-d,i+o);break;case"star":c=Math.cos(_)*g,o=Math.cos(_)*g,r=Math.sin(_)*g,d=Math.sin(_)*g,n.moveTo(t-c,i-r),n.lineTo(t+c,i+r),n.moveTo(t+d,i-o),n.lineTo(t-d,i+o),_+=bl,c=Math.cos(_)*g,o=Math.cos(_)*g,r=Math.sin(_)*g,d=Math.sin(_)*g,n.moveTo(t-c,i-r),n.lineTo(t+c,i+r),n.moveTo(t+d,i-o),n.lineTo(t-d,i+o);break;case"line":o=Math.cos(_)*g,r=Math.sin(_)*g,n.moveTo(t-o,i-r),n.lineTo(t+o,i+r);break;case"dash":n.moveTo(t,i),n.lineTo(t+Math.cos(_)*g,i+Math.sin(_)*g);break;case!1:n.closePath();break}n.fill(),e.borderWidth>0&&n.stroke()}}function ls(n,e,t){return t=t||.5,!e||n&&n.x>e.left-t&&n.xe.top-t&&n.y0&&l.strokeColor!=="";let a,u;for(n.save(),n.font=s.string,d4(n,l),a=0;a+n||0;function Uk(n,e){const t={},i=St(e),s=i?Object.keys(e):e,l=St(n)?i?o=>Et(n[o],n[e[o]]):o=>n[o]:()=>n;for(const o of s)t[o]=b4(l(o));return t}function k4(n){return Uk(n,{top:"y",right:"x",bottom:"y",left:"x"})}function xo(n){return Uk(n,["topLeft","topRight","bottomLeft","bottomRight"])}function rl(n){const e=k4(n);return e.width=e.left+e.right,e.height=e.top+e.bottom,e}function $i(n,e){n=n||{},e=e||on.font;let t=Et(n.size,e.size);typeof t=="string"&&(t=parseInt(t,10));let i=Et(n.style,e.style);i&&!(""+i).match(_4)&&(console.warn('Invalid font style specified: "'+i+'"'),i=void 0);const s={family:Et(n.family,e.family),lineHeight:g4(Et(n.lineHeight,e.lineHeight),t),size:t,style:i,weight:Et(n.weight,e.weight),string:""};return s.string=a4(s),s}function Ao(n,e,t,i){let s,l,o;for(s=0,l=n.length;st&&r===0?0:r+a;return{min:o(i,-Math.abs(l)),max:o(s,l)}}function Pl(n,e){return Object.assign(Object.create(n),e)}function Yu(n,e=[""],t,i,s=()=>n[0]){const l=t||n;typeof i>"u"&&(i=Yk("_fallback",n));const o={[Symbol.toStringTag]:"Object",_cacheable:!0,_scopes:n,_rootScopes:l,_fallback:i,_getTarget:s,override:r=>Yu([r,...n],e,l,i)};return new Proxy(o,{deleteProperty(r,a){return delete r[a],delete r._keys,delete n[0][a],!0},get(r,a){return Bk(r,a,()=>M4(a,e,n,r))},getOwnPropertyDescriptor(r,a){return Reflect.getOwnPropertyDescriptor(r._scopes[0],a)},getPrototypeOf(){return Reflect.getPrototypeOf(n[0])},has(r,a){return xc(r).includes(a)},ownKeys(r){return xc(r)},set(r,a,u){const f=r._storage||(r._storage=s());return r[a]=f[a]=u,delete r._keys,!0}})}function ss(n,e,t,i){const s={_cacheable:!1,_proxy:n,_context:e,_subProxy:t,_stack:new Set,_descriptors:Vk(n,i),setContext:l=>ss(n,l,t,i),override:l=>ss(n.override(l),e,t,i)};return new Proxy(s,{deleteProperty(l,o){return delete l[o],delete n[o],!0},get(l,o,r){return Bk(l,o,()=>w4(l,o,r))},getOwnPropertyDescriptor(l,o){return l._descriptors.allKeys?Reflect.has(n,o)?{enumerable:!0,configurable:!0}:void 0:Reflect.getOwnPropertyDescriptor(n,o)},getPrototypeOf(){return Reflect.getPrototypeOf(n)},has(l,o){return Reflect.has(n,o)},ownKeys(){return Reflect.ownKeys(n)},set(l,o,r){return n[o]=r,delete l[o],!0}})}function Vk(n,e={scriptable:!0,indexable:!0}){const{_scriptable:t=e.scriptable,_indexable:i=e.indexable,_allKeys:s=e.allKeys}=n;return{allKeys:s,scriptable:t,indexable:i,isScriptable:sl(t)?t:()=>t,isIndexable:sl(i)?i:()=>i}}const v4=(n,e)=>n?n+zu(e):e,Ku=(n,e)=>St(e)&&n!=="adapters"&&(Object.getPrototypeOf(e)===null||e.constructor===Object);function Bk(n,e,t){if(Object.prototype.hasOwnProperty.call(n,e)||e==="constructor")return n[e];const i=t();return n[e]=i,i}function w4(n,e,t){const{_proxy:i,_context:s,_subProxy:l,_descriptors:o}=n;let r=i[e];return sl(r)&&o.isScriptable(e)&&(r=S4(e,r,n,t)),cn(r)&&r.length&&(r=T4(e,r,n,o.isIndexable)),Ku(e,r)&&(r=ss(r,s,l&&l[e],o)),r}function S4(n,e,t,i){const{_proxy:s,_context:l,_subProxy:o,_stack:r}=t;if(r.has(n))throw new Error("Recursion detected: "+Array.from(r).join("->")+"->"+n);r.add(n);let a=e(l,o||i);return r.delete(n),Ku(n,a)&&(a=Ju(s._scopes,s,n,a)),a}function T4(n,e,t,i){const{_proxy:s,_context:l,_subProxy:o,_descriptors:r}=t;if(typeof l.index<"u"&&i(n))return e[l.index%e.length];if(St(e[0])){const a=e,u=s._scopes.filter(f=>f!==a);e=[];for(const f of a){const c=Ju(u,s,n,f);e.push(ss(c,l,o&&o[n],r))}}return e}function Wk(n,e,t){return sl(n)?n(e,t):n}const $4=(n,e)=>n===!0?e:typeof n=="string"?hr(e,n):void 0;function C4(n,e,t,i,s){for(const l of e){const o=$4(t,l);if(o){n.add(o);const r=Wk(o._fallback,t,s);if(typeof r<"u"&&r!==t&&r!==i)return r}else if(o===!1&&typeof i<"u"&&t!==i)return null}return!1}function Ju(n,e,t,i){const s=e._rootScopes,l=Wk(e._fallback,t,i),o=[...n,...s],r=new Set;r.add(i);let a=Qc(r,o,t,l||t,i);return a===null||typeof l<"u"&&l!==t&&(a=Qc(r,o,l,a,i),a===null)?!1:Yu(Array.from(r),[""],s,l,()=>O4(e,t,i))}function Qc(n,e,t,i,s){for(;t;)t=C4(n,e,t,i,s);return t}function O4(n,e,t){const i=n._getTarget();e in i||(i[e]={});const s=i[e];return cn(s)&&St(t)?t:s||{}}function M4(n,e,t,i){let s;for(const l of e)if(s=Yk(v4(l,n),t),typeof s<"u")return Ku(n,s)?Ju(t,i,n,s):s}function Yk(n,e){for(const t of e){if(!t)continue;const i=t[n];if(typeof i<"u")return i}}function xc(n){let e=n._keys;return e||(e=n._keys=E4(n._scopes)),e}function E4(n){const e=new Set;for(const t of n)for(const i of Object.keys(t).filter(s=>!s.startsWith("_")))e.add(i);return Array.from(e)}const D4=Number.EPSILON||1e-14,os=(n,e)=>en==="x"?"y":"x";function I4(n,e,t,i){const s=n.skip?e:n,l=e,o=t.skip?e:t,r=Xa(l,s),a=Xa(o,l);let u=r/(r+a),f=a/(r+a);u=isNaN(u)?0:u,f=isNaN(f)?0:f;const c=i*u,d=i*f;return{previous:{x:l.x-c*(o.x-s.x),y:l.y-c*(o.y-s.y)},next:{x:l.x+d*(o.x-s.x),y:l.y+d*(o.y-s.y)}}}function L4(n,e,t){const i=n.length;let s,l,o,r,a,u=os(n,0);for(let f=0;f!u.skip)),e.cubicInterpolationMode==="monotone")P4(n,s);else{let u=i?n[n.length-1]:n[0];for(l=0,o=n.length;ln.ownerDocument.defaultView.getComputedStyle(n,null);function F4(n,e){return Nr(n).getPropertyValue(e)}const q4=["top","right","bottom","left"];function Ml(n,e,t){const i={};t=t?"-"+t:"";for(let s=0;s<4;s++){const l=q4[s];i[l]=parseFloat(n[e+"-"+l+t])||0}return i.width=i.left+i.right,i.height=i.top+i.bottom,i}const j4=(n,e,t)=>(n>0||e>0)&&(!t||!t.shadowRoot);function H4(n,e){const t=n.touches,i=t&&t.length?t[0]:n,{offsetX:s,offsetY:l}=i;let o=!1,r,a;if(j4(s,l,n.target))r=s,a=l;else{const u=e.getBoundingClientRect();r=i.clientX-u.left,a=i.clientY-u.top,o=!0}return{x:r,y:a,box:o}}function vi(n,e){if("native"in n)return n;const{canvas:t,currentDevicePixelRatio:i}=e,s=Nr(t),l=s.boxSizing==="border-box",o=Ml(s,"padding"),r=Ml(s,"border","width"),{x:a,y:u,box:f}=H4(n,t),c=o.left+(f&&r.left),d=o.top+(f&&r.top);let{width:m,height:h}=e;return l&&(m-=o.width+r.width,h-=o.height+r.height),{x:Math.round((a-c)/m*t.width/i),y:Math.round((u-d)/h*t.height/i)}}function z4(n,e,t){let i,s;if(e===void 0||t===void 0){const l=n&&Gu(n);if(!l)e=n.clientWidth,t=n.clientHeight;else{const o=l.getBoundingClientRect(),r=Nr(l),a=Ml(r,"border","width"),u=Ml(r,"padding");e=o.width-u.width-a.width,t=o.height-u.height-a.height,i=br(r.maxWidth,l,"clientWidth"),s=br(r.maxHeight,l,"clientHeight")}}return{width:e,height:t,maxWidth:i||gr,maxHeight:s||gr}}const No=n=>Math.round(n*10)/10;function U4(n,e,t,i){const s=Nr(n),l=Ml(s,"margin"),o=br(s.maxWidth,n,"clientWidth")||gr,r=br(s.maxHeight,n,"clientHeight")||gr,a=z4(n,e,t);let{width:u,height:f}=a;if(s.boxSizing==="content-box"){const d=Ml(s,"border","width"),m=Ml(s,"padding");u-=m.width+d.width,f-=m.height+d.height}return u=Math.max(0,u-l.width),f=Math.max(0,i?u/i:f-l.height),u=No(Math.min(u,o,a.maxWidth)),f=No(Math.min(f,r,a.maxHeight)),u&&!f&&(f=No(u/2)),(e!==void 0||t!==void 0)&&i&&a.height&&f>a.height&&(f=a.height,u=No(Math.floor(f*i))),{width:u,height:f}}function ed(n,e,t){const i=e||1,s=Math.floor(n.height*i),l=Math.floor(n.width*i);n.height=Math.floor(n.height),n.width=Math.floor(n.width);const o=n.canvas;return o.style&&(t||!o.style.height&&!o.style.width)&&(o.style.height=`${n.height}px`,o.style.width=`${n.width}px`),n.currentDevicePixelRatio!==i||o.height!==s||o.width!==l?(n.currentDevicePixelRatio=i,o.height=s,o.width=l,n.ctx.setTransform(i,0,0,i,0,0),!0):!1}const V4=function(){let n=!1;try{const e={get passive(){return n=!0,!1}};Zu()&&(window.addEventListener("test",null,e),window.removeEventListener("test",null,e))}catch{}return n}();function td(n,e){const t=F4(n,e),i=t&&t.match(/^(\d+)(\.\d+)?px$/);return i?+i[1]:void 0}function vl(n,e,t,i){return{x:n.x+t*(e.x-n.x),y:n.y+t*(e.y-n.y)}}function B4(n,e,t,i){return{x:n.x+t*(e.x-n.x),y:i==="middle"?t<.5?n.y:e.y:i==="after"?t<1?n.y:e.y:t>0?e.y:n.y}}function W4(n,e,t,i){const s={x:n.cp2x,y:n.cp2y},l={x:e.cp1x,y:e.cp1y},o=vl(n,s,t),r=vl(s,l,t),a=vl(l,e,t),u=vl(o,r,t),f=vl(r,a,t);return vl(u,f,t)}const Y4=function(n,e){return{x(t){return n+n+e-t},setWidth(t){e=t},textAlign(t){return t==="center"?t:t==="right"?"left":"right"},xPlus(t,i){return t-i},leftForLtr(t,i){return t-i}}},K4=function(){return{x(n){return n},setWidth(n){},textAlign(n){return n},xPlus(n,e){return n+e},leftForLtr(n,e){return n}}};function ua(n,e,t){return n?Y4(e,t):K4()}function J4(n,e){let t,i;(e==="ltr"||e==="rtl")&&(t=n.canvas.style,i=[t.getPropertyValue("direction"),t.getPropertyPriority("direction")],t.setProperty("direction",e,"important"),n.prevTextDirection=i)}function Z4(n,e){e!==void 0&&(delete n.prevTextDirection,n.canvas.style.setProperty("direction",e[0],e[1]))}function Jk(n){return n==="angle"?{between:Nk,compare:VS,normalize:yi}:{between:Rk,compare:(e,t)=>e-t,normalize:e=>e}}function nd({start:n,end:e,count:t,loop:i,style:s}){return{start:n%t,end:e%t,loop:i&&(e-n+1)%t===0,style:s}}function G4(n,e,t){const{property:i,start:s,end:l}=t,{between:o,normalize:r}=Jk(i),a=e.length;let{start:u,end:f,loop:c}=n,d,m;if(c){for(u+=a,f+=a,d=0,m=a;da(s,$,k)&&r(s,$)!==0,O=()=>r(l,k)===0||a(l,$,k),E=()=>g||T(),L=()=>!g||O();for(let I=f,A=f;I<=c;++I)S=e[I%o],!S.skip&&(k=u(S[i]),k!==$&&(g=a(k,s,l),_===null&&E()&&(_=r(k,s)===0?I:A),_!==null&&L()&&(h.push(nd({start:_,end:I,loop:d,count:o,style:m})),_=null),A=I,$=k));return _!==null&&h.push(nd({start:_,end:c,loop:d,count:o,style:m})),h}function Gk(n,e){const t=[],i=n.segments;for(let s=0;ss&&n[l%e].skip;)l--;return l%=e,{start:s,end:l}}function Q4(n,e,t,i){const s=n.length,l=[];let o=e,r=n[e],a;for(a=e+1;a<=t;++a){const u=n[a%s];u.skip||u.stop?r.skip||(i=!1,l.push({start:e%s,end:(a-1)%s,loop:i}),e=o=u.stop?a:null):(o=a,r.skip&&(e=a)),r=u}return o!==null&&l.push({start:e%s,end:o%s,loop:i}),l}function x4(n,e){const t=n.points,i=n.options.spanGaps,s=t.length;if(!s)return[];const l=!!n._loop,{start:o,end:r}=X4(t,s,l,i);if(i===!0)return id(n,[{start:o,end:r,loop:l}],t,e);const a=rr({chart:e,initial:t.initial,numSteps:o,currentStep:Math.min(i-t.start,o)}))}_refresh(){this._request||(this._running=!0,this._request=qk.call(window,()=>{this._update(),this._request=null,this._running&&this._refresh()}))}_update(e=Date.now()){let t=0;this._charts.forEach((i,s)=>{if(!i.running||!i.items.length)return;const l=i.items;let o=l.length-1,r=!1,a;for(;o>=0;--o)a=l[o],a._active?(a._total>i.duration&&(i.duration=a._total),a.tick(e),r=!0):(l[o]=l[l.length-1],l.pop());r&&(s.draw(),this._notify(s,i,e,"progress")),l.length||(i.running=!1,this._notify(s,i,e,"complete"),i.initial=!1),t+=l.length}),this._lastDate=e,t===0&&(this._running=!1)}_getAnims(e){const t=this._charts;let i=t.get(e);return i||(i={running:!1,initial:!0,items:[],listeners:{complete:[],progress:[]}},t.set(e,i)),i}listen(e,t,i){this._getAnims(e).listeners[t].push(i)}add(e,t){!t||!t.length||this._getAnims(e).items.push(...t)}has(e){return this._getAnims(e).items.length>0}start(e){const t=this._charts.get(e);t&&(t.running=!0,t.start=Date.now(),t.duration=t.items.reduce((i,s)=>Math.max(i,s._duration),0),this._refresh())}running(e){if(!this._running)return!1;const t=this._charts.get(e);return!(!t||!t.running||!t.items.length)}stop(e){const t=this._charts.get(e);if(!t||!t.items.length)return;const i=t.items;let s=i.length-1;for(;s>=0;--s)i[s].cancel();t.items=[],this._notify(e,t,Date.now(),"complete")}remove(e){return this._charts.delete(e)}}var Ni=new iT;const sd="transparent",lT={boolean(n,e,t){return t>.5?e:n},color(n,e,t){const i=Yc(n||sd),s=i.valid&&Yc(e||sd);return s&&s.valid?s.mix(i,t).hexString():e},number(n,e,t){return n+(e-n)*t}};class sT{constructor(e,t,i,s){const l=t[i];s=Ao([e.to,s,l,e.from]);const o=Ao([e.from,l,s]);this._active=!0,this._fn=e.fn||lT[e.type||typeof o],this._easing=Ns[e.easing]||Ns.linear,this._start=Math.floor(Date.now()+(e.delay||0)),this._duration=this._total=Math.floor(e.duration),this._loop=!!e.loop,this._target=t,this._prop=i,this._from=o,this._to=s,this._promises=void 0}active(){return this._active}update(e,t,i){if(this._active){this._notify(!1);const s=this._target[this._prop],l=i-this._start,o=this._duration-l;this._start=i,this._duration=Math.floor(Math.max(o,e.duration)),this._total+=l,this._loop=!!e.loop,this._to=Ao([e.to,t,s,e.from]),this._from=Ao([e.from,s,t])}}cancel(){this._active&&(this.tick(Date.now()),this._active=!1,this._notify(!1))}tick(e){const t=e-this._start,i=this._duration,s=this._prop,l=this._from,o=this._loop,r=this._to;let a;if(this._active=l!==r&&(o||t1?2-a:a,a=this._easing(Math.min(1,Math.max(0,a))),this._target[s]=this._fn(l,r,a)}wait(){const e=this._promises||(this._promises=[]);return new Promise((t,i)=>{e.push({res:t,rej:i})})}_notify(e){const t=e?"res":"rej",i=this._promises||[];for(let s=0;s{const l=e[s];if(!St(l))return;const o={};for(const r of t)o[r]=l[r];(cn(l.properties)&&l.properties||[s]).forEach(r=>{(r===s||!i.has(r))&&i.set(r,o)})})}_animateOptions(e,t){const i=t.options,s=rT(e,i);if(!s)return[];const l=this._createAnimations(s,i);return i.$shared&&oT(e.options.$animations,i).then(()=>{e.options=i},()=>{}),l}_createAnimations(e,t){const i=this._properties,s=[],l=e.$animations||(e.$animations={}),o=Object.keys(t),r=Date.now();let a;for(a=o.length-1;a>=0;--a){const u=o[a];if(u.charAt(0)==="$")continue;if(u==="options"){s.push(...this._animateOptions(e,t));continue}const f=t[u];let c=l[u];const d=i.get(u);if(c)if(d&&c.active()){c.update(d,f,r);continue}else c.cancel();if(!d||!d.duration){e[u]=f;continue}l[u]=c=new sT(d,e,u,f),s.push(c)}return s}update(e,t){if(this._properties.size===0){Object.assign(e,t);return}const i=this._createAnimations(e,t);if(i.length)return Ni.add(this._chart,i),!0}}function oT(n,e){const t=[],i=Object.keys(e);for(let s=0;s0||!t&&l<0)return s.index}return null}function ud(n,e){const{chart:t,_cachedMeta:i}=n,s=t._stacks||(t._stacks={}),{iScale:l,vScale:o,index:r}=i,a=l.axis,u=o.axis,f=cT(l,o,i),c=e.length;let d;for(let m=0;mt[i].axis===e).shift()}function mT(n,e){return Pl(n,{active:!1,dataset:void 0,datasetIndex:e,index:e,mode:"default",type:"dataset"})}function hT(n,e,t){return Pl(n,{active:!1,dataIndex:e,parsed:void 0,raw:void 0,element:t,index:e,mode:"default",type:"data"})}function ys(n,e){const t=n.controller.index,i=n.vScale&&n.vScale.axis;if(i){e=e||n._parsed;for(const s of e){const l=s._stacks;if(!l||l[i]===void 0||l[i][t]===void 0)return;delete l[i][t],l[i]._visualValues!==void 0&&l[i]._visualValues[t]!==void 0&&delete l[i]._visualValues[t]}}}const da=n=>n==="reset"||n==="none",fd=(n,e)=>e?n:Object.assign({},n),_T=(n,e,t)=>n&&!e.hidden&&e._stacked&&{keys:xk(t,!0),values:null};class Fs{constructor(e,t){this.chart=e,this._ctx=e.ctx,this.index=t,this._cachedDataOpts={},this._cachedMeta=this.getMeta(),this._type=this._cachedMeta.type,this.options=void 0,this._parsing=!1,this._data=void 0,this._objectData=void 0,this._sharedOptions=void 0,this._drawStart=void 0,this._drawCount=void 0,this.enableOptionSharing=!1,this.supportsDecimation=!1,this.$context=void 0,this._syncList=[],this.datasetElementType=new.target.datasetElementType,this.dataElementType=new.target.dataElementType,this.initialize()}initialize(){const e=this._cachedMeta;this.configure(),this.linkScales(),e._stacked=fa(e.vScale,e),this.addElements(),this.options.fill&&!this.chart.isPluginEnabled("filler")&&console.warn("Tried to use the 'fill' option without the 'Filler' plugin enabled. Please import and register the 'Filler' plugin and make sure it is not disabled in the options")}updateIndex(e){this.index!==e&&ys(this._cachedMeta),this.index=e}linkScales(){const e=this.chart,t=this._cachedMeta,i=this.getDataset(),s=(c,d,m,h)=>c==="x"?d:c==="r"?h:m,l=t.xAxisID=Et(i.xAxisID,ca(e,"x")),o=t.yAxisID=Et(i.yAxisID,ca(e,"y")),r=t.rAxisID=Et(i.rAxisID,ca(e,"r")),a=t.indexAxis,u=t.iAxisID=s(a,l,o,r),f=t.vAxisID=s(a,o,l,r);t.xScale=this.getScaleForId(l),t.yScale=this.getScaleForId(o),t.rScale=this.getScaleForId(r),t.iScale=this.getScaleForId(u),t.vScale=this.getScaleForId(f)}getDataset(){return this.chart.data.datasets[this.index]}getMeta(){return this.chart.getDatasetMeta(this.index)}getScaleForId(e){return this.chart.scales[e]}_getOtherScale(e){const t=this._cachedMeta;return e===t.iScale?t.vScale:t.iScale}reset(){this._update("reset")}_destroy(){const e=this._cachedMeta;this._data&&Uc(this._data,this),e._stacked&&ys(e)}_dataCheck(){const e=this.getDataset(),t=e.data||(e.data=[]),i=this._data;if(St(t)){const s=this._cachedMeta;this._data=fT(t,s)}else if(i!==t){if(i){Uc(i,this);const s=this._cachedMeta;ys(s),s._parsed=[]}t&&Object.isExtensible(t)&&KS(t,this),this._syncList=[],this._data=t}}addElements(){const e=this._cachedMeta;this._dataCheck(),this.datasetElementType&&(e.dataset=new this.datasetElementType)}buildOrUpdateElements(e){const t=this._cachedMeta,i=this.getDataset();let s=!1;this._dataCheck();const l=t._stacked;t._stacked=fa(t.vScale,t),t.stack!==i.stack&&(s=!0,ys(t),t.stack=i.stack),this._resyncElements(e),(s||l!==t._stacked)&&(ud(this,t._parsed),t._stacked=fa(t.vScale,t))}configure(){const e=this.chart.config,t=e.datasetScopeKeys(this._type),i=e.getOptionScopes(this.getDataset(),t,!0);this.options=e.createResolver(i,this.getContext()),this._parsing=this.options.parsing,this._cachedDataOpts={}}parse(e,t){const{_cachedMeta:i,_data:s}=this,{iScale:l,_stacked:o}=i,r=l.axis;let a=e===0&&t===s.length?!0:i._sorted,u=e>0&&i._parsed[e-1],f,c,d;if(this._parsing===!1)i._parsed=s,i._sorted=!0,d=s;else{cn(s[e])?d=this.parseArrayData(i,s,e,t):St(s[e])?d=this.parseObjectData(i,s,e,t):d=this.parsePrimitiveData(i,s,e,t);const m=()=>c[r]===null||u&&c[r]g||c=0;--d)if(!h()){this.updateRangeFromParsed(u,e,m,a);break}}return u}getAllParsedValues(e){const t=this._cachedMeta._parsed,i=[];let s,l,o;for(s=0,l=t.length;s=0&&ethis.getContext(i,s,t),g=u.resolveNamedOptions(d,m,h,c);return g.$shared&&(g.$shared=a,l[o]=Object.freeze(fd(g,a))),g}_resolveAnimations(e,t,i){const s=this.chart,l=this._cachedDataOpts,o=`animation-${t}`,r=l[o];if(r)return r;let a;if(s.options.animation!==!1){const f=this.chart.config,c=f.datasetAnimationScopeKeys(this._type,t),d=f.getOptionScopes(this.getDataset(),c);a=f.createResolver(d,this.getContext(e,i,t))}const u=new Qk(s,a&&a.animations);return a&&a._cacheable&&(l[o]=Object.freeze(u)),u}getSharedOptions(e){if(e.$shared)return this._sharedOptions||(this._sharedOptions=Object.assign({},e))}includeOptions(e,t){return!t||da(e)||this.chart._animationsDisabled}_getSharedOptions(e,t){const i=this.resolveDataElementOptions(e,t),s=this._sharedOptions,l=this.getSharedOptions(i),o=this.includeOptions(t,l)||l!==s;return this.updateSharedOptions(l,t,i),{sharedOptions:l,includeOptions:o}}updateElement(e,t,i,s){da(s)?Object.assign(e,i):this._resolveAnimations(t,s).update(e,i)}updateSharedOptions(e,t,i){e&&!da(t)&&this._resolveAnimations(void 0,t).update(e,i)}_setStyle(e,t,i,s){e.active=s;const l=this.getStyle(t,s);this._resolveAnimations(t,i,s).update(e,{options:!s&&this.getSharedOptions(l)||l})}removeHoverStyle(e,t,i){this._setStyle(e,i,"active",!1)}setHoverStyle(e,t,i){this._setStyle(e,i,"active",!0)}_removeDatasetHoverStyle(){const e=this._cachedMeta.dataset;e&&this._setStyle(e,void 0,"active",!1)}_setDatasetHoverStyle(){const e=this._cachedMeta.dataset;e&&this._setStyle(e,void 0,"active",!0)}_resyncElements(e){const t=this._data,i=this._cachedMeta.data;for(const[r,a,u]of this._syncList)this[r](a,u);this._syncList=[];const s=i.length,l=t.length,o=Math.min(l,s);o&&this.parse(0,o),l>s?this._insertElements(s,l-s,e):l{for(u.length+=t,r=u.length-1;r>=o;r--)u[r]=u[r-t]};for(a(l),r=e;r0&&this.getParsed(t-1);for(let O=0;O<$;++O){const E=e[O],L=k?E:{};if(O=S){L.skip=!0;continue}const I=this.getParsed(O),A=Vt(I[m]),P=L[d]=o.getPixelForValue(I[d],O),N=L[m]=l||A?r.getBasePixel():r.getPixelForValue(a?this.applyStack(r,I,a):I[m],O);L.skip=isNaN(P)||isNaN(N)||A,L.stop=O>0&&Math.abs(I[d]-T[d])>_,g&&(L.parsed=I,L.raw=u.data[O]),c&&(L.options=f||this.resolveDataElementOptions(O,E.active?"active":s)),k||this.updateElement(E,O,L,s),T=I}}getMaxOverflow(){const e=this._cachedMeta,t=e.dataset,i=t.options&&t.options.borderWidth||0,s=e.data||[];if(!s.length)return i;const l=s[0].size(this.resolveDataElementOptions(0)),o=s[s.length-1].size(this.resolveDataElementOptions(s.length-1));return Math.max(i,l,o)/2}draw(){const e=this._cachedMeta;e.dataset.updateControlPoints(this.chart.chartArea,e.iScale.axis),super.draw()}}pt(er,"id","line"),pt(er,"defaults",{datasetElementType:"line",dataElementType:"point",showLine:!0,spanGaps:!1}),pt(er,"overrides",{scales:{_index_:{type:"category"},_value_:{type:"linear"}}});function yl(){throw new Error("This method is not implemented: Check that a complete date adapter is provided.")}class Xu{constructor(e){pt(this,"options");this.options=e||{}}static override(e){Object.assign(Xu.prototype,e)}init(){}formats(){return yl()}parse(){return yl()}format(){return yl()}add(){return yl()}diff(){return yl()}startOf(){return yl()}endOf(){return yl()}}var ey={_date:Xu};function gT(n,e,t,i){const{controller:s,data:l,_sorted:o}=n,r=s._cachedMeta.iScale,a=n.dataset&&n.dataset.options?n.dataset.options.spanGaps:null;if(r&&e===r.axis&&e!=="r"&&o&&l.length){const u=r._reversePixels?WS:$l;if(i){if(s._sharedOptions){const f=l[0],c=typeof f.getRange=="function"&&f.getRange(e);if(c){const d=u(l,e,t-c),m=u(l,e,t+c);return{lo:d.lo,hi:m.hi}}}}else{const f=u(l,e,t);if(a){const{vScale:c}=s._cachedMeta,{_parsed:d}=n,m=d.slice(0,f.lo+1).reverse().findIndex(g=>!Vt(g[c.axis]));f.lo-=Math.max(0,m);const h=d.slice(f.hi).findIndex(g=>!Vt(g[c.axis]));f.hi+=Math.max(0,h)}return f}}return{lo:0,hi:l.length-1}}function Rr(n,e,t,i,s){const l=n.getSortedVisibleDatasetMetas(),o=t[e];for(let r=0,a=l.length;r{a[o]&&a[o](e[t],s)&&(l.push({element:a,datasetIndex:u,index:f}),r=r||a.inRange(e.x,e.y,s))}),i&&!r?[]:l}var vT={modes:{index(n,e,t,i){const s=vi(e,n),l=t.axis||"x",o=t.includeInvisible||!1,r=t.intersect?pa(n,s,l,i,o):ma(n,s,l,!1,i,o),a=[];return r.length?(n.getSortedVisibleDatasetMetas().forEach(u=>{const f=r[0].index,c=u.data[f];c&&!c.skip&&a.push({element:c,datasetIndex:u.index,index:f})}),a):[]},dataset(n,e,t,i){const s=vi(e,n),l=t.axis||"xy",o=t.includeInvisible||!1;let r=t.intersect?pa(n,s,l,i,o):ma(n,s,l,!1,i,o);if(r.length>0){const a=r[0].datasetIndex,u=n.getDatasetMeta(a).data;r=[];for(let f=0;ft.pos===e)}function dd(n,e){return n.filter(t=>ty.indexOf(t.pos)===-1&&t.box.axis===e)}function ws(n,e){return n.sort((t,i)=>{const s=e?i:t,l=e?t:i;return s.weight===l.weight?s.index-l.index:s.weight-l.weight})}function wT(n){const e=[];let t,i,s,l,o,r;for(t=0,i=(n||[]).length;tu.box.fullSize),!0),i=ws(vs(e,"left"),!0),s=ws(vs(e,"right")),l=ws(vs(e,"top"),!0),o=ws(vs(e,"bottom")),r=dd(e,"x"),a=dd(e,"y");return{fullSize:t,leftAndTop:i.concat(l),rightAndBottom:s.concat(a).concat(o).concat(r),chartArea:vs(e,"chartArea"),vertical:i.concat(s).concat(a),horizontal:l.concat(o).concat(r)}}function pd(n,e,t,i){return Math.max(n[t],e[t])+Math.max(n[i],e[i])}function ny(n,e){n.top=Math.max(n.top,e.top),n.left=Math.max(n.left,e.left),n.bottom=Math.max(n.bottom,e.bottom),n.right=Math.max(n.right,e.right)}function CT(n,e,t,i){const{pos:s,box:l}=t,o=n.maxPadding;if(!St(s)){t.size&&(n[s]-=t.size);const c=i[t.stack]||{size:0,count:1};c.size=Math.max(c.size,t.horizontal?l.height:l.width),t.size=c.size/c.count,n[s]+=t.size}l.getPadding&&ny(o,l.getPadding());const r=Math.max(0,e.outerWidth-pd(o,n,"left","right")),a=Math.max(0,e.outerHeight-pd(o,n,"top","bottom")),u=r!==n.w,f=a!==n.h;return n.w=r,n.h=a,t.horizontal?{same:u,other:f}:{same:f,other:u}}function OT(n){const e=n.maxPadding;function t(i){const s=Math.max(e[i]-n[i],0);return n[i]+=s,s}n.y+=t("top"),n.x+=t("left"),t("right"),t("bottom")}function MT(n,e){const t=e.maxPadding;function i(s){const l={left:0,top:0,right:0,bottom:0};return s.forEach(o=>{l[o]=Math.max(e[o],t[o])}),l}return i(n?["left","right"]:["top","bottom"])}function Es(n,e,t,i){const s=[];let l,o,r,a,u,f;for(l=0,o=n.length,u=0;l{typeof g.beforeLayout=="function"&&g.beforeLayout()});const f=a.reduce((g,_)=>_.box.options&&_.box.options.display===!1?g:g+1,0)||1,c=Object.freeze({outerWidth:e,outerHeight:t,padding:s,availableWidth:l,availableHeight:o,vBoxMaxWidth:l/2/f,hBoxMaxHeight:o/2}),d=Object.assign({},s);ny(d,rl(i));const m=Object.assign({maxPadding:d,w:l,h:o,x:s.left,y:s.top},s),h=TT(a.concat(u),c);Es(r.fullSize,m,c,h),Es(a,m,c,h),Es(u,m,c,h)&&Es(a,m,c,h),OT(m),md(r.leftAndTop,m,c,h),m.x+=m.w,m.y+=m.h,md(r.rightAndBottom,m,c,h),n.chartArea={left:m.left,top:m.top,right:m.left+m.w,bottom:m.top+m.h,height:m.h,width:m.w},gt(r.chartArea,g=>{const _=g.box;Object.assign(_,n.chartArea),_.update(m.w,m.h,{left:0,top:0,right:0,bottom:0})})}};class iy{acquireContext(e,t){}releaseContext(e){return!1}addEventListener(e,t,i){}removeEventListener(e,t,i){}getDevicePixelRatio(){return 1}getMaximumSize(e,t,i,s){return t=Math.max(0,t||e.width),i=i||e.height,{width:t,height:Math.max(0,s?Math.floor(t/s):i)}}isAttached(e){return!0}updateConfig(e){}}class ET extends iy{acquireContext(e){return e&&e.getContext&&e.getContext("2d")||null}updateConfig(e){e.options.animation=!1}}const tr="$chartjs",DT={touchstart:"mousedown",touchmove:"mousemove",touchend:"mouseup",pointerenter:"mouseenter",pointerdown:"mousedown",pointermove:"mousemove",pointerup:"mouseup",pointerleave:"mouseout",pointerout:"mouseout"},hd=n=>n===null||n==="";function IT(n,e){const t=n.style,i=n.getAttribute("height"),s=n.getAttribute("width");if(n[tr]={initial:{height:i,width:s,style:{display:t.display,height:t.height,width:t.width}}},t.display=t.display||"block",t.boxSizing=t.boxSizing||"border-box",hd(s)){const l=td(n,"width");l!==void 0&&(n.width=l)}if(hd(i))if(n.style.height==="")n.height=n.width/(e||2);else{const l=td(n,"height");l!==void 0&&(n.height=l)}return n}const ly=V4?{passive:!0}:!1;function LT(n,e,t){n&&n.addEventListener(e,t,ly)}function AT(n,e,t){n&&n.canvas&&n.canvas.removeEventListener(e,t,ly)}function PT(n,e){const t=DT[n.type]||n.type,{x:i,y:s}=vi(n,e);return{type:t,chart:e,native:n,x:i!==void 0?i:null,y:s!==void 0?s:null}}function kr(n,e){for(const t of n)if(t===e||t.contains(e))return!0}function NT(n,e,t){const i=n.canvas,s=new MutationObserver(l=>{let o=!1;for(const r of l)o=o||kr(r.addedNodes,i),o=o&&!kr(r.removedNodes,i);o&&t()});return s.observe(document,{childList:!0,subtree:!0}),s}function RT(n,e,t){const i=n.canvas,s=new MutationObserver(l=>{let o=!1;for(const r of l)o=o||kr(r.removedNodes,i),o=o&&!kr(r.addedNodes,i);o&&t()});return s.observe(document,{childList:!0,subtree:!0}),s}const Qs=new Map;let _d=0;function sy(){const n=window.devicePixelRatio;n!==_d&&(_d=n,Qs.forEach((e,t)=>{t.currentDevicePixelRatio!==n&&e()}))}function FT(n,e){Qs.size||window.addEventListener("resize",sy),Qs.set(n,e)}function qT(n){Qs.delete(n),Qs.size||window.removeEventListener("resize",sy)}function jT(n,e,t){const i=n.canvas,s=i&&Gu(i);if(!s)return;const l=jk((r,a)=>{const u=s.clientWidth;t(r,a),u{const a=r[0],u=a.contentRect.width,f=a.contentRect.height;u===0&&f===0||l(u,f)});return o.observe(s),FT(n,l),o}function ha(n,e,t){t&&t.disconnect(),e==="resize"&&qT(n)}function HT(n,e,t){const i=n.canvas,s=jk(l=>{n.ctx!==null&&t(PT(l,n))},n);return LT(i,e,s),s}class zT extends iy{acquireContext(e,t){const i=e&&e.getContext&&e.getContext("2d");return i&&i.canvas===e?(IT(e,t),i):null}releaseContext(e){const t=e.canvas;if(!t[tr])return!1;const i=t[tr].initial;["height","width"].forEach(l=>{const o=i[l];Vt(o)?t.removeAttribute(l):t.setAttribute(l,o)});const s=i.style||{};return Object.keys(s).forEach(l=>{t.style[l]=s[l]}),t.width=t.width,delete t[tr],!0}addEventListener(e,t,i){this.removeEventListener(e,t);const s=e.$proxies||(e.$proxies={}),o={attach:NT,detach:RT,resize:jT}[t]||HT;s[t]=o(e,t,i)}removeEventListener(e,t){const i=e.$proxies||(e.$proxies={}),s=i[t];if(!s)return;({attach:ha,detach:ha,resize:ha}[t]||AT)(e,t,s),i[t]=void 0}getDevicePixelRatio(){return window.devicePixelRatio}getMaximumSize(e,t,i,s){return U4(e,t,i,s)}isAttached(e){const t=e&&Gu(e);return!!(t&&t.isConnected)}}function UT(n){return!Zu()||typeof OffscreenCanvas<"u"&&n instanceof OffscreenCanvas?ET:zT}class Ll{constructor(){pt(this,"x");pt(this,"y");pt(this,"active",!1);pt(this,"options");pt(this,"$animations")}tooltipPosition(e){const{x:t,y:i}=this.getProps(["x","y"],e);return{x:t,y:i}}hasValue(){return Xs(this.x)&&Xs(this.y)}getProps(e,t){const i=this.$animations;if(!t||!i)return this;const s={};return e.forEach(l=>{s[l]=i[l]&&i[l].active()?i[l]._to:this[l]}),s}}pt(Ll,"defaults",{}),pt(Ll,"defaultRoutes");function VT(n,e){const t=n.options.ticks,i=BT(n),s=Math.min(t.maxTicksLimit||i,i),l=t.major.enabled?YT(e):[],o=l.length,r=l[0],a=l[o-1],u=[];if(o>s)return KT(e,u,l,o/s),u;const f=WT(l,e,s);if(o>0){let c,d;const m=o>1?Math.round((a-r)/(o-1)):null;for(jo(e,u,f,Vt(m)?0:r-m,r),c=0,d=o-1;cs)return a}return Math.max(s,1)}function YT(n){const e=[];let t,i;for(t=0,i=n.length;tn==="left"?"right":n==="right"?"left":n,gd=(n,e,t)=>e==="top"||e==="left"?n[e]+t:n[e]-t,bd=(n,e)=>Math.min(e||n,n);function kd(n,e){const t=[],i=n.length/e,s=n.length;let l=0;for(;lo+r)))return a}function XT(n,e){gt(n,t=>{const i=t.gc,s=i.length/2;let l;if(s>e){for(l=0;li?i:t,i=s&&t>i?t:i,{min:gi(t,gi(i,t)),max:gi(i,gi(t,i))}}getPadding(){return{left:this.paddingLeft||0,top:this.paddingTop||0,right:this.paddingRight||0,bottom:this.paddingBottom||0}}getTicks(){return this.ticks}getLabels(){const e=this.chart.data;return this.options.labels||(this.isHorizontal()?e.xLabels:e.yLabels)||e.labels||[]}getLabelItems(e=this.chart.chartArea){return this._labelItems||(this._labelItems=this._computeLabelItems(e))}beforeLayout(){this._cache={},this._dataLimitsCached=!1}beforeUpdate(){ft(this.options.beforeUpdate,[this])}update(e,t,i){const{beginAtZero:s,grace:l,ticks:o}=this.options,r=o.sampleSize;this.beforeUpdate(),this.maxWidth=e,this.maxHeight=t,this._margins=i=Object.assign({left:0,right:0,top:0,bottom:0},i),this.ticks=null,this._labelSizes=null,this._gridLineItems=null,this._labelItems=null,this.beforeSetDimensions(),this.setDimensions(),this.afterSetDimensions(),this._maxLength=this.isHorizontal()?this.width+i.left+i.right:this.height+i.top+i.bottom,this._dataLimitsCached||(this.beforeDataLimits(),this.determineDataLimits(),this.afterDataLimits(),this._range=y4(this,l,s),this._dataLimitsCached=!0),this.beforeBuildTicks(),this.ticks=this.buildTicks()||[],this.afterBuildTicks();const a=r=l||i<=1||!this.isHorizontal()){this.labelRotation=s;return}const f=this._getLabelSizes(),c=f.widest.width,d=f.highest.height,m=pi(this.chart.width-c,0,this.maxWidth);r=e.offset?this.maxWidth/i:m/(i-1),c+6>r&&(r=m/(i-(e.offset?.5:1)),a=this.maxHeight-Ss(e.grid)-t.padding-yd(e.title,this.chart.options.font),u=Math.sqrt(c*c+d*d),o=zS(Math.min(Math.asin(pi((f.highest.height+6)/r,-1,1)),Math.asin(pi(a/u,-1,1))-Math.asin(pi(d/u,-1,1)))),o=Math.max(s,Math.min(l,o))),this.labelRotation=o}afterCalculateLabelRotation(){ft(this.options.afterCalculateLabelRotation,[this])}afterAutoSkip(){}beforeFit(){ft(this.options.beforeFit,[this])}fit(){const e={width:0,height:0},{chart:t,options:{ticks:i,title:s,grid:l}}=this,o=this._isVisible(),r=this.isHorizontal();if(o){const a=yd(s,t.options.font);if(r?(e.width=this.maxWidth,e.height=Ss(l)+a):(e.height=this.maxHeight,e.width=Ss(l)+a),i.display&&this.ticks.length){const{first:u,last:f,widest:c,highest:d}=this._getLabelSizes(),m=i.padding*2,h=Tl(this.labelRotation),g=Math.cos(h),_=Math.sin(h);if(r){const k=i.mirror?0:_*c.width+g*d.height;e.height=Math.min(this.maxHeight,e.height+k+m)}else{const k=i.mirror?0:g*c.width+_*d.height;e.width=Math.min(this.maxWidth,e.width+k+m)}this._calculatePadding(u,f,_,g)}}this._handleMargins(),r?(this.width=this._length=t.width-this._margins.left-this._margins.right,this.height=e.height):(this.width=e.width,this.height=this._length=t.height-this._margins.top-this._margins.bottom)}_calculatePadding(e,t,i,s){const{ticks:{align:l,padding:o},position:r}=this.options,a=this.labelRotation!==0,u=r!=="top"&&this.axis==="x";if(this.isHorizontal()){const f=this.getPixelForTick(0)-this.left,c=this.right-this.getPixelForTick(this.ticks.length-1);let d=0,m=0;a?u?(d=s*e.width,m=i*t.height):(d=i*e.height,m=s*t.width):l==="start"?m=t.width:l==="end"?d=e.width:l!=="inner"&&(d=e.width/2,m=t.width/2),this.paddingLeft=Math.max((d-f+o)*this.width/(this.width-f),0),this.paddingRight=Math.max((m-c+o)*this.width/(this.width-c),0)}else{let f=t.height/2,c=e.height/2;l==="start"?(f=0,c=e.height):l==="end"&&(f=t.height,c=0),this.paddingTop=f+o,this.paddingBottom=c+o}}_handleMargins(){this._margins&&(this._margins.left=Math.max(this.paddingLeft,this._margins.left),this._margins.top=Math.max(this.paddingTop,this._margins.top),this._margins.right=Math.max(this.paddingRight,this._margins.right),this._margins.bottom=Math.max(this.paddingBottom,this._margins.bottom))}afterFit(){ft(this.options.afterFit,[this])}isHorizontal(){const{axis:e,position:t}=this.options;return t==="top"||t==="bottom"||e==="x"}isFullSize(){return this.options.fullSize}_convertTicksToLabels(e){this.beforeTickToLabelConversion(),this.generateTickLabels(e);let t,i;for(t=0,i=e.length;t({width:o[A]||0,height:r[A]||0});return{first:I(0),last:I(t-1),widest:I(E),highest:I(L),widths:o,heights:r}}getLabelForValue(e){return e}getPixelForValue(e,t){return NaN}getValueForPixel(e){}getPixelForTick(e){const t=this.ticks;return e<0||e>t.length-1?null:this.getPixelForValue(t[e].value)}getPixelForDecimal(e){this._reversePixels&&(e=1-e);const t=this._startPixel+e*this._length;return BS(this._alignToPixels?kl(this.chart,t,0):t)}getDecimalForPixel(e){const t=(e-this._startPixel)/this._length;return this._reversePixels?1-t:t}getBasePixel(){return this.getPixelForValue(this.getBaseValue())}getBaseValue(){const{min:e,max:t}=this;return e<0&&t<0?t:e>0&&t>0?e:0}getContext(e){const t=this.ticks||[];if(e>=0&&er*s?r/i:a/s:a*s0}_computeGridLineItems(e){const t=this.axis,i=this.chart,s=this.options,{grid:l,position:o,border:r}=s,a=l.offset,u=this.isHorizontal(),c=this.ticks.length+(a?1:0),d=Ss(l),m=[],h=r.setContext(this.getContext()),g=h.display?h.width:0,_=g/2,k=function(J){return kl(i,J,g)};let S,$,T,O,E,L,I,A,P,N,R,z;if(o==="top")S=k(this.bottom),L=this.bottom-d,A=S-_,N=k(e.top)+_,z=e.bottom;else if(o==="bottom")S=k(this.top),N=e.top,z=k(e.bottom)-_,L=S+_,A=this.top+d;else if(o==="left")S=k(this.right),E=this.right-d,I=S-_,P=k(e.left)+_,R=e.right;else if(o==="right")S=k(this.left),P=e.left,R=k(e.right)-_,E=S+_,I=this.left+d;else if(t==="x"){if(o==="center")S=k((e.top+e.bottom)/2+.5);else if(St(o)){const J=Object.keys(o)[0],V=o[J];S=k(this.chart.scales[J].getPixelForValue(V))}N=e.top,z=e.bottom,L=S+_,A=L+d}else if(t==="y"){if(o==="center")S=k((e.left+e.right)/2);else if(St(o)){const J=Object.keys(o)[0],V=o[J];S=k(this.chart.scales[J].getPixelForValue(V))}E=S-_,I=E-d,P=e.left,R=e.right}const F=Et(s.ticks.maxTicksLimit,c),B=Math.max(1,Math.ceil(c/F));for($=0;$0&&(ct-=Ye/2);break}pe={left:ct,top:Ke,width:Ye+ae.width,height:Ce+ae.height,color:B.backdropColor}}_.push({label:T,font:A,textOffset:R,options:{rotation:g,color:V,strokeColor:Z,strokeWidth:G,textAlign:de,textBaseline:z,translation:[O,E],backdrop:pe}})}return _}_getXAxisLabelAlignment(){const{position:e,ticks:t}=this.options;if(-Tl(this.labelRotation))return e==="top"?"left":"right";let s="center";return t.align==="start"?s="left":t.align==="end"?s="right":t.align==="inner"&&(s="inner"),s}_getYAxisLabelAlignment(e){const{position:t,ticks:{crossAlign:i,mirror:s,padding:l}}=this.options,o=this._getLabelSizes(),r=e+l,a=o.widest.width;let u,f;return t==="left"?s?(f=this.right+l,i==="near"?u="left":i==="center"?(u="center",f+=a/2):(u="right",f+=a)):(f=this.right-r,i==="near"?u="right":i==="center"?(u="center",f-=a/2):(u="left",f=this.left)):t==="right"?s?(f=this.left+l,i==="near"?u="right":i==="center"?(u="center",f-=a/2):(u="left",f-=a)):(f=this.left+r,i==="near"?u="left":i==="center"?(u="center",f+=a/2):(u="right",f=this.right)):u="right",{textAlign:u,x:f}}_computeLabelArea(){if(this.options.ticks.mirror)return;const e=this.chart,t=this.options.position;if(t==="left"||t==="right")return{top:0,left:this.left,bottom:e.height,right:this.right};if(t==="top"||t==="bottom")return{top:this.top,left:0,bottom:this.bottom,right:e.width}}drawBackground(){const{ctx:e,options:{backgroundColor:t},left:i,top:s,width:l,height:o}=this;t&&(e.save(),e.fillStyle=t,e.fillRect(i,s,l,o),e.restore())}getLineWidthForValue(e){const t=this.options.grid;if(!this._isVisible()||!t.display)return 0;const s=this.ticks.findIndex(l=>l.value===e);return s>=0?t.setContext(this.getContext(s)).lineWidth:0}drawGrid(e){const t=this.options.grid,i=this.ctx,s=this._gridLineItems||(this._gridLineItems=this._computeGridLineItems(e));let l,o;const r=(a,u,f)=>{!f.width||!f.color||(i.save(),i.lineWidth=f.width,i.strokeStyle=f.color,i.setLineDash(f.borderDash||[]),i.lineDashOffset=f.borderDashOffset,i.beginPath(),i.moveTo(a.x,a.y),i.lineTo(u.x,u.y),i.stroke(),i.restore())};if(t.display)for(l=0,o=s.length;l{this.draw(l)}}]:[{z:i,draw:l=>{this.drawBackground(),this.drawGrid(l),this.drawTitle()}},{z:s,draw:()=>{this.drawBorder()}},{z:t,draw:l=>{this.drawLabels(l)}}]}getMatchingVisibleMetas(e){const t=this.chart.getSortedVisibleDatasetMetas(),i=this.axis+"AxisID",s=[];let l,o;for(l=0,o=t.length;l{const i=t.split("."),s=i.pop(),l=[n].concat(i).join("."),o=e[t].split("."),r=o.pop(),a=o.join(".");on.route(l,s,a,r)})}function l5(n){return"id"in n&&"defaults"in n}class s5{constructor(){this.controllers=new Ho(Fs,"datasets",!0),this.elements=new Ho(Ll,"elements"),this.plugins=new Ho(Object,"plugins"),this.scales=new Ho(mo,"scales"),this._typedRegistries=[this.controllers,this.scales,this.elements]}add(...e){this._each("register",e)}remove(...e){this._each("unregister",e)}addControllers(...e){this._each("register",e,this.controllers)}addElements(...e){this._each("register",e,this.elements)}addPlugins(...e){this._each("register",e,this.plugins)}addScales(...e){this._each("register",e,this.scales)}getController(e){return this._get(e,this.controllers,"controller")}getElement(e){return this._get(e,this.elements,"element")}getPlugin(e){return this._get(e,this.plugins,"plugin")}getScale(e){return this._get(e,this.scales,"scale")}removeControllers(...e){this._each("unregister",e,this.controllers)}removeElements(...e){this._each("unregister",e,this.elements)}removePlugins(...e){this._each("unregister",e,this.plugins)}removeScales(...e){this._each("unregister",e,this.scales)}_each(e,t,i){[...t].forEach(s=>{const l=i||this._getRegistryForType(s);i||l.isForType(s)||l===this.plugins&&s.id?this._exec(e,l,s):gt(s,o=>{const r=i||this._getRegistryForType(o);this._exec(e,r,o)})})}_exec(e,t,i){const s=zu(e);ft(i["before"+s],[],i),t[e](i),ft(i["after"+s],[],i)}_getRegistryForType(e){for(let t=0;tl.filter(r=>!o.some(a=>r.plugin.id===a.plugin.id));this._notify(s(t,i),e,"stop"),this._notify(s(i,t),e,"start")}}function r5(n){const e={},t=[],i=Object.keys(ki.plugins.items);for(let l=0;l1&&vd(n[0].toLowerCase());if(i)return i}throw new Error(`Cannot determine type of '${n}' axis. Please provide 'axis' or 'position' option.`)}function wd(n,e,t){if(t[e+"AxisID"]===n)return{axis:e}}function m5(n,e){if(e.data&&e.data.datasets){const t=e.data.datasets.filter(i=>i.xAxisID===n||i.yAxisID===n);if(t.length)return wd(n,"x",t[0])||wd(n,"y",t[0])}return{}}function h5(n,e){const t=Il[n.type]||{scales:{}},i=e.scales||{},s=eu(n.type,e),l=Object.create(null);return Object.keys(i).forEach(o=>{const r=i[o];if(!St(r))return console.error(`Invalid scale configuration for scale: ${o}`);if(r._proxy)return console.warn(`Ignoring resolver passed as options for scale: ${o}`);const a=tu(o,r,m5(o,n),on.scales[r.type]),u=d5(a,s),f=t.scales||{};l[o]=Ps(Object.create(null),[{axis:a},r,f[a],f[u]])}),n.data.datasets.forEach(o=>{const r=o.type||n.type,a=o.indexAxis||eu(r,e),f=(Il[r]||{}).scales||{};Object.keys(f).forEach(c=>{const d=c5(c,a),m=o[d+"AxisID"]||d;l[m]=l[m]||Object.create(null),Ps(l[m],[{axis:d},i[m],f[c]])})}),Object.keys(l).forEach(o=>{const r=l[o];Ps(r,[on.scales[r.type],on.scale])}),l}function oy(n){const e=n.options||(n.options={});e.plugins=Et(e.plugins,{}),e.scales=h5(n,e)}function ry(n){return n=n||{},n.datasets=n.datasets||[],n.labels=n.labels||[],n}function _5(n){return n=n||{},n.data=ry(n.data),oy(n),n}const Sd=new Map,ay=new Set;function zo(n,e){let t=Sd.get(n);return t||(t=e(),Sd.set(n,t),ay.add(t)),t}const Ts=(n,e,t)=>{const i=hr(e,t);i!==void 0&&n.add(i)};class g5{constructor(e){this._config=_5(e),this._scopeCache=new Map,this._resolverCache=new Map}get platform(){return this._config.platform}get type(){return this._config.type}set type(e){this._config.type=e}get data(){return this._config.data}set data(e){this._config.data=ry(e)}get options(){return this._config.options}set options(e){this._config.options=e}get plugins(){return this._config.plugins}update(){const e=this._config;this.clearCache(),oy(e)}clearCache(){this._scopeCache.clear(),this._resolverCache.clear()}datasetScopeKeys(e){return zo(e,()=>[[`datasets.${e}`,""]])}datasetAnimationScopeKeys(e,t){return zo(`${e}.transition.${t}`,()=>[[`datasets.${e}.transitions.${t}`,`transitions.${t}`],[`datasets.${e}`,""]])}datasetElementScopeKeys(e,t){return zo(`${e}-${t}`,()=>[[`datasets.${e}.elements.${t}`,`datasets.${e}`,`elements.${t}`,""]])}pluginScopeKeys(e){const t=e.id,i=this.type;return zo(`${i}-plugin-${t}`,()=>[[`plugins.${t}`,...e.additionalOptionScopes||[]]])}_cachedScopes(e,t){const i=this._scopeCache;let s=i.get(e);return(!s||t)&&(s=new Map,i.set(e,s)),s}getOptionScopes(e,t,i){const{options:s,type:l}=this,o=this._cachedScopes(e,i),r=o.get(t);if(r)return r;const a=new Set;t.forEach(f=>{e&&(a.add(e),f.forEach(c=>Ts(a,e,c))),f.forEach(c=>Ts(a,s,c)),f.forEach(c=>Ts(a,Il[l]||{},c)),f.forEach(c=>Ts(a,on,c)),f.forEach(c=>Ts(a,Qa,c))});const u=Array.from(a);return u.length===0&&u.push(Object.create(null)),ay.has(t)&&o.set(t,u),u}chartOptionScopes(){const{options:e,type:t}=this;return[e,Il[t]||{},on.datasets[t]||{},{type:t},on,Qa]}resolveNamedOptions(e,t,i,s=[""]){const l={$shared:!0},{resolver:o,subPrefixes:r}=Td(this._resolverCache,e,s);let a=o;if(k5(o,t)){l.$shared=!1,i=sl(i)?i():i;const u=this.createResolver(e,i,r);a=ss(o,i,u)}for(const u of t)l[u]=a[u];return l}createResolver(e,t,i=[""],s){const{resolver:l}=Td(this._resolverCache,e,i);return St(t)?ss(l,t,void 0,s):l}}function Td(n,e,t){let i=n.get(e);i||(i=new Map,n.set(e,i));const s=t.join();let l=i.get(s);return l||(l={resolver:Yu(e,t),subPrefixes:t.filter(r=>!r.toLowerCase().includes("hover"))},i.set(s,l)),l}const b5=n=>St(n)&&Object.getOwnPropertyNames(n).some(e=>sl(n[e]));function k5(n,e){const{isScriptable:t,isIndexable:i}=Vk(n);for(const s of e){const l=t(s),o=i(s),r=(o||l)&&n[s];if(l&&(sl(r)||b5(r))||o&&cn(r))return!0}return!1}var y5="4.4.9";const v5=["top","bottom","left","right","chartArea"];function $d(n,e){return n==="top"||n==="bottom"||v5.indexOf(n)===-1&&e==="x"}function Cd(n,e){return function(t,i){return t[n]===i[n]?t[e]-i[e]:t[n]-i[n]}}function Od(n){const e=n.chart,t=e.options.animation;e.notifyPlugins("afterRender"),ft(t&&t.onComplete,[n],e)}function w5(n){const e=n.chart,t=e.options.animation;ft(t&&t.onProgress,[n],e)}function uy(n){return Zu()&&typeof n=="string"?n=document.getElementById(n):n&&n.length&&(n=n[0]),n&&n.canvas&&(n=n.canvas),n}const nr={},Md=n=>{const e=uy(n);return Object.values(nr).filter(t=>t.canvas===e).pop()};function S5(n,e,t){const i=Object.keys(n);for(const s of i){const l=+s;if(l>=e){const o=n[s];delete n[s],(t>0||l>e)&&(n[l+t]=o)}}}function T5(n,e,t,i){return!t||n.type==="mouseout"?null:i?e:n}class wi{static register(...e){ki.add(...e),Ed()}static unregister(...e){ki.remove(...e),Ed()}constructor(e,t){const i=this.config=new g5(t),s=uy(e),l=Md(s);if(l)throw new Error("Canvas is already in use. Chart with ID '"+l.id+"' must be destroyed before the canvas with ID '"+l.canvas.id+"' can be reused.");const o=i.createResolver(i.chartOptionScopes(),this.getContext());this.platform=new(i.platform||UT(s)),this.platform.updateConfig(i);const r=this.platform.acquireContext(s,o.aspectRatio),a=r&&r.canvas,u=a&&a.height,f=a&&a.width;if(this.id=MS(),this.ctx=r,this.canvas=a,this.width=f,this.height=u,this._options=o,this._aspectRatio=this.aspectRatio,this._layers=[],this._metasets=[],this._stacks=void 0,this.boxes=[],this.currentDevicePixelRatio=void 0,this.chartArea=void 0,this._active=[],this._lastEvent=void 0,this._listeners={},this._responsiveListeners=void 0,this._sortedMetasets=[],this.scales={},this._plugins=new o5,this.$proxies={},this._hiddenIndices={},this.attached=!1,this._animationsDisabled=void 0,this.$context=void 0,this._doResize=ZS(c=>this.update(c),o.resizeDelay||0),this._dataChanges=[],nr[this.id]=this,!r||!a){console.error("Failed to create chart: can't acquire context from the given item");return}Ni.listen(this,"complete",Od),Ni.listen(this,"progress",w5),this._initialize(),this.attached&&this.update()}get aspectRatio(){const{options:{aspectRatio:e,maintainAspectRatio:t},width:i,height:s,_aspectRatio:l}=this;return Vt(e)?t&&l?l:s?i/s:null:e}get data(){return this.config.data}set data(e){this.config.data=e}get options(){return this._options}set options(e){this.config.options=e}get registry(){return ki}_initialize(){return this.notifyPlugins("beforeInit"),this.options.responsive?this.resize():ed(this,this.options.devicePixelRatio),this.bindEvents(),this.notifyPlugins("afterInit"),this}clear(){return Zc(this.canvas,this.ctx),this}stop(){return Ni.stop(this),this}resize(e,t){Ni.running(this)?this._resizeBeforeDraw={width:e,height:t}:this._resize(e,t)}_resize(e,t){const i=this.options,s=this.canvas,l=i.maintainAspectRatio&&this.aspectRatio,o=this.platform.getMaximumSize(s,e,t,l),r=i.devicePixelRatio||this.platform.getDevicePixelRatio(),a=this.width?"resize":"attach";this.width=o.width,this.height=o.height,this._aspectRatio=this.aspectRatio,ed(this,r,!0)&&(this.notifyPlugins("resize",{size:o}),ft(i.onResize,[this,o],this),this.attached&&this._doResize(a)&&this.render())}ensureScalesHaveIDs(){const t=this.options.scales||{};gt(t,(i,s)=>{i.id=s})}buildOrUpdateScales(){const e=this.options,t=e.scales,i=this.scales,s=Object.keys(i).reduce((o,r)=>(o[r]=!1,o),{});let l=[];t&&(l=l.concat(Object.keys(t).map(o=>{const r=t[o],a=tu(o,r),u=a==="r",f=a==="x";return{options:r,dposition:u?"chartArea":f?"bottom":"left",dtype:u?"radialLinear":f?"category":"linear"}}))),gt(l,o=>{const r=o.options,a=r.id,u=tu(a,r),f=Et(r.type,o.dtype);(r.position===void 0||$d(r.position,u)!==$d(o.dposition))&&(r.position=o.dposition),s[a]=!0;let c=null;if(a in i&&i[a].type===f)c=i[a];else{const d=ki.getScale(f);c=new d({id:a,type:f,ctx:this.ctx,chart:this}),i[c.id]=c}c.init(r,e)}),gt(s,(o,r)=>{o||delete i[r]}),gt(i,o=>{qo.configure(this,o,o.options),qo.addBox(this,o)})}_updateMetasets(){const e=this._metasets,t=this.data.datasets.length,i=e.length;if(e.sort((s,l)=>s.index-l.index),i>t){for(let s=t;st.length&&delete this._stacks,e.forEach((i,s)=>{t.filter(l=>l===i._dataset).length===0&&this._destroyDatasetMeta(s)})}buildOrUpdateControllers(){const e=[],t=this.data.datasets;let i,s;for(this._removeUnreferencedMetasets(),i=0,s=t.length;i{this.getDatasetMeta(t).controller.reset()},this)}reset(){this._resetElements(),this.notifyPlugins("reset")}update(e){const t=this.config;t.update();const i=this._options=t.createResolver(t.chartOptionScopes(),this.getContext()),s=this._animationsDisabled=!i.animation;if(this._updateScales(),this._checkEventBindings(),this._updateHiddenIndices(),this._plugins.invalidate(),this.notifyPlugins("beforeUpdate",{mode:e,cancelable:!0})===!1)return;const l=this.buildOrUpdateControllers();this.notifyPlugins("beforeElementsUpdate");let o=0;for(let u=0,f=this.data.datasets.length;u{u.reset()}),this._updateDatasets(e),this.notifyPlugins("afterUpdate",{mode:e}),this._layers.sort(Cd("z","_idx"));const{_active:r,_lastEvent:a}=this;a?this._eventHandler(a,!0):r.length&&this._updateHoverStyles(r,r,!0),this.render()}_updateScales(){gt(this.scales,e=>{qo.removeBox(this,e)}),this.ensureScalesHaveIDs(),this.buildOrUpdateScales()}_checkEventBindings(){const e=this.options,t=new Set(Object.keys(this._listeners)),i=new Set(e.events);(!qc(t,i)||!!this._responsiveListeners!==e.responsive)&&(this.unbindEvents(),this.bindEvents())}_updateHiddenIndices(){const{_hiddenIndices:e}=this,t=this._getUniformDataChanges()||[];for(const{method:i,start:s,count:l}of t){const o=i==="_removeElements"?-l:l;S5(e,s,o)}}_getUniformDataChanges(){const e=this._dataChanges;if(!e||!e.length)return;this._dataChanges=[];const t=this.data.datasets.length,i=l=>new Set(e.filter(o=>o[0]===l).map((o,r)=>r+","+o.splice(1).join(","))),s=i(0);for(let l=1;ll.split(",")).map(l=>({method:l[1],start:+l[2],count:+l[3]}))}_updateLayout(e){if(this.notifyPlugins("beforeLayout",{cancelable:!0})===!1)return;qo.update(this,this.width,this.height,e);const t=this.chartArea,i=t.width<=0||t.height<=0;this._layers=[],gt(this.boxes,s=>{i&&s.position==="chartArea"||(s.configure&&s.configure(),this._layers.push(...s._layers()))},this),this._layers.forEach((s,l)=>{s._idx=l}),this.notifyPlugins("afterLayout")}_updateDatasets(e){if(this.notifyPlugins("beforeDatasetsUpdate",{mode:e,cancelable:!0})!==!1){for(let t=0,i=this.data.datasets.length;t=0;--t)this._drawDataset(e[t]);this.notifyPlugins("afterDatasetsDraw")}_drawDataset(e){const t=this.ctx,i={meta:e,index:e.index,cancelable:!0},s=Xk(this,e);this.notifyPlugins("beforeDatasetDraw",i)!==!1&&(s&&Bu(t,s),e.controller.draw(),s&&Wu(t),i.cancelable=!1,this.notifyPlugins("afterDatasetDraw",i))}isPointInArea(e){return ls(e,this.chartArea,this._minPadding)}getElementsAtEventForMode(e,t,i,s){const l=vT.modes[t];return typeof l=="function"?l(this,e,i,s):[]}getDatasetMeta(e){const t=this.data.datasets[e],i=this._metasets;let s=i.filter(l=>l&&l._dataset===t).pop();return s||(s={type:null,data:[],dataset:null,controller:null,hidden:null,xAxisID:null,yAxisID:null,order:t&&t.order||0,index:e,_dataset:t,_parsed:[],_sorted:!1},i.push(s)),s}getContext(){return this.$context||(this.$context=Pl(null,{chart:this,type:"chart"}))}getVisibleDatasetCount(){return this.getSortedVisibleDatasetMetas().length}isDatasetVisible(e){const t=this.data.datasets[e];if(!t)return!1;const i=this.getDatasetMeta(e);return typeof i.hidden=="boolean"?!i.hidden:!t.hidden}setDatasetVisibility(e,t){const i=this.getDatasetMeta(e);i.hidden=!t}toggleDataVisibility(e){this._hiddenIndices[e]=!this._hiddenIndices[e]}getDataVisibility(e){return!this._hiddenIndices[e]}_updateVisibility(e,t,i){const s=i?"show":"hide",l=this.getDatasetMeta(e),o=l.controller._resolveAnimations(void 0,s);_r(t)?(l.data[t].hidden=!i,this.update()):(this.setDatasetVisibility(e,i),o.update(l,{visible:i}),this.update(r=>r.datasetIndex===e?s:void 0))}hide(e,t){this._updateVisibility(e,t,!1)}show(e,t){this._updateVisibility(e,t,!0)}_destroyDatasetMeta(e){const t=this._metasets[e];t&&t.controller&&t.controller._destroy(),delete this._metasets[e]}_stop(){let e,t;for(this.stop(),Ni.remove(this),e=0,t=this.data.datasets.length;e{t.addEventListener(this,l,o),e[l]=o},s=(l,o,r)=>{l.offsetX=o,l.offsetY=r,this._eventHandler(l)};gt(this.options.events,l=>i(l,s))}bindResponsiveEvents(){this._responsiveListeners||(this._responsiveListeners={});const e=this._responsiveListeners,t=this.platform,i=(a,u)=>{t.addEventListener(this,a,u),e[a]=u},s=(a,u)=>{e[a]&&(t.removeEventListener(this,a,u),delete e[a])},l=(a,u)=>{this.canvas&&this.resize(a,u)};let o;const r=()=>{s("attach",r),this.attached=!0,this.resize(),i("resize",l),i("detach",o)};o=()=>{this.attached=!1,s("resize",l),this._stop(),this._resize(0,0),i("attach",r)},t.isAttached(this.canvas)?r():o()}unbindEvents(){gt(this._listeners,(e,t)=>{this.platform.removeEventListener(this,t,e)}),this._listeners={},gt(this._responsiveListeners,(e,t)=>{this.platform.removeEventListener(this,t,e)}),this._responsiveListeners=void 0}updateHoverStyle(e,t,i){const s=i?"set":"remove";let l,o,r,a;for(t==="dataset"&&(l=this.getDatasetMeta(e[0].datasetIndex),l.controller["_"+s+"DatasetHoverStyle"]()),r=0,a=e.length;r{const r=this.getDatasetMeta(l);if(!r)throw new Error("No dataset found at index "+l);return{datasetIndex:l,element:r.data[o],index:o}});!pr(i,t)&&(this._active=i,this._lastEvent=null,this._updateHoverStyles(i,t))}notifyPlugins(e,t,i){return this._plugins.notify(this,e,t,i)}isPluginEnabled(e){return this._plugins._cache.filter(t=>t.plugin.id===e).length===1}_updateHoverStyles(e,t,i){const s=this.options.hover,l=(a,u)=>a.filter(f=>!u.some(c=>f.datasetIndex===c.datasetIndex&&f.index===c.index)),o=l(t,e),r=i?e:l(e,t);o.length&&this.updateHoverStyle(o,s.mode,!1),r.length&&s.mode&&this.updateHoverStyle(r,s.mode,!0)}_eventHandler(e,t){const i={event:e,replay:t,cancelable:!0,inChartArea:this.isPointInArea(e)},s=o=>(o.options.events||this.options.events).includes(e.native.type);if(this.notifyPlugins("beforeEvent",i,s)===!1)return;const l=this._handleEvent(e,t,i.inChartArea);return i.cancelable=!1,this.notifyPlugins("afterEvent",i,s),(l||i.changed)&&this.render(),this}_handleEvent(e,t,i){const{_active:s=[],options:l}=this,o=t,r=this._getActiveElements(e,s,i,o),a=PS(e),u=T5(e,this._lastEvent,i,a);i&&(this._lastEvent=null,ft(l.onHover,[e,r,this],this),a&&ft(l.onClick,[e,r,this],this));const f=!pr(r,s);return(f||t)&&(this._active=r,this._updateHoverStyles(r,s,t)),this._lastEvent=u,f}_getActiveElements(e,t,i,s){if(e.type==="mouseout")return[];if(!i)return t;const l=this.options.hover;return this.getElementsAtEventForMode(e,l.mode,l,s)}}pt(wi,"defaults",on),pt(wi,"instances",nr),pt(wi,"overrides",Il),pt(wi,"registry",ki),pt(wi,"version",y5),pt(wi,"getChart",Md);function Ed(){return gt(wi.instances,n=>n._plugins.invalidate())}function fy(n,e,t=e){n.lineCap=Et(t.borderCapStyle,e.borderCapStyle),n.setLineDash(Et(t.borderDash,e.borderDash)),n.lineDashOffset=Et(t.borderDashOffset,e.borderDashOffset),n.lineJoin=Et(t.borderJoinStyle,e.borderJoinStyle),n.lineWidth=Et(t.borderWidth,e.borderWidth),n.strokeStyle=Et(t.borderColor,e.borderColor)}function $5(n,e,t){n.lineTo(t.x,t.y)}function C5(n){return n.stepped?f4:n.tension||n.cubicInterpolationMode==="monotone"?c4:$5}function cy(n,e,t={}){const i=n.length,{start:s=0,end:l=i-1}=t,{start:o,end:r}=e,a=Math.max(s,o),u=Math.min(l,r),f=sr&&l>r;return{count:i,start:a,loop:e.loop,ilen:u(o+(u?r-T:T))%l,$=()=>{g!==_&&(n.lineTo(f,_),n.lineTo(f,g),n.lineTo(f,k))};for(a&&(m=s[S(0)],n.moveTo(m.x,m.y)),d=0;d<=r;++d){if(m=s[S(d)],m.skip)continue;const T=m.x,O=m.y,E=T|0;E===h?(O_&&(_=O),f=(c*f+T)/++c):($(),n.lineTo(T,O),h=E,c=0,g=_=O),k=O}$()}function nu(n){const e=n.options,t=e.borderDash&&e.borderDash.length;return!n._decimated&&!n._loop&&!e.tension&&e.cubicInterpolationMode!=="monotone"&&!e.stepped&&!t?M5:O5}function E5(n){return n.stepped?B4:n.tension||n.cubicInterpolationMode==="monotone"?W4:vl}function D5(n,e,t,i){let s=e._path;s||(s=e._path=new Path2D,e.path(s,t,i)&&s.closePath()),fy(n,e.options),n.stroke(s)}function I5(n,e,t,i){const{segments:s,options:l}=e,o=nu(e);for(const r of s)fy(n,l,r.style),n.beginPath(),o(n,e,r,{start:t,end:t+i-1})&&n.closePath(),n.stroke()}const L5=typeof Path2D=="function";function A5(n,e,t,i){L5&&!e.options.segment?D5(n,e,t,i):I5(n,e,t,i)}class xi extends Ll{constructor(e){super(),this.animated=!0,this.options=void 0,this._chart=void 0,this._loop=void 0,this._fullLoop=void 0,this._path=void 0,this._points=void 0,this._segments=void 0,this._decimated=!1,this._pointsUpdated=!1,this._datasetIndex=void 0,e&&Object.assign(this,e)}updateControlPoints(e,t){const i=this.options;if((i.tension||i.cubicInterpolationMode==="monotone")&&!i.stepped&&!this._pointsUpdated){const s=i.spanGaps?this._loop:this._fullLoop;R4(this._points,i,e,s,t),this._pointsUpdated=!0}}set points(e){this._points=e,delete this._segments,delete this._path,this._pointsUpdated=!1}get points(){return this._points}get segments(){return this._segments||(this._segments=x4(this,this.options.segment))}first(){const e=this.segments,t=this.points;return e.length&&t[e[0].start]}last(){const e=this.segments,t=this.points,i=e.length;return i&&t[e[i-1].end]}interpolate(e,t){const i=this.options,s=e[t],l=this.points,o=Gk(this,{property:t,start:s,end:s});if(!o.length)return;const r=[],a=E5(i);let u,f;for(u=0,f=o.length;ue!=="borderDash"&&e!=="fill"});function Dd(n,e,t,i){const s=n.options,{[t]:l}=n.getProps([t],i);return Math.abs(e-l){r=Qu(o,r,s);const a=s[o],u=s[r];i!==null?(l.push({x:a.x,y:i}),l.push({x:u.x,y:i})):t!==null&&(l.push({x:t,y:a.y}),l.push({x:t,y:u.y}))}),l}function Qu(n,e,t){for(;e>n;e--){const i=t[e];if(!isNaN(i.x)&&!isNaN(i.y))break}return e}function Id(n,e,t,i){return n&&e?i(n[t],e[t]):n?n[t]:e?e[t]:0}function dy(n,e){let t=[],i=!1;return cn(n)?(i=!0,t=n):t=N5(n,e),t.length?new xi({points:t,options:{tension:0},_loop:i,_fullLoop:i}):null}function Ld(n){return n&&n.fill!==!1}function R5(n,e,t){let s=n[e].fill;const l=[e];let o;if(!t)return s;for(;s!==!1&&l.indexOf(s)===-1;){if(!Tn(s))return s;if(o=n[s],!o)return!1;if(o.visible)return s;l.push(s),s=o.fill}return!1}function F5(n,e,t){const i=z5(n);if(St(i))return isNaN(i.value)?!1:i;let s=parseFloat(i);return Tn(s)&&Math.floor(s)===s?q5(i[0],e,s,t):["origin","start","end","stack","shape"].indexOf(i)>=0&&i}function q5(n,e,t,i){return(n==="-"||n==="+")&&(t=e+t),t===e||t<0||t>=i?!1:t}function j5(n,e){let t=null;return n==="start"?t=e.bottom:n==="end"?t=e.top:St(n)?t=e.getPixelForValue(n.value):e.getBasePixel&&(t=e.getBasePixel()),t}function H5(n,e,t){let i;return n==="start"?i=t:n==="end"?i=e.options.reverse?e.min:e.max:St(n)?i=n.value:i=e.getBaseValue(),i}function z5(n){const e=n.options,t=e.fill;let i=Et(t&&t.target,t);return i===void 0&&(i=!!e.backgroundColor),i===!1||i===null?!1:i===!0?"origin":i}function U5(n){const{scale:e,index:t,line:i}=n,s=[],l=i.segments,o=i.points,r=V5(e,t);r.push(dy({x:null,y:e.bottom},i));for(let a=0;a=0;--o){const r=s[o].$filler;r&&(r.line.updateControlPoints(l,r.axis),i&&r.fill&&_a(n.ctx,r,l))}},beforeDatasetsDraw(n,e,t){if(t.drawTime!=="beforeDatasetsDraw")return;const i=n.getSortedVisibleDatasetMetas();for(let s=i.length-1;s>=0;--s){const l=i[s].$filler;Ld(l)&&_a(n.ctx,l,n.chartArea)}},beforeDatasetDraw(n,e,t){const i=e.meta.$filler;!Ld(i)||t.drawTime!=="beforeDatasetDraw"||_a(n.ctx,i,n.chartArea)},defaults:{propagate:!0,drawTime:"beforeDatasetDraw"}};const Ds={average(n){if(!n.length)return!1;let e,t,i=new Set,s=0,l=0;for(e=0,t=n.length;er+a)/i.size,y:s/l}},nearest(n,e){if(!n.length)return!1;let t=e.x,i=e.y,s=Number.POSITIVE_INFINITY,l,o,r;for(l=0,o=n.length;l-1?n.split(` +`):n}function e6(n,e){const{element:t,datasetIndex:i,index:s}=e,l=n.getDatasetMeta(i).controller,{label:o,value:r}=l.getLabelAndValue(s);return{chart:n,label:o,parsed:l.getParsed(s),raw:n.data.datasets[i].data[s],formattedValue:r,dataset:l.getDataset(),dataIndex:s,datasetIndex:i,element:t}}function Rd(n,e){const t=n.chart.ctx,{body:i,footer:s,title:l}=n,{boxWidth:o,boxHeight:r}=e,a=$i(e.bodyFont),u=$i(e.titleFont),f=$i(e.footerFont),c=l.length,d=s.length,m=i.length,h=rl(e.padding);let g=h.height,_=0,k=i.reduce((T,O)=>T+O.before.length+O.lines.length+O.after.length,0);if(k+=n.beforeBody.length+n.afterBody.length,c&&(g+=c*u.lineHeight+(c-1)*e.titleSpacing+e.titleMarginBottom),k){const T=e.displayColors?Math.max(r,a.lineHeight):a.lineHeight;g+=m*T+(k-m)*a.lineHeight+(k-1)*e.bodySpacing}d&&(g+=e.footerMarginTop+d*f.lineHeight+(d-1)*e.footerSpacing);let S=0;const $=function(T){_=Math.max(_,t.measureText(T).width+S)};return t.save(),t.font=u.string,gt(n.title,$),t.font=a.string,gt(n.beforeBody.concat(n.afterBody),$),S=e.displayColors?o+2+e.boxPadding:0,gt(i,T=>{gt(T.before,$),gt(T.lines,$),gt(T.after,$)}),S=0,t.font=f.string,gt(n.footer,$),t.restore(),_+=h.width,{width:_,height:g}}function t6(n,e){const{y:t,height:i}=e;return tn.height-i/2?"bottom":"center"}function n6(n,e,t,i){const{x:s,width:l}=i,o=t.caretSize+t.caretPadding;if(n==="left"&&s+l+o>e.width||n==="right"&&s-l-o<0)return!0}function i6(n,e,t,i){const{x:s,width:l}=t,{width:o,chartArea:{left:r,right:a}}=n;let u="center";return i==="center"?u=s<=(r+a)/2?"left":"right":s<=l/2?u="left":s>=o-l/2&&(u="right"),n6(u,n,e,t)&&(u="center"),u}function Fd(n,e,t){const i=t.yAlign||e.yAlign||t6(n,t);return{xAlign:t.xAlign||e.xAlign||i6(n,e,t,i),yAlign:i}}function l6(n,e){let{x:t,width:i}=n;return e==="right"?t-=i:e==="center"&&(t-=i/2),t}function s6(n,e,t){let{y:i,height:s}=n;return e==="top"?i+=t:e==="bottom"?i-=s+t:i-=s/2,i}function qd(n,e,t,i){const{caretSize:s,caretPadding:l,cornerRadius:o}=n,{xAlign:r,yAlign:a}=t,u=s+l,{topLeft:f,topRight:c,bottomLeft:d,bottomRight:m}=xo(o);let h=l6(e,r);const g=s6(e,a,u);return a==="center"?r==="left"?h+=u:r==="right"&&(h-=u):r==="left"?h-=Math.max(f,d)+s:r==="right"&&(h+=Math.max(c,m)+s),{x:pi(h,0,i.width-e.width),y:pi(g,0,i.height-e.height)}}function Uo(n,e,t){const i=rl(t.padding);return e==="center"?n.x+n.width/2:e==="right"?n.x+n.width-i.right:n.x+i.left}function jd(n){return bi([],Ri(n))}function o6(n,e,t){return Pl(n,{tooltip:e,tooltipItems:t,type:"tooltip"})}function Hd(n,e){const t=e&&e.dataset&&e.dataset.tooltip&&e.dataset.tooltip.callbacks;return t?n.override(t):n}const my={beforeTitle:Pi,title(n){if(n.length>0){const e=n[0],t=e.chart.data.labels,i=t?t.length:0;if(this&&this.options&&this.options.mode==="dataset")return e.dataset.label||"";if(e.label)return e.label;if(i>0&&e.dataIndex"u"?my[e].call(t,i):s}class lu extends Ll{constructor(e){super(),this.opacity=0,this._active=[],this._eventPosition=void 0,this._size=void 0,this._cachedAnimations=void 0,this._tooltipItems=[],this.$animations=void 0,this.$context=void 0,this.chart=e.chart,this.options=e.options,this.dataPoints=void 0,this.title=void 0,this.beforeBody=void 0,this.body=void 0,this.afterBody=void 0,this.footer=void 0,this.xAlign=void 0,this.yAlign=void 0,this.x=void 0,this.y=void 0,this.height=void 0,this.width=void 0,this.caretX=void 0,this.caretY=void 0,this.labelColors=void 0,this.labelPointStyles=void 0,this.labelTextColors=void 0}initialize(e){this.options=e,this._cachedAnimations=void 0,this.$context=void 0}_resolveAnimations(){const e=this._cachedAnimations;if(e)return e;const t=this.chart,i=this.options.setContext(this.getContext()),s=i.enabled&&t.options.animation&&i.animations,l=new Qk(this.chart,s);return s._cacheable&&(this._cachedAnimations=Object.freeze(l)),l}getContext(){return this.$context||(this.$context=o6(this.chart.getContext(),this,this._tooltipItems))}getTitle(e,t){const{callbacks:i}=t,s=Pn(i,"beforeTitle",this,e),l=Pn(i,"title",this,e),o=Pn(i,"afterTitle",this,e);let r=[];return r=bi(r,Ri(s)),r=bi(r,Ri(l)),r=bi(r,Ri(o)),r}getBeforeBody(e,t){return jd(Pn(t.callbacks,"beforeBody",this,e))}getBody(e,t){const{callbacks:i}=t,s=[];return gt(e,l=>{const o={before:[],lines:[],after:[]},r=Hd(i,l);bi(o.before,Ri(Pn(r,"beforeLabel",this,l))),bi(o.lines,Pn(r,"label",this,l)),bi(o.after,Ri(Pn(r,"afterLabel",this,l))),s.push(o)}),s}getAfterBody(e,t){return jd(Pn(t.callbacks,"afterBody",this,e))}getFooter(e,t){const{callbacks:i}=t,s=Pn(i,"beforeFooter",this,e),l=Pn(i,"footer",this,e),o=Pn(i,"afterFooter",this,e);let r=[];return r=bi(r,Ri(s)),r=bi(r,Ri(l)),r=bi(r,Ri(o)),r}_createItems(e){const t=this._active,i=this.chart.data,s=[],l=[],o=[];let r=[],a,u;for(a=0,u=t.length;ae.filter(f,c,d,i))),e.itemSort&&(r=r.sort((f,c)=>e.itemSort(f,c,i))),gt(r,f=>{const c=Hd(e.callbacks,f);s.push(Pn(c,"labelColor",this,f)),l.push(Pn(c,"labelPointStyle",this,f)),o.push(Pn(c,"labelTextColor",this,f))}),this.labelColors=s,this.labelPointStyles=l,this.labelTextColors=o,this.dataPoints=r,r}update(e,t){const i=this.options.setContext(this.getContext()),s=this._active;let l,o=[];if(!s.length)this.opacity!==0&&(l={opacity:0});else{const r=Ds[i.position].call(this,s,this._eventPosition);o=this._createItems(i),this.title=this.getTitle(o,i),this.beforeBody=this.getBeforeBody(o,i),this.body=this.getBody(o,i),this.afterBody=this.getAfterBody(o,i),this.footer=this.getFooter(o,i);const a=this._size=Rd(this,i),u=Object.assign({},r,a),f=Fd(this.chart,i,u),c=qd(i,u,f,this.chart);this.xAlign=f.xAlign,this.yAlign=f.yAlign,l={opacity:1,x:c.x,y:c.y,width:a.width,height:a.height,caretX:r.x,caretY:r.y}}this._tooltipItems=o,this.$context=void 0,l&&this._resolveAnimations().update(this,l),e&&i.external&&i.external.call(this,{chart:this.chart,tooltip:this,replay:t})}drawCaret(e,t,i,s){const l=this.getCaretPosition(e,i,s);t.lineTo(l.x1,l.y1),t.lineTo(l.x2,l.y2),t.lineTo(l.x3,l.y3)}getCaretPosition(e,t,i){const{xAlign:s,yAlign:l}=this,{caretSize:o,cornerRadius:r}=i,{topLeft:a,topRight:u,bottomLeft:f,bottomRight:c}=xo(r),{x:d,y:m}=e,{width:h,height:g}=t;let _,k,S,$,T,O;return l==="center"?(T=m+g/2,s==="left"?(_=d,k=_-o,$=T+o,O=T-o):(_=d+h,k=_+o,$=T-o,O=T+o),S=_):(s==="left"?k=d+Math.max(a,f)+o:s==="right"?k=d+h-Math.max(u,c)-o:k=this.caretX,l==="top"?($=m,T=$-o,_=k-o,S=k+o):($=m+g,T=$+o,_=k+o,S=k-o),O=$),{x1:_,x2:k,x3:S,y1:$,y2:T,y3:O}}drawTitle(e,t,i){const s=this.title,l=s.length;let o,r,a;if(l){const u=ua(i.rtl,this.x,this.width);for(e.x=Uo(this,i.titleAlign,i),t.textAlign=u.textAlign(i.titleAlign),t.textBaseline="middle",o=$i(i.titleFont),r=i.titleSpacing,t.fillStyle=i.titleColor,t.font=o.string,a=0;aS!==0)?(e.beginPath(),e.fillStyle=l.multiKeyBackground,Xc(e,{x:g,y:h,w:u,h:a,radius:k}),e.fill(),e.stroke(),e.fillStyle=o.backgroundColor,e.beginPath(),Xc(e,{x:_,y:h+1,w:u-2,h:a-2,radius:k}),e.fill()):(e.fillStyle=l.multiKeyBackground,e.fillRect(g,h,u,a),e.strokeRect(g,h,u,a),e.fillStyle=o.backgroundColor,e.fillRect(_,h+1,u-2,a-2))}e.fillStyle=this.labelTextColors[i]}drawBody(e,t,i){const{body:s}=this,{bodySpacing:l,bodyAlign:o,displayColors:r,boxHeight:a,boxWidth:u,boxPadding:f}=i,c=$i(i.bodyFont);let d=c.lineHeight,m=0;const h=ua(i.rtl,this.x,this.width),g=function(I){t.fillText(I,h.x(e.x+m),e.y+d/2),e.y+=d+l},_=h.textAlign(o);let k,S,$,T,O,E,L;for(t.textAlign=o,t.textBaseline="middle",t.font=c.string,e.x=Uo(this,_,i),t.fillStyle=i.bodyColor,gt(this.beforeBody,g),m=r&&_!=="right"?o==="center"?u/2+f:u+2+f:0,T=0,E=s.length;T0&&t.stroke()}_updateAnimationTarget(e){const t=this.chart,i=this.$animations,s=i&&i.x,l=i&&i.y;if(s||l){const o=Ds[e.position].call(this,this._active,this._eventPosition);if(!o)return;const r=this._size=Rd(this,e),a=Object.assign({},o,this._size),u=Fd(t,e,a),f=qd(e,a,u,t);(s._to!==f.x||l._to!==f.y)&&(this.xAlign=u.xAlign,this.yAlign=u.yAlign,this.width=r.width,this.height=r.height,this.caretX=o.x,this.caretY=o.y,this._resolveAnimations().update(this,f))}}_willRender(){return!!this.opacity}draw(e){const t=this.options.setContext(this.getContext());let i=this.opacity;if(!i)return;this._updateAnimationTarget(t);const s={width:this.width,height:this.height},l={x:this.x,y:this.y};i=Math.abs(i)<.001?0:i;const o=rl(t.padding),r=this.title.length||this.beforeBody.length||this.body.length||this.afterBody.length||this.footer.length;t.enabled&&r&&(e.save(),e.globalAlpha=i,this.drawBackground(l,e,s,t),J4(e,t.textDirection),l.y+=o.top,this.drawTitle(l,e,t),this.drawBody(l,e,t),this.drawFooter(l,e,t),Z4(e,t.textDirection),e.restore())}getActiveElements(){return this._active||[]}setActiveElements(e,t){const i=this._active,s=e.map(({datasetIndex:r,index:a})=>{const u=this.chart.getDatasetMeta(r);if(!u)throw new Error("Cannot find a dataset at index "+r);return{datasetIndex:r,element:u.data[a],index:a}}),l=!pr(i,s),o=this._positionChanged(s,t);(l||o)&&(this._active=s,this._eventPosition=t,this._ignoreReplayEvents=!0,this.update(!0))}handleEvent(e,t,i=!0){if(t&&this._ignoreReplayEvents)return!1;this._ignoreReplayEvents=!1;const s=this.options,l=this._active||[],o=this._getActiveElements(e,l,t,i),r=this._positionChanged(o,e),a=t||!pr(o,l)||r;return a&&(this._active=o,(s.enabled||s.external)&&(this._eventPosition={x:e.x,y:e.y},this.update(!0,t))),a}_getActiveElements(e,t,i,s){const l=this.options;if(e.type==="mouseout")return[];if(!s)return t.filter(r=>this.chart.data.datasets[r.datasetIndex]&&this.chart.getDatasetMeta(r.datasetIndex).controller.getParsed(r.index)!==void 0);const o=this.chart.getElementsAtEventForMode(e,l.mode,l,i);return l.reverse&&o.reverse(),o}_positionChanged(e,t){const{caretX:i,caretY:s,options:l}=this,o=Ds[l.position].call(this,e,t);return o!==!1&&(i!==o.x||s!==o.y)}}pt(lu,"positioners",Ds);var r6={id:"tooltip",_element:lu,positioners:Ds,afterInit(n,e,t){t&&(n.tooltip=new lu({chart:n,options:t}))},beforeUpdate(n,e,t){n.tooltip&&n.tooltip.initialize(t)},reset(n,e,t){n.tooltip&&n.tooltip.initialize(t)},afterDraw(n){const e=n.tooltip;if(e&&e._willRender()){const t={tooltip:e};if(n.notifyPlugins("beforeTooltipDraw",{...t,cancelable:!0})===!1)return;e.draw(n.ctx),n.notifyPlugins("afterTooltipDraw",t)}},afterEvent(n,e){if(n.tooltip){const t=e.replay;n.tooltip.handleEvent(e.event,t,e.inChartArea)&&(e.changed=!0)}},defaults:{enabled:!0,external:null,position:"average",backgroundColor:"rgba(0,0,0,0.8)",titleColor:"#fff",titleFont:{weight:"bold"},titleSpacing:2,titleMarginBottom:6,titleAlign:"left",bodyColor:"#fff",bodySpacing:2,bodyFont:{},bodyAlign:"left",footerColor:"#fff",footerSpacing:2,footerMarginTop:6,footerFont:{weight:"bold"},footerAlign:"left",padding:6,caretPadding:2,caretSize:5,cornerRadius:6,boxHeight:(n,e)=>e.bodyFont.size,boxWidth:(n,e)=>e.bodyFont.size,multiKeyBackground:"#fff",displayColors:!0,boxPadding:0,borderColor:"rgba(0,0,0,0)",borderWidth:0,animation:{duration:400,easing:"easeOutQuart"},animations:{numbers:{type:"number",properties:["x","y","width","height","caretX","caretY"]},opacity:{easing:"linear",duration:200}},callbacks:my},defaultRoutes:{bodyFont:"font",footerFont:"font",titleFont:"font"},descriptors:{_scriptable:n=>n!=="filter"&&n!=="itemSort"&&n!=="external",_indexable:!1,callbacks:{_scriptable:!1,_indexable:!1},animation:{_fallback:!1},animations:{_fallback:"animation"}},additionalOptionScopes:["interaction"]};function a6(n,e){const t=[],{bounds:s,step:l,min:o,max:r,precision:a,count:u,maxTicks:f,maxDigits:c,includeBounds:d}=n,m=l||1,h=f-1,{min:g,max:_}=e,k=!Vt(o),S=!Vt(r),$=!Vt(u),T=(_-g)/(c+1);let O=Hc((_-g)/h/m)*m,E,L,I,A;if(O<1e-14&&!k&&!S)return[{value:g},{value:_}];A=Math.ceil(_/O)-Math.floor(g/O),A>h&&(O=Hc(A*O/h/m)*m),Vt(a)||(E=Math.pow(10,a),O=Math.ceil(O*E)/E),s==="ticks"?(L=Math.floor(g/O)*O,I=Math.ceil(_/O)*O):(L=g,I=_),k&&S&&l&&jS((r-o)/l,O/1e3)?(A=Math.round(Math.min((r-o)/O,f)),O=(r-o)/A,L=o,I=r):$?(L=k?o:L,I=S?r:I,A=u-1,O=(I-L)/A):(A=(I-L)/O,Ol(A,Math.round(A),O/1e3)?A=Math.round(A):A=Math.ceil(A));const P=Math.max(zc(O),zc(L));E=Math.pow(10,Vt(a)?P:a),L=Math.round(L*E)/E,I=Math.round(I*E)/E;let N=0;for(k&&(d&&L!==o?(t.push({value:o}),Lr)break;t.push({value:R})}return S&&d&&I!==r?t.length&&Ol(t[t.length-1].value,r,zd(r,T,n))?t[t.length-1].value=r:t.push({value:r}):(!S||I===r)&&t.push({value:I}),t}function zd(n,e,{horizontal:t,minRotation:i}){const s=Tl(i),l=(t?Math.sin(s):Math.cos(s))||.001,o=.75*e*(""+n).length;return Math.min(e/l,o)}class u6 extends mo{constructor(e){super(e),this.start=void 0,this.end=void 0,this._startValue=void 0,this._endValue=void 0,this._valueRange=0}parse(e,t){return Vt(e)||(typeof e=="number"||e instanceof Number)&&!isFinite(+e)?null:+e}handleTickRangeOptions(){const{beginAtZero:e}=this.options,{minDefined:t,maxDefined:i}=this.getUserBounds();let{min:s,max:l}=this;const o=a=>s=t?s:a,r=a=>l=i?l:a;if(e){const a=ol(s),u=ol(l);a<0&&u<0?r(0):a>0&&u>0&&o(0)}if(s===l){let a=l===0?1:Math.abs(l*.05);r(l+a),e||o(s-a)}this.min=s,this.max=l}getTickLimit(){const e=this.options.ticks;let{maxTicksLimit:t,stepSize:i}=e,s;return i?(s=Math.ceil(this.max/i)-Math.floor(this.min/i)+1,s>1e3&&(console.warn(`scales.${this.id}.ticks.stepSize: ${i} would result generating up to ${s} ticks. Limiting to 1000.`),s=1e3)):(s=this.computeTickLimit(),t=t||11),t&&(s=Math.min(t,s)),s}computeTickLimit(){return Number.POSITIVE_INFINITY}buildTicks(){const e=this.options,t=e.ticks;let i=this.getTickLimit();i=Math.max(2,i);const s={maxTicks:i,bounds:e.bounds,min:e.min,max:e.max,precision:t.precision,step:t.stepSize,count:t.count,maxDigits:this._maxDigits(),horizontal:this.isHorizontal(),minRotation:t.minRotation||0,includeBounds:t.includeBounds!==!1},l=this._range||this,o=a6(s,l);return e.bounds==="ticks"&&HS(o,this,"value"),e.reverse?(o.reverse(),this.start=this.max,this.end=this.min):(this.start=this.min,this.end=this.max),o}configure(){const e=this.ticks;let t=this.min,i=this.max;if(super.configure(),this.options.offset&&e.length){const s=(i-t)/Math.max(e.length-1,1)/2;t-=s,i+=s}this._startValue=t,this._endValue=i,this._valueRange=i-t}getLabelForValue(e){return Hk(e,this.chart.options.locale,this.options.ticks.format)}}class su extends u6{determineDataLimits(){const{min:e,max:t}=this.getMinMax(!0);this.min=Tn(e)?e:0,this.max=Tn(t)?t:1,this.handleTickRangeOptions()}computeTickLimit(){const e=this.isHorizontal(),t=e?this.width:this.height,i=Tl(this.options.ticks.minRotation),s=(e?Math.sin(i):Math.cos(i))||.001,l=this._resolveTickFontOptions(0);return Math.ceil(t/Math.min(40,l.lineHeight/s))}getPixelForValue(e){return e===null?NaN:this.getPixelForDecimal((e-this._startValue)/this._valueRange)}getValueForPixel(e){return this._startValue+this.getDecimalForPixel(e)*this._valueRange}}pt(su,"id","linear"),pt(su,"defaults",{ticks:{callback:zk.formatters.numeric}});const Fr={millisecond:{common:!0,size:1,steps:1e3},second:{common:!0,size:1e3,steps:60},minute:{common:!0,size:6e4,steps:60},hour:{common:!0,size:36e5,steps:24},day:{common:!0,size:864e5,steps:30},week:{common:!1,size:6048e5,steps:4},month:{common:!0,size:2628e6,steps:12},quarter:{common:!1,size:7884e6,steps:4},year:{common:!0,size:3154e7}},jn=Object.keys(Fr);function Ud(n,e){return n-e}function Vd(n,e){if(Vt(e))return null;const t=n._adapter,{parser:i,round:s,isoWeekday:l}=n._parseOpts;let o=e;return typeof i=="function"&&(o=i(o)),Tn(o)||(o=typeof i=="string"?t.parse(o,i):t.parse(o)),o===null?null:(s&&(o=s==="week"&&(Xs(l)||l===!0)?t.startOf(o,"isoWeek",l):t.startOf(o,s)),+o)}function Bd(n,e,t,i){const s=jn.length;for(let l=jn.indexOf(n);l=jn.indexOf(t);l--){const o=jn[l];if(Fr[o].common&&n._adapter.diff(s,i,o)>=e-1)return o}return jn[t?jn.indexOf(t):0]}function c6(n){for(let e=jn.indexOf(n)+1,t=jn.length;e=e?t[i]:t[s];n[l]=!0}}function d6(n,e,t,i){const s=n._adapter,l=+s.startOf(e[0].value,i),o=e[e.length-1].value;let r,a;for(r=l;r<=o;r=+s.add(r,1,i))a=t[r],a>=0&&(e[a].major=!0);return e}function Yd(n,e,t){const i=[],s={},l=e.length;let o,r;for(o=0;o+e.value))}initOffsets(e=[]){let t=0,i=0,s,l;this.options.offset&&e.length&&(s=this.getDecimalForValue(e[0]),e.length===1?t=1-s:t=(this.getDecimalForValue(e[1])-s)/2,l=this.getDecimalForValue(e[e.length-1]),e.length===1?i=l:i=(l-this.getDecimalForValue(e[e.length-2]))/2);const o=e.length<3?.5:.25;t=pi(t,0,o),i=pi(i,0,o),this._offsets={start:t,end:i,factor:1/(t+1+i)}}_generate(){const e=this._adapter,t=this.min,i=this.max,s=this.options,l=s.time,o=l.unit||Bd(l.minUnit,t,i,this._getLabelCapacity(t)),r=Et(s.ticks.stepSize,1),a=o==="week"?l.isoWeekday:!1,u=Xs(a)||a===!0,f={};let c=t,d,m;if(u&&(c=+e.startOf(c,"isoWeek",a)),c=+e.startOf(c,u?"day":o),e.diff(i,t,o)>1e5*r)throw new Error(t+" and "+i+" are too far apart with stepSize of "+r+" "+o);const h=s.ticks.source==="data"&&this.getDataTimestamps();for(d=c,m=0;d+g)}getLabelForValue(e){const t=this._adapter,i=this.options.time;return i.tooltipFormat?t.format(e,i.tooltipFormat):t.format(e,i.displayFormats.datetime)}format(e,t){const s=this.options.time.displayFormats,l=this._unit,o=t||s[l];return this._adapter.format(e,o)}_tickFormatFunction(e,t,i,s){const l=this.options,o=l.ticks.callback;if(o)return ft(o,[e,t,i],this);const r=l.time.displayFormats,a=this._unit,u=this._majorUnit,f=a&&r[a],c=u&&r[u],d=i[t],m=u&&c&&d&&d.major;return this._adapter.format(e,s||(m?c:f))}generateTickLabels(e){let t,i,s;for(t=0,i=e.length;t0?r:1}getDataTimestamps(){let e=this._cache.data||[],t,i;if(e.length)return e;const s=this.getMatchingVisibleMetas();if(this._normalized&&s.length)return this._cache.data=s[0].controller.getAllParsedValues(this);for(t=0,i=s.length;t=n[i].pos&&e<=n[s].pos&&({lo:i,hi:s}=$l(n,"pos",e)),{pos:l,time:r}=n[i],{pos:o,time:a}=n[s]):(e>=n[i].time&&e<=n[s].time&&({lo:i,hi:s}=$l(n,"time",e)),{time:l,pos:r}=n[i],{time:o,pos:a}=n[s]);const u=o-l;return u?r+(a-r)*(e-l)/u:r}class Kd extends xs{constructor(e){super(e),this._table=[],this._minPos=void 0,this._tableRange=void 0}initOffsets(){const e=this._getTimestampsForTable(),t=this._table=this.buildLookupTable(e);this._minPos=Vo(t,this.min),this._tableRange=Vo(t,this.max)-this._minPos,super.initOffsets(e)}buildLookupTable(e){const{min:t,max:i}=this,s=[],l=[];let o,r,a,u,f;for(o=0,r=e.length;o=t&&u<=i&&s.push(u);if(s.length<2)return[{time:t,pos:0},{time:i,pos:1}];for(o=0,r=s.length;os-l)}_getTimestampsForTable(){let e=this._cache.all||[];if(e.length)return e;const t=this.getDataTimestamps(),i=this.getLabelTimestamps();return t.length&&i.length?e=this.normalize(t.concat(i)):e=t.length?t:i,e=this._cache.all=e,e}getDecimalForValue(e){return(Vo(this._table,e)-this._minPos)/this._tableRange}getValueForPixel(e){const t=this._offsets,i=this.getDecimalForPixel(e)/t.factor-t.end;return Vo(this._table,i*this._tableRange+this._minPos,!0)}}pt(Kd,"id","timeseries"),pt(Kd,"defaults",xs.defaults);/*! + * chartjs-adapter-luxon v1.3.1 + * https://www.chartjs.org + * (c) 2023 chartjs-adapter-luxon Contributors + * Released under the MIT license + */const p6={datetime:Xe.DATETIME_MED_WITH_SECONDS,millisecond:"h:mm:ss.SSS a",second:Xe.TIME_WITH_SECONDS,minute:Xe.TIME_SIMPLE,hour:{hour:"numeric"},day:{day:"numeric",month:"short"},week:"DD",month:{month:"short",year:"numeric"},quarter:"'Q'q - yyyy",year:{year:"numeric"}};ey._date.override({_id:"luxon",_create:function(n){return Xe.fromMillis(n,this.options)},init(n){this.options.locale||(this.options.locale=n.locale)},formats:function(){return p6},parse:function(n,e){const t=this.options,i=typeof n;return n===null||i==="undefined"?null:(i==="number"?n=this._create(n):i==="string"?typeof e=="string"?n=Xe.fromFormat(n,e,t):n=Xe.fromISO(n,t):n instanceof Date?n=Xe.fromJSDate(n,t):i==="object"&&!(n instanceof Xe)&&(n=Xe.fromObject(n,t)),n.isValid?n.valueOf():null)},format:function(n,e){const t=this._create(n);return typeof e=="string"?t.toFormat(e):t.toLocaleString(e)},add:function(n,e,t){const i={};return i[t]=e,this._create(n).plus(i).valueOf()},diff:function(n,e,t){return this._create(n).diff(this._create(e)).as(t).valueOf()},startOf:function(n,e,t){if(e==="isoWeek"){t=Math.trunc(Math.min(Math.max(0,t),6));const i=this._create(n);return i.minus({days:(i.weekday-t+7)%7}).startOf("day").valueOf()}return e?this._create(n).startOf(e).valueOf():n},endOf:function(n,e){return this._create(n).endOf(e).valueOf()}});var r9=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function m6(n){return n&&n.__esModule&&Object.prototype.hasOwnProperty.call(n,"default")?n.default:n}var hy={exports:{}};/*! Hammer.JS - v2.0.7 - 2016-04-22 + * http://hammerjs.github.io/ + * + * Copyright (c) 2016 Jorik Tangelder; + * Licensed under the MIT license */(function(n){(function(e,t,i,s){var l=["","webkit","Moz","MS","ms","o"],o=t.createElement("div"),r="function",a=Math.round,u=Math.abs,f=Date.now;function c(K,Q,ie){return setTimeout($(K,ie),Q)}function d(K,Q,ie){return Array.isArray(K)?(m(K,ie[Q],ie),!0):!1}function m(K,Q,ie){var he;if(K)if(K.forEach)K.forEach(Q,ie);else if(K.length!==s)for(he=0;he\s*\(/gm,"{anonymous}()@"):"Unknown Stack Trace",_t=e.console&&(e.console.warn||e.console.log);return _t&&_t.call(e.console,he,Ze),K.apply(this,arguments)}}var g;typeof Object.assign!="function"?g=function(Q){if(Q===s||Q===null)throw new TypeError("Cannot convert undefined or null to object");for(var ie=Object(Q),he=1;he-1}function P(K){return K.trim().split(/\s+/g)}function N(K,Q,ie){if(K.indexOf&&!ie)return K.indexOf(Q);for(var he=0;heCn[Q]}),he}function F(K,Q){for(var ie,he,Ae=Q[0].toUpperCase()+Q.slice(1),Ze=0;Ze1&&!ie.firstMultiple?ie.firstMultiple=Gt(Q):Ae===1&&(ie.firstMultiple=!1);var Ze=ie.firstInput,_t=ie.firstMultiple,fn=_t?_t.center:Ze.center,hn=Q.center=gn(he);Q.timeStamp=f(),Q.deltaTime=Q.timeStamp-Ze.timeStamp,Q.angle=yt(fn,hn),Q.distance=ri(fn,hn),Pe(ie,Q),Q.offsetDirection=Ei(Q.deltaX,Q.deltaY);var Cn=dn(Q.deltaTime,Q.deltaX,Q.deltaY);Q.overallVelocityX=Cn.x,Q.overallVelocityY=Cn.y,Q.overallVelocity=u(Cn.x)>u(Cn.y)?Cn.x:Cn.y,Q.scale=_t?un(_t.pointers,he):1,Q.rotation=_t?Zn(_t.pointers,he):0,Q.maxPointers=ie.prevInput?Q.pointers.length>ie.prevInput.maxPointers?Q.pointers.length:ie.prevInput.maxPointers:Q.pointers.length,jt(ie,Q);var _i=K.element;I(Q.srcEvent.target,_i)&&(_i=Q.srcEvent.target),Q.target=_i}function Pe(K,Q){var ie=Q.center,he=K.offsetDelta||{},Ae=K.prevDelta||{},Ze=K.prevInput||{};(Q.eventType===et||Ze.eventType===Be)&&(Ae=K.prevDelta={x:Ze.deltaX||0,y:Ze.deltaY||0},he=K.offsetDelta={x:ie.x,y:ie.y}),Q.deltaX=Ae.x+(ie.x-he.x),Q.deltaY=Ae.y+(ie.y-he.y)}function jt(K,Q){var ie=K.lastInterval||Q,he=Q.timeStamp-ie.timeStamp,Ae,Ze,_t,fn;if(Q.eventType!=ut&&(he>ct||ie.velocity===s)){var hn=Q.deltaX-ie.deltaX,Cn=Q.deltaY-ie.deltaY,_i=dn(he,hn,Cn);Ze=_i.x,_t=_i.y,Ae=u(_i.x)>u(_i.y)?_i.x:_i.y,fn=Ei(hn,Cn),K.lastInterval=Q}else Ae=ie.velocity,Ze=ie.velocityX,_t=ie.velocityY,fn=ie.direction;Q.velocity=Ae,Q.velocityX=Ze,Q.velocityY=_t,Q.direction=fn}function Gt(K){for(var Q=[],ie=0;ie=u(Q)?K<0?Ue:De:Q<0?ot:Ie}function ri(K,Q,ie){ie||(ie=zt);var he=Q[ie[0]]-K[ie[0]],Ae=Q[ie[1]]-K[ie[1]];return Math.sqrt(he*he+Ae*Ae)}function yt(K,Q,ie){ie||(ie=zt);var he=Q[ie[0]]-K[ie[0]],Ae=Q[ie[1]]-K[ie[1]];return Math.atan2(Ae,he)*180/Math.PI}function Zn(K,Q){return yt(Q[1],Q[0],Ne)+yt(K[1],K[0],Ne)}function un(K,Q){return ri(Q[0],Q[1],Ne)/ri(K[0],K[1],Ne)}var It={mousedown:et,mousemove:xe,mouseup:Be},Di="mousedown",ul="mousemove mouseup";function Ui(){this.evEl=Di,this.evWin=ul,this.pressed=!1,Me.apply(this,arguments)}S(Ui,Me,{handler:function(Q){var ie=It[Q.type];ie&et&&Q.button===0&&(this.pressed=!0),ie&xe&&Q.which!==1&&(ie=Be),this.pressed&&(ie&Be&&(this.pressed=!1),this.callback(this.manager,ie,{pointers:[Q],changedPointers:[Q],pointerType:Ye,srcEvent:Q}))}});var Vi={pointerdown:et,pointermove:xe,pointerup:Be,pointercancel:ut,pointerout:ut},fl={2:ae,3:Ce,4:Ye,5:Ke},An="pointerdown",Fl="pointermove pointerup pointercancel";e.MSPointerEvent&&!e.PointerEvent&&(An="MSPointerDown",Fl="MSPointerMove MSPointerUp MSPointerCancel");function cl(){this.evEl=An,this.evWin=Fl,Me.apply(this,arguments),this.store=this.manager.session.pointerEvents=[]}S(cl,Me,{handler:function(Q){var ie=this.store,he=!1,Ae=Q.type.toLowerCase().replace("ms",""),Ze=Vi[Ae],_t=fl[Q.pointerType]||Q.pointerType,fn=_t==ae,hn=N(ie,Q.pointerId,"pointerId");Ze&et&&(Q.button===0||fn)?hn<0&&(ie.push(Q),hn=ie.length-1):Ze&(Be|ut)&&(he=!0),!(hn<0)&&(ie[hn]=Q,this.callback(this.manager,Ze,{pointers:ie,changedPointers:[Q],pointerType:_t,srcEvent:Q}),he&&ie.splice(hn,1))}});var X={touchstart:et,touchmove:xe,touchend:Be,touchcancel:ut},ee="touchstart",le="touchstart touchmove touchend touchcancel";function Se(){this.evTarget=ee,this.evWin=le,this.started=!1,Me.apply(this,arguments)}S(Se,Me,{handler:function(Q){var ie=X[Q.type];if(ie===et&&(this.started=!0),!!this.started){var he=Fe.call(this,Q,ie);ie&(Be|ut)&&he[0].length-he[1].length===0&&(this.started=!1),this.callback(this.manager,ie,{pointers:he[0],changedPointers:he[1],pointerType:ae,srcEvent:Q})}}});function Fe(K,Q){var ie=R(K.touches),he=R(K.changedTouches);return Q&(Be|ut)&&(ie=z(ie.concat(he),"identifier")),[ie,he]}var Ve={touchstart:et,touchmove:xe,touchend:Be,touchcancel:ut},rt="touchstart touchmove touchend touchcancel";function Je(){this.evTarget=rt,this.targetIds={},Me.apply(this,arguments)}S(Je,Me,{handler:function(Q){var ie=Ve[Q.type],he=ue.call(this,Q,ie);he&&this.callback(this.manager,ie,{pointers:he[0],changedPointers:he[1],pointerType:ae,srcEvent:Q})}});function ue(K,Q){var ie=R(K.touches),he=this.targetIds;if(Q&(et|xe)&&ie.length===1)return he[ie[0].identifier]=!0,[ie,ie];var Ae,Ze,_t=R(K.changedTouches),fn=[],hn=this.target;if(Ze=ie.filter(function(Cn){return I(Cn.target,hn)}),Q===et)for(Ae=0;Ae-1&&he.splice(Ze,1)};setTimeout(Ae,ye)}}function pn(K){for(var Q=K.srcEvent.clientX,ie=K.srcEvent.clientY,he=0;he-1&&this.requireFail.splice(Q,1),this},hasRequireFailures:function(){return this.requireFail.length>0},canRecognizeWith:function(K){return!!this.simultaneous[K.id]},emit:function(K){var Q=this,ie=this.state;function he(Ae){Q.manager.emit(Ae,K)}ie=Bi&&he(Q.options.event+ff(ie))},tryEmit:function(K){if(this.canEmit())return this.emit(K);this.state=hi},canEmit:function(){for(var K=0;KQ.threshold&&Ae&Q.direction},attrTest:function(K){return ai.prototype.attrTest.call(this,K)&&(this.state&Gn||!(this.state&Gn)&&this.directionTest(K))},emit:function(K){this.pX=K.deltaX,this.pY=K.deltaY;var Q=cf(K.direction);Q&&(K.additionalEvent=this.options.event+Q),this._super.emit.call(this,K)}});function Hr(){ai.apply(this,arguments)}S(Hr,ai,{defaults:{event:"pinch",threshold:0,pointers:2},getTouchAction:function(){return[Ii]},attrTest:function(K){return this._super.attrTest.call(this,K)&&(Math.abs(K.scale-1)>this.options.threshold||this.state&Gn)},emit:function(K){if(K.scale!==1){var Q=K.scale<1?"in":"out";K.additionalEvent=this.options.event+Q}this._super.emit.call(this,K)}});function zr(){Ai.apply(this,arguments),this._timer=null,this._input=null}S(zr,Ai,{defaults:{event:"press",pointers:1,time:251,threshold:9},getTouchAction:function(){return[go]},process:function(K){var Q=this.options,ie=K.pointers.length===Q.pointers,he=K.distanceQ.time;if(this._input=K,!he||!ie||K.eventType&(Be|ut)&&!Ae)this.reset();else if(K.eventType&et)this.reset(),this._timer=c(function(){this.state=Li,this.tryEmit()},Q.time,this);else if(K.eventType&Be)return Li;return hi},reset:function(){clearTimeout(this._timer)},emit:function(K){this.state===Li&&(K&&K.eventType&Be?this.manager.emit(this.options.event+"up",K):(this._input.timeStamp=f(),this.manager.emit(this.options.event,this._input)))}});function Ur(){ai.apply(this,arguments)}S(Ur,ai,{defaults:{event:"rotate",threshold:0,pointers:2},getTouchAction:function(){return[Ii]},attrTest:function(K){return this._super.attrTest.call(this,K)&&(Math.abs(K.rotation)>this.options.threshold||this.state&Gn)}});function Vr(){ai.apply(this,arguments)}S(Vr,ai,{defaults:{event:"swipe",threshold:10,velocity:.3,direction:We|Te,pointers:1},getTouchAction:function(){return yo.prototype.getTouchAction.call(this)},attrTest:function(K){var Q=this.options.direction,ie;return Q&(We|Te)?ie=K.overallVelocity:Q&We?ie=K.overallVelocityX:Q&Te&&(ie=K.overallVelocityY),this._super.attrTest.call(this,K)&&Q&K.offsetDirection&&K.distance>this.options.threshold&&K.maxPointers==this.options.pointers&&u(ie)>this.options.velocity&&K.eventType&Be},emit:function(K){var Q=cf(K.offsetDirection);Q&&this.manager.emit(this.options.event+Q,K),this.manager.emit(this.options.event,K)}});function vo(){Ai.apply(this,arguments),this.pTime=!1,this.pCenter=!1,this._timer=null,this._input=null,this.count=0}S(vo,Ai,{defaults:{event:"tap",pointers:1,taps:1,interval:300,time:250,threshold:9,posThreshold:10},getTouchAction:function(){return[hs]},process:function(K){var Q=this.options,ie=K.pointers.length===Q.pointers,he=K.distancen&&n.enabled&&n.modifierKey,_y=(n,e)=>n&&e[n+"Key"],xu=(n,e)=>n&&!e[n+"Key"];function al(n,e,t){return n===void 0?!0:typeof n=="string"?n.indexOf(e)!==-1:typeof n=="function"?n({chart:t}).indexOf(e)!==-1:!1}function ga(n,e){return typeof n=="function"&&(n=n({chart:e})),typeof n=="string"?{x:n.indexOf("x")!==-1,y:n.indexOf("y")!==-1}:{x:!1,y:!1}}function _6(n,e){let t;return function(){return clearTimeout(t),t=setTimeout(n,e),e}}function g6({x:n,y:e},t){const i=t.scales,s=Object.keys(i);for(let l=0;l=o.top&&e<=o.bottom&&n>=o.left&&n<=o.right)return o}return null}function gy(n,e,t){const{mode:i="xy",scaleMode:s,overScaleMode:l}=n||{},o=g6(e,t),r=ga(i,t),a=ga(s,t);if(l){const f=ga(l,t);for(const c of["x","y"])f[c]&&(a[c]=r[c],r[c]=!1)}if(o&&a[o.axis])return[o];const u=[];return gt(t.scales,function(f){r[f.axis]&&u.push(f)}),u}const ou=new WeakMap;function Zt(n){let e=ou.get(n);return e||(e={originalScaleLimits:{},updatedScaleLimits:{},handlers:{},panDelta:{},dragging:!1,panning:!1},ou.set(n,e)),e}function b6(n){ou.delete(n)}function by(n,e,t,i){const s=Math.max(0,Math.min(1,(n-e)/t||0)),l=1-s;return{min:i*s,max:i*l}}function ky(n,e){const t=n.isHorizontal()?e.x:e.y;return n.getValueForPixel(t)}function yy(n,e,t){const i=n.max-n.min,s=i*(e-1),l=ky(n,t);return by(l,n.min,i,s)}function k6(n,e,t){const i=ky(n,t);if(i===void 0)return{min:n.min,max:n.max};const s=Math.log10(n.min),l=Math.log10(n.max),o=Math.log10(i),r=l-s,a=r*(e-1),u=by(o,s,r,a);return{min:Math.pow(10,s+u.min),max:Math.pow(10,l-u.max)}}function y6(n,e){return e&&(e[n.id]||e[n.axis])||{}}function Jd(n,e,t,i,s){let l=t[i];if(l==="original"){const o=n.originalScaleLimits[e.id][i];l=Et(o.options,o.scale)}return Et(l,s)}function v6(n,e,t){const i=n.getValueForPixel(e),s=n.getValueForPixel(t);return{min:Math.min(i,s),max:Math.max(i,s)}}function w6(n,{min:e,max:t,minLimit:i,maxLimit:s},l){const o=(n-t+e)/2;e-=o,t+=o;const r=l.min.options??l.min.scale,a=l.max.options??l.max.scale,u=n/1e6;return Ol(e,r,u)&&(e=r),Ol(t,a,u)&&(t=a),es&&(t=s,e=Math.max(s-n,i)),{min:e,max:t}}function Nl(n,{min:e,max:t},i,s=!1){const l=Zt(n.chart),{options:o}=n,r=y6(n,i),{minRange:a=0}=r,u=Jd(l,n,r,"min",-1/0),f=Jd(l,n,r,"max",1/0);if(s==="pan"&&(ef))return!0;const c=n.max-n.min,d=s?Math.max(t-e,a):c;if(s&&d===a&&c<=a)return!0;const m=w6(d,{min:e,max:t,minLimit:u,maxLimit:f},l.originalScaleLimits[n.id]);return o.min=m.min,o.max=m.max,l.updatedScaleLimits[n.id]=m,n.parse(m.min)!==n.min||n.parse(m.max)!==n.max}function S6(n,e,t,i){const s=yy(n,e,t),l={min:n.min+s.min,max:n.max-s.max};return Nl(n,l,i,!0)}function T6(n,e,t,i){const s=k6(n,e,t);return Nl(n,s,i,!0)}function $6(n,e,t,i){Nl(n,v6(n,e,t),i,!0)}const Zd=n=>n===0||isNaN(n)?0:n<0?Math.min(Math.round(n),-1):Math.max(Math.round(n),1);function C6(n){const t=n.getLabels().length-1;n.min>0&&(n.min-=1),n.maxa&&(l=Math.max(0,l-u),o=r===1?l:l+r,f=l===0),Nl(n,{min:l,max:o},t)||f}const D6={second:500,minute:30*1e3,hour:30*60*1e3,day:12*60*60*1e3,week:3.5*24*60*60*1e3,month:15*24*60*60*1e3,quarter:60*24*60*60*1e3,year:182*24*60*60*1e3};function vy(n,e,t,i=!1){const{min:s,max:l,options:o}=n,r=o.time&&o.time.round,a=D6[r]||0,u=n.getValueForPixel(n.getPixelForValue(s+a)-e),f=n.getValueForPixel(n.getPixelForValue(l+a)-e);return isNaN(u)||isNaN(f)?!0:Nl(n,{min:u,max:f},t,i?"pan":!1)}function Gd(n,e,t){return vy(n,e,t,!0)}const ru={category:O6,default:S6,logarithmic:T6},au={default:$6},uu={category:E6,default:vy,logarithmic:Gd,timeseries:Gd};function I6(n,e,t){const{id:i,options:{min:s,max:l}}=n;if(!e[i]||!t[i])return!0;const o=t[i];return o.min!==s||o.max!==l}function Xd(n,e){gt(n,(t,i)=>{e[i]||delete n[i]})}function ds(n,e){const{scales:t}=n,{originalScaleLimits:i,updatedScaleLimits:s}=e;return gt(t,function(l){I6(l,i,s)&&(i[l.id]={min:{scale:l.min,options:l.options.min},max:{scale:l.max,options:l.options.max}})}),Xd(i,t),Xd(s,t),i}function Qd(n,e,t,i){const s=ru[n.type]||ru.default;ft(s,[n,e,t,i])}function xd(n,e,t,i){const s=au[n.type]||au.default;ft(s,[n,e,t,i])}function L6(n){const e=n.chartArea;return{x:(e.left+e.right)/2,y:(e.top+e.bottom)/2}}function ef(n,e,t="none",i="api"){const{x:s=1,y:l=1,focalPoint:o=L6(n)}=typeof e=="number"?{x:e,y:e}:e,r=Zt(n),{options:{limits:a,zoom:u}}=r;ds(n,r);const f=s!==1,c=l!==1,d=gy(u,o,n);gt(d||n.scales,function(m){m.isHorizontal()&&f?Qd(m,s,o,a):!m.isHorizontal()&&c&&Qd(m,l,o,a)}),n.update(t),ft(u.onZoom,[{chart:n,trigger:i}])}function wy(n,e,t,i="none",s="api"){const l=Zt(n),{options:{limits:o,zoom:r}}=l,{mode:a="xy"}=r;ds(n,l);const u=al(a,"x",n),f=al(a,"y",n);gt(n.scales,function(c){c.isHorizontal()&&u?xd(c,e.x,t.x,o):!c.isHorizontal()&&f&&xd(c,e.y,t.y,o)}),n.update(i),ft(r.onZoom,[{chart:n,trigger:s}])}function A6(n,e,t,i="none",s="api"){var r;const l=Zt(n);ds(n,l);const o=n.scales[e];Nl(o,t,void 0,!0),n.update(i),ft((r=l.options.zoom)==null?void 0:r.onZoom,[{chart:n,trigger:s}])}function P6(n,e="default"){const t=Zt(n),i=ds(n,t);gt(n.scales,function(s){const l=s.options;i[s.id]?(l.min=i[s.id].min.options,l.max=i[s.id].max.options):(delete l.min,delete l.max),delete t.updatedScaleLimits[s.id]}),n.update(e),ft(t.options.zoom.onZoomComplete,[{chart:n}])}function N6(n,e){const t=n.originalScaleLimits[e];if(!t)return;const{min:i,max:s}=t;return Et(s.options,s.scale)-Et(i.options,i.scale)}function R6(n){const e=Zt(n);let t=1,i=1;return gt(n.scales,function(s){const l=N6(e,s.id);if(l){const o=Math.round(l/(s.max-s.min)*100)/100;t=Math.min(t,o),i=Math.max(i,o)}}),t<1?t:i}function ep(n,e,t,i){const{panDelta:s}=i,l=s[n.id]||0;ol(l)===ol(e)&&(e+=l);const o=uu[n.type]||uu.default;ft(o,[n,e,t])?s[n.id]=0:s[n.id]=e}function Sy(n,e,t,i="none"){const{x:s=0,y:l=0}=typeof e=="number"?{x:e,y:e}:e,o=Zt(n),{options:{pan:r,limits:a}}=o,{onPan:u}=r||{};ds(n,o);const f=s!==0,c=l!==0;gt(t||n.scales,function(d){d.isHorizontal()&&f?ep(d,s,a,o):!d.isHorizontal()&&c&&ep(d,l,a,o)}),n.update(i),ft(u,[{chart:n}])}function Ty(n){const e=Zt(n);ds(n,e);const t={};for(const i of Object.keys(n.scales)){const{min:s,max:l}=e.originalScaleLimits[i]||{min:{},max:{}};t[i]={min:s.scale,max:l.scale}}return t}function F6(n){const e=Zt(n),t={};for(const i of Object.keys(n.scales))t[i]=e.updatedScaleLimits[i];return t}function q6(n){const e=Ty(n);for(const t of Object.keys(n.scales)){const{min:i,max:s}=e[t];if(i!==void 0&&n.scales[t].min!==i||s!==void 0&&n.scales[t].max!==s)return!0}return!1}function tp(n){const e=Zt(n);return e.panning||e.dragging}const np=(n,e,t)=>Math.min(t,Math.max(e,n));function Rn(n,e){const{handlers:t}=Zt(n),i=t[e];i&&i.target&&(i.target.removeEventListener(e,i),delete t[e])}function js(n,e,t,i){const{handlers:s,options:l}=Zt(n),o=s[t];if(o&&o.target===e)return;Rn(n,t),s[t]=a=>i(n,a,l),s[t].target=e;const r=t==="wheel"?!1:void 0;e.addEventListener(t,s[t],{passive:r})}function j6(n,e){const t=Zt(n);t.dragStart&&(t.dragging=!0,t.dragEnd=e,n.update("none"))}function H6(n,e){const t=Zt(n);!t.dragStart||e.key!=="Escape"||(Rn(n,"keydown"),t.dragging=!1,t.dragStart=t.dragEnd=null,n.update("none"))}function fu(n,e){if(n.target!==e.canvas){const t=e.canvas.getBoundingClientRect();return{x:n.clientX-t.left,y:n.clientY-t.top}}return vi(n,e)}function $y(n,e,t){const{onZoomStart:i,onZoomRejected:s}=t;if(i){const l=fu(e,n);if(ft(i,[{chart:n,event:e,point:l}])===!1)return ft(s,[{chart:n,event:e}]),!1}}function z6(n,e){if(n.legend){const l=vi(e,n);if(ls(l,n.legend))return}const t=Zt(n),{pan:i,zoom:s={}}=t.options;if(e.button!==0||_y(eo(i),e)||xu(eo(s.drag),e))return ft(s.onZoomRejected,[{chart:n,event:e}]);$y(n,e,s)!==!1&&(t.dragStart=e,js(n,n.canvas.ownerDocument,"mousemove",j6),js(n,window.document,"keydown",H6))}function U6({begin:n,end:e},t){let i=e.x-n.x,s=e.y-n.y;const l=Math.abs(i/s);l>t?i=Math.sign(i)*Math.abs(s*t):l=0?2-1/(1-l):1+l,r={x:o,y:o,focalPoint:{x:e.clientX-s.left,y:e.clientY-s.top}};ef(n,r,"zoom","wheel"),ft(t,[{chart:n}])}function K6(n,e,t,i){t&&(Zt(n).handlers[e]=_6(()=>ft(t,[{chart:n}]),i))}function J6(n,e){const t=n.canvas,{wheel:i,drag:s,onZoomComplete:l}=e.zoom;i.enabled?(js(n,t,"wheel",Y6),K6(n,"onZoomComplete",l,250)):Rn(n,"wheel"),s.enabled?(js(n,t,"mousedown",z6),js(n,t.ownerDocument,"mouseup",B6)):(Rn(n,"mousedown"),Rn(n,"mousemove"),Rn(n,"mouseup"),Rn(n,"keydown"))}function Z6(n){Rn(n,"mousedown"),Rn(n,"mousemove"),Rn(n,"mouseup"),Rn(n,"wheel"),Rn(n,"click"),Rn(n,"keydown")}function G6(n,e){return function(t,i){const{pan:s,zoom:l={}}=e.options;if(!s||!s.enabled)return!1;const o=i&&i.srcEvent;return o&&!e.panning&&i.pointerType==="mouse"&&(xu(eo(s),o)||_y(eo(l.drag),o))?(ft(s.onPanRejected,[{chart:n,event:i}]),!1):!0}}function X6(n,e){const t=Math.abs(n.clientX-e.clientX),i=Math.abs(n.clientY-e.clientY),s=t/i;let l,o;return s>.3&&s<1.7?l=o=!0:t>i?l=!0:o=!0,{x:l,y:o}}function Oy(n,e,t){if(e.scale){const{center:i,pointers:s}=t,l=1/e.scale*t.scale,o=t.target.getBoundingClientRect(),r=X6(s[0],s[1]),a=e.options.zoom.mode,u={x:r.x&&al(a,"x",n)?l:1,y:r.y&&al(a,"y",n)?l:1,focalPoint:{x:i.x-o.left,y:i.y-o.top}};ef(n,u,"zoom","pinch"),e.scale=t.scale}}function Q6(n,e,t){if(e.options.zoom.pinch.enabled){const i=vi(t,n);ft(e.options.zoom.onZoomStart,[{chart:n,event:t,point:i}])===!1?(e.scale=null,ft(e.options.zoom.onZoomRejected,[{chart:n,event:t}])):e.scale=1}}function x6(n,e,t){e.scale&&(Oy(n,e,t),e.scale=null,ft(e.options.zoom.onZoomComplete,[{chart:n}]))}function My(n,e,t){const i=e.delta;i&&(e.panning=!0,Sy(n,{x:t.deltaX-i.x,y:t.deltaY-i.y},e.panScales),e.delta={x:t.deltaX,y:t.deltaY})}function e$(n,e,t){const{enabled:i,onPanStart:s,onPanRejected:l}=e.options.pan;if(!i)return;const o=t.target.getBoundingClientRect(),r={x:t.center.x-o.left,y:t.center.y-o.top};if(ft(s,[{chart:n,event:t,point:r}])===!1)return ft(l,[{chart:n,event:t}]);e.panScales=gy(e.options.pan,r,n),e.delta={x:0,y:0},My(n,e,t)}function t$(n,e){e.delta=null,e.panning&&(e.panning=!1,e.filterNextClick=!0,ft(e.options.pan.onPanComplete,[{chart:n}]))}const cu=new WeakMap;function lp(n,e){const t=Zt(n),i=n.canvas,{pan:s,zoom:l}=e,o=new qs.Manager(i);l&&l.pinch.enabled&&(o.add(new qs.Pinch),o.on("pinchstart",r=>Q6(n,t,r)),o.on("pinch",r=>Oy(n,t,r)),o.on("pinchend",r=>x6(n,t,r))),s&&s.enabled&&(o.add(new qs.Pan({threshold:s.threshold,enable:G6(n,t)})),o.on("panstart",r=>e$(n,t,r)),o.on("panmove",r=>My(n,t,r)),o.on("panend",()=>t$(n,t))),cu.set(n,o)}function sp(n){const e=cu.get(n);e&&(e.remove("pinchstart"),e.remove("pinch"),e.remove("pinchend"),e.remove("panstart"),e.remove("pan"),e.remove("panend"),e.destroy(),cu.delete(n))}function n$(n,e){var o,r,a,u;const{pan:t,zoom:i}=n,{pan:s,zoom:l}=e;return((r=(o=i==null?void 0:i.zoom)==null?void 0:o.pinch)==null?void 0:r.enabled)!==((u=(a=l==null?void 0:l.zoom)==null?void 0:a.pinch)==null?void 0:u.enabled)||(t==null?void 0:t.enabled)!==(s==null?void 0:s.enabled)||(t==null?void 0:t.threshold)!==(s==null?void 0:s.threshold)}var i$="2.2.0";function Bo(n,e,t){const i=t.zoom.drag,{dragStart:s,dragEnd:l}=Zt(n);if(i.drawTime!==e||!l)return;const{left:o,top:r,width:a,height:u}=Cy(n,t.zoom.mode,{dragStart:s,dragEnd:l},i.maintainAspectRatio),f=n.ctx;f.save(),f.beginPath(),f.fillStyle=i.backgroundColor||"rgba(225,225,225,0.3)",f.fillRect(o,r,a,u),i.borderWidth>0&&(f.lineWidth=i.borderWidth,f.strokeStyle=i.borderColor||"rgba(225,225,225)",f.strokeRect(o,r,a,u)),f.restore()}var l$={id:"zoom",version:i$,defaults:{pan:{enabled:!1,mode:"xy",threshold:10,modifierKey:null},zoom:{wheel:{enabled:!1,speed:.1,modifierKey:null},drag:{enabled:!1,drawTime:"beforeDatasetsDraw",modifierKey:null},pinch:{enabled:!1},mode:"xy"}},start:function(n,e,t){const i=Zt(n);i.options=t,Object.prototype.hasOwnProperty.call(t.zoom,"enabled")&&console.warn("The option `zoom.enabled` is no longer supported. Please use `zoom.wheel.enabled`, `zoom.drag.enabled`, or `zoom.pinch.enabled`."),(Object.prototype.hasOwnProperty.call(t.zoom,"overScaleMode")||Object.prototype.hasOwnProperty.call(t.pan,"overScaleMode"))&&console.warn("The option `overScaleMode` is deprecated. Please use `scaleMode` instead (and update `mode` as desired)."),qs&&lp(n,t),n.pan=(s,l,o)=>Sy(n,s,l,o),n.zoom=(s,l)=>ef(n,s,l),n.zoomRect=(s,l,o)=>wy(n,s,l,o),n.zoomScale=(s,l,o)=>A6(n,s,l,o),n.resetZoom=s=>P6(n,s),n.getZoomLevel=()=>R6(n),n.getInitialScaleBounds=()=>Ty(n),n.getZoomedScaleBounds=()=>F6(n),n.isZoomedOrPanned=()=>q6(n),n.isZoomingOrPanning=()=>tp(n)},beforeEvent(n,{event:e}){if(tp(n))return!1;if(e.type==="click"||e.type==="mouseup"){const t=Zt(n);if(t.filterNextClick)return t.filterNextClick=!1,!1}},beforeUpdate:function(n,e,t){const i=Zt(n),s=i.options;i.options=t,n$(s,t)&&(sp(n),lp(n,t)),J6(n,t)},beforeDatasetsDraw(n,e,t){Bo(n,"beforeDatasetsDraw",t)},afterDatasetsDraw(n,e,t){Bo(n,"afterDatasetsDraw",t)},beforeDraw(n,e,t){Bo(n,"beforeDraw",t)},afterDraw(n,e,t){Bo(n,"afterDraw",t)},stop:function(n){Z6(n),qs&&sp(n),b6(n)},panFunctions:uu,zoomFunctions:ru,zoomRectFunctions:au};function op(n){let e,t,i;return{c(){e=b("div"),p(e,"class","chart-loader loader svelte-kfnurg")},m(s,l){w(s,e,l),i=!0},i(s){i||(s&&tt(()=>{i&&(t||(t=qe(e,Ct,{duration:150},!0)),t.run(1))}),i=!0)},o(s){s&&(t||(t=qe(e,Ct,{duration:150},!1)),t.run(0)),i=!1},d(s){s&&v(e),s&&t&&t.end()}}}function rp(n){let e,t,i;return{c(){e=b("button"),e.textContent="Reset zoom",p(e,"type","button"),p(e,"class","btn btn-secondary btn-sm btn-chart-zoom svelte-kfnurg")},m(s,l){w(s,e,l),t||(i=Y(e,"click",n[4]),t=!0)},p:te,d(s){s&&v(e),t=!1,i()}}}function s$(n){let e,t,i,s,l,o=n[1]==1?"log":"logs",r,a,u,f,c,d,m,h=n[2]&&op(),g=n[3]&&rp(n);return{c(){e=b("div"),t=b("div"),i=W("Found "),s=W(n[1]),l=C(),r=W(o),a=C(),h&&h.c(),u=C(),f=b("canvas"),c=C(),g&&g.c(),p(t,"class","total-logs entrance-right svelte-kfnurg"),x(t,"hidden",n[2]),p(f,"class","chart-canvas svelte-kfnurg"),p(e,"class","chart-wrapper svelte-kfnurg"),x(e,"loading",n[2])},m(_,k){w(_,e,k),y(e,t),y(t,i),y(t,s),y(t,l),y(t,r),y(e,a),h&&h.m(e,null),y(e,u),y(e,f),n[11](f),y(e,c),g&&g.m(e,null),d||(m=Y(f,"dblclick",n[4]),d=!0)},p(_,[k]){k&2&&se(s,_[1]),k&2&&o!==(o=_[1]==1?"log":"logs")&&se(r,o),k&4&&x(t,"hidden",_[2]),_[2]?h?k&4&&M(h,1):(h=op(),h.c(),M(h,1),h.m(e,u)):h&&(oe(),D(h,1,1,()=>{h=null}),re()),_[3]?g?g.p(_,k):(g=rp(_),g.c(),g.m(e,null)):g&&(g.d(1),g=null),k&4&&x(e,"loading",_[2])},i(_){M(h)},o(_){D(h)},d(_){_&&v(e),h&&h.d(),n[11](null),g&&g.d(),d=!1,m()}}}function o$(n,e,t){let{filter:i=""}=e,{zoom:s={}}=e,{presets:l=""}=e,o,r,a=[],u=0,f=!1,c=!1;async function d(){t(2,f=!0);const _=[l,U.normalizeLogsFilter(i)].filter(Boolean).map(k=>"("+k+")").join("&&");return _e.logs.getStats({filter:_}).then(k=>{m(),k=U.toArray(k);for(let S of k)a.push({x:new Date(S.date),y:S.total}),t(1,u+=S.total)}).catch(k=>{k!=null&&k.isAbort||(m(),console.warn(k),_e.error(k,!_||(k==null?void 0:k.status)!=400))}).finally(()=>{t(2,f=!1)})}function m(){t(10,a=[]),t(1,u=0)}function h(){r==null||r.resetZoom()}an(()=>(wi.register(xi,ir,er,su,xs,x5,r6),wi.register(l$),t(9,r=new wi(o,{type:"line",data:{datasets:[{label:"Total requests",data:a,borderColor:"#e34562",pointBackgroundColor:"#e34562",backgroundColor:"rgb(239,69,101,0.05)",borderWidth:2,pointRadius:1,pointBorderWidth:0,fill:!0}]},options:{resizeDelay:250,maintainAspectRatio:!1,animation:!1,interaction:{intersect:!1,mode:"index"},scales:{y:{beginAtZero:!0,grid:{color:"#edf0f3"},border:{color:"#e4e9ec"},ticks:{precision:0,maxTicksLimit:4,autoSkip:!0,color:"#666f75"}},x:{type:"time",time:{unit:"hour",tooltipFormat:"DD h a"},grid:{color:_=>{var k;return(k=_.tick)!=null&&k.major?"#edf0f3":""}},color:"#e4e9ec",ticks:{maxTicksLimit:15,autoSkip:!0,maxRotation:0,major:{enabled:!0},color:_=>{var k;return(k=_.tick)!=null&&k.major?"#16161a":"#666f75"}}}},plugins:{legend:{display:!1},zoom:{enabled:!0,zoom:{mode:"x",pinch:{enabled:!0},drag:{enabled:!0,backgroundColor:"rgba(255, 99, 132, 0.2)",borderWidth:0,threshold:10},limits:{x:{minRange:1e8},y:{minRange:1e8}},onZoomComplete:({chart:_})=>{t(3,c=_.isZoomedOrPanned()),c?(t(5,s.min=U.formatToUTCDate(_.scales.x.min,"yyyy-MM-dd HH")+":00:00.000Z",s),t(5,s.max=U.formatToUTCDate(_.scales.x.max,"yyyy-MM-dd HH")+":59:59.999Z",s)):(s.min||s.max)&&t(5,s={})}}}}}})),()=>r==null?void 0:r.destroy()));function g(_){ne[_?"unshift":"push"](()=>{o=_,t(0,o)})}return n.$$set=_=>{"filter"in _&&t(6,i=_.filter),"zoom"in _&&t(5,s=_.zoom),"presets"in _&&t(7,l=_.presets)},n.$$.update=()=>{n.$$.dirty&192&&(typeof i<"u"||typeof l<"u")&&d(),n.$$.dirty&1536&&typeof a<"u"&&r&&(t(9,r.data.datasets[0].data=a,r),r.update())},[o,u,f,c,h,s,i,l,d,r,a,g]}class r$ extends we{constructor(e){super(),ve(this,e,o$,s$,be,{filter:6,zoom:5,presets:7,load:8})}get load(){return this.$$.ctx[8]}}function a$(n){let e,t,i;return{c(){e=b("div"),t=b("code"),p(t,"class","svelte-s3jkbp"),p(e,"class",i="code-wrapper prism-light "+n[0]+" svelte-s3jkbp")},m(s,l){w(s,e,l),y(e,t),t.innerHTML=n[1]},p(s,[l]){l&2&&(t.innerHTML=s[1]),l&1&&i!==(i="code-wrapper prism-light "+s[0]+" svelte-s3jkbp")&&p(e,"class",i)},i:te,o:te,d(s){s&&v(e)}}}function u$(n,e,t){let{content:i=""}=e,{language:s="javascript"}=e,{class:l=""}=e,o="";function r(a){return a=typeof a=="string"?a:"",a=Prism.plugins.NormalizeWhitespace.normalize(a,{"remove-trailing":!0,"remove-indent":!0,"left-trim":!0,"right-trim":!0}),Prism.highlight(a,Prism.languages[s]||Prism.languages.javascript,s)}return n.$$set=a=>{"content"in a&&t(2,i=a.content),"language"in a&&t(3,s=a.language),"class"in a&&t(0,l=a.class)},n.$$.update=()=>{n.$$.dirty&4&&typeof Prism<"u"&&i&&t(1,o=r(i))},[l,o,i,s]}class tf extends we{constructor(e){super(),ve(this,e,u$,a$,be,{content:2,language:3,class:0})}}function f$(n){let e,t,i,s,l;return{c(){e=b("i"),p(e,"tabindex","-1"),p(e,"role","button"),p(e,"class",t=n[3]?n[2]:n[1]),p(e,"aria-label","Copy to clipboard")},m(o,r){w(o,e,r),s||(l=[Oe(i=Re.call(null,e,n[3]?void 0:n[0])),Y(e,"click",en(n[4]))],s=!0)},p(o,[r]){r&14&&t!==(t=o[3]?o[2]:o[1])&&p(e,"class",t),i&&Lt(i.update)&&r&9&&i.update.call(null,o[3]?void 0:o[0])},i:te,o:te,d(o){o&&v(e),s=!1,Ee(l)}}}function c$(n,e,t){let{value:i=""}=e,{tooltip:s="Copy"}=e,{idleClasses:l="ri-file-copy-line txt-sm link-hint"}=e,{successClasses:o="ri-check-line txt-sm txt-success"}=e,{successDuration:r=500}=e,a;function u(){U.isEmpty(i)||(U.copyToClipboard(i),clearTimeout(a),t(3,a=setTimeout(()=>{clearTimeout(a),t(3,a=null)},r)))}return an(()=>()=>{a&&clearTimeout(a)}),n.$$set=f=>{"value"in f&&t(5,i=f.value),"tooltip"in f&&t(0,s=f.tooltip),"idleClasses"in f&&t(1,l=f.idleClasses),"successClasses"in f&&t(2,o=f.successClasses),"successDuration"in f&&t(6,r=f.successDuration)},[s,l,o,a,u,i,r]}class Oi extends we{constructor(e){super(),ve(this,e,c$,f$,be,{value:5,tooltip:0,idleClasses:1,successClasses:2,successDuration:6})}}function ap(n,e,t){const i=n.slice();i[16]=e[t];const s=i[1].data[i[16]];i[17]=s;const l=U.isEmpty(i[17]);i[18]=l;const o=!i[18]&&i[17]!==null&&typeof i[17]=="object";return i[19]=o,i}function d$(n){let e,t,i,s,l,o,r,a=n[1].id+"",u,f,c,d,m,h,g,_,k,S,$,T,O,E,L,I,A,P,N,R,z,F,B,J,V;d=new Oi({props:{value:n[1].id}}),S=new Ek({props:{level:n[1].level}}),O=new Oi({props:{value:n[1].level}}),N=new Mk({props:{date:n[1].created}}),F=new Oi({props:{value:n[1].created}});let Z=!n[4]&&up(n),G=ce(n[5](n[1].data)),de=[];for(let ae=0;aeD(de[ae],1,1,()=>{de[ae]=null});return{c(){e=b("table"),t=b("tbody"),i=b("tr"),s=b("td"),s.textContent="id",l=C(),o=b("td"),r=b("span"),u=W(a),f=C(),c=b("div"),H(d.$$.fragment),m=C(),h=b("tr"),g=b("td"),g.textContent="level",_=C(),k=b("td"),H(S.$$.fragment),$=C(),T=b("div"),H(O.$$.fragment),E=C(),L=b("tr"),I=b("td"),I.textContent="created",A=C(),P=b("td"),H(N.$$.fragment),R=C(),z=b("div"),H(F.$$.fragment),B=C(),Z&&Z.c(),J=C();for(let ae=0;ae{Z=null}),re()):Z?(Z.p(ae,Ce),Ce&16&&M(Z,1)):(Z=up(ae),Z.c(),M(Z,1),Z.m(t,J)),Ce&50){G=ce(ae[5](ae[1].data));let Be;for(Be=0;Be',p(e,"class","block txt-center")},m(t,i){w(t,e,i)},p:te,i:te,o:te,d(t){t&&v(e)}}}function up(n){let e,t,i,s,l,o,r;const a=[h$,m$],u=[];function f(c,d){return c[1].message?0:1}return l=f(n),o=u[l]=a[l](n),{c(){e=b("tr"),t=b("td"),t.textContent="message",i=C(),s=b("td"),o.c(),p(t,"class","min-width txt-hint txt-bold svelte-1c23bpt"),p(s,"class","svelte-1c23bpt"),p(e,"class","svelte-1c23bpt")},m(c,d){w(c,e,d),y(e,t),y(e,i),y(e,s),u[l].m(s,null),r=!0},p(c,d){let m=l;l=f(c),l===m?u[l].p(c,d):(oe(),D(u[m],1,1,()=>{u[m]=null}),re(),o=u[l],o?o.p(c,d):(o=u[l]=a[l](c),o.c()),M(o,1),o.m(s,null))},i(c){r||(M(o),r=!0)},o(c){D(o),r=!1},d(c){c&&v(e),u[l].d()}}}function m$(n){let e;return{c(){e=b("span"),e.textContent="N/A",p(e,"class","txt txt-hint")},m(t,i){w(t,e,i)},p:te,i:te,o:te,d(t){t&&v(e)}}}function h$(n){let e,t=n[1].message+"",i,s,l,o,r;return o=new Oi({props:{value:n[1].message}}),{c(){e=b("span"),i=W(t),s=C(),l=b("div"),H(o.$$.fragment),p(e,"class","txt"),p(l,"class","copy-icon-wrapper svelte-1c23bpt")},m(a,u){w(a,e,u),y(e,i),w(a,s,u),w(a,l,u),q(o,l,null),r=!0},p(a,u){(!r||u&2)&&t!==(t=a[1].message+"")&&se(i,t);const f={};u&2&&(f.value=a[1].message),o.$set(f)},i(a){r||(M(o.$$.fragment,a),r=!0)},o(a){D(o.$$.fragment,a),r=!1},d(a){a&&(v(e),v(s),v(l)),j(o)}}}function _$(n){let e,t=n[17]+"",i,s=n[4]&&n[16]=="execTime"?"ms":"",l;return{c(){e=b("span"),i=W(t),l=W(s),p(e,"class","txt")},m(o,r){w(o,e,r),y(e,i),y(e,l)},p(o,r){r&2&&t!==(t=o[17]+"")&&se(i,t),r&18&&s!==(s=o[4]&&o[16]=="execTime"?"ms":"")&&se(l,s)},i:te,o:te,d(o){o&&v(e)}}}function g$(n){let e,t;return e=new tf({props:{content:n[17],language:"html"}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s&2&&(l.content=i[17]),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function b$(n){let e,t=n[17]+"",i;return{c(){e=b("span"),i=W(t),p(e,"class","label label-danger log-error-label svelte-1c23bpt")},m(s,l){w(s,e,l),y(e,i)},p(s,l){l&2&&t!==(t=s[17]+"")&&se(i,t)},i:te,o:te,d(s){s&&v(e)}}}function k$(n){let e,t;return e=new tf({props:{content:JSON.stringify(n[17],null,2)}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s&2&&(l.content=JSON.stringify(i[17],null,2)),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function y$(n){let e;return{c(){e=b("span"),e.textContent="N/A",p(e,"class","txt txt-hint")},m(t,i){w(t,e,i)},p:te,i:te,o:te,d(t){t&&v(e)}}}function fp(n){let e,t,i;return t=new Oi({props:{value:n[17]}}),{c(){e=b("div"),H(t.$$.fragment),p(e,"class","copy-icon-wrapper svelte-1c23bpt")},m(s,l){w(s,e,l),q(t,e,null),i=!0},p(s,l){const o={};l&2&&(o.value=s[17]),t.$set(o)},i(s){i||(M(t.$$.fragment,s),i=!0)},o(s){D(t.$$.fragment,s),i=!1},d(s){s&&v(e),j(t)}}}function cp(n){let e,t,i,s=n[16]+"",l,o,r,a,u,f,c,d;const m=[y$,k$,b$,g$,_$],h=[];function g(k,S){return k[18]?0:k[19]?1:k[16]=="error"?2:k[16]=="details"?3:4}a=g(n),u=h[a]=m[a](n);let _=!n[18]&&fp(n);return{c(){e=b("tr"),t=b("td"),i=W("data."),l=W(s),o=C(),r=b("td"),u.c(),f=C(),_&&_.c(),c=C(),p(t,"class","min-width txt-hint txt-bold svelte-1c23bpt"),x(t,"v-align-top",n[19]),p(r,"class","svelte-1c23bpt"),p(e,"class","svelte-1c23bpt")},m(k,S){w(k,e,S),y(e,t),y(t,i),y(t,l),y(e,o),y(e,r),h[a].m(r,null),y(r,f),_&&_.m(r,null),y(e,c),d=!0},p(k,S){(!d||S&2)&&s!==(s=k[16]+"")&&se(l,s),(!d||S&34)&&x(t,"v-align-top",k[19]);let $=a;a=g(k),a===$?h[a].p(k,S):(oe(),D(h[$],1,1,()=>{h[$]=null}),re(),u=h[a],u?u.p(k,S):(u=h[a]=m[a](k),u.c()),M(u,1),u.m(r,f)),k[18]?_&&(oe(),D(_,1,1,()=>{_=null}),re()):_?(_.p(k,S),S&2&&M(_,1)):(_=fp(k),_.c(),M(_,1),_.m(r,null))},i(k){d||(M(u),M(_),d=!0)},o(k){D(u),D(_),d=!1},d(k){k&&v(e),h[a].d(),_&&_.d()}}}function v$(n){let e,t,i,s;const l=[p$,d$],o=[];function r(a,u){var f;return a[3]?0:(f=a[1])!=null&&f.id?1:-1}return~(e=r(n))&&(t=o[e]=l[e](n)),{c(){t&&t.c(),i=ke()},m(a,u){~e&&o[e].m(a,u),w(a,i,u),s=!0},p(a,u){let f=e;e=r(a),e===f?~e&&o[e].p(a,u):(t&&(oe(),D(o[f],1,1,()=>{o[f]=null}),re()),~e?(t=o[e],t?t.p(a,u):(t=o[e]=l[e](a),t.c()),M(t,1),t.m(i.parentNode,i)):t=null)},i(a){s||(M(t),s=!0)},o(a){D(t),s=!1},d(a){a&&v(i),~e&&o[e].d(a)}}}function w$(n){let e;return{c(){e=b("h4"),e.textContent="Log details"},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function S$(n){let e,t,i,s,l,o,r,a;return{c(){e=b("button"),e.innerHTML='Close',t=C(),i=b("button"),s=b("i"),l=C(),o=b("span"),o.textContent="Download as JSON",p(e,"type","button"),p(e,"class","btn btn-transparent"),p(s,"class","ri-download-line"),p(o,"class","txt"),p(i,"type","button"),p(i,"class","btn btn-primary"),i.disabled=n[3]},m(u,f){w(u,e,f),w(u,t,f),w(u,i,f),y(i,s),y(i,l),y(i,o),r||(a=[Y(e,"click",n[9]),Y(i,"click",n[10])],r=!0)},p(u,f){f&8&&(i.disabled=u[3])},d(u){u&&(v(e),v(t),v(i)),r=!1,Ee(a)}}}function T$(n){let e,t,i={class:"overlay-panel-lg log-panel",$$slots:{footer:[S$],header:[w$],default:[v$]},$$scope:{ctx:n}};return e=new nn({props:i}),n[11](e),e.$on("hide",n[7]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,[l]){const o={};l&4194330&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[11](null),j(e,s)}}}const dp="log_view";function $$(n,e,t){let i;const s=wt();let l,o={},r=!1;function a($){return f($).then(T=>{t(1,o=T),h()}),l==null?void 0:l.show()}function u(){return _e.cancelRequest(dp),l==null?void 0:l.hide()}async function f($){if($&&typeof $!="string")return t(3,r=!1),$;t(3,r=!0);let T={};try{T=await _e.logs.getOne($,{requestKey:dp})}catch(O){O.isAbort||(u(),console.warn("resolveModel:",O),Mi(`Unable to load log with id "${$}"`))}return t(3,r=!1),T}const c=["execTime","type","auth","authId","status","method","url","referer","remoteIP","userIP","userAgent","error","details"];function d($){if(!$)return[];let T=[];for(let E of c)typeof $[E]<"u"&&T.push(E);const O=Object.keys($);for(let E of O)T.includes(E)||T.push(E);return T}function m(){U.downloadJson(o,"log_"+o.created.replaceAll(/[-:\. ]/gi,"")+".json")}function h(){s("show",o)}function g(){s("hide",o),t(1,o={})}const _=()=>u(),k=()=>m();function S($){ne[$?"unshift":"push"](()=>{l=$,t(2,l)})}return n.$$.update=()=>{var $;n.$$.dirty&2&&t(4,i=(($=o.data)==null?void 0:$.type)=="request")},[u,o,l,r,i,d,m,g,a,_,k,S]}class C$ extends we{constructor(e){super(),ve(this,e,$$,T$,be,{show:8,hide:0})}get show(){return this.$$.ctx[8]}get hide(){return this.$$.ctx[0]}}function O$(n,e,t){const i=n.slice();return i[1]=e[t],i}function M$(n){let e;return{c(){e=b("code"),e.textContent=`${n[1].level}:${n[1].label}`,p(e,"class","txt-xs")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function E$(n){let e,t,i,s=ce(ck),l=[];for(let o=0;o{"class"in s&&t(0,i=s.class)},[i]}class Ey extends we{constructor(e){super(),ve(this,e,D$,E$,be,{class:0})}}function I$(n){let e,t,i,s,l,o,r,a,u,f,c;return t=new fe({props:{class:"form-field required",name:"logs.maxDays",$$slots:{default:[A$,({uniqueId:d})=>({23:d}),({uniqueId:d})=>d?8388608:0]},$$scope:{ctx:n}}}),s=new fe({props:{class:"form-field",name:"logs.minLevel",$$slots:{default:[P$,({uniqueId:d})=>({23:d}),({uniqueId:d})=>d?8388608:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field form-field-toggle",name:"logs.logIP",$$slots:{default:[N$,({uniqueId:d})=>({23:d}),({uniqueId:d})=>d?8388608:0]},$$scope:{ctx:n}}}),a=new fe({props:{class:"form-field form-field-toggle",name:"logs.logAuthId",$$slots:{default:[R$,({uniqueId:d})=>({23:d}),({uniqueId:d})=>d?8388608:0]},$$scope:{ctx:n}}}),{c(){e=b("form"),H(t.$$.fragment),i=C(),H(s.$$.fragment),l=C(),H(o.$$.fragment),r=C(),H(a.$$.fragment),p(e,"id",n[6]),p(e,"class","grid"),p(e,"autocomplete","off")},m(d,m){w(d,e,m),q(t,e,null),y(e,i),q(s,e,null),y(e,l),q(o,e,null),y(e,r),q(a,e,null),u=!0,f||(c=Y(e,"submit",it(n[7])),f=!0)},p(d,m){const h={};m&25165826&&(h.$$scope={dirty:m,ctx:d}),t.$set(h);const g={};m&25165826&&(g.$$scope={dirty:m,ctx:d}),s.$set(g);const _={};m&25165826&&(_.$$scope={dirty:m,ctx:d}),o.$set(_);const k={};m&25165826&&(k.$$scope={dirty:m,ctx:d}),a.$set(k)},i(d){u||(M(t.$$.fragment,d),M(s.$$.fragment,d),M(o.$$.fragment,d),M(a.$$.fragment,d),u=!0)},o(d){D(t.$$.fragment,d),D(s.$$.fragment,d),D(o.$$.fragment,d),D(a.$$.fragment,d),u=!1},d(d){d&&v(e),j(t),j(s),j(o),j(a),f=!1,c()}}}function L$(n){let e;return{c(){e=b("div"),e.innerHTML='
    ',p(e,"class","block txt-center")},m(t,i){w(t,e,i)},p:te,i:te,o:te,d(t){t&&v(e)}}}function A$(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Max days retention"),s=C(),l=b("input"),r=C(),a=b("div"),a.innerHTML="Set to 0 to disable logs persistence.",p(e,"for",i=n[23]),p(l,"type","number"),p(l,"id",o=n[23]),l.required=!0,p(a,"class","help-block")},m(c,d){w(c,e,d),y(e,t),w(c,s,d),w(c,l,d),me(l,n[1].logs.maxDays),w(c,r,d),w(c,a,d),u||(f=Y(l,"input",n[11]),u=!0)},p(c,d){d&8388608&&i!==(i=c[23])&&p(e,"for",i),d&8388608&&o!==(o=c[23])&&p(l,"id",o),d&2&&mt(l.value)!==c[1].logs.maxDays&&me(l,c[1].logs.maxDays)},d(c){c&&(v(e),v(s),v(l),v(r),v(a)),u=!1,f()}}}function P$(n){let e,t,i,s,l,o,r,a,u,f,c,d,m;return f=new Ey({}),{c(){e=b("label"),t=W("Min log level"),s=C(),l=b("input"),o=C(),r=b("div"),a=b("p"),a.textContent="Logs with level below the minimum will be ignored.",u=C(),H(f.$$.fragment),p(e,"for",i=n[23]),p(l,"type","number"),l.required=!0,p(l,"min","-100"),p(l,"max","100"),p(r,"class","help-block")},m(h,g){w(h,e,g),y(e,t),w(h,s,g),w(h,l,g),me(l,n[1].logs.minLevel),w(h,o,g),w(h,r,g),y(r,a),y(r,u),q(f,r,null),c=!0,d||(m=Y(l,"input",n[12]),d=!0)},p(h,g){(!c||g&8388608&&i!==(i=h[23]))&&p(e,"for",i),g&2&&mt(l.value)!==h[1].logs.minLevel&&me(l,h[1].logs.minLevel)},i(h){c||(M(f.$$.fragment,h),c=!0)},o(h){D(f.$$.fragment,h),c=!1},d(h){h&&(v(e),v(s),v(l),v(o),v(r)),j(f),d=!1,m()}}}function N$(n){let e,t,i,s,l,o,r,a;return{c(){e=b("input"),i=C(),s=b("label"),l=W("Enable IP logging"),p(e,"type","checkbox"),p(e,"id",t=n[23]),p(s,"for",o=n[23])},m(u,f){w(u,e,f),e.checked=n[1].logs.logIP,w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"change",n[13]),r=!0)},p(u,f){f&8388608&&t!==(t=u[23])&&p(e,"id",t),f&2&&(e.checked=u[1].logs.logIP),f&8388608&&o!==(o=u[23])&&p(s,"for",o)},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function R$(n){let e,t,i,s,l,o,r,a;return{c(){e=b("input"),i=C(),s=b("label"),l=W("Enable Auth Id logging"),p(e,"type","checkbox"),p(e,"id",t=n[23]),p(s,"for",o=n[23])},m(u,f){w(u,e,f),e.checked=n[1].logs.logAuthId,w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"change",n[14]),r=!0)},p(u,f){f&8388608&&t!==(t=u[23])&&p(e,"id",t),f&2&&(e.checked=u[1].logs.logAuthId),f&8388608&&o!==(o=u[23])&&p(s,"for",o)},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function F$(n){let e,t,i,s;const l=[L$,I$],o=[];function r(a,u){return a[4]?0:1}return e=r(n),t=o[e]=l[e](n),{c(){t.c(),i=ke()},m(a,u){o[e].m(a,u),w(a,i,u),s=!0},p(a,u){let f=e;e=r(a),e===f?o[e].p(a,u):(oe(),D(o[f],1,1,()=>{o[f]=null}),re(),t=o[e],t?t.p(a,u):(t=o[e]=l[e](a),t.c()),M(t,1),t.m(i.parentNode,i))},i(a){s||(M(t),s=!0)},o(a){D(t),s=!1},d(a){a&&v(i),o[e].d(a)}}}function q$(n){let e;return{c(){e=b("h4"),e.textContent="Logs settings"},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function j$(n){let e,t,i,s,l,o,r,a;return{c(){e=b("button"),t=b("span"),t.textContent="Cancel",i=C(),s=b("button"),l=b("span"),l.textContent="Save changes",p(t,"class","txt"),p(e,"type","button"),p(e,"class","btn btn-transparent"),e.disabled=n[3],p(l,"class","txt"),p(s,"type","submit"),p(s,"form",n[6]),p(s,"class","btn btn-expanded"),s.disabled=o=!n[5]||n[3],x(s,"btn-loading",n[3])},m(u,f){w(u,e,f),y(e,t),w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"click",n[0]),r=!0)},p(u,f){f&8&&(e.disabled=u[3]),f&40&&o!==(o=!u[5]||u[3])&&(s.disabled=o),f&8&&x(s,"btn-loading",u[3])},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function H$(n){let e,t,i={popup:!0,class:"superuser-panel",beforeHide:n[15],$$slots:{footer:[j$],header:[q$],default:[F$]},$$scope:{ctx:n}};return e=new nn({props:i}),n[16](e),e.$on("hide",n[17]),e.$on("show",n[18]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,[l]){const o={};l&8&&(o.beforeHide=s[15]),l&16777274&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[16](null),j(e,s)}}}function z$(n,e,t){let i,s;const l=wt(),o="logs_settings_"+U.randomString(3);let r,a=!1,u=!1,f={},c={};function d(){return h(),g(),r==null?void 0:r.show()}function m(){return r==null?void 0:r.hide()}function h(){Jt(),t(9,f={}),t(1,c=JSON.parse(JSON.stringify(f||{})))}async function g(){t(4,u=!0);try{const P=await _e.settings.getAll()||{};k(P)}catch(P){_e.error(P)}t(4,u=!1)}async function _(){if(s){t(3,a=!0);try{const P=await _e.settings.update(U.filterRedactedProps(c));k(P),t(3,a=!1),m(),tn("Successfully saved logs settings."),l("save",P)}catch(P){t(3,a=!1),_e.error(P)}}}function k(P={}){t(1,c={logs:(P==null?void 0:P.logs)||{}}),t(9,f=JSON.parse(JSON.stringify(c)))}function S(){c.logs.maxDays=mt(this.value),t(1,c)}function $(){c.logs.minLevel=mt(this.value),t(1,c)}function T(){c.logs.logIP=this.checked,t(1,c)}function O(){c.logs.logAuthId=this.checked,t(1,c)}const E=()=>!a;function L(P){ne[P?"unshift":"push"](()=>{r=P,t(2,r)})}function I(P){Le.call(this,n,P)}function A(P){Le.call(this,n,P)}return n.$$.update=()=>{n.$$.dirty&512&&t(10,i=JSON.stringify(f)),n.$$.dirty&1026&&t(5,s=i!=JSON.stringify(c))},[m,c,r,a,u,s,o,_,d,f,i,S,$,T,O,E,L,I,A]}class U$ extends we{constructor(e){super(),ve(this,e,z$,H$,be,{show:8,hide:0})}get show(){return this.$$.ctx[8]}get hide(){return this.$$.ctx[0]}}function V$(n){let e,t,i,s,l,o,r,a;return{c(){e=b("input"),i=C(),s=b("label"),l=W("Include requests by superusers"),p(e,"type","checkbox"),p(e,"id",t=n[25]),p(s,"for",o=n[25])},m(u,f){w(u,e,f),e.checked=n[2],w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"change",n[12]),r=!0)},p(u,f){f&33554432&&t!==(t=u[25])&&p(e,"id",t),f&4&&(e.checked=u[2]),f&33554432&&o!==(o=u[25])&&p(s,"for",o)},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function pp(n){let e,t,i;function s(o){n[14](o)}let l={filter:n[1],presets:n[6]};return n[5]!==void 0&&(l.zoom=n[5]),e=new r$({props:l}),ne.push(()=>ge(e,"zoom",s)),{c(){H(e.$$.fragment)},m(o,r){q(e,o,r),i=!0},p(o,r){const a={};r&2&&(a.filter=o[1]),r&64&&(a.presets=o[6]),!t&&r&32&&(t=!0,a.zoom=o[5],$e(()=>t=!1)),e.$set(a)},i(o){i||(M(e.$$.fragment,o),i=!0)},o(o){D(e.$$.fragment,o),i=!1},d(o){j(e,o)}}}function mp(n){let e,t,i,s;function l(a){n[15](a)}function o(a){n[16](a)}let r={presets:n[6]};return n[1]!==void 0&&(r.filter=n[1]),n[5]!==void 0&&(r.zoom=n[5]),e=new sS({props:r}),ne.push(()=>ge(e,"filter",l)),ne.push(()=>ge(e,"zoom",o)),e.$on("select",n[17]),{c(){H(e.$$.fragment)},m(a,u){q(e,a,u),s=!0},p(a,u){const f={};u&64&&(f.presets=a[6]),!t&&u&2&&(t=!0,f.filter=a[1],$e(()=>t=!1)),!i&&u&32&&(i=!0,f.zoom=a[5],$e(()=>i=!1)),e.$set(f)},i(a){s||(M(e.$$.fragment,a),s=!0)},o(a){D(e.$$.fragment,a),s=!1},d(a){j(e,a)}}}function B$(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S,$,T=n[4],O,E=n[4],L,I,A,P;u=new Pr({}),u.$on("refresh",n[11]),h=new fe({props:{class:"form-field form-field-toggle m-0",$$slots:{default:[V$,({uniqueId:z})=>({25:z}),({uniqueId:z})=>z?33554432:0]},$$scope:{ctx:n}}}),_=new Ar({props:{value:n[1],placeholder:"Search term or filter like `level > 0 && data.auth = 'guest'`",extraAutocompleteKeys:["level","message","data."]}}),_.$on("submit",n[13]),S=new Ey({props:{class:"block txt-sm txt-hint m-t-xs m-b-base"}});let N=pp(n),R=mp(n);return{c(){e=b("div"),t=b("header"),i=b("nav"),s=b("div"),l=W(n[7]),o=C(),r=b("button"),r.innerHTML='',a=C(),H(u.$$.fragment),f=C(),c=b("div"),d=C(),m=b("div"),H(h.$$.fragment),g=C(),H(_.$$.fragment),k=C(),H(S.$$.fragment),$=C(),N.c(),O=C(),R.c(),L=ke(),p(s,"class","breadcrumb-item"),p(i,"class","breadcrumbs"),p(r,"type","button"),p(r,"aria-label","Logs settings"),p(r,"class","btn btn-transparent btn-circle"),p(c,"class","flex-fill"),p(m,"class","inline-flex"),p(t,"class","page-header"),p(e,"class","page-header-wrapper m-b-0")},m(z,F){w(z,e,F),y(e,t),y(t,i),y(i,s),y(s,l),y(t,o),y(t,r),y(t,a),q(u,t,null),y(t,f),y(t,c),y(t,d),y(t,m),q(h,m,null),y(e,g),q(_,e,null),y(e,k),q(S,e,null),y(e,$),N.m(e,null),w(z,O,F),R.m(z,F),w(z,L,F),I=!0,A||(P=[Oe(Re.call(null,r,{text:"Logs settings",position:"right"})),Y(r,"click",n[10])],A=!0)},p(z,F){(!I||F&128)&&se(l,z[7]);const B={};F&100663300&&(B.$$scope={dirty:F,ctx:z}),h.$set(B);const J={};F&2&&(J.value=z[1]),_.$set(J),F&16&&be(T,T=z[4])?(oe(),D(N,1,1,te),re(),N=pp(z),N.c(),M(N,1),N.m(e,null)):N.p(z,F),F&16&&be(E,E=z[4])?(oe(),D(R,1,1,te),re(),R=mp(z),R.c(),M(R,1),R.m(L.parentNode,L)):R.p(z,F)},i(z){I||(M(u.$$.fragment,z),M(h.$$.fragment,z),M(_.$$.fragment,z),M(S.$$.fragment,z),M(N),M(R),I=!0)},o(z){D(u.$$.fragment,z),D(h.$$.fragment,z),D(_.$$.fragment,z),D(S.$$.fragment,z),D(N),D(R),I=!1},d(z){z&&(v(e),v(O),v(L)),j(u),j(h),j(_),j(S),N.d(z),R.d(z),A=!1,Ee(P)}}}function W$(n){let e,t,i,s,l,o;e=new oi({props:{$$slots:{default:[B$]},$$scope:{ctx:n}}});let r={};i=new C$({props:r}),n[18](i),i.$on("show",n[19]),i.$on("hide",n[20]);let a={};return l=new U$({props:a}),n[21](l),l.$on("save",n[8]),{c(){H(e.$$.fragment),t=C(),H(i.$$.fragment),s=C(),H(l.$$.fragment)},m(u,f){q(e,u,f),w(u,t,f),q(i,u,f),w(u,s,f),q(l,u,f),o=!0},p(u,[f]){const c={};f&67109119&&(c.$$scope={dirty:f,ctx:u}),e.$set(c);const d={};i.$set(d);const m={};l.$set(m)},i(u){o||(M(e.$$.fragment,u),M(i.$$.fragment,u),M(l.$$.fragment,u),o=!0)},o(u){D(e.$$.fragment,u),D(i.$$.fragment,u),D(l.$$.fragment,u),o=!1},d(u){u&&(v(t),v(s)),j(e,u),n[18](null),j(i,u),n[21](null),j(l,u)}}}const Wo="logId",hp="superuserRequests",_p="superuserLogRequests";function Y$(n,e,t){var R;let i,s,l;Ge(n,Ru,z=>t(22,s=z)),Ge(n,rn,z=>t(7,l=z)),En(rn,l="Logs",l);const o=new URLSearchParams(s);let r,a,u=1,f=o.get("filter")||"",c={},d=(o.get(hp)||((R=window.localStorage)==null?void 0:R.getItem(_p)))<<0,m=d;function h(){t(4,u++,u)}function g(z={}){let F={};F.filter=f||null,F[hp]=d<<0||null,U.replaceHashQueryParams(Object.assign(F,z))}const _=()=>a==null?void 0:a.show(),k=()=>h();function S(){d=this.checked,t(2,d)}const $=z=>t(1,f=z.detail);function T(z){c=z,t(5,c)}function O(z){f=z,t(1,f)}function E(z){c=z,t(5,c)}const L=z=>r==null?void 0:r.show(z==null?void 0:z.detail);function I(z){ne[z?"unshift":"push"](()=>{r=z,t(0,r)})}const A=z=>{var B;let F={};F[Wo]=((B=z.detail)==null?void 0:B.id)||null,U.replaceHashQueryParams(F)},P=()=>{let z={};z[Wo]=null,U.replaceHashQueryParams(z)};function N(z){ne[z?"unshift":"push"](()=>{a=z,t(3,a)})}return n.$$.update=()=>{var z;n.$$.dirty&1&&o.get(Wo)&&r&&r.show(o.get(Wo)),n.$$.dirty&4&&t(6,i=d?"":'data.auth!="_superusers"'),n.$$.dirty&516&&m!=d&&(t(9,m=d),(z=window.localStorage)==null||z.setItem(_p,d<<0),g()),n.$$.dirty&2&&typeof f<"u"&&g()},[r,f,d,a,u,c,i,l,h,m,_,k,S,$,T,O,E,L,I,A,P,N]}class K$ extends we{constructor(e){super(),ve(this,e,Y$,W$,be,{})}}function gp(n,e,t){const i=n.slice();return i[14]=e[t][0],i[15]=e[t][1],i}function bp(n){n[18]=n[19].default}function kp(n,e,t){const i=n.slice();return i[14]=e[t][0],i[15]=e[t][1],i[21]=t,i}function yp(n){let e;return{c(){e=b("hr"),p(e,"class","m-t-sm m-b-sm")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function J$(n){let e,t=n[15].label+"",i,s,l,o;function r(){return n[9](n[14])}return{c(){e=b("button"),i=W(t),s=C(),p(e,"type","button"),p(e,"class","sidebar-item"),x(e,"active",n[5]===n[14])},m(a,u){w(a,e,u),y(e,i),y(e,s),l||(o=Y(e,"click",r),l=!0)},p(a,u){n=a,u&8&&t!==(t=n[15].label+"")&&se(i,t),u&40&&x(e,"active",n[5]===n[14])},d(a){a&&v(e),l=!1,o()}}}function Z$(n){let e,t=n[15].label+"",i,s,l,o;return{c(){e=b("div"),i=W(t),s=C(),p(e,"class","sidebar-item disabled")},m(r,a){w(r,e,a),y(e,i),y(e,s),l||(o=Oe(Re.call(null,e,{position:"left",text:"Not enabled for the collection"})),l=!0)},p(r,a){a&8&&t!==(t=r[15].label+"")&&se(i,t)},d(r){r&&v(e),l=!1,o()}}}function vp(n,e){let t,i=e[21]===Object.keys(e[6]).length,s,l,o=i&&yp();function r(f,c){return f[15].disabled?Z$:J$}let a=r(e),u=a(e);return{key:n,first:null,c(){t=ke(),o&&o.c(),s=C(),u.c(),l=ke(),this.first=t},m(f,c){w(f,t,c),o&&o.m(f,c),w(f,s,c),u.m(f,c),w(f,l,c)},p(f,c){e=f,c&8&&(i=e[21]===Object.keys(e[6]).length),i?o||(o=yp(),o.c(),o.m(s.parentNode,s)):o&&(o.d(1),o=null),a===(a=r(e))&&u?u.p(e,c):(u.d(1),u=a(e),u&&(u.c(),u.m(l.parentNode,l)))},d(f){f&&(v(t),v(s),v(l)),o&&o.d(f),u.d(f)}}}function wp(n){let e,t,i,s={ctx:n,current:null,token:null,hasCatch:!1,pending:Q$,then:X$,catch:G$,value:19,blocks:[,,,]};return _f(t=n[15].component,s),{c(){e=ke(),s.block.c()},m(l,o){w(l,e,o),s.block.m(l,s.anchor=o),s.mount=()=>e.parentNode,s.anchor=e,i=!0},p(l,o){n=l,s.ctx=n,o&8&&t!==(t=n[15].component)&&_f(t,s)||rv(s,n,o)},i(l){i||(M(s.block),i=!0)},o(l){for(let o=0;o<3;o+=1){const r=s.blocks[o];D(r)}i=!1},d(l){l&&v(e),s.block.d(l),s.token=null,s=null}}}function G$(n){return{c:te,m:te,p:te,i:te,o:te,d:te}}function X$(n){bp(n);let e,t,i;return e=new n[18]({props:{collection:n[2]}}),{c(){H(e.$$.fragment),t=C()},m(s,l){q(e,s,l),w(s,t,l),i=!0},p(s,l){bp(s);const o={};l&4&&(o.collection=s[2]),e.$set(o)},i(s){i||(M(e.$$.fragment,s),i=!0)},o(s){D(e.$$.fragment,s),i=!1},d(s){s&&v(t),j(e,s)}}}function Q$(n){return{c:te,m:te,p:te,i:te,o:te,d:te}}function Sp(n,e){let t,i,s,l=e[5]===e[14]&&wp(e);return{key:n,first:null,c(){t=ke(),l&&l.c(),i=ke(),this.first=t},m(o,r){w(o,t,r),l&&l.m(o,r),w(o,i,r),s=!0},p(o,r){e=o,e[5]===e[14]?l?(l.p(e,r),r&40&&M(l,1)):(l=wp(e),l.c(),M(l,1),l.m(i.parentNode,i)):l&&(oe(),D(l,1,1,()=>{l=null}),re())},i(o){s||(M(l),s=!0)},o(o){D(l),s=!1},d(o){o&&(v(t),v(i)),l&&l.d(o)}}}function x$(n){let e,t,i,s=[],l=new Map,o,r,a=[],u=new Map,f,c=ce(Object.entries(n[3]));const d=g=>g[14];for(let g=0;gg[14];for(let g=0;gClose',p(e,"type","button"),p(e,"class","btn btn-transparent")},m(s,l){w(s,e,l),t||(i=Y(e,"click",n[8]),t=!0)},p:te,d(s){s&&v(e),t=!1,i()}}}function t8(n){let e,t,i={class:"docs-panel",$$slots:{footer:[e8],default:[x$]},$$scope:{ctx:n}};return e=new nn({props:i}),n[10](e),e.$on("hide",n[11]),e.$on("show",n[12]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,[l]){const o={};l&4194348&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[10](null),j(e,s)}}}function n8(n,e,t){const i={list:{label:"List/Search",component:$t(()=>import("./ListApiDocs-D97szj_n.js"),__vite__mapDeps([2,3,4]),import.meta.url)},view:{label:"View",component:$t(()=>import("./ViewApiDocs-wlifUl4N.js"),__vite__mapDeps([5,3]),import.meta.url)},create:{label:"Create",component:$t(()=>import("./CreateApiDocs-JPvR8N_9.js"),__vite__mapDeps([6,3]),import.meta.url)},update:{label:"Update",component:$t(()=>import("./UpdateApiDocs-DL1jPaKQ.js"),__vite__mapDeps([7,3]),import.meta.url)},delete:{label:"Delete",component:$t(()=>import("./DeleteApiDocs--Qfsn7Nc.js"),[],import.meta.url)},realtime:{label:"Realtime",component:$t(()=>import("./RealtimeApiDocs-DyIB7QDo.js"),[],import.meta.url)},batch:{label:"Batch",component:$t(()=>import("./BatchApiDocs-EBhE9vAi.js"),[],import.meta.url)}},s={"list-auth-methods":{label:"List auth methods",component:$t(()=>import("./AuthMethodsDocs-kTmmvbiv.js"),__vite__mapDeps([8,3]),import.meta.url)},"auth-with-password":{label:"Auth with password",component:$t(()=>import("./AuthWithPasswordDocs-DDzkR56i.js"),__vite__mapDeps([9,3]),import.meta.url)},"auth-with-oauth2":{label:"Auth with OAuth2",component:$t(()=>import("./AuthWithOAuth2Docs-DR-QIR8o.js"),__vite__mapDeps([10,3]),import.meta.url)},"auth-with-otp":{label:"Auth with OTP",component:$t(()=>import("./AuthWithOtpDocs-Bf-89h5e.js"),__vite__mapDeps([11,3]),import.meta.url)},refresh:{label:"Auth refresh",component:$t(()=>import("./AuthRefreshDocs-CN-JUWQG.js"),__vite__mapDeps([12,3]),import.meta.url)},verification:{label:"Verification",component:$t(()=>import("./VerificationDocs-1oXoO_6L.js"),[],import.meta.url)},"password-reset":{label:"Password reset",component:$t(()=>import("./PasswordResetDocs-C6_feDjW.js"),[],import.meta.url)},"email-change":{label:"Email change",component:$t(()=>import("./EmailChangeDocs-_bs_4G0n.js"),[],import.meta.url)}};let l,o={},r,a=[];a.length&&(r=Object.keys(a)[0]);function u(k){return t(2,o=k),c(Object.keys(a)[0]),l==null?void 0:l.show()}function f(){return l==null?void 0:l.hide()}function c(k){t(5,r=k)}const d=()=>f(),m=k=>c(k);function h(k){ne[k?"unshift":"push"](()=>{l=k,t(4,l)})}function g(k){Le.call(this,n,k)}function _(k){Le.call(this,n,k)}return n.$$.update=()=>{n.$$.dirty&12&&(o.type==="auth"?(t(3,a=Object.assign({},i,s)),t(3,a["auth-with-password"].disabled=!o.passwordAuth.enabled,a),t(3,a["auth-with-oauth2"].disabled=!o.oauth2.enabled,a),t(3,a["auth-with-otp"].disabled=!o.otp.enabled,a)):o.type==="view"?(t(3,a=Object.assign({},i)),delete a.create,delete a.update,delete a.delete,delete a.realtime,delete a.batch):t(3,a=Object.assign({},i)))},[f,c,o,a,l,r,i,u,d,m,h,g,_]}class i8 extends we{constructor(e){super(),ve(this,e,n8,t8,be,{show:7,hide:0,changeTab:1})}get show(){return this.$$.ctx[7]}get hide(){return this.$$.ctx[0]}get changeTab(){return this.$$.ctx[1]}}const l8=n=>({active:n&1}),Tp=n=>({active:n[0]});function $p(n){let e,t,i;const s=n[15].default,l=Nt(s,n,n[14],null);return{c(){e=b("div"),l&&l.c(),p(e,"class","accordion-content")},m(o,r){w(o,e,r),l&&l.m(e,null),i=!0},p(o,r){l&&l.p&&(!i||r&16384)&&Ft(l,s,o,o[14],i?Rt(s,o[14],r,null):qt(o[14]),null)},i(o){i||(M(l,o),o&&tt(()=>{i&&(t||(t=qe(e,ht,{delay:10,duration:150},!0)),t.run(1))}),i=!0)},o(o){D(l,o),o&&(t||(t=qe(e,ht,{delay:10,duration:150},!1)),t.run(0)),i=!1},d(o){o&&v(e),l&&l.d(o),o&&t&&t.end()}}}function s8(n){let e,t,i,s,l,o,r;const a=n[15].header,u=Nt(a,n,n[14],Tp);let f=n[0]&&$p(n);return{c(){e=b("div"),t=b("button"),u&&u.c(),i=C(),f&&f.c(),p(t,"type","button"),p(t,"class","accordion-header"),p(t,"draggable",n[2]),p(t,"aria-expanded",n[0]),x(t,"interactive",n[3]),p(e,"class",s="accordion "+(n[7]?"drag-over":"")+" "+n[1]),x(e,"active",n[0])},m(c,d){w(c,e,d),y(e,t),u&&u.m(t,null),y(e,i),f&&f.m(e,null),n[22](e),l=!0,o||(r=[Y(t,"click",it(n[17])),Y(t,"drop",it(n[18])),Y(t,"dragstart",n[19]),Y(t,"dragenter",n[20]),Y(t,"dragleave",n[21]),Y(t,"dragover",it(n[16]))],o=!0)},p(c,[d]){u&&u.p&&(!l||d&16385)&&Ft(u,a,c,c[14],l?Rt(a,c[14],d,l8):qt(c[14]),Tp),(!l||d&4)&&p(t,"draggable",c[2]),(!l||d&1)&&p(t,"aria-expanded",c[0]),(!l||d&8)&&x(t,"interactive",c[3]),c[0]?f?(f.p(c,d),d&1&&M(f,1)):(f=$p(c),f.c(),M(f,1),f.m(e,null)):f&&(oe(),D(f,1,1,()=>{f=null}),re()),(!l||d&130&&s!==(s="accordion "+(c[7]?"drag-over":"")+" "+c[1]))&&p(e,"class",s),(!l||d&131)&&x(e,"active",c[0])},i(c){l||(M(u,c),M(f),l=!0)},o(c){D(u,c),D(f),l=!1},d(c){c&&v(e),u&&u.d(c),f&&f.d(),n[22](null),o=!1,Ee(r)}}}function o8(n,e,t){let{$$slots:i={},$$scope:s}=e;const l=wt();let o,r,{class:a=""}=e,{draggable:u=!1}=e,{active:f=!1}=e,{interactive:c=!0}=e,{single:d=!1}=e,m=!1;function h(){return!!f}function g(){S(),t(0,f=!0),l("expand")}function _(){t(0,f=!1),clearTimeout(r),l("collapse")}function k(){l("toggle"),f?_():g()}function S(){if(d&&o.closest(".accordions")){const P=o.closest(".accordions").querySelectorAll(".accordion.active .accordion-header.interactive");for(const N of P)N.click()}}an(()=>()=>clearTimeout(r));function $(P){Le.call(this,n,P)}const T=()=>c&&k(),O=P=>{u&&(t(7,m=!1),S(),l("drop",P))},E=P=>u&&l("dragstart",P),L=P=>{u&&(t(7,m=!0),l("dragenter",P))},I=P=>{u&&(t(7,m=!1),l("dragleave",P))};function A(P){ne[P?"unshift":"push"](()=>{o=P,t(6,o)})}return n.$$set=P=>{"class"in P&&t(1,a=P.class),"draggable"in P&&t(2,u=P.draggable),"active"in P&&t(0,f=P.active),"interactive"in P&&t(3,c=P.interactive),"single"in P&&t(9,d=P.single),"$$scope"in P&&t(14,s=P.$$scope)},n.$$.update=()=>{n.$$.dirty&8257&&f&&(clearTimeout(r),t(13,r=setTimeout(()=>{o!=null&&o.scrollIntoViewIfNeeded?o.scrollIntoViewIfNeeded():o!=null&&o.scrollIntoView&&o.scrollIntoView({behavior:"smooth",block:"nearest"})},200)))},[f,a,u,c,k,S,o,m,l,d,h,g,_,r,s,i,$,T,O,E,L,I,A]}class zi extends we{constructor(e){super(),ve(this,e,o8,s8,be,{class:1,draggable:2,active:0,interactive:3,single:9,isExpanded:10,expand:11,collapse:12,toggle:4,collapseSiblings:5})}get isExpanded(){return this.$$.ctx[10]}get expand(){return this.$$.ctx[11]}get collapse(){return this.$$.ctx[12]}get toggle(){return this.$$.ctx[4]}get collapseSiblings(){return this.$$.ctx[5]}}function Cp(n,e,t){const i=n.slice();return i[25]=e[t],i}function Op(n,e,t){const i=n.slice();return i[25]=e[t],i}function Mp(n){let e,t,i=ce(n[3]),s=[];for(let l=0;l0&&Mp(n);return{c(){e=b("label"),t=W("Subject"),s=C(),l=b("input"),r=C(),c&&c.c(),a=ke(),p(e,"for",i=n[24]),p(l,"type","text"),p(l,"id",o=n[24]),p(l,"spellcheck","false"),l.required=!0},m(m,h){w(m,e,h),y(e,t),w(m,s,h),w(m,l,h),me(l,n[0].subject),w(m,r,h),c&&c.m(m,h),w(m,a,h),u||(f=Y(l,"input",n[14]),u=!0)},p(m,h){var g;h&16777216&&i!==(i=m[24])&&p(e,"for",i),h&16777216&&o!==(o=m[24])&&p(l,"id",o),h&1&&l.value!==m[0].subject&&me(l,m[0].subject),((g=m[3])==null?void 0:g.length)>0?c?c.p(m,h):(c=Mp(m),c.c(),c.m(a.parentNode,a)):c&&(c.d(1),c=null)},d(m){m&&(v(e),v(s),v(l),v(r),v(a)),c&&c.d(m),u=!1,f()}}}function a8(n){let e,t,i,s;return{c(){e=b("textarea"),p(e,"id",t=n[24]),p(e,"class","txt-mono"),p(e,"spellcheck","false"),p(e,"rows","14"),e.required=!0},m(l,o){w(l,e,o),me(e,n[0].body),i||(s=Y(e,"input",n[17]),i=!0)},p(l,o){o&16777216&&t!==(t=l[24])&&p(e,"id",t),o&1&&me(e,l[0].body)},i:te,o:te,d(l){l&&v(e),i=!1,s()}}}function u8(n){let e,t,i,s;function l(a){n[16](a)}var o=n[5];function r(a,u){let f={id:a[24],language:"html"};return a[0].body!==void 0&&(f.value=a[0].body),{props:f}}return o&&(e=Ht(o,r(n)),ne.push(()=>ge(e,"value",l))),{c(){e&&H(e.$$.fragment),i=ke()},m(a,u){e&&q(e,a,u),w(a,i,u),s=!0},p(a,u){if(u&32&&o!==(o=a[5])){if(e){oe();const f=e;D(f.$$.fragment,1,0,()=>{j(f,1)}),re()}o?(e=Ht(o,r(a)),ne.push(()=>ge(e,"value",l)),H(e.$$.fragment),M(e.$$.fragment,1),q(e,i.parentNode,i)):e=null}else if(o){const f={};u&16777216&&(f.id=a[24]),!t&&u&1&&(t=!0,f.value=a[0].body,$e(()=>t=!1)),e.$set(f)}},i(a){s||(e&&M(e.$$.fragment,a),s=!0)},o(a){e&&D(e.$$.fragment,a),s=!1},d(a){a&&v(i),e&&j(e,a)}}}function Dp(n){let e,t,i=ce(n[3]),s=[];for(let l=0;l0&&Dp(n);return{c(){e=b("label"),t=W("Body (HTML)"),s=C(),o.c(),r=C(),m&&m.c(),a=ke(),p(e,"for",i=n[24])},m(g,_){w(g,e,_),y(e,t),w(g,s,_),c[l].m(g,_),w(g,r,_),m&&m.m(g,_),w(g,a,_),u=!0},p(g,_){var S;(!u||_&16777216&&i!==(i=g[24]))&&p(e,"for",i);let k=l;l=d(g),l===k?c[l].p(g,_):(oe(),D(c[k],1,1,()=>{c[k]=null}),re(),o=c[l],o?o.p(g,_):(o=c[l]=f[l](g),o.c()),M(o,1),o.m(r.parentNode,r)),((S=g[3])==null?void 0:S.length)>0?m?m.p(g,_):(m=Dp(g),m.c(),m.m(a.parentNode,a)):m&&(m.d(1),m=null)},i(g){u||(M(o),u=!0)},o(g){D(o),u=!1},d(g){g&&(v(e),v(s),v(r),v(a)),c[l].d(g),m&&m.d(g)}}}function c8(n){let e,t,i,s;return e=new fe({props:{class:"form-field required",name:n[1]+".subject",$$slots:{default:[r8,({uniqueId:l})=>({24:l}),({uniqueId:l})=>l?16777216:0]},$$scope:{ctx:n}}}),i=new fe({props:{class:"form-field m-0 required",name:n[1]+".body",$$slots:{default:[f8,({uniqueId:l})=>({24:l}),({uniqueId:l})=>l?16777216:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment),t=C(),H(i.$$.fragment)},m(l,o){q(e,l,o),w(l,t,o),q(i,l,o),s=!0},p(l,o){const r={};o&2&&(r.name=l[1]+".subject"),o&1090519049&&(r.$$scope={dirty:o,ctx:l}),e.$set(r);const a={};o&2&&(a.name=l[1]+".body"),o&1090519145&&(a.$$scope={dirty:o,ctx:l}),i.$set(a)},i(l){s||(M(e.$$.fragment,l),M(i.$$.fragment,l),s=!0)},o(l){D(e.$$.fragment,l),D(i.$$.fragment,l),s=!1},d(l){l&&v(t),j(e,l),j(i,l)}}}function Lp(n){let e,t,i,s,l;return{c(){e=b("i"),p(e,"class","ri-error-warning-fill txt-danger")},m(o,r){w(o,e,r),i=!0,s||(l=Oe(Re.call(null,e,{text:"Has errors",position:"left"})),s=!0)},i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,Ct,{duration:150,start:.7},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ct,{duration:150,start:.7},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function d8(n){let e,t,i,s,l,o,r,a,u,f=n[7]&&Lp();return{c(){e=b("div"),t=b("i"),i=C(),s=b("span"),l=W(n[2]),o=C(),r=b("div"),a=C(),f&&f.c(),u=ke(),p(t,"class","ri-draft-line"),p(s,"class","txt"),p(e,"class","inline-flex"),p(r,"class","flex-fill")},m(c,d){w(c,e,d),y(e,t),y(e,i),y(e,s),y(s,l),w(c,o,d),w(c,r,d),w(c,a,d),f&&f.m(c,d),w(c,u,d)},p(c,d){d&4&&se(l,c[2]),c[7]?f?d&128&&M(f,1):(f=Lp(),f.c(),M(f,1),f.m(u.parentNode,u)):f&&(oe(),D(f,1,1,()=>{f=null}),re())},d(c){c&&(v(e),v(o),v(r),v(a),v(u)),f&&f.d(c)}}}function p8(n){let e,t;const i=[n[9]];let s={$$slots:{header:[d8],default:[c8]},$$scope:{ctx:n}};for(let l=0;lt(13,o=R));let{key:r}=e,{title:a}=e,{config:u={}}=e,{placeholders:f=[]}=e,c,d=Ap,m=!1;function h(){c==null||c.expand()}function g(){c==null||c.collapse()}function _(){c==null||c.collapseSiblings()}async function k(){d||m||(t(6,m=!0),t(5,d=(await $t(async()=>{const{default:R}=await import("./CodeEditor-CHQR53XK.js");return{default:R}},__vite__mapDeps([13,1]),import.meta.url)).default),Ap=d,t(6,m=!1))}function S(R){R=R.replace("*",""),U.copyToClipboard(R),Ks(`Copied ${R} to clipboard`,2e3)}k();function $(){u.subject=this.value,t(0,u)}const T=R=>S("{"+R+"}");function O(R){n.$$.not_equal(u.body,R)&&(u.body=R,t(0,u))}function E(){u.body=this.value,t(0,u)}const L=R=>S("{"+R+"}");function I(R){ne[R?"unshift":"push"](()=>{c=R,t(4,c)})}function A(R){Le.call(this,n,R)}function P(R){Le.call(this,n,R)}function N(R){Le.call(this,n,R)}return n.$$set=R=>{e=je(je({},e),Kt(R)),t(9,l=lt(e,s)),"key"in R&&t(1,r=R.key),"title"in R&&t(2,a=R.title),"config"in R&&t(0,u=R.config),"placeholders"in R&&t(3,f=R.placeholders)},n.$$.update=()=>{n.$$.dirty&8194&&t(7,i=!U.isEmpty(U.getNestedVal(o,r))),n.$$.dirty&3&&(u.enabled||Yn(r))},[u,r,a,f,c,d,m,i,S,l,h,g,_,o,$,T,O,E,L,I,A,P,N]}class h8 extends we{constructor(e){super(),ve(this,e,m8,p8,be,{key:1,title:2,config:0,placeholders:3,expand:10,collapse:11,collapseSiblings:12})}get expand(){return this.$$.ctx[10]}get collapse(){return this.$$.ctx[11]}get collapseSiblings(){return this.$$.ctx[12]}}function _8(n){let e,t,i,s,l,o,r,a,u,f,c,d;return{c(){e=b("label"),t=W(n[3]),i=W(" duration (in seconds)"),l=C(),o=b("input"),a=C(),u=b("div"),f=b("span"),f.textContent="Invalidate all previously issued tokens",p(e,"for",s=n[6]),p(o,"type","number"),p(o,"id",r=n[6]),o.required=!0,p(o,"placeholder","No change"),p(f,"class","link-primary"),x(f,"txt-success",!!n[1]),p(u,"class","help-block")},m(m,h){w(m,e,h),y(e,t),y(e,i),w(m,l,h),w(m,o,h),me(o,n[0]),w(m,a,h),w(m,u,h),y(u,f),c||(d=[Y(o,"input",n[4]),Y(f,"click",n[5])],c=!0)},p(m,h){h&8&&se(t,m[3]),h&64&&s!==(s=m[6])&&p(e,"for",s),h&64&&r!==(r=m[6])&&p(o,"id",r),h&1&&mt(o.value)!==m[0]&&me(o,m[0]),h&2&&x(f,"txt-success",!!m[1])},d(m){m&&(v(e),v(l),v(o),v(a),v(u)),c=!1,Ee(d)}}}function g8(n){let e,t;return e=new fe({props:{class:"form-field required",name:n[2]+".duration",$$slots:{default:[_8,({uniqueId:i})=>({6:i}),({uniqueId:i})=>i?64:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,[s]){const l={};s&4&&(l.name=i[2]+".duration"),s&203&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function b8(n,e,t){let{key:i}=e,{label:s}=e,{duration:l}=e,{secret:o}=e;function r(){l=mt(this.value),t(0,l)}const a=()=>{o?t(1,o=void 0):t(1,o=U.randomSecret(50))};return n.$$set=u=>{"key"in u&&t(2,i=u.key),"label"in u&&t(3,s=u.label),"duration"in u&&t(0,l=u.duration),"secret"in u&&t(1,o=u.secret)},[l,o,i,s,r,a]}class k8 extends we{constructor(e){super(),ve(this,e,b8,g8,be,{key:2,label:3,duration:0,secret:1})}}function Pp(n,e,t){const i=n.slice();return i[8]=e[t],i[9]=e,i[10]=t,i}function Np(n,e){let t,i,s,l,o,r;function a(c){e[5](c,e[8])}function u(c){e[6](c,e[8])}let f={key:e[8].key,label:e[8].label};return e[0][e[8].key].duration!==void 0&&(f.duration=e[0][e[8].key].duration),e[0][e[8].key].secret!==void 0&&(f.secret=e[0][e[8].key].secret),i=new k8({props:f}),ne.push(()=>ge(i,"duration",a)),ne.push(()=>ge(i,"secret",u)),{key:n,first:null,c(){t=b("div"),H(i.$$.fragment),o=C(),p(t,"class","col-sm-6"),this.first=t},m(c,d){w(c,t,d),q(i,t,null),y(t,o),r=!0},p(c,d){e=c;const m={};d&2&&(m.key=e[8].key),d&2&&(m.label=e[8].label),!s&&d&3&&(s=!0,m.duration=e[0][e[8].key].duration,$e(()=>s=!1)),!l&&d&3&&(l=!0,m.secret=e[0][e[8].key].secret,$e(()=>l=!1)),i.$set(m)},i(c){r||(M(i.$$.fragment,c),r=!0)},o(c){D(i.$$.fragment,c),r=!1},d(c){c&&v(t),j(i)}}}function y8(n){let e,t=[],i=new Map,s,l=ce(n[1]);const o=r=>r[8].key;for(let r=0;r{i&&(t||(t=qe(e,Ct,{duration:150,start:.7},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ct,{duration:150,start:.7},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function v8(n){let e,t,i,s,l,o=n[2]&&Rp();return{c(){e=b("div"),e.innerHTML=' Tokens options (invalidate, duration)',t=C(),i=b("div"),s=C(),o&&o.c(),l=ke(),p(e,"class","inline-flex"),p(i,"class","flex-fill")},m(r,a){w(r,e,a),w(r,t,a),w(r,i,a),w(r,s,a),o&&o.m(r,a),w(r,l,a)},p(r,a){r[2]?o?a&4&&M(o,1):(o=Rp(),o.c(),M(o,1),o.m(l.parentNode,l)):o&&(oe(),D(o,1,1,()=>{o=null}),re())},d(r){r&&(v(e),v(t),v(i),v(s),v(l)),o&&o.d(r)}}}function w8(n){let e,t;return e=new zi({props:{single:!0,$$slots:{header:[v8],default:[y8]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,[s]){const l={};s&2055&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function S8(n,e,t){let i,s,l;Ge(n,$n,c=>t(4,l=c));let{collection:o}=e,r=[];function a(c){if(U.isEmpty(c))return!1;for(let d of r)if(c[d.key])return!0;return!1}function u(c,d){n.$$.not_equal(o[d.key].duration,c)&&(o[d.key].duration=c,t(0,o))}function f(c,d){n.$$.not_equal(o[d.key].secret,c)&&(o[d.key].secret=c,t(0,o))}return n.$$set=c=>{"collection"in c&&t(0,o=c.collection)},n.$$.update=()=>{n.$$.dirty&1&&t(3,i=(o==null?void 0:o.system)&&(o==null?void 0:o.name)==="_superusers"),n.$$.dirty&8&&t(1,r=i?[{key:"authToken",label:"Auth"},{key:"passwordResetToken",label:"Password reset"},{key:"fileToken",label:"Protected file access"}]:[{key:"authToken",label:"Auth"},{key:"verificationToken",label:"Email verification"},{key:"passwordResetToken",label:"Password reset"},{key:"emailChangeToken",label:"Email change"},{key:"fileToken",label:"Protected file access"}]),n.$$.dirty&16&&t(2,s=a(l))},[o,r,s,i,l,u,f]}class T8 extends we{constructor(e){super(),ve(this,e,S8,w8,be,{collection:0})}}const $8=n=>({isSuperuserOnly:n&2048}),Fp=n=>({isSuperuserOnly:n[11]}),C8=n=>({isSuperuserOnly:n&2048}),qp=n=>({isSuperuserOnly:n[11]}),O8=n=>({isSuperuserOnly:n&2048}),jp=n=>({isSuperuserOnly:n[11]});function M8(n){let e,t;return e=new fe({props:{class:"form-field rule-field "+(n[4]?"requied":"")+" "+(n[11]?"disabled":""),name:n[3],$$slots:{default:[D8,({uniqueId:i})=>({21:i}),({uniqueId:i})=>i?2097152:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s&2064&&(l.class="form-field rule-field "+(i[4]?"requied":"")+" "+(i[11]?"disabled":"")),s&8&&(l.name=i[3]),s&2362855&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function E8(n){let e;return{c(){e=b("div"),e.innerHTML='',p(e,"class","txt-center")},m(t,i){w(t,e,i)},p:te,i:te,o:te,d(t){t&&v(e)}}}function Hp(n){let e,t,i,s,l,o;return{c(){e=b("button"),t=b("i"),i=C(),s=b("span"),s.textContent="Set Superusers only",p(t,"class","ri-lock-line"),p(t,"aria-hidden","true"),p(s,"class","txt"),p(e,"type","button"),p(e,"class","btn btn-sm btn-transparent btn-hint lock-toggle svelte-dnx4io"),p(e,"aria-hidden",n[10]),e.disabled=n[10]},m(r,a){w(r,e,a),y(e,t),y(e,i),y(e,s),l||(o=Y(e,"click",n[13]),l=!0)},p(r,a){a&1024&&p(e,"aria-hidden",r[10]),a&1024&&(e.disabled=r[10])},d(r){r&&v(e),l=!1,o()}}}function zp(n){let e,t,i,s,l,o,r,a=!n[10]&&Up();return{c(){e=b("button"),a&&a.c(),t=C(),i=b("div"),i.innerHTML='',p(i,"class","icon svelte-dnx4io"),p(i,"aria-hidden","true"),p(e,"type","button"),p(e,"class","unlock-overlay svelte-dnx4io"),e.disabled=n[10],p(e,"aria-hidden",n[10])},m(u,f){w(u,e,f),a&&a.m(e,null),y(e,t),y(e,i),l=!0,o||(r=Y(e,"click",n[12]),o=!0)},p(u,f){u[10]?a&&(a.d(1),a=null):a||(a=Up(),a.c(),a.m(e,t)),(!l||f&1024)&&(e.disabled=u[10]),(!l||f&1024)&&p(e,"aria-hidden",u[10])},i(u){l||(u&&tt(()=>{l&&(s||(s=qe(e,Ct,{duration:150,start:.98},!0)),s.run(1))}),l=!0)},o(u){u&&(s||(s=qe(e,Ct,{duration:150,start:.98},!1)),s.run(0)),l=!1},d(u){u&&v(e),a&&a.d(),u&&s&&s.end(),o=!1,r()}}}function Up(n){let e;return{c(){e=b("small"),e.textContent="Unlock and set custom rule",p(e,"class","txt svelte-dnx4io")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function D8(n){let e,t,i,s,l,o,r=n[11]?"- Superusers only":"",a,u,f,c,d,m,h,g,_,k,S,$,T,O;const E=n[15].beforeLabel,L=Nt(E,n,n[18],jp),I=n[15].afterLabel,A=Nt(I,n,n[18],qp);let P=n[5]&&!n[11]&&Hp(n);function N(V){n[17](V)}var R=n[8];function z(V,Z){let G={id:V[21],baseCollection:V[1],disabled:V[10]||V[11],placeholder:V[11]?"":V[6]};return V[0]!==void 0&&(G.value=V[0]),{props:G}}R&&(m=Ht(R,z(n)),n[16](m),ne.push(()=>ge(m,"value",N)));let F=n[5]&&n[11]&&zp(n);const B=n[15].default,J=Nt(B,n,n[18],Fp);return{c(){e=b("div"),t=b("label"),L&&L.c(),i=C(),s=b("span"),l=W(n[2]),o=C(),a=W(r),u=C(),A&&A.c(),f=C(),P&&P.c(),d=C(),m&&H(m.$$.fragment),g=C(),F&&F.c(),k=C(),S=b("div"),J&&J.c(),p(s,"class","txt"),x(s,"txt-hint",n[11]),p(t,"for",c=n[21]),p(e,"class","input-wrapper svelte-dnx4io"),p(S,"class","help-block")},m(V,Z){w(V,e,Z),y(e,t),L&&L.m(t,null),y(t,i),y(t,s),y(s,l),y(s,o),y(s,a),y(t,u),A&&A.m(t,null),y(t,f),P&&P.m(t,null),y(e,d),m&&q(m,e,null),y(e,g),F&&F.m(e,null),w(V,k,Z),w(V,S,Z),J&&J.m(S,null),$=!0,T||(O=Oe(_=Re.call(null,e,n[1].system?{text:"System collection rule cannot be changed.",position:"top"}:void 0)),T=!0)},p(V,Z){if(L&&L.p&&(!$||Z&264192)&&Ft(L,E,V,V[18],$?Rt(E,V[18],Z,O8):qt(V[18]),jp),(!$||Z&4)&&se(l,V[2]),(!$||Z&2048)&&r!==(r=V[11]?"- Superusers only":"")&&se(a,r),(!$||Z&2048)&&x(s,"txt-hint",V[11]),A&&A.p&&(!$||Z&264192)&&Ft(A,I,V,V[18],$?Rt(I,V[18],Z,C8):qt(V[18]),qp),V[5]&&!V[11]?P?P.p(V,Z):(P=Hp(V),P.c(),P.m(t,null)):P&&(P.d(1),P=null),(!$||Z&2097152&&c!==(c=V[21]))&&p(t,"for",c),Z&256&&R!==(R=V[8])){if(m){oe();const G=m;D(G.$$.fragment,1,0,()=>{j(G,1)}),re()}R?(m=Ht(R,z(V)),V[16](m),ne.push(()=>ge(m,"value",N)),H(m.$$.fragment),M(m.$$.fragment,1),q(m,e,g)):m=null}else if(R){const G={};Z&2097152&&(G.id=V[21]),Z&2&&(G.baseCollection=V[1]),Z&3072&&(G.disabled=V[10]||V[11]),Z&2112&&(G.placeholder=V[11]?"":V[6]),!h&&Z&1&&(h=!0,G.value=V[0],$e(()=>h=!1)),m.$set(G)}V[5]&&V[11]?F?(F.p(V,Z),Z&2080&&M(F,1)):(F=zp(V),F.c(),M(F,1),F.m(e,null)):F&&(oe(),D(F,1,1,()=>{F=null}),re()),_&&Lt(_.update)&&Z&2&&_.update.call(null,V[1].system?{text:"System collection rule cannot be changed.",position:"top"}:void 0),J&&J.p&&(!$||Z&264192)&&Ft(J,B,V,V[18],$?Rt(B,V[18],Z,$8):qt(V[18]),Fp)},i(V){$||(M(L,V),M(A,V),m&&M(m.$$.fragment,V),M(F),M(J,V),$=!0)},o(V){D(L,V),D(A,V),m&&D(m.$$.fragment,V),D(F),D(J,V),$=!1},d(V){V&&(v(e),v(k),v(S)),L&&L.d(V),A&&A.d(V),P&&P.d(),n[16](null),m&&j(m),F&&F.d(),J&&J.d(V),T=!1,O()}}}function I8(n){let e,t,i,s;const l=[E8,M8],o=[];function r(a,u){return a[9]?0:1}return e=r(n),t=o[e]=l[e](n),{c(){t.c(),i=ke()},m(a,u){o[e].m(a,u),w(a,i,u),s=!0},p(a,[u]){let f=e;e=r(a),e===f?o[e].p(a,u):(oe(),D(o[f],1,1,()=>{o[f]=null}),re(),t=o[e],t?t.p(a,u):(t=o[e]=l[e](a),t.c()),M(t,1),t.m(i.parentNode,i))},i(a){s||(M(t),s=!0)},o(a){D(t),s=!1},d(a){a&&v(i),o[e].d(a)}}}let Vp;function L8(n,e,t){let i,s,{$$slots:l={},$$scope:o}=e,{collection:r=null}=e,{rule:a=null}=e,{label:u="Rule"}=e,{formKey:f="rule"}=e,{required:c=!1}=e,{disabled:d=!1}=e,{superuserToggle:m=!0}=e,{placeholder:h="Leave empty to grant everyone access..."}=e,g=null,_=null,k=Vp,S=!1;$();async function $(){k||S||(t(9,S=!0),t(8,k=(await $t(async()=>{const{default:I}=await import("./FilterAutocompleteInput-CBf9aYgb.js");return{default:I}},__vite__mapDeps([0,1]),import.meta.url)).default),Vp=k,t(9,S=!1))}async function T(){t(0,a=_||""),await _n(),g==null||g.focus()}function O(){_=a,t(0,a=null)}function E(I){ne[I?"unshift":"push"](()=>{g=I,t(7,g)})}function L(I){a=I,t(0,a)}return n.$$set=I=>{"collection"in I&&t(1,r=I.collection),"rule"in I&&t(0,a=I.rule),"label"in I&&t(2,u=I.label),"formKey"in I&&t(3,f=I.formKey),"required"in I&&t(4,c=I.required),"disabled"in I&&t(14,d=I.disabled),"superuserToggle"in I&&t(5,m=I.superuserToggle),"placeholder"in I&&t(6,h=I.placeholder),"$$scope"in I&&t(18,o=I.$$scope)},n.$$.update=()=>{n.$$.dirty&33&&t(11,i=m&&a===null),n.$$.dirty&16386&&t(10,s=d||r.system)},[a,r,u,f,c,m,h,g,k,S,s,i,T,O,d,l,E,L,o]}class ll extends we{constructor(e){super(),ve(this,e,L8,I8,be,{collection:1,rule:0,label:2,formKey:3,required:4,disabled:14,superuserToggle:5,placeholder:6})}}function A8(n){let e,t,i,s,l,o,r,a;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),l.textContent="Enable",p(e,"type","checkbox"),p(e,"id",t=n[5]),p(l,"class","txt"),p(s,"for",o=n[5])},m(u,f){w(u,e,f),e.checked=n[0].mfa.enabled,w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"change",n[3]),r=!0)},p(u,f){f&32&&t!==(t=u[5])&&p(e,"id",t),f&1&&(e.checked=u[0].mfa.enabled),f&32&&o!==(o=u[5])&&p(s,"for",o)},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function P8(n){let e,t,i,s,l;return{c(){e=b("p"),e.textContent="This optional rule could be used to enable/disable MFA per account basis.",t=C(),i=b("p"),i.innerHTML=`For example, to require MFA only for accounts with non-empty email you can set it to + email != ''.`,s=C(),l=b("p"),l.textContent="Leave the rule empty to require MFA for everyone."},m(o,r){w(o,e,r),w(o,t,r),w(o,i,r),w(o,s,r),w(o,l,r)},p:te,d(o){o&&(v(e),v(t),v(i),v(s),v(l))}}}function N8(n){let e,t,i,s,l,o,r,a,u;s=new fe({props:{class:"form-field form-field-toggle",name:"mfa.enabled",$$slots:{default:[A8,({uniqueId:d})=>({5:d}),({uniqueId:d})=>d?32:0]},$$scope:{ctx:n}}});function f(d){n[4](d)}let c={label:"MFA rule",formKey:"mfa.rule",superuserToggle:!1,disabled:!n[0].mfa.enabled,placeholder:"Leave empty to require MFA for everyone",collection:n[0],$$slots:{default:[P8]},$$scope:{ctx:n}};return n[0].mfa.rule!==void 0&&(c.rule=n[0].mfa.rule),r=new ll({props:c}),ne.push(()=>ge(r,"rule",f)),{c(){e=b("div"),e.innerHTML=`

    This feature is experimental and may change in the future.

    `,t=C(),i=b("div"),H(s.$$.fragment),l=C(),o=b("div"),H(r.$$.fragment),p(e,"class","content m-b-sm"),p(o,"class","content"),x(o,"fade",!n[0].mfa.enabled),p(i,"class","grid")},m(d,m){w(d,e,m),w(d,t,m),w(d,i,m),q(s,i,null),y(i,l),y(i,o),q(r,o,null),u=!0},p(d,m){const h={};m&97&&(h.$$scope={dirty:m,ctx:d}),s.$set(h);const g={};m&1&&(g.disabled=!d[0].mfa.enabled),m&1&&(g.collection=d[0]),m&64&&(g.$$scope={dirty:m,ctx:d}),!a&&m&1&&(a=!0,g.rule=d[0].mfa.rule,$e(()=>a=!1)),r.$set(g),(!u||m&1)&&x(o,"fade",!d[0].mfa.enabled)},i(d){u||(M(s.$$.fragment,d),M(r.$$.fragment,d),u=!0)},o(d){D(s.$$.fragment,d),D(r.$$.fragment,d),u=!1},d(d){d&&(v(e),v(t),v(i)),j(s),j(r)}}}function R8(n){let e;return{c(){e=b("span"),e.textContent="Disabled",p(e,"class","label")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function F8(n){let e;return{c(){e=b("span"),e.textContent="Enabled",p(e,"class","label label-success")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function Bp(n){let e,t,i,s,l;return{c(){e=b("i"),p(e,"class","ri-error-warning-fill txt-danger")},m(o,r){w(o,e,r),i=!0,s||(l=Oe(Re.call(null,e,{text:"Has errors",position:"left"})),s=!0)},i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,Ct,{duration:150,start:.7},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ct,{duration:150,start:.7},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function q8(n){let e,t,i,s,l,o;function r(c,d){return c[0].mfa.enabled?F8:R8}let a=r(n),u=a(n),f=n[1]&&Bp();return{c(){e=b("div"),e.innerHTML=' Multi-factor authentication (MFA)',t=C(),i=b("div"),s=C(),u.c(),l=C(),f&&f.c(),o=ke(),p(e,"class","inline-flex"),p(i,"class","flex-fill")},m(c,d){w(c,e,d),w(c,t,d),w(c,i,d),w(c,s,d),u.m(c,d),w(c,l,d),f&&f.m(c,d),w(c,o,d)},p(c,d){a!==(a=r(c))&&(u.d(1),u=a(c),u&&(u.c(),u.m(l.parentNode,l))),c[1]?f?d&2&&M(f,1):(f=Bp(),f.c(),M(f,1),f.m(o.parentNode,o)):f&&(oe(),D(f,1,1,()=>{f=null}),re())},d(c){c&&(v(e),v(t),v(i),v(s),v(l),v(o)),u.d(c),f&&f.d(c)}}}function j8(n){let e,t;return e=new zi({props:{single:!0,$$slots:{header:[q8],default:[N8]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,[s]){const l={};s&67&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function H8(n,e,t){let i,s;Ge(n,$n,a=>t(2,s=a));let{collection:l}=e;function o(){l.mfa.enabled=this.checked,t(0,l)}function r(a){n.$$.not_equal(l.mfa.rule,a)&&(l.mfa.rule=a,t(0,l))}return n.$$set=a=>{"collection"in a&&t(0,l=a.collection)},n.$$.update=()=>{n.$$.dirty&4&&t(1,i=!U.isEmpty(s==null?void 0:s.mfa))},[l,i,s,o,r]}class z8 extends we{constructor(e){super(),ve(this,e,H8,j8,be,{collection:0})}}const U8=n=>({}),Wp=n=>({});function Yp(n,e,t){const i=n.slice();return i[50]=e[t],i}const V8=n=>({}),Kp=n=>({});function Jp(n,e,t){const i=n.slice();return i[50]=e[t],i[54]=t,i}function Zp(n){let e,t,i;return{c(){e=b("div"),t=W(n[2]),i=C(),p(e,"class","block txt-placeholder"),x(e,"link-hint",!n[5]&&!n[6])},m(s,l){w(s,e,l),y(e,t),y(e,i)},p(s,l){l[0]&4&&se(t,s[2]),l[0]&96&&x(e,"link-hint",!s[5]&&!s[6])},d(s){s&&v(e)}}}function B8(n){let e,t=n[50]+"",i;return{c(){e=b("span"),i=W(t),p(e,"class","txt")},m(s,l){w(s,e,l),y(e,i)},p(s,l){l[0]&1&&t!==(t=s[50]+"")&&se(i,t)},i:te,o:te,d(s){s&&v(e)}}}function W8(n){let e,t,i;const s=[{item:n[50]},n[11]];var l=n[10];function o(r,a){let u={};for(let f=0;f{j(u,1)}),re()}l?(e=Ht(l,o(r,a)),H(e.$$.fragment),M(e.$$.fragment,1),q(e,t.parentNode,t)):e=null}else if(l){const u=a[0]&2049?vt(s,[a[0]&1&&{item:r[50]},a[0]&2048&&At(r[11])]):{};e.$set(u)}},i(r){i||(e&&M(e.$$.fragment,r),i=!0)},o(r){e&&D(e.$$.fragment,r),i=!1},d(r){r&&v(t),e&&j(e,r)}}}function Gp(n){let e,t,i;function s(){return n[37](n[50])}return{c(){e=b("span"),e.innerHTML='',p(e,"class","clear")},m(l,o){w(l,e,o),t||(i=[Oe(Re.call(null,e,"Clear")),Y(e,"click",en(it(s)))],t=!0)},p(l,o){n=l},d(l){l&&v(e),t=!1,Ee(i)}}}function Xp(n){let e,t,i,s,l,o;const r=[W8,B8],a=[];function u(c,d){return c[10]?0:1}t=u(n),i=a[t]=r[t](n);let f=(n[4]||n[8])&&Gp(n);return{c(){e=b("div"),i.c(),s=C(),f&&f.c(),l=C(),p(e,"class","option")},m(c,d){w(c,e,d),a[t].m(e,null),y(e,s),f&&f.m(e,null),y(e,l),o=!0},p(c,d){let m=t;t=u(c),t===m?a[t].p(c,d):(oe(),D(a[m],1,1,()=>{a[m]=null}),re(),i=a[t],i?i.p(c,d):(i=a[t]=r[t](c),i.c()),M(i,1),i.m(e,s)),c[4]||c[8]?f?f.p(c,d):(f=Gp(c),f.c(),f.m(e,l)):f&&(f.d(1),f=null)},i(c){o||(M(i),o=!0)},o(c){D(i),o=!1},d(c){c&&v(e),a[t].d(),f&&f.d()}}}function Qp(n){let e,t,i={class:"dropdown dropdown-block options-dropdown dropdown-left "+(n[7]?"dropdown-upside":""),trigger:n[20],$$slots:{default:[J8]},$$scope:{ctx:n}};return e=new Dn({props:i}),n[42](e),e.$on("show",n[26]),e.$on("hide",n[43]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,l){const o={};l[0]&128&&(o.class="dropdown dropdown-block options-dropdown dropdown-left "+(s[7]?"dropdown-upside":"")),l[0]&1048576&&(o.trigger=s[20]),l[0]&6451722|l[1]&16384&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[42](null),j(e,s)}}}function xp(n){let e,t,i,s,l,o,r,a,u=n[17].length&&em(n);return{c(){e=b("div"),t=b("label"),i=b("div"),i.innerHTML='',s=C(),l=b("input"),o=C(),u&&u.c(),p(i,"class","addon p-r-0"),l.autofocus=!0,p(l,"type","text"),p(l,"placeholder",n[3]),p(t,"class","input-group"),p(e,"class","form-field form-field-sm options-search")},m(f,c){w(f,e,c),y(e,t),y(t,i),y(t,s),y(t,l),me(l,n[17]),y(t,o),u&&u.m(t,null),l.focus(),r||(a=Y(l,"input",n[39]),r=!0)},p(f,c){c[0]&8&&p(l,"placeholder",f[3]),c[0]&131072&&l.value!==f[17]&&me(l,f[17]),f[17].length?u?u.p(f,c):(u=em(f),u.c(),u.m(t,null)):u&&(u.d(1),u=null)},d(f){f&&v(e),u&&u.d(),r=!1,a()}}}function em(n){let e,t,i,s;return{c(){e=b("div"),t=b("button"),t.innerHTML='',p(t,"type","button"),p(t,"class","btn btn-sm btn-circle btn-transparent clear"),p(e,"class","addon suffix p-r-5")},m(l,o){w(l,e,o),y(e,t),i||(s=Y(t,"click",en(it(n[23]))),i=!0)},p:te,d(l){l&&v(e),i=!1,s()}}}function tm(n){let e,t=n[1]&&nm(n);return{c(){t&&t.c(),e=ke()},m(i,s){t&&t.m(i,s),w(i,e,s)},p(i,s){i[1]?t?t.p(i,s):(t=nm(i),t.c(),t.m(e.parentNode,e)):t&&(t.d(1),t=null)},d(i){i&&v(e),t&&t.d(i)}}}function nm(n){let e,t;return{c(){e=b("div"),t=W(n[1]),p(e,"class","txt-missing")},m(i,s){w(i,e,s),y(e,t)},p(i,s){s[0]&2&&se(t,i[1])},d(i){i&&v(e)}}}function Y8(n){let e=n[50]+"",t;return{c(){t=W(e)},m(i,s){w(i,t,s)},p(i,s){s[0]&4194304&&e!==(e=i[50]+"")&&se(t,e)},i:te,o:te,d(i){i&&v(t)}}}function K8(n){let e,t,i;const s=[{item:n[50]},n[13]];var l=n[12];function o(r,a){let u={};for(let f=0;f{j(u,1)}),re()}l?(e=Ht(l,o(r,a)),H(e.$$.fragment),M(e.$$.fragment,1),q(e,t.parentNode,t)):e=null}else if(l){const u=a[0]&4202496?vt(s,[a[0]&4194304&&{item:r[50]},a[0]&8192&&At(r[13])]):{};e.$set(u)}},i(r){i||(e&&M(e.$$.fragment,r),i=!0)},o(r){e&&D(e.$$.fragment,r),i=!1},d(r){r&&v(t),e&&j(e,r)}}}function im(n){let e,t,i,s,l,o,r;const a=[K8,Y8],u=[];function f(m,h){return m[12]?0:1}t=f(n),i=u[t]=a[t](n);function c(...m){return n[40](n[50],...m)}function d(...m){return n[41](n[50],...m)}return{c(){e=b("div"),i.c(),s=C(),p(e,"tabindex","0"),p(e,"class","dropdown-item option"),p(e,"role","menuitem"),x(e,"closable",n[9]),x(e,"selected",n[21](n[50]))},m(m,h){w(m,e,h),u[t].m(e,null),y(e,s),l=!0,o||(r=[Y(e,"click",c),Y(e,"keydown",d)],o=!0)},p(m,h){n=m;let g=t;t=f(n),t===g?u[t].p(n,h):(oe(),D(u[g],1,1,()=>{u[g]=null}),re(),i=u[t],i?i.p(n,h):(i=u[t]=a[t](n),i.c()),M(i,1),i.m(e,s)),(!l||h[0]&512)&&x(e,"closable",n[9]),(!l||h[0]&6291456)&&x(e,"selected",n[21](n[50]))},i(m){l||(M(i),l=!0)},o(m){D(i),l=!1},d(m){m&&v(e),u[t].d(),o=!1,Ee(r)}}}function J8(n){let e,t,i,s,l,o=n[14]&&xp(n);const r=n[36].beforeOptions,a=Nt(r,n,n[45],Kp);let u=ce(n[22]),f=[];for(let g=0;gD(f[g],1,1,()=>{f[g]=null});let d=null;u.length||(d=tm(n));const m=n[36].afterOptions,h=Nt(m,n,n[45],Wp);return{c(){o&&o.c(),e=C(),a&&a.c(),t=C(),i=b("div");for(let g=0;gD(a[d],1,1,()=>{a[d]=null});let f=null;r.length||(f=Zp(n));let c=!n[5]&&!n[6]&&Qp(n);return{c(){e=b("div"),t=b("div");for(let d=0;d{c=null}),re()),(!o||m[0]&32768&&l!==(l="select "+d[15]))&&p(e,"class",l),(!o||m[0]&32896)&&x(e,"upside",d[7]),(!o||m[0]&32784)&&x(e,"multiple",d[4]),(!o||m[0]&32800)&&x(e,"disabled",d[5]),(!o||m[0]&32832)&&x(e,"readonly",d[6])},i(d){if(!o){for(let m=0;md?[]:void 0}=e,{selected:k=_()}=e,{toggle:S=d}=e,{closable:$=!0}=e,{labelComponent:T=void 0}=e,{labelComponentProps:O={}}=e,{optionComponent:E=void 0}=e,{optionComponentProps:L={}}=e,{searchable:I=!1}=e,{searchFunc:A=void 0}=e;const P=wt();let{class:N=""}=e,R,z="",F,B;function J(Te){if(U.isEmpty(k))return;let nt=U.toArray(k);U.inArray(nt,Te)&&(U.removeByValue(nt,Te),t(0,k=d?nt:(nt==null?void 0:nt[0])||_())),P("change",{selected:k}),F==null||F.dispatchEvent(new CustomEvent("change",{detail:k,bubbles:!0}))}function V(Te){if(d){let nt=U.toArray(k);U.inArray(nt,Te)||t(0,k=[...nt,Te])}else t(0,k=Te);P("change",{selected:k}),F==null||F.dispatchEvent(new CustomEvent("change",{detail:k,bubbles:!0}))}function Z(Te){return s(Te)?J(Te):V(Te)}function G(){t(0,k=_()),P("change",{selected:k}),F==null||F.dispatchEvent(new CustomEvent("change",{detail:k,bubbles:!0}))}function de(){R!=null&&R.show&&(R==null||R.show())}function pe(){R!=null&&R.hide&&(R==null||R.hide())}function ae(){if(U.isEmpty(k)||U.isEmpty(c))return;let Te=U.toArray(k),nt=[];for(const zt of Te)U.inArray(c,zt)||nt.push(zt);if(nt.length){for(const zt of nt)U.removeByValue(Te,zt);t(0,k=d?Te:Te[0])}}function Ce(){t(17,z="")}function Ye(Te,nt){Te=Te||[];const zt=A||G8;return Te.filter(Ne=>zt(Ne,nt))||[]}function Ke(Te,nt){Te.preventDefault(),S&&d?Z(nt):V(nt)}function ct(Te,nt){(Te.code==="Enter"||Te.code==="Space")&&(Ke(Te,nt),$&&pe())}function et(){Ce(),setTimeout(()=>{const Te=F==null?void 0:F.querySelector(".dropdown-item.option.selected");Te&&(Te.focus(),Te.scrollIntoView({block:"nearest"}))},0)}function xe(Te){Te.stopPropagation(),!h&&!m&&(R==null||R.toggle())}an(()=>{const Te=document.querySelectorAll(`label[for="${r}"]`);for(const nt of Te)nt.addEventListener("click",xe);return()=>{for(const nt of Te)nt.removeEventListener("click",xe)}});const Be=Te=>J(Te);function ut(Te){ne[Te?"unshift":"push"](()=>{B=Te,t(20,B)})}function Bt(){z=this.value,t(17,z)}const Ue=(Te,nt)=>Ke(nt,Te),De=(Te,nt)=>ct(nt,Te);function ot(Te){ne[Te?"unshift":"push"](()=>{R=Te,t(18,R)})}function Ie(Te){Le.call(this,n,Te)}function We(Te){ne[Te?"unshift":"push"](()=>{F=Te,t(19,F)})}return n.$$set=Te=>{"id"in Te&&t(27,r=Te.id),"noOptionsText"in Te&&t(1,a=Te.noOptionsText),"selectPlaceholder"in Te&&t(2,u=Te.selectPlaceholder),"searchPlaceholder"in Te&&t(3,f=Te.searchPlaceholder),"items"in Te&&t(28,c=Te.items),"multiple"in Te&&t(4,d=Te.multiple),"disabled"in Te&&t(5,m=Te.disabled),"readonly"in Te&&t(6,h=Te.readonly),"upside"in Te&&t(7,g=Te.upside),"zeroFunc"in Te&&t(29,_=Te.zeroFunc),"selected"in Te&&t(0,k=Te.selected),"toggle"in Te&&t(8,S=Te.toggle),"closable"in Te&&t(9,$=Te.closable),"labelComponent"in Te&&t(10,T=Te.labelComponent),"labelComponentProps"in Te&&t(11,O=Te.labelComponentProps),"optionComponent"in Te&&t(12,E=Te.optionComponent),"optionComponentProps"in Te&&t(13,L=Te.optionComponentProps),"searchable"in Te&&t(14,I=Te.searchable),"searchFunc"in Te&&t(30,A=Te.searchFunc),"class"in Te&&t(15,N=Te.class),"$$scope"in Te&&t(45,o=Te.$$scope)},n.$$.update=()=>{n.$$.dirty[0]&268435456&&c&&(ae(),Ce()),n.$$.dirty[0]&268566528&&t(22,i=Ye(c,z)),n.$$.dirty[0]&1&&t(21,s=function(Te){const nt=U.toArray(k);return U.inArray(nt,Te)})},[k,a,u,f,d,m,h,g,S,$,T,O,E,L,I,N,J,z,R,F,B,s,i,Ce,Ke,ct,et,r,c,_,A,V,Z,G,de,pe,l,Be,ut,Bt,Ue,De,ot,Ie,We,o]}class ps extends we{constructor(e){super(),ve(this,e,X8,Z8,be,{id:27,noOptionsText:1,selectPlaceholder:2,searchPlaceholder:3,items:28,multiple:4,disabled:5,readonly:6,upside:7,zeroFunc:29,selected:0,toggle:8,closable:9,labelComponent:10,labelComponentProps:11,optionComponent:12,optionComponentProps:13,searchable:14,searchFunc:30,class:15,deselectItem:16,selectItem:31,toggleItem:32,reset:33,showDropdown:34,hideDropdown:35},null,[-1,-1])}get deselectItem(){return this.$$.ctx[16]}get selectItem(){return this.$$.ctx[31]}get toggleItem(){return this.$$.ctx[32]}get reset(){return this.$$.ctx[33]}get showDropdown(){return this.$$.ctx[34]}get hideDropdown(){return this.$$.ctx[35]}}function Q8(n){let e,t,i,s=[{type:"password"},{autocomplete:"new-password"},n[4]],l={};for(let o=0;o',i=C(),s=b("input"),p(t,"type","button"),p(t,"class","btn btn-transparent btn-circle"),p(e,"class","form-field-addon"),ii(s,a)},m(u,f){w(u,e,f),y(e,t),w(u,i,f),w(u,s,f),s.autofocus&&s.focus(),l||(o=[Oe(Re.call(null,t,{position:"left",text:"Set new value"})),Y(t,"click",it(n[3]))],l=!0)},p(u,f){ii(s,a=vt(r,[{disabled:!0},{type:"text"},{placeholder:"******"},f&16&&u[4]]))},d(u){u&&(v(e),v(i),v(s)),l=!1,Ee(o)}}}function eC(n){let e;function t(l,o){return l[1]?x8:Q8}let i=t(n),s=i(n);return{c(){s.c(),e=ke()},m(l,o){s.m(l,o),w(l,e,o)},p(l,[o]){i===(i=t(l))&&s?s.p(l,o):(s.d(1),s=i(l),s&&(s.c(),s.m(e.parentNode,e)))},i:te,o:te,d(l){l&&v(e),s.d(l)}}}function tC(n,e,t){const i=["value","mask"];let s=lt(e,i),{value:l=void 0}=e,{mask:o=!1}=e,r;async function a(){t(0,l=""),t(1,o=!1),await _n(),r==null||r.focus()}function u(c){ne[c?"unshift":"push"](()=>{r=c,t(2,r)})}function f(){l=this.value,t(0,l)}return n.$$set=c=>{e=je(je({},e),Kt(c)),t(4,s=lt(e,i)),"value"in c&&t(0,l=c.value),"mask"in c&&t(1,o=c.mask)},[l,o,r,a,s,u,f]}class nf extends we{constructor(e){super(),ve(this,e,tC,eC,be,{value:0,mask:1})}}function nC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Client ID"),s=C(),l=b("input"),p(e,"for",i=n[23]),p(l,"type","text"),p(l,"id",o=n[23])},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[1].clientId),r||(a=Y(l,"input",n[14]),r=!0)},p(u,f){f&8388608&&i!==(i=u[23])&&p(e,"for",i),f&8388608&&o!==(o=u[23])&&p(l,"id",o),f&2&&l.value!==u[1].clientId&&me(l,u[1].clientId)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function iC(n){let e,t,i,s,l,o,r,a;function u(d){n[15](d)}function f(d){n[16](d)}let c={id:n[23]};return n[5]!==void 0&&(c.mask=n[5]),n[1].clientSecret!==void 0&&(c.value=n[1].clientSecret),l=new nf({props:c}),ne.push(()=>ge(l,"mask",u)),ne.push(()=>ge(l,"value",f)),{c(){e=b("label"),t=W("Client secret"),s=C(),H(l.$$.fragment),p(e,"for",i=n[23])},m(d,m){w(d,e,m),y(e,t),w(d,s,m),q(l,d,m),a=!0},p(d,m){(!a||m&8388608&&i!==(i=d[23]))&&p(e,"for",i);const h={};m&8388608&&(h.id=d[23]),!o&&m&32&&(o=!0,h.mask=d[5],$e(()=>o=!1)),!r&&m&2&&(r=!0,h.value=d[1].clientSecret,$e(()=>r=!1)),l.$set(h)},i(d){a||(M(l.$$.fragment,d),a=!0)},o(d){D(l.$$.fragment,d),a=!1},d(d){d&&(v(e),v(s)),j(l,d)}}}function lm(n){let e,t,i,s;const l=[{key:n[6]},n[3].optionsComponentProps||{}];function o(u){n[17](u)}var r=n[3].optionsComponent;function a(u,f){let c={};for(let d=0;dge(t,"config",o))),{c(){e=b("div"),t&&H(t.$$.fragment),p(e,"class","col-lg-12")},m(u,f){w(u,e,f),t&&q(t,e,null),s=!0},p(u,f){if(f&8&&r!==(r=u[3].optionsComponent)){if(t){oe();const c=t;D(c.$$.fragment,1,0,()=>{j(c,1)}),re()}r?(t=Ht(r,a(u,f)),ne.push(()=>ge(t,"config",o)),H(t.$$.fragment),M(t.$$.fragment,1),q(t,e,null)):t=null}else if(r){const c=f&72?vt(l,[f&64&&{key:u[6]},f&8&&At(u[3].optionsComponentProps||{})]):{};!i&&f&2&&(i=!0,c.config=u[1],$e(()=>i=!1)),t.$set(c)}},i(u){s||(t&&M(t.$$.fragment,u),s=!0)},o(u){t&&D(t.$$.fragment,u),s=!1},d(u){u&&v(e),t&&j(t)}}}function lC(n){let e,t,i,s,l,o,r,a;t=new fe({props:{class:"form-field required",name:n[6]+".clientId",$$slots:{default:[nC,({uniqueId:f})=>({23:f}),({uniqueId:f})=>f?8388608:0]},$$scope:{ctx:n}}}),s=new fe({props:{class:"form-field required",name:n[6]+".clientSecret",$$slots:{default:[iC,({uniqueId:f})=>({23:f}),({uniqueId:f})=>f?8388608:0]},$$scope:{ctx:n}}});let u=n[3].optionsComponent&&lm(n);return{c(){e=b("form"),H(t.$$.fragment),i=C(),H(s.$$.fragment),l=C(),u&&u.c(),p(e,"id",n[8]),p(e,"autocomplete","off")},m(f,c){w(f,e,c),q(t,e,null),y(e,i),q(s,e,null),y(e,l),u&&u.m(e,null),o=!0,r||(a=Y(e,"submit",it(n[18])),r=!0)},p(f,c){const d={};c&64&&(d.name=f[6]+".clientId"),c&25165826&&(d.$$scope={dirty:c,ctx:f}),t.$set(d);const m={};c&64&&(m.name=f[6]+".clientSecret"),c&25165858&&(m.$$scope={dirty:c,ctx:f}),s.$set(m),f[3].optionsComponent?u?(u.p(f,c),c&8&&M(u,1)):(u=lm(f),u.c(),M(u,1),u.m(e,null)):u&&(oe(),D(u,1,1,()=>{u=null}),re())},i(f){o||(M(t.$$.fragment,f),M(s.$$.fragment,f),M(u),o=!0)},o(f){D(t.$$.fragment,f),D(s.$$.fragment,f),D(u),o=!1},d(f){f&&v(e),j(t),j(s),u&&u.d(),r=!1,a()}}}function sC(n){let e;return{c(){e=b("i"),p(e,"class","ri-puzzle-line txt-sm txt-hint")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function oC(n){let e,t,i;return{c(){e=b("img"),Sn(e.src,t="./images/oauth2/"+n[3].logo)||p(e,"src",t),p(e,"alt",i=n[3].title+" logo")},m(s,l){w(s,e,l)},p(s,l){l&8&&!Sn(e.src,t="./images/oauth2/"+s[3].logo)&&p(e,"src",t),l&8&&i!==(i=s[3].title+" logo")&&p(e,"alt",i)},d(s){s&&v(e)}}}function rC(n){let e,t,i,s=n[3].title+"",l,o,r,a,u=n[3].key+"",f,c;function d(g,_){return g[3].logo?oC:sC}let m=d(n),h=m(n);return{c(){e=b("figure"),h.c(),t=C(),i=b("h4"),l=W(s),o=C(),r=b("small"),a=W("("),f=W(u),c=W(")"),p(e,"class","provider-logo"),p(r,"class","txt-hint"),p(i,"class","center txt-break")},m(g,_){w(g,e,_),h.m(e,null),w(g,t,_),w(g,i,_),y(i,l),y(i,o),y(i,r),y(r,a),y(r,f),y(r,c)},p(g,_){m===(m=d(g))&&h?h.p(g,_):(h.d(1),h=m(g),h&&(h.c(),h.m(e,null))),_&8&&s!==(s=g[3].title+"")&&se(l,s),_&8&&u!==(u=g[3].key+"")&&se(f,u)},d(g){g&&(v(e),v(t),v(i)),h.d()}}}function sm(n){let e,t,i,s,l;return{c(){e=b("button"),e.innerHTML='',t=C(),i=b("div"),p(e,"type","button"),p(e,"class","btn btn-transparent btn-circle btn-hint btn-sm"),p(e,"aria-label","Remove provider"),p(i,"class","flex-fill")},m(o,r){w(o,e,r),w(o,t,r),w(o,i,r),s||(l=[Oe(Re.call(null,e,{text:"Remove provider",position:"right"})),Y(e,"click",n[10])],s=!0)},p:te,d(o){o&&(v(e),v(t),v(i)),s=!1,Ee(l)}}}function aC(n){let e,t,i,s,l,o,r,a,u=!n[4]&&sm(n);return{c(){u&&u.c(),e=C(),t=b("button"),t.textContent="Cancel",i=C(),s=b("button"),l=b("span"),l.textContent="Set provider config",p(t,"type","button"),p(t,"class","btn btn-transparent"),p(l,"class","txt"),p(s,"type","submit"),p(s,"form",n[8]),p(s,"class","btn btn-expanded"),s.disabled=o=!n[7]},m(f,c){u&&u.m(f,c),w(f,e,c),w(f,t,c),w(f,i,c),w(f,s,c),y(s,l),r||(a=Y(t,"click",n[0]),r=!0)},p(f,c){f[4]?u&&(u.d(1),u=null):u?u.p(f,c):(u=sm(f),u.c(),u.m(e.parentNode,e)),c&128&&o!==(o=!f[7])&&(s.disabled=o)},d(f){f&&(v(e),v(t),v(i),v(s)),u&&u.d(f),r=!1,a()}}}function uC(n){let e,t,i={btnClose:!1,$$slots:{footer:[aC],header:[rC],default:[lC]},$$scope:{ctx:n}};return e=new nn({props:i}),n[19](e),e.$on("show",n[20]),e.$on("hide",n[21]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,[l]){const o={};l&16777466&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[19](null),j(e,s)}}}function fC(n,e,t){let i,s;const l=wt(),o="provider_popup_"+U.randomString(5);let r,a={},u={},f=!1,c="",d=!1,m=0;function h(P,N,R){t(13,m=R||0),t(4,f=U.isEmpty(N)),t(3,a=Object.assign({},P)),t(1,u=Object.assign({},N)),t(5,d=!!u.clientId),t(12,c=JSON.stringify(u)),r==null||r.show()}function g(){Yn(s),r==null||r.hide()}async function _(){l("submit",{uiOptions:a,config:u}),g()}async function k(){vn(`Do you really want to remove the "${a.title}" OAuth2 provider from the collection?`,()=>{l("remove",{uiOptions:a}),g()})}function S(){u.clientId=this.value,t(1,u)}function $(P){d=P,t(5,d)}function T(P){n.$$.not_equal(u.clientSecret,P)&&(u.clientSecret=P,t(1,u))}function O(P){u=P,t(1,u)}const E=()=>_();function L(P){ne[P?"unshift":"push"](()=>{r=P,t(2,r)})}function I(P){Le.call(this,n,P)}function A(P){Le.call(this,n,P)}return n.$$.update=()=>{n.$$.dirty&4098&&t(7,i=JSON.stringify(u)!=c),n.$$.dirty&8192&&t(6,s="oauth2.providers."+m)},[g,u,r,a,f,d,s,i,o,_,k,h,c,m,S,$,T,O,E,L,I,A]}class cC extends we{constructor(e){super(),ve(this,e,fC,uC,be,{show:11,hide:0})}get show(){return this.$$.ctx[11]}get hide(){return this.$$.ctx[0]}}function dC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Client ID"),s=C(),l=b("input"),p(e,"for",i=n[23]),p(l,"type","text"),p(l,"id",o=n[23]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[2]),r||(a=Y(l,"input",n[12]),r=!0)},p(u,f){f&8388608&&i!==(i=u[23])&&p(e,"for",i),f&8388608&&o!==(o=u[23])&&p(l,"id",o),f&4&&l.value!==u[2]&&me(l,u[2])},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function pC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Team ID"),s=C(),l=b("input"),p(e,"for",i=n[23]),p(l,"type","text"),p(l,"id",o=n[23]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[3]),r||(a=Y(l,"input",n[13]),r=!0)},p(u,f){f&8388608&&i!==(i=u[23])&&p(e,"for",i),f&8388608&&o!==(o=u[23])&&p(l,"id",o),f&8&&l.value!==u[3]&&me(l,u[3])},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function mC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Key ID"),s=C(),l=b("input"),p(e,"for",i=n[23]),p(l,"type","text"),p(l,"id",o=n[23]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[4]),r||(a=Y(l,"input",n[14]),r=!0)},p(u,f){f&8388608&&i!==(i=u[23])&&p(e,"for",i),f&8388608&&o!==(o=u[23])&&p(l,"id",o),f&16&&l.value!==u[4]&&me(l,u[4])},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function hC(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=b("span"),t.textContent="Duration (in seconds)",i=C(),s=b("i"),o=C(),r=b("input"),p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[23]),p(r,"type","number"),p(r,"id",a=n[23]),p(r,"max",lr),r.required=!0},m(c,d){w(c,e,d),y(e,t),y(e,i),y(e,s),w(c,o,d),w(c,r,d),me(r,n[6]),u||(f=[Oe(Re.call(null,s,{text:`Max ${lr} seconds (~${lr/(60*60*24*30)<<0} months).`,position:"top"})),Y(r,"input",n[15])],u=!0)},p(c,d){d&8388608&&l!==(l=c[23])&&p(e,"for",l),d&8388608&&a!==(a=c[23])&&p(r,"id",a),d&64&&mt(r.value)!==c[6]&&me(r,c[6])},d(c){c&&(v(e),v(o),v(r)),u=!1,Ee(f)}}}function _C(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Private key"),s=C(),l=b("textarea"),r=C(),a=b("div"),a.textContent="The key is not stored on the server and it is used only for generating the signed JWT.",p(e,"for",i=n[23]),p(l,"id",o=n[23]),l.required=!0,p(l,"rows","8"),p(l,"placeholder",`-----BEGIN PRIVATE KEY----- +... +-----END PRIVATE KEY-----`),p(a,"class","help-block")},m(c,d){w(c,e,d),y(e,t),w(c,s,d),w(c,l,d),me(l,n[5]),w(c,r,d),w(c,a,d),u||(f=Y(l,"input",n[16]),u=!0)},p(c,d){d&8388608&&i!==(i=c[23])&&p(e,"for",i),d&8388608&&o!==(o=c[23])&&p(l,"id",o),d&32&&me(l,c[5])},d(c){c&&(v(e),v(s),v(l),v(r),v(a)),u=!1,f()}}}function gC(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S;return s=new fe({props:{class:"form-field required",name:"clientId",$$slots:{default:[dC,({uniqueId:$})=>({23:$}),({uniqueId:$})=>$?8388608:0]},$$scope:{ctx:n}}}),r=new fe({props:{class:"form-field required",name:"teamId",$$slots:{default:[pC,({uniqueId:$})=>({23:$}),({uniqueId:$})=>$?8388608:0]},$$scope:{ctx:n}}}),f=new fe({props:{class:"form-field required",name:"keyId",$$slots:{default:[mC,({uniqueId:$})=>({23:$}),({uniqueId:$})=>$?8388608:0]},$$scope:{ctx:n}}}),m=new fe({props:{class:"form-field required",name:"duration",$$slots:{default:[hC,({uniqueId:$})=>({23:$}),({uniqueId:$})=>$?8388608:0]},$$scope:{ctx:n}}}),g=new fe({props:{class:"form-field required",name:"privateKey",$$slots:{default:[_C,({uniqueId:$})=>({23:$}),({uniqueId:$})=>$?8388608:0]},$$scope:{ctx:n}}}),{c(){e=b("form"),t=b("div"),i=b("div"),H(s.$$.fragment),l=C(),o=b("div"),H(r.$$.fragment),a=C(),u=b("div"),H(f.$$.fragment),c=C(),d=b("div"),H(m.$$.fragment),h=C(),H(g.$$.fragment),p(i,"class","col-lg-6"),p(o,"class","col-lg-6"),p(u,"class","col-lg-6"),p(d,"class","col-lg-6"),p(t,"class","grid"),p(e,"id",n[9]),p(e,"autocomplete","off")},m($,T){w($,e,T),y(e,t),y(t,i),q(s,i,null),y(t,l),y(t,o),q(r,o,null),y(t,a),y(t,u),q(f,u,null),y(t,c),y(t,d),q(m,d,null),y(t,h),q(g,t,null),_=!0,k||(S=Y(e,"submit",it(n[17])),k=!0)},p($,T){const O={};T&25165828&&(O.$$scope={dirty:T,ctx:$}),s.$set(O);const E={};T&25165832&&(E.$$scope={dirty:T,ctx:$}),r.$set(E);const L={};T&25165840&&(L.$$scope={dirty:T,ctx:$}),f.$set(L);const I={};T&25165888&&(I.$$scope={dirty:T,ctx:$}),m.$set(I);const A={};T&25165856&&(A.$$scope={dirty:T,ctx:$}),g.$set(A)},i($){_||(M(s.$$.fragment,$),M(r.$$.fragment,$),M(f.$$.fragment,$),M(m.$$.fragment,$),M(g.$$.fragment,$),_=!0)},o($){D(s.$$.fragment,$),D(r.$$.fragment,$),D(f.$$.fragment,$),D(m.$$.fragment,$),D(g.$$.fragment,$),_=!1},d($){$&&v(e),j(s),j(r),j(f),j(m),j(g),k=!1,S()}}}function bC(n){let e;return{c(){e=b("h4"),e.textContent="Generate Apple client secret",p(e,"class","center txt-break")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function kC(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("button"),t=W("Close"),i=C(),s=b("button"),l=b("i"),o=C(),r=b("span"),r.textContent="Generate and set secret",p(e,"type","button"),p(e,"class","btn btn-transparent"),e.disabled=n[7],p(l,"class","ri-key-line"),p(r,"class","txt"),p(s,"type","submit"),p(s,"form",n[9]),p(s,"class","btn btn-expanded"),s.disabled=a=!n[8]||n[7],x(s,"btn-loading",n[7])},m(c,d){w(c,e,d),y(e,t),w(c,i,d),w(c,s,d),y(s,l),y(s,o),y(s,r),u||(f=Y(e,"click",n[0]),u=!0)},p(c,d){d&128&&(e.disabled=c[7]),d&384&&a!==(a=!c[8]||c[7])&&(s.disabled=a),d&128&&x(s,"btn-loading",c[7])},d(c){c&&(v(e),v(i),v(s)),u=!1,f()}}}function yC(n){let e,t,i={overlayClose:!n[7],escClose:!n[7],beforeHide:n[18],popup:!0,$$slots:{footer:[kC],header:[bC],default:[gC]},$$scope:{ctx:n}};return e=new nn({props:i}),n[19](e),e.$on("show",n[20]),e.$on("hide",n[21]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,[l]){const o={};l&128&&(o.overlayClose=!s[7]),l&128&&(o.escClose=!s[7]),l&128&&(o.beforeHide=s[18]),l&16777724&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[19](null),j(e,s)}}}const lr=15777e3;function vC(n,e,t){let i;const s=wt(),l="apple_secret_"+U.randomString(5);let o,r,a,u,f,c,d=!1;function m(P={}){t(2,r=P.clientId||""),t(3,a=P.teamId||""),t(4,u=P.keyId||""),t(5,f=P.privateKey||""),t(6,c=P.duration||lr),Jt({}),o==null||o.show()}function h(){return o==null?void 0:o.hide()}async function g(){t(7,d=!0);try{const P=await _e.settings.generateAppleClientSecret(r,a,u,f.trim(),c);t(7,d=!1),tn("Successfully generated client secret."),s("submit",P),o==null||o.hide()}catch(P){_e.error(P)}t(7,d=!1)}function _(){r=this.value,t(2,r)}function k(){a=this.value,t(3,a)}function S(){u=this.value,t(4,u)}function $(){c=mt(this.value),t(6,c)}function T(){f=this.value,t(5,f)}const O=()=>g(),E=()=>!d;function L(P){ne[P?"unshift":"push"](()=>{o=P,t(1,o)})}function I(P){Le.call(this,n,P)}function A(P){Le.call(this,n,P)}return t(8,i=!0),[h,o,r,a,u,f,c,d,i,l,g,m,_,k,S,$,T,O,E,L,I,A]}class wC extends we{constructor(e){super(),ve(this,e,vC,yC,be,{show:11,hide:0})}get show(){return this.$$.ctx[11]}get hide(){return this.$$.ctx[0]}}function SC(n){let e,t,i,s,l,o,r,a,u,f,c={};return r=new wC({props:c}),n[4](r),r.$on("submit",n[5]),{c(){e=b("button"),t=b("i"),i=C(),s=b("span"),s.textContent="Generate secret",o=C(),H(r.$$.fragment),p(t,"class","ri-key-line"),p(s,"class","txt"),p(e,"type","button"),p(e,"class",l="btn btn-sm btn-secondary btn-provider-"+n[1])},m(d,m){w(d,e,m),y(e,t),y(e,i),y(e,s),w(d,o,m),q(r,d,m),a=!0,u||(f=Y(e,"click",n[3]),u=!0)},p(d,[m]){(!a||m&2&&l!==(l="btn btn-sm btn-secondary btn-provider-"+d[1]))&&p(e,"class",l);const h={};r.$set(h)},i(d){a||(M(r.$$.fragment,d),a=!0)},o(d){D(r.$$.fragment,d),a=!1},d(d){d&&(v(e),v(o)),n[4](null),j(r,d),u=!1,f()}}}function TC(n,e,t){let{key:i=""}=e,{config:s={}}=e,l;const o=()=>l==null?void 0:l.show({clientId:s.clientId});function r(u){ne[u?"unshift":"push"](()=>{l=u,t(2,l)})}const a=u=>{var f;t(0,s.clientSecret=((f=u.detail)==null?void 0:f.secret)||"",s)};return n.$$set=u=>{"key"in u&&t(1,i=u.key),"config"in u&&t(0,s=u.config)},[s,i,l,o,r,a]}class $C extends we{constructor(e){super(),ve(this,e,TC,SC,be,{key:1,config:0})}}function CC(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Auth URL"),s=C(),l=b("input"),r=C(),a=b("div"),a.textContent="Ex. https://login.microsoftonline.com/YOUR_DIRECTORY_TENANT_ID/oauth2/v2.0/authorize",p(e,"for",i=n[4]),p(l,"type","url"),p(l,"id",o=n[4]),l.required=!0,p(a,"class","help-block")},m(c,d){w(c,e,d),y(e,t),w(c,s,d),w(c,l,d),me(l,n[0].authURL),w(c,r,d),w(c,a,d),u||(f=Y(l,"input",n[2]),u=!0)},p(c,d){d&16&&i!==(i=c[4])&&p(e,"for",i),d&16&&o!==(o=c[4])&&p(l,"id",o),d&1&&l.value!==c[0].authURL&&me(l,c[0].authURL)},d(c){c&&(v(e),v(s),v(l),v(r),v(a)),u=!1,f()}}}function OC(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Token URL"),s=C(),l=b("input"),r=C(),a=b("div"),a.textContent="Ex. https://login.microsoftonline.com/YOUR_DIRECTORY_TENANT_ID/oauth2/v2.0/token",p(e,"for",i=n[4]),p(l,"type","url"),p(l,"id",o=n[4]),l.required=!0,p(a,"class","help-block")},m(c,d){w(c,e,d),y(e,t),w(c,s,d),w(c,l,d),me(l,n[0].tokenURL),w(c,r,d),w(c,a,d),u||(f=Y(l,"input",n[3]),u=!0)},p(c,d){d&16&&i!==(i=c[4])&&p(e,"for",i),d&16&&o!==(o=c[4])&&p(l,"id",o),d&1&&l.value!==c[0].tokenURL&&me(l,c[0].tokenURL)},d(c){c&&(v(e),v(s),v(l),v(r),v(a)),u=!1,f()}}}function MC(n){let e,t,i,s,l,o;return i=new fe({props:{class:"form-field required",name:n[1]+".authURL",$$slots:{default:[CC,({uniqueId:r})=>({4:r}),({uniqueId:r})=>r?16:0]},$$scope:{ctx:n}}}),l=new fe({props:{class:"form-field required",name:n[1]+".tokenURL",$$slots:{default:[OC,({uniqueId:r})=>({4:r}),({uniqueId:r})=>r?16:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),e.textContent="Azure AD endpoints",t=C(),H(i.$$.fragment),s=C(),H(l.$$.fragment),p(e,"class","section-title")},m(r,a){w(r,e,a),w(r,t,a),q(i,r,a),w(r,s,a),q(l,r,a),o=!0},p(r,[a]){const u={};a&2&&(u.name=r[1]+".authURL"),a&49&&(u.$$scope={dirty:a,ctx:r}),i.$set(u);const f={};a&2&&(f.name=r[1]+".tokenURL"),a&49&&(f.$$scope={dirty:a,ctx:r}),l.$set(f)},i(r){o||(M(i.$$.fragment,r),M(l.$$.fragment,r),o=!0)},o(r){D(i.$$.fragment,r),D(l.$$.fragment,r),o=!1},d(r){r&&(v(e),v(t),v(s)),j(i,r),j(l,r)}}}function EC(n,e,t){let{key:i=""}=e,{config:s={}}=e;function l(){s.authURL=this.value,t(0,s)}function o(){s.tokenURL=this.value,t(0,s)}return n.$$set=r=>{"key"in r&&t(1,i=r.key),"config"in r&&t(0,s=r.config)},[s,i,l,o]}class DC extends we{constructor(e){super(),ve(this,e,EC,MC,be,{key:1,config:0})}}function om(n){let e,t;return{c(){e=b("i"),p(e,"class",t="icon "+n[0].icon)},m(i,s){w(i,e,s)},p(i,s){s&1&&t!==(t="icon "+i[0].icon)&&p(e,"class",t)},d(i){i&&v(e)}}}function IC(n){let e,t,i=(n[0].label||n[0].name||n[0].title||n[0].id||n[0].value)+"",s,l=n[0].icon&&om(n);return{c(){l&&l.c(),e=C(),t=b("span"),s=W(i),p(t,"class","txt")},m(o,r){l&&l.m(o,r),w(o,e,r),w(o,t,r),y(t,s)},p(o,[r]){o[0].icon?l?l.p(o,r):(l=om(o),l.c(),l.m(e.parentNode,e)):l&&(l.d(1),l=null),r&1&&i!==(i=(o[0].label||o[0].name||o[0].title||o[0].id||o[0].value)+"")&&se(s,i)},i:te,o:te,d(o){o&&(v(e),v(t)),l&&l.d(o)}}}function LC(n,e,t){let{item:i={}}=e;return n.$$set=s=>{"item"in s&&t(0,i=s.item)},[i]}class rm extends we{constructor(e){super(),ve(this,e,LC,IC,be,{item:0})}}const AC=n=>({}),am=n=>({});function PC(n){let e;const t=n[8].afterOptions,i=Nt(t,n,n[13],am);return{c(){i&&i.c()},m(s,l){i&&i.m(s,l),e=!0},p(s,l){i&&i.p&&(!e||l&8192)&&Ft(i,t,s,s[13],e?Rt(t,s[13],l,AC):qt(s[13]),am)},i(s){e||(M(i,s),e=!0)},o(s){D(i,s),e=!1},d(s){i&&i.d(s)}}}function NC(n){let e,t,i;const s=[{items:n[1]},{multiple:n[2]},{labelComponent:n[3]},{optionComponent:n[4]},n[5]];function l(r){n[9](r)}let o={$$slots:{afterOptions:[PC]},$$scope:{ctx:n}};for(let r=0;rge(e,"selected",l)),e.$on("show",n[10]),e.$on("hide",n[11]),e.$on("change",n[12]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&62?vt(s,[a&2&&{items:r[1]},a&4&&{multiple:r[2]},a&8&&{labelComponent:r[3]},a&16&&{optionComponent:r[4]},a&32&&At(r[5])]):{};a&8192&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.selected=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function RC(n,e,t){const i=["items","multiple","selected","labelComponent","optionComponent","selectionKey","keyOfSelected"];let s=lt(e,i),{$$slots:l={},$$scope:o}=e,{items:r=[]}=e,{multiple:a=!1}=e,{selected:u=a?[]:void 0}=e,{labelComponent:f=rm}=e,{optionComponent:c=rm}=e,{selectionKey:d="value"}=e,{keyOfSelected:m=a?[]:void 0}=e,h=JSON.stringify(m);function g(O){O=U.toArray(O,!0);let E=[];for(let L of O){const I=U.findByKey(r,d,L);I&&E.push(I)}O.length&&!E.length||t(0,u=a?E:E[0])}async function _(O){if(!r.length)return;let E=U.toArray(O,!0).map(I=>I[d]),L=a?E:E[0];JSON.stringify(L)!=h&&(t(6,m=L),h=JSON.stringify(m))}function k(O){u=O,t(0,u)}function S(O){Le.call(this,n,O)}function $(O){Le.call(this,n,O)}function T(O){Le.call(this,n,O)}return n.$$set=O=>{e=je(je({},e),Kt(O)),t(5,s=lt(e,i)),"items"in O&&t(1,r=O.items),"multiple"in O&&t(2,a=O.multiple),"selected"in O&&t(0,u=O.selected),"labelComponent"in O&&t(3,f=O.labelComponent),"optionComponent"in O&&t(4,c=O.optionComponent),"selectionKey"in O&&t(7,d=O.selectionKey),"keyOfSelected"in O&&t(6,m=O.keyOfSelected),"$$scope"in O&&t(13,o=O.$$scope)},n.$$.update=()=>{n.$$.dirty&66&&r&&g(m),n.$$.dirty&1&&_(u)},[u,r,a,f,c,s,m,d,l,k,S,$,T,o]}class Ln extends we{constructor(e){super(),ve(this,e,RC,NC,be,{items:1,multiple:2,selected:0,labelComponent:3,optionComponent:4,selectionKey:7,keyOfSelected:6})}}function FC(n){let e,t,i,s,l=[{type:t=n[5].type||"text"},{value:n[4]},{disabled:n[3]},{readOnly:n[2]},n[5]],o={};for(let r=0;r{t(0,o=U.splitNonEmpty(c.target.value,r))};return n.$$set=c=>{e=je(je({},e),Kt(c)),t(5,l=lt(e,s)),"value"in c&&t(0,o=c.value),"separator"in c&&t(1,r=c.separator),"readonly"in c&&t(2,a=c.readonly),"disabled"in c&&t(3,u=c.disabled)},n.$$.update=()=>{n.$$.dirty&3&&t(4,i=U.joinNonEmpty(o,r+" "))},[o,r,a,u,i,l,f]}class ho extends we{constructor(e){super(),ve(this,e,qC,FC,be,{value:0,separator:1,readonly:2,disabled:3})}}function jC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Display name"),s=C(),l=b("input"),p(e,"for",i=n[13]),p(l,"type","text"),p(l,"id",o=n[13]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].displayName),r||(a=Y(l,"input",n[4]),r=!0)},p(u,f){f&8192&&i!==(i=u[13])&&p(e,"for",i),f&8192&&o!==(o=u[13])&&p(l,"id",o),f&1&&l.value!==u[0].displayName&&me(l,u[0].displayName)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function HC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Auth URL"),s=C(),l=b("input"),p(e,"for",i=n[13]),p(l,"type","url"),p(l,"id",o=n[13]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].authURL),r||(a=Y(l,"input",n[5]),r=!0)},p(u,f){f&8192&&i!==(i=u[13])&&p(e,"for",i),f&8192&&o!==(o=u[13])&&p(l,"id",o),f&1&&l.value!==u[0].authURL&&me(l,u[0].authURL)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function zC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Token URL"),s=C(),l=b("input"),p(e,"for",i=n[13]),p(l,"type","url"),p(l,"id",o=n[13]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].tokenURL),r||(a=Y(l,"input",n[6]),r=!0)},p(u,f){f&8192&&i!==(i=u[13])&&p(e,"for",i),f&8192&&o!==(o=u[13])&&p(l,"id",o),f&1&&l.value!==u[0].tokenURL&&me(l,u[0].tokenURL)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function UC(n){let e,t,i,s,l,o,r;function a(f){n[7](f)}let u={id:n[13],items:n[3]};return n[2]!==void 0&&(u.keyOfSelected=n[2]),l=new Ln({props:u}),ne.push(()=>ge(l,"keyOfSelected",a)),{c(){e=b("label"),t=W("Fetch user info from"),s=C(),H(l.$$.fragment),p(e,"for",i=n[13])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c&8192&&i!==(i=f[13]))&&p(e,"for",i);const d={};c&8192&&(d.id=f[13]),!o&&c&4&&(o=!0,d.keyOfSelected=f[2],$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function VC(n){let e,t,i,s,l,o,r,a;return s=new fe({props:{class:"form-field m-b-xs",name:n[1]+".extra.jwksURL",$$slots:{default:[WC,({uniqueId:u})=>({13:u}),({uniqueId:u})=>u?8192:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field",name:n[1]+".extra.issuers",$$slots:{default:[YC,({uniqueId:u})=>({13:u}),({uniqueId:u})=>u?8192:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("p"),t.innerHTML=`Both fields are considered optional because the parsed id_token + is a direct result of the trusted server code->token exchange response.`,i=C(),H(s.$$.fragment),l=C(),H(o.$$.fragment),p(t,"class","txt-hint txt-sm m-b-xs"),p(e,"class","content")},m(u,f){w(u,e,f),y(e,t),y(e,i),q(s,e,null),y(e,l),q(o,e,null),a=!0},p(u,f){const c={};f&2&&(c.name=u[1]+".extra.jwksURL"),f&24577&&(c.$$scope={dirty:f,ctx:u}),s.$set(c);const d={};f&2&&(d.name=u[1]+".extra.issuers"),f&24577&&(d.$$scope={dirty:f,ctx:u}),o.$set(d)},i(u){a||(M(s.$$.fragment,u),M(o.$$.fragment,u),u&&tt(()=>{a&&(r||(r=qe(e,ht,{delay:10,duration:150},!0)),r.run(1))}),a=!0)},o(u){D(s.$$.fragment,u),D(o.$$.fragment,u),u&&(r||(r=qe(e,ht,{delay:10,duration:150},!1)),r.run(0)),a=!1},d(u){u&&v(e),j(s),j(o),u&&r&&r.end()}}}function BC(n){let e,t,i,s;return t=new fe({props:{class:"form-field required",name:n[1]+".userInfoURL",$$slots:{default:[KC,({uniqueId:l})=>({13:l}),({uniqueId:l})=>l?8192:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),H(t.$$.fragment),p(e,"class","content")},m(l,o){w(l,e,o),q(t,e,null),s=!0},p(l,o){const r={};o&2&&(r.name=l[1]+".userInfoURL"),o&24577&&(r.$$scope={dirty:o,ctx:l}),t.$set(r)},i(l){s||(M(t.$$.fragment,l),l&&tt(()=>{s&&(i||(i=qe(e,ht,{delay:10,duration:150},!0)),i.run(1))}),s=!0)},o(l){D(t.$$.fragment,l),l&&(i||(i=qe(e,ht,{delay:10,duration:150},!1)),i.run(0)),s=!1},d(l){l&&v(e),j(t),l&&i&&i.end()}}}function WC(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=b("span"),t.textContent="JWKS verification URL",i=C(),s=b("i"),o=C(),r=b("input"),p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[13]),p(r,"type","url"),p(r,"id",a=n[13])},m(c,d){w(c,e,d),y(e,t),y(e,i),y(e,s),w(c,o,d),w(c,r,d),me(r,n[0].extra.jwksURL),u||(f=[Oe(Re.call(null,s,{text:"URL to the public token verification keys.",position:"top"})),Y(r,"input",n[9])],u=!0)},p(c,d){d&8192&&l!==(l=c[13])&&p(e,"for",l),d&8192&&a!==(a=c[13])&&p(r,"id",a),d&1&&r.value!==c[0].extra.jwksURL&&me(r,c[0].extra.jwksURL)},d(c){c&&(v(e),v(o),v(r)),u=!1,Ee(f)}}}function YC(n){let e,t,i,s,l,o,r,a,u,f,c;function d(h){n[10](h)}let m={id:n[13]};return n[0].extra.issuers!==void 0&&(m.value=n[0].extra.issuers),r=new ho({props:m}),ne.push(()=>ge(r,"value",d)),{c(){e=b("label"),t=b("span"),t.textContent="Issuers",i=C(),s=b("i"),o=C(),H(r.$$.fragment),p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[13])},m(h,g){w(h,e,g),y(e,t),y(e,i),y(e,s),w(h,o,g),q(r,h,g),u=!0,f||(c=Oe(Re.call(null,s,{text:"Comma separated list of accepted values for the iss token claim validation.",position:"top"})),f=!0)},p(h,g){(!u||g&8192&&l!==(l=h[13]))&&p(e,"for",l);const _={};g&8192&&(_.id=h[13]),!a&&g&1&&(a=!0,_.value=h[0].extra.issuers,$e(()=>a=!1)),r.$set(_)},i(h){u||(M(r.$$.fragment,h),u=!0)},o(h){D(r.$$.fragment,h),u=!1},d(h){h&&(v(e),v(o)),j(r,h),f=!1,c()}}}function KC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("User info URL"),s=C(),l=b("input"),p(e,"for",i=n[13]),p(l,"type","url"),p(l,"id",o=n[13]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].userInfoURL),r||(a=Y(l,"input",n[8]),r=!0)},p(u,f){f&8192&&i!==(i=u[13])&&p(e,"for",i),f&8192&&o!==(o=u[13])&&p(l,"id",o),f&1&&l.value!==u[0].userInfoURL&&me(l,u[0].userInfoURL)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function JC(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),l.textContent="Support PKCE",o=C(),r=b("i"),p(e,"type","checkbox"),p(e,"id",t=n[13]),p(l,"class","txt"),p(r,"class","ri-information-line link-hint"),p(s,"for",a=n[13])},m(c,d){w(c,e,d),e.checked=n[0].pkce,w(c,i,d),w(c,s,d),y(s,l),y(s,o),y(s,r),u||(f=[Y(e,"change",n[11]),Oe(Re.call(null,r,{text:"Usually it should be safe to be always enabled as most providers will just ignore the extra query parameters if they don't support PKCE.",position:"right"}))],u=!0)},p(c,d){d&8192&&t!==(t=c[13])&&p(e,"id",t),d&1&&(e.checked=c[0].pkce),d&8192&&a!==(a=c[13])&&p(s,"for",a)},d(c){c&&(v(e),v(i),v(s)),u=!1,Ee(f)}}}function ZC(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_;e=new fe({props:{class:"form-field required",name:n[1]+".displayName",$$slots:{default:[jC,({uniqueId:T})=>({13:T}),({uniqueId:T})=>T?8192:0]},$$scope:{ctx:n}}}),l=new fe({props:{class:"form-field required",name:n[1]+".authURL",$$slots:{default:[HC,({uniqueId:T})=>({13:T}),({uniqueId:T})=>T?8192:0]},$$scope:{ctx:n}}}),r=new fe({props:{class:"form-field required",name:n[1]+".tokenURL",$$slots:{default:[zC,({uniqueId:T})=>({13:T}),({uniqueId:T})=>T?8192:0]},$$scope:{ctx:n}}}),u=new fe({props:{class:"form-field m-b-xs",$$slots:{default:[UC,({uniqueId:T})=>({13:T}),({uniqueId:T})=>T?8192:0]},$$scope:{ctx:n}}});const k=[BC,VC],S=[];function $(T,O){return T[2]?0:1}return d=$(n),m=S[d]=k[d](n),g=new fe({props:{class:"form-field",name:n[1]+".pkce",$$slots:{default:[JC,({uniqueId:T})=>({13:T}),({uniqueId:T})=>T?8192:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment),t=C(),i=b("div"),i.textContent="Endpoints",s=C(),H(l.$$.fragment),o=C(),H(r.$$.fragment),a=C(),H(u.$$.fragment),f=C(),c=b("div"),m.c(),h=C(),H(g.$$.fragment),p(i,"class","section-title"),p(c,"class","sub-panel m-b-base")},m(T,O){q(e,T,O),w(T,t,O),w(T,i,O),w(T,s,O),q(l,T,O),w(T,o,O),q(r,T,O),w(T,a,O),q(u,T,O),w(T,f,O),w(T,c,O),S[d].m(c,null),w(T,h,O),q(g,T,O),_=!0},p(T,[O]){const E={};O&2&&(E.name=T[1]+".displayName"),O&24577&&(E.$$scope={dirty:O,ctx:T}),e.$set(E);const L={};O&2&&(L.name=T[1]+".authURL"),O&24577&&(L.$$scope={dirty:O,ctx:T}),l.$set(L);const I={};O&2&&(I.name=T[1]+".tokenURL"),O&24577&&(I.$$scope={dirty:O,ctx:T}),r.$set(I);const A={};O&24580&&(A.$$scope={dirty:O,ctx:T}),u.$set(A);let P=d;d=$(T),d===P?S[d].p(T,O):(oe(),D(S[P],1,1,()=>{S[P]=null}),re(),m=S[d],m?m.p(T,O):(m=S[d]=k[d](T),m.c()),M(m,1),m.m(c,null));const N={};O&2&&(N.name=T[1]+".pkce"),O&24577&&(N.$$scope={dirty:O,ctx:T}),g.$set(N)},i(T){_||(M(e.$$.fragment,T),M(l.$$.fragment,T),M(r.$$.fragment,T),M(u.$$.fragment,T),M(m),M(g.$$.fragment,T),_=!0)},o(T){D(e.$$.fragment,T),D(l.$$.fragment,T),D(r.$$.fragment,T),D(u.$$.fragment,T),D(m),D(g.$$.fragment,T),_=!1},d(T){T&&(v(t),v(i),v(s),v(o),v(a),v(f),v(c),v(h)),j(e,T),j(l,T),j(r,T),j(u,T),S[d].d(),j(g,T)}}}function GC(n,e,t){let{key:i=""}=e,{config:s={}}=e;const l=[{label:"User info URL",value:!0},{label:"ID Token",value:!1}];let o=!!s.userInfoURL;U.isEmpty(s.pkce)&&(s.pkce=!0),s.displayName||(s.displayName="OIDC"),s.extra||(s.extra={},o=!0);function r(){o?t(0,s.extra={},s):(t(0,s.userInfoURL="",s),t(0,s.extra=s.extra||{},s))}function a(){s.displayName=this.value,t(0,s)}function u(){s.authURL=this.value,t(0,s)}function f(){s.tokenURL=this.value,t(0,s)}function c(_){o=_,t(2,o)}function d(){s.userInfoURL=this.value,t(0,s)}function m(){s.extra.jwksURL=this.value,t(0,s)}function h(_){n.$$.not_equal(s.extra.issuers,_)&&(s.extra.issuers=_,t(0,s))}function g(){s.pkce=this.checked,t(0,s)}return n.$$set=_=>{"key"in _&&t(1,i=_.key),"config"in _&&t(0,s=_.config)},n.$$.update=()=>{n.$$.dirty&4&&typeof o!==void 0&&r()},[s,i,o,l,a,u,f,c,d,m,h,g]}class ba extends we{constructor(e){super(),ve(this,e,GC,ZC,be,{key:1,config:0})}}function XC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Auth URL"),s=C(),l=b("input"),p(e,"for",i=n[8]),p(l,"type","url"),p(l,"id",o=n[8]),l.required=n[3]},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].authURL),r||(a=Y(l,"input",n[5]),r=!0)},p(u,f){f&256&&i!==(i=u[8])&&p(e,"for",i),f&256&&o!==(o=u[8])&&p(l,"id",o),f&8&&(l.required=u[3]),f&1&&l.value!==u[0].authURL&&me(l,u[0].authURL)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function QC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Token URL"),s=C(),l=b("input"),p(e,"for",i=n[8]),p(l,"type","url"),p(l,"id",o=n[8]),l.required=n[3]},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].tokenURL),r||(a=Y(l,"input",n[6]),r=!0)},p(u,f){f&256&&i!==(i=u[8])&&p(e,"for",i),f&256&&o!==(o=u[8])&&p(l,"id",o),f&8&&(l.required=u[3]),f&1&&l.value!==u[0].tokenURL&&me(l,u[0].tokenURL)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function xC(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("User info URL"),s=C(),l=b("input"),p(e,"for",i=n[8]),p(l,"type","url"),p(l,"id",o=n[8]),l.required=n[3]},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].userInfoURL),r||(a=Y(l,"input",n[7]),r=!0)},p(u,f){f&256&&i!==(i=u[8])&&p(e,"for",i),f&256&&o!==(o=u[8])&&p(l,"id",o),f&8&&(l.required=u[3]),f&1&&l.value!==u[0].userInfoURL&&me(l,u[0].userInfoURL)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function eO(n){let e,t,i,s,l,o,r,a,u;return s=new fe({props:{class:"form-field "+(n[3]?"required":""),name:n[1]+".authURL",$$slots:{default:[XC,({uniqueId:f})=>({8:f}),({uniqueId:f})=>f?256:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field "+(n[3]?"required":""),name:n[1]+".tokenURL",$$slots:{default:[QC,({uniqueId:f})=>({8:f}),({uniqueId:f})=>f?256:0]},$$scope:{ctx:n}}}),a=new fe({props:{class:"form-field "+(n[3]?"required":""),name:n[1]+".userInfoURL",$$slots:{default:[xC,({uniqueId:f})=>({8:f}),({uniqueId:f})=>f?256:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=W(n[2]),i=C(),H(s.$$.fragment),l=C(),H(o.$$.fragment),r=C(),H(a.$$.fragment),p(e,"class","section-title")},m(f,c){w(f,e,c),y(e,t),w(f,i,c),q(s,f,c),w(f,l,c),q(o,f,c),w(f,r,c),q(a,f,c),u=!0},p(f,[c]){(!u||c&4)&&se(t,f[2]);const d={};c&8&&(d.class="form-field "+(f[3]?"required":"")),c&2&&(d.name=f[1]+".authURL"),c&777&&(d.$$scope={dirty:c,ctx:f}),s.$set(d);const m={};c&8&&(m.class="form-field "+(f[3]?"required":"")),c&2&&(m.name=f[1]+".tokenURL"),c&777&&(m.$$scope={dirty:c,ctx:f}),o.$set(m);const h={};c&8&&(h.class="form-field "+(f[3]?"required":"")),c&2&&(h.name=f[1]+".userInfoURL"),c&777&&(h.$$scope={dirty:c,ctx:f}),a.$set(h)},i(f){u||(M(s.$$.fragment,f),M(o.$$.fragment,f),M(a.$$.fragment,f),u=!0)},o(f){D(s.$$.fragment,f),D(o.$$.fragment,f),D(a.$$.fragment,f),u=!1},d(f){f&&(v(e),v(i),v(l),v(r)),j(s,f),j(o,f),j(a,f)}}}function tO(n,e,t){let i,{key:s=""}=e,{config:l={}}=e,{required:o=!1}=e,{title:r="Provider endpoints"}=e;function a(){l.authURL=this.value,t(0,l)}function u(){l.tokenURL=this.value,t(0,l)}function f(){l.userInfoURL=this.value,t(0,l)}return n.$$set=c=>{"key"in c&&t(1,s=c.key),"config"in c&&t(0,l=c.config),"required"in c&&t(4,o=c.required),"title"in c&&t(2,r=c.title)},n.$$.update=()=>{n.$$.dirty&17&&t(3,i=o&&(l==null?void 0:l.enabled))},[l,s,r,i,o,a,u,f]}class ka extends we{constructor(e){super(),ve(this,e,tO,eO,be,{key:1,config:0,required:4,title:2})}}const lf=[{key:"apple",title:"Apple",logo:"apple.svg",optionsComponent:$C},{key:"google",title:"Google",logo:"google.svg"},{key:"microsoft",title:"Microsoft",logo:"microsoft.svg",optionsComponent:DC},{key:"yandex",title:"Yandex",logo:"yandex.svg"},{key:"facebook",title:"Facebook",logo:"facebook.svg"},{key:"instagram2",title:"Instagram",logo:"instagram.svg"},{key:"github",title:"GitHub",logo:"github.svg"},{key:"gitlab",title:"GitLab",logo:"gitlab.svg",optionsComponent:ka,optionsComponentProps:{title:"Self-hosted endpoints (optional)"}},{key:"bitbucket",title:"Bitbucket",logo:"bitbucket.svg"},{key:"gitee",title:"Gitee",logo:"gitee.svg"},{key:"gitea",title:"Gitea",logo:"gitea.svg",optionsComponent:ka,optionsComponentProps:{title:"Self-hosted endpoints (optional)"}},{key:"linear",title:"Linear",logo:"linear.svg"},{key:"discord",title:"Discord",logo:"discord.svg"},{key:"twitter",title:"Twitter",logo:"twitter.svg"},{key:"kakao",title:"Kakao",logo:"kakao.svg"},{key:"vk",title:"VK",logo:"vk.svg"},{key:"notion",title:"Notion",logo:"notion.svg"},{key:"monday",title:"monday.com",logo:"monday.svg"},{key:"spotify",title:"Spotify",logo:"spotify.svg"},{key:"trakt",title:"Trakt",logo:"trakt.svg"},{key:"twitch",title:"Twitch",logo:"twitch.svg"},{key:"patreon",title:"Patreon (v2)",logo:"patreon.svg"},{key:"strava",title:"Strava",logo:"strava.svg"},{key:"wakatime",title:"WakaTime",logo:"wakatime.svg"},{key:"livechat",title:"LiveChat",logo:"livechat.svg"},{key:"mailcow",title:"mailcow",logo:"mailcow.svg",optionsComponent:ka,optionsComponentProps:{required:!0}},{key:"planningcenter",title:"Planning Center",logo:"planningcenter.svg"},{key:"oidc",title:"OpenID Connect",logo:"oidc.svg",optionsComponent:ba},{key:"oidc2",title:"(2) OpenID Connect",logo:"oidc.svg",optionsComponent:ba},{key:"oidc3",title:"(3) OpenID Connect",logo:"oidc.svg",optionsComponent:ba}];function um(n,e,t){const i=n.slice();return i[16]=e[t],i}function fm(n){let e,t,i,s,l;return{c(){e=b("button"),e.innerHTML='Clear',p(e,"type","button"),p(e,"class","btn btn-transparent btn-sm btn-hint p-l-xs p-r-xs m-l-10")},m(o,r){w(o,e,r),i=!0,s||(l=Y(e,"click",n[9]),s=!0)},p:te,i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,zn,{duration:150,x:5},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,zn,{duration:150,x:5},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function nO(n){let e,t,i,s,l,o,r,a,u,f,c=n[1]!=""&&fm(n);return{c(){e=b("label"),t=b("i"),s=C(),l=b("input"),r=C(),c&&c.c(),a=ke(),p(t,"class","ri-search-line"),p(e,"for",i=n[19]),p(e,"class","m-l-10 txt-xl"),p(l,"id",o=n[19]),p(l,"type","text"),p(l,"placeholder","Search provider")},m(d,m){w(d,e,m),y(e,t),w(d,s,m),w(d,l,m),me(l,n[1]),w(d,r,m),c&&c.m(d,m),w(d,a,m),u||(f=Y(l,"input",n[8]),u=!0)},p(d,m){m&524288&&i!==(i=d[19])&&p(e,"for",i),m&524288&&o!==(o=d[19])&&p(l,"id",o),m&2&&l.value!==d[1]&&me(l,d[1]),d[1]!=""?c?(c.p(d,m),m&2&&M(c,1)):(c=fm(d),c.c(),M(c,1),c.m(a.parentNode,a)):c&&(oe(),D(c,1,1,()=>{c=null}),re())},d(d){d&&(v(e),v(s),v(l),v(r),v(a)),c&&c.d(d),u=!1,f()}}}function cm(n){let e,t,i,s,l=n[1]!=""&&dm(n);return{c(){e=b("div"),t=b("span"),t.textContent="No providers to select.",i=C(),l&&l.c(),s=C(),p(t,"class","txt-hint"),p(e,"class","flex inline-flex")},m(o,r){w(o,e,r),y(e,t),y(e,i),l&&l.m(e,null),y(e,s)},p(o,r){o[1]!=""?l?l.p(o,r):(l=dm(o),l.c(),l.m(e,s)):l&&(l.d(1),l=null)},d(o){o&&v(e),l&&l.d()}}}function dm(n){let e,t,i;return{c(){e=b("button"),e.textContent="Clear filter",p(e,"type","button"),p(e,"class","btn btn-sm btn-secondary")},m(s,l){w(s,e,l),t||(i=Y(e,"click",n[5]),t=!0)},p:te,d(s){s&&v(e),t=!1,i()}}}function pm(n){let e,t,i;return{c(){e=b("img"),Sn(e.src,t="./images/oauth2/"+n[16].logo)||p(e,"src",t),p(e,"alt",i=n[16].title+" logo")},m(s,l){w(s,e,l)},p(s,l){l&8&&!Sn(e.src,t="./images/oauth2/"+s[16].logo)&&p(e,"src",t),l&8&&i!==(i=s[16].title+" logo")&&p(e,"alt",i)},d(s){s&&v(e)}}}function mm(n,e){let t,i,s,l,o,r,a=e[16].title+"",u,f,c,d=e[16].key+"",m,h,g,_,k=e[16].logo&&pm(e);function S(){return e[10](e[16])}return{key:n,first:null,c(){t=b("div"),i=b("button"),s=b("figure"),k&&k.c(),l=C(),o=b("div"),r=b("div"),u=W(a),f=C(),c=b("em"),m=W(d),h=C(),p(s,"class","provider-logo"),p(r,"class","title"),p(c,"class","txt-hint txt-sm m-r-auto"),p(o,"class","content"),p(i,"type","button"),p(i,"class","provider-card handle"),p(t,"class","col-6"),this.first=t},m($,T){w($,t,T),y(t,i),y(i,s),k&&k.m(s,null),y(i,l),y(i,o),y(o,r),y(r,u),y(o,f),y(o,c),y(c,m),y(t,h),g||(_=Y(i,"click",S),g=!0)},p($,T){e=$,e[16].logo?k?k.p(e,T):(k=pm(e),k.c(),k.m(s,null)):k&&(k.d(1),k=null),T&8&&a!==(a=e[16].title+"")&&se(u,a),T&8&&d!==(d=e[16].key+"")&&se(m,d)},d($){$&&v(t),k&&k.d(),g=!1,_()}}}function iO(n){let e,t,i,s=[],l=new Map,o;e=new fe({props:{class:"searchbar m-b-sm",$$slots:{default:[nO,({uniqueId:f})=>({19:f}),({uniqueId:f})=>f?524288:0]},$$scope:{ctx:n}}});let r=ce(n[3]);const a=f=>f[16].key;for(let f=0;f!s.includes(T.key)&&($==""||T.key.toLowerCase().includes($)||T.title.toLowerCase().includes($)))}function d(){t(1,o="")}function m(){o=this.value,t(1,o)}const h=()=>t(1,o=""),g=$=>f($);function _($){ne[$?"unshift":"push"](()=>{l=$,t(2,l)})}function k($){Le.call(this,n,$)}function S($){Le.call(this,n,$)}return n.$$set=$=>{"disabled"in $&&t(6,s=$.disabled)},n.$$.update=()=>{n.$$.dirty&66&&(o!==-1||s!==-1)&&t(3,r=c())},[u,o,l,r,f,d,s,a,m,h,g,_,k,S]}class aO extends we{constructor(e){super(),ve(this,e,rO,oO,be,{disabled:6,show:7,hide:0})}get show(){return this.$$.ctx[7]}get hide(){return this.$$.ctx[0]}}function hm(n,e,t){const i=n.slice();i[28]=e[t],i[31]=t;const s=i[9](i[28].name);return i[29]=s,i}function uO(n){let e,t,i,s,l,o,r,a;return{c(){e=b("input"),i=C(),s=b("label"),l=W("Enable"),p(e,"type","checkbox"),p(e,"id",t=n[27]),p(s,"for",o=n[27])},m(u,f){w(u,e,f),e.checked=n[0].oauth2.enabled,w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"change",n[10]),r=!0)},p(u,f){f[0]&134217728&&t!==(t=u[27])&&p(e,"id",t),f[0]&1&&(e.checked=u[0].oauth2.enabled),f[0]&134217728&&o!==(o=u[27])&&p(s,"for",o)},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function fO(n){let e;return{c(){e=b("i"),p(e,"class","ri-puzzle-line txt-sm txt-hint")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function cO(n){let e,t,i;return{c(){e=b("img"),Sn(e.src,t="./images/oauth2/"+n[29].logo)||p(e,"src",t),p(e,"alt",i=n[29].title+" logo")},m(s,l){w(s,e,l)},p(s,l){l[0]&1&&!Sn(e.src,t="./images/oauth2/"+s[29].logo)&&p(e,"src",t),l[0]&1&&i!==(i=s[29].title+" logo")&&p(e,"alt",i)},d(s){s&&v(e)}}}function _m(n){let e,t,i;function s(){return n[11](n[29],n[28],n[31])}return{c(){e=b("button"),e.innerHTML='',p(e,"type","button"),p(e,"class","btn btn-circle btn-hint btn-transparent"),p(e,"aria-label","Provider settings")},m(l,o){w(l,e,o),t||(i=[Oe(Re.call(null,e,{text:"Edit config",position:"left"})),Y(e,"click",s)],t=!0)},p(l,o){n=l},d(l){l&&v(e),t=!1,Ee(i)}}}function gm(n,e){var $;let t,i,s,l,o,r,a=(e[28].displayName||(($=e[29])==null?void 0:$.title)||"Custom")+"",u,f,c,d=e[28].name+"",m,h;function g(T,O){var E;return(E=T[29])!=null&&E.logo?cO:fO}let _=g(e),k=_(e),S=e[29]&&_m(e);return{key:n,first:null,c(){var T,O,E;t=b("div"),i=b("div"),s=b("figure"),k.c(),l=C(),o=b("div"),r=b("div"),u=W(a),f=C(),c=b("em"),m=W(d),h=C(),S&&S.c(),p(s,"class","provider-logo"),p(r,"class","title"),p(c,"class","txt-hint txt-sm m-r-auto"),p(o,"class","content"),p(i,"class","provider-card"),x(i,"error",!U.isEmpty((E=(O=(T=e[1])==null?void 0:T.oauth2)==null?void 0:O.providers)==null?void 0:E[e[31]])),p(t,"class","col-lg-6"),this.first=t},m(T,O){w(T,t,O),y(t,i),y(i,s),k.m(s,null),y(i,l),y(i,o),y(o,r),y(r,u),y(o,f),y(o,c),y(c,m),y(i,h),S&&S.m(i,null)},p(T,O){var E,L,I,A;e=T,_===(_=g(e))&&k?k.p(e,O):(k.d(1),k=_(e),k&&(k.c(),k.m(s,null))),O[0]&1&&a!==(a=(e[28].displayName||((E=e[29])==null?void 0:E.title)||"Custom")+"")&&se(u,a),O[0]&1&&d!==(d=e[28].name+"")&&se(m,d),e[29]?S?S.p(e,O):(S=_m(e),S.c(),S.m(i,null)):S&&(S.d(1),S=null),O[0]&3&&x(i,"error",!U.isEmpty((A=(I=(L=e[1])==null?void 0:L.oauth2)==null?void 0:I.providers)==null?void 0:A[e[31]]))},d(T){T&&v(t),k.d(),S&&S.d()}}}function dO(n){let e;return{c(){e=b("i"),p(e,"class","ri-arrow-down-s-line txt-sm")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function pO(n){let e;return{c(){e=b("i"),p(e,"class","ri-arrow-up-s-line txt-sm")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function bm(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g;return s=new fe({props:{class:"form-field form-field-toggle",name:"oauth2.mappedFields.name",$$slots:{default:[mO,({uniqueId:_})=>({27:_}),({uniqueId:_})=>[_?134217728:0]]},$$scope:{ctx:n}}}),r=new fe({props:{class:"form-field form-field-toggle",name:"oauth2.mappedFields.avatarURL",$$slots:{default:[hO,({uniqueId:_})=>({27:_}),({uniqueId:_})=>[_?134217728:0]]},$$scope:{ctx:n}}}),f=new fe({props:{class:"form-field form-field-toggle",name:"oauth2.mappedFields.id",$$slots:{default:[_O,({uniqueId:_})=>({27:_}),({uniqueId:_})=>[_?134217728:0]]},$$scope:{ctx:n}}}),m=new fe({props:{class:"form-field form-field-toggle",name:"oauth2.mappedFields.username",$$slots:{default:[gO,({uniqueId:_})=>({27:_}),({uniqueId:_})=>[_?134217728:0]]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),i=b("div"),H(s.$$.fragment),l=C(),o=b("div"),H(r.$$.fragment),a=C(),u=b("div"),H(f.$$.fragment),c=C(),d=b("div"),H(m.$$.fragment),p(i,"class","col-sm-6"),p(o,"class","col-sm-6"),p(u,"class","col-sm-6"),p(d,"class","col-sm-6"),p(t,"class","grid grid-sm p-t-xs"),p(e,"class","block")},m(_,k){w(_,e,k),y(e,t),y(t,i),q(s,i,null),y(t,l),y(t,o),q(r,o,null),y(t,a),y(t,u),q(f,u,null),y(t,c),y(t,d),q(m,d,null),g=!0},p(_,k){const S={};k[0]&134217761|k[1]&2&&(S.$$scope={dirty:k,ctx:_}),s.$set(S);const $={};k[0]&134217793|k[1]&2&&($.$$scope={dirty:k,ctx:_}),r.$set($);const T={};k[0]&134217761|k[1]&2&&(T.$$scope={dirty:k,ctx:_}),f.$set(T);const O={};k[0]&134217761|k[1]&2&&(O.$$scope={dirty:k,ctx:_}),m.$set(O)},i(_){g||(M(s.$$.fragment,_),M(r.$$.fragment,_),M(f.$$.fragment,_),M(m.$$.fragment,_),_&&tt(()=>{g&&(h||(h=qe(e,ht,{duration:150},!0)),h.run(1))}),g=!0)},o(_){D(s.$$.fragment,_),D(r.$$.fragment,_),D(f.$$.fragment,_),D(m.$$.fragment,_),_&&(h||(h=qe(e,ht,{duration:150},!1)),h.run(0)),g=!1},d(_){_&&v(e),j(s),j(r),j(f),j(m),_&&h&&h.end()}}}function mO(n){let e,t,i,s,l,o,r;function a(f){n[14](f)}let u={id:n[27],items:n[5],toggle:!0,zeroFunc:SO,selectPlaceholder:"Select field"};return n[0].oauth2.mappedFields.name!==void 0&&(u.selected=n[0].oauth2.mappedFields.name),l=new ps({props:u}),ne.push(()=>ge(l,"selected",a)),{c(){e=b("label"),t=W("OAuth2 full name"),s=C(),H(l.$$.fragment),p(e,"for",i=n[27])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c[0]&134217728&&i!==(i=f[27]))&&p(e,"for",i);const d={};c[0]&134217728&&(d.id=f[27]),c[0]&32&&(d.items=f[5]),!o&&c[0]&1&&(o=!0,d.selected=f[0].oauth2.mappedFields.name,$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function hO(n){let e,t,i,s,l,o,r;function a(f){n[15](f)}let u={id:n[27],items:n[6],toggle:!0,zeroFunc:TO,selectPlaceholder:"Select field"};return n[0].oauth2.mappedFields.avatarURL!==void 0&&(u.selected=n[0].oauth2.mappedFields.avatarURL),l=new ps({props:u}),ne.push(()=>ge(l,"selected",a)),{c(){e=b("label"),t=W("OAuth2 avatar"),s=C(),H(l.$$.fragment),p(e,"for",i=n[27])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c[0]&134217728&&i!==(i=f[27]))&&p(e,"for",i);const d={};c[0]&134217728&&(d.id=f[27]),c[0]&64&&(d.items=f[6]),!o&&c[0]&1&&(o=!0,d.selected=f[0].oauth2.mappedFields.avatarURL,$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function _O(n){let e,t,i,s,l,o,r;function a(f){n[16](f)}let u={id:n[27],items:n[5],toggle:!0,zeroFunc:$O,selectPlaceholder:"Select field"};return n[0].oauth2.mappedFields.id!==void 0&&(u.selected=n[0].oauth2.mappedFields.id),l=new ps({props:u}),ne.push(()=>ge(l,"selected",a)),{c(){e=b("label"),t=W("OAuth2 id"),s=C(),H(l.$$.fragment),p(e,"for",i=n[27])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c[0]&134217728&&i!==(i=f[27]))&&p(e,"for",i);const d={};c[0]&134217728&&(d.id=f[27]),c[0]&32&&(d.items=f[5]),!o&&c[0]&1&&(o=!0,d.selected=f[0].oauth2.mappedFields.id,$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function gO(n){let e,t,i,s,l,o,r;function a(f){n[17](f)}let u={id:n[27],items:n[5],toggle:!0,zeroFunc:CO,selectPlaceholder:"Select field"};return n[0].oauth2.mappedFields.username!==void 0&&(u.selected=n[0].oauth2.mappedFields.username),l=new ps({props:u}),ne.push(()=>ge(l,"selected",a)),{c(){e=b("label"),t=W("OAuth2 username"),s=C(),H(l.$$.fragment),p(e,"for",i=n[27])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c[0]&134217728&&i!==(i=f[27]))&&p(e,"for",i);const d={};c[0]&134217728&&(d.id=f[27]),c[0]&32&&(d.items=f[5]),!o&&c[0]&1&&(o=!0,d.selected=f[0].oauth2.mappedFields.username,$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function bO(n){let e,t,i,s=[],l=new Map,o,r,a,u,f,c,d,m=n[0].name+"",h,g,_,k,S,$,T,O,E;e=new fe({props:{class:"form-field form-field-toggle",name:"oauth2.enabled",$$slots:{default:[uO,({uniqueId:z})=>({27:z}),({uniqueId:z})=>[z?134217728:0]]},$$scope:{ctx:n}}});let L=ce(n[0].oauth2.providers);const I=z=>z[28].name;for(let z=0;z Add provider',u=C(),f=b("button"),c=b("strong"),d=W("Optional "),h=W(m),g=W(" create fields map"),_=C(),N.c(),S=C(),R&&R.c(),$=ke(),p(a,"class","btn btn-block btn-lg btn-secondary txt-base"),p(r,"class","col-lg-6"),p(i,"class","grid grid-sm"),p(c,"class","txt"),p(f,"type","button"),p(f,"class",k="m-t-25 btn btn-sm "+(n[4]?"btn-secondary":"btn-hint btn-transparent"))},m(z,F){q(e,z,F),w(z,t,F),w(z,i,F);for(let B=0;B{R=null}),re())},i(z){T||(M(e.$$.fragment,z),M(R),T=!0)},o(z){D(e.$$.fragment,z),D(R),T=!1},d(z){z&&(v(t),v(i),v(u),v(f),v(S),v($)),j(e,z);for(let F=0;F0),p(r,"class","label label-success")},m(a,u){w(a,e,u),y(e,t),y(e,i),y(e,l),w(a,o,u),w(a,r,u)},p(a,u){u[0]&128&&se(t,a[7]),u[0]&128&&s!==(s=a[7]==1?"provider":"providers")&&se(l,s),u[0]&128&&x(e,"label-warning",!a[7]),u[0]&128&&x(e,"label-info",a[7]>0)},d(a){a&&(v(e),v(o),v(r))}}}function km(n){let e,t,i,s,l;return{c(){e=b("i"),p(e,"class","ri-error-warning-fill txt-danger")},m(o,r){w(o,e,r),i=!0,s||(l=Oe(Re.call(null,e,{text:"Has errors",position:"left"})),s=!0)},i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,Ct,{duration:150,start:.7},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ct,{duration:150,start:.7},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function vO(n){let e,t,i,s,l,o;function r(c,d){return c[0].oauth2.enabled?yO:kO}let a=r(n),u=a(n),f=n[8]&&km();return{c(){e=b("div"),e.innerHTML=' OAuth2',t=C(),i=b("div"),s=C(),u.c(),l=C(),f&&f.c(),o=ke(),p(e,"class","inline-flex"),p(i,"class","flex-fill")},m(c,d){w(c,e,d),w(c,t,d),w(c,i,d),w(c,s,d),u.m(c,d),w(c,l,d),f&&f.m(c,d),w(c,o,d)},p(c,d){a===(a=r(c))&&u?u.p(c,d):(u.d(1),u=a(c),u&&(u.c(),u.m(l.parentNode,l))),c[8]?f?d[0]&256&&M(f,1):(f=km(),f.c(),M(f,1),f.m(o.parentNode,o)):f&&(oe(),D(f,1,1,()=>{f=null}),re())},d(c){c&&(v(e),v(t),v(i),v(s),v(l),v(o)),u.d(c),f&&f.d(c)}}}function wO(n){var u,f;let e,t,i,s,l,o;e=new zi({props:{single:!0,$$slots:{header:[vO],default:[bO]},$$scope:{ctx:n}}});let r={disabled:((f=(u=n[0].oauth2)==null?void 0:u.providers)==null?void 0:f.map(ym))||[]};i=new aO({props:r}),n[18](i),i.$on("select",n[19]);let a={};return l=new cC({props:a}),n[20](l),l.$on("remove",n[21]),l.$on("submit",n[22]),{c(){H(e.$$.fragment),t=C(),H(i.$$.fragment),s=C(),H(l.$$.fragment)},m(c,d){q(e,c,d),w(c,t,d),q(i,c,d),w(c,s,d),q(l,c,d),o=!0},p(c,d){var _,k;const m={};d[0]&511|d[1]&2&&(m.$$scope={dirty:d,ctx:c}),e.$set(m);const h={};d[0]&1&&(h.disabled=((k=(_=c[0].oauth2)==null?void 0:_.providers)==null?void 0:k.map(ym))||[]),i.$set(h);const g={};l.$set(g)},i(c){o||(M(e.$$.fragment,c),M(i.$$.fragment,c),M(l.$$.fragment,c),o=!0)},o(c){D(e.$$.fragment,c),D(i.$$.fragment,c),D(l.$$.fragment,c),o=!1},d(c){c&&(v(t),v(s)),j(e,c),n[18](null),j(i,c),n[20](null),j(l,c)}}}const SO=()=>"",TO=()=>"",$O=()=>"",CO=()=>"",ym=n=>n.name;function OO(n,e,t){let i,s,l;Ge(n,$n,F=>t(1,l=F));let{collection:o}=e;const r=["id","email","emailVisibility","verified","tokenKey","password"],a=["text","editor","url","email","json"],u=a.concat("file");let f,c,d=!1,m=[],h=[];function g(F=[]){var B,J;t(5,m=((B=F==null?void 0:F.filter(V=>a.includes(V.type)&&!r.includes(V.name)))==null?void 0:B.map(V=>V.name))||[]),t(6,h=((J=F==null?void 0:F.filter(V=>u.includes(V.type)&&!r.includes(V.name)))==null?void 0:J.map(V=>V.name))||[])}function _(F){for(let B of lf)if(B.key==F)return B;return null}function k(){o.oauth2.enabled=this.checked,t(0,o)}const S=(F,B,J)=>{c==null||c.show(F,B,J)},$=()=>f==null?void 0:f.show(),T=()=>t(4,d=!d);function O(F){n.$$.not_equal(o.oauth2.mappedFields.name,F)&&(o.oauth2.mappedFields.name=F,t(0,o))}function E(F){n.$$.not_equal(o.oauth2.mappedFields.avatarURL,F)&&(o.oauth2.mappedFields.avatarURL=F,t(0,o))}function L(F){n.$$.not_equal(o.oauth2.mappedFields.id,F)&&(o.oauth2.mappedFields.id=F,t(0,o))}function I(F){n.$$.not_equal(o.oauth2.mappedFields.username,F)&&(o.oauth2.mappedFields.username=F,t(0,o))}function A(F){ne[F?"unshift":"push"](()=>{f=F,t(2,f)})}const P=F=>{var B,J;c.show(F.detail,{},((J=(B=o.oauth2)==null?void 0:B.providers)==null?void 0:J.length)||0)};function N(F){ne[F?"unshift":"push"](()=>{c=F,t(3,c)})}const R=F=>{const B=F.detail.uiOptions;U.removeByKey(o.oauth2.providers,"name",B.key),t(0,o)},z=F=>{const B=F.detail.uiOptions,J=F.detail.config;t(0,o.oauth2.providers=o.oauth2.providers||[],o),U.pushOrReplaceByKey(o.oauth2.providers,Object.assign({name:B.key},J),"name"),t(0,o)};return n.$$set=F=>{"collection"in F&&t(0,o=F.collection)},n.$$.update=()=>{var F,B;n.$$.dirty[0]&1&&U.isEmpty(o.oauth2)&&t(0,o.oauth2={enabled:!1,mappedFields:{},providers:[]},o),n.$$.dirty[0]&1&&g(o.fields),n.$$.dirty[0]&2&&t(8,i=!U.isEmpty(l==null?void 0:l.oauth2)),n.$$.dirty[0]&1&&t(7,s=((B=(F=o.oauth2)==null?void 0:F.providers)==null?void 0:B.length)||0)},[o,l,f,c,d,m,h,s,i,_,k,S,$,T,O,E,L,I,A,P,N,R,z]}class MO extends we{constructor(e){super(),ve(this,e,OO,wO,be,{collection:0},null,[-1,-1])}}function vm(n){let e,t,i;return{c(){e=b("i"),p(e,"class","ri-information-line link-hint")},m(s,l){w(s,e,l),t||(i=Oe(Re.call(null,e,{text:"Superusers can have OTP only as part of Two-factor authentication.",position:"right"})),t=!0)},d(s){s&&v(e),t=!1,i()}}}function EO(n){let e,t,i,s,l,o,r,a,u,f,c=n[2]&&vm();return{c(){e=b("input"),i=C(),s=b("label"),l=W("Enable"),r=C(),c&&c.c(),a=ke(),p(e,"type","checkbox"),p(e,"id",t=n[8]),p(s,"for",o=n[8])},m(d,m){w(d,e,m),e.checked=n[0].otp.enabled,w(d,i,m),w(d,s,m),y(s,l),w(d,r,m),c&&c.m(d,m),w(d,a,m),u||(f=[Y(e,"change",n[4]),Y(e,"change",n[5])],u=!0)},p(d,m){m&256&&t!==(t=d[8])&&p(e,"id",t),m&1&&(e.checked=d[0].otp.enabled),m&256&&o!==(o=d[8])&&p(s,"for",o),d[2]?c||(c=vm(),c.c(),c.m(a.parentNode,a)):c&&(c.d(1),c=null)},d(d){d&&(v(e),v(i),v(s),v(r),v(a)),c&&c.d(d),u=!1,Ee(f)}}}function DO(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Duration (in seconds)"),s=C(),l=b("input"),p(e,"for",i=n[8]),p(l,"type","number"),p(l,"min","0"),p(l,"step","1"),p(l,"id",o=n[8]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].otp.duration),r||(a=Y(l,"input",n[6]),r=!0)},p(u,f){f&256&&i!==(i=u[8])&&p(e,"for",i),f&256&&o!==(o=u[8])&&p(l,"id",o),f&1&&mt(l.value)!==u[0].otp.duration&&me(l,u[0].otp.duration)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function IO(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Generated password length"),s=C(),l=b("input"),p(e,"for",i=n[8]),p(l,"type","number"),p(l,"min","0"),p(l,"step","1"),p(l,"id",o=n[8]),l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].otp.length),r||(a=Y(l,"input",n[7]),r=!0)},p(u,f){f&256&&i!==(i=u[8])&&p(e,"for",i),f&256&&o!==(o=u[8])&&p(l,"id",o),f&1&&mt(l.value)!==u[0].otp.length&&me(l,u[0].otp.length)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function LO(n){let e,t,i,s,l,o,r,a,u;return e=new fe({props:{class:"form-field form-field-toggle",name:"otp.enabled",$$slots:{default:[EO,({uniqueId:f})=>({8:f}),({uniqueId:f})=>f?256:0]},$$scope:{ctx:n}}}),l=new fe({props:{class:"form-field form-field-toggle required",name:"otp.duration",$$slots:{default:[DO,({uniqueId:f})=>({8:f}),({uniqueId:f})=>f?256:0]},$$scope:{ctx:n}}}),a=new fe({props:{class:"form-field form-field-toggle required",name:"otp.length",$$slots:{default:[IO,({uniqueId:f})=>({8:f}),({uniqueId:f})=>f?256:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment),t=C(),i=b("div"),s=b("div"),H(l.$$.fragment),o=C(),r=b("div"),H(a.$$.fragment),p(s,"class","col-sm-6"),p(r,"class","col-sm-6"),p(i,"class","grid grid-sm")},m(f,c){q(e,f,c),w(f,t,c),w(f,i,c),y(i,s),q(l,s,null),y(i,o),y(i,r),q(a,r,null),u=!0},p(f,c){const d={};c&773&&(d.$$scope={dirty:c,ctx:f}),e.$set(d);const m={};c&769&&(m.$$scope={dirty:c,ctx:f}),l.$set(m);const h={};c&769&&(h.$$scope={dirty:c,ctx:f}),a.$set(h)},i(f){u||(M(e.$$.fragment,f),M(l.$$.fragment,f),M(a.$$.fragment,f),u=!0)},o(f){D(e.$$.fragment,f),D(l.$$.fragment,f),D(a.$$.fragment,f),u=!1},d(f){f&&(v(t),v(i)),j(e,f),j(l),j(a)}}}function AO(n){let e;return{c(){e=b("span"),e.textContent="Disabled",p(e,"class","label")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function PO(n){let e;return{c(){e=b("span"),e.textContent="Enabled",p(e,"class","label label-success")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function wm(n){let e,t,i,s,l;return{c(){e=b("i"),p(e,"class","ri-error-warning-fill txt-danger")},m(o,r){w(o,e,r),i=!0,s||(l=Oe(Re.call(null,e,{text:"Has errors",position:"left"})),s=!0)},i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,Ct,{duration:150,start:.7},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ct,{duration:150,start:.7},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function NO(n){let e,t,i,s,l,o;function r(c,d){return c[0].otp.enabled?PO:AO}let a=r(n),u=a(n),f=n[1]&&wm();return{c(){e=b("div"),e.innerHTML=' One-time password (OTP)',t=C(),i=b("div"),s=C(),u.c(),l=C(),f&&f.c(),o=ke(),p(e,"class","inline-flex"),p(i,"class","flex-fill")},m(c,d){w(c,e,d),w(c,t,d),w(c,i,d),w(c,s,d),u.m(c,d),w(c,l,d),f&&f.m(c,d),w(c,o,d)},p(c,d){a!==(a=r(c))&&(u.d(1),u=a(c),u&&(u.c(),u.m(l.parentNode,l))),c[1]?f?d&2&&M(f,1):(f=wm(),f.c(),M(f,1),f.m(o.parentNode,o)):f&&(oe(),D(f,1,1,()=>{f=null}),re())},d(c){c&&(v(e),v(t),v(i),v(s),v(l),v(o)),u.d(c),f&&f.d(c)}}}function RO(n){let e,t;return e=new zi({props:{single:!0,$$slots:{header:[NO],default:[LO]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,[s]){const l={};s&519&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function FO(n,e,t){let i,s,l;Ge(n,$n,c=>t(3,l=c));let{collection:o}=e;function r(){o.otp.enabled=this.checked,t(0,o)}const a=c=>{i&&t(0,o.mfa.enabled=c.target.checked,o)};function u(){o.otp.duration=mt(this.value),t(0,o)}function f(){o.otp.length=mt(this.value),t(0,o)}return n.$$set=c=>{"collection"in c&&t(0,o=c.collection)},n.$$.update=()=>{n.$$.dirty&1&&U.isEmpty(o.otp)&&t(0,o.otp={enabled:!0,duration:300,length:8},o),n.$$.dirty&1&&t(2,i=(o==null?void 0:o.system)&&(o==null?void 0:o.name)==="_superusers"),n.$$.dirty&8&&t(1,s=!U.isEmpty(l==null?void 0:l.otp))},[o,s,i,l,r,a,u,f]}class qO extends we{constructor(e){super(),ve(this,e,FO,RO,be,{collection:0})}}function Sm(n){let e,t,i;return{c(){e=b("i"),p(e,"class","ri-information-line link-hint")},m(s,l){w(s,e,l),t||(i=Oe(Re.call(null,e,{text:"Superusers are required to have password auth enabled.",position:"right"})),t=!0)},d(s){s&&v(e),t=!1,i()}}}function jO(n){let e,t,i,s,l,o,r,a,u,f,c=n[3]&&Sm();return{c(){e=b("input"),i=C(),s=b("label"),l=W("Enable"),r=C(),c&&c.c(),a=ke(),p(e,"type","checkbox"),p(e,"id",t=n[9]),e.disabled=n[3],p(s,"for",o=n[9])},m(d,m){w(d,e,m),e.checked=n[0].passwordAuth.enabled,w(d,i,m),w(d,s,m),y(s,l),w(d,r,m),c&&c.m(d,m),w(d,a,m),u||(f=Y(e,"change",n[6]),u=!0)},p(d,m){m&512&&t!==(t=d[9])&&p(e,"id",t),m&8&&(e.disabled=d[3]),m&1&&(e.checked=d[0].passwordAuth.enabled),m&512&&o!==(o=d[9])&&p(s,"for",o),d[3]?c||(c=Sm(),c.c(),c.m(a.parentNode,a)):c&&(c.d(1),c=null)},d(d){d&&(v(e),v(i),v(s),v(r),v(a)),c&&c.d(d),u=!1,f()}}}function HO(n){let e,t,i,s,l,o,r;function a(f){n[7](f)}let u={items:n[1],multiple:!0};return n[0].passwordAuth.identityFields!==void 0&&(u.keyOfSelected=n[0].passwordAuth.identityFields),l=new Ln({props:u}),ne.push(()=>ge(l,"keyOfSelected",a)),{c(){e=b("label"),t=b("span"),t.textContent="Unique identity fields",s=C(),H(l.$$.fragment),p(t,"class","txt"),p(e,"for",i=n[9])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c&512&&i!==(i=f[9]))&&p(e,"for",i);const d={};c&2&&(d.items=f[1]),!o&&c&1&&(o=!0,d.keyOfSelected=f[0].passwordAuth.identityFields,$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function zO(n){let e,t,i,s;return e=new fe({props:{class:"form-field form-field-toggle",name:"passwordAuth.enabled",$$slots:{default:[jO,({uniqueId:l})=>({9:l}),({uniqueId:l})=>l?512:0]},$$scope:{ctx:n}}}),i=new fe({props:{class:"form-field required m-0",name:"passwordAuth.identityFields",$$slots:{default:[HO,({uniqueId:l})=>({9:l}),({uniqueId:l})=>l?512:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment),t=C(),H(i.$$.fragment)},m(l,o){q(e,l,o),w(l,t,o),q(i,l,o),s=!0},p(l,o){const r={};o&1545&&(r.$$scope={dirty:o,ctx:l}),e.$set(r);const a={};o&1539&&(a.$$scope={dirty:o,ctx:l}),i.$set(a)},i(l){s||(M(e.$$.fragment,l),M(i.$$.fragment,l),s=!0)},o(l){D(e.$$.fragment,l),D(i.$$.fragment,l),s=!1},d(l){l&&v(t),j(e,l),j(i,l)}}}function UO(n){let e;return{c(){e=b("span"),e.textContent="Disabled",p(e,"class","label")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function VO(n){let e;return{c(){e=b("span"),e.textContent="Enabled",p(e,"class","label label-success")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function Tm(n){let e,t,i,s,l;return{c(){e=b("i"),p(e,"class","ri-error-warning-fill txt-danger")},m(o,r){w(o,e,r),i=!0,s||(l=Oe(Re.call(null,e,{text:"Has errors",position:"left"})),s=!0)},i(o){i||(o&&tt(()=>{i&&(t||(t=qe(e,Ct,{duration:150,start:.7},!0)),t.run(1))}),i=!0)},o(o){o&&(t||(t=qe(e,Ct,{duration:150,start:.7},!1)),t.run(0)),i=!1},d(o){o&&v(e),o&&t&&t.end(),s=!1,l()}}}function BO(n){let e,t,i,s,l,o;function r(c,d){return c[0].passwordAuth.enabled?VO:UO}let a=r(n),u=a(n),f=n[2]&&Tm();return{c(){e=b("div"),e.innerHTML=' Identity/Password',t=C(),i=b("div"),s=C(),u.c(),l=C(),f&&f.c(),o=ke(),p(e,"class","inline-flex"),p(i,"class","flex-fill")},m(c,d){w(c,e,d),w(c,t,d),w(c,i,d),w(c,s,d),u.m(c,d),w(c,l,d),f&&f.m(c,d),w(c,o,d)},p(c,d){a!==(a=r(c))&&(u.d(1),u=a(c),u&&(u.c(),u.m(l.parentNode,l))),c[2]?f?d&4&&M(f,1):(f=Tm(),f.c(),M(f,1),f.m(o.parentNode,o)):f&&(oe(),D(f,1,1,()=>{f=null}),re())},d(c){c&&(v(e),v(t),v(i),v(s),v(l),v(o)),u.d(c),f&&f.d(c)}}}function WO(n){let e,t;return e=new zi({props:{single:!0,$$slots:{header:[BO],default:[zO]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,[s]){const l={};s&1039&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function YO(n,e,t){let i,s,l;Ge(n,$n,d=>t(5,l=d));let{collection:o}=e,r=[],a="";function u(){t(1,r=[{value:"email"}]);const d=(o==null?void 0:o.fields)||[],m=(o==null?void 0:o.indexes)||[];t(4,a=m.join(""));for(let h of m){const g=U.parseIndex(h);if(!g.unique||g.columns.length!=1||g.columns[0].name=="email")continue;const _=d.find(k=>!k.hidden&&k.name.toLowerCase()==g.columns[0].name.toLowerCase());_&&r.push({value:_.name})}}function f(){o.passwordAuth.enabled=this.checked,t(0,o)}function c(d){n.$$.not_equal(o.passwordAuth.identityFields,d)&&(o.passwordAuth.identityFields=d,t(0,o))}return n.$$set=d=>{"collection"in d&&t(0,o=d.collection)},n.$$.update=()=>{n.$$.dirty&1&&U.isEmpty(o==null?void 0:o.passwordAuth)&&t(0,o.passwordAuth={enabled:!0,identityFields:["email"]},o),n.$$.dirty&1&&t(3,i=(o==null?void 0:o.system)&&(o==null?void 0:o.name)==="_superusers"),n.$$.dirty&32&&t(2,s=!U.isEmpty(l==null?void 0:l.passwordAuth)),n.$$.dirty&17&&o&&a!=o.indexes.join("")&&u()},[o,r,s,i,a,l,f,c]}class KO extends we{constructor(e){super(),ve(this,e,YO,WO,be,{collection:0})}}function $m(n,e,t){const i=n.slice();return i[27]=e[t],i}function Cm(n,e){let t,i,s,l,o,r=e[27].label+"",a,u,f,c,d,m;return c=Xy(e[15][0]),{key:n,first:null,c(){t=b("div"),i=b("input"),l=C(),o=b("label"),a=W(r),f=C(),p(i,"type","radio"),p(i,"name","template"),p(i,"id",s=e[26]+e[27].value),i.__value=e[27].value,me(i,i.__value),p(o,"for",u=e[26]+e[27].value),p(t,"class","form-field-block"),c.p(i),this.first=t},m(h,g){w(h,t,g),y(t,i),i.checked=i.__value===e[3],y(t,l),y(t,o),y(o,a),y(t,f),d||(m=Y(i,"change",e[14]),d=!0)},p(h,g){e=h,g&67108864&&s!==(s=e[26]+e[27].value)&&p(i,"id",s),g&8&&(i.checked=i.__value===e[3]),g&67108864&&u!==(u=e[26]+e[27].value)&&p(o,"for",u)},d(h){h&&v(t),c.r(),d=!1,m()}}}function JO(n){let e=[],t=new Map,i,s=ce(n[11]);const l=o=>o[27].value;for(let o=0;o({26:i}),({uniqueId:i})=>i?67108864:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s&1140850882&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function ZO(n){let e,t,i,s,l,o,r;function a(f){n[16](f)}let u={id:n[26],selectPlaceholder:n[7]?"Loading auth collections...":"Select auth collection",noOptionsText:"No auth collections found",selectionKey:"id",items:n[6]};return n[1]!==void 0&&(u.keyOfSelected=n[1]),l=new Ln({props:u}),ne.push(()=>ge(l,"keyOfSelected",a)),{c(){e=b("label"),t=W("Auth collection"),s=C(),H(l.$$.fragment),p(e,"for",i=n[26])},m(f,c){w(f,e,c),y(e,t),w(f,s,c),q(l,f,c),r=!0},p(f,c){(!r||c&67108864&&i!==(i=f[26]))&&p(e,"for",i);const d={};c&67108864&&(d.id=f[26]),c&128&&(d.selectPlaceholder=f[7]?"Loading auth collections...":"Select auth collection"),c&64&&(d.items=f[6]),!o&&c&2&&(o=!0,d.keyOfSelected=f[1],$e(()=>o=!1)),l.$set(d)},i(f){r||(M(l.$$.fragment,f),r=!0)},o(f){D(l.$$.fragment,f),r=!1},d(f){f&&(v(e),v(s)),j(l,f)}}}function GO(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("To email address"),s=C(),l=b("input"),p(e,"for",i=n[26]),p(l,"type","email"),p(l,"id",o=n[26]),l.autofocus=!0,l.required=!0},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[2]),l.focus(),r||(a=Y(l,"input",n[17]),r=!0)},p(u,f){f&67108864&&i!==(i=u[26])&&p(e,"for",i),f&67108864&&o!==(o=u[26])&&p(l,"id",o),f&4&&l.value!==u[2]&&me(l,u[2])},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function XO(n){let e,t,i,s,l,o,r,a;t=new fe({props:{class:"form-field required",name:"template",$$slots:{default:[JO,({uniqueId:f})=>({26:f}),({uniqueId:f})=>f?67108864:0]},$$scope:{ctx:n}}});let u=n[8]&&Om(n);return l=new fe({props:{class:"form-field required m-0",name:"email",$$slots:{default:[GO,({uniqueId:f})=>({26:f}),({uniqueId:f})=>f?67108864:0]},$$scope:{ctx:n}}}),{c(){e=b("form"),H(t.$$.fragment),i=C(),u&&u.c(),s=C(),H(l.$$.fragment),p(e,"id",n[10]),p(e,"autocomplete","off")},m(f,c){w(f,e,c),q(t,e,null),y(e,i),u&&u.m(e,null),y(e,s),q(l,e,null),o=!0,r||(a=Y(e,"submit",it(n[18])),r=!0)},p(f,c){const d={};c&1140850696&&(d.$$scope={dirty:c,ctx:f}),t.$set(d),f[8]?u?(u.p(f,c),c&256&&M(u,1)):(u=Om(f),u.c(),M(u,1),u.m(e,s)):u&&(oe(),D(u,1,1,()=>{u=null}),re());const m={};c&1140850692&&(m.$$scope={dirty:c,ctx:f}),l.$set(m)},i(f){o||(M(t.$$.fragment,f),M(u),M(l.$$.fragment,f),o=!0)},o(f){D(t.$$.fragment,f),D(u),D(l.$$.fragment,f),o=!1},d(f){f&&v(e),j(t),u&&u.d(),j(l),r=!1,a()}}}function QO(n){let e;return{c(){e=b("h4"),e.textContent="Send test email",p(e,"class","center txt-break")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function xO(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("button"),t=W("Close"),i=C(),s=b("button"),l=b("i"),o=C(),r=b("span"),r.textContent="Send",p(e,"type","button"),p(e,"class","btn btn-transparent"),e.disabled=n[5],p(l,"class","ri-mail-send-line"),p(r,"class","txt"),p(s,"type","submit"),p(s,"form",n[10]),p(s,"class","btn btn-expanded"),s.disabled=a=!n[9]||n[5],x(s,"btn-loading",n[5])},m(c,d){w(c,e,d),y(e,t),w(c,i,d),w(c,s,d),y(s,l),y(s,o),y(s,r),u||(f=Y(e,"click",n[0]),u=!0)},p(c,d){d&32&&(e.disabled=c[5]),d&544&&a!==(a=!c[9]||c[5])&&(s.disabled=a),d&32&&x(s,"btn-loading",c[5])},d(c){c&&(v(e),v(i),v(s)),u=!1,f()}}}function eM(n){let e,t,i={class:"overlay-panel-sm email-test-popup",overlayClose:!n[5],escClose:!n[5],beforeHide:n[19],popup:!0,$$slots:{footer:[xO],header:[QO],default:[XO]},$$scope:{ctx:n}};return e=new nn({props:i}),n[20](e),e.$on("show",n[21]),e.$on("hide",n[22]),{c(){H(e.$$.fragment)},m(s,l){q(e,s,l),t=!0},p(s,[l]){const o={};l&32&&(o.overlayClose=!s[5]),l&32&&(o.escClose=!s[5]),l&32&&(o.beforeHide=s[19]),l&1073742830&&(o.$$scope={dirty:l,ctx:s}),e.$set(o)},i(s){t||(M(e.$$.fragment,s),t=!0)},o(s){D(e.$$.fragment,s),t=!1},d(s){n[20](null),j(e,s)}}}const ya="last_email_test",Mm="email_test_request";function tM(n,e,t){let i;const s=wt(),l="email_test_"+U.randomString(5),o=[{label:"Verification",value:"verification"},{label:"Password reset",value:"password-reset"},{label:"Confirm email change",value:"email-change"},{label:"OTP",value:"otp"},{label:"Login alert",value:"login-alert"}];let r,a="",u=localStorage.getItem(ya),f=o[0].value,c=!1,d=null,m=[],h=!1,g=!1;function _(z="",F="",B=""){Jt({}),t(8,g=!1),t(1,a=z||""),a||$(),t(2,u=F||localStorage.getItem(ya)),t(3,f=B||o[0].value),r==null||r.show()}function k(){return clearTimeout(d),r==null?void 0:r.hide()}async function S(){if(!(!i||c||!a)){t(5,c=!0),localStorage==null||localStorage.setItem(ya,u),clearTimeout(d),d=setTimeout(()=>{_e.cancelRequest(Mm),Mi("Test email send timeout.")},3e4);try{await _e.settings.testEmail(a,u,f,{$cancelKey:Mm}),tn("Successfully sent test email."),s("submit"),t(5,c=!1),await _n(),k()}catch(z){t(5,c=!1),_e.error(z)}clearTimeout(d)}}async function $(){var z;t(8,g=!0),t(7,h=!0);try{t(6,m=await _e.collections.getFullList({filter:"type='auth'",sort:"+name",requestKey:l+"_collections_loading"})),t(1,a=((z=m[0])==null?void 0:z.id)||""),t(7,h=!1)}catch(F){F.isAbort||(t(7,h=!1),_e.error(F))}}const T=[[]];function O(){f=this.__value,t(3,f)}function E(z){a=z,t(1,a)}function L(){u=this.value,t(2,u)}const I=()=>S(),A=()=>!c;function P(z){ne[z?"unshift":"push"](()=>{r=z,t(4,r)})}function N(z){Le.call(this,n,z)}function R(z){Le.call(this,n,z)}return n.$$.update=()=>{n.$$.dirty&14&&t(9,i=!!u&&!!f&&!!a)},[k,a,u,f,r,c,m,h,g,i,l,o,S,_,O,T,E,L,I,A,P,N,R]}class Dy extends we{constructor(e){super(),ve(this,e,tM,eM,be,{show:13,hide:0})}get show(){return this.$$.ctx[13]}get hide(){return this.$$.ctx[0]}}function Em(n,e,t){const i=n.slice();return i[18]=e[t],i[19]=e,i[20]=t,i}function nM(n){let e,t,i,s,l,o,r,a;return{c(){e=b("input"),i=C(),s=b("label"),l=W("Send email alert for new logins"),p(e,"type","checkbox"),p(e,"id",t=n[21]),p(s,"for",o=n[21])},m(u,f){w(u,e,f),e.checked=n[0].authAlert.enabled,w(u,i,f),w(u,s,f),y(s,l),r||(a=Y(e,"change",n[9]),r=!0)},p(u,f){f&2097152&&t!==(t=u[21])&&p(e,"id",t),f&1&&(e.checked=u[0].authAlert.enabled),f&2097152&&o!==(o=u[21])&&p(s,"for",o)},d(u){u&&(v(e),v(i),v(s)),r=!1,a()}}}function Dm(n){let e,t,i;function s(o){n[11](o)}let l={};return n[0]!==void 0&&(l.collection=n[0]),e=new MO({props:l}),ne.push(()=>ge(e,"collection",s)),{c(){H(e.$$.fragment)},m(o,r){q(e,o,r),i=!0},p(o,r){const a={};!t&&r&1&&(t=!0,a.collection=o[0],$e(()=>t=!1)),e.$set(a)},i(o){i||(M(e.$$.fragment,o),i=!0)},o(o){D(e.$$.fragment,o),i=!1},d(o){j(e,o)}}}function Im(n,e){var a;let t,i,s,l;function o(u){e[15](u,e[18])}let r={single:!0,key:e[18].key,title:e[18].label,placeholders:(a=e[18])==null?void 0:a.placeholders};return e[18].config!==void 0&&(r.config=e[18].config),i=new h8({props:r}),ne.push(()=>ge(i,"config",o)),{key:n,first:null,c(){t=ke(),H(i.$$.fragment),this.first=t},m(u,f){w(u,t,f),q(i,u,f),l=!0},p(u,f){var d;e=u;const c={};f&4&&(c.key=e[18].key),f&4&&(c.title=e[18].label),f&4&&(c.placeholders=(d=e[18])==null?void 0:d.placeholders),!s&&f&4&&(s=!0,c.config=e[18].config,$e(()=>s=!1)),i.$set(c)},i(u){l||(M(i.$$.fragment,u),l=!0)},o(u){D(i.$$.fragment,u),l=!1},d(u){u&&v(t),j(i,u)}}}function iM(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S,$,T,O,E,L,I,A,P=[],N=new Map,R,z,F,B,J,V,Z,G,de,pe,ae;o=new fe({props:{class:"form-field form-field-sm form-field-toggle m-0",name:"authAlert.enabled",inlineError:!0,$$slots:{default:[nM,({uniqueId:Ie})=>({21:Ie}),({uniqueId:Ie})=>Ie?2097152:0]},$$scope:{ctx:n}}});function Ce(Ie){n[10](Ie)}let Ye={};n[0]!==void 0&&(Ye.collection=n[0]),u=new KO({props:Ye}),ne.push(()=>ge(u,"collection",Ce));let Ke=!n[1]&&Dm(n);function ct(Ie){n[12](Ie)}let et={};n[0]!==void 0&&(et.collection=n[0]),m=new qO({props:et}),ne.push(()=>ge(m,"collection",ct));function xe(Ie){n[13](Ie)}let Be={};n[0]!==void 0&&(Be.collection=n[0]),_=new z8({props:Be}),ne.push(()=>ge(_,"collection",xe));let ut=ce(n[2]);const Bt=Ie=>Ie[18].key;for(let Ie=0;Iege(J,"collection",Ue));let ot={};return G=new Dy({props:ot}),n[17](G),{c(){e=b("h4"),t=b("div"),i=b("span"),i.textContent="Auth methods",s=C(),l=b("div"),H(o.$$.fragment),r=C(),a=b("div"),H(u.$$.fragment),c=C(),Ke&&Ke.c(),d=C(),H(m.$$.fragment),g=C(),H(_.$$.fragment),S=C(),$=b("h4"),T=b("span"),T.textContent="Mail templates",O=C(),E=b("button"),E.textContent="Send test email",L=C(),I=b("div"),A=b("div");for(let Ie=0;Ief=!1)),u.$set(nt),Ie[1]?Ke&&(oe(),D(Ke,1,1,()=>{Ke=null}),re()):Ke?(Ke.p(Ie,We),We&2&&M(Ke,1)):(Ke=Dm(Ie),Ke.c(),M(Ke,1),Ke.m(a,d));const zt={};!h&&We&1&&(h=!0,zt.collection=Ie[0],$e(()=>h=!1)),m.$set(zt);const Ne={};!k&&We&1&&(k=!0,Ne.collection=Ie[0],$e(()=>k=!1)),_.$set(Ne),We&4&&(ut=ce(Ie[2]),oe(),P=kt(P,We,Bt,1,Ie,ut,N,A,Yt,Im,null,Em),re());const Me={};!V&&We&1&&(V=!0,Me.collection=Ie[0],$e(()=>V=!1)),J.$set(Me);const bt={};G.$set(bt)},i(Ie){if(!de){M(o.$$.fragment,Ie),M(u.$$.fragment,Ie),M(Ke),M(m.$$.fragment,Ie),M(_.$$.fragment,Ie);for(let We=0;Wec==null?void 0:c.show(u.id);function S(O,E){n.$$.not_equal(E.config,O)&&(E.config=O,t(2,f),t(1,i),t(7,s),t(5,r),t(4,a),t(8,l),t(6,o),t(0,u))}function $(O){u=O,t(0,u)}function T(O){ne[O?"unshift":"push"](()=>{c=O,t(3,c)})}return n.$$set=O=>{"collection"in O&&t(0,u=O.collection)},n.$$.update=()=>{var O,E;n.$$.dirty&1&&typeof((O=u.otp)==null?void 0:O.emailTemplate)>"u"&&(t(0,u.otp=u.otp||{},u),t(0,u.otp.emailTemplate={},u)),n.$$.dirty&1&&typeof((E=u.authAlert)==null?void 0:E.emailTemplate)>"u"&&(t(0,u.authAlert=u.authAlert||{},u),t(0,u.authAlert.emailTemplate={},u)),n.$$.dirty&1&&t(1,i=u.system&&u.name==="_superusers"),n.$$.dirty&1&&t(7,s={key:"resetPasswordTemplate",label:"Default Password reset email template",placeholders:["APP_NAME","APP_URL","RECORD:*","TOKEN"],config:u.resetPasswordTemplate}),n.$$.dirty&1&&t(8,l={key:"verificationTemplate",label:"Default Verification email template",placeholders:["APP_NAME","APP_URL","RECORD:*","TOKEN"],config:u.verificationTemplate}),n.$$.dirty&1&&t(6,o={key:"confirmEmailChangeTemplate",label:"Default Confirm email change email template",placeholders:["APP_NAME","APP_URL","RECORD:*","TOKEN"],config:u.confirmEmailChangeTemplate}),n.$$.dirty&1&&t(5,r={key:"otp.emailTemplate",label:"Default OTP email template",placeholders:["APP_NAME","APP_URL","RECORD:*","OTP","OTP_ID"],config:u.otp.emailTemplate}),n.$$.dirty&1&&t(4,a={key:"authAlert.emailTemplate",label:"Default Login alert email template",placeholders:["APP_NAME","APP_URL","RECORD:*"],config:u.authAlert.emailTemplate}),n.$$.dirty&498&&t(2,f=i?[s,r,a]:[l,s,o,r,a])},[u,i,f,c,a,r,o,s,l,d,m,h,g,_,k,S,$,T]}class sM extends we{constructor(e){super(),ve(this,e,lM,iM,be,{collection:0})}}const oM=n=>({dragging:n&4,dragover:n&8}),Lm=n=>({dragging:n[2],dragover:n[3]});function rM(n){let e,t,i,s,l;const o=n[10].default,r=Nt(o,n,n[9],Lm);return{c(){e=b("div"),r&&r.c(),p(e,"draggable",t=!n[1]),p(e,"class","draggable svelte-19c69j7"),x(e,"dragging",n[2]),x(e,"dragover",n[3])},m(a,u){w(a,e,u),r&&r.m(e,null),i=!0,s||(l=[Y(e,"dragover",it(n[11])),Y(e,"dragleave",it(n[12])),Y(e,"dragend",n[13]),Y(e,"dragstart",n[14]),Y(e,"drop",n[15])],s=!0)},p(a,[u]){r&&r.p&&(!i||u&524)&&Ft(r,o,a,a[9],i?Rt(o,a[9],u,oM):qt(a[9]),Lm),(!i||u&2&&t!==(t=!a[1]))&&p(e,"draggable",t),(!i||u&4)&&x(e,"dragging",a[2]),(!i||u&8)&&x(e,"dragover",a[3])},i(a){i||(M(r,a),i=!0)},o(a){D(r,a),i=!1},d(a){a&&v(e),r&&r.d(a),s=!1,Ee(l)}}}function aM(n,e,t){let{$$slots:i={},$$scope:s}=e;const l=wt();let{index:o}=e,{list:r=[]}=e,{group:a="default"}=e,{disabled:u=!1}=e,{dragHandleClass:f=""}=e,c=!1,d=!1;function m(T,O){if(!(!T||u)){if(f&&!T.target.classList.contains(f)){t(3,d=!1),t(2,c=!1),T.preventDefault();return}t(2,c=!0),T.dataTransfer.effectAllowed="move",T.dataTransfer.dropEffect="move",T.dataTransfer.setData("text/plain",JSON.stringify({index:O,group:a})),l("drag",T)}}function h(T,O){if(t(3,d=!1),t(2,c=!1),!T||u)return;T.dataTransfer.dropEffect="move";let E={};try{E=JSON.parse(T.dataTransfer.getData("text/plain"))}catch{}if(E.group!=a)return;const L=E.index<<0;L{t(3,d=!0)},_=()=>{t(3,d=!1)},k=()=>{t(3,d=!1),t(2,c=!1)},S=T=>m(T,o),$=T=>h(T,o);return n.$$set=T=>{"index"in T&&t(0,o=T.index),"list"in T&&t(6,r=T.list),"group"in T&&t(7,a=T.group),"disabled"in T&&t(1,u=T.disabled),"dragHandleClass"in T&&t(8,f=T.dragHandleClass),"$$scope"in T&&t(9,s=T.$$scope)},[o,u,c,d,m,h,r,a,f,s,i,g,_,k,S,$]}class ms extends we{constructor(e){super(),ve(this,e,aM,rM,be,{index:0,list:6,group:7,disabled:1,dragHandleClass:8})}}function Am(n,e,t){const i=n.slice();return i[27]=e[t],i}function uM(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("input"),s=C(),l=b("label"),o=W("Unique"),p(e,"type","checkbox"),p(e,"id",t=n[30]),e.checked=i=n[3].unique,p(l,"for",r=n[30])},m(f,c){w(f,e,c),w(f,s,c),w(f,l,c),y(l,o),a||(u=Y(e,"change",n[19]),a=!0)},p(f,c){c[0]&1073741824&&t!==(t=f[30])&&p(e,"id",t),c[0]&8&&i!==(i=f[3].unique)&&(e.checked=i),c[0]&1073741824&&r!==(r=f[30])&&p(l,"for",r)},d(f){f&&(v(e),v(s),v(l)),a=!1,u()}}}function fM(n){let e,t,i,s;function l(a){n[20](a)}var o=n[7];function r(a,u){var c;let f={id:a[30],placeholder:`eg. CREATE INDEX idx_test on ${(c=a[0])==null?void 0:c.name} (created)`,language:"sql-create-index",minHeight:"85"};return a[2]!==void 0&&(f.value=a[2]),{props:f}}return o&&(e=Ht(o,r(n)),ne.push(()=>ge(e,"value",l))),{c(){e&&H(e.$$.fragment),i=ke()},m(a,u){e&&q(e,a,u),w(a,i,u),s=!0},p(a,u){var f;if(u[0]&128&&o!==(o=a[7])){if(e){oe();const c=e;D(c.$$.fragment,1,0,()=>{j(c,1)}),re()}o?(e=Ht(o,r(a)),ne.push(()=>ge(e,"value",l)),H(e.$$.fragment),M(e.$$.fragment,1),q(e,i.parentNode,i)):e=null}else if(o){const c={};u[0]&1073741824&&(c.id=a[30]),u[0]&1&&(c.placeholder=`eg. CREATE INDEX idx_test on ${(f=a[0])==null?void 0:f.name} (created)`),!t&&u[0]&4&&(t=!0,c.value=a[2],$e(()=>t=!1)),e.$set(c)}},i(a){s||(e&&M(e.$$.fragment,a),s=!0)},o(a){e&&D(e.$$.fragment,a),s=!1},d(a){a&&v(i),e&&j(e,a)}}}function cM(n){let e;return{c(){e=b("textarea"),e.disabled=!0,p(e,"rows","7"),p(e,"placeholder","Loading...")},m(t,i){w(t,e,i)},p:te,i:te,o:te,d(t){t&&v(e)}}}function dM(n){let e,t,i,s;const l=[cM,fM],o=[];function r(a,u){return a[8]?0:1}return e=r(n),t=o[e]=l[e](n),{c(){t.c(),i=ke()},m(a,u){o[e].m(a,u),w(a,i,u),s=!0},p(a,u){let f=e;e=r(a),e===f?o[e].p(a,u):(oe(),D(o[f],1,1,()=>{o[f]=null}),re(),t=o[e],t?t.p(a,u):(t=o[e]=l[e](a),t.c()),M(t,1),t.m(i.parentNode,i))},i(a){s||(M(t),s=!0)},o(a){D(t),s=!1},d(a){a&&v(i),o[e].d(a)}}}function Pm(n){let e,t,i,s=ce(n[10]),l=[];for(let o=0;o({30:a}),({uniqueId:a})=>[a?1073741824:0]]},$$scope:{ctx:n}}}),i=new fe({props:{class:"form-field required m-b-sm",name:`indexes.${n[6]||""}`,$$slots:{default:[dM,({uniqueId:a})=>({30:a}),({uniqueId:a})=>[a?1073741824:0]]},$$scope:{ctx:n}}});let r=n[10].length>0&&Pm(n);return{c(){H(e.$$.fragment),t=C(),H(i.$$.fragment),s=C(),r&&r.c(),l=ke()},m(a,u){q(e,a,u),w(a,t,u),q(i,a,u),w(a,s,u),r&&r.m(a,u),w(a,l,u),o=!0},p(a,u){const f={};u[0]&1073741837|u[1]&1&&(f.$$scope={dirty:u,ctx:a}),e.$set(f);const c={};u[0]&64&&(c.name=`indexes.${a[6]||""}`),u[0]&1073742213|u[1]&1&&(c.$$scope={dirty:u,ctx:a}),i.$set(c),a[10].length>0?r?r.p(a,u):(r=Pm(a),r.c(),r.m(l.parentNode,l)):r&&(r.d(1),r=null)},i(a){o||(M(e.$$.fragment,a),M(i.$$.fragment,a),o=!0)},o(a){D(e.$$.fragment,a),D(i.$$.fragment,a),o=!1},d(a){a&&(v(t),v(s),v(l)),j(e,a),j(i,a),r&&r.d(a)}}}function mM(n){let e,t=n[5]?"Update":"Create",i,s;return{c(){e=b("h4"),i=W(t),s=W(" index")},m(l,o){w(l,e,o),y(e,i),y(e,s)},p(l,o){o[0]&32&&t!==(t=l[5]?"Update":"Create")&&se(i,t)},d(l){l&&v(e)}}}function Rm(n){let e,t,i;return{c(){e=b("button"),e.innerHTML='',p(e,"type","button"),p(e,"class","btn btn-sm btn-circle btn-hint btn-transparent m-r-auto")},m(s,l){w(s,e,l),t||(i=[Oe(Re.call(null,e,{text:"Delete",position:"top"})),Y(e,"click",n[16])],t=!0)},p:te,d(s){s&&v(e),t=!1,Ee(i)}}}function hM(n){let e,t,i,s,l,o,r=n[5]!=""&&Rm(n);return{c(){r&&r.c(),e=C(),t=b("button"),t.innerHTML='Cancel',i=C(),s=b("button"),s.innerHTML='Set index',p(t,"type","button"),p(t,"class","btn btn-transparent"),p(s,"type","button"),p(s,"class","btn"),x(s,"btn-disabled",n[9].length<=0)},m(a,u){r&&r.m(a,u),w(a,e,u),w(a,t,u),w(a,i,u),w(a,s,u),l||(o=[Y(t,"click",n[17]),Y(s,"click",n[18])],l=!0)},p(a,u){a[5]!=""?r?r.p(a,u):(r=Rm(a),r.c(),r.m(e.parentNode,e)):r&&(r.d(1),r=null),u[0]&512&&x(s,"btn-disabled",a[9].length<=0)},d(a){a&&(v(e),v(t),v(i),v(s)),r&&r.d(a),l=!1,Ee(o)}}}function _M(n){let e,t;const i=[{popup:!0},n[14]];let s={$$slots:{footer:[hM],header:[mM],default:[pM]},$$scope:{ctx:n}};for(let l=0;lZ.name==B);V?U.removeByValue(J.columns,V):U.pushUnique(J.columns,{name:B}),t(2,d=U.buildIndex(J))}an(async()=>{t(8,g=!0);try{t(7,h=(await $t(async()=>{const{default:B}=await import("./CodeEditor-CHQR53XK.js");return{default:B}},__vite__mapDeps([13,1]),import.meta.url)).default)}catch(B){console.warn(B)}t(8,g=!1)});const E=()=>$(),L=()=>k(),I=()=>T(),A=B=>{t(3,s.unique=B.target.checked,s),t(3,s.tableName=s.tableName||(u==null?void 0:u.name),s),t(2,d=U.buildIndex(s))};function P(B){d=B,t(2,d)}const N=B=>O(B);function R(B){ne[B?"unshift":"push"](()=>{f=B,t(4,f)})}function z(B){Le.call(this,n,B)}function F(B){Le.call(this,n,B)}return n.$$set=B=>{e=je(je({},e),Kt(B)),t(14,r=lt(e,o)),"collection"in B&&t(0,u=B.collection)},n.$$.update=()=>{var B,J,V;n.$$.dirty[0]&1&&t(10,i=((J=(B=u==null?void 0:u.fields)==null?void 0:B.filter(Z=>!Z.toDelete&&Z.name!="id"))==null?void 0:J.map(Z=>Z.name))||[]),n.$$.dirty[0]&4&&t(3,s=U.parseIndex(d)),n.$$.dirty[0]&8&&t(9,l=((V=s.columns)==null?void 0:V.map(Z=>Z.name))||[])},[u,k,d,s,f,c,m,h,g,l,i,$,T,O,r,_,E,L,I,A,P,N,R,z,F]}class bM extends we{constructor(e){super(),ve(this,e,gM,_M,be,{collection:0,show:15,hide:1},null,[-1,-1])}get show(){return this.$$.ctx[15]}get hide(){return this.$$.ctx[1]}}function Fm(n,e,t){const i=n.slice();i[10]=e[t],i[13]=t;const s=U.parseIndex(i[10]);return i[11]=s,i}function qm(n){let e,t,i,s,l,o;return{c(){e=b("i"),p(e,"class","ri-error-warning-fill txt-danger")},m(r,a){var u;w(r,e,a),s=!0,l||(o=Oe(t=Re.call(null,e,(u=n[2])==null?void 0:u.indexes.message)),l=!0)},p(r,a){var u;t&&Lt(t.update)&&a&4&&t.update.call(null,(u=r[2])==null?void 0:u.indexes.message)},i(r){s||(r&&tt(()=>{s&&(i||(i=qe(e,Ct,{duration:150},!0)),i.run(1))}),s=!0)},o(r){r&&(i||(i=qe(e,Ct,{duration:150},!1)),i.run(0)),s=!1},d(r){r&&v(e),r&&i&&i.end(),l=!1,o()}}}function jm(n){let e;return{c(){e=b("strong"),e.textContent="Unique:"},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function Hm(n){var d;let e,t,i,s=((d=n[11].columns)==null?void 0:d.map(zm).join(", "))+"",l,o,r,a,u,f=n[11].unique&&jm();function c(){return n[4](n[10],n[13])}return{c(){var m,h;e=b("button"),f&&f.c(),t=C(),i=b("span"),l=W(s),p(i,"class","txt"),p(e,"type","button"),p(e,"class",o="label link-primary "+((h=(m=n[2].indexes)==null?void 0:m[n[13]])!=null&&h.message?"label-danger":"")+" svelte-167lbwu")},m(m,h){var g,_;w(m,e,h),f&&f.m(e,null),y(e,t),y(e,i),y(i,l),a||(u=[Oe(r=Re.call(null,e,((_=(g=n[2].indexes)==null?void 0:g[n[13]])==null?void 0:_.message)||"")),Y(e,"click",c)],a=!0)},p(m,h){var g,_,k,S,$;n=m,n[11].unique?f||(f=jm(),f.c(),f.m(e,t)):f&&(f.d(1),f=null),h&1&&s!==(s=((g=n[11].columns)==null?void 0:g.map(zm).join(", "))+"")&&se(l,s),h&4&&o!==(o="label link-primary "+((k=(_=n[2].indexes)==null?void 0:_[n[13]])!=null&&k.message?"label-danger":"")+" svelte-167lbwu")&&p(e,"class",o),r&&Lt(r.update)&&h&4&&r.update.call(null,(($=(S=n[2].indexes)==null?void 0:S[n[13]])==null?void 0:$.message)||"")},d(m){m&&v(e),f&&f.d(),a=!1,Ee(u)}}}function kM(n){var O,E,L,I,A;let e,t,i=(((E=(O=n[0])==null?void 0:O.indexes)==null?void 0:E.length)||0)+"",s,l,o,r,a,u,f,c,d,m,h,g,_=((I=(L=n[2])==null?void 0:L.indexes)==null?void 0:I.message)&&qm(n),k=ce(((A=n[0])==null?void 0:A.indexes)||[]),S=[];for(let P=0;Pge(c,"collection",$)),c.$on("remove",n[8]),c.$on("submit",n[9]),{c(){e=b("div"),t=W("Unique constraints and indexes ("),s=W(i),l=W(`) + `),_&&_.c(),o=C(),r=b("div");for(let P=0;P+ New index',f=C(),H(c.$$.fragment),p(e,"class","section-title"),p(u,"type","button"),p(u,"class","btn btn-xs btn-transparent btn-pill btn-outline"),p(r,"class","indexes-list svelte-167lbwu")},m(P,N){w(P,e,N),y(e,t),y(e,s),y(e,l),_&&_.m(e,null),w(P,o,N),w(P,r,N);for(let R=0;R{_=null}),re()),N&7){k=ce(((V=P[0])==null?void 0:V.indexes)||[]);let Z;for(Z=0;Zd=!1)),c.$set(R)},i(P){m||(M(_),M(c.$$.fragment,P),m=!0)},o(P){D(_),D(c.$$.fragment,P),m=!1},d(P){P&&(v(e),v(o),v(r),v(f)),_&&_.d(),dt(S,P),n[6](null),j(c,P),h=!1,g()}}}const zm=n=>n.name;function yM(n,e,t){let i;Ge(n,$n,m=>t(2,i=m));let{collection:s}=e,l;function o(m,h){for(let g=0;gl==null?void 0:l.show(m,h),a=()=>l==null?void 0:l.show();function u(m){ne[m?"unshift":"push"](()=>{l=m,t(1,l)})}function f(m){s=m,t(0,s)}const c=m=>{for(let h=0;h{var h;(h=i.indexes)!=null&&h.message&&Yn("indexes"),o(m.detail.old,m.detail.new)};return n.$$set=m=>{"collection"in m&&t(0,s=m.collection)},[s,l,i,o,r,a,u,f,c,d]}class vM extends we{constructor(e){super(),ve(this,e,yM,kM,be,{collection:0})}}function Um(n,e,t){const i=n.slice();return i[5]=e[t],i}function Vm(n){let e,t,i,s,l,o,r;function a(){return n[3](n[5])}return{c(){e=b("button"),t=b("i"),i=C(),s=b("span"),s.textContent=`${n[5].label}`,l=C(),p(t,"class","icon "+n[5].icon+" svelte-1gz9b6p"),p(t,"aria-hidden","true"),p(s,"class","txt"),p(e,"type","button"),p(e,"role","menuitem"),p(e,"class","dropdown-item svelte-1gz9b6p")},m(u,f){w(u,e,f),y(e,t),y(e,i),y(e,s),y(e,l),o||(r=Y(e,"click",a),o=!0)},p(u,f){n=u},d(u){u&&v(e),o=!1,r()}}}function wM(n){let e,t=ce(n[1]),i=[];for(let s=0;so(a.value);return n.$$set=a=>{"class"in a&&t(0,i=a.class)},[i,l,o,r]}class $M extends we{constructor(e){super(),ve(this,e,TM,SM,be,{class:0})}}const CM=n=>({interactive:n[0]&128,hasErrors:n[0]&64}),Bm=n=>({interactive:n[7],hasErrors:n[6]}),OM=n=>({interactive:n[0]&128,hasErrors:n[0]&64}),Wm=n=>({interactive:n[7],hasErrors:n[6]}),MM=n=>({interactive:n[0]&128,hasErrors:n[0]&64}),Ym=n=>({interactive:n[7],hasErrors:n[6]});function Km(n){let e;return{c(){e=b("div"),e.innerHTML='',p(e,"class","drag-handle-wrapper"),p(e,"draggable",!0),p(e,"aria-label","Sort")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function Jm(n){let e,t;return{c(){e=b("span"),t=W(n[5]),p(e,"class","label label-success")},m(i,s){w(i,e,s),y(e,t)},p(i,s){s[0]&32&&se(t,i[5])},d(i){i&&v(e)}}}function Zm(n){let e;return{c(){e=b("span"),e.textContent="Hidden",p(e,"class","label label-danger")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function EM(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h=n[0].required&&Jm(n),g=n[0].hidden&&Zm();return{c(){e=b("div"),h&&h.c(),t=C(),g&&g.c(),i=C(),s=b("div"),l=b("i"),a=C(),u=b("input"),p(e,"class","field-labels"),p(l,"class",o=U.getFieldTypeIcon(n[0].type)),p(s,"class","form-field-addon prefix field-type-icon"),x(s,"txt-disabled",!n[7]||n[0].system),p(u,"type","text"),u.required=!0,u.disabled=f=!n[7]||n[0].system,p(u,"spellcheck","false"),p(u,"placeholder","Field name"),u.value=c=n[0].name,p(u,"title","System field")},m(_,k){w(_,e,k),h&&h.m(e,null),y(e,t),g&&g.m(e,null),w(_,i,k),w(_,s,k),y(s,l),w(_,a,k),w(_,u,k),n[22](u),d||(m=[Oe(r=Re.call(null,s,n[0].type+(n[0].system?" (system)":""))),Y(s,"click",n[21]),Y(u,"input",n[23])],d=!0)},p(_,k){_[0].required?h?h.p(_,k):(h=Jm(_),h.c(),h.m(e,t)):h&&(h.d(1),h=null),_[0].hidden?g||(g=Zm(),g.c(),g.m(e,null)):g&&(g.d(1),g=null),k[0]&1&&o!==(o=U.getFieldTypeIcon(_[0].type))&&p(l,"class",o),r&&Lt(r.update)&&k[0]&1&&r.update.call(null,_[0].type+(_[0].system?" (system)":"")),k[0]&129&&x(s,"txt-disabled",!_[7]||_[0].system),k[0]&129&&f!==(f=!_[7]||_[0].system)&&(u.disabled=f),k[0]&1&&c!==(c=_[0].name)&&u.value!==c&&(u.value=c)},d(_){_&&(v(e),v(i),v(s),v(a),v(u)),h&&h.d(),g&&g.d(),n[22](null),d=!1,Ee(m)}}}function DM(n){let e;return{c(){e=b("span"),p(e,"class","separator")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function IM(n){let e,t,i,s,l,o;return{c(){e=b("button"),t=b("i"),p(t,"class","ri-settings-3-line"),p(e,"type","button"),p(e,"aria-label",i="Toggle "+n[0].name+" field options"),p(e,"class",s="btn btn-sm btn-circle options-trigger "+(n[4]?"btn-secondary":"btn-transparent")),p(e,"aria-expanded",n[4]),x(e,"btn-hint",!n[4]&&!n[6]),x(e,"btn-danger",n[6])},m(r,a){w(r,e,a),y(e,t),l||(o=Y(e,"click",n[17]),l=!0)},p(r,a){a[0]&1&&i!==(i="Toggle "+r[0].name+" field options")&&p(e,"aria-label",i),a[0]&16&&s!==(s="btn btn-sm btn-circle options-trigger "+(r[4]?"btn-secondary":"btn-transparent"))&&p(e,"class",s),a[0]&16&&p(e,"aria-expanded",r[4]),a[0]&80&&x(e,"btn-hint",!r[4]&&!r[6]),a[0]&80&&x(e,"btn-danger",r[6])},d(r){r&&v(e),l=!1,o()}}}function LM(n){let e,t,i;return{c(){e=b("button"),e.innerHTML='',p(e,"type","button"),p(e,"class","btn btn-sm btn-circle btn-success btn-transparent options-trigger"),p(e,"aria-label","Restore")},m(s,l){w(s,e,l),t||(i=[Oe(Re.call(null,e,"Restore")),Y(e,"click",n[14])],t=!0)},p:te,d(s){s&&v(e),t=!1,Ee(i)}}}function Gm(n){let e,t,i,s,l=!n[0].primaryKey&&n[0].type!="autodate"&&(!n[8]||!n[10].includes(n[0].name)),o,r=!n[0].primaryKey&&(!n[8]||!n[11].includes(n[0].name)),a,u=!n[8]||!n[12].includes(n[0].name),f,c,d,m;const h=n[20].options,g=Nt(h,n,n[28],Wm);let _=l&&Xm(n),k=r&&Qm(n),S=u&&xm(n);const $=n[20].optionsFooter,T=Nt($,n,n[28],Bm);let O=!n[0]._toDelete&&!n[0].primaryKey&&eh(n);return{c(){e=b("div"),t=b("div"),g&&g.c(),i=C(),s=b("div"),_&&_.c(),o=C(),k&&k.c(),a=C(),S&&S.c(),f=C(),T&&T.c(),c=C(),O&&O.c(),p(t,"class","hidden-empty m-b-sm"),p(s,"class","schema-field-options-footer"),p(e,"class","schema-field-options")},m(E,L){w(E,e,L),y(e,t),g&&g.m(t,null),y(e,i),y(e,s),_&&_.m(s,null),y(s,o),k&&k.m(s,null),y(s,a),S&&S.m(s,null),y(s,f),T&&T.m(s,null),y(s,c),O&&O.m(s,null),m=!0},p(E,L){g&&g.p&&(!m||L[0]&268435648)&&Ft(g,h,E,E[28],m?Rt(h,E[28],L,OM):qt(E[28]),Wm),L[0]&257&&(l=!E[0].primaryKey&&E[0].type!="autodate"&&(!E[8]||!E[10].includes(E[0].name))),l?_?(_.p(E,L),L[0]&257&&M(_,1)):(_=Xm(E),_.c(),M(_,1),_.m(s,o)):_&&(oe(),D(_,1,1,()=>{_=null}),re()),L[0]&257&&(r=!E[0].primaryKey&&(!E[8]||!E[11].includes(E[0].name))),r?k?(k.p(E,L),L[0]&257&&M(k,1)):(k=Qm(E),k.c(),M(k,1),k.m(s,a)):k&&(oe(),D(k,1,1,()=>{k=null}),re()),L[0]&257&&(u=!E[8]||!E[12].includes(E[0].name)),u?S?(S.p(E,L),L[0]&257&&M(S,1)):(S=xm(E),S.c(),M(S,1),S.m(s,f)):S&&(oe(),D(S,1,1,()=>{S=null}),re()),T&&T.p&&(!m||L[0]&268435648)&&Ft(T,$,E,E[28],m?Rt($,E[28],L,CM):qt(E[28]),Bm),!E[0]._toDelete&&!E[0].primaryKey?O?(O.p(E,L),L[0]&1&&M(O,1)):(O=eh(E),O.c(),M(O,1),O.m(s,null)):O&&(oe(),D(O,1,1,()=>{O=null}),re())},i(E){m||(M(g,E),M(_),M(k),M(S),M(T,E),M(O),E&&tt(()=>{m&&(d||(d=qe(e,ht,{delay:10,duration:150},!0)),d.run(1))}),m=!0)},o(E){D(g,E),D(_),D(k),D(S),D(T,E),D(O),E&&(d||(d=qe(e,ht,{delay:10,duration:150},!1)),d.run(0)),m=!1},d(E){E&&v(e),g&&g.d(E),_&&_.d(),k&&k.d(),S&&S.d(),T&&T.d(E),O&&O.d(),E&&d&&d.end()}}}function Xm(n){let e,t;return e=new fe({props:{class:"form-field form-field-toggle",name:"requried",$$slots:{default:[AM,({uniqueId:i})=>({34:i}),({uniqueId:i})=>[0,i?8:0]]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s[0]&268435489|s[1]&8&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function AM(n){let e,t,i,s,l,o,r,a,u,f,c,d;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),o=W(n[5]),r=C(),a=b("i"),p(e,"type","checkbox"),p(e,"id",t=n[34]),p(l,"class","txt"),p(a,"class","ri-information-line link-hint"),p(s,"for",f=n[34])},m(m,h){w(m,e,h),e.checked=n[0].required,w(m,i,h),w(m,s,h),y(s,l),y(l,o),y(s,r),y(s,a),c||(d=[Y(e,"change",n[24]),Oe(u=Re.call(null,a,{text:`Requires the field value NOT to be ${U.zeroDefaultStr(n[0])}.`}))],c=!0)},p(m,h){h[1]&8&&t!==(t=m[34])&&p(e,"id",t),h[0]&1&&(e.checked=m[0].required),h[0]&32&&se(o,m[5]),u&&Lt(u.update)&&h[0]&1&&u.update.call(null,{text:`Requires the field value NOT to be ${U.zeroDefaultStr(m[0])}.`}),h[1]&8&&f!==(f=m[34])&&p(s,"for",f)},d(m){m&&(v(e),v(i),v(s)),c=!1,Ee(d)}}}function Qm(n){let e,t;return e=new fe({props:{class:"form-field form-field-toggle",name:"hidden",$$slots:{default:[PM,({uniqueId:i})=>({34:i}),({uniqueId:i})=>[0,i?8:0]]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s[0]&268435457|s[1]&8&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function PM(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),l.textContent="Hidden",o=C(),r=b("i"),p(e,"type","checkbox"),p(e,"id",t=n[34]),p(l,"class","txt"),p(r,"class","ri-information-line link-hint"),p(s,"for",a=n[34])},m(c,d){w(c,e,d),e.checked=n[0].hidden,w(c,i,d),w(c,s,d),y(s,l),y(s,o),y(s,r),u||(f=[Y(e,"change",n[25]),Y(e,"change",n[26]),Oe(Re.call(null,r,{text:"Hide from the JSON API response and filters."}))],u=!0)},p(c,d){d[1]&8&&t!==(t=c[34])&&p(e,"id",t),d[0]&1&&(e.checked=c[0].hidden),d[1]&8&&a!==(a=c[34])&&p(s,"for",a)},d(c){c&&(v(e),v(i),v(s)),u=!1,Ee(f)}}}function xm(n){let e,t;return e=new fe({props:{class:"form-field form-field-toggle m-0",name:"presentable",$$slots:{default:[NM,({uniqueId:i})=>({34:i}),({uniqueId:i})=>[0,i?8:0]]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s[0]&268435457|s[1]&8&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function NM(n){let e,t,i,s,l,o,r,a,u,f,c,d;return{c(){e=b("input"),s=C(),l=b("label"),o=b("span"),o.textContent="Presentable",r=C(),a=b("i"),p(e,"type","checkbox"),p(e,"id",t=n[34]),e.disabled=i=n[0].hidden,p(o,"class","txt"),p(a,"class",u="ri-information-line "+(n[0].hidden?"txt-disabled":"link-hint")),p(l,"for",f=n[34])},m(m,h){w(m,e,h),e.checked=n[0].presentable,w(m,s,h),w(m,l,h),y(l,o),y(l,r),y(l,a),c||(d=[Y(e,"change",n[27]),Oe(Re.call(null,a,{text:"Whether the field should be preferred in the Superuser UI relation listings (default to auto)."}))],c=!0)},p(m,h){h[1]&8&&t!==(t=m[34])&&p(e,"id",t),h[0]&1&&i!==(i=m[0].hidden)&&(e.disabled=i),h[0]&1&&(e.checked=m[0].presentable),h[0]&1&&u!==(u="ri-information-line "+(m[0].hidden?"txt-disabled":"link-hint"))&&p(a,"class",u),h[1]&8&&f!==(f=m[34])&&p(l,"for",f)},d(m){m&&(v(e),v(s),v(l)),c=!1,Ee(d)}}}function eh(n){let e,t,i,s,l,o,r;return o=new Dn({props:{class:"dropdown dropdown-sm dropdown-upside dropdown-right dropdown-nowrap no-min-width",$$slots:{default:[RM]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),i=b("div"),s=b("i"),l=C(),H(o.$$.fragment),p(s,"class","ri-more-line"),p(s,"aria-hidden","true"),p(i,"tabindex","0"),p(i,"role","button"),p(i,"title","More field options"),p(i,"class","btn btn-circle btn-sm btn-transparent"),p(t,"class","inline-flex flex-gap-sm flex-nowrap"),p(e,"class","m-l-auto txt-right")},m(a,u){w(a,e,u),y(e,t),y(t,i),y(i,s),y(i,l),q(o,i,null),r=!0},p(a,u){const f={};u[0]&268435457&&(f.$$scope={dirty:u,ctx:a}),o.$set(f)},i(a){r||(M(o.$$.fragment,a),r=!0)},o(a){D(o.$$.fragment,a),r=!1},d(a){a&&v(e),j(o)}}}function th(n){let e,t,i;return{c(){e=b("button"),e.innerHTML='Remove',p(e,"type","button"),p(e,"class","dropdown-item"),p(e,"role","menuitem")},m(s,l){w(s,e,l),t||(i=Y(e,"click",it(n[13])),t=!0)},p:te,d(s){s&&v(e),t=!1,i()}}}function RM(n){let e,t,i,s,l,o=!n[0].system&&th(n);return{c(){e=b("button"),e.innerHTML='Duplicate',t=C(),o&&o.c(),i=ke(),p(e,"type","button"),p(e,"class","dropdown-item"),p(e,"role","menuitem")},m(r,a){w(r,e,a),w(r,t,a),o&&o.m(r,a),w(r,i,a),s||(l=Y(e,"click",it(n[15])),s=!0)},p(r,a){r[0].system?o&&(o.d(1),o=null):o?o.p(r,a):(o=th(r),o.c(),o.m(i.parentNode,i))},d(r){r&&(v(e),v(t),v(i)),o&&o.d(r),s=!1,l()}}}function FM(n){let e,t,i,s,l,o,r,a,u,f=n[7]&&n[2]&&Km();s=new fe({props:{class:"form-field required m-0 "+(n[7]?"":"disabled"),name:"fields."+n[1]+".name",inlineError:!0,$$slots:{default:[EM]},$$scope:{ctx:n}}});const c=n[20].default,d=Nt(c,n,n[28],Ym),m=d||DM();function h(S,$){if(S[0]._toDelete)return LM;if(S[7])return IM}let g=h(n),_=g&&g(n),k=n[7]&&n[4]&&Gm(n);return{c(){e=b("div"),t=b("div"),f&&f.c(),i=C(),H(s.$$.fragment),l=C(),m&&m.c(),o=C(),_&&_.c(),r=C(),k&&k.c(),p(t,"class","schema-field-header"),p(e,"class","schema-field"),x(e,"required",n[0].required),x(e,"expanded",n[7]&&n[4]),x(e,"deleted",n[0]._toDelete)},m(S,$){w(S,e,$),y(e,t),f&&f.m(t,null),y(t,i),q(s,t,null),y(t,l),m&&m.m(t,null),y(t,o),_&&_.m(t,null),y(e,r),k&&k.m(e,null),u=!0},p(S,$){S[7]&&S[2]?f||(f=Km(),f.c(),f.m(t,i)):f&&(f.d(1),f=null);const T={};$[0]&128&&(T.class="form-field required m-0 "+(S[7]?"":"disabled")),$[0]&2&&(T.name="fields."+S[1]+".name"),$[0]&268435625&&(T.$$scope={dirty:$,ctx:S}),s.$set(T),d&&d.p&&(!u||$[0]&268435648)&&Ft(d,c,S,S[28],u?Rt(c,S[28],$,MM):qt(S[28]),Ym),g===(g=h(S))&&_?_.p(S,$):(_&&_.d(1),_=g&&g(S),_&&(_.c(),_.m(t,null))),S[7]&&S[4]?k?(k.p(S,$),$[0]&144&&M(k,1)):(k=Gm(S),k.c(),M(k,1),k.m(e,null)):k&&(oe(),D(k,1,1,()=>{k=null}),re()),(!u||$[0]&1)&&x(e,"required",S[0].required),(!u||$[0]&144)&&x(e,"expanded",S[7]&&S[4]),(!u||$[0]&1)&&x(e,"deleted",S[0]._toDelete)},i(S){u||(M(s.$$.fragment,S),M(m,S),M(k),S&&tt(()=>{u&&(a||(a=qe(e,ht,{duration:150},!0)),a.run(1))}),u=!0)},o(S){D(s.$$.fragment,S),D(m,S),D(k),S&&(a||(a=qe(e,ht,{duration:150},!1)),a.run(0)),u=!1},d(S){S&&v(e),f&&f.d(),j(s),m&&m.d(S),_&&_.d(),k&&k.d(),S&&a&&a.end()}}}let va=[];function qM(n,e,t){let i,s,l,o,r;Ge(n,$n,pe=>t(19,r=pe));let{$$slots:a={},$$scope:u}=e;const f="f_"+U.randomString(8),c=wt(),d={bool:"Nonfalsey",number:"Nonzero"},m=["password","tokenKey","id","autodate"],h=["password","tokenKey","id","email"],g=["password","tokenKey"];let{key:_=""}=e,{field:k=U.initSchemaField()}=e,{draggable:S=!0}=e,{collection:$={}}=e,T,O=!1;function E(){k.id?t(0,k._toDelete=!0,k):(N(),c("remove"))}function L(){t(0,k._toDelete=!1,k),Jt({})}function I(){k._toDelete||(N(),c("duplicate"))}function A(pe){return U.slugify(pe)}function P(){t(4,O=!0),z()}function N(){t(4,O=!1)}function R(){O?N():P()}function z(){for(let pe of va)pe.id!=f&&pe.collapse()}an(()=>(va.push({id:f,collapse:N}),k.onMountSelect&&(t(0,k.onMountSelect=!1,k),T==null||T.select()),()=>{U.removeByKey(va,"id",f)}));const F=()=>T==null?void 0:T.focus();function B(pe){ne[pe?"unshift":"push"](()=>{T=pe,t(3,T)})}const J=pe=>{const ae=k.name;t(0,k.name=A(pe.target.value),k),pe.target.value=k.name,c("rename",{oldName:ae,newName:k.name})};function V(){k.required=this.checked,t(0,k)}function Z(){k.hidden=this.checked,t(0,k)}const G=pe=>{pe.target.checked&&t(0,k.presentable=!1,k)};function de(){k.presentable=this.checked,t(0,k)}return n.$$set=pe=>{"key"in pe&&t(1,_=pe.key),"field"in pe&&t(0,k=pe.field),"draggable"in pe&&t(2,S=pe.draggable),"collection"in pe&&t(18,$=pe.collection),"$$scope"in pe&&t(28,u=pe.$$scope)},n.$$.update=()=>{n.$$.dirty[0]&262144&&t(8,i=($==null?void 0:$.type)=="auth"),n.$$.dirty[0]&1&&k._toDelete&&k._originalName&&k.name!==k._originalName&&t(0,k.name=k._originalName,k),n.$$.dirty[0]&1&&!k._originalName&&k.name&&t(0,k._originalName=k.name,k),n.$$.dirty[0]&1&&typeof k._toDelete>"u"&&t(0,k._toDelete=!1,k),n.$$.dirty[0]&1&&k.required&&t(0,k.nullable=!1,k),n.$$.dirty[0]&1&&t(7,s=!k._toDelete),n.$$.dirty[0]&524290&&t(6,l=!U.isEmpty(U.getNestedVal(r,`fields.${_}`))),n.$$.dirty[0]&1&&t(5,o=d[k==null?void 0:k.type]||"Nonempty")},[k,_,S,T,O,o,l,s,i,c,m,h,g,E,L,I,A,R,$,r,a,F,B,J,V,Z,G,de,u]}class Kn extends we{constructor(e){super(),ve(this,e,qM,FM,be,{key:1,field:0,draggable:2,collection:18},null,[-1,-1])}}function jM(n){let e,t,i,s,l,o;function r(u){n[5](u)}let a={id:n[13],items:n[3],disabled:n[0].system,readonly:!n[12]};return n[2]!==void 0&&(a.keyOfSelected=n[2]),t=new Ln({props:a}),ne.push(()=>ge(t,"keyOfSelected",r)),{c(){e=b("div"),H(t.$$.fragment)},m(u,f){w(u,e,f),q(t,e,null),s=!0,l||(o=Oe(Re.call(null,e,{text:"Auto set on:",position:"top"})),l=!0)},p(u,f){const c={};f&8192&&(c.id=u[13]),f&1&&(c.disabled=u[0].system),f&4096&&(c.readonly=!u[12]),!i&&f&4&&(i=!0,c.keyOfSelected=u[2],$e(()=>i=!1)),t.$set(c)},i(u){s||(M(t.$$.fragment,u),s=!0)},o(u){D(t.$$.fragment,u),s=!1},d(u){u&&v(e),j(t),l=!1,o()}}}function HM(n){let e,t,i,s,l,o;return i=new fe({props:{class:"form-field form-field-single-multiple-select form-field-autodate-select "+(n[12]?"":"readonly"),inlineError:!0,$$slots:{default:[jM,({uniqueId:r})=>({13:r}),({uniqueId:r})=>r?8192:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=C(),H(i.$$.fragment),s=C(),l=b("div"),p(e,"class","separator"),p(l,"class","separator")},m(r,a){w(r,e,a),w(r,t,a),q(i,r,a),w(r,s,a),w(r,l,a),o=!0},p(r,a){const u={};a&4096&&(u.class="form-field form-field-single-multiple-select form-field-autodate-select "+(r[12]?"":"readonly")),a&28677&&(u.$$scope={dirty:a,ctx:r}),i.$set(u)},i(r){o||(M(i.$$.fragment,r),o=!0)},o(r){D(i.$$.fragment,r),o=!1},d(r){r&&(v(e),v(t),v(s),v(l)),j(i,r)}}}function zM(n){let e,t,i;const s=[{key:n[1]},n[4]];function l(r){n[6](r)}let o={$$slots:{default:[HM,({interactive:r})=>({12:r}),({interactive:r})=>r?4096:0]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[7]),e.$on("remove",n[8]),e.$on("duplicate",n[9]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&18?vt(s,[a&2&&{key:r[1]},a&16&&At(r[4])]):{};a&20485&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}const wa=1,Sa=2,Ta=3;function UM(n,e,t){const i=["field","key"];let s=lt(e,i);const l=[{label:"Create",value:wa},{label:"Update",value:Sa},{label:"Create/Update",value:Ta}];let{field:o}=e,{key:r=""}=e,a=u();function u(){return o.onCreate&&o.onUpdate?Ta:o.onUpdate?Sa:wa}function f(_){switch(_){case wa:t(0,o.onCreate=!0,o),t(0,o.onUpdate=!1,o);break;case Sa:t(0,o.onCreate=!1,o),t(0,o.onUpdate=!0,o);break;case Ta:t(0,o.onCreate=!0,o),t(0,o.onUpdate=!0,o);break}}function c(_){a=_,t(2,a)}function d(_){o=_,t(0,o)}function m(_){Le.call(this,n,_)}function h(_){Le.call(this,n,_)}function g(_){Le.call(this,n,_)}return n.$$set=_=>{e=je(je({},e),Kt(_)),t(4,s=lt(e,i)),"field"in _&&t(0,o=_.field),"key"in _&&t(1,r=_.key)},n.$$.update=()=>{n.$$.dirty&4&&f(a)},[o,r,a,l,s,c,d,m,h,g]}class VM extends we{constructor(e){super(),ve(this,e,UM,zM,be,{field:0,key:1})}}function BM(n){let e,t,i;const s=[{key:n[1]},n[2]];function l(r){n[3](r)}let o={};for(let r=0;rge(e,"field",l)),e.$on("rename",n[4]),e.$on("remove",n[5]),e.$on("duplicate",n[6]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&6?vt(s,[a&2&&{key:r[1]},a&4&&At(r[2])]):{};!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function WM(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e;function r(c){l=c,t(0,l)}function a(c){Le.call(this,n,c)}function u(c){Le.call(this,n,c)}function f(c){Le.call(this,n,c)}return n.$$set=c=>{e=je(je({},e),Kt(c)),t(2,s=lt(e,i)),"field"in c&&t(0,l=c.field),"key"in c&&t(1,o=c.key)},[l,o,s,r,a,u,f]}class YM extends we{constructor(e){super(),ve(this,e,WM,BM,be,{field:0,key:1})}}var $a=["onChange","onClose","onDayCreate","onDestroy","onKeyDown","onMonthChange","onOpen","onParseConfig","onReady","onValueUpdate","onYearChange","onPreCalendarPosition"],es={_disable:[],allowInput:!1,allowInvalidPreload:!1,altFormat:"F j, Y",altInput:!1,altInputClass:"form-control input",animate:typeof window=="object"&&window.navigator.userAgent.indexOf("MSIE")===-1,ariaDateFormat:"F j, Y",autoFillDefaultTime:!0,clickOpens:!0,closeOnSelect:!0,conjunction:", ",dateFormat:"Y-m-d",defaultHour:12,defaultMinute:0,defaultSeconds:0,disable:[],disableMobile:!1,enableSeconds:!1,enableTime:!1,errorHandler:function(n){return typeof console<"u"&&console.warn(n)},getWeek:function(n){var e=new Date(n.getTime());e.setHours(0,0,0,0),e.setDate(e.getDate()+3-(e.getDay()+6)%7);var t=new Date(e.getFullYear(),0,4);return 1+Math.round(((e.getTime()-t.getTime())/864e5-3+(t.getDay()+6)%7)/7)},hourIncrement:1,ignoredFocusElements:[],inline:!1,locale:"default",minuteIncrement:5,mode:"single",monthSelectorType:"dropdown",nextArrow:"",noCalendar:!1,now:new Date,onChange:[],onClose:[],onDayCreate:[],onDestroy:[],onKeyDown:[],onMonthChange:[],onOpen:[],onParseConfig:[],onReady:[],onValueUpdate:[],onYearChange:[],onPreCalendarPosition:[],plugins:[],position:"auto",positionElement:void 0,prevArrow:"",shorthandCurrentMonth:!1,showMonths:1,static:!1,time_24hr:!1,weekNumbers:!1,wrap:!1},to={weekdays:{shorthand:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],longhand:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"]},months:{shorthand:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],longhand:["January","February","March","April","May","June","July","August","September","October","November","December"]},daysInMonth:[31,28,31,30,31,30,31,31,30,31,30,31],firstDayOfWeek:0,ordinal:function(n){var e=n%100;if(e>3&&e<21)return"th";switch(e%10){case 1:return"st";case 2:return"nd";case 3:return"rd";default:return"th"}},rangeSeparator:" to ",weekAbbreviation:"Wk",scrollTitle:"Scroll to increment",toggleTitle:"Click to toggle",amPM:["AM","PM"],yearAriaLabel:"Year",monthAriaLabel:"Month",hourAriaLabel:"Hour",minuteAriaLabel:"Minute",time_24hr:!1},Nn=function(n,e){return e===void 0&&(e=2),("000"+n).slice(e*-1)},xn=function(n){return n===!0?1:0};function nh(n,e){var t;return function(){var i=this,s=arguments;clearTimeout(t),t=setTimeout(function(){return n.apply(i,s)},e)}}var Ca=function(n){return n instanceof Array?n:[n]};function On(n,e,t){if(t===!0)return n.classList.add(e);n.classList.remove(e)}function Mt(n,e,t){var i=window.document.createElement(n);return e=e||"",t=t||"",i.className=e,t!==void 0&&(i.textContent=t),i}function Yo(n){for(;n.firstChild;)n.removeChild(n.firstChild)}function Iy(n,e){if(e(n))return n;if(n.parentNode)return Iy(n.parentNode,e)}function Ko(n,e){var t=Mt("div","numInputWrapper"),i=Mt("input","numInput "+n),s=Mt("span","arrowUp"),l=Mt("span","arrowDown");if(navigator.userAgent.indexOf("MSIE 9.0")===-1?i.type="number":(i.type="text",i.pattern="\\d*"),e!==void 0)for(var o in e)i.setAttribute(o,e[o]);return t.appendChild(i),t.appendChild(s),t.appendChild(l),t}function Vn(n){try{if(typeof n.composedPath=="function"){var e=n.composedPath();return e[0]}return n.target}catch{return n.target}}var Oa=function(){},yr=function(n,e,t){return t.months[e?"shorthand":"longhand"][n]},KM={D:Oa,F:function(n,e,t){n.setMonth(t.months.longhand.indexOf(e))},G:function(n,e){n.setHours((n.getHours()>=12?12:0)+parseFloat(e))},H:function(n,e){n.setHours(parseFloat(e))},J:function(n,e){n.setDate(parseFloat(e))},K:function(n,e,t){n.setHours(n.getHours()%12+12*xn(new RegExp(t.amPM[1],"i").test(e)))},M:function(n,e,t){n.setMonth(t.months.shorthand.indexOf(e))},S:function(n,e){n.setSeconds(parseFloat(e))},U:function(n,e){return new Date(parseFloat(e)*1e3)},W:function(n,e,t){var i=parseInt(e),s=new Date(n.getFullYear(),0,2+(i-1)*7,0,0,0,0);return s.setDate(s.getDate()-s.getDay()+t.firstDayOfWeek),s},Y:function(n,e){n.setFullYear(parseFloat(e))},Z:function(n,e){return new Date(e)},d:function(n,e){n.setDate(parseFloat(e))},h:function(n,e){n.setHours((n.getHours()>=12?12:0)+parseFloat(e))},i:function(n,e){n.setMinutes(parseFloat(e))},j:function(n,e){n.setDate(parseFloat(e))},l:Oa,m:function(n,e){n.setMonth(parseFloat(e)-1)},n:function(n,e){n.setMonth(parseFloat(e)-1)},s:function(n,e){n.setSeconds(parseFloat(e))},u:function(n,e){return new Date(parseFloat(e))},w:Oa,y:function(n,e){n.setFullYear(2e3+parseFloat(e))}},wl={D:"",F:"",G:"(\\d\\d|\\d)",H:"(\\d\\d|\\d)",J:"(\\d\\d|\\d)\\w+",K:"",M:"",S:"(\\d\\d|\\d)",U:"(.+)",W:"(\\d\\d|\\d)",Y:"(\\d{4})",Z:"(.+)",d:"(\\d\\d|\\d)",h:"(\\d\\d|\\d)",i:"(\\d\\d|\\d)",j:"(\\d\\d|\\d)",l:"",m:"(\\d\\d|\\d)",n:"(\\d\\d|\\d)",s:"(\\d\\d|\\d)",u:"(.+)",w:"(\\d\\d|\\d)",y:"(\\d{2})"},Hs={Z:function(n){return n.toISOString()},D:function(n,e,t){return e.weekdays.shorthand[Hs.w(n,e,t)]},F:function(n,e,t){return yr(Hs.n(n,e,t)-1,!1,e)},G:function(n,e,t){return Nn(Hs.h(n,e,t))},H:function(n){return Nn(n.getHours())},J:function(n,e){return e.ordinal!==void 0?n.getDate()+e.ordinal(n.getDate()):n.getDate()},K:function(n,e){return e.amPM[xn(n.getHours()>11)]},M:function(n,e){return yr(n.getMonth(),!0,e)},S:function(n){return Nn(n.getSeconds())},U:function(n){return n.getTime()/1e3},W:function(n,e,t){return t.getWeek(n)},Y:function(n){return Nn(n.getFullYear(),4)},d:function(n){return Nn(n.getDate())},h:function(n){return n.getHours()%12?n.getHours()%12:12},i:function(n){return Nn(n.getMinutes())},j:function(n){return n.getDate()},l:function(n,e){return e.weekdays.longhand[n.getDay()]},m:function(n){return Nn(n.getMonth()+1)},n:function(n){return n.getMonth()+1},s:function(n){return n.getSeconds()},u:function(n){return n.getTime()},w:function(n){return n.getDay()},y:function(n){return String(n.getFullYear()).substring(2)}},Ly=function(n){var e=n.config,t=e===void 0?es:e,i=n.l10n,s=i===void 0?to:i,l=n.isMobile,o=l===void 0?!1:l;return function(r,a,u){var f=u||s;return t.formatDate!==void 0&&!o?t.formatDate(r,a,f):a.split("").map(function(c,d,m){return Hs[c]&&m[d-1]!=="\\"?Hs[c](r,f,t):c!=="\\"?c:""}).join("")}},du=function(n){var e=n.config,t=e===void 0?es:e,i=n.l10n,s=i===void 0?to:i;return function(l,o,r,a){if(!(l!==0&&!l)){var u=a||s,f,c=l;if(l instanceof Date)f=new Date(l.getTime());else if(typeof l!="string"&&l.toFixed!==void 0)f=new Date(l);else if(typeof l=="string"){var d=o||(t||es).dateFormat,m=String(l).trim();if(m==="today")f=new Date,r=!0;else if(t&&t.parseDate)f=t.parseDate(l,d);else if(/Z$/.test(m)||/GMT$/.test(m))f=new Date(l);else{for(var h=void 0,g=[],_=0,k=0,S="";_Math.min(e,t)&&n=0?new Date:new Date(t.config.minDate.getTime()),le=Ea(t.config);ee.setHours(le.hours,le.minutes,le.seconds,ee.getMilliseconds()),t.selectedDates=[ee],t.latestSelectedDateObj=ee}X!==void 0&&X.type!=="blur"&&cl(X);var Se=t._input.value;c(),An(),t._input.value!==Se&&t._debouncedChange()}function u(X,ee){return X%12+12*xn(ee===t.l10n.amPM[1])}function f(X){switch(X%24){case 0:case 12:return 12;default:return X%12}}function c(){if(!(t.hourElement===void 0||t.minuteElement===void 0)){var X=(parseInt(t.hourElement.value.slice(-2),10)||0)%24,ee=(parseInt(t.minuteElement.value,10)||0)%60,le=t.secondElement!==void 0?(parseInt(t.secondElement.value,10)||0)%60:0;t.amPM!==void 0&&(X=u(X,t.amPM.textContent));var Se=t.config.minTime!==void 0||t.config.minDate&&t.minDateHasTime&&t.latestSelectedDateObj&&Bn(t.latestSelectedDateObj,t.config.minDate,!0)===0,Fe=t.config.maxTime!==void 0||t.config.maxDate&&t.maxDateHasTime&&t.latestSelectedDateObj&&Bn(t.latestSelectedDateObj,t.config.maxDate,!0)===0;if(t.config.maxTime!==void 0&&t.config.minTime!==void 0&&t.config.minTime>t.config.maxTime){var Ve=Ma(t.config.minTime.getHours(),t.config.minTime.getMinutes(),t.config.minTime.getSeconds()),rt=Ma(t.config.maxTime.getHours(),t.config.maxTime.getMinutes(),t.config.maxTime.getSeconds()),Je=Ma(X,ee,le);if(Je>rt&&Je=12)]),t.secondElement!==void 0&&(t.secondElement.value=Nn(le)))}function h(X){var ee=Vn(X),le=parseInt(ee.value)+(X.delta||0);(le/1e3>1||X.key==="Enter"&&!/[^\d]/.test(le.toString()))&&et(le)}function g(X,ee,le,Se){if(ee instanceof Array)return ee.forEach(function(Fe){return g(X,Fe,le,Se)});if(X instanceof Array)return X.forEach(function(Fe){return g(Fe,ee,le,Se)});X.addEventListener(ee,le,Se),t._handlers.push({remove:function(){return X.removeEventListener(ee,le,Se)}})}function _(){It("onChange")}function k(){if(t.config.wrap&&["open","close","toggle","clear"].forEach(function(le){Array.prototype.forEach.call(t.element.querySelectorAll("[data-"+le+"]"),function(Se){return g(Se,"click",t[le])})}),t.isMobile){Zn();return}var X=nh(De,50);if(t._debouncedChange=nh(_,XM),t.daysContainer&&!/iPhone|iPad|iPod/i.test(navigator.userAgent)&&g(t.daysContainer,"mouseover",function(le){t.config.mode==="range"&&Ue(Vn(le))}),g(t._input,"keydown",Bt),t.calendarContainer!==void 0&&g(t.calendarContainer,"keydown",Bt),!t.config.inline&&!t.config.static&&g(window,"resize",X),window.ontouchstart!==void 0?g(window.document,"touchstart",ct):g(window.document,"mousedown",ct),g(window.document,"focus",ct,{capture:!0}),t.config.clickOpens===!0&&(g(t._input,"focus",t.open),g(t._input,"click",t.open)),t.daysContainer!==void 0&&(g(t.monthNav,"click",Fl),g(t.monthNav,["keyup","increment"],h),g(t.daysContainer,"click",Pt)),t.timeContainer!==void 0&&t.minuteElement!==void 0&&t.hourElement!==void 0){var ee=function(le){return Vn(le).select()};g(t.timeContainer,["increment"],a),g(t.timeContainer,"blur",a,{capture:!0}),g(t.timeContainer,"click",$),g([t.hourElement,t.minuteElement],["focus","click"],ee),t.secondElement!==void 0&&g(t.secondElement,"focus",function(){return t.secondElement&&t.secondElement.select()}),t.amPM!==void 0&&g(t.amPM,"click",function(le){a(le)})}t.config.allowInput&&g(t._input,"blur",ut)}function S(X,ee){var le=X!==void 0?t.parseDate(X):t.latestSelectedDateObj||(t.config.minDate&&t.config.minDate>t.now?t.config.minDate:t.config.maxDate&&t.config.maxDate1),t.calendarContainer.appendChild(X);var Fe=t.config.appendTo!==void 0&&t.config.appendTo.nodeType!==void 0;if((t.config.inline||t.config.static)&&(t.calendarContainer.classList.add(t.config.inline?"inline":"static"),t.config.inline&&(!Fe&&t.element.parentNode?t.element.parentNode.insertBefore(t.calendarContainer,t._input.nextSibling):t.config.appendTo!==void 0&&t.config.appendTo.appendChild(t.calendarContainer)),t.config.static)){var Ve=Mt("div","flatpickr-wrapper");t.element.parentNode&&t.element.parentNode.insertBefore(Ve,t.element),Ve.appendChild(t.element),t.altInput&&Ve.appendChild(t.altInput),Ve.appendChild(t.calendarContainer)}!t.config.static&&!t.config.inline&&(t.config.appendTo!==void 0?t.config.appendTo:window.document.body).appendChild(t.calendarContainer)}function E(X,ee,le,Se){var Fe=xe(ee,!0),Ve=Mt("span",X,ee.getDate().toString());return Ve.dateObj=ee,Ve.$i=Se,Ve.setAttribute("aria-label",t.formatDate(ee,t.config.ariaDateFormat)),X.indexOf("hidden")===-1&&Bn(ee,t.now)===0&&(t.todayDateElem=Ve,Ve.classList.add("today"),Ve.setAttribute("aria-current","date")),Fe?(Ve.tabIndex=-1,ul(ee)&&(Ve.classList.add("selected"),t.selectedDateElem=Ve,t.config.mode==="range"&&(On(Ve,"startRange",t.selectedDates[0]&&Bn(ee,t.selectedDates[0],!0)===0),On(Ve,"endRange",t.selectedDates[1]&&Bn(ee,t.selectedDates[1],!0)===0),X==="nextMonthDay"&&Ve.classList.add("inRange")))):Ve.classList.add("flatpickr-disabled"),t.config.mode==="range"&&Ui(ee)&&!ul(ee)&&Ve.classList.add("inRange"),t.weekNumbers&&t.config.showMonths===1&&X!=="prevMonthDay"&&Se%7===6&&t.weekNumbers.insertAdjacentHTML("beforeend",""+t.config.getWeek(ee)+""),It("onDayCreate",Ve),Ve}function L(X){X.focus(),t.config.mode==="range"&&Ue(X)}function I(X){for(var ee=X>0?0:t.config.showMonths-1,le=X>0?t.config.showMonths:-1,Se=ee;Se!=le;Se+=X)for(var Fe=t.daysContainer.children[Se],Ve=X>0?0:Fe.children.length-1,rt=X>0?Fe.children.length:-1,Je=Ve;Je!=rt;Je+=X){var ue=Fe.children[Je];if(ue.className.indexOf("hidden")===-1&&xe(ue.dateObj))return ue}}function A(X,ee){for(var le=X.className.indexOf("Month")===-1?X.dateObj.getMonth():t.currentMonth,Se=ee>0?t.config.showMonths:-1,Fe=ee>0?1:-1,Ve=le-t.currentMonth;Ve!=Se;Ve+=Fe)for(var rt=t.daysContainer.children[Ve],Je=le-t.currentMonth===Ve?X.$i+ee:ee<0?rt.children.length-1:0,ue=rt.children.length,ye=Je;ye>=0&&ye0?ue:-1);ye+=Fe){var He=rt.children[ye];if(He.className.indexOf("hidden")===-1&&xe(He.dateObj)&&Math.abs(X.$i-ye)>=Math.abs(ee))return L(He)}t.changeMonth(Fe),P(I(Fe),0)}function P(X,ee){var le=l(),Se=Be(le||document.body),Fe=X!==void 0?X:Se?le:t.selectedDateElem!==void 0&&Be(t.selectedDateElem)?t.selectedDateElem:t.todayDateElem!==void 0&&Be(t.todayDateElem)?t.todayDateElem:I(ee>0?1:-1);Fe===void 0?t._input.focus():Se?A(Fe,ee):L(Fe)}function N(X,ee){for(var le=(new Date(X,ee,1).getDay()-t.l10n.firstDayOfWeek+7)%7,Se=t.utils.getDaysInMonth((ee-1+12)%12,X),Fe=t.utils.getDaysInMonth(ee,X),Ve=window.document.createDocumentFragment(),rt=t.config.showMonths>1,Je=rt?"prevMonthDay hidden":"prevMonthDay",ue=rt?"nextMonthDay hidden":"nextMonthDay",ye=Se+1-le,He=0;ye<=Se;ye++,He++)Ve.appendChild(E("flatpickr-day "+Je,new Date(X,ee-1,ye),ye,He));for(ye=1;ye<=Fe;ye++,He++)Ve.appendChild(E("flatpickr-day",new Date(X,ee,ye),ye,He));for(var Qe=Fe+1;Qe<=42-le&&(t.config.showMonths===1||He%7!==0);Qe++,He++)Ve.appendChild(E("flatpickr-day "+ue,new Date(X,ee+1,Qe%Fe),Qe,He));var at=Mt("div","dayContainer");return at.appendChild(Ve),at}function R(){if(t.daysContainer!==void 0){Yo(t.daysContainer),t.weekNumbers&&Yo(t.weekNumbers);for(var X=document.createDocumentFragment(),ee=0;ee1||t.config.monthSelectorType!=="dropdown")){var X=function(Se){return t.config.minDate!==void 0&&t.currentYear===t.config.minDate.getFullYear()&&Set.config.maxDate.getMonth())};t.monthsDropdownContainer.tabIndex=-1,t.monthsDropdownContainer.innerHTML="";for(var ee=0;ee<12;ee++)if(X(ee)){var le=Mt("option","flatpickr-monthDropdown-month");le.value=new Date(t.currentYear,ee).getMonth().toString(),le.textContent=yr(ee,t.config.shorthandCurrentMonth,t.l10n),le.tabIndex=-1,t.currentMonth===ee&&(le.selected=!0),t.monthsDropdownContainer.appendChild(le)}}}function F(){var X=Mt("div","flatpickr-month"),ee=window.document.createDocumentFragment(),le;t.config.showMonths>1||t.config.monthSelectorType==="static"?le=Mt("span","cur-month"):(t.monthsDropdownContainer=Mt("select","flatpickr-monthDropdown-months"),t.monthsDropdownContainer.setAttribute("aria-label",t.l10n.monthAriaLabel),g(t.monthsDropdownContainer,"change",function(rt){var Je=Vn(rt),ue=parseInt(Je.value,10);t.changeMonth(ue-t.currentMonth),It("onMonthChange")}),z(),le=t.monthsDropdownContainer);var Se=Ko("cur-year",{tabindex:"-1"}),Fe=Se.getElementsByTagName("input")[0];Fe.setAttribute("aria-label",t.l10n.yearAriaLabel),t.config.minDate&&Fe.setAttribute("min",t.config.minDate.getFullYear().toString()),t.config.maxDate&&(Fe.setAttribute("max",t.config.maxDate.getFullYear().toString()),Fe.disabled=!!t.config.minDate&&t.config.minDate.getFullYear()===t.config.maxDate.getFullYear());var Ve=Mt("div","flatpickr-current-month");return Ve.appendChild(le),Ve.appendChild(Se),ee.appendChild(Ve),X.appendChild(ee),{container:X,yearElement:Fe,monthElement:le}}function B(){Yo(t.monthNav),t.monthNav.appendChild(t.prevMonthNav),t.config.showMonths&&(t.yearElements=[],t.monthElements=[]);for(var X=t.config.showMonths;X--;){var ee=F();t.yearElements.push(ee.yearElement),t.monthElements.push(ee.monthElement),t.monthNav.appendChild(ee.container)}t.monthNav.appendChild(t.nextMonthNav)}function J(){return t.monthNav=Mt("div","flatpickr-months"),t.yearElements=[],t.monthElements=[],t.prevMonthNav=Mt("span","flatpickr-prev-month"),t.prevMonthNav.innerHTML=t.config.prevArrow,t.nextMonthNav=Mt("span","flatpickr-next-month"),t.nextMonthNav.innerHTML=t.config.nextArrow,B(),Object.defineProperty(t,"_hidePrevMonthArrow",{get:function(){return t.__hidePrevMonthArrow},set:function(X){t.__hidePrevMonthArrow!==X&&(On(t.prevMonthNav,"flatpickr-disabled",X),t.__hidePrevMonthArrow=X)}}),Object.defineProperty(t,"_hideNextMonthArrow",{get:function(){return t.__hideNextMonthArrow},set:function(X){t.__hideNextMonthArrow!==X&&(On(t.nextMonthNav,"flatpickr-disabled",X),t.__hideNextMonthArrow=X)}}),t.currentYearElement=t.yearElements[0],Vi(),t.monthNav}function V(){t.calendarContainer.classList.add("hasTime"),t.config.noCalendar&&t.calendarContainer.classList.add("noCalendar");var X=Ea(t.config);t.timeContainer=Mt("div","flatpickr-time"),t.timeContainer.tabIndex=-1;var ee=Mt("span","flatpickr-time-separator",":"),le=Ko("flatpickr-hour",{"aria-label":t.l10n.hourAriaLabel});t.hourElement=le.getElementsByTagName("input")[0];var Se=Ko("flatpickr-minute",{"aria-label":t.l10n.minuteAriaLabel});if(t.minuteElement=Se.getElementsByTagName("input")[0],t.hourElement.tabIndex=t.minuteElement.tabIndex=-1,t.hourElement.value=Nn(t.latestSelectedDateObj?t.latestSelectedDateObj.getHours():t.config.time_24hr?X.hours:f(X.hours)),t.minuteElement.value=Nn(t.latestSelectedDateObj?t.latestSelectedDateObj.getMinutes():X.minutes),t.hourElement.setAttribute("step",t.config.hourIncrement.toString()),t.minuteElement.setAttribute("step",t.config.minuteIncrement.toString()),t.hourElement.setAttribute("min",t.config.time_24hr?"0":"1"),t.hourElement.setAttribute("max",t.config.time_24hr?"23":"12"),t.hourElement.setAttribute("maxlength","2"),t.minuteElement.setAttribute("min","0"),t.minuteElement.setAttribute("max","59"),t.minuteElement.setAttribute("maxlength","2"),t.timeContainer.appendChild(le),t.timeContainer.appendChild(ee),t.timeContainer.appendChild(Se),t.config.time_24hr&&t.timeContainer.classList.add("time24hr"),t.config.enableSeconds){t.timeContainer.classList.add("hasSeconds");var Fe=Ko("flatpickr-second");t.secondElement=Fe.getElementsByTagName("input")[0],t.secondElement.value=Nn(t.latestSelectedDateObj?t.latestSelectedDateObj.getSeconds():X.seconds),t.secondElement.setAttribute("step",t.minuteElement.getAttribute("step")),t.secondElement.setAttribute("min","0"),t.secondElement.setAttribute("max","59"),t.secondElement.setAttribute("maxlength","2"),t.timeContainer.appendChild(Mt("span","flatpickr-time-separator",":")),t.timeContainer.appendChild(Fe)}return t.config.time_24hr||(t.amPM=Mt("span","flatpickr-am-pm",t.l10n.amPM[xn((t.latestSelectedDateObj?t.hourElement.value:t.config.defaultHour)>11)]),t.amPM.title=t.l10n.toggleTitle,t.amPM.tabIndex=-1,t.timeContainer.appendChild(t.amPM)),t.timeContainer}function Z(){t.weekdayContainer?Yo(t.weekdayContainer):t.weekdayContainer=Mt("div","flatpickr-weekdays");for(var X=t.config.showMonths;X--;){var ee=Mt("div","flatpickr-weekdaycontainer");t.weekdayContainer.appendChild(ee)}return G(),t.weekdayContainer}function G(){if(t.weekdayContainer){var X=t.l10n.firstDayOfWeek,ee=ih(t.l10n.weekdays.shorthand);X>0&&X + `+ee.join("")+` + + `}}function de(){t.calendarContainer.classList.add("hasWeeks");var X=Mt("div","flatpickr-weekwrapper");X.appendChild(Mt("span","flatpickr-weekday",t.l10n.weekAbbreviation));var ee=Mt("div","flatpickr-weeks");return X.appendChild(ee),{weekWrapper:X,weekNumbers:ee}}function pe(X,ee){ee===void 0&&(ee=!0);var le=ee?X:X-t.currentMonth;le<0&&t._hidePrevMonthArrow===!0||le>0&&t._hideNextMonthArrow===!0||(t.currentMonth+=le,(t.currentMonth<0||t.currentMonth>11)&&(t.currentYear+=t.currentMonth>11?1:-1,t.currentMonth=(t.currentMonth+12)%12,It("onYearChange"),z()),R(),It("onMonthChange"),Vi())}function ae(X,ee){if(X===void 0&&(X=!0),ee===void 0&&(ee=!0),t.input.value="",t.altInput!==void 0&&(t.altInput.value=""),t.mobileInput!==void 0&&(t.mobileInput.value=""),t.selectedDates=[],t.latestSelectedDateObj=void 0,ee===!0&&(t.currentYear=t._initialDate.getFullYear(),t.currentMonth=t._initialDate.getMonth()),t.config.enableTime===!0){var le=Ea(t.config),Se=le.hours,Fe=le.minutes,Ve=le.seconds;m(Se,Fe,Ve)}t.redraw(),X&&It("onChange")}function Ce(){t.isOpen=!1,t.isMobile||(t.calendarContainer!==void 0&&t.calendarContainer.classList.remove("open"),t._input!==void 0&&t._input.classList.remove("active")),It("onClose")}function Ye(){t.config!==void 0&&It("onDestroy");for(var X=t._handlers.length;X--;)t._handlers[X].remove();if(t._handlers=[],t.mobileInput)t.mobileInput.parentNode&&t.mobileInput.parentNode.removeChild(t.mobileInput),t.mobileInput=void 0;else if(t.calendarContainer&&t.calendarContainer.parentNode)if(t.config.static&&t.calendarContainer.parentNode){var ee=t.calendarContainer.parentNode;if(ee.lastChild&&ee.removeChild(ee.lastChild),ee.parentNode){for(;ee.firstChild;)ee.parentNode.insertBefore(ee.firstChild,ee);ee.parentNode.removeChild(ee)}}else t.calendarContainer.parentNode.removeChild(t.calendarContainer);t.altInput&&(t.input.type="text",t.altInput.parentNode&&t.altInput.parentNode.removeChild(t.altInput),delete t.altInput),t.input&&(t.input.type=t.input._type,t.input.classList.remove("flatpickr-input"),t.input.removeAttribute("readonly")),["_showTimeInput","latestSelectedDateObj","_hideNextMonthArrow","_hidePrevMonthArrow","__hideNextMonthArrow","__hidePrevMonthArrow","isMobile","isOpen","selectedDateElem","minDateHasTime","maxDateHasTime","days","daysContainer","_input","_positionElement","innerContainer","rContainer","monthNav","todayDateElem","calendarContainer","weekdayContainer","prevMonthNav","nextMonthNav","monthsDropdownContainer","currentMonthElement","currentYearElement","navigationCurrentMonth","selectedDateElem","config"].forEach(function(le){try{delete t[le]}catch{}})}function Ke(X){return t.calendarContainer.contains(X)}function ct(X){if(t.isOpen&&!t.config.inline){var ee=Vn(X),le=Ke(ee),Se=ee===t.input||ee===t.altInput||t.element.contains(ee)||X.path&&X.path.indexOf&&(~X.path.indexOf(t.input)||~X.path.indexOf(t.altInput)),Fe=!Se&&!le&&!Ke(X.relatedTarget),Ve=!t.config.ignoredFocusElements.some(function(rt){return rt.contains(ee)});Fe&&Ve&&(t.config.allowInput&&t.setDate(t._input.value,!1,t.config.altInput?t.config.altFormat:t.config.dateFormat),t.timeContainer!==void 0&&t.minuteElement!==void 0&&t.hourElement!==void 0&&t.input.value!==""&&t.input.value!==void 0&&a(),t.close(),t.config&&t.config.mode==="range"&&t.selectedDates.length===1&&t.clear(!1))}}function et(X){if(!(!X||t.config.minDate&&Xt.config.maxDate.getFullYear())){var ee=X,le=t.currentYear!==ee;t.currentYear=ee||t.currentYear,t.config.maxDate&&t.currentYear===t.config.maxDate.getFullYear()?t.currentMonth=Math.min(t.config.maxDate.getMonth(),t.currentMonth):t.config.minDate&&t.currentYear===t.config.minDate.getFullYear()&&(t.currentMonth=Math.max(t.config.minDate.getMonth(),t.currentMonth)),le&&(t.redraw(),It("onYearChange"),z())}}function xe(X,ee){var le;ee===void 0&&(ee=!0);var Se=t.parseDate(X,void 0,ee);if(t.config.minDate&&Se&&Bn(Se,t.config.minDate,ee!==void 0?ee:!t.minDateHasTime)<0||t.config.maxDate&&Se&&Bn(Se,t.config.maxDate,ee!==void 0?ee:!t.maxDateHasTime)>0)return!1;if(!t.config.enable&&t.config.disable.length===0)return!0;if(Se===void 0)return!1;for(var Fe=!!t.config.enable,Ve=(le=t.config.enable)!==null&&le!==void 0?le:t.config.disable,rt=0,Je=void 0;rt=Je.from.getTime()&&Se.getTime()<=Je.to.getTime())return Fe}return!Fe}function Be(X){return t.daysContainer!==void 0?X.className.indexOf("hidden")===-1&&X.className.indexOf("flatpickr-disabled")===-1&&t.daysContainer.contains(X):!1}function ut(X){var ee=X.target===t._input,le=t._input.value.trimEnd()!==fl();ee&&le&&!(X.relatedTarget&&Ke(X.relatedTarget))&&t.setDate(t._input.value,!0,X.target===t.altInput?t.config.altFormat:t.config.dateFormat)}function Bt(X){var ee=Vn(X),le=t.config.wrap?n.contains(ee):ee===t._input,Se=t.config.allowInput,Fe=t.isOpen&&(!Se||!le),Ve=t.config.inline&&le&&!Se;if(X.keyCode===13&&le){if(Se)return t.setDate(t._input.value,!0,ee===t.altInput?t.config.altFormat:t.config.dateFormat),t.close(),ee.blur();t.open()}else if(Ke(ee)||Fe||Ve){var rt=!!t.timeContainer&&t.timeContainer.contains(ee);switch(X.keyCode){case 13:rt?(X.preventDefault(),a(),Ut()):Pt(X);break;case 27:X.preventDefault(),Ut();break;case 8:case 46:le&&!t.config.allowInput&&(X.preventDefault(),t.clear());break;case 37:case 39:if(!rt&&!le){X.preventDefault();var Je=l();if(t.daysContainer!==void 0&&(Se===!1||Je&&Be(Je))){var ue=X.keyCode===39?1:-1;X.ctrlKey?(X.stopPropagation(),pe(ue),P(I(1),0)):P(void 0,ue)}}else t.hourElement&&t.hourElement.focus();break;case 38:case 40:X.preventDefault();var ye=X.keyCode===40?1:-1;t.daysContainer&&ee.$i!==void 0||ee===t.input||ee===t.altInput?X.ctrlKey?(X.stopPropagation(),et(t.currentYear-ye),P(I(1),0)):rt||P(void 0,ye*7):ee===t.currentYearElement?et(t.currentYear-ye):t.config.enableTime&&(!rt&&t.hourElement&&t.hourElement.focus(),a(X),t._debouncedChange());break;case 9:if(rt){var He=[t.hourElement,t.minuteElement,t.secondElement,t.amPM].concat(t.pluginElements).filter(function(Wt){return Wt}),Qe=He.indexOf(ee);if(Qe!==-1){var at=He[Qe+(X.shiftKey?-1:1)];X.preventDefault(),(at||t._input).focus()}}else!t.config.noCalendar&&t.daysContainer&&t.daysContainer.contains(ee)&&X.shiftKey&&(X.preventDefault(),t._input.focus());break}}if(t.amPM!==void 0&&ee===t.amPM)switch(X.key){case t.l10n.amPM[0].charAt(0):case t.l10n.amPM[0].charAt(0).toLowerCase():t.amPM.textContent=t.l10n.amPM[0],c(),An();break;case t.l10n.amPM[1].charAt(0):case t.l10n.amPM[1].charAt(0).toLowerCase():t.amPM.textContent=t.l10n.amPM[1],c(),An();break}(le||Ke(ee))&&It("onKeyDown",X)}function Ue(X,ee){if(ee===void 0&&(ee="flatpickr-day"),!(t.selectedDates.length!==1||X&&(!X.classList.contains(ee)||X.classList.contains("flatpickr-disabled")))){for(var le=X?X.dateObj.getTime():t.days.firstElementChild.dateObj.getTime(),Se=t.parseDate(t.selectedDates[0],void 0,!0).getTime(),Fe=Math.min(le,t.selectedDates[0].getTime()),Ve=Math.max(le,t.selectedDates[0].getTime()),rt=!1,Je=0,ue=0,ye=Fe;yeFe&&yeJe)?Je=ye:ye>Se&&(!ue||ye ."+ee));He.forEach(function(Qe){var at=Qe.dateObj,Wt=at.getTime(),pn=Je>0&&Wt0&&Wt>ue;if(pn){Qe.classList.add("notAllowed"),["inRange","startRange","endRange"].forEach(function(mn){Qe.classList.remove(mn)});return}else if(rt&&!pn)return;["startRange","inRange","endRange","notAllowed"].forEach(function(mn){Qe.classList.remove(mn)}),X!==void 0&&(X.classList.add(le<=t.selectedDates[0].getTime()?"startRange":"endRange"),Sele&&Wt===Se&&Qe.classList.add("endRange"),Wt>=Je&&(ue===0||Wt<=ue)&&JM(Wt,Se,le)&&Qe.classList.add("inRange"))})}}function De(){t.isOpen&&!t.config.static&&!t.config.inline&&zt()}function ot(X,ee){if(ee===void 0&&(ee=t._positionElement),t.isMobile===!0){if(X){X.preventDefault();var le=Vn(X);le&&le.blur()}t.mobileInput!==void 0&&(t.mobileInput.focus(),t.mobileInput.click()),It("onOpen");return}else if(t._input.disabled||t.config.inline)return;var Se=t.isOpen;t.isOpen=!0,Se||(t.calendarContainer.classList.add("open"),t._input.classList.add("active"),It("onOpen"),zt(ee)),t.config.enableTime===!0&&t.config.noCalendar===!0&&t.config.allowInput===!1&&(X===void 0||!t.timeContainer.contains(X.relatedTarget))&&setTimeout(function(){return t.hourElement.select()},50)}function Ie(X){return function(ee){var le=t.config["_"+X+"Date"]=t.parseDate(ee,t.config.dateFormat),Se=t.config["_"+(X==="min"?"max":"min")+"Date"];le!==void 0&&(t[X==="min"?"minDateHasTime":"maxDateHasTime"]=le.getHours()>0||le.getMinutes()>0||le.getSeconds()>0),t.selectedDates&&(t.selectedDates=t.selectedDates.filter(function(Fe){return xe(Fe)}),!t.selectedDates.length&&X==="min"&&d(le),An()),t.daysContainer&&(bt(),le!==void 0?t.currentYearElement[X]=le.getFullYear().toString():t.currentYearElement.removeAttribute(X),t.currentYearElement.disabled=!!Se&&le!==void 0&&Se.getFullYear()===le.getFullYear())}}function We(){var X=["wrap","weekNumbers","allowInput","allowInvalidPreload","clickOpens","time_24hr","enableTime","noCalendar","altInput","shorthandCurrentMonth","inline","static","enableSeconds","disableMobile"],ee=kn(kn({},JSON.parse(JSON.stringify(n.dataset||{}))),e),le={};t.config.parseDate=ee.parseDate,t.config.formatDate=ee.formatDate,Object.defineProperty(t.config,"enable",{get:function(){return t.config._enable},set:function(He){t.config._enable=dn(He)}}),Object.defineProperty(t.config,"disable",{get:function(){return t.config._disable},set:function(He){t.config._disable=dn(He)}});var Se=ee.mode==="time";if(!ee.dateFormat&&(ee.enableTime||Se)){var Fe=sn.defaultConfig.dateFormat||es.dateFormat;le.dateFormat=ee.noCalendar||Se?"H:i"+(ee.enableSeconds?":S":""):Fe+" H:i"+(ee.enableSeconds?":S":"")}if(ee.altInput&&(ee.enableTime||Se)&&!ee.altFormat){var Ve=sn.defaultConfig.altFormat||es.altFormat;le.altFormat=ee.noCalendar||Se?"h:i"+(ee.enableSeconds?":S K":" K"):Ve+(" h:i"+(ee.enableSeconds?":S":"")+" K")}Object.defineProperty(t.config,"minDate",{get:function(){return t.config._minDate},set:Ie("min")}),Object.defineProperty(t.config,"maxDate",{get:function(){return t.config._maxDate},set:Ie("max")});var rt=function(He){return function(Qe){t.config[He==="min"?"_minTime":"_maxTime"]=t.parseDate(Qe,"H:i:S")}};Object.defineProperty(t.config,"minTime",{get:function(){return t.config._minTime},set:rt("min")}),Object.defineProperty(t.config,"maxTime",{get:function(){return t.config._maxTime},set:rt("max")}),ee.mode==="time"&&(t.config.noCalendar=!0,t.config.enableTime=!0),Object.assign(t.config,le,ee);for(var Je=0;Je-1?t.config[ye]=Ca(ue[ye]).map(o).concat(t.config[ye]):typeof ee[ye]>"u"&&(t.config[ye]=ue[ye])}ee.altInputClass||(t.config.altInputClass=Te().className+" "+t.config.altInputClass),It("onParseConfig")}function Te(){return t.config.wrap?n.querySelector("[data-input]"):n}function nt(){typeof t.config.locale!="object"&&typeof sn.l10ns[t.config.locale]>"u"&&t.config.errorHandler(new Error("flatpickr: invalid locale "+t.config.locale)),t.l10n=kn(kn({},sn.l10ns.default),typeof t.config.locale=="object"?t.config.locale:t.config.locale!=="default"?sn.l10ns[t.config.locale]:void 0),wl.D="("+t.l10n.weekdays.shorthand.join("|")+")",wl.l="("+t.l10n.weekdays.longhand.join("|")+")",wl.M="("+t.l10n.months.shorthand.join("|")+")",wl.F="("+t.l10n.months.longhand.join("|")+")",wl.K="("+t.l10n.amPM[0]+"|"+t.l10n.amPM[1]+"|"+t.l10n.amPM[0].toLowerCase()+"|"+t.l10n.amPM[1].toLowerCase()+")";var X=kn(kn({},e),JSON.parse(JSON.stringify(n.dataset||{})));X.time_24hr===void 0&&sn.defaultConfig.time_24hr===void 0&&(t.config.time_24hr=t.l10n.time_24hr),t.formatDate=Ly(t),t.parseDate=du({config:t.config,l10n:t.l10n})}function zt(X){if(typeof t.config.position=="function")return void t.config.position(t,X);if(t.calendarContainer!==void 0){It("onPreCalendarPosition");var ee=X||t._positionElement,le=Array.prototype.reduce.call(t.calendarContainer.children,function(_s,jr){return _s+jr.offsetHeight},0),Se=t.calendarContainer.offsetWidth,Fe=t.config.position.split(" "),Ve=Fe[0],rt=Fe.length>1?Fe[1]:null,Je=ee.getBoundingClientRect(),ue=window.innerHeight-Je.bottom,ye=Ve==="above"||Ve!=="below"&&uele,He=window.pageYOffset+Je.top+(ye?-le-2:ee.offsetHeight+2);if(On(t.calendarContainer,"arrowTop",!ye),On(t.calendarContainer,"arrowBottom",ye),!t.config.inline){var Qe=window.pageXOffset+Je.left,at=!1,Wt=!1;rt==="center"?(Qe-=(Se-Je.width)/2,at=!0):rt==="right"&&(Qe-=Se-Je.width,Wt=!0),On(t.calendarContainer,"arrowLeft",!at&&!Wt),On(t.calendarContainer,"arrowCenter",at),On(t.calendarContainer,"arrowRight",Wt);var pn=window.document.body.offsetWidth-(window.pageXOffset+Je.right),mn=Qe+Se>window.document.body.offsetWidth,_o=pn+Se>window.document.body.offsetWidth;if(On(t.calendarContainer,"rightMost",mn),!t.config.static)if(t.calendarContainer.style.top=He+"px",!mn)t.calendarContainer.style.left=Qe+"px",t.calendarContainer.style.right="auto";else if(!_o)t.calendarContainer.style.left="auto",t.calendarContainer.style.right=pn+"px";else{var ql=Ne();if(ql===void 0)return;var go=window.document.body.offsetWidth,hs=Math.max(0,go/2-Se/2),Ii=".flatpickr-calendar.centerMost:before",dl=".flatpickr-calendar.centerMost:after",pl=ql.cssRules.length,jl="{left:"+Je.left+"px;right:auto;}";On(t.calendarContainer,"rightMost",!1),On(t.calendarContainer,"centerMost",!0),ql.insertRule(Ii+","+dl+jl,pl),t.calendarContainer.style.left=hs+"px",t.calendarContainer.style.right="auto"}}}}function Ne(){for(var X=null,ee=0;eet.currentMonth+t.config.showMonths-1)&&t.config.mode!=="range";if(t.selectedDateElem=Se,t.config.mode==="single")t.selectedDates=[Fe];else if(t.config.mode==="multiple"){var rt=ul(Fe);rt?t.selectedDates.splice(parseInt(rt),1):t.selectedDates.push(Fe)}else t.config.mode==="range"&&(t.selectedDates.length===2&&t.clear(!1,!1),t.latestSelectedDateObj=Fe,t.selectedDates.push(Fe),Bn(Fe,t.selectedDates[0],!0)!==0&&t.selectedDates.sort(function(He,Qe){return He.getTime()-Qe.getTime()}));if(c(),Ve){var Je=t.currentYear!==Fe.getFullYear();t.currentYear=Fe.getFullYear(),t.currentMonth=Fe.getMonth(),Je&&(It("onYearChange"),z()),It("onMonthChange")}if(Vi(),R(),An(),!Ve&&t.config.mode!=="range"&&t.config.showMonths===1?L(Se):t.selectedDateElem!==void 0&&t.hourElement===void 0&&t.selectedDateElem&&t.selectedDateElem.focus(),t.hourElement!==void 0&&t.hourElement!==void 0&&t.hourElement.focus(),t.config.closeOnSelect){var ue=t.config.mode==="single"&&!t.config.enableTime,ye=t.config.mode==="range"&&t.selectedDates.length===2&&!t.config.enableTime;(ue||ye)&&Ut()}_()}}var Pe={locale:[nt,G],showMonths:[B,r,Z],minDate:[S],maxDate:[S],positionElement:[yt],clickOpens:[function(){t.config.clickOpens===!0?(g(t._input,"focus",t.open),g(t._input,"click",t.open)):(t._input.removeEventListener("focus",t.open),t._input.removeEventListener("click",t.open))}]};function jt(X,ee){if(X!==null&&typeof X=="object"){Object.assign(t.config,X);for(var le in X)Pe[le]!==void 0&&Pe[le].forEach(function(Se){return Se()})}else t.config[X]=ee,Pe[X]!==void 0?Pe[X].forEach(function(Se){return Se()}):$a.indexOf(X)>-1&&(t.config[X]=Ca(ee));t.redraw(),An(!0)}function Gt(X,ee){var le=[];if(X instanceof Array)le=X.map(function(Se){return t.parseDate(Se,ee)});else if(X instanceof Date||typeof X=="number")le=[t.parseDate(X,ee)];else if(typeof X=="string")switch(t.config.mode){case"single":case"time":le=[t.parseDate(X,ee)];break;case"multiple":le=X.split(t.config.conjunction).map(function(Se){return t.parseDate(Se,ee)});break;case"range":le=X.split(t.l10n.rangeSeparator).map(function(Se){return t.parseDate(Se,ee)});break}else t.config.errorHandler(new Error("Invalid date supplied: "+JSON.stringify(X)));t.selectedDates=t.config.allowInvalidPreload?le:le.filter(function(Se){return Se instanceof Date&&xe(Se,!1)}),t.config.mode==="range"&&t.selectedDates.sort(function(Se,Fe){return Se.getTime()-Fe.getTime()})}function gn(X,ee,le){if(ee===void 0&&(ee=!1),le===void 0&&(le=t.config.dateFormat),X!==0&&!X||X instanceof Array&&X.length===0)return t.clear(ee);Gt(X,le),t.latestSelectedDateObj=t.selectedDates[t.selectedDates.length-1],t.redraw(),S(void 0,ee),d(),t.selectedDates.length===0&&t.clear(!1),An(ee),ee&&It("onChange")}function dn(X){return X.slice().map(function(ee){return typeof ee=="string"||typeof ee=="number"||ee instanceof Date?t.parseDate(ee,void 0,!0):ee&&typeof ee=="object"&&ee.from&&ee.to?{from:t.parseDate(ee.from,void 0),to:t.parseDate(ee.to,void 0)}:ee}).filter(function(ee){return ee})}function Ei(){t.selectedDates=[],t.now=t.parseDate(t.config.now)||new Date;var X=t.config.defaultDate||((t.input.nodeName==="INPUT"||t.input.nodeName==="TEXTAREA")&&t.input.placeholder&&t.input.value===t.input.placeholder?null:t.input.value);X&&Gt(X,t.config.dateFormat),t._initialDate=t.selectedDates.length>0?t.selectedDates[0]:t.config.minDate&&t.config.minDate.getTime()>t.now.getTime()?t.config.minDate:t.config.maxDate&&t.config.maxDate.getTime()0&&(t.latestSelectedDateObj=t.selectedDates[0]),t.config.minTime!==void 0&&(t.config.minTime=t.parseDate(t.config.minTime,"H:i")),t.config.maxTime!==void 0&&(t.config.maxTime=t.parseDate(t.config.maxTime,"H:i")),t.minDateHasTime=!!t.config.minDate&&(t.config.minDate.getHours()>0||t.config.minDate.getMinutes()>0||t.config.minDate.getSeconds()>0),t.maxDateHasTime=!!t.config.maxDate&&(t.config.maxDate.getHours()>0||t.config.maxDate.getMinutes()>0||t.config.maxDate.getSeconds()>0)}function ri(){if(t.input=Te(),!t.input){t.config.errorHandler(new Error("Invalid input element specified"));return}t.input._type=t.input.type,t.input.type="text",t.input.classList.add("flatpickr-input"),t._input=t.input,t.config.altInput&&(t.altInput=Mt(t.input.nodeName,t.config.altInputClass),t._input=t.altInput,t.altInput.placeholder=t.input.placeholder,t.altInput.disabled=t.input.disabled,t.altInput.required=t.input.required,t.altInput.tabIndex=t.input.tabIndex,t.altInput.type="text",t.input.setAttribute("type","hidden"),!t.config.static&&t.input.parentNode&&t.input.parentNode.insertBefore(t.altInput,t.input.nextSibling)),t.config.allowInput||t._input.setAttribute("readonly","readonly"),yt()}function yt(){t._positionElement=t.config.positionElement||t._input}function Zn(){var X=t.config.enableTime?t.config.noCalendar?"time":"datetime-local":"date";t.mobileInput=Mt("input",t.input.className+" flatpickr-mobile"),t.mobileInput.tabIndex=1,t.mobileInput.type=X,t.mobileInput.disabled=t.input.disabled,t.mobileInput.required=t.input.required,t.mobileInput.placeholder=t.input.placeholder,t.mobileFormatStr=X==="datetime-local"?"Y-m-d\\TH:i:S":X==="date"?"Y-m-d":"H:i:S",t.selectedDates.length>0&&(t.mobileInput.defaultValue=t.mobileInput.value=t.formatDate(t.selectedDates[0],t.mobileFormatStr)),t.config.minDate&&(t.mobileInput.min=t.formatDate(t.config.minDate,"Y-m-d")),t.config.maxDate&&(t.mobileInput.max=t.formatDate(t.config.maxDate,"Y-m-d")),t.input.getAttribute("step")&&(t.mobileInput.step=String(t.input.getAttribute("step"))),t.input.type="hidden",t.altInput!==void 0&&(t.altInput.type="hidden");try{t.input.parentNode&&t.input.parentNode.insertBefore(t.mobileInput,t.input.nextSibling)}catch{}g(t.mobileInput,"change",function(ee){t.setDate(Vn(ee).value,!1,t.mobileFormatStr),It("onChange"),It("onClose")})}function un(X){if(t.isOpen===!0)return t.close();t.open(X)}function It(X,ee){if(t.config!==void 0){var le=t.config[X];if(le!==void 0&&le.length>0)for(var Se=0;le[Se]&&Se=0&&Bn(X,t.selectedDates[1])<=0}function Vi(){t.config.noCalendar||t.isMobile||!t.monthNav||(t.yearElements.forEach(function(X,ee){var le=new Date(t.currentYear,t.currentMonth,1);le.setMonth(t.currentMonth+ee),t.config.showMonths>1||t.config.monthSelectorType==="static"?t.monthElements[ee].textContent=yr(le.getMonth(),t.config.shorthandCurrentMonth,t.l10n)+" ":t.monthsDropdownContainer.value=le.getMonth().toString(),X.value=le.getFullYear().toString()}),t._hidePrevMonthArrow=t.config.minDate!==void 0&&(t.currentYear===t.config.minDate.getFullYear()?t.currentMonth<=t.config.minDate.getMonth():t.currentYeart.config.maxDate.getMonth():t.currentYear>t.config.maxDate.getFullYear()))}function fl(X){var ee=X||(t.config.altInput?t.config.altFormat:t.config.dateFormat);return t.selectedDates.map(function(le){return t.formatDate(le,ee)}).filter(function(le,Se,Fe){return t.config.mode!=="range"||t.config.enableTime||Fe.indexOf(le)===Se}).join(t.config.mode!=="range"?t.config.conjunction:t.l10n.rangeSeparator)}function An(X){X===void 0&&(X=!0),t.mobileInput!==void 0&&t.mobileFormatStr&&(t.mobileInput.value=t.latestSelectedDateObj!==void 0?t.formatDate(t.latestSelectedDateObj,t.mobileFormatStr):""),t.input.value=fl(t.config.dateFormat),t.altInput!==void 0&&(t.altInput.value=fl(t.config.altFormat)),X!==!1&&It("onValueUpdate")}function Fl(X){var ee=Vn(X),le=t.prevMonthNav.contains(ee),Se=t.nextMonthNav.contains(ee);le||Se?pe(le?-1:1):t.yearElements.indexOf(ee)>=0?ee.select():ee.classList.contains("arrowUp")?t.changeYear(t.currentYear+1):ee.classList.contains("arrowDown")&&t.changeYear(t.currentYear-1)}function cl(X){X.preventDefault();var ee=X.type==="keydown",le=Vn(X),Se=le;t.amPM!==void 0&&le===t.amPM&&(t.amPM.textContent=t.l10n.amPM[xn(t.amPM.textContent===t.l10n.amPM[0])]);var Fe=parseFloat(Se.getAttribute("min")),Ve=parseFloat(Se.getAttribute("max")),rt=parseFloat(Se.getAttribute("step")),Je=parseInt(Se.value,10),ue=X.delta||(ee?X.which===38?1:-1:0),ye=Je+rt*ue;if(typeof Se.value<"u"&&Se.value.length===2){var He=Se===t.hourElement,Qe=Se===t.minuteElement;yeVe&&(ye=Se===t.hourElement?ye-Ve-xn(!t.amPM):Fe,Qe&&T(void 0,1,t.hourElement)),t.amPM&&He&&(rt===1?ye+Je===23:Math.abs(ye-Je)>rt)&&(t.amPM.textContent=t.l10n.amPM[xn(t.amPM.textContent===t.l10n.amPM[0])]),Se.value=Nn(ye)}}return s(),t}function ts(n,e){for(var t=Array.prototype.slice.call(n).filter(function(o){return o instanceof HTMLElement}),i=[],s=0;st===e[i]))}function nE(n,e,t){const i=["value","formattedValue","element","dateFormat","options","input","flatpickr"];let s=lt(e,i),{$$slots:l={},$$scope:o}=e;const r=new Set(["onChange","onOpen","onClose","onMonthChange","onYearChange","onReady","onValueUpdate","onDayCreate"]);let{value:a=void 0,formattedValue:u="",element:f=void 0,dateFormat:c=void 0}=e,{options:d={}}=e,m=!1,{input:h=void 0,flatpickr:g=void 0}=e;an(()=>{const T=f??h,O=k(d);return O.onReady.push((E,L,I)=>{a===void 0&&S(E,L,I),_n().then(()=>{t(8,m=!0)})}),t(3,g=sn(T,Object.assign(O,f?{wrap:!0}:{}))),()=>{g.destroy()}});const _=wt();function k(T={}){T=Object.assign({},T);for(const O of r){const E=(L,I,A)=>{_(tE(O),[L,I,A])};O in T?(Array.isArray(T[O])||(T[O]=[T[O]]),T[O].push(E)):T[O]=[E]}return T.onChange&&!T.onChange.includes(S)&&T.onChange.push(S),T}function S(T,O,E){const L=lh(E,T);!sh(a,L)&&(a||L)&&t(2,a=L),t(4,u=O)}function $(T){ne[T?"unshift":"push"](()=>{h=T,t(0,h)})}return n.$$set=T=>{e=je(je({},e),Kt(T)),t(1,s=lt(e,i)),"value"in T&&t(2,a=T.value),"formattedValue"in T&&t(4,u=T.formattedValue),"element"in T&&t(5,f=T.element),"dateFormat"in T&&t(6,c=T.dateFormat),"options"in T&&t(7,d=T.options),"input"in T&&t(0,h=T.input),"flatpickr"in T&&t(3,g=T.flatpickr),"$$scope"in T&&t(9,o=T.$$scope)},n.$$.update=()=>{if(n.$$.dirty&332&&g&&m&&(sh(a,lh(g,g.selectedDates))||g.setDate(a,!0,c)),n.$$.dirty&392&&g&&m)for(const[T,O]of Object.entries(k(d)))g.set(T,O)},[h,s,a,g,u,f,c,d,m,o,l,$]}class sf extends we{constructor(e){super(),ve(this,e,nE,eE,be,{value:2,formattedValue:4,element:5,dateFormat:6,options:7,input:0,flatpickr:3})}}function iE(n){let e,t,i,s,l,o,r,a;function u(d){n[6](d)}function f(d){n[7](d)}let c={id:n[16],options:U.defaultFlatpickrOptions()};return n[2]!==void 0&&(c.value=n[2]),n[0].min!==void 0&&(c.formattedValue=n[0].min),l=new sf({props:c}),ne.push(()=>ge(l,"value",u)),ne.push(()=>ge(l,"formattedValue",f)),l.$on("close",n[8]),{c(){e=b("label"),t=W("Min date (UTC)"),s=C(),H(l.$$.fragment),p(e,"for",i=n[16])},m(d,m){w(d,e,m),y(e,t),w(d,s,m),q(l,d,m),a=!0},p(d,m){(!a||m&65536&&i!==(i=d[16]))&&p(e,"for",i);const h={};m&65536&&(h.id=d[16]),!o&&m&4&&(o=!0,h.value=d[2],$e(()=>o=!1)),!r&&m&1&&(r=!0,h.formattedValue=d[0].min,$e(()=>r=!1)),l.$set(h)},i(d){a||(M(l.$$.fragment,d),a=!0)},o(d){D(l.$$.fragment,d),a=!1},d(d){d&&(v(e),v(s)),j(l,d)}}}function lE(n){let e,t,i,s,l,o,r,a;function u(d){n[9](d)}function f(d){n[10](d)}let c={id:n[16],options:U.defaultFlatpickrOptions()};return n[3]!==void 0&&(c.value=n[3]),n[0].max!==void 0&&(c.formattedValue=n[0].max),l=new sf({props:c}),ne.push(()=>ge(l,"value",u)),ne.push(()=>ge(l,"formattedValue",f)),l.$on("close",n[11]),{c(){e=b("label"),t=W("Max date (UTC)"),s=C(),H(l.$$.fragment),p(e,"for",i=n[16])},m(d,m){w(d,e,m),y(e,t),w(d,s,m),q(l,d,m),a=!0},p(d,m){(!a||m&65536&&i!==(i=d[16]))&&p(e,"for",i);const h={};m&65536&&(h.id=d[16]),!o&&m&8&&(o=!0,h.value=d[3],$e(()=>o=!1)),!r&&m&1&&(r=!0,h.formattedValue=d[0].max,$e(()=>r=!1)),l.$set(h)},i(d){a||(M(l.$$.fragment,d),a=!0)},o(d){D(l.$$.fragment,d),a=!1},d(d){d&&(v(e),v(s)),j(l,d)}}}function sE(n){let e,t,i,s,l,o,r;return i=new fe({props:{class:"form-field",name:"fields."+n[1]+".min",$$slots:{default:[iE,({uniqueId:a})=>({16:a}),({uniqueId:a})=>a?65536:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field",name:"fields."+n[1]+".max",$$slots:{default:[lE,({uniqueId:a})=>({16:a}),({uniqueId:a})=>a?65536:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),H(i.$$.fragment),s=C(),l=b("div"),H(o.$$.fragment),p(t,"class","col-sm-6"),p(l,"class","col-sm-6"),p(e,"class","grid grid-sm")},m(a,u){w(a,e,u),y(e,t),q(i,t,null),y(e,s),y(e,l),q(o,l,null),r=!0},p(a,u){const f={};u&2&&(f.name="fields."+a[1]+".min"),u&196613&&(f.$$scope={dirty:u,ctx:a}),i.$set(f);const c={};u&2&&(c.name="fields."+a[1]+".max"),u&196617&&(c.$$scope={dirty:u,ctx:a}),o.$set(c)},i(a){r||(M(i.$$.fragment,a),M(o.$$.fragment,a),r=!0)},o(a){D(i.$$.fragment,a),D(o.$$.fragment,a),r=!1},d(a){a&&v(e),j(i),j(o)}}}function oE(n){let e,t,i;const s=[{key:n[1]},n[5]];function l(r){n[12](r)}let o={$$slots:{options:[sE]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[13]),e.$on("remove",n[14]),e.$on("duplicate",n[15]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&34?vt(s,[a&2&&{key:r[1]},a&32&&At(r[5])]):{};a&131087&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function rE(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e,r=l==null?void 0:l.min,a=l==null?void 0:l.max;function u(T,O){T.detail&&T.detail.length==3&&t(0,l[O]=T.detail[1],l)}function f(T){r=T,t(2,r),t(0,l)}function c(T){n.$$.not_equal(l.min,T)&&(l.min=T,t(0,l))}const d=T=>u(T,"min");function m(T){a=T,t(3,a),t(0,l)}function h(T){n.$$.not_equal(l.max,T)&&(l.max=T,t(0,l))}const g=T=>u(T,"max");function _(T){l=T,t(0,l)}function k(T){Le.call(this,n,T)}function S(T){Le.call(this,n,T)}function $(T){Le.call(this,n,T)}return n.$$set=T=>{e=je(je({},e),Kt(T)),t(5,s=lt(e,i)),"field"in T&&t(0,l=T.field),"key"in T&&t(1,o=T.key)},n.$$.update=()=>{n.$$.dirty&5&&r!=(l==null?void 0:l.min)&&t(2,r=l==null?void 0:l.min),n.$$.dirty&9&&a!=(l==null?void 0:l.max)&&t(3,a=l==null?void 0:l.max)},[l,o,r,a,u,s,f,c,d,m,h,g,_,k,S,$]}class aE extends we{constructor(e){super(),ve(this,e,rE,oE,be,{field:0,key:1})}}function uE(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Max size "),i=b("small"),i.textContent="(bytes)",l=C(),o=b("input"),p(e,"for",s=n[9]),p(o,"type","number"),p(o,"id",r=n[9]),p(o,"step","1"),p(o,"min","0"),p(o,"max",Number.MAX_SAFE_INTEGER),o.value=a=n[0].maxSize||"",p(o,"placeholder","Default to max ~5MB")},m(c,d){w(c,e,d),y(e,t),y(e,i),w(c,l,d),w(c,o,d),u||(f=Y(o,"input",n[3]),u=!0)},p(c,d){d&512&&s!==(s=c[9])&&p(e,"for",s),d&512&&r!==(r=c[9])&&p(o,"id",r),d&1&&a!==(a=c[0].maxSize||"")&&o.value!==a&&(o.value=a)},d(c){c&&(v(e),v(l),v(o)),u=!1,f()}}}function fE(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),l.textContent="Strip urls domain",o=C(),r=b("i"),p(e,"type","checkbox"),p(e,"id",t=n[9]),p(l,"class","txt"),p(r,"class","ri-information-line link-hint"),p(s,"for",a=n[9])},m(c,d){w(c,e,d),e.checked=n[0].convertURLs,w(c,i,d),w(c,s,d),y(s,l),y(s,o),y(s,r),u||(f=[Y(e,"change",n[4]),Oe(Re.call(null,r,{text:"This could help making the editor content more portable between environments since there will be no local base url to replace."}))],u=!0)},p(c,d){d&512&&t!==(t=c[9])&&p(e,"id",t),d&1&&(e.checked=c[0].convertURLs),d&512&&a!==(a=c[9])&&p(s,"for",a)},d(c){c&&(v(e),v(i),v(s)),u=!1,Ee(f)}}}function cE(n){let e,t,i,s;return e=new fe({props:{class:"form-field m-b-sm",name:"fields."+n[1]+".maxSize",$$slots:{default:[uE,({uniqueId:l})=>({9:l}),({uniqueId:l})=>l?512:0]},$$scope:{ctx:n}}}),i=new fe({props:{class:"form-field form-field-toggle",name:"fields."+n[1]+".convertURLs",$$slots:{default:[fE,({uniqueId:l})=>({9:l}),({uniqueId:l})=>l?512:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment),t=C(),H(i.$$.fragment)},m(l,o){q(e,l,o),w(l,t,o),q(i,l,o),s=!0},p(l,o){const r={};o&2&&(r.name="fields."+l[1]+".maxSize"),o&1537&&(r.$$scope={dirty:o,ctx:l}),e.$set(r);const a={};o&2&&(a.name="fields."+l[1]+".convertURLs"),o&1537&&(a.$$scope={dirty:o,ctx:l}),i.$set(a)},i(l){s||(M(e.$$.fragment,l),M(i.$$.fragment,l),s=!0)},o(l){D(e.$$.fragment,l),D(i.$$.fragment,l),s=!1},d(l){l&&v(t),j(e,l),j(i,l)}}}function dE(n){let e,t,i;const s=[{key:n[1]},n[2]];function l(r){n[5](r)}let o={$$slots:{options:[cE]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[6]),e.$on("remove",n[7]),e.$on("duplicate",n[8]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&6?vt(s,[a&2&&{key:r[1]},a&4&&At(r[2])]):{};a&1027&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function pE(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e;const r=m=>t(0,l.maxSize=parseInt(m.target.value,10),l);function a(){l.convertURLs=this.checked,t(0,l)}function u(m){l=m,t(0,l)}function f(m){Le.call(this,n,m)}function c(m){Le.call(this,n,m)}function d(m){Le.call(this,n,m)}return n.$$set=m=>{e=je(je({},e),Kt(m)),t(2,s=lt(e,i)),"field"in m&&t(0,l=m.field),"key"in m&&t(1,o=m.key)},[l,o,s,r,a,u,f,c,d]}class mE extends we{constructor(e){super(),ve(this,e,pE,dE,be,{field:0,key:1})}}function hE(n){let e,t,i,s,l,o,r,a,u,f,c,d,m;function h(_){n[3](_)}let g={id:n[9],disabled:!U.isEmpty(n[0].onlyDomains)};return n[0].exceptDomains!==void 0&&(g.value=n[0].exceptDomains),r=new ho({props:g}),ne.push(()=>ge(r,"value",h)),{c(){e=b("label"),t=b("span"),t.textContent="Except domains",i=C(),s=b("i"),o=C(),H(r.$$.fragment),u=C(),f=b("div"),f.textContent="Use comma as separator.",p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[9]),p(f,"class","help-block")},m(_,k){w(_,e,k),y(e,t),y(e,i),y(e,s),w(_,o,k),q(r,_,k),w(_,u,k),w(_,f,k),c=!0,d||(m=Oe(Re.call(null,s,{text:`List of domains that are NOT allowed. + This field is disabled if "Only domains" is set.`,position:"top"})),d=!0)},p(_,k){(!c||k&512&&l!==(l=_[9]))&&p(e,"for",l);const S={};k&512&&(S.id=_[9]),k&1&&(S.disabled=!U.isEmpty(_[0].onlyDomains)),!a&&k&1&&(a=!0,S.value=_[0].exceptDomains,$e(()=>a=!1)),r.$set(S)},i(_){c||(M(r.$$.fragment,_),c=!0)},o(_){D(r.$$.fragment,_),c=!1},d(_){_&&(v(e),v(o),v(u),v(f)),j(r,_),d=!1,m()}}}function _E(n){let e,t,i,s,l,o,r,a,u,f,c,d,m;function h(_){n[4](_)}let g={id:n[9]+".onlyDomains",disabled:!U.isEmpty(n[0].exceptDomains)};return n[0].onlyDomains!==void 0&&(g.value=n[0].onlyDomains),r=new ho({props:g}),ne.push(()=>ge(r,"value",h)),{c(){e=b("label"),t=b("span"),t.textContent="Only domains",i=C(),s=b("i"),o=C(),H(r.$$.fragment),u=C(),f=b("div"),f.textContent="Use comma as separator.",p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[9]+".onlyDomains"),p(f,"class","help-block")},m(_,k){w(_,e,k),y(e,t),y(e,i),y(e,s),w(_,o,k),q(r,_,k),w(_,u,k),w(_,f,k),c=!0,d||(m=Oe(Re.call(null,s,{text:`List of domains that are ONLY allowed. + This field is disabled if "Except domains" is set.`,position:"top"})),d=!0)},p(_,k){(!c||k&512&&l!==(l=_[9]+".onlyDomains"))&&p(e,"for",l);const S={};k&512&&(S.id=_[9]+".onlyDomains"),k&1&&(S.disabled=!U.isEmpty(_[0].exceptDomains)),!a&&k&1&&(a=!0,S.value=_[0].onlyDomains,$e(()=>a=!1)),r.$set(S)},i(_){c||(M(r.$$.fragment,_),c=!0)},o(_){D(r.$$.fragment,_),c=!1},d(_){_&&(v(e),v(o),v(u),v(f)),j(r,_),d=!1,m()}}}function gE(n){let e,t,i,s,l,o,r;return i=new fe({props:{class:"form-field",name:"fields."+n[1]+".exceptDomains",$$slots:{default:[hE,({uniqueId:a})=>({9:a}),({uniqueId:a})=>a?512:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field",name:"fields."+n[1]+".onlyDomains",$$slots:{default:[_E,({uniqueId:a})=>({9:a}),({uniqueId:a})=>a?512:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),H(i.$$.fragment),s=C(),l=b("div"),H(o.$$.fragment),p(t,"class","col-sm-6"),p(l,"class","col-sm-6"),p(e,"class","grid grid-sm")},m(a,u){w(a,e,u),y(e,t),q(i,t,null),y(e,s),y(e,l),q(o,l,null),r=!0},p(a,u){const f={};u&2&&(f.name="fields."+a[1]+".exceptDomains"),u&1537&&(f.$$scope={dirty:u,ctx:a}),i.$set(f);const c={};u&2&&(c.name="fields."+a[1]+".onlyDomains"),u&1537&&(c.$$scope={dirty:u,ctx:a}),o.$set(c)},i(a){r||(M(i.$$.fragment,a),M(o.$$.fragment,a),r=!0)},o(a){D(i.$$.fragment,a),D(o.$$.fragment,a),r=!1},d(a){a&&v(e),j(i),j(o)}}}function bE(n){let e,t,i;const s=[{key:n[1]},n[2]];function l(r){n[5](r)}let o={$$slots:{options:[gE]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[6]),e.$on("remove",n[7]),e.$on("duplicate",n[8]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&6?vt(s,[a&2&&{key:r[1]},a&4&&At(r[2])]):{};a&1027&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function kE(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e;function r(m){n.$$.not_equal(l.exceptDomains,m)&&(l.exceptDomains=m,t(0,l))}function a(m){n.$$.not_equal(l.onlyDomains,m)&&(l.onlyDomains=m,t(0,l))}function u(m){l=m,t(0,l)}function f(m){Le.call(this,n,m)}function c(m){Le.call(this,n,m)}function d(m){Le.call(this,n,m)}return n.$$set=m=>{e=je(je({},e),Kt(m)),t(2,s=lt(e,i)),"field"in m&&t(0,l=m.field),"key"in m&&t(1,o=m.key)},[l,o,s,r,a,u,f,c,d]}class Ay extends we{constructor(e){super(),ve(this,e,kE,bE,be,{field:0,key:1})}}function yE(n){let e,t=(n[0].ext||"N/A")+"",i,s,l,o=n[0].mimeType+"",r;return{c(){e=b("span"),i=W(t),s=C(),l=b("small"),r=W(o),p(e,"class","txt"),p(l,"class","txt-hint")},m(a,u){w(a,e,u),y(e,i),w(a,s,u),w(a,l,u),y(l,r)},p(a,[u]){u&1&&t!==(t=(a[0].ext||"N/A")+"")&&se(i,t),u&1&&o!==(o=a[0].mimeType+"")&&se(r,o)},i:te,o:te,d(a){a&&(v(e),v(s),v(l))}}}function vE(n,e,t){let{item:i={}}=e;return n.$$set=s=>{"item"in s&&t(0,i=s.item)},[i]}class oh extends we{constructor(e){super(),ve(this,e,vE,yE,be,{item:0})}}const wE=[{ext:"",mimeType:"application/octet-stream"},{ext:".xpm",mimeType:"image/x-xpixmap"},{ext:".7z",mimeType:"application/x-7z-compressed"},{ext:".zip",mimeType:"application/zip"},{ext:".xlsx",mimeType:"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"},{ext:".docx",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document"},{ext:".pptx",mimeType:"application/vnd.openxmlformats-officedocument.presentationml.presentation"},{ext:".epub",mimeType:"application/epub+zip"},{ext:".apk",mimeType:"application/vnd.android.package-archive"},{ext:".jar",mimeType:"application/jar"},{ext:".odt",mimeType:"application/vnd.oasis.opendocument.text"},{ext:".ott",mimeType:"application/vnd.oasis.opendocument.text-template"},{ext:".ods",mimeType:"application/vnd.oasis.opendocument.spreadsheet"},{ext:".ots",mimeType:"application/vnd.oasis.opendocument.spreadsheet-template"},{ext:".odp",mimeType:"application/vnd.oasis.opendocument.presentation"},{ext:".otp",mimeType:"application/vnd.oasis.opendocument.presentation-template"},{ext:".odg",mimeType:"application/vnd.oasis.opendocument.graphics"},{ext:".otg",mimeType:"application/vnd.oasis.opendocument.graphics-template"},{ext:".odf",mimeType:"application/vnd.oasis.opendocument.formula"},{ext:".odc",mimeType:"application/vnd.oasis.opendocument.chart"},{ext:".sxc",mimeType:"application/vnd.sun.xml.calc"},{ext:".pdf",mimeType:"application/pdf"},{ext:".fdf",mimeType:"application/vnd.fdf"},{ext:"",mimeType:"application/x-ole-storage"},{ext:".msi",mimeType:"application/x-ms-installer"},{ext:".aaf",mimeType:"application/octet-stream"},{ext:".msg",mimeType:"application/vnd.ms-outlook"},{ext:".xls",mimeType:"application/vnd.ms-excel"},{ext:".pub",mimeType:"application/vnd.ms-publisher"},{ext:".ppt",mimeType:"application/vnd.ms-powerpoint"},{ext:".doc",mimeType:"application/msword"},{ext:".ps",mimeType:"application/postscript"},{ext:".psd",mimeType:"image/vnd.adobe.photoshop"},{ext:".p7s",mimeType:"application/pkcs7-signature"},{ext:".ogg",mimeType:"application/ogg"},{ext:".oga",mimeType:"audio/ogg"},{ext:".ogv",mimeType:"video/ogg"},{ext:".png",mimeType:"image/png"},{ext:".png",mimeType:"image/vnd.mozilla.apng"},{ext:".jpg",mimeType:"image/jpeg"},{ext:".jxl",mimeType:"image/jxl"},{ext:".jp2",mimeType:"image/jp2"},{ext:".jpf",mimeType:"image/jpx"},{ext:".jpm",mimeType:"image/jpm"},{ext:".jxs",mimeType:"image/jxs"},{ext:".gif",mimeType:"image/gif"},{ext:".webp",mimeType:"image/webp"},{ext:".exe",mimeType:"application/vnd.microsoft.portable-executable"},{ext:"",mimeType:"application/x-elf"},{ext:"",mimeType:"application/x-object"},{ext:"",mimeType:"application/x-executable"},{ext:".so",mimeType:"application/x-sharedlib"},{ext:"",mimeType:"application/x-coredump"},{ext:".a",mimeType:"application/x-archive"},{ext:".deb",mimeType:"application/vnd.debian.binary-package"},{ext:".tar",mimeType:"application/x-tar"},{ext:".xar",mimeType:"application/x-xar"},{ext:".bz2",mimeType:"application/x-bzip2"},{ext:".fits",mimeType:"application/fits"},{ext:".tiff",mimeType:"image/tiff"},{ext:".bmp",mimeType:"image/bmp"},{ext:".ico",mimeType:"image/x-icon"},{ext:".mp3",mimeType:"audio/mpeg"},{ext:".flac",mimeType:"audio/flac"},{ext:".midi",mimeType:"audio/midi"},{ext:".ape",mimeType:"audio/ape"},{ext:".mpc",mimeType:"audio/musepack"},{ext:".amr",mimeType:"audio/amr"},{ext:".wav",mimeType:"audio/wav"},{ext:".aiff",mimeType:"audio/aiff"},{ext:".au",mimeType:"audio/basic"},{ext:".mpeg",mimeType:"video/mpeg"},{ext:".mov",mimeType:"video/quicktime"},{ext:".mp4",mimeType:"video/mp4"},{ext:".avif",mimeType:"image/avif"},{ext:".3gp",mimeType:"video/3gpp"},{ext:".3g2",mimeType:"video/3gpp2"},{ext:".mp4",mimeType:"audio/mp4"},{ext:".mqv",mimeType:"video/quicktime"},{ext:".m4a",mimeType:"audio/x-m4a"},{ext:".m4v",mimeType:"video/x-m4v"},{ext:".heic",mimeType:"image/heic"},{ext:".heic",mimeType:"image/heic-sequence"},{ext:".heif",mimeType:"image/heif"},{ext:".heif",mimeType:"image/heif-sequence"},{ext:".mj2",mimeType:"video/mj2"},{ext:".dvb",mimeType:"video/vnd.dvb.file"},{ext:".webm",mimeType:"video/webm"},{ext:".avi",mimeType:"video/x-msvideo"},{ext:".flv",mimeType:"video/x-flv"},{ext:".mkv",mimeType:"video/x-matroska"},{ext:".asf",mimeType:"video/x-ms-asf"},{ext:".aac",mimeType:"audio/aac"},{ext:".voc",mimeType:"audio/x-unknown"},{ext:".m3u",mimeType:"application/vnd.apple.mpegurl"},{ext:".rmvb",mimeType:"application/vnd.rn-realmedia-vbr"},{ext:".gz",mimeType:"application/gzip"},{ext:".class",mimeType:"application/x-java-applet"},{ext:".swf",mimeType:"application/x-shockwave-flash"},{ext:".crx",mimeType:"application/x-chrome-extension"},{ext:".ttf",mimeType:"font/ttf"},{ext:".woff",mimeType:"font/woff"},{ext:".woff2",mimeType:"font/woff2"},{ext:".otf",mimeType:"font/otf"},{ext:".ttc",mimeType:"font/collection"},{ext:".eot",mimeType:"application/vnd.ms-fontobject"},{ext:".wasm",mimeType:"application/wasm"},{ext:".shx",mimeType:"application/vnd.shx"},{ext:".shp",mimeType:"application/vnd.shp"},{ext:".dbf",mimeType:"application/x-dbf"},{ext:".dcm",mimeType:"application/dicom"},{ext:".rar",mimeType:"application/x-rar-compressed"},{ext:".djvu",mimeType:"image/vnd.djvu"},{ext:".mobi",mimeType:"application/x-mobipocket-ebook"},{ext:".lit",mimeType:"application/x-ms-reader"},{ext:".bpg",mimeType:"image/bpg"},{ext:".cbor",mimeType:"application/cbor"},{ext:".sqlite",mimeType:"application/vnd.sqlite3"},{ext:".dwg",mimeType:"image/vnd.dwg"},{ext:".nes",mimeType:"application/vnd.nintendo.snes.rom"},{ext:".lnk",mimeType:"application/x-ms-shortcut"},{ext:".macho",mimeType:"application/x-mach-binary"},{ext:".qcp",mimeType:"audio/qcelp"},{ext:".icns",mimeType:"image/x-icns"},{ext:".hdr",mimeType:"image/vnd.radiance"},{ext:".mrc",mimeType:"application/marc"},{ext:".mdb",mimeType:"application/x-msaccess"},{ext:".accdb",mimeType:"application/x-msaccess"},{ext:".zst",mimeType:"application/zstd"},{ext:".cab",mimeType:"application/vnd.ms-cab-compressed"},{ext:".rpm",mimeType:"application/x-rpm"},{ext:".xz",mimeType:"application/x-xz"},{ext:".lz",mimeType:"application/lzip"},{ext:".torrent",mimeType:"application/x-bittorrent"},{ext:".cpio",mimeType:"application/x-cpio"},{ext:"",mimeType:"application/tzif"},{ext:".xcf",mimeType:"image/x-xcf"},{ext:".pat",mimeType:"image/x-gimp-pat"},{ext:".gbr",mimeType:"image/x-gimp-gbr"},{ext:".glb",mimeType:"model/gltf-binary"},{ext:".cab",mimeType:"application/x-installshield"},{ext:".jxr",mimeType:"image/jxr"},{ext:".parquet",mimeType:"application/vnd.apache.parquet"},{ext:".txt",mimeType:"text/plain"},{ext:".html",mimeType:"text/html"},{ext:".svg",mimeType:"image/svg+xml"},{ext:".xml",mimeType:"text/xml"},{ext:".rss",mimeType:"application/rss+xml"},{ext:".atom",mimeType:"application/atom+xml"},{ext:".x3d",mimeType:"model/x3d+xml"},{ext:".kml",mimeType:"application/vnd.google-earth.kml+xml"},{ext:".xlf",mimeType:"application/x-xliff+xml"},{ext:".dae",mimeType:"model/vnd.collada+xml"},{ext:".gml",mimeType:"application/gml+xml"},{ext:".gpx",mimeType:"application/gpx+xml"},{ext:".tcx",mimeType:"application/vnd.garmin.tcx+xml"},{ext:".amf",mimeType:"application/x-amf"},{ext:".3mf",mimeType:"application/vnd.ms-package.3dmanufacturing-3dmodel+xml"},{ext:".xfdf",mimeType:"application/vnd.adobe.xfdf"},{ext:".owl",mimeType:"application/owl+xml"},{ext:".php",mimeType:"text/x-php"},{ext:".js",mimeType:"text/javascript"},{ext:".lua",mimeType:"text/x-lua"},{ext:".pl",mimeType:"text/x-perl"},{ext:".py",mimeType:"text/x-python"},{ext:".json",mimeType:"application/json"},{ext:".geojson",mimeType:"application/geo+json"},{ext:".har",mimeType:"application/json"},{ext:".ndjson",mimeType:"application/x-ndjson"},{ext:".rtf",mimeType:"text/rtf"},{ext:".srt",mimeType:"application/x-subrip"},{ext:".tcl",mimeType:"text/x-tcl"},{ext:".csv",mimeType:"text/csv"},{ext:".tsv",mimeType:"text/tab-separated-values"},{ext:".vcf",mimeType:"text/vcard"},{ext:".ics",mimeType:"text/calendar"},{ext:".warc",mimeType:"application/warc"},{ext:".vtt",mimeType:"text/vtt"}];function SE(n){let e,t,i;function s(o){n[16](o)}let l={id:n[23],items:n[4],readonly:!n[24]};return n[2]!==void 0&&(l.keyOfSelected=n[2]),e=new Ln({props:l}),ne.push(()=>ge(e,"keyOfSelected",s)),{c(){H(e.$$.fragment)},m(o,r){q(e,o,r),i=!0},p(o,r){const a={};r&8388608&&(a.id=o[23]),r&16777216&&(a.readonly=!o[24]),!t&&r&4&&(t=!0,a.keyOfSelected=o[2],$e(()=>t=!1)),e.$set(a)},i(o){i||(M(e.$$.fragment,o),i=!0)},o(o){D(e.$$.fragment,o),i=!1},d(o){j(e,o)}}}function TE(n){let e,t,i,s,l,o;return i=new fe({props:{class:"form-field form-field-single-multiple-select "+(n[24]?"":"readonly"),inlineError:!0,$$slots:{default:[SE,({uniqueId:r})=>({23:r}),({uniqueId:r})=>r?8388608:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=C(),H(i.$$.fragment),s=C(),l=b("div"),p(e,"class","separator"),p(l,"class","separator")},m(r,a){w(r,e,a),w(r,t,a),q(i,r,a),w(r,s,a),w(r,l,a),o=!0},p(r,a){const u={};a&16777216&&(u.class="form-field form-field-single-multiple-select "+(r[24]?"":"readonly")),a&58720260&&(u.$$scope={dirty:a,ctx:r}),i.$set(u)},i(r){o||(M(i.$$.fragment,r),o=!0)},o(r){D(i.$$.fragment,r),o=!1},d(r){r&&(v(e),v(t),v(s),v(l)),j(i,r)}}}function $E(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("button"),e.innerHTML='Images (jpg, png, svg, gif, webp)',t=C(),i=b("button"),i.innerHTML='Documents (pdf, doc/docx, xls/xlsx)',s=C(),l=b("button"),l.innerHTML='Videos (mp4, avi, mov, 3gp)',o=C(),r=b("button"),r.innerHTML='Archives (zip, 7zip, rar)',p(e,"type","button"),p(e,"class","dropdown-item closable"),p(e,"role","menuitem"),p(i,"type","button"),p(i,"class","dropdown-item closable"),p(i,"role","menuitem"),p(l,"type","button"),p(l,"class","dropdown-item closable"),p(l,"role","menuitem"),p(r,"type","button"),p(r,"class","dropdown-item closable"),p(r,"role","menuitem")},m(f,c){w(f,e,c),w(f,t,c),w(f,i,c),w(f,s,c),w(f,l,c),w(f,o,c),w(f,r,c),a||(u=[Y(e,"click",n[8]),Y(i,"click",n[9]),Y(l,"click",n[10]),Y(r,"click",n[11])],a=!0)},p:te,d(f){f&&(v(e),v(t),v(i),v(s),v(l),v(o),v(r)),a=!1,Ee(u)}}}function CE(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S,$;function T(E){n[7](E)}let O={id:n[23],multiple:!0,searchable:!0,closable:!1,selectionKey:"mimeType",selectPlaceholder:"No restriction",items:n[3],labelComponent:oh,optionComponent:oh};return n[0].mimeTypes!==void 0&&(O.keyOfSelected=n[0].mimeTypes),r=new Ln({props:O}),ne.push(()=>ge(r,"keyOfSelected",T)),_=new Dn({props:{class:"dropdown dropdown-sm dropdown-nowrap dropdown-left",$$slots:{default:[$E]},$$scope:{ctx:n}}}),{c(){e=b("label"),t=b("span"),t.textContent="Allowed mime types",i=C(),s=b("i"),o=C(),H(r.$$.fragment),u=C(),f=b("div"),c=b("div"),d=b("span"),d.textContent="Choose presets",m=C(),h=b("i"),g=C(),H(_.$$.fragment),p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[23]),p(d,"class","txt link-primary"),p(h,"class","ri-arrow-drop-down-fill"),p(h,"aria-hidden","true"),p(c,"tabindex","0"),p(c,"role","button"),p(c,"class","inline-flex flex-gap-0"),p(f,"class","help-block")},m(E,L){w(E,e,L),y(e,t),y(e,i),y(e,s),w(E,o,L),q(r,E,L),w(E,u,L),w(E,f,L),y(f,c),y(c,d),y(c,m),y(c,h),y(c,g),q(_,c,null),k=!0,S||($=Oe(Re.call(null,s,{text:`Allow files ONLY with the listed mime types. + Leave empty for no restriction.`,position:"top"})),S=!0)},p(E,L){(!k||L&8388608&&l!==(l=E[23]))&&p(e,"for",l);const I={};L&8388608&&(I.id=E[23]),L&8&&(I.items=E[3]),!a&&L&1&&(a=!0,I.keyOfSelected=E[0].mimeTypes,$e(()=>a=!1)),r.$set(I);const A={};L&33554433&&(A.$$scope={dirty:L,ctx:E}),_.$set(A)},i(E){k||(M(r.$$.fragment,E),M(_.$$.fragment,E),k=!0)},o(E){D(r.$$.fragment,E),D(_.$$.fragment,E),k=!1},d(E){E&&(v(e),v(o),v(u),v(f)),j(r,E),j(_),S=!1,$()}}}function OE(n){let e;return{c(){e=b("ul"),e.innerHTML=`
  • WxH + (e.g. 100x50) - crop to WxH viewbox (from center)
  • WxHt + (e.g. 100x50t) - crop to WxH viewbox (from top)
  • WxHb + (e.g. 100x50b) - crop to WxH viewbox (from bottom)
  • WxHf + (e.g. 100x50f) - fit inside a WxH viewbox (without cropping)
  • 0xH + (e.g. 0x50) - resize to H height preserving the aspect ratio
  • Wx0 + (e.g. 100x0) - resize to W width preserving the aspect ratio
    • `,p(e,"class","m-0")},m(t,i){w(t,e,i)},p:te,d(t){t&&v(e)}}}function ME(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S,$,T,O;function E(I){n[12](I)}let L={id:n[23],placeholder:"e.g. 50x50, 480x720"};return n[0].thumbs!==void 0&&(L.value=n[0].thumbs),r=new ho({props:L}),ne.push(()=>ge(r,"value",E)),S=new Dn({props:{class:"dropdown dropdown-sm dropdown-center dropdown-nowrap p-r-10",$$slots:{default:[OE]},$$scope:{ctx:n}}}),{c(){e=b("label"),t=b("span"),t.textContent="Thumb sizes",i=C(),s=b("i"),o=C(),H(r.$$.fragment),u=C(),f=b("div"),c=b("span"),c.textContent="Use comma as separator.",d=C(),m=b("button"),h=b("span"),h.textContent="Supported formats",g=C(),_=b("i"),k=C(),H(S.$$.fragment),p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",l=n[23]),p(c,"class","txt"),p(h,"class","txt link-primary"),p(_,"class","ri-arrow-drop-down-fill"),p(_,"aria-hidden","true"),p(m,"type","button"),p(m,"class","inline-flex flex-gap-0"),p(f,"class","help-block")},m(I,A){w(I,e,A),y(e,t),y(e,i),y(e,s),w(I,o,A),q(r,I,A),w(I,u,A),w(I,f,A),y(f,c),y(f,d),y(f,m),y(m,h),y(m,g),y(m,_),y(m,k),q(S,m,null),$=!0,T||(O=Oe(Re.call(null,s,{text:"List of additional thumb sizes for image files, along with the default thumb size of 100x100. The thumbs are generated lazily on first access.",position:"top"})),T=!0)},p(I,A){(!$||A&8388608&&l!==(l=I[23]))&&p(e,"for",l);const P={};A&8388608&&(P.id=I[23]),!a&&A&1&&(a=!0,P.value=I[0].thumbs,$e(()=>a=!1)),r.$set(P);const N={};A&33554432&&(N.$$scope={dirty:A,ctx:I}),S.$set(N)},i(I){$||(M(r.$$.fragment,I),M(S.$$.fragment,I),$=!0)},o(I){D(r.$$.fragment,I),D(S.$$.fragment,I),$=!1},d(I){I&&(v(e),v(o),v(u),v(f)),j(r,I),j(S),T=!1,O()}}}function EE(n){let e,t,i,s,l,o,r,a,u,f,c;return{c(){e=b("label"),t=W("Max file size"),s=C(),l=b("input"),a=C(),u=b("div"),u.textContent="Must be in bytes.",p(e,"for",i=n[23]),p(l,"type","number"),p(l,"id",o=n[23]),p(l,"step","1"),p(l,"min","0"),p(l,"max",Number.MAX_SAFE_INTEGER),l.value=r=n[0].maxSize||"",p(l,"placeholder","Default to max ~5MB"),p(u,"class","help-block")},m(d,m){w(d,e,m),y(e,t),w(d,s,m),w(d,l,m),w(d,a,m),w(d,u,m),f||(c=Y(l,"input",n[13]),f=!0)},p(d,m){m&8388608&&i!==(i=d[23])&&p(e,"for",i),m&8388608&&o!==(o=d[23])&&p(l,"id",o),m&1&&r!==(r=d[0].maxSize||"")&&l.value!==r&&(l.value=r)},d(d){d&&(v(e),v(s),v(l),v(a),v(u)),f=!1,c()}}}function rh(n){let e,t,i;return t=new fe({props:{class:"form-field",name:"fields."+n[1]+".maxSelect",$$slots:{default:[DE,({uniqueId:s})=>({23:s}),({uniqueId:s})=>s?8388608:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),H(t.$$.fragment),p(e,"class","col-sm-3")},m(s,l){w(s,e,l),q(t,e,null),i=!0},p(s,l){const o={};l&2&&(o.name="fields."+s[1]+".maxSelect"),l&41943041&&(o.$$scope={dirty:l,ctx:s}),t.$set(o)},i(s){i||(M(t.$$.fragment,s),i=!0)},o(s){D(t.$$.fragment,s),i=!1},d(s){s&&v(e),j(t)}}}function DE(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Max select"),s=C(),l=b("input"),p(e,"for",i=n[23]),p(l,"id",o=n[23]),p(l,"type","number"),p(l,"step","1"),p(l,"min","2"),p(l,"max",Number.MAX_SAFE_INTEGER),l.required=!0,p(l,"placeholder","Default to single")},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].maxSelect),r||(a=Y(l,"input",n[14]),r=!0)},p(u,f){f&8388608&&i!==(i=u[23])&&p(e,"for",i),f&8388608&&o!==(o=u[23])&&p(l,"id",o),f&1&&mt(l.value)!==u[0].maxSelect&&me(l,u[0].maxSelect)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function IE(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),l.textContent="Protected",r=C(),a=b("small"),a.innerHTML=`it will require View API rule permissions and file token to be accessible + (Learn more)`,p(e,"type","checkbox"),p(e,"id",t=n[23]),p(l,"class","txt"),p(s,"for",o=n[23]),p(a,"class","txt-hint")},m(c,d){w(c,e,d),e.checked=n[0].protected,w(c,i,d),w(c,s,d),y(s,l),w(c,r,d),w(c,a,d),u||(f=Y(e,"change",n[15]),u=!0)},p(c,d){d&8388608&&t!==(t=c[23])&&p(e,"id",t),d&1&&(e.checked=c[0].protected),d&8388608&&o!==(o=c[23])&&p(s,"for",o)},d(c){c&&(v(e),v(i),v(s),v(r),v(a)),u=!1,f()}}}function LE(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g;i=new fe({props:{class:"form-field",name:"fields."+n[1]+".mimeTypes",$$slots:{default:[CE,({uniqueId:k})=>({23:k}),({uniqueId:k})=>k?8388608:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field",name:"fields."+n[1]+".thumbs",$$slots:{default:[ME,({uniqueId:k})=>({23:k}),({uniqueId:k})=>k?8388608:0]},$$scope:{ctx:n}}}),f=new fe({props:{class:"form-field",name:"fields."+n[1]+".maxSize",$$slots:{default:[EE,({uniqueId:k})=>({23:k}),({uniqueId:k})=>k?8388608:0]},$$scope:{ctx:n}}});let _=!n[2]&&rh(n);return h=new fe({props:{class:"form-field form-field-toggle",name:"fields."+n[1]+".protected",$$slots:{default:[IE,({uniqueId:k})=>({23:k}),({uniqueId:k})=>k?8388608:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),H(i.$$.fragment),s=C(),l=b("div"),H(o.$$.fragment),a=C(),u=b("div"),H(f.$$.fragment),d=C(),_&&_.c(),m=C(),H(h.$$.fragment),p(t,"class","col-sm-12"),p(l,"class",r=n[2]?"col-sm-8":"col-sm-6"),p(u,"class",c=n[2]?"col-sm-4":"col-sm-3"),p(e,"class","grid grid-sm")},m(k,S){w(k,e,S),y(e,t),q(i,t,null),y(e,s),y(e,l),q(o,l,null),y(e,a),y(e,u),q(f,u,null),y(e,d),_&&_.m(e,null),y(e,m),q(h,e,null),g=!0},p(k,S){const $={};S&2&&($.name="fields."+k[1]+".mimeTypes"),S&41943049&&($.$$scope={dirty:S,ctx:k}),i.$set($);const T={};S&2&&(T.name="fields."+k[1]+".thumbs"),S&41943041&&(T.$$scope={dirty:S,ctx:k}),o.$set(T),(!g||S&4&&r!==(r=k[2]?"col-sm-8":"col-sm-6"))&&p(l,"class",r);const O={};S&2&&(O.name="fields."+k[1]+".maxSize"),S&41943041&&(O.$$scope={dirty:S,ctx:k}),f.$set(O),(!g||S&4&&c!==(c=k[2]?"col-sm-4":"col-sm-3"))&&p(u,"class",c),k[2]?_&&(oe(),D(_,1,1,()=>{_=null}),re()):_?(_.p(k,S),S&4&&M(_,1)):(_=rh(k),_.c(),M(_,1),_.m(e,m));const E={};S&2&&(E.name="fields."+k[1]+".protected"),S&41943041&&(E.$$scope={dirty:S,ctx:k}),h.$set(E)},i(k){g||(M(i.$$.fragment,k),M(o.$$.fragment,k),M(f.$$.fragment,k),M(_),M(h.$$.fragment,k),g=!0)},o(k){D(i.$$.fragment,k),D(o.$$.fragment,k),D(f.$$.fragment,k),D(_),D(h.$$.fragment,k),g=!1},d(k){k&&v(e),j(i),j(o),j(f),_&&_.d(),j(h)}}}function AE(n){let e,t,i;const s=[{key:n[1]},n[5]];function l(r){n[17](r)}let o={$$slots:{options:[LE],default:[TE,({interactive:r})=>({24:r}),({interactive:r})=>r?16777216:0]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[18]),e.$on("remove",n[19]),e.$on("duplicate",n[20]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&34?vt(s,[a&2&&{key:r[1]},a&32&&At(r[5])]):{};a&50331663&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function PE(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e;const r=[{label:"Single",value:!0},{label:"Multiple",value:!1}];let a=wE.slice(),u=l.maxSelect<=1,f=u;function c(){t(0,l.maxSelect=1,l),t(0,l.thumbs=[],l),t(0,l.mimeTypes=[],l),t(2,u=!0),t(6,f=u)}function d(){if(U.isEmpty(l.mimeTypes))return;const N=[];for(const R of l.mimeTypes)a.find(z=>z.mimeType===R)||N.push({mimeType:R});N.length&&t(3,a=a.concat(N))}function m(N){n.$$.not_equal(l.mimeTypes,N)&&(l.mimeTypes=N,t(0,l),t(6,f),t(2,u))}const h=()=>{t(0,l.mimeTypes=["image/jpeg","image/png","image/svg+xml","image/gif","image/webp"],l)},g=()=>{t(0,l.mimeTypes=["application/pdf","application/msword","application/vnd.openxmlformats-officedocument.wordprocessingml.document","application/vnd.ms-excel","application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"],l)},_=()=>{t(0,l.mimeTypes=["video/mp4","video/x-ms-wmv","video/quicktime","video/3gpp"],l)},k=()=>{t(0,l.mimeTypes=["application/zip","application/x-7z-compressed","application/x-rar-compressed"],l)};function S(N){n.$$.not_equal(l.thumbs,N)&&(l.thumbs=N,t(0,l),t(6,f),t(2,u))}const $=N=>t(0,l.maxSize=parseInt(N.target.value,10),l);function T(){l.maxSelect=mt(this.value),t(0,l),t(6,f),t(2,u)}function O(){l.protected=this.checked,t(0,l),t(6,f),t(2,u)}function E(N){u=N,t(2,u)}function L(N){l=N,t(0,l),t(6,f),t(2,u)}function I(N){Le.call(this,n,N)}function A(N){Le.call(this,n,N)}function P(N){Le.call(this,n,N)}return n.$$set=N=>{e=je(je({},e),Kt(N)),t(5,s=lt(e,i)),"field"in N&&t(0,l=N.field),"key"in N&&t(1,o=N.key)},n.$$.update=()=>{n.$$.dirty&68&&f!=u&&(t(6,f=u),u?t(0,l.maxSelect=1,l):t(0,l.maxSelect=99,l)),n.$$.dirty&1&&(typeof l.maxSelect>"u"?c():d())},[l,o,u,a,r,s,f,m,h,g,_,k,S,$,T,O,E,L,I,A,P]}class NE extends we{constructor(e){super(),ve(this,e,PE,AE,be,{field:0,key:1})}}function RE(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Max size "),i=b("small"),i.textContent="(bytes)",l=C(),o=b("input"),p(e,"for",s=n[10]),p(o,"type","number"),p(o,"id",r=n[10]),p(o,"step","1"),p(o,"min","0"),p(o,"max",Number.MAX_SAFE_INTEGER),o.value=a=n[0].maxSize||"",p(o,"placeholder","Default to max ~1MB")},m(c,d){w(c,e,d),y(e,t),y(e,i),w(c,l,d),w(c,o,d),u||(f=Y(o,"input",n[4]),u=!0)},p(c,d){d&1024&&s!==(s=c[10])&&p(e,"for",s),d&1024&&r!==(r=c[10])&&p(o,"id",r),d&1&&a!==(a=c[0].maxSize||"")&&o.value!==a&&(o.value=a)},d(c){c&&(v(e),v(l),v(o)),u=!1,f()}}}function FE(n){let e;return{c(){e=b("i"),p(e,"class","ri-arrow-down-s-line txt-sm")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function qE(n){let e;return{c(){e=b("i"),p(e,"class","ri-arrow-up-s-line txt-sm")},m(t,i){w(t,e,i)},d(t){t&&v(e)}}}function ah(n){let e,t,i,s,l,o,r,a,u,f,c,d,m,h,g,_,k,S,$,T,O,E,L='"{"a":1,"b":2}"',I,A,P,N,R,z,F,B,J,V,Z,G,de;return{c(){e=b("div"),t=b("div"),i=b("div"),s=W("In order to support seamlessly both "),l=b("code"),l.textContent="application/json",o=W(` and + `),r=b("code"),r.textContent="multipart/form-data",a=W(` + requests, the following normalization rules are applied if the `),u=b("code"),u.textContent="json",f=W(` field + is a + `),c=b("strong"),c.textContent="plain string",d=W(`: + `),m=b("ul"),h=b("li"),h.innerHTML=""true" is converted to the json true",g=C(),_=b("li"),_.innerHTML=""false" is converted to the json false",k=C(),S=b("li"),S.innerHTML=""null" is converted to the json null",$=C(),T=b("li"),T.innerHTML=""[1,2,3]" is converted to the json [1,2,3]",O=C(),E=b("li"),I=W(L),A=W(" is converted to the json "),P=b("code"),P.textContent='{"a":1,"b":2}',N=C(),R=b("li"),R.textContent="numeric strings are converted to json number",z=C(),F=b("li"),F.textContent="double quoted strings are left as they are (aka. without normalizations)",B=C(),J=b("li"),J.textContent="any other string (empty string too) is double quoted",V=W(` + Alternatively, if you want to avoid the string value normalizations, you can wrap your + data inside an object, eg.`),Z=b("code"),Z.textContent='{"data": anything}',p(i,"class","content"),p(t,"class","alert alert-warning m-b-0 m-t-10"),p(e,"class","block")},m(pe,ae){w(pe,e,ae),y(e,t),y(t,i),y(i,s),y(i,l),y(i,o),y(i,r),y(i,a),y(i,u),y(i,f),y(i,c),y(i,d),y(i,m),y(m,h),y(m,g),y(m,_),y(m,k),y(m,S),y(m,$),y(m,T),y(m,O),y(m,E),y(E,I),y(E,A),y(E,P),y(m,N),y(m,R),y(m,z),y(m,F),y(m,B),y(m,J),y(i,V),y(i,Z),de=!0},i(pe){de||(pe&&tt(()=>{de&&(G||(G=qe(e,ht,{duration:150},!0)),G.run(1))}),de=!0)},o(pe){pe&&(G||(G=qe(e,ht,{duration:150},!1)),G.run(0)),de=!1},d(pe){pe&&v(e),pe&&G&&G.end()}}}function jE(n){let e,t,i,s,l,o,r,a,u,f,c;e=new fe({props:{class:"form-field m-b-sm",name:"fields."+n[1]+".maxSize",$$slots:{default:[RE,({uniqueId:_})=>({10:_}),({uniqueId:_})=>_?1024:0]},$$scope:{ctx:n}}});function d(_,k){return _[2]?qE:FE}let m=d(n),h=m(n),g=n[2]&&ah();return{c(){H(e.$$.fragment),t=C(),i=b("button"),s=b("strong"),s.textContent="String value normalizations",l=C(),h.c(),r=C(),g&&g.c(),a=ke(),p(s,"class","txt"),p(i,"type","button"),p(i,"class",o="btn btn-sm "+(n[2]?"btn-secondary":"btn-hint btn-transparent"))},m(_,k){q(e,_,k),w(_,t,k),w(_,i,k),y(i,s),y(i,l),h.m(i,null),w(_,r,k),g&&g.m(_,k),w(_,a,k),u=!0,f||(c=Y(i,"click",n[5]),f=!0)},p(_,k){const S={};k&2&&(S.name="fields."+_[1]+".maxSize"),k&3073&&(S.$$scope={dirty:k,ctx:_}),e.$set(S),m!==(m=d(_))&&(h.d(1),h=m(_),h&&(h.c(),h.m(i,null))),(!u||k&4&&o!==(o="btn btn-sm "+(_[2]?"btn-secondary":"btn-hint btn-transparent")))&&p(i,"class",o),_[2]?g?k&4&&M(g,1):(g=ah(),g.c(),M(g,1),g.m(a.parentNode,a)):g&&(oe(),D(g,1,1,()=>{g=null}),re())},i(_){u||(M(e.$$.fragment,_),M(g),u=!0)},o(_){D(e.$$.fragment,_),D(g),u=!1},d(_){_&&(v(t),v(i),v(r),v(a)),j(e,_),h.d(),g&&g.d(_),f=!1,c()}}}function HE(n){let e,t,i;const s=[{key:n[1]},n[3]];function l(r){n[6](r)}let o={$$slots:{options:[jE]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[7]),e.$on("remove",n[8]),e.$on("duplicate",n[9]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&10?vt(s,[a&2&&{key:r[1]},a&8&&At(r[3])]):{};a&2055&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function zE(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e,r=!1;const a=h=>t(0,l.maxSize=parseInt(h.target.value,10),l),u=()=>{t(2,r=!r)};function f(h){l=h,t(0,l)}function c(h){Le.call(this,n,h)}function d(h){Le.call(this,n,h)}function m(h){Le.call(this,n,h)}return n.$$set=h=>{e=je(je({},e),Kt(h)),t(3,s=lt(e,i)),"field"in h&&t(0,l=h.field),"key"in h&&t(1,o=h.key)},[l,o,r,s,a,u,f,c,d,m]}class UE extends we{constructor(e){super(),ve(this,e,zE,HE,be,{field:0,key:1})}}function VE(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Min"),s=C(),l=b("input"),p(e,"for",i=n[10]),p(l,"type","number"),p(l,"id",o=n[10])},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].min),r||(a=Y(l,"input",n[4]),r=!0)},p(u,f){f&1024&&i!==(i=u[10])&&p(e,"for",i),f&1024&&o!==(o=u[10])&&p(l,"id",o),f&1&&mt(l.value)!==u[0].min&&me(l,u[0].min)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function BE(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("label"),t=W("Max"),s=C(),l=b("input"),p(e,"for",i=n[10]),p(l,"type","number"),p(l,"id",o=n[10]),p(l,"min",r=n[0].min)},m(f,c){w(f,e,c),y(e,t),w(f,s,c),w(f,l,c),me(l,n[0].max),a||(u=Y(l,"input",n[5]),a=!0)},p(f,c){c&1024&&i!==(i=f[10])&&p(e,"for",i),c&1024&&o!==(o=f[10])&&p(l,"id",o),c&1&&r!==(r=f[0].min)&&p(l,"min",r),c&1&&mt(l.value)!==f[0].max&&me(l,f[0].max)},d(f){f&&(v(e),v(s),v(l)),a=!1,u()}}}function WE(n){let e,t,i,s,l,o,r;return i=new fe({props:{class:"form-field",name:"fields."+n[1]+".min",$$slots:{default:[VE,({uniqueId:a})=>({10:a}),({uniqueId:a})=>a?1024:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field",name:"fields."+n[1]+".max",$$slots:{default:[BE,({uniqueId:a})=>({10:a}),({uniqueId:a})=>a?1024:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),H(i.$$.fragment),s=C(),l=b("div"),H(o.$$.fragment),p(t,"class","col-sm-6"),p(l,"class","col-sm-6"),p(e,"class","grid grid-sm")},m(a,u){w(a,e,u),y(e,t),q(i,t,null),y(e,s),y(e,l),q(o,l,null),r=!0},p(a,u){const f={};u&2&&(f.name="fields."+a[1]+".min"),u&3073&&(f.$$scope={dirty:u,ctx:a}),i.$set(f);const c={};u&2&&(c.name="fields."+a[1]+".max"),u&3073&&(c.$$scope={dirty:u,ctx:a}),o.$set(c)},i(a){r||(M(i.$$.fragment,a),M(o.$$.fragment,a),r=!0)},o(a){D(i.$$.fragment,a),D(o.$$.fragment,a),r=!1},d(a){a&&v(e),j(i),j(o)}}}function YE(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("input"),i=C(),s=b("label"),l=b("span"),l.textContent="No decimals",o=C(),r=b("i"),p(e,"type","checkbox"),p(e,"id",t=n[10]),p(l,"class","txt"),p(r,"class","ri-information-line link-hint"),p(s,"for",a=n[10])},m(c,d){w(c,e,d),e.checked=n[0].onlyInt,w(c,i,d),w(c,s,d),y(s,l),y(s,o),y(s,r),u||(f=[Y(e,"change",n[3]),Oe(Re.call(null,r,{text:"Existing decimal numbers will not be affected."}))],u=!0)},p(c,d){d&1024&&t!==(t=c[10])&&p(e,"id",t),d&1&&(e.checked=c[0].onlyInt),d&1024&&a!==(a=c[10])&&p(s,"for",a)},d(c){c&&(v(e),v(i),v(s)),u=!1,Ee(f)}}}function KE(n){let e,t;return e=new fe({props:{class:"form-field form-field-toggle",name:"fields."+n[1]+".onlyInt",$$slots:{default:[YE,({uniqueId:i})=>({10:i}),({uniqueId:i})=>i?1024:0]},$$scope:{ctx:n}}}),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s&2&&(l.name="fields."+i[1]+".onlyInt"),s&3073&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function JE(n){let e,t,i;const s=[{key:n[1]},n[2]];function l(r){n[6](r)}let o={$$slots:{optionsFooter:[KE],options:[WE]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[7]),e.$on("remove",n[8]),e.$on("duplicate",n[9]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&6?vt(s,[a&2&&{key:r[1]},a&4&&At(r[2])]):{};a&2051&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function ZE(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e;function r(){l.onlyInt=this.checked,t(0,l)}function a(){l.min=mt(this.value),t(0,l)}function u(){l.max=mt(this.value),t(0,l)}function f(h){l=h,t(0,l)}function c(h){Le.call(this,n,h)}function d(h){Le.call(this,n,h)}function m(h){Le.call(this,n,h)}return n.$$set=h=>{e=je(je({},e),Kt(h)),t(2,s=lt(e,i)),"field"in h&&t(0,l=h.field),"key"in h&&t(1,o=h.key)},[l,o,s,r,a,u,f,c,d,m]}class GE extends we{constructor(e){super(),ve(this,e,ZE,JE,be,{field:0,key:1})}}function XE(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("label"),t=W("Min length"),s=C(),l=b("input"),p(e,"for",i=n[12]),p(l,"type","number"),p(l,"id",o=n[12]),p(l,"step","1"),p(l,"min","0"),p(l,"placeholder","No min limit"),l.value=r=n[0].min||""},m(f,c){w(f,e,c),y(e,t),w(f,s,c),w(f,l,c),a||(u=Y(l,"input",n[3]),a=!0)},p(f,c){c&4096&&i!==(i=f[12])&&p(e,"for",i),c&4096&&o!==(o=f[12])&&p(l,"id",o),c&1&&r!==(r=f[0].min||"")&&l.value!==r&&(l.value=r)},d(f){f&&(v(e),v(s),v(l)),a=!1,u()}}}function QE(n){let e,t,i,s,l,o,r,a,u,f;return{c(){e=b("label"),t=W("Max length"),s=C(),l=b("input"),p(e,"for",i=n[12]),p(l,"type","number"),p(l,"id",o=n[12]),p(l,"step","1"),p(l,"placeholder","Up to 71 chars"),p(l,"min",r=n[0].min||0),p(l,"max","71"),l.value=a=n[0].max||""},m(c,d){w(c,e,d),y(e,t),w(c,s,d),w(c,l,d),u||(f=Y(l,"input",n[4]),u=!0)},p(c,d){d&4096&&i!==(i=c[12])&&p(e,"for",i),d&4096&&o!==(o=c[12])&&p(l,"id",o),d&1&&r!==(r=c[0].min||0)&&p(l,"min",r),d&1&&a!==(a=c[0].max||"")&&l.value!==a&&(l.value=a)},d(c){c&&(v(e),v(s),v(l)),u=!1,f()}}}function xE(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("label"),t=W("Bcrypt cost"),s=C(),l=b("input"),p(e,"for",i=n[12]),p(l,"type","number"),p(l,"id",o=n[12]),p(l,"placeholder","Default to 10"),p(l,"step","1"),p(l,"min","6"),p(l,"max","31"),l.value=r=n[0].cost||""},m(f,c){w(f,e,c),y(e,t),w(f,s,c),w(f,l,c),a||(u=Y(l,"input",n[5]),a=!0)},p(f,c){c&4096&&i!==(i=f[12])&&p(e,"for",i),c&4096&&o!==(o=f[12])&&p(l,"id",o),c&1&&r!==(r=f[0].cost||"")&&l.value!==r&&(l.value=r)},d(f){f&&(v(e),v(s),v(l)),a=!1,u()}}}function eD(n){let e,t,i,s,l,o,r,a;return{c(){e=b("label"),t=W("Validation pattern"),s=C(),l=b("input"),p(e,"for",i=n[12]),p(l,"type","text"),p(l,"id",o=n[12]),p(l,"placeholder","ex. ^\\w+$")},m(u,f){w(u,e,f),y(e,t),w(u,s,f),w(u,l,f),me(l,n[0].pattern),r||(a=Y(l,"input",n[6]),r=!0)},p(u,f){f&4096&&i!==(i=u[12])&&p(e,"for",i),f&4096&&o!==(o=u[12])&&p(l,"id",o),f&1&&l.value!==u[0].pattern&&me(l,u[0].pattern)},d(u){u&&(v(e),v(s),v(l)),r=!1,a()}}}function tD(n){let e,t,i,s,l,o,r,a,u,f,c,d,m;return i=new fe({props:{class:"form-field",name:"fields."+n[1]+".min",$$slots:{default:[XE,({uniqueId:h})=>({12:h}),({uniqueId:h})=>h?4096:0]},$$scope:{ctx:n}}}),o=new fe({props:{class:"form-field",name:"fields."+n[1]+".max",$$slots:{default:[QE,({uniqueId:h})=>({12:h}),({uniqueId:h})=>h?4096:0]},$$scope:{ctx:n}}}),u=new fe({props:{class:"form-field",name:"fields."+n[1]+".cost",$$slots:{default:[xE,({uniqueId:h})=>({12:h}),({uniqueId:h})=>h?4096:0]},$$scope:{ctx:n}}}),d=new fe({props:{class:"form-field",name:"fields."+n[1]+".pattern",$$slots:{default:[eD,({uniqueId:h})=>({12:h}),({uniqueId:h})=>h?4096:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=b("div"),H(i.$$.fragment),s=C(),l=b("div"),H(o.$$.fragment),r=C(),a=b("div"),H(u.$$.fragment),f=C(),c=b("div"),H(d.$$.fragment),p(t,"class","col-sm-6"),p(l,"class","col-sm-6"),p(a,"class","col-sm-6"),p(c,"class","col-sm-6"),p(e,"class","grid grid-sm")},m(h,g){w(h,e,g),y(e,t),q(i,t,null),y(e,s),y(e,l),q(o,l,null),y(e,r),y(e,a),q(u,a,null),y(e,f),y(e,c),q(d,c,null),m=!0},p(h,g){const _={};g&2&&(_.name="fields."+h[1]+".min"),g&12289&&(_.$$scope={dirty:g,ctx:h}),i.$set(_);const k={};g&2&&(k.name="fields."+h[1]+".max"),g&12289&&(k.$$scope={dirty:g,ctx:h}),o.$set(k);const S={};g&2&&(S.name="fields."+h[1]+".cost"),g&12289&&(S.$$scope={dirty:g,ctx:h}),u.$set(S);const $={};g&2&&($.name="fields."+h[1]+".pattern"),g&12289&&($.$$scope={dirty:g,ctx:h}),d.$set($)},i(h){m||(M(i.$$.fragment,h),M(o.$$.fragment,h),M(u.$$.fragment,h),M(d.$$.fragment,h),m=!0)},o(h){D(i.$$.fragment,h),D(o.$$.fragment,h),D(u.$$.fragment,h),D(d.$$.fragment,h),m=!1},d(h){h&&v(e),j(i),j(o),j(u),j(d)}}}function nD(n){let e,t,i;const s=[{key:n[1]},n[2]];function l(r){n[7](r)}let o={$$slots:{options:[tD]},$$scope:{ctx:n}};for(let r=0;rge(e,"field",l)),e.$on("rename",n[8]),e.$on("remove",n[9]),e.$on("duplicate",n[10]),{c(){H(e.$$.fragment)},m(r,a){q(e,r,a),i=!0},p(r,[a]){const u=a&6?vt(s,[a&2&&{key:r[1]},a&4&&At(r[2])]):{};a&8195&&(u.$$scope={dirty:a,ctx:r}),!t&&a&1&&(t=!0,u.field=r[0],$e(()=>t=!1)),e.$set(u)},i(r){i||(M(e.$$.fragment,r),i=!0)},o(r){D(e.$$.fragment,r),i=!1},d(r){j(e,r)}}}function iD(n,e,t){const i=["field","key"];let s=lt(e,i),{field:l}=e,{key:o=""}=e;function r(){t(0,l.cost=11,l)}const a=_=>t(0,l.min=_.target.value<<0,l),u=_=>t(0,l.max=_.target.value<<0,l),f=_=>t(0,l.cost=_.target.value<<0,l);function c(){l.pattern=this.value,t(0,l)}function d(_){l=_,t(0,l)}function m(_){Le.call(this,n,_)}function h(_){Le.call(this,n,_)}function g(_){Le.call(this,n,_)}return n.$$set=_=>{e=je(je({},e),Kt(_)),t(2,s=lt(e,i)),"field"in _&&t(0,l=_.field),"key"in _&&t(1,o=_.key)},n.$$.update=()=>{n.$$.dirty&1&&U.isEmpty(l.id)&&r()},[l,o,s,a,u,f,c,d,m,h,g]}class lD extends we{constructor(e){super(),ve(this,e,iD,nD,be,{field:0,key:1})}}function sD(n){let e,t,i,s,l;return{c(){e=b("hr"),t=C(),i=b("button"),i.innerHTML=' New collection',p(i,"type","button"),p(i,"class","btn btn-transparent btn-block btn-sm")},m(o,r){w(o,e,r),w(o,t,r),w(o,i,r),s||(l=Y(i,"click",n[14]),s=!0)},p:te,d(o){o&&(v(e),v(t),v(i)),s=!1,l()}}}function oD(n){let e,t,i;function s(o){n[15](o)}let l={id:n[24],searchable:n[5].length>5,selectPlaceholder:"Select collection *",noOptionsText:"No collections found",selectionKey:"id",items:n[5],readonly:!n[25]||n[0].id,$$slots:{afterOptions:[sD]},$$scope:{ctx:n}};return n[0].collectionId!==void 0&&(l.keyOfSelected=n[0].collectionId),e=new Ln({props:l}),ne.push(()=>ge(e,"keyOfSelected",s)),{c(){H(e.$$.fragment)},m(o,r){q(e,o,r),i=!0},p(o,r){const a={};r&16777216&&(a.id=o[24]),r&32&&(a.searchable=o[5].length>5),r&32&&(a.items=o[5]),r&33554433&&(a.readonly=!o[25]||o[0].id),r&67108872&&(a.$$scope={dirty:r,ctx:o}),!t&&r&1&&(t=!0,a.keyOfSelected=o[0].collectionId,$e(()=>t=!1)),e.$set(a)},i(o){i||(M(e.$$.fragment,o),i=!0)},o(o){D(e.$$.fragment,o),i=!1},d(o){j(e,o)}}}function rD(n){let e,t,i;function s(o){n[16](o)}let l={id:n[24],items:n[6],readonly:!n[25]};return n[2]!==void 0&&(l.keyOfSelected=n[2]),e=new Ln({props:l}),ne.push(()=>ge(e,"keyOfSelected",s)),{c(){H(e.$$.fragment)},m(o,r){q(e,o,r),i=!0},p(o,r){const a={};r&16777216&&(a.id=o[24]),r&33554432&&(a.readonly=!o[25]),!t&&r&4&&(t=!0,a.keyOfSelected=o[2],$e(()=>t=!1)),e.$set(a)},i(o){i||(M(e.$$.fragment,o),i=!0)},o(o){D(e.$$.fragment,o),i=!1},d(o){j(e,o)}}}function aD(n){let e,t,i,s,l,o,r,a,u,f;return i=new fe({props:{class:"form-field required "+(n[25]?"":"readonly"),inlineError:!0,name:"fields."+n[1]+".collectionId",$$slots:{default:[oD,({uniqueId:c})=>({24:c}),({uniqueId:c})=>c?16777216:0]},$$scope:{ctx:n}}}),r=new fe({props:{class:"form-field form-field-single-multiple-select "+(n[25]?"":"readonly"),inlineError:!0,$$slots:{default:[rD,({uniqueId:c})=>({24:c}),({uniqueId:c})=>c?16777216:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),t=C(),H(i.$$.fragment),s=C(),l=b("div"),o=C(),H(r.$$.fragment),a=C(),u=b("div"),p(e,"class","separator"),p(l,"class","separator"),p(u,"class","separator")},m(c,d){w(c,e,d),w(c,t,d),q(i,c,d),w(c,s,d),w(c,l,d),w(c,o,d),q(r,c,d),w(c,a,d),w(c,u,d),f=!0},p(c,d){const m={};d&33554432&&(m.class="form-field required "+(c[25]?"":"readonly")),d&2&&(m.name="fields."+c[1]+".collectionId"),d&117440553&&(m.$$scope={dirty:d,ctx:c}),i.$set(m);const h={};d&33554432&&(h.class="form-field form-field-single-multiple-select "+(c[25]?"":"readonly")),d&117440516&&(h.$$scope={dirty:d,ctx:c}),r.$set(h)},i(c){f||(M(i.$$.fragment,c),M(r.$$.fragment,c),f=!0)},o(c){D(i.$$.fragment,c),D(r.$$.fragment,c),f=!1},d(c){c&&(v(e),v(t),v(s),v(l),v(o),v(a),v(u)),j(i,c),j(r,c)}}}function uh(n){let e,t,i,s,l,o;return t=new fe({props:{class:"form-field",name:"fields."+n[1]+".minSelect",$$slots:{default:[uD,({uniqueId:r})=>({24:r}),({uniqueId:r})=>r?16777216:0]},$$scope:{ctx:n}}}),l=new fe({props:{class:"form-field",name:"fields."+n[1]+".maxSelect",$$slots:{default:[fD,({uniqueId:r})=>({24:r}),({uniqueId:r})=>r?16777216:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),H(t.$$.fragment),i=C(),s=b("div"),H(l.$$.fragment),p(e,"class","col-sm-6"),p(s,"class","col-sm-6")},m(r,a){w(r,e,a),q(t,e,null),w(r,i,a),w(r,s,a),q(l,s,null),o=!0},p(r,a){const u={};a&2&&(u.name="fields."+r[1]+".minSelect"),a&83886081&&(u.$$scope={dirty:a,ctx:r}),t.$set(u);const f={};a&2&&(f.name="fields."+r[1]+".maxSelect"),a&83886081&&(f.$$scope={dirty:a,ctx:r}),l.$set(f)},i(r){o||(M(t.$$.fragment,r),M(l.$$.fragment,r),o=!0)},o(r){D(t.$$.fragment,r),D(l.$$.fragment,r),o=!1},d(r){r&&(v(e),v(i),v(s)),j(t),j(l)}}}function uD(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("label"),t=W("Min select"),s=C(),l=b("input"),p(e,"for",i=n[24]),p(l,"type","number"),p(l,"id",o=n[24]),p(l,"step","1"),p(l,"min","0"),p(l,"placeholder","No min limit"),l.value=r=n[0].minSelect||""},m(f,c){w(f,e,c),y(e,t),w(f,s,c),w(f,l,c),a||(u=Y(l,"input",n[11]),a=!0)},p(f,c){c&16777216&&i!==(i=f[24])&&p(e,"for",i),c&16777216&&o!==(o=f[24])&&p(l,"id",o),c&1&&r!==(r=f[0].minSelect||"")&&l.value!==r&&(l.value=r)},d(f){f&&(v(e),v(s),v(l)),a=!1,u()}}}function fD(n){let e,t,i,s,l,o,r,a,u;return{c(){e=b("label"),t=W("Max select"),s=C(),l=b("input"),p(e,"for",i=n[24]),p(l,"type","number"),p(l,"id",o=n[24]),p(l,"step","1"),p(l,"placeholder","Default to single"),p(l,"min",r=n[0].minSelect||1)},m(f,c){w(f,e,c),y(e,t),w(f,s,c),w(f,l,c),me(l,n[0].maxSelect),a||(u=Y(l,"input",n[12]),a=!0)},p(f,c){c&16777216&&i!==(i=f[24])&&p(e,"for",i),c&16777216&&o!==(o=f[24])&&p(l,"id",o),c&1&&r!==(r=f[0].minSelect||1)&&p(l,"min",r),c&1&&mt(l.value)!==f[0].maxSelect&&me(l,f[0].maxSelect)},d(f){f&&(v(e),v(s),v(l)),a=!1,u()}}}function cD(n){let e,t,i,s,l,o,r,a,u,f,c,d;function m(g){n[13](g)}let h={id:n[24],items:n[7]};return n[0].cascadeDelete!==void 0&&(h.keyOfSelected=n[0].cascadeDelete),a=new Ln({props:h}),ne.push(()=>ge(a,"keyOfSelected",m)),{c(){e=b("label"),t=b("span"),t.textContent="Cascade delete",i=C(),s=b("i"),r=C(),H(a.$$.fragment),p(t,"class","txt"),p(s,"class","ri-information-line link-hint"),p(e,"for",o=n[24])},m(g,_){var k,S;w(g,e,_),y(e,t),y(e,i),y(e,s),w(g,r,_),q(a,g,_),f=!0,c||(d=Oe(l=Re.call(null,s,{text:[`Whether on ${((k=n[4])==null?void 0:k.name)||"relation"} record deletion to delete also the current corresponding collection record(s).`,n[2]?null:`For "Multiple" relation fields the cascade delete is triggered only when all ${((S=n[4])==null?void 0:S.name)||"relation"} ids are removed from the corresponding record.`].filter(Boolean).join(` + +`),position:"top"})),c=!0)},p(g,_){var S,$;l&&Lt(l.update)&&_&20&&l.update.call(null,{text:[`Whether on ${((S=g[4])==null?void 0:S.name)||"relation"} record deletion to delete also the current corresponding collection record(s).`,g[2]?null:`For "Multiple" relation fields the cascade delete is triggered only when all ${(($=g[4])==null?void 0:$.name)||"relation"} ids are removed from the corresponding record.`].filter(Boolean).join(` + +`),position:"top"}),(!f||_&16777216&&o!==(o=g[24]))&&p(e,"for",o);const k={};_&16777216&&(k.id=g[24]),!u&&_&1&&(u=!0,k.keyOfSelected=g[0].cascadeDelete,$e(()=>u=!1)),a.$set(k)},i(g){f||(M(a.$$.fragment,g),f=!0)},o(g){D(a.$$.fragment,g),f=!1},d(g){g&&(v(e),v(r)),j(a,g),c=!1,d()}}}function dD(n){let e,t,i,s,l,o=!n[2]&&uh(n);return s=new fe({props:{class:"form-field",name:"fields."+n[1]+".cascadeDelete",$$slots:{default:[cD,({uniqueId:r})=>({24:r}),({uniqueId:r})=>r?16777216:0]},$$scope:{ctx:n}}}),{c(){e=b("div"),o&&o.c(),t=C(),i=b("div"),H(s.$$.fragment),p(i,"class","col-sm-12"),p(e,"class","grid grid-sm")},m(r,a){w(r,e,a),o&&o.m(e,null),y(e,t),y(e,i),q(s,i,null),l=!0},p(r,a){r[2]?o&&(oe(),D(o,1,1,()=>{o=null}),re()):o?(o.p(r,a),a&4&&M(o,1)):(o=uh(r),o.c(),M(o,1),o.m(e,t));const u={};a&2&&(u.name="fields."+r[1]+".cascadeDelete"),a&83886101&&(u.$$scope={dirty:a,ctx:r}),s.$set(u)},i(r){l||(M(o),M(s.$$.fragment,r),l=!0)},o(r){D(o),D(s.$$.fragment,r),l=!1},d(r){r&&v(e),o&&o.d(),j(s)}}}function pD(n){let e,t,i,s,l;const o=[{key:n[1]},n[8]];function r(f){n[17](f)}let a={$$slots:{options:[dD],default:[aD,({interactive:f})=>({25:f}),({interactive:f})=>f?33554432:0]},$$scope:{ctx:n}};for(let f=0;fge(e,"field",r)),e.$on("rename",n[18]),e.$on("remove",n[19]),e.$on("duplicate",n[20]);let u={};return s=new of({props:u}),n[21](s),s.$on("save",n[22]),{c(){H(e.$$.fragment),i=C(),H(s.$$.fragment)},m(f,c){q(e,f,c),w(f,i,c),q(s,f,c),l=!0},p(f,[c]){const d=c&258?vt(o,[c&2&&{key:f[1]},c&256&&At(f[8])]):{};c&100663359&&(d.$$scope={dirty:c,ctx:f}),!t&&c&1&&(t=!0,d.field=f[0],$e(()=>t=!1)),e.$set(d);const m={};s.$set(m)},i(f){l||(M(e.$$.fragment,f),M(s.$$.fragment,f),l=!0)},o(f){D(e.$$.fragment,f),D(s.$$.fragment,f),l=!1},d(f){f&&v(i),j(e,f),n[21](null),j(s,f)}}}function mD(n,e,t){let i,s;const l=["field","key"];let o=lt(e,l),r;Ge(n,In,R=>t(10,r=R));let{field:a}=e,{key:u=""}=e;const f=[{label:"Single",value:!0},{label:"Multiple",value:!1}],c=[{label:"False",value:!1},{label:"True",value:!0}];let d=null,m=a.maxSelect<=1,h=m;function g(){t(0,a.maxSelect=1,a),t(0,a.collectionId=null,a),t(0,a.cascadeDelete=!1,a),t(2,m=!0),t(9,h=m)}const _=R=>t(0,a.minSelect=R.target.value<<0,a);function k(){a.maxSelect=mt(this.value),t(0,a),t(9,h),t(2,m)}function S(R){n.$$.not_equal(a.cascadeDelete,R)&&(a.cascadeDelete=R,t(0,a),t(9,h),t(2,m))}const $=()=>d==null?void 0:d.show();function T(R){n.$$.not_equal(a.collectionId,R)&&(a.collectionId=R,t(0,a),t(9,h),t(2,m))}function O(R){m=R,t(2,m)}function E(R){a=R,t(0,a),t(9,h),t(2,m)}function L(R){Le.call(this,n,R)}function I(R){Le.call(this,n,R)}function A(R){Le.call(this,n,R)}function P(R){ne[R?"unshift":"push"](()=>{d=R,t(3,d)})}const N=R=>{var z,F;(F=(z=R==null?void 0:R.detail)==null?void 0:z.collection)!=null&&F.id&&R.detail.collection.type!="view"&&t(0,a.collectionId=R.detail.collection.id,a)};return n.$$set=R=>{e=je(je({},e),Kt(R)),t(8,o=lt(e,l)),"field"in R&&t(0,a=R.field),"key"in R&&t(1,u=R.key)},n.$$.update=()=>{n.$$.dirty&1024&&t(5,i=r.filter(R=>!R.system&&R.type!="view")),n.$$.dirty&516&&h!=m&&(t(9,h=m),m?(t(0,a.minSelect=0,a),t(0,a.maxSelect=1,a)):t(0,a.maxSelect=999,a)),n.$$.dirty&1&&typeof a.maxSelect>"u"&&g(),n.$$.dirty&1025&&t(4,s=r.find(R=>R.id==a.collectionId)||null)},[a,u,m,d,s,i,f,c,o,h,r,_,k,S,$,T,O,E,L,I,A,P,N]}class hD extends we{constructor(e){super(),ve(this,e,mD,pD,be,{field:0,key:1})}}function fh(n,e,t){const i=n.slice();return i[22]=e[t],i[24]=t,i}function ch(n){let e,t;return e=new Dn({props:{class:"dropdown dropdown-block options-dropdown dropdown-left m-t-0 p-0",$$slots:{default:[gD]},$$scope:{ctx:n}}}),e.$on("hide",n[21]),{c(){H(e.$$.fragment)},m(i,s){q(e,i,s),t=!0},p(i,s){const l={};s&33554547&&(l.$$scope={dirty:s,ctx:i}),e.$set(l)},i(i){t||(M(e.$$.fragment,i),t=!0)},o(i){D(e.$$.fragment,i),t=!1},d(i){j(e,i)}}}function _D(n){let e,t,i=n[22]+"",s,l,o,r,a,u,f;function c(){return n[15](n[22])}return{c(){e=b("div"),t=b("span"),s=W(i),l=C(),o=b("div"),r=C(),a=b("button"),a.innerHTML='',p(t,"class","txt"),p(o,"class","flex-fill"),p(a,"type","button"),p(a,"class","btn btn-circle btn-transparent btn-hint btn-xs"),p(a,"title","Remove"),p(e,"class","dropdown-item plain svelte-3le152")},m(d,m){w(d,e,m),y(e,t),y(t,s),y(e,l),y(e,o),y(e,r),y(e,a),u||(f=Y(a,"click",en(c)),u=!0)},p(d,m){n=d,m&1&&i!==(i=n[22]+"")&&se(s,i)},d(d){d&&v(e),u=!1,f()}}}function dh(n,e){let t,i,s,l;function o(a){e[16](a)}let r={index:e[24],group:"options_"+e[1],$$slots:{default:[_D]},$$scope:{ctx:e}};return e[0]!==void 0&&(r.list=e[0]),i=new ms({props:r}),ne.push(()=>ge(i,"list",o)),{key:n,first:null,c(){t=ke(),H(i.$$.fragment),this.first=t},m(a,u){w(a,t,u),q(i,a,u),l=!0},p(a,u){e=a;const f={};u&1&&(f.index=e[24]),u&2&&(f.group="options_"+e[1]),u&33554433&&(f.$$scope={dirty:u,ctx:e}),!s&&u&1&&(s=!0,f.list=e[0],$e(()=>s=!1)),i.$set(f)},i(a){l||(M(i.$$.fragment,a),l=!0)},o(a){D(i.$$.fragment,a),l=!1},d(a){a&&v(t),j(i,a)}}}function gD(n){let e,t=[],i=new Map,s,l,o,r,a,u,f,c,d,m,h,g=ce(n[0]);const _=k=>k[22];for(let k=0;k

    Multi-factor authentication (MFA) requires the user to authenticate with any 2 different auth + methods (otp, identity/password, oauth2) before issuing an auth token. + (Learn more) .