UNPKG

@furystack/repository

Version:

Repository implementation for FuryStack

github.com/furystack/furystack

furystack/furystack

135 lines (105 loc) 4.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# @furystack/repository DataSet implementation for FuryStack. A DataSet wraps a physical store with entity-level business logic — authorization, modification hooks, and change events — in a structured way. ## Installation ```bash npm install @furystack/repository # or yarn add @furystack/repository ``` ## Setting Up a DataSet A DataSet is declared with `defineDataSet`. It takes the underlying `StoreToken` (from `@furystack/core` or a backend adapter) and optional settings (authorizers, modifiers, event callbacks). The returned `DataSetToken` is a DI token that resolves to a ready-to-use `DataSet`. ```ts import { createInjector } from '@furystack/inject' import { InMemoryStore, defineStore } from '@furystack/core' import { defineDataSet, getDataSetFor } from '@furystack/repository' import { getLogger } from '@furystack/logging' class MyModel { declare id: number declare value: string } const MyStore = defineStore({ name: 'my-app/MyStore', model: MyModel, primaryKey: 'id', factory: () => new InMemoryStore({ model: MyModel, primaryKey: 'id' }), }) const MyDataSet = defineDataSet({ name: 'my-app/MyDataSet', store: MyStore, settings: { onEntityAdded: ({ injector, entity }) => { getLogger(injector).verbose({ message: `An entity was added with value '${entity.value}'` }) }, authorizeUpdate: async () => ({ isAllowed: false, message: 'This is a read-only dataset. No update is allowed. :(', }), }, }) const myInjector = createInjector() ``` ### Working with the DataSet Resolve via `injector.get(MyDataSet)` or the convenience helper `getDataSetFor(injector, MyDataSet)`: ```ts const dataSet = getDataSetFor(myInjector, MyDataSet) await dataSet.add(myInjector, { id: 1, value: 'foo' }) // <-- logs via onEntityAdded await dataSet.update(myInjector, 1, { id: 1, value: 'bar' }) // <-- rejected by authorizeUpdate ``` ### Events Events are great for logging, monitoring DataSet changes, or distributing changes to clients. They are optional callbacks — if defined, they are called on a specific event. Supported events: `onEntityAdded`, `onEntityUpdated`, `onEntityRemoved`. ### Authorizing operations **Authorizers** are similar callbacks that return a promise with an `AuthorizationResult`. You can allow or deny CRUD operations, or add additional filters to collections. Supported authorizers: `authorizeAdd`, `authorizeUpdate`, `authorizeUpdateEntity` (reloads the entity, compares with the original), `authorizeRemove`, `authorizeRemoveEntity`, `authorizeGet`, `authorizeGetEntity`. ### Modifiers and additional filters `modifyOnAdd` / `modifyOnUpdate` transform entities before persisting (e.g. fill `createdByUser` / `lastModifiedByUser`). `addFilter` injects a pre-filter condition **before** a user-supplied filter expression is evaluated, ensuring the caller only ever sees entities they have permission for. ### Getting the Context Every callback receives an `injector` — use it to resolve request-scoped services like `HttpUserContext` to identify the caller. ### Server-side writes and the elevated IdentityContext The DataSet is the **recommended write gateway** for all entity mutations. Writing through the DataSet ensures that authorization rules, modification hooks, and change events (`onEntityAdded`, `onEntityUpdated`, `onEntityRemoved`) all fire. These events are required for features like [entity sync](./../entity-sync-service/README.md) to work correctly. > **Warning:** Writing directly to the underlying physical store bypasses > the DataSet layer entirely. No authorization checks, hooks, or events > fire, and downstream consumers (such as entity sync) will **not** be > notified of the change. The `furystack/no-direct-store-token` lint rule > guards against this in application code. For server-side or background operations that don't originate from an HTTP request (e.g. scheduled jobs, migrations, seed scripts), you won't have a user session. Use `useSystemIdentityContext` from `@furystack/core` to create a scoped child injector with elevated privileges: ```ts import { useSystemIdentityContext } from '@furystack/core' import { getDataSetFor } from '@furystack/repository' import { usingAsync } from '@furystack/utils' await usingAsync(useSystemIdentityContext({ injector, username: 'background-job' }), async (systemInjector) => { const dataSet = getDataSetFor(systemInjector, MyDataSet) await dataSet.add(systemInjector, { value: 'created by background job' }) }) // systemInjector is disposed here -- all scoped instances cleaned up ``` > **Warning:** `useSystemIdentityContext` bypasses **all** authorization > checks. Only use it in trusted server-side contexts. Never pass the > returned injector to user-facing request handlers. This pattern ensures that all writes go through the same pipeline, keeping authorization, hooks, and event-driven features consistent regardless of the caller.