outerbase
diff --git a/‎.github/workflows/test.yaml‎
Lines changed: 31 additions & 0 deletions b/‎.github/workflows/test.yaml‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎dist/plugins.ts‎
Lines changed: 2 additions & 0 deletions b/‎dist/plugins.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 3 additions & 1 deletion b/‎package.json‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎plugins/sql-macros/README.md‎
Lines changed: 53 additions & 0 deletions b/‎plugins/sql-macros/README.md‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎plugins/sql-macros/index.ts‎
Lines changed: 196 additions & 0 deletions b/‎plugins/sql-macros/index.ts‎
Lines changed: 196 additions & 0 deletions
diff --git a/‎plugins/sql-macros/meta.json‎
Lines changed: 13 additions & 0 deletions b/‎plugins/sql-macros/meta.json‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎plugins/stripe/README.md‎
Lines changed: 66 additions & 0 deletions b/‎plugins/stripe/README.md‎
Lines changed: 66 additions & 0 deletions
@@ -0,0 +1,31 @@
+name: Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Run tests
+        run: pnpm test
@@ -1,2 +1,4 @@
 export { StudioPlugin } from '../plugins/studio'
 export { WebSocketPlugin } from '../plugins/websocket'
+export { SqlMacrosPlugin } from '../plugins/sql-macros'
+export { StripeSubscriptionPlugin } from '../plugins/stripe'
@@ -26,7 +26,8 @@
         "publish-npm-module": "npm publish --access public",
         "cf-typegen": "wrangler types",
         "delete": "wrangler delete",
-        "prepare": "husky"
+        "prepare": "husky",
+        "test": "vitest"
     },
     "devDependencies": {
         "@cloudflare/workers-types": "^4.20241216.0",
@@ -35,6 +36,7 @@
         "lint-staged": "^15.2.11",
         "prettier": "3.4.2",
         "typescript": "^5.7.2",
+        "vitest": "^2.1.8",
         "wrangler": "^3.96.0"
     },
     "dependencies": {
 
@@ -0,0 +1,53 @@
+# SQL Macros Plugin
+
+The SQL Macros Plugin for Starbase provides SQL query validation and enhancement features to improve code quality and prevent common SQL anti-patterns.
+
+## Usage
+
+Add the SqlMacros plugin to your Starbase configuration:
+
+```typescript
+import { SqlMacros } from './plugins/sql-macros'
+const plugins = [
+    // ... other plugins
+    new SqlMacros({
+        preventSelectStar: true,
+    }),
+] satisfies StarbasePlugin[]
+```
+
+## Configuration Options
+
+| Option              | Type    | Default | Description                                                                                    |
+| ------------------- | ------- | ------- | ---------------------------------------------------------------------------------------------- |
+| `preventSelectStar` | boolean | `false` | When enabled, prevents the use of `SELECT *` in queries to encourage explicit column selection |
+
+## Features
+
+### Prevent SELECT \*
+
+When `preventSelectStar` is enabled, the plugin will raise an error if it encounters a `SELECT *` in your SQL queries. This encourages better practices by requiring explicit column selection.
+
+Example of invalid query:
+
+```sql
+SELECT * FROM users; // Will raise an error
+```
+
+Example of valid query:
+
+```sql
+SELECT id, username, email FROM users; // Correct usage
+```
+
+### Exclude Columns with `$_exclude`
+
+The `$_exclude` macro allows you to select all columns except the specified ones. This is useful when you want to avoid listing all columns explicitly except a few.
+
+Example usage:
+
+```sql
+SELECT $_exclude(password, secret_key) FROM users;
+```
+
+In this example, all columns from the `users` table will be selected except for `password` and `secret_key`.
@@ -0,0 +1,196 @@
+import {
+    StarbaseApp,
+    StarbaseContext,
+    StarbaseDBConfiguration,
+} from '../../src/handler'
+import { StarbasePlugin } from '../../src/plugin'
+import { DataSource, QueryResult } from '../../src/types'
+
+const parser = new (require('node-sql-parser').Parser)()
+
+export class SqlMacrosPlugin extends StarbasePlugin {
+    config?: StarbaseDBConfiguration
+
+    // Prevents SQL statements with `SELECT *` from being executed
+    preventSelectStar?: boolean
+
+    constructor(opts?: { preventSelectStar: boolean }) {
+        super('starbasedb:sql-macros')
+        this.preventSelectStar = opts?.preventSelectStar
+    }
+
+    override async register(app: StarbaseApp) {
+        app.use(async (c, next) => {
+            this.config = c?.get('config')
+            await next()
+        })
+    }
+
+    override async beforeQuery(opts: {
+        sql: string
+        params?: unknown[]
+        dataSource?: DataSource
+        config?: StarbaseDBConfiguration
+    }): Promise<{ sql: string; params?: unknown[] }> {
+        let { dataSource, sql, params } = opts
+
+        // A data source is required for this plugin to operate successfully
+        if (!dataSource) {
+            return Promise.resolve({
+                sql,
+                params,
+            })
+        }
+
+        sql = await this.replaceExcludeColumns(dataSource, sql, params)
+
+        // Prevention of `SELECT *` statements is only enforced on non-admin users
+        // Admins should be able to continue running these statements in database
+        // tools such as Outerbase Studio.
+        if (this.preventSelectStar && this.config?.role !== 'admin') {
+            sql = this.checkSelectStar(sql, params)
+        }
+
+        return Promise.resolve({
+            sql,
+            params,
+        })
+    }
+
+    private checkSelectStar(sql: string, params?: unknown[]): string {
+        try {
+            const ast = parser.astify(sql)[0]
+
+            // Only check SELECT statements
+            if (ast.type === 'select') {
+                const hasSelectStar = ast.columns.some(
+                    (col: any) =>
+                        col.expr.type === 'star' ||
+                        (col.expr.type === 'column_ref' &&
+                            col.expr.column === '*')
+                )
+
+                if (hasSelectStar) {
+                    throw new Error(
+                        'SELECT * is not allowed. Please specify explicit columns.'
+                    )
+                }
+            }
+
+            return sql
+        } catch (error) {
+            // If the error is our SELECT * error, rethrow it
+            if (
+                error instanceof Error &&
+                error.message.includes('SELECT * is not allowed')
+            ) {
+                throw error
+            }
+            // For parsing errors or other issues, return original SQL
+            return sql
+        }
+    }
+
+    private async replaceExcludeColumns(
+        dataSource: DataSource,
+        sql: string,
+        params?: unknown[]
+    ): Promise<string> {
+        // Only currently works for internal data source (Durable Object SQLite)
+        if (dataSource.source !== 'internal') {
+            return sql
+        }
+
+        // Special handling for pragma queries
+        if (sql.toLowerCase().includes('pragma_table_info')) {
+            return sql
+        }
+
+        try {
+            // Add semicolon if missing
+            const normalizedSql = sql.trim().endsWith(';') ? sql : `${sql};`
+
+            // We allow users to write it `$_exclude` but convert it to `__exclude` so it can be
+            // parsed with the AST library without throwing an error.
+            const preparedSql = normalizedSql.replaceAll(
+                '$_exclude',
+                '__exclude'
+            )
+            const normalizedQuery = parser.astify(preparedSql)[0]
+
+            // Only process SELECT statements
+            if (normalizedQuery.type !== 'select') {
+                return sql
+            }
+
+            // Find any columns using `__exclude`
+            const columns = normalizedQuery.columns
+            const excludeFnIdx = columns.findIndex(
+                (col: any) =>
+                    col.expr &&
+                    col.expr.type === 'function' &&
+                    col.expr.name === '__exclude'
+            )
+
+            if (excludeFnIdx === -1) {
+                return sql
+            }
+
+            // Get the table name from the FROM clause
+            const tableName = normalizedQuery.from[0].table
+            let excludedColumns: string[] = []
+
+            try {
+                const excludeExpr = normalizedQuery.columns[excludeFnIdx].expr
+
+                // Handle both array and single argument cases
+                const args = excludeExpr.args.value
+
+                // Extract column name(s) from arguments
+                excludedColumns = Array.isArray(args)
+                    ? args.map((arg: any) => arg.column)
+                    : [args.column]
+            } catch (error: any) {
+                console.error('Error processing exclude arguments:', error)
+                console.error(error.stack)
+                return sql
+            }
+
+            // Query database for all columns in this table
+            // This only works for the internal SQLite data source
+            const schemaQuery = `
+                SELECT name as column_name
+                FROM pragma_table_info('${tableName}')
+            `
+
+            const allColumns = (await dataSource?.rpc.executeQuery({
+                sql: schemaQuery,
+            })) as QueryResult[]
+
+            const includedColumns = allColumns
+                .map((row: any) => row.column_name)
+                .filter((col: string) => {
+                    const shouldInclude = !excludedColumns.includes(
+                        col.toLowerCase()
+                    )
+                    return shouldInclude
+                })
+
+            // Replace the __exclude function with explicit columns
+            normalizedQuery.columns.splice(
+                excludeFnIdx,
+                1,
+                ...includedColumns.map((col: string) => ({
+                    expr: { type: 'column_ref', table: null, column: col },
+                    as: null,
+                }))
+            )
+
+            // Convert back to SQL and remove trailing semicolon to maintain original format
+            return parser.sqlify(normalizedQuery).replace(/;$/, '')
+        } catch (error) {
+            console.error('SQL parsing error:', error)
+            return sql
+        }
+    }
+}
@@ -0,0 +1,13 @@
+{
+    "version": "1.0.0",
+    "resources": {
+        "tables": {},
+        "secrets": {},
+        "variables": {}
+    },
+    "dependencies": {
+        "tables": {},
+        "secrets": {},
+        "variables": {}
+    }
+}
@@ -0,0 +1,66 @@
+# Stripe Subscriptions Plugin
+
+The Stripe Subscriptions Plugin for Starbase provides a quick and simple way for applications to begin accepting product subscription payments.
+
+## Usage
+
+Add the StripeSubscriptionPlugin plugin to your Starbase configuration:
+
+```typescript
+import { StripeSubscriptionPlugin } from './plugins/stripe'
+const plugins = [
+    // ... other plugins
+    new StripeSubscriptionPlugin({
+        stripeSecretKey: 'sk_test_**********',
+        stripeWebhookSecret: 'whsec_**********',
+    }),
+] satisfies StarbasePlugin[]
+```
+
+## Configuration Options
+
+| Option                | Type   | Default | Description                                                             |
+| --------------------- | ------ | ------- | ----------------------------------------------------------------------- |
+| `stripeSecretKey`     | string | `null`  | Access your secret key from (https://dashboard.stripe.com/apikeys)      |
+| `stripeWebhookSecret` | string | `null`  | Access your signing secret from (https://dashboard.stripe.com/webhooks) |
+
+## How To Use
+
+### Webhook Setup
+
+For our Starbase instance to receive webhook events when subscription events change, we need to add our plugin endpoint to Stripe.
+
+1. Visit the Developer Webhooks page: https://dashboard.stripe.com/webhooks
+2. Click "+ Add Endpoint"
+3. Set "Endpoint URL" to `https://starbasedb.YOUR-IDENTIFIER.dev/stripe/webhook`
+4. Add two events to listen to:
+    - `customer.subscription.deleted`
+    - `checkout.session.completed`
+5. Save by clicking "Add Endpoint"
+
+### Product Subscription Setup
+
+After you create a subscription product inside of Stripe you can get the hosted link by following these steps:
+
+1. Click on the "Product catalog" section
+2. Click on the product you want
+3. Click the "..." menu next to the Pricing item you want a link for
+4. Click "Create new payment link"
+
+Now you will have a new payment URL for you to direct your users to in order for them to checkout a new subscription of your product. We will take that URL and insert it
+into our frontend application similar to the example below.
+
+_IMPORTANT:_ You must append the `client_reference_id={userId}` at the end so we can attribute the correct user for the purchase.
+
+```html
+<body>
+    <a
+        href="https://buy.stripe.com/INSERT-SUBSCRIPTION-ID?client_reference_id=INSERT-USER-ID"
+        class="subscribe-button"
+    >
+        Subscribe
+    </a>
+</body>
+```
+
+Assuming all of the correct values were set in your installation phases, when a customer successfully subscribes via the Stripe Payment Link you should see a new entry automatically populate inside your SQLite table named `subscription`. At any point if this subscription is cancelled, even from the Stripe interface, the webhook will be handled via this plugin and automatically mark the `deleted_at` column with the date time it became inactive.