merge dev to main (#630)

Author: ymc9

package.json

@@ -1,6 +1,6 @@
 {
     "name": "zenstack-monorepo",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "description": "",
     "scripts": {
         "build": "pnpm -r build",

packages/language/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@zenstackhq/language",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "displayName": "ZenStack modeling language compiler",
     "description": "ZenStack modeling language compiler",
     "homepage": "https://zenstack.dev",

packages/plugins/openapi/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@zenstackhq/openapi",
   "displayName": "ZenStack Plugin and Runtime for OpenAPI",
-  "version": "1.0.0-beta.17",
+  "version": "1.0.0-beta.18",
   "description": "ZenStack plugin and runtime supporting OpenAPI",
   "main": "index.js",
   "repository": {

packages/plugins/swr/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@zenstackhq/swr",
     "displayName": "ZenStack plugin for generating SWR hooks",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "description": "ZenStack plugin for generating SWR hooks",
     "main": "index.js",
     "repository": {

packages/plugins/tanstack-query/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@zenstackhq/tanstack-query",
     "displayName": "ZenStack plugin for generating tanstack-query hooks",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "description": "ZenStack plugin for generating tanstack-query hooks",
     "main": "index.js",
     "exports": {

packages/plugins/trpc/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@zenstackhq/trpc",
     "displayName": "ZenStack plugin for tRPC",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "description": "ZenStack plugin for tRPC",
     "main": "index.js",
     "repository": {

packages/runtime/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@zenstackhq/runtime",
     "displayName": "ZenStack Runtime Library",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "description": "Runtime of ZenStack for both client-side and server-side environments.",
     "repository": {
         "type": "git",

packages/runtime/src/enhancements/policy/index.ts

@@ -5,9 +5,11 @@ import path from 'path';
 import semver from 'semver';
 import { PRISMA_MINIMUM_VERSION } from '../../constants';
 import { AuthUser, DbClientContract } from '../../types';
+import { hasAllFields } from '../../validation';
 import { getDefaultModelMeta } from '../model-meta';
 import { makeProxy } from '../proxy';
 import type { ModelMeta, PolicyDef, ZodSchemas } from '../types';
+import { getIdFields } from '../utils';
 import { PolicyProxyHandler } from './handler';
 
 /**
@@ -70,6 +72,21 @@ export function withPolicy<DbClient extends object>(
     const _modelMeta = options?.modelMeta ?? getDefaultModelMeta();
     const _zodSchemas = options?.zodSchemas ?? getDefaultZodSchemas();
 
+    // validate user context
+    if (context?.user) {
+        const idFields = getIdFields(_modelMeta, 'User');
+        if (
+            !hasAllFields(
+                context.user,
+                idFields.map((f) => f.name)
+            )
+        ) {
+            throw new Error(
+                `Invalid user context: must have valid ID field ${idFields.map((f) => `"${f.name}"`).join(', ')}`
+            );
+        }
+    }
+
     return makeProxy(
         prisma,
         _modelMeta,

packages/runtime/src/enhancements/utils.ts

@@ -18,9 +18,13 @@ export function getModelFields(data: object) {
  * Gets id fields for the given model.
  */
 export function getIdFields(modelMeta: ModelMeta, model: string, throwIfNotFound = false) {
-    const fields = modelMeta.fields[lowerCaseFirst(model)];
+    let fields = modelMeta.fields[lowerCaseFirst(model)];
     if (!fields) {
-        throw new Error(`Unable to load fields for ${model}`);
+        if (throwIfNotFound) {
+            throw new Error(`Unable to load fields for ${model}`);
+        } else {
+            fields = {};
+        }
     }
     const result = Object.values(fields).filter((f) => f.isId);
     if (result.length === 0 && throwIfNotFound) {

packages/schema/package.json

@@ -3,7 +3,7 @@
     "publisher": "zenstack",
     "displayName": "ZenStack Language Tools",
     "description": "A toolkit for building secure CRUD apps with Next.js + Typescript",
-    "version": "1.0.0-beta.17",
+    "version": "1.0.0-beta.18",
     "author": {
         "name": "ZenStack Team"
     },