Added meta operation.

README.md

@@ -13,6 +13,8 @@ Both share the same core architecture and provide dynamic data querying, relatio
 
 **🆕 New in v2.1**: RestHeadSpec (HeaderSpec) - Header-based REST API with lifecycle hooks, cursor pagination, and advanced filtering.
 
+**🆕 New in v3.0**: Explicit route registration - Routes are now created per registered model for better flexibility and control. OPTIONS method support with full CORS headers for cross-origin requests.
+
 ![slogan](./generated_slogan.webp)
 
 ## Table of Contents
@@ -65,6 +67,12 @@ Both share the same core architecture and provide dynamic data querying, relatio
 - **🆕 Advanced Filtering**: Field filters, search operators, AND/OR logic, and custom SQL
 - **🆕 Base64 Encoding**: Support for base64-encoded header values
 
+### Routing & CORS (v3.0+)
+- **🆕 Explicit Route Registration**: Routes created per registered model instead of dynamic lookups
+- **🆕 OPTIONS Method Support**: Full OPTIONS method support returning model metadata
+- **🆕 CORS Headers**: Comprehensive CORS support with all HeadSpec headers allowed
+- **🆕 Better Route Control**: Customize routes per model with more flexibility
+
 ## API Structure
 
 ### URL Patterns
@@ -123,13 +131,15 @@ import "github.com/gorilla/mux"
 // Create handler
 handler := restheadspec.NewHandlerWithGORM(db)
 
-// Register models using schema.table format
+// IMPORTANT: Register models BEFORE setting up routes
+// Routes are created explicitly for each registered model
 handler.Registry.RegisterModel("public.users", &User{})
 handler.Registry.RegisterModel("public.posts", &Post{})
 
-// Setup routes
+// Setup routes (creates explicit routes for each registered model)
+// This replaces the old dynamic route lookup approach
 router := mux.NewRouter()
-restheadspec.SetupMuxRoutes(router, handler)
+restheadspec.SetupMuxRoutes(router, handler, nil)
 
 // Start server
 http.ListenAndServe(":8080", router)
@@ -172,6 +182,42 @@ restheadspec.SetupMuxRoutes(router, handler)
 
 For complete header documentation, see [pkg/restheadspec/HEADERS.md](pkg/restheadspec/HEADERS.md).
 
+### CORS & OPTIONS Support
+
+ResolveSpec and RestHeadSpec include comprehensive CORS support for cross-origin requests:
+
+**OPTIONS Method**:
+```http
+OPTIONS /public/users HTTP/1.1
+```
+Returns metadata with appropriate CORS headers:
+```http
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET, POST, OPTIONS
+Access-Control-Allow-Headers: Content-Type, Authorization, X-Select-Fields, X-FieldFilter-*, ...
+Access-Control-Max-Age: 86400
+Access-Control-Allow-Credentials: true
+```
+
+**Key Features**:
+- OPTIONS returns model metadata (same as GET metadata endpoint)
+- All HTTP methods include CORS headers automatically
+- OPTIONS requests don't require authentication (CORS preflight)
+- Supports all HeadSpec custom headers (`X-Select-Fields`, `X-FieldFilter-*`, etc.)
+- 24-hour max age to reduce preflight requests
+
+**Configuration**:
+```go
+import "github.com/bitechdev/ResolveSpec/pkg/common"
+
+// Get default CORS config
+corsConfig := common.DefaultCORSConfig()
+
+// Customize if needed
+corsConfig.AllowedOrigins = []string{"https://example.com"}
+corsConfig.AllowedMethods = []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}
+```
+
 ### Lifecycle Hooks
 
 RestHeadSpec supports lifecycle hooks for all CRUD operations:
@@ -687,15 +733,16 @@ handler := resolvespec.NewHandler(dbAdapter, registry)
 ```go
 import "github.com/gorilla/mux"
 
-// Backward compatible way
-router := mux.NewRouter()  
-resolvespec.SetupRoutes(router, handler)
+// Register models first
+handler.Registry.RegisterModel("public.users", &User{})
+handler.Registry.RegisterModel("public.posts", &Post{})
 
-// Or manually:
-router.HandleFunc("/{schema}/{entity}", func(w http.ResponseWriter, r *http.Request) {
-    vars := mux.Vars(r)
-    handler.Handle(w, r, vars)
-}).Methods("POST")
+// Setup routes - creates explicit routes for each model
+router := mux.NewRouter()
+resolvespec.SetupMuxRoutes(router, handler, nil)
+
+// Routes created: /public/users, /public/posts, etc.
+// Each route includes GET, POST, and OPTIONS methods with CORS support
 ```
 
 #### Gin (Custom Integration)
@@ -950,7 +997,28 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 
 ## What's New
 
-### v2.1 (Latest)
+### v3.0 (Latest - December 2025)
+
+**Explicit Route Registration (🆕)**:
+- **Breaking Change**: Routes are now created explicitly for each registered model
+- **Better Control**: Customize routes per model with more flexibility
+- **Registration Order**: Models must be registered BEFORE calling SetupMuxRoutes/SetupBunRouterRoutes
+- **Benefits**: More flexible routing, easier to add custom routes per model, better performance
+
+**OPTIONS Method & CORS Support (🆕)**:
+- **OPTIONS Endpoint**: Full OPTIONS method support for CORS preflight requests
+- **Metadata Response**: OPTIONS returns model metadata (same as GET /metadata)
+- **CORS Headers**: Comprehensive CORS headers on all responses
+- **Header Support**: All HeadSpec custom headers (`X-Select-Fields`, `X-FieldFilter-*`, etc.) allowed
+- **No Auth on OPTIONS**: CORS preflight requests don't require authentication
+- **Configurable**: Customize CORS settings via `common.CORSConfig`
+
+**Migration Notes**:
+- Update your code to register models BEFORE calling SetupMuxRoutes/SetupBunRouterRoutes
+- Routes like `/public/users` are now created per registered model instead of using dynamic `/{schema}/{entity}` pattern
+- This is a **breaking change** but provides better control and flexibility
+
+### v2.1
 
 **Recursive CRUD Handler (🆕 Nov 11, 2025)**:
 - **Nested Object Graphs**: Automatically handle complex object hierarchies with parent-child relationships

pkg/funcspec/function_api.go

@@ -163,8 +163,9 @@ func (h *Handler) SqlQueryList(sqlquery string, pNoCount, pBlankparms, pAllowFil
 		// Remove unused input variables
 		if pBlankparms {
 			for _, kw := range inputvars {
-				sqlquery = strings.ReplaceAll(sqlquery, kw, "")
-				logger.Debug("Removed unused variable: %s", kw)
+				replacement := getReplacementForBlankParam(sqlquery, kw)
+				sqlquery = strings.ReplaceAll(sqlquery, kw, replacement)
+				logger.Debug("Replaced unused variable %s with: %s", kw, replacement)
 			}
 		}
 
@@ -501,8 +502,9 @@ func (h *Handler) SqlQuery(sqlquery string, pBlankparms bool) HTTPFuncType {
 		// Remove unused input variables
 		if pBlankparms {
 			for _, kw := range inputvars {
-				sqlquery = strings.ReplaceAll(sqlquery, kw, "")
-				logger.Debug("Removed unused variable: %s", kw)
+				replacement := getReplacementForBlankParam(sqlquery, kw)
+				sqlquery = strings.ReplaceAll(sqlquery, kw, replacement)
+				logger.Debug("Replaced unused variable %s with: %s", kw, replacement)
 			}
 		}
 
@@ -755,8 +757,8 @@ func (h *Handler) replaceMetaVariables(sqlquery string, r *http.Request, userCtx
 	}
 
 	if strings.Contains(sqlquery, "[rid_session]") {
-		sessionID := userCtx.SessionID
-		sqlquery = strings.ReplaceAll(sqlquery, "[rid_session]", fmt.Sprintf("'%s'", sessionID))
+		sessionID, _ := strconv.ParseInt(userCtx.SessionID, 10, 64)
+		sqlquery = strings.ReplaceAll(sqlquery, "[rid_session]", fmt.Sprintf("%d", sessionID))
 	}
 
 	if strings.Contains(sqlquery, "[method]") {
@@ -870,6 +872,38 @@ func IsNumeric(s string) bool {
 	return err == nil
 }
 
+// getReplacementForBlankParam determines the replacement value for an unused parameter
+// based on whether it appears within quotes in the SQL query.
+// It checks for PostgreSQL quotes: single quotes (”) and dollar quotes ($...$)
+func getReplacementForBlankParam(sqlquery, param string) string {
+	// Find the parameter in the query
+	idx := strings.Index(sqlquery, param)
+	if idx < 0 {
+		return ""
+	}
+
+	// Check characters immediately before and after the parameter
+	var charBefore, charAfter byte
+
+	if idx > 0 {
+		charBefore = sqlquery[idx-1]
+	}
+
+	endIdx := idx + len(param)
+	if endIdx < len(sqlquery) {
+		charAfter = sqlquery[endIdx]
+	}
+
+	// Check if parameter is surrounded by quotes (single quote or dollar sign for PostgreSQL dollar-quoted strings)
+	if (charBefore == '\'' || charBefore == '$') && (charAfter == '\'' || charAfter == '$') {
+		// Parameter is in quotes, return empty string
+		return ""
+	}
+
+	// Parameter is not in quotes, return NULL
+	return "NULL"
+}
+
 // makeResultReceiver creates a slice of interface{} pointers for scanning SQL rows
 // func makeResultReceiver(length int) []interface{} {
 // 	result := make([]interface{}, length)

pkg/funcspec/function_api_test.go

@@ -784,7 +784,7 @@ func TestReplaceMetaVariables(t *testing.T) {
 	userCtx := &security.UserContext{
 		UserID:    123,
 		UserName:  "testuser",
-		SessionID: "session-abc",
+		SessionID: "456",
 	}
 
 	metainfo := map[string]interface{}{
@@ -819,7 +819,7 @@ func TestReplaceMetaVariables(t *testing.T) {
 			name:     "Replace [rid_session]",
 			sqlQuery: "SELECT * FROM sessions WHERE session_id = [rid_session]",
 			expectedCheck: func(result string) bool {
-				return strings.Contains(result, "'session-abc'")
+				return strings.Contains(result, "456")
 			},
 		},
 	}
@@ -835,3 +835,65 @@ func TestReplaceMetaVariables(t *testing.T) {
 		})
 	}
 }
+
+// TestGetReplacementForBlankParam tests the blank parameter replacement logic
+func TestGetReplacementForBlankParam(t *testing.T) {
+	tests := []struct {
+		name     string
+		sqlQuery string
+		param    string
+		expected string
+	}{
+		{
+			name:     "Parameter in single quotes",
+			sqlQuery: "SELECT * FROM users WHERE name = '[username]'",
+			param:    "[username]",
+			expected: "",
+		},
+		{
+			name:     "Parameter in dollar quotes",
+			sqlQuery: "SELECT * FROM users WHERE data = $[jsondata]$",
+			param:    "[jsondata]",
+			expected: "",
+		},
+		{
+			name:     "Parameter not in quotes",
+			sqlQuery: "SELECT * FROM users WHERE id = [user_id]",
+			param:    "[user_id]",
+			expected: "NULL",
+		},
+		{
+			name:     "Parameter not in quotes with AND",
+			sqlQuery: "SELECT * FROM users WHERE id = [user_id] AND status = 1",
+			param:    "[user_id]",
+			expected: "NULL",
+		},
+		{
+			name:     "Parameter in mixed quote context - before quote",
+			sqlQuery: "SELECT * FROM users WHERE id = [user_id] AND name = 'test'",
+			param:    "[user_id]",
+			expected: "NULL",
+		},
+		{
+			name:     "Parameter in mixed quote context - in quotes",
+			sqlQuery: "SELECT * FROM users WHERE name = '[username]' AND id = 1",
+			param:    "[username]",
+			expected: "",
+		},
+		{
+			name:     "Parameter with dollar quote tag",
+			sqlQuery: "SELECT * FROM users WHERE body = $tag$[content]$tag$",
+			param:    "[content]",
+			expected: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := getReplacementForBlankParam(tt.sqlQuery, tt.param)
+			if result != tt.expected {
+				t.Errorf("Expected replacement '%s', got '%s' for query: %s", tt.expected, result, tt.sqlQuery)
+			}
+		})
+	}
+}

pkg/resolvespec/handler.go

@@ -151,6 +151,8 @@ func (h *Handler) Handle(w common.ResponseWriter, r common.Request, params map[s
 		h.handleUpdate(ctx, w, id, req.ID, req.Data, req.Options)
 	case "delete":
 		h.handleDelete(ctx, w, id, req.Data)
+	case "meta":
+		h.handleMeta(ctx, w, schema, entity, model)
 	default:
 		logger.Error("Invalid operation: %s", req.Operation)
 		h.sendError(w, http.StatusBadRequest, "invalid_operation", "Invalid operation", nil)
@@ -188,6 +190,21 @@ func (h *Handler) HandleGet(w common.ResponseWriter, r common.Request, params ma
 	h.sendResponse(w, metadata, nil)
 }
 
+// handleMeta processes meta operation requests
+func (h *Handler) handleMeta(ctx context.Context, w common.ResponseWriter, schema, entity string, model interface{}) {
+	// Capture panics and return error response
+	defer func() {
+		if err := recover(); err != nil {
+			h.handlePanic(w, "handleMeta", err)
+		}
+	}()
+
+	logger.Info("Getting metadata for %s.%s via meta operation", schema, entity)
+
+	metadata := h.generateMetadata(schema, entity, model)
+	h.sendResponse(w, metadata, nil)
+}
+
 func (h *Handler) handleRead(ctx context.Context, w common.ResponseWriter, id string, options common.RequestOptions) {
 	// Capture panics and return error response
 	defer func() {

pkg/restheadspec/handler.go

@@ -146,13 +146,25 @@ func (h *Handler) Handle(w common.ResponseWriter, r common.Request, params map[s
 			h.handleRead(ctx, w, "", options)
 		}
 	case "POST":
-		// Create operation
+		// Read request body
 		body, err := r.Body()
 		if err != nil {
 			logger.Error("Failed to read request body: %v", err)
 			h.sendError(w, http.StatusBadRequest, "invalid_request", "Failed to read request body", err)
 			return
 		}
+
+		// Try to detect if this is a meta operation request
+		var bodyMap map[string]interface{}
+		if err := json.Unmarshal(body, &bodyMap); err == nil {
+			if operation, ok := bodyMap["operation"].(string); ok && operation == "meta" {
+				logger.Info("Detected meta operation request for %s.%s", schema, entity)
+				h.handleMeta(ctx, w, schema, entity, model)
+				return
+			}
+		}
+
+		// Not a meta operation, proceed with normal create/update
 		var data interface{}
 		if err := json.Unmarshal(body, &data); err != nil {
 			logger.Error("Failed to decode request body: %v", err)
@@ -229,6 +241,21 @@ func (h *Handler) HandleGet(w common.ResponseWriter, r common.Request, params ma
 	h.sendResponse(w, metadata, nil)
 }
 
+// handleMeta processes meta operation requests
+func (h *Handler) handleMeta(ctx context.Context, w common.ResponseWriter, schema, entity string, model interface{}) {
+	// Capture panics and return error response
+	defer func() {
+		if err := recover(); err != nil {
+			h.handlePanic(w, "handleMeta", err)
+		}
+	}()
+
+	logger.Info("Getting metadata for %s.%s via meta operation", schema, entity)
+
+	metadata := h.generateMetadata(schema, entity, model)
+	h.sendResponse(w, metadata, nil)
+}
+
 // parseOptionsFromHeaders is now implemented in headers.go
 
 func (h *Handler) handleRead(ctx context.Context, w common.ResponseWriter, id string, options ExtendedRequestOptions) {