User-defined functions (UDFs)

A user-defined function (UDF) is a set of one or more FQL statements stored as a reusable resource in a Fauna database. Like a stored procedure in SQL, a UDF can accept parameters, perform operations, and return results.

You can use UDFs to encapsulate business logic, making it easier to manage complex operations within your database.

Define a UDF

You create and manage a UDF as an FSL function schema:

function getOrCreateCart(id) {
  // Find the customer by ID, using the ! operator to
  // assert that the customer exists.
  // If the customer does not exist, fauna will throw a
  // document_not_found error.
  let customer = Customer.byId(id)!

  if (customer!.cart == null) {
    // Create a cart if the customer does not have one.
    Order.create({
      status: 'cart',
      customer: Customer.byId(id),
      createdAt: Time.now(),
      payment: {}
    })
  } else {
    // Return the cart if it already exists.
    customer!.cart
  }
}

You can create and manage schema using any of the following:

Reference: FSL function schema

Function collection

Fauna stores UDFs as documents in the Function system collection. These documents have the FunctionDef type and are an FQL version of the FSL function schema. You can use Function methods to access and manage UDFs in FQL.

See Function FQL docs

Call a UDF

Once saved in a database, you can call the UDF in FQL queries against the database:

// Call the `getOrCreateCart()` UDF with a
// customer id of `111`.
getOrCreateCart(111)

UDFs run within the context of a single query and can be combined with other FQL expressions:

let customerId = "111"

// Call the `getOrCreateCart()` UDF.
getOrCreateCart(customerId)
// Then call the `createOrUpdateCartItem()` UDF.
createOrUpdateCartItem(customerId, "pizza", 1)

UDF features

UDFs include features that let you create complex queries and workflows.

Type checking

You can explicitly type a UDF’s arguments and return value:

// The `x` argument must be a `Number`.
// The function returns a `Number` value.
function myFunction(x: Number): Number {
  x + 2
}

Multiple statements

UDFs can contain multiple statements and expressions:

function calculateOrderTotal(order) {
  // Calculate the subtotal by summing up the prices of all items.
  let subtotal = order.items.fold(0, (sum, orderItem) => {
    if (orderItem.product != null) {
      sum + orderItem.product.price * orderItem.quantity
    } else {
      sum
    }
  })

  // Calculate the tax based on the subtotal.
  let tax = subtotal * 0.1

  // Return the final total including the tax.
  subtotal + tax
}

Like an FQL query, a UDF returns the value of the last evaluated expression.

Variadic arguments

Use the ... syntax to create a variadic UDF that accepts an indefinite number of arguments, including zero.

// The `args` argument accepts multiple Numbers.
function getLength(...args: Number): Number {
  args.length
}

When called in an FQL query:

getLength(1, 2, 3)
3

A UDF can only accept one variadic argument. It must be the last argument.

Variadic arguments are collected into an Array. You can define a type signature to limit the types of values accepted and held in the Array.

For example, the following UDF accepts a single String argument followed by a variadic argument of zero or more Numbers:

function formatCurrency(symbol: String, ...amounts: Number): String {
  symbol + amounts.reduce((prev, cur) => prev + cur).toString()
}

When called in an FQL query:

formatCurrency("$", 2, 3)
"$5"

Composability

UDFs are composable, allowing you to combine multiple UDFs.

For example, you can define a UDF:

// Defines the `applyDiscount()` UDF.
function applyDiscount(total, discountPercent) {
  total * (1 - discountPercent / 100)
}

And call the UDF in another UDF definition:

// Defines the `calculateFinalPrice()` UDF.
function calculateFinalPrice(order, discountPercent) {
  // Calls the `calculateOrderTotal()` UDF.
  let total = calculateOrderTotal(order)
  // Calls the `applyDiscount()` UDF.
  applyDiscount(total, discountPercent)
}

Error handling

Use abort() to raise an Abort error from a UDF:

function validateOrderStatusTransition(oldStatus, newStatus) {
  if (oldStatus == "cart" && newStatus != "processing") {
    // The order can only transition from cart to processing.
    abort("Invalid status transition.")
  } else if (oldStatus == "processing" && newStatus != "shipped") {
    // The order can only transition from processing to shipped.
    abort("Invalid status transition.")
  } else if (oldStatus == "shipped" && newStatus != "delivered") {
    // The order can only transition from shipped to delivered.
    abort("Invalid status transition.")
  }
}

Multi-tenancy and scope

UDFs are scoped to a single database. A child database can’t access its parent database’s UDFs.

You can copy and deploy UDFs across databases using FSL and a CI/CD pipeline. See Manage schema with a CI/CD pipeline.

Security and privileges

You can use UDFs to control how systems and end users access sensitive data.

UDF privileges

A user-defined role can grant the privilege to call a UDF:

role customer {
  // Grants `call` access to the `getOrCreateCart` UDF.
  privileges getOrCreateCart {
    call
  }
}
See Function privileges

Limits

UDFs are subject to the same global limits as FQL queries.

Runtime privileges

By default, UDFs run with the privileges of the calling query’s authentication secret.

When you define a UDF, you can include an optional @role annotation. If provided, the UDF runs using the role’s privileges, regardless of the secret used to call it:

// Runs with the built-in `server` role's privileges.
@role("server")
function inventory(name) {
  Product.byName(name) {
    name,
    description,
    stock
  }
}

Resolve document references returned by UDFs

If a UDF returns document references in the query results, the secret used to run the query must have read privileges for the referenced document’s collection. This requirement applies even if the UDF’s @role has read privileges for the collection.

For example, the following UDF returns a Set of documents. Each document contains a document reference:

// Runs with the built-in `server-readonly` role's privileges.
// The role has `read` privileges for the `Category` collection.
@role("server-readonly")
function getCategory(name) {
  // Returns the `category` field, which contains
  // a reference to a `Category` collection document.
  Product.byName(name) {
    name,
    category
  }
}

If you call the UDF using a secret that lacks read privileges for the referenced document’s collection, the reference is not resolved in the results:

getCategory("limes")
{
  data: [
    {
      name: "limes",
      category: Category("789") /* permission denied */
    }
  ]
}

Although the UDF’s @role has the required privileges, document references in Sets and documents are lazily loaded. The references are resolved, or materialized, only when results are returned — after the UDF runs.

To solve this issue without granting additional privileges, update the UDF to:

  • Project or map any desired fields from the referenced document.

  • Convert the results to an eager-loading type, such as an Array or Object.

Return a Set as an array

If the UDF originally returned a Set of documents, update it to return the Set as an array:

@role("server-readonly")
function getCategory(name) {
  // Project any desired fields from the referenced
  // `Category` document.
 let products = Product.byName(name) {
    name,
    category {
      id,
      ts,
      name,
      description
    }
  }

  // Convert the Set to an array.
  products.toArray()
}

When called using a secret that lacks privileges on the referenced documents' collection:

getCategory("limes")
[
  {
    name: "limes",
    category: {
      id: "789",
      ts: Time("2099-12-12T14:22:31.560Z"),
      name: "produce",
      description: "Fresh Produce"
    }
  }
]
Return a document as an object

If the UDF originally returned a single document, update it to return the document as an object instead:

@role("server-readonly")
function getCategory(name) {
  // Project any desired fields from the referenced
  // `Category` document.
 let product = Product.byName(name).first() {
    name,
    category {
      id,
      ts,
      name,
      description
    }
  }

  // Convert the Document to an object.
  Object.assign({}, product)
}

When called using a secret that lacks privileges on the referenced document’s collection:

getCategory("limes")
{
  name: "limes",
  category: {
    id: "789",
    ts: Time("2099-12-13T16:25:53Z"),
    name: "produce",
    description: "Fresh Produce"
  }
}

Control access with UDFs

A common pattern is to allow access to sensitive data through a UDF. The pattern lets you control how the data is accessed without granting broader privileges.

For more control, you can customize the format of data returned by a UDF. This lets you mask, transform, or remove specific fields as needed.

Tutorial: Control access with ABAC

Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!