npm - @actual-app/sync-server - Versions diffs - 25.4.0-alpha.0 - Mend

@actual-app/sync-server 25.4.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/.dockerignore +12 -0
package/README.md +19 -0
package/app.js +11 -0
package/babel.config.json +3 -0
package/bin/@actual-app/sync-server +55 -0
package/docker/alpine.Dockerfile +62 -0
package/docker/ubuntu.Dockerfile +63 -0
package/docker-compose.yml +29 -0
package/jest.config.json +19 -0
package/jest.global-setup.js +101 -0
package/jest.global-teardown.js +6 -0
package/migrations/1694360000000-create-folders.js +25 -0
package/migrations/1694360479680-create-account-db.js +30 -0
package/migrations/1694362247011-create-secret-table.js +16 -0
package/migrations/1702667624000-rename-nordigen-secrets.js +19 -0
package/migrations/1718889148000-openid.js +41 -0
package/migrations/1719409568000-multiuser.js +116 -0
package/package.json +64 -0
package/src/account-db.js +239 -0
package/src/accounts/openid.js +361 -0
package/src/accounts/password.js +149 -0
package/src/app-account.js +155 -0
package/src/app-admin.js +410 -0
package/src/app-admin.test.js +381 -0
package/src/app-gocardless/README.md +198 -0
package/src/app-gocardless/app-gocardless.js +274 -0
package/src/app-gocardless/bank-factory.js +91 -0
package/src/app-gocardless/banks/abanca_caglesmm.js +22 -0
package/src/app-gocardless/banks/abnamro_abnanl2a.js +57 -0
package/src/app-gocardless/banks/american_express_aesudef1.js +40 -0
package/src/app-gocardless/banks/bancsabadell_bsabesbbb.js +31 -0
package/src/app-gocardless/banks/bank.interface.ts +51 -0
package/src/app-gocardless/banks/bank_of_ireland_b365_bofiie2d.js +39 -0
package/src/app-gocardless/banks/bankinter_bkbkesmm.js +24 -0
package/src/app-gocardless/banks/belfius_gkccbebb.js +17 -0
package/src/app-gocardless/banks/berliner_sparkasse_beladebexxx.js +61 -0
package/src/app-gocardless/banks/bnp_be_gebabebb.js +73 -0
package/src/app-gocardless/banks/cbc_cregbebb.js +34 -0
package/src/app-gocardless/banks/commerzbank_cobadeff.js +51 -0
package/src/app-gocardless/banks/danskebank_dabno22.js +39 -0
package/src/app-gocardless/banks/direkt_heladef1822.js +18 -0
package/src/app-gocardless/banks/easybank_bawaatww.js +50 -0
package/src/app-gocardless/banks/entercard_swednokk.js +40 -0
package/src/app-gocardless/banks/fortuneo_ftnofrp1xxx.js +46 -0
package/src/app-gocardless/banks/hype_hyeeit22.js +74 -0
package/src/app-gocardless/banks/ing_ingbrobu.js +70 -0
package/src/app-gocardless/banks/ing_ingddeff.js +47 -0
package/src/app-gocardless/banks/ing_pl_ingbplpw.js +46 -0
package/src/app-gocardless/banks/integration-bank.js +115 -0
package/src/app-gocardless/banks/isybank_itbbitmm.js +18 -0
package/src/app-gocardless/banks/kbc_kredbebb.js +33 -0
package/src/app-gocardless/banks/lhv-lhvbee22.js +36 -0
package/src/app-gocardless/banks/mbank_retail_brexplpw.js +56 -0
package/src/app-gocardless/banks/nationwide_naiagb21.js +46 -0
package/src/app-gocardless/banks/nbg_ethngraaxxx.js +51 -0
package/src/app-gocardless/banks/norwegian_xx_norwnok1.js +74 -0
package/src/app-gocardless/banks/revolut_revolt21.js +37 -0
package/src/app-gocardless/banks/sandboxfinance_sfin0000.js +28 -0
package/src/app-gocardless/banks/seb_kort_bank_ab.js +58 -0
package/src/app-gocardless/banks/seb_privat.js +29 -0
package/src/app-gocardless/banks/sparnord_spnodk22.js +24 -0
package/src/app-gocardless/banks/spk_karlsruhe_karsde66.js +61 -0
package/src/app-gocardless/banks/spk_marburg_biedenkopf_heladef1mar.js +30 -0
package/src/app-gocardless/banks/spk_worms_alzey_ried_malade51wor.js +19 -0
package/src/app-gocardless/banks/ssk_dusseldorf_dussdeddxxx.js +50 -0
package/src/app-gocardless/banks/swedbank_habalv22.js +47 -0
package/src/app-gocardless/banks/tests/abanca_caglesmm.spec.js +21 -0
package/src/app-gocardless/banks/tests/abnamro_abnanl2a.spec.js +61 -0
package/src/app-gocardless/banks/tests/bancsabadell_bsabesbbb.spec.js +53 -0
package/src/app-gocardless/banks/tests/belfius_gkccbebb.spec.js +22 -0
package/src/app-gocardless/banks/tests/cbc_cregbebb.spec.js +34 -0
package/src/app-gocardless/banks/tests/commerzbank_cobadeff.spec.js +110 -0
package/src/app-gocardless/banks/tests/easybank_bawaatww.spec.js +54 -0
package/src/app-gocardless/banks/tests/fortuneo_ftnofrp1xxx.spec.js +206 -0
package/src/app-gocardless/banks/tests/ing_ingddeff.spec.js +302 -0
package/src/app-gocardless/banks/tests/ing_pl_ingbplpw.spec.js +202 -0
package/src/app-gocardless/banks/tests/integration_bank.spec.js +158 -0
package/src/app-gocardless/banks/tests/kbc_kredbebb.spec.js +38 -0
package/src/app-gocardless/banks/tests/lhv-lhvbee22.spec.js +68 -0
package/src/app-gocardless/banks/tests/mbank_retail_brexplpw.spec.js +171 -0
package/src/app-gocardless/banks/tests/nationwide_naiagb21.spec.js +105 -0
package/src/app-gocardless/banks/tests/nbg_ethngraaxxx.spec.js +48 -0
package/src/app-gocardless/banks/tests/revolut_revolt21.spec.js +42 -0
package/src/app-gocardless/banks/tests/sandboxfinance_sfin0000.spec.js +133 -0
package/src/app-gocardless/banks/tests/spk_marburg_biedenkopf_heladef1mar.spec.js +256 -0
package/src/app-gocardless/banks/tests/ssk_dusseldorf_dussdeddxxx.spec.js +102 -0
package/src/app-gocardless/banks/tests/swedbank_habalv22.spec.js +57 -0
package/src/app-gocardless/banks/tests/virgin_nrnbgb22.spec.js +54 -0
package/src/app-gocardless/banks/util/extract-payeeName-from-remittanceInfo.js +36 -0
package/src/app-gocardless/banks/virgin_nrnbgb22.js +39 -0
package/src/app-gocardless/errors.js +84 -0
package/src/app-gocardless/gocardless-node.types.ts +497 -0
package/src/app-gocardless/gocardless.types.ts +93 -0
package/src/app-gocardless/link.html +18 -0
package/src/app-gocardless/services/gocardless-service.js +620 -0
package/src/app-gocardless/services/tests/fixtures.js +181 -0
package/src/app-gocardless/services/tests/gocardless-service.spec.js +537 -0
package/src/app-gocardless/tests/bank-factory.spec.js +20 -0
package/src/app-gocardless/tests/utils.spec.js +162 -0
package/src/app-gocardless/util/handle-error.js +16 -0
package/src/app-gocardless/utils.js +45 -0
package/src/app-openid.js +108 -0
package/src/app-pluggyai/app-pluggyai.js +215 -0
package/src/app-pluggyai/pluggyai-service.js +120 -0
package/src/app-secrets.js +61 -0
package/src/app-simplefin/app-simplefin.js +418 -0
package/src/app-sync/errors.js +13 -0
package/src/app-sync/services/files-service.js +243 -0
package/src/app-sync/tests/services/files-service.test.js +250 -0
package/src/app-sync/validation.js +77 -0
package/src/app-sync.js +391 -0
package/src/app-sync.test.js +877 -0
package/src/app.js +145 -0
package/src/config-types.ts +44 -0
package/src/db.js +58 -0
package/src/load-config.js +307 -0
package/src/migrations.js +36 -0
package/src/run-migrations.js +8 -0
package/src/scripts/disable-openid.js +44 -0
package/src/scripts/enable-openid.js +53 -0
package/src/scripts/health-check.js +23 -0
package/src/scripts/reset-password.js +51 -0
package/src/secrets.test.js +83 -0
package/src/services/secrets-service.js +94 -0
package/src/services/user-service.js +272 -0
package/src/sql/messages.sql +9 -0
package/src/sync-simple.js +95 -0
package/src/util/hash.js +5 -0
package/src/util/middlewares.js +62 -0
package/src/util/paths.js +13 -0
package/src/util/payee-name.js +45 -0
package/src/util/prompt.js +88 -0
package/src/util/title/index.js +59 -0
package/src/util/title/lower-case.js +93 -0
package/src/util/title/specials.js +21 -0
package/src/util/validate-user.js +68 -0
package/tsconfig.json +21 -0

package/src/app-sync.js ADDED Viewed

@@ -0,0 +1,391 @@
+import { Buffer } from 'node:buffer';
+import fs from 'node:fs/promises';
+import { SyncProtoBuf } from '@actual-app/crdt';
+import express from 'express';
+import { v4 as uuidv4 } from 'uuid';
+import { getAccountDb } from './account-db.js';
+import { FileNotFound } from './app-sync/errors.js';
+import {
+  File,
+  FilesService,
+  FileUpdate,
+} from './app-sync/services/files-service.js';
+import {
+  validateSyncedFile,
+  validateUploadedFile,
+} from './app-sync/validation.js';
+import * as simpleSync from './sync-simple.js';
+import {
+  errorMiddleware,
+  requestLoggerMiddleware,
+  validateSessionMiddleware,
+} from './util/middlewares.js';
+import { getPathForUserFile, getPathForGroupFile } from './util/paths.js';
+const app = express();
+app.use(validateSessionMiddleware);
+app.use(errorMiddleware);
+app.use(requestLoggerMiddleware);
+app.use(express.raw({ type: 'application/actual-sync' }));
+app.use(express.raw({ type: 'application/encrypted-file' }));
+app.use(express.json());
+export { app as handlers };
+const OK_RESPONSE = { status: 'ok' };
+function boolToInt(deleted) {
+  return deleted ? 1 : 0;
+}
+const verifyFileExists = (fileId, filesService, res, errorObject) => {
+  try {
+    return filesService.get(fileId);
+  } catch (e) {
+    if (e instanceof FileNotFound) {
+      //FIXME: error code should be 404. Need to make sure frontend is ok with it.
+      //TODO: put this into a middleware that checks if FileNotFound is thrown and returns 404 and same error message
+      // for every FileNotFound error
+      res.status(400).send(errorObject);
+      return;
+    }
+    throw e;
+  }
+};
+app.post('/sync', async (req, res) => {
+  let requestPb;
+  try {
+    requestPb = SyncProtoBuf.SyncRequest.deserializeBinary(req.body);
+  } catch (e) {
+    console.log('Error parsing sync request', e);
+    res.status(500);
+    res.send({ status: 'error', reason: 'internal-error' });
+    return;
+  }
+  const fileId = requestPb.getFileid() || null;
+  const groupId = requestPb.getGroupid() || null;
+  const keyId = requestPb.getKeyid() || null;
+  const since = requestPb.getSince() || null;
+  const messages = requestPb.getMessagesList();
+  if (!since) {
+    return res.status(422).send({
+      details: 'since-required',
+      reason: 'unprocessable-entity',
+      status: 'error',
+    });
+  }
+  const filesService = new FilesService(getAccountDb());
+  const currentFile = verifyFileExists(
+    fileId,
+    filesService,
+    res,
+    'file-not-found',
+  );
+  if (!currentFile) {
+    return;
+  }
+  const errorMessage = validateSyncedFile(groupId, keyId, currentFile);
+  if (errorMessage) {
+    res.status(400);
+    res.send(errorMessage);
+    return;
+  }
+  const { trie, newMessages } = simpleSync.sync(messages, since, groupId);
+  // encode it back...
+  const responsePb = new SyncProtoBuf.SyncResponse();
+  responsePb.setMerkle(JSON.stringify(trie));
+  newMessages.forEach(msg => responsePb.addMessages(msg));
+  res.set('Content-Type', 'application/actual-sync');
+  res.set('X-ACTUAL-SYNC-METHOD', 'simple');
+  res.send(Buffer.from(responsePb.serializeBinary()));
+});
+app.post('/user-get-key', (req, res) => {
+  if (!res.locals) return;
+  const { fileId } = req.body;
+  const filesService = new FilesService(getAccountDb());
+  const file = verifyFileExists(fileId, filesService, res, 'file-not-found');
+  if (!file) {
+    return;
+  }
+  res.send({
+    status: 'ok',
+    data: {
+      id: file.encryptKeyId,
+      salt: file.encryptSalt,
+      test: file.encryptTest,
+    },
+  });
+});
+app.post('/user-create-key', (req, res) => {
+  const { fileId, keyId, keySalt, testContent } = req.body;
+  const filesService = new FilesService(getAccountDb());
+  if (!verifyFileExists(fileId, filesService, res, 'file not found')) {
+    return;
+  }
+  filesService.update(
+    fileId,
+    new FileUpdate({
+      encryptSalt: keySalt,
+      encryptKeyId: keyId,
+      encryptTest: testContent,
+    }),
+  );
+  res.send(OK_RESPONSE);
+});
+app.post('/reset-user-file', async (req, res) => {
+  const { fileId } = req.body;
+  const filesService = new FilesService(getAccountDb());
+  const file = verifyFileExists(
+    fileId,
+    filesService,
+    res,
+    'User or file not found',
+  );
+  if (!file) {
+    return;
+  }
+  const groupId = file.groupId;
+  filesService.update(fileId, new FileUpdate({ groupId: null }));
+  if (groupId) {
+    try {
+      await fs.unlink(getPathForGroupFile(groupId));
+    } catch {
+      console.log(`Unable to delete sync data for group "${groupId}"`);
+    }
+  }
+  res.send(OK_RESPONSE);
+});
+app.post('/upload-user-file', async (req, res) => {
+  if (typeof req.headers['x-actual-name'] !== 'string') {
+    // FIXME: Not sure how this cannot be a string when the header is
+    // set.
+    res.status(400).send('single x-actual-name is required');
+    return;
+  }
+  const name = decodeURIComponent(req.headers['x-actual-name']);
+  const fileId = req.headers['x-actual-file-id'];
+  if (!fileId || typeof fileId !== 'string') {
+    res.status(400).send('fileId is required');
+    return;
+  }
+  let groupId = req.headers['x-actual-group-id'] || null;
+  const encryptMeta = req.headers['x-actual-encrypt-meta'] || null;
+  const syncFormatVersion = req.headers['x-actual-format'] || null;
+  const keyId =
+    encryptMeta && typeof encryptMeta === 'string'
+      ? JSON.parse(encryptMeta).keyId
+      : null;
+  const filesService = new FilesService(getAccountDb());
+  let currentFile;
+  try {
+    currentFile = filesService.get(fileId);
+  } catch (e) {
+    if (e instanceof FileNotFound) {
+      currentFile = null;
+    } else {
+      throw e;
+    }
+  }
+  const errorMessage = validateUploadedFile(groupId, keyId, currentFile);
+  if (errorMessage) {
+    res.status(400).send(errorMessage);
+    return;
+  }
+  try {
+    await fs.writeFile(getPathForUserFile(fileId), req.body);
+  } catch (err) {
+    console.log('Error writing file', err);
+    res.status(500).send({ status: 'error' });
+    return;
+  }
+  if (!currentFile) {
+    // it's new
+    groupId = uuidv4();
+    filesService.set(
+      new File({
+        id: fileId,
+        groupId,
+        syncVersion: syncFormatVersion,
+        name,
+        encryptMeta,
+        owner:
+          res.locals.user_id ||
+          (() => {
+            throw new Error('User ID is required for file creation');
+          })(),
+      }),
+    );
+    res.send({ status: 'ok', groupId });
+    return;
+  }
+  if (!groupId) {
+    // sync state was reset, create new group
+    groupId = uuidv4();
+    filesService.update(fileId, new FileUpdate({ groupId }));
+  }
+  // Regardless, update some properties
+  filesService.update(
+    fileId,
+    new FileUpdate({
+      syncVersion: syncFormatVersion,
+      encryptMeta,
+      name,
+    }),
+  );
+  res.send({ status: 'ok', groupId });
+});
+app.get('/download-user-file', async (req, res) => {
+  const fileId = req.headers['x-actual-file-id'];
+  if (typeof fileId !== 'string') {
+    // FIXME: Not sure how this cannot be a string when the header is
+    // set.
+    res.status(400).send('Single file ID is required');
+    return;
+  }
+  const filesService = new FilesService(getAccountDb());
+  if (!verifyFileExists(fileId, filesService, res, 'User or file not found')) {
+    return;
+  }
+  res.setHeader('Content-Disposition', `attachment;filename=${fileId}`);
+  res.sendFile(getPathForUserFile(fileId));
+});
+app.post('/update-user-filename', (req, res) => {
+  const { fileId, name } = req.body;
+  const filesService = new FilesService(getAccountDb());
+  if (!verifyFileExists(fileId, filesService, res, 'file not found')) {
+    return;
+  }
+  filesService.update(fileId, new FileUpdate({ name }));
+  res.send(OK_RESPONSE);
+});
+app.get('/list-user-files', (req, res) => {
+  const fileService = new FilesService(getAccountDb());
+  const rows = fileService.find({ userId: res.locals.user_id });
+  res.send({
+    status: 'ok',
+    data: rows.map(row => ({
+      deleted: boolToInt(row.deleted),
+      fileId: row.id,
+      groupId: row.groupId,
+      name: row.name,
+      encryptKeyId: row.encryptKeyId,
+      owner: row.owner,
+      usersWithAccess: fileService.findUsersWithAccess(row.id).map(access => ({
+        ...access,
+        owner: access.userId === row.owner,
+      })),
+    })),
+  });
+});
+app.get('/get-user-file-info', (req, res) => {
+  const fileId = req.headers['x-actual-file-id'];
+  // TODO: Return 422 if fileId is not provided. Need to make sure frontend can handle it
+  // if (!fileId) {
+  //   return res.status(422).send({
+  //     details: 'fileId-required',
+  //     reason: 'unprocessable-entity',
+  //     status: 'error',
+  //   });
+  // }
+  const fileService = new FilesService(getAccountDb());
+  const file = verifyFileExists(fileId, fileService, res, {
+    status: 'error',
+    reason: 'file-not-found',
+  });
+  if (!file) {
+    return;
+  }
+  res.send({
+    status: 'ok',
+    data: {
+      deleted: boolToInt(file.deleted), //   FIXME: convert to boolean, make sure it works in the frontend
+      fileId: file.id,
+      groupId: file.groupId,
+      name: file.name,
+      encryptMeta: file.encryptMeta ? JSON.parse(file.encryptMeta) : null,
+      usersWithAccess: fileService.findUsersWithAccess(file.id).map(access => ({
+        ...access,
+        owner: access.userId === file.owner,
+      })),
+    },
+  });
+});
+app.post('/delete-user-file', (req, res) => {
+  const { fileId } = req.body;
+  if (!fileId) {
+    return res.status(422).send({
+      details: 'fileId-required',
+      reason: 'unprocessable-entity',
+      status: 'error',
+    });
+  }
+  const filesService = new FilesService(getAccountDb());
+  if (!verifyFileExists(fileId, filesService, res, 'file-not-found')) {
+    return;
+  }
+  filesService.update(fileId, new FileUpdate({ deleted: true }));
+  res.send(OK_RESPONSE);
+});