@adaptivestone/framework 3.4.2 → 4.0.0

package/CHANGELOG.md

@@ -1,3 +1,33 @@
+### 4.0.0 - DEV
+
+[BREAKING] change bcrypt encryption with scrypt
+[BREAKING] change internal express parser to formidable parser. Affect you if external formidable is used
+[BREAKING] should not affect any user. Changed email-templates module to internal implementation. Idea to keep dependensy list smaller
+[BREAKING] change i18n middleware to internal one. Nothing should be affected
+[BREAKING] now validation of request splitted between request and query
+[BREAKING] supportedLngs option added to i18n config
+[BREAKING] email inliner now looking for src/services/messaging/email/resources folder instead of 'build' folder.
+
+[BREAKING] Mongoose v7. https://mongoosejs.com/docs/migrating_to_7.html
+[BREAKING] Yup validation was updated to v1 https://github.com/jquense/yup/issues/1906
+
+[DEPRECATED] getExpress path is deprecated. Renamed to getHttpPath
+
+[NEW] pagination middleware
+[NEW] requestLogger middleware. Migrated from core server to be an middleware
+[NEW] CreateUser command
+[NEW] custom yup validator for validate File requests
+[UPDATE] updated deps
+[UPDATE] openApi generator support files
+[UPDATE] updated 18n middleware. Introduced internal cachce. Speed up of request processing up to 100%
+[UPDATE] cache drivers to JSON support BigInt numbers
+
+### 3.4.3
+
+[UPDATE] updated deps
+[FIX] fix tests for redis
+[FIX] support in tests TEST_FOLDER_EMAILS
+
 ### 3.4.2
 
 [UPDATE] updated deps

package/LICENCE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016-2023 Andrei Lahunou
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/cluster.js

@@ -1,5 +1,5 @@
-const cluster = require('cluster');
-const numCPUs = require('os').cpus().length;
+const cluster = require('node:cluster');
+const numCPUs = require('node:os').cpus().length;
 
 if (cluster.isMaster) {
   // eslint-disable-next-line no-console
@@ -22,5 +22,5 @@ if (cluster.isMaster) {
   });
 } else {
   // eslint-disable-next-line global-require
-  require('./server');
+  require('./index');
 }

package/commands/CreateUser.js

@@ -0,0 +1,27 @@
+const AbstractCommand = require('../modules/AbstractCommand');
+
+// Example: node src/cli createuser --email=somemail@gmail.com  --password=somePassword --roles=user,admin,someOtherRoles
+class CreateUser extends AbstractCommand {
+  async run() {
+    const User = this.app.getModel('User');
+    const { email, password, roles } = this.args;
+
+    if (!email || !password) {
+      this.logger.error('Input validation failded');
+      this.logger.error('Please add "email" and "password" variables');
+      return false;
+    }
+    const user = await User.create({
+      email,
+      password,
+      roles: roles?.split(','),
+    });
+    await user.generateToken();
+
+    this.logger.info(`User was created ${JSON.stringify(user, 0, 4)}`);
+
+    return user;
+  }
+}
+
+module.exports = CreateUser;

package/commands/Documentation.js

@@ -5,7 +5,7 @@ class Documentation extends AbstractCommand {
   async run() {
     const CM = new ControllerManager(this.app);
     this.app.documentation = [];
-    await CM.initControllers({ folders: this.app.foldersConfig });
+    await CM.initControllers();
     return this.app.documentation;
   }
 }

package/commands/GetOpenApiJson.js

@@ -1,4 +1,4 @@
-const fs = require('fs').promises;
+const fs = require('node:fs').promises;
 const AbstractCommand = require('../modules/AbstractCommand');
 
 /**
@@ -165,6 +165,7 @@ class GetOpenApiJson extends AbstractCommand {
         const routeTitle = route[Object.keys(route)[0]].name;
 
         const routeFields = route[Object.keys(route)[0]].fields;
+        const routeQueryFields = route[Object.keys(route)[0]].queryFields;
 
         if (!openApi.paths[routeName][methodName]) {
           openApi.paths[routeName][methodName] = {};
@@ -202,6 +203,17 @@ class GetOpenApiJson extends AbstractCommand {
           },
         };
 
+        for (const queryField of routeQueryFields) {
+          openApi.paths[routeName][methodName].parameters.push({
+            name: queryField.name,
+            in: 'query',
+            required: queryField?.required,
+            schema: {
+              type: queryField.type,
+            },
+          });
+        }
+
         for (const routeField of routeParameters) {
           openApi.paths[routeName][methodName].parameters.push({
             name: routeField,
@@ -216,34 +228,36 @@ class GetOpenApiJson extends AbstractCommand {
         if (routeFields.length) {
           const groupBodyFields = {};
           const requiredFields = [];
+          let isMultipartFormaData = false;
           for (const field of routeFields) {
-            if (field.isRequired) {
+            if (field.required) {
               requiredFields.push(field.name);
             }
 
-            if (field.type === 'object') {
-              groupBodyFields[field.name] = {};
-              const objectFields = {};
-              for (const objField of field.fields) {
-                objectFields[objField.name] = {
-                  // fields file has mixed type but openApi doesnt have this type
-                  type: objField.type === 'mixed' ? 'string' : objField.type,
+            switch (field.type) {
+              case 'object':
+                groupBodyFields[field.name] = {
+                  properties: {},
                 };
-              }
 
-              groupBodyFields[field.name].properties = objectFields;
-            } else {
-              groupBodyFields[field.name] = {
-                type: field.type,
-              };
+                for (const objField of field.fields) {
+                  groupBodyFields[field.name].properties[objField.name] = {
+                    // fields file has mixed type but openApi doesnt have this type
+                    type: objField.type === 'mixed' ? 'string' : objField.type,
+                  };
+                }
+
+                break;
 
-              if (field.type === 'array') {
-                groupBodyFields[field.name].items = {
-                  type: field.innerType,
+              case 'array':
+                groupBodyFields[field.name] = {
+                  items: {
+                    type: field.innerType,
+                  },
                 };
-              }
+                break;
 
-              if (field.type === 'lazy') {
+              case 'lazy':
                 groupBodyFields[field.name] = {
                   oneOf: [
                     {
@@ -254,13 +268,29 @@ class GetOpenApiJson extends AbstractCommand {
                     },
                   ],
                 };
-              }
+                break;
+
+              case 'file':
+                groupBodyFields[field.name] = {
+                  type: 'string',
+                  format: 'binary',
+                };
+                isMultipartFormaData = true;
+                break;
+              default:
+                groupBodyFields[field.name] = {
+                  type: field.type,
+                };
             }
           }
 
+          const contentType = isMultipartFormaData
+            ? 'multipart/form-data'
+            : 'application/json';
+
           openApi.paths[routeName][methodName].requestBody = {
             content: {
-              'application/json': {
+              [contentType]: {
                 schema: {
                   type: 'object',
                   properties: groupBodyFields,
@@ -271,7 +301,7 @@ class GetOpenApiJson extends AbstractCommand {
 
           if (requiredFields.length) {
             openApi.paths[routeName][methodName].requestBody.content[
-              'application/json'
+              contentType
             ].schema.required = requiredFields;
           }
         }

package/commands/migration/Create.js

@@ -1,5 +1,5 @@
-const path = require('path');
-const fs = require('fs').promises;
+const path = require('node:path');
+const fs = require('node:fs').promises;
 
 const AbstractCommand = require('../../modules/AbstractCommand');
 

package/config/auth.js

@@ -1,5 +1,5 @@
 module.exports = {
-  saltRounds: 10,
+  hashRounds: 64,
   saltSecret: process.env.AUTH_SALT || 'gdfg45667_%%^trterte',
   isAuthWithVefificationFlow: true,
 };

package/config/i18n.js

@@ -1,11 +1,12 @@
+/**
+ * You can use any options from https://www.i18next.com/overview/configuration-options
+ */
 module.exports = {
   enabled: true,
   preload: ['en', 'ru'],
+  supportedLngs: ['en', 'ru'], // should be at least one supported
   fallbackLng: 'en',
   saveMissing: false,
   debug: false,
-  // https://github.com/i18next/i18next-http-middleware#detector-options
-  // in additional we have 'xLang' that detect language based on header 'xLang'
-  langDetectionOders: ['xLang'], // from order option
   lookupQuerystring: 'lng', // string to detect language on query
 };

package/config/mail.js

@@ -1,3 +1,5 @@
+const path = require('node:path');
+
 module.exports = {
   from: 'Localhost <info@localhost>',
   transports: {
@@ -20,6 +22,8 @@ module.exports = {
   transport: process.env.EMAIL_TRANSPORT || 'smtp',
   webResources: {
     // https://github.com/jrit/web-resource-inliner path to find resources
-    relativeTo: 'build',
+    relativeTo: path.resolve('src/services/messaging/email/resources'),
+    images: false,
   },
+  globalVariablesToTemplates: {},
 };

package/controllers/Home.js

@@ -12,11 +12,11 @@ class Home extends AbstractController {
 
   // eslint-disable-next-line class-methods-use-this
   async home(req, res) {
-    res.render('home');
+    return res.json({ message: 'Home' });
   }
 
   // eslint-disable-next-line class-methods-use-this
-  getExpressPath() {
+  getHttpPath() {
     return '/';
   }
 

package/controllers/Home.test.js

@@ -0,0 +1,11 @@
+const request = require('supertest');
+
+describe('home', () => {
+  it('can open home have', async () => {
+    expect.assertions(1);
+    const { status } = await request(global.server.app.httpServer.express).get(
+      '/',
+    );
+    expect(status).toBe(200);
+  });
+});

package/controllers/index.js

@@ -1,25 +1,22 @@
-const path = require('path');
+const path = require('node:path');
 const Base = require('../modules/Base');
 
 /**
- * Class do autoloading a http comntrollers
+ * Class do autoloading a http controllers
  */
 class ControllerManager extends Base {
   constructor(app) {
     super(app);
-    this.app.controllers = {};
+    this.controllers = {};
   }
 
   /**
    * Load controllers
-   * @param {object} folderConfig
-   * @param {object} folderConfig.folders  server folder config
-   * @param {string} folderConfig.controllers  controller folder path
    */
-  async initControllers(folderConfig) {
+  async initControllers() {
     const controllersToLoad = await this.getFilesPathWithInheritance(
       __dirname,
-      folderConfig.folders.controllers,
+      this.app.foldersConfig.controllers,
     );
 
     controllersToLoad.sort((a, b) => {
@@ -31,9 +28,12 @@ class ControllerManager extends Base {
       }
       return 0;
     });
-
+    // const controllers = [];
     for (const controller of controllersToLoad) {
-      // eslint-disable-next-line global-require, import/no-dynamic-require
+      // TODO wait until https://github.com/nodejs/node/issues/35889
+      // controllers.push(
+      // import(controller.path).then(({ default: ControllerModule }) => {
+      // eslint-disable-next-line import/no-dynamic-require, global-require
       const ControllerModule = require(controller.path);
       const contollerName = ControllerModule.name.toLowerCase();
       let prefix = path.dirname(controller.file);
@@ -41,13 +41,13 @@ class ControllerManager extends Base {
         prefix = '';
       }
       const controllePath = prefix
-        ? `${contollerName}/${contollerName}`
+        ? `${prefix}/${contollerName}`
         : contollerName;
-      this.app.controllers[controllePath] = new ControllerModule(
-        this.app,
-        prefix,
-      );
+      this.controllers[controllePath] = new ControllerModule(this.app, prefix);
+      // }),
+      // );
     }
+    // await Promise.all(controllers);
   }
 
   static get loggerGroup() {

package/folderConfig.js

@@ -1,4 +1,4 @@
-const path = require('path');
+const path = require('node:path');
 
 module.exports = {
   folders: {

package/helpers/yup.js

@@ -0,0 +1,24 @@
+const { Schema } = require('yup');
+const formidable = require('formidable');
+
+/**
+ * Validator for file
+ * use as
+ * @example
+ * request: yup.object().shape({
+ *          someFile: new YupFile().required(),
+ * })
+ */
+class YupFile extends Schema {
+  constructor() {
+    super({
+      type: 'file',
+      check: (value) => value instanceof formidable.PersistentFile,
+    });
+  }
+}
+
+module.exports = {
+  // eslint-disable-next-line import/prefer-default-export
+  YupFile,
+};

package/index.js

@@ -0,0 +1,8 @@
+const Server = require('./server');
+const folderConfig = require('./folderConfig');
+
+const server = new Server(folderConfig);
+
+server.startServer().then(() => {
+  console.log(server.app.controllerManager.controllers);
+});

package/models/User.js

@@ -1,5 +1,7 @@
 /* eslint-disable no-param-reassign */
-const bcrypt = require('bcrypt');
+
+const { scrypt } = require('node:crypto');
+const { promisify } = require('node:util');
 
 const AbstractModel = require('../modules/AbstractModel');
 
@@ -9,12 +11,12 @@ class User extends AbstractModel {
   constructor(app) {
     super(app);
     const authConfig = this.app.getConfig('auth');
-    this.saltRounds = authConfig.saltRounds;
+    this.hashRounds = authConfig.hashRounds;
     this.saltSecret = authConfig.saltSecret;
   }
 
   initHooks() {
-    this.mongooseSchema.pre('save', async function () {
+    this.mongooseSchema.pre('save', async function userPreSaveHook() {
       if (this.isModified('password')) {
         this.password = await this.constructor.hashPassword(this.password);
       }
@@ -72,12 +74,9 @@ class User extends AbstractModel {
     if (!data) {
       return false;
     }
-    const same = await bcrypt.compare(
-      String(password) + data.constructor.getSuper().saltSecret,
-      data.password,
-    );
+    const hashedPasswords = await this.hashPassword(password);
 
-    if (!same) {
+    if (data.password !== hashedPasswords) {
       return false;
     }
     return data;
@@ -86,10 +85,13 @@ class User extends AbstractModel {
   async generateToken() {
     const timestamp = new Date();
     timestamp.setDate(timestamp.getDate() + 30);
-    const token = await bcrypt.hash(
+    const scryptAsync = promisify(scrypt);
+    const data = await scryptAsync(
       this.email + Date.now(),
-      this.constructor.getSuper().saltRounds,
+      this.constructor.getSuper().saltSecret,
+      this.constructor.getSuper().hashRounds,
     );
+    const token = data.toString('base64url');
     this.sessionTokens.push({ token, valid: timestamp });
     await this.save();
     return { token, valid: timestamp };
@@ -108,10 +110,13 @@ class User extends AbstractModel {
   }
 
   static async hashPassword(password) {
-    return bcrypt.hash(
-      String(password) + this.getSuper().saltSecret,
-      this.getSuper().saltRounds,
+    const scryptAsync = promisify(scrypt);
+    const data = await scryptAsync(
+      String(password),
+      this.getSuper().saltSecret,
+      this.getSuper().hashRounds,
     );
+    return data.toString('base64url');
   }
 
   static async getUserByToken(token) {
@@ -130,10 +135,13 @@ class User extends AbstractModel {
   static async generateUserPasswordRecoveryToken(userMongoose) {
     const date = new Date();
     date.setDate(date.getDate() + 14);
-    const token = await bcrypt.hash(
+    const scryptAsync = promisify(scrypt);
+    const data = await scryptAsync(
       userMongoose.email + Date.now(),
-      userMongoose.constructor.getSuper().saltRounds,
+      userMongoose.constructor.getSuper().saltSecret,
+      userMongoose.constructor.getSuper().hashRounds,
     );
+    const token = data.toString('base64url');
     //       if (err) {
     //     this.logger.error("Hash 2 error ", err);
     //     reject(err);
@@ -184,10 +192,13 @@ class User extends AbstractModel {
   static async generateUserVerificationToken(userMongoose) {
     const date = new Date();
     date.setDate(date.getDate() + 14);
-    const token = await bcrypt.hash(
+    const scryptAsync = promisify(scrypt);
+    const data = await scryptAsync(
       userMongoose.email + Date.now(),
-      userMongoose.constructor.getSuper().saltRounds,
+      userMongoose.constructor.getSuper().saltSecret,
+      userMongoose.constructor.getSuper().hashRounds,
     );
+    const token = data.toString('base64url');
     // if (err) {
     //     this.logger.error("Hash 2 error ", err);
     //     reject(err);
@@ -219,16 +230,16 @@ class User extends AbstractModel {
     return result;
   }
 
-  removeVerificationToken(verificationToken) {
-    this.mongooseModel.updateOne(
-      {
-        verificationTokens: {
-          $elemMatch: { token: String(verificationToken) },
-        },
-      },
-      { $pop: { verificationTokens: 1 } },
-    );
-  }
+  // async removeVerificationToken(verificationToken) {
+  //   this.mongooseModel.updateOne(
+  //     {
+  //       verificationTokens: {
+  //         $elemMatch: { token: String(verificationToken) },
+  //       },
+  //     },
+  //     { $pop: { verificationTokens: 1 } },
+  //   );
+  // }
 
   async sendVerificationEmail(i18n) {
     const verificationToken = await User.generateUserVerificationToken(this);

package/models/User.test.js

@@ -22,7 +22,7 @@ describe('user model', () => {
     const user = await global.server.app.getModel('User').findOne({
       email: userEmail,
     });
-    expect(user.password !== userPassword).toBe(true);
+    expect(user.password).not.toBe(userPassword);
   });
 
   it('passwords should not be changed on other fields save', async () => {
@@ -32,22 +32,74 @@ describe('user model', () => {
     });
     const psw = user.password;
     user.email = 'rrrr';
-    user.save();
+    await user.save();
+    user.email = userEmail;
+    await user.save();
 
-    expect(user.password === psw).toBe(true);
+    expect(user.password).toBe(psw);
   });
 
-  describe('getUserByVerificationToken', () => {
+  describe('getUserByEmailAndPassword', () => {
+    it('should WORK with valid creds', async () => {
+      expect.assertions(1);
+      const userModel = await global.server.app.getModel('User');
+      const user = await userModel.getUserByEmailAndPassword(
+        userEmail,
+        userPassword,
+      );
+      expect(user.id).toBe(globalUser.id);
+    });
+
+    it('should NOT with INvalid creds', async () => {
+      expect.assertions(1);
+      const userModel = await global.server.app.getModel('User');
+      const user = await userModel.getUserByEmailAndPassword(
+        userEmail,
+        'wrongPassword',
+      );
+      expect(user).toBe(false);
+    });
+
+    it('should NOT with wrong email', async () => {
+      expect.assertions(1);
+      const userModel = await global.server.app.getModel('User');
+      const user = await userModel.getUserByEmailAndPassword(
+        'not@exists.com',
+        userPassword,
+      );
+      expect(user).toBe(false);
+    });
+  });
+
+  describe('getUserByToken', () => {
     it('should NOT work for non valid token', async () => {
-      expect.assertions(2);
+      expect.assertions(1);
+
+      const user = await global.server.app
+        .getModel('User')
+        .getUserByToken('fake one');
+      expect(user).toBe(false);
+    });
 
+    it('should  work for VALID token', async () => {
+      expect.assertions(1);
+      const token = await globalUser.generateToken();
       const user = await global.server.app
         .getModel('User')
-        .getUserByVerificationToken('fake one')
-        .catch((e) => {
-          expect(e).toBeDefined();
-        });
-      expect(user).toBeUndefined();
+        .getUserByToken(token.token);
+      expect(user.id).toBe(globalUser.id);
+    });
+  });
+
+  describe('getUserByVerificationToken', () => {
+    it('should NOT work for non valid token', async () => {
+      expect.assertions(1);
+
+      await expect(
+        global.server.app
+          .getModel('User')
+          .getUserByVerificationToken('fake one'),
+      ).rejects.toStrictEqual(new Error('User not exists'));
     });
 
     it('should  work for VALID token', async () => {
@@ -65,15 +117,13 @@ describe('user model', () => {
 
   describe('getUserByPasswordRecoveryToken', () => {
     it('should NOT work for non valid token', async () => {
-      expect.assertions(2);
+      expect.assertions(1);
 
-      const user = await global.server.app
-        .getModel('User')
-        .getUserByPasswordRecoveryToken('fake one')
-        .catch((e) => {
-          expect(e).toBeDefined();
-        });
-      expect(user).toBeUndefined();
+      await expect(
+        global.server.app
+          .getModel('User')
+          .getUserByPasswordRecoveryToken('fake one'),
+      ).rejects.toStrictEqual(new Error('User not exists'));
     });
 
     it('should  work for VALID token', async () => {