@adaptivestone/framework 4.11.4 → 5.0.0-alpha.10

package/services/http/middleware/IpDetector.js

@@ -0,0 +1,59 @@
+import { BlockList } from 'node:net';
+
+import AbstractMiddleware from './AbstractMiddleware.js';
+
+class IpDetector extends AbstractMiddleware {
+  static get description() {
+    return 'Detect real user IP address. Support proxy and load balancer';
+  }
+
+  constructor(app, params) {
+    super(app, params);
+    const { trustedProxy } = this.app.getConfig('ipDetector');
+
+    this.blockList = new BlockList();
+
+    for (const subnet of trustedProxy) {
+      const addressType = subnet.includes(':') ? 'ipv6' : 'ipv4';
+      if (subnet.includes('/')) {
+        // CIDR
+        const [realSubnet, prefixLength] = subnet.split('/');
+        this.blockList.addSubnet(
+          realSubnet,
+          parseInt(prefixLength, 10),
+          addressType,
+        );
+      } else if (subnet.includes('-')) {
+        // RANGE
+        const [start, end] = subnet.split('-');
+        this.blockList.addRange(start, end, addressType);
+      } else {
+        // just an address
+        this.blockList.addAddress(subnet, addressType);
+      }
+    }
+  }
+
+  async middleware(req, res, next) {
+    const { headers } = this.app.getConfig('ipDetector');
+    const initialIp = req.socket.remoteAddress;
+    req.appInfo.ip = initialIp;
+    const addressType = initialIp.includes(':') ? 'ipv6' : 'ipv4';
+
+    if (this.blockList.check(initialIp, addressType)) {
+      // we can trust this source
+      for (const header of headers) {
+        // in a range
+        const ipHeader = req.headers[header.toLowerCase()];
+        if (ipHeader) {
+          const [firstIp] = ipHeader.split(',').map((ip) => ip.trim());
+          req.appInfo.ip = firstIp;
+          break;
+        }
+      }
+    }
+    next();
+  }
+}
+
+export default IpDetector;

package/services/http/middleware/IpDetector.test.js

@@ -0,0 +1,143 @@
+import { describe, it, expect } from 'vitest';
+import IpDetector from './IpDetector.js';
+
+const testVectors = [
+  // IPv4 CIDR blocks
+  {
+    cidr: '192.168.0.0/16',
+    tests: [
+      { ip: '192.168.1.1', matches: true },
+      { ip: '192.169.1.1', matches: false },
+    ],
+  },
+  {
+    cidr: '10.0.0.0/8',
+    tests: [
+      { ip: '10.0.0.1', matches: true },
+      { ip: '11.0.0.1', matches: false },
+    ],
+  },
+  {
+    cidr: '172.16.0.0/12',
+    tests: [
+      { ip: '172.16.0.1', matches: true },
+      { ip: '172.32.0.1', matches: false },
+    ],
+  },
+
+  // // IPv6 CIDR blocks
+  {
+    cidr: '2001:db8::/32',
+    tests: [
+      { ip: '2001:db8::1', matches: true },
+      { ip: '2001:db9::1', matches: false },
+    ],
+  },
+  {
+    cidr: 'fe80::/10',
+    tests: [
+      { ip: 'fe80::1', matches: true },
+      { ip: 'fec0::1', matches: false },
+    ],
+  },
+  {
+    cidr: '::ffff:0:0/96',
+    tests: [
+      { ip: '::ffff:192.0.2.1', matches: true },
+      { ip: '2001:db8::1', matches: false },
+    ],
+  },
+
+  // // Specific IPv4 addresses
+  {
+    cidr: '203.0.113.1/32',
+    tests: [
+      { ip: '203.0.113.1', matches: true },
+      { ip: '203.0.113.2', matches: false },
+    ],
+  },
+
+  // // Specific IPv6 addresses
+  {
+    cidr: '2001:db8:85a3::8a2e:370:7334/128',
+    tests: [
+      { ip: '2001:db8:85a3::8a2e:370:7334', matches: true },
+      { ip: '2001:db8:85a3::8a2e:370:7335', matches: false },
+    ],
+  },
+
+  // // Mixed scenarios
+  {
+    cidr: '::ffff:192.0.2.0/120',
+    tests: [
+      { ip: '::ffff:192.0.2.1', matches: true },
+      { ip: '192.0.2.1', matches: true }, // IPv4-mapped addresses should match their IPv4 equivalents
+      { ip: '::ffff:192.0.3.1', matches: false },
+    ],
+  },
+
+  // // Edge cases
+  {
+    cidr: '0.0.0.0/0',
+    tests: [
+      { ip: '0.0.0.0', matches: true },
+      { ip: '255.255.255.255', matches: true },
+      { ip: '2001:db8::1', matches: false }, // Matches any IPv4 but not IPv6
+    ],
+  },
+  {
+    cidr: '::/0',
+    tests: [
+      { ip: '::1', matches: true },
+      { ip: 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff', matches: true },
+      { ip: '192.168.1.1', matches: true },
+    ],
+  },
+  {
+    cidr: '8.8.8.8-8.8.8.10', // our feature range
+    tests: [
+      { ip: '8.8.8.7', matches: false },
+      { ip: '8.8.8.8', matches: true },
+      { ip: '8.8.8.9', matches: true },
+      { ip: '8.8.8.10', matches: true },
+      { ip: '8.8.8.11', matches: false },
+    ],
+  },
+  {
+    cidr: '1.1.1.1', // one ip
+    tests: [
+      { ip: '8.8.8.7', matches: false },
+      { ip: '1.1.1.1', matches: true },
+    ],
+  },
+];
+
+describe('ipDetector methods', () => {
+  it('have description fields', async () => {
+    expect.assertions(1);
+    const middleware = new IpDetector(global.server.app);
+    expect(middleware.constructor.description).toBeDefined();
+  });
+
+  it('middleware that works', async () => {
+    expect.hasAssertions();
+    const nextFunction = () => {};
+    for (const vector of testVectors) {
+      global.server.app.updateConfig('ipDetector', {
+        trustedProxy: [vector.cidr],
+      });
+      const middleware = new IpDetector(global.server.app);
+      for (const test of vector.tests) {
+        const req = {
+          appInfo: {},
+          headers: { 'x-forwarded-for': 'notAnIP' },
+          socket: { remoteAddress: test.ip },
+        };
+        // eslint-disable-next-line no-await-in-loop
+        await middleware.middleware(req, {}, nextFunction);
+        const result = req.appInfo.ip === 'notAnIP';
+        expect(result).toBe(test.matches);
+      }
+    }
+  });
+});

package/services/http/middleware/Pagination.js

@@ -1,5 +1,5 @@
-const yup = require('yup');
-const AbstractMiddleware = require('./AbstractMiddleware');
+import yup from 'yup';
+import AbstractMiddleware from './AbstractMiddleware.js';
 /**
  * Middleware for reusing pagination
  */
@@ -53,4 +53,4 @@ class Pagination extends AbstractMiddleware {
   }
 }
 
-module.exports = Pagination;
+export default Pagination;

package/services/http/middleware/PrepareAppInfo.js

@@ -1,4 +1,4 @@
-const AbstractMiddleware = require('./AbstractMiddleware');
+import AbstractMiddleware from './AbstractMiddleware.js';
 
 class PrepareAppInfo extends AbstractMiddleware {
   static get description() {
@@ -15,4 +15,4 @@ class PrepareAppInfo extends AbstractMiddleware {
   }
 }
 
-module.exports = PrepareAppInfo;
+export default PrepareAppInfo;

package/services/http/middleware/PrepareAppInfo.test.js

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import PrepareAppInfo from './PrepareAppInfo';
+import PrepareAppInfo from './PrepareAppInfo.js';
 
 describe('prepareAppInfo methods', () => {
   it('have description fields', async () => {

package/services/http/middleware/RateLimiter.js

@@ -1,13 +1,12 @@
-const {
+import {
   RateLimiterMemory,
   RateLimiterRedis,
   RateLimiterMongo,
-} = require('rate-limiter-flexible');
-const merge = require('deepmerge');
-const redis = require('redis');
-const mongoose = require('mongoose');
-
-const AbstractMiddleware = require('./AbstractMiddleware');
+} from 'rate-limiter-flexible';
+import merge from 'deepmerge';
+import redis from 'redis';
+import mongoose from 'mongoose';
+import AbstractMiddleware from './AbstractMiddleware.js';
 
 class RateLimiter extends AbstractMiddleware {
   static get description() {
@@ -79,7 +78,13 @@ class RateLimiter extends AbstractMiddleware {
 
     const key = [];
     if (ip) {
-      key.push(req.ip);
+      if (!req.appInfo.ip) {
+        this.logger.error(
+          `RateLimiter: Can't get remote address from request. Please check that you used IpDetecor middleware before RateLimiter`,
+        );
+      } else {
+        key.push(req.appInfo.ip);
+      }
     }
     if (route) {
       key.push(req.originalUrl);
@@ -126,4 +131,4 @@ class RateLimiter extends AbstractMiddleware {
   }
 }
 
-module.exports = RateLimiter;
+export default RateLimiter;

package/services/http/middleware/RateLimiter.test.js

@@ -2,7 +2,7 @@ import { setTimeout } from 'node:timers/promises';
 import crypto from 'node:crypto';
 import { beforeAll, afterAll, describe, it, expect } from 'vitest';
 
-import RateLimiter from './RateLimiter';
+import RateLimiter from './RateLimiter.js';
 
 let mongoRateLimiter;
 
@@ -58,8 +58,8 @@ describe('rate limiter methods', () => {
     });
 
     const res = await redisRateLimiter.gerenateConsumeKey({
-      ip: '192.168.0.0',
       appInfo: {
+        ip: '192.168.0.0',
         user: {
           id: 'someId',
         },
@@ -80,7 +80,9 @@ describe('rate limiter methods', () => {
     });
 
     const res = await redisRateLimiter.gerenateConsumeKey({
-      ip: '192.168.0.0',
+      appInfo: {
+        ip: '192.168.0.0',
+      },
       body: {
         email: 'foo@example.com',
       },

package/services/http/middleware/RequestLogger.js

@@ -1,4 +1,4 @@
-const AbstractMiddleware = require('./AbstractMiddleware');
+import AbstractMiddleware from './AbstractMiddleware.js';
 
 class RequestLogger extends AbstractMiddleware {
   static get description() {
@@ -19,4 +19,4 @@ class RequestLogger extends AbstractMiddleware {
   }
 }
 
-module.exports = RequestLogger;
+export default RequestLogger;

package/services/http/middleware/RequestParser.js

@@ -1,6 +1,5 @@
-const formidable = require('formidable').default;
-
-const AbstractMiddleware = require('./AbstractMiddleware');
+import formidable from 'formidable';
+import AbstractMiddleware from './AbstractMiddleware.js';
 
 class RequestParser extends AbstractMiddleware {
   static get description() {
@@ -19,7 +18,10 @@ class RequestParser extends AbstractMiddleware {
       [fields, files] = await form.parse(req);
     } catch (err) {
       this.logger.error(`Parsing failed ${err}`);
-      return next(err);
+      return res.status(400).json({
+        message: `Error to parse your request. You provided invalid content type or content-length. Please check your request headers and content type.`,
+      });
+      // return next(err);
     }
     this.logger.verbose(
       `Parsing multipart/formdata request DONE ${Date.now() - time}ms`,
@@ -35,4 +37,4 @@ class RequestParser extends AbstractMiddleware {
   }
 }
 
-module.exports = RequestParser;
+export default RequestParser;

package/services/http/middleware/RequestParser.test.js

@@ -1,10 +1,8 @@
 import { createServer } from 'node:http';
 import { describe, it, expect } from 'vitest';
+import { PersistentFile } from 'formidable';
 
-import RequestParser from './RequestParser';
-
-// TODO change on ESM
-const formidable = require('formidable');
+import RequestParser from './RequestParser.js';
 
 describe('reqest parser limiter methods', () => {
   it('have description fields', async () => {
@@ -26,7 +24,7 @@ describe('reqest parser limiter methods', () => {
           expect(req.body.title).toBeDefined();
           expect(req.body.multipleFiles).toBeDefined();
           expect(
-            req.body.multipleFiles[0] instanceof formidable.PersistentFile,
+            req.body.multipleFiles[0] instanceof PersistentFile,
           ).toBeTruthy();
 
           res.writeHead(200);
@@ -81,12 +79,21 @@ d\r
       const server = createServer(async (req, res) => {
         req.appInfo = {};
         const middleware = new RequestParser(global.server.app);
-        middleware.middleware(req, {}, (err) => {
-          expect(err).toBeDefined();
+        let status;
 
-          res.writeHead(200);
-          res.end('ok');
-        });
+        const resp = {
+          status: (code) => {
+            status = code;
+            return resp;
+          },
+          json: () => resp,
+        };
+        await middleware.middleware(req, resp, () => {});
+        expect(status).toBe(400);
+        // expect(err).toBeDefined();
+
+        res.writeHead(200);
+        res.end('ok');
       });
       server.listen(null, async () => {
         const chosenPort = server.address().port;

package/services/http/middleware/Role.js

@@ -1,4 +1,4 @@
-const AbstractMiddleware = require('./AbstractMiddleware');
+import AbstractMiddleware from './AbstractMiddleware.js';
 
 class RoleMiddleware extends AbstractMiddleware {
   static get description() {
@@ -26,4 +26,4 @@ class RoleMiddleware extends AbstractMiddleware {
   }
 }
 
-module.exports = RoleMiddleware;
+export default RoleMiddleware;

package/services/http/middleware/Role.test.js

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import Role from './Role';
+import Role from './Role.js';
 
 describe('role middleware methods', () => {
   it('have description fields', async () => {

package/services/messaging/email/index.js

@@ -1,19 +1,20 @@
-const fs = require('node:fs');
-const path = require('node:path');
-const { promisify } = require('node:util');
-const nodemailer = require('nodemailer');
-const sendMail = require('nodemailer-sendmail-transport');
-const stub = require('nodemailer-stub-transport');
-const pug = require('pug');
-const juice = require('juice');
-const { convert } = require('html-to-text');
+import fs from 'node:fs';
+import path from 'node:path';
+import * as url from 'node:url';
+import { promisify } from 'node:util';
+import nodemailer from 'nodemailer';
+import sendMail from 'nodemailer-sendmail-transport';
+import stub from 'nodemailer-stub-transport';
+import pug from 'pug';
+import juice from 'juice';
+import { convert } from 'html-to-text';
+import Base from '../../../modules/Base.js';
 
 const mailTransports = {
   sendMail,
   stub,
   smtp: (data) => data,
 };
-const Base = require('../../../modules/Base');
 
 class Mail extends Base {
   /**
@@ -25,6 +26,7 @@ class Mail extends Base {
    */
   constructor(app, template, templateData = {}, i18n = null) {
     super(app);
+    const dirname = url.fileURLToPath(new URL('.', import.meta.url));
     if (!path.isAbsolute(template)) {
       if (
         fs.existsSync(
@@ -35,11 +37,16 @@ class Mail extends Base {
           template,
         )}`;
       } else if (
-        fs.existsSync(`${__dirname}/templates/${path.basename(template)}`)
+        fs.existsSync(
+          path.join(dirname, `/templates/${path.basename(template)}`),
+        )
       ) {
-        this.template = `${__dirname}/templates/${path.basename(template)}`;
+        this.template = path.join(
+          dirname,
+          `/templates/${path.basename(template)}`,
+        );
       } else {
-        this.template = `${__dirname}/templates/emptyTemplate`;
+        this.template = path.join(dirname, `/templates/emptyTemplate`);
         this.logger.error(
           `Template '${template}' not found. Using 'emptyTemplate' as a fallback`,
         );
@@ -59,7 +66,8 @@ class Mail extends Base {
    * @param {object} templateData
    * @returns string
    */
-  static async #renderTemplateFile({ type, fullPath } = {}, templateData = {}) {
+  // eslint-disable-next-line class-methods-use-this
+  async #renderTemplateFile({ type, fullPath } = {}, templateData = {}) {
     if (!type) {
       return null;
     }
@@ -109,19 +117,10 @@ class Mail extends Base {
 
     const [htmlRendered, subjectRendered, textRendered, extraCss] =
       await Promise.all([
-        this.constructor.#renderTemplateFile(
-          templates.html,
-          templateDataToRender,
-        ),
-        this.constructor.#renderTemplateFile(
-          templates.subject,
-          templateDataToRender,
-        ),
-        this.constructor.#renderTemplateFile(
-          templates.text,
-          templateDataToRender,
-        ),
-        this.constructor.#renderTemplateFile(templates.style),
+        this.#renderTemplateFile(templates.html, templateDataToRender),
+        this.#renderTemplateFile(templates.subject, templateDataToRender),
+        this.#renderTemplateFile(templates.text, templateDataToRender),
+        this.#renderTemplateFile(templates.style),
       ]);
 
     juice.tableElements = ['TABLE'];
@@ -164,7 +163,7 @@ class Mail extends Base {
 
   /**
    * Send provided text (html) to email. Low level function. All data should be prepared before sending (like inline styles)
-   * @param {objetc} app application
+   * @param {import('../../../server.js').default['app']} app application
    * @param {string} to send to
    * @param {string} subject email topic
    * @param {string} html hmlt body of emain
@@ -215,4 +214,4 @@ class Mail extends Base {
   }
 }
 
-module.exports = Mail;
+export default Mail;

package/services/messaging/index.js

@@ -1,5 +1,3 @@
-const email = require('./email');
+import email from './email/index.js';
 
-module.exports = {
-  email,
-};
+export { email };

package/services/validate/ValidateService.js

@@ -1,7 +1,7 @@
-const yup = require('yup');
-const YupValidator = require('./drivers/YupValidator');
-const CustomValidator = require('./drivers/CustomValidator');
-const Base = require('../../modules/Base');
+import yup from 'yup';
+import YupValidator from './drivers/YupValidator.js';
+import CustomValidator from './drivers/CustomValidator.js';
+import Base from '../../modules/Base.js';
 
 class ValidateService extends Base {
   constructor(app, validator) {
@@ -154,4 +154,4 @@ class ValidateService extends Base {
   }
 }
 
-module.exports = ValidateService;
+export default ValidateService;

package/services/validate/ValidateService.test.js

@@ -1,9 +1,9 @@
 import { describe, it, expect } from 'vitest';
 
-const yup = require('yup');
-const ValidateService = require('./ValidateService');
-const YupValidator = require('./drivers/YupValidator');
-const CustomValidator = require('./drivers/CustomValidator');
+import yup from 'yup';
+import ValidateService from './ValidateService.js';
+import YupValidator from './drivers/YupValidator.js';
+import CustomValidator from './drivers/CustomValidator.js';
 
 describe('validate service', () => {
   describe('validateSchema funtion', () => {

package/services/validate/drivers/AbstractValidator.js

@@ -1,4 +1,4 @@
-const Base = require('../../../modules/Base');
+import Base from '../../../modules/Base.js';
 
 class AbstractValidator extends Base {
   constructor(app, body) {
@@ -34,4 +34,4 @@ class AbstractValidator extends Base {
     return 'AbstractValidator_';
   }
 }
-module.exports = AbstractValidator;
+export default AbstractValidator;

package/services/validate/drivers/CustomValidator.js

@@ -1,6 +1,5 @@
-const yup = require('yup');
-
-const AbstractValidator = require('./AbstractValidator');
+import yup from 'yup';
+import AbstractValidator from './AbstractValidator.js';
 
 class CustomValidator extends AbstractValidator {
   async validateFields(data, { query, body, appInfo }) {
@@ -49,4 +48,4 @@ class CustomValidator extends AbstractValidator {
   }
 }
 
-module.exports = CustomValidator;
+export default CustomValidator;

package/services/validate/drivers/YupValidator.js

@@ -1,5 +1,5 @@
-const yup = require('yup');
-const AbstractValidator = require('./AbstractValidator');
+import yup from 'yup';
+import AbstractValidator from './AbstractValidator.js';
 
 class YupValidator extends AbstractValidator {
   get fieldsInJsonFormat() {
@@ -100,4 +100,4 @@ class YupValidator extends AbstractValidator {
     return 'YupValidator_';
   }
 }
-module.exports = YupValidator;
+export default YupValidator;

package/tests/globalSetupVitest.js

@@ -1,4 +1,4 @@
-const { MongoMemoryReplSet } = require('mongodb-memory-server');
+import { MongoMemoryReplSet } from 'mongodb-memory-server';
 
 let isTeardown = false;
 let mongoMemoryServerInstance;

package/tests/setup.js

@@ -1,17 +1,17 @@
 /* eslint-disable no-undef */
-const path = require('node:path');
-const { MongoMemoryReplSet } = require('mongodb-memory-server');
-const mongoose = require('mongoose');
+import path from 'node:path';
+import { randomBytes } from 'node:crypto';
+import { MongoMemoryReplSet } from 'mongodb-memory-server';
+import mongoose from 'mongoose';
+import redis from 'redis';
+import Server from '../server.js';
+
+import clearRedisNamespace from '../helpers/redis/clearNamespace.js';
 
 mongoose.set('autoIndex', false);
 
 let mongoMemoryServerInstance;
 
-const redis = require('redis');
-const Server = require('../server');
-
-const clearRedisNamespace = require('../helpers/redis/clearNamespace');
-
 jest.setTimeout(1000000);
 beforeAll(async () => {
   mongoMemoryServerInstance = await MongoMemoryReplSet.create({
@@ -20,6 +20,8 @@ beforeAll(async () => {
   });
   await mongoMemoryServerInstance.waitUntilRunning();
   process.env.LOGGER_CONSOLE_LEVEL = 'error';
+  process.env.AUTH_SALT = randomBytes(16).toString('hex');
+
   const connectionStringMongo = await mongoMemoryServerInstance.getUri();
   // console.info('MONGO_URI: ', connectionStringMongo);
   global.server = new Server({
@@ -28,7 +30,6 @@ beforeAll(async () => {
       controllers:
         process.env.TEST_FOLDER_CONTROLLERS || path.resolve('./controllers'),
       views: process.env.TEST_FOLDER_VIEWS || path.resolve('./views'),
-      public: process.env.TEST_FOLDER_PUBLIC || path.resolve('./public'),
       models: process.env.TEST_FOLDER_MODELS || path.resolve('./models'),
       emails:
         process.env.TEST_FOLDER_EMAIL ||