@adaptivestone/framework 5.0.0-alpha.1 → 5.0.0-alpha.11

package/CHANGELOG.md

@@ -1,3 +1,53 @@
+### 5.0.0-alpha.11
+
+[UPDATE] update deps
+
+### 5.0.0-alpha.10
+
+[UPDATE] update deps
+[NEW] IpDetector middleware that support detecting proxy and X-Forwarded-For header
+[BREAKING] RateLimiter now need to have IpDetector middleware before
+
+### 5.0.0-alpha.9
+
+[UPDATE] update deps
+[BREAKING] removing staticFiles middleware as it not used in projects anymore. Docs with nginx config will be provided
+[BREAKING] remove default AUTH_SALT. It should be provided on a app level now
+[BREAKING] Vitest 2.0.0 https://vitest.dev/guide/migration.html#migrating-to-vitest-2-0
+
+### 5.0.0-alpha.8
+
+[UPDATE] replace dotenv with loadEnvFile
+[UPDATE] replace nodemon with node --watch (dev only)
+[BREAKING] Minimum node version is 20.12 as for now (process.loadEnvFile)
+
+### 5.0.0-alpha.7
+
+[UPDATE] deps update
+
+### 5.0.0-alpha.6
+
+[UPDATE] Update internal documentation (jsdoc, d.ts)
+
+### 5.0.0-alpha.5
+
+[UPDATE] More verbose errors for rapsing body request.
+[UPDATE] deps update
+
+### 5.0.0-alpha.4
+
+[UPDATE] Update rate-limiter-flexible to v5
+[CHANGE] Cache update redis.setEX to redis.set(..,..,{EX:xx}) as setEX deprecated
+
+### 5.0.0-alpha.3
+
+[UPDATE] deps update
+[FIX] Migration commands apply
+
+### 5.0.0-alpha.2
+
+[UPDATE] deps update
+
 ### 5.0.0-alpha.1
 
 [BREAKING] Vitest 1.0.0 https://vitest.dev/guide/migration.html#migrating-from-vitest-0-34-6

package/commands/CreateUser.js

@@ -60,7 +60,9 @@ class CreateUser extends AbstractCommand {
 
     await user.generateToken();
 
-    this.logger.info(`User was created/updated ${JSON.stringify(user, 0, 4)}`);
+    this.logger.info(
+      `User was created/updated ${JSON.stringify(user, null, 4)}`,
+    );
 
     return user;
   }

package/commands/migration/Migrate.js

@@ -36,7 +36,7 @@ class Migrate extends AbstractCommand {
     for (const migration of migrations) {
       this.logger.info(`=== Start migration ${migration.file} ===`);
       // eslint-disable-next-line no-await-in-loop
-      const MigrationCommand = await import(migration.path);
+      const { default: MigrationCommand } = await import(migration.path);
       const migrationCommand = new MigrationCommand(this.app);
       // eslint-disable-next-line no-await-in-loop
       await migrationCommand.up();

package/config/auth.js

@@ -1,5 +1,6 @@
 export default {
   hashRounds: 64,
-  saltSecret: process.env.AUTH_SALT || 'gdfg45667_%%^trterte',
+  saltSecret:
+    process.env.AUTH_SALT || console.error('AUTH_SALT is not defined'),
   isAuthWithVefificationFlow: true,
 };

package/config/ipDetector.js

@@ -0,0 +1,14 @@
+export default {
+  headers: ['X-Forwarded-For'],
+  trustedProxy: [
+    // list of trusted proxies.
+    '169.254.0.0/16', // linklocal
+    'fe80::/10', // linklocal
+    '127.0.0.1/8', // loopback
+    '::1/128', // loopback
+    '10.0.0.0/8', // uniquelocal
+    '172.16.0.0/12', // uniquelocal
+    '192.168.0.0/16', // uniquelocal
+    'fc00::/7', // uniquelocal
+  ],
+};

package/folderConfig.js

@@ -6,7 +6,6 @@ export default {
     models: path.resolve('./models'),
     controllers: path.resolve('./controllers'),
     views: path.resolve('./views'),
-    public: path.resolve('./public'),
     locales: path.resolve('./locales'),
     emails: path.resolve('./services/messaging/email/templates'),
     commands: path.resolve('./commands'),

package/jsconfig.json

@@ -0,0 +1,9 @@
+{
+  "compilerOptions": {
+    "module": "node16",
+    "target": "ES2022",
+    "moduleResolution": "node16",
+    "checkJs": true
+  },
+  "exclude": ["node_modules"]
+}

package/modules/AbstractCommand.js

@@ -13,10 +13,11 @@ class AbstractCommand extends Base {
 
   /**
    * Entry point to every command. This method should be overridden
-   * @override
+   * @return {Promise<boolean>} resut
    */
   async run() {
     this.logger.error('You should implement run method');
+    return false;
   }
 
   static get loggerGroup() {

package/modules/AbstractController.js

@@ -25,10 +25,12 @@ class AbstractController extends Base {
     const { routes } = this;
     let httpPath = this.getHttpPath();
 
+    // @ts-ignore
     if (this.getExpressPath) {
       this.logger.warn(
         `getExpressPath deprecated. Please use getHttpPath instead. Will be removed on v5`,
       );
+      // @ts-ignore
       httpPath = this.getExpressPath();
     }
 
@@ -58,6 +60,7 @@ class AbstractController extends Base {
       httpPath,
     );
     const middlewaresInfo = this.parseMiddlewares(
+      // @ts-ignore
       this.constructor.middleware,
       httpPath,
     );
@@ -370,6 +373,7 @@ class AbstractController extends Base {
    * You should provide path relative to controller and then array of middlewares to apply.
    * Order is matter.
    * Be default path apply to ANY' method, but you can preattach 'METHOD' into patch to scope patch to this METHOD
+   * @returns {Map<string, Array<AbstractMiddleware | [Function, ...any]>>}
    * @example
    * return new Map([
    *    ['/*', [GetUserByToken]] // for any method for this controller

package/modules/AbstractModel.js

@@ -3,12 +3,12 @@ import Base from './Base.js';
 
 class AbstractModel extends Base {
   /**
-   * @param {import('../server')} app  //TODO change to *.d.ts as this is a Server, not app
+   * @param {import('../server.js').default['app']} app  //TODO change to *.d.ts as this is a Server, not app
    * @param function callback optional callback when connection ready
    */
   constructor(app, callback = () => {}) {
     super(app);
-    this.mongooseSchema = mongoose.Schema(this.modelSchema);
+    this.mongooseSchema = new mongoose.Schema(this.modelSchema);
     mongoose.set('strictQuery', true);
     this.mongooseSchema.set('timestamps', true);
     this.mongooseSchema.set('minimize', false);
@@ -22,6 +22,9 @@ class AbstractModel extends Base {
     );
     if (!mongoose.connection.readyState) {
       this.app.events.on('shutdown', async () => {
+        this.logger.verbose(
+          'Shutdown was called. Closing all mongoose connections',
+        );
         for (const c of mongoose.connections) {
           c.close(true);
         }

package/modules/Base.d.ts

@@ -1,5 +1,6 @@
 import winston from 'winston';
-import Server from '../server';
+import Server from '../server.js';
+import type { Dirent } from 'fs';
 
 declare class Base {
   app: Server['app'];
@@ -26,11 +27,11 @@ declare class Base {
   getFilesPathWithInheritance(
     internalFolder: string,
     externalFolder: string,
-  ): Promise<string[]>;
+  ): Promise<Dirent[]>;
 
   /**
    * Return logger group. Just to have all logs groupped logically
    */
   static get loggerGroup(): string;
 }
-export = Base;
+export default Base;

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@adaptivestone/framework",
-  "version": "5.0.0-alpha.1",
+  "version": "5.0.0-alpha.11",
   "description": "Adaptive stone node js framework",
   "main": "index.js",
   "type": "module",
   "engines": {
-    "node": ">=18.17.0"
+    "node": ">=20.12.0"
   },
   "repository": {
     "type": "git",
@@ -13,14 +13,15 @@
   },
   "homepage": "https://framework.adaptivestone.com/",
   "scripts": {
-    "dev": "nodemon ./index.js",
-    "prod": "nodemon ./cluster.js",
+    "dev": "node --watch ./index.js",
+    "prod": "node --watch ./cluster.js",
     "test": "vitest run",
+    "t": "vitest --coverage=false --reporter=default",
     "prettier": "prettier --check '**/*.(js|jsx|ts|tsx|json|css|scss|md)'",
     "lint": "eslint '**/*.js'",
     "lint:fix": "eslint '**/*.js' --fix",
     "codestyle": "npm run prettier && npm run lint",
-    "prepare": "husky install",
+    "prepare": "husky",
     "cli": "node cliCommand",
     "benchmark": "h2load -n 10000 -c 50 -p 'http/1.1' http://localhost:3300/",
     "benchmark2": "h2load -n 10000 -c 50  https://localhost:3300/",
@@ -30,14 +31,13 @@
   "license": "MIT",
   "dependencies": {
     "deepmerge": "^4.2.2",
-    "dotenv": "^16.0.0",
     "express": "^4.17.1",
     "formidable": "^3.5.1",
     "html-to-text": "^9.0.3",
     "i18next": "^23.2.8",
     "i18next-chained-backend": "^4.0.0",
     "i18next-fs-backend": "^2.0.0",
-    "juice": "^9.0.0",
+    "juice": "^10.0.0",
     "mime": "^4.0.0",
     "minimist": "^1.2.5",
     "mongoose": "^8.0.0",
@@ -45,25 +45,24 @@
     "nodemailer-sendmail-transport": "^1.0.2",
     "nodemailer-stub-transport": "^1.1.0",
     "pug": "^3.0.2",
-    "rate-limiter-flexible": "^3.0.0",
+    "rate-limiter-flexible": "^5.0.0",
     "redis": "^4.3.1",
     "winston": "^3.3.3",
-    "winston-transport-sentry-node": "^2.0.0",
+    "winston-transport-sentry-node": "^3.0.0",
     "yup": "^1.0.0"
   },
   "devDependencies": {
-    "@vitest/coverage-v8": "^1.0.0",
+    "@vitest/coverage-v8": "^2.0.0",
     "eslint": "^8.0.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.0",
-    "eslint-plugin-vitest": "^0.3.1",
-    "husky": "^8.0.0",
+    "eslint-plugin-vitest": "^0.4.0",
+    "husky": "^9.0.0",
     "lint-staged": "^15.0.0",
-    "mongodb-memory-server": "^9.0.0",
-    "nodemon": "^3.0.1",
+    "mongodb-memory-server": "^10.0.0",
     "prettier": "^3.0.0",
-    "vitest": "^1.0.0"
+    "vitest": "^2.0.0"
   },
   "lint-staged": {
     "**/*.{js,jsx,ts,tsx,json,css,scss,md}": [

package/server.d.ts

@@ -9,6 +9,8 @@ import BaseCli from './modules/BaseCli';
 import Cache from './services/cache/Cache';
 import winston from 'winston';
 
+import HttpServer from './services/http/HttpServer.js';
+
 type ServerConfig = {
   folders: ExpandDeep<TFolderConfig>;
 };
@@ -24,7 +26,7 @@ declare class Server {
     events: EventEmitter;
     get cache(): Server['cacheService'];
     get logger(): winston.Logger;
-    httpServer: null;
+    httpServer: HttpServer | null;
     controllerManager: null;
   };
   cacheService: Cache;
@@ -33,7 +35,7 @@ declare class Server {
     configs: Map<string, {}>;
     models: Map<string, MongooseModel<any>>;
   };
-  cli: boolean;
+  cli: null | BaseCli;
 
   /**
    *  Construct new server
@@ -68,7 +70,7 @@ declare class Server {
    * @see updateConfig
    * @TODO generate that based on real data
    */
-  getConfig(configName: string): {};
+  getConfig(configName: string): { [key: string]: any };
 
   /**
    * Return or create new logger instance. This is a main logger instance
@@ -79,7 +81,7 @@ declare class Server {
    * Primary designed for tests when we need to update some configs before start testing
    * Should be called before any initialization was done
    */
-  updateConfig(configName: string, config: {}): {};
+  updateConfig(configName: string, config: {}): { [key: string]: any };
 
   /**
    * Return model from {modelName} (file name) on model folder.
@@ -93,4 +95,4 @@ declare class Server {
   runCliCommand(commandName: string, args: {}): Promise<BaseCli['run']>;
 }
 
-export = Server;
+export default Server;

package/server.js

@@ -1,16 +1,21 @@
 /* eslint-disable no-console */
 import EventEmitter from 'node:events';
-import { hrtime } from 'node:process';
+import { hrtime, loadEnvFile } from 'node:process';
 import * as url from 'node:url';
 import path from 'node:path';
 
-import 'dotenv/config';
 import merge from 'deepmerge';
 import winston from 'winston';
 import { getFilesPathWithInheritance } from './helpers/files.js';
 import { consoleLogger } from './helpers/logger.js';
 import Cache from './services/cache/Cache.js';
 
+try {
+  loadEnvFile();
+} catch (e) {
+  console.warn('No env file found. This is ok. But please check youself.');
+}
+
 /**
  * Main framework class.
  */
@@ -19,6 +24,8 @@ class Server {
 
   #isInited = false;
 
+  cli = null;
+
   /**
    *  Construct new server
    * @param {Object} config main config object
@@ -27,7 +34,6 @@ class Server {
    * @param {String} config.folders.models path to folder with moidels files
    * @param {String} config.folders.controllers path to folder with controllers files
    * @param {String} config.folders.views path to folder with view files
-   * @param {String} config.folders.public path to folder with public files
    * @param {String} config.folders.locales path to folder with locales files
    * @param {String} config.folders.emails path to folder with emails files
    */
@@ -56,8 +62,6 @@ class Server {
       models: new Map(),
       modelConstructors: new Map(),
     };
-
-    this.cli = false;
   }
 
   /**
@@ -350,7 +354,7 @@ class Server {
    * Return model from {modelName} (file name) on model folder.
    * Support cache
    * @param {String} modelName name on config file to load
-   * @returns {import('mongoose').Model}
+   * @returns {import('mongoose').Model | false| {}}
    */
   getModel(modelName) {
     if (modelName.endsWith('s')) {

package/services/cache/Cache.d.ts

@@ -1,5 +1,5 @@
 import Base from '../../modules/Base';
-import Server from '../../server';
+import Server from '../../server.js';
 
 declare class Cache extends Base {
   app: Server['app'];
@@ -32,4 +32,4 @@ declare class Cache extends Base {
   removeKey(key: string): Promise<number>;
 }
 
-export = Cache;
+export default Cache;

package/services/cache/Cache.js

@@ -69,12 +69,14 @@ class Cache extends Base {
         return Promise.reject(e);
       }
 
-      this.redisClient.setEx(
+      this.redisClient.set(
         key,
-        storeTime,
         JSON.stringify(result, (jsonkey, value) =>
           typeof value === 'bigint' ? `${value}n` : value,
         ),
+        {
+          EX: storeTime,
+        },
       );
     } else {
       this.logger.verbose(

package/services/http/HttpServer.js

@@ -6,7 +6,7 @@ import RequestLoggerMiddleware from './middleware/RequestLogger.js';
 import I18nMiddleware from './middleware/I18n.js';
 import PrepareAppInfoMiddleware from './middleware/PrepareAppInfo.js';
 import RequestParserMiddleware from './middleware/RequestParser.js';
-import StaticFilesMiddleware from './middleware/StaticFiles.js';
+import IpDetector from './middleware/IpDetector.js';
 import Cors from './middleware/Cors.js';
 import Base from '../../modules/Base.js';
 
@@ -26,6 +26,7 @@ class HttpServer extends Base {
     this.express.set('view engine', 'pug');
 
     this.express.use(new PrepareAppInfoMiddleware(this.app).getMiddleware());
+    this.express.use(new IpDetector(this.app).getMiddleware());
     this.express.use(new RequestLoggerMiddleware(this.app).getMiddleware());
     this.express.use(new I18nMiddleware(this.app).getMiddleware());
 
@@ -35,15 +36,6 @@ class HttpServer extends Base {
         origins: httpConfig.corsDomains,
       }).getMiddleware(),
     );
-    // todo whitelist
-    this.express.use(
-      new StaticFilesMiddleware(this.app, {
-        folders: [
-          this.app.foldersConfig.public,
-          path.join(dirname, '../../public/files'),
-        ],
-      }).getMiddleware(),
-    );
 
     this.express.use(new RequestParserMiddleware(this.app).getMiddleware());
 
@@ -57,7 +49,7 @@ class HttpServer extends Base {
       res.status(500).json({ message: 'Something broke!' });
     });
 
-    this.httpServer = http.Server(this.express);
+    this.httpServer = http.createServer(this.express);
 
     const listener = this.httpServer.listen(
       httpConfig.port,

package/services/http/middleware/GetUserByToken.js

@@ -11,7 +11,7 @@ class GetUserByToken extends AbstractMiddleware {
         name: 'Authorization',
         type: 'apiKey',
         in: 'header',
-        description: this?.description,
+        description: this.constructor.description,
       },
     ];
   }

package/services/http/middleware/IpDetector.js

@@ -0,0 +1,59 @@
+import { BlockList } from 'node:net';
+
+import AbstractMiddleware from './AbstractMiddleware.js';
+
+class IpDetector extends AbstractMiddleware {
+  static get description() {
+    return 'Detect real user IP address. Support proxy and load balancer';
+  }
+
+  constructor(app, params) {
+    super(app, params);
+    const { trustedProxy } = this.app.getConfig('ipDetector');
+
+    this.blockList = new BlockList();
+
+    for (const subnet of trustedProxy) {
+      const addressType = subnet.includes(':') ? 'ipv6' : 'ipv4';
+      if (subnet.includes('/')) {
+        // CIDR
+        const [realSubnet, prefixLength] = subnet.split('/');
+        this.blockList.addSubnet(
+          realSubnet,
+          parseInt(prefixLength, 10),
+          addressType,
+        );
+      } else if (subnet.includes('-')) {
+        // RANGE
+        const [start, end] = subnet.split('-');
+        this.blockList.addRange(start, end, addressType);
+      } else {
+        // just an address
+        this.blockList.addAddress(subnet, addressType);
+      }
+    }
+  }
+
+  async middleware(req, res, next) {
+    const { headers } = this.app.getConfig('ipDetector');
+    const initialIp = req.socket.remoteAddress;
+    req.appInfo.ip = initialIp;
+    const addressType = initialIp.includes(':') ? 'ipv6' : 'ipv4';
+
+    if (this.blockList.check(initialIp, addressType)) {
+      // we can trust this source
+      for (const header of headers) {
+        // in a range
+        const ipHeader = req.headers[header.toLowerCase()];
+        if (ipHeader) {
+          const [firstIp] = ipHeader.split(',').map((ip) => ip.trim());
+          req.appInfo.ip = firstIp;
+          break;
+        }
+      }
+    }
+    next();
+  }
+}
+
+export default IpDetector;

package/services/http/middleware/RateLimiter.js

@@ -78,7 +78,13 @@ class RateLimiter extends AbstractMiddleware {
 
     const key = [];
     if (ip) {
-      key.push(req.ip);
+      if (!req.appInfo.ip) {
+        this.logger.error(
+          `RateLimiter: Can't get remote address from request. Please check that you used IpDetecor middleware before RateLimiter`,
+        );
+      } else {
+        key.push(req.appInfo.ip);
+      }
     }
     if (route) {
       key.push(req.originalUrl);

package/services/http/middleware/RequestParser.js

@@ -18,7 +18,10 @@ class RequestParser extends AbstractMiddleware {
       [fields, files] = await form.parse(req);
     } catch (err) {
       this.logger.error(`Parsing failed ${err}`);
-      return next(err);
+      return res.status(400).json({
+        message: `Error to parse your request. You provided invalid content type or content-length. Please check your request headers and content type.`,
+      });
+      // return next(err);
     }
     this.logger.verbose(
       `Parsing multipart/formdata request DONE ${Date.now() - time}ms`,

package/services/messaging/email/index.js

@@ -66,7 +66,8 @@ class Mail extends Base {
    * @param {object} templateData
    * @returns string
    */
-  static async #renderTemplateFile({ type, fullPath } = {}, templateData = {}) {
+  // eslint-disable-next-line class-methods-use-this
+  async #renderTemplateFile({ type, fullPath } = {}, templateData = {}) {
     if (!type) {
       return null;
     }
@@ -116,19 +117,10 @@ class Mail extends Base {
 
     const [htmlRendered, subjectRendered, textRendered, extraCss] =
       await Promise.all([
-        this.constructor.#renderTemplateFile(
-          templates.html,
-          templateDataToRender,
-        ),
-        this.constructor.#renderTemplateFile(
-          templates.subject,
-          templateDataToRender,
-        ),
-        this.constructor.#renderTemplateFile(
-          templates.text,
-          templateDataToRender,
-        ),
-        this.constructor.#renderTemplateFile(templates.style),
+        this.#renderTemplateFile(templates.html, templateDataToRender),
+        this.#renderTemplateFile(templates.subject, templateDataToRender),
+        this.#renderTemplateFile(templates.text, templateDataToRender),
+        this.#renderTemplateFile(templates.style),
       ]);
 
     juice.tableElements = ['TABLE'];
@@ -171,7 +163,7 @@ class Mail extends Base {
 
   /**
    * Send provided text (html) to email. Low level function. All data should be prepared before sending (like inline styles)
-   * @param {objetc} app application
+   * @param {import('../../../server.js').default['app']} app application
    * @param {string} to send to
    * @param {string} subject email topic
    * @param {string} html hmlt body of emain

package/tests/setup.js

@@ -1,5 +1,6 @@
 /* eslint-disable no-undef */
 import path from 'node:path';
+import { randomBytes } from 'node:crypto';
 import { MongoMemoryReplSet } from 'mongodb-memory-server';
 import mongoose from 'mongoose';
 import redis from 'redis';
@@ -19,6 +20,8 @@ beforeAll(async () => {
   });
   await mongoMemoryServerInstance.waitUntilRunning();
   process.env.LOGGER_CONSOLE_LEVEL = 'error';
+  process.env.AUTH_SALT = randomBytes(16).toString('hex');
+
   const connectionStringMongo = await mongoMemoryServerInstance.getUri();
   // console.info('MONGO_URI: ', connectionStringMongo);
   global.server = new Server({
@@ -27,7 +30,6 @@ beforeAll(async () => {
       controllers:
         process.env.TEST_FOLDER_CONTROLLERS || path.resolve('./controllers'),
       views: process.env.TEST_FOLDER_VIEWS || path.resolve('./views'),
-      public: process.env.TEST_FOLDER_PUBLIC || path.resolve('./public'),
       models: process.env.TEST_FOLDER_MODELS || path.resolve('./models'),
       emails:
         process.env.TEST_FOLDER_EMAIL ||

package/tests/setupVitest.js

@@ -12,13 +12,13 @@ mongoose.set('autoIndex', false);
 
 beforeAll(async () => {
   process.env.LOGGER_CONSOLE_LEVEL = 'error';
+  process.env.AUTH_SALT = crypto.randomBytes(16).toString('hex');
   global.server = new Server({
     folders: {
       config: process.env.TEST_FOLDER_CONFIG || path.resolve('./config'),
       controllers:
         process.env.TEST_FOLDER_CONTROLLERS || path.resolve('./controllers'),
       views: process.env.TEST_FOLDER_VIEWS || path.resolve('./views'),
-      public: process.env.TEST_FOLDER_PUBLIC || path.resolve('./public'),
       models: process.env.TEST_FOLDER_MODELS || path.resolve('./models'),
       emails:
         process.env.TEST_FOLDER_EMAIL ||