@aloma.io/integration-sdk 3.0.0-4

package/src/internal/index.cjs

@@ -0,0 +1,547 @@
+// @ts-nocheck
+require('dotenv').config();
+const fs = require('fs');
+const {Config} = require('./websocket/config.cjs');
+const {Connection} = require('./websocket/connection/index.cjs');
+const {Transport} = require('./websocket/transport/index.cjs');
+const {Dispatcher} = require('./dispatcher/index.cjs');
+const {WebsocketConnector} = require('./websocket/index.cjs');
+const JWE = require('./util/jwe/index.cjs');
+const fetch = require('node-fetch');
+const cuid = require('@paralleldrive/cuid2').init({length: 32});
+
+// TODO fetch with retry
+
+const handlePacketError = (packet, e, transport) => {
+  if (!packet.cb()) {
+    console.dir({msg: 'packet error', e, packet}, {depth: null});
+    return;
+  }
+
+  transport.send(transport.newPacket({c: packet.cb(), a: {error: '' + e}}));
+};
+
+const reply = (arg, packet, transport) => {
+  if (!packet.cb()) {
+    console.dir({msg: 'cannot reply to packet without cb', arg, packet}, {depth: null});
+    return;
+  }
+
+  transport.send(transport.newPacket({c: packet.cb(), a: {...arg}}));
+};
+
+const unwrap = async (ret, options) => {
+  if (options?.text) return await ret.text();
+  if (options?.base64) return (await ret.buffer()).toString('base64');
+
+  return await ret.json();
+};
+
+class Fetcher {
+  constructor({retry = 5, baseUrl}) {
+    this.retry = retry;
+    this.baseUrl = baseUrl;
+  }
+
+  async customize(options, args = {}) {}
+
+  async onError(e, url, options, retries, args) {
+    var local = this;
+
+    return new Promise((resolve, reject) => {
+      setTimeout(async () => {
+        try {
+          resolve(await local.fetch(url, options, retries, args));
+        } catch (e) {
+          reject(e);
+        }
+      }, 500);
+    });
+  }
+
+  async fetch(url, options = {}, retries, args = {}) {
+    var local = this,
+      baseUrl = local.baseUrl;
+
+    if (retries == null) retries = local.retry;
+
+    try {
+      const theURL = `${baseUrl?.endsWith('/') ? baseUrl : baseUrl + '/'}${url}`.replace(/\/\/+/gi, '/');
+
+      await local.customize(options, args);
+
+      const ret = await fetch(theURL, options);
+      const status = await ret.status;
+
+      if (status > 399) {
+        const text = await ret.text();
+        const e = new Error(status + ' ' + text);
+
+        e.status = status;
+        throw e;
+      }
+
+      return unwrap(ret, options);
+    } catch (e) {
+      --retries;
+
+      console.log(e);
+
+      if (retries <= 0) throw e;
+
+      return local.onError(e, url, options, retries, args);
+    }
+  }
+}
+
+class OAuthFetcher extends Fetcher {
+  constructor({oauth, retry = 5, getToken, baseUrl}) {
+    super({retry, baseUrl});
+
+    this.oauth = oauth;
+    this._getToken = getToken;
+  }
+
+  async getToken(force) {
+    var local = this,
+      oauth = local.oauth;
+
+    if (local._getToken) return local._getToken(force);
+
+    if (!force && oauth.accessToken()) return oauth.accessToken();
+
+    const refreshToken = oauth.refreshToken();
+    if (!refreshToken) throw new Error('have no access_token and no refresh_token');
+
+    const ret = await oauth.obtainViaRefreshToken(oauth.refreshToken());
+
+    if (ret.access_token) {
+      oauth.update(ret.access_token, ret.refresh_token);
+
+      return ret.access_token;
+    } else {
+      throw new Error('could not obtain access token via refresh token');
+    }
+  }
+
+  async onError(e, url, options, retries, args) {
+    var local = this;
+
+    return new Promise((resolve, reject) => {
+      setTimeout(async () => {
+        try {
+          resolve(await local.fetch(url, options, retries, {forceTokenRefresh: e.status === 401}));
+        } catch (e) {
+          reject(e);
+        }
+      }, 500);
+    });
+  }
+
+  async customize(options, args = {}) {
+    const token = await local.getToken(args.forceTokenRefresh);
+
+    options = {...options};
+    options.headers = {
+      ...options.headers,
+      Authorization: `Bearer ${token}`,
+    };
+  }
+}
+
+class OAuth {
+  constructor(data, saveOAuthResult, getRefreshToken) {
+    var local = this;
+    this._data = data || {};
+    this.saveOAuthResult = saveOAuthResult;
+    this.obtainViaRefreshToken = getRefreshToken;
+  }
+
+  data() {
+    return this._data;
+  }
+
+  accessToken() {
+    return this._data.access_token;
+  }
+
+  refreshToken() {
+    return this._data.refresh_token;
+  }
+
+  async update(accessToken, refreshToken) {
+    this._data.access_token = accessToken;
+
+    if (refreshToken) {
+      this._data.refresh_token = refreshToken;
+    }
+
+    await this.saveOAuthResult(this._data);
+  }
+
+  getClient(arg = {}) {
+    return new OAuthFetcher({...arg, oauth: this});
+  }
+}
+
+class Connector {
+  constructor({version, id, name}) {
+    this.id = id;
+    this.version = version;
+    this.name = name;
+  }
+
+  configure() {
+    return (this.dispatcher = new Dispatcher());
+  }
+
+  async run() {
+    var local = this;
+
+    const makeMetrics = () => {
+      const metrics = require('prom-client');
+
+      const defaultLabels = {
+        service: local.name,
+        connectorId: local.id,
+        connectorVersion: local.version,
+        node: process.env.HOSTNAME || 'test',
+      };
+      metrics.register.setDefaultLabels(defaultLabels);
+      metrics.collectDefaultMetrics();
+
+      return metrics;
+    };
+
+    const makeMetricsServer = (metrics) => {
+      const app = require('express')();
+
+      app.get('/metrics', async (request, response, next) => {
+        response.status(200);
+        response.set('Content-type', metrics.contentType);
+        response.send(await metrics.register.metrics());
+        response.end();
+      });
+
+      return app;
+    };
+
+    makeMetricsServer(makeMetrics()).listen(4050, '0.0.0.0');
+
+    const {processPacket, start, introspect, configSchema} = this.dispatcher.build();
+
+    const config = new Config({
+      id: this.id,
+      version: this.version,
+      name: process.env.HOSTNAME || this.name,
+      registrationToken: process.env.REGISTRATION_TOKEN,
+      endpoint: process.env.DEVICE_ENDPOINT || 'https://connect.aloma.io/',
+      wsEndpoint: process.env.WEBSOCKET_ENDPOINT || 'wss://transport.aloma.io/transport/',
+      privateKey: process.env.PRIVATE_KEY,
+      publicKey: process.env.PUBLIC_KEY,
+      introspect,
+      configSchema,
+    });
+
+    if (Object.keys(configSchema().fields).length) {
+      try {
+        await config.validateKeys();
+      } catch (e) {
+        const haveKey = !!process.env.PRIVATE_KEY;
+        const jwe = new JWE({});
+        var text = 'Please double check the env variables';
+
+        if (!haveKey) {
+          await jwe.newPair();
+          text =
+            'fresh keys generated, set environment variables: \n\nPRIVATE_KEY: ' +
+            (await jwe.exportPrivateAsBase64()) +
+            '\n\nPUBLIC_KEY: ' +
+            (await jwe.exportPublicAsBase64()) +
+            '\n';
+        }
+
+        console.log(`
+Error: 
+
+public (env.PUBLIC_KEY) and private key (env.PRIVATE_KEY) could not be loaded.
+      
+${text}
+        `);
+
+        return;
+      }
+    }
+
+    const server = new WebsocketConnector({
+      config,
+      onConnect: (transport) => {
+        local.dispatcher.onConfig = async function (secrets) {
+          const decrypted = {};
+          const fields = configSchema().fields;
+
+          const keys = Object.keys(secrets);
+          const jwe = await config.validateKeys('RSA-OAEP-256');
+
+          for (var i = 0; i < keys.length; ++i) {
+            const key = keys[i];
+            const value = secrets[key];
+            if (!value) continue;
+
+            if (fields[key]?.plain) {
+              decrypted[key] = value;
+            } else {
+              try {
+                decrypted[key] = await jwe.decrypt(value, config.id());
+              } catch (e) {
+                console.log('failed to decrypt key', key, config.id(), e);
+              }
+            }
+          }
+
+          this.startOAuth = async function (args) {
+            if (!this._oauth) throw new Error('oauth not configured');
+
+            const clientId = this._oauth.clientId || process.env.OAUTH_CLIENT_ID || decrypted.clientId;
+            if (!clientId) throw new Error('clientId not configured');
+
+            const scopes = this._oauth.scope || process.env.OAUTH_SCOPE || decrypted.scope || '';
+            const useCodeChallenge = !!that._oauth.useCodeChallenge;
+
+            return {
+              url: this._oauth.authorizationURL
+                .replace(/\{\{clientId\}\}/gi, encodeURIComponent(clientId))
+                .replace(/\{\{scope\}\}/gi, encodeURIComponent(scopes)),
+              useCodeChallenge,
+            };
+          };
+
+          this.finishOAuth = async function (arg) {
+            var that = this;
+
+            if (!this._oauth) throw new Error('oauth not configured');
+            if (!this._oauth.tokenURL && !this._oauth.finishOAuth) throw new Error('need tokenURL or finishOAuth(arg)');
+
+            var data = null;
+
+            const doFinish = async () => {
+              if (!arg.code || !arg.redirectURI) throw new Error('need code and redirectUri');
+
+              const clientId = that._oauth.clientId || process.env.OAUTH_CLIENT_ID || decrypted.clientId;
+              if (!clientId) throw new Error('clientId not configured');
+
+              const clientSecret =
+                that._oauth.clientSecret || process.env.OAUTH_CLIENT_SECRET || decrypted.clientSecret;
+              if (!clientSecret) throw new Error('clientSecret not configured');
+
+              const additionalTokenArgs = that._oauth.additionalTokenArgs || {};
+              const useAuthHeader = !!that._oauth.useAuthHeader;
+              const useCodeChallenge = !!that._oauth.useCodeChallenge;
+
+              let body = {
+                ...additionalTokenArgs,
+                code: arg.code,
+                redirect_uri: arg.redirectURI,
+              };
+
+              if (useCodeChallenge) {
+                body.code_verifier = arg.codeVerifier;
+              }
+
+              let headers = {
+                'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
+                Accept: 'application/json',
+              };
+
+              if (useAuthHeader) {
+                headers = {
+                  ...headers,
+                  Authorization: `Basic ${btoa(`${clientId}:${clientSecret}`)}`,
+                };
+              } else {
+                body = {
+                  ...body,
+                  client_id: clientId,
+                  client_secret: clientSecret,
+                };
+              }
+
+              const response = await fetch(that._oauth.tokenURL, {
+                method: 'POST',
+                body: new URLSearchParams(body),
+                headers,
+              });
+
+              const status = await response.status;
+              const text = await response.text();
+
+              if (status === 200) {
+                const ret = JSON.parse(text);
+                if (ret.error) {
+                  throw new Error(`${status} ${ret.error} ${ret.error_description || ''}`);
+                } else if (ret.access_token) {
+                  return {...ret};
+                } else {
+                  throw new Error(status + ' response has no access_token - ' + text);
+                }
+              } else {
+                throw new Error(status + ' ' + text);
+              }
+            };
+
+            if (this._oauth.finishOAuth) {
+              data = await this._oauth.finishOAuth({
+                arg,
+                doFinish,
+                transport,
+              });
+            } else {
+              data = await doFinish();
+            }
+
+            const jwe = await config.validateKeys('RSA-OAEP-256');
+
+            return {value: await jwe.encrypt(data, 'none', config.id())};
+          };
+
+          const saveOAuthResult = async (what) => {
+            const jwe = await config.validateKeys('RSA-OAEP-256');
+            const packet = transport.newPacket({});
+
+            packet.method('connector.config-update');
+            packet.args({
+              value: await jwe.encrypt(what, 'none', config.id()),
+            });
+
+            transport.send(packet);
+          };
+
+          const that = this;
+
+          const getRefreshToken = async (refreshToken) => {
+            const clientId = that._oauth.clientId || process.env.OAUTH_CLIENT_ID || decrypted.clientId;
+            if (!clientId) throw new Error('clientId not configured');
+
+            const clientSecret = that._oauth.clientSecret || process.env.OAUTH_CLIENT_SECRET || decrypted.clientSecret;
+            if (!clientSecret) throw new Error('clientSecret not configured');
+
+            const useAuthHeader = !!that._oauth.useAuthHeader;
+
+            let headers = {};
+
+            if (useAuthHeader) {
+              headers = {
+                ...headers,
+                Authorization: `Basic ${btoa(`${clientId}:${clientSecret}`)}`,
+              };
+            }
+
+            const response = await fetch(that._oauth.tokenURL, {
+              method: 'POST',
+              body: new URLSearchParams({
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+                client_id: clientId,
+                client_secret: clientSecret,
+              }),
+              headers: {
+                'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
+                Accept: 'application/json',
+                ...headers,
+              },
+            });
+
+            const status = await response.status;
+            const text = await response.text();
+
+            if (status === 200) {
+              return JSON.parse(text);
+            } else {
+              throw new Error('could not get refresh token ' + status + ' ' + text);
+            }
+          };
+
+          const theOAuth = decrypted.oauthResult
+            ? new OAuth(decrypted.oauthResult, saveOAuthResult, getRefreshToken)
+            : null;
+          start({
+            config: decrypted,
+            oauth: theOAuth,
+            getClient: (arg) => (theOAuth ? theOAuth.getClient(arg) : new Fetcher({...arg})),
+            newTask: (name, data) => {
+              return new Promise((resolve, reject) => {
+                const packet = transport.newPacket(
+                  {},
+                  (ret) => (ret?.error ? reject(ret.error) : resolve(ret)),
+                  `_req-${cuid()}`
+                );
+
+                packet.method('connector.task.new');
+                packet.args({
+                  name,
+                  a: data,
+                });
+
+                transport.send(packet);
+              });
+            },
+            updateTask: (id, data) => {
+              return new Promise((resolve, reject) => {
+                const packet = transport.newPacket(
+                  {},
+                  (ret) => (ret?.error ? reject(ret.error) : resolve(ret)),
+                  `_req-${cuid()}`
+                );
+
+                packet.method('connector.task.update');
+                packet.args({
+                  id,
+                  a: data,
+                });
+
+                transport.send(packet);
+              });
+            },
+          });
+        };
+      },
+      onMessage: async (packet, transport) => {
+        try {
+          const ret = await processPacket(packet);
+          if (ret) reply(ret, packet, transport);
+        } catch (e) {
+          console.log(e);
+          handlePacketError(packet, e, transport);
+        }
+      },
+    });
+
+    const term = async () => {
+      await server.leaving();
+
+      await new Promise((resolve) => {
+        setTimeout(async () => {
+          await server.close();
+          resolve();
+        }, 10000);
+      });
+
+      process.exit(0);
+    };
+
+    process.on('uncaughtException', (e) => {
+      console.log(e);
+    });
+
+    process.on('unhandledRejection', (e) => {
+      console.log(e);
+    });
+
+    process.on('SIGTERM', term);
+    process.on('SIGINT', term);
+
+    await server.start();
+  }
+}
+
+module.exports = {Connector};

package/src/internal/util/jwe/cli.cjs

@@ -0,0 +1,14 @@
+const JWE = require('./index');
+
+const main = async () => {
+  const jwe = new JWE({});
+  await jwe.newPair();
+
+  console.log('private key');
+  console.log(await jwe.exportPrivateAsBase64());
+  console.log('public key');
+  console.log(await jwe.exportPublicAsBase64());
+};
+
+setTimeout(() => null, 100);
+main();

package/src/internal/util/jwe/index.cjs

@@ -0,0 +1,69 @@
+const jose = require('jose');
+
+class JWE {
+  constructor({algorithm = 'PS256'}) {
+    this.issuer = 'home.aloma.io';
+    this.algorithm = algorithm;
+  }
+
+  async newPair() {
+    this.pair = await jose.generateKeyPair(this.algorithm);
+  }
+
+  async exportPair() {
+    return {
+      publicKey: await jose.exportSPKI(this.pair.publicKey),
+      privateKey: await jose.exportPKCS8(this.pair.privateKey),
+    };
+  }
+
+  async exportPrivateAsBase64() {
+    const pair = await this.exportPair();
+
+    return Buffer.from(pair.privateKey).toString('base64');
+  }
+
+  async exportPublicAsBase64() {
+    const pair = await this.exportPair();
+
+    return Buffer.from(pair.publicKey).toString('base64');
+  }
+
+  async importPair({publicKey, privateKey, algorithm}) {
+    this.pair = {
+      publicKey: await jose.importSPKI(publicKey, algorithm),
+      privateKey: await jose.importPKCS8(privateKey, algorithm),
+    };
+  }
+
+  async importBase64Pair({publicKey, privateKey, algorithm}) {
+    this.importPair({
+      publicKey: Buffer.from(publicKey, 'base64').toString(),
+      privateKey: Buffer.from(privateKey, 'base64').toString(),
+      algorithm,
+    });
+  }
+
+  async encrypt(what, expiration = '7d', audience, algorithm = 'RSA-OAEP-256') {
+    const item = new jose.EncryptJWT({_data: {...what}})
+      .setProtectedHeader({alg: algorithm, enc: 'A256GCM'})
+      .setIssuedAt()
+      .setIssuer(this.issuer)
+      .setAudience(audience);
+
+    if (expiration && expiration !== 'none') item.setExpirationTime(expiration);
+
+    return await item.encrypt(this.pair.publicKey);
+  }
+
+  async decrypt(what, audience) {
+    const {payload, protectedHeader} = await jose.jwtDecrypt(what, this.pair.privateKey, {
+      issuer: this.issuer,
+      audience,
+    });
+
+    return payload._data;
+  }
+}
+
+module.exports = JWE;