@app-connect/core 1.7.18 → 1.7.20

package/index.js

@@ -3,8 +3,11 @@ const cors = require('cors')
 const bodyParser = require('body-parser');
 require('body-parser-xml')(bodyParser);
 const dynamoose = require('dynamoose');
+const Sequelize = require('sequelize');
+const { DynamoDB } = require('@aws-sdk/client-dynamodb');
 const axios = require('axios');
 const { UserModel } = require('./models/userModel');
+const { LlmSessionModel } = require('./models/llmSessionModel');
 const { CallDownListModel } = require('./models/callDownListModel');
 const { CallLogModel } = require('./models/callLogModel');
 const { MessageLogModel } = require('./models/messageLogModel');
@@ -29,6 +32,7 @@ const mcpHandler = require('./mcp/mcpHandler');
 const logger = require('./lib/logger');
 const { DebugTracer } = require('./lib/debugTracer');
 const s3ErrorLogReport = require('./lib/s3ErrorLogReport');
+const pluginCore = require('./handlers/plugin');
 const { handleDatabaseError } = require('./lib/errorHandler');
 const { updateAuthSession } = require('./lib/authSession');
 
@@ -42,8 +46,13 @@ catch (e) {
 }
 
 // For using dynamodb in local env
+// AWS SDK v3 requires a region even for local; ddb.local() omits it, so set manually.
 if (process.env.DYNAMODB_LOCALHOST) {
-    dynamoose.aws.ddb.local(process.env.DYNAMODB_LOCALHOST);
+    dynamoose.aws.ddb.set(new DynamoDB({
+        endpoint: process.env.DYNAMODB_LOCALHOST,
+        region: 'local',
+        credentials: { accessKeyId: 'local', secretAccessKey: 'local' },
+    }));
 }
 // log axios requests
 if (process.env.IS_PROD === 'false') {
@@ -58,12 +67,27 @@ async function initDB() {
     if (!process.env.DISABLE_SYNC_DB_TABLE) {
         logger.info('creating db tables if not exist...');
         await UserModel.sync();
+        await LlmSessionModel.sync();
         await CallLogModel.sync();
         await MessageLogModel.sync();
         await AdminConfigModel.sync();
         await CacheModel.sync();
         await CallDownListModel.sync();
         await AccountDataModel.sync();
+
+        // if UserModel doesn't have hashedRcExtensionId column, add it
+        const queryInterface = UserModel.sequelize.getQueryInterface();
+        const userTableName = UserModel.getTableName();
+        const userTableSchema = await queryInterface.describeTable(userTableName);
+        if (!userTableSchema.hashedRcExtensionId) {
+            logger.info('adding hashedRcExtensionId column to users table...');
+            await queryInterface.addColumn(userTableName, 'hashedRcExtensionId', {
+                type: Sequelize.STRING,
+                allowNull: true,
+            });
+            await UserModel.sync();
+            logger.info('hashedRcExtensionId column added to users table');
+        }
     }
 }
 
@@ -756,7 +780,7 @@ function createCoreRouter() {
                     res.status(400).send(tracer ? tracer.wrapResponse('User not found') : 'User not found');
                     return;
                 }
-                const { userSettings } = await userCore.updateUserSettings({ user, userSettings: req.body.userSettings, platformName });
+                const { userSettings } = await userCore.updateUserSettings({ user, userSettings: req.body.userSettings, settingKeysToRemove: req.body.settingKeysToRemove || [], platformName });
                 res.status(200).send(tracer ? tracer.wrapResponse({ userSettings }) : { userSettings });
                 success = true;
             }
@@ -861,6 +885,7 @@ function createCoreRouter() {
                 tokenUrl,
                 query: req.query,
                 proxyId: req.query.proxyId,
+                hashedRcExtensionId: hashedExtensionId,
                 isFromMCP
             });
             if (userInfo) {
@@ -947,7 +972,7 @@ function createCoreRouter() {
                 res.status(400).send(tracer ? tracer.wrapResponse('Missing api key') : 'Missing api key');
                 return;
             }
-            const { userInfo, returnMessage } = await authCore.onApiKeyLogin({ platform, hostname, apiKey, proxyId, additionalInfo });
+            const { userInfo, returnMessage } = await authCore.onApiKeyLogin({ platform, hostname, apiKey, proxyId, rcAccountId: query.rcAccountId, hashedRcExtensionId: hashedExtensionId, additionalInfo });
             if (userInfo) {
                 const jwtToken = jwt.generateJwt({
                     id: userInfo.id.toString(),
@@ -1323,7 +1348,7 @@ function createCoreRouter() {
                 }
                 const { id: userId, platform } = decodedToken;
                 platformName = platform;
-                const { successful, logId, returnMessage, extraDataTracking, isRevokeUserSession } = await logCore.createCallLog({ platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.logInfo?.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
+                const { successful, logId, returnMessage, extraDataTracking, pluginAsyncTaskIds, isRevokeUserSession } = await logCore.createCallLog({ jwtToken, platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.logInfo?.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
                 if (isRevokeUserSession) {
                     res.status(401).send(tracer ? tracer.wrapResponse({ successful, returnMessage }) : { successful, returnMessage });
                     success = false;
@@ -1332,7 +1357,7 @@ function createCoreRouter() {
                     if (extraDataTracking) {
                         extraData = extraDataTracking;
                     }
-                    res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, returnMessage }) : { successful, logId, returnMessage });
+                    res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, returnMessage, pluginAsyncTaskIds }) : { successful, logId, returnMessage, pluginAsyncTaskIds });
                     success = true;
                 }
             }
@@ -1386,11 +1411,11 @@ function createCoreRouter() {
                 }
                 const { id: userId, platform } = decodedToken;
                 platformName = platform;
-                const { successful, logId, updatedNote, returnMessage, extraDataTracking } = await logCore.updateCallLog({ platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
+                const { successful, logId, updatedNote, returnMessage, extraDataTracking, pluginAsyncTaskIds } = await logCore.updateCallLog({ jwtToken, platform, userId, incomingData: req.body, hashedAccountId: hashedAccountId ?? util.getHashValue(req.body.accountId, process.env.HASH_KEY), isFromSSCL: userAgent === 'SSCL' });
                 if (extraDataTracking) {
                     extraData = extraDataTracking;
                 }
-                res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, updatedNote, returnMessage }) : { successful, logId, updatedNote, returnMessage });
+                res.status(200).send(tracer ? tracer.wrapResponse({ successful, logId, updatedNote, returnMessage, pluginAsyncTaskIds }) : { successful, logId, updatedNote, returnMessage, pluginAsyncTaskIds });
                 success = true;
             }
             else {
@@ -1941,6 +1966,55 @@ function createCoreRouter() {
         });
     });
 
+    router.post('/pluginAsyncTask', async function (req, res) {
+        const requestStartTime = new Date().getTime();
+        const tracer = req.headers['is-debug'] === 'true' ? DebugTracer.fromRequest(req) : null;
+        tracer?.trace('pluginAsyncTask:start', { query: req.query });
+        let platformName = null;
+        let success = false;
+        const { hashedExtensionId, hashedAccountId, userAgent, ip, author, eventAddedVia } = getAnalyticsVariablesInReqHeaders({ headers: req.headers })
+        const { jwtToken } = req.query;
+        try {
+            if (!jwtToken) {
+                tracer?.trace('pluginAsyncTask:noToken', {});
+                res.status(400).send(tracer ? tracer.wrapResponse('Please go to Settings and authorize CRM platform') : 'Please go to Settings and authorize CRM platform');
+                return;
+            }
+            const unAuthData = jwt.decodeJwt(jwtToken);
+            const user = await UserModel.findByPk(unAuthData?.id);
+            if (!user) {
+                tracer?.trace('pluginAsyncTask:userNotFound', {});
+                res.status(400).send(tracer ? tracer.wrapResponse('User not found') : 'User not found');
+                return;
+            }
+            const { asyncTaskIds } = req.body;
+            const filteredTasksIds = asyncTaskIds.filter(taskId => taskId.startsWith(user.id));
+            const tasks = await pluginCore.getPluginAsyncTasks({ asyncTaskIds: filteredTasksIds });
+            res.status(200).send(tracer ? tracer.wrapResponse({ tasks }) : { tasks });
+            success = true;
+        }
+        catch (e) {
+            console.log(`platform: ${platformName} \n${e.stack}`);
+            res.status(400).send(tracer ? tracer.wrapResponse({ error: e.message || e }) : { error: e.message || e });
+            tracer?.traceError('pluginAsyncTask:error', e, { platform: platformName });
+            success = false;
+        }
+        const requestEndTime = new Date().getTime();
+        analytics.track({
+            eventName: 'Plugin Async Task',
+            interfaceName: 'pluginAsyncTask',
+            connectorName: platformName,
+            accountId: hashedAccountId,
+            extensionId: hashedExtensionId,
+            success,
+            requestDuration: (requestEndTime - requestStartTime) / 1000,
+            userAgent,
+            ip,
+            author,
+            eventAddedVia
+        });
+    });
+
     if (process.env.IS_PROD === 'false') {
         router.post('/registerMockUser', async function (req, res) {
             const secretKey = req.query.secretKey;
@@ -2057,24 +2131,32 @@ function createCoreRouter() {
         });
     });
 
-    router.use('/mcp', (req, res, next) => {// LOG EVERYTHING
-        console.log(`[${req.method}] /mcp`);
-        console.log("Headers:", JSON.stringify(req.headers['authorization'] ? "Auth Token Present" : "No Auth"));
-        console.log("Body:", JSON.stringify(req.body));
-        // return next();
-        // Capture the response finish to see the status code
-        res.on('finish', () => {
-            console.log(`[Response] Status: ${res.statusCode}`);
-            console.log(`[Response] data: ${JSON.stringify(res.data)}`);
-        });
+    router.use('/mcp', (req, res, next) => {
+        // Widget tool calls are unauthenticated — they come from the iframe
+        // which has no access to the RC bearer token.
+        if (req.path === '/widget-tool-call') {
+            return next();
+        }
 
         const authHeader = req.headers.authorization;
         const token = authHeader?.split(' ')[1]; // Remove "Bearer "
-        // Allow the initial connection (GET) and CORS checks (OPTIONS) to pass freely.
-        // We only want to block the actual commands (POST).
+        // Allow GET and OPTIONS (CORS preflight) to pass freely.
         if (req.method === 'GET' || req.method === 'OPTIONS') {
             return next();
         }
+        // Allow MCP discovery/handshake methods — these carry no user data and must be
+        // reachable without auth so the ChatGPT developer portal can scan tools.
+        const mcpMethod = req.body?.method;
+        const UNAUTHENTICATED_MCP_METHODS = new Set([
+            'initialize',
+            'tools/list',
+            'ping',
+            'notifications/initialized',
+            'notifications/cancelled',
+        ]);
+        if (mcpMethod && UNAUTHENTICATED_MCP_METHODS.has(mcpMethod)) {
+            return next();
+        }
         // SCENARIO 1: No Token provided. Kick off the OAuth flow.
         if (!token) {
             res.setHeader('WWW-Authenticate', `Bearer realm="mcp", resource_metadata="${process.env.APP_SERVER}/.well-known/oauth-protected-resource"`);
@@ -2084,9 +2166,7 @@ function createCoreRouter() {
         // SCENARIO 2: Token provided. Verify it.
         try {
             next();
-        } catch (error) {
-            console.error("Token validation failed:", error.message);
-            // Token is invalid or expired
+        } catch {
             res.setHeader('WWW-Authenticate', `Bearer realm="mcp", resource_metadata="${process.env.APP_SERVER}/.well-known/oauth-protected-resource"`);
             return res.status(401).send();
         }
@@ -2109,6 +2189,19 @@ function createCoreRouter() {
         await mcpHandler.handleMcpRequest(req, res);
     });
 
+    // Lightweight endpoint for widget tool calls (bypasses MCP protocol)
+    router.options('/mcp/widget-tool-call', (req, res) => {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+        res.status(200).end();
+    });
+    router.post('/mcp/widget-tool-call', async (req, res) => {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Content-Type', 'application/json');
+        await mcpHandler.handleWidgetToolCall(req, res);
+    });
+
     return router;
 }
 

package/lib/authSession.js

@@ -10,20 +10,29 @@ const AUTH_SESSION_PREFIX = 'auth-session';
 const SESSION_EXPIRY_MINUTES = 5;
 
 /**
- * Create a new auth session
+ * Create (or reset) an auth session.
+ * If a record already exists for the sessionId (e.g., user retries auth within
+ * the same ChatGPT conversation), it is reset to 'pending' so polling works
+ * correctly for the new attempt.
  */
 async function createAuthSession(sessionId, data) {
-    await CacheModel.create({
-        id: `${AUTH_SESSION_PREFIX}-${sessionId}`,
-        cacheKey: AUTH_SESSION_PREFIX,
-        userId: sessionId,
-        status: 'pending',
-        data: {
-            ...data,
-            createdAt: new Date().toISOString()
-        },
-        expiry: new Date(Date.now() + SESSION_EXPIRY_MINUTES * 60 * 1000)
-    });
+    const id = `${AUTH_SESSION_PREFIX}-${sessionId}`;
+    const expiry = new Date(Date.now() + SESSION_EXPIRY_MINUTES * 60 * 1000);
+    const sessionData = { ...data, createdAt: new Date().toISOString() };
+
+    const existing = await CacheModel.findByPk(id);
+    if (existing) {
+        await existing.update({ status: 'pending', data: sessionData, expiry });
+    } else {
+        await CacheModel.create({
+            id,
+            cacheKey: AUTH_SESSION_PREFIX,
+            userId: sessionId,
+            status: 'pending',
+            data: sessionData,
+            expiry,
+        });
+    }
 }
 
 /**

package/lib/callLogComposer.js

@@ -115,7 +115,7 @@ function composeCallLog(params) {
         body = upsertCallRecording({ body, recordingLink, logFormat });
     }
 
-    if (aiNote && (userSettings?.addCallLogAINote?.value ?? true)) {
+    if (aiNote && (userSettings?.addCallLogAiNote?.value ?? true)) {
         body = upsertAiNote({ body, aiNote, logFormat });
     }
 

package/lib/debugTracer.js

@@ -40,7 +40,7 @@ class DebugTracer {
      */
     trace(methodName, data = {}, options = {}) {
         const { includeStack = true, level = 'info' } = options;
-        
+
         const traceEntry = {
             timestamp: new Date().toISOString(),
             elapsed: Date.now() - this.startTime,
@@ -85,7 +85,7 @@ class DebugTracer {
         }
 
         const sensitiveFields = [
-            'accessToken', 'refreshToken', 'apiKey', 'password', 
+            'accessToken', 'refreshToken', 'apiKey', 'password',
             'secret', 'token', 'authorization', 'auth', 'key',
             'credential', 'credentials', 'privateKey', 'clientSecret'
         ];
@@ -115,12 +115,30 @@ class DebugTracer {
         return sanitizeRecursive(sanitized);
     }
 
+    /**
+     * Builds a compact summary of all recorded actions, one entry per trace.
+     * Each entry contains the method name, log level, and elapsed time at the
+     * point the trace was recorded, making it easy to skim what happened without
+     * reading the full trace list.
+     * @returns {string[]} Array of human-readable action summary strings
+     */
+    _buildActionSummary() {
+        return this.traces.map((t, i) => ({
+            index: i + 1,
+            timestamp: t.timestamp,
+            level: t.level.toUpperCase(),
+            method: t.methodName,
+            elapsedMs: t.elapsed
+        }));
+    }
+
     /**
      * Gets the complete trace data for inclusion in response
      * @returns {Object} Trace data object
      */
     getTraceData() {
         return {
+            sum: this._buildActionSummary(),
             requestId: this.requestId,
             totalDuration: `${Date.now() - this.startTime}ms`,
             traceCount: this.traces.length,

package/lib/util.js

@@ -40,8 +40,7 @@ function secondsToHoursMinutesSeconds(seconds) {
 function getMostRecentDate({ allDateValues }) {
     var result = 0;
     for (const date of allDateValues) {
-        if(!date)
-        {
+        if (!date) {
             continue;
         }
         if (date > result) {
@@ -53,16 +52,34 @@ function getMostRecentDate({ allDateValues }) {
 
 // media reader link: https://ringcentral.github.io/ringcentral-media-reader/?media=https://media.ringcentral.com/restapi/v1.0/account/{accountId}/extension/{extensionId}/message-store/{messageId}/content/{contentId}
 // platform media link: https://media.ringcentral.com/restapi/v1.0/account/{accountId}/extension/{extensionId}/message-store/{messageId}/content/{contentId}
-function getMediaReaderLinkByPlatformMediaLink(platformMediaLink){
-    if(!platformMediaLink){
+function getMediaReaderLinkByPlatformMediaLink(platformMediaLink) {
+    if (!platformMediaLink) {
         return null;
     }
     const encodedPlatformMediaLink = encodeURIComponent(platformMediaLink);
     return `https://ringcentral.github.io/ringcentral-media-reader/?media=${encodedPlatformMediaLink}`;
 }
 
+function getPluginsFromUserSettings({ userSettings, logType }) {
+    const result = [];
+    if (!userSettings) {
+        return result;
+    }
+    for (const userSettingKey in userSettings) {
+        if (!userSettingKey.startsWith('plugin_')) {
+            continue;
+        }
+        const pluginUserSetting = userSettings[userSettingKey];
+        if (pluginUserSetting.value.logTypes.includes(logType)) {
+            result.push({ id: userSettingKey.replace('plugin_', ''), value: pluginUserSetting.value });
+        }
+    }
+    return result;
+}
+
 exports.getTimeZone = getTimeZone;
 exports.getHashValue = getHashValue;
 exports.secondsToHoursMinutesSeconds = secondsToHoursMinutesSeconds;
 exports.getMostRecentDate = getMostRecentDate;
 exports.getMediaReaderLinkByPlatformMediaLink = getMediaReaderLinkByPlatformMediaLink;
+exports.getPluginsFromUserSettings = getPluginsFromUserSettings;