@backstage/backend-app-api 0.7.1-next.0 → 0.7.1

package/CHANGELOG.md

@@ -1,26 +1,10 @@
 # @backstage/backend-app-api
 
-## 0.7.1-next.0
+## 0.7.1
 
 ### Patch Changes
 
-- 4cd5ff0: Add ability to configure the Node.js HTTP Server when configuring the root HTTP Router service
-- e8199b1: Move the JWKS registration outside of the lifecycle middleware
-- dc8c5dd: The default `TokenManager` implementation no longer requires keys to be configured in production, but it will throw an errors when generating or authenticating tokens. The default `AuthService` implementation will now also provide additional context if such an error is throw when falling back to using the `TokenManager` service to generate tokens for outgoing requests.
-- 025641b: Redact `meta` fields too with the logger
-- 5863e02: Internal refactor to only create one external token handler
-- Updated dependencies
-  - @backstage/plugin-auth-node@0.4.13-next.0
-  - @backstage/backend-common@0.21.8-next.0
-  - @backstage/backend-plugin-api@0.6.18-next.0
-  - @backstage/backend-tasks@0.5.23-next.0
-  - @backstage/cli-common@0.1.13
-  - @backstage/cli-node@0.2.5
-  - @backstage/config@1.2.0
-  - @backstage/config-loader@1.8.0
-  - @backstage/errors@1.2.4
-  - @backstage/types@1.1.1
-  - @backstage/plugin-permission-node@0.7.29-next.0
+- 3554ebe: Move the JWKS registration outside of the lifecycle middleware
 
 ## 0.7.0
 

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/backend-app-api",
-  "version": "0.7.1-next.0",
+  "version": "0.7.1",
   "main": "../dist/alpha.cjs.js",
   "types": "../dist/alpha.d.ts"
 }

package/dist/index.cjs.js

@@ -26,10 +26,10 @@ var backendCommon = require('@backstage/backend-common');
 var jose = require('jose');
 var uuid = require('uuid');
 var pluginAuthNode = require('@backstage/plugin-auth-node');
-var types = require('@backstage/types');
 var backendAppApi = require('@backstage/backend-app-api');
 var cookie = require('cookie');
 var Router = require('express-promise-router');
+var types = require('@backstage/types');
 var pathToRegexp = require('path-to-regexp');
 var pluginPermissionNode = require('@backstage/plugin-permission-node');
 var express = require('express');
@@ -618,7 +618,7 @@ var __accessCheck$e = (obj, member, msg) => {
 };
 var __privateGet$c = (obj, member, getter) => {
   __accessCheck$e(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$e = (obj, member, value) => {
   if (member.has(obj))
@@ -627,7 +627,7 @@ var __privateAdd$e = (obj, member, value) => {
 };
 var __privateSet$a = (obj, member, value, setter) => {
   __accessCheck$e(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _config, _logger;
@@ -811,7 +811,7 @@ var __accessCheck$d = (obj, member, msg) => {
 };
 var __privateGet$b = (obj, member, getter) => {
   __accessCheck$d(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$d = (obj, member, value) => {
   if (member.has(obj))
@@ -820,7 +820,7 @@ var __privateAdd$d = (obj, member, value) => {
 };
 var __privateSet$9 = (obj, member, value, setter) => {
   __accessCheck$d(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _winston, _addRedactions;
@@ -857,21 +857,16 @@ const _WinstonLogger = class _WinstonLogger {
   static redacter() {
     const redactionSet = /* @__PURE__ */ new Set();
     let redactionPattern = void 0;
-    const replace = (obj) => {
-      var _a;
-      for (const key in obj) {
-        if (obj.hasOwnProperty(key)) {
-          if (typeof obj[key] === "object") {
-            obj[key] = replace(obj[key]);
-          } else if (typeof obj[key] === "string") {
-            obj[key] = (_a = obj[key]) == null ? void 0 : _a.replace(redactionPattern, "[REDACTED]");
-          }
-        }
-      }
-      return obj;
-    };
     return {
-      format: winston.format(replace)(),
+      format: winston.format((info) => {
+        if (redactionPattern && typeof info.message === "string") {
+          info.message = info.message.replace(redactionPattern, "[REDACTED]");
+        }
+        if (redactionPattern && typeof info.stack === "string") {
+          info.stack = info.stack.replace(redactionPattern, "[REDACTED]");
+        }
+        return info;
+      })(),
       add(newRedactions) {
         let added = 0;
         for (const redactionToTrim of newRedactions) {
@@ -948,7 +943,7 @@ var __accessCheck$c = (obj, member, msg) => {
 };
 var __privateGet$a = (obj, member, getter) => {
   __accessCheck$c(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$c = (obj, member, value) => {
   if (member.has(obj))
@@ -957,7 +952,7 @@ var __privateAdd$c = (obj, member, value) => {
 };
 var __privateSet$8 = (obj, member, value, setter) => {
   __accessCheck$c(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _hasStarted$1, _startupTasks$1, _hasShutdown, _shutdownTasks;
@@ -1042,7 +1037,7 @@ var __accessCheck$b = (obj, member, msg) => {
 };
 var __privateGet$9 = (obj, member, getter) => {
   __accessCheck$b(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$b = (obj, member, value) => {
   if (member.has(obj))
@@ -1051,7 +1046,7 @@ var __privateAdd$b = (obj, member, value) => {
 };
 var __privateSet$7 = (obj, member, value, setter) => {
   __accessCheck$b(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _hasStarted, _startupTasks;
@@ -1122,7 +1117,7 @@ var __accessCheck$a = (obj, member, msg) => {
 };
 var __privateGet$8 = (obj, member, getter) => {
   __accessCheck$a(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$a = (obj, member, value) => {
   if (member.has(obj))
@@ -1131,7 +1126,7 @@ var __privateAdd$a = (obj, member, value) => {
 };
 var __privateSet$6 = (obj, member, value, setter) => {
   __accessCheck$a(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$7 = (obj, member, method) => {
@@ -1331,7 +1326,7 @@ var __accessCheck$9 = (obj, member, msg) => {
 };
 var __privateGet$7 = (obj, member, getter) => {
   __accessCheck$9(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$9 = (obj, member, value) => {
   if (member.has(obj))
@@ -1340,7 +1335,7 @@ var __privateAdd$9 = (obj, member, value) => {
 };
 var __privateSet$5 = (obj, member, value, setter) => {
   __accessCheck$9(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$6 = (obj, member, method) => {
@@ -1570,7 +1565,7 @@ var __accessCheck$8 = (obj, member, msg) => {
 };
 var __privateGet$6 = (obj, member, getter) => {
   __accessCheck$8(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$8 = (obj, member, value) => {
   if (member.has(obj))
@@ -1579,7 +1574,7 @@ var __privateAdd$8 = (obj, member, value) => {
 };
 var __privateSet$4 = (obj, member, value, setter) => {
   __accessCheck$8(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$5 = (obj, member, method) => {
@@ -1870,7 +1865,7 @@ var __accessCheck$7 = (obj, member, msg) => {
 };
 var __privateGet$5 = (obj, member, getter) => {
   __accessCheck$7(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$7 = (obj, member, value) => {
   if (member.has(obj))
@@ -1879,7 +1874,7 @@ var __privateAdd$7 = (obj, member, value) => {
 };
 var __privateSet$3 = (obj, member, value, setter) => {
   __accessCheck$7(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _initializer;
@@ -2147,12 +2142,7 @@ class DefaultAuthService {
             targetPluginId
           });
         }
-        return this.tokenManager.getToken().catch((error) => {
-          throw new errors.ForwardedError(
-            `Unable to generate legacy token for communication with the '${targetPluginId}' plugin. You will typically encounter this error when attempting to call a plugin that does not exist, or is deployed with an old version of Backstage`,
-            error
-          );
-        });
+        return this.tokenManager.getToken();
       case "user": {
         const { token } = internalForward;
         if (!token) {
@@ -2210,7 +2200,7 @@ var __accessCheck$5 = (obj, member, msg) => {
 };
 var __privateGet$4 = (obj, member, getter) => {
   __accessCheck$5(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$5 = (obj, member, value) => {
   if (member.has(obj))
@@ -2219,7 +2209,7 @@ var __privateAdd$5 = (obj, member, value) => {
 };
 var __privateSet$2 = (obj, member, value, setter) => {
   __accessCheck$5(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var _keyStore, _keyStoreUpdated;
@@ -2297,7 +2287,7 @@ class PluginTokenHandler {
       options.logger,
       options.ownPluginId,
       options.publicKeyStore,
-      Math.round(types.durationToMilliseconds(options.keyDuration) / 1e3),
+      options.keyDurationSeconds,
       (_a = options.algorithm) != null ? _a : "ES256",
       options.discovery
     );
@@ -2582,7 +2572,7 @@ var __accessCheck$3 = (obj, member, msg) => {
 };
 var __privateGet$3 = (obj, member, getter) => {
   __accessCheck$3(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$3 = (obj, member, value) => {
   if (member.has(obj))
@@ -2656,7 +2646,7 @@ var __accessCheck$2 = (obj, member, msg) => {
 };
 var __privateGet$2 = (obj, member, getter) => {
   __accessCheck$2(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$2 = (obj, member, value) => {
   if (member.has(obj))
@@ -2758,16 +2748,7 @@ const authServiceFactory = backendPluginApi.createServiceFactory({
     // new auth services in the new backend system.
     tokenManager: backendPluginApi.coreServices.tokenManager
   },
-  async createRootContext({ config, logger }) {
-    const externalTokens = ExternalTokenHandler.create({
-      config,
-      logger
-    });
-    return {
-      externalTokens
-    };
-  },
-  async factory({ config, discovery, plugin, tokenManager, logger, database }, { externalTokens }) {
+  async factory({ config, discovery, plugin, tokenManager, logger, database }) {
     const disableDefaultAuthPolicy = Boolean(
       config.getOptionalBoolean(
         "backend.auth.dangerouslyDisableDefaultAuthPolicy"
@@ -2782,11 +2763,15 @@ const authServiceFactory = backendPluginApi.createServiceFactory({
     });
     const pluginTokens = PluginTokenHandler.create({
       ownPluginId: plugin.getId(),
-      keyDuration: { hours: 1 },
+      keyDurationSeconds: 60 * 60,
       logger,
       publicKeyStore,
       discovery
     });
+    const externalTokens = ExternalTokenHandler.create({
+      config,
+      logger
+    });
     return new DefaultAuthService(
       userTokens,
       pluginTokens,
@@ -2950,7 +2935,7 @@ var __accessCheck$1 = (obj, member, msg) => {
 };
 var __privateGet$1 = (obj, member, getter) => {
   __accessCheck$1(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd$1 = (obj, member, value) => {
   if (member.has(obj))
@@ -2959,7 +2944,7 @@ var __privateAdd$1 = (obj, member, value) => {
 };
 var __privateSet$1 = (obj, member, value, setter) => {
   __accessCheck$1(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod$1 = (obj, member, method) => {
@@ -3391,7 +3376,7 @@ var __accessCheck = (obj, member, msg) => {
 };
 var __privateGet = (obj, member, getter) => {
   __accessCheck(obj, member, "read from private field");
-  return member.get(obj);
+  return getter ? getter.call(obj) : member.get(obj);
 };
 var __privateAdd = (obj, member, value) => {
   if (member.has(obj))
@@ -3400,7 +3385,7 @@ var __privateAdd = (obj, member, value) => {
 };
 var __privateSet = (obj, member, value, setter) => {
   __accessCheck(obj, member, "write to private field");
-  member.set(obj, value);
+  setter ? setter.call(obj, value) : member.set(obj, value);
   return value;
 };
 var __privateMethod = (obj, member, method) => {
@@ -3482,8 +3467,15 @@ findConflictingPath_fn = function(newPath) {
 };
 let DefaultRootHttpRouter = _DefaultRootHttpRouter;
 
-function defaultConfigure({ applyDefaults }) {
-  applyDefaults();
+function defaultConfigure(context) {
+  const { app, routes, middleware } = context;
+  app.use(middleware.helmet());
+  app.use(middleware.cors());
+  app.use(middleware.compression());
+  app.use(middleware.logging());
+  app.use(routes);
+  app.use(middleware.notFound());
+  app.use(middleware.error());
 }
 const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
   (options) => ({
@@ -3499,30 +3491,19 @@ const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
       const app = express__default.default();
       const router = DefaultRootHttpRouter.create({ indexPath });
       const middleware = MiddlewareFactory.create({ config, logger });
-      const routes = router.handler();
-      const server = await createHttpServer(
-        app,
-        readHttpServerOptions(config.getOptionalConfig("backend")),
-        { logger }
-      );
       configure({
         app,
-        server,
-        routes,
+        routes: router.handler(),
         middleware,
         config,
         logger,
-        lifecycle,
-        applyDefaults() {
-          app.use(middleware.helmet());
-          app.use(middleware.cors());
-          app.use(middleware.compression());
-          app.use(middleware.logging());
-          app.use(routes);
-          app.use(middleware.notFound());
-          app.use(middleware.error());
-        }
+        lifecycle
       });
+      const server = await createHttpServer(
+        app,
+        readHttpServerOptions(config.getOptionalConfig("backend")),
+        { logger }
+      );
       lifecycle.addShutdownHook(() => server.stop());
       await server.start();
       return router;
@@ -3576,8 +3557,7 @@ const tokenManagerServiceFactory = backendPluginApi.createServiceFactory({
   },
   createRootContext({ config, logger }) {
     return backendCommon.ServerTokenManager.fromConfig(config, {
-      logger,
-      allowDisabledTokenManager: true
+      logger
     });
   },
   async factory(_deps, tokenManager) {