@backstage/backend-defaults 0.3.0-next.2 → 0.3.0

package/dist/rootHttpRouter.cjs.js

@@ -0,0 +1,629 @@
+'use strict';
+
+var express = require('express');
+var trimEnd = require('lodash/trimEnd');
+var config = require('./cjs/config-BDOwXIyo.cjs.js');
+var http = require('http');
+var https = require('https');
+var stoppableServer = require('stoppable');
+var fs = require('fs-extra');
+var platformPath = require('path');
+var forge = require('node-forge');
+var cors = require('cors');
+var helmet = require('helmet');
+var morgan = require('morgan');
+var compression = require('compression');
+var kebabCase = require('lodash/kebabCase');
+var minimatch = require('minimatch');
+var errors = require('@backstage/errors');
+var crypto = require('crypto');
+var backendPluginApi = require('@backstage/backend-plugin-api');
+
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+
+function _interopNamespaceCompat(e) {
+  if (e && typeof e === 'object' && 'default' in e) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+
+var express__default = /*#__PURE__*/_interopDefaultCompat(express);
+var trimEnd__default = /*#__PURE__*/_interopDefaultCompat(trimEnd);
+var http__namespace = /*#__PURE__*/_interopNamespaceCompat(http);
+var https__namespace = /*#__PURE__*/_interopNamespaceCompat(https);
+var stoppableServer__default = /*#__PURE__*/_interopDefaultCompat(stoppableServer);
+var fs__default = /*#__PURE__*/_interopDefaultCompat(fs);
+var forge__default = /*#__PURE__*/_interopDefaultCompat(forge);
+var cors__default = /*#__PURE__*/_interopDefaultCompat(cors);
+var helmet__default = /*#__PURE__*/_interopDefaultCompat(helmet);
+var morgan__default = /*#__PURE__*/_interopDefaultCompat(morgan);
+var compression__default = /*#__PURE__*/_interopDefaultCompat(compression);
+var kebabCase__default = /*#__PURE__*/_interopDefaultCompat(kebabCase);
+
+function normalizePath(path) {
+  return `${trimEnd__default.default(path, "/")}/`;
+}
+class DefaultRootHttpRouter {
+  #indexPath;
+  #router = express.Router();
+  #namedRoutes = express.Router();
+  #indexRouter = express.Router();
+  #existingPaths = new Array();
+  static create(options) {
+    let indexPath;
+    if (options?.indexPath === false) {
+      indexPath = void 0;
+    } else if (options?.indexPath === void 0) {
+      indexPath = "/api/app";
+    } else if (options?.indexPath === "") {
+      throw new Error("indexPath option may not be an empty string");
+    } else {
+      indexPath = options.indexPath;
+    }
+    return new DefaultRootHttpRouter(indexPath);
+  }
+  constructor(indexPath) {
+    this.#indexPath = indexPath;
+    this.#router.use(this.#namedRoutes);
+    this.#router.use("/api/", (_req, _res, next) => {
+      next("router");
+    });
+    if (this.#indexPath) {
+      this.#router.use(this.#indexRouter);
+    }
+  }
+  use(path, handler) {
+    if (path.match(/^[/\s]*$/)) {
+      throw new Error(`Root router path may not be empty`);
+    }
+    const conflictingPath = this.#findConflictingPath(path);
+    if (conflictingPath) {
+      throw new Error(
+        `Path ${path} conflicts with the existing path ${conflictingPath}`
+      );
+    }
+    this.#existingPaths.push(path);
+    this.#namedRoutes.use(path, handler);
+    if (this.#indexPath === path) {
+      this.#indexRouter.use(handler);
+    }
+  }
+  handler() {
+    return this.#router;
+  }
+  #findConflictingPath(newPath) {
+    const normalizedNewPath = normalizePath(newPath);
+    for (const path of this.#existingPaths) {
+      const normalizedPath = normalizePath(path);
+      if (normalizedPath.startsWith(normalizedNewPath)) {
+        return path;
+      }
+      if (normalizedNewPath.startsWith(normalizedPath)) {
+        return path;
+      }
+    }
+    return void 0;
+  }
+}
+
+const FIVE_DAYS_IN_MS = 5 * 24 * 60 * 60 * 1e3;
+const IP_HOSTNAME_REGEX = /:|^\d+\.\d+\.\d+\.\d+$/;
+async function getGeneratedCertificate(hostname, logger) {
+  const hasModules = await fs__default.default.pathExists("node_modules");
+  let certPath;
+  if (hasModules) {
+    certPath = platformPath.resolve(
+      "node_modules/.cache/backstage-backend/dev-cert.pem"
+    );
+    await fs__default.default.ensureDir(platformPath.dirname(certPath));
+  } else {
+    certPath = platformPath.resolve(".dev-cert.pem");
+  }
+  if (await fs__default.default.pathExists(certPath)) {
+    try {
+      const cert = await fs__default.default.readFile(certPath);
+      const crt = forge__default.default.pki.certificateFromPem(cert.toString());
+      const remainingMs = crt.validity.notAfter.getTime() - Date.now();
+      if (remainingMs > FIVE_DAYS_IN_MS) {
+        logger.info("Using existing self-signed certificate");
+        return {
+          key: cert,
+          cert
+        };
+      }
+    } catch (error) {
+      logger.warn(`Unable to use existing self-signed certificate, ${error}`);
+    }
+  }
+  logger.info("Generating new self-signed certificate");
+  const newCert = await generateCertificate(hostname);
+  await fs__default.default.writeFile(certPath, newCert.cert + newCert.key, "utf8");
+  return newCert;
+}
+async function generateCertificate(hostname) {
+  const attributes = [
+    {
+      name: "commonName",
+      value: "dev-cert"
+    }
+  ];
+  const sans = [
+    {
+      type: 2,
+      // DNS
+      value: "localhost"
+    },
+    {
+      type: 2,
+      value: "localhost.localdomain"
+    },
+    {
+      type: 2,
+      value: "[::1]"
+    },
+    {
+      type: 7,
+      // IP
+      ip: "127.0.0.1"
+    },
+    {
+      type: 7,
+      ip: "fe80::1"
+    }
+  ];
+  if (!sans.find(({ value, ip }) => value === hostname || ip === hostname)) {
+    sans.push(
+      IP_HOSTNAME_REGEX.test(hostname) ? {
+        type: 7,
+        ip: hostname
+      } : {
+        type: 2,
+        value: hostname
+      }
+    );
+  }
+  const params = {
+    algorithm: "sha256",
+    keySize: 2048,
+    days: 30,
+    extensions: [
+      {
+        name: "keyUsage",
+        keyCertSign: true,
+        digitalSignature: true,
+        nonRepudiation: true,
+        keyEncipherment: true,
+        dataEncipherment: true
+      },
+      {
+        name: "extKeyUsage",
+        serverAuth: true,
+        clientAuth: true,
+        codeSigning: true,
+        timeStamping: true
+      },
+      {
+        name: "subjectAltName",
+        altNames: sans
+      }
+    ]
+  };
+  return new Promise(
+    (resolve, reject) => require("selfsigned").generate(
+      attributes,
+      params,
+      (err, bundle) => {
+        if (err) {
+          reject(err);
+        } else {
+          resolve({ key: bundle.private, cert: bundle.cert });
+        }
+      }
+    )
+  );
+}
+
+async function createHttpServer(listener, options, deps) {
+  const server = await createServer(listener, options, deps);
+  const stopper = stoppableServer__default.default(server, 0);
+  const stopServer = stopper.stop.bind(stopper);
+  return Object.assign(server, {
+    start() {
+      return new Promise((resolve, reject) => {
+        const handleStartupError = (error) => {
+          server.close();
+          reject(error);
+        };
+        server.on("error", handleStartupError);
+        const { host, port } = options.listen;
+        server.listen(port, host, () => {
+          server.off("error", handleStartupError);
+          deps.logger.info(`Listening on ${host}:${port}`);
+          resolve();
+        });
+      });
+    },
+    stop() {
+      return new Promise((resolve, reject) => {
+        stopServer((error) => {
+          if (error) {
+            reject(error);
+          } else {
+            resolve();
+          }
+        });
+      });
+    },
+    port() {
+      const address = server.address();
+      if (typeof address === "string" || address === null) {
+        throw new Error(`Unexpected server address '${address}'`);
+      }
+      return address.port;
+    }
+  });
+}
+async function createServer(listener, options, deps) {
+  if (options.https) {
+    const { certificate } = options.https;
+    if (certificate.type === "generated") {
+      const credentials = await getGeneratedCertificate(
+        certificate.hostname,
+        deps.logger
+      );
+      return https__namespace.createServer(credentials, listener);
+    }
+    return https__namespace.createServer(certificate, listener);
+  }
+  return http__namespace.createServer(listener);
+}
+
+function readHelmetOptions(config) {
+  const cspOptions = readCspDirectives(config);
+  return {
+    contentSecurityPolicy: {
+      useDefaults: false,
+      directives: applyCspDirectives(cspOptions)
+    },
+    // These are all disabled in order to maintain backwards compatibility
+    // when bumping helmet v5. We can't enable these by default because
+    // there is no way for users to configure them.
+    // TODO(Rugvip): We should give control of this setup to consumers
+    crossOriginEmbedderPolicy: false,
+    crossOriginOpenerPolicy: false,
+    crossOriginResourcePolicy: false,
+    originAgentCluster: false
+  };
+}
+function readCspDirectives(config) {
+  const cc = config?.getOptionalConfig("csp");
+  if (!cc) {
+    return void 0;
+  }
+  const result = {};
+  for (const key of cc.keys()) {
+    if (cc.get(key) === false) {
+      result[key] = false;
+    } else {
+      result[key] = cc.getStringArray(key);
+    }
+  }
+  return result;
+}
+function applyCspDirectives(directives) {
+  const result = helmet__default.default.contentSecurityPolicy.getDefaultDirectives();
+  result["script-src"] = ["'self'", "'unsafe-eval'"];
+  delete result["form-action"];
+  if (directives) {
+    for (const [key, value] of Object.entries(directives)) {
+      const kebabCaseKey = kebabCase__default.default(key);
+      if (value === false) {
+        delete result[kebabCaseKey];
+      } else {
+        result[kebabCaseKey] = value;
+      }
+    }
+  }
+  return result;
+}
+
+function readCorsOptions(config) {
+  const cc = config?.getOptionalConfig("cors");
+  if (!cc) {
+    return { origin: false };
+  }
+  return removeUnknown({
+    origin: createCorsOriginMatcher(readStringArray(cc, "origin")),
+    methods: readStringArray(cc, "methods"),
+    allowedHeaders: readStringArray(cc, "allowedHeaders"),
+    exposedHeaders: readStringArray(cc, "exposedHeaders"),
+    credentials: cc.getOptionalBoolean("credentials"),
+    maxAge: cc.getOptionalNumber("maxAge"),
+    preflightContinue: cc.getOptionalBoolean("preflightContinue"),
+    optionsSuccessStatus: cc.getOptionalNumber("optionsSuccessStatus")
+  });
+}
+function removeUnknown(obj) {
+  return Object.fromEntries(
+    Object.entries(obj).filter(([, v]) => v !== void 0)
+  );
+}
+function readStringArray(config, key) {
+  const value = config.getOptional(key);
+  if (typeof value === "string") {
+    return [value];
+  } else if (!value) {
+    return void 0;
+  }
+  return config.getStringArray(key);
+}
+function createCorsOriginMatcher(allowedOriginPatterns) {
+  if (!allowedOriginPatterns) {
+    return void 0;
+  }
+  const allowedOriginMatchers = allowedOriginPatterns.map(
+    (pattern) => new minimatch.Minimatch(pattern, { nocase: true, noglobstar: true })
+  );
+  return (origin, callback) => {
+    return callback(
+      null,
+      allowedOriginMatchers.some((pattern) => pattern.match(origin ?? ""))
+    );
+  };
+}
+
+function handleBadError(error, logger) {
+  const logId = crypto.randomBytes(10).toString("hex");
+  logger.child({ logId }).error(`Filtered internal error with logId=${logId} from response`, error);
+  const newError = new Error(`An internal error occurred logId=${logId}`);
+  delete newError.stack;
+  return newError;
+}
+function applyInternalErrorFilter(error, logger) {
+  try {
+    errors.assertError(error);
+  } catch (assertionError) {
+    errors.assertError(assertionError);
+    return handleBadError(assertionError, logger);
+  }
+  const constructorName = error.constructor.name;
+  if (constructorName === "DatabaseError") {
+    return handleBadError(error, logger);
+  }
+  return error;
+}
+
+class MiddlewareFactory {
+  #config;
+  #logger;
+  /**
+   * Creates a new {@link MiddlewareFactory}.
+   */
+  static create(options) {
+    return new MiddlewareFactory(options);
+  }
+  constructor(options) {
+    this.#config = options.config;
+    this.#logger = options.logger;
+  }
+  /**
+   * Returns a middleware that unconditionally produces a 404 error response.
+   *
+   * @remarks
+   *
+   * Typically you want to place this middleware at the end of the chain, such
+   * that it's the last one attempted after no other routes matched.
+   *
+   * @returns An Express request handler
+   */
+  notFound() {
+    return (_req, res) => {
+      res.status(404).end();
+    };
+  }
+  /**
+   * Returns the compression middleware.
+   *
+   * @remarks
+   *
+   * The middleware will attempt to compress response bodies for all requests
+   * that traverse through the middleware.
+   */
+  compression() {
+    return compression__default.default();
+  }
+  /**
+   * Returns a request logging middleware.
+   *
+   * @remarks
+   *
+   * Typically you want to place this middleware at the start of the chain, such
+   * that it always logs requests whether they are "caught" by handlers farther
+   * down or not.
+   *
+   * @returns An Express request handler
+   */
+  logging() {
+    const logger = this.#logger.child({
+      type: "incomingRequest"
+    });
+    return morgan__default.default("combined", {
+      stream: {
+        write(message) {
+          logger.info(message.trimEnd());
+        }
+      }
+    });
+  }
+  /**
+   * Returns a middleware that implements the helmet library.
+   *
+   * @remarks
+   *
+   * This middleware applies security policies to incoming requests and outgoing
+   * responses. It is configured using config keys such as `backend.csp`.
+   *
+   * @see {@link https://helmetjs.github.io/}
+   *
+   * @returns An Express request handler
+   */
+  helmet() {
+    return helmet__default.default(readHelmetOptions(this.#config.getOptionalConfig("backend")));
+  }
+  /**
+   * Returns a middleware that implements the cors library.
+   *
+   * @remarks
+   *
+   * This middleware handles CORS. It is configured using the config key
+   * `backend.cors`.
+   *
+   * @see {@link https://github.com/expressjs/cors}
+   *
+   * @returns An Express request handler
+   */
+  cors() {
+    return cors__default.default(readCorsOptions(this.#config.getOptionalConfig("backend")));
+  }
+  /**
+   * Express middleware to handle errors during request processing.
+   *
+   * @remarks
+   *
+   * This is commonly the very last middleware in the chain.
+   *
+   * Its primary purpose is not to do translation of business logic exceptions,
+   * but rather to be a global catch-all for uncaught "fatal" errors that are
+   * expected to result in a 500 error. However, it also does handle some common
+   * error types (such as http-error exceptions, and the well-known error types
+   * in the `@backstage/errors` package) and returns the enclosed status code
+   * accordingly.
+   *
+   * It will also produce a response body with a serialized form of the error,
+   * unless a previous handler already did send a body. See
+   * {@link @backstage/errors#ErrorResponseBody} for the response shape used.
+   *
+   * @returns An Express error request handler
+   */
+  error(options = {}) {
+    const showStackTraces = options.showStackTraces ?? process.env.NODE_ENV === "development";
+    const logger = this.#logger.child({
+      type: "errorHandler"
+    });
+    return (rawError, req, res, next) => {
+      const error = applyInternalErrorFilter(rawError, logger);
+      const statusCode = getStatusCode(error);
+      if (options.logAllErrors || statusCode >= 500) {
+        logger.error(`Request failed with status ${statusCode}`, error);
+      }
+      if (res.headersSent) {
+        next(error);
+        return;
+      }
+      const body = {
+        error: errors.serializeError(error, { includeStack: showStackTraces }),
+        request: { method: req.method, url: req.url },
+        response: { statusCode }
+      };
+      res.status(statusCode).json(body);
+    };
+  }
+}
+function getStatusCode(error) {
+  const knownStatusCodeFields = ["statusCode", "status"];
+  for (const field of knownStatusCodeFields) {
+    const statusCode = error[field];
+    if (typeof statusCode === "number" && (statusCode | 0) === statusCode && // is whole integer
+    statusCode >= 100 && statusCode <= 599) {
+      return statusCode;
+    }
+  }
+  switch (error.name) {
+    case errors.NotModifiedError.name:
+      return 304;
+    case errors.InputError.name:
+      return 400;
+    case errors.AuthenticationError.name:
+      return 401;
+    case errors.NotAllowedError.name:
+      return 403;
+    case errors.NotFoundError.name:
+      return 404;
+    case errors.ConflictError.name:
+      return 409;
+    case errors.NotImplementedError.name:
+      return 501;
+    case errors.ServiceUnavailableError.name:
+      return 503;
+  }
+  return 500;
+}
+
+function defaultConfigure({ applyDefaults }) {
+  applyDefaults();
+}
+const rootHttpRouterServiceFactory = backendPluginApi.createServiceFactory(
+  (options) => ({
+    service: backendPluginApi.coreServices.rootHttpRouter,
+    deps: {
+      config: backendPluginApi.coreServices.rootConfig,
+      rootLogger: backendPluginApi.coreServices.rootLogger,
+      lifecycle: backendPluginApi.coreServices.rootLifecycle
+    },
+    async factory({ config: config$1, rootLogger, lifecycle }) {
+      const { indexPath, configure = defaultConfigure } = options ?? {};
+      const logger = rootLogger.child({ service: "rootHttpRouter" });
+      const app = express__default.default();
+      const router = DefaultRootHttpRouter.create({ indexPath });
+      const middleware = MiddlewareFactory.create({ config: config$1, logger });
+      const routes = router.handler();
+      const server = await createHttpServer(
+        app,
+        config.readHttpServerOptions(config$1.getOptionalConfig("backend")),
+        { logger }
+      );
+      configure({
+        app,
+        server,
+        routes,
+        middleware,
+        config: config$1,
+        logger,
+        lifecycle,
+        applyDefaults() {
+          app.use(middleware.helmet());
+          app.use(middleware.cors());
+          app.use(middleware.compression());
+          app.use(middleware.logging());
+          app.use(routes);
+          app.use(middleware.notFound());
+          app.use(middleware.error());
+        }
+      });
+      lifecycle.addShutdownHook(() => server.stop());
+      await server.start();
+      return router;
+    }
+  })
+);
+
+exports.readHttpServerOptions = config.readHttpServerOptions;
+exports.DefaultRootHttpRouter = DefaultRootHttpRouter;
+exports.MiddlewareFactory = MiddlewareFactory;
+exports.createHttpServer = createHttpServer;
+exports.readCorsOptions = readCorsOptions;
+exports.readHelmetOptions = readHelmetOptions;
+exports.rootHttpRouterServiceFactory = rootHttpRouterServiceFactory;
+//# sourceMappingURL=rootHttpRouter.cjs.js.map