@backstage/plugin-search-backend 1.5.18-next.1 → 1.5.18-next.2

package/dist/service/router.cjs.js

@@ -0,0 +1,134 @@
+'use strict';
+
+var zod = require('zod');
+var backendCommon = require('@backstage/backend-common');
+var errors = require('@backstage/errors');
+var pluginPermissionCommon = require('@backstage/plugin-permission-common');
+var AuthorizedSearchEngine = require('./AuthorizedSearchEngine.cjs.js');
+var openapi_generated = require('../schema/openapi.generated.cjs.js');
+var discovery = require('@backstage/backend-defaults/discovery');
+
+const jsonObjectSchema = zod.z.lazy(() => {
+  const jsonValueSchema = zod.z.lazy(
+    () => zod.z.union([
+      zod.z.string(),
+      zod.z.number(),
+      zod.z.boolean(),
+      zod.z.null(),
+      zod.z.array(jsonValueSchema),
+      jsonObjectSchema
+    ])
+  );
+  return zod.z.record(jsonValueSchema);
+});
+const defaultMaxPageLimit = 100;
+const defaultMaxTermLength = 100;
+const allowedLocationProtocols = ["http:", "https:"];
+async function createRouter(options) {
+  const router = await openapi_generated.createOpenApiRouter();
+  const {
+    engine: inputEngine,
+    types,
+    permissions,
+    config,
+    logger,
+    discovery: discovery$1 = discovery.HostDiscovery.fromConfig(config)
+  } = options;
+  const { auth, httpAuth } = backendCommon.createLegacyAuthAdapters({
+    ...options,
+    discovery: discovery$1
+  });
+  const maxPageLimit = config.getOptionalNumber("search.maxPageLimit") ?? defaultMaxPageLimit;
+  const maxTermLength = config.getOptionalNumber("search.maxTermLength") ?? defaultMaxTermLength;
+  const requestSchema = zod.z.object({
+    term: zod.z.string().refine(
+      (term) => term.length <= maxTermLength,
+      (term) => ({
+        message: `The term length "${term.length}" is greater than "${maxTermLength}"`
+      })
+    ).default(""),
+    filters: jsonObjectSchema.optional(),
+    types: zod.z.array(zod.z.string().refine((type) => Object.keys(types).includes(type))).optional(),
+    pageCursor: zod.z.string().optional(),
+    pageLimit: zod.z.number().refine(
+      (pageLimit) => pageLimit <= maxPageLimit,
+      (pageLimit) => ({
+        message: `The page limit "${pageLimit}" is greater than "${maxPageLimit}"`
+      })
+    ).optional()
+  });
+  let permissionEvaluator;
+  if ("authorizeConditional" in permissions) {
+    permissionEvaluator = permissions;
+  } else {
+    logger.warn(
+      "PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions"
+    );
+    permissionEvaluator = pluginPermissionCommon.toPermissionEvaluator(permissions);
+  }
+  const engine = config.getOptionalBoolean("permission.enabled") ? new AuthorizedSearchEngine.AuthorizedSearchEngine(
+    inputEngine,
+    types,
+    permissionEvaluator,
+    auth,
+    config
+  ) : inputEngine;
+  const filterResultSet = ({ results, ...resultSet }) => ({
+    ...resultSet,
+    results: results.filter((result) => {
+      const protocol = new URL(result.document.location, "https://example.com").protocol;
+      const isAllowed = allowedLocationProtocols.includes(protocol);
+      if (!isAllowed) {
+        logger.info(
+          `Rejected search result for "${result.document.title}" as location protocol "${protocol}" is unsafe`
+        );
+      }
+      return isAllowed;
+    })
+  });
+  const toSearchResults = (resultSet) => ({
+    ...resultSet,
+    results: resultSet.results.map((result) => ({
+      ...result,
+      document: {
+        ...result.document,
+        authorization: void 0
+      }
+    }))
+  });
+  router.get("/query", async (req, res) => {
+    const parseResult = requestSchema.passthrough().safeParse(req.query);
+    if (!parseResult.success) {
+      throw new errors.InputError(`Invalid query string: ${parseResult.error}`);
+    }
+    const query = parseResult.data;
+    logger.info(
+      `Search request received: term="${query.term}", filters=${JSON.stringify(
+        query.filters
+      )}, types=${query.types ? query.types.join(",") : ""}, pageCursor=${query.pageCursor ?? ""}`
+    );
+    try {
+      const credentials = await httpAuth.credentials(req);
+      const { token } = await auth.getPluginRequestToken({
+        onBehalfOf: credentials,
+        targetPluginId: "search"
+      });
+      const resultSet = await engine?.query(query, {
+        token,
+        credentials
+      });
+      res.json(filterResultSet(toSearchResults(resultSet)));
+    } catch (error) {
+      if (error.name === "MissingIndexError") {
+        throw error;
+      }
+      throw new Error(
+        `There was a problem performing the search query: ${error.message}`
+      );
+    }
+  });
+  return router;
+}
+
+exports.createRouter = createRouter;
+//# sourceMappingURL=router.cjs.js.map

package/dist/service/router.cjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport express from 'express';\nimport { z } from 'zod';\nimport { createLegacyAuthAdapters } from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport { Config } from '@backstage/config';\nimport { JsonObject, JsonValue } from '@backstage/types';\nimport {\n  PermissionAuthorizer,\n  PermissionEvaluator,\n  toPermissionEvaluator,\n} from '@backstage/plugin-permission-common';\nimport {\n  DocumentTypeInfo,\n  IndexableResultSet,\n  SearchResultSet,\n} from '@backstage/plugin-search-common';\nimport { SearchEngine } from '@backstage/plugin-search-backend-node';\nimport { AuthorizedSearchEngine } from './AuthorizedSearchEngine';\nimport { createOpenApiRouter } from '../schema/openapi.generated';\nimport {\n  AuthService,\n  DiscoveryService,\n  HttpAuthService,\n  LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { HostDiscovery } from '@backstage/backend-defaults/discovery';\n\nconst jsonObjectSchema: z.ZodSchema<JsonObject> = z.lazy(() => {\n  const jsonValueSchema: z.ZodSchema<JsonValue> = z.lazy(() =>\n    z.union([\n      z.string(),\n      z.number(),\n      z.boolean(),\n      z.null(),\n      z.array(jsonValueSchema),\n      jsonObjectSchema,\n    ]),\n  );\n\n  return z.record(jsonValueSchema);\n});\n\n/**\n * @public\n * @deprecated Please migrate to the new backend system as this will be removed in the future.\n */\nexport type RouterOptions = {\n  engine: SearchEngine;\n  types: Record<string, DocumentTypeInfo>;\n  discovery?: DiscoveryService;\n  permissions: PermissionEvaluator | PermissionAuthorizer;\n  config: Config;\n  logger: LoggerService;\n  // TODO: Make \"auth\" and \"httpAuth\" required once we remove the usage of \"tokenManager\"\n  auth?: AuthService;\n  httpAuth?: HttpAuthService;\n};\n\nconst defaultMaxPageLimit = 100;\nconst defaultMaxTermLength = 100;\nconst allowedLocationProtocols = ['http:', 'https:'];\n\n/**\n * @public\n * @deprecated Please migrate to the new backend system as this will be removed in the future.\n */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const router = await createOpenApiRouter();\n  const {\n    engine: inputEngine,\n    types,\n    permissions,\n    config,\n    logger,\n    discovery = HostDiscovery.fromConfig(config),\n  } = options;\n\n  // TODO: stop using this adapter when the \"tokenManager\" is removed\n  const { auth, httpAuth } = createLegacyAuthAdapters({\n    ...options,\n    discovery,\n  });\n\n  const maxPageLimit =\n    config.getOptionalNumber('search.maxPageLimit') ?? defaultMaxPageLimit;\n\n  const maxTermLength =\n    config.getOptionalNumber('search.maxTermLength') ?? defaultMaxTermLength;\n\n  const requestSchema = z.object({\n    term: z\n      .string()\n      .refine(\n        term => term.length <= maxTermLength,\n        term => ({\n          message: `The term length \"${term.length}\" is greater than \"${maxTermLength}\"`,\n        }),\n      )\n      .default(''),\n    filters: jsonObjectSchema.optional(),\n    types: z\n      .array(z.string().refine(type => Object.keys(types).includes(type)))\n      .optional(),\n    pageCursor: z.string().optional(),\n    pageLimit: z\n      .number()\n      .refine(\n        pageLimit => pageLimit <= maxPageLimit,\n        pageLimit => ({\n          message: `The page limit \"${pageLimit}\" is greater than \"${maxPageLimit}\"`,\n        }),\n      )\n      .optional(),\n  });\n\n  let permissionEvaluator: PermissionEvaluator;\n  if ('authorizeConditional' in permissions) {\n    permissionEvaluator = permissions as PermissionEvaluator;\n  } else {\n    logger.warn(\n      'PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions',\n    );\n    permissionEvaluator = toPermissionEvaluator(permissions);\n  }\n\n  const engine = config.getOptionalBoolean('permission.enabled')\n    ? new AuthorizedSearchEngine(\n        inputEngine,\n        types,\n        permissionEvaluator,\n        auth,\n        config,\n      )\n    : inputEngine;\n\n  const filterResultSet = ({ results, ...resultSet }: SearchResultSet) => ({\n    ...resultSet,\n    results: results.filter(result => {\n      const protocol = new URL(result.document.location, 'https://example.com')\n        .protocol;\n      const isAllowed = allowedLocationProtocols.includes(protocol);\n      if (!isAllowed) {\n        logger.info(\n          `Rejected search result for \"${result.document.title}\" as location protocol \"${protocol}\" is unsafe`,\n        );\n      }\n      return isAllowed;\n    }),\n  });\n\n  const toSearchResults = (resultSet: IndexableResultSet): SearchResultSet => ({\n    ...resultSet,\n    results: resultSet.results.map(result => ({\n      ...result,\n      document: {\n        ...result.document,\n        authorization: undefined,\n      },\n    })),\n  });\n\n  router.get('/query', async (req, res) => {\n    const parseResult = requestSchema.passthrough().safeParse(req.query);\n\n    if (!parseResult.success) {\n      throw new InputError(`Invalid query string: ${parseResult.error}`);\n    }\n\n    const query = parseResult.data;\n\n    logger.info(\n      `Search request received: term=\"${query.term}\", filters=${JSON.stringify(\n        query.filters,\n      )}, types=${query.types ? query.types.join(',') : ''}, pageCursor=${\n        query.pageCursor ?? ''\n      }`,\n    );\n\n    try {\n      const credentials = await httpAuth.credentials(req);\n      const { token } = await auth.getPluginRequestToken({\n        onBehalfOf: credentials,\n        targetPluginId: 'search',\n      });\n      const resultSet = await engine?.query(query, {\n        token,\n        credentials,\n      });\n\n      res.json(filterResultSet(toSearchResults(resultSet)));\n    } catch (error) {\n      if (error.name === 'MissingIndexError') {\n        // re-throw and let the default error handler middleware captures it and serializes it with the right response code on the standard form\n        throw error;\n      }\n\n      throw new Error(\n        `There was a problem performing the search query: ${error.message}`,\n      );\n    }\n  });\n\n  return router;\n}\n"],"names":["z","createOpenApiRouter","discovery","HostDiscovery","createLegacyAuthAdapters","toPermissionEvaluator","AuthorizedSearchEngine","InputError"],"mappings":";;;;;;;;;;AA2CA,MAAM,gBAAA,GAA4CA,KAAE,CAAA,IAAA,CAAK,MAAM;AAC7D,EAAA,MAAM,kBAA0CA,KAAE,CAAA,IAAA;AAAA,IAAK,MACrDA,MAAE,KAAM,CAAA;AAAA,MACNA,MAAE,MAAO,EAAA;AAAA,MACTA,MAAE,MAAO,EAAA;AAAA,MACTA,MAAE,OAAQ,EAAA;AAAA,MACVA,MAAE,IAAK,EAAA;AAAA,MACPA,KAAA,CAAE,MAAM,eAAe,CAAA;AAAA,MACvB,gBAAA;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAO,OAAAA,KAAA,CAAE,OAAO,eAAe,CAAA,CAAA;AACjC,CAAC,CAAA,CAAA;AAkBD,MAAM,mBAAsB,GAAA,GAAA,CAAA;AAC5B,MAAM,oBAAuB,GAAA,GAAA,CAAA;AAC7B,MAAM,wBAAA,GAA2B,CAAC,OAAA,EAAS,QAAQ,CAAA,CAAA;AAMnD,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAM,MAAA,MAAA,GAAS,MAAMC,qCAAoB,EAAA,CAAA;AACzC,EAAM,MAAA;AAAA,IACJ,MAAQ,EAAA,WAAA;AAAA,IACR,KAAA;AAAA,IACA,WAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,eACAC,WAAA,GAAYC,uBAAc,CAAA,UAAA,CAAW,MAAM,CAAA;AAAA,GACzC,GAAA,OAAA,CAAA;AAGJ,EAAA,MAAM,EAAE,IAAA,EAAM,QAAS,EAAA,GAAIC,sCAAyB,CAAA;AAAA,IAClD,GAAG,OAAA;AAAA,eACHF,WAAA;AAAA,GACD,CAAA,CAAA;AAED,EAAA,MAAM,YACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,qBAAqB,CAAK,IAAA,mBAAA,CAAA;AAErD,EAAA,MAAM,aACJ,GAAA,MAAA,CAAO,iBAAkB,CAAA,sBAAsB,CAAK,IAAA,oBAAA,CAAA;AAEtD,EAAM,MAAA,aAAA,GAAgBF,MAAE,MAAO,CAAA;AAAA,IAC7B,IAAA,EAAMA,KACH,CAAA,MAAA,EACA,CAAA,MAAA;AAAA,MACC,CAAA,IAAA,KAAQ,KAAK,MAAU,IAAA,aAAA;AAAA,MACvB,CAAS,IAAA,MAAA;AAAA,QACP,OAAS,EAAA,CAAA,iBAAA,EAAoB,IAAK,CAAA,MAAM,sBAAsB,aAAa,CAAA,CAAA,CAAA;AAAA,OAC7E,CAAA;AAAA,KACF,CACC,QAAQ,EAAE,CAAA;AAAA,IACb,OAAA,EAAS,iBAAiB,QAAS,EAAA;AAAA,IACnC,OAAOA,KACJ,CAAA,KAAA,CAAMA,KAAE,CAAA,MAAA,GAAS,MAAO,CAAA,CAAA,IAAA,KAAQ,MAAO,CAAA,IAAA,CAAK,KAAK,CAAE,CAAA,QAAA,CAAS,IAAI,CAAC,CAAC,EAClE,QAAS,EAAA;AAAA,IACZ,UAAY,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,IAChC,SAAA,EAAWA,KACR,CAAA,MAAA,EACA,CAAA,MAAA;AAAA,MACC,eAAa,SAAa,IAAA,YAAA;AAAA,MAC1B,CAAc,SAAA,MAAA;AAAA,QACZ,OAAS,EAAA,CAAA,gBAAA,EAAmB,SAAS,CAAA,mBAAA,EAAsB,YAAY,CAAA,CAAA,CAAA;AAAA,OACzE,CAAA;AAAA,MAED,QAAS,EAAA;AAAA,GACb,CAAA,CAAA;AAED,EAAI,IAAA,mBAAA,CAAA;AACJ,EAAA,IAAI,0BAA0B,WAAa,EAAA;AACzC,IAAsB,mBAAA,GAAA,WAAA,CAAA;AAAA,GACjB,MAAA;AACL,IAAO,MAAA,CAAA,IAAA;AAAA,MACL,oJAAA;AAAA,KACF,CAAA;AACA,IAAA,mBAAA,GAAsBK,6CAAsB,WAAW,CAAA,CAAA;AAAA,GACzD;AAEA,EAAA,MAAM,MAAS,GAAA,MAAA,CAAO,kBAAmB,CAAA,oBAAoB,IACzD,IAAIC,6CAAA;AAAA,IACF,WAAA;AAAA,IACA,KAAA;AAAA,IACA,mBAAA;AAAA,IACA,IAAA;AAAA,IACA,MAAA;AAAA,GAEF,GAAA,WAAA,CAAA;AAEJ,EAAA,MAAM,kBAAkB,CAAC,EAAE,OAAS,EAAA,GAAG,WAAkC,MAAA;AAAA,IACvE,GAAG,SAAA;AAAA,IACH,OAAA,EAAS,OAAQ,CAAA,MAAA,CAAO,CAAU,MAAA,KAAA;AAChC,MAAA,MAAM,WAAW,IAAI,GAAA,CAAI,OAAO,QAAS,CAAA,QAAA,EAAU,qBAAqB,CACrE,CAAA,QAAA,CAAA;AACH,MAAM,MAAA,SAAA,GAAY,wBAAyB,CAAA,QAAA,CAAS,QAAQ,CAAA,CAAA;AAC5D,MAAA,IAAI,CAAC,SAAW,EAAA;AACd,QAAO,MAAA,CAAA,IAAA;AAAA,UACL,CAA+B,4BAAA,EAAA,MAAA,CAAO,QAAS,CAAA,KAAK,2BAA2B,QAAQ,CAAA,WAAA,CAAA;AAAA,SACzF,CAAA;AAAA,OACF;AACA,MAAO,OAAA,SAAA,CAAA;AAAA,KACR,CAAA;AAAA,GACH,CAAA,CAAA;AAEA,EAAM,MAAA,eAAA,GAAkB,CAAC,SAAoD,MAAA;AAAA,IAC3E,GAAG,SAAA;AAAA,IACH,OAAS,EAAA,SAAA,CAAU,OAAQ,CAAA,GAAA,CAAI,CAAW,MAAA,MAAA;AAAA,MACxC,GAAG,MAAA;AAAA,MACH,QAAU,EAAA;AAAA,QACR,GAAG,MAAO,CAAA,QAAA;AAAA,QACV,aAAe,EAAA,KAAA,CAAA;AAAA,OACjB;AAAA,KACA,CAAA,CAAA;AAAA,GACJ,CAAA,CAAA;AAEA,EAAA,MAAA,CAAO,GAAI,CAAA,QAAA,EAAU,OAAO,GAAA,EAAK,GAAQ,KAAA;AACvC,IAAA,MAAM,cAAc,aAAc,CAAA,WAAA,EAAc,CAAA,SAAA,CAAU,IAAI,KAAK,CAAA,CAAA;AAEnE,IAAI,IAAA,CAAC,YAAY,OAAS,EAAA;AACxB,MAAA,MAAM,IAAIC,iBAAA,CAAW,CAAyB,sBAAA,EAAA,WAAA,CAAY,KAAK,CAAE,CAAA,CAAA,CAAA;AAAA,KACnE;AAEA,IAAA,MAAM,QAAQ,WAAY,CAAA,IAAA,CAAA;AAE1B,IAAO,MAAA,CAAA,IAAA;AAAA,MACL,CAAkC,+BAAA,EAAA,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,IAAK,CAAA,SAAA;AAAA,QAC7D,KAAM,CAAA,OAAA;AAAA,OACP,CAAA,QAAA,EAAW,KAAM,CAAA,KAAA,GAAQ,KAAM,CAAA,KAAA,CAAM,IAAK,CAAA,GAAG,CAAI,GAAA,EAAE,CAClD,aAAA,EAAA,KAAA,CAAM,cAAc,EACtB,CAAA,CAAA;AAAA,KACF,CAAA;AAEA,IAAI,IAAA;AACF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAG,CAAA,CAAA;AAClD,MAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,QACjD,UAAY,EAAA,WAAA;AAAA,QACZ,cAAgB,EAAA,QAAA;AAAA,OACjB,CAAA,CAAA;AACD,MAAA,MAAM,SAAY,GAAA,MAAM,MAAQ,EAAA,KAAA,CAAM,KAAO,EAAA;AAAA,QAC3C,KAAA;AAAA,QACA,WAAA;AAAA,OACD,CAAA,CAAA;AAED,MAAA,GAAA,CAAI,IAAK,CAAA,eAAA,CAAgB,eAAgB,CAAA,SAAS,CAAC,CAAC,CAAA,CAAA;AAAA,aAC7C,KAAO,EAAA;AACd,MAAI,IAAA,KAAA,CAAM,SAAS,mBAAqB,EAAA;AAEtC,QAAM,MAAA,KAAA,CAAA;AAAA,OACR;AAEA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,iDAAA,EAAoD,MAAM,OAAO,CAAA,CAAA;AAAA,OACnE,CAAA;AAAA,KACF;AAAA,GACD,CAAA,CAAA;AAED,EAAO,OAAA,MAAA,CAAA;AACT;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-search-backend",
-  "version": "1.5.18-next.1",
+  "version": "1.5.18-next.2",
   "description": "The Backstage backend plugin that provides your backstage app with search",
   "backstage": {
     "role": "backend-plugin",
@@ -57,14 +57,14 @@
   },
   "dependencies": {
     "@backstage/backend-common": "^0.25.0",
-    "@backstage/backend-defaults": "0.5.1-next.1",
-    "@backstage/backend-openapi-utils": "0.1.19-next.0",
-    "@backstage/backend-plugin-api": "1.0.1-next.0",
+    "@backstage/backend-defaults": "0.5.1-next.2",
+    "@backstage/backend-openapi-utils": "0.2.0-next.1",
+    "@backstage/backend-plugin-api": "1.0.1-next.1",
     "@backstage/config": "1.2.0",
     "@backstage/errors": "1.2.4",
     "@backstage/plugin-permission-common": "0.8.1",
-    "@backstage/plugin-permission-node": "0.8.4-next.0",
-    "@backstage/plugin-search-backend-node": "1.3.3-next.1",
+    "@backstage/plugin-permission-node": "0.8.4-next.1",
+    "@backstage/plugin-search-backend-node": "1.3.3-next.2",
     "@backstage/plugin-search-common": "1.2.14",
     "@backstage/types": "1.1.1",
     "@types/express": "^4.17.6",
@@ -76,9 +76,9 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@backstage/backend-test-utils": "1.0.1-next.1",
-    "@backstage/cli": "0.28.0-next.1",
-    "@backstage/repo-tools": "0.10.0-next.1",
+    "@backstage/backend-test-utils": "1.0.1-next.2",
+    "@backstage/cli": "0.28.0-next.2",
+    "@backstage/repo-tools": "0.10.0-next.2",
     "@types/supertest": "^2.0.8",
     "supertest": "^7.0.0"
   },