@bigid/apps-infrastructure-node-js 0.1.0 → 1.180.0

package/src/services/bigidProxyService.ts

@@ -1,34 +1,39 @@
 import { createReadStream } from 'fs';
 import { Agent } from 'https';
-import { ExecutionContext } from '../dto';
+import { ActionResponseDetails, ExecutionContext } from '../dto';
 import FormData from 'form-data';
 
 import axios from 'axios';
-import { ActionResponseDetails } from '../dto/actionResponseDetails';
-import { appLogger } from '../utils';
-
-const RequestMethod = {
-  POST: 'post',
-  GET: 'get',
-  PUT: 'put',
-  PATCH: 'patch',
-  DELETE: 'delete',
-};
-
-let bigidUrl: string;
-let bigidUpdateStatusUrl: string;
-let bigidToken: string;
-let proxyTpaId: string;
+import { logError, logInfo } from '../utils';
+import { TenantRegistration } from '../dto/tenantRegistration';
+
+export enum RequestMethod {
+  POST = 'post',
+  GET = 'get',
+  PUT = 'put',
+  PATCH = 'patch',
+  DELETE = 'delete',
+}
 
-export const initBigIDProxy = (bigIdUrl: string, callBackUrl: string, bigIdToken: string, tpaId: string) => {
-  bigidUrl = bigIdUrl;
-  bigidUpdateStatusUrl = callBackUrl;
-  bigidToken = bigIdToken;
-  proxyTpaId = tpaId;
+export const getTenantRegistrations = async (bigidToken: string): Promise<TenantRegistration[]> => {
+  const {
+    data: {
+      data: { tenants },
+    },
+  } = await doCallToUrl(
+    bigidToken,
+    RequestMethod.GET,
+    `${process.env.BIGID_BASE_URL}/api/v1/tenant-service/applications/registrations`,
+  );
+  return tenants;
 };
-
-const doCallToUrl = async (requestMethod: string, endpoint: string, bodyJson?: ActionResponseDetails) => {
-  appLogger.info('--> bigid-proxy::callBigIdApi: [%s] %s', requestMethod, endpoint);
+export const doCallToUrl = async (
+  bigidToken: string,
+  requestMethod: RequestMethod,
+  endpoint: string,
+  bodyJson?: Record<string, any>,
+) => {
+  logInfo(`--> bigid-proxy::callBigIdApi: [${requestMethod}] endpoint: ${endpoint}`);
   try {
     const headers = {
       Accept: 'application/json, text/plain, */*',
@@ -51,63 +56,82 @@ const doCallToUrl = async (requestMethod: string, endpoint: string, bodyJson?: A
 
     const res = await axios(requestObj);
 
-    appLogger.info('<-- bigid-proxy::callBigIdApi: %s success', endpoint);
+    logInfo(`<-- bigid-proxy::callBigIdApi: ${endpoint} success`);
     return res;
   } catch (error: any) {
-    appLogger.info('<-- bigid-proxy::callBigIdApi: error calling bigID on %s %o', endpoint, error);
-    appLogger.error(error);
+    logInfo(`<-- bigid-proxy::callBigIdApi: error calling bigID on endpoint: ${endpoint}, error: ${error}`);
+    logError(error.message);
     return error?.message;
   }
 };
 
 async function callBigIdApi(
-  requestMethod: string,
+  executionContext: ExecutionContext,
+  requestMethod: RequestMethod,
   endpoint: string,
   bodyJson?: ActionResponseDetails,
   useEndpointWithoutBigIdBasePath?: boolean,
 ) {
-  const url = useEndpointWithoutBigIdBasePath ? endpoint : bigidUrl + endpoint;
-  return await doCallToUrl(requestMethod, url, bodyJson);
+  const url = useEndpointWithoutBigIdBasePath ? endpoint : executionContext.bigidBaseUrl + endpoint;
+  return await doCallToUrl(executionContext.bigidToken, requestMethod, url, bodyJson);
 }
 
 /**
  * This method receives a message object to update BigID regarding the current state of the action execution
  * (should be used in case of an async actions)
- * @param ActionResponseDetails
+ * @param executionContext
+ * @param actionResponseDetails
  */
-export const updateActionStatusToBigID = async (actionResponseDetails: ActionResponseDetails) =>
-  await callBigIdApi(RequestMethod.PUT, `${bigidUpdateStatusUrl}`, actionResponseDetails, true);
+export const updateActionStatusToBigID = async (
+  executionContext: ExecutionContext,
+  actionResponseDetails: ActionResponseDetails,
+) =>
+  await callBigIdApi(
+    executionContext,
+    RequestMethod.PUT,
+    executionContext.updateResultCallback,
+    actionResponseDetails,
+    true,
+  );
 
 /**
  *
+ * @param executionContext
  * @param endpoint - the endpoint in BigID, used for GET request. e.g - {BigIDBaseUrl}/ds_connections
  * @return - String containing the response from BigID
  */
-export const executeHttpGet = async (endpoint: string) => await callBigIdApi(RequestMethod.GET, endpoint);
+export const executeHttpGet = async (executionContext: ExecutionContext, endpoint: string) =>
+  await callBigIdApi(executionContext, RequestMethod.GET, endpoint);
 
 /**
  * the endpoint in BigID, used for POST requests. e.g - {BigIDBaseUrl}/scan
  */
-export const executeHttpPost = async (endpoint: string, actionResponseDetails: ActionResponseDetails) =>
-  await callBigIdApi(RequestMethod.POST, endpoint, actionResponseDetails);
+export const executeHttpPost = async (executionContext: ExecutionContext, endpoint: string, obj: any) =>
+  await callBigIdApi(executionContext, RequestMethod.POST, endpoint, obj);
 
 /**
  * the endpoint in BigID, used for POST requests. e.g - {BigIDBaseUrl}/scan
  */
-export const executeHttpPut = async (endpoint: string, obj: any) =>
-  await callBigIdApi(RequestMethod.PUT, endpoint, obj);
+export const executeHttpPut = async (executionContext: ExecutionContext, endpoint: string, obj: any) =>
+  await callBigIdApi(executionContext, RequestMethod.PUT, endpoint, obj);
 
-export const uploadAttachment = (filePathToUpload: string) => {
+/**
+ * the endpoint in BigID, used for DELETE requests.
+ */
+export const executeHttpDelete = async (executionContext: ExecutionContext, endpoint: string) =>
+  await callBigIdApi(executionContext, RequestMethod.DELETE, endpoint);
+
+export const uploadAttachment = (executionContext: ExecutionContext, filePathToUpload: string) => {
   const formData = new FormData();
   formData.append('file', createReadStream(filePathToUpload));
 
   const headers = {
     'Content-Type': `multipart/form-data; boundary=${formData.getBoundary()}`,
-    Authorization: bigidToken,
+    Authorization: executionContext.bigidToken,
   };
   const requestObj: Record<string, any> = {
     method: RequestMethod.POST,
-    url: `${bigidUpdateStatusUrl}/attachment`,
+    url: `${executionContext.updateResultCallback}/attachment`,
     headers: headers,
     httpsAgent: new Agent({
       rejectUnauthorized: false,
@@ -117,34 +141,32 @@ export const uploadAttachment = (filePathToUpload: string) => {
   return axios(requestObj);
 };
 
-export const getAppStorage = () => executeHttpGet(`tpa/${proxyTpaId}/storage`);
+export const getAppStorage = (executionContext: ExecutionContext) =>
+  executeHttpGet(executionContext, `tpa/${executionContext.tpaId}/storage`);
 
-export const getValueFromAppStorage = async (key: string) => {
-  const { data } = await executeHttpGet(`tpa/${proxyTpaId}/storage/key/${key}`);
+export const getValueFromAppStorage = async (executionContext: ExecutionContext, key: string): Promise<string> => {
+  const { data } = await executeHttpGet(executionContext, `tpa/${executionContext.tpaId}/storage/key/${key}`);
   return data === 'Key not found' ? null : data.value;
 };
 
-export const saveInStorage = async (keyToStore: any, valueToStore: any) =>
-  await executeHttpPut(`/tpa/${proxyTpaId}/storage`, {
+export const deleteKeyFromAppStorage = async (executionContext: ExecutionContext, key: string) => {
+  await executeHttpDelete(executionContext, `tpa/${executionContext.tpaId}/storage/key/${key}`);
+};
+
+export const sendBiEvent = async (executionContext: ExecutionContext, eventType: string, data: Object) => {
+  return executeHttpPost(executionContext, 'bi-events', { event_type: eventType, data: data });
+};
+
+export const saveInStorage = async (
+  executionContext: ExecutionContext,
+  keyToStore: any,
+  valueToStore: any,
+): Promise<void> =>
+  await executeHttpPut(executionContext, `/tpa/${executionContext.tpaId}/storage`, {
     keysValues: [
       {
         key: keyToStore,
         value: valueToStore,
       },
     ],
-  });
-
-export const setValuesForBigIDProxy = (executionContext: ExecutionContext) => {
-  if (!executionContext.bigidBaseUrl || !executionContext.bigidToken) {
-    appLogger.error(
-      `Missing bigidUrl and/or bigidToken. bigidUrl=${executionContext.bigidBaseUrl}, bigidToken=${executionContext.bigidToken}`,
-    );
-    return;
-  }
-  initBigIDProxy(
-    executionContext.bigidBaseUrl,
-    executionContext.updateResultCallback,
-    executionContext.bigidToken,
-    executionContext.tpaId,
-  );
-};
+  });

package/src/services/dataSourceService.ts

@@ -0,0 +1,20 @@
+import { decrypt } from './encryptionService';
+import { ExecutionContext } from '../dto';
+import { executeHttpGet } from './bigidProxyService';
+
+export const fetchDataSourceCredentials = async (
+  executionContext: ExecutionContext,
+  dataSourceName: string,
+): Promise<{ [key: string]: string }> => {
+  const res = await executeHttpGet(
+    executionContext,
+    '/tpa/' + executionContext.tpaId + '/credentials/' + dataSourceName.replace(' ', '%20'),
+  );
+  const resData = res.data;
+  return Object.keys(resData).reduce((acc: { [key: string]: string }, key) => {
+    const credentialObject = resData[key];
+    const credentialValue = credentialObject.value?.toString();
+    acc[key] = credentialObject.encrypted ? decrypt(credentialValue) : credentialValue;
+    return acc;
+  }, {});
+};

package/src/services/encryptionService.ts

@@ -0,0 +1,44 @@
+import * as crypto from 'crypto';
+
+type IvAndText = { iv: string | Buffer; cleanText: string | NodeJS.ArrayBufferView };
+
+enum Defaults {
+  SHA_ALGORITHM = 'sha256',
+  AES_ALGORITHM = 'aes-256-cbc',
+  IV = '4e5Wa71fYoT7MFEX',
+  BASE64_ENC = 'base64',
+  UTF8_ENC = 'utf8',
+  DOLLAR_DEL = '$',
+  SECRET_KEY = 'SECRET_KEY',
+}
+
+export const decrypt = (encryptedText: string): string => {
+  const ivAndText = getAndUseOldIvOrNew(encryptedText);
+  const decipher = crypto.createDecipheriv(Defaults.AES_ALGORITHM, makeKey(), ivAndText.iv);
+  let decryptedData = decipher.update(ivAndText.cleanText as string, Defaults.BASE64_ENC, Defaults.UTF8_ENC);
+  decryptedData += decipher.final(Defaults.UTF8_ENC);
+  return decryptedData;
+};
+
+const makeKey = (): Buffer => {
+  const md = crypto.createHash(Defaults.SHA_ALGORITHM);
+  try {
+    const secretKey = process.env.APPLICATION_CREDENTIALS_KEY ?? '';
+    const key = md.update(secretKey).digest();
+    return key;
+  } catch (error) {
+    throw new Error("Can't create a key. Check for APPLICATION_CREDENTIALS_KEY in your environment variables.");
+  }
+};
+
+const getAndUseOldIvOrNew = (text: string | Buffer): IvAndText => {
+  const ivAndText: IvAndText = { iv: Defaults.IV, cleanText: text };
+  if (text.includes(Defaults.DOLLAR_DEL)) {
+    const [cipher_blob, ...cipher_blob2] = (text as string).split(Defaults.DOLLAR_DEL);
+    const cipherBlobPartTwo = cipher_blob2.join(Defaults.DOLLAR_DEL);
+    ivAndText.iv = Buffer.from(cipher_blob, Defaults.BASE64_ENC);
+    ivAndText.cleanText = Buffer.from(cipherBlobPartTwo, Defaults.BASE64_ENC);
+  }
+
+  return ivAndText;
+};

package/src/services/index.ts

@@ -1 +1,5 @@
-export * from './bigidProxyService';
+export * from './bigidProxyService';
+export * from './dataSourceService';
+export * from './actionsHubService';
+
+export { scheduleFunction, unscheduleAllFunctions, unscheduleFunction } from './schedulerService';

package/src/services/schedulerService.ts

@@ -0,0 +1,39 @@
+import { BatchFunction, handleBatchProcess } from './batchProcessManager';
+import { Job, scheduleJob, scheduledJobs } from 'node-schedule';
+import { getAccessTokenFromRefreshToken } from '../utils/tokenUtil';
+
+const scheduleSingleTenantProcess = async (
+  batchUN: string,
+  cronExpression: string,
+  callback: BatchFunction,
+): Promise<void> => {
+  if (!process.env.BIGID_BASE_URL || !process.env.BIGID_REFRESH_TOKEN)
+    throw new Error('Please make sure to fill out BIGID_BASE_URL && BIGID_REFRESH_TOKEN environment variables.');
+
+  const bigidAccessToken = await getAccessTokenFromRefreshToken(process.env.BIGID_REFRESH_TOKEN);
+
+  scheduleJob(batchUN, cronExpression, () =>
+    callback('SINGLE_TENANT', process.env.BIGID_BASE_URL as string, bigidAccessToken),
+  );
+};
+
+/**
+ * use this method to call a function execution according to a cron expression.
+ *
+ * @param batchUN - name for the job.
+ * @param cronExpression - the cron expression for the function call.
+ * @param callback - the function that will be called.
+ */
+export const scheduleFunction = (batchUN: string, cronExpression: string, callback: BatchFunction): void => {
+  process.env.MULTI_TENANT_MODE
+    ? scheduleJob(batchUN, cronExpression, () => handleBatchProcess(callback))
+    : scheduleSingleTenantProcess(batchUN, cronExpression, callback);
+};
+
+export const unscheduleFunction = (batchUN: string): void => {
+  const jobToCancel: Job = scheduledJobs[batchUN];
+  jobToCancel.cancel();
+};
+
+export const unscheduleAllFunctions = (): void =>
+  Object.keys(scheduledJobs).forEach(jobName => scheduledJobs[jobName].cancel());

package/src/utils/appLogger.ts

@@ -1,6 +1,14 @@
 import { configure, getLogger } from 'log4js';
 import { LOGS_PATH } from './constants';
 
+type LogMetadata = {
+  tenantId: string;
+  functionName: string;
+  scriptName: string;
+};
+const USER_LOG_BACKUPS = parseInt(process.env.LOG_BACKUPS + "") || 3;
+const MAX_BACKUPS = 10;
+
 configure({
   appenders: {
     console: { type: 'stdout', layout: { type: 'colored' } },
@@ -9,13 +17,43 @@ configure({
       layout: { type: 'basic' },
       filename: LOGS_PATH,
       compress: true,
-      daysToKeep: 14,
-      keepFileExt: true
-    }
+      numBackups: USER_LOG_BACKUPS > MAX_BACKUPS ? MAX_BACKUPS : USER_LOG_BACKUPS,
+      keepFileExt: true,
+    },
   },
   categories: {
-    default: { appenders: ['console', 'dateFile'], level: process.env.LOG_LEVEL || 'info' }
-  }
+    default: { appenders: ['console', 'dateFile'], level: process.env.LOG_LEVEL || 'info' },
+  },
 });
 
-export const appLogger = getLogger();
+const appLogger = getLogger();
+
+const formatLog = (message: string, logMetadata?: LogMetadata): string => {
+  if (!logMetadata) return message;
+
+  const params = Object.entries(logMetadata)
+    .filter(([value]) => value)
+    .map(([key, value]) => `[${key}: ${value}]`)
+    .join(' ');
+  return `${params} ${message}`;
+};
+
+export const logInfo = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.info(logMessage);
+};
+
+export const logError = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.error(logMessage);
+};
+
+export const logWarn = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.warn(logMessage);
+};
+
+export const logDebug = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.debug(logMessage);
+};

package/src/utils/index.ts

@@ -1 +1 @@
-export { appLogger } from './appLogger'
+export * from './appLogger';

package/src/utils/tokenUtil.ts

@@ -0,0 +1,65 @@
+import axios from 'axios';
+import { Agent } from 'https';
+import { doCallToUrl, RequestMethod } from '../services';
+
+const auth0Payload = {
+  client_id: process.env.CLIENT_ID,
+  client_secret: process.env.CLIENT_SECRET,
+  audience: process.env.AUTH0_AUDIENCE || 'bigid-api-v1',
+  grant_type: 'client_credentials',
+};
+
+let auth0Token: string;
+let accessToken: string;
+
+export const getAccessTokenFromRefreshToken = async (refreshToken: string) => {
+  if (canUseLocalToken(accessToken)) return accessToken;
+  const bigidBaseUrl = process.env.BIGID_BASE_URL;
+  const {
+    data: { systemToken },
+  } = await doCallToUrl(
+    refreshToken,
+    RequestMethod.GET,
+    new URL('api/v1/refresh-access-token', bigidBaseUrl).toString(),
+  );
+  accessToken = systemToken;
+
+  return accessToken;
+};
+
+export const getAuth0Token = async (): Promise<string> => {
+  if (canUseLocalToken(auth0Token)) return auth0Token;
+  const auth0Domain = process.env.AUTH0_DOMAIN?.replace(/\/$/, '');
+  const {
+    data: { access_token },
+  } = await axios.post(`${auth0Domain}/oauth/token`, auth0Payload);
+  auth0Token = access_token;
+
+  return access_token;
+};
+
+export const tokenExchange = async (auth0Token: string, tenantId?: string): Promise<string> => {
+  const {
+    data: { data },
+  } = await axios.post(
+    `${process.env.BIGID_BASE_URL}/api/v1/token-exchange`,
+    { tenantId },
+    {
+      headers: { authorization: auth0Token },
+      httpsAgent: new Agent({
+        rejectUnauthorized: false,
+      }),
+    },
+  );
+  return data[0];
+};
+
+const getTokenPayloadAsJson = (token: string): Record<string, any> =>
+  JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
+
+const canUseLocalToken = (token: string): boolean => {
+  if (!token) return false;
+
+  const { exp } = getTokenPayloadAsJson(token);
+  return Date.now() < exp * 1000;
+};