@bigid/apps-infrastructure-node-js 0.2.0 → 1.180.0

package/src/server.ts

@@ -1,36 +1,49 @@
-import express, { NextFunction, Request, Response } from 'express';
-import { ManifestProvider } from './abstractProviders/manifestProvider';
-import { appLogger } from './utils/appLogger';
-import { IconsProviders } from './abstractProviders/iconsProviders';
+import express, { Express, NextFunction, Request, Response } from 'express';
+import { ManifestProvider } from './abstractProviders';
+import { logInfo, logError } from './utils';
+import { IconsProviders } from './abstractProviders';
 import { ExecutionProvider, handleExecution } from './abstractProviders/executionProvider';
 import { fetchLogs } from './abstractProviders/logsProvider';
 import createError from 'http-errors';
+import { ConfigureProvider, handleTenantConfigure } from './abstractProviders/configureProvider';
 
-export interface ServerInit {
+export type ServerInit = {
   manifestController: ManifestProvider;
   iconsController: IconsProviders;
-  executionController: ExecutionProvider;
+  executionController?: ExecutionProvider;
+  configureController?: ConfigureProvider;
   serverPort?: number;
-}
+  additionalEndpoints?: (app: Express) => void;
+};
 
 const app = express();
 
-export const deployServer = (serverInit: ServerInit) => {
+export const deployServer = ({
+  manifestController,
+  iconsController,
+  executionController,
+  serverPort,
+  configureController,
+  additionalEndpoints,
+}: ServerInit): void => {
   app.use(express.json());
   app.use(express.urlencoded({ extended: false }));
 
-  app.get('/assets/icon', (req, res) => res.sendFile(serverInit.iconsController.getIconPath()));
-  app.get('/assets/sideBarIcon', (req, res) => res.sendFile(serverInit.iconsController.getSideBarIconPath()));
-  app.get('/manifest', serverInit.manifestController.getManifest);
-  app.post(
-    '/execute',
-    async (req: Request, res: Response) => await handleExecution(req, res, serverInit.executionController),
-  );
-  app.get('/logs', fetchLogs);
+  app.get('/assets/icon', (req, res) => res.sendFile(iconsController.getIconPath()));
+  app.get('/assets/sideBarIcon', (req, res) => res.sendFile(iconsController.getSideBarIconPath()));
+  app.get('/manifest', manifestController.getManifest);
+  app.get('/logs', async (req: Request, res: Response) => await fetchLogs(req, res));
+
+  executionController &&
+    app.post('/execute', async (req: Request, res: Response) => await handleExecution(req, res, executionController));
+  configureController &&
+    app.post(
+      '/configure',
+      async (req: Request, res: Response) => await handleTenantConfigure(req, res, configureController),
+    );
+  additionalEndpoints && additionalEndpoints(app);
 
-  app.listen(process.env.PORT || serverInit.serverPort, () =>
-    appLogger.info(`Started server at port ${process.env.PORT || serverInit.serverPort}`),
-  );
+  app.listen(process.env.PORT || serverPort, () => logInfo(`Started server at port ${process.env.PORT || serverPort}`));
 
   // catch 404 and forward to error handler
   app.use((req: Request, res: Response, next: NextFunction) => next(createError(404)));
@@ -38,7 +51,7 @@ export const deployServer = (serverInit: ServerInit) => {
   // error handler
   app.use((err: any, req: Request, res: Response, next: NextFunction) => {
     const { message, status } = err;
-    appLogger.error(err);
+    logError(err);
     res.locals.message = message;
     res.locals.error = req.app.get('env') === 'development' ? err : {};
 

package/src/services/actionsHubService.ts

@@ -0,0 +1,141 @@
+import { doCallToUrl, RequestMethod } from './bigidProxyService';
+import { getAccessTokenFromRefreshToken } from '../utils/tokenUtil';
+
+const REFRESH_TOKEN = process.env.BIGID_REFRESH_TOKEN;
+
+const getBigidAccessToken = async (): Promise<string> => {
+  if (!REFRESH_TOKEN) {
+    throw new Error('BIGID_REFRESH_TOKEN must be supplied as an ENV var in order to call bigid actions hub');
+  }
+
+  return await getAccessTokenFromRefreshToken(REFRESH_TOKEN);
+};
+
+export type Param = {
+  name: string;
+  value: string;
+};
+
+export type Command = {
+  actionName: string;
+  command: string;
+  params: Param[];
+  id: string;
+};
+
+/**
+ * use this method to get the currently registered action-center commands.
+ * the method is building an execution context for the api call, so you must provide REFRESH_TOKEN and BIGID_BASE_URL as ENV variables
+ *
+ * @return {Promise<Command[]>} array of the action-center register commands
+ */
+export const getCommandsRegistrations = async (): Promise<Command[]> => {
+  try {
+    const bigidToken = await getBigidAccessToken();
+    const {
+      data: { commands },
+    } = await doCallToUrl(
+      bigidToken,
+      RequestMethod.GET,
+      `${process.env.BIGID_BASE_URL}/api/v1/action-center/general-commands`,
+    );
+    return commands;
+  } catch (e) {
+    throw new Error(`Could not get commands registrations from bigid: ${e}`);
+  }
+};
+
+/**
+ * use this method to execute an action-center commands.
+ * this method is used without endpoint for getting status messages, but rather return an execution id.
+ * the execution id can be used to poll the current execution status of the executed command.
+ *
+ * @param {string} actionName - the action name to be executed.
+ * @param {string} command    - the command to be executed.
+ * @param {string} requestorAppName - the app name of the execution requestor.
+ * @param {string} webhookEndpoint - the endpoint of the requestor app to receive execution status messages.
+ * @param {Record<string, any>} params - the relevant params of the action to be executed.
+ * @return {Promise<string>} execution id of the executed action.
+ */
+export const executeCommand = async (
+  actionName: string,
+  command: string,
+  requestorAppName?: string,
+  webhookEndpoint?: string,
+  params?: Record<string, any>[],
+): Promise<string> => {
+  try {
+    const bigidToken = await getBigidAccessToken();
+    const {
+      data: { executionId },
+    } = await doCallToUrl(
+      bigidToken,
+      RequestMethod.POST,
+      `${process.env.BIGID_BASE_URL}/api/v1/action-center/general-commands/execute`,
+      {
+        actionName,
+        command,
+        feedbackRequestorDetails:
+          requestorAppName && webhookEndpoint
+            ? {
+              requestorAppName,
+              requestorFeedbackEndpoint: webhookEndpoint,
+            }
+            : null,
+        ...(params && { params }),
+      },
+    );
+    return executionId;
+  } catch (e) {
+    throw new Error(`Could not execute ${command}: ${e}`);
+  }
+};
+
+/**
+ * use this method to poll an execution status from the action-center.
+ *
+ * @param {string} execution - the execution id to poll status for.
+ * @return object with the updated status details.
+ */
+export const getExecutionStatus = async (executionId: string): Promise<any> => {
+  try {
+    const bigidToken = await getBigidAccessToken();
+    const { data } = await doCallToUrl(
+      bigidToken,
+      RequestMethod.GET,
+      `${process.env.BIGID_BASE_URL}/api/v1/action-center/general-commands/execute/${executionId}`,
+    );
+    return data;
+  } catch (e) {
+    throw new Error(`Could not get status for execution id ${executionId}: ${e}`);
+  }
+};
+
+/**
+ * use this method to register application action as an action center command.
+ *
+ * @param {string} applicationName - the application name of the command to be registered.
+ * @param {string} actionName - the action name of the command to be registered.
+ * @param {string} command - the command to be registered.
+ */
+export const registerActionAsCommand = async (
+  applicationName: string,
+  actionName: string,
+  command: string,
+): Promise<void> => {
+  try {
+    const bigidToken = await getBigidAccessToken();
+    await doCallToUrl(
+      bigidToken,
+      RequestMethod.POST,
+      `${process.env.BIGID_BASE_URL}/api/v1/action-center/general-commands/register`,
+      {
+        applicationName,
+        actionName,
+        command,
+      },
+    );
+  } catch (e) {
+    throw new Error(`Could not register ${command}: ${e}`);
+  }
+};

package/src/services/batchProcessManager.ts

@@ -0,0 +1,39 @@
+import { getAuth0Token, tokenExchange } from '../utils/tokenUtil';
+import { getTenantRegistrations } from './bigidProxyService';
+import { TenantRegistration } from '../dto/tenantRegistration';
+import { logError, logInfo } from '../utils';
+import { basename } from 'path';
+
+export type BatchFunction = (tenantId: string, tenantDomain: string, tenantToken: string) => void;
+const scriptName = basename(__filename).replace('.ts', '');
+
+export const handleBatchProcess = async (callback: BatchFunction): Promise<void> => {
+  try {
+    logInfo(`Starting scheduled process: ${callback.name}`);
+    const auth0Token = await getAuth0Token();
+    const bigidToken = await tokenExchange(auth0Token);
+    const appRegistrations = await getTenantRegistrations(bigidToken);
+    appRegistrations.forEach(tenantRegistration => executeBatchForTenant(auth0Token, tenantRegistration, callback));
+  } catch (err: any) {
+    logError(`Problem occurred while fetching registrations info: ${err.message}`);
+  }
+};
+
+const executeBatchForTenant = async (
+  auth0Token: string,
+  tenantRegistration: TenantRegistration,
+  callback: BatchFunction,
+): Promise<void> => {
+  const { tenantId, tenantDomain, companyName } = tenantRegistration;
+  try {
+    logInfo(`Fetching token for scheduled process`, { tenantId, functionName: executeBatchForTenant.name, scriptName });
+    const tenantToken = await tokenExchange(auth0Token, tenantId);
+    callback(tenantId, tenantDomain, tenantToken);
+  } catch (err: any) {
+    logError(`Problem occurred while starting scheduled process for tenant: ${companyName}. error: ${err.message}`, {
+      tenantId,
+      functionName: executeBatchForTenant.name,
+      scriptName,
+    });
+  }
+};

package/src/services/bigidProxyService.ts

@@ -1,26 +1,39 @@
 import { createReadStream } from 'fs';
 import { Agent } from 'https';
-import { ExecutionContext, ActionResponseDetails } from '../dto';
+import { ActionResponseDetails, ExecutionContext } from '../dto';
 import FormData from 'form-data';
 
 import axios from 'axios';
-import { appLogger } from '../utils';
-
-const RequestMethod = {
-  POST: 'post',
-  GET: 'get',
-  PUT: 'put',
-  PATCH: 'patch',
-  DELETE: 'delete',
-};
+import { logError, logInfo } from '../utils';
+import { TenantRegistration } from '../dto/tenantRegistration';
+
+export enum RequestMethod {
+  POST = 'post',
+  GET = 'get',
+  PUT = 'put',
+  PATCH = 'patch',
+  DELETE = 'delete',
+}
 
-const doCallToUrl = async (
+export const getTenantRegistrations = async (bigidToken: string): Promise<TenantRegistration[]> => {
+  const {
+    data: {
+      data: { tenants },
+    },
+  } = await doCallToUrl(
+    bigidToken,
+    RequestMethod.GET,
+    `${process.env.BIGID_BASE_URL}/api/v1/tenant-service/applications/registrations`,
+  );
+  return tenants;
+};
+export const doCallToUrl = async (
   bigidToken: string,
-  requestMethod: string,
+  requestMethod: RequestMethod,
   endpoint: string,
-  bodyJson?: ActionResponseDetails,
+  bodyJson?: Record<string, any>,
 ) => {
-  appLogger.info('--> bigid-proxy::callBigIdApi: [%s] %s', requestMethod, endpoint);
+  logInfo(`--> bigid-proxy::callBigIdApi: [${requestMethod}] endpoint: ${endpoint}`);
   try {
     const headers = {
       Accept: 'application/json, text/plain, */*',
@@ -43,18 +56,18 @@ const doCallToUrl = async (
 
     const res = await axios(requestObj);
 
-    appLogger.info('<-- bigid-proxy::callBigIdApi: %s success', endpoint);
+    logInfo(`<-- bigid-proxy::callBigIdApi: ${endpoint} success`);
     return res;
   } catch (error: any) {
-    appLogger.info('<-- bigid-proxy::callBigIdApi: error calling bigID on %s %o', endpoint, error);
-    appLogger.error(error);
+    logInfo(`<-- bigid-proxy::callBigIdApi: error calling bigID on endpoint: ${endpoint}, error: ${error}`);
+    logError(error.message);
     return error?.message;
   }
 };
 
 async function callBigIdApi(
   executionContext: ExecutionContext,
-  requestMethod: string,
+  requestMethod: RequestMethod,
   endpoint: string,
   bodyJson?: ActionResponseDetails,
   useEndpointWithoutBigIdBasePath?: boolean,
@@ -93,11 +106,8 @@ export const executeHttpGet = async (executionContext: ExecutionContext, endpoin
 /**
  * the endpoint in BigID, used for POST requests. e.g - {BigIDBaseUrl}/scan
  */
-export const executeHttpPost = async (
-  executionContext: ExecutionContext,
-  endpoint: string,
-  actionResponseDetails: ActionResponseDetails,
-) => await callBigIdApi(executionContext, RequestMethod.POST, endpoint, actionResponseDetails);
+export const executeHttpPost = async (executionContext: ExecutionContext, endpoint: string, obj: any) =>
+  await callBigIdApi(executionContext, RequestMethod.POST, endpoint, obj);
 
 /**
  * the endpoint in BigID, used for POST requests. e.g - {BigIDBaseUrl}/scan
@@ -105,6 +115,12 @@ export const executeHttpPost = async (
 export const executeHttpPut = async (executionContext: ExecutionContext, endpoint: string, obj: any) =>
   await callBigIdApi(executionContext, RequestMethod.PUT, endpoint, obj);
 
+/**
+ * the endpoint in BigID, used for DELETE requests.
+ */
+export const executeHttpDelete = async (executionContext: ExecutionContext, endpoint: string) =>
+  await callBigIdApi(executionContext, RequestMethod.DELETE, endpoint);
+
 export const uploadAttachment = (executionContext: ExecutionContext, filePathToUpload: string) => {
   const formData = new FormData();
   formData.append('file', createReadStream(filePathToUpload));
@@ -133,6 +149,14 @@ export const getValueFromAppStorage = async (executionContext: ExecutionContext,
   return data === 'Key not found' ? null : data.value;
 };
 
+export const deleteKeyFromAppStorage = async (executionContext: ExecutionContext, key: string) => {
+  await executeHttpDelete(executionContext, `tpa/${executionContext.tpaId}/storage/key/${key}`);
+};
+
+export const sendBiEvent = async (executionContext: ExecutionContext, eventType: string, data: Object) => {
+  return executeHttpPost(executionContext, 'bi-events', { event_type: eventType, data: data });
+};
+
 export const saveInStorage = async (
   executionContext: ExecutionContext,
   keyToStore: any,
@@ -145,4 +169,4 @@ export const saveInStorage = async (
         value: valueToStore,
       },
     ],
-  });
+  });

package/src/services/dataSourceService.ts

@@ -0,0 +1,20 @@
+import { decrypt } from './encryptionService';
+import { ExecutionContext } from '../dto';
+import { executeHttpGet } from './bigidProxyService';
+
+export const fetchDataSourceCredentials = async (
+  executionContext: ExecutionContext,
+  dataSourceName: string,
+): Promise<{ [key: string]: string }> => {
+  const res = await executeHttpGet(
+    executionContext,
+    '/tpa/' + executionContext.tpaId + '/credentials/' + dataSourceName.replace(' ', '%20'),
+  );
+  const resData = res.data;
+  return Object.keys(resData).reduce((acc: { [key: string]: string }, key) => {
+    const credentialObject = resData[key];
+    const credentialValue = credentialObject.value?.toString();
+    acc[key] = credentialObject.encrypted ? decrypt(credentialValue) : credentialValue;
+    return acc;
+  }, {});
+};

package/src/services/encryptionService.ts

@@ -0,0 +1,44 @@
+import * as crypto from 'crypto';
+
+type IvAndText = { iv: string | Buffer; cleanText: string | NodeJS.ArrayBufferView };
+
+enum Defaults {
+  SHA_ALGORITHM = 'sha256',
+  AES_ALGORITHM = 'aes-256-cbc',
+  IV = '4e5Wa71fYoT7MFEX',
+  BASE64_ENC = 'base64',
+  UTF8_ENC = 'utf8',
+  DOLLAR_DEL = '$',
+  SECRET_KEY = 'SECRET_KEY',
+}
+
+export const decrypt = (encryptedText: string): string => {
+  const ivAndText = getAndUseOldIvOrNew(encryptedText);
+  const decipher = crypto.createDecipheriv(Defaults.AES_ALGORITHM, makeKey(), ivAndText.iv);
+  let decryptedData = decipher.update(ivAndText.cleanText as string, Defaults.BASE64_ENC, Defaults.UTF8_ENC);
+  decryptedData += decipher.final(Defaults.UTF8_ENC);
+  return decryptedData;
+};
+
+const makeKey = (): Buffer => {
+  const md = crypto.createHash(Defaults.SHA_ALGORITHM);
+  try {
+    const secretKey = process.env.APPLICATION_CREDENTIALS_KEY ?? '';
+    const key = md.update(secretKey).digest();
+    return key;
+  } catch (error) {
+    throw new Error("Can't create a key. Check for APPLICATION_CREDENTIALS_KEY in your environment variables.");
+  }
+};
+
+const getAndUseOldIvOrNew = (text: string | Buffer): IvAndText => {
+  const ivAndText: IvAndText = { iv: Defaults.IV, cleanText: text };
+  if (text.includes(Defaults.DOLLAR_DEL)) {
+    const [cipher_blob, ...cipher_blob2] = (text as string).split(Defaults.DOLLAR_DEL);
+    const cipherBlobPartTwo = cipher_blob2.join(Defaults.DOLLAR_DEL);
+    ivAndText.iv = Buffer.from(cipher_blob, Defaults.BASE64_ENC);
+    ivAndText.cleanText = Buffer.from(cipherBlobPartTwo, Defaults.BASE64_ENC);
+  }
+
+  return ivAndText;
+};

package/src/services/index.ts

@@ -1 +1,5 @@
-export * from './bigidProxyService';
+export * from './bigidProxyService';
+export * from './dataSourceService';
+export * from './actionsHubService';
+
+export { scheduleFunction, unscheduleAllFunctions, unscheduleFunction } from './schedulerService';

package/src/services/schedulerService.ts

@@ -0,0 +1,39 @@
+import { BatchFunction, handleBatchProcess } from './batchProcessManager';
+import { Job, scheduleJob, scheduledJobs } from 'node-schedule';
+import { getAccessTokenFromRefreshToken } from '../utils/tokenUtil';
+
+const scheduleSingleTenantProcess = async (
+  batchUN: string,
+  cronExpression: string,
+  callback: BatchFunction,
+): Promise<void> => {
+  if (!process.env.BIGID_BASE_URL || !process.env.BIGID_REFRESH_TOKEN)
+    throw new Error('Please make sure to fill out BIGID_BASE_URL && BIGID_REFRESH_TOKEN environment variables.');
+
+  const bigidAccessToken = await getAccessTokenFromRefreshToken(process.env.BIGID_REFRESH_TOKEN);
+
+  scheduleJob(batchUN, cronExpression, () =>
+    callback('SINGLE_TENANT', process.env.BIGID_BASE_URL as string, bigidAccessToken),
+  );
+};
+
+/**
+ * use this method to call a function execution according to a cron expression.
+ *
+ * @param batchUN - name for the job.
+ * @param cronExpression - the cron expression for the function call.
+ * @param callback - the function that will be called.
+ */
+export const scheduleFunction = (batchUN: string, cronExpression: string, callback: BatchFunction): void => {
+  process.env.MULTI_TENANT_MODE
+    ? scheduleJob(batchUN, cronExpression, () => handleBatchProcess(callback))
+    : scheduleSingleTenantProcess(batchUN, cronExpression, callback);
+};
+
+export const unscheduleFunction = (batchUN: string): void => {
+  const jobToCancel: Job = scheduledJobs[batchUN];
+  jobToCancel.cancel();
+};
+
+export const unscheduleAllFunctions = (): void =>
+  Object.keys(scheduledJobs).forEach(jobName => scheduledJobs[jobName].cancel());

package/src/utils/appLogger.ts

@@ -1,6 +1,14 @@
 import { configure, getLogger } from 'log4js';
 import { LOGS_PATH } from './constants';
 
+type LogMetadata = {
+  tenantId: string;
+  functionName: string;
+  scriptName: string;
+};
+const USER_LOG_BACKUPS = parseInt(process.env.LOG_BACKUPS + "") || 3;
+const MAX_BACKUPS = 10;
+
 configure({
   appenders: {
     console: { type: 'stdout', layout: { type: 'colored' } },
@@ -9,13 +17,43 @@ configure({
       layout: { type: 'basic' },
       filename: LOGS_PATH,
       compress: true,
-      daysToKeep: 14,
-      keepFileExt: true
-    }
+      numBackups: USER_LOG_BACKUPS > MAX_BACKUPS ? MAX_BACKUPS : USER_LOG_BACKUPS,
+      keepFileExt: true,
+    },
   },
   categories: {
-    default: { appenders: ['console', 'dateFile'], level: process.env.LOG_LEVEL || 'info' }
-  }
+    default: { appenders: ['console', 'dateFile'], level: process.env.LOG_LEVEL || 'info' },
+  },
 });
 
-export const appLogger = getLogger();
+const appLogger = getLogger();
+
+const formatLog = (message: string, logMetadata?: LogMetadata): string => {
+  if (!logMetadata) return message;
+
+  const params = Object.entries(logMetadata)
+    .filter(([value]) => value)
+    .map(([key, value]) => `[${key}: ${value}]`)
+    .join(' ');
+  return `${params} ${message}`;
+};
+
+export const logInfo = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.info(logMessage);
+};
+
+export const logError = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.error(logMessage);
+};
+
+export const logWarn = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.warn(logMessage);
+};
+
+export const logDebug = (message: string, logMetadata?: LogMetadata): void => {
+  const logMessage = formatLog(message, logMetadata);
+  appLogger.debug(logMessage);
+};

package/src/utils/index.ts

@@ -1 +1 @@
-export { appLogger } from './appLogger'
+export * from './appLogger';

package/src/utils/tokenUtil.ts

@@ -0,0 +1,65 @@
+import axios from 'axios';
+import { Agent } from 'https';
+import { doCallToUrl, RequestMethod } from '../services';
+
+const auth0Payload = {
+  client_id: process.env.CLIENT_ID,
+  client_secret: process.env.CLIENT_SECRET,
+  audience: process.env.AUTH0_AUDIENCE || 'bigid-api-v1',
+  grant_type: 'client_credentials',
+};
+
+let auth0Token: string;
+let accessToken: string;
+
+export const getAccessTokenFromRefreshToken = async (refreshToken: string) => {
+  if (canUseLocalToken(accessToken)) return accessToken;
+  const bigidBaseUrl = process.env.BIGID_BASE_URL;
+  const {
+    data: { systemToken },
+  } = await doCallToUrl(
+    refreshToken,
+    RequestMethod.GET,
+    new URL('api/v1/refresh-access-token', bigidBaseUrl).toString(),
+  );
+  accessToken = systemToken;
+
+  return accessToken;
+};
+
+export const getAuth0Token = async (): Promise<string> => {
+  if (canUseLocalToken(auth0Token)) return auth0Token;
+  const auth0Domain = process.env.AUTH0_DOMAIN?.replace(/\/$/, '');
+  const {
+    data: { access_token },
+  } = await axios.post(`${auth0Domain}/oauth/token`, auth0Payload);
+  auth0Token = access_token;
+
+  return access_token;
+};
+
+export const tokenExchange = async (auth0Token: string, tenantId?: string): Promise<string> => {
+  const {
+    data: { data },
+  } = await axios.post(
+    `${process.env.BIGID_BASE_URL}/api/v1/token-exchange`,
+    { tenantId },
+    {
+      headers: { authorization: auth0Token },
+      httpsAgent: new Agent({
+        rejectUnauthorized: false,
+      }),
+    },
+  );
+  return data[0];
+};
+
+const getTokenPayloadAsJson = (token: string): Record<string, any> =>
+  JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
+
+const canUseLocalToken = (token: string): boolean => {
+  if (!token) return false;
+
+  const { exp } = getTokenPayloadAsJson(token);
+  return Date.now() < exp * 1000;
+};