@flowerforce/flowerbase 1.1.2-beta.9 → 1.2.1-beta.10

package/src/auth/utils.ts

@@ -8,19 +8,45 @@ export const LOGIN_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      username: { type: 'string' },
-      password: { type: 'string' }
+      username: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 }
     },
     required: ['username', 'password']
   }
 }
 
-export const RESET_SCHEMA = {
+export const RESET_SEND_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      email: { type: 'string' },
-      password: { type: 'string' }
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      }
+    },
+    required: ['email']
+  }
+}
+
+export const RESET_CALL_SCHEMA = {
+  body: {
+    type: 'object',
+    properties: {
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 },
+      arguments: { type: 'array' }
     },
     required: ['email', 'password']
   }
@@ -30,7 +56,7 @@ export const CONFIRM_RESET_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      password: { type: 'string' },
+      password: { type: 'string', minLength: 8, maxLength: 128 },
       token: { type: 'string' },
       tokenId: { type: 'string' }
     },
@@ -38,12 +64,19 @@ export const CONFIRM_RESET_SCHEMA = {
   }
 }
 
+export const RESET_SCHEMA = RESET_SEND_SCHEMA
+
 export const REGISTRATION_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      email: { type: 'string' },
-      password: { type: 'string' }
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 }
     },
     required: ['email', 'password']
   }
@@ -54,7 +87,8 @@ export enum AUTH_ENDPOINTS {
   REGISTRATION = '/register',
   PROFILE = '/profile',
   SESSION = '/session',
-  RESET = '/reset/call',
+  RESET = '/reset/send',
+  RESET_CALL = '/reset/call',
   CONFIRM_RESET = "/reset",
   FIRST_USER = '/setup/first-user'
 }
@@ -62,7 +96,8 @@ export enum AUTH_ENDPOINTS {
 export enum AUTH_ERRORS {
   INVALID_CREDENTIALS = 'Invalid credentials',
   INVALID_TOKEN = 'Invalid refresh token provided',
-  INVALID_RESET_PARAMS = 'Invalid token or tokenId provided'
+  INVALID_RESET_PARAMS = 'Invalid token or tokenId provided',
+  MISSING_RESET_FUNCTION = 'Missing reset function'
 }
 
 export interface AuthConfig {
@@ -99,11 +134,6 @@ export interface Config {
   resetPasswordUrl: string
   runConfirmationFunction: boolean
   runResetFunction: boolean
-  mailConfig: {
-    from: string
-    subject: string
-    mailToken: string
-  }
 }
 
 export interface CustomUserDataConfig {
@@ -115,13 +145,16 @@ export interface CustomUserDataConfig {
   on_user_creation_function_name: string
 }
 
+const resolveAppPath = () =>
+  process.env.FLOWERBASE_APP_PATH ?? require.main?.path ?? process.cwd()
+
 
 /**
  * > Loads the auth config json file
  * @testable
  */
 export const loadAuthConfig = (): AuthConfig => {
-  const authPath = path.join(require.main!.path, 'auth/providers.json')
+  const authPath = path.join(resolveAppPath(), 'auth/providers.json')
   return JSON.parse(fs.readFileSync(authPath, 'utf-8'))
 }
 
@@ -130,79 +163,11 @@ export const loadAuthConfig = (): AuthConfig => {
  * @testable
  */
 export const loadCustomUserData = (): CustomUserDataConfig => {
-  const userDataPath = path.join(require.main!.path, 'auth/custom_user_data.json')
+  const userDataPath = path.join(resolveAppPath(), 'auth/custom_user_data.json')
   return JSON.parse(fs.readFileSync(userDataPath, 'utf-8'))
 }
 
-export const getMailConfig = (
-  resetPasswordConfig: Config,
-  token: string,
-  tokenId: string
-) => {
-  const { mailConfig, resetPasswordUrl } = resetPasswordConfig
-  const ENV_PREFIX = 'ENV'
-  const { from, subject, mailToken } = mailConfig
-
-  const [fromPrefix, fromPath] = from.split('.')
-
-  if (!fromPath) {
-    throw new Error(`Invalid fromPath: ${fromPath}`)
-  }
-
-  const currentSender = (fromPrefix === ENV_PREFIX ? process.env[fromPath] : from) ?? ''
-  const [subjectPrefix, subjectPath] = subject.split('.')
-
-  if (!subjectPath) {
-    throw new Error(`Invalid subjectPath: ${subjectPath}`)
-  }
-
-  const currentSubject =
-    (subjectPrefix === ENV_PREFIX ? process.env[subjectPath] : subject) ?? ''
-  const [mailTokenPrefix, mailTokenPath] = mailToken.split('.')
-
-  if (!mailTokenPath) {
-    throw new Error(`Invalid mailTokenPath: ${mailTokenPath}`)
-  }
-
-  const currentMailToken =
-    (mailTokenPrefix === 'ENV' ? process.env[mailTokenPath] : mailToken) ?? ''
-
-  const link = `${resetPasswordUrl}/${token}/${tokenId}`
-  const body = `<body style="font-family: Arial, sans-serif; background-color: #f4f4f4; text-align: center; padding: 20px;">
-  <table width="100%" cellspacing="0" cellpadding="0">
-      <tr>
-          <td align="center">
-              <table width="600" cellspacing="0" cellpadding="0" style="background: #ffffff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
-                  <tr>
-                      <td align="center">
-                          <h2>Password Reset Request</h2>
-                          <p>If you requested a password reset, click the button below to reset your password.</p>
-                          <p>If you did not request this, please ignore this email.</p>
-                          <p>
-                              <a href="${link}" style="display: inline-block; padding: 12px 20px; font-size: 16px; color: #ffffff; background: #007bff; text-decoration: none; border-radius: 5px;">Reset Password</a>
-                          </p>
-                          <p style="margin-top: 20px; font-size: 12px; color: #777;">If the button does not work, copy and paste the following link into your browser:</p>
-                          <p style="font-size: 12px; color: #777;">${link}</p>
-                      </td>
-                  </tr>
-              </table>
-          </td>
-      </tr>
-  </table>
-</body>`
-  return {
-    from: currentSender ?? '',
-    subject: currentSubject,
-    mailToken: currentMailToken,
-    body
-  }
-}
-
-
-
-
-
 export const generatePassword = (length = 20) => {
   const bytes = crypto.randomBytes(length);
   return Array.from(bytes, (b) => CHARSET[b % CHARSET.length]).join("");
-}
+}

package/src/constants.ts

@@ -1,4 +1,5 @@
 import { loadAuthConfig, loadCustomUserData } from './auth/utils'
+import { ALLOWED_METHODS } from './'
 
 const {
   database_name,
@@ -15,7 +16,18 @@ export const DEFAULT_CONFIG = {
   API_VERSION: process.env.API_VERSION || 'v2.0',
   HTTPS_SCHEMA: process.env.HTTPS_SCHEMA || 'https',
   HOST: process.env.HOST || '0.0.0.0',
-  ENABLE_LOGGER: process.env.ENABLE_LOGGER
+  ENABLE_LOGGER: process.env.ENABLE_LOGGER,
+  RESET_PASSWORD_TTL_SECONDS: Number(process.env.RESET_PASSWORD_TTL_SECONDS) || 3600,
+  AUTH_RATE_LIMIT_WINDOW_MS: Number(process.env.AUTH_RATE_LIMIT_WINDOW_MS) || 15 * 60 * 1000,
+  AUTH_LOGIN_MAX_ATTEMPTS: Number(process.env.AUTH_LOGIN_MAX_ATTEMPTS) || 10,
+  AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
+  REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
+  SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
+  SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
+  CORS_OPTIONS: {
+    origin: "*",
+    methods: ["GET", "POST", "PUT", "DELETE"] as ALLOWED_METHODS[]
+  }
 }
 export const API_VERSION = `/api/client/${DEFAULT_CONFIG.API_VERSION}`
 export const HTTPS_SCHEMA = DEFAULT_CONFIG.HTTPS_SCHEMA
@@ -25,7 +37,8 @@ export const DB_NAME = database_name
 export const AUTH_CONFIG = {
   authCollection: auth_collection,
   userCollection: collection_name,
-  resetPasswordCollection: 'reset-password-requests',
+  resetPasswordCollection: 'reset_password_requests',
+  refreshTokensCollection: 'auth_refresh_tokens',
   resetPasswordConfig: configuration['local-userpass']?.config,
   user_id_field,
   on_user_creation_function_name,
@@ -39,4 +52,4 @@ export const AUTH_CONFIG = {
 export const S3_CONFIG = {
   ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,
   SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY
-}
+}

package/src/fastify.d.ts

@@ -1,7 +1,33 @@
-import { FastifyRequest as FastifyRequestType } from 'fastify'
+import { FastifyRequest as FastifyRequestType, FastifyReply } from 'fastify'
 
 type User = Record<string, unknown>
 type UserData = Record<string, unknown>
+type JwtUserData = UserData
+
+type JwtAccessPayload = {
+  typ: 'access'
+  id: string
+  user_data: JwtUserData
+  data: JwtUserData
+  custom_data?: JwtUserData
+}
+
+type JwtRefreshPayload = {
+  typ: 'refresh'
+  baas_id: string
+}
+
+type JwtPayload = JwtAccessPayload | JwtRefreshPayload
+
+type JwtAccessUser = JwtAccessPayload & {
+  sub: string
+}
+
+type JwtRefreshUser = JwtRefreshPayload & {
+  sub: string
+}
+
+type JwtUser = JwtAccessUser | JwtRefreshUser
 
 declare module 'fastify' {
   interface FastifyInstance {
@@ -9,20 +35,11 @@ declare module 'fastify' {
     createAccessToken(user: User): string
     createRefreshToken(user: User): string
   }
+}
 
-  interface FastifyRequest {
-    user:
-      | {
-          id: string
-          typ: 'refresh'
-          sub: string
-          user_data: UserData
-          user: User
-        }
-      | {
-          typ: 'access'
-          user_data: UserData
-          id: string
-        }
+declare module '@fastify/jwt' {
+  interface FastifyJWT {
+    payload: JwtPayload
+    user: JwtUser
   }
 }

package/src/features/functions/controller.ts

@@ -1,5 +1,6 @@
 import { ObjectId } from 'bson'
-import { DEFAULT_CONFIG } from '../../constants'
+import { ChangeStream, Document } from 'mongodb';
+import type { FastifyRequest } from 'fastify'
 import { services } from '../../services'
 import { StateManager } from '../../state'
 import { GenerateContext } from '../../utils/context'
@@ -7,6 +8,32 @@ import { Base64Function, FunctionCallBase64Dto, FunctionCallDto } from './dtos'
 import { FunctionController } from './interface'
 import { executeQuery } from './utils'
 
+const normalizeUser = (payload: Record<string, any> | undefined) => {
+  if (!payload) return undefined
+  const nestedUser =
+    payload.data ?? payload.user_data ?? payload.custom_data ?? payload
+  const flattened =
+    typeof nestedUser === 'object' && nestedUser !== null ? nestedUser : {}
+
+  return {
+    ...payload,
+    ...flattened,
+    custom_data: payload.custom_data ?? flattened,
+    user_data: payload.user_data ?? flattened,
+    data: payload.data ?? flattened
+  }
+}
+
+const getRequestUser = (req: FastifyRequest) => {
+  const candidate = req.user as Record<string, any> | undefined
+  return normalizeUser(candidate)
+}
+
+const logFunctionCall = (method: string, user: Record<string, any> | undefined, args: unknown[]) => {
+  if (process.env.DEBUG_FUNCTIONS !== 'true') return
+  console.log('[functions-debug]', method, user ? { id: user.id, role: user.role, email: user.email } : 'no-user', args)
+}
+
 /**
  * > Creates a pre handler for every query
  * @param app -> the fastify instance
@@ -19,8 +46,13 @@ export const functionsController: FunctionController = async (
 ) => {
   app.addHook('preHandler', app.jwtAuthentication)
 
+  const streams = {} as Record<string, ChangeStream<Document, Document>>
+
   app.post<{ Body: FunctionCallDto }>('/call', async (req, res) => {
-    const { user } = req
+    const user = getRequestUser(req)
+    if (!user || user.typ !== 'access') {
+      throw new Error('Access token required')
+    }
     const { name: method, arguments: args } = req.body
 
     if ('service' in req.body) {
@@ -29,16 +61,31 @@ export const functionsController: FunctionController = async (
         if (!serviceFn) {
           throw new Error(`Service "${req.body.service}" does not exist`)
         }
-      const [{ database, collection, query, update, document, documents, pipeline = [] }] = args
+      const [{
+        database,
+        collection,
+        query,
+        filter,
+        update,
+        options,
+        returnNewDocument,
+        document,
+        documents,
+        pipeline = []
+      }] = args
 
       const currentMethod = serviceFn(app, { rules, user })
         .db(database)
         .collection(collection)[method]
 
+      logFunctionCall(`service:${req.body.service}:${method}`, user, args)
       const operatorsByType = await executeQuery({
         currentMethod,
         query,
+        filter,
         update,
+        options,
+        returnNewDocument,
         document,
         documents,
         pipeline,
@@ -57,6 +104,7 @@ export const functionsController: FunctionController = async (
       throw new Error(`Function "${req.body.name}" is private`)
     }
 
+    logFunctionCall(`function:${method}`, user, args)
     const result = await GenerateContext({
       args: req.body.arguments,
       app,
@@ -72,7 +120,11 @@ export const functionsController: FunctionController = async (
   app.get<{
     Querystring: FunctionCallBase64Dto
   }>('/call', async (req, res) => {
-    const { query, user } = req
+    const { query } = req
+    const user = getRequestUser(req)
+    if (!user || user.typ !== 'access') {
+      throw new Error('Access token required')
+    }
     const { baas_request, stitch_request } = query
 
     const config: Base64Function = JSON.parse(
@@ -88,28 +140,43 @@ export const functionsController: FunctionController = async (
       'Cache-Control': 'no-cache',
       'Connection': 'keep-alive',
       "access-control-allow-credentials": "true",
-      "access-control-allow-origin": `${DEFAULT_CONFIG.HTTPS_SCHEMA}://${req.headers.host}`,
+      "access-control-allow-origin": '*',
       "access-control-allow-headers": "X-Stitch-Location, X-Baas-Location, Location",
-    }
+    };
 
     res.raw.writeHead(200, headers)
     res.raw.flushHeaders();
 
-    const changeStream = await services['mongodb-atlas'](app, {
+    const requestKey = baas_request || stitch_request
+
+    if (!requestKey) return
+
+    const changeStream = streams[requestKey]
+
+    if (changeStream) {
+      changeStream.on('change', (change) => {
+        res.raw.write(`data: ${JSON.stringify(change)}\n\n`);
+      });
+
+      req.raw.on('close', () => {
+        console.log("change stream closed");
+        changeStream?.close?.();
+        delete streams[requestKey]
+      });
+      return
+    }
+
+    streams[requestKey] = await services['mongodb-atlas'](app, {
       user,
       rules
     })
       .db(database)
       .collection(collection)
-      .watch([], { fullDocument: 'whenAvailable' })
+      .watch([], { fullDocument: 'whenAvailable' });
 
-    changeStream.on('change', (change) => {
-      res.raw.write(`data: ${JSON.stringify(change)}\n\n`);
-    });
 
-    req.raw.on('close', () => {
-      console.log("change stream closed")
-      changeStream.close();
+    streams[requestKey].on('change', (change) => {
+      res.raw.write(`data: ${JSON.stringify(change)}\n\n`);
     });
   })
 }

package/src/features/functions/dtos.ts

@@ -23,8 +23,11 @@ export type FunctionCallBase64Dto = {
 type ArgumentsData = Arguments<{
   database: string
   collection: string
+  filter?: Document
   query: Parameters<GetOperatorsFunction>
   update: Document
+  options?: Document
+  returnNewDocument?: boolean
   document: Document
   documents: Document[]
   pipeline?: Document[]

package/src/features/functions/interface.ts

@@ -24,6 +24,9 @@ export type ExecuteQueryParams = {
   currentMethod: ReturnType<GetOperatorsFunction>[keyof ReturnType<GetOperatorsFunction>]
   query: Parameters<GetOperatorsFunction>
   update: Document
+  filter?: Document
+  options?: Document
+  returnNewDocument?: boolean
   document: Document
   documents: Document[]
   pipeline: Document[]

package/src/features/functions/utils.ts

@@ -44,29 +44,51 @@ export const executeQuery = async ({
   currentMethod,
   query,
   update,
+  filter,
+  options,
+  returnNewDocument,
   document,
   documents,
   pipeline,
   isClient = false
 }: ExecuteQueryParams) => {
+  const resolvedQuery =
+    typeof query !== 'undefined'
+      ? query
+      : typeof filter !== 'undefined'
+        ? filter
+        : {}
+  const resolvedUpdate = typeof update !== 'undefined' ? update : {}
+  const resolvedOptions =
+    typeof options !== 'undefined'
+      ? options
+      : typeof returnNewDocument === 'boolean'
+        ? { returnDocument: returnNewDocument ? 'after' : 'before' }
+        : undefined
   return {
     find: async () =>
       await (currentMethod as ReturnType<GetOperatorsFunction>['find'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       ).toArray(),
     findOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['findOne'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       ),
     deleteOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['deleteOne'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       ),
     insertOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['insertOne'])(
         EJSON.deserialize(document)
       ),
-    updateOne: () => currentMethod(EJSON.deserialize(query), EJSON.deserialize(update)),
+    updateOne: () => currentMethod(EJSON.deserialize(resolvedQuery), EJSON.deserialize(resolvedUpdate)),
+    findOneAndUpdate: () =>
+      (currentMethod as ReturnType<GetOperatorsFunction>['findOneAndUpdate'])(
+        EJSON.deserialize(resolvedQuery),
+        EJSON.deserialize(resolvedUpdate),
+        resolvedOptions ? EJSON.deserialize(resolvedOptions) : undefined
+      ),
     aggregate: async () =>
       (await (currentMethod as ReturnType<GetOperatorsFunction>['aggregate'])(
         EJSON.deserialize(pipeline),
@@ -79,13 +101,12 @@ export const executeQuery = async ({
       ),
     updateMany: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['updateMany'])(
-        EJSON.deserialize(query),
-        EJSON.deserialize(update)
+        EJSON.deserialize(resolvedQuery),
+        EJSON.deserialize(resolvedUpdate)
       ),
     deleteMany: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['deleteMany'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       )
   }
 }
-

package/src/features/rules/utils.ts

@@ -5,11 +5,20 @@ import { Rules, RulesConfig } from './interface'
 
 export const loadRules = async (rootDir = process.cwd()): Promise<Rules> => {
   const rulesRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
-  const files = fs.readdirSync(rulesRoot, { recursive: true }) as string[]
+  const recursivelyCollectFiles = (dir: string): string[] => {
+    return fs.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
+      const fullPath = path.join(dir, entry.name)
+      if (entry.isDirectory()) {
+        return recursivelyCollectFiles(fullPath)
+      }
+      return entry.isFile() ? [fullPath] : []
+    })
+  }
+  const files = recursivelyCollectFiles(rulesRoot)
   const rulesFiles = files.filter((x) => (x as string).endsWith('rules.json'))
 
   const rulesByCollection = rulesFiles.reduce((acc, rulesFile) => {
-    const filePath = path.join(rulesRoot, rulesFile)
+    const filePath = rulesFile
     const collectionRules = readJsonContent(filePath) as RulesConfig
     acc[collectionRules.collection] = collectionRules
 

package/src/features/triggers/index.ts

@@ -1,3 +1,4 @@
+import { AUTH_CONFIG, DB_NAME } from '../../constants'
 import { services } from '../../services'
 import { Function, Functions } from '../functions/interface'
 import { ActivateTriggersParams } from './dtos'
@@ -17,7 +18,48 @@ export const activateTriggers = async ({
 }: ActivateTriggersParams) => {
   console.log('START ACTIVATION TRIGGERS')
   try {
-    for await (const trigger of triggersList) {
+    const triggersToActivate = [...triggersList]
+    if (AUTH_CONFIG.on_user_creation_function_name) {
+      const alreadyDeclared = triggersToActivate.some(
+        (trigger) =>
+          trigger.content.type === 'AUTHENTICATION' &&
+          trigger.content.event_processors?.FUNCTION?.config?.function_name ===
+            AUTH_CONFIG.on_user_creation_function_name
+      )
+      if (!alreadyDeclared) {
+        triggersToActivate.push({
+          fileName: '__auto_on_user_creation_trigger__.json',
+          content: {
+            name: 'onUserCreation',
+            type: 'AUTHENTICATION',
+            disabled: false,
+            config: {
+              collection: AUTH_CONFIG.authCollection ?? 'auth_users',
+              database: DB_NAME,
+              full_document: true,
+              full_document_before_change: false,
+              match: {},
+              operation_types: ['insert', 'update', 'replace'],
+              project: {},
+              service_name: 'mongodb-atlas',
+              skip_catchup_events: false,
+              tolerate_resume_errors: false,
+              unordered: false,
+              schedule: ''
+            },
+            event_processors: {
+              FUNCTION: {
+                config: {
+                  function_name: AUTH_CONFIG.on_user_creation_function_name
+                }
+              }
+            }
+          }
+        })
+      }
+    }
+
+    for await (const trigger of triggersToActivate) {
       const { content } = trigger
       const { type, config, event_processors } = content