@flowerforce/flowerbase 1.2.1-beta.2 → 1.2.1-beta.20

package/src/auth/utils.ts

@@ -8,19 +8,45 @@ export const LOGIN_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      username: { type: 'string' },
-      password: { type: 'string' }
+      username: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 }
     },
     required: ['username', 'password']
   }
 }
 
-export const RESET_SCHEMA = {
+export const RESET_SEND_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      email: { type: 'string' },
-      password: { type: 'string' }
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      }
+    },
+    required: ['email']
+  }
+}
+
+export const RESET_CALL_SCHEMA = {
+  body: {
+    type: 'object',
+    properties: {
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 },
+      arguments: { type: 'array' }
     },
     required: ['email', 'password']
   }
@@ -30,7 +56,7 @@ export const CONFIRM_RESET_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      password: { type: 'string' },
+      password: { type: 'string', minLength: 8, maxLength: 128 },
       token: { type: 'string' },
       tokenId: { type: 'string' }
     },
@@ -38,12 +64,30 @@ export const CONFIRM_RESET_SCHEMA = {
   }
 }
 
+export const CONFIRM_USER_SCHEMA = {
+  body: {
+    type: 'object',
+    properties: {
+      token: { type: 'string' },
+      tokenId: { type: 'string' }
+    },
+    required: ['token', 'tokenId']
+  }
+}
+
+export const RESET_SCHEMA = RESET_SEND_SCHEMA
+
 export const REGISTRATION_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      email: { type: 'string' },
-      password: { type: 'string' }
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 }
     },
     required: ['email', 'password']
   }
@@ -52,9 +96,11 @@ export const REGISTRATION_SCHEMA = {
 export enum AUTH_ENDPOINTS {
   LOGIN = '/login',
   REGISTRATION = '/register',
+  CONFIRM = '/confirm',
   PROFILE = '/profile',
   SESSION = '/session',
-  RESET = '/reset/call',
+  RESET = '/reset/send',
+  RESET_CALL = '/reset/call',
   CONFIRM_RESET = "/reset",
   FIRST_USER = '/setup/first-user'
 }
@@ -62,7 +108,9 @@ export enum AUTH_ENDPOINTS {
 export enum AUTH_ERRORS {
   INVALID_CREDENTIALS = 'Invalid credentials',
   INVALID_TOKEN = 'Invalid refresh token provided',
-  INVALID_RESET_PARAMS = 'Invalid token or tokenId provided'
+  INVALID_RESET_PARAMS = 'Invalid token or tokenId provided',
+  MISSING_RESET_FUNCTION = 'Missing reset function',
+  USER_NOT_CONFIRMED = 'User not confirmed'
 }
 
 export interface AuthConfig {
@@ -70,6 +118,7 @@ export interface AuthConfig {
   'api-key': ApiKey
   'local-userpass': LocalUserpass
   'custom-function': CustomFunction
+  'anon-user'?: AnonUser
 }
 
 interface ApiKey {
@@ -93,17 +142,19 @@ interface CustomFunction {
   }
 }
 
+export interface AnonUser {
+  name: "anon-user"
+  type: "anon-user"
+  disabled: boolean
+}
+
 export interface Config {
   autoConfirm: boolean
+  confirmationFunctionName?: string
   resetFunctionName: string
   resetPasswordUrl: string
   runConfirmationFunction: boolean
   runResetFunction: boolean
-  mailConfig: {
-    from: string
-    subject: string
-    mailToken: string
-  }
 }
 
 export interface CustomUserDataConfig {
@@ -137,74 +188,6 @@ export const loadCustomUserData = (): CustomUserDataConfig => {
   return JSON.parse(fs.readFileSync(userDataPath, 'utf-8'))
 }
 
-export const getMailConfig = (
-  resetPasswordConfig: Config,
-  token: string,
-  tokenId: string
-) => {
-  const { mailConfig, resetPasswordUrl } = resetPasswordConfig
-  const ENV_PREFIX = 'ENV'
-  const { from, subject, mailToken } = mailConfig
-
-  const [fromPrefix, fromPath] = from.split('.')
-
-  if (!fromPath) {
-    throw new Error(`Invalid fromPath: ${fromPath}`)
-  }
-
-  const currentSender = (fromPrefix === ENV_PREFIX ? process.env[fromPath] : from) ?? ''
-  const [subjectPrefix, subjectPath] = subject.split('.')
-
-  if (!subjectPath) {
-    throw new Error(`Invalid subjectPath: ${subjectPath}`)
-  }
-
-  const currentSubject =
-    (subjectPrefix === ENV_PREFIX ? process.env[subjectPath] : subject) ?? ''
-  const [mailTokenPrefix, mailTokenPath] = mailToken.split('.')
-
-  if (!mailTokenPath) {
-    throw new Error(`Invalid mailTokenPath: ${mailTokenPath}`)
-  }
-
-  const currentMailToken =
-    (mailTokenPrefix === 'ENV' ? process.env[mailTokenPath] : mailToken) ?? ''
-
-  const link = `${resetPasswordUrl}/${token}/${tokenId}`
-  const body = `<body style="font-family: Arial, sans-serif; background-color: #f4f4f4; text-align: center; padding: 20px;">
-  <table width="100%" cellspacing="0" cellpadding="0">
-      <tr>
-          <td align="center">
-              <table width="600" cellspacing="0" cellpadding="0" style="background: #ffffff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
-                  <tr>
-                      <td align="center">
-                          <h2>Password Reset Request</h2>
-                          <p>If you requested a password reset, click the button below to reset your password.</p>
-                          <p>If you did not request this, please ignore this email.</p>
-                          <p>
-                              <a href="${link}" style="display: inline-block; padding: 12px 20px; font-size: 16px; color: #ffffff; background: #007bff; text-decoration: none; border-radius: 5px;">Reset Password</a>
-                          </p>
-                          <p style="margin-top: 20px; font-size: 12px; color: #777;">If the button does not work, copy and paste the following link into your browser:</p>
-                          <p style="font-size: 12px; color: #777;">${link}</p>
-                      </td>
-                  </tr>
-              </table>
-          </td>
-      </tr>
-  </table>
-</body>`
-  return {
-    from: currentSender ?? '',
-    subject: currentSubject,
-    mailToken: currentMailToken,
-    body
-  }
-}
-
-
-
-
-
 export const generatePassword = (length = 20) => {
   const bytes = crypto.randomBytes(length);
   return Array.from(bytes, (b) => CHARSET[b % CHARSET.length]).join("");

package/src/constants.ts

@@ -17,6 +17,15 @@ export const DEFAULT_CONFIG = {
   HTTPS_SCHEMA: process.env.HTTPS_SCHEMA || 'https',
   HOST: process.env.HOST || '0.0.0.0',
   ENABLE_LOGGER: process.env.ENABLE_LOGGER,
+  RESET_PASSWORD_TTL_SECONDS: Number(process.env.RESET_PASSWORD_TTL_SECONDS) || 3600,
+  AUTH_RATE_LIMIT_WINDOW_MS: Number(process.env.AUTH_RATE_LIMIT_WINDOW_MS) || 15 * 60 * 1000,
+  AUTH_LOGIN_MAX_ATTEMPTS: Number(process.env.AUTH_LOGIN_MAX_ATTEMPTS) || 10,
+  AUTH_REGISTER_MAX_ATTEMPTS: Number(process.env.AUTH_REGISTER_MAX_ATTEMPTS) || 5,
+  AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
+  REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
+  ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
+  SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
+  SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
   CORS_OPTIONS: {
     origin: "*",
     methods: ["GET", "POST", "PUT", "DELETE"] as ALLOWED_METHODS[]
@@ -30,12 +39,15 @@ export const DB_NAME = database_name
 export const AUTH_CONFIG = {
   authCollection: auth_collection,
   userCollection: collection_name,
-  resetPasswordCollection: 'reset-password-requests',
+  resetPasswordCollection: 'reset_password_requests',
+  refreshTokensCollection: 'auth_refresh_tokens',
   resetPasswordConfig: configuration['local-userpass']?.config,
+  localUserpassConfig: configuration['local-userpass']?.config,
   user_id_field,
   on_user_creation_function_name,
   providers: {
-    "custom-function": configuration['custom-function']?.config
+    "custom-function": configuration['custom-function']?.config,
+    "anon-user": configuration['anon-user']
   }
 }
 

package/src/features/functions/controller.ts

@@ -34,6 +34,13 @@ const logFunctionCall = (method: string, user: Record<string, any> | undefined,
   console.log('[functions-debug]', method, user ? { id: user.id, role: user.role, email: user.email } : 'no-user', args)
 }
 
+const formatFunctionExecutionError = (error: unknown) => {
+  const err = error as { message?: string; name?: string }
+  const message = typeof err?.message === 'string' ? err.message : String(error)
+  const name = typeof err?.name === 'string' ? err.name : 'Error'
+  return JSON.stringify({ message, name })
+}
+
 /**
  * > Creates a pre handler for every query
  * @param app -> the fastify instance
@@ -61,7 +68,18 @@ export const functionsController: FunctionController = async (
         if (!serviceFn) {
           throw new Error(`Service "${req.body.service}" does not exist`)
         }
-      const [{ database, collection, query, update, document, documents, pipeline = [] }] = args
+      const [{
+        database,
+        collection,
+        query,
+        filter,
+        update,
+        options,
+        returnNewDocument,
+        document,
+        documents,
+        pipeline = []
+      }] = args
 
       const currentMethod = serviceFn(app, { rules, user })
         .db(database)
@@ -71,7 +89,10 @@ export const functionsController: FunctionController = async (
       const operatorsByType = await executeQuery({
         currentMethod,
         query,
+        filter,
         update,
+        options,
+        returnNewDocument,
         document,
         documents,
         pipeline,
@@ -91,17 +112,26 @@ export const functionsController: FunctionController = async (
     }
 
     logFunctionCall(`function:${method}`, user, args)
-    const result = await GenerateContext({
-      args: req.body.arguments,
-      app,
-      rules,
-      user: { ...user, _id: new ObjectId(user.id) },
-      currentFunction,
-      functionsList,
-      services
-    })
-    res.type('application/json')
-    return JSON.stringify(result)
+    try {
+      const result = await GenerateContext({
+        args: req.body.arguments,
+        app,
+        rules,
+        user: { ...user, _id: new ObjectId(user.id) },
+        currentFunction,
+        functionsList,
+        services
+      })
+      res.type('application/json')
+      return JSON.stringify(result)
+    } catch (error) {
+      res.status(500)
+      res.type('application/json')
+      return JSON.stringify({
+        error: formatFunctionExecutionError(error),
+        error_code: 'FunctionExecutionError'
+      })
+    }
   })
   app.get<{
     Querystring: FunctionCallBase64Dto

package/src/features/functions/dtos.ts

@@ -23,8 +23,11 @@ export type FunctionCallBase64Dto = {
 type ArgumentsData = Arguments<{
   database: string
   collection: string
+  filter?: Document
   query: Parameters<GetOperatorsFunction>
   update: Document
+  options?: Document
+  returnNewDocument?: boolean
   document: Document
   documents: Document[]
   pipeline?: Document[]

package/src/features/functions/interface.ts

@@ -24,6 +24,9 @@ export type ExecuteQueryParams = {
   currentMethod: ReturnType<GetOperatorsFunction>[keyof ReturnType<GetOperatorsFunction>]
   query: Parameters<GetOperatorsFunction>
   update: Document
+  filter?: Document
+  options?: Document
+  returnNewDocument?: boolean
   document: Document
   documents: Document[]
   pipeline: Document[]

package/src/features/functions/utils.ts

@@ -44,29 +44,51 @@ export const executeQuery = async ({
   currentMethod,
   query,
   update,
+  filter,
+  options,
+  returnNewDocument,
   document,
   documents,
   pipeline,
   isClient = false
 }: ExecuteQueryParams) => {
+  const resolvedQuery =
+    typeof query !== 'undefined'
+      ? query
+      : typeof filter !== 'undefined'
+        ? filter
+        : {}
+  const resolvedUpdate = typeof update !== 'undefined' ? update : {}
+  const resolvedOptions =
+    typeof options !== 'undefined'
+      ? options
+      : typeof returnNewDocument === 'boolean'
+        ? { returnDocument: returnNewDocument ? 'after' : 'before' }
+        : undefined
   return {
     find: async () =>
       await (currentMethod as ReturnType<GetOperatorsFunction>['find'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       ).toArray(),
     findOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['findOne'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       ),
     deleteOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['deleteOne'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       ),
     insertOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['insertOne'])(
         EJSON.deserialize(document)
       ),
-    updateOne: () => currentMethod(EJSON.deserialize(query), EJSON.deserialize(update)),
+    updateOne: () => currentMethod(EJSON.deserialize(resolvedQuery), EJSON.deserialize(resolvedUpdate)),
+    findOneAndUpdate: () =>
+      (currentMethod as ReturnType<GetOperatorsFunction>['findOneAndUpdate'])(
+        EJSON.deserialize(resolvedQuery),
+        EJSON.deserialize(resolvedUpdate),
+        resolvedOptions ? EJSON.deserialize(resolvedOptions) : undefined
+      ),
     aggregate: async () =>
       (await (currentMethod as ReturnType<GetOperatorsFunction>['aggregate'])(
         EJSON.deserialize(pipeline),
@@ -79,13 +101,12 @@ export const executeQuery = async ({
       ),
     updateMany: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['updateMany'])(
-        EJSON.deserialize(query),
-        EJSON.deserialize(update)
+        EJSON.deserialize(resolvedQuery),
+        EJSON.deserialize(resolvedUpdate)
       ),
     deleteMany: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['deleteMany'])(
-        EJSON.deserialize(query)
+        EJSON.deserialize(resolvedQuery)
       )
   }
 }
-

package/src/features/triggers/index.ts

@@ -1,3 +1,4 @@
+import { AUTH_CONFIG, DB_NAME } from '../../constants'
 import { services } from '../../services'
 import { Function, Functions } from '../functions/interface'
 import { ActivateTriggersParams } from './dtos'
@@ -17,7 +18,49 @@ export const activateTriggers = async ({
 }: ActivateTriggersParams) => {
   console.log('START ACTIVATION TRIGGERS')
   try {
-    for await (const trigger of triggersList) {
+    const triggersToActivate = [...triggersList]
+    if (AUTH_CONFIG.on_user_creation_function_name) {
+      const alreadyDeclared = triggersToActivate.some(
+        (trigger) =>
+          trigger.content.type === 'AUTHENTICATION' &&
+          trigger.content.event_processors?.FUNCTION?.config?.function_name ===
+          AUTH_CONFIG.on_user_creation_function_name
+      )
+      if (!alreadyDeclared) {
+        triggersToActivate.push({
+          fileName: '__auto_on_user_creation_trigger__.json',
+          content: {
+            name: 'onUserCreation',
+            type: 'AUTHENTICATION',
+            disabled: false,
+            config: {
+              isAutoTrigger: true,
+              collection: AUTH_CONFIG.authCollection ?? 'auth_users',
+              database: DB_NAME,
+              full_document: true,
+              full_document_before_change: false,
+              match: {},
+              operation_types: ['insert', 'update', 'replace'],
+              project: {},
+              service_name: 'mongodb-atlas',
+              skip_catchup_events: false,
+              tolerate_resume_errors: false,
+              unordered: false,
+              schedule: ''
+            },
+            event_processors: {
+              FUNCTION: {
+                config: {
+                  function_name: AUTH_CONFIG.on_user_creation_function_name
+                }
+              }
+            }
+          }
+        })
+      }
+    }
+
+    for await (const trigger of triggersToActivate) {
       const { content } = trigger
       const { type, config, event_processors } = content
 

package/src/features/triggers/interface.ts

@@ -21,6 +21,7 @@ type Config = {
   database: string
   full_document: boolean
   full_document_before_change: boolean
+  isAutoTrigger?: boolean
   match: Record<string, unknown>
   operation_types: string[]
   project: Record<string, unknown>

package/src/features/triggers/utils.ts

@@ -110,55 +110,107 @@ const handleAuthenticationTrigger = async ({
   services,
   app
 }: HandlerParams) => {
-  const { database } = config
+  const { database, isAutoTrigger } = config
+  const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
+  const collection = app.mongo.client.db(database || DB_NAME).collection(authCollection)
   const pipeline = [
     {
       $match: {
-        operationType: { $in: ['insert'] }
+        operationType: { $in: ['insert', 'update', 'replace'] }
       }
     }
   ]
-  const changeStream = app.mongo.client
-    .db(database || DB_NAME)
-    .collection(AUTH_CONFIG.authCollection)
-    .watch(pipeline, {
-      fullDocument: 'whenAvailable'
-    })
+  const changeStream = collection.watch(pipeline, {
+    fullDocument: 'whenAvailable'
+  })
   changeStream.on('error', (error) => {
     if (shouldIgnoreStreamError(error)) return
     console.error('Authentication trigger change stream error', error)
   })
   changeStream.on('change', async function (change) {
-    const document = change['fullDocument' as keyof typeof change] as Record<
-      string,
-      string
-    > //TODO -> define user type
-
-    if (document) {
-      delete document.password
-
-      const currentUser = { ...document }
-      delete currentUser.password
-      await GenerateContext({
-        args: [{
-          user: {
-            ...currentUser,
-            id: currentUser._id.toString(),
-            data: {
-              _id: currentUser._id.toString(),
-              email: currentUser.email
-            }
-          }
-        }],
-        app,
-        rules: StateManager.select("rules"),
-        user: {},  // TODO from currentUser ??
-        currentFunction: triggerHandler,
-        functionsList,
-        services,
-        runAsSystem: true
-      })
+    const operationType = change['operationType' as keyof typeof change] as string | undefined
+    const documentKey = change['documentKey' as keyof typeof change] as
+      | { _id?: unknown }
+      | undefined
+    const fullDocument = change['fullDocument' as keyof typeof change] as
+      | Record<string, unknown>
+      | null
+    if (!documentKey?._id) {
+      return
     }
+
+    const updateDescription = change[
+      'updateDescription' as keyof typeof change
+    ] as { updatedFields?: Record<string, unknown> } | undefined
+    const updatedStatus = updateDescription?.updatedFields?.status
+    let confirmedCandidate = false
+    let confirmedDocument =
+      fullDocument as Record<string, unknown> | null
+
+    if (operationType === 'update') {
+      if (updatedStatus === 'confirmed') {
+        confirmedCandidate = true
+      } else if (updatedStatus === undefined) {
+        const fetched = await collection.findOne({
+          _id: documentKey._id
+        }) as Record<string, unknown> | null
+        confirmedDocument = fetched ?? confirmedDocument
+        confirmedCandidate = (confirmedDocument as { status?: string } | null)?.status === 'confirmed'
+      }
+    } else {
+      confirmedCandidate = (confirmedDocument as { status?: string } | null)?.status === 'confirmed'
+    }
+
+    if (!confirmedCandidate) {
+      return
+    }
+
+    const updateResult = await collection.findOneAndUpdate(
+      {
+        _id: documentKey._id,
+        status: 'confirmed',
+        on_user_creation_triggered_at: { $exists: false }
+      },
+      {
+        $set: {
+          on_user_creation_triggered_at: new Date()
+        }
+      },
+      {
+        returnDocument: 'after'
+      }
+    )
+
+    const document =
+      (updateResult?.value as Record<string, unknown> | null) ?? confirmedDocument
+    if (!document) {
+      return
+    }
+
+    delete (document as { password?: unknown }).password
+
+    const currentUser = { ...document }
+    delete (currentUser as { password?: unknown }).password
+
+    const userData = {
+      ...currentUser,
+      id: (currentUser as { _id: { toString: () => string } })._id.toString(),
+      data: {
+        _id: (currentUser as { _id: { toString: () => string } })._id.toString(),
+        email: (currentUser as { email?: string }).email
+      }
+    }
+    // TODO change va ripulito
+    await GenerateContext({
+      args: isAutoTrigger ? [userData] : [{ user: userData /*, ...change */ }],
+      app,
+      rules: StateManager.select("rules"),
+      user: {},  // TODO from currentUser ??
+      currentFunction: triggerHandler,
+      functionsList,
+      services,
+      runAsSystem: true
+    })
   })
   registerOnClose(
     app,