@flowerforce/flowerbase 1.2.1-beta.2 → 1.2.1-beta.21

package/src/auth/providers/local-userpass/controller.ts

@@ -1,42 +1,122 @@
-import sendGrid from '@sendgrid/mail'
 import { FastifyInstance } from 'fastify'
-import { AUTH_CONFIG, DB_NAME } from '../../../constants'
-import { services } from '../../../services'
+import { ObjectId } from 'mongodb'
+import { AUTH_CONFIG, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
 import handleUserRegistration from '../../../shared/handleUserRegistration'
 import { PROVIDER } from '../../../shared/models/handleUserRegistration.model'
 import { StateManager } from '../../../state'
 import { GenerateContext } from '../../../utils/context'
-import { comparePassword, generateToken, hashPassword } from '../../../utils/crypto'
+import { comparePassword, generateToken, hashPassword, hashToken } from '../../../utils/crypto'
 import {
   AUTH_ENDPOINTS,
   AUTH_ERRORS,
   CONFIRM_RESET_SCHEMA,
-  getMailConfig,
+  CONFIRM_USER_SCHEMA,
   LOGIN_SCHEMA,
   REGISTRATION_SCHEMA,
-  RESET_SCHEMA
+  RESET_CALL_SCHEMA,
+  RESET_SEND_SCHEMA
 } from '../../utils'
 import {
   ConfirmResetPasswordDto,
+  ConfirmUserDto,
   LoginDto,
   RegistrationDto,
-  ResetPasswordDto
+  ResetPasswordCallDto,
+  ResetPasswordSendDto
 } from './dtos'
+
+const rateLimitStore = new Map<string, number[]>()
+
+const isRateLimited = (key: string, maxAttempts: number, windowMs: number) => {
+  const now = Date.now()
+  const existing = rateLimitStore.get(key) ?? []
+  const recent = existing.filter((timestamp) => now - timestamp < windowMs)
+  recent.push(now)
+  rateLimitStore.set(key, recent)
+  return recent.length > maxAttempts
+}
 /**
  * Controller for handling local user registration and login.
  * @testable
  * @param {FastifyInstance} app - The Fastify instance.
  */
 export async function localUserPassController(app: FastifyInstance) {
-  const functionsList = StateManager.select('functions')
-
-  const {
-    authCollection,
-    userCollection,
-    user_id_field,
-    on_user_creation_function_name
-  } = AUTH_CONFIG
+  const { authCollection, userCollection, user_id_field } = AUTH_CONFIG
+  const { resetPasswordCollection } = AUTH_CONFIG
+  const { refreshTokensCollection } = AUTH_CONFIG
   const db = app.mongo.client.db(DB_NAME)
+  const resetPasswordTtlSeconds = DEFAULT_CONFIG.RESET_PASSWORD_TTL_SECONDS
+  const rateLimitWindowMs = DEFAULT_CONFIG.AUTH_RATE_LIMIT_WINDOW_MS
+  const loginMaxAttempts = DEFAULT_CONFIG.AUTH_LOGIN_MAX_ATTEMPTS
+  const registerMaxAttempts = DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS
+  const resetMaxAttempts = DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS
+  const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
+
+  try {
+    await db.collection(resetPasswordCollection).createIndex(
+      { createdAt: 1 },
+      { expireAfterSeconds: resetPasswordTtlSeconds }
+    )
+  } catch (error) {
+    console.error('Failed to ensure reset password TTL index', error)
+  }
+
+  try {
+    await db.collection(refreshTokensCollection).createIndex(
+      { expiresAt: 1 },
+      { expireAfterSeconds: 0 }
+    )
+  } catch (error) {
+    console.error('Failed to ensure refresh token TTL index', error)
+  }
+  const handleResetPasswordRequest = async (
+    email: string,
+    password?: string,
+    extraArguments?: unknown[]
+  ) => {
+    const { resetPasswordConfig } = AUTH_CONFIG
+    const authUser = await db.collection(authCollection!).findOne({
+      email
+    })
+
+    if (!authUser) {
+      return
+    }
+
+    const token = generateToken()
+    const tokenId = generateToken()
+
+    await db
+      ?.collection(resetPasswordCollection)
+      .updateOne(
+        { email },
+        { $set: { token, tokenId, email, createdAt: new Date() } },
+        { upsert: true }
+      )
+
+    if (!resetPasswordConfig.runResetFunction && !resetPasswordConfig.resetFunctionName) {
+      throw new Error(AUTH_ERRORS.MISSING_RESET_FUNCTION)
+    }
+
+    if (resetPasswordConfig.runResetFunction && resetPasswordConfig.resetFunctionName) {
+      const functionsList = StateManager.select('functions')
+      const services = StateManager.select('services')
+      const currentFunction = functionsList[resetPasswordConfig.resetFunctionName]
+      const baseArgs = { token, tokenId, email, password, username: email }
+      const args = Array.isArray(extraArguments) ? [baseArgs, ...extraArguments] : [baseArgs]
+      await GenerateContext({
+        args,
+        app,
+        rules: {},
+        user: {},
+        currentFunction,
+        functionsList,
+        services
+      })
+      return
+    }
+
+  }
 
   /**
    * Endpoint for user registration.
@@ -52,6 +132,11 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: REGISTRATION_SCHEMA
     },
     async (req, res) => {
+      const key = `register:${req.ip}`
+      if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
+        res.status(429).send({ message: 'Too many requests' })
+        return
+      }
 
       const result = await handleUserRegistration(app, { run_as_system: true, provider: PROVIDER.LOCAL_USERPASS })({ email: req.body.email.toLowerCase(), password: req.body.password })
 
@@ -65,6 +150,50 @@ export async function localUserPassController(app: FastifyInstance) {
     }
   )
 
+  /**
+   * Endpoint for confirming a user registration.
+   *
+   * @route {POST} /confirm
+   * @param {ConfirmUserDto} req - The request object with confirmation data.
+   * @returns {Promise<Object>} A promise resolving with confirmation status.
+   */
+  app.post<ConfirmUserDto>(
+    AUTH_ENDPOINTS.CONFIRM,
+    {
+      schema: CONFIRM_USER_SCHEMA
+    },
+    async (req, res) => {
+      const key = `confirm:${req.ip}`
+      if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
+        res.status(429).send({ message: 'Too many requests' })
+        return
+      }
+
+      const existing = await db.collection(authCollection!).findOne({
+        confirmationToken: req.body.token,
+        confirmationTokenId: req.body.tokenId
+      }) as { _id: ObjectId; status?: string } | null
+
+      if (!existing) {
+        res.status(500)
+        throw new Error(AUTH_ERRORS.INVALID_TOKEN)
+      }
+
+      if (existing.status !== 'confirmed') {
+        await db.collection(authCollection!).updateOne(
+          { _id: existing._id },
+          {
+            $set: { status: 'confirmed' },
+            $unset: { confirmationToken: '', confirmationTokenId: '' }
+          }
+        )
+      }
+
+      res.status(200)
+      return { status: 'confirmed' }
+    }
+  )
+
   /**
    * Endpoint for user login.
    *
@@ -77,7 +206,12 @@ export async function localUserPassController(app: FastifyInstance) {
     {
       schema: LOGIN_SCHEMA
     },
-    async function (req) {
+    async function (req, res) {
+      const key = `login:${req.ip}`
+      if (isRateLimited(key, loginMaxAttempts, rateLimitWindowMs)) {
+        res.status(429).send({ message: 'Too many requests' })
+        return
+      }
       const authUser = await db.collection(authCollection!).findOne({
         email: req.body.username
       })
@@ -110,45 +244,23 @@ export async function localUserPassController(app: FastifyInstance) {
         id: authUser._id.toString()
       }
 
-      if (authUser && authUser.status === 'pending') {
-        try {
-          await db?.collection(authCollection!).updateOne(
-            { _id: authUser._id },
-            {
-              $set: {
-                status: 'confirmed'
-              }
-            }
-          )
-        } catch (error) {
-          console.log('>>> 🚀 ~ localUserPassController ~ error:', error)
-        }
+      if (authUser && authUser.status !== 'confirmed') {
+        throw new Error(AUTH_ERRORS.USER_NOT_CONFIRMED)
       }
 
-      if (
-        authUser &&
-        authUser.status === 'pending' &&
-        on_user_creation_function_name &&
-        functionsList[on_user_creation_function_name]
-      ) {
-        try {
-          await GenerateContext({
-            args: [userWithCustomData],
-            app,
-            rules: {},
-            user: userWithCustomData,
-            currentFunction: functionsList[on_user_creation_function_name],
-            functionsList,
-            services
-          })
-        } catch (error) {
-          console.log('localUserPassController - /login - GenerateContext - CATCH:', error)
-        }
-      }
+      const refreshToken = this.createRefreshToken(userWithCustomData)
+      const refreshTokenHash = hashToken(refreshToken)
+      await db.collection(refreshTokensCollection).insertOne({
+        userId: authUser._id,
+        tokenHash: refreshTokenHash,
+        createdAt: new Date(),
+        expiresAt: new Date(Date.now() + refreshTokenTtlMs),
+        revokedAt: null
+      })
 
       return {
         access_token: this.createAccessToken(userWithCustomData),
-        refresh_token: this.createRefreshToken(userWithCustomData),
+        refresh_token: refreshToken,
         device_id: '',
         user_id: authUser._id.toString()
       }
@@ -158,65 +270,49 @@ export async function localUserPassController(app: FastifyInstance) {
   /**
    * Endpoint for reset password.
    *
-   * @route {POST} /reset/call
+   * @route {POST} /reset/send
    * @param {ResetPasswordDto} req - The request object with th reset request.
    * @returns {Promise<void>}
    */
-  app.post<ResetPasswordDto>(
+  app.post<ResetPasswordSendDto>(
     AUTH_ENDPOINTS.RESET,
     {
-      schema: RESET_SCHEMA
+      schema: RESET_SEND_SCHEMA
     },
-    async function (req) {
-      const { resetPasswordCollection, resetPasswordConfig } = AUTH_CONFIG
-      const email = req.body.email
-      const authUser = await db.collection(authCollection!).findOne({
-        email
-      })
-
-      if (!authUser) {
-        throw new Error(AUTH_ERRORS.INVALID_CREDENTIALS)
+    async function (req, res) {
+      const key = `reset:${req.ip}`
+      if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
+        res.status(429)
+        return { message: 'Too many requests' }
       }
-
-      const token = generateToken()
-      const tokenId = generateToken()
-
-      await db
-        ?.collection(resetPasswordCollection)
-        .updateOne(
-          { email },
-          { $set: { token, tokenId, email, createdAt: new Date() } },
-          { upsert: true }
-        )
-
-      if (resetPasswordConfig.runResetFunction && resetPasswordConfig.resetFunctionName) {
-        const functionsList = StateManager.select('functions')
-        const services = StateManager.select('services')
-        const currentFunction = functionsList[resetPasswordConfig.resetFunctionName]
-        await GenerateContext({
-          args: [{ token, tokenId, email }],
-          app,
-          rules: {},
-          user: {},
-          currentFunction,
-          functionsList,
-          services
-        })
-        return
+      await handleResetPasswordRequest(req.body.email)
+      res.status(202)
+      return {
+        status: 'ok'
       }
+    }
+  )
 
-      const { from, subject, mailToken, body } = getMailConfig(
-        resetPasswordConfig,
-        token,
-        tokenId
+  app.post<ResetPasswordCallDto>(
+    AUTH_ENDPOINTS.RESET_CALL,
+    {
+      schema: RESET_CALL_SCHEMA
+    },
+    async function (req, res) {
+      const key = `reset:${req.ip}`
+      if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
+        res.status(429)
+        return { message: 'Too many requests' }
+      }
+      await handleResetPasswordRequest(
+        req.body.email,
+        req.body.password,
+        req.body.arguments
       )
-      sendGrid.setApiKey(mailToken)
-      await sendGrid.send({
-        to: email,
-        from,
-        subject,
-        html: body
-      })
+      res.status(202)
+      return {
+        status: 'ok'
+      }
     }
   )
 
@@ -232,8 +328,12 @@ export async function localUserPassController(app: FastifyInstance) {
     {
       schema: CONFIRM_RESET_SCHEMA
     },
-    async function (req) {
-      const { resetPasswordCollection } = AUTH_CONFIG
+    async function (req, res) {
+      const key = `reset-confirm:${req.ip}`
+      if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
+        res.status(429)
+        return { message: 'Too many requests' }
+      }
       const { token, tokenId, password } = req.body
 
       const resetRequest = await db
@@ -243,6 +343,16 @@ export async function localUserPassController(app: FastifyInstance) {
       if (!resetRequest) {
         throw new Error(AUTH_ERRORS.INVALID_RESET_PARAMS)
       }
+
+      const createdAt = resetRequest.createdAt ? new Date(resetRequest.createdAt) : null
+      const isExpired = !createdAt ||
+        Number.isNaN(createdAt.getTime()) ||
+        Date.now() - createdAt.getTime() > resetPasswordTtlSeconds * 1000
+
+      if (isExpired) {
+        await db?.collection(resetPasswordCollection).deleteOne({ _id: resetRequest._id })
+        throw new Error(AUTH_ERRORS.INVALID_RESET_PARAMS)
+      }
       const hashedPassword = await hashPassword(password)
       await db.collection(authCollection!).updateOne(
         { email: resetRequest.email },

package/src/auth/providers/local-userpass/dtos.ts

@@ -15,19 +15,30 @@ export type LoginSuccessDto = {
   user_id: string
 }
 
+export type ErrorResponseDto = {
+  message: string
+}
+
 export interface RegistrationDto {
   Body: RegisterUserDto
 }
 
 export interface LoginDto {
   Body: LoginUserDto
-  Reply: LoginSuccessDto
+  Reply: LoginSuccessDto | ErrorResponseDto
+}
+
+export interface ResetPasswordSendDto {
+  Body: {
+    email: string
+  }
 }
 
-export interface ResetPasswordDto {
+export interface ResetPasswordCallDto {
   Body: {
     email: string
     password: string
+    arguments?: unknown[]
   }
 }
 
@@ -38,3 +49,10 @@ export interface ConfirmResetPasswordDto {
     password: string
   }
 }
+
+export interface ConfirmUserDto {
+  Body: {
+    token: string
+    tokenId: string
+  }
+}

package/src/auth/utils.ts

@@ -8,19 +8,45 @@ export const LOGIN_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      username: { type: 'string' },
-      password: { type: 'string' }
+      username: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 }
     },
     required: ['username', 'password']
   }
 }
 
-export const RESET_SCHEMA = {
+export const RESET_SEND_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      email: { type: 'string' },
-      password: { type: 'string' }
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      }
+    },
+    required: ['email']
+  }
+}
+
+export const RESET_CALL_SCHEMA = {
+  body: {
+    type: 'object',
+    properties: {
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 },
+      arguments: { type: 'array' }
     },
     required: ['email', 'password']
   }
@@ -30,7 +56,7 @@ export const CONFIRM_RESET_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      password: { type: 'string' },
+      password: { type: 'string', minLength: 8, maxLength: 128 },
       token: { type: 'string' },
       tokenId: { type: 'string' }
     },
@@ -38,12 +64,30 @@ export const CONFIRM_RESET_SCHEMA = {
   }
 }
 
+export const CONFIRM_USER_SCHEMA = {
+  body: {
+    type: 'object',
+    properties: {
+      token: { type: 'string' },
+      tokenId: { type: 'string' }
+    },
+    required: ['token', 'tokenId']
+  }
+}
+
+export const RESET_SCHEMA = RESET_SEND_SCHEMA
+
 export const REGISTRATION_SCHEMA = {
   body: {
     type: 'object',
     properties: {
-      email: { type: 'string' },
-      password: { type: 'string' }
+      email: {
+        type: 'string',
+        pattern: '^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$',
+        minLength: 3,
+        maxLength: 254
+      },
+      password: { type: 'string', minLength: 8, maxLength: 128 }
     },
     required: ['email', 'password']
   }
@@ -52,9 +96,11 @@ export const REGISTRATION_SCHEMA = {
 export enum AUTH_ENDPOINTS {
   LOGIN = '/login',
   REGISTRATION = '/register',
+  CONFIRM = '/confirm',
   PROFILE = '/profile',
   SESSION = '/session',
-  RESET = '/reset/call',
+  RESET = '/reset/send',
+  RESET_CALL = '/reset/call',
   CONFIRM_RESET = "/reset",
   FIRST_USER = '/setup/first-user'
 }
@@ -62,7 +108,9 @@ export enum AUTH_ENDPOINTS {
 export enum AUTH_ERRORS {
   INVALID_CREDENTIALS = 'Invalid credentials',
   INVALID_TOKEN = 'Invalid refresh token provided',
-  INVALID_RESET_PARAMS = 'Invalid token or tokenId provided'
+  INVALID_RESET_PARAMS = 'Invalid token or tokenId provided',
+  MISSING_RESET_FUNCTION = 'Missing reset function',
+  USER_NOT_CONFIRMED = 'User not confirmed'
 }
 
 export interface AuthConfig {
@@ -70,6 +118,7 @@ export interface AuthConfig {
   'api-key': ApiKey
   'local-userpass': LocalUserpass
   'custom-function': CustomFunction
+  'anon-user'?: AnonUser
 }
 
 interface ApiKey {
@@ -93,17 +142,19 @@ interface CustomFunction {
   }
 }
 
+export interface AnonUser {
+  name: "anon-user"
+  type: "anon-user"
+  disabled: boolean
+}
+
 export interface Config {
   autoConfirm: boolean
+  confirmationFunctionName?: string
   resetFunctionName: string
   resetPasswordUrl: string
   runConfirmationFunction: boolean
   runResetFunction: boolean
-  mailConfig: {
-    from: string
-    subject: string
-    mailToken: string
-  }
 }
 
 export interface CustomUserDataConfig {
@@ -137,74 +188,6 @@ export const loadCustomUserData = (): CustomUserDataConfig => {
   return JSON.parse(fs.readFileSync(userDataPath, 'utf-8'))
 }
 
-export const getMailConfig = (
-  resetPasswordConfig: Config,
-  token: string,
-  tokenId: string
-) => {
-  const { mailConfig, resetPasswordUrl } = resetPasswordConfig
-  const ENV_PREFIX = 'ENV'
-  const { from, subject, mailToken } = mailConfig
-
-  const [fromPrefix, fromPath] = from.split('.')
-
-  if (!fromPath) {
-    throw new Error(`Invalid fromPath: ${fromPath}`)
-  }
-
-  const currentSender = (fromPrefix === ENV_PREFIX ? process.env[fromPath] : from) ?? ''
-  const [subjectPrefix, subjectPath] = subject.split('.')
-
-  if (!subjectPath) {
-    throw new Error(`Invalid subjectPath: ${subjectPath}`)
-  }
-
-  const currentSubject =
-    (subjectPrefix === ENV_PREFIX ? process.env[subjectPath] : subject) ?? ''
-  const [mailTokenPrefix, mailTokenPath] = mailToken.split('.')
-
-  if (!mailTokenPath) {
-    throw new Error(`Invalid mailTokenPath: ${mailTokenPath}`)
-  }
-
-  const currentMailToken =
-    (mailTokenPrefix === 'ENV' ? process.env[mailTokenPath] : mailToken) ?? ''
-
-  const link = `${resetPasswordUrl}/${token}/${tokenId}`
-  const body = `<body style="font-family: Arial, sans-serif; background-color: #f4f4f4; text-align: center; padding: 20px;">
-  <table width="100%" cellspacing="0" cellpadding="0">
-      <tr>
-          <td align="center">
-              <table width="600" cellspacing="0" cellpadding="0" style="background: #ffffff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
-                  <tr>
-                      <td align="center">
-                          <h2>Password Reset Request</h2>
-                          <p>If you requested a password reset, click the button below to reset your password.</p>
-                          <p>If you did not request this, please ignore this email.</p>
-                          <p>
-                              <a href="${link}" style="display: inline-block; padding: 12px 20px; font-size: 16px; color: #ffffff; background: #007bff; text-decoration: none; border-radius: 5px;">Reset Password</a>
-                          </p>
-                          <p style="margin-top: 20px; font-size: 12px; color: #777;">If the button does not work, copy and paste the following link into your browser:</p>
-                          <p style="font-size: 12px; color: #777;">${link}</p>
-                      </td>
-                  </tr>
-              </table>
-          </td>
-      </tr>
-  </table>
-</body>`
-  return {
-    from: currentSender ?? '',
-    subject: currentSubject,
-    mailToken: currentMailToken,
-    body
-  }
-}
-
-
-
-
-
 export const generatePassword = (length = 20) => {
   const bytes = crypto.randomBytes(length);
   return Array.from(bytes, (b) => CHARSET[b % CHARSET.length]).join("");

package/src/constants.ts

@@ -17,6 +17,15 @@ export const DEFAULT_CONFIG = {
   HTTPS_SCHEMA: process.env.HTTPS_SCHEMA || 'https',
   HOST: process.env.HOST || '0.0.0.0',
   ENABLE_LOGGER: process.env.ENABLE_LOGGER,
+  RESET_PASSWORD_TTL_SECONDS: Number(process.env.RESET_PASSWORD_TTL_SECONDS) || 3600,
+  AUTH_RATE_LIMIT_WINDOW_MS: Number(process.env.AUTH_RATE_LIMIT_WINDOW_MS) || 15 * 60 * 1000,
+  AUTH_LOGIN_MAX_ATTEMPTS: Number(process.env.AUTH_LOGIN_MAX_ATTEMPTS) || 10,
+  AUTH_REGISTER_MAX_ATTEMPTS: Number(process.env.AUTH_REGISTER_MAX_ATTEMPTS) || 5,
+  AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
+  REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
+  ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
+  SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
+  SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
   CORS_OPTIONS: {
     origin: "*",
     methods: ["GET", "POST", "PUT", "DELETE"] as ALLOWED_METHODS[]
@@ -30,12 +39,15 @@ export const DB_NAME = database_name
 export const AUTH_CONFIG = {
   authCollection: auth_collection,
   userCollection: collection_name,
-  resetPasswordCollection: 'reset-password-requests',
+  resetPasswordCollection: 'reset_password_requests',
+  refreshTokensCollection: 'auth_refresh_tokens',
   resetPasswordConfig: configuration['local-userpass']?.config,
+  localUserpassConfig: configuration['local-userpass']?.config,
   user_id_field,
   on_user_creation_function_name,
   providers: {
-    "custom-function": configuration['custom-function']?.config
+    "custom-function": configuration['custom-function']?.config,
+    "anon-user": configuration['anon-user']
   }
 }