@flowerforce/flowerbase 1.2.1-beta.9 → 1.3.0

package/src/auth/providers/local-userpass/controller.ts

@@ -1,6 +1,6 @@
 import { FastifyInstance } from 'fastify'
+import { ObjectId } from 'mongodb'
 import { AUTH_CONFIG, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
-import { services } from '../../../services'
 import handleUserRegistration from '../../../shared/handleUserRegistration'
 import { PROVIDER } from '../../../shared/models/handleUserRegistration.model'
 import { StateManager } from '../../../state'
@@ -10,6 +10,7 @@ import {
   AUTH_ENDPOINTS,
   AUTH_ERRORS,
   CONFIRM_RESET_SCHEMA,
+  CONFIRM_USER_SCHEMA,
   LOGIN_SCHEMA,
   REGISTRATION_SCHEMA,
   RESET_CALL_SCHEMA,
@@ -17,6 +18,7 @@ import {
 } from '../../utils'
 import {
   ConfirmResetPasswordDto,
+  ConfirmUserDto,
   LoginDto,
   RegistrationDto,
   ResetPasswordCallDto,
@@ -39,20 +41,14 @@ const isRateLimited = (key: string, maxAttempts: number, windowMs: number) => {
  * @param {FastifyInstance} app - The Fastify instance.
  */
 export async function localUserPassController(app: FastifyInstance) {
-  const functionsList = StateManager.select('functions')
-
-  const {
-    authCollection,
-    userCollection,
-    user_id_field,
-    on_user_creation_function_name
-  } = AUTH_CONFIG
+  const { authCollection, userCollection, user_id_field } = AUTH_CONFIG
   const { resetPasswordCollection } = AUTH_CONFIG
   const { refreshTokensCollection } = AUTH_CONFIG
   const db = app.mongo.client.db(DB_NAME)
   const resetPasswordTtlSeconds = DEFAULT_CONFIG.RESET_PASSWORD_TTL_SECONDS
   const rateLimitWindowMs = DEFAULT_CONFIG.AUTH_RATE_LIMIT_WINDOW_MS
   const loginMaxAttempts = DEFAULT_CONFIG.AUTH_LOGIN_MAX_ATTEMPTS
+  const registerMaxAttempts = DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS
   const resetMaxAttempts = DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
 
@@ -136,6 +132,11 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: REGISTRATION_SCHEMA
     },
     async (req, res) => {
+      const key = `register:${req.ip}`
+      if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
+        res.status(429).send({ message: 'Too many requests' })
+        return
+      }
 
       const result = await handleUserRegistration(app, { run_as_system: true, provider: PROVIDER.LOCAL_USERPASS })({ email: req.body.email.toLowerCase(), password: req.body.password })
 
@@ -149,6 +150,50 @@ export async function localUserPassController(app: FastifyInstance) {
     }
   )
 
+  /**
+   * Endpoint for confirming a user registration.
+   *
+   * @route {POST} /confirm
+   * @param {ConfirmUserDto} req - The request object with confirmation data.
+   * @returns {Promise<Object>} A promise resolving with confirmation status.
+   */
+  app.post<ConfirmUserDto>(
+    AUTH_ENDPOINTS.CONFIRM,
+    {
+      schema: CONFIRM_USER_SCHEMA
+    },
+    async (req, res) => {
+      const key = `confirm:${req.ip}`
+      if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
+        res.status(429).send({ message: 'Too many requests' })
+        return
+      }
+
+      const existing = await db.collection(authCollection!).findOne({
+        confirmationToken: req.body.token,
+        confirmationTokenId: req.body.tokenId
+      }) as { _id: ObjectId; status?: string } | null
+
+      if (!existing) {
+        res.status(500)
+        throw new Error(AUTH_ERRORS.INVALID_TOKEN)
+      }
+
+      if (existing.status !== 'confirmed') {
+        await db.collection(authCollection!).updateOne(
+          { _id: existing._id },
+          {
+            $set: { status: 'confirmed' },
+            $unset: { confirmationToken: '', confirmationTokenId: '' }
+          }
+        )
+      }
+
+      res.status(200)
+      return { status: 'confirmed' }
+    }
+  )
+
   /**
    * Endpoint for user login.
    *
@@ -199,40 +244,8 @@ export async function localUserPassController(app: FastifyInstance) {
         id: authUser._id.toString()
       }
 
-      if (authUser && authUser.status === 'pending') {
-        try {
-          await db?.collection(authCollection!).updateOne(
-            { _id: authUser._id },
-            {
-              $set: {
-                status: 'confirmed'
-              }
-            }
-          )
-        } catch (error) {
-          console.log('>>> 🚀 ~ localUserPassController ~ error:', error)
-        }
-      }
-
-      if (
-        authUser &&
-        authUser.status === 'pending' &&
-        on_user_creation_function_name &&
-        functionsList[on_user_creation_function_name]
-      ) {
-        try {
-          await GenerateContext({
-            args: [userWithCustomData],
-            app,
-            rules: {},
-            user: userWithCustomData,
-            currentFunction: functionsList[on_user_creation_function_name],
-            functionsList,
-            services
-          })
-        } catch (error) {
-          console.log('localUserPassController - /login - GenerateContext - CATCH:', error)
-        }
+      if (authUser && authUser.status !== 'confirmed') {
+        throw new Error(AUTH_ERRORS.USER_NOT_CONFIRMED)
       }
 
       const refreshToken = this.createRefreshToken(userWithCustomData)

package/src/auth/providers/local-userpass/dtos.ts

@@ -49,3 +49,10 @@ export interface ConfirmResetPasswordDto {
     password: string
   }
 }
+
+export interface ConfirmUserDto {
+  Body: {
+    token: string
+    tokenId: string
+  }
+}

package/src/auth/utils.ts

@@ -64,6 +64,17 @@ export const CONFIRM_RESET_SCHEMA = {
   }
 }
 
+export const CONFIRM_USER_SCHEMA = {
+  body: {
+    type: 'object',
+    properties: {
+      token: { type: 'string' },
+      tokenId: { type: 'string' }
+    },
+    required: ['token', 'tokenId']
+  }
+}
+
 export const RESET_SCHEMA = RESET_SEND_SCHEMA
 
 export const REGISTRATION_SCHEMA = {
@@ -85,6 +96,7 @@ export const REGISTRATION_SCHEMA = {
 export enum AUTH_ENDPOINTS {
   LOGIN = '/login',
   REGISTRATION = '/register',
+  CONFIRM = '/confirm',
   PROFILE = '/profile',
   SESSION = '/session',
   RESET = '/reset/send',
@@ -97,7 +109,8 @@ export enum AUTH_ERRORS {
   INVALID_CREDENTIALS = 'Invalid credentials',
   INVALID_TOKEN = 'Invalid refresh token provided',
   INVALID_RESET_PARAMS = 'Invalid token or tokenId provided',
-  MISSING_RESET_FUNCTION = 'Missing reset function'
+  MISSING_RESET_FUNCTION = 'Missing reset function',
+  USER_NOT_CONFIRMED = 'User not confirmed'
 }
 
 export interface AuthConfig {
@@ -105,6 +118,7 @@ export interface AuthConfig {
   'api-key': ApiKey
   'local-userpass': LocalUserpass
   'custom-function': CustomFunction
+  'anon-user'?: AnonUser
 }
 
 interface ApiKey {
@@ -128,8 +142,15 @@ interface CustomFunction {
   }
 }
 
+export interface AnonUser {
+  name: "anon-user"
+  type: "anon-user"
+  disabled: boolean
+}
+
 export interface Config {
   autoConfirm: boolean
+  confirmationFunctionName?: string
   resetFunctionName: string
   resetPasswordUrl: string
   runConfirmationFunction: boolean

package/src/constants.ts

@@ -20,8 +20,10 @@ export const DEFAULT_CONFIG = {
   RESET_PASSWORD_TTL_SECONDS: Number(process.env.RESET_PASSWORD_TTL_SECONDS) || 3600,
   AUTH_RATE_LIMIT_WINDOW_MS: Number(process.env.AUTH_RATE_LIMIT_WINDOW_MS) || 15 * 60 * 1000,
   AUTH_LOGIN_MAX_ATTEMPTS: Number(process.env.AUTH_LOGIN_MAX_ATTEMPTS) || 10,
+  AUTH_REGISTER_MAX_ATTEMPTS: Number(process.env.AUTH_REGISTER_MAX_ATTEMPTS) || 5,
   AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
   REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
+  ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
   SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
   SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
   CORS_OPTIONS: {
@@ -40,10 +42,12 @@ export const AUTH_CONFIG = {
   resetPasswordCollection: 'reset_password_requests',
   refreshTokensCollection: 'auth_refresh_tokens',
   resetPasswordConfig: configuration['local-userpass']?.config,
+  localUserpassConfig: configuration['local-userpass']?.config,
   user_id_field,
   on_user_creation_function_name,
   providers: {
-    "custom-function": configuration['custom-function']?.config
+    "custom-function": configuration['custom-function']?.config,
+    "anon-user": configuration['anon-user']
   }
 }
 

package/src/features/functions/controller.ts

@@ -34,6 +34,13 @@ const logFunctionCall = (method: string, user: Record<string, any> | undefined,
   console.log('[functions-debug]', method, user ? { id: user.id, role: user.role, email: user.email } : 'no-user', args)
 }
 
+const formatFunctionExecutionError = (error: unknown) => {
+  const err = error as { message?: string; name?: string }
+  const message = typeof err?.message === 'string' ? err.message : String(error)
+  const name = typeof err?.name === 'string' ? err.name : 'Error'
+  return JSON.stringify({ message, name })
+}
+
 /**
  * > Creates a pre handler for every query
  * @param app -> the fastify instance
@@ -105,17 +112,26 @@ export const functionsController: FunctionController = async (
     }
 
     logFunctionCall(`function:${method}`, user, args)
-    const result = await GenerateContext({
-      args: req.body.arguments,
-      app,
-      rules,
-      user: { ...user, _id: new ObjectId(user.id) },
-      currentFunction,
-      functionsList,
-      services
-    })
-    res.type('application/json')
-    return JSON.stringify(result)
+    try {
+      const result = await GenerateContext({
+        args: req.body.arguments,
+        app,
+        rules,
+        user: { ...user, _id: new ObjectId(user.id) },
+        currentFunction,
+        functionsList,
+        services
+      })
+      res.type('application/json')
+      return JSON.stringify(result)
+    } catch (error) {
+      res.status(500)
+      res.type('application/json')
+      return JSON.stringify({
+        error: formatFunctionExecutionError(error),
+        error_code: 'FunctionExecutionError'
+      })
+    }
   })
   app.get<{
     Querystring: FunctionCallBase64Dto

package/src/features/triggers/index.ts

@@ -1,3 +1,4 @@
+import { AUTH_CONFIG, DB_NAME } from '../../constants'
 import { services } from '../../services'
 import { Function, Functions } from '../functions/interface'
 import { ActivateTriggersParams } from './dtos'
@@ -17,7 +18,49 @@ export const activateTriggers = async ({
 }: ActivateTriggersParams) => {
   console.log('START ACTIVATION TRIGGERS')
   try {
-    for await (const trigger of triggersList) {
+    const triggersToActivate = [...triggersList]
+    if (AUTH_CONFIG.on_user_creation_function_name) {
+      const alreadyDeclared = triggersToActivate.some(
+        (trigger) =>
+          trigger.content.type === 'AUTHENTICATION' &&
+          trigger.content.event_processors?.FUNCTION?.config?.function_name ===
+          AUTH_CONFIG.on_user_creation_function_name
+      )
+      if (!alreadyDeclared) {
+        triggersToActivate.push({
+          fileName: '__auto_on_user_creation_trigger__.json',
+          content: {
+            name: 'onUserCreation',
+            type: 'AUTHENTICATION',
+            disabled: false,
+            config: {
+              isAutoTrigger: true,
+              collection: AUTH_CONFIG.authCollection ?? 'auth_users',
+              database: DB_NAME,
+              full_document: true,
+              full_document_before_change: false,
+              match: {},
+              operation_types: ['insert', 'update', 'replace'],
+              project: {},
+              service_name: 'mongodb-atlas',
+              skip_catchup_events: false,
+              tolerate_resume_errors: false,
+              unordered: false,
+              schedule: ''
+            },
+            event_processors: {
+              FUNCTION: {
+                config: {
+                  function_name: AUTH_CONFIG.on_user_creation_function_name
+                }
+              }
+            }
+          }
+        })
+      }
+    }
+
+    for await (const trigger of triggersToActivate) {
       const { content } = trigger
       const { type, config, event_processors } = content
 

package/src/features/triggers/interface.ts

@@ -21,6 +21,7 @@ type Config = {
   database: string
   full_document: boolean
   full_document_before_change: boolean
+  isAutoTrigger?: boolean
   match: Record<string, unknown>
   operation_types: string[]
   project: Record<string, unknown>

package/src/features/triggers/utils.ts

@@ -110,55 +110,107 @@ const handleAuthenticationTrigger = async ({
   services,
   app
 }: HandlerParams) => {
-  const { database } = config
+  const { database, isAutoTrigger } = config
+  const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
+  const collection = app.mongo.client.db(database || DB_NAME).collection(authCollection)
   const pipeline = [
     {
       $match: {
-        operationType: { $in: ['insert'] }
+        operationType: { $in: ['insert', 'update', 'replace'] }
       }
     }
   ]
-  const changeStream = app.mongo.client
-    .db(database || DB_NAME)
-    .collection(AUTH_CONFIG.authCollection)
-    .watch(pipeline, {
-      fullDocument: 'whenAvailable'
-    })
+  const changeStream = collection.watch(pipeline, {
+    fullDocument: 'whenAvailable'
+  })
   changeStream.on('error', (error) => {
     if (shouldIgnoreStreamError(error)) return
     console.error('Authentication trigger change stream error', error)
   })
   changeStream.on('change', async function (change) {
-    const document = change['fullDocument' as keyof typeof change] as Record<
-      string,
-      string
-    > //TODO -> define user type
-
-    if (document) {
-      delete document.password
-
-      const currentUser = { ...document }
-      delete currentUser.password
-      await GenerateContext({
-        args: [{
-          user: {
-            ...currentUser,
-            id: currentUser._id.toString(),
-            data: {
-              _id: currentUser._id.toString(),
-              email: currentUser.email
-            }
-          }
-        }],
-        app,
-        rules: StateManager.select("rules"),
-        user: {},  // TODO from currentUser ??
-        currentFunction: triggerHandler,
-        functionsList,
-        services,
-        runAsSystem: true
-      })
+    const operationType = change['operationType' as keyof typeof change] as string | undefined
+    const documentKey = change['documentKey' as keyof typeof change] as
+      | { _id?: unknown }
+      | undefined
+    const fullDocument = change['fullDocument' as keyof typeof change] as
+      | Record<string, unknown>
+      | null
+    if (!documentKey?._id) {
+      return
     }
+
+    const updateDescription = change[
+      'updateDescription' as keyof typeof change
+    ] as { updatedFields?: Record<string, unknown> } | undefined
+    const updatedStatus = updateDescription?.updatedFields?.status
+    let confirmedCandidate = false
+    let confirmedDocument =
+      fullDocument as Record<string, unknown> | null
+
+    if (operationType === 'update') {
+      if (updatedStatus === 'confirmed') {
+        confirmedCandidate = true
+      } else if (updatedStatus === undefined) {
+        const fetched = await collection.findOne({
+          _id: documentKey._id
+        }) as Record<string, unknown> | null
+        confirmedDocument = fetched ?? confirmedDocument
+        confirmedCandidate = (confirmedDocument as { status?: string } | null)?.status === 'confirmed'
+      }
+    } else {
+      confirmedCandidate = (confirmedDocument as { status?: string } | null)?.status === 'confirmed'
+    }
+
+    if (!confirmedCandidate) {
+      return
+    }
+
+    const updateResult = await collection.findOneAndUpdate(
+      {
+        _id: documentKey._id,
+        status: 'confirmed',
+        on_user_creation_triggered_at: { $exists: false }
+      },
+      {
+        $set: {
+          on_user_creation_triggered_at: new Date()
+        }
+      },
+      {
+        returnDocument: 'after'
+      }
+    )
+
+    const document =
+      (updateResult?.value as Record<string, unknown> | null) ?? confirmedDocument
+    if (!document) {
+      return
+    }
+
+    delete (document as { password?: unknown }).password
+
+    const currentUser = { ...document }
+    delete (currentUser as { password?: unknown }).password
+
+    const userData = {
+      ...currentUser,
+      id: (currentUser as { _id: { toString: () => string } })._id.toString(),
+      data: {
+        _id: (currentUser as { _id: { toString: () => string } })._id.toString(),
+        email: (currentUser as { email?: string }).email
+      }
+    }
+    // TODO change va ripulito
+    await GenerateContext({
+      args: isAutoTrigger ? [userData] : [{ user: userData /*, ...change */ }],
+      app,
+      rules: StateManager.select("rules"),
+      user: {},  // TODO from currentUser ??
+      currentFunction: triggerHandler,
+      functionsList,
+      services,
+      runAsSystem: true
+    })
   })
   registerOnClose(
     app,

package/src/index.ts

@@ -58,19 +58,25 @@ export async function initialize({
     logger: !!DEFAULT_CONFIG.ENABLE_LOGGER
   })
 
-  console.log("BASE PATH", resolvedBasePath)
+  const isTest = process.env.NODE_ENV === 'test' || process.env.JEST_WORKER_ID !== undefined
+  const logInfo = (...args: unknown[]) => {
+    if (!isTest) {
+      console.log(...args)
+    }
+  }
 
-  console.log("CURRENT PORT", port)
-  console.log("CURRENT HOST", host)
+  logInfo("BASE PATH", resolvedBasePath)
+  logInfo("CURRENT PORT", port)
+  logInfo("CURRENT HOST", host)
 
   const functionsList = await loadFunctions(resolvedBasePath)
-  console.log("Functions LOADED")
+  logInfo("Functions LOADED")
   const triggersList = await loadTriggers(resolvedBasePath)
-  console.log("Triggers LOADED")
+  logInfo("Triggers LOADED")
   const endpointsList = await loadEndpoints(resolvedBasePath)
-  console.log("Endpoints LOADED")
+  logInfo("Endpoints LOADED")
   const rulesList = await loadRules(resolvedBasePath)
-  console.log("Rules LOADED")
+  logInfo("Rules LOADED")
 
   const stateConfig = {
     functions: functionsList,
@@ -137,15 +143,15 @@ export async function initialize({
     corsConfig
   })
 
-  console.log('Plugins registration COMPLETED')
+  logInfo('Plugins registration COMPLETED')
   await exposeRoutes(fastify)
-  console.log('APP Routes registration COMPLETED')
+  logInfo('APP Routes registration COMPLETED')
   await registerFunctions({ app: fastify, functionsList, rulesList })
-  console.log('Functions registration COMPLETED')
+  logInfo('Functions registration COMPLETED')
   await generateEndpoints({ app: fastify, functionsList, endpointsList, rulesList })
-  console.log('HTTP Endpoints registration COMPLETED')
+  logInfo('HTTP Endpoints registration COMPLETED')
   fastify.ready(() => {
-    console.log("FASTIFY IS READY")
+    logInfo("FASTIFY IS READY")
     if (triggersList?.length > 0) activateTriggers({ fastify, triggersList, functionsList })
   })
   await fastify.listen({ port, host })