@flowerforce/flowerbase 1.6.1 → 1.6.2-beta.1

package/README.md

@@ -92,8 +92,8 @@ Ensure the following environment variables are set in your .env file or deployme
 | ---------------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
 | `PROJECT_ID`           | A unique ID to identify your project. This value can be freely invented — it's preserved mainly for compatibility with the old Realm-style project structure.                     | `my-flowerbase-app`                                |
 | `PORT`                 | The port on which the server will run.                                      | `3000`                                             |
-| `DB_CONNECTION_STRING` | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
-| `APP_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
+| `MONGODB_URL`          | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
+| `JWT_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
 | `HOST`                 | The host address the server binds to (usually `0.0.0.0` for public access). | `0.0.0.0`                                          |
 | `HTTPS_SCHEMA`         | The schema for your server requests (usually `https` or `http`).            | `http`                                             |
 | `RESET_PASSWORD_TTL_SECONDS` | Time-to-live for password reset tokens (in seconds).                  | `3600`                                             |
@@ -101,6 +101,7 @@ Ensure the following environment variables are set in your .env file or deployme
 | `AUTH_LOGIN_MAX_ATTEMPTS`    | Max login attempts per window.                                         | `10`                                               |
 | `AUTH_RESET_MAX_ATTEMPTS`    | Max reset requests per window.                                         | `5`                                                |
 | `REFRESH_TOKEN_TTL_DAYS`     | Refresh token time-to-live (in days).                                  | `60`                                               |
+| `SWAGGER_ENABLED`      | Enable Swagger UI and spec routes (disabled by default).                    | `true`                                             |
 | `SWAGGER_UI_USER`      | Basic Auth username for Swagger UI (optional).                            | `admin`                                            |
 | `SWAGGER_UI_PASSWORD`  | Basic Auth password for Swagger UI (optional).                            | `change-me`                                        |
 
@@ -109,8 +110,8 @@ Example:
 ```env
 PROJECT_ID=your-project-id
 PORT=3000
-DB_CONNECTION_STRING=mongodb+srv://username:password@cluster.mongodb.net/dbname
-APP_SECRET=your-jwt-secret
+MONGODB_URL=mongodb+srv://username:password@cluster.mongodb.net/dbname
+JWT_SECRET=your-jwt-secret
 HOST=0.0.0.0
 HTTPS_SCHEMA=http
 RESET_PASSWORD_TTL_SECONDS=3600
@@ -118,6 +119,7 @@ AUTH_RATE_LIMIT_WINDOW_MS=900000
 AUTH_LOGIN_MAX_ATTEMPTS=10
 AUTH_RESET_MAX_ATTEMPTS=5
 REFRESH_TOKEN_TTL_DAYS=60
+SWAGGER_ENABLED=true
 SWAGGER_UI_USER=admin
 SWAGGER_UI_PASSWORD=change-me
 ```
@@ -134,8 +136,8 @@ import { initialize } from '@flowerforce/flowerbase';
 
 const projectId = process.env.PROJECT_ID ?? "my-project-id"
 const port = process.env.PORT ? Number(process.env.PORT) : undefined
-const mongodbUrl = process.env.DB_CONNECTION_STRING
-const jwtSecret = process.env.APP_SECRET
+const mongodbUrl = process.env.MONGODB_URL
+const jwtSecret = process.env.JWT_SECRET
 const host = process.env.HOST
 
 initialize({
@@ -401,8 +403,8 @@ import { initialize } from '@flowerforce/flowerbase';
 
 const projectId = process.env.PROJECT_ID ?? "my-project-id"
 const port = process.env.PORT ? Number(process.env.PORT) : undefined
-const mongodbUrl = process.env.DB_CONNECTION_STRING
-const jwtSecret = process.env.APP_SECRET
+const mongodbUrl = process.env.MONGODB_URL
+const jwtSecret = process.env.JWT_SECRET
 const host = process.env.HOST
 
 initialize({
@@ -422,8 +424,8 @@ Ensure the following environment variables are set in your .env file or deployme
 | ---------------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
 | `PROJECT_ID`           | A unique ID to identify your project. This value can be freely invented — it's preserved mainly for compatibility with the old Realm-style project structure.                     | `my-flowerbase-app`                                |
 | `PORT`                 | The port on which the server will run.                                      | `3000`                                             |
-| `DB_CONNECTION_STRING` | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
-| `APP_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
+| `MONGODB_URL`          | MongoDB connection URI, including username, password, and database name.    | `mongodb+srv://user:pass@cluster.mongodb.net/mydb` |
+| `JWT_SECRET`           | Secret used to sign and verify JWT tokens (choose a strong secret).         | `supersecretkey123!`                               |
 | `HOST`                 | The host address the server binds to (usually `0.0.0.0` for public access). | `0.0.0.0`                                          |
 | `HTTPS_SCHEMA`         | The schema for your server requests (usually `https` or `http`).            | `http`                                             |
 | `RESET_PASSWORD_TTL_SECONDS` | Time-to-live for password reset tokens (in seconds).                  | `3600`                                             |
@@ -431,6 +433,7 @@ Ensure the following environment variables are set in your .env file or deployme
 | `AUTH_LOGIN_MAX_ATTEMPTS`    | Max login attempts per window.                                         | `10`                                               |
 | `AUTH_RESET_MAX_ATTEMPTS`    | Max reset requests per window.                                         | `5`                                                |
 | `REFRESH_TOKEN_TTL_DAYS`     | Refresh token time-to-live (in days).                                  | `60`                                               |
+| `SWAGGER_ENABLED`      | Enable Swagger UI and spec routes (disabled by default).                    | `true`                                             |
 | `SWAGGER_UI_USER`      | Basic Auth username for Swagger UI (optional).                            | `admin`                                            |
 | `SWAGGER_UI_PASSWORD`  | Basic Auth password for Swagger UI (optional).                            | `change-me`                                        |
 
@@ -439,8 +442,8 @@ Example:
 ```env
 PROJECT_ID=your-project-id
 PORT=3000
-DB_CONNECTION_STRING=mongodb+srv://username:password@cluster.mongodb.net/dbname
-APP_SECRET=your-jwt-secret
+MONGODB_URL=mongodb+srv://username:password@cluster.mongodb.net/dbname
+JWT_SECRET=your-jwt-secret
 HOST=0.0.0.0
 HTTPS_SCHEMA=http
 RESET_PASSWORD_TTL_SECONDS=3600
@@ -448,6 +451,7 @@ AUTH_RATE_LIMIT_WINDOW_MS=900000
 AUTH_LOGIN_MAX_ATTEMPTS=10
 AUTH_RESET_MAX_ATTEMPTS=5
 REFRESH_TOKEN_TTL_DAYS=60
+SWAGGER_ENABLED=true
 SWAGGER_UI_USER=admin
 SWAGGER_UI_PASSWORD=change-me
 ```

package/dist/auth/providers/anon-user/controller.js

@@ -23,7 +23,7 @@ const utils_1 = require("../../utils");
 function anonUserController(app) {
     return __awaiter(this, void 0, void 0, function* () {
         const db = app.mongo.client.db(constants_1.DB_NAME);
-        const { authCollection, refreshTokensCollection, providers } = constants_1.AUTH_CONFIG;
+        const { authCollection, refreshTokensCollection } = constants_1.AUTH_CONFIG;
         const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
         const anonUserTtlSeconds = constants_1.DEFAULT_CONFIG.ANON_USER_TTL_SECONDS;
         try {
@@ -37,8 +37,9 @@ function anonUserController(app) {
         }
         app.post(utils_1.AUTH_ENDPOINTS.LOGIN, function () {
             return __awaiter(this, void 0, void 0, function* () {
-                const anonProvider = providers === null || providers === void 0 ? void 0 : providers['anon-user'];
-                if (anonProvider === null || anonProvider === void 0 ? void 0 : anonProvider.disabled) {
+                var _a;
+                const anonProvider = (_a = constants_1.AUTH_CONFIG.authProviders) === null || _a === void 0 ? void 0 : _a['anon-user'];
+                if (!anonProvider || anonProvider.disabled) {
                     throw new Error('Anonymous authentication disabled');
                 }
                 const now = new Date();

package/dist/auth/providers/custom-function/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AASzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBAgGlE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AASzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBAoGlE"}

package/dist/auth/providers/custom-function/controller.js

@@ -39,8 +39,13 @@ function customFunctionController(app) {
             schema: schema_1.LOGIN_SCHEMA
         }, function (req, reply) {
             return __awaiter(this, void 0, void 0, function* () {
-                const { providers } = constants_1.AUTH_CONFIG;
-                const authFunctionName = providers["custom-function"].authFunctionName;
+                var _a, _b;
+                const customFunctionProvider = (_a = constants_1.AUTH_CONFIG.authProviders) === null || _a === void 0 ? void 0 : _a['custom-function'];
+                if (!customFunctionProvider || customFunctionProvider.disabled) {
+                    throw new Error('Custom function authentication disabled');
+                }
+                const authFunctionName = (_b = customFunctionProvider
+                    .config) === null || _b === void 0 ? void 0 : _b.authFunctionName;
                 if (!authFunctionName || !functionsList[authFunctionName]) {
                     throw new Error("Missing Auth Function");
                 }

package/dist/auth/providers/local-userpass/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAqCzC;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,eAAe,iBAqVjE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAqCzC;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,eAAe,iBA8WjE"}

package/dist/auth/providers/local-userpass/controller.js

@@ -47,6 +47,7 @@ function localUserPassController(app) {
         const registerMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS;
         const resetMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS;
         const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
+        const resolveLocalUserpassProvider = () => { var _a; return (_a = constants_1.AUTH_CONFIG.authProviders) === null || _a === void 0 ? void 0 : _a['local-userpass']; };
         try {
             yield db.collection(resetPasswordCollection).createIndex({ createdAt: 1 }, { expireAfterSeconds: resetPasswordTtlSeconds });
         }
@@ -102,6 +103,10 @@ function localUserPassController(app) {
         app.post(utils_1.AUTH_ENDPOINTS.REGISTRATION, {
             schema: utils_1.REGISTRATION_SCHEMA
         }, (req, res) => __awaiter(this, void 0, void 0, function* () {
+            const localUserpassProvider = resolveLocalUserpassProvider();
+            if (!localUserpassProvider || localUserpassProvider.disabled) {
+                throw new Error('Local userpass authentication disabled');
+            }
             const key = `register:${req.ip}`;
             if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
                 res.status(429).send({ message: 'Too many requests' });
@@ -141,6 +146,10 @@ function localUserPassController(app) {
         app.post(utils_1.AUTH_ENDPOINTS.CONFIRM, {
             schema: utils_1.CONFIRM_USER_SCHEMA
         }, (req, res) => __awaiter(this, void 0, void 0, function* () {
+            const localUserpassProvider = resolveLocalUserpassProvider();
+            if (!localUserpassProvider || localUserpassProvider.disabled) {
+                throw new Error('Local userpass authentication disabled');
+            }
             const key = `confirm:${req.ip}`;
             if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                 res.status(429).send({ message: 'Too many requests' });
@@ -174,6 +183,10 @@ function localUserPassController(app) {
             schema: utils_1.LOGIN_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `login:${req.ip}`;
                 if (isRateLimited(key, loginMaxAttempts, rateLimitWindowMs)) {
                     res.status(429).send({ message: 'Too many requests' });
@@ -227,6 +240,10 @@ function localUserPassController(app) {
             schema: utils_1.RESET_SEND_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `reset:${req.ip}`;
                 if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                     res.status(429);
@@ -243,6 +260,10 @@ function localUserPassController(app) {
             schema: utils_1.RESET_CALL_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `reset:${req.ip}`;
                 if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                     res.status(429);
@@ -266,6 +287,10 @@ function localUserPassController(app) {
             schema: utils_1.CONFIRM_RESET_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `reset-confirm:${req.ip}`;
                 if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                     res.status(429);

package/dist/auth/utils.js

@@ -149,7 +149,7 @@ const loadAuthConfig = () => {
             'anon-user': {
                 name: 'anon-user',
                 type: 'anon-user',
-                disabled: false
+                disabled: true
             }
         };
     }

package/dist/constants.d.ts

@@ -14,6 +14,7 @@ export declare const DEFAULT_CONFIG: {
     AUTH_RESET_MAX_ATTEMPTS: number;
     REFRESH_TOKEN_TTL_DAYS: number;
     ANON_USER_TTL_SECONDS: number;
+    SWAGGER_ENABLED: boolean;
     SWAGGER_UI_USER: string;
     SWAGGER_UI_PASSWORD: string;
     CORS_OPTIONS: {
@@ -24,6 +25,10 @@ export declare const DEFAULT_CONFIG: {
 export declare const API_VERSION: string;
 export declare const HTTPS_SCHEMA: string;
 export declare const DB_NAME: string;
+type AuthProviders = Record<string, {
+    disabled?: boolean;
+    config?: unknown;
+}>;
 export declare const AUTH_CONFIG: {
     authCollection: string;
     userCollection: string;
@@ -31,6 +36,7 @@ export declare const AUTH_CONFIG: {
     refreshTokensCollection: string;
     resetPasswordConfig: import("./auth/utils").Config;
     localUserpassConfig: import("./auth/utils").Config;
+    authProviders: AuthProviders;
     user_id_field: string;
     on_user_creation_function_name: string;
     providers: {
@@ -44,4 +50,5 @@ export declare const S3_CONFIG: {
     ACCESS_KEY_ID: string | undefined;
     SECRET_ACCESS_KEY: string | undefined;
 };
+export {};
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAUpC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;iBAmBsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AAGpC,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;CAavB,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAepC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;iBAoBsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAAA;AAE7E,eAAO,MAAM,WAAW;;;;;;;mBAOqB,aAAa;;;;;;;;;CAOzD,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}

package/dist/constants.js

@@ -14,6 +14,11 @@ var _a, _b, _c;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.S3_CONFIG = exports.AUTH_CONFIG = exports.DB_NAME = exports.HTTPS_SCHEMA = exports.API_VERSION = exports.DEFAULT_CONFIG = void 0;
 const utils_1 = require("./auth/utils");
+const parseBoolean = (value) => {
+    if (!value)
+        return false;
+    return ['1', 'true', 'yes', 'on'].includes(value.toLowerCase());
+};
 const { database_name, collection_name = 'users', user_id_field = 'id', on_user_creation_function_name } = (0, utils_1.loadCustomUserData)();
 const _d = (0, utils_1.loadAuthConfig)(), { auth_collection = 'auth_users' } = _d, configuration = __rest(_d, ["auth_collection"]);
 exports.DEFAULT_CONFIG = {
@@ -31,6 +36,7 @@ exports.DEFAULT_CONFIG = {
     AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
     REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
     ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
+    SWAGGER_ENABLED: parseBoolean(process.env.SWAGGER_ENABLED),
     SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
     SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
     CORS_OPTIONS: {
@@ -49,6 +55,7 @@ exports.AUTH_CONFIG = {
     refreshTokensCollection: 'auth_refresh_tokens',
     resetPasswordConfig: (_a = configuration['local-userpass']) === null || _a === void 0 ? void 0 : _a.config,
     localUserpassConfig: (_b = configuration['local-userpass']) === null || _b === void 0 ? void 0 : _b.config,
+    authProviders: configuration,
     user_id_field,
     on_user_creation_function_name,
     providers: {

package/dist/features/triggers/interface.d.ts

@@ -23,6 +23,7 @@ type Config = {
     match: Record<string, unknown>;
     operation_types: string[];
     operation_type?: 'CREATE' | 'DELETE' | 'LOGOUT';
+    providers?: string[];
     project: Record<string, unknown>;
     service_name: string;
     skip_catchup_events: boolean;

package/dist/features/triggers/interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACnD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE5D,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,WAAW,CAAA;IACjB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB,EAAE;QAChB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,aAAa,EAAE,MAAM,CAAA;aACtB,CAAA;SACF,CAAA;KACF,CAAA;CACF;AAED,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,OAAO,CAAA;IACtB,2BAA2B,EAAE,OAAO,CAAA;IACpC,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;IAC/C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,sBAAsB,EAAE,OAAO,CAAA;IAC/B,SAAS,EAAE,OAAO,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,UAAU,GAAG,gBAAgB,CAAA;AACrE,MAAM,MAAM,QAAQ,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAAE,CAAA;AAE/D,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,QAAQ,CAAA;IACxB,GAAG,EAAE,eAAe,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,aAAa,EAAE,SAAS,CAAA;CACzB,CAAA"}
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACnD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE5D,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,WAAW,CAAA;IACjB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB,EAAE;QAChB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,aAAa,EAAE,MAAM,CAAA;aACtB,CAAA;SACF,CAAA;KACF,CAAA;CACF;AAED,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,OAAO,CAAA;IACtB,2BAA2B,EAAE,OAAO,CAAA;IACpC,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;IAC/C,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,sBAAsB,EAAE,OAAO,CAAA;IAC/B,SAAS,EAAE,OAAO,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,UAAU,GAAG,gBAAgB,CAAA;AACrE,MAAM,MAAM,QAAQ,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAAE,CAAA;AAE/D,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,QAAQ,CAAA;IACxB,GAAG,EAAE,eAAe,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,aAAa,EAAE,SAAS,CAAA;CACzB,CAAA"}

package/dist/features/triggers/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,aAAa,CAAA;AAqC9D;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAU,gBAAuB,KAAG,OAAO,CAAC,QAAQ,CAkB5E,CAAA;AAuaD,eAAO,MAAM,gBAAgB;0EAnZ1B,aAAa;yEAwVb,aAAa;+EAtSb,aAAa;CAqWf,CAAA"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,aAAa,CAAA;AAqC9D;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAU,gBAAuB,KAAG,OAAO,CAAC,QAAQ,CAkB5E,CAAA;AAyeD,eAAO,MAAM,gBAAgB;0EArd1B,aAAa;yEA0Zb,aAAa;+EArUb,aAAa;CAoYf,CAAA"}

package/dist/features/triggers/utils.js

@@ -123,6 +123,38 @@ const mapOpInverse = {
     LOGOUT: ['update'],
 };
 const normalizeOperationTypes = (operationTypes = []) => operationTypes.map((op) => op.toLowerCase());
+const normalizeProviders = (providers = []) => providers
+    .map((provider) => (typeof provider === 'string' ? provider.trim().toLowerCase() : ''))
+    .filter((provider) => provider.length);
+const extractProvidersFromDocument = (document) => {
+    if (!document)
+        return [];
+    const providers = [];
+    const identities = document.identities;
+    if (Array.isArray(identities)) {
+        for (const identity of identities) {
+            if (!identity || typeof identity !== 'object')
+                continue;
+            const providerType = identity.provider_type;
+            if (typeof providerType === 'string') {
+                providers.push(providerType.toLowerCase());
+            }
+        }
+    }
+    const rootProviderType = document.provider_type;
+    if (typeof rootProviderType === 'string') {
+        providers.push(rootProviderType.toLowerCase());
+    }
+    return providers;
+};
+const matchesProviderFilter = (document, providerFilter) => {
+    if (!providerFilter.length)
+        return true;
+    const documentProviders = extractProvidersFromDocument(document);
+    if (!documentProviders.length)
+        return false;
+    return documentProviders.some((provider) => providerFilter.includes(provider));
+};
 const resolveDocumentOptions = ({ requestFullDocument, requestFullDocumentBeforeChange, normalizedOperations }) => {
     const includesUpdateOrReplace = normalizedOperations.some((op) => op === 'update' || op === 'replace');
     const fullDocument = (() => {
@@ -134,9 +166,10 @@ const resolveDocumentOptions = ({ requestFullDocument, requestFullDocumentBefore
     return { fullDocument, fullDocumentBeforeChange };
 };
 const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, function* ({ config, triggerHandler, functionsList, services, app }) {
-    var _b;
+    var _b, _c;
     const { database, isAutoTrigger, operation_types = [], operation_type } = config;
-    const authCollection = (_b = constants_1.AUTH_CONFIG.authCollection) !== null && _b !== void 0 ? _b : 'auth_users';
+    const providerFilter = normalizeProviders((_b = config.providers) !== null && _b !== void 0 ? _b : []);
+    const authCollection = (_c = constants_1.AUTH_CONFIG.authCollection) !== null && _c !== void 0 ? _c : 'auth_users';
     const collection = app.mongo.client.db(database || constants_1.DB_NAME).collection(authCollection);
     const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types;
     const normalizedOps = normalizeOperationTypes(operationCandidates);
@@ -216,6 +249,9 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                         _id: documentKey._id
                     }));
                 }
+                if (!matchesProviderFilter(logoutDocument, providerFilter)) {
+                    return;
+                }
                 const userData = buildUserData(logoutDocument);
                 if (!userData) {
                     return;
@@ -248,7 +284,11 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 if (isAutoTrigger || operation_type !== 'DELETE') {
                     return;
                 }
-                const userData = buildUserData(fullDocumentBeforeChange !== null && fullDocumentBeforeChange !== void 0 ? fullDocumentBeforeChange : confirmedDocument);
+                const deleteDocument = fullDocumentBeforeChange !== null && fullDocumentBeforeChange !== void 0 ? fullDocumentBeforeChange : confirmedDocument;
+                if (!matchesProviderFilter(deleteDocument, providerFilter)) {
+                    return;
+                }
+                const userData = buildUserData(deleteDocument);
                 if (!userData) {
                     return;
                 }
@@ -277,7 +317,16 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 return;
             }
             if (isReplace) {
-                const userData = buildUserData(confirmedDocument);
+                let replaceDocument = confirmedDocument;
+                if (!replaceDocument && providerFilter.length && (documentKey === null || documentKey === void 0 ? void 0 : documentKey._id)) {
+                    replaceDocument = (yield collection.findOne({
+                        _id: documentKey._id
+                    }));
+                }
+                if (!matchesProviderFilter(replaceDocument, providerFilter)) {
+                    return;
+                }
+                const userData = buildUserData(replaceDocument);
                 if (!userData) {
                     return;
                 }
@@ -323,6 +372,16 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
             if (!confirmedCandidate) {
                 return;
             }
+            let candidateDocument = confirmedDocument;
+            if (!candidateDocument && providerFilter.length && (documentKey === null || documentKey === void 0 ? void 0 : documentKey._id)) {
+                candidateDocument = (yield collection.findOne({
+                    _id: documentKey._id
+                }));
+                confirmedDocument = candidateDocument !== null && candidateDocument !== void 0 ? candidateDocument : confirmedDocument;
+            }
+            if (!matchesProviderFilter(candidateDocument, providerFilter)) {
+                return;
+            }
             const updateResult = yield collection.findOneAndUpdate({
                 _id: documentKey._id,
                 status: 'confirmed',
@@ -339,6 +398,9 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 return;
             }
             delete document.password;
+            if (!matchesProviderFilter(document, providerFilter)) {
+                return;
+            }
             const userData = buildUserData(document);
             if (!userData) {
                 return;

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AActB,cAAc,SAAS,CAAA;AAGvB,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;AAE/D,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,eAAe,EAAE,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,EAC/B,SAAS,EACT,IAA0B,EAC1B,SAAqC,EACrC,IAA0B,EAC1B,UAAuC,EACvC,UAAwC,EACxC,QAAQ,EACT,EAAE,gBAAgB,iBA6GlB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AActB,cAAc,SAAS,CAAA;AAGvB,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;AAE/D,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,eAAe,EAAE,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,EAC/B,SAAS,EACT,IAA0B,EAC1B,SAAqC,EACrC,IAA0B,EAC1B,UAAuC,EACvC,UAAwC,EACxC,QAAQ,EACT,EAAE,gBAAgB,iBA+GlB"}

package/dist/index.js

@@ -108,48 +108,50 @@ function initialize(_a) {
             services: services_1.services
         };
         Object.entries(stateConfig).forEach(([key, value]) => state_1.StateManager.setData(key, value));
-        yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger'))));
-        yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger-ui'))), {
-            routePrefix: '/documentation',
-            uiConfig: {
-                docExpansion: 'full',
-                deepLinking: false
-            },
-            uiHooks: {
-                onRequest: function (request, reply, next) {
-                    const swaggerUser = constants_1.DEFAULT_CONFIG.SWAGGER_UI_USER;
-                    const swaggerPassword = constants_1.DEFAULT_CONFIG.SWAGGER_UI_PASSWORD;
-                    if (!swaggerUser && !swaggerPassword) {
+        if (constants_1.DEFAULT_CONFIG.SWAGGER_ENABLED) {
+            yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger'))));
+            yield fastify.register(Promise.resolve().then(() => __importStar(require('@fastify/swagger-ui'))), {
+                routePrefix: '/documentation',
+                uiConfig: {
+                    docExpansion: 'full',
+                    deepLinking: false
+                },
+                uiHooks: {
+                    onRequest: function (request, reply, next) {
+                        const swaggerUser = constants_1.DEFAULT_CONFIG.SWAGGER_UI_USER;
+                        const swaggerPassword = constants_1.DEFAULT_CONFIG.SWAGGER_UI_PASSWORD;
+                        if (!swaggerUser && !swaggerPassword) {
+                            next();
+                            return;
+                        }
+                        const authHeader = request.headers.authorization;
+                        if (!authHeader || !authHeader.startsWith('Basic ')) {
+                            reply
+                                .code(401)
+                                .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+                                .send({ message: 'Unauthorized' });
+                            return;
+                        }
+                        const encoded = authHeader.slice('Basic '.length);
+                        const decoded = Buffer.from(encoded, 'base64').toString('utf8');
+                        const [user, pass] = decoded.split(':');
+                        if (user !== swaggerUser || pass !== swaggerPassword) {
+                            reply
+                                .code(401)
+                                .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+                                .send({ message: 'Unauthorized' });
+                            return;
+                        }
                         next();
-                        return;
-                    }
-                    const authHeader = request.headers.authorization;
-                    if (!authHeader || !authHeader.startsWith('Basic ')) {
-                        reply
-                            .code(401)
-                            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-                            .send({ message: 'Unauthorized' });
-                        return;
-                    }
-                    const encoded = authHeader.slice('Basic '.length);
-                    const decoded = Buffer.from(encoded, 'base64').toString('utf8');
-                    const [user, pass] = decoded.split(':');
-                    if (user !== swaggerUser || pass !== swaggerPassword) {
-                        reply
-                            .code(401)
-                            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-                            .send({ message: 'Unauthorized' });
-                        return;
-                    }
-                    next();
+                    },
+                    preHandler: function (request, reply, next) { next(); }
                 },
-                preHandler: function (request, reply, next) { next(); }
-            },
-            staticCSP: true,
-            transformStaticCSP: (header) => header,
-            transformSpecification: (swaggerObject) => { return swaggerObject; },
-            transformSpecificationClone: true
-        });
+                staticCSP: true,
+                transformStaticCSP: (header) => header,
+                transformSpecification: (swaggerObject) => { return swaggerObject; },
+                transformSpecificationClone: true
+            });
+        }
         yield (0, registerPlugins_1.registerPlugins)({
             register: fastify.register,
             mongodbUrl,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.6.1",
+  "version": "1.6.2-beta.1",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/providers/anon-user/controller.ts

@@ -13,7 +13,7 @@ import { LoginDto } from './dtos'
  */
 export async function anonUserController(app: FastifyInstance) {
   const db = app.mongo.client.db(DB_NAME)
-  const { authCollection, refreshTokensCollection, providers } = AUTH_CONFIG
+  const { authCollection, refreshTokensCollection } = AUTH_CONFIG
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
   const anonUserTtlSeconds = DEFAULT_CONFIG.ANON_USER_TTL_SECONDS
 
@@ -32,8 +32,8 @@ export async function anonUserController(app: FastifyInstance) {
   app.post<LoginDto>(
     AUTH_ENDPOINTS.LOGIN,
     async function () {
-      const anonProvider = providers?.['anon-user']
-      if (anonProvider?.disabled) {
+      const anonProvider = AUTH_CONFIG.authProviders?.['anon-user']
+      if (!anonProvider || anonProvider.disabled) {
         throw new Error('Anonymous authentication disabled')
       }
 

package/src/auth/providers/custom-function/controller.ts

@@ -33,8 +33,12 @@ export async function customFunctionController(app: FastifyInstance) {
       schema: LOGIN_SCHEMA
     },
     async function (req, reply) {
-      const { providers } = AUTH_CONFIG
-      const authFunctionName = providers["custom-function"].authFunctionName
+      const customFunctionProvider = AUTH_CONFIG.authProviders?.['custom-function']
+      if (!customFunctionProvider || customFunctionProvider.disabled) {
+        throw new Error('Custom function authentication disabled')
+      }
+      const authFunctionName = (customFunctionProvider as { config?: { authFunctionName?: string } })
+        .config?.authFunctionName
 
       if (!authFunctionName || !functionsList[authFunctionName]) {
         throw new Error("Missing Auth Function")

package/src/auth/providers/local-userpass/controller.ts

@@ -51,6 +51,7 @@ export async function localUserPassController(app: FastifyInstance) {
   const registerMaxAttempts = DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS
   const resetMaxAttempts = DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
+  const resolveLocalUserpassProvider = () => AUTH_CONFIG.authProviders?.['local-userpass']
 
   try {
     await db.collection(resetPasswordCollection).createIndex(
@@ -132,6 +133,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: REGISTRATION_SCHEMA
     },
     async (req, res) => {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `register:${req.ip}`
       if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
         res.status(429).send({ message: 'Too many requests' })
@@ -178,6 +183,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: CONFIRM_USER_SCHEMA
     },
     async (req, res) => {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `confirm:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429).send({ message: 'Too many requests' })
@@ -222,6 +231,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: LOGIN_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `login:${req.ip}`
       if (isRateLimited(key, loginMaxAttempts, rateLimitWindowMs)) {
         res.status(429).send({ message: 'Too many requests' })
@@ -295,6 +308,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: RESET_SEND_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `reset:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429)
@@ -314,6 +331,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: RESET_CALL_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `reset:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429)
@@ -344,6 +365,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: CONFIRM_RESET_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `reset-confirm:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429)

package/src/auth/utils.ts

@@ -208,7 +208,7 @@ export const loadAuthConfig = (): AuthConfig => {
       'anon-user': {
         name: 'anon-user',
         type: 'anon-user',
-        disabled: false
+        disabled: true
       }
     }
   }

package/src/constants.ts

@@ -1,6 +1,11 @@
 import { loadAuthConfig, loadCustomUserData } from './auth/utils'
 import { ALLOWED_METHODS } from './'
 
+const parseBoolean = (value?: string) => {
+  if (!value) return false
+  return ['1', 'true', 'yes', 'on'].includes(value.toLowerCase())
+}
+
 const {
   database_name,
   collection_name = 'users',
@@ -24,6 +29,7 @@ export const DEFAULT_CONFIG = {
   AUTH_RESET_MAX_ATTEMPTS: Number(process.env.AUTH_RESET_MAX_ATTEMPTS) || 5,
   REFRESH_TOKEN_TTL_DAYS: Number(process.env.REFRESH_TOKEN_TTL_DAYS) || 60,
   ANON_USER_TTL_SECONDS: Number(process.env.ANON_USER_TTL_SECONDS) || 3 * 60 * 60,
+  SWAGGER_ENABLED: parseBoolean(process.env.SWAGGER_ENABLED),
   SWAGGER_UI_USER: process.env.SWAGGER_UI_USER || '',
   SWAGGER_UI_PASSWORD: process.env.SWAGGER_UI_PASSWORD || '',
   CORS_OPTIONS: {
@@ -35,6 +41,7 @@ export const API_VERSION = `/api/client/${DEFAULT_CONFIG.API_VERSION}`
 export const HTTPS_SCHEMA = DEFAULT_CONFIG.HTTPS_SCHEMA
 export const DB_NAME = database_name
 
+type AuthProviders = Record<string, { disabled?: boolean; config?: unknown }>
 // TODO spostare nell'oggetto providers anche le altre configurazioni
 export const AUTH_CONFIG = {
   authCollection: auth_collection,
@@ -43,6 +50,7 @@ export const AUTH_CONFIG = {
   refreshTokensCollection: 'auth_refresh_tokens',
   resetPasswordConfig: configuration['local-userpass']?.config,
   localUserpassConfig: configuration['local-userpass']?.config,
+  authProviders: configuration as unknown as AuthProviders,
   user_id_field,
   on_user_creation_function_name,
   providers: {

package/src/features/triggers/interface.ts

@@ -25,6 +25,7 @@ type Config = {
   match: Record<string, unknown>
   operation_types: string[]
   operation_type?: 'CREATE' | 'DELETE' | 'LOGOUT'
+  providers?: string[]
   project: Record<string, unknown>
   service_name: string
   skip_catchup_events: boolean

package/src/features/triggers/utils.ts

@@ -112,6 +112,41 @@ const mapOpInverse = {
 const normalizeOperationTypes = (operationTypes: string[] = []) =>
   operationTypes.map((op) => op.toLowerCase())
 
+const normalizeProviders = (providers: string[] = []) =>
+  providers
+    .map((provider) => (typeof provider === 'string' ? provider.trim().toLowerCase() : ''))
+    .filter((provider) => provider.length)
+
+const extractProvidersFromDocument = (document?: Record<string, unknown> | null) => {
+  if (!document) return []
+  const providers: string[] = []
+  const identities = (document as { identities?: unknown }).identities
+  if (Array.isArray(identities)) {
+    for (const identity of identities) {
+      if (!identity || typeof identity !== 'object') continue
+      const providerType = (identity as { provider_type?: unknown }).provider_type
+      if (typeof providerType === 'string') {
+        providers.push(providerType.toLowerCase())
+      }
+    }
+  }
+  const rootProviderType = (document as { provider_type?: unknown }).provider_type
+  if (typeof rootProviderType === 'string') {
+    providers.push(rootProviderType.toLowerCase())
+  }
+  return providers
+}
+
+const matchesProviderFilter = (
+  document: Record<string, unknown> | null | undefined,
+  providerFilter: string[]
+) => {
+  if (!providerFilter.length) return true
+  const documentProviders = extractProvidersFromDocument(document)
+  if (!documentProviders.length) return false
+  return documentProviders.some((provider) => providerFilter.includes(provider))
+}
+
 const resolveDocumentOptions = ({
   requestFullDocument,
   requestFullDocumentBeforeChange,
@@ -140,6 +175,7 @@ const handleAuthenticationTrigger = async ({
   app
 }: HandlerParams) => {
   const { database, isAutoTrigger, operation_types = [], operation_type } = config
+  const providerFilter = normalizeProviders(config.providers ?? [])
   const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
   const collection = app.mongo.client.db(database || DB_NAME).collection(authCollection)
   const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types
@@ -238,6 +274,9 @@ const handleAuthenticationTrigger = async ({
           _id: documentKey._id
         }) as Record<string, unknown> | null
       }
+      if (!matchesProviderFilter(logoutDocument, providerFilter)) {
+        return
+      }
       const userData = buildUserData(logoutDocument)
       if (!userData) {
         return
@@ -270,7 +309,11 @@ const handleAuthenticationTrigger = async ({
       if (isAutoTrigger || operation_type !== 'DELETE') {
         return
       }
-      const userData = buildUserData(fullDocumentBeforeChange ?? confirmedDocument)
+      const deleteDocument = fullDocumentBeforeChange ?? confirmedDocument
+      if (!matchesProviderFilter(deleteDocument, providerFilter)) {
+        return
+      }
+      const userData = buildUserData(deleteDocument)
       if (!userData) {
         return
       }
@@ -299,7 +342,16 @@ const handleAuthenticationTrigger = async ({
     }
 
     if (isReplace) {
-      const userData = buildUserData(confirmedDocument)
+      let replaceDocument = confirmedDocument
+      if (!replaceDocument && providerFilter.length && documentKey?._id) {
+        replaceDocument = await collection.findOne({
+          _id: documentKey._id
+        }) as Record<string, unknown> | null
+      }
+      if (!matchesProviderFilter(replaceDocument, providerFilter)) {
+        return
+      }
+      const userData = buildUserData(replaceDocument)
       if (!userData) {
         return
       }
@@ -347,6 +399,17 @@ const handleAuthenticationTrigger = async ({
       return
     }
 
+    let candidateDocument = confirmedDocument
+    if (!candidateDocument && providerFilter.length && documentKey?._id) {
+      candidateDocument = await collection.findOne({
+        _id: documentKey._id
+      }) as Record<string, unknown> | null
+      confirmedDocument = candidateDocument ?? confirmedDocument
+    }
+    if (!matchesProviderFilter(candidateDocument, providerFilter)) {
+      return
+    }
+
     const updateResult = await collection.findOneAndUpdate(
       {
         _id: documentKey._id,
@@ -371,6 +434,9 @@ const handleAuthenticationTrigger = async ({
 
     delete (document as { password?: unknown }).password
 
+    if (!matchesProviderFilter(document, providerFilter)) {
+      return
+    }
     const userData = buildUserData(document)
     if (!userData) {
       return

package/src/index.ts

@@ -91,49 +91,51 @@ export async function initialize({
     StateManager.setData(key as Parameters<typeof StateManager.setData>[0], value)
   )
 
-  await fastify.register(import('@fastify/swagger'))
-
-  await fastify.register(import('@fastify/swagger-ui'), {
-    routePrefix: '/documentation',
-    uiConfig: {
-      docExpansion: 'full',
-      deepLinking: false
-    },
-    uiHooks: {
-      onRequest: function (request, reply, next) {
-        const swaggerUser = DEFAULT_CONFIG.SWAGGER_UI_USER
-        const swaggerPassword = DEFAULT_CONFIG.SWAGGER_UI_PASSWORD
-        if (!swaggerUser && !swaggerPassword) {
+  if (DEFAULT_CONFIG.SWAGGER_ENABLED) {
+    await fastify.register(import('@fastify/swagger'))
+
+    await fastify.register(import('@fastify/swagger-ui'), {
+      routePrefix: '/documentation',
+      uiConfig: {
+        docExpansion: 'full',
+        deepLinking: false
+      },
+      uiHooks: {
+        onRequest: function (request, reply, next) {
+          const swaggerUser = DEFAULT_CONFIG.SWAGGER_UI_USER
+          const swaggerPassword = DEFAULT_CONFIG.SWAGGER_UI_PASSWORD
+          if (!swaggerUser && !swaggerPassword) {
+            next()
+            return
+          }
+          const authHeader = request.headers.authorization
+          if (!authHeader || !authHeader.startsWith('Basic ')) {
+            reply
+              .code(401)
+              .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+              .send({ message: 'Unauthorized' })
+            return
+          }
+          const encoded = authHeader.slice('Basic '.length)
+          const decoded = Buffer.from(encoded, 'base64').toString('utf8')
+          const [user, pass] = decoded.split(':')
+          if (user !== swaggerUser || pass !== swaggerPassword) {
+            reply
+              .code(401)
+              .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
+              .send({ message: 'Unauthorized' })
+            return
+          }
           next()
-          return
-        }
-        const authHeader = request.headers.authorization
-        if (!authHeader || !authHeader.startsWith('Basic ')) {
-          reply
-            .code(401)
-            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-            .send({ message: 'Unauthorized' })
-          return
-        }
-        const encoded = authHeader.slice('Basic '.length)
-        const decoded = Buffer.from(encoded, 'base64').toString('utf8')
-        const [user, pass] = decoded.split(':')
-        if (user !== swaggerUser || pass !== swaggerPassword) {
-          reply
-            .code(401)
-            .header('WWW-Authenticate', 'Basic realm="Swagger UI"')
-            .send({ message: 'Unauthorized' })
-          return
-        }
-        next()
+        },
+        preHandler: function (request, reply, next) { next() }
       },
-      preHandler: function (request, reply, next) { next() }
-    },
-    staticCSP: true,
-    transformStaticCSP: (header) => header,
-    transformSpecification: (swaggerObject,) => { return swaggerObject },
-    transformSpecificationClone: true
-  })
+      staticCSP: true,
+      transformStaticCSP: (header) => header,
+      transformSpecification: (swaggerObject,) => { return swaggerObject },
+      transformSpecificationClone: true
+    })
+  }
 
   await registerPlugins({
     register: fastify.register,