@flowerforce/flowerbase 1.7.5 → 1.7.6-beta.1

package/src/auth/providers/anon-user/__tests__/controller.test.ts

@@ -11,6 +11,7 @@ jest.mock('../../../../constants', () => ({
       'anon-user': { disabled: false }
     }
   },
+  AUTH_DB_NAME: 'test-auth-db',
   DB_NAME: 'test-db',
   DEFAULT_CONFIG: {
     REFRESH_TOKEN_TTL_DAYS: 1,

package/src/auth/providers/anon-user/controller.ts

@@ -1,6 +1,6 @@
 import { ObjectId } from 'bson'
 import { FastifyInstance } from 'fastify'
-import { AUTH_CONFIG, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, DEFAULT_CONFIG } from '../../../constants'
 import { PROVIDER } from '../../../shared/models/handleUserRegistration.model'
 import { hashToken } from '../../../utils/crypto'
 import { AUTH_ENDPOINTS } from '../../utils'
@@ -12,7 +12,7 @@ import { LoginDto } from './dtos'
  * @param {FastifyInstance} app - The Fastify instance.
  */
 export async function anonUserController(app: FastifyInstance) {
-  const db = app.mongo.client.db(DB_NAME)
+  const db = app.mongo.client.db(AUTH_DB_NAME)
   const { authCollection, refreshTokensCollection } = AUTH_CONFIG
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
   const anonUserTtlSeconds = DEFAULT_CONFIG.ANON_USER_TTL_SECONDS

package/src/auth/providers/custom-function/controller.ts

@@ -1,5 +1,6 @@
 import { FastifyInstance } from 'fastify'
-import { AUTH_CONFIG, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
+import { ObjectId } from 'mongodb'
+import { AUTH_CONFIG, AUTH_DB_NAME, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
 import { StateManager } from '../../../state'
 import { GenerateContext } from '../../../utils/context'
 import { hashToken } from '../../../utils/crypto'
@@ -16,7 +17,8 @@ export async function customFunctionController(app: FastifyInstance) {
 
   const functionsList = StateManager.select('functions')
   const services = StateManager.select('services')
-  const db = app.mongo.client.db(DB_NAME)
+  const authDb = app.mongo.client.db(AUTH_DB_NAME)
+  const customUserDb = app.mongo.client.db(DB_NAME)
   const { authCollection, refreshTokensCollection, userCollection, user_id_field } = AUTH_CONFIG
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
 
@@ -54,7 +56,7 @@ export async function customFunctionController(app: FastifyInstance) {
         id
       } = req
 
-      type CustomFunctionAuthResult = { id?: string }
+      type CustomFunctionAuthResult = { id?: string; email?: string }
       const authResult = await GenerateContext({
         args: [
           req.body
@@ -83,15 +85,34 @@ export async function customFunctionController(app: FastifyInstance) {
         return
       }
 
-      const authUser = await db.collection(authCollection!).findOne({ email: authResult.id })
+      const email = authResult.email ?? authResult.id
+      let authUser = await authDb.collection(authCollection!).findOne({ email })
       if (!authUser) {
-        reply.code(401).send({ message: 'Unauthorized' })
-        return
+        const authUserId = new ObjectId()
+        await authDb.collection(authCollection!).insertOne({
+          _id: authUserId,
+          email,
+          status: 'confirmed',
+          createdAt: new Date(),
+          custom_data: {},
+          identities: [
+            {
+              id: authResult.id.toString(),
+              provider_id: authResult.id.toString(),
+              provider_type: 'custom-function',
+              provider_data: { email }
+            }
+          ]
+        })
+        authUser = {
+          _id: authUserId,
+          email
+        }
       }
 
       const user =
         user_id_field && userCollection
-          ? await db
+          ? await customUserDb
             .collection(userCollection)
             .findOne({ [user_id_field]: authUser._id.toString() })
           : {}
@@ -109,7 +130,7 @@ export async function customFunctionController(app: FastifyInstance) {
       }
       const refreshToken = this.createRefreshToken(currentUserData)
       const refreshTokenHash = hashToken(refreshToken)
-      await db.collection(refreshTokensCollection).insertOne({
+      await authDb.collection(refreshTokensCollection).insertOne({
         userId: authUser._id,
         tokenHash: refreshTokenHash,
         createdAt: new Date(),

package/src/auth/providers/local-userpass/controller.ts

@@ -1,6 +1,6 @@
 import { FastifyInstance } from 'fastify'
 import { ObjectId } from 'mongodb'
-import { AUTH_CONFIG, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, DB_NAME, DEFAULT_CONFIG } from '../../../constants'
 import handleUserRegistration from '../../../shared/handleUserRegistration'
 import { PROVIDER } from '../../../shared/models/handleUserRegistration.model'
 import { StateManager } from '../../../state'
@@ -44,7 +44,8 @@ export async function localUserPassController(app: FastifyInstance) {
   const { authCollection, userCollection, user_id_field } = AUTH_CONFIG
   const { resetPasswordCollection } = AUTH_CONFIG
   const { refreshTokensCollection } = AUTH_CONFIG
-  const db = app.mongo.client.db(DB_NAME)
+  const authDb = app.mongo.client.db(AUTH_DB_NAME)
+  const customUserDb = app.mongo.client.db(DB_NAME)
   const resetPasswordTtlSeconds = DEFAULT_CONFIG.RESET_PASSWORD_TTL_SECONDS
   const rateLimitWindowMs = DEFAULT_CONFIG.AUTH_RATE_LIMIT_WINDOW_MS
   const loginMaxAttempts = DEFAULT_CONFIG.AUTH_LOGIN_MAX_ATTEMPTS
@@ -54,7 +55,7 @@ export async function localUserPassController(app: FastifyInstance) {
   const resolveLocalUserpassProvider = () => AUTH_CONFIG.authProviders?.['local-userpass']
 
   try {
-    await db.collection(resetPasswordCollection).createIndex(
+    await authDb.collection(resetPasswordCollection).createIndex(
       { createdAt: 1 },
       { expireAfterSeconds: resetPasswordTtlSeconds }
     )
@@ -63,7 +64,7 @@ export async function localUserPassController(app: FastifyInstance) {
   }
 
   try {
-    await db.collection(refreshTokensCollection).createIndex(
+    await authDb.collection(refreshTokensCollection).createIndex(
       { expiresAt: 1 },
       { expireAfterSeconds: 0 }
     )
@@ -76,7 +77,7 @@ export async function localUserPassController(app: FastifyInstance) {
     extraArguments?: unknown[]
   ) => {
     const { resetPasswordConfig } = AUTH_CONFIG
-    const authUser = await db.collection(authCollection!).findOne({
+    const authUser = await authDb.collection(authCollection!).findOne({
       email
     })
 
@@ -87,7 +88,7 @@ export async function localUserPassController(app: FastifyInstance) {
     const token = generateToken()
     const tokenId = generateToken()
 
-    await db
+    await authDb
       ?.collection(resetPasswordCollection)
       .updateOne(
         { email },
@@ -194,7 +195,7 @@ export async function localUserPassController(app: FastifyInstance) {
         return
       }
 
-      const existing = await db.collection(authCollection!).findOne({
+      const existing = await authDb.collection(authCollection!).findOne({
         confirmationToken: req.body.token,
         confirmationTokenId: req.body.tokenId
       }) as { _id: ObjectId; status?: string } | null
@@ -205,7 +206,7 @@ export async function localUserPassController(app: FastifyInstance) {
       }
 
       if (existing.status !== 'confirmed') {
-        await db.collection(authCollection!).updateOne(
+        await authDb.collection(authCollection!).updateOne(
           { _id: existing._id },
           {
             $set: { status: 'confirmed' },
@@ -241,7 +242,7 @@ export async function localUserPassController(app: FastifyInstance) {
         res.status(429).send({ message: 'Too many requests' })
         return
       }
-      const authUser = await db.collection(authCollection!).findOne({
+      const authUser = await authDb.collection(authCollection!).findOne({
         email: req.body.username
       })
 
@@ -260,7 +261,7 @@ export async function localUserPassController(app: FastifyInstance) {
 
       const user =
         user_id_field && userCollection
-          ? await db!
+          ? await customUserDb
             .collection(userCollection)
             .findOne({ [user_id_field]: authUser._id.toString() })
           : {}
@@ -284,7 +285,7 @@ export async function localUserPassController(app: FastifyInstance) {
 
       const refreshToken = this.createRefreshToken(userWithCustomData)
       const refreshTokenHash = hashToken(refreshToken)
-      await db.collection(refreshTokensCollection).insertOne({
+      await authDb.collection(refreshTokensCollection).insertOne({
         userId: authUser._id,
         tokenHash: refreshTokenHash,
         createdAt: new Date(),
@@ -382,7 +383,7 @@ export async function localUserPassController(app: FastifyInstance) {
       }
       const { token, tokenId, password } = req.body
 
-      const resetRequest = await db
+      const resetRequest = await authDb
         ?.collection(resetPasswordCollection)
         .findOne({ token, tokenId })
 
@@ -396,11 +397,11 @@ export async function localUserPassController(app: FastifyInstance) {
         Date.now() - createdAt.getTime() > resetPasswordTtlSeconds * 1000
 
       if (isExpired) {
-        await db?.collection(resetPasswordCollection).deleteOne({ _id: resetRequest._id })
+        await authDb?.collection(resetPasswordCollection).deleteOne({ _id: resetRequest._id })
         throw new Error(AUTH_ERRORS.INVALID_RESET_PARAMS)
       }
       const hashedPassword = await hashPassword(password)
-      await db.collection(authCollection!).updateOne(
+      await authDb.collection(authCollection!).updateOne(
         { email: resetRequest.email },
         {
           $set: {
@@ -409,7 +410,7 @@ export async function localUserPassController(app: FastifyInstance) {
         }
       )
 
-      await db?.collection(resetPasswordCollection).deleteOne({ _id: resetRequest._id })
+      await authDb?.collection(resetPasswordCollection).deleteOne({ _id: resetRequest._id })
     }
   )
 }

package/src/auth/utils.ts

@@ -122,6 +122,7 @@ export enum AUTH_ERRORS {
 
 export interface AuthConfig {
   auth_collection?: string
+  auth_database?: string
   'api-key': ApiKey
   'local-userpass': LocalUserpass
   'custom-function': CustomFunction

package/src/constants.ts

@@ -14,12 +14,12 @@ const monitEnabled = typeof monitEnabledEnv === 'string'
   : false
 
 const {
-  database_name,
+  database_name = 'main',
   collection_name = 'users',
   user_id_field = 'id',
   on_user_creation_function_name
 } = loadCustomUserData()
-const { auth_collection = 'auth_users', ...configuration } = loadAuthConfig()
+const { auth_collection = 'auth_users', auth_database, ...configuration } = loadAuthConfig()
 
 export const DEFAULT_CONFIG = {
   PORT: Number(process.env.PORT) || 3000,
@@ -57,11 +57,16 @@ export const DEFAULT_CONFIG = {
   CORS_OPTIONS: {
     origin: "*",
     methods: ["GET", "POST", "PUT", "DELETE"] as ALLOWED_METHODS[]
+  },
+  MONGODB_ENCRYPTION_CONFIG: {
+    keyVaultDb: "encryption",
+    keyVaultCollection: "__keyVault"
   }
 }
 export const API_VERSION = `/api/client/${DEFAULT_CONFIG.API_VERSION}`
 export const HTTPS_SCHEMA = DEFAULT_CONFIG.HTTPS_SCHEMA
 export const DB_NAME = database_name
+export const AUTH_DB_NAME = auth_database ?? database_name
 
 type AuthProviders = Record<string, { disabled?: boolean; config?: unknown }>
 // TODO spostare nell'oggetto providers anche le altre configurazioni
@@ -81,9 +86,14 @@ export const AUTH_CONFIG = {
   }
 }
 
-
-
 export const S3_CONFIG = {
   ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,
   SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY
 }
+
+/**
+ * Name of the MongoDB client to use for change streams.
+ * This may be a separate instance because streams do not work
+ * when the main client has auto encryption enabled.
+ */
+export const CHANGESTREAM = "changestream"

package/src/features/encryption/interface.ts

@@ -0,0 +1,46 @@
+import type { UUID } from "mongodb"
+
+export type EncryptionSchemaProperty =
+  | EncryptionSchema
+  | {
+    encrypt: {
+      algorithm: string
+      bsonType: string
+      keyAlias?: string
+    }
+  }
+
+export type EncryptionSchema = {
+  bsonType: "object"
+  properties: Record<string, EncryptionSchemaProperty>
+  encryptMetadata?: {
+    keyAlias: string
+  },
+}
+
+
+export type MappedEncryptionSchemaProperty =
+  | MappedEncryptionSchema
+  | {
+    encrypt: {
+      algorithm: string
+      bsonType: string
+      keyId?: [UUID]
+    }
+  }
+
+export type MappedEncryptionSchema = {
+  bsonType: "object"
+  properties: Record<string, MappedEncryptionSchemaProperty>
+  encryptMetadata?: {
+    keyId: [UUID]
+  },
+}
+
+export type EncryptionSchemaFile = {
+  database: string
+  collection: string
+  schema: EncryptionSchema
+}
+
+export type EncryptionSchemas = Record<string, EncryptionSchema>

package/src/features/encryption/utils.ts

@@ -0,0 +1,22 @@
+import path from "node:path"
+import { readJsonContent, recursivelyCollectFiles } from "../../utils"
+import { EncryptionSchemaFile, EncryptionSchemas } from "./interface"
+
+/**
+ * @experimental
+ * Schemas used for Client-Side Level Encryption configuration.
+ *
+ * **Important:** These schemas do not perform JSON validation.
+ */
+export const loadEncryptionSchemas = async (rootDir = process.cwd()): Promise<EncryptionSchemas> => {
+  const schemasRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
+
+  const files = recursivelyCollectFiles(schemasRoot)
+  const schemaFiles = files.filter((x) => x.endsWith('encryption.json'))
+
+  return schemaFiles.reduce((acc, filePath) => {
+    const { collection, database, schema } = readJsonContent(filePath) as EncryptionSchemaFile
+    acc[`${database}.${collection}`] = schema
+    return acc
+  }, {} as EncryptionSchemas)
+}

package/src/features/rules/utils.ts

@@ -1,19 +1,9 @@
-import fs from 'fs'
 import path from 'node:path'
-import { readJsonContent } from '../../utils'
+import { readJsonContent, recursivelyCollectFiles } from '../../utils'
 import { Rules, RulesConfig } from './interface'
 
 export const loadRules = async (rootDir = process.cwd()): Promise<Rules> => {
   const rulesRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
-  const recursivelyCollectFiles = (dir: string): string[] => {
-    return fs.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
-      const fullPath = path.join(dir, entry.name)
-      if (entry.isDirectory()) {
-        return recursivelyCollectFiles(fullPath)
-      }
-      return entry.isFile() ? [fullPath] : []
-    })
-  }
   const files = recursivelyCollectFiles(rulesRoot)
   const rulesFiles = files.filter((x) => (x as string).endsWith('rules.json'))
 

package/src/features/triggers/__tests__/index.test.ts

@@ -3,6 +3,7 @@ import { TRIGGER_HANDLERS } from '../utils'
 
 jest.mock('../../../constants', () => ({
   AUTH_CONFIG: {},
+  AUTH_DB_NAME: 'test-auth-db',
   DB_NAME: 'test-db'
 }))
 

package/src/features/triggers/index.ts

@@ -1,4 +1,4 @@
-import { AUTH_CONFIG, DB_NAME } from '../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, CHANGESTREAM } from '../../constants'
 import { services } from '../../services'
 import { Function, Functions } from '../functions/interface'
 import { ActivateTriggersParams } from './dtos'
@@ -18,6 +18,10 @@ export const activateTriggers = async ({
 }: ActivateTriggersParams) => {
   console.log('START ACTIVATION TRIGGERS')
   try {
+    // Ensure the changestream MongoDB client exist, or use the main client
+    if (!fastify.mongo[CHANGESTREAM]) {
+      fastify.mongo[CHANGESTREAM] = fastify.mongo
+    }
     const triggersToActivate = [...triggersList]
     if (AUTH_CONFIG.on_user_creation_function_name) {
       const alreadyDeclared = triggersToActivate.some(
@@ -36,7 +40,7 @@ export const activateTriggers = async ({
             config: {
               isAutoTrigger: true,
               collection: AUTH_CONFIG.authCollection ?? 'auth_users',
-              database: DB_NAME,
+              database: AUTH_DB_NAME,
               full_document: true,
               full_document_before_change: false,
               match: {},

package/src/features/triggers/utils.ts

@@ -1,7 +1,7 @@
 import fs from 'fs'
 import path from 'node:path'
 import cron from 'node-cron'
-import { AUTH_CONFIG, DB_NAME } from '../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, DB_NAME, CHANGESTREAM } from '../../constants'
 import { createEventId, sanitize } from '../../monitoring/utils'
 import { StateManager } from '../../state'
 import { readJsonContent } from '../../utils'
@@ -246,11 +246,11 @@ const handleAuthenticationTrigger = async ({
   const { database, isAutoTrigger, operation_types = [], operation_type } = config
   const providerFilter = normalizeProviders(config.providers ?? [])
   const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
-  const collection = app.mongo.client.db(database || DB_NAME).collection(authCollection)
+  const collection = app.mongo[CHANGESTREAM].client.db(database || AUTH_DB_NAME).collection(authCollection)
   const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types
   const normalizedOps = normalizeOperationTypes(operationCandidates)
   const baseMeta = {
-    database: database || DB_NAME,
+    database: database || AUTH_DB_NAME,
     collection: authCollection,
     operationTypes: normalizedOps,
     providers: providerFilter,
@@ -652,7 +652,7 @@ const handleDataBaseTrigger = async ({
 
   const normalizedOperations = normalizeOperationTypes(operation_types)
 
-  const collection = app.mongo.client.db(database).collection(collectionName)
+  const collection = app.mongo[CHANGESTREAM].client.db(database).collection(collectionName)
   const pipeline = [
     {
       $match: {

package/src/index.ts

@@ -6,12 +6,14 @@ import { loadEndpoints } from './features/endpoints/utils'
 import { registerFunctions } from './features/functions'
 import { loadFunctions } from './features/functions/utils'
 import { loadRules } from './features/rules/utils'
+import { loadEncryptionSchemas } from './features/encryption/utils'
 import { activateTriggers } from './features/triggers'
 import { loadTriggers } from './features/triggers/utils'
 import { services } from './services'
 import { StateManager } from './state'
 import { exposeRoutes } from './utils/initializer/exposeRoutes'
 import { registerPlugins } from './utils/initializer/registerPlugins'
+import { type MongoDbEncryptionConfig } from './utils/initializer/mongodbCSFLE'
 export * from './model'
 
 
@@ -30,6 +32,7 @@ export type InitializeConfig = {
   host?: string
   corsConfig?: CorsConfig
   basePath?: string
+  mongodbEncryptionConfig?: MongoDbEncryptionConfig
 }
 
 /**
@@ -47,7 +50,8 @@ export async function initialize({
   port = DEFAULT_CONFIG.PORT,
   mongodbUrl = DEFAULT_CONFIG.MONGODB_URL,
   corsConfig = DEFAULT_CONFIG.CORS_OPTIONS,
-  basePath
+  basePath,
+  mongodbEncryptionConfig
 }: InitializeConfig) {
   if (!jwtSecret || jwtSecret.trim().length === 0) {
     throw new Error('JWT secret missing: set JWT_SECRET or pass jwtSecret to initialize()')
@@ -77,6 +81,8 @@ export async function initialize({
   logInfo("Endpoints LOADED")
   const rulesList = await loadRules(resolvedBasePath)
   logInfo("Rules LOADED")
+  const encryptionSchemas = await loadEncryptionSchemas(resolvedBasePath)
+  logInfo("Encryption schemas LOADED")
 
   const stateConfig = {
     functions: functionsList,
@@ -152,7 +158,9 @@ export async function initialize({
     mongodbUrl,
     jwtSecret,
     functionsList,
-    corsConfig
+    corsConfig,
+    encryptionSchemas,
+    mongodbEncryptionConfig
   })
 
   logInfo('Plugins registration COMPLETED')

package/src/monitoring/plugin.ts

@@ -2,6 +2,7 @@ import fastifyWebsocket from '@fastify/websocket'
 import type { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify'
 import fp from 'fastify-plugin'
 import '@fastify/websocket'
+import fs from 'fs'
 import { DEFAULT_CONFIG } from '../constants'
 import { StateManager } from '../state'
 import { registerCollectionRoutes } from './routes/collections'
@@ -316,6 +317,38 @@ const createMonitoringPlugin = fp(async (
     })
   })
 
+  const resolveCodeMirrorAsset = (internalPath: string) => {
+    try {
+      return require.resolve(`codemirror/${internalPath}`)
+    } catch {
+      return ''
+    }
+  }
+
+  const codemirrorAssets: Record<string, string> = {
+    'codemirror.js': resolveCodeMirrorAsset('lib/codemirror.js'),
+    'codemirror.css': resolveCodeMirrorAsset('lib/codemirror.css'),
+    'javascript.js': resolveCodeMirrorAsset('mode/javascript/javascript.js'),
+    'foldcode.js': resolveCodeMirrorAsset('addon/fold/foldcode.js'),
+    'foldgutter.js': resolveCodeMirrorAsset('addon/fold/foldgutter.js'),
+    'brace-fold.js': resolveCodeMirrorAsset('addon/fold/brace-fold.js'),
+    'comment-fold.js': resolveCodeMirrorAsset('addon/fold/comment-fold.js'),
+    'foldgutter.css': resolveCodeMirrorAsset('addon/fold/foldgutter.css')
+  }
+
+  Object.entries(codemirrorAssets).forEach(([assetName, relativePath]) => {
+    app.get(`${prefix}/vendor/codemirror/${assetName}`, async (_req, reply) => {
+      const assetPath = relativePath || ''
+      if (!assetPath || !fs.existsSync(assetPath)) {
+        reply.code(404).send(`${assetName} not found`)
+        return
+      }
+      const asset = fs.readFileSync(assetPath, 'utf8')
+      reply.header('Cache-Control', 'no-store')
+      reply.type(assetName.endsWith('.css') ? 'text/css' : 'application/javascript').send(asset)
+    })
+  })
+
   app.get(`${prefix}/ws`, { websocket: true }, (connection) => {
     const socket =
       (connection as {

package/src/monitoring/routes/users.ts

@@ -1,7 +1,7 @@
 import type { FastifyInstance } from 'fastify'
 import { ObjectId } from 'mongodb'
 import { loadAuthConfig, loadCustomUserData, PASSWORD_RULES } from '../../auth/utils'
-import { AUTH_CONFIG, DB_NAME } from '../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, DB_NAME } from '../../constants'
 import handleUserRegistration from '../../shared/handleUserRegistration'
 import { PROVIDER } from '../../shared/models/handleUserRegistration.model'
 import { hashPassword } from '../../utils/crypto'
@@ -47,7 +47,8 @@ export const registerUserRoutes = (app: FastifyInstance, deps: UserRoutesDeps) =
     const resolvedAuthLimit = Math.min(Number.isFinite(parsedAuthLimit) && parsedAuthLimit > 0 ? parsedAuthLimit : 100, 500)
     const resolvedCustomLimit = Math.min(Number.isFinite(parsedCustomLimit) && parsedCustomLimit > 0 ? parsedCustomLimit : 25, 500)
     const resolvedCustomPage = Math.max(Number.isFinite(parsedPage) && parsedPage > 0 ? parsedPage : 1, 1)
-    const db = app.mongo.client.db(DB_NAME)
+    const authDb = app.mongo.client.db(AUTH_DB_NAME)
+    const customDb = app.mongo.client.db(DB_NAME)
     const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
     const userCollection = AUTH_CONFIG.userCollection
 
@@ -69,7 +70,7 @@ export const registerUserRoutes = (app: FastifyInstance, deps: UserRoutesDeps) =
           ]
         }
         : {}
-      const authItems = await db
+      const authItems = await authDb
         .collection(authCollection)
         .find(authFilter)
         .sort({ createdAt: -1, _id: -1 })
@@ -94,11 +95,11 @@ export const registerUserRoutes = (app: FastifyInstance, deps: UserRoutesDeps) =
           ]
         }
         : {}
-      const total = await db.collection(userCollection).countDocuments(customFilter)
+      const total = await customDb.collection(userCollection).countDocuments(customFilter)
       const totalPages = Math.max(1, Math.ceil(total / Math.max(resolvedCustomLimit, 1)))
       const page = Math.min(resolvedCustomPage, totalPages)
       const skip = Math.max(0, (page - 1) * resolvedCustomLimit)
-      const customItems = await db
+      const customItems = await customDb
         .collection(userCollection)
         .find(customFilter)
         .sort({ createdAt: -1, _id: -1 })
@@ -193,7 +194,7 @@ export const registerUserRoutes = (app: FastifyInstance, deps: UserRoutesDeps) =
       return { error: passwordError }
     }
 
-    const db = app.mongo.client.db(DB_NAME)
+    const db = app.mongo.client.db(AUTH_DB_NAME)
     const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
     const selector: Record<string, unknown> = {}
 
@@ -231,7 +232,7 @@ export const registerUserRoutes = (app: FastifyInstance, deps: UserRoutesDeps) =
   app.patch(`${prefix}/api/users/:id/status`, async (req, reply) => {
     const params = req.params as { id: string }
     const body = req.body as { disabled?: boolean; status?: string; email?: string }
-    const db = app.mongo.client.db(DB_NAME)
+    const db = app.mongo.client.db(AUTH_DB_NAME)
     const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
     const selector: Record<string, unknown> = {}
 

package/src/monitoring/ui.collections.js

@@ -91,7 +91,7 @@
     collectionTabButtons,
     collectionTabPanels
   } = dom;
-  const { api, parseJsonObject, highlightJson, safeStringify } = utils;
+  const { api, parseJsonObject, highlightJson, renderJsonViewer, clearJsonViewer, safeStringify } = utils;
 
   const TABLE_TRUNCATE_LIMIT = 200;
 
@@ -337,22 +337,21 @@
     const highlight = state.collectionResultHighlight;
     if (payload === null || payload === undefined) {
       collectionResult.classList.remove('table-view', 'json-highlight');
-      collectionResult.textContent = '';
+      clearJsonViewer(collectionResult, '');
       return;
     }
     if (state.collectionResultView === 'table') {
+      clearJsonViewer(collectionResult, '');
       renderCollectionTable(payload);
       return;
     }
     collectionResult.classList.remove('table-view');
     if (highlight) {
       const text = typeof payload === 'string' ? payload : JSON.stringify(payload, null, 2);
-      collectionResult.classList.add('json-highlight');
-      collectionResult.innerHTML = highlightJson(text || '');
+      renderJsonViewer(collectionResult, text || '', { collapsible: true });
       return;
     }
-    collectionResult.classList.remove('json-highlight');
-    collectionResult.textContent = typeof payload === 'string' ? payload : String(payload ?? '');
+    clearJsonViewer(collectionResult, typeof payload === 'string' ? payload : String(payload ?? ''));
   };
 
   const setCollectionResult = (value, highlight) => {
@@ -365,12 +364,10 @@
     if (!collectionRules) return;
     if (highlight) {
       const text = typeof value === 'string' ? value : JSON.stringify(value, null, 2);
-      collectionRules.classList.add('json-highlight');
-      collectionRules.innerHTML = highlightJson(text || '');
+      renderJsonViewer(collectionRules, text || '', { collapsible: true });
       return;
     }
-    collectionRules.classList.remove('json-highlight');
-    collectionRules.textContent = typeof value === 'string' ? value : String(value ?? '');
+    clearJsonViewer(collectionRules, typeof value === 'string' ? value : String(value ?? ''));
   };
 
   const updateCollectionModeView = () => {