@flowerforce/flowerbase 1.7.6-beta.0 → 1.7.6-beta.1

package/dist/services/mongodb-atlas/index.js

@@ -32,6 +32,7 @@ const utils_1 = require("../../monitoring/utils");
 const machines_1 = require("../../utils/roles/machines");
 const utils_2 = require("../../utils/roles/machines/utils");
 const monitoring_1 = require("../monitoring");
+const constants_1 = require("../../constants");
 const model_1 = require("./model");
 const utils_3 = require("./utils");
 //TODO aggiungere no-sql inject security
@@ -333,8 +334,9 @@ const areUpdatedFieldsAllowed = (filtered, updated, updatedPaths) => {
         return (0, isEqual_1.default)(filtered, updated);
     return updatedPaths.every((path) => (0, isEqual_1.default)((0, get_1.default)(filtered, path), (0, get_1.default)(updated, path)));
 };
-const getOperators = (collection, { rules, collName, user, run_as_system, monitoringOrigin }) => {
+const getOperators = (mongo, { rules, dbName, collName, user, run_as_system, monitoringOrigin }) => {
     var _a, _b;
+    const collection = mongo.client.db(dbName).collection(collName);
     const normalizedRules = rules !== null && rules !== void 0 ? rules : {};
     const collectionRules = normalizedRules[collName];
     const filters = (_a = collectionRules === null || collectionRules === void 0 ? void 0 : collectionRules.filters) !== null && _a !== void 0 ? _a : [];
@@ -852,6 +854,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system, monito
          * This allows fine-grained control over what change events a user can observe, based on roles and filters.
          */
         watch: (pipelineOrOptions = [], options) => {
+            const changestreamCollection = mongo[constants_1.CHANGESTREAM].client.db(dbName).collection(collName);
             try {
                 const { pipeline, options: watchOptions, extraMatches } = resolveWatchArgs(pipelineOrOptions, options);
                 if (!run_as_system) {
@@ -867,7 +870,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system, monito
                         }
                         : undefined;
                     const formattedPipeline = [firstStep, ...extraMatches, ...pipeline].filter(Boolean);
-                    const result = collection.watch(formattedPipeline, watchOptions);
+                    const result = changestreamCollection.watch(formattedPipeline, watchOptions);
                     const originalOn = result.on.bind(result);
                     /**
                      * Validates a change event against the user's roles.
@@ -917,7 +920,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system, monito
                     return result;
                 }
                 // System mode: no filtering applied
-                const result = collection.watch([...extraMatches, ...pipeline], watchOptions);
+                const result = changestreamCollection.watch([...extraMatches, ...pipeline], watchOptions);
                 emitMongoEvent('watch');
                 return result;
             }
@@ -1138,11 +1141,10 @@ const MongodbAtlas = (app, { rules, user, run_as_system, monitoring } = {}) => (
     db: (dbName) => {
         return {
             collection: (collName) => {
-                const mongoClient = app.mongo.client;
-                const collection = mongoClient.db(dbName).collection(collName);
-                return getOperators(collection, {
-                    rules,
+                return getOperators(app.mongo, {
+                    dbName,
                     collName,
+                    rules,
                     user,
                     run_as_system,
                     monitoringOrigin: monitoring === null || monitoring === void 0 ? void 0 : monitoring.invokedFrom

package/dist/services/mongodb-atlas/model.d.ts

@@ -22,10 +22,11 @@ export type GetValidRuleParams<T extends Role | Filter> = {
     record?: WithId<Document> | Document | null;
 };
 type Method<T extends keyof Collection<Document>> = Collection<Document>[T];
-export type GetOperatorsFunction = (collection: Collection<Document>, { rules, collName, user, run_as_system, monitoringOrigin }: {
+export type GetOperatorsFunction = (mongoInstance: FastifyInstance["mongo"], { rules, dbName, collName, user, run_as_system, monitoringOrigin }: {
     user?: User;
     rules?: Rules;
     run_as_system?: boolean;
+    dbName: string;
     collName: string;
     monitoringOrigin?: string;
 }) => {

package/dist/services/mongodb-atlas/model.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"model.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,uBAAuB,EACvB,cAAc,EACd,WAAW,EACX,MAAM,IAAI,WAAW,EACrB,YAAY,EACZ,MAAM,EACP,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AACtC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAA;AAElD,MAAM,MAAM,oBAAoB,GAAG,CACjC,GAAG,EAAE,eAAe,EACpB,EACE,KAAK,EACL,IAAI,EACJ,aAAa,EACb,UAAU,EACX,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,UAAU,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CACtC,KACE;IACH,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK;QACtB,UAAU,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,UAAU,CAAC,oBAAoB,CAAC,CAAA;KACnE,CAAA;IACD,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,oBAAoB,KAAK,aAAa,CAAA;CAChE,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,IAAI,GAAG,MAAM,IAAI;IACxD,OAAO,EAAE,CAAC,EAAE,CAAA;IACZ,IAAI,EAAE,IAAI,CAAA;IACV,MAAM,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,IAAI,CAAA;CAC5C,CAAA;AACD,KAAK,MAAM,CAAC,CAAC,SAAS,MAAM,UAAU,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;AAE3E,MAAM,MAAM,oBAAoB,GAAG,CACjC,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,EAChC,EACE,KAAK,EACL,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,gBAAgB,EACjB,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,KACE;IACH,gBAAgB,EAAE,CAChB,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC7B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,GAAG,QAAQ,EAAE,EAC3C,OAAO,CAAC,EAAE,sCAAsC,KAC7C,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAA;IAC7B,OAAO,EAAE,CACP,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,cAAc,KACrB,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;IAClC,SAAS,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IAC1F,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,IAAI,EAAE,CACJ,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,WAAW,KAClB,UAAU,CAAA;IACf,KAAK,EAAE,CACL,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,cAAc,EAAE,CACd,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAC9E,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,KAC/D,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,sCAAsC,GAAG,uBAAuB,GAAG;IAC7E,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B,CAAA;AAGD,oBAAY,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,MAAM,WAAW;CAElB"}
+{"version":3,"file":"model.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/model.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,QAAQ,EACR,UAAU,EACV,uBAAuB,EACvB,cAAc,EACd,WAAW,EACX,MAAM,IAAI,WAAW,EACrB,YAAY,EACZ,MAAM,EACP,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AACtC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,gCAAgC,CAAA;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,6BAA6B,CAAA;AAElD,MAAM,MAAM,oBAAoB,GAAG,CACjC,GAAG,EAAE,eAAe,EACpB,EACE,KAAK,EACL,IAAI,EACJ,aAAa,EACb,UAAU,EACX,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,UAAU,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CACtC,KACE;IACH,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK;QACtB,UAAU,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,UAAU,CAAC,oBAAoB,CAAC,CAAA;KACnE,CAAA;IACD,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,oBAAoB,KAAK,aAAa,CAAA;CAChE,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,IAAI,GAAG,MAAM,IAAI;IACxD,OAAO,EAAE,CAAC,EAAE,CAAA;IACZ,IAAI,EAAE,IAAI,CAAA;IACV,MAAM,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,QAAQ,GAAG,IAAI,CAAA;CAC5C,CAAA;AACD,KAAK,MAAM,CAAC,CAAC,SAAS,MAAM,UAAU,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;AAE3E,MAAM,MAAM,oBAAoB,GAAG,CACjC,aAAa,EAAE,eAAe,CAAC,OAAO,CAAC,EACvC,EACE,KAAK,EACL,MAAM,EACN,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,gBAAgB,EACjB,EAAE;IACD,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,KACE;IACH,gBAAgB,EAAE,CAChB,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC7B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,GAAG,QAAQ,EAAE,EAC3C,OAAO,CAAC,EAAE,sCAAsC,KAC7C,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAA;IAC7B,OAAO,EAAE,CACP,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,cAAc,KACrB,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAA;IAClC,SAAS,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IAC1F,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,KACvC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,IAAI,EAAE,CACJ,MAAM,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,EAC9B,UAAU,CAAC,EAAE,QAAQ,EACrB,OAAO,CAAC,EAAE,WAAW,KAClB,UAAU,CAAA;IACf,KAAK,EAAE,CACL,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,cAAc,EAAE,CACd,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAC5C,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAC9E,SAAS,EAAE,CACT,GAAG,MAAM,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,KAC/D,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;IACpC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IACrC,UAAU,EAAE,CACV,GAAG,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KACxC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,sCAAsC,GAAG,uBAAuB,GAAG;IAC7E,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B,CAAA;AAGD,oBAAY,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,MAAM,WAAW;CAElB"}

package/dist/utils/index.d.ts

@@ -1,3 +1,4 @@
 export declare const readFileContent: (filePath: string) => string;
 export declare const readJsonContent: (filePath: string) => unknown;
+export declare const recursivelyCollectFiles: (dir: string) => string[];
 //# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,WAAuC,CAAA;AACvF,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,KACL,OAAO,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,WAAuC,CAAA;AACvF,eAAO,MAAM,eAAe,GAAI,UAAU,MAAM,KACL,OAAO,CAAA;AAElD,eAAO,MAAM,uBAAuB,GAAI,KAAK,MAAM,KAAG,MAAM,EAQ3D,CAAA"}

package/dist/utils/index.js

@@ -3,9 +3,20 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.readJsonContent = exports.readFileContent = void 0;
-const fs_1 = __importDefault(require("fs"));
-const readFileContent = (filePath) => fs_1.default.readFileSync(filePath, 'utf-8');
+exports.recursivelyCollectFiles = exports.readJsonContent = exports.readFileContent = void 0;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const readFileContent = (filePath) => node_fs_1.default.readFileSync(filePath, 'utf-8');
 exports.readFileContent = readFileContent;
 const readJsonContent = (filePath) => JSON.parse((0, exports.readFileContent)(filePath));
 exports.readJsonContent = readJsonContent;
+const recursivelyCollectFiles = (dir) => {
+    return node_fs_1.default.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
+        const fullPath = node_path_1.default.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            return (0, exports.recursivelyCollectFiles)(fullPath);
+        }
+        return entry.isFile() ? [fullPath] : [];
+    });
+};
+exports.recursivelyCollectFiles = recursivelyCollectFiles;

package/dist/utils/initializer/mongodbCSFLE.d.ts

@@ -0,0 +1,69 @@
+import { UUID, type Document, type AWSEncryptionKeyOptions, type AWSKMSProviderConfiguration, type AzureEncryptionKeyOptions, type AzureKMSProviderConfiguration, type GCPKMSProviderConfiguration, type GCPEncryptionKeyOptions, type KMIPKMSProviderConfiguration, type KMIPEncryptionKeyOptions, type LocalKMSProviderConfiguration, type AutoEncryptionExtraOptions, type AutoEncryptionOptions } from "mongodb";
+import { type EncryptionSchemas } from "../../features/encryption/interface";
+type KMSProviderConfig = {
+    /**
+     * The alias of the key. It must be referenced in the schema map
+     * to select which key to use for encryption.
+     */
+    keyAlias: string;
+    /**
+     * KMS Provider name.
+     */
+    provider: "aws";
+    /**
+     * KMS Provider specific authorization configuration.
+     */
+    config: AWSKMSProviderConfiguration;
+    /**
+     * Configuration of the master key.
+     */
+    masterKey: AWSEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "azure";
+    config: AzureKMSProviderConfiguration;
+    masterKey: AzureEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "gcp";
+    config: GCPKMSProviderConfiguration;
+    masterKey: GCPEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "kmip";
+    config: KMIPKMSProviderConfiguration;
+    masterKey: KMIPEncryptionKeyOptions;
+} | {
+    keyAlias: string;
+    provider: "local";
+    config: LocalKMSProviderConfiguration;
+};
+export type MongoDbEncryptionConfig = {
+    kmsProviders: KMSProviderConfig[];
+    /**
+     * The Key Vault database name
+     * @default encryption
+     */
+    keyVaultDb?: string;
+    /**
+   * The Key Vault database collection
+   * @default __keyVault
+   */
+    keyVaultCollection?: string;
+    extraOptions?: AutoEncryptionExtraOptions;
+};
+type DataKey = {
+    dataKeyId: UUID;
+    dataKeyAlias: string;
+};
+export declare const buildSchemaMap: (schemas: EncryptionSchemas, dataKeys: DataKey[]) => Record<string, Document>;
+/**
+ * Setup MongoDB Client-Side Field Level Encryption (CSFLE).
+ * @see https://www.mongodb.com/docs/manual/core/csfle
+ */
+export declare const setupMongoDbCSFLE: (config: MongoDbEncryptionConfig & {
+    mongodbUrl: string;
+    schemas?: EncryptionSchemas;
+}) => Promise<AutoEncryptionOptions>;
+export {};
+//# sourceMappingURL=mongodbCSFLE.d.ts.map

package/dist/utils/initializer/mongodbCSFLE.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mongodbCSFLE.d.ts","sourceRoot":"","sources":["../../../src/utils/initializer/mongodbCSFLE.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,IAAI,EAEJ,KAAK,QAAQ,EACb,KAAK,uBAAuB,EAC5B,KAAK,2BAA2B,EAChC,KAAK,yBAAyB,EAC9B,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAChC,KAAK,uBAAuB,EAC5B,KAAK,4BAA4B,EACjC,KAAK,wBAAwB,EAC7B,KAAK,6BAA6B,EAClC,KAAK,0BAA0B,EAE/B,KAAK,qBAAqB,EAC3B,MAAM,SAAS,CAAC;AACjB,OAAO,EAAoF,KAAK,iBAAiB,EAAE,MAAM,qCAAqC,CAAC;AAG/J,KAAK,iBAAiB,GAClB;IACA;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,QAAQ,EAAE,KAAK,CAAA;IACf;;OAEG;IACH,MAAM,EAAE,2BAA2B,CAAA;IACnC;;OAEG;IACH,SAAS,EAAE,uBAAuB,CAAA;CACnC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,6BAA6B,CAAC;IACtC,SAAS,EAAE,yBAAyB,CAAA;CACrC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,KAAK,CAAA;IACf,MAAM,EAAE,2BAA2B,CAAC;IACpC,SAAS,EAAE,uBAAuB,CAAA;CACnC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,4BAA4B,CAAC;IACrC,SAAS,EAAE,wBAAwB,CAAA;CACpC,GAAG;IACF,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,6BAA6B,CAAC;CACvC,CAAA;AAEH,MAAM,MAAM,uBAAuB,GAAG;IACpC,YAAY,EAAE,iBAAiB,EAAE,CAAC;IAClC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;;;KAGC;IACD,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,YAAY,CAAC,EAAE,0BAA0B,CAAA;CAC1C,CAAA;AAOD,KAAK,OAAO,GAAG;IAAE,SAAS,EAAE,IAAI,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAA;AAkFxD,eAAO,MAAM,cAAc,GAAI,SAAS,iBAAiB,EAAE,UAAU,OAAO,EAAE,6BAK7E,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAC5B,QAAQ,uBAAuB,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,iBAAiB,CAAA;CAAE,KACpF,OAAO,CAAC,qBAAqB,CA8C/B,CAAA"}

package/dist/utils/initializer/mongodbCSFLE.js

@@ -0,0 +1,131 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setupMongoDbCSFLE = exports.buildSchemaMap = void 0;
+const mongodb_1 = require("mongodb");
+const constants_1 = require("../../constants");
+function ensureUniqueKeyAltNameIndex(db, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield db.collection(config.keyVaultCollection).createIndex({ keyAltNames: 1 }, {
+            unique: true,
+            partialFilterExpression: { keyAltNames: { $exists: true } },
+        });
+    });
+}
+/**
+ * Ensure provided KMS Providers DEK keys exist in the key vault. If not, they are created.
+ */
+function ensureDataEncryptionKeys(clientEncryption, keyVaultDb, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const keys = [];
+        for (const kmsProvider of config.kmsProviders) {
+            const existingKey = yield keyVaultDb.collection(config.keyVaultCollection).findOne({
+                keyAltNames: kmsProvider.keyAlias,
+            });
+            if ((existingKey === null || existingKey === void 0 ? void 0 : existingKey._id) instanceof mongodb_1.Binary) {
+                keys.push({ dataKeyId: existingKey._id, dataKeyAlias: kmsProvider.keyAlias });
+                continue;
+            }
+            const dataKeyId = yield clientEncryption.createDataKey(kmsProvider.provider, {
+                masterKey: "masterKey" in kmsProvider ? kmsProvider.masterKey : undefined,
+                keyAltNames: [kmsProvider.keyAlias],
+            });
+            console.log(`[MongoDB Encryption] Created new key with alias ${kmsProvider.keyAlias}`);
+            keys.push({ dataKeyId, dataKeyAlias: kmsProvider.keyAlias });
+        }
+        return keys;
+    });
+}
+/**
+ * Recursively resolve key aliases in an encryption schema to their corresponding key IDs.
+ */
+const resolveKeyAliases = (schema, dataKeys) => {
+    var _a, _b;
+    if ("encrypt" in schema) {
+        if (!schema.encrypt.keyAlias) {
+            return schema;
+        }
+        const keyId = (_a = dataKeys.find(k => k.dataKeyAlias === schema.encrypt.keyAlias)) === null || _a === void 0 ? void 0 : _a.dataKeyId;
+        if (!keyId) {
+            throw new Error(`Key with alias ${schema.encrypt.keyAlias} could not be found in the Key Vault.`);
+        }
+        return {
+            encrypt: {
+                bsonType: schema.encrypt.bsonType,
+                algorithm: schema.encrypt.algorithm,
+                keyId: [keyId]
+            }
+        };
+    }
+    const mappedSchema = {
+        bsonType: "object",
+        properties: Object.entries(schema.properties).reduce((acc, [property, config]) => {
+            acc[property] = resolveKeyAliases(config, dataKeys);
+            return acc;
+        }, {})
+    };
+    if (schema.encryptMetadata) {
+        const keyId = (_b = dataKeys.find(k => k.dataKeyAlias === schema.encryptMetadata.keyAlias)) === null || _b === void 0 ? void 0 : _b.dataKeyId;
+        if (!keyId) {
+            throw new Error(`Key with alias ${schema.encryptMetadata.keyAlias} could not be found in the Key Vault.`);
+        }
+        mappedSchema.encryptMetadata = { keyId: [keyId] };
+    }
+    return mappedSchema;
+};
+const buildSchemaMap = (schemas, dataKeys) => {
+    return Object.entries(schemas).reduce((acc, [key, schema]) => {
+        acc[key] = resolveKeyAliases(schema, dataKeys);
+        return acc;
+    }, {});
+};
+exports.buildSchemaMap = buildSchemaMap;
+/**
+ * Setup MongoDB Client-Side Field Level Encryption (CSFLE).
+ * @see https://www.mongodb.com/docs/manual/core/csfle
+ */
+const setupMongoDbCSFLE = (config) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b;
+    if (config.kmsProviders.length === 0) {
+        throw new Error('At least one KMS Provider is required when using MongoDB encryption');
+    }
+    const requiredConfig = {
+        kmsProviders: config.kmsProviders,
+        keyVaultDb: (_a = config.keyVaultDb) !== null && _a !== void 0 ? _a : constants_1.DEFAULT_CONFIG.MONGODB_ENCRYPTION_CONFIG.keyVaultDb,
+        keyVaultCollection: (_b = config.keyVaultDb) !== null && _b !== void 0 ? _b : constants_1.DEFAULT_CONFIG.MONGODB_ENCRYPTION_CONFIG.keyVaultCollection,
+    };
+    const kmsProviders = requiredConfig.kmsProviders.reduce((acc, { provider, config }) => (Object.assign(Object.assign({}, acc), { [provider]: config })), {});
+    const keyVaultNamespace = `${requiredConfig.keyVaultDb}.${requiredConfig.keyVaultCollection}`;
+    const keyVaultClient = new mongodb_1.MongoClient(config.mongodbUrl, {
+        maxPoolSize: 1,
+        autoEncryption: {
+            keyVaultNamespace,
+            kmsProviders,
+            extraOptions: config.extraOptions
+        }
+    });
+    yield keyVaultClient.connect();
+    const keyVaultDb = keyVaultClient.db(requiredConfig.keyVaultDb);
+    yield ensureUniqueKeyAltNameIndex(keyVaultDb, requiredConfig);
+    const clientEncryption = new mongodb_1.ClientEncryption(keyVaultClient, {
+        keyVaultNamespace,
+        kmsProviders,
+    });
+    const dataKeys = yield ensureDataEncryptionKeys(clientEncryption, keyVaultDb, requiredConfig);
+    yield keyVaultClient.close();
+    return {
+        keyVaultNamespace,
+        kmsProviders,
+        schemaMap: config.schemas ? (0, exports.buildSchemaMap)(config.schemas, dataKeys) : undefined,
+        extraOptions: config.extraOptions
+    };
+});
+exports.setupMongoDbCSFLE = setupMongoDbCSFLE;

package/dist/utils/initializer/registerPlugins.d.ts

@@ -1,6 +1,8 @@
 import { FastifyInstance } from 'fastify';
 import { CorsConfig } from '../../';
 import { Functions } from '../../features/functions/interface';
+import { EncryptionSchemas } from '../../features/encryption/interface';
+import { MongoDbEncryptionConfig } from './mongodbCSFLE';
 type RegisterFunction = FastifyInstance['register'];
 type RegisterPluginsParams = {
     register: RegisterFunction;
@@ -8,6 +10,8 @@ type RegisterPluginsParams = {
     jwtSecret: string;
     functionsList: Functions;
     corsConfig?: CorsConfig;
+    encryptionSchemas?: EncryptionSchemas;
+    mongodbEncryptionConfig?: MongoDbEncryptionConfig;
 };
 /**
  * > Used to register all plugins
@@ -16,6 +20,6 @@ type RegisterPluginsParams = {
  * @param jwtSecret -> connection jwt
  * @tested
  */
-export declare const registerPlugins: ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig }: RegisterPluginsParams) => Promise<void>;
+export declare const registerPlugins: ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig, mongodbEncryptionConfig, encryptionSchemas }: RegisterPluginsParams) => Promise<void>;
 export {};
 //# sourceMappingURL=registerPlugins.d.ts.map

package/dist/utils/initializer/registerPlugins.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registerPlugins.d.ts","sourceRoot":"","sources":["../../../src/utils/initializer/registerPlugins.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAOnC,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAA;AAG9D,KAAK,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAA;AAGnD,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,SAAS,CAAA;IACxB,UAAU,CAAC,EAAE,UAAU,CAAA;CACxB,CAAA;AAQD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAU,gEAMnC,qBAAqB,kBAsBvB,CAAA"}
+{"version":3,"file":"registerPlugins.d.ts","sourceRoot":"","sources":["../../../src/utils/initializer/registerPlugins.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAEzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAOnC,OAAO,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAA;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,qCAAqC,CAAA;AAEvE,OAAO,EAAqB,uBAAuB,EAAE,MAAM,gBAAgB,CAAA;AAE3E,KAAK,gBAAgB,GAAG,eAAe,CAAC,UAAU,CAAC,CAAA;AAGnD,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,gBAAgB,CAAA;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,SAAS,CAAA;IACxB,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,uBAAuB,CAAC,EAAE,uBAAuB,CAAA;CAClD,CAAA;AAQD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAU,4GAQnC,qBAAqB,kBAwBvB,CAAA"}

package/dist/utils/initializer/registerPlugins.js

@@ -23,6 +23,7 @@ const controller_3 = require("../../auth/providers/custom-function/controller");
 const controller_4 = require("../../auth/providers/local-userpass/controller");
 const constants_1 = require("../../constants");
 const plugin_1 = __importDefault(require("../../monitoring/plugin"));
+const mongodbCSFLE_1 = require("./mongodbCSFLE");
 /**
  * > Used to register all plugins
  * @param register -> the fastify register method
@@ -30,13 +31,15 @@ const plugin_1 = __importDefault(require("../../monitoring/plugin"));
  * @param jwtSecret -> connection jwt
  * @tested
  */
-const registerPlugins = (_a) => __awaiter(void 0, [_a], void 0, function* ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig }) {
+const registerPlugins = (_a) => __awaiter(void 0, [_a], void 0, function* ({ register, mongodbUrl, jwtSecret, functionsList, corsConfig, mongodbEncryptionConfig, encryptionSchemas }) {
     try {
         const registersConfig = yield getRegisterConfig({
             mongodbUrl,
             jwtSecret,
             corsConfig,
-            functionsList
+            functionsList,
+            mongodbEncryptionConfig,
+            encryptionSchemas
         });
         registersConfig.forEach(({ plugin, options, pluginName }) => {
             try {
@@ -61,11 +64,14 @@ exports.registerPlugins = registerPlugins;
  * @param jwtSecret -> connection jwt
  * @testable
  */
-const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ mongodbUrl, jwtSecret, corsConfig }) {
+const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ mongodbUrl, jwtSecret, corsConfig, encryptionSchemas, mongodbEncryptionConfig, }) {
     const corsOptions = corsConfig !== null && corsConfig !== void 0 ? corsConfig : {
         origin: '*',
         methods: ['POST', 'GET']
     };
+    const autoEncryption = mongodbEncryptionConfig
+        ? yield (0, mongodbCSFLE_1.setupMongoDbCSFLE)(Object.assign({ mongodbUrl, schemas: encryptionSchemas }, mongodbEncryptionConfig))
+        : undefined;
     const baseConfig = [
         {
             pluginName: 'cors',
@@ -76,8 +82,24 @@ const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ m
             pluginName: 'fastifyMongodb',
             plugin: mongodb_1.default,
             options: {
+                url: mongodbUrl,
                 forceClose: true,
-                url: mongodbUrl
+                autoEncryption
+            }
+        },
+        /**
+         * When auto-encryption is active, add another MongoDB client with bypass for change streams.
+         * The $changeStream operator does not support automatic encryption, only decryption.
+         * @see https://www.mongodb.com/docs/manual/core/csfle/reference/supported-operations
+         */
+        autoEncryption && {
+            pluginName: 'fastifyMongodb',
+            plugin: mongodb_1.default,
+            options: {
+                name: "changestream",
+                url: mongodbUrl,
+                forceClose: true,
+                autoEncryption: Object.assign(Object.assign({}, autoEncryption), { bypassAutoEncryption: true })
             }
         },
         {
@@ -133,5 +155,5 @@ const getRegisterConfig = (_a) => __awaiter(void 0, [_a], void 0, function* ({ m
             options: { basePath: '/monit' }
         });
     }
-    return baseConfig;
+    return baseConfig.filter(Boolean);
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.7.6-beta.0",
+  "version": "1.7.6-beta.1",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -14,7 +14,8 @@
   "scripts": {
     "test": "npx jest",
     "build": "rm -rf dist/ && tsc",
-    "start": "node dist/src/index.ts"
+    "start": "node dist/src/index.ts",
+    "tsc:noemit": "tsc --noEmit"
   },
   "keywords": [],
   "author": "",
@@ -30,6 +31,7 @@
     "@fastify/swagger-ui": "^5.2.3",
     "@fastify/websocket": "^11.2.0",
     "bson": "^6.8.0",
+    "codemirror": "^5.65.16",
     "dotenv": "^16.4.7",
     "fastify": "^5.0.0",
     "fastify-plugin": "^5.0.1",

package/src/auth/providers/custom-function/controller.ts

@@ -32,10 +32,7 @@ export async function customFunctionController(app: FastifyInstance) {
   app.post<LoginDto>(
     AUTH_ENDPOINTS.LOGIN,
     {
-      schema: LOGIN_SCHEMA,
-      errorHandler: (_error, _request, reply) => {
-        reply.code(500).send({ message: 'Internal Server Error' })
-      }
+      schema: LOGIN_SCHEMA
     },
     async function (req, reply) {
       const customFunctionProvider = AUTH_CONFIG.authProviders?.['custom-function']
@@ -82,6 +79,7 @@ export async function customFunctionController(app: FastifyInstance) {
         }
       }) as CustomFunctionAuthResult
 
+
       if (!authResult.id) {
         reply.code(401).send({ message: 'Unauthorized' })
         return
@@ -130,7 +128,6 @@ export async function customFunctionController(app: FastifyInstance) {
           ...(user || {})
         }
       }
-
       const refreshToken = this.createRefreshToken(currentUserData)
       const refreshTokenHash = hashToken(refreshToken)
       await authDb.collection(refreshTokensCollection).insertOne({
@@ -140,15 +137,12 @@ export async function customFunctionController(app: FastifyInstance) {
         expiresAt: new Date(Date.now() + refreshTokenTtlMs),
         revokedAt: null
       })
-      const accessToken = this.createAccessToken(currentUserData)
-
-      const responsePayload = {
-        access_token: accessToken,
+      return {
+        access_token: this.createAccessToken(currentUserData),
         refresh_token: refreshToken,
         device_id: '',
         user_id: authUser._id.toString()
       }
-      reply.code(200).send(responsePayload)
     }
   )
 

package/src/constants.ts

@@ -57,6 +57,10 @@ export const DEFAULT_CONFIG = {
   CORS_OPTIONS: {
     origin: "*",
     methods: ["GET", "POST", "PUT", "DELETE"] as ALLOWED_METHODS[]
+  },
+  MONGODB_ENCRYPTION_CONFIG: {
+    keyVaultDb: "encryption",
+    keyVaultCollection: "__keyVault"
   }
 }
 export const API_VERSION = `/api/client/${DEFAULT_CONFIG.API_VERSION}`
@@ -82,9 +86,14 @@ export const AUTH_CONFIG = {
   }
 }
 
-
-
 export const S3_CONFIG = {
   ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,
   SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY
 }
+
+/**
+ * Name of the MongoDB client to use for change streams.
+ * This may be a separate instance because streams do not work
+ * when the main client has auto encryption enabled.
+ */
+export const CHANGESTREAM = "changestream"

package/src/features/encryption/interface.ts

@@ -0,0 +1,46 @@
+import type { UUID } from "mongodb"
+
+export type EncryptionSchemaProperty =
+  | EncryptionSchema
+  | {
+    encrypt: {
+      algorithm: string
+      bsonType: string
+      keyAlias?: string
+    }
+  }
+
+export type EncryptionSchema = {
+  bsonType: "object"
+  properties: Record<string, EncryptionSchemaProperty>
+  encryptMetadata?: {
+    keyAlias: string
+  },
+}
+
+
+export type MappedEncryptionSchemaProperty =
+  | MappedEncryptionSchema
+  | {
+    encrypt: {
+      algorithm: string
+      bsonType: string
+      keyId?: [UUID]
+    }
+  }
+
+export type MappedEncryptionSchema = {
+  bsonType: "object"
+  properties: Record<string, MappedEncryptionSchemaProperty>
+  encryptMetadata?: {
+    keyId: [UUID]
+  },
+}
+
+export type EncryptionSchemaFile = {
+  database: string
+  collection: string
+  schema: EncryptionSchema
+}
+
+export type EncryptionSchemas = Record<string, EncryptionSchema>

package/src/features/encryption/utils.ts

@@ -0,0 +1,22 @@
+import path from "node:path"
+import { readJsonContent, recursivelyCollectFiles } from "../../utils"
+import { EncryptionSchemaFile, EncryptionSchemas } from "./interface"
+
+/**
+ * @experimental
+ * Schemas used for Client-Side Level Encryption configuration.
+ *
+ * **Important:** These schemas do not perform JSON validation.
+ */
+export const loadEncryptionSchemas = async (rootDir = process.cwd()): Promise<EncryptionSchemas> => {
+  const schemasRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
+
+  const files = recursivelyCollectFiles(schemasRoot)
+  const schemaFiles = files.filter((x) => x.endsWith('encryption.json'))
+
+  return schemaFiles.reduce((acc, filePath) => {
+    const { collection, database, schema } = readJsonContent(filePath) as EncryptionSchemaFile
+    acc[`${database}.${collection}`] = schema
+    return acc
+  }, {} as EncryptionSchemas)
+}

package/src/features/rules/utils.ts

@@ -1,19 +1,9 @@
-import fs from 'fs'
 import path from 'node:path'
-import { readJsonContent } from '../../utils'
+import { readJsonContent, recursivelyCollectFiles } from '../../utils'
 import { Rules, RulesConfig } from './interface'
 
 export const loadRules = async (rootDir = process.cwd()): Promise<Rules> => {
   const rulesRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
-  const recursivelyCollectFiles = (dir: string): string[] => {
-    return fs.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
-      const fullPath = path.join(dir, entry.name)
-      if (entry.isDirectory()) {
-        return recursivelyCollectFiles(fullPath)
-      }
-      return entry.isFile() ? [fullPath] : []
-    })
-  }
   const files = recursivelyCollectFiles(rulesRoot)
   const rulesFiles = files.filter((x) => (x as string).endsWith('rules.json'))
 

package/src/features/triggers/index.ts

@@ -1,4 +1,4 @@
-import { AUTH_CONFIG, AUTH_DB_NAME } from '../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, CHANGESTREAM } from '../../constants'
 import { services } from '../../services'
 import { Function, Functions } from '../functions/interface'
 import { ActivateTriggersParams } from './dtos'
@@ -18,6 +18,10 @@ export const activateTriggers = async ({
 }: ActivateTriggersParams) => {
   console.log('START ACTIVATION TRIGGERS')
   try {
+    // Ensure the changestream MongoDB client exist, or use the main client
+    if (!fastify.mongo[CHANGESTREAM]) {
+      fastify.mongo[CHANGESTREAM] = fastify.mongo
+    }
     const triggersToActivate = [...triggersList]
     if (AUTH_CONFIG.on_user_creation_function_name) {
       const alreadyDeclared = triggersToActivate.some(