@flowerforce/flowerbase 1.7.6-beta.0 → 1.7.6-beta.2

package/README.md

@@ -265,8 +265,132 @@ Example
 ```
 If you're configuring the project from scratch, you can skip ahead to the [Build](#build) step.
 
---------
+## 🔐 7 Client-Side Field Level Encryption (CSFLE)
 
+Flowerbase supports MongoDB Client-Side Field Level Encryption. When enabled, sensitive fields are encrypted by the MongoDB driver before writing to MongoDB and decrypted automatically when reading.
+
+What Flowerbase does for you:
+
+- Loads all `encryption.json` files under `data_sources/mongodb-atlas/**`.
+- Builds the MongoDB `schemaMap` automatically from those files.
+- Resolves each `keyAlias` in your schemas to a real Data Encryption Key (DEK) `keyId`.
+- Ensures DEKs exist in the key vault (creates them if missing).
+- Configures Fastify MongoDB plugin `autoEncryption` with the generated `schemaMap`.
+
+### 1. Install encryption drivers
+
+Refer to the official MongoDB documentation for CSFLE installation requirements: https://www.mongodb.com/docs/manual/core/csfle/install.
+
+It is recommended to use the [**Automatic Encryption Shared Library**](https://www.mongodb.com/docs/manual/core/csfle/reference/install-library/?encryption-component=crypt_shared#std-label-csfle-reference-shared-library-download) instead of mongocryptd.
+
+Note that the project should also install [mongodb-client-encryption](https://www.npmjs.com/package/mongodb-client-encryption), matching the mongodb driver version.
+
+### 2. Add encryption schema files
+
+Create one `encryption.json` per collection you want to encrypt:
+
+Path example:
+
+```text
+src/data_sources/mongodb-atlas/<database>/<collection>/encryption.json
+```
+
+Example:
+
+```json
+{
+  "database": "appDb",
+  "collection": "records",
+  "schema": {
+    "bsonType": "object",
+    "encryptMetadata": {
+      "keyAlias": "root-key"
+    },
+    "properties": {
+      "protectedField1": {
+        "encrypt": {
+          "bsonType": "string",
+          "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Random"
+        }
+      },
+      "protectedField2": {
+        "encrypt": {
+          "bsonType": "string",
+          "algorithm": "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic",
+          "keyAlias": "deep-key"
+        }
+      }
+    }
+  }
+}
+```
+
+Notes:
+
+- `encryptMetadata.keyAlias` applies as default key for that object level.
+- `encrypt.keyAlias` overrides key selection for a specific field.
+- If a field has `encrypt` but no `keyAlias`, MongoDB uses nearest `encryptMetadata`.
+
+### 3. Pass `mongodbEncryptionConfig` to `initialize()`
+
+`initialize()` accepts `mongodbEncryptionConfig` to configure KMS providers and key vault settings.
+
+#### Local KMS provider example (development)
+
+```ts
+import { initialize } from "@flowerforce/flowerbase";
+
+await initialize({
+  projectId: "my-project-id",
+  mongodbUrl: process.env.MONGODB_URL,
+  jwtSecret: process.env.JWT_SECRET,
+  mongodbEncryptionConfig: {
+    kmsProviders: [
+      {
+        provider: "local",
+        keyAlias: "root-key",
+        config: {
+          // 96-byte local master key encoded as base64
+          key: process.env.LOCAL_MASTER_KEY_BASE64,
+        },
+      },
+      {
+        provider: "local",
+        keyAlias: "deep-key",
+        config: { key: process.env.LOCAL_MASTER_KEY_BASE64 },
+      },
+    ],
+    keyVaultDb: "encryption",
+    keyVaultCollection: "__keyVault",
+    extraOptions: {
+      // Optional: path to crypt shared library
+      // cryptSharedLibPath: '/opt/mongo_crypt_v1/lib/mongo_crypt_v1.so'
+    },
+  },
+});
+```
+
+#### AWS KMS provider example
+
+```ts
+mongodbEncryptionConfig: {
+  kmsProviders: [
+    {
+      provider: "aws",
+      keyAlias: "root-key",
+      config: {
+        accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+        secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+      },
+      masterKey: {
+        key: process.env.AWS_KMS_KEY_ARN,
+        region: process.env.AWS_REGION,
+      },
+    },
+  ];
+}
+```
+---
 
 <a id="migration"></a>
 ## 🔄 [Migration Guide](#migration) - Migrating Your Realm Project

package/dist/auth/providers/custom-function/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAUzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBA2IlE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAUzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBAqIlE"}

package/dist/auth/providers/custom-function/controller.js

@@ -38,10 +38,7 @@ function customFunctionController(app) {
          * @returns {Promise<Object>} A promise resolving with access and refresh tokens.
          */
         app.post(utils_1.AUTH_ENDPOINTS.LOGIN, {
-            schema: schema_1.LOGIN_SCHEMA,
-            errorHandler: (_error, _request, reply) => {
-                reply.code(500).send({ message: 'Internal Server Error' });
-            }
+            schema: schema_1.LOGIN_SCHEMA
         }, function (req, reply) {
             return __awaiter(this, void 0, void 0, function* () {
                 var _a, _b, _c;
@@ -123,14 +120,12 @@ function customFunctionController(app) {
                     expiresAt: new Date(Date.now() + refreshTokenTtlMs),
                     revokedAt: null
                 });
-                const accessToken = this.createAccessToken(currentUserData);
-                const responsePayload = {
-                    access_token: accessToken,
+                return {
+                    access_token: this.createAccessToken(currentUserData),
                     refresh_token: refreshToken,
                     device_id: '',
                     user_id: authUser._id.toString()
                 };
-                reply.code(200).send(responsePayload);
             });
         });
     });

package/dist/constants.d.ts

@@ -33,6 +33,10 @@ export declare const DEFAULT_CONFIG: {
         origin: string;
         methods: ALLOWED_METHODS[];
     };
+    MONGODB_ENCRYPTION_CONFIG: {
+        keyVaultDb: string;
+        keyVaultCollection: string;
+    };
 };
 export declare const API_VERSION: string;
 export declare const HTTPS_SCHEMA: string;
@@ -63,5 +67,11 @@ export declare const S3_CONFIG: {
     ACCESS_KEY_ID: string | undefined;
     SECRET_ACCESS_KEY: string | undefined;
 };
+/**
+ * Name of the MongoDB client to use for change streams.
+ * This may be a separate instance because streams do not work
+ * when the main client has auto encryption enabled.
+ */
+export declare const CHANGESTREAM = "changestream";
 export {};
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAsBpC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAmCsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AACpC,eAAO,MAAM,YAAY,QAAiC,CAAA;AAE1D,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAAA;AAE7E,eAAO,MAAM,WAAW;;;;;;;mBAOqB,aAAa;;;;;;;;;CAOzD,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAsBpC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAmCsB,eAAe,EAAE;;;;;;CAMjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AACpC,eAAO,MAAM,YAAY,QAAiC,CAAA;AAE1D,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAAA;AAE7E,eAAO,MAAM,WAAW;;;;;;;mBAOqB,aAAa;;;;;;;;;CAOzD,CAAA;AAED,eAAO,MAAM,SAAS;;;CAGrB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,YAAY,iBAAiB,CAAA"}

package/dist/constants.js

@@ -12,7 +12,7 @@ var __rest = (this && this.__rest) || function (s, e) {
 };
 var _a, _b, _c, _d, _e, _f, _g, _h;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.S3_CONFIG = exports.AUTH_CONFIG = exports.AUTH_DB_NAME = exports.DB_NAME = exports.HTTPS_SCHEMA = exports.API_VERSION = exports.DEFAULT_CONFIG = void 0;
+exports.CHANGESTREAM = exports.S3_CONFIG = exports.AUTH_CONFIG = exports.AUTH_DB_NAME = exports.DB_NAME = exports.HTTPS_SCHEMA = exports.API_VERSION = exports.DEFAULT_CONFIG = void 0;
 const utils_1 = require("./auth/utils");
 const parseBoolean = (value) => {
     if (!value)
@@ -63,6 +63,10 @@ exports.DEFAULT_CONFIG = {
     CORS_OPTIONS: {
         origin: "*",
         methods: ["GET", "POST", "PUT", "DELETE"]
+    },
+    MONGODB_ENCRYPTION_CONFIG: {
+        keyVaultDb: "encryption",
+        keyVaultCollection: "__keyVault"
     }
 };
 exports.API_VERSION = `/api/client/${exports.DEFAULT_CONFIG.API_VERSION}`;
@@ -89,3 +93,9 @@ exports.S3_CONFIG = {
     ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,
     SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY
 };
+/**
+ * Name of the MongoDB client to use for change streams.
+ * This may be a separate instance because streams do not work
+ * when the main client has auto encryption enabled.
+ */
+exports.CHANGESTREAM = "changestream";

package/dist/features/encryption/interface.d.ts

@@ -0,0 +1,36 @@
+import type { UUID } from "mongodb";
+export type EncryptionSchemaProperty = EncryptionSchema | {
+    encrypt: {
+        algorithm: string;
+        bsonType: string;
+        keyAlias?: string;
+    };
+};
+export type EncryptionSchema = {
+    bsonType: "object";
+    properties: Record<string, EncryptionSchemaProperty>;
+    encryptMetadata?: {
+        keyAlias: string;
+    };
+};
+export type MappedEncryptionSchemaProperty = MappedEncryptionSchema | {
+    encrypt: {
+        algorithm: string;
+        bsonType: string;
+        keyId?: [UUID];
+    };
+};
+export type MappedEncryptionSchema = {
+    bsonType: "object";
+    properties: Record<string, MappedEncryptionSchemaProperty>;
+    encryptMetadata?: {
+        keyId: [UUID];
+    };
+};
+export type EncryptionSchemaFile = {
+    database: string;
+    collection: string;
+    schema: EncryptionSchema;
+};
+export type EncryptionSchemas = Record<string, EncryptionSchema>;
+//# sourceMappingURL=interface.d.ts.map

package/dist/features/encryption/interface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/features/encryption/interface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AAEnC,MAAM,MAAM,wBAAwB,GAChC,gBAAgB,GAChB;IACA,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,QAAQ,EAAE,MAAM,CAAA;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAA;KAClB,CAAA;CACF,CAAA;AAEH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAA;IACpD,eAAe,CAAC,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAA;KACjB,CAAC;CACH,CAAA;AAGD,MAAM,MAAM,8BAA8B,GACtC,sBAAsB,GACtB;IACA,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAA;QACjB,QAAQ,EAAE,MAAM,CAAA;QAChB,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAA;KACf,CAAA;CACF,CAAA;AAEH,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,8BAA8B,CAAC,CAAA;IAC1D,eAAe,CAAC,EAAE;QAChB,KAAK,EAAE,CAAC,IAAI,CAAC,CAAA;KACd,CAAC;CACH,CAAA;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,gBAAgB,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAA"}

package/dist/features/encryption/interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/features/encryption/utils.d.ts

@@ -0,0 +1,9 @@
+import { EncryptionSchemas } from "./interface";
+/**
+ * @experimental
+ * Schemas used for Client-Side Level Encryption configuration.
+ *
+ * **Important:** These schemas do not perform JSON validation.
+ */
+export declare const loadEncryptionSchemas: (rootDir?: string) => Promise<EncryptionSchemas>;
+//# sourceMappingURL=utils.d.ts.map

package/dist/features/encryption/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/encryption/utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAwB,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAErE;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,GAAU,gBAAuB,KAAG,OAAO,CAAC,iBAAiB,CAW9F,CAAA"}

package/dist/features/encryption/utils.js

@@ -0,0 +1,34 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadEncryptionSchemas = void 0;
+const node_path_1 = __importDefault(require("node:path"));
+const utils_1 = require("../../utils");
+/**
+ * @experimental
+ * Schemas used for Client-Side Level Encryption configuration.
+ *
+ * **Important:** These schemas do not perform JSON validation.
+ */
+const loadEncryptionSchemas = (...args_1) => __awaiter(void 0, [...args_1], void 0, function* (rootDir = process.cwd()) {
+    const schemasRoot = node_path_1.default.join(rootDir, 'data_sources', 'mongodb-atlas');
+    const files = (0, utils_1.recursivelyCollectFiles)(schemasRoot);
+    const schemaFiles = files.filter((x) => x.endsWith('encryption.json'));
+    return schemaFiles.reduce((acc, filePath) => {
+        const { collection, database, schema } = (0, utils_1.readJsonContent)(filePath);
+        acc[`${database}.${collection}`] = schema;
+        return acc;
+    }, {});
+});
+exports.loadEncryptionSchemas = loadEncryptionSchemas;

package/dist/features/functions/controller.d.ts

@@ -1,6 +1,8 @@
+import type { Document } from 'mongodb';
 import { FunctionController } from './interface';
 export declare const mapWatchFilterToChangeStreamMatch: (value: unknown) => unknown;
 export declare const mapWatchFilterToDocumentQuery: (value: unknown) => unknown;
+export declare const shouldSkipReadabilityLookupForChange: (change: Document) => boolean;
 /**
  * > Creates a pre handler for every query
  * @param app -> the fastify instance

package/dist/features/functions/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../src/features/functions/controller.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAmHhD,eAAO,MAAM,iCAAiC,GAAI,OAAO,OAAO,KAAG,OA0BlE,CAAA;AAID,eAAO,MAAM,6BAA6B,GAAI,OAAO,OAAO,KAAG,OAgD9D,CAAA;AAqHD;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,EAAE,kBAoRjC,CAAA"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../src/features/functions/controller.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAIvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAmHhD,eAAO,MAAM,iCAAiC,GAAI,OAAO,OAAO,KAAG,OA0BlE,CAAA;AAID,eAAO,MAAM,6BAA6B,GAAI,OAAO,OAAO,KAAG,OAgD9D,CAAA;AAqHD,eAAO,MAAM,oCAAoC,GAAI,QAAQ,QAAQ,YAClC,CAAA;AAEnC;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,EAAE,kBAyRjC,CAAA"}

package/dist/features/functions/controller.js

@@ -20,7 +20,7 @@ var __rest = (this && this.__rest) || function (s, e) {
     return t;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.functionsController = exports.mapWatchFilterToDocumentQuery = exports.mapWatchFilterToChangeStreamMatch = void 0;
+exports.functionsController = exports.shouldSkipReadabilityLookupForChange = exports.mapWatchFilterToDocumentQuery = exports.mapWatchFilterToChangeStreamMatch = void 0;
 const bson_1 = require("bson");
 const services_1 = require("../../services");
 const context_1 = require("../../utils/context");
@@ -262,6 +262,8 @@ const isReadableDocumentResult = (value) => !!value &&
     typeof value === 'object' &&
     !Array.isArray(value) &&
     Object.keys(value).length > 0;
+const shouldSkipReadabilityLookupForChange = (change) => change.operationType === 'delete';
+exports.shouldSkipReadabilityLookupForChange = shouldSkipReadabilityLookupForChange;
 /**
  * > Creates a pre handler for every query
  * @param app -> the fastify instance
@@ -431,6 +433,10 @@ const functionsController = (app_1, _a) => __awaiter(void 0, [app_1, _a], void 0
                     const docId = (_b = (_a = change === null || change === void 0 ? void 0 : change.documentKey) === null || _a === void 0 ? void 0 : _a._id) !== null && _b !== void 0 ? _b : (_c = change === null || change === void 0 ? void 0 : change.fullDocument) === null || _c === void 0 ? void 0 : _c._id;
                     if (typeof docId === 'undefined')
                         return;
+                    if ((0, exports.shouldSkipReadabilityLookupForChange)(change)) {
+                        subscriberRes.write(`data: ${serializeEjson(change)}\n\n`);
+                        return;
+                    }
                     const readQuery = subscriber.documentFilter
                         ? { $and: [subscriber.documentFilter, { _id: docId }] }
                         : { _id: docId };

package/dist/features/rules/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/rules/utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,EAAe,MAAM,aAAa,CAAA;AAEhD,eAAO,MAAM,SAAS,GAAU,gBAAuB,KAAG,OAAO,CAAC,KAAK,CAsCtE,CAAA"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/rules/utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAe,MAAM,aAAa,CAAA;AAEhD,eAAO,MAAM,SAAS,GAAU,gBAAuB,KAAG,OAAO,CAAC,KAAK,CA6BtE,CAAA"}

package/dist/features/rules/utils.js

@@ -13,21 +13,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadRules = void 0;
-const fs_1 = __importDefault(require("fs"));
 const node_path_1 = __importDefault(require("node:path"));
 const utils_1 = require("../../utils");
 const loadRules = (...args_1) => __awaiter(void 0, [...args_1], void 0, function* (rootDir = process.cwd()) {
     const rulesRoot = node_path_1.default.join(rootDir, 'data_sources', 'mongodb-atlas');
-    const recursivelyCollectFiles = (dir) => {
-        return fs_1.default.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
-            const fullPath = node_path_1.default.join(dir, entry.name);
-            if (entry.isDirectory()) {
-                return recursivelyCollectFiles(fullPath);
-            }
-            return entry.isFile() ? [fullPath] : [];
-        });
-    };
-    const files = recursivelyCollectFiles(rulesRoot);
+    const files = (0, utils_1.recursivelyCollectFiles)(rulesRoot);
     const rulesFiles = files.filter((x) => x.endsWith('rules.json'));
     const removeEmptyFieldRules = (rulesConfig) => {
         var _a;

package/dist/features/triggers/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,sBAAsB,EAAE,MAAM,QAAQ,CAAA;AAG/C;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,GAAU,0CAIpC,sBAAsB,kBAqExB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,sBAAsB,EAAE,MAAM,QAAQ,CAAA;AAG/C;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,GAAU,0CAIpC,sBAAsB,kBAyExB,CAAA"}

package/dist/features/triggers/index.js

@@ -32,6 +32,10 @@ const activateTriggers = (_a) => __awaiter(void 0, [_a], void 0, function* ({ fa
     var _e;
     console.log('START ACTIVATION TRIGGERS');
     try {
+        // Ensure the changestream MongoDB client exist, or use the main client
+        if (!fastify.mongo[constants_1.CHANGESTREAM]) {
+            fastify.mongo[constants_1.CHANGESTREAM] = fastify.mongo;
+        }
         const triggersToActivate = [...triggersList];
         if (constants_1.AUTH_CONFIG.on_user_creation_function_name) {
             const alreadyDeclared = triggersToActivate.some((trigger) => {

package/dist/features/triggers/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/utils.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,aAAa,CAAA;AA0E9D;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAU,gBAAuB,KAAG,OAAO,CAAC,QAAQ,CAkB5E,CAAA;AA0nBD,eAAO,MAAM,gBAAgB;kHAnmB1B,aAAa;iHA2gBb,aAAa;uHA1Zb,aAAa;CAsff,CAAA"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/utils.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,aAAa,CAAA;AA0E9D;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAU,gBAAuB,KAAG,OAAO,CAAC,QAAQ,CAkB5E,CAAA;AA+mBD,eAAO,MAAM,gBAAgB;kHAxlB1B,aAAa;iHAggBb,aAAa;uHA/Yb,aAAa;CA2ef,CAAA"}

package/dist/features/triggers/utils.js

@@ -220,7 +220,7 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
     const { database, isAutoTrigger, operation_types = [], operation_type } = config;
     const providerFilter = normalizeProviders((_b = config.providers) !== null && _b !== void 0 ? _b : []);
     const authCollection = (_c = constants_1.AUTH_CONFIG.authCollection) !== null && _c !== void 0 ? _c : 'auth_users';
-    const collection = app.mongo.client.db(database || constants_1.AUTH_DB_NAME).collection(authCollection);
+    const collection = app.mongo[constants_1.CHANGESTREAM].client.db(database || constants_1.AUTH_DB_NAME).collection(authCollection);
     const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types;
     const normalizedOps = normalizeOperationTypes(operationCandidates);
     const baseMeta = {
@@ -252,14 +252,6 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
         if (shouldIgnoreStreamError(error))
             return;
         console.error('Authentication trigger change stream error', error);
-        emitTriggerEvent({
-            status: 'error',
-            triggerName,
-            triggerType,
-            functionName,
-            meta: Object.assign(Object.assign({}, baseMeta), { event: 'CHANGE_STREAM' }),
-            error
-        });
     });
     changeStream.on('change', function (change) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -329,6 +321,13 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                     updateDescription
                 };
                 try {
+                    emitTriggerEvent({
+                        status: 'fired',
+                        triggerName,
+                        triggerType,
+                        functionName,
+                        meta: Object.assign(Object.assign({}, baseMeta), { event: 'LOGOUT' })
+                    });
                     yield (0, context_1.GenerateContext)({
                         args: [Object.assign({ user: userData }, op)],
                         app,
@@ -340,13 +339,6 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                         services,
                         runAsSystem: true
                     });
-                    emitTriggerEvent({
-                        status: 'fired',
-                        triggerName,
-                        triggerType,
-                        functionName,
-                        meta: Object.assign(Object.assign({}, baseMeta), { event: 'LOGOUT' })
-                    });
                 }
                 catch (error) {
                     emitTriggerEvent({
@@ -381,6 +373,13 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                     updateDescription
                 };
                 try {
+                    emitTriggerEvent({
+                        status: 'fired',
+                        triggerName,
+                        triggerType,
+                        functionName,
+                        meta: Object.assign(Object.assign({}, baseMeta), { event: 'DELETE' })
+                    });
                     yield (0, context_1.GenerateContext)({
                         args: isAutoTrigger ? [userData] : [Object.assign({ user: userData }, op)],
                         app,
@@ -392,13 +391,6 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                         services,
                         runAsSystem: true
                     });
-                    emitTriggerEvent({
-                        status: 'fired',
-                        triggerName,
-                        triggerType,
-                        functionName,
-                        meta: Object.assign(Object.assign({}, baseMeta), { event: 'DELETE' })
-                    });
                 }
                 catch (error) {
                     emitTriggerEvent({
@@ -435,6 +427,13 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                     updateDescription
                 };
                 try {
+                    emitTriggerEvent({
+                        status: 'fired',
+                        triggerName,
+                        triggerType,
+                        functionName,
+                        meta: Object.assign(Object.assign({}, baseMeta), { event: 'UPDATE' })
+                    });
                     yield (0, context_1.GenerateContext)({
                         args: isAutoTrigger ? [userData] : [Object.assign({ user: userData }, op)],
                         app,
@@ -446,13 +445,6 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                         services,
                         runAsSystem: true
                     });
-                    emitTriggerEvent({
-                        status: 'fired',
-                        triggerName,
-                        triggerType,
-                        functionName,
-                        meta: Object.assign(Object.assign({}, baseMeta), { event: 'UPDATE' })
-                    });
                 }
                 catch (error) {
                     emitTriggerEvent({
@@ -526,6 +518,13 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 updateDescription
             };
             try {
+                emitTriggerEvent({
+                    status: 'fired',
+                    triggerName,
+                    triggerType,
+                    functionName,
+                    meta: Object.assign(Object.assign({}, baseMeta), { event: 'CREATE' })
+                });
                 yield (0, context_1.GenerateContext)({
                     args: isAutoTrigger ? [userData] : [Object.assign({ user: userData }, op)],
                     app,
@@ -537,13 +536,6 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                     services,
                     runAsSystem: true
                 });
-                emitTriggerEvent({
-                    status: 'fired',
-                    triggerName,
-                    triggerType,
-                    functionName,
-                    meta: Object.assign(Object.assign({}, baseMeta), { event: 'CREATE' })
-                });
             }
             catch (error) {
                 emitTriggerEvent({
@@ -583,7 +575,7 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
 const handleDataBaseTrigger = (_a) => __awaiter(void 0, [_a], void 0, function* ({ config, triggerHandler, functionsList, services, app, triggerName, triggerType, functionName }) {
     const { database, collection: collectionName, operation_types = [], match = {}, project = {} } = config;
     const normalizedOperations = normalizeOperationTypes(operation_types);
-    const collection = app.mongo.client.db(database).collection(collectionName);
+    const collection = app.mongo[constants_1.CHANGESTREAM].client.db(database).collection(collectionName);
     const pipeline = [
         {
             $match: Object.assign({ operationType: { $in: normalizedOperations } }, match)

package/dist/index.d.ts

@@ -1,4 +1,5 @@
 import 'dotenv/config';
+import { type MongoDbEncryptionConfig } from './utils/initializer/mongodbCSFLE';
 export * from './model';
 export type ALLOWED_METHODS = "GET" | "POST" | "PUT" | "DELETE";
 export type CorsConfig = {
@@ -13,6 +14,7 @@ export type InitializeConfig = {
     host?: string;
     corsConfig?: CorsConfig;
     basePath?: string;
+    mongodbEncryptionConfig?: MongoDbEncryptionConfig;
 };
 /**
  * > Used to initialize fastify app
@@ -22,5 +24,5 @@ export type InitializeConfig = {
  * @param port -> the serve port number
  * @param mongodbUrl -> the database connection string
  */
-export declare function initialize({ projectId, host, jwtSecret, port, mongodbUrl, corsConfig, basePath }: InitializeConfig): Promise<void>;
+export declare function initialize({ projectId, host, jwtSecret, port, mongodbUrl, corsConfig, basePath, mongodbEncryptionConfig }: InitializeConfig): Promise<void>;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AActB,cAAc,SAAS,CAAA;AAGvB,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;AAE/D,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,eAAe,EAAE,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,EAC/B,SAAS,EACT,IAA0B,EAC1B,SAAqC,EACrC,IAA0B,EAC1B,UAAuC,EACvC,UAAwC,EACxC,QAAQ,EACT,EAAE,gBAAgB,iBAyHlB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AAetB,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kCAAkC,CAAA;AAC/E,cAAc,SAAS,CAAA;AAGvB,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;AAE/D,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,eAAe,EAAE,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,uBAAuB,CAAC,EAAE,uBAAuB,CAAA;CAClD,CAAA;AAED;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,EAC/B,SAAS,EACT,IAA0B,EAC1B,SAAqC,EACrC,IAA0B,EAC1B,UAAuC,EACvC,UAAwC,EACxC,QAAQ,EACR,uBAAuB,EACxB,EAAE,gBAAgB,iBA6HlB"}

package/dist/index.js

@@ -57,8 +57,9 @@ const utils_1 = require("./features/endpoints/utils");
 const functions_1 = require("./features/functions");
 const utils_2 = require("./features/functions/utils");
 const utils_3 = require("./features/rules/utils");
+const utils_4 = require("./features/encryption/utils");
 const triggers_1 = require("./features/triggers");
-const utils_4 = require("./features/triggers/utils");
+const utils_5 = require("./features/triggers/utils");
 const services_1 = require("./services");
 const state_1 = require("./state");
 const exposeRoutes_1 = require("./utils/initializer/exposeRoutes");
@@ -73,7 +74,7 @@ __exportStar(require("./model"), exports);
  * @param mongodbUrl -> the database connection string
  */
 function initialize(_a) {
-    return __awaiter(this, arguments, void 0, function* ({ projectId, host = constants_1.DEFAULT_CONFIG.HOST, jwtSecret = constants_1.DEFAULT_CONFIG.JWT_SECRET, port = constants_1.DEFAULT_CONFIG.PORT, mongodbUrl = constants_1.DEFAULT_CONFIG.MONGODB_URL, corsConfig = constants_1.DEFAULT_CONFIG.CORS_OPTIONS, basePath }) {
+    return __awaiter(this, arguments, void 0, function* ({ projectId, host = constants_1.DEFAULT_CONFIG.HOST, jwtSecret = constants_1.DEFAULT_CONFIG.JWT_SECRET, port = constants_1.DEFAULT_CONFIG.PORT, mongodbUrl = constants_1.DEFAULT_CONFIG.MONGODB_URL, corsConfig = constants_1.DEFAULT_CONFIG.CORS_OPTIONS, basePath, mongodbEncryptionConfig }) {
         var _b, _c;
         if (!jwtSecret || jwtSecret.trim().length === 0) {
             throw new Error('JWT secret missing: set JWT_SECRET or pass jwtSecret to initialize()');
@@ -93,12 +94,14 @@ function initialize(_a) {
         logInfo("CURRENT HOST", host);
         const functionsList = yield (0, utils_2.loadFunctions)(resolvedBasePath);
         logInfo("Functions LOADED");
-        const triggersList = yield (0, utils_4.loadTriggers)(resolvedBasePath);
+        const triggersList = yield (0, utils_5.loadTriggers)(resolvedBasePath);
         logInfo("Triggers LOADED");
         const endpointsList = yield (0, utils_1.loadEndpoints)(resolvedBasePath);
         logInfo("Endpoints LOADED");
         const rulesList = yield (0, utils_3.loadRules)(resolvedBasePath);
         logInfo("Rules LOADED");
+        const encryptionSchemas = yield (0, utils_4.loadEncryptionSchemas)(resolvedBasePath);
+        logInfo("Encryption schemas LOADED");
         const stateConfig = {
             functions: functionsList,
             triggers: triggersList,
@@ -168,7 +171,9 @@ function initialize(_a) {
             mongodbUrl,
             jwtSecret,
             functionsList,
-            corsConfig
+            corsConfig,
+            encryptionSchemas,
+            mongodbEncryptionConfig
         });
         logInfo('Plugins registration COMPLETED');
         yield (0, exposeRoutes_1.exposeRoutes)(fastify);

package/dist/monitoring/plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/monitoring/plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAA;AAE5E,OAAO,oBAAoB,CAAA;AA0B3B,QAAA,MAAM,sBAAsB,QACrB,eAAe,SACd;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,kBA4UH,CAAA;AAE1B,eAAe,sBAAsB,CAAA"}
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/monitoring/plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAA;AAE5E,OAAO,oBAAoB,CAAA;AA2B3B,QAAA,MAAM,sBAAsB,QACrB,eAAe,SACd;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,kBA4WH,CAAA;AAE1B,eAAe,sBAAsB,CAAA"}