@flowerforce/flowerbase 1.7.6-beta.0 → 1.7.6-beta.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.7.6-beta.0",
+  "version": "1.7.6-beta.2",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -14,7 +14,8 @@
   "scripts": {
     "test": "npx jest",
     "build": "rm -rf dist/ && tsc",
-    "start": "node dist/src/index.ts"
+    "start": "node dist/src/index.ts",
+    "tsc:noemit": "tsc --noEmit"
   },
   "keywords": [],
   "author": "",
@@ -30,6 +31,7 @@
     "@fastify/swagger-ui": "^5.2.3",
     "@fastify/websocket": "^11.2.0",
     "bson": "^6.8.0",
+    "codemirror": "^5.65.16",
     "dotenv": "^16.4.7",
     "fastify": "^5.0.0",
     "fastify-plugin": "^5.0.1",

package/src/auth/providers/custom-function/controller.ts

@@ -32,10 +32,7 @@ export async function customFunctionController(app: FastifyInstance) {
   app.post<LoginDto>(
     AUTH_ENDPOINTS.LOGIN,
     {
-      schema: LOGIN_SCHEMA,
-      errorHandler: (_error, _request, reply) => {
-        reply.code(500).send({ message: 'Internal Server Error' })
-      }
+      schema: LOGIN_SCHEMA
     },
     async function (req, reply) {
       const customFunctionProvider = AUTH_CONFIG.authProviders?.['custom-function']
@@ -82,6 +79,7 @@ export async function customFunctionController(app: FastifyInstance) {
         }
       }) as CustomFunctionAuthResult
 
+
       if (!authResult.id) {
         reply.code(401).send({ message: 'Unauthorized' })
         return
@@ -130,7 +128,6 @@ export async function customFunctionController(app: FastifyInstance) {
           ...(user || {})
         }
       }
-
       const refreshToken = this.createRefreshToken(currentUserData)
       const refreshTokenHash = hashToken(refreshToken)
       await authDb.collection(refreshTokensCollection).insertOne({
@@ -140,15 +137,12 @@ export async function customFunctionController(app: FastifyInstance) {
         expiresAt: new Date(Date.now() + refreshTokenTtlMs),
         revokedAt: null
       })
-      const accessToken = this.createAccessToken(currentUserData)
-
-      const responsePayload = {
-        access_token: accessToken,
+      return {
+        access_token: this.createAccessToken(currentUserData),
         refresh_token: refreshToken,
         device_id: '',
         user_id: authUser._id.toString()
       }
-      reply.code(200).send(responsePayload)
     }
   )
 

package/src/constants.ts

@@ -57,6 +57,10 @@ export const DEFAULT_CONFIG = {
   CORS_OPTIONS: {
     origin: "*",
     methods: ["GET", "POST", "PUT", "DELETE"] as ALLOWED_METHODS[]
+  },
+  MONGODB_ENCRYPTION_CONFIG: {
+    keyVaultDb: "encryption",
+    keyVaultCollection: "__keyVault"
   }
 }
 export const API_VERSION = `/api/client/${DEFAULT_CONFIG.API_VERSION}`
@@ -82,9 +86,14 @@ export const AUTH_CONFIG = {
   }
 }
 
-
-
 export const S3_CONFIG = {
   ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,
   SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY
 }
+
+/**
+ * Name of the MongoDB client to use for change streams.
+ * This may be a separate instance because streams do not work
+ * when the main client has auto encryption enabled.
+ */
+export const CHANGESTREAM = "changestream"

package/src/features/encryption/interface.ts

@@ -0,0 +1,46 @@
+import type { UUID } from "mongodb"
+
+export type EncryptionSchemaProperty =
+  | EncryptionSchema
+  | {
+    encrypt: {
+      algorithm: string
+      bsonType: string
+      keyAlias?: string
+    }
+  }
+
+export type EncryptionSchema = {
+  bsonType: "object"
+  properties: Record<string, EncryptionSchemaProperty>
+  encryptMetadata?: {
+    keyAlias: string
+  },
+}
+
+
+export type MappedEncryptionSchemaProperty =
+  | MappedEncryptionSchema
+  | {
+    encrypt: {
+      algorithm: string
+      bsonType: string
+      keyId?: [UUID]
+    }
+  }
+
+export type MappedEncryptionSchema = {
+  bsonType: "object"
+  properties: Record<string, MappedEncryptionSchemaProperty>
+  encryptMetadata?: {
+    keyId: [UUID]
+  },
+}
+
+export type EncryptionSchemaFile = {
+  database: string
+  collection: string
+  schema: EncryptionSchema
+}
+
+export type EncryptionSchemas = Record<string, EncryptionSchema>

package/src/features/encryption/utils.ts

@@ -0,0 +1,22 @@
+import path from "node:path"
+import { readJsonContent, recursivelyCollectFiles } from "../../utils"
+import { EncryptionSchemaFile, EncryptionSchemas } from "./interface"
+
+/**
+ * @experimental
+ * Schemas used for Client-Side Level Encryption configuration.
+ *
+ * **Important:** These schemas do not perform JSON validation.
+ */
+export const loadEncryptionSchemas = async (rootDir = process.cwd()): Promise<EncryptionSchemas> => {
+  const schemasRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
+
+  const files = recursivelyCollectFiles(schemasRoot)
+  const schemaFiles = files.filter((x) => x.endsWith('encryption.json'))
+
+  return schemaFiles.reduce((acc, filePath) => {
+    const { collection, database, schema } = readJsonContent(filePath) as EncryptionSchemaFile
+    acc[`${database}.${collection}`] = schema
+    return acc
+  }, {} as EncryptionSchemas)
+}

package/src/features/functions/__tests__/watch-filter.test.ts

@@ -1,5 +1,9 @@
 import { ObjectId } from 'mongodb'
-import { mapWatchFilterToChangeStreamMatch, mapWatchFilterToDocumentQuery } from '../controller'
+import {
+  mapWatchFilterToChangeStreamMatch,
+  mapWatchFilterToDocumentQuery,
+  shouldSkipReadabilityLookupForChange
+} from '../controller'
 
 describe('watch filter mapping', () => {
   it('keeps change-event fields untouched and prefixes only document fields', () => {
@@ -113,4 +117,10 @@ describe('watch filter mapping', () => {
     expect(documentQuery._id).toEqual(id)
     expect(documentQuery.operationType).toBeUndefined()
   })
+
+  it('skips readability lookup only for delete change events', () => {
+    expect(shouldSkipReadabilityLookupForChange({ operationType: 'delete' } as any)).toBe(true)
+    expect(shouldSkipReadabilityLookupForChange({ operationType: 'update' } as any)).toBe(false)
+    expect(shouldSkipReadabilityLookupForChange({ operationType: 'insert' } as any)).toBe(false)
+  })
 })

package/src/features/functions/controller.ts

@@ -315,6 +315,9 @@ const isReadableDocumentResult = (value: unknown) =>
   !Array.isArray(value) &&
   Object.keys(value as Record<string, unknown>).length > 0
 
+export const shouldSkipReadabilityLookupForChange = (change: Document) =>
+  change.operationType === 'delete'
+
 /**
  * > Creates a pre handler for every query
  * @param app -> the fastify instance
@@ -524,6 +527,11 @@ export const functionsController: FunctionController = async (
             (change as { fullDocument?: { _id?: unknown } })?.fullDocument?._id
           if (typeof docId === 'undefined') return
 
+          if (shouldSkipReadabilityLookupForChange(change)) {
+            subscriberRes.write(`data: ${serializeEjson(change)}\n\n`)
+            return
+          }
+
           const readQuery = subscriber.documentFilter
             ? ({ $and: [subscriber.documentFilter, { _id: docId }] } as Document)
             : ({ _id: docId } as Document)

package/src/features/rules/utils.ts

@@ -1,19 +1,9 @@
-import fs from 'fs'
 import path from 'node:path'
-import { readJsonContent } from '../../utils'
+import { readJsonContent, recursivelyCollectFiles } from '../../utils'
 import { Rules, RulesConfig } from './interface'
 
 export const loadRules = async (rootDir = process.cwd()): Promise<Rules> => {
   const rulesRoot = path.join(rootDir, 'data_sources', 'mongodb-atlas')
-  const recursivelyCollectFiles = (dir: string): string[] => {
-    return fs.readdirSync(dir, { withFileTypes: true }).flatMap((entry) => {
-      const fullPath = path.join(dir, entry.name)
-      if (entry.isDirectory()) {
-        return recursivelyCollectFiles(fullPath)
-      }
-      return entry.isFile() ? [fullPath] : []
-    })
-  }
   const files = recursivelyCollectFiles(rulesRoot)
   const rulesFiles = files.filter((x) => (x as string).endsWith('rules.json'))
 

package/src/features/triggers/index.ts

@@ -1,4 +1,4 @@
-import { AUTH_CONFIG, AUTH_DB_NAME } from '../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, CHANGESTREAM } from '../../constants'
 import { services } from '../../services'
 import { Function, Functions } from '../functions/interface'
 import { ActivateTriggersParams } from './dtos'
@@ -18,6 +18,10 @@ export const activateTriggers = async ({
 }: ActivateTriggersParams) => {
   console.log('START ACTIVATION TRIGGERS')
   try {
+    // Ensure the changestream MongoDB client exist, or use the main client
+    if (!fastify.mongo[CHANGESTREAM]) {
+      fastify.mongo[CHANGESTREAM] = fastify.mongo
+    }
     const triggersToActivate = [...triggersList]
     if (AUTH_CONFIG.on_user_creation_function_name) {
       const alreadyDeclared = triggersToActivate.some(

package/src/features/triggers/utils.ts

@@ -1,7 +1,7 @@
 import fs from 'fs'
 import path from 'node:path'
 import cron from 'node-cron'
-import { AUTH_CONFIG, AUTH_DB_NAME, DB_NAME } from '../../constants'
+import { AUTH_CONFIG, AUTH_DB_NAME, DB_NAME, CHANGESTREAM } from '../../constants'
 import { createEventId, sanitize } from '../../monitoring/utils'
 import { StateManager } from '../../state'
 import { readJsonContent } from '../../utils'
@@ -246,7 +246,7 @@ const handleAuthenticationTrigger = async ({
   const { database, isAutoTrigger, operation_types = [], operation_type } = config
   const providerFilter = normalizeProviders(config.providers ?? [])
   const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
-  const collection = app.mongo.client.db(database || AUTH_DB_NAME).collection(authCollection)
+  const collection = app.mongo[CHANGESTREAM].client.db(database || AUTH_DB_NAME).collection(authCollection)
   const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types
   const normalizedOps = normalizeOperationTypes(operationCandidates)
   const baseMeta = {
@@ -277,17 +277,6 @@ const handleAuthenticationTrigger = async ({
   changeStream.on('error', (error) => {
     if (shouldIgnoreStreamError(error)) return
     console.error('Authentication trigger change stream error', error)
-    emitTriggerEvent({
-      status: 'error',
-      triggerName,
-      triggerType,
-      functionName,
-      meta: {
-        ...baseMeta,
-        event: 'CHANGE_STREAM'
-      },
-      error
-    })
   })
   changeStream.on('change', async function (change) {
     const operationType = change['operationType' as keyof typeof change] as
@@ -376,6 +365,13 @@ const handleAuthenticationTrigger = async ({
         updateDescription
       }
       try {
+        emitTriggerEvent({
+          status: 'fired',
+          triggerName,
+          triggerType,
+          functionName,
+          meta: { ...baseMeta, event: 'LOGOUT' }
+        })
         await GenerateContext({
           args: [{ user: userData, ...op }],
           app,
@@ -387,13 +383,6 @@ const handleAuthenticationTrigger = async ({
           services,
           runAsSystem: true
         })
-        emitTriggerEvent({
-          status: 'fired',
-          triggerName,
-          triggerType,
-          functionName,
-          meta: { ...baseMeta, event: 'LOGOUT' }
-        })
       } catch (error) {
         emitTriggerEvent({
           status: 'error',
@@ -428,6 +417,13 @@ const handleAuthenticationTrigger = async ({
         updateDescription
       }
       try {
+        emitTriggerEvent({
+          status: 'fired',
+          triggerName,
+          triggerType,
+          functionName,
+          meta: { ...baseMeta, event: 'DELETE' }
+        })
         await GenerateContext({
           args: isAutoTrigger ? [userData] : [{ user: userData, ...op }],
           app,
@@ -439,13 +435,6 @@ const handleAuthenticationTrigger = async ({
           services,
           runAsSystem: true
         })
-        emitTriggerEvent({
-          status: 'fired',
-          triggerName,
-          triggerType,
-          functionName,
-          meta: { ...baseMeta, event: 'DELETE' }
-        })
       } catch (error) {
         emitTriggerEvent({
           status: 'error',
@@ -482,6 +471,13 @@ const handleAuthenticationTrigger = async ({
         updateDescription
       }
       try {
+        emitTriggerEvent({
+          status: 'fired',
+          triggerName,
+          triggerType,
+          functionName,
+          meta: { ...baseMeta, event: 'UPDATE' }
+        })
         await GenerateContext({
           args: isAutoTrigger ? [userData] : [{ user: userData, ...op }],
           app,
@@ -493,13 +489,6 @@ const handleAuthenticationTrigger = async ({
           services,
           runAsSystem: true
         })
-        emitTriggerEvent({
-          status: 'fired',
-          triggerName,
-          triggerType,
-          functionName,
-          meta: { ...baseMeta, event: 'UPDATE' }
-        })
       } catch (error) {
         emitTriggerEvent({
           status: 'error',
@@ -586,6 +575,13 @@ const handleAuthenticationTrigger = async ({
     }
 
     try {
+      emitTriggerEvent({
+        status: 'fired',
+        triggerName,
+        triggerType,
+        functionName,
+        meta: { ...baseMeta, event: 'CREATE' }
+      })
       await GenerateContext({
         args: isAutoTrigger ? [userData] : [{ user: userData, ...op }],
         app,
@@ -597,13 +593,6 @@ const handleAuthenticationTrigger = async ({
         services,
         runAsSystem: true
       })
-      emitTriggerEvent({
-        status: 'fired',
-        triggerName,
-        triggerType,
-        functionName,
-        meta: { ...baseMeta, event: 'CREATE' }
-      })
     } catch (error) {
       emitTriggerEvent({
         status: 'error',
@@ -663,7 +652,7 @@ const handleDataBaseTrigger = async ({
 
   const normalizedOperations = normalizeOperationTypes(operation_types)
 
-  const collection = app.mongo.client.db(database).collection(collectionName)
+  const collection = app.mongo[CHANGESTREAM].client.db(database).collection(collectionName)
   const pipeline = [
     {
       $match: {

package/src/index.ts

@@ -6,12 +6,14 @@ import { loadEndpoints } from './features/endpoints/utils'
 import { registerFunctions } from './features/functions'
 import { loadFunctions } from './features/functions/utils'
 import { loadRules } from './features/rules/utils'
+import { loadEncryptionSchemas } from './features/encryption/utils'
 import { activateTriggers } from './features/triggers'
 import { loadTriggers } from './features/triggers/utils'
 import { services } from './services'
 import { StateManager } from './state'
 import { exposeRoutes } from './utils/initializer/exposeRoutes'
 import { registerPlugins } from './utils/initializer/registerPlugins'
+import { type MongoDbEncryptionConfig } from './utils/initializer/mongodbCSFLE'
 export * from './model'
 
 
@@ -30,6 +32,7 @@ export type InitializeConfig = {
   host?: string
   corsConfig?: CorsConfig
   basePath?: string
+  mongodbEncryptionConfig?: MongoDbEncryptionConfig
 }
 
 /**
@@ -47,7 +50,8 @@ export async function initialize({
   port = DEFAULT_CONFIG.PORT,
   mongodbUrl = DEFAULT_CONFIG.MONGODB_URL,
   corsConfig = DEFAULT_CONFIG.CORS_OPTIONS,
-  basePath
+  basePath,
+  mongodbEncryptionConfig
 }: InitializeConfig) {
   if (!jwtSecret || jwtSecret.trim().length === 0) {
     throw new Error('JWT secret missing: set JWT_SECRET or pass jwtSecret to initialize()')
@@ -77,6 +81,8 @@ export async function initialize({
   logInfo("Endpoints LOADED")
   const rulesList = await loadRules(resolvedBasePath)
   logInfo("Rules LOADED")
+  const encryptionSchemas = await loadEncryptionSchemas(resolvedBasePath)
+  logInfo("Encryption schemas LOADED")
 
   const stateConfig = {
     functions: functionsList,
@@ -152,7 +158,9 @@ export async function initialize({
     mongodbUrl,
     jwtSecret,
     functionsList,
-    corsConfig
+    corsConfig,
+    encryptionSchemas,
+    mongodbEncryptionConfig
   })
 
   logInfo('Plugins registration COMPLETED')

package/src/monitoring/plugin.ts

@@ -2,6 +2,7 @@ import fastifyWebsocket from '@fastify/websocket'
 import type { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify'
 import fp from 'fastify-plugin'
 import '@fastify/websocket'
+import fs from 'fs'
 import { DEFAULT_CONFIG } from '../constants'
 import { StateManager } from '../state'
 import { registerCollectionRoutes } from './routes/collections'
@@ -316,6 +317,38 @@ const createMonitoringPlugin = fp(async (
     })
   })
 
+  const resolveCodeMirrorAsset = (internalPath: string) => {
+    try {
+      return require.resolve(`codemirror/${internalPath}`)
+    } catch {
+      return ''
+    }
+  }
+
+  const codemirrorAssets: Record<string, string> = {
+    'codemirror.js': resolveCodeMirrorAsset('lib/codemirror.js'),
+    'codemirror.css': resolveCodeMirrorAsset('lib/codemirror.css'),
+    'javascript.js': resolveCodeMirrorAsset('mode/javascript/javascript.js'),
+    'foldcode.js': resolveCodeMirrorAsset('addon/fold/foldcode.js'),
+    'foldgutter.js': resolveCodeMirrorAsset('addon/fold/foldgutter.js'),
+    'brace-fold.js': resolveCodeMirrorAsset('addon/fold/brace-fold.js'),
+    'comment-fold.js': resolveCodeMirrorAsset('addon/fold/comment-fold.js'),
+    'foldgutter.css': resolveCodeMirrorAsset('addon/fold/foldgutter.css')
+  }
+
+  Object.entries(codemirrorAssets).forEach(([assetName, relativePath]) => {
+    app.get(`${prefix}/vendor/codemirror/${assetName}`, async (_req, reply) => {
+      const assetPath = relativePath || ''
+      if (!assetPath || !fs.existsSync(assetPath)) {
+        reply.code(404).send(`${assetName} not found`)
+        return
+      }
+      const asset = fs.readFileSync(assetPath, 'utf8')
+      reply.header('Cache-Control', 'no-store')
+      reply.type(assetName.endsWith('.css') ? 'text/css' : 'application/javascript').send(asset)
+    })
+  })
+
   app.get(`${prefix}/ws`, { websocket: true }, (connection) => {
     const socket =
       (connection as {

package/src/monitoring/ui.collections.js

@@ -91,7 +91,7 @@
     collectionTabButtons,
     collectionTabPanels
   } = dom;
-  const { api, parseJsonObject, highlightJson, safeStringify } = utils;
+  const { api, parseJsonObject, highlightJson, renderJsonViewer, clearJsonViewer, safeStringify } = utils;
 
   const TABLE_TRUNCATE_LIMIT = 200;
 
@@ -337,22 +337,21 @@
     const highlight = state.collectionResultHighlight;
     if (payload === null || payload === undefined) {
       collectionResult.classList.remove('table-view', 'json-highlight');
-      collectionResult.textContent = '';
+      clearJsonViewer(collectionResult, '');
       return;
     }
     if (state.collectionResultView === 'table') {
+      clearJsonViewer(collectionResult, '');
       renderCollectionTable(payload);
       return;
     }
     collectionResult.classList.remove('table-view');
     if (highlight) {
       const text = typeof payload === 'string' ? payload : JSON.stringify(payload, null, 2);
-      collectionResult.classList.add('json-highlight');
-      collectionResult.innerHTML = highlightJson(text || '');
+      renderJsonViewer(collectionResult, text || '', { collapsible: true });
       return;
     }
-    collectionResult.classList.remove('json-highlight');
-    collectionResult.textContent = typeof payload === 'string' ? payload : String(payload ?? '');
+    clearJsonViewer(collectionResult, typeof payload === 'string' ? payload : String(payload ?? ''));
   };
 
   const setCollectionResult = (value, highlight) => {
@@ -365,12 +364,10 @@
     if (!collectionRules) return;
     if (highlight) {
       const text = typeof value === 'string' ? value : JSON.stringify(value, null, 2);
-      collectionRules.classList.add('json-highlight');
-      collectionRules.innerHTML = highlightJson(text || '');
+      renderJsonViewer(collectionRules, text || '', { collapsible: true });
       return;
     }
-    collectionRules.classList.remove('json-highlight');
-    collectionRules.textContent = typeof value === 'string' ? value : String(value ?? '');
+    clearJsonViewer(collectionRules, typeof value === 'string' ? value : String(value ?? ''));
   };
 
   const updateCollectionModeView = () => {