@friggframework/core 2.0.0--canary.397.fe6d7a2.0 → 2.0.0--canary.405.45825cd.0

package/handlers/routers/health.js

@@ -0,0 +1,451 @@
+const { Router } = require('express');
+const mongoose = require('mongoose');
+const https = require('https');
+const http = require('http');
+const { moduleFactory, integrationFactory } = require('./../backend-utils');
+const { createAppHandler } = require('./../app-handler-helpers');
+
+const router = Router();
+
+const validateApiKey = (req, res, next) => {
+    const apiKey = req.headers['x-api-key'];
+    
+    if (req.path === '/health') {
+        return next();
+    }
+    
+    if (!apiKey || apiKey !== process.env.HEALTH_API_KEY) {
+        return res.status(401).json({
+            status: 'error',
+            message: 'Unauthorized'
+        });
+    }
+    
+    next();
+};
+
+router.use(validateApiKey);
+
+const checkExternalAPI = (url, timeout = 5000) => {
+    return new Promise((resolve) => {
+        const protocol = url.startsWith('https:') ? https : http;
+        const startTime = Date.now();
+        
+        try {
+            const request = protocol.get(url, { timeout }, (res) => {
+                const responseTime = Date.now() - startTime;
+                resolve({
+                    status: 'healthy',
+                    statusCode: res.statusCode,
+                    responseTime,
+                    reachable: res.statusCode < 500
+                });
+            });
+
+            request.on('error', (error) => {
+                resolve({
+                    status: 'unhealthy',
+                    error: error.message,
+                    responseTime: Date.now() - startTime,
+                    reachable: false
+                });
+            });
+
+            request.on('timeout', () => {
+                request.destroy();
+                resolve({
+                    status: 'timeout',
+                    error: 'Request timeout',
+                    responseTime: timeout,
+                    reachable: false
+                });
+            });
+        } catch (error) {
+            resolve({
+                status: 'error',
+                error: error.message,
+                responseTime: Date.now() - startTime,
+                reachable: false
+            });
+        }
+    });
+};
+
+const getDatabaseState = () => {
+    const stateMap = {
+        0: 'disconnected',
+        1: 'connected',
+        2: 'connecting',
+        3: 'disconnecting'
+    };
+    const readyState = mongoose.connection.readyState;
+    
+    return {
+        readyState,
+        stateName: stateMap[readyState],
+        isConnected: readyState === 1
+    };
+};
+
+const checkDatabaseHealth = async () => {
+    const { stateName, isConnected } = getDatabaseState();
+    const result = {
+        status: isConnected ? 'healthy' : 'unhealthy',
+        state: stateName
+    };
+
+    if (isConnected) {
+        const pingStart = Date.now();
+        await mongoose.connection.db.admin().ping({ maxTimeMS: 2000 });
+        result.responseTime = Date.now() - pingStart;
+    }
+
+    return result;
+};
+
+const getEncryptionConfiguration = () => {
+    const { STAGE, BYPASS_ENCRYPTION_STAGE, KMS_KEY_ARN, AES_KEY_ID } = process.env;
+    
+    const defaultBypassStages = ['dev', 'test', 'local'];
+    const useEnv = BYPASS_ENCRYPTION_STAGE !== undefined;
+    const bypassStages = useEnv
+        ? BYPASS_ENCRYPTION_STAGE.split(',').map((s) => s.trim())
+        : defaultBypassStages;
+    
+    const isBypassed = bypassStages.includes(STAGE);
+    const hasAES = AES_KEY_ID && AES_KEY_ID.trim() !== '';
+    const hasKMS = KMS_KEY_ARN && KMS_KEY_ARN.trim() !== '' && !hasAES;
+    const mode = hasAES ? 'aes' : hasKMS ? 'kms' : 'none';
+    
+    return {
+        stage: STAGE || null,
+        isBypassed,
+        hasAES,
+        hasKMS,
+        mode,
+    };
+};
+
+const createTestEncryptionModel = () => {
+    const { Encrypt } = require('./../../encrypt');
+    
+    const testSchema = new mongoose.Schema({
+        testSecret: { type: String, lhEncrypt: true },
+        normalField: { type: String },
+        nestedSecret: {
+            value: { type: String, lhEncrypt: true }
+        }
+    }, { timestamps: false });
+
+    testSchema.plugin(Encrypt);
+    
+    return mongoose.models.TestEncryption || 
+        mongoose.model('TestEncryption', testSchema);
+};
+
+const createTestDocument = async (TestModel) => {
+    const testData = {
+        testSecret: 'This is a secret value that should be encrypted',
+        normalField: 'This is a normal field that should not be encrypted',
+        nestedSecret: {
+            value: 'This is a nested secret that should be encrypted'
+        }
+    };
+
+    const testDoc = new TestModel(testData);
+    await testDoc.save();
+    
+    return { testDoc, testData };
+};
+
+const verifyDecryption = (retrievedDoc, originalData) => {
+    return retrievedDoc && 
+        retrievedDoc.testSecret === originalData.testSecret &&
+        retrievedDoc.normalField === originalData.normalField &&
+        retrievedDoc.nestedSecret?.value === originalData.nestedSecret.value;
+};
+
+const verifyEncryptionInDatabase = async (testDoc, originalData, TestModel) => {
+    const collectionName = TestModel.collection.name;
+    const rawDoc = await mongoose.connection.db
+        .collection(collectionName)
+        .findOne({ _id: testDoc._id });
+
+    const secretIsEncrypted = rawDoc && 
+        typeof rawDoc.testSecret === 'string' && 
+        rawDoc.testSecret.includes(':') && 
+        rawDoc.testSecret !== originalData.testSecret;
+    
+    const nestedIsEncrypted = rawDoc?.nestedSecret?.value && 
+        typeof rawDoc.nestedSecret.value === 'string' &&
+        rawDoc.nestedSecret.value.includes(':') && 
+        rawDoc.nestedSecret.value !== originalData.nestedSecret.value;
+    
+    const normalNotEncrypted = rawDoc && 
+        rawDoc.normalField === originalData.normalField;
+
+    return {
+        secretIsEncrypted,
+        nestedIsEncrypted,
+        normalNotEncrypted
+    };
+};
+
+const evaluateEncryptionTestResults = (decryptionWorks, encryptionResults) => {
+    const { secretIsEncrypted, nestedIsEncrypted, normalNotEncrypted } = encryptionResults;
+    
+    if (decryptionWorks && secretIsEncrypted && nestedIsEncrypted && normalNotEncrypted) {
+        return {
+            status: 'enabled',
+            testResult: 'Encryption and decryption verified successfully'
+        };
+    }
+    
+    if (decryptionWorks && (!secretIsEncrypted || !nestedIsEncrypted)) {
+        return {
+            status: 'unhealthy',
+            testResult: 'Fields are not being encrypted in database'
+        };
+    }
+    
+    if (decryptionWorks && !normalNotEncrypted) {
+        return {
+            status: 'unhealthy',
+            testResult: 'Normal fields are being incorrectly encrypted'
+        };
+    }
+    
+    return {
+        status: 'unhealthy',
+        testResult: 'Decryption failed or data mismatch'
+    };
+};
+
+const testEncryption = async () => {
+    const TestModel = createTestEncryptionModel();
+    const { testDoc, testData } = await createTestDocument(TestModel);
+    
+    try {
+        const retrievedDoc = await TestModel.findById(testDoc._id);
+        const decryptionWorks = verifyDecryption(retrievedDoc, testData);
+        const encryptionResults = await verifyEncryptionInDatabase(testDoc, testData, TestModel);
+        
+        const evaluation = evaluateEncryptionTestResults(decryptionWorks, encryptionResults);
+        
+        return {
+            ...evaluation,
+            encryptionWorks: decryptionWorks
+        };
+    } finally {
+        await TestModel.deleteOne({ _id: testDoc._id });
+    }
+};
+
+const checkEncryptionHealth = async () => {
+    const config = getEncryptionConfiguration();
+    
+    if (config.isBypassed || config.mode === 'none') {
+        const testResult = config.isBypassed 
+            ? 'Encryption bypassed for this stage' 
+            : 'No encryption keys configured';
+        
+        return {
+            status: 'disabled',
+            mode: config.mode,
+            bypassed: config.isBypassed,
+            stage: config.stage,
+            testResult,
+            encryptionWorks: false,
+            debug: {
+                hasKMS: config.hasKMS,
+                hasAES: config.hasAES
+            }
+        };
+    }
+
+    try {
+        const testResults = await testEncryption();
+        
+        return {
+            ...testResults,
+            mode: config.mode,
+            bypassed: config.isBypassed,
+            stage: config.stage,
+            debug: {
+                hasKMS: config.hasKMS,
+                hasAES: config.hasAES
+            }
+        };
+    } catch (error) {
+        return {
+            status: 'unhealthy',
+            mode: config.mode,
+            bypassed: config.isBypassed,
+            stage: config.stage,
+            testResult: `Encryption test failed: ${error.message}`,
+            encryptionWorks: false,
+            debug: {
+                hasKMS: config.hasKMS,
+                hasAES: config.hasAES
+            }
+        };
+    }
+};
+
+const checkExternalAPIs = async () => {
+    const apis = [
+        { name: 'github', url: 'https://api.github.com/status' },
+        { name: 'npm', url: 'https://registry.npmjs.org' }
+    ];
+
+    const results = await Promise.all(
+        apis.map(api => 
+            checkExternalAPI(api.url).then(result => ({ name: api.name, ...result }))
+        )
+    );
+    
+    const apiStatuses = {};
+    let allReachable = true;
+    
+    results.forEach(({ name, ...checkResult }) => {
+        apiStatuses[name] = checkResult;
+        if (!checkResult.reachable) {
+            allReachable = false;
+        }
+    });
+    
+    return { apiStatuses, allReachable };
+};
+
+const checkIntegrations = () => {
+    const moduleTypes = Array.isArray(moduleFactory.moduleTypes)
+        ? moduleFactory.moduleTypes
+        : [];
+    
+    const integrationTypes = Array.isArray(integrationFactory.integrationTypes)
+        ? integrationFactory.integrationTypes
+        : [];
+
+    return {
+        status: 'healthy',
+        modules: {
+            count: moduleTypes.length,
+            available: moduleTypes,
+        },
+        integrations: {
+            count: integrationTypes.length,
+            available: integrationTypes,
+        },
+    };
+};
+
+const buildHealthCheckResponse = (startTime) => {
+    return {
+        service: 'frigg-core-api',
+        status: 'healthy',
+        timestamp: new Date().toISOString(),
+        checks: {},
+        calculateResponseTime: () => Date.now() - startTime
+    };
+};
+
+router.get('/health', async (_req, res) => {
+    const status = {
+        status: 'ok',
+        timestamp: new Date().toISOString(),
+        service: 'frigg-core-api'
+    };
+
+    res.status(200).json(status);
+});
+
+router.get('/health/detailed', async (_req, res) => {
+    const startTime = Date.now();
+    const response = buildHealthCheckResponse(startTime);
+
+    try {
+        response.checks.database = await checkDatabaseHealth();
+        const dbState = getDatabaseState();
+        if (!dbState.isConnected) {
+            response.status = 'unhealthy';
+        }
+    } catch (error) {
+        response.checks.database = {
+            status: 'unhealthy',
+            error: error.message
+        };
+        response.status = 'unhealthy';
+    }
+
+    try {
+        response.checks.encryption = await checkEncryptionHealth();
+        if (response.checks.encryption.status === 'unhealthy') {
+            response.status = 'unhealthy';
+        }
+    } catch (error) {
+        response.checks.encryption = {
+            status: 'unhealthy',
+            error: error.message
+        };
+        response.status = 'unhealthy';
+    }
+
+    const { apiStatuses, allReachable } = await checkExternalAPIs();
+    response.checks.externalApis = apiStatuses;
+    if (!allReachable) {
+        response.status = 'unhealthy';
+    }
+
+    try {
+        response.checks.integrations = checkIntegrations();
+    } catch (error) {
+        response.checks.integrations = {
+            status: 'unhealthy',
+            error: error.message
+        };
+        response.status = 'unhealthy';
+    }
+
+    response.responseTime = response.calculateResponseTime();
+    delete response.calculateResponseTime;
+
+    const statusCode = response.status === 'healthy' ? 200 : 503;
+    res.status(statusCode).json(response);
+});
+
+router.get('/health/live', (_req, res) => {
+    res.status(200).json({
+        status: 'alive',
+        timestamp: new Date().toISOString()
+    });
+});
+
+router.get('/health/ready', async (_req, res) => {
+    const dbState = getDatabaseState();
+    const isDbReady = dbState.isConnected;
+    
+    let areModulesReady = false;
+    try {
+        const moduleTypes = Array.isArray(moduleFactory.moduleTypes)
+            ? moduleFactory.moduleTypes
+            : [];
+        areModulesReady = moduleTypes.length > 0;
+    } catch (error) {
+        areModulesReady = false;
+    }
+
+    const isReady = isDbReady && areModulesReady;
+
+    res.status(isReady ? 200 : 503).json({
+        ready: isReady,
+        timestamp: new Date().toISOString(),
+        checks: {
+            database: isDbReady,
+            modules: areModulesReady
+        }
+    });
+});
+
+const handler = createAppHandler('HTTP Event: Health', router);
+
+module.exports = { handler, router };

package/handlers/routers/health.test.js

@@ -0,0 +1,203 @@
+process.env.HEALTH_API_KEY = 'test-api-key';
+
+jest.mock('mongoose', () => ({
+    set: jest.fn(),
+    connection: {
+        readyState: 1,
+        db: {
+            admin: () => ({
+                ping: jest.fn().mockResolvedValue(true)
+            })
+        }
+    }
+}));
+
+jest.mock('./../backend-utils', () => ({
+    moduleFactory: {
+        moduleTypes: ['test-module', 'another-module']
+    },
+    integrationFactory: {
+        integrationTypes: ['test-integration', 'another-integration']
+    }
+}));
+
+jest.mock('./../app-handler-helpers', () => ({
+    createAppHandler: jest.fn((name, router) => ({ name, router }))
+}));
+
+const { router } = require('./health');
+const mongoose = require('mongoose');
+
+const mockRequest = (path, headers = {}) => ({
+    path,
+    headers
+});
+
+const mockResponse = () => {
+    const res = {};
+    res.status = jest.fn().mockReturnValue(res);
+    res.json = jest.fn().mockReturnValue(res);
+    return res;
+};
+
+describe('Health Check Endpoints', () => {
+    beforeEach(() => {
+        mongoose.connection.readyState = 1;
+    });
+
+    describe('Middleware - validateApiKey', () => {
+        it('should allow access to /health without authentication', async () => {
+            expect(true).toBe(true);
+        });
+    });
+
+    describe('GET /health', () => {
+        it('should return basic health status', async () => {
+            const req = mockRequest('/health');
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith({
+                status: 'ok',
+                timestamp: expect.any(String),
+                service: 'frigg-core-api'
+            });
+        });
+    });
+
+    describe('GET /health/detailed', () => {
+        it('should return detailed health status when healthy', async () => {
+            const req = mockRequest('/health/detailed', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const originalPromiseAll = Promise.all;
+            Promise.all = jest.fn().mockResolvedValue([
+                { name: 'github', status: 'healthy', reachable: true, statusCode: 200, responseTime: 100 },
+                { name: 'npm', status: 'healthy', reachable: true, statusCode: 200, responseTime: 150 }
+            ]);
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/detailed'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+            
+            Promise.all = originalPromiseAll;
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({
+                status: 'healthy',
+                service: 'frigg-core-api',
+                timestamp: expect.any(String),
+                checks: expect.objectContaining({
+                    database: expect.objectContaining({
+                        status: 'healthy',
+                        state: 'connected'
+                    }),
+                    integrations: expect.objectContaining({
+                        status: 'healthy'
+                    })
+                }),
+                responseTime: expect.any(Number)
+            }));
+
+            const response = res.json.mock.calls[0][0];
+            expect(response).not.toHaveProperty('version');
+            expect(response).not.toHaveProperty('uptime');
+            expect(response.checks).not.toHaveProperty('memory');
+            expect(response.checks.database).not.toHaveProperty('type');
+        });
+
+        it('should return 503 when database is disconnected', async () => {
+            mongoose.connection.readyState = 0;
+
+            const req = mockRequest('/health/detailed', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const originalPromiseAll = Promise.all;
+            Promise.all = jest.fn().mockResolvedValue([
+                { name: 'github', status: 'healthy', reachable: true, statusCode: 200, responseTime: 100 },
+                { name: 'npm', status: 'healthy', reachable: true, statusCode: 200, responseTime: 150 }
+            ]);
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/detailed'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+            
+            Promise.all = originalPromiseAll;
+
+            expect(res.status).toHaveBeenCalledWith(503);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({
+                status: 'unhealthy'
+            }));
+        });
+    });
+
+    describe('GET /health/live', () => {
+        it('should return alive status', async () => {
+            const req = mockRequest('/health/live', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/live'
+            ).route.stack[0].handle;
+
+            routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith({
+                status: 'alive',
+                timestamp: expect.any(String)
+            });
+        });
+    });
+
+    describe('GET /health/ready', () => {
+        it('should return ready when all checks pass', async () => {
+            const req = mockRequest('/health/ready', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/ready'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(200);
+            expect(res.json).toHaveBeenCalledWith({
+                ready: true,
+                timestamp: expect.any(String),
+                checks: {
+                    database: true,
+                    modules: true
+                }
+            });
+        });
+
+        it('should return 503 when database is not connected', async () => {
+            mongoose.connection.readyState = 0;
+
+            const req = mockRequest('/health/ready', { 'x-api-key': 'test-api-key' });
+            const res = mockResponse();
+
+            const routeHandler = router.stack.find(layer => 
+                layer.route && layer.route.path === '/health/ready'
+            ).route.stack[0].handle;
+
+            await routeHandler(req, res);
+
+            expect(res.status).toHaveBeenCalledWith(503);
+            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({
+                ready: false
+            }));
+        });
+    });
+});

package/handlers/routers/integration-defined-routers.js

@@ -1,18 +1,15 @@
 const { createAppHandler } = require('./../app-handler-helpers');
 const {
-    loadAppDefinition,
-} = require('../app-definition-loader');
+    integrationFactory,
+    loadRouterFromObject,
+} = require('./../backend-utils');
 const { Router } = require('express');
-const { loadRouterFromObject } = require('../backend-utils');
 
 const handlers = {};
-const { integrations: integrationClasses } = loadAppDefinition();
-
-//todo: this should be in a use case class
-for (const IntegrationClass of integrationClasses) {
+for (const IntegrationClass of integrationFactory.integrationClasses) {
     const router = Router();
     const basePath = `/api/${IntegrationClass.Definition.name}-integration`;
-
+    
     console.log(`\n│ Configuring routes for ${IntegrationClass.Definition.name} Integration:`);
 
     for (const routeDef of IntegrationClass.Definition.routes) {

package/handlers/routers/middleware/loadUser.js

@@ -0,0 +1,15 @@
+const catchAsyncError = require('express-async-handler');
+const { User } = require('../../backend-utils');
+
+module.exports = catchAsyncError(async (req, res, next) => {
+    const authorizationHeader = req.headers.authorization;
+
+    if (authorizationHeader) {
+        // Removes "Bearer " and trims
+        const token = authorizationHeader.split(' ')[1].trim();
+        // Load user for later middleware/routes to use
+        req.user = await User.newUser({ token });
+    }
+
+    return next();
+});

package/handlers/routers/middleware/requireLoggedInUser.js

@@ -0,0 +1,12 @@
+const Boom = require('@hapi/boom');
+
+// CheckLoggedIn Middleware
+const requireLoggedInUser = (req, res, next) => {
+    if (!req.user || !req.user.isLoggedIn()) {
+        throw Boom.unauthorized('Invalid Token');
+    }
+
+    next();
+};
+
+module.exports = { requireLoggedInUser };