@friggframework/core 2.0.0--canary.397.fe6d7a2.0 → 2.0.0--canary.405.91dae19.0

package/core/create-handler.js

@@ -34,7 +34,6 @@ const createHandler = (optionByName = {}) => {
             // Helps mongoose reuse the connection.  Lowers response times.
             context.callbackWaitsForEmptyEventLoop = false;
 
-            // todo: this should not be necessary anymore
             if (shouldUseDatabase) {
                 await connectToDatabase();
             }

package/encrypt/encrypt.js

@@ -17,7 +17,6 @@ const findOneEvents = [
 const shouldBypassEncryption = (STAGE) => {
     const defaultBypassStages = ['dev', 'test', 'local'];
     const bypassStageEnv = process.env.BYPASS_ENCRYPTION_STAGE;
-    // If the env is set to anything or an empty string, use the env. Otherwise, use the default array
     const useEnv = !String(bypassStageEnv) || !!bypassStageEnv;
     const bypassStages = useEnv
         ? bypassStageEnv.split(',').map((stage) => stage.trim())
@@ -25,19 +24,15 @@ const shouldBypassEncryption = (STAGE) => {
     return bypassStages.includes(STAGE);
 };
 
-// The Mongoose plug-in function
-function Encrypt(schema, options) {
+function Encrypt(schema) {
     const { STAGE, KMS_KEY_ARN, AES_KEY_ID } = process.env;
 
     if (shouldBypassEncryption(STAGE)) {
         return;
     }
 
-    if (KMS_KEY_ARN && AES_KEY_ID) {
-        throw new Error(
-            'Local and AWS encryption keys are both set in the environment.'
-        );
-    }
+    const hasAES = AES_KEY_ID && AES_KEY_ID.trim() !== '';
+    const hasKMS = KMS_KEY_ARN && KMS_KEY_ARN.trim() !== '' && !hasAES;
 
     const fields = Object.values(schema.paths)
         .map(({ path, options }) => (options.lhEncrypt === true ? path : ''))
@@ -48,25 +43,17 @@ function Encrypt(schema, options) {
     }
 
     const cryptor = new Cryptor({
-        // Use AWS if the CMK is present
-        shouldUseAws: !!KMS_KEY_ARN,
-        // Find all the fields in the schema with lhEncrypt === true
+        shouldUseAws: hasKMS,
         fields: fields,
     });
 
-    // ---------------------------------------------
-    // ### Encrypt fields before save/update/insert.
-    // ---------------------------------------------
-
     schema.pre('save', async function encryptionPreSave() {
-        // `this` will be a doc
         await cryptor.encryptFieldsInDocuments([this]);
     });
 
     schema.pre(
         'insertMany',
         async function encryptionPreInsertMany(_, docs, options) {
-            // `this` will be the model
             if (options?.rawResult) {
                 throw new Error(
                     'Raw result not supported for insertMany with Encrypt plugin'
@@ -78,17 +65,14 @@ function Encrypt(schema, options) {
     );
 
     schema.pre(updateOneEvents, async function encryptionPreUpdateOne() {
-        // `this` will be a query
         await cryptor.encryptFieldsInQuery(this);
     });
 
     schema.pre('updateMany', async function encryptionPreUpdateMany() {
-        // `this` will be a query
         cryptor.expectNotToUpdateManyEncrypted(this.getUpdate());
     });
 
     schema.pre('update', async function encryptionPreUpdate() {
-        // `this` will be a query
         const { multiple } = this.getOptions();
 
         if (multiple) {
@@ -99,16 +83,11 @@ function Encrypt(schema, options) {
         await cryptor.encryptFieldsInQuery(this);
     });
 
-    // --------------------------------------------
-    // ### Decrypt documents after they are loaded.
-    // --------------------------------------------
     schema.post('save', async function encryptionPreSave() {
-        // `this` will be a doc
         await cryptor.decryptFieldsInDocuments([this]);
     });
 
     schema.post(findOneEvents, async function encryptionPostFindOne(doc) {
-        // `this` will be a query
         const { rawResult } = this.getOptions();
 
         if (rawResult) {
@@ -119,12 +98,10 @@ function Encrypt(schema, options) {
     });
 
     schema.post('find', async function encryptionPostFind(docs) {
-        // `this` will be a query
         await cryptor.decryptFieldsInDocuments(docs);
     });
 
     schema.post('insertMany', async function encryptionPostInsertMany(docs) {
-        // `this` will be the model
         await cryptor.decryptFieldsInDocuments(docs);
     });
 }

package/handlers/app-handler-helpers.js

@@ -3,6 +3,7 @@ const express = require('express');
 const bodyParser = require('body-parser');
 const cors = require('cors');
 const Boom = require('@hapi/boom');
+const loadUserManager = require('./routers/middleware/loadUser');
 const serverlessHttp = require('serverless-http');
 
 const createApp = (applyMiddleware) => {
@@ -19,6 +20,8 @@ const createApp = (applyMiddleware) => {
         })
     );
 
+    app.use(loadUserManager);
+
     if (applyMiddleware) applyMiddleware(app);
 
     // Handle sending error response and logging server errors to console

package/handlers/backend-utils.js

@@ -1,35 +1,36 @@
+const { createFriggBackend, Worker } = require('@friggframework/core');
+const { findNearestBackendPackageJson } = require('@friggframework/core/utils');
+const path = require('node:path');
+const fs = require('fs-extra');
+
+const backendPath = findNearestBackendPackageJson();
+if (!backendPath) {
+    throw new Error('Could not find backend package.json');
+}
+
+const backendDir = path.dirname(backendPath);
+const backendFilePath = path.join(backendDir, 'index.js');
+if (!fs.existsSync(backendFilePath)) {
+    throw new Error('Could not find index.js');
+}
+
+const backendJsFile = require(backendFilePath);
 const { Router } = require('express');
-const { Worker } = require('@friggframework/core');
-const { IntegrationRepository } = require('../integrations/integration-repository');
-const { ModuleFactory } = require('../modules/module-factory');
-const { getModulesDefinitionFromIntegrationClasses } = require('../integrations/utils/map-integration-dto');
-const { ModuleRepository } = require('../modules/module-repository');
-const { GetIntegrationInstanceByDefinition } = require('../integrations/use-cases/get-integration-instance-by-definition');
+const appDefinition = backendJsFile.Definition;
 
+const backend = createFriggBackend(appDefinition);
 const loadRouterFromObject = (IntegrationClass, routerObject) => {
-
-    const integrationRepository = new IntegrationRepository();
-    const moduleRepository = new ModuleRepository();
-    const moduleFactory = new ModuleFactory({
-        moduleRepository,
-        moduleDefinitions: getModulesDefinitionFromIntegrationClasses([IntegrationClass]),
-    });
     const router = Router();
     const { path, method, event } = routerObject;
-
     console.log(
         `Registering ${method} ${path} for ${IntegrationClass.Definition.name}`
     );
-
     router[method.toLowerCase()](path, async (req, res, next) => {
         try {
-            const getIntegrationInstanceByDefinition = new GetIntegrationInstanceByDefinition({
-                integrationRepository,
-                moduleFactory,
-                moduleRepository,
-            });
-            const integration = await getIntegrationInstanceByDefinition.execute(IntegrationClass);
-            const result = await integration.send(event, { req, res, next });
+            const integration = new IntegrationClass({});
+            await integration.loadModules();
+            await integration.registerEventHandlers();
+            const result = await integration.send(event, {req, res, next});
             res.json(result);
         } catch (error) {
             next(error);
@@ -38,29 +39,29 @@ const loadRouterFromObject = (IntegrationClass, routerObject) => {
 
     return router;
 };
-
-//todo: this should be in a use case class
-const createQueueWorker = (integrationClass) => {
+const createQueueWorker = (integrationClass, integrationFactory) => {
     class QueueWorker extends Worker {
-
-        integrationRepository = new IntegrationRepository();
-        moduleRepository = new ModuleRepository();
-        moduleFactory = new ModuleFactory({
-            moduleRepository: this.moduleRepository,
-            moduleDefinitions: getModulesDefinitionFromIntegrationClasses([integrationClass]),
-        });
-
         async _run(params, context) {
             try {
-                const getIntegrationInstanceByDefinition = new GetIntegrationInstanceByDefinition({
-                    integrationRepository: this.integrationRepository,
-                    moduleFactory: this.moduleFactory,
-                    moduleRepository: this.moduleRepository,
-                });
-
-                const integration = await getIntegrationInstanceByDefinition.execute(integrationClass);
-
-                const res = await integration.send(params.event, {
+                let instance;
+                if (!params.integrationId) {
+                    instance = new integrationClass({});
+                    await instance.loadModules();
+                    // await instance.loadUserActions();
+                    await instance.registerEventHandlers();
+                    console.log(
+                        `${params.event} for ${integrationClass.Definition.name} integration with no integrationId`
+                    );
+                } else {
+                    instance =
+                        await integrationFactory.getInstanceFromIntegrationId({
+                            integrationId: params.integrationId,
+                        });
+                    console.log(
+                        `${params.event} for ${instance.record.config.type} of integrationId: ${params.integrationId}`
+                    );
+                }
+                const res = await instance.send(params.event, {
                     data: params.data,
                     context,
                 });
@@ -78,6 +79,7 @@ const createQueueWorker = (integrationClass) => {
 };
 
 module.exports = {
+    ...backend,
     loadRouterFromObject,
     createQueueWorker,
 };

package/handlers/routers/HEALTHCHECK.md

@@ -0,0 +1,240 @@
+# Frigg Healthcheck Endpoint Documentation
+
+## Overview
+
+The Frigg service includes comprehensive healthcheck endpoints to monitor service health, connectivity, and readiness. These endpoints follow industry best practices and are designed for use with monitoring systems, load balancers, and container orchestration platforms.
+
+## Endpoints
+
+### 1. Basic Health Check
+**GET** `/health`
+
+Simple health check endpoint that returns basic service information. No authentication required. This endpoint is rate-limited at the API Gateway level.
+
+**Response:**
+```json
+{
+  "status": "ok",
+  "timestamp": "2024-01-10T12:00:00.000Z",
+  "service": "frigg-core-api"
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service is running
+
+### 2. Detailed Health Check
+**GET** `/health/detailed`
+
+Comprehensive health check that tests all service components and dependencies.
+
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+- The API key must match the `HEALTH_API_KEY` environment variable
+
+**Response:**
+```json
+{
+  "service": "frigg-core-api",
+  "status": "healthy",  // "healthy" or "unhealthy"
+  "timestamp": "2024-01-10T12:00:00.000Z",
+  "checks": {
+    "database": {
+      "status": "healthy",
+      "state": "connected",
+      "responseTime": 5  // milliseconds
+    },
+    "externalApis": {
+      "github": {
+        "status": "healthy",
+        "statusCode": 200,
+        "responseTime": 150,
+        "reachable": true
+      },
+      "npm": {
+        "status": "healthy",
+        "statusCode": 200,
+        "responseTime": 200,
+        "reachable": true
+      }
+    },
+    "integrations": {
+      "status": "healthy",
+      "modules": {
+        "count": 10,
+        "available": ["module1", "module2", "..."]
+      },
+      "integrations": {
+        "count": 5,
+        "available": ["integration1", "integration2", "..."]
+      }
+    }
+  },
+  "responseTime": 250  // total endpoint response time in milliseconds
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service is healthy (all components operational)
+- `503 Service Unavailable` - Service is unhealthy (any component failure)
+- `401 Unauthorized` - Missing or invalid x-api-key header
+
+### 3. Liveness Probe
+**GET** `/health/live`
+
+Kubernetes-style liveness probe. Returns whether the service process is alive.
+
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+
+**Response:**
+```json
+{
+  "status": "alive",
+  "timestamp": "2024-01-10T12:00:00.000Z"
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service process is alive
+
+### 4. Readiness Probe
+**GET** `/health/ready`
+
+Kubernetes-style readiness probe. Returns whether the service is ready to receive traffic.
+
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+
+**Response:**
+```json
+{
+  "ready": true,
+  "timestamp": "2024-01-10T12:00:00.000Z",
+  "checks": {
+    "database": true,
+    "modules": true
+  }
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service is ready
+- `503 Service Unavailable` - Service is not ready
+
+## Health Status Definitions
+
+- **healthy**: All components are functioning normally
+- **unhealthy**: Any component is failing, service may not function properly
+
+## Component Checks
+
+### Database Connectivity
+- Checks database connection state
+- Performs ping test with 2-second timeout if connected
+- Reports connection state and response time
+- Database type is not exposed for security reasons
+
+### External API Connectivity
+- Tests connectivity to external services (GitHub, npm registry)
+- Configurable timeout (default: 5 seconds)
+- Reports reachability and response times
+- Uses Promise.all for parallel checking
+
+### Integration Status
+- Verifies available modules and integrations are loaded
+- Reports counts and lists of available components
+
+## Usage Examples
+
+### Monitoring Systems
+Configure your monitoring system to poll `/health/detailed` every 30-60 seconds:
+```bash
+curl -H "x-api-key: YOUR_API_KEY" https://your-frigg-instance.com/health/detailed
+```
+
+### Load Balancer Health Checks
+Configure load balancers to use the simple `/health` endpoint:
+```bash
+curl https://your-frigg-instance.com/health
+```
+
+### Kubernetes Configuration
+```yaml
+livenessProbe:
+  httpGet:
+    path: /health/live
+    port: 8080
+    httpHeaders:
+    - name: x-api-key
+      value: YOUR_API_KEY
+  periodSeconds: 10
+  timeoutSeconds: 5
+
+readinessProbe:
+  httpGet:
+    path: /health/ready
+    port: 8080
+    httpHeaders:
+    - name: x-api-key
+      value: YOUR_API_KEY
+  initialDelaySeconds: 30
+  periodSeconds: 10
+```
+
+## Customization
+
+### Adding External API Checks
+To add more external API checks, modify the `externalAPIs` array in the health router:
+```javascript
+const externalAPIs = [
+    { name: 'github', url: 'https://api.github.com/status' },
+    { name: 'npm', url: 'https://registry.npmjs.org' },
+    { name: 'your-api', url: 'https://your-api.com/health' }
+];
+```
+
+### Adjusting Timeouts
+The default timeout for external API checks is 5 seconds. Database ping timeout is set to 2 seconds:
+```javascript
+const checkExternalAPI = (url, timeout = 5000) => {
+    // ...
+};
+
+await mongoose.connection.db.admin().ping({ maxTimeMS: 2000 });
+```
+
+## Best Practices
+
+1. **Authentication**: Basic `/health` endpoint requires no authentication, but detailed endpoints require `x-api-key` header
+2. **Rate Limiting**: Configure rate limiting at the API Gateway level to prevent abuse
+3. **Fast Response**: Health checks should respond quickly (< 1 second)
+4. **Strict Status Codes**: Return 503 for any non-healthy state to ensure proper alerting
+5. **Detailed Logging**: Failed health checks are logged for debugging
+6. **Security**: No sensitive information (DB types, versions) exposed in responses
+7. **Lambda Considerations**: Uptime and memory metrics not included as they're not relevant in serverless
+
+## Troubleshooting
+
+### Database Connection Issues
+- Check `MONGO_URI` environment variable
+- Verify network connectivity to MongoDB
+- Check MongoDB server status
+
+### External API Failures
+- May indicate network issues or external service downtime
+- Service reports "unhealthy" status if any external API is unreachable
+
+## Security Considerations
+
+- Basic health endpoint requires no authentication for monitoring compatibility
+- Detailed endpoints require `x-api-key` header authentication
+- Health endpoints do not expose sensitive information
+- Database connection strings and credentials are never included in responses
+- External API checks use read-only endpoints
+- Rate limiting should be configured at the API Gateway level
+- Consider IP whitelisting for health endpoints in production
+
+## Environment Variables
+
+- `HEALTH_API_KEY`: Required API key for accessing detailed health endpoints

package/handlers/routers/auth.js

@@ -1,15 +1,26 @@
 const { createIntegrationRouter } = require('@friggframework/core');
 const { createAppHandler } = require('./../app-handler-helpers');
+const { requireLoggedInUser } = require('./middleware/requireLoggedInUser');
+const {
+    moduleFactory,
+    integrationFactory,
+    IntegrationHelper,
+} = require('./../backend-utils');
 
-const router = createIntegrationRouter();
+const router = createIntegrationRouter({
+    factory: { moduleFactory, integrationFactory, IntegrationHelper },
+    requireLoggedInUser,
+    getUserId: (req) => req.user.getUserId(),
+});
 
 router.route('/redirect/:appId').get((req, res) => {
     res.redirect(
-        `${process.env.FRONTEND_URI}/redirect/${req.params.appId
+        `${process.env.FRONTEND_URI}/redirect/${
+            req.params.appId
         }?${new URLSearchParams(req.query)}`
     );
 });
 
 const handler = createAppHandler('HTTP Event: Auth', router);
 
-module.exports = { handler };
+module.exports = { handler, router };