@friggframework/core 2.0.0--canary.427.c8ff14b.0 → 2.0.0--canary.427.68e753a.0

package/database/mongo.js

@@ -5,14 +5,16 @@
 const { Encrypt } = require('../encrypt');
 const { mongoose } = require('./mongoose');
 const { debug, flushDebugLog } = require('../logs');
+const { findNearestBackendPackageJson } = require('../utils');
+const path = require('path');
+const fs = require('fs');
 
 mongoose.plugin(Encrypt);
 mongoose.set('applyPluginsToDiscriminators', true); // Needed for LHEncrypt
 
-// Buffering means mongoose will queue up operations if it gets
-// With serverless, better to fail fast if not connected.
-// disconnected from MongoDB and send them when it reconnects.
-const mongoConfig = {
+// Load app definition to check for DocumentDB configuration
+let appDefinition = {};
+let mongoConfig = {
     useNewUrlParser: true,
     bufferCommands: false, // Disable mongoose buffering
     autoCreate: false, // Disable because auto creation does not work without buffering
@@ -28,9 +30,133 @@ const connectToDatabase = async () => {
         return;
     }
 
+    console.log('🔗 Connecting to database...');
+
+    // Load appDefinition inside the function
+    try {
+        console.log(
+            '🔍 Loading app definition for DocumentDB configuration...'
+        );
+
+        const backendPath = findNearestBackendPackageJson();
+        if (!backendPath) {
+            throw new Error('Could not find backend package.json');
+        }
+
+        const backendDir = path.dirname(backendPath);
+        const backendFilePath = path.join(backendDir, 'index.js');
+        if (!fs.existsSync(backendFilePath)) {
+            throw new Error('Could not find index.js');
+        }
+
+        const backend = require(backendFilePath);
+        appDefinition = backend.Definition;
+
+        console.log('📁 AppDefinition content:', JSON.stringify(appDefinition));
+
+        // Add DocumentDB TLS configuration if enabled
+        if (appDefinition.database?.documentDB?.enable === true) {
+            console.log('📄 DocumentDB configuration detected, enabling TLS');
+            console.log('📁 Current working directory:', process.cwd());
+            console.log(
+                '📋 App definition database config:',
+                JSON.stringify(appDefinition.database, null, 2)
+            );
+
+            mongoConfig.tls = true;
+
+            // Set TLS CA file path if specified
+            if (appDefinition.database.documentDB.tlsCAFile) {
+                const tlsCAFile = appDefinition.database.documentDB.tlsCAFile;
+
+                // Basic safety: reject obviously dangerous paths
+                if (tlsCAFile.includes('..') || path.isAbsolute(tlsCAFile)) {
+                    console.warn(
+                        '⚠️  Rejecting potentially unsafe tlsCAFile path:',
+                        tlsCAFile
+                    );
+                } else {
+                    const tlsCAFilePath = path.resolve(
+                        process.cwd(),
+                        tlsCAFile
+                    );
+
+                    console.log('📄 DocumentDB TLS CA file configured:');
+                    console.log('   📎 Original path:', tlsCAFile);
+                    console.log('   📎 Resolved path:', tlsCAFilePath);
+                    console.log(
+                        '   📄 File exists:',
+                        fs.existsSync(tlsCAFilePath)
+                    );
+
+                    // Only set tlsCAFile if the file actually exists
+                    if (fs.existsSync(tlsCAFilePath)) {
+                        mongoConfig.tlsCAFile = tlsCAFilePath;
+                        console.log('✅ TLS CA file configured successfully');
+                    } else {
+                        throw new Error(
+                            `TLS CA file not found at ${tlsCAFilePath}`
+                        );
+                    }
+
+                    // Debug directory listing (only in development)
+                    if (process.env.NODE_ENV !== 'production') {
+                        try {
+                            console.log('📁 Current directory contents:');
+                            fs.readdirSync(process.cwd()).forEach((item) => {
+                                const stats = fs.statSync(
+                                    path.join(process.cwd(), item)
+                                );
+                                console.log(
+                                    `   ${
+                                        stats.isDirectory() ? '📁' : '📄'
+                                    } ${item}`
+                                );
+                            });
+
+                            const securityDir = path.join(
+                                process.cwd(),
+                                'security'
+                            );
+                            if (fs.existsSync(securityDir)) {
+                                console.log('📁 Security directory contents:');
+                                fs.readdirSync(securityDir).forEach((item) => {
+                                    console.log(`   📄 ${item}`);
+                                });
+                            } else {
+                                console.log(
+                                    '❌ Security directory does not exist at:',
+                                    securityDir
+                                );
+                            }
+                        } catch (error) {
+                            console.log(
+                                '❌ Error listing directory contents:',
+                                error.message
+                            );
+                        }
+                    }
+                }
+            }
+        } else {
+            console.log(
+                '📄 DocumentDB not enabled, using standard MongoDB configuration'
+            );
+        }
+    } catch (error) {
+        console.error('❌ Error loading app definition:', error.message);
+        debug(
+            'Could not load app definition for DocumentDB configuration:',
+            error.message
+        );
+    }
+
+    console.log('🔗 MongoDB URI:', process.env.MONGO_URI ? 'SET' : 'NOT SET');
+    console.log('🔧 Final mongoConfig:', JSON.stringify(mongoConfig, null, 2));
+
     debug('=> using new database connection');
     await mongoose.connect(process.env.MONGO_URI, mongoConfig);
-    debug('Connection state:',  mongoose.STATES[mongoose.connection.readyState]);
+    debug('Connection state:', mongoose.STATES[mongoose.connection.readyState]);
     mongoose.connection.on('error', (error) => flushDebugLog(error));
 };
 

package/handlers/routers/health.js

@@ -15,6 +15,7 @@ const validateApiKey = (req, res, next) => {
     }
 
     if (!apiKey || apiKey !== process.env.HEALTH_API_KEY) {
+        console.error('Unauthorized access attempt to health endpoint');
         return res.status(401).json({
             status: 'error',
             message: 'Unauthorized',
@@ -149,69 +150,6 @@ const createTestEncryptionModel = () => {
     );
 };
 
-const createTestDocument = async (TestModel) => {
-    const testData = {
-        testSecret: 'This is a secret value that should be encrypted',
-        normalField: 'This is a normal field that should not be encrypted',
-        nestedSecret: {
-            value: 'This is a nested secret that should be encrypted',
-        },
-    };
-
-    console.log('🔧 Creating test document with encryption...');
-    const testDoc = new TestModel(testData);
-
-    // Add timeout and detailed error logging
-    const savePromise = testDoc.save();
-    const timeoutPromise = new Promise((_, reject) => {
-        setTimeout(
-            () =>
-                reject(new Error('Save operation timed out after 30 seconds')),
-            30000
-        );
-    });
-
-    try {
-        console.log('💾 Attempting to save document...');
-        const startTime = Date.now();
-
-        await Promise.race([savePromise, timeoutPromise]);
-
-        const duration = Date.now() - startTime;
-        console.log(`✅ Document saved successfully in ${duration}ms`);
-
-        return { testDoc, testData };
-    } catch (error) {
-        console.error('❌ Save operation failed:', {
-            errorName: error.name,
-            errorMessage: error.message,
-            errorStack: error.stack,
-            mongooseConnectionState: testDoc.db.readyState,
-            modelName: TestModel.modelName,
-        });
-
-        // Try to get more details about the connection
-        if (mongoose.connection && mongoose.connection.db) {
-            try {
-                const admin = mongoose.connection.db.admin();
-                const serverStatus = await admin.serverStatus();
-                console.log('📊 DocumentDB Server Status:', {
-                    version: serverStatus.version,
-                    uptime: serverStatus.uptime,
-                    connections: serverStatus.connections,
-                });
-            } catch (statusError) {
-                console.error(
-                    '❌ Could not get server status:',
-                    statusError.message
-                );
-            }
-        }
-
-        throw error;
-    }
-};
-
 const verifyDecryption = (retrievedDoc, originalData) => {
     return (
         retrievedDoc &&
@@ -285,18 +223,95 @@ const evaluateEncryptionTestResults = (decryptionWorks, encryptionResults) => {
     };
 };
 
+const withTimeout = (promise, ms, errorMessage) => {
+    return Promise.race([
+        promise,
+        new Promise((_, reject) =>
+            setTimeout(() => reject(new Error(errorMessage)), ms)
+        ),
+    ]);
+};
+
 const testEncryption = async () => {
+    // eslint-disable-next-line no-console
+    console.log('Starting encryption test');
     const TestModel = createTestEncryptionModel();
-    const { testDoc, testData } = await createTestDocument(TestModel);
+    // eslint-disable-next-line no-console
+    console.log('Test model created');
+
+    const testData = {
+        testSecret: 'This is a secret value that should be encrypted',
+        normalField: 'This is a normal field that should not be encrypted',
+        nestedSecret: {
+            value: 'This is a nested secret that should be encrypted',
+        },
+    };
+
+    const testDoc = new TestModel(testData);
+
+    try {
+        // eslint-disable-next-line no-console
+        console.log('Attempting to save document with encryption...');
+        const startTime = Date.now();
+
+        await withTimeout(
+            testDoc.save(),
+            30000,
+            'Save operation timed out after 30 seconds'
+        );
+
+        const duration = Date.now() - startTime;
+        // eslint-disable-next-line no-console
+        console.log(`Test document saved successfully in ${duration}ms`);
+    } catch (error) {
+        // eslint-disable-next-line no-console
+        console.error('Save operation failed:', {
+            errorName: error.name,
+            errorMessage: error.message,
+            errorStack: error.stack,
+            mongooseConnectionState: testDoc.db.readyState,
+            modelName: TestModel.modelName,
+        });
+
+        // Try to get more details about the connection
+        if (mongoose.connection && mongoose.connection.db) {
+            try {
+                const admin = mongoose.connection.db.admin();
+                const serverStatus = await admin.serverStatus();
+                // eslint-disable-next-line no-console
+                console.log('DocumentDB Server Status:', {
+                    version: serverStatus.version,
+                    uptime: serverStatus.uptime,
+                    connections: serverStatus.connections,
+                });
+            } catch (statusError) {
+                // eslint-disable-next-line no-console
+                console.error(
+                    'Could not get server status:',
+                    statusError.message
+                );
+            }
+        }
+
+        throw error;
+    }
 
     try {
-        const retrievedDoc = await TestModel.findById(testDoc._id);
+        const retrievedDoc = await withTimeout(
+            TestModel.findById(testDoc._id),
+            5000,
+            'Find operation timed out'
+        );
+        // eslint-disable-next-line no-console
+        console.log('Test document retrieved');
         const decryptionWorks = verifyDecryption(retrievedDoc, testData);
-        const encryptionResults = await verifyEncryptionInDatabase(
-            testDoc,
-            testData,
-            TestModel
+        const encryptionResults = await withTimeout(
+            verifyEncryptionInDatabase(testDoc, testData, TestModel),
+            5000,
+            'Database verification timed out'
         );
+        // eslint-disable-next-line no-console
+        console.log('Encryption verification completed');
 
         const evaluation = evaluateEncryptionTestResults(
             decryptionWorks,
@@ -308,7 +323,13 @@ const testEncryption = async () => {
             encryptionWorks: decryptionWorks,
         };
     } finally {
-        await TestModel.deleteOne({ _id: testDoc._id });
+        await withTimeout(
+            TestModel.deleteOne({ _id: testDoc._id }),
+            5000,
+            'Delete operation timed out'
+        );
+        // eslint-disable-next-line no-console
+        console.log('Test document deleted');
     }
 };
 
@@ -316,6 +337,12 @@ const checkEncryptionHealth = async () => {
     const config = getEncryptionConfiguration();
 
     if (config.isBypassed || config.mode === 'none') {
+        // eslint-disable-next-line no-console
+        console.log('Encryption check bypassed:', {
+            stage: config.stage,
+            mode: config.mode,
+        });
+
         const testResult = config.isBypassed
             ? 'Encryption bypassed for this stage'
             : 'No encryption keys configured';
@@ -434,6 +461,8 @@ router.get('/health', async (_req, res) => {
 });
 
 router.get('/health/detailed', async (_req, res) => {
+    // eslint-disable-next-line no-console
+    console.log('Starting detailed health check');
     const startTime = Date.now();
     const response = buildHealthCheckResponse(startTime);
 
@@ -443,12 +472,16 @@ router.get('/health/detailed', async (_req, res) => {
         if (!dbState.isConnected) {
             response.status = 'unhealthy';
         }
+        // eslint-disable-next-line no-console
+        console.log('Database check completed:', response.checks.database);
     } catch (error) {
         response.checks.database = {
             status: 'unhealthy',
             error: error.message,
         };
         response.status = 'unhealthy';
+        // eslint-disable-next-line no-console
+        console.log('Database check error:', error.message);
     }
 
     try {
@@ -456,12 +489,16 @@ router.get('/health/detailed', async (_req, res) => {
         if (response.checks.encryption.status === 'unhealthy') {
             response.status = 'unhealthy';
         }
+        // eslint-disable-next-line no-console
+        console.log('Encryption check completed:', response.checks.encryption);
     } catch (error) {
         response.checks.encryption = {
             status: 'unhealthy',
             error: error.message,
         };
         response.status = 'unhealthy';
+        // eslint-disable-next-line no-console
+        console.log('Encryption check error:', error.message);
     }
 
     const { apiStatuses, allReachable } = await checkExternalAPIs();
@@ -469,15 +506,24 @@ router.get('/health/detailed', async (_req, res) => {
     if (!allReachable) {
         response.status = 'unhealthy';
     }
+    // eslint-disable-next-line no-console
+    console.log('External APIs check completed:', response.checks.externalApis);
 
     try {
         response.checks.integrations = checkIntegrations();
+        // eslint-disable-next-line no-console
+        console.log(
+            'Integrations check completed:',
+            response.checks.integrations
+        );
     } catch (error) {
         response.checks.integrations = {
             status: 'unhealthy',
             error: error.message,
         };
         response.status = 'unhealthy';
+        // eslint-disable-next-line no-console
+        console.log('Integrations check error:', error.message);
     }
 
     response.responseTime = response.calculateResponseTime();
@@ -485,6 +531,14 @@ router.get('/health/detailed', async (_req, res) => {
 
     const statusCode = response.status === 'healthy' ? 200 : 503;
     res.status(statusCode).json(response);
+
+    // eslint-disable-next-line no-console
+    console.log(
+        'Final health status:',
+        response.status,
+        'Response time:',
+        response.responseTime
+    );
 });
 
 router.get('/health/live', (_req, res) => {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@friggframework/core",
   "prettier": "@friggframework/prettier-config",
-  "version": "2.0.0--canary.427.c8ff14b.0",
+  "version": "2.0.0--canary.427.68e753a.0",
   "dependencies": {
     "@hapi/boom": "^10.0.1",
     "aws-sdk": "^2.1200.0",
@@ -22,9 +22,9 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@friggframework/eslint-config": "2.0.0--canary.427.c8ff14b.0",
-    "@friggframework/prettier-config": "2.0.0--canary.427.c8ff14b.0",
-    "@friggframework/test": "2.0.0--canary.427.c8ff14b.0",
+    "@friggframework/eslint-config": "2.0.0--canary.427.68e753a.0",
+    "@friggframework/prettier-config": "2.0.0--canary.427.68e753a.0",
+    "@friggframework/test": "2.0.0--canary.427.68e753a.0",
     "@types/lodash": "4.17.15",
     "@typescript-eslint/eslint-plugin": "^8.0.0",
     "chai": "^4.3.6",
@@ -56,5 +56,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "c8ff14b4f6c1a21bd6c254ad12f1c9963b0374db"
+  "gitHead": "68e753a98bf315deb2004e4f5c6ab58495e04d2b"
 }