@friggframework/core 2.0.0-next.3 → 2.0.0-next.31

package/core/create-handler.js

@@ -1,5 +1,6 @@
 // This line should be at the top of the webpacked output, so be sure to require createHandler first in any handlers.  "Soon" sourcemaps will be built into Node... after that, this package won't be needed.
-require('source-map-support').install();
+// REMOVING FOR NOW UNTIL WE ADD WEBPACK BACK IN
+// require('source-map-support').install();
 
 const { connectToDatabase } = require('../database/mongo');
 const { initDebugLog, flushDebugLog } = require('../logs');

package/database/models/WebsocketConnection.js

@@ -8,6 +8,11 @@ const schema = new mongoose.Schema({
 // Add a static method to get active connections
 schema.statics.getActiveConnections = async function () {
     try {
+        // Return empty array if websockets are not configured
+        if (!process.env.WEBSOCKET_API_ENDPOINT) {
+            return [];
+        }
+
         const connections = await this.find({}, 'connectionId');
         return connections.map((conn) => ({
             connectionId: conn.connectionId,

package/encrypt/encrypt.js

@@ -16,28 +16,18 @@ const findOneEvents = [
 
 const shouldBypassEncryption = (STAGE) => {
     const defaultBypassStages = ['dev', 'test', 'local'];
-    const bypassStageEnv = process.env.BYPASS_ENCRYPTION_STAGE;
-    // If the env is set to anything or an empty string, use the env. Otherwise, use the default array
-    const useEnv = !String(bypassStageEnv) || !!bypassStageEnv;
-    const bypassStages = useEnv
-        ? bypassStageEnv.split(',').map((stage) => stage.trim())
-        : defaultBypassStages;
-    return bypassStages.includes(STAGE);
+    return defaultBypassStages.includes(STAGE);
 };
 
-// The Mongoose plug-in function
-function Encrypt(schema, options) {
+function Encrypt(schema) {
     const { STAGE, KMS_KEY_ARN, AES_KEY_ID } = process.env;
 
     if (shouldBypassEncryption(STAGE)) {
         return;
     }
 
-    if (KMS_KEY_ARN && AES_KEY_ID) {
-        throw new Error(
-            'Local and AWS encryption keys are both set in the environment.'
-        );
-    }
+    const hasAES = AES_KEY_ID && AES_KEY_ID.trim() !== '';
+    const hasKMS = KMS_KEY_ARN && KMS_KEY_ARN.trim() !== '' && !hasAES;
 
     const fields = Object.values(schema.paths)
         .map(({ path, options }) => (options.lhEncrypt === true ? path : ''))
@@ -48,25 +38,17 @@ function Encrypt(schema, options) {
     }
 
     const cryptor = new Cryptor({
-        // Use AWS if the CMK is present
-        shouldUseAws: !!KMS_KEY_ARN,
-        // Find all the fields in the schema with lhEncrypt === true
+        shouldUseAws: hasKMS,
         fields: fields,
     });
 
-    // ---------------------------------------------
-    // ### Encrypt fields before save/update/insert.
-    // ---------------------------------------------
-
     schema.pre('save', async function encryptionPreSave() {
-        // `this` will be a doc
         await cryptor.encryptFieldsInDocuments([this]);
     });
 
     schema.pre(
         'insertMany',
         async function encryptionPreInsertMany(_, docs, options) {
-            // `this` will be the model
             if (options?.rawResult) {
                 throw new Error(
                     'Raw result not supported for insertMany with Encrypt plugin'
@@ -78,17 +60,14 @@ function Encrypt(schema, options) {
     );
 
     schema.pre(updateOneEvents, async function encryptionPreUpdateOne() {
-        // `this` will be a query
         await cryptor.encryptFieldsInQuery(this);
     });
 
     schema.pre('updateMany', async function encryptionPreUpdateMany() {
-        // `this` will be a query
         cryptor.expectNotToUpdateManyEncrypted(this.getUpdate());
     });
 
     schema.pre('update', async function encryptionPreUpdate() {
-        // `this` will be a query
         const { multiple } = this.getOptions();
 
         if (multiple) {
@@ -99,16 +78,11 @@ function Encrypt(schema, options) {
         await cryptor.encryptFieldsInQuery(this);
     });
 
-    // --------------------------------------------
-    // ### Decrypt documents after they are loaded.
-    // --------------------------------------------
     schema.post('save', async function encryptionPreSave() {
-        // `this` will be a doc
         await cryptor.decryptFieldsInDocuments([this]);
     });
 
     schema.post(findOneEvents, async function encryptionPostFindOne(doc) {
-        // `this` will be a query
         const { rawResult } = this.getOptions();
 
         if (rawResult) {
@@ -119,12 +93,10 @@ function Encrypt(schema, options) {
     });
 
     schema.post('find', async function encryptionPostFind(docs) {
-        // `this` will be a query
         await cryptor.decryptFieldsInDocuments(docs);
     });
 
     schema.post('insertMany', async function encryptionPostInsertMany(docs) {
-        // `this` will be the model
         await cryptor.decryptFieldsInDocuments(docs);
     });
 }

package/handlers/app-handler-helpers.js

@@ -0,0 +1,59 @@
+const { createHandler, flushDebugLog } = require('@friggframework/core');
+const express = require('express');
+const bodyParser = require('body-parser');
+const cors = require('cors');
+const Boom = require('@hapi/boom');
+const loadUserManager = require('./routers/middleware/loadUser');
+const serverlessHttp = require('serverless-http');
+
+const createApp = (applyMiddleware) => {
+    const app = express();
+
+    app.use(bodyParser.json({ limit: '10mb' }));
+    app.use(bodyParser.urlencoded({ extended: true }));
+    app.use(
+        cors({
+            origin: '*',
+            allowedHeaders: '*',
+            methods: '*',
+            credentials: true,
+        })
+    );
+
+    app.use(loadUserManager);
+
+    if (applyMiddleware) applyMiddleware(app);
+
+    // Handle sending error response and logging server errors to console
+    app.use((err, req, res, next) => {
+        const boomError = err.isBoom ? err : Boom.boomify(err);
+        const {
+            output: { statusCode = 500 },
+        } = boomError;
+
+        if (statusCode >= 500) {
+            flushDebugLog(boomError);
+            res.status(statusCode).json({ error: 'Internal Server Error' });
+        } else {
+            res.status(statusCode).json({ error: err.message });
+        }
+    });
+
+    return app;
+};
+
+function createAppHandler(eventName, router, shouldUseDatabase = true) {
+    const app = createApp((app) => {
+        app.use(router);
+    });
+    return createHandler({
+        eventName,
+        method: serverlessHttp(app),
+        shouldUseDatabase,
+    });
+}
+
+module.exports = {
+    createApp,
+    createAppHandler,
+};

package/handlers/backend-utils.js

@@ -0,0 +1,85 @@
+const { createFriggBackend, Worker } = require('@friggframework/core');
+const { findNearestBackendPackageJson } = require('@friggframework/core/utils');
+const path = require('node:path');
+const fs = require('fs-extra');
+
+const backendPath = findNearestBackendPackageJson();
+if (!backendPath) {
+    throw new Error('Could not find backend package.json');
+}
+
+const backendDir = path.dirname(backendPath);
+const backendFilePath = path.join(backendDir, 'index.js');
+if (!fs.existsSync(backendFilePath)) {
+    throw new Error('Could not find index.js');
+}
+
+const backendJsFile = require(backendFilePath);
+const { Router } = require('express');
+const appDefinition = backendJsFile.Definition;
+
+const backend = createFriggBackend(appDefinition);
+const loadRouterFromObject = (IntegrationClass, routerObject) => {
+    const router = Router();
+    const { path, method, event } = routerObject;
+    console.log(
+        `Registering ${method} ${path} for ${IntegrationClass.Definition.name}`
+    );
+    router[method.toLowerCase()](path, async (req, res, next) => {
+        try {
+            const integration = new IntegrationClass({});
+            await integration.loadModules();
+            await integration.registerEventHandlers();
+            const result = await integration.send(event, {req, res, next});
+            res.json(result);
+        } catch (error) {
+            next(error);
+        }
+    });
+
+    return router;
+};
+const createQueueWorker = (integrationClass, integrationFactory) => {
+    class QueueWorker extends Worker {
+        async _run(params, context) {
+            try {
+                let instance;
+                if (!params.integrationId) {
+                    instance = new integrationClass({});
+                    await instance.loadModules();
+                    // await instance.loadUserActions();
+                    await instance.registerEventHandlers();
+                    console.log(
+                        `${params.event} for ${integrationClass.Definition.name} integration with no integrationId`
+                    );
+                } else {
+                    instance =
+                        await integrationFactory.getInstanceFromIntegrationId({
+                            integrationId: params.integrationId,
+                        });
+                    console.log(
+                        `${params.event} for ${instance.record.config.type} of integrationId: ${params.integrationId}`
+                    );
+                }
+                const res = await instance.send(params.event, {
+                    data: params.data,
+                    context,
+                });
+                return res;
+            } catch (error) {
+                console.error(
+                    `Error in ${params.event} for ${integrationClass.Definition.name}:`,
+                    error
+                );
+                throw error;
+            }
+        }
+    }
+    return QueueWorker;
+};
+
+module.exports = {
+    ...backend,
+    loadRouterFromObject,
+    createQueueWorker,
+};

package/handlers/routers/HEALTHCHECK.md

@@ -0,0 +1,240 @@
+# Frigg Healthcheck Endpoint Documentation
+
+## Overview
+
+The Frigg service includes comprehensive healthcheck endpoints to monitor service health, connectivity, and readiness. These endpoints follow industry best practices and are designed for use with monitoring systems, load balancers, and container orchestration platforms.
+
+## Endpoints
+
+### 1. Basic Health Check
+**GET** `/health`
+
+Simple health check endpoint that returns basic service information. No authentication required. This endpoint is rate-limited at the API Gateway level.
+
+**Response:**
+```json
+{
+  "status": "ok",
+  "timestamp": "2024-01-10T12:00:00.000Z",
+  "service": "frigg-core-api"
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service is running
+
+### 2. Detailed Health Check
+**GET** `/health/detailed`
+
+Comprehensive health check that tests all service components and dependencies.
+
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+- The API key must match the `HEALTH_API_KEY` environment variable
+
+**Response:**
+```json
+{
+  "service": "frigg-core-api",
+  "status": "healthy",  // "healthy" or "unhealthy"
+  "timestamp": "2024-01-10T12:00:00.000Z",
+  "checks": {
+    "database": {
+      "status": "healthy",
+      "state": "connected",
+      "responseTime": 5  // milliseconds
+    },
+    "externalApis": {
+      "github": {
+        "status": "healthy",
+        "statusCode": 200,
+        "responseTime": 150,
+        "reachable": true
+      },
+      "npm": {
+        "status": "healthy",
+        "statusCode": 200,
+        "responseTime": 200,
+        "reachable": true
+      }
+    },
+    "integrations": {
+      "status": "healthy",
+      "modules": {
+        "count": 10,
+        "available": ["module1", "module2", "..."]
+      },
+      "integrations": {
+        "count": 5,
+        "available": ["integration1", "integration2", "..."]
+      }
+    }
+  },
+  "responseTime": 250  // total endpoint response time in milliseconds
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service is healthy (all components operational)
+- `503 Service Unavailable` - Service is unhealthy (any component failure)
+- `401 Unauthorized` - Missing or invalid x-api-key header
+
+### 3. Liveness Probe
+**GET** `/health/live`
+
+Kubernetes-style liveness probe. Returns whether the service process is alive.
+
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+
+**Response:**
+```json
+{
+  "status": "alive",
+  "timestamp": "2024-01-10T12:00:00.000Z"
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service process is alive
+
+### 4. Readiness Probe
+**GET** `/health/ready`
+
+Kubernetes-style readiness probe. Returns whether the service is ready to receive traffic.
+
+**Authentication Required:**
+- Header: `x-api-key: YOUR_API_KEY`
+
+**Response:**
+```json
+{
+  "ready": true,
+  "timestamp": "2024-01-10T12:00:00.000Z",
+  "checks": {
+    "database": true,
+    "modules": true
+  }
+}
+```
+
+**Status Codes:**
+- `200 OK` - Service is ready
+- `503 Service Unavailable` - Service is not ready
+
+## Health Status Definitions
+
+- **healthy**: All components are functioning normally
+- **unhealthy**: Any component is failing, service may not function properly
+
+## Component Checks
+
+### Database Connectivity
+- Checks database connection state
+- Performs ping test with 2-second timeout if connected
+- Reports connection state and response time
+- Database type is not exposed for security reasons
+
+### External API Connectivity
+- Tests connectivity to external services (GitHub, npm registry)
+- Configurable timeout (default: 5 seconds)
+- Reports reachability and response times
+- Uses Promise.all for parallel checking
+
+### Integration Status
+- Verifies available modules and integrations are loaded
+- Reports counts and lists of available components
+
+## Usage Examples
+
+### Monitoring Systems
+Configure your monitoring system to poll `/health/detailed` every 30-60 seconds:
+```bash
+curl -H "x-api-key: YOUR_API_KEY" https://your-frigg-instance.com/health/detailed
+```
+
+### Load Balancer Health Checks
+Configure load balancers to use the simple `/health` endpoint:
+```bash
+curl https://your-frigg-instance.com/health
+```
+
+### Kubernetes Configuration
+```yaml
+livenessProbe:
+  httpGet:
+    path: /health/live
+    port: 8080
+    httpHeaders:
+    - name: x-api-key
+      value: YOUR_API_KEY
+  periodSeconds: 10
+  timeoutSeconds: 5
+
+readinessProbe:
+  httpGet:
+    path: /health/ready
+    port: 8080
+    httpHeaders:
+    - name: x-api-key
+      value: YOUR_API_KEY
+  initialDelaySeconds: 30
+  periodSeconds: 10
+```
+
+## Customization
+
+### Adding External API Checks
+To add more external API checks, modify the `externalAPIs` array in the health router:
+```javascript
+const externalAPIs = [
+    { name: 'github', url: 'https://api.github.com/status' },
+    { name: 'npm', url: 'https://registry.npmjs.org' },
+    { name: 'your-api', url: 'https://your-api.com/health' }
+];
+```
+
+### Adjusting Timeouts
+The default timeout for external API checks is 5 seconds. Database ping timeout is set to 2 seconds:
+```javascript
+const checkExternalAPI = (url, timeout = 5000) => {
+    // ...
+};
+
+await mongoose.connection.db.admin().ping({ maxTimeMS: 2000 });
+```
+
+## Best Practices
+
+1. **Authentication**: Basic `/health` endpoint requires no authentication, but detailed endpoints require `x-api-key` header
+2. **Rate Limiting**: Configure rate limiting at the API Gateway level to prevent abuse
+3. **Fast Response**: Health checks should respond quickly (< 1 second)
+4. **Strict Status Codes**: Return 503 for any non-healthy state to ensure proper alerting
+5. **Detailed Logging**: Failed health checks are logged for debugging
+6. **Security**: No sensitive information (DB types, versions) exposed in responses
+7. **Lambda Considerations**: Uptime and memory metrics not included as they're not relevant in serverless
+
+## Troubleshooting
+
+### Database Connection Issues
+- Check `MONGO_URI` environment variable
+- Verify network connectivity to MongoDB
+- Check MongoDB server status
+
+### External API Failures
+- May indicate network issues or external service downtime
+- Service reports "unhealthy" status if any external API is unreachable
+
+## Security Considerations
+
+- Basic health endpoint requires no authentication for monitoring compatibility
+- Detailed endpoints require `x-api-key` header authentication
+- Health endpoints do not expose sensitive information
+- Database connection strings and credentials are never included in responses
+- External API checks use read-only endpoints
+- Rate limiting should be configured at the API Gateway level
+- Consider IP whitelisting for health endpoints in production
+
+## Environment Variables
+
+- `HEALTH_API_KEY`: Required API key for accessing detailed health endpoints

package/handlers/routers/auth.js

@@ -0,0 +1,26 @@
+const { createIntegrationRouter } = require('@friggframework/core');
+const { createAppHandler } = require('./../app-handler-helpers');
+const { requireLoggedInUser } = require('./middleware/requireLoggedInUser');
+const {
+    moduleFactory,
+    integrationFactory,
+    IntegrationHelper,
+} = require('./../backend-utils');
+
+const router = createIntegrationRouter({
+    factory: { moduleFactory, integrationFactory, IntegrationHelper },
+    requireLoggedInUser,
+    getUserId: (req) => req.user.getUserId(),
+});
+
+router.route('/redirect/:appId').get((req, res) => {
+    res.redirect(
+        `${process.env.FRONTEND_URI}/redirect/${
+            req.params.appId
+        }?${new URLSearchParams(req.query)}`
+    );
+});
+
+const handler = createAppHandler('HTTP Event: Auth', router);
+
+module.exports = { handler, router };