@friggframework/core 2.0.0-next.45 → 2.0.0-next.46

package/handlers/workers/db-migration.js

@@ -0,0 +1,352 @@
+/**
+ * Database Migration Lambda Handler
+ *
+ * Lambda function that runs Prisma database migrations from within the VPC,
+ * enabling CI/CD pipelines to migrate databases without requiring public access.
+ *
+ * This handler uses the prisma-runner utilities from @friggframework/core,
+ * ensuring consistency with the `frigg db:setup` command.
+ *
+ * Environment Variables Required:
+ * - DATABASE_URL: PostgreSQL connection string (automatically set from Secrets Manager)
+ * - DB_TYPE: Database type ('postgresql' or 'mongodb')
+ * - STAGE: Deployment stage (determines migration command: 'dev' or 'deploy')
+ *
+ * Invocation:
+ *   aws lambda invoke \
+ *     --function-name my-app-production-dbMigrate \
+ *     --region us-east-1 \
+ *     response.json
+ *
+ * Success Response:
+ *   {
+ *     "statusCode": 200,
+ *     "body": {
+ *       "success": true,
+ *       "message": "Database migration completed successfully",
+ *       "dbType": "postgresql",
+ *       "stage": "production",
+ *       "migrationCommand": "deploy"
+ *     }
+ *   }
+ *
+ * Error Response:
+ *   {
+ *     "statusCode": 500,
+ *     "body": {
+ *       "success": false,
+ *       "error": "Migration failed: ...",
+ *       "stack": "Error: ..."
+ *     }
+ *   }
+ */
+
+const {
+    RunDatabaseMigrationUseCase,
+    MigrationError,
+    ValidationError,
+} = require('../../database/use-cases/run-database-migration-use-case');
+const {
+    CheckDatabaseStateUseCase,
+} = require('../../database/use-cases/check-database-state-use-case');
+const {
+    MigrationStatusRepositoryS3,
+} = require('../../database/repositories/migration-status-repository-s3');
+
+// Inject prisma-runner as dependency
+const prismaRunner = require('../../database/utils/prisma-runner');
+
+// Use S3 repository for migration status tracking (no User table dependency)
+const bucketName = process.env.S3_BUCKET_NAME || process.env.MIGRATION_STATUS_BUCKET;
+const migrationStatusRepository = new MigrationStatusRepositoryS3(bucketName);
+
+/**
+ * Sanitizes error messages to prevent credential leaks
+ * @param {string} errorMessage - Error message that might contain credentials
+ * @returns {string} Sanitized error message
+ */
+function sanitizeError(errorMessage) {
+    if (!errorMessage) return 'Unknown error';
+
+    return String(errorMessage)
+        // Remove PostgreSQL connection strings
+        .replace(/postgresql:\/\/[^@\s]+@[^\s/]+/gi, 'postgresql://***:***@***')
+        // Remove MongoDB connection strings
+        .replace(/mongodb(\+srv)?:\/\/[^@\s]+@[^\s/]+/gi, 'mongodb$1://***:***@***')
+        // Remove password parameters
+        .replace(/password[=:]\s*[^\s,;)]+/gi, 'password=***')
+        // Remove API keys
+        .replace(/apikey[=:]\s*[^\s,;)]+/gi, 'apikey=***')
+        .replace(/api[_-]?key[=:]\s*[^\s,;)]+/gi, 'api_key=***')
+        // Remove tokens
+        .replace(/token[=:]\s*[^\s,;)]+/gi, 'token=***')
+        .replace(/bearer\s+[^\s,;)]+/gi, 'bearer ***');
+}
+
+/**
+ * Sanitizes DATABASE_URL for safe logging
+ * @param {string} url - Database URL
+ * @returns {string} Sanitized URL
+ */
+function sanitizeDatabaseUrl(url) {
+    if (!url) return '';
+
+    // Replace credentials in connection string
+    return url.replace(/(:\/\/)([^:]+):([^@]+)@/, '$1***:***@');
+}
+
+/**
+ * Extract migration parameters from SQS event or direct invocation
+ * @param {Object} event - Lambda event (SQS or direct)
+ * @returns {Object} Extracted parameters { migrationId, dbType, stage }
+ */
+function extractMigrationParams(event) {
+    let migrationId = null;
+    let stage = null;
+
+    // Migration infrastructure is PostgreSQL-only, so hardcode dbType
+    const dbType = 'postgresql';
+
+    // Check if this is an SQS event
+    if (event.Records && event.Records.length > 0) {
+        // SQS event - extract from message body
+        const message = JSON.parse(event.Records[0].body);
+        migrationId = message.migrationId;
+        stage = message.stage;
+
+        console.log('SQS event detected');
+        console.log(`  Migration ID: ${migrationId}`);
+        console.log(`  DB Type: ${dbType} (hardcoded - PostgreSQL-only)`);
+        console.log(`  Stage: ${stage}`);
+    } else {
+        // Direct invocation - use event properties or environment variables
+        migrationId = event.migrationId || null;
+        stage = event.stage || process.env.STAGE || 'production';
+
+        console.log('Direct invocation detected');
+        if (migrationId) {
+            console.log(`  Migration ID: ${migrationId}`);
+        }
+        console.log(`  DB Type: ${dbType} (hardcoded - PostgreSQL-only)`);
+        console.log(`  Stage: ${stage}`);
+    }
+
+    return { migrationId, dbType, stage };
+}
+
+/**
+ * Lambda handler entry point
+ * @param {Object} event - Lambda event (SQS message or direct invocation)
+ * @param {Object} context - Lambda context (contains AWS request ID, timeout info)
+ * @returns {Promise<Object>} Response with statusCode and body
+ */
+exports.handler = async (event, context) => {
+    console.log('========================================');
+    console.log('Database Migration Lambda Started');
+    console.log('========================================');
+    console.log('Event:', JSON.stringify(event, null, 2));
+    console.log('Context:', JSON.stringify({
+        requestId: context.requestId,
+        functionName: context.functionName,
+        remainingTimeInMillis: context.getRemainingTimeInMillis(),
+    }, null, 2));
+
+    // Extract migration parameters from event
+    const { migrationId, dbType, stage } = extractMigrationParams(event);
+
+    // Check for action parameter (direct invocation for status checks)
+    const action = event.action || 'migrate'; // Default to migration
+
+    // Handle checkStatus action
+    if (action === 'checkStatus') {
+        console.log(`\n========================================`);
+        console.log(`Action: checkStatus (dbType=${dbType}, stage=${stage})`);
+        console.log(`========================================`);
+
+        try {
+            const checkDbStateUseCase = new CheckDatabaseStateUseCase({ prismaRunner });
+            const status = await checkDbStateUseCase.execute(dbType, stage);
+
+            console.log('✓ Database state check completed');
+            console.log(`  Up to date: ${status.upToDate}`);
+            console.log(`  Pending migrations: ${status.pendingMigrations}`);
+
+            return {
+                statusCode: 200,
+                body: status,
+            };
+        } catch (error) {
+            console.error('❌ Database state check failed:', error.message);
+            return {
+                statusCode: 500,
+                body: {
+                    success: false,
+                    error: sanitizeError(error.message),
+                    upToDate: false,
+                },
+            };
+        }
+    }
+
+    // Otherwise, handle migration (existing code)
+    console.log(`\n========================================`);
+    console.log(`Action: migrate (migrationId=${migrationId || 'new'})`);
+    console.log(`========================================`);
+
+    // Get environment variables
+    const databaseUrl = process.env.DATABASE_URL;
+
+    try {
+        // Validate DATABASE_URL is set
+        if (!databaseUrl) {
+            const error = 'DATABASE_URL environment variable is not set';
+            console.error('❌ Validation failed:', error);
+            return {
+                statusCode: 500,
+                body: JSON.stringify({
+                    success: false,
+                    error,
+                }),
+            };
+        }
+
+        console.log('✓ Environment validated');
+        console.log(`  Database Type: ${dbType}`);
+        console.log(`  Stage: ${stage}`);
+        console.log(`  Database URL: ${sanitizeDatabaseUrl(databaseUrl)}`);
+
+        // Update migration status to RUNNING (if migrationId provided)
+        if (migrationId) {
+            console.log(`\n✓ Updating migration status to RUNNING: ${migrationId}`);
+            await migrationStatusRepository.update({
+                migrationId,
+                stage,
+                state: 'RUNNING',
+                progress: 10,
+                startedAt: new Date().toISOString(),
+            });
+        }
+
+        // Create use case with dependencies (Dependency Injection)
+        const runDatabaseMigrationUseCase = new RunDatabaseMigrationUseCase({
+            prismaRunner,
+        });
+
+        console.log('\n========================================');
+        console.log('Executing Database Migration');
+        console.log('========================================');
+
+        // Execute use case (business logic layer)
+        const result = await runDatabaseMigrationUseCase.execute({
+            dbType,
+            stage,
+            verbose: true, // Enable verbose output for Lambda CloudWatch logs
+        });
+
+        console.log('✓ Database migration completed successfully');
+        console.log('\n========================================');
+        console.log('Migration Summary');
+        console.log('========================================');
+        console.log(`  Status: Success`);
+        console.log(`  Database: ${result.dbType}`);
+        console.log(`  Stage: ${result.stage}`);
+        console.log(`  Command: ${result.command}`);
+        console.log('========================================');
+
+        // Update migration status to COMPLETED (if migrationId provided)
+        if (migrationId) {
+            console.log(`\n✓ Updating migration status to COMPLETED: ${migrationId}`);
+            await migrationStatusRepository.update({
+                migrationId,
+                stage,
+                state: 'COMPLETED',
+                progress: 100,
+                completedAt: new Date().toISOString(),
+                migrationCommand: result.command,
+            });
+        }
+
+        // Return success response (adapter layer - HTTP mapping)
+        const responseBody = {
+            success: true,
+            message: result.message,
+            dbType: result.dbType,
+            stage: result.stage,
+            migrationCommand: result.command,
+            timestamp: new Date().toISOString(),
+        };
+
+        if (migrationId) {
+            responseBody.migrationId = migrationId;
+        }
+
+        return {
+            statusCode: 200,
+            body: JSON.stringify(responseBody),
+        };
+
+    } catch (error) {
+        console.error('\n========================================');
+        console.error('Migration Failed');
+        console.error('========================================');
+        console.error('Error:', error.name, error.message);
+
+        // Log full stack trace to CloudWatch (only visible to developers)
+        if (error.stack) {
+            console.error('Stack:', error.stack);
+        }
+
+        // Log context if available (from MigrationError)
+        if (error.context) {
+            console.error('Context:', JSON.stringify(error.context, null, 2));
+        }
+
+        // Map domain errors to HTTP status codes (adapter layer)
+        let statusCode = 500;
+        let errorMessage = error.message || 'Unknown error occurred';
+
+        if (error instanceof ValidationError) {
+            statusCode = 400; // Bad Request for validation errors
+        } else if (error instanceof MigrationError) {
+            statusCode = 500; // Internal Server Error for migration failures
+        }
+
+        // Sanitize error message before returning
+        const sanitizedError = sanitizeError(errorMessage);
+
+        // Update migration status to FAILED (if migrationId provided)
+        if (migrationId) {
+            try {
+                console.log(`\n✓ Updating migration status to FAILED: ${migrationId}`);
+                await migrationStatusRepository.update({
+                    migrationId,
+                    stage,
+                    state: 'FAILED',
+                    progress: 0,
+                    error: sanitizedError,
+                    failedAt: new Date().toISOString(),
+                });
+            } catch (updateError) {
+                console.error('Failed to update migration status:', updateError.message);
+                // Continue - don't let status update failure block error response
+            }
+        }
+
+        const errorBody = {
+            success: false,
+            error: sanitizedError,
+            errorType: error.name || 'Error',
+            // Only include stack traces in development environments
+            ...(stage === 'dev' || stage === 'local' || stage === 'test' ? { stack: error.stack } : {}),
+        };
+
+        if (migrationId) {
+            errorBody.migrationId = migrationId;
+        }
+
+        return {
+            statusCode,
+            body: JSON.stringify(errorBody),
+        };
+    }
+};

package/index.js

@@ -33,6 +33,15 @@ const {
     UserRepositoryMongo,
     UserRepositoryPostgres,
 } = require('./user/repositories/user-repository-factory');
+const {
+    GetUserFromXFriggHeaders,
+} = require('./user/use-cases/get-user-from-x-frigg-headers');
+const {
+    GetUserFromAdopterJwt,
+} = require('./user/use-cases/get-user-from-adopter-jwt');
+const {
+    AuthenticateUser,
+} = require('./user/use-cases/authenticate-user');
 
 const {
     CredentialRepository,
@@ -123,6 +132,9 @@ module.exports = {
     createUserRepository,
     UserRepositoryMongo,
     UserRepositoryPostgres,
+    GetUserFromXFriggHeaders,
+    GetUserFromAdopterJwt,
+    AuthenticateUser,
     CredentialRepository,
     ModuleRepository,
     IntegrationMappingRepository,

package/integrations/integration-router.js

@@ -56,6 +56,18 @@ const {
 const {
     GetUserFromBearerToken,
 } = require('../user/use-cases/get-user-from-bearer-token');
+const {
+    GetUserFromXFriggHeaders,
+} = require('../user/use-cases/get-user-from-x-frigg-headers');
+const {
+    GetUserFromAdopterJwt,
+} = require('../user/use-cases/get-user-from-adopter-jwt');
+const {
+    AuthenticateWithSharedSecret,
+} = require('../user/use-cases/authenticate-with-shared-secret');
+const {
+    AuthenticateUser,
+} = require('../user/use-cases/authenticate-user');
 const {
     ProcessAuthorizationCallback,
 } = require('../modules/use-cases/process-authorization-callback');
@@ -73,6 +85,26 @@ function createIntegrationRouter() {
         userConfig,
     });
 
+    const getUserFromXFriggHeaders = new GetUserFromXFriggHeaders({
+        userRepository,
+        userConfig,
+    });
+
+    const getUserFromAdopterJwt = new GetUserFromAdopterJwt({
+        userRepository,
+        userConfig,
+    });
+
+    const authenticateWithSharedSecret = new AuthenticateWithSharedSecret();
+
+    const authenticateUser = new AuthenticateUser({
+        getUserFromBearerToken,
+        getUserFromXFriggHeaders,
+        getUserFromAdopterJwt,
+        authenticateWithSharedSecret,
+        userConfig,
+    });
+
     const moduleFactory = new ModuleFactory({
         moduleRepository,
         moduleDefinitions:
@@ -165,7 +197,7 @@ function createIntegrationRouter() {
 
     const router = express();
 
-    setIntegrationRoutes(router, getUserFromBearerToken, {
+    setIntegrationRoutes(router, authenticateUser, {
         createIntegration,
         deleteIntegrationForUser,
         getIntegrationsForUser,
@@ -174,7 +206,7 @@ function createIntegrationRouter() {
         updateIntegration,
         getPossibleIntegrations,
     });
-    setEntityRoutes(router, getUserFromBearerToken, {
+    setEntityRoutes(router, authenticateUser, {
         getCredentialForUser,
         getModuleInstanceFromType,
         getEntityOptionsByType,
@@ -201,10 +233,8 @@ function checkRequiredParams(params, requiredKeys) {
 
     if (missingKeys.length > 0) {
         throw Boom.badRequest(
-            `Missing Parameter${
-                missingKeys.length === 1 ? '' : 's'
-            }: ${missingKeys.join(', ')} ${
-                missingKeys.length === 1 ? 'is' : 'are'
+            `Missing Parameter${missingKeys.length === 1 ? '' : 's'
+            }: ${missingKeys.join(', ')} ${missingKeys.length === 1 ? 'is' : 'are'
             } required.`
         );
     }
@@ -214,10 +244,10 @@ function checkRequiredParams(params, requiredKeys) {
 /**
  * Sets up integration-related routes on the provided Express router
  * @param {express.Router} router - Express router instance to add routes to
- * @param {import('../user/use-cases/get-user-from-bearer-token').GetUserFromBearerToken} getUserFromBearerToken - Use case for retrieving a user from a bearer token
+ * @param {import('../user/use-cases/authenticate-user').AuthenticateUser} authenticateUser - Use case for multi-mode user authentication
  * @param {Object} useCases - use cases for integration management
  */
-function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
+function setIntegrationRoutes(router, authenticateUser, useCases) {
     const {
         createIntegration,
         deleteIntegrationForUser,
@@ -229,9 +259,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
     } = useCases;
     router.route('/api/integrations').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const integrations = await getIntegrationsForUser.execute(userId);
             const results = {
@@ -248,9 +276,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations').post(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.body, [
                 'entities',
@@ -271,9 +297,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations/:integrationId').patch(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.body, ['config']);
 
@@ -288,9 +312,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations/:integrationId').delete(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const params = checkRequiredParams(req.params, ['integrationId']);
             await deleteIntegrationForUser.execute(
                 params.integrationId,
@@ -302,9 +324,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations/:integrationId/config/options').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const params = checkRequiredParams(req.params, ['integrationId']);
             const integration = await getIntegrationInstance.execute(
                 params.integrationId,
@@ -318,9 +338,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
         .route('/api/integrations/:integrationId/config/options/refresh')
         .post(
             catchAsyncError(async (req, res) => {
-                const user = await getUserFromBearerToken.execute(
-                    req.headers.authorization
-                );
+                const user = await authenticateUser.execute(req);
                 const params = checkRequiredParams(req.params, [
                     'integrationId',
                 ]);
@@ -336,9 +354,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
         );
     router.route('/api/integrations/:integrationId/actions').all(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const params = checkRequiredParams(req.params, ['integrationId']);
             const integration = await getIntegrationInstance.execute(
                 params.integrationId,
@@ -352,9 +368,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
         .route('/api/integrations/:integrationId/actions/:actionId/options')
         .all(
             catchAsyncError(async (req, res) => {
-                const user = await getUserFromBearerToken.execute(
-                    req.headers.authorization
-                );
+                const user = await authenticateUser.execute(req);
                 const params = checkRequiredParams(req.params, [
                     'integrationId',
                     'actionId',
@@ -379,9 +393,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
         )
         .post(
             catchAsyncError(async (req, res) => {
-                const user = await getUserFromBearerToken.execute(
-                    req.headers.authorization
-                );
+                const user = await authenticateUser.execute(req);
                 const params = checkRequiredParams(req.params, [
                     'integrationId',
                     'actionId',
@@ -402,9 +414,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations/:integrationId/actions/:actionId').post(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const params = checkRequiredParams(req.params, [
                 'integrationId',
                 'actionId',
@@ -419,9 +429,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations/:integrationId').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
 
             if (!user) {
                 throw Boom.forbidden('User not found');
@@ -446,9 +454,7 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/integrations/:integrationId/test-auth').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const params = checkRequiredParams(req.params, ['integrationId']);
             const instance = await getIntegrationInstance.execute(
                 params.integrationId,
@@ -478,9 +484,9 @@ function setIntegrationRoutes(router, getUserFromBearerToken, useCases) {
 /**
  * Sets up entity-related routes for the integration router
  * @param {Object} router - Express router instance
- * @param {import('../user/use-cases/get-user-from-bearer-token').GetUserFromBearerToken} getUserFromBearerToken - Use case for retrieving a user from a bearer token
+ * @param {import('../user/use-cases/authenticate-user').AuthenticateUser} authenticateUser - Use case for multi-mode user authentication
  */
-function setEntityRoutes(router, getUserFromBearerToken, useCases) {
+function setEntityRoutes(router, authenticateUser, useCases) {
     const {
         getCredentialForUser,
         getModuleInstanceFromType,
@@ -494,9 +500,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/authorize').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.query, ['entityType']);
             const module = await getModuleInstanceFromType.execute(
@@ -517,9 +521,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/authorize').post(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.body, [
                 'entityType',
@@ -538,9 +540,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/entity').post(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.body, [
                 'entityType',
@@ -575,9 +575,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/entity/options/:credentialId').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             // TODO May want to pass along the user ID as well so credential ID's can't be fished???
             // TODO **flagging this for review** -MW
@@ -601,9 +599,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/entities/:entityId/test-auth').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.params, ['entityId']);
             const testAuthResponse = await testModuleAuth.execute(
@@ -630,9 +626,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/entities/:entityId').get(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.params, ['entityId']);
             const module = await getModule.execute(params.entityId, userId);
@@ -643,9 +637,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/entities/:entityId/options').post(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.params, ['entityId']);
 
@@ -660,9 +652,7 @@ function setEntityRoutes(router, getUserFromBearerToken, useCases) {
 
     router.route('/api/entities/:entityId/options/refresh').post(
         catchAsyncError(async (req, res) => {
-            const user = await getUserFromBearerToken.execute(
-                req.headers.authorization
-            );
+            const user = await authenticateUser.execute(req);
             const userId = user.getId();
             const params = checkRequiredParams(req.params, ['entityId']);
             const updatedOptions = await refreshEntityOptions.execute(