@friggframework/core 2.0.0-next.6 → 2.0.0-next.60
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CLAUDE.md +694 -0
- package/README.md +959 -50
- package/application/commands/README.md +451 -0
- package/application/commands/credential-commands.js +245 -0
- package/application/commands/entity-commands.js +336 -0
- package/application/commands/integration-commands.js +210 -0
- package/application/commands/user-commands.js +283 -0
- package/application/index.js +69 -0
- package/core/CLAUDE.md +690 -0
- package/core/Worker.js +8 -21
- package/core/create-handler.js +14 -7
- package/credential/repositories/credential-repository-documentdb.js +304 -0
- package/credential/repositories/credential-repository-factory.js +54 -0
- package/credential/repositories/credential-repository-interface.js +98 -0
- package/credential/repositories/credential-repository-mongo.js +269 -0
- package/credential/repositories/credential-repository-postgres.js +291 -0
- package/credential/repositories/credential-repository.js +302 -0
- package/credential/use-cases/get-credential-for-user.js +25 -0
- package/credential/use-cases/update-authentication-status.js +15 -0
- package/database/MONGODB_TRANSACTION_FIX.md +198 -0
- package/database/adapters/lambda-invoker.js +97 -0
- package/database/config.js +154 -0
- package/database/documentdb-encryption-service.js +330 -0
- package/database/documentdb-utils.js +136 -0
- package/database/encryption/README.md +839 -0
- package/database/encryption/documentdb-encryption-service.md +3575 -0
- package/database/encryption/encryption-schema-registry.js +268 -0
- package/database/encryption/field-encryption-service.js +226 -0
- package/database/encryption/logger.js +79 -0
- package/database/encryption/prisma-encryption-extension.js +222 -0
- package/database/index.js +61 -21
- package/database/models/WebsocketConnection.js +16 -10
- package/database/models/readme.md +1 -0
- package/database/prisma.js +182 -0
- package/database/repositories/health-check-repository-documentdb.js +134 -0
- package/database/repositories/health-check-repository-factory.js +48 -0
- package/database/repositories/health-check-repository-interface.js +82 -0
- package/database/repositories/health-check-repository-mongodb.js +89 -0
- package/database/repositories/health-check-repository-postgres.js +82 -0
- package/database/repositories/health-check-repository.js +108 -0
- package/database/repositories/migration-status-repository-s3.js +137 -0
- package/database/use-cases/check-database-health-use-case.js +29 -0
- package/database/use-cases/check-database-state-use-case.js +81 -0
- package/database/use-cases/check-encryption-health-use-case.js +83 -0
- package/database/use-cases/get-database-state-via-worker-use-case.js +61 -0
- package/database/use-cases/get-migration-status-use-case.js +93 -0
- package/database/use-cases/run-database-migration-use-case.js +139 -0
- package/database/use-cases/test-encryption-use-case.js +253 -0
- package/database/use-cases/trigger-database-migration-use-case.js +157 -0
- package/database/utils/mongodb-collection-utils.js +91 -0
- package/database/utils/mongodb-schema-init.js +106 -0
- package/database/utils/prisma-runner.js +477 -0
- package/database/utils/prisma-schema-parser.js +182 -0
- package/docs/PROCESS_MANAGEMENT_QUEUE_SPEC.md +517 -0
- package/encrypt/Cryptor.js +34 -168
- package/encrypt/index.js +1 -2
- package/encrypt/test-encrypt.js +0 -2
- package/errors/client-safe-error.js +26 -0
- package/errors/fetch-error.js +2 -1
- package/errors/index.js +2 -0
- package/generated/prisma-mongodb/client.d.ts +1 -0
- package/generated/prisma-mongodb/client.js +4 -0
- package/generated/prisma-mongodb/default.d.ts +1 -0
- package/generated/prisma-mongodb/default.js +4 -0
- package/generated/prisma-mongodb/edge.d.ts +1 -0
- package/generated/prisma-mongodb/edge.js +334 -0
- package/generated/prisma-mongodb/index-browser.js +316 -0
- package/generated/prisma-mongodb/index.d.ts +22903 -0
- package/generated/prisma-mongodb/index.js +359 -0
- package/generated/prisma-mongodb/package.json +183 -0
- package/generated/prisma-mongodb/query-engine-debian-openssl-3.0.x +0 -0
- package/generated/prisma-mongodb/query-engine-rhel-openssl-3.0.x +0 -0
- package/generated/prisma-mongodb/runtime/binary.d.ts +1 -0
- package/generated/prisma-mongodb/runtime/binary.js +289 -0
- package/generated/prisma-mongodb/runtime/edge-esm.js +34 -0
- package/generated/prisma-mongodb/runtime/edge.js +34 -0
- package/generated/prisma-mongodb/runtime/index-browser.d.ts +370 -0
- package/generated/prisma-mongodb/runtime/index-browser.js +16 -0
- package/generated/prisma-mongodb/runtime/library.d.ts +3977 -0
- package/generated/prisma-mongodb/runtime/react-native.js +83 -0
- package/generated/prisma-mongodb/runtime/wasm-compiler-edge.js +84 -0
- package/generated/prisma-mongodb/runtime/wasm-engine-edge.js +36 -0
- package/generated/prisma-mongodb/schema.prisma +360 -0
- package/generated/prisma-mongodb/wasm-edge-light-loader.mjs +4 -0
- package/generated/prisma-mongodb/wasm-worker-loader.mjs +4 -0
- package/generated/prisma-mongodb/wasm.d.ts +1 -0
- package/generated/prisma-mongodb/wasm.js +341 -0
- package/generated/prisma-postgresql/client.d.ts +1 -0
- package/generated/prisma-postgresql/client.js +4 -0
- package/generated/prisma-postgresql/default.d.ts +1 -0
- package/generated/prisma-postgresql/default.js +4 -0
- package/generated/prisma-postgresql/edge.d.ts +1 -0
- package/generated/prisma-postgresql/edge.js +356 -0
- package/generated/prisma-postgresql/index-browser.js +338 -0
- package/generated/prisma-postgresql/index.d.ts +25077 -0
- package/generated/prisma-postgresql/index.js +381 -0
- package/generated/prisma-postgresql/package.json +183 -0
- package/generated/prisma-postgresql/query-engine-debian-openssl-3.0.x +0 -0
- package/generated/prisma-postgresql/query-engine-rhel-openssl-3.0.x +0 -0
- package/generated/prisma-postgresql/query_engine_bg.js +2 -0
- package/generated/prisma-postgresql/query_engine_bg.wasm +0 -0
- package/generated/prisma-postgresql/runtime/binary.d.ts +1 -0
- package/generated/prisma-postgresql/runtime/binary.js +289 -0
- package/generated/prisma-postgresql/runtime/edge-esm.js +34 -0
- package/generated/prisma-postgresql/runtime/edge.js +34 -0
- package/generated/prisma-postgresql/runtime/index-browser.d.ts +370 -0
- package/generated/prisma-postgresql/runtime/index-browser.js +16 -0
- package/generated/prisma-postgresql/runtime/library.d.ts +3977 -0
- package/generated/prisma-postgresql/runtime/react-native.js +83 -0
- package/generated/prisma-postgresql/runtime/wasm-compiler-edge.js +84 -0
- package/generated/prisma-postgresql/runtime/wasm-engine-edge.js +36 -0
- package/generated/prisma-postgresql/schema.prisma +343 -0
- package/generated/prisma-postgresql/wasm-edge-light-loader.mjs +4 -0
- package/generated/prisma-postgresql/wasm-worker-loader.mjs +4 -0
- package/generated/prisma-postgresql/wasm.d.ts +1 -0
- package/generated/prisma-postgresql/wasm.js +363 -0
- package/handlers/WEBHOOKS.md +653 -0
- package/handlers/app-definition-loader.js +38 -0
- package/handlers/app-handler-helpers.js +56 -0
- package/handlers/backend-utils.js +186 -0
- package/handlers/database-migration-handler.js +227 -0
- package/handlers/integration-event-dispatcher.js +54 -0
- package/handlers/routers/HEALTHCHECK.md +342 -0
- package/handlers/routers/auth.js +15 -0
- package/handlers/routers/db-migration.handler.js +29 -0
- package/handlers/routers/db-migration.js +326 -0
- package/handlers/routers/health.js +516 -0
- package/handlers/routers/integration-defined-routers.js +45 -0
- package/handlers/routers/integration-webhook-routers.js +67 -0
- package/handlers/routers/user.js +63 -0
- package/handlers/routers/websocket.js +57 -0
- package/handlers/use-cases/check-external-apis-health-use-case.js +81 -0
- package/handlers/use-cases/check-integrations-health-use-case.js +44 -0
- package/handlers/workers/db-migration.js +352 -0
- package/handlers/workers/integration-defined-workers.js +27 -0
- package/index.js +77 -22
- package/integrations/WEBHOOK-QUICKSTART.md +151 -0
- package/integrations/index.js +12 -10
- package/integrations/integration-base.js +326 -55
- package/integrations/integration-router.js +374 -179
- package/integrations/options.js +1 -1
- package/integrations/repositories/integration-mapping-repository-documentdb.js +280 -0
- package/integrations/repositories/integration-mapping-repository-factory.js +57 -0
- package/integrations/repositories/integration-mapping-repository-interface.js +106 -0
- package/integrations/repositories/integration-mapping-repository-mongo.js +161 -0
- package/integrations/repositories/integration-mapping-repository-postgres.js +227 -0
- package/integrations/repositories/integration-mapping-repository.js +156 -0
- package/integrations/repositories/integration-repository-documentdb.js +210 -0
- package/integrations/repositories/integration-repository-factory.js +51 -0
- package/integrations/repositories/integration-repository-interface.js +127 -0
- package/integrations/repositories/integration-repository-mongo.js +303 -0
- package/integrations/repositories/integration-repository-postgres.js +352 -0
- package/integrations/repositories/process-repository-documentdb.js +243 -0
- package/integrations/repositories/process-repository-factory.js +53 -0
- package/integrations/repositories/process-repository-interface.js +90 -0
- package/integrations/repositories/process-repository-mongo.js +190 -0
- package/integrations/repositories/process-repository-postgres.js +217 -0
- package/integrations/tests/doubles/dummy-integration-class.js +83 -0
- package/integrations/tests/doubles/test-integration-repository.js +99 -0
- package/integrations/use-cases/create-integration.js +83 -0
- package/integrations/use-cases/create-process.js +128 -0
- package/integrations/use-cases/delete-integration-for-user.js +101 -0
- package/integrations/use-cases/find-integration-context-by-external-entity-id.js +72 -0
- package/integrations/use-cases/get-integration-for-user.js +78 -0
- package/integrations/use-cases/get-integration-instance-by-definition.js +67 -0
- package/integrations/use-cases/get-integration-instance.js +83 -0
- package/integrations/use-cases/get-integrations-for-user.js +88 -0
- package/integrations/use-cases/get-possible-integrations.js +27 -0
- package/integrations/use-cases/get-process.js +87 -0
- package/integrations/use-cases/index.js +19 -0
- package/integrations/use-cases/load-integration-context.js +71 -0
- package/integrations/use-cases/update-integration-messages.js +44 -0
- package/integrations/use-cases/update-integration-status.js +32 -0
- package/integrations/use-cases/update-integration.js +93 -0
- package/integrations/use-cases/update-process-metrics.js +201 -0
- package/integrations/use-cases/update-process-state.js +119 -0
- package/integrations/utils/map-integration-dto.js +37 -0
- package/jest-global-setup-noop.js +3 -0
- package/jest-global-teardown-noop.js +3 -0
- package/logs/logger.js +0 -4
- package/{module-plugin → modules}/entity.js +1 -1
- package/{module-plugin → modules}/index.js +0 -8
- package/modules/module-factory.js +56 -0
- package/modules/module.js +221 -0
- package/modules/repositories/module-repository-documentdb.js +307 -0
- package/modules/repositories/module-repository-factory.js +40 -0
- package/modules/repositories/module-repository-interface.js +129 -0
- package/modules/repositories/module-repository-mongo.js +377 -0
- package/modules/repositories/module-repository-postgres.js +426 -0
- package/modules/repositories/module-repository.js +316 -0
- package/modules/requester/api-key.js +52 -0
- package/{module-plugin → modules}/requester/requester.js +1 -0
- package/{module-plugin → modules}/test/mock-api/api.js +8 -3
- package/{module-plugin → modules}/test/mock-api/definition.js +12 -8
- package/modules/tests/doubles/test-module-factory.js +16 -0
- package/modules/tests/doubles/test-module-repository.js +39 -0
- package/modules/use-cases/get-entities-for-user.js +32 -0
- package/modules/use-cases/get-entity-options-by-id.js +71 -0
- package/modules/use-cases/get-entity-options-by-type.js +34 -0
- package/modules/use-cases/get-module-instance-from-type.js +31 -0
- package/modules/use-cases/get-module.js +74 -0
- package/modules/use-cases/process-authorization-callback.js +133 -0
- package/modules/use-cases/refresh-entity-options.js +72 -0
- package/modules/use-cases/test-module-auth.js +72 -0
- package/modules/utils/map-module-dto.js +18 -0
- package/package.json +82 -50
- package/prisma-mongodb/schema.prisma +360 -0
- package/prisma-postgresql/migrations/20250930193005_init/migration.sql +315 -0
- package/prisma-postgresql/migrations/20251006135218_init/migration.sql +9 -0
- package/prisma-postgresql/migrations/20251010000000_remove_unused_entity_reference_map/migration.sql +3 -0
- package/prisma-postgresql/migrations/20251112195422_update_user_unique_constraints/migration.sql +25 -0
- package/prisma-postgresql/migrations/migration_lock.toml +3 -0
- package/prisma-postgresql/schema.prisma +343 -0
- package/queues/queuer-util.js +27 -22
- package/syncs/manager.js +468 -443
- package/syncs/repositories/sync-repository-documentdb.js +240 -0
- package/syncs/repositories/sync-repository-factory.js +43 -0
- package/syncs/repositories/sync-repository-interface.js +109 -0
- package/syncs/repositories/sync-repository-mongo.js +239 -0
- package/syncs/repositories/sync-repository-postgres.js +319 -0
- package/syncs/sync.js +0 -1
- package/token/repositories/token-repository-documentdb.js +137 -0
- package/token/repositories/token-repository-factory.js +40 -0
- package/token/repositories/token-repository-interface.js +131 -0
- package/token/repositories/token-repository-mongo.js +219 -0
- package/token/repositories/token-repository-postgres.js +264 -0
- package/token/repositories/token-repository.js +219 -0
- package/types/core/index.d.ts +2 -2
- package/types/integrations/index.d.ts +2 -6
- package/types/module-plugin/index.d.ts +5 -59
- package/types/syncs/index.d.ts +0 -2
- package/user/repositories/user-repository-documentdb.js +441 -0
- package/user/repositories/user-repository-factory.js +52 -0
- package/user/repositories/user-repository-interface.js +201 -0
- package/user/repositories/user-repository-mongo.js +308 -0
- package/user/repositories/user-repository-postgres.js +360 -0
- package/user/tests/doubles/test-user-repository.js +72 -0
- package/user/use-cases/authenticate-user.js +127 -0
- package/user/use-cases/authenticate-with-shared-secret.js +48 -0
- package/user/use-cases/create-individual-user.js +61 -0
- package/user/use-cases/create-organization-user.js +47 -0
- package/user/use-cases/create-token-for-user-id.js +30 -0
- package/user/use-cases/get-user-from-adopter-jwt.js +149 -0
- package/user/use-cases/get-user-from-bearer-token.js +77 -0
- package/user/use-cases/get-user-from-x-frigg-headers.js +132 -0
- package/user/use-cases/login-user.js +122 -0
- package/user/user.js +125 -0
- package/utils/backend-path.js +38 -0
- package/utils/index.js +6 -0
- package/websocket/repositories/websocket-connection-repository-documentdb.js +119 -0
- package/websocket/repositories/websocket-connection-repository-factory.js +44 -0
- package/websocket/repositories/websocket-connection-repository-interface.js +106 -0
- package/websocket/repositories/websocket-connection-repository-mongo.js +156 -0
- package/websocket/repositories/websocket-connection-repository-postgres.js +196 -0
- package/websocket/repositories/websocket-connection-repository.js +161 -0
- package/database/models/State.js +0 -9
- package/database/models/Token.js +0 -70
- package/database/mongo.js +0 -45
- package/encrypt/Cryptor.test.js +0 -32
- package/encrypt/encrypt.js +0 -132
- package/encrypt/encrypt.test.js +0 -1069
- package/errors/base-error.test.js +0 -32
- package/errors/fetch-error.test.js +0 -79
- package/errors/halt-error.test.js +0 -11
- package/errors/validation-errors.test.js +0 -120
- package/integrations/create-frigg-backend.js +0 -31
- package/integrations/integration-factory.js +0 -251
- package/integrations/integration-mapping.js +0 -43
- package/integrations/integration-model.js +0 -46
- package/integrations/integration-user.js +0 -144
- package/integrations/test/integration-base.test.js +0 -144
- package/lambda/TimeoutCatcher.test.js +0 -68
- package/logs/logger.test.js +0 -76
- package/module-plugin/auther.js +0 -393
- package/module-plugin/credential.js +0 -22
- package/module-plugin/entity-manager.js +0 -70
- package/module-plugin/manager.js +0 -169
- package/module-plugin/module-factory.js +0 -61
- package/module-plugin/requester/api-key.js +0 -36
- package/module-plugin/requester/requester.test.js +0 -28
- package/module-plugin/test/auther.test.js +0 -97
- /package/{module-plugin → modules}/ModuleConstants.js +0 -0
- /package/{module-plugin → modules}/requester/basic.js +0 -0
- /package/{module-plugin → modules}/requester/oauth-2.js +0 -0
- /package/{module-plugin → modules}/test/mock-api/mocks/hubspot.js +0 -0
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Prisma Client Extension for transparent field-level encryption.
|
|
3
|
+
* Intercepts Prisma queries to encrypt on write and decrypt on read.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
const { getEncryptedFields } = require('./encryption-schema-registry');
|
|
7
|
+
const { FieldEncryptionService } = require('./field-encryption-service');
|
|
8
|
+
|
|
9
|
+
function createEncryptionExtension({ cryptor, enabled = true }) {
|
|
10
|
+
if (!enabled) {
|
|
11
|
+
return (client) => client;
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
if (!cryptor) {
|
|
15
|
+
throw new Error(
|
|
16
|
+
'Cryptor instance required for encryption extension'
|
|
17
|
+
);
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
const encryptionService = new FieldEncryptionService({
|
|
21
|
+
cryptor,
|
|
22
|
+
schema: { getEncryptedFields },
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
return {
|
|
26
|
+
name: 'frigg-field-encryption',
|
|
27
|
+
query: {
|
|
28
|
+
$allModels: {
|
|
29
|
+
async create({ model, args, query }) {
|
|
30
|
+
if (args.data) {
|
|
31
|
+
args.data = await encryptionService.encryptFields(
|
|
32
|
+
model,
|
|
33
|
+
args.data
|
|
34
|
+
);
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
const result = await query(args);
|
|
38
|
+
|
|
39
|
+
if (result) {
|
|
40
|
+
return await encryptionService.decryptFields(
|
|
41
|
+
model,
|
|
42
|
+
result
|
|
43
|
+
);
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
return result;
|
|
47
|
+
},
|
|
48
|
+
|
|
49
|
+
async createMany({ model, args, query }) {
|
|
50
|
+
if (args.data && Array.isArray(args.data)) {
|
|
51
|
+
args.data =
|
|
52
|
+
await encryptionService.encryptFieldsInBulk(
|
|
53
|
+
model,
|
|
54
|
+
args.data
|
|
55
|
+
);
|
|
56
|
+
} else if (args.data) {
|
|
57
|
+
args.data = await encryptionService.encryptFields(
|
|
58
|
+
model,
|
|
59
|
+
args.data
|
|
60
|
+
);
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
return await query(args);
|
|
64
|
+
},
|
|
65
|
+
|
|
66
|
+
async update({ model, args, query }) {
|
|
67
|
+
if (args.data) {
|
|
68
|
+
args.data = await encryptionService.encryptFields(
|
|
69
|
+
model,
|
|
70
|
+
args.data
|
|
71
|
+
);
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
const result = await query(args);
|
|
75
|
+
|
|
76
|
+
if (result) {
|
|
77
|
+
return await encryptionService.decryptFields(
|
|
78
|
+
model,
|
|
79
|
+
result
|
|
80
|
+
);
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
return result;
|
|
84
|
+
},
|
|
85
|
+
|
|
86
|
+
async updateMany({ model, args, query }) {
|
|
87
|
+
if (args.data) {
|
|
88
|
+
args.data = await encryptionService.encryptFields(
|
|
89
|
+
model,
|
|
90
|
+
args.data
|
|
91
|
+
);
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
return await query(args);
|
|
95
|
+
},
|
|
96
|
+
|
|
97
|
+
async upsert({ model, args, query }) {
|
|
98
|
+
if (args.create) {
|
|
99
|
+
args.create = await encryptionService.encryptFields(
|
|
100
|
+
model,
|
|
101
|
+
args.create
|
|
102
|
+
);
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
if (args.update) {
|
|
106
|
+
args.update = await encryptionService.encryptFields(
|
|
107
|
+
model,
|
|
108
|
+
args.update
|
|
109
|
+
);
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
const result = await query(args);
|
|
113
|
+
|
|
114
|
+
if (result) {
|
|
115
|
+
return await encryptionService.decryptFields(
|
|
116
|
+
model,
|
|
117
|
+
result
|
|
118
|
+
);
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
return result;
|
|
122
|
+
},
|
|
123
|
+
|
|
124
|
+
async findUnique({ model, args, query }) {
|
|
125
|
+
const result = await query(args);
|
|
126
|
+
|
|
127
|
+
if (result) {
|
|
128
|
+
return await encryptionService.decryptFields(
|
|
129
|
+
model,
|
|
130
|
+
result
|
|
131
|
+
);
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
return result;
|
|
135
|
+
},
|
|
136
|
+
|
|
137
|
+
async findFirst({ model, args, query }) {
|
|
138
|
+
const result = await query(args);
|
|
139
|
+
|
|
140
|
+
if (result) {
|
|
141
|
+
return await encryptionService.decryptFields(
|
|
142
|
+
model,
|
|
143
|
+
result
|
|
144
|
+
);
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
return result;
|
|
148
|
+
},
|
|
149
|
+
|
|
150
|
+
async findMany({ model, args, query }) {
|
|
151
|
+
const results = await query(args);
|
|
152
|
+
|
|
153
|
+
if (results && Array.isArray(results)) {
|
|
154
|
+
return await encryptionService.decryptFieldsInBulk(
|
|
155
|
+
model,
|
|
156
|
+
results
|
|
157
|
+
);
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
return results;
|
|
161
|
+
},
|
|
162
|
+
|
|
163
|
+
async delete({ model, args, query }) {
|
|
164
|
+
const result = await query(args);
|
|
165
|
+
|
|
166
|
+
if (result) {
|
|
167
|
+
return await encryptionService.decryptFields(
|
|
168
|
+
model,
|
|
169
|
+
result
|
|
170
|
+
);
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
return result;
|
|
174
|
+
},
|
|
175
|
+
|
|
176
|
+
async deleteMany({ model, args, query }) {
|
|
177
|
+
return await query(args);
|
|
178
|
+
},
|
|
179
|
+
|
|
180
|
+
async count({ model, args, query }) {
|
|
181
|
+
return await query(args);
|
|
182
|
+
},
|
|
183
|
+
|
|
184
|
+
async aggregate({ model, args, query }) {
|
|
185
|
+
return await query(args);
|
|
186
|
+
},
|
|
187
|
+
|
|
188
|
+
async groupBy({ model, args, query }) {
|
|
189
|
+
return await query(args);
|
|
190
|
+
},
|
|
191
|
+
|
|
192
|
+
async findFirstOrThrow({ model, args, query }) {
|
|
193
|
+
const result = await query(args);
|
|
194
|
+
|
|
195
|
+
if (result) {
|
|
196
|
+
return await encryptionService.decryptFields(
|
|
197
|
+
model,
|
|
198
|
+
result
|
|
199
|
+
);
|
|
200
|
+
}
|
|
201
|
+
|
|
202
|
+
return result;
|
|
203
|
+
},
|
|
204
|
+
|
|
205
|
+
async findUniqueOrThrow({ model, args, query }) {
|
|
206
|
+
const result = await query(args);
|
|
207
|
+
|
|
208
|
+
if (result) {
|
|
209
|
+
return await encryptionService.decryptFields(
|
|
210
|
+
model,
|
|
211
|
+
result
|
|
212
|
+
);
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
return result;
|
|
216
|
+
},
|
|
217
|
+
},
|
|
218
|
+
},
|
|
219
|
+
};
|
|
220
|
+
}
|
|
221
|
+
|
|
222
|
+
module.exports = { createEncryptionExtension };
|
package/database/index.js
CHANGED
|
@@ -1,25 +1,65 @@
|
|
|
1
|
-
|
|
1
|
+
//todo: probably most of this file content can be removed
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Database Module Index
|
|
5
|
+
* Exports Mongoose models and connection utilities
|
|
6
|
+
*
|
|
7
|
+
* Note: Frigg uses the Repository pattern for data access.
|
|
8
|
+
* Models are not meant to be used directly - use repositories instead:
|
|
9
|
+
* - SyncRepository (syncs/sync-repository.js)
|
|
10
|
+
* - IntegrationRepository (integrations/integration-repository.js)
|
|
11
|
+
* - CredentialRepository (credential/credential-repository.js)
|
|
12
|
+
* etc.
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
// Lazy-load mongoose to avoid importing mongodb when using PostgreSQL only
|
|
16
|
+
let _mongoose = null;
|
|
17
|
+
let _IndividualUser = null;
|
|
18
|
+
let _OrganizationUser = null;
|
|
19
|
+
let _UserModel = null;
|
|
20
|
+
let _WebsocketConnection = null;
|
|
21
|
+
|
|
22
|
+
// Prisma exports (always available)
|
|
23
|
+
const { prisma } = require('./prisma');
|
|
24
|
+
const { TokenRepository } = require('../token/repositories/token-repository');
|
|
2
25
|
const {
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
createObjectId,
|
|
6
|
-
} = require('./mongo');
|
|
7
|
-
const { IndividualUser } = require('./models/IndividualUser');
|
|
8
|
-
const { OrganizationUser } = require('./models/OrganizationUser');
|
|
9
|
-
const { State } = require('./models/State');
|
|
10
|
-
const { Token } = require('./models/Token');
|
|
11
|
-
const { UserModel } = require('./models/UserModel');
|
|
12
|
-
const { WebsocketConnection } = require('./models/WebsocketConnection');
|
|
26
|
+
WebsocketConnectionRepository,
|
|
27
|
+
} = require('../websocket/repositories/websocket-connection-repository');
|
|
13
28
|
|
|
14
29
|
module.exports = {
|
|
15
|
-
mongoose
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
30
|
+
// Lazy-loaded mongoose exports (only load when accessed)
|
|
31
|
+
get mongoose() {
|
|
32
|
+
if (!_mongoose) {
|
|
33
|
+
_mongoose = require('./mongoose').mongoose;
|
|
34
|
+
}
|
|
35
|
+
return _mongoose;
|
|
36
|
+
},
|
|
37
|
+
get IndividualUser() {
|
|
38
|
+
if (!_IndividualUser) {
|
|
39
|
+
_IndividualUser = require('./models/IndividualUser').IndividualUser;
|
|
40
|
+
}
|
|
41
|
+
return _IndividualUser;
|
|
42
|
+
},
|
|
43
|
+
get OrganizationUser() {
|
|
44
|
+
if (!_OrganizationUser) {
|
|
45
|
+
_OrganizationUser = require('./models/OrganizationUser').OrganizationUser;
|
|
46
|
+
}
|
|
47
|
+
return _OrganizationUser;
|
|
48
|
+
},
|
|
49
|
+
get UserModel() {
|
|
50
|
+
if (!_UserModel) {
|
|
51
|
+
_UserModel = require('./models/UserModel').UserModel;
|
|
52
|
+
}
|
|
53
|
+
return _UserModel;
|
|
54
|
+
},
|
|
55
|
+
get WebsocketConnection() {
|
|
56
|
+
if (!_WebsocketConnection) {
|
|
57
|
+
_WebsocketConnection = require('./models/WebsocketConnection').WebsocketConnection;
|
|
58
|
+
}
|
|
59
|
+
return _WebsocketConnection;
|
|
60
|
+
},
|
|
61
|
+
// Prisma (always available)
|
|
62
|
+
prisma,
|
|
63
|
+
TokenRepository,
|
|
64
|
+
WebsocketConnectionRepository,
|
|
25
65
|
};
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
const { mongoose } = require('../mongoose');
|
|
2
|
-
const
|
|
2
|
+
const {
|
|
3
|
+
ApiGatewayManagementApiClient,
|
|
4
|
+
PostToConnectionCommand,
|
|
5
|
+
} = require('@aws-sdk/client-apigatewaymanagementapi');
|
|
3
6
|
|
|
4
7
|
const schema = new mongoose.Schema({
|
|
5
8
|
connectionId: { type: mongoose.Schema.Types.String },
|
|
@@ -8,24 +11,27 @@ const schema = new mongoose.Schema({
|
|
|
8
11
|
// Add a static method to get active connections
|
|
9
12
|
schema.statics.getActiveConnections = async function () {
|
|
10
13
|
try {
|
|
14
|
+
// Return empty array if websockets are not configured
|
|
15
|
+
if (!process.env.WEBSOCKET_API_ENDPOINT) {
|
|
16
|
+
return [];
|
|
17
|
+
}
|
|
18
|
+
|
|
11
19
|
const connections = await this.find({}, 'connectionId');
|
|
12
20
|
return connections.map((conn) => ({
|
|
13
21
|
connectionId: conn.connectionId,
|
|
14
22
|
send: async (data) => {
|
|
15
|
-
const apigwManagementApi = new
|
|
16
|
-
apiVersion: '2018-11-29',
|
|
23
|
+
const apigwManagementApi = new ApiGatewayManagementApiClient({
|
|
17
24
|
endpoint: process.env.WEBSOCKET_API_ENDPOINT,
|
|
18
25
|
});
|
|
19
26
|
|
|
20
27
|
try {
|
|
21
|
-
|
|
22
|
-
.
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
.promise();
|
|
28
|
+
const command = new PostToConnectionCommand({
|
|
29
|
+
ConnectionId: conn.connectionId,
|
|
30
|
+
Data: JSON.stringify(data),
|
|
31
|
+
});
|
|
32
|
+
await apigwManagementApi.send(command);
|
|
27
33
|
} catch (error) {
|
|
28
|
-
if (error.statusCode === 410) {
|
|
34
|
+
if (error.statusCode === 410 || error.$metadata?.httpStatusCode === 410) {
|
|
29
35
|
console.log(`Stale connection ${conn.connectionId}`);
|
|
30
36
|
await this.deleteOne({
|
|
31
37
|
connectionId: conn.connectionId,
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
// todo: we need to get rid of this entire models folder
|
|
@@ -0,0 +1,182 @@
|
|
|
1
|
+
const {
|
|
2
|
+
createEncryptionExtension,
|
|
3
|
+
} = require('./encryption/prisma-encryption-extension');
|
|
4
|
+
const { loadCustomEncryptionSchema } = require('./encryption/encryption-schema-registry');
|
|
5
|
+
const { logger } = require('./encryption/logger');
|
|
6
|
+
const { Cryptor } = require('../encrypt/Cryptor');
|
|
7
|
+
const config = require('./config');
|
|
8
|
+
|
|
9
|
+
/**
|
|
10
|
+
* Ensures DATABASE_URL is set for MongoDB connections
|
|
11
|
+
* Falls back to MONGO_URI if DATABASE_URL is not set
|
|
12
|
+
* Infrastructure layer concern - maps legacy MONGO_URI to Prisma's expected DATABASE_URL
|
|
13
|
+
*
|
|
14
|
+
* Note: This should only be called when DB_TYPE is 'mongodb' or 'documentdb'
|
|
15
|
+
*/
|
|
16
|
+
function ensureMongoDbUrl() {
|
|
17
|
+
// If DATABASE_URL is already set, use it
|
|
18
|
+
if (process.env.DATABASE_URL && process.env.DATABASE_URL.trim()) {
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
// Fallback to MONGO_URI for backwards compatibility with DocumentDB deployments
|
|
23
|
+
if (process.env.MONGO_URI && process.env.MONGO_URI.trim()) {
|
|
24
|
+
process.env.DATABASE_URL = process.env.MONGO_URI;
|
|
25
|
+
logger.debug('Using MONGO_URI as DATABASE_URL for Mongo-compatible connection');
|
|
26
|
+
return;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
// Neither is set - error
|
|
30
|
+
throw new Error(
|
|
31
|
+
'DATABASE_URL or MONGO_URI environment variable must be set for MongoDB/DocumentDB'
|
|
32
|
+
);
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
function getEncryptionConfig() {
|
|
36
|
+
const STAGE = process.env.STAGE || process.env.NODE_ENV || 'development';
|
|
37
|
+
const shouldBypassEncryption = ['dev', 'test', 'local'].includes(STAGE);
|
|
38
|
+
|
|
39
|
+
if (shouldBypassEncryption) {
|
|
40
|
+
return { enabled: false };
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
const hasKMS =
|
|
44
|
+
process.env.KMS_KEY_ARN && process.env.KMS_KEY_ARN.trim() !== '';
|
|
45
|
+
const hasAES =
|
|
46
|
+
process.env.AES_KEY_ID && process.env.AES_KEY_ID.trim() !== '';
|
|
47
|
+
|
|
48
|
+
if (!hasKMS && !hasAES) {
|
|
49
|
+
logger.warn(
|
|
50
|
+
'No encryption keys configured (KMS_KEY_ARN or AES_KEY_ID). ' +
|
|
51
|
+
'Field-level encryption disabled. Set STAGE=production and configure keys to enable.'
|
|
52
|
+
);
|
|
53
|
+
return { enabled: false };
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
return {
|
|
57
|
+
enabled: true,
|
|
58
|
+
method: hasKMS ? 'kms' : 'aes',
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
const prismaClientSingleton = () => {
|
|
63
|
+
let PrismaClient;
|
|
64
|
+
|
|
65
|
+
// Helper to try loading Prisma client from multiple locations
|
|
66
|
+
const loadPrismaClient = (dbType) => {
|
|
67
|
+
const paths = [
|
|
68
|
+
// Lambda layer location (when using Prisma Lambda layer)
|
|
69
|
+
`/opt/nodejs/node_modules/generated/prisma-${dbType}`,
|
|
70
|
+
// Local development location (relative to core package)
|
|
71
|
+
`../generated/prisma-${dbType}`,
|
|
72
|
+
];
|
|
73
|
+
|
|
74
|
+
for (const path of paths) {
|
|
75
|
+
try {
|
|
76
|
+
return require(path).PrismaClient;
|
|
77
|
+
} catch (err) {
|
|
78
|
+
// Continue to next path
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
throw new Error(
|
|
83
|
+
`Cannot find Prisma client for ${dbType}. Tried paths: ${paths.join(', ')}`
|
|
84
|
+
);
|
|
85
|
+
};
|
|
86
|
+
|
|
87
|
+
if (config.DB_TYPE === 'mongodb' || config.DB_TYPE === 'documentdb') {
|
|
88
|
+
// Ensure DATABASE_URL is set (fallback to MONGO_URI if needed)
|
|
89
|
+
ensureMongoDbUrl();
|
|
90
|
+
PrismaClient = loadPrismaClient('mongodb');
|
|
91
|
+
} else if (config.DB_TYPE === 'postgresql') {
|
|
92
|
+
PrismaClient = loadPrismaClient('postgresql');
|
|
93
|
+
} else {
|
|
94
|
+
throw new Error(
|
|
95
|
+
`Unsupported database type: ${config.DB_TYPE}. Supported values: 'mongodb', 'documentdb', 'postgresql'`
|
|
96
|
+
);
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
let client = new PrismaClient({
|
|
100
|
+
log: process.env.PRISMA_LOG_LEVEL
|
|
101
|
+
? process.env.PRISMA_LOG_LEVEL.split(',')
|
|
102
|
+
: ['error', 'warn'],
|
|
103
|
+
errorFormat: 'pretty',
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
const encryptionConfig = getEncryptionConfig();
|
|
107
|
+
|
|
108
|
+
if (encryptionConfig.enabled) {
|
|
109
|
+
try {
|
|
110
|
+
// Load custom encryption schema from appDefinition before creating extension
|
|
111
|
+
loadCustomEncryptionSchema();
|
|
112
|
+
|
|
113
|
+
const cryptor = new Cryptor({
|
|
114
|
+
shouldUseAws: encryptionConfig.method === 'kms',
|
|
115
|
+
});
|
|
116
|
+
|
|
117
|
+
client = client.$extends(
|
|
118
|
+
createEncryptionExtension({
|
|
119
|
+
cryptor,
|
|
120
|
+
enabled: true,
|
|
121
|
+
})
|
|
122
|
+
);
|
|
123
|
+
|
|
124
|
+
logger.info(
|
|
125
|
+
`Field-level encryption enabled using ${encryptionConfig.method.toUpperCase()}`
|
|
126
|
+
);
|
|
127
|
+
} catch (error) {
|
|
128
|
+
logger.error(
|
|
129
|
+
'Failed to initialize encryption extension:',
|
|
130
|
+
error
|
|
131
|
+
);
|
|
132
|
+
logger.warn('Continuing without encryption...');
|
|
133
|
+
}
|
|
134
|
+
} else {
|
|
135
|
+
logger.info('Field-level encryption disabled');
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
return client;
|
|
139
|
+
};
|
|
140
|
+
|
|
141
|
+
const globalForPrisma = global;
|
|
142
|
+
|
|
143
|
+
// Lazy initialization - only create singleton when first accessed
|
|
144
|
+
function getPrismaClient() {
|
|
145
|
+
if (!globalForPrisma._prismaInstance) {
|
|
146
|
+
globalForPrisma._prismaInstance = prismaClientSingleton();
|
|
147
|
+
}
|
|
148
|
+
return globalForPrisma._prismaInstance;
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
// Export a getter for lazy initialization
|
|
152
|
+
const prisma = new Proxy({}, {
|
|
153
|
+
get(target, prop) {
|
|
154
|
+
return getPrismaClient()[prop];
|
|
155
|
+
}
|
|
156
|
+
});
|
|
157
|
+
|
|
158
|
+
async function disconnectPrisma() {
|
|
159
|
+
await getPrismaClient().$disconnect();
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
async function connectPrisma() {
|
|
163
|
+
await getPrismaClient().$connect();
|
|
164
|
+
|
|
165
|
+
// Initialize MongoDB schema - ensure all collections exist
|
|
166
|
+
// Only run for MongoDB/DocumentDB (not PostgreSQL)
|
|
167
|
+
// This prevents "Cannot create namespace in multi-document transaction" errors
|
|
168
|
+
if (config.DB_TYPE === 'mongodb' || config.DB_TYPE === 'documentdb') {
|
|
169
|
+
const { initializeMongoDBSchema } = require('./utils/mongodb-schema-init');
|
|
170
|
+
await initializeMongoDBSchema();
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
return getPrismaClient();
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
module.exports = {
|
|
177
|
+
prisma,
|
|
178
|
+
connectPrisma,
|
|
179
|
+
disconnectPrisma,
|
|
180
|
+
getEncryptionConfig,
|
|
181
|
+
ensureMongoDbUrl, // Exported for testing
|
|
182
|
+
};
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
const {
|
|
2
|
+
HealthCheckRepositoryInterface,
|
|
3
|
+
} = require('./health-check-repository-interface');
|
|
4
|
+
const {
|
|
5
|
+
toObjectId,
|
|
6
|
+
fromObjectId,
|
|
7
|
+
findOne,
|
|
8
|
+
insertOne,
|
|
9
|
+
deleteOne,
|
|
10
|
+
} = require('../documentdb-utils');
|
|
11
|
+
const { DocumentDBEncryptionService } = require('../documentdb-encryption-service');
|
|
12
|
+
|
|
13
|
+
class HealthCheckRepositoryDocumentDB extends HealthCheckRepositoryInterface {
|
|
14
|
+
/**
|
|
15
|
+
* @param {Object} params
|
|
16
|
+
* @param {Object} params.prismaClient - Prisma client instance
|
|
17
|
+
*/
|
|
18
|
+
constructor({ prismaClient }) {
|
|
19
|
+
super();
|
|
20
|
+
this.prisma = prismaClient;
|
|
21
|
+
this.encryptionService = new DocumentDBEncryptionService();
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
/**
|
|
25
|
+
* @returns {Promise<{readyState: number, stateName: string, isConnected: boolean}>}
|
|
26
|
+
*/
|
|
27
|
+
async getDatabaseConnectionState() {
|
|
28
|
+
let isConnected = false;
|
|
29
|
+
let stateName = 'unknown';
|
|
30
|
+
|
|
31
|
+
try {
|
|
32
|
+
await this.prisma.$runCommandRaw({ ping: 1 });
|
|
33
|
+
isConnected = true;
|
|
34
|
+
stateName = 'connected';
|
|
35
|
+
} catch (error) {
|
|
36
|
+
stateName = 'disconnected';
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
return {
|
|
40
|
+
readyState: isConnected ? 1 : 0,
|
|
41
|
+
stateName,
|
|
42
|
+
isConnected,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
/**
|
|
47
|
+
* @param {number} maxTimeMS
|
|
48
|
+
* @returns {Promise<number>} Response time in milliseconds
|
|
49
|
+
*/
|
|
50
|
+
async pingDatabase(maxTimeMS = 2000) {
|
|
51
|
+
const pingStart = Date.now();
|
|
52
|
+
|
|
53
|
+
const timeoutPromise = new Promise((_, reject) =>
|
|
54
|
+
setTimeout(() => reject(new Error('Database ping timeout')), maxTimeMS)
|
|
55
|
+
);
|
|
56
|
+
|
|
57
|
+
await Promise.race([
|
|
58
|
+
this.prisma.$runCommandRaw({ ping: 1 }),
|
|
59
|
+
timeoutPromise,
|
|
60
|
+
]);
|
|
61
|
+
|
|
62
|
+
return Date.now() - pingStart;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
async createCredential(credentialData) {
|
|
66
|
+
const now = new Date();
|
|
67
|
+
const document = {
|
|
68
|
+
...credentialData,
|
|
69
|
+
createdAt: now,
|
|
70
|
+
updatedAt: now,
|
|
71
|
+
};
|
|
72
|
+
|
|
73
|
+
// Encrypt sensitive fields before insert
|
|
74
|
+
const encryptedDocument = await this.encryptionService.encryptFields(
|
|
75
|
+
'Credential',
|
|
76
|
+
document
|
|
77
|
+
);
|
|
78
|
+
const insertedId = await insertOne(this.prisma, 'Credential', encryptedDocument);
|
|
79
|
+
const created = await findOne(this.prisma, 'Credential', { _id: insertedId });
|
|
80
|
+
|
|
81
|
+
// Decrypt after read
|
|
82
|
+
const decrypted = await this.encryptionService.decryptFields(
|
|
83
|
+
'Credential',
|
|
84
|
+
created
|
|
85
|
+
);
|
|
86
|
+
|
|
87
|
+
return {
|
|
88
|
+
id: fromObjectId(decrypted._id),
|
|
89
|
+
...decrypted,
|
|
90
|
+
};
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
async findCredentialById(id) {
|
|
94
|
+
const doc = await findOne(this.prisma, 'Credential', {
|
|
95
|
+
_id: toObjectId(id),
|
|
96
|
+
});
|
|
97
|
+
|
|
98
|
+
if (!doc) return null;
|
|
99
|
+
|
|
100
|
+
// Decrypt sensitive fields
|
|
101
|
+
const decrypted = await this.encryptionService.decryptFields('Credential', doc);
|
|
102
|
+
|
|
103
|
+
return {
|
|
104
|
+
id: fromObjectId(decrypted._id),
|
|
105
|
+
...decrypted,
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
async getRawCredentialById(id) {
|
|
110
|
+
const objectId = toObjectId(id);
|
|
111
|
+
if (!objectId) return null;
|
|
112
|
+
|
|
113
|
+
const result = await this.prisma.$runCommandRaw({
|
|
114
|
+
find: 'Credential',
|
|
115
|
+
filter: { _id: objectId },
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
// Return raw document WITHOUT decryption
|
|
119
|
+
// This allows the test to verify that fields are actually encrypted in the database
|
|
120
|
+
return result?.cursor?.firstBatch?.[0] ?? null;
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
async deleteCredential(id) {
|
|
124
|
+
const objectId = toObjectId(id);
|
|
125
|
+
if (!objectId) return false;
|
|
126
|
+
|
|
127
|
+
const result = await deleteOne(this.prisma, 'Credential', { _id: objectId });
|
|
128
|
+
const deleted = result?.n ?? 0;
|
|
129
|
+
return deleted > 0;
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
module.exports = { HealthCheckRepositoryDocumentDB };
|
|
134
|
+
|