@goatlab/node-backend 0.0.15 → 0.1.0

package/dist/server/sentry/sentry.service.js

@@ -0,0 +1,110 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentryService = void 0;
+const js_utils_1 = require("@goatlab/js-utils");
+const sentrySeverityMap = {
+    debug: 'log',
+    info: 'log',
+    log: 'log',
+    warning: 'warn',
+    error: 'error',
+    fatal: 'error',
+};
+class SentryService {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    //@Memo.syncMethod()
+    sentry() {
+        // Lazy-loading `@sentry/node`
+        const sentry = require('@sentry/node');
+        if (!this.config.dsn) {
+            return sentry;
+        }
+        console.log('SentryService init...');
+        sentry.init({
+            maxValueLength: 2000, // Default is 250 characters
+            ...this.config,
+        });
+        return sentry;
+    }
+    init() {
+        this.sentry();
+    }
+    /**
+     * For GDPR reasons we never send more information than just User ID.
+     */
+    setUserId(id) {
+        this.sentry().getCurrentScope().setUser({
+            id,
+        });
+    }
+    /**
+     * Does console.error(err)
+     * Returns "eventId" or undefined (if error was not reported).
+     */
+    captureException(error, logError = true) {
+        // Console.error(err)
+        // Using request-aware logger here
+        if (logError) {
+            this.config.logger?.error('captureException:', error);
+        }
+        if (error?.data?.report === false) {
+            // Skip reporting the error
+            return;
+        }
+        // This is to avoid Sentry cutting err.message to 253 characters
+        // It will log additional "breadcrumb object" before the error
+        // It's a Breadcrumb, not a console.log, because console.log are NOT automatically attached as Breadcrumbs in cron-job environments (outside of Express)
+        this.sentry().addBreadcrumb({
+            message: js_utils_1.Inspect.any(error, {
+                includeErrorData: true,
+                colors: false,
+            }),
+            // Data: (err as AppError).data, // included in message
+        });
+        return this.sentry().captureException(js_utils_1.Errors.anyToError(error, Error, {
+            stringifyFn: js_utils_1.Inspect.anyStringifyFn,
+        }));
+    }
+    /**
+     * Returns "eventId"
+     */
+    captureMessage(message, level) {
+        this.config.logger?.[sentrySeverityMap[level || 'error'] || 'log']('captureMessage:', message);
+        return this.sentry().captureMessage(message, level);
+    }
+    addBreadcrumb(breadcrumb) {
+        this.sentry().addBreadcrumb(breadcrumb);
+    }
+    /**
+     * Currently it will only use `logger.error` ("error" level) and ignore `log` and `warn`.
+     *
+     * For each `logger.error` - it'll do a captureException.
+     *
+     * @experimental
+     */
+    getCommonLogger() {
+        return {
+            log() { }, // Noop
+            warn() { }, // Noop
+            error: (...args) => {
+                const message = args
+                    .map((arg) => js_utils_1.Inspect.any(arg, {
+                    includeErrorData: true,
+                    colors: false,
+                }))
+                    .join(' ');
+                this.sentry().addBreadcrumb({
+                    message,
+                });
+                this.sentry().captureException(js_utils_1.Errors.anyToError(args.length === 1 ? args[0] : args, Error, {
+                    stringifyFn: js_utils_1.Inspect.anyStringifyFn,
+                }));
+            },
+        };
+    }
+}
+exports.SentryService = SentryService;
+//# sourceMappingURL=sentry.service.js.map

package/dist/server/sentry/sentry.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentry.service.js","sourceRoot":"","sources":["../../../src/server/sentry/sentry.service.ts"],"names":[],"mappings":";;;AACA,gDAM0B;AAO1B,MAAM,iBAAiB,GAA0C;IAC/D,KAAK,EAAE,KAAK;IACZ,IAAI,EAAE,KAAK;IACX,GAAG,EAAE,KAAK;IACV,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,OAAO;IACd,KAAK,EAAE,OAAO;CACf,CAAA;AAED,MAAa,aAAa;IACK;IAA7B,YAA6B,MAA2B;QAA3B,WAAM,GAAN,MAAM,CAAqB;IAAG,CAAC;IAE5D,oBAAoB;IACpB,MAAM;QACJ,8BAA8B;QAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAqB,CAAA;QAE1D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACrB,OAAO,MAAM,CAAA;QACf,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;QAEpC,MAAM,CAAC,IAAI,CAAC;YACV,cAAc,EAAE,IAAI,EAAE,4BAA4B;YAClD,GAAG,IAAI,CAAC,MAAM;SACf,CAAC,CAAA;QAEF,OAAO,MAAM,CAAA;IACf,CAAC;IAED,IAAI;QACF,IAAI,CAAC,MAAM,EAAE,CAAA;IACf,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,EAAU;QAClB,IAAI,CAAC,MAAM,EAAE,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC;YACtC,EAAE;SACH,CAAC,CAAA;IACJ,CAAC;IAED;;;OAGG;IACH,gBAAgB,CAAC,KAAU,EAAE,QAAQ,GAAG,IAAI;QAC1C,qBAAqB;QACrB,kCAAkC;QAClC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAA;QACvD,CAAC;QAED,IAAI,KAAK,EAAE,IAAI,EAAE,MAAM,KAAK,KAAK,EAAE,CAAC;YAClC,2BAA2B;YAC3B,OAAM;QACR,CAAC;QAED,gEAAgE;QAChE,8DAA8D;QAC9D,wJAAwJ;QACxJ,IAAI,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC;YAC1B,OAAO,EAAE,kBAAO,CAAC,GAAG,CAAC,KAAK,EAAE;gBAC1B,gBAAgB,EAAE,IAAI;gBACtB,MAAM,EAAE,KAAK;aACd,CAAC;YACF,uDAAuD;SACxD,CAAC,CAAA;QAEF,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,gBAAgB,CACnC,iBAAM,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,EAAE;YAC9B,WAAW,EAAE,kBAAO,CAAC,cAAc;SACpC,CAAC,CACH,CAAA;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAe,EAAE,KAAqB;QACnD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,iBAAiB,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,CAChE,iBAAiB,EACjB,OAAO,CACR,CAAA;QACD,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IACrD,CAAC;IAED,aAAa,CAAC,UAAsB;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC,UAAU,CAAC,CAAA;IACzC,CAAC;IAED;;;;;;OAMG;IACH,eAAe;QACb,OAAO;YACL,GAAG,KAAI,CAAC,EAAE,OAAO;YACjB,IAAI,KAAI,CAAC,EAAE,OAAO;YAClB,KAAK,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE;gBACjB,MAAM,OAAO,GAAG,IAAI;qBACjB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACX,kBAAO,CAAC,GAAG,CAAC,GAAG,EAAE;oBACf,gBAAgB,EAAE,IAAI;oBACtB,MAAM,EAAE,KAAK;iBACd,CAAC,CACH;qBACA,IAAI,CAAC,GAAG,CAAC,CAAA;gBAEZ,IAAI,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAA;gBAEF,IAAI,CAAC,MAAM,EAAE,CAAC,gBAAgB,CAC5B,iBAAM,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE;oBAC3D,WAAW,EAAE,kBAAO,CAAC,cAAc;iBACpC,CAAC,CACH,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;CACF;AArHD,sCAqHC"}

package/dist/server/services/email/email.model.d.ts

@@ -0,0 +1,84 @@
+import { z } from 'zod';
+export declare enum EmailCategory {
+    SIMPLE = "SIMPLE",
+    TEST_EMAIL = "TEST_EMAIL",
+    EMAIL_VERIFICATION = "EMAIL_VERIFICATION",
+    SEND_ONCE = "SEND_ONCE",
+    OTP = "OTP",
+    MEETING = "MEETING",
+    ORGANIZATION_INVITATION = "ORGANIZATION_INVITATION",
+    PDF_EXAM = "PDF_EXAM"
+}
+export interface EmailAddress {
+    email: string;
+    name?: string;
+}
+export interface EmailTest {
+    to: string;
+    subject: string;
+    mjml: string;
+}
+export declare const testEmailTemplate: z.ZodObject<{
+    to: z.ZodString;
+    subject: z.ZodString;
+    mjml: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    to?: string;
+    subject?: string;
+    mjml?: string;
+}, {
+    to?: string;
+    subject?: string;
+    mjml?: string;
+}>;
+export interface EmailAttachment {
+    Content: string;
+    Type: string;
+    FileName: string;
+}
+export declare enum Layout {
+    default = "layouts/default.ejs"
+}
+export declare enum Content {
+    simple = "simple/simple.ejs",
+    doubleAction = "doubleAction/doubleAction.ejs"
+}
+export type Theme = {
+    logo: string;
+    logoLink: string;
+    primaryColor: string;
+    buttonTextColor: string;
+    privacyPolicyLink: string;
+    unsubscribeLink: string;
+    facebook: string;
+    instagram: string;
+    twitter: string;
+    appName: string;
+};
+export interface EmailVerificationResp {
+    res?: boolean;
+    suggestion?: string;
+}
+interface SimpleTemplate {
+    layout: Layout.default;
+    content: Content.simple;
+    categories: [EmailCategory.SIMPLE | EmailCategory.OTP | EmailCategory.MEETING];
+    theme?: Theme;
+    placeholders: {
+        title?: string;
+        imgSrc?: string;
+        imgAlt?: string;
+        greeting: string;
+        body: string;
+        footer: string;
+    };
+}
+export type EmailTemplates = SimpleTemplate;
+export interface SendEmailFromTemplateParams {
+    template: EmailTemplates;
+    to: string;
+    subject: string;
+    attachments?: EmailAttachment[];
+    archive?: boolean;
+}
+export {};

package/dist/server/services/email/email.model.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Content = exports.Layout = exports.testEmailTemplate = exports.EmailCategory = void 0;
+const zod_1 = require("zod");
+// export const themeVariables = {
+//   [Theme.Gealium]: {
+//     logo: `https://www.${env.BASE_DOMAIN}/assets/images/logo-wide-black.png`,
+//     logoLink: `https://www.${env.BASE_DOMAIN}/`,
+//     primaryColor: '#4db7a3',
+//     buttonTextColor: '#ffffff',
+//     privacyPolicyLink: 'https://www.gealium.com/about/privacy',
+//     unsubscribeLink: 'https://www.gealium.com',
+//     facebook: 'Gealium',
+//     instagram: 'gealium_com',
+//     twitter: 'https://www.gealium.com',
+//     appName: 'Gealium',
+//   },
+//   [Theme.Agrosocial]: {
+//     logo: `https://storage.googleapis.com/public-agrosocial-prod/assets/AGSemailcode.png`,
+//     logoLink: `https://www.${env.BASE_DOMAIN}/`,
+//     primaryColor: '#4db7a3',
+//     buttonTextColor: '#ffffff',
+//     privacyPolicyLink: 'https://www.agrosocial.com/termsandprivacy',
+//     unsubscribeLink: 'https://www.agrosocial.com',
+//     facebook: 'agrosocial',
+//     instagram: 'agrosocial',
+//     twitter: 'https://www.agrosocial.com',
+//     appName: 'AgroSocial',
+//   },
+// }
+// export const getThemeFromEnv = (): Theme => {
+//   if (env.APP_NAME.toLowerCase() === 'agrosocial') {
+//     return Theme.Agrosocial
+//   }
+//   return Theme.Gealium
+// }
+var EmailCategory;
+(function (EmailCategory) {
+    EmailCategory["SIMPLE"] = "SIMPLE";
+    EmailCategory["TEST_EMAIL"] = "TEST_EMAIL";
+    EmailCategory["EMAIL_VERIFICATION"] = "EMAIL_VERIFICATION";
+    EmailCategory["SEND_ONCE"] = "SEND_ONCE";
+    EmailCategory["OTP"] = "OTP";
+    EmailCategory["MEETING"] = "MEETING";
+    EmailCategory["ORGANIZATION_INVITATION"] = "ORGANIZATION_INVITATION";
+    EmailCategory["PDF_EXAM"] = "PDF_EXAM";
+})(EmailCategory || (exports.EmailCategory = EmailCategory = {}));
+exports.testEmailTemplate = zod_1.z.object({
+    to: zod_1.z.string(),
+    subject: zod_1.z.string(),
+    mjml: zod_1.z.string(),
+});
+var Layout;
+(function (Layout) {
+    Layout["default"] = "layouts/default.ejs";
+})(Layout || (exports.Layout = Layout = {}));
+var Content;
+(function (Content) {
+    Content["simple"] = "simple/simple.ejs";
+    Content["doubleAction"] = "doubleAction/doubleAction.ejs";
+})(Content || (exports.Content = Content = {}));
+//# sourceMappingURL=email.model.js.map

package/dist/server/services/email/email.model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"email.model.js","sourceRoot":"","sources":["../../../../src/server/services/email/email.model.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,kCAAkC;AAClC,uBAAuB;AACvB,gFAAgF;AAChF,mDAAmD;AACnD,+BAA+B;AAC/B,kCAAkC;AAClC,kEAAkE;AAClE,kDAAkD;AAClD,2BAA2B;AAC3B,gCAAgC;AAChC,0CAA0C;AAC1C,0BAA0B;AAC1B,OAAO;AACP,0BAA0B;AAC1B,6FAA6F;AAC7F,mDAAmD;AACnD,+BAA+B;AAC/B,kCAAkC;AAClC,uEAAuE;AACvE,qDAAqD;AACrD,8BAA8B;AAC9B,+BAA+B;AAC/B,6CAA6C;AAC7C,6BAA6B;AAC7B,OAAO;AACP,IAAI;AAEJ,gDAAgD;AAChD,uDAAuD;AACvD,8BAA8B;AAC9B,MAAM;AAEN,yBAAyB;AACzB,IAAI;AAEJ,IAAY,aASX;AATD,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,0CAAyB,CAAA;IACzB,0DAAyC,CAAA;IACzC,wCAAuB,CAAA;IACvB,4BAAW,CAAA;IACX,oCAAmB,CAAA;IACnB,oEAAmD,CAAA;IACnD,sCAAqB,CAAA;AACvB,CAAC,EATW,aAAa,6BAAb,aAAa,QASxB;AAaY,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAA;AAWF,IAAY,MAEX;AAFD,WAAY,MAAM;IAChB,yCAA+B,CAAA;AACjC,CAAC,EAFW,MAAM,sBAAN,MAAM,QAEjB;AAED,IAAY,OAGX;AAHD,WAAY,OAAO;IACjB,uCAA4B,CAAA;IAC5B,yDAA8C,CAAA;AAChD,CAAC,EAHW,OAAO,uBAAP,OAAO,QAGlB"}

package/dist/server/services/email/email.service.d.ts

@@ -0,0 +1,23 @@
+import type { SendGridEmailResponse } from '../sendgrid/sendgrid.model';
+import type { EmailTest, SendEmailFromTemplateParams, Theme } from './email.model';
+import { SendgridService } from '../sendgrid/sendgridApi.service';
+export declare class EmailService {
+    private shouldSendEmail;
+    private baseDomain;
+    private fromName;
+    private emailTransport;
+    private emailArchive;
+    private theme;
+    constructor({ fromName, shouldSendEmail, baseDomain, emailTransport, emailArchive, theme, }: {
+        fromName: string;
+        shouldSendEmail: boolean;
+        baseDomain?: string;
+        emailTransport: SendgridService;
+        emailArchive?: string;
+        theme: Theme;
+    });
+    private compileTemplate;
+    private compileMjml;
+    sendEmailFromTemplate({ template, to, subject, attachments, archive, }: SendEmailFromTemplateParams): Promise<SendGridEmailResponse>;
+    sendEmailTemplateTest(email: EmailTest): Promise<SendGridEmailResponse>;
+}

package/dist/server/services/email/email.service.js

@@ -0,0 +1,139 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EmailService = void 0;
+const js_utils_1 = require("@goatlab/js-utils");
+const ejs_1 = require("ejs");
+const mjml_1 = require("mjml");
+const consts_1 = require("../../consts");
+const email_model_1 = require("./email.model");
+class EmailService {
+    shouldSendEmail = true;
+    baseDomain = '@goatlab.com';
+    fromName = '';
+    emailTransport;
+    emailArchive;
+    theme;
+    constructor({ fromName, shouldSendEmail, baseDomain, emailTransport, emailArchive, theme, }) {
+        this.shouldSendEmail = shouldSendEmail;
+        this.fromName = fromName;
+        if (baseDomain) {
+            this.baseDomain = baseDomain;
+        }
+        this.emailTransport = emailTransport;
+        if (emailArchive?.length) {
+            this.emailArchive = emailArchive;
+        }
+        if (theme) {
+            this.theme = theme;
+        }
+    }
+    async compileTemplate(template) {
+        const innerContent = await (0, ejs_1.renderFile)(`${consts_1.config.templateDir}/${template.content}`, {
+            ...template.placeholders,
+            theme: this.theme,
+        });
+        const html = await (0, ejs_1.renderFile)(`${consts_1.config.templateDir}/${template.layout}`, {
+            ...template.placeholders,
+            theme: this.theme,
+            content: innerContent,
+        });
+        return html;
+    }
+    compileMjml(mjml) {
+        const compiledMjMl = (0, mjml_1.default)(mjml, {
+            keepComments: false,
+        });
+        if (compiledMjMl.errors.length) {
+            console.log(compiledMjMl.errors);
+            throw new Error('Template could not compile');
+        }
+        return compiledMjMl.html;
+    }
+    async sendEmailFromTemplate({ template, to, subject, attachments, archive, }) {
+        if (!this.shouldSendEmail) {
+            return {
+                isSuccess: true,
+                statusCode: 1,
+                body: 'Email not sent. No emails are sent in test mode',
+                headers: {},
+            };
+        }
+        const mjml = await this.compileTemplate(template);
+        const html = this.compileMjml(mjml);
+        const bcc = [];
+        if (archive && this.emailArchive?.length) {
+            bcc.push({
+                email: this.emailArchive,
+            });
+        }
+        // This will not work if we are running in other environments (AWS/AZURE) check before using any other env
+        const isRunningInGCP = 
+        // Linux container
+        !!(process.platform === 'linux' &&
+            // Cloud run
+            (process.env.K_SERVICE ??
+                // Cloud run job
+                process.env.CLOUD_RUN_JOB));
+        // Avoid sending emails to real users in dev, test and local prod
+        // Prod emails will only go out from linux and (GCP or CIRCLECI)
+        const shouldSendEmailToRealUser = to.endsWith(`@${this.baseDomain}`) ||
+            (this.shouldSendEmail && isRunningInGCP);
+        // Exit if we are testing emails and TEST_EMAIL_ADDRESS is not set
+        if (!process.env.TEST_EMAIL_ADDRESS && !shouldSendEmailToRealUser) {
+            console.log('Email not sent. TEST_EMAIL_ADDRESS env variable is missing');
+            return {
+                isSuccess: false,
+                statusCode: 1,
+                body: 'Email not sent. TEST_EMAIL_ADDRESS env variable is missing',
+                headers: {},
+            };
+        }
+        const recipient = shouldSendEmailToRealUser
+            ? {
+                email: to,
+            }
+            : {
+                email: process.env.TEST_EMAIL_ADDRESS || '',
+            };
+        if (!this.emailTransport) {
+            throw new Error('No email transport (Sendgrid) defined');
+        }
+        return await this.emailTransport?.sendFinalizedEmail({
+            html,
+            fromEmail: `info@${this.baseDomain}`,
+            fromName: js_utils_1.Strings.capitalize(this.fromName),
+            subject,
+            replyTo: `no_reply@${this.baseDomain}`,
+            recipients: [recipient],
+            attachments,
+            categories: template.categories,
+            bcc,
+        });
+    }
+    async sendEmailTemplateTest(email) {
+        const html = this.compileMjml(email.mjml);
+        const [username, domain] = email.to.split('@');
+        // Emails will only go out to domain accounts
+        if (domain && domain !== this.baseDomain) {
+            throw new Error(`Cannot send emails to ${domain} accounts`);
+        }
+        if (!this.emailTransport) {
+            throw new Error('No email transport (Sendgrid) defined');
+        }
+        return await this.emailTransport?.sendFinalizedEmail({
+            html,
+            fromEmail: `info@${this.baseDomain}`,
+            fromName: js_utils_1.Strings.capitalize(this.fromName),
+            subject: email.subject,
+            replyTo: `no_reply@${this.baseDomain}`,
+            recipients: [
+                {
+                    email: `${username}@${this.baseDomain}`,
+                },
+            ],
+            categories: [email_model_1.EmailCategory.TEST_EMAIL],
+        });
+    }
+}
+exports.EmailService = EmailService;
+//# sourceMappingURL=email.service.js.map

package/dist/server/services/email/email.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"email.service.js","sourceRoot":"","sources":["../../../../src/server/services/email/email.service.ts"],"names":[],"mappings":";;;AAAA,gDAA2C;AAC3C,6BAAgC;AAChC,+BAA4B;AAS5B,yCAAqC;AAErC,+CAA6C;AAE7C,MAAa,YAAY;IACf,eAAe,GAAY,IAAI,CAAA;IAC/B,UAAU,GAAW,cAAc,CAAA;IACnC,QAAQ,GAAW,EAAE,CAAA;IACrB,cAAc,CAA6B;IAC3C,YAAY,CAAoB;IAChC,KAAK,CAAmB;IAEhC,YAAY,EACV,QAAQ,EACR,eAAe,EACf,UAAU,EACV,cAAc,EACd,YAAY,EACZ,KAAK,GAQN;QACC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QAExB,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC9B,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;QAEpC,IAAI,YAAY,EAAE,MAAM,EAAE,CAAC;YACzB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAClC,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,QAAwB;QACpD,MAAM,YAAY,GAAG,MAAM,IAAA,gBAAU,EACnC,GAAG,eAAM,CAAC,WAAW,IAAI,QAAQ,CAAC,OAAO,EAAE,EAC3C;YACE,GAAG,QAAQ,CAAC,YAAY;YACxB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CACF,CAAA;QAED,MAAM,IAAI,GAAG,MAAM,IAAA,gBAAU,EAAC,GAAG,eAAM,CAAC,WAAW,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE;YACxE,GAAG,QAAQ,CAAC,YAAY;YACxB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,YAAY;SACtB,CAAC,CAAA;QAEF,OAAO,IAAI,CAAA;IACb,CAAC;IAEO,WAAW,CAAC,IAAY;QAC9B,MAAM,YAAY,GAAG,IAAA,cAAS,EAAC,IAAI,EAAE;YACnC,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;QAEF,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,MAAa,CAAC,CAAA;YACvC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;QAC/C,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,CAAA;IAC1B,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,EAC1B,QAAQ,EACR,EAAE,EACF,OAAO,EACP,WAAW,EACX,OAAO,GACqB;QAC5B,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC1B,OAAO;gBACL,SAAS,EAAE,IAAI;gBACf,UAAU,EAAE,CAAC;gBACb,IAAI,EAAE,iDAAiD;gBACvD,OAAO,EAAE,EAAE;aACZ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAEnC,MAAM,GAAG,GAAmB,EAAE,CAAA;QAC9B,IAAI,OAAO,IAAI,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YACzC,GAAG,CAAC,IAAI,CAAC;gBACP,KAAK,EAAE,IAAI,CAAC,YAAY;aACzB,CAAC,CAAA;QACJ,CAAC;QAED,0GAA0G;QAC1G,MAAM,cAAc;QAClB,kBAAkB;QAClB,CAAC,CAAC,CACA,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC5B,YAAY;YACZ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS;gBACpB,gBAAgB;gBAChB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAC7B,CAAA;QAEH,iEAAiE;QACjE,gEAAgE;QAChE,MAAM,yBAAyB,GAC7B,EAAE,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClC,CAAC,IAAI,CAAC,eAAe,IAAI,cAAc,CAAC,CAAA;QAE1C,kEAAkE;QAClE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAClE,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAA;YACzE,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,UAAU,EAAE,CAAC;gBACb,IAAI,EAAE,4DAA4D;gBAClE,OAAO,EAAE,EAAE;aACZ,CAAA;QACH,CAAC;QAED,MAAM,SAAS,GAAG,yBAAyB;YACzC,CAAC,CAAC;gBACE,KAAK,EAAE,EAAE;aACV;YACH,CAAC,CAAC;gBACE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE;aAC5C,CAAA;QAEL,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE,kBAAkB,CAAC;YACnD,IAAI;YACJ,SAAS,EAAE,QAAQ,IAAI,CAAC,UAAU,EAAE;YACpC,QAAQ,EAAE,kBAAO,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3C,OAAO;YACP,OAAO,EAAE,YAAY,IAAI,CAAC,UAAU,EAAE;YACtC,UAAU,EAAE,CAAC,SAAS,CAAC;YACvB,WAAW;YACX,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,GAAG;SACJ,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,KAAgB;QAEhB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAEzC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAE9C,6CAA6C;QAC7C,IAAI,MAAM,IAAI,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,yBAAyB,MAAM,WAAW,CAAC,CAAA;QAC7D,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE,kBAAkB,CAAC;YACnD,IAAI;YACJ,SAAS,EAAE,QAAQ,IAAI,CAAC,UAAU,EAAE;YACpC,QAAQ,EAAE,kBAAO,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3C,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,OAAO,EAAE,YAAY,IAAI,CAAC,UAAU,EAAE;YACtC,UAAU,EAAE;gBACV;oBACE,KAAK,EAAE,GAAG,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE;iBACxC;aACF;YACD,UAAU,EAAE,CAAC,2BAAa,CAAC,UAAU,CAAC;SACvC,CAAC,CAAA;IACJ,CAAC;CACF;AArLD,oCAqLC"}

package/dist/server/services/gcp/getGcpServiceAccountFromBase64.d.ts

@@ -0,0 +1,15 @@
+export interface GCPServiceAccount {
+    [k: string]: any;
+    keyFilename: string;
+    project_id: string;
+    client_id: string;
+    client_email: string;
+    private_key: string;
+    private_key_id: string;
+    auth_uri: string;
+    type: string;
+    token_uri: string;
+    auth_provider_x509_cert_url: string;
+    client_x509_cert_url: string;
+}
+export declare function getGcpServiceAccountFromBase64(base64: string): undefined | GCPServiceAccount;

package/dist/server/services/gcp/getGcpServiceAccountFromBase64.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGcpServiceAccountFromBase64 = getGcpServiceAccountFromBase64;
+function getGcpServiceAccountFromBase64(base64) {
+    // Create Google credentials from Secret
+    const serviceAccount = JSON.parse(Buffer.from(base64, 'base64').toString('utf8'));
+    return serviceAccount;
+}
+//# sourceMappingURL=getGcpServiceAccountFromBase64.js.map

package/dist/server/services/gcp/getGcpServiceAccountFromBase64.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getGcpServiceAccountFromBase64.js","sourceRoot":"","sources":["../../../../src/server/services/gcp/getGcpServiceAccountFromBase64.ts"],"names":[],"mappings":";;AAeA,wEASC;AATD,SAAgB,8BAA8B,CAC5C,MAAc;IAEd,wCAAwC;IACxC,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAC/B,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC/C,CAAA;IAED,OAAO,cAAmC,CAAA;AAC5C,CAAC"}

package/dist/server/services/secrets/secret.service.d.ts

@@ -0,0 +1,31 @@
+export type SecretProvider = 'GCP' | 'FILE' | 'VAULT';
+interface VaultConfig {
+    endpoint: string;
+    token?: string;
+    mount?: string;
+    namespace?: string;
+}
+export declare class SecretService<SecretType> {
+    provider: SecretProvider;
+    location: string;
+    encryptionKey: string;
+    vaultConfig?: VaultConfig;
+    constructor({ provider, location, encryptionKey, vaultConfig, }: {
+        provider: SecretProvider;
+        location: string;
+        encryptionKey: string;
+        vaultConfig?: VaultConfig;
+    });
+    loadSecretsFromFile(): SecretType;
+    loadSecretsFromGCP(): SecretType;
+    loadEncryptionKeyFromGCP(): string;
+    loadSecretsFromVault(): Promise<SecretType>;
+    storeSecretsToVault(secrets: Partial<SecretType>): Promise<void>;
+    loadSecrets(): SecretType | Promise<SecretType>;
+    loadEncryptionKey(): string;
+    getSecret(secretName: keyof SecretType): Promise<string>;
+    getSecretJson<T = any>(secretName: keyof SecretType): Promise<T>;
+    getSecretSync(secretName: keyof SecretType): string;
+    getSecretJsonSync<T = any>(secretName: keyof SecretType): T;
+}
+export {};

package/dist/server/services/secrets/secret.service.js

@@ -0,0 +1,172 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecretService = void 0;
+const fs = require("fs");
+const undici_1 = require("undici");
+const node_utils_1 = require("@goatlab/node-utils");
+const colors_1 = require("kleur/colors");
+const memoryCache = {};
+class SecretService {
+    provider;
+    location;
+    encryptionKey;
+    vaultConfig;
+    constructor({ provider, location, encryptionKey, vaultConfig, }) {
+        this.provider = provider;
+        this.location = location;
+        this.encryptionKey = encryptionKey;
+        this.vaultConfig = vaultConfig;
+    }
+    // We should cache this call
+    loadSecretsFromFile() {
+        if (memoryCache[this.location]) {
+            return memoryCache[this.location];
+        }
+        if (!fs.existsSync(this.location)) {
+            throw new Error(`Secret file "${this.location}" does not exist`);
+        }
+        const start = process.hrtime.bigint();
+        const fileContents = fs.readFileSync(this.location, 'utf-8');
+        const secretEncryptedObject = JSON.parse(fileContents);
+        console.log(`🔐 Secrets loaded: ${(0, colors_1.magenta)(this.location.split('/').slice(-2).join('/'))}`);
+        try {
+            const decripted = node_utils_1.Security.decryptObject(secretEncryptedObject, this.encryptionKey);
+            memoryCache[this.location] = decripted;
+            const durationMs = Number(process.hrtime.bigint() - start) / 1_000_000;
+            console.log(`⏱️ loadSecrets(${this.location}) took ${durationMs.toFixed(3)}ms`);
+            return memoryCache[this.location];
+        }
+        catch (err) {
+            console.error(err);
+            throw new Error(`loadSecrets failed to decrypt: ${this.location}`);
+        }
+    }
+    loadSecretsFromGCP() {
+        return {};
+    }
+    loadEncryptionKeyFromGCP() {
+        return '';
+    }
+    async loadSecretsFromVault() {
+        if (!this.vaultConfig) {
+            throw new Error('Vault configuration is required for VAULT provider');
+        }
+        const cacheKey = `vault_${this.vaultConfig.endpoint}_${this.location}`;
+        if (memoryCache[cacheKey]) {
+            return memoryCache[cacheKey];
+        }
+        const start = process.hrtime.bigint();
+        try {
+            const vaultUrl = `${this.vaultConfig.endpoint}/v1/${this.vaultConfig.mount || 'secret'}/data/${this.location}`;
+            const headers = {
+                'Content-Type': 'application/json',
+            };
+            // Add token authentication
+            if (this.vaultConfig.token) {
+                headers['X-Vault-Token'] = this.vaultConfig.token;
+            }
+            // Add namespace if specified
+            if (this.vaultConfig.namespace) {
+                headers['X-Vault-Namespace'] = this.vaultConfig.namespace;
+            }
+            const response = await (0, undici_1.fetch)(vaultUrl, {
+                method: 'GET',
+                headers,
+            });
+            if (!response.ok) {
+                throw new Error(`Vault request failed: ${response.status} ${response.statusText}`);
+            }
+            const data = await response.json();
+            // Vault KV v2 stores data in data.data
+            const secrets = data.data?.data || data.data || {};
+            memoryCache[cacheKey] = secrets;
+            const durationMs = Number(process.hrtime.bigint() - start) / 1_000_000;
+            console.log(`🔐 Secrets loaded from Vault: ${(0, colors_1.magenta)(this.location)} (${durationMs.toFixed(3)}ms)`);
+            return secrets;
+        }
+        catch (error) {
+            console.error('Failed to load secrets from Vault:', error.message);
+            throw new Error(`loadSecretsFromVault failed: ${error.message}`);
+        }
+    }
+    async storeSecretsToVault(secrets) {
+        if (!this.vaultConfig) {
+            throw new Error('Vault configuration is required for VAULT provider');
+        }
+        try {
+            const vaultUrl = `${this.vaultConfig.endpoint}/v1/${this.vaultConfig.mount || 'secret'}/data/${this.location}`;
+            const headers = {
+                'Content-Type': 'application/json',
+            };
+            // Add token authentication
+            if (this.vaultConfig.token) {
+                headers['X-Vault-Token'] = this.vaultConfig.token;
+            }
+            // Add namespace if specified
+            if (this.vaultConfig.namespace) {
+                headers['X-Vault-Namespace'] = this.vaultConfig.namespace;
+            }
+            // For Vault KV v2, data needs to be wrapped in a data object
+            const payload = {
+                data: secrets,
+            };
+            const response = await (0, undici_1.fetch)(vaultUrl, {
+                method: 'POST',
+                headers,
+                body: JSON.stringify(payload),
+            });
+            if (!response.ok) {
+                throw new Error(`Vault store request failed: ${response.status} ${response.statusText}`);
+            }
+            // Clear cache to force reload on next access
+            const cacheKey = `vault_${this.vaultConfig.endpoint}_${this.location}`;
+            delete memoryCache[cacheKey];
+            console.log(`🔐 Secrets stored to Vault: ${(0, colors_1.magenta)(this.location)}`);
+        }
+        catch (error) {
+            console.error('Failed to store secrets to Vault:', error.message);
+            throw new Error(`storeSecretsToVault failed: ${error.message}`);
+        }
+    }
+    loadSecrets() {
+        if (this.provider === 'GCP') {
+            return this.loadSecretsFromGCP();
+        }
+        if (this.provider === 'VAULT') {
+            return this.loadSecretsFromVault();
+        }
+        return this.loadSecretsFromFile();
+    }
+    loadEncryptionKey() {
+        return this.encryptionKey;
+    }
+    async getSecret(secretName) {
+        const secrets = await this.loadSecrets();
+        const secret = secrets[secretName];
+        if (!secret) {
+            throw new Error(`Secret ${secretName.toString()} does not exist in ${this.location} env`);
+        }
+        return secret;
+    }
+    async getSecretJson(secretName) {
+        const secretValue = await this.getSecret(secretName);
+        return JSON.parse(secretValue);
+    }
+    // Synchronous versions for backward compatibility (FILE provider only)
+    getSecretSync(secretName) {
+        if (this.provider === 'VAULT') {
+            throw new Error('Use async getSecret() method for Vault provider');
+        }
+        const secrets = this.loadSecrets();
+        const secret = secrets[secretName];
+        if (!secret) {
+            throw new Error(`Secret ${secretName.toString()} does not exist in ${this.location} env`);
+        }
+        return secret;
+    }
+    getSecretJsonSync(secretName) {
+        return JSON.parse(this.getSecretSync(secretName));
+    }
+}
+exports.SecretService = SecretService;
+//# sourceMappingURL=secret.service.js.map