npm - @gov-cy/govcy-express-services - Versions diffs - 0.1.5 → 0.1.7 - Mend

@gov-cy/govcy-express-services 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +10 -1
package/package.json +1 -1
package/src/middleware/govcyPageHandler.mjs +3 -1
package/src/middleware/govcyRoutePageHandler.mjs +12 -0
package/src/utils/govcyDataLayer.mjs +17 -0
package/src/utils/govcyExpressions.mjs +232 -0

package/README.md CHANGED Viewed

@@ -140,7 +140,13 @@ Here are some details explaining the JSON structure:
   - `submission_data_version` : The submission data version,
   - `renderer_version` : The govcy-frontend-renderer version,
   - `design_systems_version` : The govcy-design-system version,
-  - `homeRedirectPage`: The page to redirect when user visits the route page. Usually this will redirect to gov.cy page. If not provided will show a list of available sites.
+  - `homeRedirectPage`: An object mapping language codes to URLs. When a user visits the root route (e.g., `https://whatever-your-service-is.service.gov.cy/`), the system redirects to the URL for the user's language. If the user's language is not found, it falls back to `"el"` or the first available URL. If not provided, a list of available sites is shown. Example:
+  ```json
+  "homeRedirectPage": {
+    "el": "https://www.gov.cy/service/aitisi-gia-taftotita/",
+    "en": "https://www.gov.cy/en/service/issue-an-id-card/"
+  }
+  ```
   - `matomo `: The Matomo web analytics configuration details.
   - `eligibilityAPIEndpoints` : An array of API endpoints, to be used for service eligibility. See more on the [Eligibility API Endoints](#%EF%B8%8F-site-eligibility-checks) section below.
   - `submissionAPIEndpoint`: The submission API endpoint, to be used for submitting the form. See more on the [Submission API Endoint](#-site-submissions) section below.
@@ -298,6 +304,9 @@ When designing form pages, refer to the Unified Design System's [question pages
 **Error pages**
 Pages that can be used to display messages when eligibility or submission fail are simply static content pages. That is pages that do not include a `form` element.
+**Start page**
+The [start page](https://gov-cy.github.io/govcy-design-system-docs/patterns/service_structure/#start-page) should be created in the gov.cy portal and should be defined in the `site.homeRedirectPage` property in the site config JSON file. All pages within a service are private by default and can only be accessed by authenticated users, so the start page cannot be created in the JSON file.
 **Notes**:
 - Check out the [govcy-frontend-renderer's design elements](https://github.com/gov-cy/govcy-frontend-renderer/blob/main/DESIGN_ELEMENTS.md) for more details on the supported elements and their parameters.
 - Check out the [input validations section](#-input-validations) for more details on how to add validations to the JSON file.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@gov-cy/govcy-express-services",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "An Express-based system that dynamically renders services using @gov-cy/govcy-frontend-renderer and posts data to a submission API.",
   "author": "DMRID - DSF Team",
   "license": "MIT",

package/src/middleware/govcyPageHandler.mjs CHANGED Viewed

@@ -3,6 +3,7 @@ import { populateFormData } from "../utils/govcyFormHandling.mjs";
 import * as govcyResources from "../resources/govcyResources.mjs";
 import * as dataLayer from "../utils/govcyDataLayer.mjs";
 import { logger } from "../utils/govcyLogger.mjs";
+// import {flattenContext, evaluateExpressionWithFlattening, evaluatePageConditions } from "../utils/govcyExpressions.mjs";
 /**
  * Middleware to handle page rendering and form processing
@@ -30,7 +31,8 @@ export function govcyPageHandler() {
       // Deep copy pageTemplate to avoid modifying the original
       const pageTemplateCopy = JSON.parse(JSON.stringify(page.pageTemplate));
-      //if user is logged in add he user bane section in the page template
+      // TODO: Conditional logic comes here
+      //if user is logged in add the user nane section in the page template
       if (dataLayer.getUser(req.session)) {
         pageTemplateCopy.sections.push(govcyResources.userNameSection(dataLayer.getUser(req.session).name)); // Add user name section
       }

package/src/middleware/govcyRoutePageHandler.mjs CHANGED Viewed

@@ -14,6 +14,18 @@ export function govcyRoutePageHandler(req, res, next) {
         const siteId  = req.cookies.cs;
         const serviceData = getServiceConfigData(siteId, req.globalLang);
         if (serviceData.site && serviceData.site.homeRedirectPage) {
+            const homeRedirectPage = serviceData.site.homeRedirectPage;
+            const lang = req.globalLang || 'el'; // fallback to 'en' if not set
+            let redirectUrl = null;
+            if (homeRedirectPage && typeof homeRedirectPage === 'object') {
+                redirectUrl = homeRedirectPage[lang] || homeRedirectPage['el'] || Object.values(homeRedirectPage)[0];
+            }
+            if (redirectUrl) {
+                return res.redirect(redirectUrl);
+            }
             // redirect to the homeRedirectPage cookie
             return res.redirect(serviceData.site.homeRedirectPage);
         }

package/src/utils/govcyDataLayer.mjs CHANGED Viewed

@@ -246,6 +246,23 @@ export function getSiteSubmissionErrors(store, siteId) {
     return null;
 }
+/**
+ * Get the site's data from the store (including input data and eligibility data)
+ *
+ * @param {object} store The session store
+ * @param {string} siteId |The site id
+ * @returns The site data or null if none exist.
+ */
+export function getSiteData(store, siteId) {
+    const inputData = store?.siteData?.[siteId] || {};
+    if (inputData) {
+        return inputData;
+    }
+    return null;
+}
 /**
  * Get the site's input data from the store
  *

package/src/utils/govcyExpressions.mjs ADDED Viewed

@@ -0,0 +1,232 @@
+/**
+ * @module govcyExpressions
+ *
+ * This module provides utility functions for evaluating JavaScript expressions
+ * with a flattened context, ensuring safe execution and preventing unsafe patterns.
+ *
+ */
+import { logger } from "../utils/govcyLogger.mjs";
+import * as dataLayer from "../utils/govcyDataLayer.mjs";
+/**
+ * Recursively flattens nested objects into dot-path keys.
+ * E.g. { a: { b: { c: 5 } } } → { "a.b.c": 5 }
+ *
+ * Example usage:
+ * ```javascript
+ * flattenContext(req.session.siteData["testService"],"testService")
+ * ```
+ * This will output:
+ * ```json
+ * {
+   "testService.inputData.index.formData.certificate_select": [
+    "birth",
+    "permanent_residence"
+  ],
+  "testService.inputData.page1.formData.mobile_select": "mobile",
+  "testService.inputData.page1.formData.mobileTxt": "",
+  "testService.inputData.page2.formData.mobile": "+35722404383",
+  "testService.inputData.page2.formData.dateGot_day": "12",
+  "testService.inputData.page2.formData.dateGot_month": "10",
+  "testService.inputData.page2.formData.dateGot_year": "1212",
+  "testService.inputData.page2.formData.appointment": "10/06/2025"
+ }
+ *
+ * @param {object} obj - The object to flatten
+ * @param {string} prefix - The prefix for nested keys (used internally)
+ * @param {object} res - The result object to store flattened keys (used internally)
+ * @returns {object} - Flattened object with dot-path keys
+ */
+export function flattenContext(obj, prefix = '', res = {}) {
+  for (const [key, val] of Object.entries(obj)) {
+    const path = prefix ? `${prefix}.${key}` : key;
+    if (val !== null && typeof val === 'object' && !Array.isArray(val)) {
+      flattenContext(val, path, res);
+    } else {
+      res[path] = val;
+    }
+  }
+  return res;
+}
+/**
+ * Validates a JavaScript expression string against a blocklist of unsafe patterns.
+ * Throws an error if any unsafe pattern is found.
+ *
+ * @throws {Error} If the expression contains any unsafe patterns
+ * @param {string} expression - The JavaScript expression to validate
+ * @returns {void}
+ */
+function validateExpression(expression) {
+  const blocklist = [
+    'while(', 'for(', 'do{', // loops
+    'Function(', 'constructor(', // access to internals
+    'process', 'require', // Node.js access
+    'global', 'this', 'eval', // execution context or scope tricks
+    '__proto__', 'prototype', // prototype chain abuse
+    'setTimeout', 'setInterval', // async/loops
+  ];
+  for (const forbidden of blocklist) {
+    if (expression.includes(forbidden)) {
+        logger.debug(`Blocked unsafe expression: contains "${forbidden}"`, expression);
+        throw new Error(`Blocked unsafe expression: contains "${forbidden}"`);
+    }
+  }
+}
+/**
+ * Evaluates a JavaScript expression string with a given context.
+ *
+ * @param {string} expression - The JavaScript expression to evaluate
+ * @param {object} dataLayer - The context object containing data for evaluation
+ * @throws {Error} If the expression is invalid or contains unsafe patterns
+ * @returns
+ */
+export function evaluateExpression(expression, dataLayer = {}) {
+    validateExpression(expression); // ⛔️ Blocks known unsafe patterns
+    // The expression will reference: dataLayer["some.path.key"]
+    console.debug(`Evaluating expression: ${expression}`, dataLayer);
+    const fn = new Function('dataLayer', `return (${expression});`);
+    return fn(dataLayer);
+}
+/**
+ * Evaluates expression **with automatic flattening**.
+ * This is a convenience wrapper for most use cases.
+ *
+ * @param {string} expression - JS expression using dataLayer["..."]
+ * @param {object} object - Unflattened data object (e.g., session.siteData[siteKey])
+ * @param {string} prefix - Prefix to add to all keys (usually the siteKey)
+ * @returns {*} - The evaluated result
+ */
+export function evaluateExpressionWithFlattening(expression, object, prefix = '') {
+  const dataLayer = flattenContext(object, prefix);
+  return evaluateExpression(expression, dataLayer);
+}
+/**
+ * Evaluates whether a page should be rendered or redirected based on its conditions.
+ *
+ * - Conditions are located in `page.pageData.conditions`
+ * - Each condition must have a valid `expression` and `redirect`
+ * - If an expression evaluates to `true`, the user is redirected
+ * - If all expressions fail (or none exist), the page is rendered
+ *
+ * @param {object} page - The page object containing `pageData.conditions`
+ * @param {object} store - The full session object (e.g., `req.session`)
+ * @param {string} siteKey - The key for the current site context (e.g., `"nsf2"`)
+ * @param {object} req - The request object (used to track redirect depth)
+ * @returns {{ result: true } | { result: false, redirect: string }}
+ *          An object indicating whether to render the page or redirect
+ */
+export function evaluatePageConditions(page, store, siteKey, req) {
+  // Get conditions array from nested page structure
+  const conditions = page?.pageData?.conditions;
+  // --- Protect against infinite redirects ---
+  const depth = req?._pageRedirectDepth || 0;           // Track redirect depth per request (resets every HTTP call)
+  if (depth > 10) {                                     // Safer default max limit
+    logger.debug(`Max redirect depth exceeded for siteKey '${siteKey}'`);
+    return { result: true };
+  }
+  // If no conditions or not an array, render the page by default
+  if (!Array.isArray(conditions) || conditions.length === 0) {
+    logger.debug(`No conditions found for page '${page.pageData?.url || page.id}'`);
+    return { result: true };
+  }
+  // Get scoped session data for this site
+  const siteData = dataLayer.getSiteData(store, siteKey);
+  if (!siteData || typeof siteData !== 'object') {
+    logger.debug(`No site data found for siteKey '${siteKey}' on page '${page.pageData?.url || page.id}'`);
+    return { result: true }; // If site data is missing, continue safely
+  }
+  // Evaluate each condition
+  for (const [i, condition] of conditions.entries()) {
+    // Ensure the condition is well-formed
+    const isValid =
+      typeof condition === 'object' &&
+      condition !== null &&
+      typeof condition.expression === 'string' &&
+      condition.expression.trim() !== '' &&
+      typeof condition.redirect === 'string' &&
+      condition.redirect.trim() !== '';
+    if (!isValid) {
+      logger.debug(`Skipping invalid condition at index ${i} on page '${page.pageData?.url || page.id}'`, condition);
+      continue;
+    }
+    try {
+      // Evaluate the expression using flattened site data
+      const result = evaluateExpressionWithFlattening(
+        condition.expression,
+        siteData,
+        siteKey
+      );
+      // ✅ If expression is true → trigger redirect
+      if (result === true) {                            // Only redirect if explicitly `true`
+        // --- Protect against infinite redirects ---
+        req._pageRedirectDepth = depth + 1;             // Increment redirect counter only if redirecting
+        // return redirect response
+        return { result: false, redirect: condition.redirect };
+      }
+    } catch (err) {
+      logger.debug(`Expression error in condition[${i}] on page '${page.pageData?.url || page.id}':`, condition.expression);
+      logger.debug('→', err.message);
+      // ❌ Expression threw an error — skip and evaluate next
+    }
+  }
+  // ✅ All expressions were false or skipped → allow page rendering
+  return { result: true };
+}
+// console.log(evaluateExpression(
+//     '(dataLayer["test.inputData.index.formData.certificate_select"] == "permanent_residence") || (dataLayer["test.eligibility.TEST_ELIGIBILITY_2_API_URL.result.Succeeded"] == false)',
+//     flattenContext(req.session.siteData.test,'test')));
+// console.log(evaluatePageConditions(page, req.session, siteId));
+      // {
+      //   "pageData": {
+      //     "url": "data-entry-textinput",
+      //     "title": {
+      //       "el": "Σταθερό τηλέφωνο",
+      //       "en": "Landline number",
+      //       "tr": ""
+      //     },
+      //     "layout": "layouts/govcyBase.njk",
+      //     "mainLayout": "two-third",
+      //     "nextPage": "data-entry-all",
+      //     "conditions": [
+      //       {
+      //         "expression": "dataLayer['test.eligibility.TEST_ELIGIBILITY_1_API_URL.result.Succeeded'] == false || dataLayer['test.inputData.data-entry-radios.formData.mobile_select'] == 'mobile'",
+      //         "redirect": "review"
+      //       },
+      //       {
+      //         "expression": "dataLayer['test.eligibility.TEST_ELIGIBILITY_1_API_URL.result.Succeeded'] == false",
+      //         "redirect": "review"
+      //       }
+      //     ]
+      //   },
+// Todo:
+// - [X] Add unit tests
+// - [ ] Add page with conditions in JSON
+// - [ ] Add logic on the page handler to evaluate conditions
+// - [ ] Add logic on review and review post page handler to evaluate the conditions
+// - [ ] Add Functional tests for the conditions
+// - [ ] Add documentation for the conditions