@heliyos/heliyos-api-core 1.0.69 → 1.0.71

package/dist/authentication.d.ts

@@ -15,6 +15,8 @@ export interface IAuthResponseApiKey {
     policy: IAuthResponseApiKeyPolicy[] | undefined;
     userId: string;
     organizationId: string;
+    organizationIsActive?: boolean;
+    organizationBillingStatus?: string;
 }
 interface IAuthResponseApiKeyPolicy {
     resource: string;

package/dist/authentication.js

@@ -23,6 +23,52 @@ exports.authentication = void 0;
 const basic_auth_1 = __importDefault(require("basic-auth"));
 const customError_1 = require("./@types/globals/customError");
 const _1 = require(".");
+const INACTIVE_ORG_ALLOWED_PATH_PREFIXES = [
+    "/v1/platform/billing/overview",
+    "/v1/platform/billing/products",
+    "/v1/platform/billing/payments",
+    "/v1/platform/billing/portal-link",
+    "/v1/platform/billing/portal",
+    "/v1/platform/billing/customer-portal",
+    "/v1/platform/billing/callback/",
+    "/v1/auth/session/logout",
+];
+const BASIC_AUTH_ALLOWED_PATH_PREFIXES = [
+    "/v1/platform/billing/internal/",
+    "/v1/platform/usage/internal/log",
+];
+const canAccessWithInactiveOrganization = (path) => {
+    if (!path) {
+        return false;
+    }
+    return INACTIVE_ORG_ALLOWED_PATH_PREFIXES.some((prefix) => path.startsWith(prefix));
+};
+const canAccessWithBasicAuth = (path) => {
+    if (!path) {
+        return false;
+    }
+    return BASIC_AUTH_ALLOWED_PATH_PREFIXES.some((prefix) => path.startsWith(prefix));
+};
+const getCandidateSessionCookieNames = () => {
+    const explicitNodeEnv = String(process.env.NODE_ENV || "").trim();
+    const explicitPublicEnv = String(process.env.NEXT_PUBLIC_ENV || "").trim();
+    const names = new Set(["user_session"]);
+    [explicitNodeEnv, explicitPublicEnv, "production", "development", "local"]
+        .filter(Boolean)
+        .forEach((envName) => names.add(`${envName}_user_session`));
+    return Array.from(names);
+};
+const getUserSessionCookieFromRequest = (req) => {
+    const cookies = req.cookies || {};
+    const cookieNames = getCandidateSessionCookieNames();
+    for (const name of cookieNames) {
+        const value = cookies[name];
+        if (value) {
+            return value;
+        }
+    }
+    return undefined;
+};
 /**
  * Function to check internal and external authentication
  * @param req
@@ -36,7 +82,7 @@ const authentication = (req, res, next) => __awaiter(void 0, void 0, void 0, fun
         const container = {
             input: {
                 authentication_header: req.headers.authorization,
-                user_session_cookie: req.cookies.user_session,
+                user_session_cookie: getUserSessionCookieFromRequest(req),
                 ip: getIp(req),
                 auth_type: undefined,
             },
@@ -46,7 +92,10 @@ const authentication = (req, res, next) => __awaiter(void 0, void 0, void 0, fun
             },
         };
         //	Check for the type of authentication
-        checkAuthType(container, res);
+        const authTypeCheckResponse = checkAuthType(container, res);
+        if (authTypeCheckResponse) {
+            return;
+        }
         //	Based on type, do further authentication
         //	Either of BASIC / COOKIE / BEARER
         const authenticationResponse = yield authenticateRequest(container);
@@ -62,6 +111,34 @@ const authentication = (req, res, next) => __awaiter(void 0, void 0, void 0, fun
                 message: "User not authenticated, Invalid token",
             });
         }
+        if (container.output.isBasicAuth &&
+            !canAccessWithBasicAuth(req.path || req.originalUrl || "")) {
+            return res.status(403).json({
+                error: {
+                    status: 403,
+                    err_msg: "FORBIDDEN",
+                },
+                message: "Basic authentication is restricted to internal service endpoints.",
+            });
+        }
+        const authUser = authenticationResponse;
+        const hasOrganizationContext = Boolean(authUser === null || authUser === void 0 ? void 0 : authUser.organizationId);
+        const organizationIsActive = authUser === null || authUser === void 0 ? void 0 : authUser.organizationIsActive;
+        const shouldBlockInactiveOrganization = hasOrganizationContext &&
+            organizationIsActive !== true &&
+            !canAccessWithInactiveOrganization(req.path || req.originalUrl || "");
+        if (shouldBlockInactiveOrganization) {
+            return res.status(403).json({
+                error: {
+                    status: 403,
+                    err_msg: "FORBIDDEN",
+                },
+                message: "Organization billing is inactive. Please renew your subscription to continue.",
+                data: {
+                    organizationBillingStatus: authUser.organizationBillingStatus || "past_due",
+                },
+            });
+        }
         //	Set logged in user data which can be used later on
         setLoggedInUser(container, req);
         //	Move to next chain
@@ -137,7 +214,15 @@ const isJwtToken = (token) => {
     try {
         if (token.indexOf(".") > -1) {
             const token_parts = token.split(".");
-            const token_detail_string = Buffer.from(token_parts[0], "base64");
+            if (!token_parts[0]) {
+                return false;
+            }
+            const normalizedHeader = token_parts[0]
+                .replace(/-/g, "+")
+                .replace(/_/g, "/");
+            const padding = (4 - (normalizedHeader.length % 4)) % 4;
+            const paddedHeader = normalizedHeader + "=".repeat(padding);
+            const token_detail_string = Buffer.from(paddedHeader, "base64");
             const token_detail = JSON.parse(token_detail_string.toString());
             if (token_detail.typ && token_detail.typ.toUpperCase() === "JWT") {
                 return true;
@@ -266,6 +351,8 @@ const callAuthApiServer = (token) => __awaiter(void 0, void 0, void 0, function*
                 organizationId: authResult.data.data.payload.organizationId,
                 role: authResult.data.data.payload.role,
                 userFullName: authResult.data.data.payload.userFullName,
+                organizationIsActive: authResult.data.data.payload.organizationIsActive,
+                organizationBillingStatus: authResult.data.data.payload.organizationBillingStatus,
             };
         }
         else {
@@ -273,7 +360,9 @@ const callAuthApiServer = (token) => __awaiter(void 0, void 0, void 0, function*
         }
     }
     catch (error) {
-        console.log(error);
+        _1.logger.error("Error while verifying bearer token with auth service", {
+            error: (error === null || error === void 0 ? void 0 : error.message) || error,
+        });
         throw error;
     }
 });
@@ -286,7 +375,7 @@ const verifyApiKey = (apiKey) => __awaiter(void 0, void 0, void 0, function* ()
     var _a, _b, _c, _d;
     try {
         //	Call api key service to verify api key
-        const apiRes = yield _1.axios.authServer.post(`/v2/auth/api_key/verify`, {
+        const apiRes = yield _1.axios.authServer.post(`/v1/auth/api_key/verify`, {
             apiKey,
         });
         if ((_b = (_a = apiRes.data) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.isValid) {
@@ -298,7 +387,9 @@ const verifyApiKey = (apiKey) => __awaiter(void 0, void 0, void 0, function* ()
         }
     }
     catch (err) {
-        console.log(err);
+        _1.logger.error("Error while verifying API key with auth service", {
+            error: (err === null || err === void 0 ? void 0 : err.message) || err,
+        });
         //	If verified api key not found then throw error
         const error = new customError_1.HttpError("Invalid api key.");
         error.status = "403";

package/dist/authorization.d.ts

@@ -5,7 +5,9 @@
  * @param resourceAction
  * @returns
  */
-export declare const authorizeUser: <T = string, U = string>(organizationId: T, userId: U, resourceAction: string) => Promise<{
+export declare const authorizeUser: <T = string, U = string>(organizationId: T, userId: U, resourceAction: string, options?: {
+    allowInactive?: boolean;
+}) => Promise<{
     isAllowed: string;
     userRole: string;
 }>;

package/dist/authorization.js

@@ -20,17 +20,22 @@ const axios_1 = require("./axios");
  * @returns
  */
 // eslint-disable-next-line import/prefer-default-export, @typescript-eslint/naming-convention
-const authorizeUser = (organizationId, userId, resourceAction) => __awaiter(void 0, void 0, void 0, function* () {
+const authorizeUser = (organizationId, userId, resourceAction, options) => __awaiter(void 0, void 0, void 0, function* () {
     try {
-        const authenticationResponse = yield axios_1.coreAxios.authServer.post(`v1/auth/user/${userId}`, { resourceAction, organizationId });
+        const authenticationResponse = yield axios_1.coreAxios.authServer.post(`/v1/auth/user/${userId}`, {
+            resourceAction,
+            organizationId,
+            allowInactive: Boolean(options === null || options === void 0 ? void 0 : options.allowInactive),
+        });
         return authenticationResponse.data.data;
         // eslint-disable-next-line @typescript-eslint/no-unsafe-return, @typescript-eslint/no-unsafe-member-access
     }
     catch (err) {
-        if ((err === null || err === void 0 ? void 0 : err.status) === 401) {
+        const status = String((err === null || err === void 0 ? void 0 : err.status) || "");
+        if (status === "401") {
             throw err;
         }
-        if ((err === null || err === void 0 ? void 0 : err.status) === 501) {
+        if (status === "403") {
             throw err;
         }
         const error = new customError_1.HttpError("Something went wrong with Authentication");

package/dist/email/index.d.ts

@@ -9,5 +9,6 @@ export declare const emailTemplates: {
     notificationImmediateGrouped: string;
     notificationDailySummary: string;
     organizationDailySummary: string;
+    integrationNotSynced: string;
 };
 export declare const getEmailTemplate: (template: string, data: object) => string;

package/dist/email/index.js

@@ -41,6 +41,7 @@ exports.emailTemplates = {
     notificationImmediateGrouped: "notification-immediate-grouped.html",
     notificationDailySummary: "notification-daily-summary.html",
     organizationDailySummary: "organization-daily-summary.html",
+    integrationNotSynced: "integration-not-synced.html",
 };
 /**
  * Simple markdown to HTML converter for email templates

package/dist/email/integration-not-synced.html

@@ -0,0 +1,138 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Integration Not Synched</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            line-height: 1.6;
+            color: #0e0d0c;
+            background-color: #f8f8f6;
+            margin: 0;
+            padding: 0;
+        }
+
+        .container {
+            max-width: 600px;
+            margin: 20px auto;
+            background-color: #ffffff;
+            border: 2px solid #7c3aed;
+            border-radius: 12px;
+            overflow: hidden;
+        }
+
+        .header {
+            background-color: #7c3aed;
+            padding: 30px 20px;
+            text-align: center;
+        }
+
+        .header img {
+            max-width: 180px;
+            height: auto;
+        }
+
+        .content {
+            padding: 30px;
+            color: #2c2721;
+        }
+
+        .button {
+            display: inline-block;
+            padding: 12px 24px;
+            background-color: #7c3aed;
+            color: #ffffff !important;
+            text-decoration: none;
+            border-radius: 8px;
+            font-weight: bold;
+            margin-top: 20px;
+        }
+
+        .button:hover {
+            background-color: #6d28d9;
+        }
+
+        .footer {
+            background-color: #ebe7db;
+            padding: 20px;
+            text-align: center;
+            font-size: 12px;
+            color: #5c5545;
+        }
+
+        .warning-box {
+            background-color: #fff3cd;
+            border-left: 4px solid #ffc107;
+            padding: 16px;
+            margin: 20px 0;
+            border-radius: 4px;
+        }
+
+        .details-table {
+            width: 100%;
+            border: 1px solid #e5e7eb;
+            border-radius: 8px;
+            border-collapse: collapse;
+            margin: 20px 0;
+        }
+
+        .details-table td {
+            padding: 10px 12px;
+            border-bottom: 1px solid #f3f4f6;
+            font-size: 13px;
+        }
+
+        .details-label {
+            color: #5c5545;
+            width: 160px;
+        }
+
+        .details-value {
+            color: #0e0d0c;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="container">
+        <div class="header">
+            <img src="https://assets.heliyos.ai/heliyos-logo-white.png" alt="Heliyos AI">
+        </div>
+        <div class="content">
+            <h2 style="margin-top: 0; color: #0e0d0c;">Action Required: Integration Not Synched</h2>
+            <p>Hi {{first_name}},</p>
+            <p>We detected that your integration <strong>{{integration_name}}</strong> is currently not synched.</p>
+            <p>{{summary}}</p>
+
+            <div class="warning-box">
+                <p style="margin: 0;"><strong>Detected at:</strong> {{timestamp}}</p>
+            </div>
+
+            {{#if details}}
+            <table class="details-table">
+                {{#each details}}
+                <tr>
+                    <td class="details-label">{{label}}</td>
+                    <td class="details-value">{{value}}</td>
+                </tr>
+                {{/each}}
+            </table>
+            {{/if}}
+
+            <p style="text-align: center;">
+                <a href="{{reconnect_url}}" class="button">Reconnect Integration</a>
+            </p>
+            <p>If you're having trouble clicking the button, copy and paste the following URL into your web browser:</p>
+            <p style="word-break: break-all; font-size: 13px; color: #5c5545;">{{reconnect_url}}</p>
+        </div>
+        <div class="footer">
+            <p>&copy; {{year}} {{company_name}}. All rights reserved.</p>
+            <p>This is an automated message, please do not reply to this email.</p>
+        </div>
+    </div>
+</body>
+
+</html>

package/dist/middleware.js

@@ -19,6 +19,7 @@ const serve_static_1 = __importDefault(require("serve-static"));
 const authentication_1 = require("./authentication");
 const allowedOrigin_1 = require("./allowedOrigin");
 const customError_1 = require("./@types/globals/customError");
+const logger_1 = require("./logger");
 const genericErrorMessage = "Something went wrong";
 const defaultErrorStatusCode = 500;
 const nonProductionEnvironments = new Set(["development", "local", "test"]);
@@ -189,19 +190,12 @@ const handle_errors = (error, _, res, __) => {
         description: sanitizeErrorDescription(description),
     };
     //  Log original error
-    console.error("=== Begin Error ===\n---\n" +
-        "Error: " +
-        message +
-        "\n" +
-        "Status: " +
-        status +
-        "\n" +
-        "Desc: " +
-        description +
-        "\n" +
-        "Stack: " +
-        stack +
-        "\n---\n=== End Error ===");
+    logger_1.logger.error("Unhandled middleware error", {
+        message,
+        status,
+        description,
+        stack,
+    });
     //	Provide stack track in env development and local
     if (!isProductionEnvironment()) {
         response.error = Object.assign({ stack }, error);

package/dist/static/authPolicyFile.d.ts

@@ -4,6 +4,7 @@ interface IAuthPolicy {
     ROLES_PERMISSIONS: RolesPermissionsType;
 }
 export type RolesPermissionsType = {
+    MEMBER?: string[];
     TEAM_MEMBER: string[];
     ADMIN: string[];
     OWNER: string[];

package/dist/static/authPolicyFile.js

@@ -700,3 +700,5 @@ exports.authPolicy = {
         ],
     },
 };
+const memberRolePermissions = Array.from(new Set(exports.authPolicy.ROLES_PERMISSIONS.TEAM_MEMBER));
+exports.authPolicy.ROLES_PERMISSIONS.MEMBER = memberRolePermissions;

package/dist/static/authPolicyFile.ts

@@ -773,12 +773,19 @@ export const authPolicy: IAuthPolicy = {
   },
 };
 
+const memberRolePermissions = Array.from(
+  new Set(authPolicy.ROLES_PERMISSIONS.TEAM_MEMBER)
+);
+
+authPolicy.ROLES_PERMISSIONS.MEMBER = memberRolePermissions;
+
 interface IAuthPolicy {
   RESOURCES_ACTIONS: ResourcePolicyActionsType;
   ROLES_PERMISSIONS: RolesPermissionsType;
 }
 
 export type RolesPermissionsType = {
+  MEMBER?: string[];
   TEAM_MEMBER: string[];
   ADMIN: string[];
   OWNER: string[];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heliyos/heliyos-api-core",
-  "version": "1.0.69",
+  "version": "1.0.71",
   "description": "Heliyos's core api functions and middlewares. Its a private package hosted on npm.",
   "main": "./dist/index.js",
   "scripts": {

package/src/email/index.ts

@@ -13,6 +13,7 @@ export const emailTemplates = {
   notificationImmediateGrouped: "notification-immediate-grouped.html",
   notificationDailySummary: "notification-daily-summary.html",
   organizationDailySummary: "organization-daily-summary.html",
+  integrationNotSynced: "integration-not-synced.html",
 };
 
 /**

package/src/email/integration-not-synced.html

@@ -0,0 +1,138 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Integration Not Synched</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            line-height: 1.6;
+            color: #0e0d0c;
+            background-color: #f8f8f6;
+            margin: 0;
+            padding: 0;
+        }
+
+        .container {
+            max-width: 600px;
+            margin: 20px auto;
+            background-color: #ffffff;
+            border: 2px solid #7c3aed;
+            border-radius: 12px;
+            overflow: hidden;
+        }
+
+        .header {
+            background-color: #7c3aed;
+            padding: 30px 20px;
+            text-align: center;
+        }
+
+        .header img {
+            max-width: 180px;
+            height: auto;
+        }
+
+        .content {
+            padding: 30px;
+            color: #2c2721;
+        }
+
+        .button {
+            display: inline-block;
+            padding: 12px 24px;
+            background-color: #7c3aed;
+            color: #ffffff !important;
+            text-decoration: none;
+            border-radius: 8px;
+            font-weight: bold;
+            margin-top: 20px;
+        }
+
+        .button:hover {
+            background-color: #6d28d9;
+        }
+
+        .footer {
+            background-color: #ebe7db;
+            padding: 20px;
+            text-align: center;
+            font-size: 12px;
+            color: #5c5545;
+        }
+
+        .warning-box {
+            background-color: #fff3cd;
+            border-left: 4px solid #ffc107;
+            padding: 16px;
+            margin: 20px 0;
+            border-radius: 4px;
+        }
+
+        .details-table {
+            width: 100%;
+            border: 1px solid #e5e7eb;
+            border-radius: 8px;
+            border-collapse: collapse;
+            margin: 20px 0;
+        }
+
+        .details-table td {
+            padding: 10px 12px;
+            border-bottom: 1px solid #f3f4f6;
+            font-size: 13px;
+        }
+
+        .details-label {
+            color: #5c5545;
+            width: 160px;
+        }
+
+        .details-value {
+            color: #0e0d0c;
+        }
+    </style>
+</head>
+
+<body>
+    <div class="container">
+        <div class="header">
+            <img src="https://assets.heliyos.ai/heliyos-logo-white.png" alt="Heliyos AI">
+        </div>
+        <div class="content">
+            <h2 style="margin-top: 0; color: #0e0d0c;">Action Required: Integration Not Synched</h2>
+            <p>Hi {{first_name}},</p>
+            <p>We detected that your integration <strong>{{integration_name}}</strong> is currently not synched.</p>
+            <p>{{summary}}</p>
+
+            <div class="warning-box">
+                <p style="margin: 0;"><strong>Detected at:</strong> {{timestamp}}</p>
+            </div>
+
+            {{#if details}}
+            <table class="details-table">
+                {{#each details}}
+                <tr>
+                    <td class="details-label">{{label}}</td>
+                    <td class="details-value">{{value}}</td>
+                </tr>
+                {{/each}}
+            </table>
+            {{/if}}
+
+            <p style="text-align: center;">
+                <a href="{{reconnect_url}}" class="button">Reconnect Integration</a>
+            </p>
+            <p>If you're having trouble clicking the button, copy and paste the following URL into your web browser:</p>
+            <p style="word-break: break-all; font-size: 13px; color: #5c5545;">{{reconnect_url}}</p>
+        </div>
+        <div class="footer">
+            <p>&copy; {{year}} {{company_name}}. All rights reserved.</p>
+            <p>This is an automated message, please do not reply to this email.</p>
+        </div>
+    </div>
+</body>
+
+</html>