@hiliosai/sdk 0.1.12 → 0.1.14

package/src/middlewares/health.middleware.ts

@@ -1,134 +0,0 @@
-import env from '@ltv/env';
-import http from 'http';
-import type {Service} from 'moleculer';
-
-const HEALTH_CHECK_PORT = env.int('HEALTH_CHECK_PORT', 3301);
-const HEALTH_CHECK_READINESS_PATH = env.string(
-  'HEALTH_CHECK_READINESS_PATH',
-  '/readyz'
-);
-const HEALTH_CHECK_LIVENESS_PATH = env.string(
-  'HEALTH_CHECK_LIVENESS_PATH',
-  '/livez'
-);
-
-interface HealthCheckOptions {
-  port?: number;
-  readiness?: {
-    path?: string;
-  };
-  liveness?: {
-    path?: string;
-  };
-}
-
-interface HealthCheckConfig {
-  port: number;
-  readiness: {
-    path: string;
-  };
-  liveness: {
-    path: string;
-  };
-}
-
-// Default configuration constants
-export const HEALTH_CHECK_DEFAULTS = {
-  PORT: HEALTH_CHECK_PORT,
-  READINESS_PATH: HEALTH_CHECK_READINESS_PATH,
-  LIVENESS_PATH: HEALTH_CHECK_LIVENESS_PATH,
-} as const;
-
-export function CreateHealthCheckMiddleware(opts: HealthCheckOptions = {}) {
-  // Merge user options with defaults
-  const config: HealthCheckConfig = {
-    port: opts.port ?? HEALTH_CHECK_DEFAULTS.PORT,
-    readiness: {
-      path: opts.readiness?.path ?? HEALTH_CHECK_DEFAULTS.READINESS_PATH,
-    },
-    liveness: {
-      path: opts.liveness?.path ?? HEALTH_CHECK_DEFAULTS.LIVENESS_PATH,
-    },
-  };
-
-  type HealthState = 'down' | 'starting' | 'up' | 'stopping';
-
-  let state: HealthState = 'down';
-  let server: http.Server;
-
-  function handler(req: http.IncomingMessage, res: http.ServerResponse) {
-    // Prevent headers from being sent multiple times
-    if (res.headersSent) {
-      return;
-    }
-
-    if (req.url === config.readiness.path || req.url === config.liveness.path) {
-      const resHeader = {
-        'Content-Type': 'application/json; charset=utf-8',
-      };
-
-      const content = {
-        state,
-        uptime: process.uptime(),
-        timestamp: Date.now(),
-      };
-
-      if (req.url === config.readiness.path) {
-        // Readiness if the broker started successfully.
-        // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes
-        res.writeHead(state === 'up' ? 200 : 503, resHeader);
-      } else {
-        // Liveness if the broker is not stopped.
-        // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command
-        res.writeHead(state !== 'down' ? 200 : 503, resHeader);
-      }
-
-      res.end(JSON.stringify(content, null, 2));
-    } else {
-      res.writeHead(404, http.STATUS_CODES[404] ?? 'Not Found', {});
-      res.end();
-    }
-  }
-
-  return {
-    created(broker: Service) {
-      state = 'starting';
-
-      server = http.createServer(handler);
-      server.listen(config.port, (err?: Error | undefined) => {
-        if (err) {
-          return broker.logger.error(
-            'Unable to start health-check server',
-            err
-          );
-        }
-
-        broker.logger.info('');
-        broker.logger.info('K8s health-check server listening on');
-        broker.logger.info(
-          `    http://localhost:${config.port}${config.readiness.path}`
-        );
-        broker.logger.info(
-          `    http://localhost:${config.port}${config.liveness.path}`
-        );
-        broker.logger.info('');
-      });
-    },
-
-    // After broker started
-    started() {
-      state = 'up';
-    },
-
-    // Before broker stopping
-    stopping() {
-      state = 'stopping';
-    },
-
-    // After broker stopped
-    stopped() {
-      state = 'down';
-      server.close();
-    },
-  };
-}

package/src/middlewares/index.ts

@@ -1,5 +0,0 @@
-export * from './datasource.middleware';
-export * from './memoize.middleware';
-export * from './health.middleware';
-export * from './permissions.middleware';
-export * from './context-helpers.middleware';

package/src/middlewares/memoize.middleware.ts

@@ -1,33 +0,0 @@
-import type {ServiceSchema, ServiceSettingSchema} from 'moleculer';
-
-export interface MemoizeMixinOptions {
-  ttl?: number;
-}
-
-export function MemoizeMixin(
-  options?: MemoizeMixinOptions
-): ServiceSchema<ServiceSettingSchema> {
-  return {
-    name: '',
-    methods: {
-      async memoize(name: string, params: unknown, fn: () => Promise<unknown>) {
-        if (!this.broker.cacher) return fn();
-
-        const key = this.broker.cacher.defaultKeygen(
-          `${this.name}:memoize-${name}`,
-          params as object | null,
-          {},
-          []
-        );
-
-        let res = await this.broker.cacher.get(key);
-        if (res) return res;
-
-        res = (await fn()) as unknown as object;
-        this.broker.cacher.set(key, res, options?.ttl);
-
-        return res;
-      },
-    },
-  };
-}

package/src/middlewares/permissions.middleware.ts

@@ -1,162 +0,0 @@
-import type {ActionSchema, Service} from 'moleculer';
-
-import {PERMISSIONS, ROLE_PERMISSIONS} from '../configs';
-import {isDev} from '../env';
-
-import {PermissionError} from '../errors';
-import type {AppContext} from '../types';
-
-export type Permission =
-  | keyof typeof PERMISSIONS
-  | string
-  | ((ctx: AppContext, action: ActionSchema) => Promise<boolean> | boolean);
-
-// Middleware interface for type safety
-export interface ActionWithPermissions extends ActionSchema {
-  permissions?: Permission | Permission[];
-}
-
-const permissionHandlers = {
-  [PERMISSIONS.AUTHENTICATED]: async (ctx: AppContext) => !!ctx.meta.user?.id,
-
-  [PERMISSIONS.TENANT_OWNER]: async (ctx: AppContext) =>
-    ctx.meta.user?.roles.includes(PERMISSIONS.OWNER) ?? false,
-
-  [PERMISSIONS.TENANT_MEMBER]: async (ctx: AppContext) =>
-    !!(
-      ctx.meta.user?.tenantId &&
-      ctx.meta.tenantId &&
-      ctx.meta.user.tenantId === ctx.meta.tenantId
-    ),
-};
-
-export const PermissionsMiddleware = {
-  // Wrap local action handlers
-  localAction(
-    handler: (...args: unknown[]) => unknown,
-    action: ActionWithPermissions
-  ) {
-    // If permissions are not defined, return original handler
-    if (!action.permissions) {
-      return handler;
-    }
-
-    const permissions = Array.isArray(action.permissions)
-      ? action.permissions
-      : [action.permissions];
-
-    const permissionNames: string[] = [];
-    const permissionFunctions: Array<
-      (ctx: AppContext, action: ActionSchema) => Promise<boolean> | boolean
-    > = [];
-
-    // Process each permission
-    permissions.forEach((permission) => {
-      if (typeof permission === 'function') {
-        // Add custom permission function
-        permissionFunctions.push(permission);
-        return;
-      }
-
-      if (typeof permission === 'string') {
-        // Check if it's a built-in permission handler
-        if (permission in permissionHandlers) {
-          const handler =
-            permissionHandlers[permission as keyof typeof permissionHandlers];
-          permissionFunctions.push(handler);
-          return;
-        }
-
-        // Otherwise, treat as a permission name to check against user roles
-        permissionNames.push(permission);
-        return;
-      }
-    });
-
-    return async function CheckPermissionsMiddleware(
-      this: Service,
-      ctx: AppContext
-    ) {
-      let hasAccess = false;
-
-      // Check if user has OWNER role (super admin within tenant)
-      if (ctx.meta.user?.roles.includes(PERMISSIONS.OWNER)) {
-        hasAccess = true;
-      }
-
-      // REMOVED: DEVELOPER role bypass - security vulnerability
-      // Developers must have explicit permissions like any other role
-
-      // Check custom permission functions
-      if (!hasAccess && permissionFunctions.length > 0) {
-        const results = await Promise.allSettled(
-          permissionFunctions.map((fn) => fn(ctx, action))
-        );
-
-        hasAccess = results.some(
-          (result) => result.status === 'fulfilled' && !!result.value
-        );
-
-        // Log failed permissions without exposing details
-        const failures = results.filter((r) => r.status === 'rejected');
-        if (failures.length > 0) {
-          ctx.broker.logger.warn(
-            `${failures.length} permission functions failed`,
-            {
-              action: action.name,
-              userId: ctx.meta.user?.id,
-            }
-          );
-        }
-      }
-
-      // Check named permissions against user roles
-      if (!hasAccess && permissionNames.length > 0) {
-        const userRoles = ctx.meta.user?.roles ?? [];
-
-        // Check if user has any role that includes the required permissions
-        hasAccess = userRoles.some((role: string) => {
-          const rolePermissions = ROLE_PERMISSIONS[role] ?? [];
-          return permissionNames.some((permName) =>
-            rolePermissions.includes(permName)
-          );
-        });
-      }
-
-      // Throw error if access denied
-      if (!hasAccess) {
-        const user = ctx.meta.user;
-        ctx.broker.logger.warn('Access denied:', {
-          action: action.name,
-          userId: user?.id,
-          userRoles: user?.roles,
-          tenantId: ctx.meta.tenantId,
-          requiredPermissions: permissions,
-        });
-
-        // Sanitize error details for production
-        const errorDetails = isDev
-          ? {
-              action: action.name,
-              requiredPermissions: permissions.map((p) =>
-                typeof p === 'function' ? '[Function]' : String(p)
-              ),
-              userRoles: user?.roles ?? [],
-              userId: user?.id,
-              tenantId: ctx.meta.tenantId,
-            }
-          : {
-              action: action.name,
-            };
-
-        throw new PermissionError(
-          'You do not have permission to perform this action',
-          errorDetails
-        );
-      }
-
-      // Call the original handler
-      return handler.call(this, ctx);
-    };
-  },
-};

package/src/mixins/datasource.mixin.ts

@@ -1,111 +0,0 @@
-/* eslint-disable @typescript-eslint/no-explicit-any */
-import type {ServiceSchema} from 'moleculer';
-import type {
-  DatasourceConstructorRegistry,
-  DatasourceInstanceRegistry,
-} from '../middlewares/datasource.middleware';
-import type {AppContext} from '../types/context';
-
-/**
- * Creates a Moleculer mixin for datasource injection
- * Simple mixin that just instantiates datasources and injects them into context
- *
- * @example
- * ```typescript
- * import {DatasourceMixin} from '@pkg/sdk';
- *
- * export default {
- *   name: 'users',
- *   mixins: [DatasourceMixin({
- *     userDb: UserDatasource,
- *     cache: CacheDatasource,
- *   })],
- *   actions: {
- *     get: {
- *       handler(ctx) {
- *         // Access datasources via ctx.datasources
- *         return ctx.datasources.userDb.findById(ctx.params.id);
- *       }
- *     }
- *   }
- * }
- * ```
- */
-export function DatasourceMixin(
-  datasourceConstructors: DatasourceConstructorRegistry = {}
-): Partial<ServiceSchema> {
-  // Initialize datasources once
-  const datasourceInstances: DatasourceInstanceRegistry = {};
-
-  for (const [key, DatasourceClass] of Object.entries(datasourceConstructors)) {
-    datasourceInstances[key] = new DatasourceClass();
-  }
-
-  return {
-    /**
-     * Service created lifecycle hook
-     * Initialize datasources and store on service
-     */
-    async created() {
-      // Inject broker into datasources
-      for (const [, datasource] of Object.entries(datasourceInstances)) {
-        (datasource as any).broker = this.broker;
-      }
-
-      // Call init() on datasources that have it
-      for (const [, datasource] of Object.entries(datasourceInstances)) {
-        if (typeof (datasource as any).init === 'function') {
-          await (datasource as any).init();
-        }
-      }
-
-      // Store instances on the service for access in methods
-      (this as any).$datasources = datasourceInstances;
-    },
-
-    /**
-     * Service started lifecycle hook
-     * Connect datasources that have connect method
-     */
-    async started() {
-      // Call connect() on datasources that have it
-      for (const [, datasource] of Object.entries(datasourceInstances)) {
-        if (typeof (datasource as any).connect === 'function') {
-          await (datasource as any).connect();
-        }
-      }
-    },
-
-    /**
-     * Service stopped lifecycle hook
-     * Disconnect datasources that have disconnect method
-     */
-    async stopped() {
-      // Call disconnect() on datasources that have it
-      for (const [, datasource] of Object.entries(datasourceInstances)) {
-        if (typeof (datasource as any).disconnect === 'function') {
-          await (datasource as any).disconnect();
-        }
-      }
-    },
-
-    /**
-     * Hooks to inject datasources into context
-     */
-    hooks: {
-      before: {
-        '*': function injectDatasources(ctx) {
-          const datasources = (this as any).$datasources ?? {};
-
-          // Inject current context into all datasources
-          for (const [, datasource] of Object.entries(datasources)) {
-            (datasource as any).context = ctx;
-          }
-
-          // Inject datasources into the context
-          (ctx as AppContext).datasources = datasources;
-        },
-      },
-    },
-  };
-}

package/src/mixins/index.ts

@@ -1 +0,0 @@
-export * from './datasource.mixin';