@hiliosai/sdk 0.1.12 → 0.1.15

package/src/errors/permission.error.ts

@@ -1,17 +0,0 @@
-export class PermissionError extends Error {
-  public readonly code = 'PERMISSION_DENIED';
-  public readonly statusCode = 403;
-  public readonly data: Record<string, unknown> | undefined;
-
-  constructor(message: string, data?: Record<string, unknown>) {
-    super(message);
-    this.name = 'PermissionError';
-    this.data = data;
-
-    // Maintains proper stack trace for where our error was thrown (only available on V8)
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
-    if (Error.captureStackTrace) {
-      Error.captureStackTrace(this, PermissionError);
-    }
-  }
-}

package/src/index.ts

@@ -1,10 +0,0 @@
-export * from './middlewares';
-export * from './service/define-service';
-export * from './service/define-integration';
-export * from './types';
-export * from './configs';
-export * from './env';
-export * from './datasources';
-export * from './mixins';
-export * from './utils';
-export {default as env} from './env';

package/src/middlewares/context-helpers.middleware.ts

@@ -1,162 +0,0 @@
-import type {AppContext, Tenant, User, UserRole} from '../types';
-import {AuthenticationError, TenantError} from '../errors';
-import {ContextCache} from '../utils/context-cache';
-import {PermissionCalculator} from '../utils/permission-calculator';
-
-export const ContextHelpersMiddleware = {
-  // Add helper functions to context before action handlers
-  localAction(handler: (...args: unknown[]) => unknown) {
-    return function ContextHelpersWrapper(this: unknown, ctx: AppContext) {
-      const cache = ContextCache.getInstance();
-
-      // Memoized permission checking with caching
-      const memoizedPermissions = new Map<string, boolean>();
-
-      ctx.hasPermission = function (permission: string): boolean {
-        // Check in-request memoization first
-        if (memoizedPermissions.has(permission)) {
-          const cachedResult = memoizedPermissions.get(permission);
-          return cachedResult === true;
-        }
-
-        const user = ctx.meta.user;
-        if (!user) {
-          memoizedPermissions.set(permission, false);
-          return false;
-        }
-
-        // Use optimized permission calculator
-        const result = PermissionCalculator.hasPermission(user, permission);
-        memoizedPermissions.set(permission, result);
-        return result;
-      };
-
-      // Cached user permissions getter
-      ctx.getUserPermissions = async function (): Promise<string[]> {
-        const user = ctx.meta.user;
-        if (!user) return [];
-
-        const cacheKey = `permissions:${user.id}:${JSON.stringify(user.roles)}`;
-        return cache.get(cacheKey, () => {
-          return PermissionCalculator.calculateUserPermissions(user);
-        });
-      };
-
-      ctx.hasRole = function (role: keyof typeof UserRole): boolean {
-        const user = ctx.ensureUser();
-        return Array.isArray(user.roles) && user.roles.includes(role);
-      };
-
-      ctx.isTenantMember = function (): boolean {
-        const user = ctx.ensureUser();
-        return !!(
-          user.tenantId &&
-          ctx.meta.tenantId &&
-          user.tenantId === ctx.meta.tenantId
-        );
-      };
-
-      ctx.isTenantOwner = function (): boolean {
-        return ctx.isTenantMember() && ctx.hasRole('OWNER');
-      };
-
-      ctx.ensureUser = (): User => {
-        if (!ctx.meta.user) {
-          ctx.broker.logger.error('Authentication required', {
-            action: ctx.action?.name,
-            requestId: ctx.meta.requestId,
-            userAgent: ctx.meta.userAgent,
-            ip: ctx.meta.clientIP,
-          });
-
-          throw new AuthenticationError('Authentication required', {
-            code: 'AUTH_REQUIRED',
-            statusCode: 401,
-            requestId: ctx.meta.requestId,
-          });
-        }
-        return ctx.meta.user;
-      };
-
-      ctx.ensureTenant = (): Tenant => {
-        if (!ctx.meta.tenantId) {
-          ctx.broker.logger.error('Tenant required', {
-            action: ctx.action?.name,
-            userId: ctx.meta.user?.id,
-            requestId: ctx.meta.requestId,
-          });
-
-          throw new TenantError('Tenant required', {
-            code: 'TENANT_REQUIRED',
-            statusCode: 401,
-            tenantId: ctx.meta.tenantId,
-            requestId: ctx.meta.requestId,
-          });
-        }
-
-        // Return a proper Tenant object with the ID
-        return {
-          id: ctx.meta.tenantId,
-          name: ctx.meta.tenantName ?? '',
-        } as Tenant;
-      };
-
-      // Enhanced audit logging function
-      ctx.auditLog = function (
-        action: string,
-        resource?: unknown,
-        metadata?: Record<string, unknown>
-      ): void {
-        ctx.broker.logger.info('Audit log', {
-          action,
-          resource: resource
-            ? {
-                type: typeof resource,
-                id: (resource as Record<string, unknown>).id,
-              }
-            : undefined,
-          userId: ctx.meta.user?.id,
-          tenantId: ctx.meta.tenantId,
-          requestId: ctx.meta.requestId,
-          timestamp: new Date().toISOString(),
-          ...metadata,
-        });
-      };
-
-      // Enhanced error creation with context
-      ctx.createError = function (
-        message: string,
-        code: string,
-        statusCode = 400
-      ): Error {
-        const errorData = {
-          code,
-          statusCode,
-          userId: ctx.meta.user?.id,
-          tenantId: ctx.meta.tenantId,
-          requestId: ctx.meta.requestId,
-          action: ctx.action?.name,
-          timestamp: new Date().toISOString(),
-        };
-
-        ctx.broker.logger.warn('Context error created', {
-          message,
-          ...errorData,
-        });
-
-        if (code === 'AUTH_REQUIRED') {
-          return new AuthenticationError(message, errorData);
-        }
-
-        if (code === 'TENANT_REQUIRED') {
-          return new TenantError(message, errorData);
-        }
-
-        return new Error(message);
-      };
-
-      // Call the original handler
-      return handler.call(this, ctx);
-    };
-  },
-};

package/src/middlewares/datasource.middleware.ts

@@ -1,73 +0,0 @@
-import type {Context} from 'moleculer';
-import type {BaseDatasource} from '../datasources';
-
-/**
- * Datasource constructor registry type
- * All datasources should implement BaseDatasource interface
- */
-export interface DatasourceConstructorRegistry {
-  [key: string]: new () => BaseDatasource | object;
-}
-
-/**
- * Datasource instance registry type
- */
-export interface DatasourceInstanceRegistry {
-  [key: string]: object;
-}
-
-/**
- * Datasource context extension
- */
-export interface DatasourceContext extends Context {
-  datasources: DatasourceInstanceRegistry;
-}
-
-/**
- * Initialize all datasources
- */
-function initializeDatasources(
-  constructorRegistry: DatasourceConstructorRegistry
-): DatasourceInstanceRegistry {
-  const initializedDatasources: DatasourceInstanceRegistry = {};
-
-  for (const [key, DatasourceClass] of Object.entries(constructorRegistry)) {
-    initializedDatasources[key] = new DatasourceClass();
-  }
-
-  return initializedDatasources;
-}
-
-/**
- * Datasource middleware that injects datasources into the context
- */
-export function createDatasourceMiddleware(
-  datasources: DatasourceConstructorRegistry
-) {
-  const initializedDatasources = initializeDatasources(datasources);
-
-  return {
-    localAction(handler: (...args: unknown[]) => unknown) {
-      return function DatasourceWrapper(this: unknown, ctx: Context) {
-        // Inject datasources into context
-        (ctx as DatasourceContext).datasources = initializedDatasources;
-        return handler.call(this, ctx);
-      };
-    },
-
-    remoteAction(handler: (...args: unknown[]) => unknown) {
-      return function DatasourceWrapper(this: unknown, ctx: Context) {
-        // Inject datasources into context for remote actions too
-        (ctx as DatasourceContext).datasources = initializedDatasources;
-        return handler.call(this, ctx);
-      };
-    },
-  };
-}
-
-/**
- * Type helper for services that use datasources
- */
-export type ServiceWithDatasources<T extends DatasourceInstanceRegistry> = {
-  datasources: T;
-};

package/src/middlewares/health.middleware.ts

@@ -1,134 +0,0 @@
-import env from '@ltv/env';
-import http from 'http';
-import type {Service} from 'moleculer';
-
-const HEALTH_CHECK_PORT = env.int('HEALTH_CHECK_PORT', 3301);
-const HEALTH_CHECK_READINESS_PATH = env.string(
-  'HEALTH_CHECK_READINESS_PATH',
-  '/readyz'
-);
-const HEALTH_CHECK_LIVENESS_PATH = env.string(
-  'HEALTH_CHECK_LIVENESS_PATH',
-  '/livez'
-);
-
-interface HealthCheckOptions {
-  port?: number;
-  readiness?: {
-    path?: string;
-  };
-  liveness?: {
-    path?: string;
-  };
-}
-
-interface HealthCheckConfig {
-  port: number;
-  readiness: {
-    path: string;
-  };
-  liveness: {
-    path: string;
-  };
-}
-
-// Default configuration constants
-export const HEALTH_CHECK_DEFAULTS = {
-  PORT: HEALTH_CHECK_PORT,
-  READINESS_PATH: HEALTH_CHECK_READINESS_PATH,
-  LIVENESS_PATH: HEALTH_CHECK_LIVENESS_PATH,
-} as const;
-
-export function CreateHealthCheckMiddleware(opts: HealthCheckOptions = {}) {
-  // Merge user options with defaults
-  const config: HealthCheckConfig = {
-    port: opts.port ?? HEALTH_CHECK_DEFAULTS.PORT,
-    readiness: {
-      path: opts.readiness?.path ?? HEALTH_CHECK_DEFAULTS.READINESS_PATH,
-    },
-    liveness: {
-      path: opts.liveness?.path ?? HEALTH_CHECK_DEFAULTS.LIVENESS_PATH,
-    },
-  };
-
-  type HealthState = 'down' | 'starting' | 'up' | 'stopping';
-
-  let state: HealthState = 'down';
-  let server: http.Server;
-
-  function handler(req: http.IncomingMessage, res: http.ServerResponse) {
-    // Prevent headers from being sent multiple times
-    if (res.headersSent) {
-      return;
-    }
-
-    if (req.url === config.readiness.path || req.url === config.liveness.path) {
-      const resHeader = {
-        'Content-Type': 'application/json; charset=utf-8',
-      };
-
-      const content = {
-        state,
-        uptime: process.uptime(),
-        timestamp: Date.now(),
-      };
-
-      if (req.url === config.readiness.path) {
-        // Readiness if the broker started successfully.
-        // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes
-        res.writeHead(state === 'up' ? 200 : 503, resHeader);
-      } else {
-        // Liveness if the broker is not stopped.
-        // https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command
-        res.writeHead(state !== 'down' ? 200 : 503, resHeader);
-      }
-
-      res.end(JSON.stringify(content, null, 2));
-    } else {
-      res.writeHead(404, http.STATUS_CODES[404] ?? 'Not Found', {});
-      res.end();
-    }
-  }
-
-  return {
-    created(broker: Service) {
-      state = 'starting';
-
-      server = http.createServer(handler);
-      server.listen(config.port, (err?: Error | undefined) => {
-        if (err) {
-          return broker.logger.error(
-            'Unable to start health-check server',
-            err
-          );
-        }
-
-        broker.logger.info('');
-        broker.logger.info('K8s health-check server listening on');
-        broker.logger.info(
-          `    http://localhost:${config.port}${config.readiness.path}`
-        );
-        broker.logger.info(
-          `    http://localhost:${config.port}${config.liveness.path}`
-        );
-        broker.logger.info('');
-      });
-    },
-
-    // After broker started
-    started() {
-      state = 'up';
-    },
-
-    // Before broker stopping
-    stopping() {
-      state = 'stopping';
-    },
-
-    // After broker stopped
-    stopped() {
-      state = 'down';
-      server.close();
-    },
-  };
-}

package/src/middlewares/index.ts

@@ -1,5 +0,0 @@
-export * from './datasource.middleware';
-export * from './memoize.middleware';
-export * from './health.middleware';
-export * from './permissions.middleware';
-export * from './context-helpers.middleware';

package/src/middlewares/memoize.middleware.ts

@@ -1,33 +0,0 @@
-import type {ServiceSchema, ServiceSettingSchema} from 'moleculer';
-
-export interface MemoizeMixinOptions {
-  ttl?: number;
-}
-
-export function MemoizeMixin(
-  options?: MemoizeMixinOptions
-): ServiceSchema<ServiceSettingSchema> {
-  return {
-    name: '',
-    methods: {
-      async memoize(name: string, params: unknown, fn: () => Promise<unknown>) {
-        if (!this.broker.cacher) return fn();
-
-        const key = this.broker.cacher.defaultKeygen(
-          `${this.name}:memoize-${name}`,
-          params as object | null,
-          {},
-          []
-        );
-
-        let res = await this.broker.cacher.get(key);
-        if (res) return res;
-
-        res = (await fn()) as unknown as object;
-        this.broker.cacher.set(key, res, options?.ttl);
-
-        return res;
-      },
-    },
-  };
-}

package/src/middlewares/permissions.middleware.ts

@@ -1,162 +0,0 @@
-import type {ActionSchema, Service} from 'moleculer';
-
-import {PERMISSIONS, ROLE_PERMISSIONS} from '../configs';
-import {isDev} from '../env';
-
-import {PermissionError} from '../errors';
-import type {AppContext} from '../types';
-
-export type Permission =
-  | keyof typeof PERMISSIONS
-  | string
-  | ((ctx: AppContext, action: ActionSchema) => Promise<boolean> | boolean);
-
-// Middleware interface for type safety
-export interface ActionWithPermissions extends ActionSchema {
-  permissions?: Permission | Permission[];
-}
-
-const permissionHandlers = {
-  [PERMISSIONS.AUTHENTICATED]: async (ctx: AppContext) => !!ctx.meta.user?.id,
-
-  [PERMISSIONS.TENANT_OWNER]: async (ctx: AppContext) =>
-    ctx.meta.user?.roles.includes(PERMISSIONS.OWNER) ?? false,
-
-  [PERMISSIONS.TENANT_MEMBER]: async (ctx: AppContext) =>
-    !!(
-      ctx.meta.user?.tenantId &&
-      ctx.meta.tenantId &&
-      ctx.meta.user.tenantId === ctx.meta.tenantId
-    ),
-};
-
-export const PermissionsMiddleware = {
-  // Wrap local action handlers
-  localAction(
-    handler: (...args: unknown[]) => unknown,
-    action: ActionWithPermissions
-  ) {
-    // If permissions are not defined, return original handler
-    if (!action.permissions) {
-      return handler;
-    }
-
-    const permissions = Array.isArray(action.permissions)
-      ? action.permissions
-      : [action.permissions];
-
-    const permissionNames: string[] = [];
-    const permissionFunctions: Array<
-      (ctx: AppContext, action: ActionSchema) => Promise<boolean> | boolean
-    > = [];
-
-    // Process each permission
-    permissions.forEach((permission) => {
-      if (typeof permission === 'function') {
-        // Add custom permission function
-        permissionFunctions.push(permission);
-        return;
-      }
-
-      if (typeof permission === 'string') {
-        // Check if it's a built-in permission handler
-        if (permission in permissionHandlers) {
-          const handler =
-            permissionHandlers[permission as keyof typeof permissionHandlers];
-          permissionFunctions.push(handler);
-          return;
-        }
-
-        // Otherwise, treat as a permission name to check against user roles
-        permissionNames.push(permission);
-        return;
-      }
-    });
-
-    return async function CheckPermissionsMiddleware(
-      this: Service,
-      ctx: AppContext
-    ) {
-      let hasAccess = false;
-
-      // Check if user has OWNER role (super admin within tenant)
-      if (ctx.meta.user?.roles.includes(PERMISSIONS.OWNER)) {
-        hasAccess = true;
-      }
-
-      // REMOVED: DEVELOPER role bypass - security vulnerability
-      // Developers must have explicit permissions like any other role
-
-      // Check custom permission functions
-      if (!hasAccess && permissionFunctions.length > 0) {
-        const results = await Promise.allSettled(
-          permissionFunctions.map((fn) => fn(ctx, action))
-        );
-
-        hasAccess = results.some(
-          (result) => result.status === 'fulfilled' && !!result.value
-        );
-
-        // Log failed permissions without exposing details
-        const failures = results.filter((r) => r.status === 'rejected');
-        if (failures.length > 0) {
-          ctx.broker.logger.warn(
-            `${failures.length} permission functions failed`,
-            {
-              action: action.name,
-              userId: ctx.meta.user?.id,
-            }
-          );
-        }
-      }
-
-      // Check named permissions against user roles
-      if (!hasAccess && permissionNames.length > 0) {
-        const userRoles = ctx.meta.user?.roles ?? [];
-
-        // Check if user has any role that includes the required permissions
-        hasAccess = userRoles.some((role: string) => {
-          const rolePermissions = ROLE_PERMISSIONS[role] ?? [];
-          return permissionNames.some((permName) =>
-            rolePermissions.includes(permName)
-          );
-        });
-      }
-
-      // Throw error if access denied
-      if (!hasAccess) {
-        const user = ctx.meta.user;
-        ctx.broker.logger.warn('Access denied:', {
-          action: action.name,
-          userId: user?.id,
-          userRoles: user?.roles,
-          tenantId: ctx.meta.tenantId,
-          requiredPermissions: permissions,
-        });
-
-        // Sanitize error details for production
-        const errorDetails = isDev
-          ? {
-              action: action.name,
-              requiredPermissions: permissions.map((p) =>
-                typeof p === 'function' ? '[Function]' : String(p)
-              ),
-              userRoles: user?.roles ?? [],
-              userId: user?.id,
-              tenantId: ctx.meta.tenantId,
-            }
-          : {
-              action: action.name,
-            };
-
-        throw new PermissionError(
-          'You do not have permission to perform this action',
-          errorDetails
-        );
-      }
-
-      // Call the original handler
-      return handler.call(this, ctx);
-    };
-  },
-};