@internetderdinge/api 1.224.2

package/src/accounts/accounts.validation.ts

@@ -0,0 +1,118 @@
+import { extendZodWithOpenApi } from "@asteasolutions/zod-to-openapi";
+import { z } from "zod";
+import { objectId } from "../validations/custom.validation.js";
+import {
+  zPagination,
+  zGet,
+  zObjectId,
+  zPatchBody,
+  zUpdate,
+  zDelete,
+} from "../utils/zValidations.js";
+
+extendZodWithOpenApi(z);
+
+export const createAccountSchema = {
+  body: z.object({
+    name: z
+      .string()
+      .openapi({ example: "Sample Entry", description: "Name of the entry" })
+      .optional(),
+    medication: zObjectId.openapi({ description: "Medication ObjectId" }),
+    organization: zObjectId.openapi({ description: "Organization ObjectId" }),
+    patient: zObjectId.openapi({ description: "Patient ObjectId" }),
+    meta: z
+      .record(z.any())
+      .openapi({
+        example: { key: "value" },
+        description: "Additional metadata for the entry",
+      })
+      .optional(),
+  }),
+};
+
+export const getUsersSchema = zPagination;
+
+export const getAccountSchema = {
+  params: z.object({
+    accountId: z
+      .string()
+      .openapi({
+        example: "auth0%7C60452f4c0dc85b0062326",
+        description: "Auth Account ID",
+      }),
+  }),
+};
+
+export const updateAccountSchema = {
+  params: z.object({
+    accountId: z
+      .string()
+      .openapi({
+        example: "auth0%7C60452f4c0dc85b0062326",
+        description: "Auth Account ID",
+      }),
+  }),
+  body: zPatchBody({
+    language: z
+      .string()
+      .nullable()
+      .optional()
+      .openapi({ example: "en", description: "Language code" }),
+    gender: z
+      .string()
+      .nullable()
+      .optional()
+      .openapi({ example: "female", description: "Gender" }),
+    email: z
+      .string()
+      .email()
+      .optional()
+      .openapi({ description: "User email address" }),
+    given_name: z
+      .string()
+      .optional()
+      .openapi({ example: "John", description: "Given name" }),
+    family_name: z
+      .string()
+      .optional()
+      .openapi({ example: "Doe", description: "Family name" }),
+    debug: z.boolean().optional(),
+    demo: z.boolean().optional(),
+    notification: z
+      .record(z.any())
+      .optional()
+      .openapi({ description: "Notification settings object" }),
+  }),
+};
+
+export const deleteEntrySchema = {
+  params: z.object({
+    accountId: z
+      .string()
+      .openapi({
+        example: "auth0%7C60452f4c0dc85b0062326",
+        description: "Auth Account ID",
+      }),
+  }),
+};
+
+export const currentAccountSchema = {};
+
+export const currentAccountMfaEnrollSchema = {
+  /* body: z.object({
+    mfaEnroll: z.string().openapi({ example: 'totp', description: 'MFA token to enroll' }),
+  }), */
+};
+
+export const setDeviceTokenSchema = {
+  body: z.object({
+    token: z
+      .string()
+      .openapi({ example: "device-token", description: "Device token to set" }),
+  }),
+};
+
+export const getAvatarSchema = {};
+
+export const deleteCurrentSchema = {};

package/src/accounts/auth0.service.ts

@@ -0,0 +1,226 @@
+import { AuthenticationClient, ManagementClient } from 'auth0';
+import type { ManagementClientOptions, User } from 'auth0';
+import { promises as fs, readFileSync } from 'fs';
+import { config } from 'process';
+
+interface TokenManagementClient {
+  clientId?: string;
+  clientSecret?: string;
+  token?: string;
+}
+
+type CachedToken = {
+  token: string;
+  expiresAt: number;
+};
+
+let tokenManagementClient: TokenManagementClient = {
+  clientId: process.env.AUTH0_CLIENT_ID,
+  clientSecret: process.env.AUTH0_CLIENT_SECRET,
+};
+
+//if (config.env !== 'production') {
+try {
+  console.warn('Auth0 client: use local token from cache try');
+  const token = readFileSync('./token.txt', 'utf8');
+  console.warn('Auth0 client: use local token from cache');
+  tokenManagementClient = { token };
+} catch (error) {
+  console.log('Auth0 Client: use new token');
+}
+//}
+
+// IoT Api
+/*
+export const auth0Management = new ManagementClient({
+  ...tokenManagementClient,
+  domain: process.env.AUTH0_MANAGEMENT_DOMAIN!,
+  grant_type: 'client_credentials',
+  audience: process.env.AUTH0_AUDIENCE!,
+} as ManagementClientOptions);
+ */
+
+// add this AuthenticationClient just for token fetching
+export const auth0AuthClient = new AuthenticationClient({
+  domain: process.env.AUTH0_MANAGEMENT_DOMAIN!,
+  clientId: process.env.AUTH0_MANAGEMENT_CLIENT_ID!,
+  clientSecret: process.env.AUTH0_MANAGEMENT_CLIENT_SECRET!,
+});
+
+// In-memory cache for client-credentials tokens
+let cachedToken: string | null = null;
+let tokenExpiresAt: number | null = null;
+let pendingTokenPromise: Promise<string> | null = null;
+
+let cachedManagementToken: string | null = null;
+let managementTokenExpiresAt: number | null = null;
+let pendingManagementTokenPromise: Promise<string> | null = null;
+
+const TOKEN_FILE_PATH = './token.txt';
+const MANAGEMENT_TOKEN_FILE_PATH = './token.management.txt';
+const TOKEN_BUFFER_SECONDS = 60; // refresh a minute before expiry
+const TOKEN_FALLBACK_TTL_SECONDS = 3300; // ~55 minutes when no expiry metadata exists
+
+const loadTokenFromFile = async (filePath: string): Promise<CachedToken | null> => {
+  try {
+    const raw = await fs.readFile(filePath, 'utf8');
+    try {
+      const parsed = JSON.parse(raw);
+      if (parsed?.token && parsed?.expiresAt) {
+        return { token: parsed.token, expiresAt: parsed.expiresAt };
+      }
+    } catch (parseError) {
+      // Backward compatibility: token.txt previously contained only the token string
+      const now = Math.floor(Date.now() / 1000);
+      return { token: raw.trim(), expiresAt: now + TOKEN_FALLBACK_TTL_SECONDS };
+    }
+  } catch (error) {
+    return null;
+  }
+  return null;
+};
+
+const writeTokenFile = async (filePath: string, token: string, expiresAt: number): Promise<void> => {
+  const payload = JSON.stringify({ token, expiresAt });
+  await fs.writeFile(filePath, payload, 'utf8');
+};
+
+const tokenIsValid = (token: string | null, expiresAt: number | null, now: number): boolean => {
+  if (!token || !expiresAt) return false;
+  return now < expiresAt - TOKEN_BUFFER_SECONDS;
+};
+
+export const getAuth0Token = async (): Promise<string> => {
+  const audience = process.env.AUTH0_AUDIENCE || process.env.AUTH0_MANAGEMENT_AUDIENCE || 'localhost:3000/';
+  const grantOpts = { audience };
+
+  const now = Math.floor(Date.now() / 1000);
+  if (tokenIsValid(cachedToken, tokenExpiresAt, now)) return cachedToken as string;
+  if (pendingTokenPromise) return pendingTokenPromise;
+
+  pendingTokenPromise = (async () => {
+    // Non-production: try to reuse a file-cached token (for local dev) before minting a new one
+    // if (process.env.NODE_ENV !== 'production') {
+    const fileToken = await loadTokenFromFile(TOKEN_FILE_PATH);
+    if (fileToken && fileToken.expiresAt > now + TOKEN_BUFFER_SECONDS) {
+      cachedToken = fileToken.token;
+      tokenExpiresAt = fileToken.expiresAt;
+      pendingTokenPromise = null;
+      return cachedToken;
+    }
+    //}
+
+    const tokenResponse = await auth0AuthClient.oauth.clientCredentialsGrant(grantOpts);
+    const expiresIn = tokenResponse.data.expires_in || 3600;
+    cachedToken = tokenResponse.data.access_token;
+    tokenExpiresAt = now + expiresIn;
+
+    // if (process.env.NODE_ENV !== 'production') {
+    await writeTokenFile(TOKEN_FILE_PATH, cachedToken, tokenExpiresAt);
+    // }
+
+    pendingTokenPromise = null;
+    return cachedToken;
+  })();
+
+  return pendingTokenPromise;
+};
+
+export const getAuth0ManagementToken = async (): Promise<string> => {
+  const audience = process.env.AUTH0_MANAGEMENT_AUDIENCE;
+  if (!audience) {
+    throw new Error('Missing AUTH0_MANAGEMENT_AUDIENCE; cannot mint Management API token');
+  }
+
+  const grantOpts = { audience };
+  const now = Math.floor(Date.now() / 1000);
+
+  if (tokenIsValid(cachedManagementToken, managementTokenExpiresAt, now)) return cachedManagementToken as string;
+  if (pendingManagementTokenPromise) return pendingManagementTokenPromise;
+
+  pendingManagementTokenPromise = (async () => {
+    const fileToken = await loadTokenFromFile(MANAGEMENT_TOKEN_FILE_PATH);
+    if (fileToken && fileToken.expiresAt > now + TOKEN_BUFFER_SECONDS) {
+      cachedManagementToken = fileToken.token;
+      managementTokenExpiresAt = fileToken.expiresAt;
+      pendingManagementTokenPromise = null;
+      return cachedManagementToken;
+    }
+
+    const tokenResponse = await auth0AuthClient.oauth.clientCredentialsGrant(grantOpts);
+    const expiresIn = tokenResponse.data.expires_in || 3600;
+    cachedManagementToken = tokenResponse.data.access_token;
+    managementTokenExpiresAt = now + expiresIn;
+
+    await writeTokenFile(MANAGEMENT_TOKEN_FILE_PATH, cachedManagementToken, managementTokenExpiresAt);
+
+    pendingManagementTokenPromise = null;
+    return cachedManagementToken;
+  })();
+
+  return pendingManagementTokenPromise;
+};
+
+export const auth0 = new ManagementClient({
+  domain: process.env.AUTH0_MANAGEMENT_DOMAIN!,
+  audience: process.env.AUTH0_MANAGEMENT_AUDIENCE!,
+  token: getAuth0ManagementToken,
+});
+
+export const getUserIdByEmail = async (email: string): Promise<User[]> => {
+  // use the users resource to look up by email
+  return auth0.usersByEmail.getByEmail({ email });
+};
+
+export const sendVerificationEmail = async (userID: string): Promise<void> => {
+  await auth0.jobs.verifyEmail({ user_id: userID });
+};
+
+export const getUserById = async (userId: string): Promise<User> => {
+  return auth0.users.get({ id: userId });
+};
+
+export const avatar = async (userId: string): Promise<User> => {
+  return auth0.users.get({ id: userId });
+};
+
+export const mfaEnrollAccount = async (userId: string, mfaToken: string): Promise<any> => {
+  const ticketResponse = await auth0.guardian.createEnrollmentTicket({
+    user_id: userId,
+    send_mail: false,
+  });
+
+  return ticketResponse;
+};
+
+export const mfaDisableAccount = async (userId: string): Promise<any> => {
+  await auth0.users.deleteAuthenticationMethods({ id: userId });
+  return { success: true };
+};
+
+export const getUsersByIds = async (postIDs: string[]): Promise<User[]> => {
+  let q = '';
+  postIDs.forEach((e, i) => {
+    if (e) q = `${q} ${i >= 2 ? ' OR ' : ''} user_id:"${e}"`;
+  });
+
+  const params = {
+    search_engine: 'v3',
+    q,
+    per_page: 100,
+    page: 0,
+  };
+
+  return auth0.users.getAll(params);
+};
+
+export default {
+  auth0,
+  avatar,
+  getAuth0Token,
+  getUsersByIds,
+  getUserIdByEmail,
+  getUserById,
+  mfaEnrollAccount,
+  sendVerificationEmail,
+};

package/src/config/config.ts

@@ -0,0 +1,49 @@
+import dotenv from "dotenv";
+
+// Load env from the current working directory
+dotenv.config();
+
+import Joi from "joi";
+
+const envVarsSchema = Joi.object()
+  .keys({
+    NODE_ENV: Joi.string()
+      .valid("production", "development", "test")
+      .required(),
+    PORT: Joi.number().default(3000),
+    MONGODB_URL: Joi.string().required().description("Mongo DB url"),
+  })
+  .unknown();
+
+const { value: envVars, error } = envVarsSchema
+  .prefs({ errors: { label: "key" } })
+  .validate(process.env);
+
+if (error) {
+  throw new Error(`Config validation error: ${error.message}`);
+}
+
+export const config = {
+  env: envVars.NODE_ENV,
+  port: envVars.PORT,
+  mongoose: {
+    url: envVars.MONGODB_URL + (envVars.NODE_ENV === "test" ? "-test" : ""),
+    useCreateIndex: true,
+    useNewUrlParser: true,
+    useUnifiedTopology: true,
+    useFindAndModify: false,
+  },
+  /* email: {
+    smtp: {
+      host: envVars.SMTP_HOST,
+      port: envVars.SMTP_PORT,
+      auth: {
+        user: envVars.SMTP_USERNAME,
+        pass: envVars.SMTP_PASSWORD,
+      },
+    },
+    from: envVars.EMAIL_FROM,
+  }, */
+};
+
+export default config;

package/src/config/logger.ts

@@ -0,0 +1,33 @@
+import winston from 'winston';
+import type { Format } from 'logform';
+import config from './config';
+
+const enumerateErrorFormat: Format = winston.format((info) => {
+  if (info instanceof Error) {
+    Object.assign(info, { message: info.stack });
+  }
+  return info;
+});
+
+const logger = winston.createLogger({
+  level: config.env === 'development' ? 'debug' : 'info',
+  format: winston.format.combine(
+    enumerateErrorFormat(),
+    config.env === 'development' ? winston.format.colorize() : winston.format.uncolorize(),
+    winston.format.splat(),
+    winston.format.printf((info) => {
+      const { level, message, stack, ...rest } = info as Record<string, unknown>;
+      const restKeys = Object.keys(rest);
+      const restText = restKeys.length ? ` ${JSON.stringify(rest)}` : '';
+      const stackText = stack ? `\n${stack}` : '';
+      return `${level}: ${message}${stackText}${restText}`;
+    }),
+  ),
+  transports: [
+    new winston.transports.Console({
+      stderrLevels: ['error'],
+    }),
+  ],
+});
+
+export default logger;

package/src/config/morgan.ts

@@ -0,0 +1,22 @@
+import morgan from 'morgan';
+import type { Request, Response } from 'express';
+import config from './config';
+import logger from './logger';
+
+morgan.token('message', (req: Request, res: Response) => res.locals.errorMessage || '');
+
+const getIpFormat = (): string => (config.env === 'production' ? ':remote-addr - ' : '');
+const successResponseFormat = `${getIpFormat()}:method :url :status - :response-time ms`;
+const errorResponseFormat = `${getIpFormat()}:method :url :status - :response-time ms - message: :message`;
+
+const successHandler = morgan(successResponseFormat, {
+  skip: (req: Request, res: Response) => res.statusCode >= 400,
+  stream: { write: (message: string) => logger.info(message.trim()) },
+});
+
+const errorHandler = morgan(errorResponseFormat, {
+  skip: (req: Request, res: Response) => res.statusCode < 400,
+  stream: { write: (message: string) => logger.error(message.trim()) },
+});
+
+export default { successHandler, errorHandler };

package/src/config/passport.cjs

@@ -0,0 +1,30 @@
+const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt');
+const config = require('./config.cjs');
+const { tokenTypes } = require('./tokens.cjs');
+const { User } = require('../models.cjs');
+
+const jwtOptions = {
+  secretOrKey: config.jwt.secret,
+  jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+};
+
+const jwtVerify = async (payload, done) => {
+  try {
+    if (payload.type !== tokenTypes.ACCESS) {
+      throw new Error('Invalid token type');
+    }
+    const user = await User.findById(payload.sub);
+    if (!user) {
+      return done(null, false);
+    }
+    done(null, user);
+  } catch (error) {
+    done(error, false);
+  }
+};
+
+const jwtStrategy = new JwtStrategy(jwtOptions, jwtVerify);
+
+module.exports = {
+  jwtStrategy,
+};

package/src/config/roles.ts

@@ -0,0 +1,13 @@
+const allRoles = {
+  user: [],
+  admin: ['getUsers', 'manageUsers'],
+  patient: [],
+};
+
+export const roles = Object.keys(allRoles);
+export const roleRights = new Map(Object.entries(allRoles));
+
+export default {
+  roles,
+  roleRights,
+};

package/src/config/tokens.cjs

@@ -0,0 +1,10 @@
+const tokenTypes = {
+  ACCESS: 'access',
+  REFRESH: 'refresh',
+  RESET_PASSWORD: 'resetPassword',
+  VERIFY_EMAIL: 'verifyEmail',
+};
+
+module.exports = {
+  tokenTypes,
+};