@internetderdinge/api 1.229.9 → 1.229.17

package/dist/src/middlewares/auth.js

@@ -5,6 +5,52 @@ import jwksRsa from "jwks-rsa";
 import ApiError from "../utils/ApiError";
 import Token from "../tokens/tokens.model";
 import { roleRights } from "../config/roles";
+import auth0Service from "../accounts/auth0.service";
+const ROLES_CLAIM = "https://memo.wirewire.de/roles";
+const AUTH0_ROLE_CACHE_TTL_MS = 5 * 60 * 1000;
+const auth0RolesCache = new Map();
+const dedupeRoles = (roles) => Array.from(new Set(roles.map((role) => role.trim()).filter(Boolean)));
+const extractRoleNamesFromManagementResponse = (payload) => {
+    const iterablePayload = payload && typeof payload[Symbol.iterator] === "function"
+        ? Array.from(payload)
+        : [];
+    const list = Array.isArray(payload)
+        ? payload
+        : Array.isArray(payload?.data)
+            ? payload.data
+            : Array.isArray(payload?.items)
+                ? payload.items
+                : iterablePayload;
+    const roleNames = list
+        .map((entry) => typeof entry?.name === "string" ? entry.name : "")
+        .filter(Boolean);
+    return dedupeRoles(roleNames);
+};
+const getAuth0RolesByOwner = async (ownerId) => {
+    const now = Date.now();
+    const cached = auth0RolesCache.get(ownerId);
+    if (cached && cached.expiresAt > now) {
+        // return cached.roles;
+    }
+    try {
+        console.log(`Fetching Auth0 roles for owner ${ownerId} from Management API...`);
+        const rolesPayload = await auth0Service.auth0.users.roles.list(ownerId);
+        console.log(`Fetched Auth0 roles for owner ${ownerId}:`, rolesPayload);
+        const roles = extractRoleNamesFromManagementResponse(rolesPayload);
+        auth0RolesCache.set(ownerId, {
+            roles,
+            expiresAt: now + AUTH0_ROLE_CACHE_TTL_MS,
+        });
+        return roles;
+    }
+    catch (error) {
+        console.warn("auth middleware: could not fetch Auth0 roles for owner", {
+            ownerId,
+            error,
+        });
+        return [];
+    }
+};
 const verifyCallback = (req, resolve, reject, requiredRights) => async (err, user, info) => {
     if (err || info || !user) {
         return reject(new ApiError(httpStatus.UNAUTHORIZED, "Please authenticate"));
@@ -35,7 +81,8 @@ const auth = function authFactory(...requiredRights) {
                 }).select("+owner");
                 if (tokenDoc) {
                     const ownerId = tokenDoc.owner;
-                    const roles = ["api"];
+                    const auth0Roles = await getAuth0RolesByOwner(ownerId);
+                    console.log(`Authenticated API token request for owner ${ownerId}`, auth0Roles);
                     req.auth = {
                         id: ownerId,
                         tokenId: tokenDoc._id,
@@ -43,7 +90,7 @@ const auth = function authFactory(...requiredRights) {
                         // For API-key auth, we can treat the token owner as the subject.
                         // Avoid fetching user profile from Auth0 Management API on every request.
                         sub: ownerId,
-                        "https://memo.wirewire.de/roles": roles,
+                        [ROLES_CLAIM]: auth0Roles,
                     };
                     return next();
                 }

package/dist/src/middlewares/validateAdmin.js

@@ -1,7 +1,6 @@
 import httpStatus from "http-status";
 import ApiError from "../utils/ApiError";
 const isAdmin = (user) => {
-    return false;
     if (!user)
         return false;
     // return false; // TODO: Remove this line when the user object is properly defined

package/dist/src/middlewares/validateCurrentUser.js

@@ -1,7 +1,7 @@
 import httpStatus from "http-status";
 import ApiError from "../utils/ApiError";
 import userService from "../users/users.service";
-const getCurrentUser = async (req, res, next) => {
+export const validateCurrentUser = async (req, res, next) => {
     try {
         // TODO: Check if the user is logged in
         const currentUser = await userService.getUserByOwner(res.req.auth.sub, req.body.organization);
@@ -17,4 +17,4 @@ const getCurrentUser = async (req, res, next) => {
         next(new ApiError(httpStatus.INTERNAL_SERVER_ERROR, "Failed to validate user service"));
     }
 };
-export default getCurrentUser;
+export default validateCurrentUser;

package/dist/src/models/plugins/simplePopulate.js

@@ -1,4 +1,4 @@
-function simplePopulate(populate) {
+export function simplePopulate(populate) {
     let docsPromise = {};
     populate.split(",").forEach((populateOption) => {
         docsPromise = populateOption

package/dist/src/pdf/pdf.service.js

@@ -1,33 +1,32 @@
 import puppeteer from "puppeteer";
 import { v4 as uuidv4 } from "uuid";
-import AWS from "aws-sdk";
+import { GetObjectCommand, PutObjectCommand, S3Client, } from "@aws-sdk/client-s3";
+import { getSignedUrl as getS3SignedUrl } from "@aws-sdk/s3-request-presigner";
 import path from "path";
-// Configure AWS SDK
-const s3 = new AWS.S3({
-    accessKeyId: process.env.AWS_ACCESS_KEY_ID,
-    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+const s3 = new S3Client({
     region: process.env.AWS_REGION,
+    credentials: process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY
+        ? {
+            accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+            secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+        }
+        : undefined,
 });
 // Function to upload a file to S3
 const uploadBuffer = async (buffer, fileName) => {
-    const params = {
+    await s3.send(new PutObjectCommand({
         Bucket: process.env.AWS_S3_BUCKET_NAME,
         Key: fileName,
         Body: buffer,
         ContentType: "application/pdf",
-        ACL: "private",
-    };
-    const data = await s3.upload(params).promise();
-    return data.Location;
+    }));
 };
 // Generate a signed URL
-const generateSignedUrl = (fileName) => {
-    const params = {
+const generateSignedUrl = async (fileName) => {
+    return getS3SignedUrl(s3, new GetObjectCommand({
         Bucket: process.env.AWS_S3_BUCKET_NAME,
         Key: fileName,
-        Expires: 60 * 60, // URL expiration time in seconds
-    };
-    return s3.getSignedUrl("getObject", params);
+    }), { expiresIn: 60 * 60 });
 };
 const generatePdfFromUrl = async ({ urlPath, token, }) => {
     const domain = process.env.FRONTEND_URL;
@@ -53,10 +52,10 @@ const generatePdfFromUrl = async ({ urlPath, token, }) => {
         localStorage.setItem("print-token", "");
     });
     await browser.close();
-    const fileUrl = await uploadBuffer(Buffer.from(pdf), `download-${uuidv4()}.pdf`);
-    console.log(`File uploaded successfully. File URL: ${fileUrl}`);
-    const fileName = path.basename(fileUrl);
-    const signedUrl = generateSignedUrl(fileName);
+    const fileName = `download-${uuidv4()}.pdf`;
+    await uploadBuffer(Buffer.from(pdf), fileName);
+    console.log(`File uploaded successfully. File Name: ${fileName}`);
+    const signedUrl = await generateSignedUrl(path.basename(fileName));
     console.log(`Signed URL: ${signedUrl}`);
     return signedUrl;
 };

package/dist/src/users/users.schemas.js

@@ -1,5 +1,5 @@
-import { z } from 'zod';
-import { extendZodWithOpenApi } from '@asteasolutions/zod-to-openapi';
+import { z } from "zod";
+import { extendZodWithOpenApi } from "@asteasolutions/zod-to-openapi";
 extendZodWithOpenApi(z);
 export const createUserResponseSchema = z.object({
     id: z.string(),
@@ -23,47 +23,3 @@ export const updateUserResponseSchema = z.object({
 export const deleteUserResponseSchema = z.object({
     success: z.boolean(),
 });
-export const updateTimesByIdResponseSchema = z
-    .array(z.object({
-    rrule: z
-        .object({
-        freq: z.string().optional().openapi({ example: 'DAILY', description: 'Recurrence frequency' }),
-        byweekday: z
-            .array(z.number())
-            .openapi({ example: [0, 1, 2, 6, 3], description: 'Days of week to repeat (0=Sunday)' }),
-        exclude: z.array(z.string()).openapi({ example: ['2024-03-28T10:45:00.000Z'], description: 'Dates to skip' }),
-    })
-        .openapi({ description: 'Recurrence rule object' }),
-    medication: z.string().optional().openapi({ example: '6152c5f3902e7f91374d9f75', description: 'Medication ObjectId' }),
-    patient: z.string().openapi({ example: '614fb1d709dd9f6de85d6374', description: 'Patient ObjectId' }),
-    date: z.string().openapi({ example: '2024-03-25T00:30:00.000Z', description: 'Scheduled date/time (ISO)' }),
-    timeCategory: z.string().openapi({ example: 'noon', description: 'Time category (e.g. morning, noon)' }),
-    amount: z.number().openapi({ example: 1, description: 'Dosage amount' }),
-    emptyStomach: z.boolean().openapi({ example: false, description: 'Whether to take on empty stomach' }),
-    instruction: z.string().optional().openapi({ example: '', description: 'Additional instructions' }),
-    unit: z.string().optional().openapi({ example: 'St', description: 'Dosage unit' }),
-    bake: z.boolean().openapi({ example: false, description: 'Baking flag (if applicable)' }),
-    id: z.string().openapi({ example: '660079fd11fdc2dd935e43af', description: 'Entry identifier' }),
-}))
-    .openapi({
-    example: [
-        {
-            rrule: {
-                freq: 'DAILY',
-                byweekday: [0, 1, 2, 6, 3],
-                exclude: ['2024-03-28T10:45:00.000Z'],
-            },
-            patient: '614fb1d709dd9f6de85d6374',
-            date: '2024-03-25T00:30:00.000Z',
-            timeCategory: 'noon',
-            amount: 1,
-            emptyStomach: false,
-            instruction: '',
-            unit: 'St',
-            bake: false,
-            id: '660079fd11fdc2dd935e43af',
-        },
-        // ...other items
-    ],
-    description: 'Array of updated time entries by ID',
-});

package/dist/src/users/users.service.js

@@ -292,4 +292,5 @@ export default {
     sendEmail,
     populateAuth0User,
     populateAuth0Users,
+    setUpdateTimesByIdHook,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@internetderdinge/api",
-  "version": "1.229.9",
+  "version": "1.229.17",
   "description": "Shared OpenIoT API modules",
   "main": "dist/src/index.js",
   "type": "module",
@@ -15,11 +15,13 @@
     "deps:versions": "node --input-type=module -e \"import { createRequire } from 'node:module'; const require = createRequire(import.meta.url); const out = (name) => { const pkgPath = require.resolve(name + '/package.json'); const version = require(pkgPath).version; console.log(name + '@' + version + ' -> ' + pkgPath); }; out('zod'); out('@asteasolutions/zod-to-openapi');\"",
     "deploy:version": "node ./scripts/release-version.mjs",
     "release:paperless": "node ./scripts/release-and-sync-paperless.mjs",
+    "release:paperless:publish": "node ./scripts/release-and-sync-paperless.mjs --publish",
     "lint": "eslint .",
     "lint:fix": "eslint . --fix"
   },
   "dependencies": {
     "@aws-sdk/client-cloudwatch-events": "^3.990.0",
+    "@aws-sdk/client-iot-data-plane": "^3.990.0",
     "@aws-sdk/client-s3": "^3.990.0",
     "@aws-sdk/client-sesv2": "^3.990.0",
     "@aws-sdk/credential-provider-node": "^3.972.9",
@@ -33,7 +35,6 @@
     "auth0": "^5.3.1",
     "aws-crt": "^1.29.0",
     "aws-iot-device-sdk-v2": "^1.25.0",
-    "aws-sdk": "^2.1693.0",
     "aws4": "^1.13.2",
     "axios": "^1.13.5",
     "body-parser": "~2.2.2",

package/src/accounts/accounts.controller.ts

@@ -138,7 +138,6 @@ const deleteCurrent = catchAsync(
 const current = catchAsync(
   async (req: AuthenticatedRequest, res: Response): Promise<void> => {
     const user = await accountsService.getAccountById(req.auth.sub);
-    console.log("user", user);
     res.send(user);
   },
 );

package/src/config/config.ts

@@ -3,12 +3,6 @@ import dotenv from "dotenv";
 // Load env from the current working directory
 dotenv.config();
 
-console.log("Current working directory:", process.cwd());
-console.log("Loaded environment variables:", {
-  NODE_ENV: process.env.NODE_ENV,
-  PORT: process.env.PORT,
-  MONGODB_URL: process.env.MONGODB_URL,
-});
 import Joi from "joi";
 
 const envVarsSchema = Joi.object()

package/src/devices/devices.controller.ts

@@ -1,7 +1,6 @@
 // @ts-nocheck
 import httpStatus from "http-status";
 import mongoose from "mongoose";
-import multer from "multer";
 import type { Request, Response } from "express";
 import pick from "../utils/pick.js";
 import ApiError from "../utils/ApiError.js";
@@ -129,19 +128,6 @@ const getEntry = catchAsync(
   },
 );
 
-const getImageById = catchAsync(
-  async (req: Request, res: Response): Promise<void> => {
-    const device = await devicesService.getImageById(
-      req.params.deviceId,
-      req.params.uuid,
-    );
-    if (!device) {
-      throw new ApiError(httpStatus.NOT_FOUND, "Device not found");
-    }
-    res.send(device);
-  },
-);
-
 const updateEntry = catchAsync(
   async (req: Request, res: Response): Promise<void> => {
     // TODO: Remove in newer versions
@@ -228,54 +214,15 @@ const rebootDevice = catchAsync(
   },
 );
 
-const updateSingleImageMeta = catchAsync(
-  async (req: Request, res: Response): Promise<void> => {
-    const device = await devicesService.getById(req.params.deviceId);
-
-    const { uuid, ...body } = req.body;
-    const deviceUpdate = await devicesService.updateById(req.params.deviceId, {
-      meta: { ...device.meta, file: uuid },
-    });
-    const deviceMeta = await devicesService.updateSingleImageMeta(
-      device.deviceId,
-      body,
-    );
-    res.send({ deviceMeta, deviceUpdate });
-  },
-);
-
-const uploadSingleImage = catchAsync(
-  async (req: Request, res: Response): Promise<void> => {
-    const device = await devicesService.getById(req.params.deviceId);
-
-    const files = req.files as Array<{ buffer: Buffer }> | undefined;
-    if (!files || files.length === 0) {
-      throw new ApiError(httpStatus.BAD_REQUEST, "No image file uploaded");
-    }
-
-    const iotUpload = await iotDevicesService.uploadSingleImage({
-      deviceName: device.deviceId,
-      buffer: files[0].buffer,
-      deviceId: req.params.deviceId,
-      uuid: req.body.uuid,
-    });
-
-    res.send(iotUpload);
-  },
-);
-
 export {
   createEntry,
   getEntries,
   queryDevicesByUser,
   getEvents,
-  getImageById,
   registerDevice,
   pingDevice,
   ledLight,
   rebootDevice,
-  uploadSingleImage,
-  updateSingleImageMeta,
   getEntry,
   updateEntry,
   deleteEntry,

package/src/devices/devices.route.ts

@@ -1,5 +1,4 @@
 import { Router } from "express";
-import multer from "multer";
 import buildRouterAndDocs from "../utils/buildRouterAndDocs.js";
 import type { RouteSpec } from "../types/routeSpec";
 import auth from "../middlewares/auth.js";
@@ -23,9 +22,6 @@ import {
   registerDeviceSchema,
   ledLightSchema,
   rebootDeviceSchema,
-  getImageSchema,
-  updateSingleImageMetaSchema,
-  uploadSingleImageSchema,
   resetDeviceSchema,
 } from "./devices.validation.js";
 import {
@@ -33,8 +29,6 @@ import {
   devicesResponseSchema,
   eventResponseSchema,
   genericResponseSchema,
-  imageResponseSchema,
-  uploadResponseSchema,
   resetResponseSchema,
 } from "./devices.schemas.js";
 import {
@@ -105,6 +99,9 @@ export const devicesRouteSpecs: RouteSpec[] = [
   {
     method: "delete",
     path: "/:deviceId",
+    validate: [auth("manageUsers"), validateDevice, validateOrganizationDelete],
+    requestSchema: deleteDeviceSchema,
+    responseSchema: genericResponseSchema,
     handler: devicesController.deleteEntry,
     summary: "Delete a device",
     description: "Remove the specified device from the system.",
@@ -168,39 +165,6 @@ export const devicesRouteSpecs: RouteSpec[] = [
     summary: "Reboot a device",
     description: "Initiate a remote reboot of the specified device.",
   },
-  {
-    method: "get",
-    path: "/image/:deviceId/:uuid",
-    validate: [auth("getUsers"), validateDevice],
-    requestSchema: getImageSchema,
-    responseSchema: imageResponseSchema,
-    handler: devicesController.getImageById,
-    summary: "Fetch an image by UUID",
-    description:
-      "Download a previously uploaded image for the device by its UUID.",
-  },
-  {
-    method: "post",
-    path: "/updateSingleImageMeta/:deviceId",
-    validate: [auth("getUsers"), validateDevice],
-    requestSchema: updateSingleImageMetaSchema,
-    responseSchema: uploadResponseSchema,
-    handler: devicesController.updateSingleImageMeta,
-    summary: "Update image metadata",
-    description:
-      "Modify metadata (e.g., title, tags) for an existing device image.",
-  },
-  {
-    method: "post",
-    path: "/uploadSingleImage/:deviceId",
-    validate: [auth("getUsers"), multer().array("picture", 2), validateDevice],
-    requestSchema: uploadSingleImageSchema,
-    responseSchema: uploadResponseSchema,
-    handler: devicesController.uploadSingleImage,
-    summary: "Upload one or two images",
-    description:
-      "Upload up to two image files to the device for processing or storage.",
-  },
 ];
 
 const router: Router = Router();

package/src/devices/devices.service.ts

@@ -5,7 +5,6 @@ import ApiError from "../utils/ApiError.js";
 import iotDevicesService from "../iotdevice/iotdevice.service.js";
 
 import { promisify } from "util";
-import { getSignedFileUrl } from "../files/upload.service";
 import { deviceByDeviceName, deviceKindHasFeature } from "../utils/deviceUtils";
 
 import type { DeviceDocument, DeviceInput } from "./devices.model.js";
@@ -107,15 +106,6 @@ export const populateDeviceStatus = async (e: {
   return deviceStatus;
 };
 
-export const populateDeviceImage = async (
-  deviceId: string,
-  uuid: string,
-): Promise<string> => {
-  const fileName = `ePaperImages/${deviceId}+${uuid}.png`;
-  const url = await getSignedFileUrl({ fileName });
-  return url;
-};
-
 export const populateIotDevices = async (
   data: DeviceDocument[],
 ): Promise<any[]> => {
@@ -154,14 +144,6 @@ export const getById = async (id: string): Promise<DeviceDocument> => {
   return device;
 };
 
-export const getImageById = async (
-  id: string,
-  uuid: string,
-): Promise<{ url: string }> => {
-  const url = await populateDeviceImage(id, uuid);
-  return { url };
-};
-
 export const getByIdWithIoT = async (id: string): Promise<any> => {
   const device = await getById(id);
   if (!device) {
@@ -238,24 +220,6 @@ export const updateById = async (
   return deviceJSON;
 };
 
-export const updateSingleImageMeta = async (
-  deviceId: string,
-  shadowNew: any,
-): Promise<any> => {
-  const shadowBody = {
-    state: {
-      reported: shadowNew,
-    },
-  };
-
-  const shadowResult = await iotDevicesService.shadowAlarmUpdate(
-    deviceId,
-    shadowBody,
-    "settings",
-  );
-  return shadowResult;
-};
-
 export const deleteById = async (
   userId: string,
   deleteFromIotApi = true,
@@ -305,12 +269,10 @@ export default {
   getByIdWithIoT,
   getDeviceByUserId,
   getDeviceByDeviceId,
-  getImageById,
   updateById,
   updatePaymentById,
   deleteById,
   populateIotDevices,
-  populateDeviceImage,
   populateDeviceStatus,
   queryDevicesByUser,
   registerDevice,

package/src/devices/devices.validation.ts

@@ -112,14 +112,6 @@ export const createDeviceSchema = {
 };
 export const deleteDeviceSchema = zDelete("deviceId");
 export const getDeviceSchema = zGet("deviceId");
-export const getImageSchema = {
-  params: z.object({
-    deviceId: zObjectIdFor("deviceId").openapi({
-      description: "Device ObjectId",
-    }),
-    uuid: z.string().openapi({ description: "Image UUID" }),
-  }),
-};
 export const ledLightSchema = {
   params: z.object({
     deviceId: zObjectId.openapi({ description: "Device ObjectId" }),
@@ -202,17 +194,18 @@ export const registerDeviceSchema = {
       example: {
         enable: true,
         organization:
-          process.env.SCHEMA_EXAMPLE_ORGANIZATION_ID || "682fd0d7d4a6325d9d45b86d",
-        patient: process.env.SCHEMA_EXAMPLE_USER_ID || "682fd0d7d4a6325d9d45b86d",
+          process.env.SCHEMA_EXAMPLE_ORGANIZATION_ID ||
+          "682fd0d7d4a6325d9d45b86d",
+        patient:
+          process.env.SCHEMA_EXAMPLE_USER_ID || "682fd0d7d4a6325d9d45b86d",
         paper: process.env.SCHEMA_EXAMPLE_PAPER_ID || null,
       },
     }),
   params: z.object({
-    deviceId: (
-      process.env.SCHEMA_STRICT_EXAMPLES === "true" &&
-      process.env.SCHEMA_EXAMPLE_DEVICE_SERIAL
-        ? z.literal(process.env.SCHEMA_EXAMPLE_DEVICE_SERIAL)
-        : z.string()
+    deviceId: (process.env.SCHEMA_STRICT_EXAMPLES === "true" &&
+    process.env.SCHEMA_EXAMPLE_DEVICE_SERIAL
+      ? z.literal(process.env.SCHEMA_EXAMPLE_DEVICE_SERIAL)
+      : z.string()
     ).openapi({
       description: "Device serial",
       example: process.env.SCHEMA_EXAMPLE_DEVICE_SERIAL || "DEVICE-EXAMPLE",
@@ -224,7 +217,7 @@ export const queryDevicesSchema = {
   ...zPagination,
   query: zPagination.query.extend({
     patient: zObjectIdFor("patient").optional(),
-    organization: zObjectIdFor("organization"),
+    organization: zObjectIdFor("organization").optional(),
   }),
 };
 export const subscriptionSchema = {
@@ -249,34 +242,3 @@ export const updateDeviceSchema = {
     payment: z.record(z.string(), z.any()).optional(),
   }),
 };
-
-export const updateSingleImageMetaSchema = {
-  params: z.object({
-    deviceId: zObjectIdFor("deviceId").openapi({
-      description: "Device ObjectId",
-    }),
-  }),
-  body: z
-    .object({
-      meta: z.record(z.string(), z.any()).optional(),
-    })
-    .openapi({ description: "Image metadata updates" }),
-};
-export const uploadSingleImageSchema = {
-  params: z.object({
-    deviceId: zObjectIdFor("deviceId").openapi({
-      description: "Device ObjectId",
-    }),
-  }),
-  body: z
-    .object({
-      uuid: z
-        .string()
-        .optional()
-        .openapi({ description: "Optional image UUID", example: "mock-uuid" }),
-    })
-    .openapi({
-      description: "Multipart body is mocked during tests.",
-      example: { uuid: "mock-uuid" },
-    }),
-};