@internetderdinge/api 1.229.9 → 1.229.17

package/src/email/email.service.ts

@@ -1,13 +1,20 @@
-import AWS from 'aws-sdk';
-import type { SES } from 'aws-sdk';
-import config from '../../src/config/config';
-import i18n from '../../src/i18n/i18n';
+import { SESv2Client, SendEmailCommand } from "@aws-sdk/client-sesv2";
+import config from "../../src/config/config";
+import i18n from "../../src/i18n/i18n";
 
 function urlStartsWithHttp(url: string): boolean {
-  return url.startsWith('http');
+  return url.startsWith("http");
 }
 
-const button = ({ link, text, color = '#0076ff' }: { link: string; text: string; color?: string }): string => {
+const button = ({
+  link,
+  text,
+  color = "#0076ff",
+}: {
+  link: string;
+  text: string;
+  color?: string;
+}): string => {
   return `
   <div><!--[if mso]>
     <v:roundrect xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="urn:schemas-microsoft-com:office:word" href="${link}" style="height:40px;v-text-anchor:middle;width:200px;" arcsize="15%" stroke="f" fillcolor="${color}">
@@ -23,7 +30,15 @@ const button = ({ link, text, color = '#0076ff' }: { link: string; text: string;
 `;
 };
 
-const actionButton = ({ link, text, color = '#0076ff' }: { link: string; text: string; color?: string }): string => {
+const actionButton = ({
+  link,
+  text,
+  color = "#0076ff",
+}: {
+  link: string;
+  text: string;
+  color?: string;
+}): string => {
   return `<table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0" role="presentation">
   <tr>
     <td align="center">
@@ -51,40 +66,49 @@ interface SendEmailParams {
 }
 
 export const sendEmail = async ({
-  title = 'Kein Titel',
-  body = 'Kein Inhalt',
-  url = '',
-  domain = 'memo',
+  title = "Kein Titel",
+  body = "Kein Inhalt",
+  url = "",
+  domain = "memo",
   image,
   email,
   actionButtonText,
   lng,
 }: SendEmailParams): Promise<void> => {
-  const interactive = '#0076ff';
-  AWS.config.update({
-    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
-    accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
-    region: 'eu-central-1',
+  const interactive = "#0076ff";
+  const sesClient = new SESv2Client({
+    region: "eu-central-1",
+    credentials:
+      process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY
+        ? {
+            accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+            secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+          }
+        : undefined,
   });
 
-  const actionButtonTextWithLanguage = i18n.t(actionButtonText || 'Go to Application', { lng });
+  const actionButtonTextWithLanguage = i18n.t(
+    actionButtonText || "Go to Application",
+    { lng },
+  );
 
-  const ses: SES = new AWS.SES({ apiVersion: '2010-12-01' });
-
-  const toEmail = 'notifications@wirewire.de';
-  const base64ToName = Buffer.from(`Memo ${i18n.t('Notifications', { lng })}`).toString('base64');
+  const toEmail = "notifications@wirewire.de";
+  const base64ToName = Buffer.from(
+    `Memo ${i18n.t("Notifications", { lng })}`,
+  ).toString("base64");
   const finalToName = `=?UTF-8?B?${base64ToName}?= <${toEmail}>`;
 
-  const params: SES.SendEmailRequest = {
+  const params = {
     Destination: {
       ToAddresses: [email],
     },
-    ConfigurationSetName: 'memo-transactional',
-    Message: {
-      Body: {
-        Html: {
-          Charset: 'UTF-8',
-          Data: `
+    ConfigurationSetName: "memo-transactional",
+    Content: {
+      Simple: {
+        Body: {
+          Html: {
+            Charset: "UTF-8",
+            Data: `
 <!DOCTYPE html>
 <html>
   <head>
@@ -537,7 +561,7 @@ export const sendEmail = async ({
             <tr>
               <td class="email-masthead">
                 <a href="https://${domain}.wirewire.de" class="f-fallback email-masthead_name">
-                 ${domain === 'memo' ? 'ANABOX smart' : 'paperlesspaper'}
+                 ${domain === "memo" ? "ANABOX smart" : "paperlesspaper"}
               </a>
               </td>
             </tr>
@@ -549,12 +573,14 @@ export const sendEmail = async ({
                   <tr>
                     <td class="content-cell align-center">
                       <div class="f-fallback">
-                      ${image ? `<img class="email-image" src="${image}" alt="memo image" />` : ''}
+                      ${image ? `<img class="email-image" src="${image}" alt="memo image" />` : ""}
                         <h1>${title}</h1>
                         <p>${body}</p>
                         <!-- Action -->
                         ${actionButton({
-                          link: urlStartsWithHttp(url) ? url : `http://${domain}.wirewire.de${url}`,
+                          link: urlStartsWithHttp(url)
+                            ? url
+                            : `http://${domain}.wirewire.de${url}`,
                           text: actionButtonTextWithLanguage,
                         })}
                       </div>
@@ -569,10 +595,10 @@ export const sendEmail = async ({
                   <tr>
                     <td class="content-cell" align="center">
                       <p class="f-fallback sub align-center">
-                        ${domain === 'web' ? 'The Wire UG' : 'wirewire GmbH'}
+                        ${domain === "web" ? "The Wire UG" : "wirewire GmbH"}
                         <a href="http://${domain}.wirewire.de/account">Account</a>
 
-                        ${config.env !== 'production' ? `<br/><br/>Environment: ${config.env}` : ''}
+                        ${config.env !== "production" ? `<br/><br/>Environment: ${config.env}` : ""}
                       </p>
                     </td>
                   </tr>
@@ -586,23 +612,24 @@ export const sendEmail = async ({
   </body>
 </html>
 `,
+          },
+          Text: {
+            Charset: "UTF-8",
+            Data: `${title} ${body}`,
+          },
         },
-        Text: {
-          Charset: 'UTF-8',
-          Data: `${title} ${body}`,
+        Subject: {
+          Charset: "UTF-8",
+          Data: `${title} - Memo App`,
         },
       },
-      Subject: {
-        Charset: 'UTF-8',
-        Data: `${title} - Memo App`,
-      },
     },
-    Source: finalToName,
+    FromEmailAddress: finalToName,
   };
 
   try {
-    const data = await ses.sendEmail(params).promise();
-    console.log('Email submitted to SES', data);
+    const data = await sesClient.send(new SendEmailCommand(params));
+    console.log("Email submitted to SES", data);
   } catch (error) {
     console.error(error);
   }

package/src/index.ts

@@ -13,8 +13,10 @@ export {
 export { initI18n } from "../src/i18n/i18n";
 export { default as i18n } from "../src/i18n/i18n";
 export { default as usersRoute } from "../src/users/users.route";
+export { default as usersService } from "../src/users/users.service";
 export { default as accountsRoute } from "../src/accounts/accounts.route";
 export { default as accountsService } from "../src/accounts/accounts.service";
+export { auth0 } from "../src/accounts/auth0.service";
 export { default as organizationsRoute } from "../src/organizations/organizations.route";
 export { default as organizationsService } from "../src/organizations/organizations.service";
 export { default as Organization } from "../src/organizations/organizations.model";
@@ -25,12 +27,12 @@ export * from "../src/devices/devices.validation";
 export { default as devicesNotificationsRoute } from "./devicesNotifications/devicesNotifications.route";
 export { default as devicesNotificationsService } from "../src/devicesNotifications/devicesNotifications.service";
 export { default as iotDevicesService } from "../src/iotdevice/iotdevice.service";
+export { default as iotdeviceRoute } from "../src/iotdevice/iotdevice.route";
 export { SIMILARITY_THRESHOLD } from "../src/iotdevice/iotdevice.service";
 export { default as pdfRoute } from "../src/pdf/pdf.route";
 export { default as tokensRoute } from "../src/tokens/tokens.route";
 export * from "../src/tokens/tokens.service";
 export { default as Token } from "../src/tokens/tokens.model";
-export * as usersService from "../src/users/users.service";
 export { User } from "../src/users/users.model";
 export { isAdmin, validateAdmin } from "../src/middlewares/validateAdmin";
 export { sendEmail } from "../src/email/email.service";
@@ -42,6 +44,7 @@ export { paginate, toJSON } from "../src/models/plugins/index";
 export { compareImages } from "../src/utils/comparePapers.service";
 export { resolvePossiblyRelativeUrl } from "../src/utils/urlUtils";
 export { getSignedFileUrl } from "../src/files/upload.service";
+export * from "../src/middlewares/rateLimiter";
 export * from "../src/utils/ApiError";
 export * from "../src/utils/buildRouterAndDocs";
 export * from "../src/utils/comparePapers.service";
@@ -53,3 +56,18 @@ export * from "../src/utils/registerOpenApi";
 export * from "../src/utils/urlUtils";
 export * from "../src/utils/userName";
 export * from "../src/utils/zValidations";
+export * from "../src/validations/custom.validation";
+export * from "../src/models/plugins/paginate.plugin";
+export * from "../src/models/plugins/simplePopulate";
+export * from "../src/middlewares/validateOrganization";
+export * from "../src/middlewares/validateUser";
+export * from "../src/middlewares/validateCurrentUser";
+export * from "../src/middlewares/validateZod";
+export * from "../src/middlewares/validateAdmin";
+export * from "../src/middlewares/validateAi";
+export * from "../src/middlewares/validateDevice";
+export * from "../src/middlewares/auth";
+export * from "../src/middlewares/error";
+export * from "../src/accounts/auth0.service";
+export * from "../src/middlewares/validateAction";
+export { default as generateUserName } from "../src/utils/userName";

package/src/iotdevice/iotdevice.route.ts

@@ -148,7 +148,7 @@ export const iotdeviceRouteSpecs: RouteSpec[] = [
     handler: getApiStatus,
     summary: "Get API status by kind",
     description:
-      "Retrieves the API status information for a given status kind.",
+      "Retrieves the IoT API status information for a given status kind to monitor system health or performance. Can be accessed without authentication for monitoring purposes.",
   },
   {
     method: "get",

package/src/iotdevice/iotdevice.service.ts

@@ -1,14 +1,16 @@
 // @ts-nocheck
 import httpStatus from "http-status";
 import axios from "axios";
-import AWS from "aws-sdk";
+import {
+  GetThingShadowCommand,
+  IoTDataPlaneClient,
+  UpdateThingShadowCommand,
+} from "@aws-sdk/client-iot-data-plane";
 import { deviceKindHasFeature } from "../utils/deviceUtils";
 import ApiError from "../utils/ApiError";
 import { getAuth0Token } from "../accounts/auth0.service";
-import { uploadImage, getSignedFileUrl } from "../files/upload.service";
-import { compareImages } from "../utils/comparePapers.service";
+import { getSignedFileUrl } from "../files/upload.service";
 import IotDevice from "./iotdevice.model";
-import { fileTypeFromBuffer } from "file-type";
 
 import type { AxiosRequestConfig } from "axios";
 import type { Device } from "../devices/devices.model.js";
@@ -22,76 +24,13 @@ export const SIMILARITY_THRESHOLD = Number(
   process.env.EPAPER_SIMILARITY_THRESHOLD ?? 99.995,
 );
 
-type UploadSingleImageParams = {
-  deviceName: string;
-  buffer: Buffer;
-  bufferOriginal?: Buffer;
-  bufferEditable?: Buffer;
-  id: string;
-};
+const IOT_DATA_ENDPOINT =
+  "https://a2vm6rc8xrtk10-ats.iot.eu-central-1.amazonaws.com";
 
-const buildUploadResponse = (
-  data: any,
-  similarityPercentage: number | null,
-  skippedUpload: boolean,
-) => {
-  return { /*...data,*/ key: data?.Key, similarityPercentage, skippedUpload };
-};
-
-const downloadPreviousOriginalImage = async (
-  id: string,
-): Promise<Buffer | null> => {
-  if (!id) {
-    return null;
-  }
-
-  try {
-    const signedUrl = await getSignedFileUrl({
-      fileName: `ePaperImages/${id}original.png`,
-    });
-    const response = await axios.get<ArrayBuffer>(signedUrl, {
-      responseType: "arraybuffer",
-    });
-    return Buffer.from(response.data);
-  } catch (error: any) {
-    console.warn(
-      `Unable to download previous image for ${id}:`,
-      error?.message || error,
-    );
-    return null;
-  }
-};
-
-const evaluateSimilarityBeforeUpload = async (
-  id: string,
-  bufferOriginal?: Buffer,
-): Promise<{ similarityPercentage: number | null; skipUpload: boolean }> => {
-  if (!bufferOriginal) {
-    return { similarityPercentage: null, skipUpload: false };
-  }
-
-  const previousBuffer = await downloadPreviousOriginalImage(id);
-  if (!previousBuffer) {
-    return { similarityPercentage: null, skipUpload: false };
-  }
-
-  try {
-    const similarityPercentage = await compareImages(
-      previousBuffer,
-      bufferOriginal,
-    );
-    return {
-      similarityPercentage,
-      skipUpload: similarityPercentage >= SIMILARITY_THRESHOLD,
-    };
-  } catch (error: any) {
-    console.warn(
-      `Similarity comparison failed for ${id}:`,
-      error?.message || error,
-    );
-    return { similarityPercentage: null, skipUpload: false };
-  }
-};
+const iotDataClient = new IoTDataPlaneClient({
+  endpoint: IOT_DATA_ENDPOINT,
+  region: process.env.AWS_REGION ?? "eu-central-1",
+});
 
 /**
  * Get events for a device
@@ -392,20 +331,20 @@ export const getDeviceStatus = async (deviceName, kind) => {
  * @returns {Promise<Device>}
  */
 export const shadowAlarmGet = async (deviceName, shadowName) => {
-  const iotdata = new AWS.IotData({
-    endpoint: "a2vm6rc8xrtk10-ats.iot.eu-central-1.amazonaws.com",
-  });
-
   if (!deviceName) return { error: "deviceName is required" };
-  const params = {
-    thingName: deviceName,
-    shadowName,
-  };
 
   try {
-    const response = await iotdata.getThingShadow(params).promise();
+    const response = await iotDataClient.send(
+      new GetThingShadowCommand({
+        thingName: deviceName,
+        shadowName,
+      }),
+    );
 
-    return JSON.parse(response.payload);
+    const payload = response.payload
+      ? Buffer.from(response.payload).toString("utf8")
+      : "{}";
+    return JSON.parse(payload);
   } catch (e) {
     // console.log(deviceName, e);
     return "error";
@@ -442,99 +381,28 @@ export const ledLightHint = async (deviceName, body) => {
 const shadowAlarmUpdate = async (deviceName, alarms, shadowName) => {
   const data = alarms;
 
-  const iotdata = new AWS.IotData({
-    endpoint: "a2vm6rc8xrtk10-ats.iot.eu-central-1.amazonaws.com",
-  });
-
   if (!deviceName) {
     return { error: "no deviceId" };
   }
-  const params = {
-    payload: JSON.stringify(data),
-    thingName: deviceName,
-    shadowName,
-  };
 
   try {
-    const response = await iotdata.updateThingShadow(params).promise();
-    return JSON.parse(response.payload);
+    const response = await iotDataClient.send(
+      new UpdateThingShadowCommand({
+        payload: JSON.stringify(data),
+        thingName: deviceName,
+        shadowName,
+      }),
+    );
+
+    const payload = response.payload
+      ? Buffer.from(response.payload).toString("utf8")
+      : "{}";
+    return JSON.parse(payload);
   } catch (e) {
     return "error";
   }
 };
 
-export const uploadSingleImage = async ({
-  deviceName,
-  buffer,
-  bufferOriginal,
-  bufferEditable,
-  id,
-  paperId,
-}: UploadSingleImageParams) => {
-  try {
-    const { skipUpload, similarityPercentage } =
-      await evaluateSimilarityBeforeUpload(id, bufferOriginal);
-    var response: any = {};
-
-    if (skipUpload) {
-      return buildUploadResponse(
-        { message: "Image skipped due to similarity threshold" },
-        similarityPercentage,
-        true,
-      );
-    }
-
-    if (!bufferOriginal) {
-      throw new Error("bufferOriginal is required to upload an image");
-    }
-
-    // console.log(`Uploading image for ${id} on ${deviceName}; similarity ${similarityPercentage?.toFixed(5)}%`);
-    if (deviceName) {
-      const accessToken = await getAuth0Token();
-
-      response = await axios.post(
-        `${process.env.IOT_API_URL_EPAPER}uploads`,
-        { deviceName },
-        {
-          headers: { Authorization: `Bearer ${accessToken}` },
-        },
-      );
-      if (!response.data.uploadURL) {
-        console.log("No upload URL received", response.data);
-      } else {
-        await axios.put(response.data.uploadURL, buffer, {
-          //  onUploadProgress: (progressEvent) => console.log('file progress', progressEvent.loaded),
-          headers: { "Content-Type": "text/octet-stream" },
-        });
-      }
-    }
-
-    const type = await fileTypeFromBuffer(buffer);
-    const fileName = `ePaperImages/${id}`;
-
-    await uploadImage({ blob: buffer, key: fileName + ".png", type });
-
-    await uploadImage({
-      blob: bufferOriginal,
-      key: fileName + "original.png",
-      type,
-    });
-
-    if (bufferEditable) {
-      await uploadImage({
-        blob: bufferEditable,
-        key: fileName + "editable.json",
-        type,
-      });
-    }
-
-    return buildUploadResponse(response.data, similarityPercentage, false);
-  } catch (error) {
-    console.error(error);
-    return null;
-  }
-};
-
 /**
  * Get device by ID
  * @param {string} id
@@ -723,7 +591,6 @@ export default {
   deleteById,
   getApiStatus,
   getDevice,
-  uploadSingleImage,
   liveEventsWs,
   shadowAlarmGet,
   shadowAlarmUpdate,

package/src/middlewares/auth.ts

@@ -8,6 +8,75 @@ import type { Request, Response, NextFunction } from "express";
 import ApiError from "../utils/ApiError";
 import Token from "../tokens/tokens.model";
 import { roleRights } from "../config/roles";
+import auth0Service from "../accounts/auth0.service";
+
+const ROLES_CLAIM = "https://memo.wirewire.de/roles";
+const AUTH0_ROLE_CACHE_TTL_MS = 5 * 60 * 1000;
+
+type RoleCacheEntry = {
+  roles: string[];
+  expiresAt: number;
+};
+
+const auth0RolesCache = new Map<string, RoleCacheEntry>();
+
+const dedupeRoles = (roles: string[]): string[] =>
+  Array.from(new Set(roles.map((role) => role.trim()).filter(Boolean)));
+
+const extractRoleNamesFromManagementResponse = (payload: unknown): string[] => {
+  const iterablePayload =
+    payload && typeof (payload as any)[Symbol.iterator] === "function"
+      ? Array.from(payload as Iterable<unknown>)
+      : [];
+
+  const list = Array.isArray(payload)
+    ? payload
+    : Array.isArray((payload as any)?.data)
+      ? (payload as any).data
+      : Array.isArray((payload as any)?.items)
+        ? (payload as any).items
+        : iterablePayload;
+
+  const roleNames = list
+    .map((entry: Record<string, unknown>) =>
+      typeof entry?.name === "string" ? entry.name : "",
+    )
+    .filter(Boolean);
+
+  return dedupeRoles(roleNames);
+};
+
+const getAuth0RolesByOwner = async (ownerId: string): Promise<string[]> => {
+  const now = Date.now();
+  const cached = auth0RolesCache.get(ownerId);
+  if (cached && cached.expiresAt > now) {
+    // return cached.roles;
+  }
+
+  try {
+    console.log(
+      `Fetching Auth0 roles for owner ${ownerId} from Management API...`,
+    );
+    const rolesPayload = await (auth0Service as any).auth0.users.roles.list(
+      ownerId,
+    );
+    console.log(`Fetched Auth0 roles for owner ${ownerId}:`, rolesPayload);
+    const roles = extractRoleNamesFromManagementResponse(rolesPayload);
+
+    auth0RolesCache.set(ownerId, {
+      roles,
+      expiresAt: now + AUTH0_ROLE_CACHE_TTL_MS,
+    });
+
+    return roles;
+  } catch (error) {
+    console.warn("auth middleware: could not fetch Auth0 roles for owner", {
+      ownerId,
+      error,
+    });
+    return [];
+  }
+};
 
 type AuthRequest = Request;
 
@@ -60,8 +129,12 @@ const auth = function authFactory(...requiredRights: string[]) {
 
         if (tokenDoc) {
           const ownerId = tokenDoc.owner as string;
-          const roles = ["api"];
 
+          const auth0Roles = await getAuth0RolesByOwner(ownerId);
+          console.log(
+            `Authenticated API token request for owner ${ownerId}`,
+            auth0Roles,
+          );
           req.auth = {
             id: ownerId,
             tokenId: tokenDoc._id,
@@ -69,7 +142,7 @@ const auth = function authFactory(...requiredRights: string[]) {
             // For API-key auth, we can treat the token owner as the subject.
             // Avoid fetching user profile from Auth0 Management API on every request.
             sub: ownerId,
-            "https://memo.wirewire.de/roles": roles,
+            [ROLES_CLAIM]: auth0Roles,
           };
           return next();
         }

package/src/middlewares/validateAdmin.ts

@@ -3,7 +3,6 @@ import ApiError from "../utils/ApiError";
 import type { Request, Response, NextFunction } from "express";
 
 const isAdmin = (user: Record<string, any> | undefined): boolean => {
-  return false;
   if (!user) return false;
 
   // return false; // TODO: Remove this line when the user object is properly defined

package/src/middlewares/validateCurrentUser.ts

@@ -4,7 +4,7 @@ import userService from "../users/users.service";
 
 import type { Request, Response, NextFunction } from "express";
 
-const getCurrentUser = async (
+export const validateCurrentUser = async (
   req: Request,
   res: Response,
   next: NextFunction,
@@ -32,4 +32,4 @@ const getCurrentUser = async (
   }
 };
 
-export default getCurrentUser;
+export default validateCurrentUser;

package/src/models/plugins/simplePopulate.ts

@@ -1,4 +1,4 @@
-function simplePopulate(populate: string): Record<string, any> {
+export function simplePopulate(populate: string): Record<string, any> {
   let docsPromise: Record<string, any> = {};
   populate.split(",").forEach((populateOption) => {
     docsPromise = populateOption