npm - @intranefr/superbackend - Versions diffs - 1.4.3 - Mend

@intranefr/superbackend 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/.commiat +4 -0
package/.env.example +47 -0
package/README.md +110 -0
package/index.js +94 -0
package/package.json +67 -0
package/public/css/styles.css +139 -0
package/public/js/animations.js +41 -0
package/sdk/error-tracking/browser/package.json +16 -0
package/sdk/error-tracking/browser/src/core.js +270 -0
package/sdk/error-tracking/browser/src/embed.js +18 -0
package/sdk/error-tracking/browser/src/index.js +1 -0
package/server.js +5 -0
package/src/admin/endpointRegistry.js +300 -0
package/src/controllers/admin.controller.js +321 -0
package/src/controllers/adminAssets.controller.js +530 -0
package/src/controllers/adminAssetsStorage.controller.js +260 -0
package/src/controllers/adminEjsVirtual.controller.js +354 -0
package/src/controllers/adminFeatureFlags.controller.js +155 -0
package/src/controllers/adminHeadless.controller.js +1071 -0
package/src/controllers/adminI18n.controller.js +604 -0
package/src/controllers/adminJsonConfigs.controller.js +97 -0
package/src/controllers/adminLlm.controller.js +273 -0
package/src/controllers/adminMigration.controller.js +257 -0
package/src/controllers/adminSeoConfig.controller.js +515 -0
package/src/controllers/adminStats.controller.js +121 -0
package/src/controllers/adminUploadNamespaces.controller.js +208 -0
package/src/controllers/assets.controller.js +248 -0
package/src/controllers/auth.controller.js +93 -0
package/src/controllers/billing.controller.js +223 -0
package/src/controllers/featureFlags.controller.js +35 -0
package/src/controllers/forms.controller.js +217 -0
package/src/controllers/globalSettings.controller.js +252 -0
package/src/controllers/headlessCrud.controller.js +126 -0
package/src/controllers/i18n.controller.js +12 -0
package/src/controllers/invite.controller.js +249 -0
package/src/controllers/jsonConfigs.controller.js +19 -0
package/src/controllers/metrics.controller.js +149 -0
package/src/controllers/notificationAdmin.controller.js +264 -0
package/src/controllers/notifications.controller.js +131 -0
package/src/controllers/org.controller.js +357 -0
package/src/controllers/orgAdmin.controller.js +491 -0
package/src/controllers/stripeAdmin.controller.js +410 -0
package/src/controllers/user.controller.js +361 -0
package/src/controllers/userAdmin.controller.js +277 -0
package/src/controllers/waitingList.controller.js +167 -0
package/src/controllers/webhook.controller.js +200 -0
package/src/middleware/auth.js +66 -0
package/src/middleware/errorCapture.js +170 -0
package/src/middleware/headlessApiTokenAuth.js +57 -0
package/src/middleware/org.js +108 -0
package/src/middleware.js +901 -0
package/src/models/ActionEvent.js +31 -0
package/src/models/ActivityLog.js +41 -0
package/src/models/Asset.js +84 -0
package/src/models/AuditEvent.js +93 -0
package/src/models/EmailLog.js +28 -0
package/src/models/ErrorAggregate.js +72 -0
package/src/models/FormSubmission.js +41 -0
package/src/models/GlobalSetting.js +38 -0
package/src/models/HeadlessApiToken.js +24 -0
package/src/models/HeadlessModelDefinition.js +41 -0
package/src/models/I18nEntry.js +77 -0
package/src/models/I18nLocale.js +33 -0
package/src/models/Invite.js +70 -0
package/src/models/JsonConfig.js +46 -0
package/src/models/Notification.js +60 -0
package/src/models/Organization.js +57 -0
package/src/models/OrganizationMember.js +43 -0
package/src/models/StripeCatalogItem.js +77 -0
package/src/models/StripeWebhookEvent.js +57 -0
package/src/models/User.js +89 -0
package/src/models/VirtualEjsFile.js +60 -0
package/src/models/VirtualEjsFileVersion.js +43 -0
package/src/models/VirtualEjsGroupChange.js +32 -0
package/src/models/WaitingList.js +41 -0
package/src/models/Webhook.js +63 -0
package/src/models/Workflow.js +29 -0
package/src/models/WorkflowExecution.js +12 -0
package/src/routes/admin.routes.js +26 -0
package/src/routes/adminAssets.routes.js +28 -0
package/src/routes/adminAssetsStorage.routes.js +13 -0
package/src/routes/adminAudit.routes.js +196 -0
package/src/routes/adminEjsVirtual.routes.js +17 -0
package/src/routes/adminErrors.routes.js +164 -0
package/src/routes/adminFeatureFlags.routes.js +12 -0
package/src/routes/adminHeadless.routes.js +38 -0
package/src/routes/adminI18n.routes.js +22 -0
package/src/routes/adminJsonConfigs.routes.js +15 -0
package/src/routes/adminLlm.routes.js +12 -0
package/src/routes/adminMigration.routes.js +81 -0
package/src/routes/adminSeoConfig.routes.js +20 -0
package/src/routes/adminUploadNamespaces.routes.js +13 -0
package/src/routes/assets.routes.js +21 -0
package/src/routes/auth.routes.js +12 -0
package/src/routes/billing.routes.js +11 -0
package/src/routes/errorTracking.routes.js +31 -0
package/src/routes/featureFlags.routes.js +9 -0
package/src/routes/forms.routes.js +9 -0
package/src/routes/formsAdmin.routes.js +13 -0
package/src/routes/globalSettings.routes.js +18 -0
package/src/routes/headless.routes.js +15 -0
package/src/routes/i18n.routes.js +8 -0
package/src/routes/invite.routes.js +9 -0
package/src/routes/jsonConfigs.routes.js +8 -0
package/src/routes/log.routes.js +111 -0
package/src/routes/metrics.routes.js +9 -0
package/src/routes/notificationAdmin.routes.js +15 -0
package/src/routes/notifications.routes.js +12 -0
package/src/routes/org.routes.js +31 -0
package/src/routes/orgAdmin.routes.js +20 -0
package/src/routes/publicAssets.routes.js +7 -0
package/src/routes/stripeAdmin.routes.js +20 -0
package/src/routes/user.routes.js +22 -0
package/src/routes/userAdmin.routes.js +15 -0
package/src/routes/waitingList.routes.js +13 -0
package/src/routes/waitingListAdmin.routes.js +9 -0
package/src/routes/webhook.routes.js +32 -0
package/src/routes/workflowWebhook.routes.js +54 -0
package/src/routes/workflows.routes.js +110 -0
package/src/services/assets.service.js +110 -0
package/src/services/audit.service.js +62 -0
package/src/services/auditLogger.js +165 -0
package/src/services/ejsVirtual.service.js +614 -0
package/src/services/email.service.js +351 -0
package/src/services/errorLogger.js +221 -0
package/src/services/featureFlags.service.js +202 -0
package/src/services/forms.service.js +214 -0
package/src/services/globalSettings.service.js +49 -0
package/src/services/headlessApiTokens.service.js +158 -0
package/src/services/headlessCrypto.service.js +31 -0
package/src/services/headlessModels.service.js +356 -0
package/src/services/i18n.service.js +314 -0
package/src/services/i18nInferredKeys.service.js +337 -0
package/src/services/jsonConfigs.service.js +392 -0
package/src/services/llm.service.js +749 -0
package/src/services/migration.service.js +581 -0
package/src/services/migrationAssets/fsLocal.js +58 -0
package/src/services/migrationAssets/index.js +134 -0
package/src/services/migrationAssets/s3.js +75 -0
package/src/services/migrationAssets/sftp.js +92 -0
package/src/services/notification.service.js +212 -0
package/src/services/objectStorage.service.js +514 -0
package/src/services/seoConfig.service.js +402 -0
package/src/services/storage.js +150 -0
package/src/services/stripe.service.js +185 -0
package/src/services/stripeHelper.service.js +264 -0
package/src/services/uploadNamespaces.service.js +326 -0
package/src/services/webhook.service.js +157 -0
package/src/services/workflow.service.js +271 -0
package/src/utils/asyncHandler.js +5 -0
package/src/utils/encryption.js +80 -0
package/src/utils/jwt.js +40 -0
package/src/utils/orgRoles.js +156 -0
package/src/utils/validation.js +26 -0
package/src/utils/webhookRetry.js +93 -0
package/views/admin-assets.ejs +444 -0
package/views/admin-audit.ejs +283 -0
package/views/admin-coolify-deploy.ejs +207 -0
package/views/admin-dashboard-home.ejs +291 -0
package/views/admin-dashboard.ejs +397 -0
package/views/admin-ejs-virtual.ejs +280 -0
package/views/admin-errors.ejs +368 -0
package/views/admin-feature-flags.ejs +390 -0
package/views/admin-forms.ejs +526 -0
package/views/admin-global-settings.ejs +436 -0
package/views/admin-headless.ejs +2020 -0
package/views/admin-i18n-locales.ejs +221 -0
package/views/admin-i18n.ejs +728 -0
package/views/admin-json-configs.ejs +410 -0
package/views/admin-llm.ejs +884 -0
package/views/admin-metrics.ejs +274 -0
package/views/admin-migration.ejs +814 -0
package/views/admin-notifications.ejs +430 -0
package/views/admin-organizations.ejs +984 -0
package/views/admin-seo-config.ejs +673 -0
package/views/admin-stripe-pricing.ejs +558 -0
package/views/admin-test.ejs +342 -0
package/views/admin-users.ejs +452 -0
package/views/admin-waiting-list.ejs +547 -0
package/views/admin-webhooks.ejs +329 -0
package/views/admin-workflows.ejs +310 -0
package/views/partials/admin-assets-script.ejs +2022 -0
package/views/partials/admin-test-sidebar.ejs +14 -0
package/views/partials/dashboard/nav-items.ejs +66 -0
package/views/partials/dashboard/palette.ejs +63 -0
package/views/partials/dashboard/sidebar.ejs +21 -0
package/views/partials/dashboard/tab-bar.ejs +26 -0
package/views/partials/footer.ejs +3 -0

package/src/controllers/waitingList.controller.js ADDED Viewed

@@ -0,0 +1,167 @@
+const WaitingList = require('../models/WaitingList');
+const { validateEmail, sanitizeString } = require('../utils/validation');
+// Subscribe to waiting list
+exports.subscribe = async (req, res) => {
+  try {
+    const { email, type, referralSource } = req.body;
+    // Validate and sanitize email
+    if (!email) {
+      return res.status(400).json({
+        error: 'Email address is required',
+        field: 'email'
+      });
+    }
+    const sanitizedEmail = sanitizeString(email);
+    if (!validateEmail(sanitizedEmail)) {
+      return res.status(400).json({
+        error: 'Please enter a valid email address',
+        field: 'email'
+      });
+    }
+    // Validate type (generic)
+    const sanitizedType = sanitizeString(type);
+    if (!sanitizedType || typeof sanitizedType !== 'string' || !sanitizedType.trim()) {
+      return res.status(400).json({
+        error: 'Please select your interest type',
+        field: 'type'
+      });
+    }
+    // Check if email already exists
+    const existingEntry = await WaitingList.findOne({ email: sanitizedEmail.toLowerCase() });
+    if (existingEntry) {
+      return res.status(409).json({
+        error: 'This email is already on our waiting list',
+        field: 'email'
+      });
+    }
+    // Create new waiting list entry
+    const waitingListEntry = new WaitingList({
+      email: sanitizedEmail.toLowerCase(),
+      type: sanitizedType.trim(),
+      referralSource: sanitizeString(referralSource) || 'website'
+    });
+    await waitingListEntry.save();
+    // Return success response without sensitive data
+    const response = waitingListEntry.toJSON();
+    delete response.email; // Don't return email in response for privacy
+    res.status(201).json({
+      message: 'Successfully joined the waiting list!',
+      data: response
+    });
+  } catch (error) {
+    console.error('Waiting list subscription error:', error);
+    // Handle specific MongoDB errors
+    if (error.code === 11000) {
+      return res.status(409).json({
+        error: 'This email is already on our waiting list',
+        field: 'email'
+      });
+    }
+    if (error.name === 'ValidationError') {
+      const field = Object.keys(error.errors)[0];
+      return res.status(400).json({
+        error: error.errors[field].message,
+        field: field
+      });
+    }
+    res.status(500).json({
+      error: 'Something went wrong. Please try again later.',
+      field: 'general'
+    });
+  }
+};
+// Get waiting list stats (public)
+exports.getStats = async (req, res) => {
+  try {
+    const totalSubscribers = await WaitingList.countDocuments({ status: 'active' });
+    const typeAgg = await WaitingList.aggregate([
+      { $match: { status: 'active' } },
+      { $group: { _id: '$type', count: { $sum: 1 } } },
+      { $sort: { count: -1, _id: 1 } },
+    ]);
+    const typeCounts = (typeAgg || []).reduce((acc, row) => {
+      if (!row?._id) return acc;
+      acc[String(row._id)] = row.count || 0;
+      return acc;
+    }, {});
+    // Backward compatibility fields (legacy UI/tests)
+    const buyerCount = (typeCounts.buyer || 0) + (typeCounts.both || 0);
+    const sellerCount = (typeCounts.seller || 0) + (typeCounts.both || 0);
+    // Add some mock growth data for demonstration
+    const growthThisWeek = Math.floor(totalSubscribers * 0.05); // 5% growth
+    res.json({
+      totalSubscribers,
+      buyerCount,
+      sellerCount,
+      typeCounts,
+      growthThisWeek,
+      lastUpdated: new Date().toISOString()
+    });
+  } catch (error) {
+    console.error('Waiting list stats error:', error);
+    res.status(500).json({
+      error: 'Unable to load statistics',
+      field: 'general'
+    });
+  }
+};
+// Admin list waiting list entries (includes email)
+exports.adminList = async (req, res) => {
+  try {
+    const {
+      status,
+      type,
+      email,
+      limit = 50,
+      offset = 0,
+    } = req.query;
+    const query = {};
+    if (status) query.status = String(status);
+    if (type) query.type = String(type);
+    if (email) query.email = String(email).trim().toLowerCase();
+    const parsedLimit = Math.min(500, Math.max(1, parseInt(limit, 10) || 50));
+    const parsedOffset = Math.max(0, parseInt(offset, 10) || 0);
+    const entries = await WaitingList.find(query)
+      .sort({ createdAt: -1 })
+      .limit(parsedLimit)
+      .skip(parsedOffset)
+      .select('email type status referralSource createdAt updatedAt')
+      .lean();
+    const total = await WaitingList.countDocuments(query);
+    return res.json({
+      entries,
+      pagination: {
+        total,
+        limit: parsedLimit,
+        offset: parsedOffset,
+      },
+    });
+  } catch (error) {
+    console.error('Waiting list admin list error:', error);
+    return res.status(500).json({ error: 'Failed to list entries' });
+  }
+};

package/src/controllers/webhook.controller.js ADDED Viewed

@@ -0,0 +1,200 @@
+const Webhook = require('../models/Webhook');
+const webhookService = require('../services/webhook.service');
+const webhookController = {
+  /**
+   * Get all webhooks for the current organization
+   */
+  async getAll(req, res) {
+    try {
+      const organizationId = req.orgId || req.currentOrganization?._id || req.org?._id;
+      // If superadmin (Basic Auth), allow fetching all webhooks if no org context
+      const isBasicAuth = req.headers.authorization?.startsWith('Basic ');
+      const query = {};
+      if (organizationId) {
+        query.organizationId = organizationId;
+      } else if (!isBasicAuth) {
+        return res.status(400).json({ error: 'Organization context required' });
+      }
+      const webhooks = await Webhook.find(query);
+      res.json(webhooks);
+    } catch (error) {
+      res.status(500).json({ error: error.message });
+    }
+  },
+  /**
+   * Create a new webhook
+   */
+  async create(req, res) {
+    try {
+      const organizationId = req.orgId || req.currentOrganization?._id || req.org?._id || req.body.organizationId || null;
+      const { name, targetUrl, events, metadata, timeout, isAsync } = req.body;
+      const isBasicAuth = req.headers.authorization?.startsWith('Basic ');
+      if (!organizationId && !isBasicAuth) {
+        return res.status(400).json({ error: 'Organization context required' });
+      }
+      if (!targetUrl || !events || !Array.isArray(events)) {
+        return res.status(400).json({ error: 'targetUrl and events (array) are required' });
+      }
+      // Check name uniqueness if provided
+      if (name) {
+        const existing = await Webhook.findOne({ name, organizationId });
+        if (existing) {
+          return res.status(400).json({ error: 'A webhook with this name already exists in this organization' });
+        }
+      }
+      const webhook = new Webhook({
+        name: name || undefined, // Let mongoose default trigger if name is empty
+        targetUrl,
+        events,
+        organizationId,
+        timeout: timeout || 5000,
+        isAsync: isAsync === true,
+        metadata: metadata || {}
+      });
+      await webhook.save();
+      res.status(201).json(webhook);
+    } catch (error) {
+      res.status(500).json({ error: error.message });
+    }
+  },
+  /**
+   * Update a webhook
+   */
+  async update(req, res) {
+    try {
+      const { id } = req.params;
+      const organizationId = req.orgId || req.currentOrganization?._id || req.org?._id;
+      const isBasicAuth = req.headers.authorization?.startsWith('Basic ');
+      const { name, targetUrl, events, status, metadata, timeout, isAsync } = req.body;
+      const query = { _id: id };
+      if (!isBasicAuth && organizationId) {
+        query.organizationId = organizationId;
+      }
+      const webhook = await Webhook.findOne(query);
+      if (!webhook) {
+        return res.status(404).json({ error: 'Webhook not found' });
+      }
+      if (name && name !== webhook.name) {
+        const existing = await Webhook.findOne({ name, organizationId: webhook.organizationId, _id: { $ne: id } });
+        if (existing) {
+          return res.status(400).json({ error: 'A webhook with this name already exists in this organization' });
+        }
+        webhook.name = name;
+      }
+      if (targetUrl) webhook.targetUrl = targetUrl;
+      if (events && Array.isArray(events)) webhook.events = events;
+      if (status) webhook.status = status;
+      if (metadata) webhook.metadata = metadata;
+      if (timeout !== undefined) webhook.timeout = timeout;
+      if (isAsync !== undefined) webhook.isAsync = isAsync;
+      await webhook.save();
+      res.json(webhook);
+    } catch (error) {
+      res.status(500).json({ error: error.message });
+    }
+  },
+  /**
+   * Delete a webhook
+   */
+  async delete(req, res) {
+    try {
+      const { id } = req.params;
+      const organizationId = req.orgId || req.currentOrganization?._id || req.org?._id;
+      const isBasicAuth = req.headers.authorization?.startsWith('Basic ');
+      const query = { _id: id };
+      if (!isBasicAuth && organizationId) {
+        query.organizationId = organizationId;
+      }
+      const result = await Webhook.deleteOne(query);
+      if (result.deletedCount === 0) {
+        return res.status(404).json({ error: 'Webhook not found' });
+      }
+      res.json({ message: 'Webhook deleted successfully' });
+    } catch (error) {
+      res.status(500).json({ error: error.message });
+    }
+  },
+  /**
+   * Test a webhook delivery
+   */
+  async test(req, res) {
+    try {
+      const { id } = req.params;
+      const organizationId = req.orgId || req.currentOrganization?._id || req.org?._id;
+      const isBasicAuth = req.headers.authorization?.startsWith('Basic ');
+      const query = { _id: id };
+      if (!isBasicAuth && organizationId) {
+        query.organizationId = organizationId;
+      }
+      const webhook = await Webhook.findOne(query);
+      if (!webhook) {
+        return res.status(404).json({ error: 'Webhook not found' });
+      }
+      await webhookService.test(id);
+      res.json({ message: 'Test payload dispatched' });
+    } catch (error) {
+      res.status(500).json({ error: error.message });
+    }
+  },
+  /**
+   * Get delivery history for a webhook
+   */
+  async getHistory(req, res) {
+    try {
+      const { id } = req.params;
+      const organizationId = req.orgId || req.currentOrganization?._id || req.org?._id;
+      const isBasicAuth = req.headers.authorization?.startsWith('Basic ');
+      const AuditEvent = require('../models/AuditEvent');
+      const query = { _id: id };
+      if (!isBasicAuth && organizationId) {
+        query.organizationId = organizationId;
+      }
+      const webhook = await Webhook.findOne(query);
+      if (!webhook) {
+        return res.status(404).json({ error: 'Webhook not found' });
+      }
+      const history = await AuditEvent.find({
+        entityType: 'Webhook',
+        entityId: id,
+        action: { $in: ['WEBHOOK_DELIVERY_SUCCESS', 'WEBHOOK_DELIVERY_FAILURE'] }
+      })
+      .sort({ createdAt: -1 })
+      .limit(50);
+      res.json(history);
+    } catch (error) {
+      res.status(500).json({ error: error.message });
+    }
+  }
+};
+module.exports = webhookController;

package/src/middleware/auth.js ADDED Viewed

@@ -0,0 +1,66 @@
+const { verifyAccessToken } = require("../utils/jwt");
+const User = require("../models/User");
+const authenticate = async (req, res, next) => {
+  try {
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith("Bearer ")) {
+      return res.status(401).json({ error: "No token provided" });
+    }
+    const token = authHeader.substring(7);
+    const decoded = verifyAccessToken(token);
+    const user = await User.findById(decoded.userId);
+    if (!user) {
+      return res.status(401).json({ error: "User not found" });
+    }
+    req.user = user;
+    next();
+  } catch (error) {
+    return res
+      .status(401)
+      .json({ error: error.message || "Authentication failed" });
+  }
+};
+// Basic auth middleware for admin routes
+const basicAuth = (req, res, next) => {
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith("Basic ")) {
+    res.setHeader("WWW-Authenticate", 'Basic realm="Admin Area"');
+    return res.status(401).json({ error: "Authentication required" });
+  }
+  const credentials = Buffer.from(authHeader.substring(6), "base64").toString(
+    "utf-8",
+  );
+  const [username, password] = credentials.split(":");
+  const adminUsername = process.env.ADMIN_USERNAME || "admin";
+  const adminPassword = process.env.ADMIN_PASSWORD || "admin";
+  if (username === adminUsername && password === adminPassword) {
+    next();
+  } else {
+    res.setHeader("WWW-Authenticate", 'Basic realm="Admin Area"');
+    return res.status(401).json({ error: "Invalid credentials" });
+  }
+};
+// Admin role middleware - requires authentication and admin role
+const requireAdmin = (req, res, next) => {
+  if (!req.user) {
+    return res.status(401).json({ error: "Authentication required" });
+  }
+  if (req.user.role !== 'admin') {
+    return res.status(403).json({ error: "Admin access required" });
+  }
+  next();
+};
+module.exports = { authenticate, basicAuth, requireAdmin };

package/src/middleware/errorCapture.js ADDED Viewed

@@ -0,0 +1,170 @@
+const crypto = require('crypto');
+const { logErrorSync, logError } = require('../services/errorLogger');
+const { logAuditSync } = require('../services/auditLogger');
+let originalConsoleError = null;
+let isHooked = false;
+function hookConsoleError() {
+  if (isHooked) return;
+  isHooked = true;
+  originalConsoleError = console.error;
+  console.error = function (...args) {
+    originalConsoleError.apply(console, args);
+    try {
+      let errorObj = null;
+      let message = '';
+      for (const arg of args) {
+        if (arg instanceof Error) {
+          errorObj = arg;
+          break;
+        }
+      }
+      if (errorObj) {
+        message = errorObj.message;
+      } else {
+        message = args
+          .map((a) => {
+            if (typeof a === 'string') return a;
+            try {
+              return JSON.stringify(a);
+            } catch (e) {
+              return String(a);
+            }
+          })
+          .join(' ');
+      }
+      logErrorSync({
+        source: 'backend',
+        severity: 'error',
+        errorName: errorObj?.name || 'ConsoleError',
+        message,
+        stack: errorObj?.stack,
+        extra: { consoleArgs: args.length },
+      });
+    } catch (e) {
+      // avoid loops
+    }
+  };
+}
+function unhookConsoleError() {
+  if (!isHooked || !originalConsoleError) return;
+  console.error = originalConsoleError;
+  isHooked = false;
+}
+function setupProcessHandlers() {
+  process.on('unhandledRejection', (reason) => {
+    try {
+      originalConsoleError
+        ? originalConsoleError('[unhandledRejection]', reason)
+        : console.error('[unhandledRejection]', reason);
+    } catch (e) {
+      // ignore
+    }
+    const error = reason instanceof Error ? reason : new Error(String(reason));
+    logErrorSync({
+      source: 'backend',
+      severity: 'fatal',
+      errorName: 'UnhandledRejection',
+      message: error.message,
+      stack: error.stack,
+      extra: { type: 'unhandledRejection' },
+    });
+  });
+  process.on('uncaughtException', (error, origin) => {
+    try {
+      originalConsoleError
+        ? originalConsoleError('[uncaughtException]', error)
+        : console.error('[uncaughtException]', error);
+    } catch (e) {
+      // ignore
+    }
+    logError({
+      source: 'backend',
+      severity: 'fatal',
+      errorName: 'UncaughtException',
+      message: error.message,
+      stack: error.stack,
+      extra: { origin },
+    }).finally(() => {
+      if (process.env.EXIT_ON_UNCAUGHT_EXCEPTION === 'true') {
+        process.exit(1);
+      }
+    });
+  });
+}
+function expressErrorMiddleware(err, req, res, next) {
+  const statusCode = err.status || err.statusCode || 500;
+  logErrorSync({
+    source: 'backend',
+    severity: statusCode >= 500 ? 'error' : 'warn',
+    errorName: err.name || 'Error',
+    errorCode: err.code,
+    message: err.message,
+    stack: err.stack,
+    actor: {
+      userId: req.user?._id || req.user?.id,
+      role: req.user?.role,
+      ip: req.ip || req.headers?.['x-forwarded-for']?.split(',')[0]?.trim(),
+      userAgent: req.headers?.['user-agent'],
+    },
+    request: {
+      method: req.method,
+      path: req.path,
+      statusCode,
+      requestId: req.headers?.['x-request-id'] || req.requestId,
+    },
+  });
+  if (statusCode >= 400) {
+    logAuditSync({
+      req,
+      action: 'request.error',
+      outcome: 'failure',
+      entityType: 'request',
+      entityId: req.path,
+      details: {
+        errorName: err.name,
+        statusCode,
+        path: req.path,
+      },
+    });
+  }
+  if (res.headersSent) {
+    return next(err);
+  }
+  res.status(statusCode).json({
+    error: process.env.NODE_ENV === 'production' ? 'Internal server error' : err.message,
+  });
+}
+function requestIdMiddleware(req, res, next) {
+  if (!req.headers['x-request-id']) {
+    req.headers['x-request-id'] = crypto.randomUUID();
+  }
+  req.requestId = req.headers['x-request-id'];
+  res.setHeader('X-Request-Id', req.requestId);
+  next();
+}
+module.exports = {
+  hookConsoleError,
+  unhookConsoleError,
+  setupProcessHandlers,
+  expressErrorMiddleware,
+  requestIdMiddleware,
+};

package/src/middleware/headlessApiTokenAuth.js ADDED Viewed

@@ -0,0 +1,57 @@
+const { authenticateApiToken, tokenAllowsOperation } = require('../services/headlessApiTokens.service');
+function extractToken(req) {
+  const headerToken = req.headers['x-api-token'] || req.headers['x-api-key'];
+  if (headerToken) return String(headerToken).trim();
+  const auth = req.headers.authorization;
+  if (auth && auth.toLowerCase().startsWith('bearer ')) {
+    return String(auth.slice(7)).trim();
+  }
+  return null;
+}
+function getOperationFromMethod(method) {
+  const m = String(method || '').toUpperCase();
+  if (m === 'GET') return 'read';
+  if (m === 'POST') return 'create';
+  if (m === 'PUT' || m === 'PATCH') return 'update';
+  if (m === 'DELETE') return 'delete';
+  return null;
+}
+function headlessApiTokenAuth() {
+  return async (req, res, next) => {
+    try {
+      const token = extractToken(req);
+      const tokenDoc = await authenticateApiToken(token);
+      if (!tokenDoc) return res.status(401).json({ error: 'Invalid or expired API token' });
+      req.headlessApiToken = tokenDoc;
+      return next();
+    } catch (error) {
+      console.error('Headless API token auth error:', error);
+      return res.status(500).json({ error: 'Authentication failed' });
+    }
+  };
+}
+function requireHeadlessPermission() {
+  return (req, res, next) => {
+    const modelCode = req.params.modelCode;
+    const operation = getOperationFromMethod(req.method);
+    if (!operation) return res.status(400).json({ error: 'Unsupported operation' });
+    const ok = tokenAllowsOperation(req.headlessApiToken, modelCode, operation);
+    if (!ok) return res.status(403).json({ error: 'Insufficient permissions' });
+    return next();
+  };
+}
+module.exports = {
+  headlessApiTokenAuth,
+  requireHeadlessPermission,
+};