npm - @intranefr/superbackend - Versions diffs - 1.4.3 - Mend

@intranefr/superbackend 1.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (188) hide show

package/.commiat +4 -0
package/.env.example +47 -0
package/README.md +110 -0
package/index.js +94 -0
package/package.json +67 -0
package/public/css/styles.css +139 -0
package/public/js/animations.js +41 -0
package/sdk/error-tracking/browser/package.json +16 -0
package/sdk/error-tracking/browser/src/core.js +270 -0
package/sdk/error-tracking/browser/src/embed.js +18 -0
package/sdk/error-tracking/browser/src/index.js +1 -0
package/server.js +5 -0
package/src/admin/endpointRegistry.js +300 -0
package/src/controllers/admin.controller.js +321 -0
package/src/controllers/adminAssets.controller.js +530 -0
package/src/controllers/adminAssetsStorage.controller.js +260 -0
package/src/controllers/adminEjsVirtual.controller.js +354 -0
package/src/controllers/adminFeatureFlags.controller.js +155 -0
package/src/controllers/adminHeadless.controller.js +1071 -0
package/src/controllers/adminI18n.controller.js +604 -0
package/src/controllers/adminJsonConfigs.controller.js +97 -0
package/src/controllers/adminLlm.controller.js +273 -0
package/src/controllers/adminMigration.controller.js +257 -0
package/src/controllers/adminSeoConfig.controller.js +515 -0
package/src/controllers/adminStats.controller.js +121 -0
package/src/controllers/adminUploadNamespaces.controller.js +208 -0
package/src/controllers/assets.controller.js +248 -0
package/src/controllers/auth.controller.js +93 -0
package/src/controllers/billing.controller.js +223 -0
package/src/controllers/featureFlags.controller.js +35 -0
package/src/controllers/forms.controller.js +217 -0
package/src/controllers/globalSettings.controller.js +252 -0
package/src/controllers/headlessCrud.controller.js +126 -0
package/src/controllers/i18n.controller.js +12 -0
package/src/controllers/invite.controller.js +249 -0
package/src/controllers/jsonConfigs.controller.js +19 -0
package/src/controllers/metrics.controller.js +149 -0
package/src/controllers/notificationAdmin.controller.js +264 -0
package/src/controllers/notifications.controller.js +131 -0
package/src/controllers/org.controller.js +357 -0
package/src/controllers/orgAdmin.controller.js +491 -0
package/src/controllers/stripeAdmin.controller.js +410 -0
package/src/controllers/user.controller.js +361 -0
package/src/controllers/userAdmin.controller.js +277 -0
package/src/controllers/waitingList.controller.js +167 -0
package/src/controllers/webhook.controller.js +200 -0
package/src/middleware/auth.js +66 -0
package/src/middleware/errorCapture.js +170 -0
package/src/middleware/headlessApiTokenAuth.js +57 -0
package/src/middleware/org.js +108 -0
package/src/middleware.js +901 -0
package/src/models/ActionEvent.js +31 -0
package/src/models/ActivityLog.js +41 -0
package/src/models/Asset.js +84 -0
package/src/models/AuditEvent.js +93 -0
package/src/models/EmailLog.js +28 -0
package/src/models/ErrorAggregate.js +72 -0
package/src/models/FormSubmission.js +41 -0
package/src/models/GlobalSetting.js +38 -0
package/src/models/HeadlessApiToken.js +24 -0
package/src/models/HeadlessModelDefinition.js +41 -0
package/src/models/I18nEntry.js +77 -0
package/src/models/I18nLocale.js +33 -0
package/src/models/Invite.js +70 -0
package/src/models/JsonConfig.js +46 -0
package/src/models/Notification.js +60 -0
package/src/models/Organization.js +57 -0
package/src/models/OrganizationMember.js +43 -0
package/src/models/StripeCatalogItem.js +77 -0
package/src/models/StripeWebhookEvent.js +57 -0
package/src/models/User.js +89 -0
package/src/models/VirtualEjsFile.js +60 -0
package/src/models/VirtualEjsFileVersion.js +43 -0
package/src/models/VirtualEjsGroupChange.js +32 -0
package/src/models/WaitingList.js +41 -0
package/src/models/Webhook.js +63 -0
package/src/models/Workflow.js +29 -0
package/src/models/WorkflowExecution.js +12 -0
package/src/routes/admin.routes.js +26 -0
package/src/routes/adminAssets.routes.js +28 -0
package/src/routes/adminAssetsStorage.routes.js +13 -0
package/src/routes/adminAudit.routes.js +196 -0
package/src/routes/adminEjsVirtual.routes.js +17 -0
package/src/routes/adminErrors.routes.js +164 -0
package/src/routes/adminFeatureFlags.routes.js +12 -0
package/src/routes/adminHeadless.routes.js +38 -0
package/src/routes/adminI18n.routes.js +22 -0
package/src/routes/adminJsonConfigs.routes.js +15 -0
package/src/routes/adminLlm.routes.js +12 -0
package/src/routes/adminMigration.routes.js +81 -0
package/src/routes/adminSeoConfig.routes.js +20 -0
package/src/routes/adminUploadNamespaces.routes.js +13 -0
package/src/routes/assets.routes.js +21 -0
package/src/routes/auth.routes.js +12 -0
package/src/routes/billing.routes.js +11 -0
package/src/routes/errorTracking.routes.js +31 -0
package/src/routes/featureFlags.routes.js +9 -0
package/src/routes/forms.routes.js +9 -0
package/src/routes/formsAdmin.routes.js +13 -0
package/src/routes/globalSettings.routes.js +18 -0
package/src/routes/headless.routes.js +15 -0
package/src/routes/i18n.routes.js +8 -0
package/src/routes/invite.routes.js +9 -0
package/src/routes/jsonConfigs.routes.js +8 -0
package/src/routes/log.routes.js +111 -0
package/src/routes/metrics.routes.js +9 -0
package/src/routes/notificationAdmin.routes.js +15 -0
package/src/routes/notifications.routes.js +12 -0
package/src/routes/org.routes.js +31 -0
package/src/routes/orgAdmin.routes.js +20 -0
package/src/routes/publicAssets.routes.js +7 -0
package/src/routes/stripeAdmin.routes.js +20 -0
package/src/routes/user.routes.js +22 -0
package/src/routes/userAdmin.routes.js +15 -0
package/src/routes/waitingList.routes.js +13 -0
package/src/routes/waitingListAdmin.routes.js +9 -0
package/src/routes/webhook.routes.js +32 -0
package/src/routes/workflowWebhook.routes.js +54 -0
package/src/routes/workflows.routes.js +110 -0
package/src/services/assets.service.js +110 -0
package/src/services/audit.service.js +62 -0
package/src/services/auditLogger.js +165 -0
package/src/services/ejsVirtual.service.js +614 -0
package/src/services/email.service.js +351 -0
package/src/services/errorLogger.js +221 -0
package/src/services/featureFlags.service.js +202 -0
package/src/services/forms.service.js +214 -0
package/src/services/globalSettings.service.js +49 -0
package/src/services/headlessApiTokens.service.js +158 -0
package/src/services/headlessCrypto.service.js +31 -0
package/src/services/headlessModels.service.js +356 -0
package/src/services/i18n.service.js +314 -0
package/src/services/i18nInferredKeys.service.js +337 -0
package/src/services/jsonConfigs.service.js +392 -0
package/src/services/llm.service.js +749 -0
package/src/services/migration.service.js +581 -0
package/src/services/migrationAssets/fsLocal.js +58 -0
package/src/services/migrationAssets/index.js +134 -0
package/src/services/migrationAssets/s3.js +75 -0
package/src/services/migrationAssets/sftp.js +92 -0
package/src/services/notification.service.js +212 -0
package/src/services/objectStorage.service.js +514 -0
package/src/services/seoConfig.service.js +402 -0
package/src/services/storage.js +150 -0
package/src/services/stripe.service.js +185 -0
package/src/services/stripeHelper.service.js +264 -0
package/src/services/uploadNamespaces.service.js +326 -0
package/src/services/webhook.service.js +157 -0
package/src/services/workflow.service.js +271 -0
package/src/utils/asyncHandler.js +5 -0
package/src/utils/encryption.js +80 -0
package/src/utils/jwt.js +40 -0
package/src/utils/orgRoles.js +156 -0
package/src/utils/validation.js +26 -0
package/src/utils/webhookRetry.js +93 -0
package/views/admin-assets.ejs +444 -0
package/views/admin-audit.ejs +283 -0
package/views/admin-coolify-deploy.ejs +207 -0
package/views/admin-dashboard-home.ejs +291 -0
package/views/admin-dashboard.ejs +397 -0
package/views/admin-ejs-virtual.ejs +280 -0
package/views/admin-errors.ejs +368 -0
package/views/admin-feature-flags.ejs +390 -0
package/views/admin-forms.ejs +526 -0
package/views/admin-global-settings.ejs +436 -0
package/views/admin-headless.ejs +2020 -0
package/views/admin-i18n-locales.ejs +221 -0
package/views/admin-i18n.ejs +728 -0
package/views/admin-json-configs.ejs +410 -0
package/views/admin-llm.ejs +884 -0
package/views/admin-metrics.ejs +274 -0
package/views/admin-migration.ejs +814 -0
package/views/admin-notifications.ejs +430 -0
package/views/admin-organizations.ejs +984 -0
package/views/admin-seo-config.ejs +673 -0
package/views/admin-stripe-pricing.ejs +558 -0
package/views/admin-test.ejs +342 -0
package/views/admin-users.ejs +452 -0
package/views/admin-waiting-list.ejs +547 -0
package/views/admin-webhooks.ejs +329 -0
package/views/admin-workflows.ejs +310 -0
package/views/partials/admin-assets-script.ejs +2022 -0
package/views/partials/admin-test-sidebar.ejs +14 -0
package/views/partials/dashboard/nav-items.ejs +66 -0
package/views/partials/dashboard/palette.ejs +63 -0
package/views/partials/dashboard/sidebar.ejs +21 -0
package/views/partials/dashboard/tab-bar.ejs +26 -0
package/views/partials/footer.ejs +3 -0

package/src/services/workflow.service.js ADDED Viewed

@@ -0,0 +1,271 @@
+const Workflow = require('../models/Workflow');
+const WorkflowExecution = require('../models/WorkflowExecution');
+const llmService = require('./llm.service');
+const { NodeVM } = require('vm2');
+/**
+ * Workflow Service
+ * Handles execution of stacked workflow nodes within SaaSBackend.
+ */
+class WorkflowService {
+  constructor(workflowId, initialContext = {}) {
+    this.workflowId = workflowId;
+    // Ensure initialContext is a clean object
+    const sanitizedContext = (initialContext && typeof initialContext === 'object') ? initialContext : {};
+    this.context = {
+      entrypoint: sanitizedContext,
+      payload: sanitizedContext, // for backward compatibility
+      nodes: {},
+      lastNode: {
+        method: sanitizedContext.method,
+        body: sanitizedContext.body || {},
+        query: sanitizedContext.query || {},
+        headers: sanitizedContext.headers || {}
+      },
+      env: process.env
+    };
+    this.executionLog = [];
+    this.status = 'pending';
+    this.startTime = Date.now();
+  }
+  async runNodeById(workflowId, nodeId, incomingContext) {
+    const workflow = await Workflow.findById(workflowId);
+    if (!workflow) throw new Error('Workflow not found');
+    const node = workflow.nodes.find(n => n.id === nodeId);
+    if (!node) throw new Error('Node not found');
+    // 1. Determine the entrypoint data (priority: incoming context > saved dataset)
+    const entrypoint = incomingContext.entrypoint || incomingContext.payload || workflow.testDataset || {};
+    // 2. Rebuild the context from scratch to ensure a clean state
+    // If incomingContext has lastNode, we use it, otherwise we default to entrypoint
+    this.context = {
+      ...incomingContext,
+      entrypoint: entrypoint,
+      payload: entrypoint,
+      nodes: incomingContext.nodes || {},
+      lastNode: incomingContext.lastNode || {
+        method: entrypoint.method || 'POST',
+        body: entrypoint.body || {},
+        query: entrypoint.query || {},
+        headers: entrypoint.headers || {}
+      },
+      env: process.env
+    };
+    return await this.executeNode(node);
+  }
+  async run() {
+    const workflow = await Workflow.findById(this.workflowId);
+    if (!workflow) throw new Error('Workflow not found');
+    // Initialize entrypoint and payload if not already set via constructor
+    if (!this.context.entrypoint || Object.keys(this.context.entrypoint).length === 0) {
+      const entrypoint = workflow.testDataset || {};
+      this.context.entrypoint = entrypoint;
+      this.context.payload = entrypoint;
+      this.context.lastNode = {
+        method: entrypoint.method,
+        body: entrypoint.body || {},
+        query: entrypoint.query || {},
+        headers: entrypoint.headers || {}
+      };
+    }
+    this.status = 'running';
+    try {
+      await this.executeNodes(workflow.nodes);
+      this.status = 'completed';
+    } catch (err) {
+      this.status = 'failed';
+      this.executionLog.push({ type: 'error', message: err.message, timestamp: new Date() });
+      throw err;
+    } finally {
+      await this.saveExecution();
+    }
+  }
+  async executeNodes(nodes) {
+    for (const node of nodes) {
+      await this.executeNode(node);
+      if (node.type === 'exit') break;
+    }
+  }
+  async executeNode(node) {
+    const nodeStartTime = Date.now();
+    let result = null;
+    try {
+      switch (node.type) {
+        case 'llm':
+          result = await this.handleLLM(node);
+          break;
+        case 'if':
+          result = await this.handleIf(node);
+          break;
+        case 'parallel':
+          result = await this.handleParallel(node);
+          break;
+        case 'http':
+          result = await this.handleHttp(node);
+          break;
+        case 'exit':
+          result = this.interpolateObject(node.body || {});
+          break;
+        default:
+          throw new Error(`Unknown node type: ${node.type}`);
+      }
+      // Standardize lastNode as an object
+      const standardizedResult = (typeof result !== 'object' || result === null)
+        ? { result: result }
+        : JSON.parse(JSON.stringify(result)); // Deep clone to prevent mutations
+      if (node.name) {
+        const reserved = new Set(['entrypoint', 'payload', 'nodes', 'lastNode', 'env', 'JSON', 'console', 'context']);
+        if (!reserved.has(node.name)) {
+          this.context[node.name] = standardizedResult;
+        }
+      }
+      if (node.outputVar) {
+        this.context.nodes[node.outputVar] = standardizedResult;
+      }
+      this.context.lastNode = standardizedResult;
+      this.executionLog.push({
+        nodeId: node.id,
+        nodeName: node.name,
+        type: node.type,
+        duration: Date.now() - nodeStartTime,
+        status: 'success',
+        result: standardizedResult,
+        timestamp: new Date()
+      });
+      return result;
+    } catch (err) {
+      this.executionLog.push({
+        nodeId: node.id,
+        type: node.type,
+        status: 'error',
+        message: err.message,
+        timestamp: new Date()
+      });
+      throw err;
+    }
+  }
+  async handleLLM(node) {
+    const prompt = this.interpolate(node.prompt);
+    const response = await llmService.callAdhoc({
+      providerKey: node.provider || 'openrouter',
+      messages: [{ role: 'user', content: prompt }]
+    }, {
+      model: node.model || 'minimax/minimax-m2.1',
+      temperature: node.temperature !== undefined ? parseFloat(node.temperature) : 0.7
+    });
+    return response.content;
+  }
+  async handleIf(node) {
+    const vm = new NodeVM({
+      sandbox: {
+        ...this.context,
+        context: this.context // for backward compatibility
+      },
+      timeout: 1000
+    });
+    const match = vm.run(`module.exports = (${node.condition})`);
+    // Store branch outcome in context
+    this.context[`${node.id}_result`] = match ? 'then' : 'else';
+    if (match) {
+      return await this.executeNodes(node.then || []);
+    } else {
+      return await this.executeNodes(node.else || []);
+    }
+  }
+  async handleParallel(node) {
+    const results = await Promise.all((node.branches || []).map(branch => this.executeNodes(branch)));
+    return results;
+  }
+  async handleHttp(node) {
+    const url = this.interpolate(node.url);
+    const response = await fetch(url, {
+      method: node.method || 'GET',
+      headers: node.headers || {},
+      body: node.method !== 'GET' ? JSON.stringify(this.interpolateObject(node.body)) : undefined
+    });
+    return await response.json();
+  }
+  interpolate(str) {
+    if (!str || typeof str !== 'string') return str;
+    return str.replace(/\{\{(.*?)\}\}/gs, (match, jsCode) => {
+      try {
+        const vm = new NodeVM({
+          sandbox: this.context,
+          timeout: 1000
+        });
+        const val = vm.run(`module.exports = (${jsCode.trim()})`);
+        if (val === undefined || val === null) return '';
+        return typeof val === 'object' ? JSON.stringify(val) : String(val);
+      } catch (err) {
+        // Fallback to path resolution if JS eval fails
+        const parts = jsCode.trim().split('.');
+        let val = this.context;
+        for (const part of parts) {
+          if (val === null || val === undefined) return match;
+          val = val[part];
+        }
+        if (val === undefined || val === null) return match;
+        return typeof val === 'object' ? JSON.stringify(val) : String(val);
+      }
+    });
+  }
+  interpolateObject(obj) {
+    if (typeof obj === 'string') return this.interpolate(obj);
+    if (Array.isArray(obj)) return obj.map(item => this.interpolateObject(item));
+    if (typeof obj === 'object' && obj !== null) {
+      const result = {};
+      for (const key in obj) {
+        result[key] = this.interpolateObject(obj[key]);
+      }
+      return result;
+    }
+    return obj;
+  }
+  async saveExecution() {
+    await WorkflowExecution.create({
+      workflowId: this.workflowId,
+      status: this.status,
+      context: this.context,
+      log: this.executionLog,
+      duration: Date.now() - this.startTime,
+      executedAt: new Date()
+    });
+  }
+}
+module.exports = {
+  WorkflowService,
+  execute: async (workflowId, initialContext) => {
+    const service = new WorkflowService(workflowId, initialContext);
+    await service.run();
+    return service;
+  }
+};

package/src/utils/asyncHandler.js ADDED Viewed

@@ -0,0 +1,5 @@
+const asyncHandler = (fn) => (req, res, next) => {
+  Promise.resolve(fn(req, res, next)).catch(next);
+};
+module.exports = asyncHandler;

package/src/utils/encryption.js ADDED Viewed

@@ -0,0 +1,80 @@
+const crypto = require('crypto');
+function getEncryptionKey() {
+  const raw = process.env.SAASBACKEND_ENCRYPTION_KEY;
+  if (!raw) {
+    throw new Error('SAASBACKEND_ENCRYPTION_KEY is required for encrypted settings');
+  }
+  let key;
+  if (/^[A-Fa-f0-9]{64}$/.test(raw)) {
+    key = Buffer.from(raw, 'hex');
+  } else {
+    try {
+      key = Buffer.from(raw, 'base64');
+    } catch (e) {
+      key = null;
+    }
+    if (!key || key.length !== 32) {
+      key = Buffer.from(raw, 'utf8');
+    }
+  }
+  if (key.length !== 32) {
+    throw new Error(
+      'SAASBACKEND_ENCRYPTION_KEY must be 32 bytes (base64-encoded 32 bytes, hex 64 chars, or 32-char utf8)',
+    );
+  }
+  return key;
+}
+function encryptString(plaintext, { keyId = 'v1' } = {}) {
+  const key = getEncryptionKey();
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  const ciphertext = Buffer.concat([
+    cipher.update(String(plaintext), 'utf8'),
+    cipher.final(),
+  ]);
+  const tag = cipher.getAuthTag();
+  return {
+    alg: 'aes-256-gcm',
+    keyId,
+    iv: iv.toString('base64'),
+    tag: tag.toString('base64'),
+    ciphertext: ciphertext.toString('base64'),
+  };
+}
+function decryptString(payload) {
+  if (!payload || typeof payload !== 'object') {
+    throw new Error('Invalid encrypted payload');
+  }
+  if (payload.alg !== 'aes-256-gcm') {
+    throw new Error('Unsupported encryption algorithm');
+  }
+  const key = getEncryptionKey();
+  const iv = Buffer.from(payload.iv, 'base64');
+  const tag = Buffer.from(payload.tag, 'base64');
+  const ciphertext = Buffer.from(payload.ciphertext, 'base64');
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+  decipher.setAuthTag(tag);
+  const plaintext = Buffer.concat([
+    decipher.update(ciphertext),
+    decipher.final(),
+  ]);
+  return plaintext.toString('utf8');
+}
+module.exports = {
+  encryptString,
+  decryptString,
+};

package/src/utils/jwt.js ADDED Viewed

@@ -0,0 +1,40 @@
+const jwt = require('jsonwebtoken');
+const generateAccessToken = (userId, role = 'user') => {
+  return jwt.sign(
+    { userId, role },
+    process.env.JWT_ACCESS_SECRET || 'access-secret-change-me',
+    { expiresIn: '30d' }
+  );
+};
+const generateRefreshToken = (userId) => {
+  return jwt.sign(
+    { userId },
+    process.env.JWT_REFRESH_SECRET || 'refresh-secret-change-me',
+    { expiresIn: '30d' }
+  );
+};
+const verifyAccessToken = (token) => {
+  try {
+    return jwt.verify(token, process.env.JWT_ACCESS_SECRET || 'access-secret-change-me');
+  } catch (error) {
+    throw new Error('Invalid or expired token');
+  }
+};
+const verifyRefreshToken = (token) => {
+  try {
+    return jwt.verify(token, process.env.JWT_REFRESH_SECRET || 'refresh-secret-change-me');
+  } catch (error) {
+    throw new Error('Invalid or expired refresh token');
+  }
+};
+module.exports = {
+  generateAccessToken,
+  generateRefreshToken,
+  verifyAccessToken,
+  verifyRefreshToken
+};

package/src/utils/orgRoles.js ADDED Viewed

@@ -0,0 +1,156 @@
+const globalSettingsService = require('../services/globalSettings.service');
+const DEFAULT_ROLE_HIERARCHY = {
+  owner: 4,
+  admin: 3,
+  member: 2,
+  viewer: 1,
+};
+const CACHE_TTL_MS = 60_000;
+let cached = null;
+function parseRoleHierarchy(value) {
+  if (!value) return null;
+  let parsed;
+  if (typeof value === 'string') {
+    const trimmed = value.trim();
+    if (!trimmed) return null;
+    parsed = JSON.parse(trimmed);
+  } else {
+    parsed = value;
+  }
+  if (Array.isArray(parsed)) {
+    const out = {};
+    for (const entry of parsed) {
+      if (!entry || typeof entry !== 'object') continue;
+      const key = String(entry.key || '').trim();
+      const level = Number(entry.level);
+      if (!key || !Number.isFinite(level)) continue;
+      out[key] = level;
+    }
+    return Object.keys(out).length ? out : null;
+  }
+  if (parsed && typeof parsed === 'object') {
+    const out = {};
+    for (const [keyRaw, levelRaw] of Object.entries(parsed)) {
+      const key = String(keyRaw || '').trim();
+      const level = Number(levelRaw);
+      if (!key || !Number.isFinite(level)) continue;
+      out[key] = level;
+    }
+    return Object.keys(out).length ? out : null;
+  }
+  return null;
+}
+function normalizeRoleHierarchyOrDefault(input) {
+  const roles = input || DEFAULT_ROLE_HIERARCHY;
+  // Ensure owner/admin semantics remain sensible if they exist
+  const normalized = { ...roles };
+  // Ensure no negative/zero levels
+  for (const [k, v] of Object.entries(normalized)) {
+    const level = Number(v);
+    if (!Number.isFinite(level) || level <= 0) {
+      delete normalized[k];
+    }
+  }
+  if (!Object.keys(normalized).length) {
+    return { ...DEFAULT_ROLE_HIERARCHY };
+  }
+  return normalized;
+}
+function getDefaultRoleFromHierarchy(hierarchy) {
+  const entries = Object.entries(hierarchy);
+  if (!entries.length) return 'member';
+  entries.sort((a, b) => a[1] - b[1]);
+  return entries[0][0] || 'member';
+}
+async function loadRoleHierarchy() {
+  const now = Date.now();
+  if (cached && now - cached.timestamp < CACHE_TTL_MS) {
+    return cached.value;
+  }
+  let raw = process.env.ORG_ROLES_JSON || null;
+  if (!raw) {
+    try {
+      raw = await globalSettingsService.getSettingValue('ORG_ROLES_JSON', null);
+    } catch (e) {
+      raw = null;
+    }
+  }
+  let hierarchy = null;
+  try {
+    hierarchy = normalizeRoleHierarchyOrDefault(parseRoleHierarchy(raw));
+  } catch (e) {
+    hierarchy = { ...DEFAULT_ROLE_HIERARCHY };
+  }
+  const allowedRoles = Object.keys(hierarchy);
+  const defaultRole = getDefaultRoleFromHierarchy(hierarchy);
+  const value = {
+    hierarchy,
+    allowedRoles,
+    defaultRole,
+  };
+  cached = { value, timestamp: now };
+  return value;
+}
+async function getOrgRoleHierarchy() {
+  const { hierarchy } = await loadRoleHierarchy();
+  return hierarchy;
+}
+async function getAllowedOrgRoles() {
+  const { allowedRoles } = await loadRoleHierarchy();
+  return allowedRoles;
+}
+async function getDefaultOrgRole() {
+  const { defaultRole } = await loadRoleHierarchy();
+  return defaultRole;
+}
+async function isValidOrgRole(role) {
+  const r = String(role || '').trim();
+  if (!r) return false;
+  const { hierarchy } = await loadRoleHierarchy();
+  return Boolean(hierarchy[r]);
+}
+async function getOrgRoleLevel(role) {
+  const r = String(role || '').trim();
+  if (!r) return 0;
+  const { hierarchy } = await loadRoleHierarchy();
+  return hierarchy[r] || 0;
+}
+function clearOrgRolesCache() {
+  cached = null;
+}
+module.exports = {
+  getOrgRoleHierarchy,
+  getAllowedOrgRoles,
+  getDefaultOrgRole,
+  isValidOrgRole,
+  getOrgRoleLevel,
+  clearOrgRolesCache,
+};

package/src/utils/validation.js ADDED Viewed

@@ -0,0 +1,26 @@
+// Email validation regex
+const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+// Validate email format
+const validateEmail = (email) => {
+  if (!email || typeof email !== 'string') return false;
+  return emailRegex.test(email.trim());
+};
+// Validate password strength
+const validatePassword = (password) => {
+  if (!password || typeof password !== 'string') return false;
+  return password.length >= 8;
+};
+// Sanitize input string
+const sanitizeString = (str) => {
+  if (!str || typeof str !== 'string') return '';
+  return str.trim().replace(/[<>]/g, '');
+};
+module.exports = {
+  validateEmail,
+  validatePassword,
+  sanitizeString
+};

package/src/utils/webhookRetry.js ADDED Viewed

@@ -0,0 +1,93 @@
+const StripeWebhookEvent = require("../models/StripeWebhookEvent");
+const stripeService = require("../services/stripe.service");
+const MAX_RETRIES = 3;
+async function retryFailedWebhooks(options = {}) {
+  const { limit = 10, maxRetries = MAX_RETRIES } = options;
+  const failedEvents = await StripeWebhookEvent.find({
+    status: "failed",
+    retryCount: { $lt: maxRetries }
+  })
+    .sort({ receivedAt: 1 })
+    .limit(limit);
+  const results = {
+    total: failedEvents.length,
+    succeeded: 0,
+    failed: 0,
+    errors: []
+  };
+  for (const event of failedEvents) {
+    try {
+      await processWebhookEvent(event);
+      event.status = "processed";
+      event.processedAt = new Date();
+      await event.save();
+      results.succeeded++;
+      console.log(`Retry succeeded for event ${event.stripeEventId}`);
+    } catch (err) {
+      event.retryCount++;
+      event.processingErrors.push({
+        message: err.message,
+        timestamp: new Date()
+      });
+      if (event.retryCount >= maxRetries) {
+        console.error(`Max retries reached for event ${event.stripeEventId}`);
+      }
+      await event.save();
+      results.failed++;
+      results.errors.push({
+        eventId: event.stripeEventId,
+        error: err.message
+      });
+    }
+  }
+  return results;
+}
+async function processWebhookEvent(webhookEvent) {
+  const eventData = webhookEvent.data;
+  const previousAttributes = webhookEvent.previousAttributes;
+  switch (webhookEvent.eventType) {
+    case "checkout.session.completed":
+      await stripeService.handleCheckoutSessionCompleted(eventData);
+      break;
+    case "customer.subscription.created":
+      await stripeService.handleSubscriptionCreated(eventData);
+      break;
+    case "customer.subscription.updated":
+      await stripeService.handleSubscriptionUpdated(eventData, previousAttributes);
+      break;
+    case "customer.subscription.deleted":
+      await stripeService.handleSubscriptionDeleted(eventData);
+      break;
+    case "invoice.payment_succeeded":
+      await stripeService.handleInvoicePaymentSucceeded(eventData);
+      break;
+    case "invoice.payment_failed":
+      await stripeService.handleInvoicePaymentFailed(eventData);
+      break;
+    default:
+      console.log(`Unhandled event type: ${webhookEvent.eventType}`);
+  }
+}
+module.exports = {
+  retryFailedWebhooks,
+  processWebhookEvent
+};