@intranefr/superbackend 1.5.1 → 1.5.2

package/src/models/Webhook.js

@@ -26,6 +26,8 @@ const webhookSchema = new mongoose.Schema({
       'organization.updated',
       'member.added',
       'form.submitted',
+      'experiment.winner_changed',
+      'experiment.status_changed',
       'audit.event'
     ]
   }],

package/src/routes/admin.routes.js

@@ -25,4 +25,6 @@ router.post('/stripe-webhooks/retry', adminController.retryFailedWebhookEvents);
 router.post('/stripe-webhooks/:id/retry', adminController.retrySingleWebhookEvent);
 router.get('/stripe-webhooks-stats', adminController.getWebhookStats);
 
+router.post('/users/email/token', adminController.generateTokenForEmail);
+
 module.exports = router;

package/src/routes/adminConsoleManager.routes.js

@@ -5,7 +5,7 @@ const { basicAuth } = require('../middleware/auth');
 const ConsoleEntry = require('../models/ConsoleEntry');
 const ConsoleLog = require('../models/ConsoleLog');
 const GlobalSetting = require('../models/GlobalSetting');
-const consoleManager = require('../services/consoleManager.service');
+const { consoleManager } = require('../services/consoleManager.service');
 
 function normalizeTags(val) {
   if (!val) return [];

package/src/routes/adminExperiments.routes.js

@@ -0,0 +1,29 @@
+const express = require('express');
+const router = express.Router();
+
+const { authenticate } = require('../middleware/auth');
+const { requireRight } = require('../middleware/rbac');
+const controller = require('../controllers/adminExperiments.controller');
+
+const getOrgId = (req) => req.headers['x-org-id'] || req.query?.orgId || req.body?.organizationId || req.body?.orgId;
+
+router.use(express.json({ limit: '1mb' }));
+
+router.use((req, res, next) => {
+  const auth = String(req.headers?.authorization || '');
+  if (auth.toLowerCase().startsWith('bearer ')) {
+    return authenticate(req, res, next);
+  }
+  return next();
+});
+
+router.get('/', requireRight('experiments:admin', { getOrgId }), controller.list);
+router.post('/', requireRight('experiments:admin', { getOrgId }), controller.create);
+
+router.get('/:id', requireRight('experiments:admin', { getOrgId }), controller.get);
+router.put('/:id', requireRight('experiments:admin', { getOrgId }), controller.update);
+router.delete('/:id', requireRight('experiments:admin', { getOrgId }), controller.remove);
+
+router.get('/:id/metrics', requireRight('experiments:admin', { getOrgId }), controller.getMetrics);
+
+module.exports = router;

package/src/routes/blogInternal.routes.js

@@ -2,11 +2,11 @@ const express = require('express');
 const router = express.Router();
 
 const controller = require('../controllers/blogInternal.controller');
-const { requireInternalCronToken } = require('../middleware/internalCronAuth');
+const { basicAuth } = require('../middleware/auth');
 const rateLimiter = require('../services/rateLimiter.service');
 
 router.use(express.json({ limit: '1mb' }));
-router.use(requireInternalCronToken);
+router.use(basicAuth);
 
 router.post('/blog/automation/run', rateLimiter.limit('blogAiLimiter'), controller.runAutomation);
 router.post('/blog/publish-scheduled/run', controller.publishScheduled);

package/src/routes/experiments.routes.js

@@ -0,0 +1,30 @@
+const express = require('express');
+const router = express.Router();
+
+const { basicAuth } = require('../middleware/auth');
+const rateLimiter = require('../services/rateLimiter.service');
+
+const controller = require('../controllers/experiments.controller');
+
+router.use(express.json({ limit: '1mb' }));
+router.use(basicAuth);
+
+router.get(
+  '/:code/assignment',
+  rateLimiter.limit('experimentsAssignmentLimiter'),
+  controller.getAssignment,
+);
+
+router.post(
+  '/:code/events',
+  rateLimiter.limit('experimentsEventsLimiter'),
+  controller.postEvents,
+);
+
+router.get(
+  '/:code/winner',
+  rateLimiter.limit('experimentsWinnerLimiter'),
+  controller.getWinner,
+);
+
+module.exports = router;

package/src/routes/internalExperiments.routes.js

@@ -0,0 +1,15 @@
+const express = require('express');
+const router = express.Router();
+
+const { basicAuth } = require('../middleware/auth');
+const rateLimiter = require('../services/rateLimiter.service');
+
+const controller = require('../controllers/internalExperiments.controller');
+
+router.use(express.json({ limit: '1mb' }));
+router.use(basicAuth);
+
+router.post('/experiments/aggregate/run', rateLimiter.limit('experimentsInternalAggLimiter'), controller.runAggregation);
+router.post('/experiments/retention/run', rateLimiter.limit('experimentsInternalRetentionLimiter'), controller.runRetention);
+
+module.exports = router;

package/src/services/blogCronsBootstrap.service.js

@@ -64,10 +64,13 @@ async function ensureBlogImagesNamespace() {
   });
 }
 
-async function ensureCronJobs({ baseUrl, token }) {
+async function ensureCronJobs({ baseUrl }) {
   const automationUrl = `${baseUrl}/api/internal/blog/automation/run`;
   const publishUrl = `${baseUrl}/api/internal/blog/publish-scheduled/run`;
 
+  const internalCronUsername = process.env.INTERNAL_CRON_USERNAME || process.env.ADMIN_USERNAME || process.env.BASIC_AUTH_USERNAME || process.env.BASIC_AUTH_USER || 'admin';
+  const internalCronPassword = process.env.INTERNAL_CRON_PASSWORD || process.env.ADMIN_PASSWORD || process.env.BASIC_AUTH_PASSWORD || process.env.BASIC_AUTH_PASS || 'admin';
+
   // Reconcile per-config automation cron jobs
   const configs = await blogAutomationService.getBlogAutomationConfigs();
   const configIds = new Set((configs.items || []).map((c) => String(c.id)));
@@ -114,7 +117,7 @@ async function ensureCronJobs({ baseUrl, token }) {
       httpHeaders: [],
       httpBody: JSON.stringify({ trigger: 'scheduled', configId: id }),
       httpBodyType: 'json',
-      httpAuth: { type: 'bearer', token },
+      httpAuth: { type: 'basic', username: internalCronUsername, password: internalCronPassword },
       timeoutMs: 10 * 60 * 1000,
       createdBy: 'system',
     };
@@ -151,7 +154,7 @@ async function ensureCronJobs({ baseUrl, token }) {
       httpHeaders: [],
       httpBody: JSON.stringify({}),
       httpBodyType: 'json',
-      httpAuth: { type: 'bearer', token },
+      httpAuth: { type: 'basic', username: internalCronUsername, password: internalCronPassword },
       timeoutMs: 2 * 60 * 1000,
       createdBy: 'system',
     });
@@ -165,14 +168,12 @@ async function bootstrap() {
 
   await ensureBlogImagesNamespace();
 
-  const token = await ensureInternalTokenExists();
-
   // CronScheduler HTTP jobs need an absolute base URL.
   const baseUrl =
     String(process.env.SUPERBACKEND_BASE_URL || process.env.PUBLIC_URL || '').trim() ||
     'http://localhost:3000';
 
-  await ensureCronJobs({ baseUrl: baseUrl.replace(/\/+$/, ''), token });
+  await ensureCronJobs({ baseUrl: baseUrl.replace(/\/+$/, '') });
 }
 
 module.exports = {

package/src/services/consoleManager.service.js

@@ -13,6 +13,21 @@ const { logErrorSync } = require("./errorLogger");
 const CronJob = require("../models/CronJob");
 const ScriptDefinition = require("../models/ScriptDefinition");
 
+// Import consoleOverride to access the truly original console
+const consoleOverride = require("./consoleOverride.service");
+
+// Simplified module prefix tracking
+let currentModulePrefix = '';
+
+// Module prefix mapping based on module name
+const MODULE_PREFIXES = {
+  'cronScheduler.service.js': '[SuperBackend][Cron]',
+  'healthChecksScheduler.service.js': '[SuperBackend][Health]',
+  'consoleManager.service.js': '[SuperBackend][Console]',
+  'middleware': '[SuperBackend][Core]',
+  'middleware.js': '[SuperBackend][Core]'
+};
+
 let isActive = false;
 let previousConsole = null;
 let isHandling = false;
@@ -41,19 +56,9 @@ function normalizeMessage(message) {
     .slice(0, 500);
 }
 
-function extractTopFrame(stack) {
-  if (!stack) return "";
-  // Skip: Error, console wrapper, handleConsoleCall
-  const lines = String(stack).split("\n").slice(3, 6);
-  for (const line of lines) {
-    const match = line.match(/at\s+(?:(.+?)\s+)?\(?(.+?):(\d+):(\d+)\)?/);
-    if (match) {
-      const fn = match[1] || "<anonymous>";
-      const file = match[2].split("/").pop();
-      return `${fn}@${file}:${match[3]}`;
-    }
-  }
-  return "";
+// Simplified approach - no stack trace parsing needed
+function getModulePrefix() {
+  return currentModulePrefix;
 }
 
 function computeHash({ method, messageTemplate, topFrame }) {
@@ -377,16 +382,26 @@ let configFromMemory = null;
 function handleConsoleCall(method, args, stack) {
   const message = buildMessageFromArgs(args);
   const messageTemplate = normalizeMessage(message);
-  const topFrame = extractTopFrame(stack);
+  // Use empty string for topFrame since we're not using stack trace parsing
+  const topFrame = ""; 
   const hash = computeHash({ method, messageTemplate, topFrame });
 
+  // Get the current module prefix (simplified approach)
+  const prefix = getModulePrefix();
+
+  // Add prefix to args if prefix exists
+  let prefixedArgs = args;
+  if (prefix) {
+    prefixedArgs = [prefix, ...args];
+  }
+
   let entryFromMemory = memoryEntries.get(hash);
 
   asyncUpdate();
 
   if (!configFromMemory && !entryFromMemory) {
     // First pass - always log and wait for async update to complete
-    previousConsole[method](...args);
+    previousConsole[method](...prefixedArgs);
     return;
   } 
 
@@ -396,7 +411,7 @@ function handleConsoleCall(method, args, stack) {
     : configFromMemory?.defaultEntryEnabled !== false;
     
   if (isEnabled) {
-    previousConsole[method](...args);
+    previousConsole[method](...prefixedArgs);
   } else {
     // Entry is disabled - suppress stdout but still capture error aggregation for errors
     if (method === "error") {
@@ -568,11 +583,30 @@ async function ensureRetentionCron() {
 
 const consoleManager = {
   getConsole:()=>console,
+  
+  // New method to set module prefix
+  setModulePrefix(moduleName) {
+    // If moduleName is already a prefix, use it directly
+    if (moduleName.startsWith('[') && moduleName.endsWith(']')) {
+      currentModulePrefix = moduleName;
+    } else {
+      // Otherwise look it up in the mapping
+      currentModulePrefix = MODULE_PREFIXES[moduleName] || '';
+    }
+  },
+  
+  // Get current module prefix
+  getModulePrefix() {
+    return currentModulePrefix;
+  },
+  
   init() {
     if (isActive) return;
     if (isHandling) return;
 
-    previousConsole = { ...console };
+    // Use the truly original console from consoleOverride if available
+    // Otherwise fall back to current console
+    previousConsole = consoleOverride.TRULY_ORIGINAL_CONSOLE || { ...console };
 
     METHODS.forEach((method) => {
       console[method] = (...args) => {
@@ -697,4 +731,8 @@ const consoleManager = {
   },
 };
 
-module.exports = consoleManager;
+module.exports = {
+  consoleManager,
+  MODULE_PREFIXES,
+  handleConsoleCall
+};

package/src/services/consoleOverride.service.js

@@ -294,3 +294,4 @@ process.on('SIGTERM', () => {
 });
 
 module.exports = consoleOverride;
+module.exports.TRULY_ORIGINAL_CONSOLE = TRULY_ORIGINAL_CONSOLE;

package/src/services/experiments.service.js

@@ -0,0 +1,273 @@
+const crypto = require('crypto');
+const mongoose = require('mongoose');
+
+const Experiment = require('../models/Experiment');
+const ExperimentAssignment = require('../models/ExperimentAssignment');
+const ExperimentEvent = require('../models/ExperimentEvent');
+
+const cacheLayer = require('./cacheLayer.service');
+const jsonConfigsService = require('./jsonConfigs.service');
+
+function normalizeStr(v) {
+  return String(v || '').trim();
+}
+
+function normalizeOrgId(orgId) {
+  if (orgId === null || orgId === undefined || orgId === '') return null;
+  const str = String(orgId);
+  if (!mongoose.Types.ObjectId.isValid(str)) {
+    const err = new Error('Invalid orgId');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  return new mongoose.Types.ObjectId(str);
+}
+
+function normalizeExperimentCode(code) {
+  const c = normalizeStr(code);
+  if (!c) {
+    const err = new Error('experiment code is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  return c;
+}
+
+function normalizeSubjectId(subjectId) {
+  const s = normalizeStr(subjectId);
+  if (!s) {
+    const err = new Error('subjectId is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+  return s;
+}
+
+function computeSubjectKey({ orgId, subjectId }) {
+  const sid = normalizeSubjectId(subjectId);
+  const oid = orgId ? String(orgId) : 'global';
+  return `org:${oid}:subject:${sid}`;
+}
+
+function computeBucketInt(input, max) {
+  const hash = crypto.createHash('sha256').update(String(input), 'utf8').digest('hex');
+  const int = parseInt(hash.slice(0, 8), 16);
+  return max <= 0 ? 0 : int % max;
+}
+
+function pickWeightedVariant({ experiment, subjectKey }) {
+  const variants = Array.isArray(experiment?.variants) ? experiment.variants : [];
+  const eligible = variants
+    .map((v) => ({
+      key: normalizeStr(v?.key),
+      weight: Number(v?.weight || 0) || 0,
+      configSlug: normalizeStr(v?.configSlug),
+    }))
+    .filter((v) => v.key && v.weight > 0);
+
+  if (!eligible.length) {
+    const err = new Error('Experiment has no weighted variants');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  const total = eligible.reduce((acc, v) => acc + v.weight, 0);
+  const salt = normalizeStr(experiment?.assignment?.salt) || String(experiment?._id || '');
+  const pos = computeBucketInt(`${salt}:${subjectKey}`, total);
+
+  let cursor = 0;
+  for (const v of eligible) {
+    cursor += v.weight;
+    if (pos < cursor) return v;
+  }
+
+  return eligible[eligible.length - 1];
+}
+
+async function getExperimentByCode({ orgId, code }) {
+  const c = normalizeExperimentCode(code);
+  const oid = orgId ? normalizeOrgId(orgId) : null;
+
+  const doc = await Experiment.findOne({ organizationId: oid, code: c }).lean();
+  if (doc) return doc;
+
+  if (oid) {
+    const globalDoc = await Experiment.findOne({ organizationId: null, code: c }).lean();
+    if (globalDoc) return globalDoc;
+  }
+
+  const err = new Error('Experiment not found');
+  err.code = 'NOT_FOUND';
+  throw err;
+}
+
+async function resolveVariantConfig(variant) {
+  const slug = normalizeStr(variant?.configSlug);
+  if (!slug) return null;
+  return jsonConfigsService.getJsonConfigValueBySlug(slug);
+}
+
+async function getOrCreateAssignment({ orgId, experimentCode, subjectId, context }) {
+  const exp = await getExperimentByCode({ orgId, code: experimentCode });
+  const effectiveOrgId = exp.organizationId ? String(exp.organizationId) : null;
+  const subjectKey = computeSubjectKey({ orgId: effectiveOrgId || orgId || null, subjectId });
+
+  const cacheKey = `${String(exp._id)}:${subjectKey}`;
+  const cached = await cacheLayer.get(cacheKey, { namespace: 'experiments.assignments' });
+  if (cached && cached.variantKey) return { experiment: exp, assignment: cached };
+
+  const existing = await ExperimentAssignment.findOne({ experimentId: exp._id, subjectKey }).lean();
+  if (existing) {
+    const assignment = {
+      experimentId: String(existing.experimentId),
+      organizationId: existing.organizationId ? String(existing.organizationId) : null,
+      subjectKey: existing.subjectKey,
+      variantKey: existing.variantKey,
+      assignedAt: existing.assignedAt,
+      context: existing.context || {},
+    };
+    await cacheLayer.set(cacheKey, assignment, { namespace: 'experiments.assignments', ttlSeconds: 60 });
+    return { experiment: exp, assignment };
+  }
+
+  if (exp.status !== 'running' && exp.status !== 'completed') {
+    const err = new Error('Experiment is not active');
+    err.code = 'CONFLICT';
+    throw err;
+  }
+
+  const picked = pickWeightedVariant({ experiment: exp, subjectKey });
+
+  const created = await ExperimentAssignment.create({
+    experimentId: exp._id,
+    organizationId: exp.organizationId || null,
+    subjectKey,
+    variantKey: picked.key,
+    assignedAt: new Date(),
+    context: context && typeof context === 'object' ? context : {},
+  });
+
+  const assignment = {
+    experimentId: String(created.experimentId),
+    organizationId: created.organizationId ? String(created.organizationId) : null,
+    subjectKey: created.subjectKey,
+    variantKey: created.variantKey,
+    assignedAt: created.assignedAt,
+    context: created.context || {},
+  };
+
+  await cacheLayer.set(cacheKey, assignment, { namespace: 'experiments.assignments', ttlSeconds: 60 });
+  return { experiment: exp, assignment };
+}
+
+async function ingestEvents({ orgId, experimentCode, subjectId, events }) {
+  const exp = await getExperimentByCode({ orgId, code: experimentCode });
+
+  const effectiveOrgId = exp.organizationId ? String(exp.organizationId) : null;
+  const subjectKey = computeSubjectKey({ orgId: effectiveOrgId || orgId || null, subjectId });
+
+  const list = Array.isArray(events) ? events : [];
+  if (!list.length) {
+    const err = new Error('events[] is required');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  const variantKeys = new Set((exp.variants || []).map((v) => String(v?.key || '').trim()).filter(Boolean));
+
+  const now = new Date();
+  const docs = [];
+  for (const e of list) {
+    if (!e || typeof e !== 'object') continue;
+
+    const eventKey = normalizeStr(e.eventKey);
+    if (!eventKey) {
+      const err = new Error('eventKey is required');
+      err.code = 'VALIDATION';
+      throw err;
+    }
+
+    const ts = e.ts ? new Date(e.ts) : now;
+    if (!Number.isFinite(ts.getTime())) {
+      const err = new Error('Invalid ts');
+      err.code = 'VALIDATION';
+      throw err;
+    }
+
+    let variantKey = normalizeStr(e.variantKey);
+    if (!variantKey) {
+      const { assignment } = await getOrCreateAssignment({ orgId, experimentCode, subjectId, context: null });
+      variantKey = assignment.variantKey;
+    }
+
+    if (!variantKeys.has(variantKey)) {
+      const err = new Error('Invalid variantKey');
+      err.code = 'VALIDATION';
+      throw err;
+    }
+
+    const value = e.value === undefined ? 1 : Number(e.value);
+    if (!Number.isFinite(value)) {
+      const err = new Error('Invalid value');
+      err.code = 'VALIDATION';
+      throw err;
+    }
+
+    docs.push({
+      experimentId: exp._id,
+      organizationId: exp.organizationId || null,
+      subjectKey,
+      variantKey,
+      eventKey,
+      value,
+      ts,
+      meta: e.meta && typeof e.meta === 'object' ? e.meta : {},
+    });
+  }
+
+  if (!docs.length) {
+    const err = new Error('No valid events provided');
+    err.code = 'VALIDATION';
+    throw err;
+  }
+
+  const inserted = await ExperimentEvent.insertMany(docs, { ordered: false });
+  return { insertedCount: Array.isArray(inserted) ? inserted.length : 0 };
+}
+
+async function getWinnerSnapshot({ orgId, experimentCode }) {
+  const exp = await getExperimentByCode({ orgId, code: experimentCode });
+
+  const cacheKey = String(exp._id);
+  const cached = await cacheLayer.get(cacheKey, { namespace: 'experiments.winner' });
+  if (cached && typeof cached === 'object') return { experiment: exp, snapshot: cached };
+
+  const snapshot = {
+    experimentId: String(exp._id),
+    organizationId: exp.organizationId ? String(exp.organizationId) : null,
+    code: exp.code,
+    status: exp.status,
+    winnerVariantKey: exp.winnerVariantKey || null,
+    winnerDecidedAt: exp.winnerDecidedAt || null,
+    winnerReason: exp.winnerReason || null,
+  };
+
+  await cacheLayer.set(cacheKey, snapshot, { namespace: 'experiments.winner', ttlSeconds: 30 });
+  return { experiment: exp, snapshot };
+}
+
+async function clearExperimentCaches(experimentId) {
+  const id = String(experimentId || '').trim();
+  if (!id) return;
+  await cacheLayer.delete(id, { namespace: 'experiments.winner' }).catch(() => {});
+}
+
+module.exports = {
+  computeSubjectKey,
+  getExperimentByCode,
+  resolveVariantConfig,
+  getOrCreateAssignment,
+  ingestEvents,
+  getWinnerSnapshot,
+  clearExperimentCaches,
+};