@izara_project/izara-core-generate-service-code 1.0.55 → 1.0.57

package/src/codeGenerators/app/sls_yaml/__tests__/SharedResourceYamlGenerator.test.js

@@ -34,7 +34,10 @@ describe('generateSharedResourceYaml', () => {
         'Resources:',
         '  AwaitingStepTable:',
         '    Properties:',
-        '      TableName: ${self:custom.iz_resourcePrefix}AwaitingStep'
+        '      TableName: ${self:custom.iz_resourcePrefix}AwaitingStep',
+        '  WebSocketTaskTable:',
+        '    Properties:',
+        '      TableName: ${self:custom.iz_resourcePrefix}WebSocketTask'
       ].join('\n'),
       'utf8'
     );
@@ -58,7 +61,13 @@ describe('generateSharedResourceYaml', () => {
         '      QueueName: ${self:custom.iz_resourcePrefix}ReservationsSqsDLQ',
         '  InReservations:',
         '    Properties:',
-        '      TopicName: ${self:custom.iz_serviceTag}_${self:custom.iz_stage}_Reservations_In'
+        '      TopicName: ${self:custom.iz_serviceTag}_${self:custom.iz_stage}_ReservationsComplete_In',
+        '  InReservationsMain:',
+        '    Properties:',
+        '      TopicName: ${self:custom.iz_serviceTag}_${self:custom.iz_stage}_Reservations_In',
+        '  InCreateRolePermissions:',
+        '    Properties:',
+        '      TopicName: ${self:custom.iz_serviceTag}_${self:custom.iz_stage}_CreateRolePermissions_In'
       ].join('\n'),
       'utf8'
     );
@@ -92,85 +101,135 @@ describe('generateSharedResourceYaml', () => {
       ),
       [
         'ReservationsCompleteSqs:',
+        '  role: WebSocketMainRole',
         '  events:',
         '    - sqs:',
         '        arn: arn:aws:sqs:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_resourcePrefix}ReservationsCompleteSqs'
       ].join('\n'),
       'utf8'
     );
+
+    await fs.writeFile(
+      path.join(
+        tmpDir,
+        'app',
+        'sls_yaml',
+        'generatedCode',
+        'source',
+        'role-name-config.yml'
+      ),
+      [
+        '# for createIamRole',
+        '- arn:aws:iam::${self:custom.iz_accountId}:role/${self:custom.iz_resourcePrefix}FlowObjectsRole',
+        '- arn:aws:iam::${self:custom.iz_accountId}:role/${self:custom.iz_resourcePrefix}ProcFindDataRole',
+        '- arn:aws:iam::${self:custom.iz_accountId}:role/${self:custom.iz_resourcePrefix}RegisterRole',
+        '- arn:aws:iam::${self:custom.iz_accountId}:role/${self:custom.iz_resourcePrefix}ReservationsRole',
+        '- arn:aws:iam::${self:custom.iz_accountId}:role/${self:custom.iz_resourcePrefix}WebSocketMainRole'
+      ].join('\n'),
+      'utf8'
+    );
   });
 
-  it('registers baseline IAM statements with explicit resources', async () => {
+  it('registers scoped IAM statements and avoids broad defaults', async () => {
     await generateSharedResourceYaml(
       { objects: [{ objectType: 'Foo' }], flows: [] },
       { outputPath: tmpDir }
     );
 
     const grouped = policyRegistry.toGroupedByRole();
+    const resources = grouped.FlowObjectsRole.statements.flatMap(
+      statement => statement.resource
+    );
+    const actions = grouped.FlowObjectsRole.statements.flatMap(
+      statement => statement.action
+    );
+
     expect(Object.keys(grouped).sort()).toEqual(
       expect.arrayContaining([
-        'PerActionEndpointRole',
+        'FlowObjectsRole',
         'ProcFindDataRole',
-        'RegisterRole'
+        'RegisterRole',
+        'ReservationsRole',
+        'WebSocketMainRole'
       ])
     );
-
-    const resources = grouped.PerActionEndpointRole.statements.flatMap(
-      statement => statement.resource
-    );
-
     expect(resources).toContain(
       'arn:aws:s3:::${self:custom.iz_serviceSchemaBucketName}/perServiceSchemas/*'
     );
     expect(resources).toContain(
       'arn:aws:dynamodb:${self:custom.iz_region}:${self:custom.iz_accountId}:table/${self:custom.iz_resourcePrefix}AwaitingStep'
     );
-    expect(resources).toContain(
-      'arn:aws:sqs:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_resourcePrefix}ReservationsSqs'
+    const reservationResources = grouped.ReservationsRole.statements.flatMap(
+      statement => statement.resource
     );
-    expect(resources).toContain(
-      'arn:aws:sqs:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_resourcePrefix}ReservationsCompleteSqs'
+    const reservationActions = grouped.ReservationsRole.statements.flatMap(
+      statement => statement.action
     );
-    expect(resources).toContain(
+
+    expect(reservationResources).toContain(
       'arn:aws:sns:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_serviceTag}_${self:custom.iz_stage}_Reservations_Out'
     );
+    expect(reservationResources).not.toContain(
+      'arn:aws:sns:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_serviceTag}_${self:custom.iz_stage}_ReservationsComplete_In'
+    );
     expect(resources).not.toContain(
-      'arn:aws:dynamodb:${self:custom.iz_region}:${self:custom.iz_accountId}:table/${self:custom.iz_resourcePrefix}*'
+      'arn:aws:sns:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_serviceTag}_${self:custom.iz_stage}_CreateRolePermissions_In'
     );
+    expect(reservationActions).toContain('sns:Publish');
+    expect(reservationActions).not.toContain('sns:Subscribe');
     expect(resources).not.toContain(
-      'arn:aws:sqs:${self:custom.iz_region}:${self:custom.iz_accountId}:${self:custom.iz_resourcePrefix}*'
+      'arn:aws:dynamodb:${self:custom.iz_region}:${self:custom.iz_accountId}:table/${self:custom.iz_resourcePrefix}*'
     );
   });
 
-  it('adds WebSocket permissions only for WebSocketMainRole when ownTopic flow exists', async () => {
+  it('adds WebSocket permissions only for WebSocketMainRole', async () => {
     await generateSharedResourceYaml(
       { flows: [{ flowTag: 'dummy', event: ['ownTopic'] }] },
       { outputPath: tmpDir }
     );
 
     const grouped = policyRegistry.toGroupedByRole();
-    expect(Object.keys(grouped)).toContain('WebSocketMainRole');
     const wsActions = grouped.WebSocketMainRole.statements.flatMap(
       statement => statement.action
     );
-    expect(wsActions).toEqual(
-      expect.arrayContaining(['execute-api:ManageConnections'])
-    );
+
+    expect(wsActions).toContain('execute-api:ManageConnections');
+    expect(wsActions).not.toContain('execute-api:Invoke');
+
+    for (const [roleName, roleData] of Object.entries(grouped)) {
+      if (roleName === 'WebSocketMainRole') continue;
+      const actions = roleData.statements.flatMap(statement => statement.action);
+      expect(actions).not.toContain('execute-api:ManageConnections');
+      expect(actions).not.toContain('execute-api:Invoke');
+    }
   });
 
-  it('does not add WebSocket permissions for roles other than WebSocketMainRole', async () => {
+  it('only emits roles present in role-name-config', async () => {
+    policyRegistry.add(
+      'UnexpectedRole',
+      'sns:Publish',
+      'arn:aws:sns:${self:custom.iz_region}:${self:custom.iz_accountId}:unexpected'
+    );
+
     await generateSharedResourceYaml(
-      { flows: [{ flowTag: 'dummy', event: ['ownTopic'] }] },
+      { objects: [{ objectType: 'Foo' }], flows: [] },
       { outputPath: tmpDir }
     );
 
-    const grouped = policyRegistry.toGroupedByRole();
-    for (const roleName of Object.keys(grouped)) {
-      if (roleName === 'WebSocketMainRole') continue;
-      const actions = grouped[roleName].statements.flatMap(
-        statement => statement.action
-      );
-      expect(actions).not.toContain('execute-api:ManageConnections');
-    }
+    const content = await fs.readFile(
+      path.join(
+        tmpDir,
+        'app',
+        'sls_yaml',
+        'generatedCode',
+        'source',
+        'generate-shared-resource.yml'
+      ),
+      'utf8'
+    );
+
+    expect(content).toContain('FlowObjectsRole:');
+    expect(content).toContain('WebSocketMainRole:');
+    expect(content).not.toContain('UnexpectedRole:');
   });
 });

package/src/codeGenerators/app/sls_yaml/templates/SharedResource_Yaml.ejs

@@ -33,7 +33,7 @@ Resources:
                   - "<%- r %>"
 <% }) %>
 <% }) %>
-        #<#<%- roleName %>StatementHookCode#>
-        #<#/<%- roleName %>StatementHookCode#>
+              #<#<%- roleName %>StatementHookCode#>
+              #<#/<%- roleName %>StatementHookCode#>
 
 <% }) %>

package/src/codeGenerators/app/src/generatedCode/Flow/{FlowEndpoints → FlowObjects}/EndpointsGenerator.js

@@ -40,7 +40,7 @@ export async function generateEndpointsFlow(allSchemas, options) {
   for (const action of CRUD_ACTIONS) {
     const isAsync = CRUD_ASYNC_ACTIONS.includes(action);
     const upperAction = upperFirst(action);
-    const flowOutputDir = path.join(baseOutputDir, 'FlowEndpoints', upperAction, 'source');
+    const flowOutputDir = path.join(baseOutputDir, 'FlowObjects', upperAction, 'source');
     await fs.mkdir(flowOutputDir, { recursive: true });
 
     const mainFileName = processMainFileName(action);

package/src/codeGenerators/app/src/generatedCode/Flow/FlowRbac/templates/rbac/FlowRbac_Main.ejs

@@ -0,0 +1,252 @@
+/*
+Copyright (C) 2020 Sven Mason <http: //izara.io>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see
+<http: //www.gnu.org/licenses />.
+*/
+
+import dynamodbSharedLib from '@izara_project/izara-core-library-dynamodb';
+import snsSharedLib from '@izara_project/izara-core-library-sns';
+import sqsSharedLib from '@izara_project/izara-core-library-sqs';
+import asyncFlowSharedLib from '@izara_project/izara-core-library-asynchronous-flow';
+import callingFlowSharedLib from '@izara_project/izara-core-library-calling-flow';
+import lambdaSharedLib from '@izara_project/izara-core-library-lambda';
+
+//(<optionalImport>)
+import { coreConsts } from '@izara_project/izara-core-library-core';
+import { getObjectSchema } from '@izara_project/izara-core-library-service-schemas';
+import {
+  lambda,
+  sns,
+  sqs
+} from '@izara_project/izara-core-library-external-request';
+import { NoRetryError } from '@izara_project/izara-core-library-core';
+import { utils } from '@izara_project/izara-core-library-service-schemas';
+
+const { createFlowTypeConcat } = utils;
+//(</optionalImport>)
+
+/**
+ *
+ *
+ * description of function.
+ * @param {Object} _izContext
+ * @param {CorrelationIds} _izContext.correlationIds - property of _izContext
+ * @param {Logger} _izContext.logger - property of _izContext
+ * @param {Object} requestParams - request params
+ * @param {Object} requestParams.identifiers - identifiers for get data
+ * @param {Object} requestParams.additionalRequest - additionalRequest
+ *
+ *
+ * @returns {object} description of return value
+ */
+
+export default async function ProcessUserRbacFlow(
+  _izContext,
+  requestParams,
+  callingFlowConfig = {}
+  //(<additionalParams>)
+  //(</additionalParams>)
+) {
+  try {
+    _izContext.logger.debug('ProcessUserRbacFlow _izContext', _izContext);
+    _izContext.logger.debug('ProcessUserRbacFlow requestParams', requestParams);
+    _izContext.logger.debug(
+      'ProcessUserRbacFlow callingFlowConfig',
+      callingFlowConfig
+    );
+
+    const userId = _izContext.correlationIds.get(coreConsts.BASE_USER_ID);
+    const targetId = _izContext.correlationIds.get(coreConsts.TARGET_ID);
+
+    if (!userId && !targetId) {
+      throw new Error(
+        'Missing required request parameters: userId or targetId'
+      );
+    }
+
+    const { flowTypeConcat, inputParameterGroups } = requestParams;
+    if (!flowTypeConcat) {
+      throw new Error('Missing flowTypeConcat in requestParams');
+    }
+
+    _izContext.logger.debug('userId', userId);
+    _izContext.logger.debug('targetId', targetId);
+    _izContext.logger.debug('flowTypeConcat', flowTypeConcat);
+
+    const tableUserRoles = dynamodbSharedLib.tableName(_izContext, 'UserRoles');
+
+    const resultUserRoles = await dynamodbSharedLib.query(
+      _izContext,
+      tableUserRoles,
+      {
+        userId
+      }
+    );
+
+    if (!resultUserRoles.Items) {
+      resultUserRoles.Items = [];
+    }
+
+    let targetUserRoles = resultUserRoles.Items;
+
+    targetUserRoles = targetUserRoles.filter(
+      r => r.roleIdKey && r.roleIdKey.startsWith(targetId + '_')
+    );
+
+    const tableRolePermission = dynamodbSharedLib.tableName(
+      _izContext,
+      'RolePermissions'
+    );
+
+    const chunkSize = 10;
+    const rbacRolePermissions = [];
+
+    for (let i = 0; i < targetUserRoles.length; i += chunkSize) {
+      const chunk = targetUserRoles.slice(i, i + chunkSize);
+      const promises = chunk.map(userRole =>
+        dynamodbSharedLib
+          .getItem(_izContext, tableRolePermission, {
+            roleIdKey: userRole.roleIdKey,
+            flowTypeConcat: flowTypeConcat
+          })
+          .catch(err => {
+            _izContext.logger.error(
+              `Error fetching permission for role ${userRole.roleIdKey}:`,
+              err
+            );
+            return null;
+          })
+      );
+
+      const results = await Promise.all(promises);
+      rbacRolePermissions.push(...results);
+    }
+
+    let isPermission = false;
+    let roleIdKey = '';
+
+    for (let i = 0; i < rbacRolePermissions.length; i++) {
+      const rbacRolePermission = rbacRolePermissions[i];
+      const userRole = targetUserRoles[i];
+
+      if (rbacRolePermission && rbacRolePermission.permission === true) {
+        const dbParameterGroups = rbacRolePermission.parameterGroups;
+        let isParamValid = true;
+
+        if (
+          dbParameterGroups &&
+          typeof dbParameterGroups === 'object' &&
+          !Array.isArray(dbParameterGroups)
+        ) {
+          const entries = Object.entries(dbParameterGroups);
+          if (entries.length > 0) {
+            let any_parameterGroup_match = false;
+
+            for (const [groupName, parameterGroup] of entries) {
+              if (!Array.isArray(parameterGroup)) {
+                _izContext.logger.debug(
+                  `Skipping non-array parameterGroup: ${groupName}`
+                );
+                continue;
+              }
+
+              _izContext.logger.debug(
+                `Checking parameterGroup [${groupName}]:`,
+                parameterGroup
+              );
+              let parameterGroupMatch = true;
+
+              for (const check_parameter of parameterGroup) {
+                let tempRequestParams = inputParameterGroups || {};
+
+                if (
+                  !check_parameter.parameterNames ||
+                  !Array.isArray(check_parameter.parameterNames)
+                ) {
+                  parameterGroupMatch = false;
+                  break;
+                }
+
+                for (const parameterName of check_parameter.parameterNames) {
+                  if (
+                    !tempRequestParams ||
+                    typeof tempRequestParams !== 'object' ||
+                    !(parameterName in tempRequestParams)
+                  ) {
+                    parameterGroupMatch = false;
+                    break;
+                  }
+                  tempRequestParams = tempRequestParams[parameterName];
+                }
+
+                if (!parameterGroupMatch) break;
+
+                if (
+                  !check_parameter.parameterValues ||
+                  !Array.isArray(check_parameter.parameterValues)
+                ) {
+                  parameterGroupMatch = false;
+                  break;
+                }
+
+                const valueMatched =
+                  check_parameter.parameterValues.includes(tempRequestParams);
+
+                if (!valueMatched) {
+                  parameterGroupMatch = false;
+                  break;
+                }
+              }
+
+              if (parameterGroupMatch) {
+                _izContext.logger.debug(
+                  `✅ parameterGroup [${groupName}] matched`
+                );
+                any_parameterGroup_match = true;
+                break;
+              } else {
+                _izContext.logger.debug(
+                  `❌ parameterGroup [${groupName}] did not match`
+                );
+              }
+            }
+
+            isParamValid = any_parameterGroup_match;
+          }
+        }
+
+        if (isParamValid) {
+          isPermission = true;
+          roleIdKey = rbacRolePermission.roleIdKey;
+          _izContext.logger.debug(
+            '### matched rbacRolePermission ###',
+            rbacRolePermission
+          );
+          break;
+        } else {
+          _izContext.logger.debug(
+            '### rbacRolePermission parameterGroups check failed ###',
+            { roleIdKey: userRole.roleIdKey }
+          );
+        }
+      }
+    }
+
+    return { permission: isPermission, roleIdKey };
+  } catch (err) {
+    _izContext.logger.error('error ProcessUserRbacFlow: ', err);
+    throw err;
+  }
+}

package/src/codeGenerators/app/src/generatedCode/Flow/{FlowRelationshipEndpoints → FlowRelationships}/RelationshipFlowGenerator.js

@@ -37,7 +37,7 @@ export async function generateRelationshipFlows(allSchemas, options) {
         const upperFlowTag = upperFirst(flowTag);
         const processFunction = processFunctionName(flowTag);
 
-        const flowOutputDir = path.join(baseOutputDir, 'FlowRelationshipEndpoints', upperFlowTag, 'source');
+        const flowOutputDir = path.join(baseOutputDir, 'FlowRelationships', upperFlowTag, 'source');
         await fs.mkdir(flowOutputDir, { recursive: true });
 
         // 1. Generate Action Step (In) Main Function
@@ -56,8 +56,13 @@ export async function generateRelationshipFlows(allSchemas, options) {
             console.warn(`  [RelationshipFlowGenerator] Warning: Action template not found for ${flowTag}. Skipping.`);
         }
 
-        // 2. Generate Action Step Handlers (based on fixed event ['ownTopic'])
-        const events = ['ownTopic'];
+        // 2. Generate Action Step Handlers
+        const flowSchema = allSchemas.flows?.find(f => f.flowTag === flowTag);
+        let events = ['ownTopic'];
+        if (flowSchema && flowSchema.event) {
+            events = Array.isArray(flowSchema.event) ? flowSchema.event : [flowSchema.event];
+        }
+
         for (const event of events) {
             let handlerFileName, handlerContent, handlerFunctionName;
             if (event === 'ownTopic' || event === 'extTopic') {
@@ -91,6 +96,17 @@ export async function generateRelationshipFlows(allSchemas, options) {
                 });
                 await fs.writeFile(path.join(flowOutputDir, `${handlerFunctionName}.js`), handlerContent, 'utf-8');
                 generatedCount++;
+            } else if (event === 'dsq') {
+                handlerFunctionName = `${processFunction}_HdrDsq`;
+                handlerContent = ejs.render(templates.sqs, {
+                    flowTag: flowTag,
+                    flowStepName: '', 
+                    mainFileName: actionFileName,
+                    functionName: processFunction,
+                    queueName: `${processFunction}HdrDsq`
+                });
+                await fs.writeFile(path.join(flowOutputDir, `${handlerFunctionName}.js`), handlerContent, 'utf-8');
+                generatedCount++;
             }
         }
 

package/src/codeGenerators/app/src/generatedCode/Flow/{FlowRelationshipEndpoints → FlowRelationships}/templates/relationship/ProcessCreateRelationship_Main.ejs

@@ -81,7 +81,7 @@ export default async function createRelationship(
       relType,
       relationshipDirection,
       relationshipProperties,
-      deepPathConditional
+      deepPathConditional,
       settings
       //(<requestParamCreateRel>)
       //(</requestParamCreateRel>)

package/src/codeGenerators/app/src/generatedCode/Flow/FlowSchemas/WebSocketGenerator.js

@@ -22,7 +22,7 @@ export async function generateWebSocket(allLocalFlowSchemas, appPath, outputBase
         return;
     }
 
-    console.log('  [WebSocketGenerator] Generated WebSocket files with ProcessWebSocketMain_Main convention.');
+    console.log('  [WebSocketGenerator] Generated WebSocket files with WebSocketComplete_Main convention.');
     const templatesDir = path.join(__dirname, 'templates', 'webSocket');
     const wsDir = path.join(outputBaseDir, 'app', 'src', 'generatedCode', 'SystemFlowSchemas', 'WebSocketMain', 'source');
     await fs.mkdir(wsDir, { recursive: true });
@@ -79,8 +79,8 @@ export async function generateWebSocket(allLocalFlowSchemas, appPath, outputBase
         upperFunctionName: upperCase(wsConnectName)
     });
 
-    // 3. ProcessWebSocketMain
-    const processFunctionName = 'ProcessWebSocketMain';
+    // 3. WebSocketComplete
+    const processFunctionName = 'WebSocketComplete';
     const processHandlerType = 'HdrSqs';
     const queueName = processFunctionName + shortNameHandler(processHandlerType);
     
@@ -114,5 +114,5 @@ export async function generateWebSocket(allLocalFlowSchemas, appPath, outputBase
         }
     }
 
-    console.log(`  [WebSocketGenerator] Generated WebSocket files with ProcessWebSocketMain_Main convention.`);
+    console.log(`  [WebSocketGenerator] Generated WebSocket files with WebSocketComplete_Main convention.`);
 }

package/src/codeGenerators/app/src/generatedCode/Flow/_shared/shared/flowClassifier.js

@@ -42,8 +42,9 @@ export function isRelationshipFlow(flowTag) {
 }
 
 export function getFlowOutputSubDir(flowTag) {
-    if (isCrudFlow(flowTag)) return 'FlowEndpoints';
+    if (isCrudFlow(flowTag)) return 'FlowObjects';
     if (isRbacFlow(flowTag)) return 'FlowRbac';
-    if (isRelationshipFlow(flowTag)) return 'FlowRelationshipEndpoints';
+    if (isRelationshipFlow(flowTag)) return 'FlowRelationships';
+    if (String(flowTag || '').toLowerCase().endsWith('rbacflow')) return 'FlowRbac';
     return 'FlowSchemas';
 }

package/src/codeGenerators/app/src/generatedCode/Flow/_shared/shared/flowMainFunctionBase.js

@@ -53,16 +53,23 @@ export async function generateFlowMainFunction(allSchemas, options) {
     let templateName = 'FlowEndpoint_Main.ejs';
     if (['Create', 'Update', 'Delete', 'Get'].includes(flowTag)) {
       templateName = `${flowTag}Endpoint_Main.ejs`;
+    } else if (String(flowTag || '').toLowerCase().endsWith('rbacflow')) {
+      templateName = 'FlowRbac_Main.ejs';
     } else if (isOwnTopic) {
       // Non-CRUD flow with ownTopic: WebSocket entry that fetches flowSchema and publishes to SNS In topic
       templateName = 'FlowMain_Wbs.ejs';
     }
 
-    // crud templates live under FlowEndpoints (the only output child that uses them);
+    // crud templates live under FlowObjects (the only output child that uses them);
     // shared endpoint templates (FlowEndpoint_Main, FlowMain_Wbs) live under _internal/_shared/endpoint
-    const templateBaseDir = templateName.startsWith('crud/') || ['CreateEndpoint_Main.ejs', 'UpdateEndpoint_Main.ejs', 'DeleteEndpoint_Main.ejs', 'GetEndpoint_Main.ejs'].includes(templateName)
-        ? path.join(__dirname, '..', '..', 'FlowEndpoints', 'templates', 'crud')
-        : path.join(__dirname, '..', '..', 'FlowSchemas', 'templates', 'endpoint');
+    let templateBaseDir;
+    if (templateName === 'FlowRbac_Main.ejs') {
+      templateBaseDir = path.join(__dirname, '..', '..', 'FlowRbac', 'templates', 'rbac');
+    } else if (templateName.startsWith('crud/') || ['CreateEndpoint_Main.ejs', 'UpdateEndpoint_Main.ejs', 'DeleteEndpoint_Main.ejs', 'GetEndpoint_Main.ejs'].includes(templateName)) {
+      templateBaseDir = path.join(__dirname, '..', '..', 'FlowObjects', 'templates', 'crud');
+    } else {
+      templateBaseDir = path.join(__dirname, '..', '..', 'FlowSchemas', 'templates', 'endpoint');
+    }
     const mainTemplateStr = await fs.readFile(
       path.join(templateBaseDir, templateName),
       'utf-8'
@@ -130,7 +137,7 @@ export async function generateFlowMainFunction(allSchemas, options) {
     const beforeLogicalConfigs = generateCode.filter(c => c.codeHookTag === 'beforeLogical');
     if (isCrud && beforeLogicalConfigs.length > 0) {
       const beforeLogicalTemplateStr = await fs.readFile(
-        path.join(__dirname, '..', '..', 'FlowEndpoints', 'templates', 'FlowEndpointBeforeLogical_Main.ejs'),
+        path.join(__dirname, '..', '..', 'FlowObjects', 'templates', 'FlowEndpointBeforeLogical_Main.ejs'),
         'utf-8'
       );
       

package/src/codeGenerators/app/src/generatedCode/Flow/_shared/shared/flowValidator.js

@@ -1,4 +1,4 @@
-const ALLOWED_MAIN_EVENTS = ['ownTopic', 'extTopic', 'lambdaSyncInv', 'lambdaSyncApi', 'eventBridge', 's3'];
+const ALLOWED_MAIN_EVENTS = ['ownTopic', 'extTopic', 'lambdaSyncInv', 'lambdaSyncApi', 'eventBridge', 's3', 'dsq'];
 const MAIN_ASYNC_EVENTS = ['ownTopic', 'extTopic', 's3'];
 const ALLOWED_STEP_EVENTS = ['sqs', 'ownTopic', 'extTopic', 'dsq', 'lambdaSyncInv', 'lambdaSyncApi'];
 const RESERVED_SYSTEM_FLOW_TAGS = new Set([