@memberjunction/server 1.0.6 → 1.0.7

package/src/context.ts

@@ -1,119 +1,119 @@
-import { IncomingMessage } from 'http';
-import * as url from 'url';
-import { JwtPayload, VerifyOptions, decode, verify } from 'jsonwebtoken';
-import 'reflect-metadata';
-import { Subject, firstValueFrom } from 'rxjs';
-import { AuthenticationError, AuthorizationError } from 'type-graphql';
-import { DataSource } from 'typeorm';
-import { getSigningKeys, validationOptions, verifyUserRecord } from './auth';
-import { authCache } from './cache';
-import { userEmailMap } from './config';
-import { UserPayload } from './types';
-import { TokenExpiredError } from './auth';
-
-const verifyAsync = async (
-  issuer: string,
-  options: VerifyOptions,
-  token: string
-): Promise<JwtPayload> =>
-  new Promise((resolve, reject) => {
-    verify(token, getSigningKeys(issuer), options, (err, jwt) => {
-      if (jwt && typeof jwt !== 'string' && !err) {
-        const payload = jwt.payload ?? jwt;
-
-        console.log(
-          `Valid token: ${payload.name} (${
-            payload.email ? payload.email : payload.preferred_username
-          })`
-        ); // temporary fix to check preferred_username if email is not present
-        resolve(payload);
-      } else {
-        console.warn('Invalid token');
-        reject(err);
-      }
-    });
-  });
-
-export const getUserPayload = async (
-  bearerToken: string,
-  sessionId = 'default',
-  dataSource: DataSource,
-  requestDomain?: string
-): Promise<UserPayload> => {
-  try {
-    const token = bearerToken.replace('Bearer ', '');
-
-    if (!token) {
-      console.warn('No token to validate');
-      throw new AuthenticationError('Missing token');
-    }
-
-    const payload = decode(token);
-    if (!payload || typeof payload === 'string') {
-      throw new AuthenticationError('Invalid token payload');
-    }
-
-    const expiryDate = new Date( (payload.exp ?? 0) * 1000);
-    if (expiryDate.getTime() <= Date.now()) {
-      throw new TokenExpiredError(expiryDate);
-    }
-
-    if (!authCache.has(token)) {
-      const issuer = payload.iss;
-      if (!issuer) {
-        console.warn('No issuer claim on token');
-        throw new AuthenticationError('Missing issuer claim on token');
-      }
-
-      await verifyAsync(issuer, validationOptions[issuer], token);
-      authCache.set(token, true);
-    }
-
-    const email = payload?.email
-      ? userEmailMap[payload?.email] ?? payload?.email
-      : payload?.preferred_username; // temporary fix to check preferred_username if email is not present
-    const fullName = payload?.name;
-    const firstName = payload?.given_name || fullName?.split(' ')[0];
-    const lastName = payload?.family_name || fullName?.split(' ')[1] || fullName?.split(' ')[0];
-    const userRecord = await verifyUserRecord(email, firstName, lastName, requestDomain, dataSource);
-
-    if (!userRecord) {
-      console.error(`User ${email} not found`); 
-      throw new AuthorizationError();
-    }
-    else if (!userRecord.IsActive) {
-      console.error(`User ${email} found but inactive`);
-      throw new AuthorizationError();
-    }
-
-    return { userRecord, email, sessionId };
-  } catch (e) {
-    console.error(e);
-    if (e instanceof TokenExpiredError) {
-      throw e;
-    }
-    else
-      return {} as UserPayload;
-  }
-};
-
-export const contextFunction =
-  ({ setupComplete$, dataSource }: { setupComplete$: Subject<unknown>; dataSource: DataSource }) =>
-  async ({ req }: { req: IncomingMessage }) => {
-    await firstValueFrom(setupComplete$); // wait for setup to complete before processing the request
-
-    const sessionIdRaw = req.headers['x-session-id'];
-    const requestDomain = url.parse(req.headers.origin || '')
-    const sessionId = sessionIdRaw ? sessionIdRaw.toString() : '';
-    const bearerToken = req.headers.authorization ?? '';
-
-    const userPayload = await getUserPayload(bearerToken, sessionId, dataSource, requestDomain?.hostname ? requestDomain.hostname : undefined);
-
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const operationName: string| undefined = (req as any).body?.operationName;
-    if (operationName !== 'IntrospectionQuery') {
-      console.log({ operationName });
-    } 
-
-    return { dataSource, userPayload };
-  };
+import { IncomingMessage } from 'http';
+import * as url from 'url';
+import { JwtPayload, VerifyOptions, decode, verify } from 'jsonwebtoken';
+import 'reflect-metadata';
+import { Subject, firstValueFrom } from 'rxjs';
+import { AuthenticationError, AuthorizationError } from 'type-graphql';
+import { DataSource } from 'typeorm';
+import { getSigningKeys, validationOptions, verifyUserRecord } from './auth';
+import { authCache } from './cache';
+import { userEmailMap } from './config';
+import { UserPayload } from './types';
+import { TokenExpiredError } from './auth';
+
+const verifyAsync = async (
+  issuer: string,
+  options: VerifyOptions,
+  token: string
+): Promise<JwtPayload> =>
+  new Promise((resolve, reject) => {
+    verify(token, getSigningKeys(issuer), options, (err, jwt) => {
+      if (jwt && typeof jwt !== 'string' && !err) {
+        const payload = jwt.payload ?? jwt;
+
+        console.log(
+          `Valid token: ${payload.name} (${
+            payload.email ? payload.email : payload.preferred_username
+          })`
+        ); // temporary fix to check preferred_username if email is not present
+        resolve(payload);
+      } else {
+        console.warn('Invalid token');
+        reject(err);
+      }
+    });
+  });
+
+export const getUserPayload = async (
+  bearerToken: string,
+  sessionId = 'default',
+  dataSource: DataSource,
+  requestDomain?: string
+): Promise<UserPayload> => {
+  try {
+    const token = bearerToken.replace('Bearer ', '');
+
+    if (!token) {
+      console.warn('No token to validate');
+      throw new AuthenticationError('Missing token');
+    }
+
+    const payload = decode(token);
+    if (!payload || typeof payload === 'string') {
+      throw new AuthenticationError('Invalid token payload');
+    }
+
+    const expiryDate = new Date( (payload.exp ?? 0) * 1000);
+    if (expiryDate.getTime() <= Date.now()) {
+      throw new TokenExpiredError(expiryDate);
+    }
+
+    if (!authCache.has(token)) {
+      const issuer = payload.iss;
+      if (!issuer) {
+        console.warn('No issuer claim on token');
+        throw new AuthenticationError('Missing issuer claim on token');
+      }
+
+      await verifyAsync(issuer, validationOptions[issuer], token);
+      authCache.set(token, true);
+    }
+
+    const email = payload?.email
+      ? userEmailMap[payload?.email] ?? payload?.email
+      : payload?.preferred_username; // temporary fix to check preferred_username if email is not present
+    const fullName = payload?.name;
+    const firstName = payload?.given_name || fullName?.split(' ')[0];
+    const lastName = payload?.family_name || fullName?.split(' ')[1] || fullName?.split(' ')[0];
+    const userRecord = await verifyUserRecord(email, firstName, lastName, requestDomain, dataSource);
+
+    if (!userRecord) {
+      console.error(`User ${email} not found`); 
+      throw new AuthorizationError();
+    }
+    else if (!userRecord.IsActive) {
+      console.error(`User ${email} found but inactive`);
+      throw new AuthorizationError();
+    }
+
+    return { userRecord, email, sessionId };
+  } catch (e) {
+    console.error(e);
+    if (e instanceof TokenExpiredError) {
+      throw e;
+    }
+    else
+      return {} as UserPayload;
+  }
+};
+
+export const contextFunction =
+  ({ setupComplete$, dataSource }: { setupComplete$: Subject<unknown>; dataSource: DataSource }) =>
+  async ({ req }: { req: IncomingMessage }) => {
+    await firstValueFrom(setupComplete$); // wait for setup to complete before processing the request
+
+    const sessionIdRaw = req.headers['x-session-id'];
+    const requestDomain = url.parse(req.headers.origin || '')
+    const sessionId = sessionIdRaw ? sessionIdRaw.toString() : '';
+    const bearerToken = req.headers.authorization ?? '';
+
+    const userPayload = await getUserPayload(bearerToken, sessionId, dataSource, requestDomain?.hostname ? requestDomain.hostname : undefined);
+
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const operationName: string| undefined = (req as any).body?.operationName;
+    if (operationName !== 'IntrospectionQuery') {
+      console.log({ operationName });
+    } 
+
+    return { dataSource, userPayload };
+  };

package/src/directives/Public.ts

@@ -1,42 +1,42 @@
-import { FieldMapper, MapperKind, getDirective, mapSchema } from '@graphql-tools/utils';
-import { GraphQLFieldResolver, defaultFieldResolver } from 'graphql';
-import { AuthorizationError, Directive } from 'type-graphql';
-import { AppContext, DirectiveBuilder } from '../types';
-
-const DIRECTIVE_NAME = 'Public';
-
-export function Public(): PropertyDecorator & MethodDecorator & ClassDecorator;
-export function Public(): PropertyDecorator | MethodDecorator | ClassDecorator {
-  return (targetOrPrototype, propertyKey, descriptor) =>
-    Directive(`@${DIRECTIVE_NAME}`)(targetOrPrototype, propertyKey, descriptor);
-}
-
-export const publicDirective: DirectiveBuilder = {
-  typeDefs: `directive @${DIRECTIVE_NAME} on FIELD_DEFINITION`,
-  transformer: (schema) => {
-    const fieldMapper: FieldMapper = (fieldConfig) => {
-      const directive = getDirective(schema, fieldConfig, DIRECTIVE_NAME)?.[0];
-      if (directive) {
-        return fieldConfig;
-      } else {
-        // `@Public` directive not present, so will require auth
-        const { resolve = defaultFieldResolver } = fieldConfig;
-        const directiveResolver: GraphQLFieldResolver<unknown, AppContext> = async (
-          source,
-          args,
-          context,
-          info
-        ) => {
-          // eslint-disable-next-line
-          if (!context?.userPayload?.userRecord?.IsActive) {
-            throw new AuthorizationError();
-          }
-          return await resolve(source, args, context, info);
-        };
-
-        return { ...fieldConfig, resolve: directiveResolver };
-      }
-    };
-    return mapSchema(schema, { [MapperKind.OBJECT_FIELD]: fieldMapper });
-  },
-};
+import { FieldMapper, MapperKind, getDirective, mapSchema } from '@graphql-tools/utils';
+import { GraphQLFieldResolver, defaultFieldResolver } from 'graphql';
+import { AuthorizationError, Directive } from 'type-graphql';
+import { AppContext, DirectiveBuilder } from '../types';
+
+const DIRECTIVE_NAME = 'Public';
+
+export function Public(): PropertyDecorator & MethodDecorator & ClassDecorator;
+export function Public(): PropertyDecorator | MethodDecorator | ClassDecorator {
+  return (targetOrPrototype, propertyKey, descriptor) =>
+    Directive(`@${DIRECTIVE_NAME}`)(targetOrPrototype, propertyKey, descriptor);
+}
+
+export const publicDirective: DirectiveBuilder = {
+  typeDefs: `directive @${DIRECTIVE_NAME} on FIELD_DEFINITION`,
+  transformer: (schema) => {
+    const fieldMapper: FieldMapper = (fieldConfig) => {
+      const directive = getDirective(schema, fieldConfig, DIRECTIVE_NAME)?.[0];
+      if (directive) {
+        return fieldConfig;
+      } else {
+        // `@Public` directive not present, so will require auth
+        const { resolve = defaultFieldResolver } = fieldConfig;
+        const directiveResolver: GraphQLFieldResolver<unknown, AppContext> = async (
+          source,
+          args,
+          context,
+          info
+        ) => {
+          // eslint-disable-next-line
+          if (!context?.userPayload?.userRecord?.IsActive) {
+            throw new AuthorizationError();
+          }
+          return await resolve(source, args, context, info);
+        };
+
+        return { ...fieldConfig, resolve: directiveResolver };
+      }
+    };
+    return mapSchema(schema, { [MapperKind.OBJECT_FIELD]: fieldMapper });
+  },
+};

package/src/directives/index.ts

@@ -1 +1 @@
-export * from './Public';
+export * from './Public';

package/src/entitySubclasses/entityPermissions.server.ts

@@ -0,0 +1,111 @@
+import { RegisterClass } from "@memberjunction/global";
+import { BaseEntity, EntitySaveOptions } from "@memberjunction/core";
+import { EntityPermissionEntity } from '@memberjunction/core-entities'
+import axios from 'axios';
+import { ___codeGenAPIPort, ___codeGenAPISubmissionDelay, ___codeGenAPIURL } from "../config";
+
+/**
+ * Server-side only class that extends the entity permissions object to watch for changes to entity permissions, build a queue of entities that have been changed, and then from time to time, submit
+ * them to an API server that will execute the underlying permission changes at the database level.
+ */
+@RegisterClass(BaseEntity, 'Entity Permissions', 3)  
+export class EntityPermissionsEntity_Server extends EntityPermissionEntity  {
+    protected static _entityIDQueue: number[] = [];
+    protected static _lastModifiedTime: Date | null = null;
+    protected static _submissionTimer: NodeJS.Timeout | null = null;
+    protected static _submissionDelay: number = ___codeGenAPISubmissionDelay;  
+    protected static _baseURL: string = ___codeGenAPIURL;
+    protected static _port: number = ___codeGenAPIPort;
+    protected static _apiEndpoint: string = '/api/entity-permissions';
+
+    // Method to construct the full URL dynamically
+    protected static getSubmissionURL(): string {
+        return `${this._baseURL}:${this._port}${this._apiEndpoint}`;
+    }
+
+    public static get EntityIDQueue(): number[] { 
+        return this._entityIDQueue; 
+    }
+
+    public static ClearQueue(): void {
+        this._entityIDQueue = [];
+        this._submissionTimer = null;
+    }
+    public static AddToQueue(entityID: number): void {
+        if (this._entityIDQueue.indexOf(entityID) === -1)
+            this._entityIDQueue.push(entityID); 
+        this._lastModifiedTime = new Date();
+        this.CheckStartSubmissionTimer();
+    }
+
+    protected static CheckStartSubmissionTimer(): void {
+        if (this._submissionTimer === null) {
+            this.StartSubmissionTimer();
+        }
+        else {
+            // we need to cancel the existing timer and start a new one
+            clearTimeout(this._submissionTimer);
+            this.StartSubmissionTimer();
+        }
+    }
+
+    protected static StartSubmissionTimer(): void {
+        this._submissionTimer = setTimeout(() => {
+            this.SubmitQueue();
+        }, this._submissionDelay);
+    }
+
+    protected static async SubmitQueue(): Promise<void> {
+        this._lastModifiedTime = null;
+
+        // now, use Axios to submit the queue to the API server
+        // Check if there's anything to submit
+        if (this._entityIDQueue.length > 0) {
+            try {
+                // Use Axios to submit the queue to the API server
+                const response = await axios.post(this.getSubmissionURL(), {
+                    entityIDArray: this._entityIDQueue
+                });
+
+                // Check the Axios response code implicitly and API response explicitly
+                if (response.status === 200 && response.data.status === 'ok') {
+                    console.log('Queue submitted successfully.');
+                    // now, clear the queue and timer
+                    this.ClearQueue();
+                } else {
+                    // Handle API indicating a failure
+                    console.error('Failed to submit queue:', response.data.errorMessage || 'Unknown error');
+                }
+            
+            } catch (error) {
+                // Handle errors here
+                console.error('Failed to submit queue:', error);
+                // Consider re-trying or logging the error based on your requirements
+            }
+        } else {
+            console.log('No entities to submit.');
+        }
+    }
+
+    override Save(options?: EntitySaveOptions): Promise<boolean> {
+        // simply queue up the entity ID
+        if (this.Dirty || options?.IgnoreDirtyState)
+            EntityPermissionsEntity_Server.AddToQueue(this.EntityID);
+
+        return super.Save(options);
+    }
+
+    override async Delete(): Promise<boolean> {
+        const success = await super.Delete();    
+
+        // simply queue up the entity ID if the delete worked
+        if (success)
+            EntityPermissionsEntity_Server.AddToQueue(this.EntityID);
+
+        return success;
+    }
+}
+
+export function LoadEntityPermissionsServerSubClass() {
+
+}