npm - @memberjunction/server - Versions diffs - 5.12.0 → 5.13.0 - Mend

@memberjunction/server 5.12.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/index.d.ts +2 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +92 -88
package/dist/index.js.map +1 -1
package/dist/middleware/BaseServerMiddleware.d.ts +103 -0
package/dist/middleware/BaseServerMiddleware.d.ts.map +1 -0
package/dist/middleware/BaseServerMiddleware.js +104 -0
package/dist/middleware/BaseServerMiddleware.js.map +1 -0
package/dist/middleware/MJTenantFilterMiddleware.d.ts +22 -0
package/dist/middleware/MJTenantFilterMiddleware.d.ts.map +1 -0
package/dist/middleware/MJTenantFilterMiddleware.js +41 -0
package/dist/middleware/MJTenantFilterMiddleware.js.map +1 -0
package/dist/middleware/index.d.ts +3 -0
package/dist/middleware/index.d.ts.map +1 -0
package/dist/middleware/index.js +3 -0
package/dist/middleware/index.js.map +1 -0
package/package.json +59 -59
package/src/__tests__/bcsaas-integration.test.ts +1 -1
package/src/index.ts +109 -95
package/src/middleware/BaseServerMiddleware.ts +141 -0
package/src/middleware/MJTenantFilterMiddleware.ts +39 -0
package/src/middleware/index.ts +2 -0
package/dist/hooks.d.ts +0 -65
package/dist/hooks.d.ts.map +0 -1
package/dist/hooks.js +0 -14
package/dist/hooks.js.map +0 -1
package/dist/test-dynamic-plugin.d.ts +0 -6
package/dist/test-dynamic-plugin.d.ts.map +0 -1
package/dist/test-dynamic-plugin.js +0 -18
package/dist/test-dynamic-plugin.js.map +0 -1
package/src/hooks.ts +0 -77
package/src/test-dynamic-plugin.ts +0 -36

package/dist/middleware/MJTenantFilterMiddleware.js ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * MJ's built-in multi-tenancy middleware.
+ *
+ * Registers with key 'mj:tenantFilter' so that downstream layers (e.g., BCSaaS)
+ * can replace it by registering with the same key at higher ClassFactory priority.
+ *
+ * Conditionally enabled via configInfo.multiTenancy?.enabled.
+ */
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { RegisterClass } from '@memberjunction/global';
+import { BaseServerMiddleware } from './BaseServerMiddleware.js';
+import { configInfo } from '../config.js';
+import { createTenantMiddleware, createTenantPreRunViewHook, createTenantPreSaveHook } from '../multiTenancy/index.js';
+let MJTenantFilterMiddleware = class MJTenantFilterMiddleware extends BaseServerMiddleware {
+    get Label() { return 'mj:tenantFilter'; }
+    /**
+     * Only active when multiTenancy is enabled in config.
+     */
+    get Enabled() {
+        return configInfo.multiTenancy?.enabled ?? false;
+    }
+    GetPostAuthMiddleware() {
+        return [createTenantMiddleware(configInfo.multiTenancy)];
+    }
+    PreRunView(params, contextUser) {
+        return createTenantPreRunViewHook(configInfo.multiTenancy)(params, contextUser);
+    }
+    PreSave(entity, contextUser) {
+        return createTenantPreSaveHook(configInfo.multiTenancy)(entity, contextUser);
+    }
+};
+MJTenantFilterMiddleware = __decorate([
+    RegisterClass(BaseServerMiddleware, 'mj:tenantFilter')
+], MJTenantFilterMiddleware);
+export { MJTenantFilterMiddleware };
+//# sourceMappingURL=MJTenantFilterMiddleware.js.map

package/dist/middleware/MJTenantFilterMiddleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"MJTenantFilterMiddleware.js","sourceRoot":"","sources":["../../src/middleware/MJTenantFilterMiddleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;;;;;;;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAKhH,IAAM,wBAAwB,GAA9B,MAAM,wBAAyB,SAAQ,oBAAoB;IAC9D,IAAI,KAAK,KAAa,OAAO,iBAAiB,CAAC,CAAC,CAAC;IAEjD;;OAEG;IACH,IAAI,OAAO;QACP,OAAO,UAAU,CAAC,YAAY,EAAE,OAAO,IAAI,KAAK,CAAC;IACrD,CAAC;IAED,qBAAqB;QACjB,OAAO,CAAC,sBAAsB,CAAC,UAAU,CAAC,YAAa,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,UAAU,CAAC,MAAqB,EAAE,WAAiC;QAC/D,OAAO,0BAA0B,CAAC,UAAU,CAAC,YAAa,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,CAAC,MAAkB,EAAE,WAAiC;QACzD,OAAO,uBAAuB,CAAC,UAAU,CAAC,YAAa,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAClF,CAAC;CACJ,CAAA;AArBY,wBAAwB;IADpC,aAAa,CAAC,oBAAoB,EAAE,iBAAiB,CAAC;GAC1C,wBAAwB,CAqBpC"}

package/dist/middleware/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './BaseServerMiddleware.js';
+export * from './MJTenantFilterMiddleware.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/middleware/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAC;AAC1C,cAAc,+BAA+B,CAAC"}

package/dist/middleware/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './BaseServerMiddleware.js';
+export * from './MJTenantFilterMiddleware.js';
+//# sourceMappingURL=index.js.map

package/dist/middleware/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,cAAc,2BAA2B,CAAC;AAC1C,cAAc,+BAA+B,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@memberjunction/server",
-  "version": "5.12.0",
+  "version": "5.13.0",
   "description": "MemberJunction: This project provides API access via GraphQL to the common data store.",
   "main": "./dist/index.js",
   "types": "./src/index.ts",
@@ -27,62 +27,62 @@
     "@as-integrations/express5": "^1.0.0",
     "@graphql-tools/schema": "latest",
     "@graphql-tools/utils": "^11.0.0",
-    "@memberjunction/actions": "5.12.0",
-    "@memberjunction/actions-base": "5.12.0",
-    "@memberjunction/actions-apollo": "5.12.0",
-    "@memberjunction/actions-bizapps-accounting": "5.12.0",
-    "@memberjunction/actions-bizapps-crm": "5.12.0",
-    "@memberjunction/actions-bizapps-formbuilders": "5.12.0",
-    "@memberjunction/actions-bizapps-lms": "5.12.0",
-    "@memberjunction/actions-bizapps-social": "5.12.0",
-    "@memberjunction/ai": "5.12.0",
-    "@memberjunction/ai-mcp-client": "5.12.0",
-    "@memberjunction/ai-agent-manager": "5.12.0",
-    "@memberjunction/ai-agent-manager-actions": "5.12.0",
-    "@memberjunction/ai-agents": "5.12.0",
-    "@memberjunction/ai-core-plus": "5.12.0",
-    "@memberjunction/ai-prompts": "5.12.0",
-    "@memberjunction/ai-provider-bundle": "5.12.0",
-    "@memberjunction/ai-vectors-pinecone": "5.12.0",
-    "@memberjunction/aiengine": "5.12.0",
-    "@memberjunction/communication-ms-graph": "5.12.0",
-    "@memberjunction/communication-sendgrid": "5.12.0",
-    "@memberjunction/communication-types": "5.12.0",
-    "@memberjunction/component-registry-client-sdk": "5.12.0",
-    "@memberjunction/config": "5.12.0",
-    "@memberjunction/core": "5.12.0",
-    "@memberjunction/core-actions": "5.12.0",
-    "@memberjunction/core-entities": "5.12.0",
-    "@memberjunction/core-entities-server": "5.12.0",
-    "@memberjunction/data-context": "5.12.0",
-    "@memberjunction/data-context-server": "5.12.0",
-    "@memberjunction/doc-utils": "5.12.0",
-    "@memberjunction/api-keys": "5.12.0",
-    "@memberjunction/encryption": "5.12.0",
-    "@memberjunction/entity-communications-base": "5.12.0",
-    "@memberjunction/entity-communications-server": "5.12.0",
-    "@memberjunction/external-change-detection": "5.12.0",
-    "@memberjunction/generic-database-provider": "5.12.0",
-    "@memberjunction/global": "5.12.0",
-    "@memberjunction/graphql-dataprovider": "5.12.0",
-    "@memberjunction/integration-engine": "5.12.0",
-    "@memberjunction/integration-schema-builder": "5.12.0",
-    "@memberjunction/interactive-component-types": "5.12.0",
-    "@memberjunction/computer-use-engine": "5.12.0",
-    "@memberjunction/notifications": "5.12.0",
-    "@memberjunction/queue": "5.12.0",
-    "@memberjunction/redis-provider": "5.12.0",
-    "@memberjunction/scheduling-actions": "5.12.0",
-    "@memberjunction/scheduling-base-types": "5.12.0",
-    "@memberjunction/scheduling-engine": "5.12.0",
-    "@memberjunction/scheduling-engine-base": "5.12.0",
-    "@memberjunction/skip-types": "5.12.0",
-    "@memberjunction/sqlserver-dataprovider": "5.12.0",
-    "@memberjunction/storage": "5.12.0",
-    "@memberjunction/templates": "5.12.0",
-    "@memberjunction/testing-engine": "5.12.0",
-    "@memberjunction/testing-engine-base": "5.12.0",
-    "@memberjunction/version-history": "5.12.0",
+    "@memberjunction/actions": "5.13.0",
+    "@memberjunction/actions-base": "5.13.0",
+    "@memberjunction/actions-apollo": "5.13.0",
+    "@memberjunction/actions-bizapps-accounting": "5.13.0",
+    "@memberjunction/actions-bizapps-crm": "5.13.0",
+    "@memberjunction/actions-bizapps-formbuilders": "5.13.0",
+    "@memberjunction/actions-bizapps-lms": "5.13.0",
+    "@memberjunction/actions-bizapps-social": "5.13.0",
+    "@memberjunction/ai": "5.13.0",
+    "@memberjunction/ai-mcp-client": "5.13.0",
+    "@memberjunction/ai-agent-manager": "5.13.0",
+    "@memberjunction/ai-agent-manager-actions": "5.13.0",
+    "@memberjunction/ai-agents": "5.13.0",
+    "@memberjunction/ai-core-plus": "5.13.0",
+    "@memberjunction/ai-prompts": "5.13.0",
+    "@memberjunction/ai-provider-bundle": "5.13.0",
+    "@memberjunction/ai-vectors-pinecone": "5.13.0",
+    "@memberjunction/aiengine": "5.13.0",
+    "@memberjunction/communication-ms-graph": "5.13.0",
+    "@memberjunction/communication-sendgrid": "5.13.0",
+    "@memberjunction/communication-types": "5.13.0",
+    "@memberjunction/component-registry-client-sdk": "5.13.0",
+    "@memberjunction/config": "5.13.0",
+    "@memberjunction/core": "5.13.0",
+    "@memberjunction/core-actions": "5.13.0",
+    "@memberjunction/core-entities": "5.13.0",
+    "@memberjunction/core-entities-server": "5.13.0",
+    "@memberjunction/data-context": "5.13.0",
+    "@memberjunction/data-context-server": "5.13.0",
+    "@memberjunction/doc-utils": "5.13.0",
+    "@memberjunction/api-keys": "5.13.0",
+    "@memberjunction/encryption": "5.13.0",
+    "@memberjunction/entity-communications-base": "5.13.0",
+    "@memberjunction/entity-communications-server": "5.13.0",
+    "@memberjunction/external-change-detection": "5.13.0",
+    "@memberjunction/generic-database-provider": "5.13.0",
+    "@memberjunction/global": "5.13.0",
+    "@memberjunction/graphql-dataprovider": "5.13.0",
+    "@memberjunction/integration-engine": "5.13.0",
+    "@memberjunction/integration-schema-builder": "5.13.0",
+    "@memberjunction/interactive-component-types": "5.13.0",
+    "@memberjunction/computer-use-engine": "5.13.0",
+    "@memberjunction/notifications": "5.13.0",
+    "@memberjunction/queue": "5.13.0",
+    "@memberjunction/redis-provider": "5.13.0",
+    "@memberjunction/scheduling-actions": "5.13.0",
+    "@memberjunction/scheduling-base-types": "5.13.0",
+    "@memberjunction/scheduling-engine": "5.13.0",
+    "@memberjunction/scheduling-engine-base": "5.13.0",
+    "@memberjunction/skip-types": "5.13.0",
+    "@memberjunction/sqlserver-dataprovider": "5.13.0",
+    "@memberjunction/storage": "5.13.0",
+    "@memberjunction/templates": "5.13.0",
+    "@memberjunction/testing-engine": "5.13.0",
+    "@memberjunction/testing-engine-base": "5.13.0",
+    "@memberjunction/version-history": "5.13.0",
     "@types/compression": "^1.8.1",
     "@types/cors": "^2.8.19",
     "@types/jsonwebtoken": "9.0.10",
@@ -107,8 +107,8 @@
     "jwks-rsa": "^3.2.2",
     "lru-cache": "^11.2.5",
     "mssql": "^12.2.0",
-    "@memberjunction/postgresql-dataprovider": "5.12.0",
-    "@memberjunction/sql-dialect": "5.12.0",
+    "@memberjunction/postgresql-dataprovider": "5.13.0",
+    "@memberjunction/sql-dialect": "5.13.0",
     "pg": "^8.13.3",
     "@types/pg": "^8.11.11",
     "reflect-metadata": "0.2.2",

package/src/__tests__/bcsaas-integration.test.ts CHANGED Viewed

@@ -2,7 +2,7 @@
  * BCSaaS Integration Tests — Phase 4, 5, 6
  *
  * Tests the BCSaaS middle-layer plugin architecture against a RUNNING MJAPI instance
- * that has BCSaaS loaded via DynamicPackageLoader and a database with BCSaaS entities.
+ * that has BCSaaS loaded via @RegisterClass(BaseServerMiddleware) and a database with BCSaaS entities.
  *
  * Test data setup (mj_test database):
  *   - Organizations: Acme Corp (11111111-...), Beta Inc (22222222-...), Acme West Division (33333333-...)

package/src/index.ts CHANGED Viewed

@@ -126,32 +126,16 @@ export * from './resolvers/CurrentUserContextResolver.js';
 export { GetReadOnlyDataSource, GetReadWriteDataSource, GetReadWriteProvider, GetReadOnlyProvider } from './util.js';
 export * from './generated/generated.js';
-export * from './hooks.js';
 export * from './multiTenancy/index.js';
+export * from './middleware/index.js';
-import type { ServerExtensibilityOptions, HookWithOptions } from './hooks.js';
-import { HookRegistry } from '@memberjunction/core';
-import type { HookRegistrationOptions } from '@memberjunction/core';
+import { RegisterDataHook } from '@memberjunction/core';
+import type { RequestHandler, ErrorRequestHandler } from 'express';
 import type { ApolloServerPlugin } from '@apollo/server';
-import { createTenantMiddleware, createTenantPreRunViewHook, createTenantPreSaveHook } from './multiTenancy/index.js';
+import type { GraphQLSchema } from 'graphql';
+import { BaseServerMiddleware } from './middleware/BaseServerMiddleware.js';
-/**
- * Register a hook that may be a plain function or a `{ hook, Priority, Namespace }` object.
- * Dynamic packages (e.g., BCSaaS) return hooks in object form to declare registration metadata.
- */
-function registerHookEntry<T>(hookName: string, entry: T | HookWithOptions<T>): void {
-  if (typeof entry === 'function') {
-    HookRegistry.Register(hookName, entry);
-  } else if (entry && typeof entry === 'object' && 'hook' in entry) {
-    const { hook, Priority, Namespace } = entry as HookWithOptions<T>;
-    const options: HookRegistrationOptions = {};
-    if (Priority != null) options.Priority = Priority;
-    if (Namespace != null) options.Namespace = Namespace;
-    HookRegistry.Register(hookName, hook, options);
-  }
-}
-export type MJServerOptions = ServerExtensibilityOptions & {
+export type MJServerOptions = {
   onBeforeServe?: () => void | Promise<void>;
   restApiOptions?: Partial<RESTApiOptions>; // Options for REST API configuration
 };
@@ -417,6 +401,91 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
     Object.values(module).filter((value) => typeof value === 'function')
   ) as BuildSchemaOptions['resolvers'];
+  // ─── Discover all server middleware via ClassFactory ─────────────────────
+  const allRegistrations = MJGlobal.Instance.ClassFactory.GetAllRegistrations(BaseServerMiddleware);
+  // Deduplicate by key (same key -> highest priority wins).
+  // This is the replacement mechanism: if BCSaaS registers with the same
+  // key as MJ's built-in tenant filter, ClassFactory's priority system
+  // ensures only the higher-priority one is used.
+  const uniqueKeys = new Set(
+      allRegistrations.map(r => r.Key?.trim().toLowerCase()).filter((k): k is string => k != null)
+  );
+  const winnerRegistrations: typeof allRegistrations = [];
+  for (const key of uniqueKeys) {
+      const winner = MJGlobal.Instance.ClassFactory.GetRegistration(BaseServerMiddleware, key);
+      if (winner) winnerRegistrations.push(winner);
+  }
+  // Instantiate and filter by Enabled
+  const middlewares: BaseServerMiddleware[] = [];
+  for (const reg of winnerRegistrations) {
+      const MwClass = reg.SubClass as new () => BaseServerMiddleware;
+      const mw = new MwClass();
+      if (mw.Enabled) {
+          middlewares.push(mw);
+      }
+  }
+  // Initialize all middleware
+  for (const mw of middlewares) {
+      await mw.Initialize();
+      console.log(`  [Middleware] ${mw.Label}`);
+  }
+  // Collect middleware contributions for each pipeline stage
+  const mwPreAuth: RequestHandler[] = [];
+  const mwPostAuth: RequestHandler[] = [];
+  const mwPostRoute: (RequestHandler | ErrorRequestHandler)[] = [];
+  const mwApolloPlugins: ApolloServerPlugin[] = [];
+  const mwSchemaTransformers: ((schema: GraphQLSchema) => GraphQLSchema)[] = [];
+  const mwResolverPaths: string[] = [];
+  for (const mw of middlewares) {
+      mwPreAuth.push(...mw.GetPreAuthMiddleware());
+      mwPostAuth.push(...mw.GetPostAuthMiddleware());
+      mwPostRoute.push(...mw.GetPostRouteMiddleware());
+      mwApolloPlugins.push(...mw.GetApolloPlugins());
+      mwSchemaTransformers.push(...mw.GetSchemaTransformers());
+      mwResolverPaths.push(...mw.GetResolverPaths());
+      // Express app configuration escape hatch
+      if (mw.ConfigureExpressApp) {
+          await mw.ConfigureExpressApp(app);
+      }
+      // Extract hook methods and register in the global hook store
+      // (ProviderBase/BaseEntity will read these via GetDataHooks())
+      RegisterDataHook('PreRunView', mw.PreRunView.bind(mw));
+      RegisterDataHook('PostRunView', mw.PostRunView.bind(mw));
+      RegisterDataHook('PreSave', mw.PreSave.bind(mw));
+  }
+  // ─── Resolve middleware-contributed resolver paths and merge into resolvers ───
+  let allResolvers = resolvers;
+  if (mwResolverPaths.length > 0) {
+      const mwGlobs = mwResolverPaths.flatMap((p) => (isWindows ? p.replace(/\\/g, '/') : p));
+      const mwResolverFiles = fg.globSync(mwGlobs);
+      if (mwResolverFiles.length > 0) {
+          const mwModules = await Promise.all(
+              mwResolverFiles.map((modulePath) => {
+                  try {
+                      return import(isWindows ? `file://${modulePath}` : modulePath);
+                  } catch (e) {
+                      console.error(`Error loading middleware resolver at '${modulePath}'`, e);
+                      throw e;
+                  }
+              })
+          );
+          const mwResolvers = mwModules.flatMap((module) =>
+              Object.values(module).filter((value) => typeof value === 'function')
+          );
+          allResolvers = [...resolvers, ...mwResolvers] as BuildSchemaOptions['resolvers'];
+          console.log(`  [Middleware Resolvers] Loaded ${mwResolverFiles.length} resolver file(s) from middleware`);
+      }
+  }
   // Create an explicit PubSub instance so we can reference it outside of resolvers
   // graphql-subscriptions v3 renamed asyncIterator→asyncIterableIterator, but
   // type-graphql still calls asyncIterator. Shim for compatibility.
@@ -451,7 +520,7 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   let schema = mergeSchemas({
     schemas: [
       buildSchemaSync({
-        resolvers,
+        resolvers: allResolvers,
         validate: false,
         scalarsMap: [{ type: Date, scalar: GraphQLTimestamp }],
         emitSchemaFile: websiteRunFromPackage !== 1,
@@ -463,11 +532,9 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   schema = requireSystemUserDirective.transformer(schema);
   schema = publicDirective.transformer(schema);
-  // Apply user-provided schema transformers (after built-in directive transformers)
-  if (options?.SchemaTransformers) {
-    for (const transformer of options.SchemaTransformers) {
-      schema = transformer(schema);
-    }
+  // Apply middleware-contributed schema transformers (after built-in directive transformers)
+  for (const transformer of mwSchemaTransformers) {
+    schema = transformer(schema);
   }
   const httpServer = createServer(app);
@@ -502,7 +569,7 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   const apolloServer = buildApolloServer(
     { schema },
     { httpServer, serverCleanup },
-    options?.ApolloPlugins
+    mwApolloPlugins.length > 0 ? mwApolloPlugins : undefined
   );
   await apolloServer.start();
@@ -534,16 +601,9 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
     res.status(200).json({ status: 'ok' });
   });
-  // Apply user-provided Express middleware (after compression, before routes)
-  if (options?.ExpressMiddlewareBefore) {
-    for (const mw of options.ExpressMiddlewareBefore) {
-      app.use(mw);
-    }
-  }
-  // Escape hatch for advanced Express app configuration
-  if (options?.ConfigureExpressApp) {
-    await Promise.resolve(options.ConfigureExpressApp(app));
+  // Apply middleware-contributed pre-auth handlers (after compression, before routes)
+  for (const mw of mwPreAuth) {
+    app.use(mw);
   }
   // ─── OAuth callback routes (unauthenticated, registered BEFORE auth) ─────
@@ -575,20 +635,12 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   // ─── Unified auth middleware (replaces both REST authMiddleware and contextFunction auth) ─────
   app.use(createUnifiedAuthMiddleware(dataSources));
-  // ─── Built-in post-auth middleware (multi-tenancy) ─────
-  // Config-driven multi-tenancy middleware runs after auth so it can read req.userPayload.
-  if (configInfo.multiTenancy?.enabled) {
-    const tenantMiddleware = createTenantMiddleware(configInfo.multiTenancy);
-    app.use(tenantMiddleware);
-  }
-  // ─── Post-auth middleware from plugins ─────
+  // ─── Post-auth middleware from BaseServerMiddleware plugins ─────
   // Middleware here has access to the authenticated user via req.userPayload.
-  // Use this for tenant context resolution, org membership loading, etc.
-  if (options?.ExpressMiddlewarePostAuth) {
-    for (const mw of options.ExpressMiddlewarePostAuth) {
-      app.use(mw);
-    }
+  // Contributions come from @RegisterClass(BaseServerMiddleware, key) classes
+  // (e.g., MJTenantFilterMiddleware for multi-tenancy, BCSaaSMiddleware for org context).
+  for (const mw of mwPostAuth) {
+    app.use(mw);
   }
   // ─── OAuth authenticated routes (auth already handled by unified middleware) ─────
@@ -645,10 +697,8 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
   );
   // ─── Post-route middleware (error handlers, catch-alls) ─────
-  if (options?.ExpressMiddlewareAfter) {
-    for (const mw of options.ExpressMiddlewareAfter) {
-      app.use(mw);
-    }
+  for (const mw of mwPostRoute) {
+    app.use(mw);
   }
   // Initialize and start scheduled jobs service if enabled
@@ -664,45 +714,9 @@ export const serve = async (resolverPaths: Array<string>, app: Application = cre
     }
   }
-  // Register provider-level hooks with the global HookRegistry.
-  // Each entry can be a plain function or a { hook, Priority, Namespace } object.
-  if (options?.PreRunViewHooks) {
-    for (const entry of options.PreRunViewHooks) {
-      registerHookEntry('PreRunView', entry);
-    }
-  }
-  if (options?.PostRunViewHooks) {
-    for (const entry of options.PostRunViewHooks) {
-      registerHookEntry('PostRunView', entry);
-    }
-  }
-  if (options?.PreSaveHooks) {
-    for (const entry of options.PreSaveHooks) {
-      registerHookEntry('PreSave', entry);
-    }
-  }
-  // Auto-register multi-tenancy hooks when enabled in config
-  // (The tenant Express middleware was already registered above in the post-auth slot)
-  if (configInfo.multiTenancy?.enabled) {
-    console.log('[MultiTenancy] Enabled — registering tenant isolation hooks');
-    const tenantConfig = configInfo.multiTenancy;
-    // Register tenant PreRunView hook (injects WHERE clauses)
-    // Priority 50 + namespace allows middle layers to replace with their own implementation
-    HookRegistry.Register('PreRunView', createTenantPreRunViewHook(tenantConfig), {
-      Priority: 50,
-      Namespace: 'mj:tenantFilter',
-    });
-    // Register tenant PreSave hook (validates tenant column on writes)
-    HookRegistry.Register('PreSave', createTenantPreSaveHook(tenantConfig), {
-      Priority: 50,
-      Namespace: 'mj:tenantSave',
-    });
-    console.log(`[MultiTenancy] Context source: ${tenantConfig.contextSource}, scoping: ${tenantConfig.scopingStrategy}, write protection: ${tenantConfig.writeProtection}`);
-  }
+  // Data hooks are now registered via BaseServerMiddleware classes above
+  // (e.g., MJTenantFilterMiddleware registers PreRunView and PreSave hooks).
+  // No config-bag hook registration needed.
   if (options?.onBeforeServe) {
     await Promise.resolve(options.onBeforeServe());

package/src/middleware/BaseServerMiddleware.ts ADDED Viewed

@@ -0,0 +1,141 @@
+/**
+ * Base class for server middleware that intercepts the MJServer request pipeline.
+ *
+ * Subclasses register via @RegisterClass(BaseServerMiddleware, key) and are
+ * discovered by serve() via ClassFactory.GetAllRegistrations().
+ *
+ * Key-based deduplication: If two middleware classes register with the same key,
+ * ClassFactory returns the highest-priority one -- the other is replaced.
+ * This is how BCSaaS replaces MJ's built-in tenant filtering.
+ *
+ * For adding new routes/endpoints (webhooks, bot endpoints), see
+ * ServerExtensionsCore and BaseServerExtension (PR #2037).
+ * BaseServerMiddleware is for intercepting the existing pipeline, not adding to it.
+ */
+import type { RequestHandler, ErrorRequestHandler, Application } from 'express';
+import type { ApolloServerPlugin } from '@apollo/server';
+import type { GraphQLSchema } from 'graphql';
+import type { RunViewParams, UserInfo, BaseEntity, RunViewResult } from '@memberjunction/core';
+export abstract class BaseServerMiddleware {
+    // --- Identity ---
+    /**
+     * Human-readable label for logging (e.g., 'mj:tenantFilter', 'bcsaas').
+     */
+    abstract get Label(): string;
+    /**
+     * Whether this middleware is active. Override to check config, env vars, etc.
+     * Disabled middleware classes are never instantiated or activated by serve().
+     * Default: true.
+     */
+    get Enabled(): boolean { return true; }
+    // --- Lifecycle ---
+    /**
+     * Optional async initialization (read config, warm caches, etc.).
+     * Called by serve() after instantiation, before middleware/hooks are extracted.
+     */
+    async Initialize(): Promise<void> { /* no-op by default */ }
+    // --- Express Middleware ---
+    // Each method corresponds to a named slot in the request pipeline.
+    // Override to contribute middleware at that stage.
+    // Default implementations return empty arrays (no-op).
+    /**
+     * Express middleware applied BEFORE authentication.
+     * Runs after compression but before OAuth/REST/GraphQL routes.
+     * Use for: rate limiting, request logging, custom headers.
+     */
+    GetPreAuthMiddleware(): RequestHandler[] { return []; }
+    /**
+     * Express middleware that runs AFTER authentication has resolved UserInfo.
+     * The authenticated user payload is available at req.userPayload.
+     * Use for: tenant context resolution, org membership loading.
+     */
+    GetPostAuthMiddleware(): RequestHandler[] { return []; }
+    /**
+     * Express middleware/error handlers applied AFTER all routes.
+     * Use for: catch-all error handlers, response logging.
+     */
+    GetPostRouteMiddleware(): (RequestHandler | ErrorRequestHandler)[] { return []; }
+    // --- Express App Configuration ---
+    /**
+     * Optional escape hatch for advanced Express app configuration.
+     * Called once during server setup with the Express app instance.
+     * Use for: trust proxy settings, custom CORS, body parser config.
+     * Return undefined to skip (default).
+     */
+    ConfigureExpressApp?(app: Application): void | Promise<void>;
+    // --- Apollo / GraphQL Extensions ---
+    /**
+     * Additional Apollo Server plugins merged with built-in plugins.
+     * Use for: query tracing, caching, custom error formatting.
+     */
+    GetApolloPlugins(): ApolloServerPlugin[] { return []; }
+    /**
+     * Schema transformers applied after built-in directive transformers.
+     * Use for: custom directives, schema stitching, field-level auth.
+     */
+    GetSchemaTransformers(): ((schema: GraphQLSchema) => GraphQLSchema)[] { return []; }
+    // --- Resolver Discovery ---
+    /**
+     * Additional TypeGraphQL resolver glob paths to include in the Apollo schema.
+     * serve() collects these from all active middleware and adds them to the
+     * resolvers array passed to buildSchema().
+     *
+     * Return absolute glob paths (use `path.join(__dirname, ...)` or equivalent).
+     *
+     * Use for: Open App resolvers, domain-specific GraphQL queries/mutations
+     * that live outside MJServer's built-in resolver set.
+     *
+     * @example
+     * ```typescript
+     * GetResolverPaths(): string[] {
+     *     return [path.join(__dirname, 'resolvers', '*Resolver.{js,ts}')];
+     * }
+     * ```
+     */
+    GetResolverPaths(): string[] { return []; }
+    // --- Data Hooks ---
+    // Override any of these to intercept data operations.
+    // Default implementations are pass-through (no-op).
+    /**
+     * Hook that runs before a RunView operation. Can modify the RunViewParams
+     * (e.g., injecting tenant filters) before execution.
+     */
+    PreRunView(params: RunViewParams, contextUser: UserInfo | undefined): RunViewParams | Promise<RunViewParams> {
+        return params;
+    }
+    /**
+     * Hook that runs after a RunView operation completes. Can modify the result
+     * (e.g., filtering or augmenting data) before it is returned to the caller.
+     */
+    PostRunView(params: RunViewParams, results: RunViewResult, contextUser: UserInfo | undefined): RunViewResult | Promise<RunViewResult> {
+        return results;
+    }
+    /**
+     * Hook that runs before a Save operation on a BaseEntity.
+     * Return true to allow, false to reject silently, or a string to reject with that error message.
+     */
+    PreSave(entity: BaseEntity, contextUser: UserInfo | undefined): boolean | string | Promise<boolean | string> {
+        return true;
+    }
+}