npm - @memberjunction/server - Versions diffs - 5.4.0 → 5.5.0 - Mend

@memberjunction/server 5.4.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

package/dist/agents/skip-sdk.js +2 -2
package/dist/agents/skip-sdk.js.map +1 -1
package/dist/auth/AuthProviderFactory.d.ts +9 -0
package/dist/auth/AuthProviderFactory.d.ts.map +1 -1
package/dist/auth/AuthProviderFactory.js +27 -1
package/dist/auth/AuthProviderFactory.js.map +1 -1
package/dist/auth/index.d.ts +6 -4
package/dist/auth/index.d.ts.map +1 -1
package/dist/auth/index.js +10 -6
package/dist/auth/index.js.map +1 -1
package/dist/config.d.ts +37 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +7 -0
package/dist/config.js.map +1 -1
package/dist/context.d.ts +2 -2
package/dist/context.d.ts.map +1 -1
package/dist/context.js +52 -15
package/dist/context.js.map +1 -1
package/dist/generated/generated.d.ts +944 -843
package/dist/generated/generated.d.ts.map +1 -1
package/dist/generated/generated.js +5269 -6194
package/dist/generated/generated.js.map +1 -1
package/dist/generic/ResolverBase.d.ts.map +1 -1
package/dist/generic/ResolverBase.js +9 -0
package/dist/generic/ResolverBase.js.map +1 -1
package/dist/generic/RunViewResolver.d.ts +3 -1
package/dist/generic/RunViewResolver.d.ts.map +1 -1
package/dist/generic/RunViewResolver.js +25 -6
package/dist/generic/RunViewResolver.js.map +1 -1
package/dist/index.d.ts +6 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +181 -22
package/dist/index.js.map +1 -1
package/dist/resolvers/ActionResolver.js +4 -4
package/dist/resolvers/ActionResolver.js.map +1 -1
package/dist/resolvers/ComponentRegistryResolver.d.ts.map +1 -1
package/dist/resolvers/ComponentRegistryResolver.js +5 -4
package/dist/resolvers/ComponentRegistryResolver.js.map +1 -1
package/dist/resolvers/FileResolver.d.ts.map +1 -1
package/dist/resolvers/FileResolver.js +3 -2
package/dist/resolvers/FileResolver.js.map +1 -1
package/dist/resolvers/RunAIAgentResolver.js +3 -3
package/dist/resolvers/RunAIAgentResolver.js.map +1 -1
package/dist/resolvers/SqlLoggingConfigResolver.d.ts.map +1 -1
package/dist/resolvers/SqlLoggingConfigResolver.js.map +1 -1
package/dist/resolvers/SyncRolesUsersResolver.d.ts.map +1 -1
package/dist/resolvers/SyncRolesUsersResolver.js +4 -3
package/dist/resolvers/SyncRolesUsersResolver.js.map +1 -1
package/dist/resolvers/UserFavoriteResolver.d.ts.map +1 -1
package/dist/resolvers/UserFavoriteResolver.js +4 -3
package/dist/resolvers/UserFavoriteResolver.js.map +1 -1
package/dist/rest/OAuthCallbackHandler.d.ts.map +1 -1
package/dist/rest/OAuthCallbackHandler.js +4 -3
package/dist/rest/OAuthCallbackHandler.js.map +1 -1
package/package.json +58 -53
package/src/__tests__/databaseAbstraction.test.ts +816 -0
package/src/agents/skip-sdk.ts +2 -2
package/src/auth/AuthProviderFactory.ts +31 -1
package/src/auth/__tests__/backward-compatibility.test.ts +114 -0
package/src/auth/index.ts +14 -9
package/src/config.ts +9 -0
package/src/context.ts +65 -20
package/src/generated/generated.ts +5056 -6164
package/src/generic/ResolverBase.ts +9 -0
package/src/generic/RunViewResolver.ts +24 -7
package/src/index.ts +207 -23
package/src/resolvers/ActionResolver.ts +4 -4
package/src/resolvers/ComponentRegistryResolver.ts +8 -7
package/src/resolvers/FileResolver.ts +3 -2
package/src/resolvers/RunAIAgentResolver.ts +3 -3
package/src/resolvers/SqlLoggingConfigResolver.ts +8 -7
package/src/resolvers/SyncRolesUsersResolver.ts +4 -3
package/src/resolvers/UserFavoriteResolver.ts +4 -3
package/src/rest/OAuthCallbackHandler.ts +4 -3

package/src/agents/skip-sdk.ts CHANGED Viewed

@@ -34,7 +34,7 @@ import { gzip as gzipCompress, createGunzip } from 'zlib';
 import { configInfo, baseUrl, publicUrl, graphqlPort, graphqlRootPath, apiKey as callbackAPIKey } from '../config.js';
 import { GetAIAPIKey } from '@memberjunction/ai';
 import { AIEngine } from '@memberjunction/aiengine';
-import { CopyScalarsAndArrays } from '@memberjunction/global';
+import { CopyScalarsAndArrays, UUIDsEqual } from '@memberjunction/global';
 import mssql from 'mssql';
 import { registerAccessToken, GetDataAccessToken } from '../resolvers/GetDataResolver.js';
 import { BehaviorSubject } from 'rxjs';
@@ -493,7 +493,7 @@ export class SkipSDK {
      * Recursively build category path for a query
      */
     private buildQueryCategoryPath(md: Metadata, categoryID: string): string {
-        const cat = md.QueryCategories.find((c) => c.ID === categoryID);
+        const cat = md.QueryCategories.find((c) => UUIDsEqual(c.ID, categoryID));
         if (!cat) return '';
         if (!cat.ParentID) return cat.Name;
         const parentPath = this.buildQueryCategoryPath(md, cat.ParentID);

package/src/auth/AuthProviderFactory.ts CHANGED Viewed

@@ -18,6 +18,7 @@ export class AuthProviderFactory {
   private static instance: AuthProviderFactory;
   private providers: Map<string, IAuthProvider> = new Map();
   private issuerCache: Map<string, IAuthProvider> = new Map();
+  private issuerMultiCache: Map<string, IAuthProvider[]> = new Map();
   private constructor() {}
@@ -67,8 +68,9 @@ export class AuthProviderFactory {
     this.providers.set(provider.name, provider);
-    // Clear issuer cache when registering new provider
+    // Clear issuer caches when registering new provider
     this.issuerCache.clear();
+    this.issuerMultiCache.clear();
     console.log(`Registered auth provider: ${provider.name} with issuer: ${provider.issuer}`);
   }
@@ -94,6 +96,33 @@ export class AuthProviderFactory {
     return undefined;
   }
+  /**
+   * Gets all providers matching an issuer URL.
+   * Unlike getByIssuer() which returns only the first match, this returns
+   * all providers for a given issuer. This is needed when multiple apps
+   * (e.g. MJExplorer + MJCentral) share the same Auth0 domain but have
+   * different audiences (client IDs).
+   */
+  getAllByIssuer(issuer: string): IAuthProvider[] {
+    // Check multi-provider cache first
+    if (this.issuerMultiCache.has(issuer)) {
+      return this.issuerMultiCache.get(issuer)!;
+    }
+    const matches: IAuthProvider[] = [];
+    for (const provider of this.providers.values()) {
+      if (provider.matchesIssuer(issuer)) {
+        matches.push(provider);
+      }
+    }
+    if (matches.length > 0) {
+      this.issuerMultiCache.set(issuer, matches);
+    }
+    return matches;
+  }
   /**
    * Gets a provider by its name
    */
@@ -121,6 +150,7 @@ export class AuthProviderFactory {
   clear(): void {
     this.providers.clear();
     this.issuerCache.clear();
+    this.issuerMultiCache.clear();
   }
   /**

package/src/auth/__tests__/backward-compatibility.test.ts CHANGED Viewed

@@ -147,6 +147,120 @@ describe('Authentication Provider Backward Compatibility', () => {
     });
   });
+  describe('Multi-Audience Same-Issuer Support', () => {
+    it('should return all providers matching the same issuer via getAllByIssuer()', () => {
+      const sharedIssuer = 'https://auth.example.com/';
+      const provider1 = {
+        name: 'app1',
+        issuer: sharedIssuer,
+        audience: 'client-id-app1',
+        jwksUri: 'https://auth.example.com/.well-known/jwks.json',
+        validateConfig: () => true,
+        getSigningKey: vi.fn(),
+        extractUserInfo: vi.fn(),
+        matchesIssuer: (iss: string) => iss === sharedIssuer,
+      } as IAuthProvider;
+      const provider2 = {
+        name: 'app2',
+        issuer: sharedIssuer,
+        audience: 'client-id-app2',
+        jwksUri: 'https://auth.example.com/.well-known/jwks.json',
+        validateConfig: () => true,
+        getSigningKey: vi.fn(),
+        extractUserInfo: vi.fn(),
+        matchesIssuer: (iss: string) => iss === sharedIssuer,
+      } as IAuthProvider;
+      factory.register(provider1);
+      factory.register(provider2);
+      const results = factory.getAllByIssuer(sharedIssuer);
+      expect(results).toHaveLength(2);
+      expect(results).toContain(provider1);
+      expect(results).toContain(provider2);
+    });
+    it('should return empty array from getAllByIssuer() for unknown issuer', () => {
+      const results = factory.getAllByIssuer('https://unknown.example.com');
+      expect(results).toEqual([]);
+    });
+    it('should cache getAllByIssuer() results and invalidate on registration', () => {
+      const sharedIssuer = 'https://auth.example.com/';
+      const provider1 = {
+        name: 'app1',
+        issuer: sharedIssuer,
+        audience: 'client-id-app1',
+        jwksUri: 'https://auth.example.com/.well-known/jwks.json',
+        validateConfig: () => true,
+        getSigningKey: vi.fn(),
+        extractUserInfo: vi.fn(),
+        matchesIssuer: vi.fn((iss: string): boolean => iss === sharedIssuer),
+      } as IAuthProvider;
+      factory.register(provider1);
+      // First call populates cache
+      const first = factory.getAllByIssuer(sharedIssuer);
+      expect(first).toHaveLength(1);
+      expect(provider1.matchesIssuer).toHaveBeenCalledTimes(1);
+      // Second call uses cache
+      const second = factory.getAllByIssuer(sharedIssuer);
+      expect(second).toHaveLength(1);
+      expect(provider1.matchesIssuer).toHaveBeenCalledTimes(1);
+      // Registering a new provider invalidates the cache
+      const provider2 = {
+        name: 'app2',
+        issuer: sharedIssuer,
+        audience: 'client-id-app2',
+        jwksUri: 'https://auth.example.com/.well-known/jwks.json',
+        validateConfig: () => true,
+        getSigningKey: vi.fn(),
+        extractUserInfo: vi.fn(),
+        matchesIssuer: vi.fn((iss: string): boolean => iss === sharedIssuer),
+      } as IAuthProvider;
+      factory.register(provider2);
+      // After registration, cache is cleared, so matchesIssuer is called again
+      const third = factory.getAllByIssuer(sharedIssuer);
+      expect(third).toHaveLength(2);
+      // provider1.matchesIssuer called once more (from the new lookup)
+      expect(provider1.matchesIssuer).toHaveBeenCalledTimes(2);
+    });
+    it('should not include providers with different issuers', () => {
+      const provider1 = {
+        name: 'app1',
+        issuer: 'https://issuer-a.com/',
+        audience: 'client-a',
+        jwksUri: 'https://issuer-a.com/.well-known/jwks.json',
+        validateConfig: () => true,
+        getSigningKey: vi.fn(),
+        extractUserInfo: vi.fn(),
+        matchesIssuer: (iss: string) => iss === 'https://issuer-a.com/',
+      } as IAuthProvider;
+      const provider2 = {
+        name: 'app2',
+        issuer: 'https://issuer-b.com/',
+        audience: 'client-b',
+        jwksUri: 'https://issuer-b.com/.well-known/jwks.json',
+        validateConfig: () => true,
+        getSigningKey: vi.fn(),
+        extractUserInfo: vi.fn(),
+        matchesIssuer: (iss: string) => iss === 'https://issuer-b.com/',
+      } as IAuthProvider;
+      factory.register(provider1);
+      factory.register(provider2);
+      const results = factory.getAllByIssuer('https://issuer-a.com/');
+      expect(results).toHaveLength(1);
+      expect(results[0]).toBe(provider1);
+    });
+  });
   describe('Error Handling', () => {
     it('should handle missing provider gracefully', () => {
       const unknownIssuer = 'https://unknown.provider.com';

package/src/auth/index.ts CHANGED Viewed

@@ -47,20 +47,25 @@ const refreshUserCache = async (dataSource?: sql.ConnectionPool) => {
 };
 /**
- * Gets validation options for a specific issuer
- * This maintains backward compatibility with the old structure
+ * Gets validation options for a specific issuer.
+ * When multiple providers share the same issuer (e.g. two Auth0 apps on
+ * the same domain with different audiences/client IDs), all unique audiences
+ * are aggregated into an array. jwt.verify() natively accepts string | string[].
  */
-export const getValidationOptions = (issuer: string): { audience: string; jwksUri: string } | undefined => {
+export const getValidationOptions = (issuer: string): { audience: string | string[]; jwksUri: string } | undefined => {
   const factory = AuthProviderFactory.getInstance();
-  const provider = factory.getByIssuer(issuer);
-  if (!provider) {
+  const providers = factory.getAllByIssuer(issuer);
+  if (providers.length === 0) {
     return undefined;
   }
+  // Collect unique audiences from all providers matching this issuer
+  const audiences = [...new Set(providers.map(p => p.audience))];
   return {
-    audience: provider.audience,
-    jwksUri: provider.jwksUri
+    audience: audiences.length === 1 ? audiences[0] : audiences,
+    jwksUri: providers[0].jwksUri  // Same issuer = same JWKS endpoint
   };
 };
@@ -68,7 +73,7 @@ export const getValidationOptions = (issuer: string): { audience: string; jwksUr
  * Backward compatible validationOptions object
  * @deprecated Use getValidationOptions() or AuthProviderRegistry instead
  */
-export const validationOptions: Record<string, { audience: string; jwksUri: string }> = new Proxy({}, {
+export const validationOptions: Record<string, { audience: string | string[]; jwksUri: string }> = new Proxy({}, {
   get: (target, prop: string) => {
     return getValidationOptions(prop);
   },

package/src/config.ts CHANGED Viewed

@@ -140,6 +140,13 @@ const scheduledJobsSchema = z.object({
   staleLockCleanupInterval: z.number().optional().default(300000), // 5 minutes in ms
 });
+const queryDialectSchema = z.object({
+  /** When true, saving a Query entity auto-generates QuerySQL entries for configured target dialects */
+  autoConvertOnSave: zodBooleanWithTransforms().default(false),
+  /** List of SQLDialect PlatformKey values to auto-convert to (e.g., ['postgresql']) */
+  targetPlatforms: z.array(z.string()).optional().default([]),
+});
 const telemetrySchema = z.object({
   enabled: zodBooleanWithTransforms().default(
     process.env.MJ_TELEMETRY_ENABLED !== 'false' // Enabled by default unless explicitly disabled
@@ -158,6 +165,7 @@ const configInfoSchema = z.object({
   componentRegistries: z.array(componentRegistrySchema).optional(),
   scheduledJobs: scheduledJobsSchema.optional().default({}),
   telemetry: telemetrySchema.optional().default({}),
+  queryDialects: queryDialectSchema.optional().default({}),
   apiKey: z.string().optional(),
   baseUrl: z.string().default('http://localhost'),
@@ -201,6 +209,7 @@ export type AuthProviderConfig = z.infer<typeof authProviderSchema>;
 export type ComponentRegistryConfig = z.infer<typeof componentRegistrySchema>;
 export type ScheduledJobsConfig = z.infer<typeof scheduledJobsSchema>;
 export type TelemetryConfig = z.infer<typeof telemetrySchema>;
+export type QueryDialectConfig = z.infer<typeof queryDialectSchema>;
 export type ConfigInfo = z.infer<typeof configInfoSchema>;
 /**

package/src/context.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import { DatabaseProviderBase } from '@memberjunction/core';
 import { SQLServerDataProvider, SQLServerProviderConfigData, UserCache } from '@memberjunction/sqlserver-dataprovider';
 import { AuthProviderFactory } from './auth/AuthProviderFactory.js';
 import { Metadata } from '@memberjunction/core';
+import { UUIDsEqual } from '@memberjunction/global';
 import { GetAPIKeyEngine } from '@memberjunction/api-keys';
 const verifyAsync = async (issuer: string, token: string): Promise<jwt.JwtPayload> =>
@@ -27,7 +28,14 @@ const verifyAsync = async (issuer: string, token: string): Promise<jwt.JwtPayloa
       return;
     }
-    jwt.verify(token, getSigningKeys(issuer), options, (err, jwt) => {
+    const verifyOptions: jwt.VerifyOptions = {};
+    if (Array.isArray(options.audience)) {
+      verifyOptions.audience = options.audience as [string, ...string[]];
+    } else {
+      verifyOptions.audience = options.audience;
+    }
+    jwt.verify(token, getSigningKeys(issuer), verifyOptions, (err, jwt) => {
       if (jwt && typeof jwt !== 'string' && !err) {
         const payload = jwt.payload ?? jwt;
@@ -96,7 +104,7 @@ export const getUserPayload = async (
         // Get the user from UserCache to ensure UserRoles is properly populated
         // The validationResult.User from APIKeyEngine doesn't include UserRoles
         const cachedUser = UserCache.Instance.Users.find(
-          u => u.ID === validationResult.User.ID
+          u => UUIDsEqual(u.ID, validationResult.User.ID)
         );
         // Use cached user if available, otherwise fall back to the validation result
@@ -247,22 +255,59 @@ export const contextFunction =
       console.warn('WARNING: No entities found in global/shared metadata, this can often be due to the use of **global** Metadata/RunView/DB Providers in a multi-user environment. Check your code to make sure you are using the providers passed to you in AppContext by MJServer and not calling new Metadata() new RunView() new RunQuery() and similar patterns as those are unstable at times in multi-user server environments!!!');
     }
-    // now create a new instance of SQLServerDataProvider for each request
-    const config = new SQLServerProviderConfigData(dataSource, mj_core_schema, 0, undefined, undefined, false);
-    const p = new SQLServerDataProvider();
-    await p.Config(config);
-    let rp = null;
-    try {
-      const readOnlyDataSource = GetReadOnlyDataSource(dataSources, { allowFallbackToReadWrite: false });
-      if (readOnlyDataSource) {
-        rp = new SQLServerDataProvider();
-        const rConfig = new SQLServerProviderConfigData(readOnlyDataSource, mj_core_schema, 0, undefined, undefined, false);
-        await rp.Config(rConfig);
+    // Create per-request provider instance based on database type
+    const dbType = process.env.DB_TYPE?.toLowerCase();
+    const isPostgres = dbType === 'postgresql' || dbType === 'postgres' || dbType === 'pg';
+    let p: DatabaseProviderBase;
+    if (isPostgres) {
+      const { PostgreSQLDataProvider, PostgreSQLProviderConfigData } = await import('@memberjunction/postgresql-dataprovider');
+      const pgHost = process.env.PG_HOST || process.env.DB_HOST || 'localhost';
+      const pgPort = parseInt(process.env.PG_PORT || process.env.DB_PORT || '5432', 10);
+      const pgUser = process.env.PG_USERNAME || process.env.DB_USERNAME || 'postgres';
+      const pgPass = process.env.PG_PASSWORD || process.env.DB_PASSWORD || '';
+      const pgDatabase = process.env.PG_DATABASE || process.env.DB_DATABASE || '';
+      const pgProvider = new PostgreSQLDataProvider();
+      const pgConfig = new PostgreSQLProviderConfigData(
+        { Host: pgHost, Port: pgPort, Database: pgDatabase, User: pgUser, Password: pgPass },
+        mj_core_schema,
+        0,
+        undefined,
+        undefined,
+        false, // use existing metadata from global provider
+      );
+      // Share the connection pool from the primary provider to avoid pool exhaustion.
+      // Each per-request provider was creating its own pool, leading to "too many clients" errors.
+      const primaryProvider = Metadata.Provider as unknown as { DatabaseConnection?: import('pg').Pool };
+      if (primaryProvider?.DatabaseConnection) {
+        await pgProvider.ConfigWithSharedPool(pgConfig, primaryProvider.DatabaseConnection);
+      } else {
+        await pgProvider.Config(pgConfig);
       }
+      p = pgProvider;
+    } else {
+      const config = new SQLServerProviderConfigData(dataSource, mj_core_schema, 0, undefined, undefined, false);
+      const sqlProvider = new SQLServerDataProvider();
+      await sqlProvider.Config(config);
+      p = sqlProvider as unknown as DatabaseProviderBase;
     }
-    catch (e) {
-      // no read only data source available, so rp will remain null, this is OK!
+    let rp: DatabaseProviderBase | null = null;
+    if (!isPostgres) {
+      try {
+        const readOnlyDataSource = GetReadOnlyDataSource(dataSources, { allowFallbackToReadWrite: false });
+        if (readOnlyDataSource) {
+          const roProvider = new SQLServerDataProvider();
+          const rConfig = new SQLServerProviderConfigData(readOnlyDataSource, mj_core_schema, 0, undefined, undefined, false);
+          await roProvider.Config(rConfig);
+          rp = roProvider as unknown as DatabaseProviderBase;
+        }
+      }
+      catch (_err) {
+        // no read only data source available, so rp will remain null, this is OK!
+      }
     }
     const providers = [{
@@ -276,12 +321,12 @@ export const contextFunction =
       });
     }
-    const contextResult = {
-      dataSource,
-      dataSources,
+    const contextResult = {
+      dataSource,
+      dataSources,
       userPayload: userPayload,
       providers,
     };
     return contextResult;
   };