@naturalcycles/backend-lib 2.60.0 → 2.60.4

package/CHANGELOG.md

@@ -1,3 +1,31 @@
+## [2.60.4](https://github.com/NaturalCycles/backend-lib/compare/v2.60.3...v2.60.4) (2021-10-21)
+
+
+### Bug Fixes
+
+* deps, use process.uptime in statusHandler ([8d3389d](https://github.com/NaturalCycles/backend-lib/commit/8d3389d8908954af9a375a6d7fb95aefc1b08e5f))
+
+## [2.60.3](https://github.com/NaturalCycles/backend-lib/compare/v2.60.2...v2.60.3) (2021-10-15)
+
+
+### Bug Fixes
+
+* deps (firebase-admin@10) ([50fe05b](https://github.com/NaturalCycles/backend-lib/commit/50fe05be92cb4345b809096d3b45b1b099bc2ea5))
+
+## [2.60.2](https://github.com/NaturalCycles/backend-lib/compare/v2.60.1...v2.60.2) (2021-10-09)
+
+
+### Bug Fixes
+
+* login.html by inroducing an `/admin/login` endpoint ([6e16d0f](https://github.com/NaturalCycles/backend-lib/commit/6e16d0fd8f26d35dd562687a29a120b32d9f2717))
+
+## [2.60.1](https://github.com/NaturalCycles/backend-lib/compare/v2.60.0...v2.60.1) (2021-10-04)
+
+
+### Bug Fixes
+
+* deps ([ef0fa52](https://github.com/NaturalCycles/backend-lib/commit/ef0fa52fabd9f905592f69cfeed651011faf6578))
+
 # [2.60.0](https://github.com/NaturalCycles/backend-lib/compare/v2.59.3...v2.60.0) (2021-09-04)
 
 

package/dist/admin/admin.mw.d.ts

@@ -12,6 +12,11 @@ export interface RequireAdminCfg {
      */
     apiHost?: string;
     urlStartsWith?: string;
+    /**
+     * Defaults to `true`.
+     * Set to `false` to debug login issues.
+     */
+    autoLogin?: boolean;
 }
 export declare type AdminMiddleware = (reqPermissions?: string[], cfg?: RequireAdminCfg) => RequestHandler;
 export declare function createAdminMiddleware(adminService: BaseAdminService, cfgDefaults?: RequireAdminCfg): AdminMiddleware;

package/dist/admin/admin.mw.js

@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getLoginHtmlRedirect = exports.loginHtml = exports.requireAdminPermissions = exports.createAdminMiddleware = void 0;
+const fs = require("fs");
 const js_lib_1 = require("@naturalcycles/js-lib");
 const nodejs_lib_1 = require("@naturalcycles/nodejs-lib");
 const ejs = require("ejs");
-const fs = require("fs");
 const log = (0, nodejs_lib_1.Debug)('nc:backend-lib:admin');
 function createAdminMiddleware(adminService, cfgDefaults = {}) {
     return (reqPermissions, cfg) => requireAdminPermissions(adminService, reqPermissions, {
@@ -20,7 +20,7 @@ exports.createAdminMiddleware = createAdminMiddleware;
  * Otherwise will just pass.
  */
 function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
-    const { loginHtmlPath = '/login.html', urlStartsWith, apiHost } = cfg;
+    const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg;
     return async (req, res, next) => {
         if (urlStartsWith && !req.url.startsWith(urlStartsWith))
             return next();
@@ -31,7 +31,7 @@ function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
         catch (err) {
             if (err instanceof js_lib_1.HttpError && err.data.adminAuthRequired) {
                 // Redirect to login.html
-                const href = `${loginHtmlPath}?autoLogin=1&returnUrl=\${encodeURIComponent(location.href)}${apiHost ? '&apiHost=' + apiHost : ''}`;
+                const href = `${loginHtmlPath}?${autoLogin ? 'autoLogin=1&' : ''}returnUrl=\${encodeURIComponent(location.href)}${apiHost ? '&apiHost=' + apiHost : ''}`;
                 res.status(401).send(getLoginHtmlRedirect(href));
             }
             else {

package/dist/admin/base.admin.service.d.ts

@@ -1,4 +1,4 @@
-import { Request } from 'express';
+import { Request, RequestHandler } from 'express';
 import type * as FirebaseAdmin from 'firebase-admin';
 export interface AdminServiceCfg {
     /**
@@ -52,4 +52,14 @@ export declare class BaseAdminService {
     requirePermissions(req: Request, reqPermissions?: string[], meta?: Record<string, any>, andComparison?: boolean): Promise<AdminInfo>;
     hasPermission(req: Request, reqPermission: string, meta?: Record<string, any>): Promise<boolean>;
     requirePermission(req: Request, reqPermission: string, meta?: Record<string, any>): Promise<AdminInfo>;
+    /**
+     * Install it on POST /admin/login url
+     *
+     * It takes a POST request with `Authentication` header, that contains `accessToken` from Firebase Auth.
+     * Backend doesn't validate the token, but only does `setCookie` (secure, httpOnly), returns http 204 (ok, empty response).
+     * Frontend (login.html page) will then proceed with redirecting to `returnUrl`.
+     *
+     * Same endpoint is used to logout, but the `Authentication` header should contain `logout` magic string.
+     */
+    getFirebaseAuthLoginHandler(): RequestHandler;
 }

package/dist/admin/base.admin.service.js

@@ -153,5 +153,39 @@ class BaseAdminService {
     async requirePermission(req, reqPermission, meta) {
         return await this.requirePermissions(req, [reqPermission], meta);
     }
+    /**
+     * Install it on POST /admin/login url
+     *
+     * It takes a POST request with `Authentication` header, that contains `accessToken` from Firebase Auth.
+     * Backend doesn't validate the token, but only does `setCookie` (secure, httpOnly), returns http 204 (ok, empty response).
+     * Frontend (login.html page) will then proceed with redirecting to `returnUrl`.
+     *
+     * Same endpoint is used to logout, but the `Authentication` header should contain `logout` magic string.
+     */
+    getFirebaseAuthLoginHandler() {
+        return async (req, res) => {
+            const token = req.header('authentication');
+            (0, js_lib_1._assert)(token, `401 Unauthenticated`, {
+                userFriendly: true,
+                httpStatusCode: 401,
+            });
+            let maxAge = 1000 * 60 * 60 * 24 * 30; // 30 days
+            // Special case
+            if (token === 'logout') {
+                // delete the cookie
+                maxAge = 0;
+            }
+            res
+                .cookie(this.cfg.adminTokenKey, token, {
+                maxAge,
+                sameSite: 'lax',
+                // comment these 2 lines to debug on localhost
+                httpOnly: true,
+                secure: true,
+            })
+                .status(204)
+                .end();
+        };
+    }
 }
 exports.BaseAdminService = BaseAdminService;

package/dist/admin/login.html

@@ -6,11 +6,12 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
 
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-app.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-auth.js"></script>
-    <script src="https://unpkg.com/vue@2.6.10/dist/vue.min.js"></script>
-
-    <link href="https://unpkg.com/bootstrap@4.1.3/dist/css/bootstrap.min.css" rel="stylesheet" />
+    <!-- CSS only -->
+    <link
+      href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.2/dist/css/bootstrap.min.css"
+      rel="stylesheet"
+      crossorigin="anonymous"
+    />
   </head>
   <body>
     <div id="app" style="padding: 40px 50px">
@@ -28,33 +29,54 @@
       </div>
     </div>
 
-    <script>
+    <script type="module">
+      import { createApp } from 'https://cdn.jsdelivr.net/npm/vue@3.2.20/dist/vue.esm-browser.prod.js'
+      import { initializeApp } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-app.js'
+      import {
+        getAuth,
+        GoogleAuthProvider,
+        onAuthStateChanged,
+        signInWithRedirect,
+      } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-auth.js'
+
       const apiKey = '<%= firebaseApiKey %>'
       const authDomain = '<%= firebaseAuthDomain %>'
-      const authProvider = '<%= firebaseAuthProvider %>'
+      // const authProvider = '<%= firebaseAuthProvider %>'
 
       if (!apiKey || !authDomain) {
         alert(`Error: 'apiKey' or 'authDomain' is missing!`)
       }
 
-      const qs = parseQuery(location.search)
-      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
-      console.log(qs)
+      // Initialize Firebase
+      initializeApp({
+        apiKey,
+        authDomain,
+      })
 
-      const provider = new firebase.auth[authProvider]()
+      const auth = getAuth()
+      const provider = new GoogleAuthProvider()
 
-      const app = new Vue({
-        el: '#app',
+      onAuthStateChanged(auth, user => {
+        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
+        console.log('onAuthStateChanged, user: ', user)
+        onUser(user)
+      })
 
-        data: {
-          loading: 'Loading...',
-          user: undefined,
-        },
+      const qs = Object.fromEntries(new URLSearchParams(location.search))
+      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
+      console.log(qs)
 
+      const app = createApp({
+        data() {
+          return {
+            loading: 'Loading...',
+            user: undefined,
+          }
+        },
         methods: {
           login: async function () {
             try {
-              await firebase.auth().signInWithRedirect(provider)
+              await signInWithRedirect(auth, provider)
             } catch (err) {
               logError(err)
             }
@@ -62,7 +84,9 @@
 
           logout: async function () {
             try {
-              await firebase.auth().signOut()
+              await auth.signOut()
+
+              await postToken('logout') // magic string
 
               if (logout && returnUrl) {
                 alert('Logged out, redurecting back...')
@@ -73,20 +97,7 @@
             }
           },
         },
-      })
-
-      // Initialize Firebase
-      const config = {
-        apiKey,
-        authDomain,
-      }
-      firebase.initializeApp(config)
-
-      firebase.auth().onAuthStateChanged(user => {
-        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
-        console.log('onAuthStateChanged, user: ', user)
-        onUser(user)
-      })
+      }).mount('#app')
 
       if (logout) app.logout()
 
@@ -100,13 +111,16 @@
           if (!user) {
             if (autoLogin) app.login()
           } else {
-            const token = await firebase.auth().currentUser.getIdToken(true)
+            const token = await auth.currentUser.getIdToken()
+
             // alert('idToken')
             // console.log(idToken)
             app.user = Object.assign({}, app.user, {
               token,
             })
 
+            await postToken(token)
+
             // Redirect if needed
             if (returnUrl) {
               // alert(`Logged in as ${app.user.email}, redirecting back...`)
@@ -118,20 +132,19 @@
         }
       }
 
-      function parseQuery(queryString) {
-        const query = {}
-        const pairs = (queryString[0] === '?' ? queryString.substr(1) : queryString).split('&')
-        for (let i = 0; i < pairs.length; i++) {
-          const pair = pairs[i].split('=')
-          query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] || '')
-        }
-        return query
-      }
-
       function logError(err) {
         console.error(err)
         alert('Error\n ' + JSON.stringify(err, null, 2))
       }
+
+      async function postToken(token) {
+        await fetch(`/admin/login`, {
+          method: 'post',
+          headers: {
+            Authentication: token,
+          },
+        })
+      }
     </script>
   </body>
 </html>

package/dist/db/httpDB.d.ts

@@ -1,4 +1,5 @@
-import { BaseCommonDB, CommonDB, CommonDBCreateOptions, CommonDBOptions, CommonDBSaveOptions, CommonDBStreamOptions, CommonSchema, DBQuery, ObjectWithId, RunQueryResult } from '@naturalcycles/db-lib';
+import { JsonSchemaRootObject, ObjectWithId } from '@naturalcycles/js-lib';
+import { BaseCommonDB, CommonDB, CommonDBOptions, CommonDBSaveOptions, CommonDBStreamOptions, DBQuery, RunQueryResult } from '@naturalcycles/db-lib';
 import { GetGotOptions, ReadableTyped } from '@naturalcycles/nodejs-lib';
 export interface HttpDBCfg extends GetGotOptions {
     prefixUrl: string;
@@ -13,7 +14,7 @@ export declare class HttpDB extends BaseCommonDB implements CommonDB {
     private got;
     ping(): Promise<void>;
     getTables(): Promise<string[]>;
-    getTableSchema<ROW extends ObjectWithId>(table: string): Promise<CommonSchema<ROW>>;
+    getTableSchema<ROW extends ObjectWithId>(table: string): Promise<JsonSchemaRootObject<ROW>>;
     resetCache(table?: string): Promise<void>;
     getByIds<ROW extends ObjectWithId>(table: string, ids: string[], opt?: CommonDBOptions): Promise<ROW[]>;
     runQuery<ROW extends ObjectWithId>(query: DBQuery<ROW>, opt?: CommonDBOptions): Promise<RunQueryResult<ROW>>;
@@ -21,6 +22,5 @@ export declare class HttpDB extends BaseCommonDB implements CommonDB {
     saveBatch<ROW extends ObjectWithId>(table: string, rows: ROW[], opt?: CommonDBSaveOptions): Promise<void>;
     deleteByIds(table: string, ids: string[], opt?: CommonDBOptions): Promise<number>;
     deleteByQuery<ROW extends ObjectWithId>(query: DBQuery<ROW>, opt?: CommonDBOptions): Promise<number>;
-    createTable(_schema: CommonSchema, _opt?: CommonDBCreateOptions): Promise<void>;
     streamQuery<ROW extends ObjectWithId>(_q: DBQuery<ROW>, _opt?: CommonDBStreamOptions): ReadableTyped<ROW>;
 }

package/dist/db/httpDB.js

@@ -1,9 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.HttpDB = void 0;
+const stream_1 = require("stream");
 const db_lib_1 = require("@naturalcycles/db-lib");
 const nodejs_lib_1 = require("@naturalcycles/nodejs-lib");
-const stream_1 = require("stream");
 /**
  * Implementation of CommonDB that proxies all requests via HTTP to "httpDBRequestHandler".
  */
@@ -89,9 +89,6 @@ class HttpDB extends db_lib_1.BaseCommonDB {
         })
             .json();
     }
-    async createTable(_schema, _opt) {
-        console.warn(`createTable not implemented`);
-    }
     streamQuery(_q, _opt) {
         console.warn(`streamQuery not implemented`);
         return stream_1.Readable.from([]);

package/dist/db/httpDBRequestHandler.d.ts

@@ -1,4 +1,5 @@
-import { CommonDB, CommonDBOptions, CommonDBSaveOptions, DBQuery, ObjectWithId } from '@naturalcycles/db-lib';
+import { CommonDB, CommonDBOptions, CommonDBSaveOptions, DBQuery } from '@naturalcycles/db-lib';
+import { ObjectWithId } from '@naturalcycles/js-lib';
 import { Router } from 'express';
 export interface GetByIdsInput {
     table: string;

package/dist/deploy/deploy.util.js

@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateGAEServiceName = exports.createAppYaml = exports.createAndSaveAppYaml = exports.createDeployInfo = exports.createAndSaveDeployInfo = void 0;
+const fs = require("fs");
 const js_lib_1 = require("@naturalcycles/js-lib");
 const colors_1 = require("@naturalcycles/nodejs-lib/dist/colors");
 const time_lib_1 = require("@naturalcycles/time-lib");
-const fs = require("fs");
 const yaml = require("js-yaml");
 const APP_YAML_DEFAULT = () => ({
     runtime: 'nodejs14',
@@ -101,10 +101,10 @@ function createAppYaml(backendCfg, deployInfo, projectDir, appYamlPassEnv = '')
     }
     // appYamlPassEnv
     require('dotenv').config(); // ensure .env is read
-    // eslint-disable-next-line unicorn/no-array-reduce
     const passEnv = appYamlPassEnv
         .split(',')
         .filter(Boolean)
+        // eslint-disable-next-line unicorn/no-array-reduce
         .reduce((map, key) => {
         const v = process.env[key];
         if (!v) {

package/dist/deploy/deployHealthCheck.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.deployHealthCheck = exports.deployHealthCheckYargsOptions = void 0;
+const util_1 = require("util");
 const js_lib_1 = require("@naturalcycles/js-lib");
 const nodejs_lib_1 = require("@naturalcycles/nodejs-lib");
 const colors_1 = require("@naturalcycles/nodejs-lib/dist/colors");
 const exec_1 = require("@naturalcycles/nodejs-lib/dist/exec");
-const util_1 = require("util");
 const request_log_util_1 = require("../server/request.log.util");
 exports.deployHealthCheckYargsOptions = {
     thresholdHealthy: {

package/dist/index.d.ts

@@ -32,13 +32,3 @@ import { BackendServer, startServer } from './server/startServer';
 import { StartServerCfg, StartServerData } from './server/startServer.model';
 export type { MethodOverrideCfg, SentrySharedServiceCfg, RequestHandlerWithPath, RequestHandlerCfg, DefaultAppCfg, StartServerCfg, StartServerData, EnvSharedServiceCfg, BaseEnv, AdminMiddleware, AdminServiceCfg, AdminInfo, RequireAdminCfg, SecureHeaderMiddlewareCfg, BodyParserTimeoutCfg, RequestTimeoutCfg, SimpleRequestLoggerCfg, ReqValidationOptions, };
 export { BackendServer, SentrySharedService, EnvSharedService, reqValidation, notFoundHandler, genericErrorHandler, methodOverride, sentryErrorHandler, createDefaultApp, startServer, catchWrapper, getDefaultRouter, isGAE, statusHandler, statusHandlerData, okHandler, getDeployInfo, onFinished, respondWithError, logRequest, FirebaseSharedService, createAdminMiddleware, BaseAdminService, loginHtml, createSecureHeaderMiddleware, bodyParserTimeout, clearBodyParserTimeout, requestTimeout, simpleRequestLogger, coloredHttpCode, getRequestContextProperty, setRequestContextProperty, requestContextMiddleware, requestIdMiddleware, REQUEST_ID_KEY, validateBody, validateParams, validateQuery, };
-declare global {
-    namespace NodeJS {
-        interface ProcessEnv {
-            PORT?: string;
-            GAE_APPLICATION?: string;
-            GAE_SERVICE?: string;
-            GAE_VERSION?: string;
-        }
-    }
-}

package/dist/sentry/sentry.shared.service.js

@@ -17,16 +17,16 @@ class SentrySharedService {
         // Reasons:
         // 1. Can be useful is this module is imported but never actually used
         // 2. Works around memory leak when used with Jest
-        const Sentry = require('@sentry/node');
+        const sentry = require('@sentry/node');
         if (this.sentryServiceCfg.dsn) {
             // Sentry enabled
             log('SentryService init...');
         }
-        Sentry.init({
+        sentry.init({
             maxValueLength: 2000,
             ...this.sentryServiceCfg,
         });
-        return Sentry;
+        return sentry;
     }
     getRequestHandler() {
         return this.sentry().Handlers.requestHandler();

package/dist/server/deployInfo.util.js

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getDeployInfo = void 0;
-const js_lib_1 = require("@naturalcycles/js-lib");
 const fs = require("fs");
+const js_lib_1 = require("@naturalcycles/js-lib");
 exports.getDeployInfo = (0, js_lib_1._memoFn)((projectDir) => {
     const deployInfoPath = `${projectDir}/deployInfo.json`;
     try {

package/dist/server/handlers/reqValidation.mw.js

@@ -11,6 +11,7 @@ function reqValidation(reqProperty, schema, opt = {}) {
             if (opt.redactPaths) {
                 redact(opt.redactPaths, req[reqProperty], error);
                 error.data.joiValidationErrorItems.length = 0; // clears the array
+                delete error.data.annotation;
             }
             return next(new js_lib_1.HttpError(error.message, {
                 httpStatusCode: 400,

package/dist/server/handlers/statusHandler.d.ts

@@ -1,8 +1,3 @@
 import { RequestHandler } from 'express';
-/**
- * @returns unix timestamp in millis
- */
-declare type ServerStartedCallback = () => number | undefined;
-export declare function statusHandler(serverStartedCallback?: ServerStartedCallback, projectDir?: string, extra?: any): RequestHandler;
-export declare function statusHandlerData(serverStartedCallback?: ServerStartedCallback, projectDir?: string, extra?: any): Record<string, any>;
-export {};
+export declare function statusHandler(projectDir?: string, extra?: any): RequestHandler;
+export declare function statusHandlerData(projectDir?: string, extra?: any): Record<string, any>;

package/dist/server/handlers/statusHandler.js

@@ -5,29 +5,28 @@ const js_lib_1 = require("@naturalcycles/js-lib");
 const nodejs_lib_1 = require("@naturalcycles/nodejs-lib");
 const time_lib_1 = require("@naturalcycles/time-lib");
 const deployInfo_util_1 = require("../deployInfo.util");
-const now = Date.now();
-const defaultServerStartedCallback = () => now;
 const { versions } = process;
-function statusHandler(serverStartedCallback, projectDir, extra) {
+const { GAE_APPLICATION, GAE_SERVICE, GAE_VERSION } = process.env;
+function statusHandler(projectDir, extra) {
     return async (req, res) => {
-        res.json(statusHandlerData(serverStartedCallback, projectDir, extra));
+        res.json(statusHandlerData(projectDir, extra));
     };
 }
 exports.statusHandler = statusHandler;
-function statusHandlerData(serverStartedCallback = defaultServerStartedCallback, projectDir = process.cwd(), extra) {
+function statusHandlerData(projectDir = process.cwd(), extra) {
     const { APP_ENV } = process.env;
     const { gitRev, gitBranch, prod, ts } = (0, deployInfo_util_1.getDeployInfo)(projectDir);
     const deployBuildTimeUTC = time_lib_1.dayjs.unix(ts).toPretty();
     const buildInfo = [time_lib_1.dayjs.unix(ts).toCompactTime(), gitBranch, gitRev].filter(Boolean).join('_');
     return (0, js_lib_1._filterFalsyValues)({
-        started: getStartedStr(serverStartedCallback()),
+        started: getStartedStr(),
         deployBuildTimeUTC,
         APP_ENV,
         prod,
         buildInfo,
-        GAE_APPLICATION: process.env.GAE_APPLICATION,
-        GAE_SERVICE: process.env.GAE_SERVICE,
-        GAE_VERSION: process.env.GAE_VERSION,
+        GAE_APPLICATION,
+        GAE_SERVICE,
+        GAE_VERSION,
         mem: (0, nodejs_lib_1.memoryUsageFull)(),
         cpuAvg: nodejs_lib_1.processSharedUtil.cpuAvg(),
         // resourceUsage: process.resourceUsage?.(),
@@ -36,9 +35,8 @@ function statusHandlerData(serverStartedCallback = defaultServerStartedCallback,
     });
 }
 exports.statusHandlerData = statusHandlerData;
-function getStartedStr(serverStarted) {
-    if (!serverStarted)
-        return 'not started yet';
+function getStartedStr() {
+    const serverStarted = time_lib_1.dayjs.utc().subtract(process.uptime(), 's');
     const s1 = (0, time_lib_1.dayjs)(serverStarted).toPretty();
     const s2 = (0, time_lib_1.dayjs)(serverStarted).fromNow();
     return `${s1} UTC (${s2})`;

package/dist/server/startServer.js

@@ -22,7 +22,7 @@ class BackendServer {
         process.once('SIGTERM', () => this.stop());
         // sentryService.install()
         // 2. Start Express Server
-        const port = Number(process.env.PORT) || cfgPort || 8080;
+        const port = Number(process.env['PORT']) || cfgPort || 8080;
         this.server = await new Promise((resolve, reject) => {
             const server = expressApp.listen(port, (err) => {
                 if (err)

package/dist/server/startServer.model.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="node" />
-import { Application } from 'express';
 import { Server } from 'http';
+import { Application } from 'express';
 export interface StartServerCfg {
     /**
      * @default process.env.PORT || 8080

package/dist/testing/express.test.service.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="node" />
-import { Got } from '@naturalcycles/nodejs-lib';
 import { Server } from 'http';
+import { Got } from '@naturalcycles/nodejs-lib';
 import { RequestHandlerCfg } from '..';
 interface DestroyableServer extends Server {
     destroy(): void;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/backend-lib",
-  "version": "2.60.0",
+  "version": "2.60.4",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",
@@ -31,7 +31,7 @@
     "ejs": "^3.0.1",
     "express": "^4.16.4",
     "express-promise-router": "^4.0.0",
-    "firebase-admin": "^9.0.0",
+    "firebase-admin": "^10.0.0",
     "fs-extra": "^10.0.0",
     "helmet": "^4.0.0",
     "js-yaml": "^4.0.0",

package/src/admin/admin.mw.ts

@@ -1,8 +1,8 @@
+import * as fs from 'fs'
 import { Admin401ErrorData, HttpError, _memoFn } from '@naturalcycles/js-lib'
 import { Debug } from '@naturalcycles/nodejs-lib'
 import * as ejs from 'ejs'
 import { RequestHandler } from 'express'
-import * as fs from 'fs'
 import { BaseAdminService } from './base.admin.service'
 import { FirebaseSharedServiceCfg } from './firebase.shared.service'
 
@@ -21,6 +21,12 @@ export interface RequireAdminCfg {
   apiHost?: string
 
   urlStartsWith?: string
+
+  /**
+   * Defaults to `true`.
+   * Set to `false` to debug login issues.
+   */
+  autoLogin?: boolean
 }
 
 export type AdminMiddleware = (reqPermissions?: string[], cfg?: RequireAdminCfg) => RequestHandler
@@ -47,7 +53,7 @@ export function requireAdminPermissions(
   reqPermissions: string[] = [],
   cfg: RequireAdminCfg = {},
 ): RequestHandler {
-  const { loginHtmlPath = '/login.html', urlStartsWith, apiHost } = cfg
+  const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg
 
   return async (req, res, next) => {
     if (urlStartsWith && !req.url.startsWith(urlStartsWith)) return next()
@@ -58,9 +64,9 @@ export function requireAdminPermissions(
     } catch (err) {
       if (err instanceof HttpError && (err.data as Admin401ErrorData).adminAuthRequired) {
         // Redirect to login.html
-        const href = `${loginHtmlPath}?autoLogin=1&returnUrl=\${encodeURIComponent(location.href)}${
-          apiHost ? '&apiHost=' + apiHost : ''
-        }`
+        const href = `${loginHtmlPath}?${
+          autoLogin ? 'autoLogin=1&' : ''
+        }returnUrl=\${encodeURIComponent(location.href)}${apiHost ? '&apiHost=' + apiHost : ''}`
         res.status(401).send(getLoginHtmlRedirect(href))
       } else {
         return next(err)

package/src/admin/base.admin.service.ts

@@ -1,7 +1,7 @@
-import { Admin401ErrorData, Admin403ErrorData, HttpError } from '@naturalcycles/js-lib'
+import { _assert, Admin401ErrorData, Admin403ErrorData, HttpError } from '@naturalcycles/js-lib'
 import { Debug, inspectAny } from '@naturalcycles/nodejs-lib'
 import { dimGrey, green, red } from '@naturalcycles/nodejs-lib/dist/colors'
-import { Request } from 'express'
+import { Request, RequestHandler } from 'express'
 import type * as FirebaseAdmin from 'firebase-admin'
 
 const log = Debug('nc:backend-lib:admin')
@@ -228,4 +228,42 @@ export class BaseAdminService {
   ): Promise<AdminInfo> {
     return await this.requirePermissions(req, [reqPermission], meta)
   }
+
+  /**
+   * Install it on POST /admin/login url
+   *
+   * It takes a POST request with `Authentication` header, that contains `accessToken` from Firebase Auth.
+   * Backend doesn't validate the token, but only does `setCookie` (secure, httpOnly), returns http 204 (ok, empty response).
+   * Frontend (login.html page) will then proceed with redirecting to `returnUrl`.
+   *
+   * Same endpoint is used to logout, but the `Authentication` header should contain `logout` magic string.
+   */
+  getFirebaseAuthLoginHandler(): RequestHandler {
+    return async (req, res) => {
+      const token = req.header('authentication')
+      _assert(token, `401 Unauthenticated`, {
+        userFriendly: true,
+        httpStatusCode: 401,
+      })
+
+      let maxAge = 1000 * 60 * 60 * 24 * 30 // 30 days
+
+      // Special case
+      if (token === 'logout') {
+        // delete the cookie
+        maxAge = 0
+      }
+
+      res
+        .cookie(this.cfg.adminTokenKey, token, {
+          maxAge,
+          sameSite: 'lax', // can be: none, lax, strict
+          // comment these 2 lines to debug on localhost
+          httpOnly: true,
+          secure: true,
+        })
+        .status(204)
+        .end()
+    }
+  }
 }

package/src/admin/login.html

@@ -6,11 +6,12 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
 
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-app.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-auth.js"></script>
-    <script src="https://unpkg.com/vue@2.6.10/dist/vue.min.js"></script>
-
-    <link href="https://unpkg.com/bootstrap@4.1.3/dist/css/bootstrap.min.css" rel="stylesheet" />
+    <!-- CSS only -->
+    <link
+      href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.2/dist/css/bootstrap.min.css"
+      rel="stylesheet"
+      crossorigin="anonymous"
+    />
   </head>
   <body>
     <div id="app" style="padding: 40px 50px">
@@ -28,33 +29,54 @@
       </div>
     </div>
 
-    <script>
+    <script type="module">
+      import { createApp } from 'https://cdn.jsdelivr.net/npm/vue@3.2.20/dist/vue.esm-browser.prod.js'
+      import { initializeApp } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-app.js'
+      import {
+        getAuth,
+        GoogleAuthProvider,
+        onAuthStateChanged,
+        signInWithRedirect,
+      } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-auth.js'
+
       const apiKey = '<%= firebaseApiKey %>'
       const authDomain = '<%= firebaseAuthDomain %>'
-      const authProvider = '<%= firebaseAuthProvider %>'
+      // const authProvider = '<%= firebaseAuthProvider %>'
 
       if (!apiKey || !authDomain) {
         alert(`Error: 'apiKey' or 'authDomain' is missing!`)
       }
 
-      const qs = parseQuery(location.search)
-      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
-      console.log(qs)
+      // Initialize Firebase
+      initializeApp({
+        apiKey,
+        authDomain,
+      })
 
-      const provider = new firebase.auth[authProvider]()
+      const auth = getAuth()
+      const provider = new GoogleAuthProvider()
 
-      const app = new Vue({
-        el: '#app',
+      onAuthStateChanged(auth, user => {
+        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
+        console.log('onAuthStateChanged, user: ', user)
+        onUser(user)
+      })
 
-        data: {
-          loading: 'Loading...',
-          user: undefined,
-        },
+      const qs = Object.fromEntries(new URLSearchParams(location.search))
+      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
+      console.log(qs)
 
+      const app = createApp({
+        data() {
+          return {
+            loading: 'Loading...',
+            user: undefined,
+          }
+        },
         methods: {
           login: async function () {
             try {
-              await firebase.auth().signInWithRedirect(provider)
+              await signInWithRedirect(auth, provider)
             } catch (err) {
               logError(err)
             }
@@ -62,7 +84,9 @@
 
           logout: async function () {
             try {
-              await firebase.auth().signOut()
+              await auth.signOut()
+
+              await postToken('logout') // magic string
 
               if (logout && returnUrl) {
                 alert('Logged out, redurecting back...')
@@ -73,20 +97,7 @@
             }
           },
         },
-      })
-
-      // Initialize Firebase
-      const config = {
-        apiKey,
-        authDomain,
-      }
-      firebase.initializeApp(config)
-
-      firebase.auth().onAuthStateChanged(user => {
-        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
-        console.log('onAuthStateChanged, user: ', user)
-        onUser(user)
-      })
+      }).mount('#app')
 
       if (logout) app.logout()
 
@@ -100,13 +111,16 @@
           if (!user) {
             if (autoLogin) app.login()
           } else {
-            const token = await firebase.auth().currentUser.getIdToken(true)
+            const token = await auth.currentUser.getIdToken()
+
             // alert('idToken')
             // console.log(idToken)
             app.user = Object.assign({}, app.user, {
               token,
             })
 
+            await postToken(token)
+
             // Redirect if needed
             if (returnUrl) {
               // alert(`Logged in as ${app.user.email}, redirecting back...`)
@@ -118,20 +132,19 @@
         }
       }
 
-      function parseQuery(queryString) {
-        const query = {}
-        const pairs = (queryString[0] === '?' ? queryString.substr(1) : queryString).split('&')
-        for (let i = 0; i < pairs.length; i++) {
-          const pair = pairs[i].split('=')
-          query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] || '')
-        }
-        return query
-      }
-
       function logError(err) {
         console.error(err)
         alert('Error\n ' + JSON.stringify(err, null, 2))
       }
+
+      async function postToken(token) {
+        await fetch(`/admin/login`, {
+          method: 'post',
+          headers: {
+            Authentication: token,
+          },
+        })
+      }
     </script>
   </body>
 </html>

package/src/db/httpDB.ts

@@ -1,17 +1,15 @@
+import { Readable } from 'stream'
+import { JsonSchemaRootObject, ObjectWithId } from '@naturalcycles/js-lib'
 import {
   BaseCommonDB,
   CommonDB,
-  CommonDBCreateOptions,
   CommonDBOptions,
   CommonDBSaveOptions,
   CommonDBStreamOptions,
-  CommonSchema,
   DBQuery,
-  ObjectWithId,
   RunQueryResult,
 } from '@naturalcycles/db-lib'
 import { getGot, GetGotOptions, Got, ReadableTyped } from '@naturalcycles/nodejs-lib'
-import { Readable } from 'stream'
 
 export interface HttpDBCfg extends GetGotOptions {
   prefixUrl: string
@@ -42,7 +40,7 @@ export class HttpDB extends BaseCommonDB implements CommonDB {
 
   override async getTableSchema<ROW extends ObjectWithId>(
     table: string,
-  ): Promise<CommonSchema<ROW>> {
+  ): Promise<JsonSchemaRootObject<ROW>> {
     return await this.got(`${table}/schema`).json()
   }
 
@@ -134,10 +132,6 @@ export class HttpDB extends BaseCommonDB implements CommonDB {
       .json()
   }
 
-  override async createTable(_schema: CommonSchema, _opt?: CommonDBCreateOptions): Promise<void> {
-    console.warn(`createTable not implemented`)
-  }
-
   override streamQuery<ROW extends ObjectWithId>(
     _q: DBQuery<ROW>,
     _opt?: CommonDBStreamOptions,

package/src/db/httpDBRequestHandler.ts

@@ -4,13 +4,13 @@ import {
   CommonDBSaveOptions,
   DBQuery,
   InMemoryDB,
-  ObjectWithId,
 } from '@naturalcycles/db-lib'
 import {
   commonDBOptionsSchema,
   commonDBSaveOptionsSchema,
   dbQuerySchema,
 } from '@naturalcycles/db-lib/dist/validation'
+import { ObjectWithId } from '@naturalcycles/js-lib'
 import { anyObjectSchema, arraySchema, objectSchema, stringSchema } from '@naturalcycles/nodejs-lib'
 import { Router } from 'express'
 import { getDefaultRouter, reqValidation } from '..'

package/src/deploy/deploy.util.ts

@@ -1,7 +1,7 @@
+import * as fs from 'fs'
 import { _mapValues, _merge, _truncate } from '@naturalcycles/js-lib'
 import { dimGrey, white } from '@naturalcycles/nodejs-lib/dist/colors'
 import { dayjs } from '@naturalcycles/time-lib'
-import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 import type * as simpleGitLib from 'simple-git/promise'
 import { BackendCfg } from './backend.cfg.util'
@@ -149,10 +149,10 @@ export function createAppYaml(
 
   // appYamlPassEnv
   require('dotenv').config() // ensure .env is read
-  // eslint-disable-next-line unicorn/no-array-reduce
   const passEnv = appYamlPassEnv
     .split(',')
     .filter(Boolean)
+    // eslint-disable-next-line unicorn/no-array-reduce
     .reduce((map, key) => {
       const v = process.env[key]
       if (!v) {

package/src/deploy/deployHealthCheck.ts

@@ -1,8 +1,8 @@
+import { inspect, InspectOptions } from 'util'
 import { pDelay, _filterFalsyValues, _ms, _since } from '@naturalcycles/js-lib'
 import { getGot } from '@naturalcycles/nodejs-lib'
 import { dimGrey, red } from '@naturalcycles/nodejs-lib/dist/colors'
 import { execCommand } from '@naturalcycles/nodejs-lib/dist/exec'
-import { inspect, InspectOptions } from 'util'
 import { coloredHttpCode } from '../server/request.log.util'
 
 export interface DeployHealthCheckOptions {

package/src/index.ts

@@ -112,14 +112,3 @@ export {
   validateParams,
   validateQuery,
 }
-
-declare global {
-  namespace NodeJS {
-    interface ProcessEnv {
-      PORT?: string
-      GAE_APPLICATION?: string
-      GAE_SERVICE?: string
-      GAE_VERSION?: string
-    }
-  }
-}

package/src/sentry/sentry.shared.service.ts

@@ -20,19 +20,19 @@ export class SentrySharedService {
     // Reasons:
     // 1. Can be useful is this module is imported but never actually used
     // 2. Works around memory leak when used with Jest
-    const Sentry = require('@sentry/node') as typeof SentryLib
+    const sentry = require('@sentry/node') as typeof SentryLib
 
     if (this.sentryServiceCfg.dsn) {
       // Sentry enabled
       log('SentryService init...')
     }
 
-    Sentry.init({
+    sentry.init({
       maxValueLength: 2000, // default is 250 characters
       ...this.sentryServiceCfg,
     })
 
-    return Sentry
+    return sentry
   }
 
   getRequestHandler(): RequestHandler {

package/src/server/deployInfo.util.ts

@@ -1,5 +1,5 @@
-import { _memoFn } from '@naturalcycles/js-lib'
 import * as fs from 'fs'
+import { _memoFn } from '@naturalcycles/js-lib'
 import type { DeployInfo } from '../deploy/deploy.model'
 
 export const getDeployInfo = _memoFn((projectDir: string): DeployInfo => {

package/src/server/handlers/bodyParserTimeout.mw.ts

@@ -1,6 +1,5 @@
 import { HttpError } from '@naturalcycles/js-lib'
-import { RequestHandler } from 'express'
-import { Request } from 'express'
+import { RequestHandler, Request } from 'express'
 import { respondWithError } from '../error.util'
 
 export interface BodyParserTimeoutCfg {

package/src/server/handlers/reqValidation.mw.ts

@@ -23,6 +23,7 @@ export function reqValidation(
       if (opt.redactPaths) {
         redact(opt.redactPaths, req[reqProperty], error)
         error.data.joiValidationErrorItems.length = 0 // clears the array
+        delete error.data.annotation
       }
 
       return next(

package/src/server/handlers/statusHandler.ts

@@ -4,27 +4,16 @@ import { dayjs } from '@naturalcycles/time-lib'
 import { RequestHandler } from 'express'
 import { getDeployInfo } from '../deployInfo.util'
 
-/**
- * @returns unix timestamp in millis
- */
-type ServerStartedCallback = () => number | undefined
-
-const now = Date.now()
-const defaultServerStartedCallback = () => now
 const { versions } = process
+const { GAE_APPLICATION, GAE_SERVICE, GAE_VERSION } = process.env
 
-export function statusHandler(
-  serverStartedCallback?: ServerStartedCallback,
-  projectDir?: string,
-  extra?: any,
-): RequestHandler {
+export function statusHandler(projectDir?: string, extra?: any): RequestHandler {
   return async (req, res) => {
-    res.json(statusHandlerData(serverStartedCallback, projectDir, extra))
+    res.json(statusHandlerData(projectDir, extra))
   }
 }
 
 export function statusHandlerData(
-  serverStartedCallback: ServerStartedCallback = defaultServerStartedCallback,
   projectDir: string = process.cwd(),
   extra?: any,
 ): Record<string, any> {
@@ -34,14 +23,14 @@ export function statusHandlerData(
   const buildInfo = [dayjs.unix(ts).toCompactTime(), gitBranch, gitRev].filter(Boolean).join('_')
 
   return _filterFalsyValues({
-    started: getStartedStr(serverStartedCallback()),
+    started: getStartedStr(),
     deployBuildTimeUTC,
     APP_ENV,
     prod,
     buildInfo,
-    GAE_APPLICATION: process.env.GAE_APPLICATION,
-    GAE_SERVICE: process.env.GAE_SERVICE,
-    GAE_VERSION: process.env.GAE_VERSION,
+    GAE_APPLICATION,
+    GAE_SERVICE,
+    GAE_VERSION,
     mem: memoryUsageFull(),
     cpuAvg: processSharedUtil.cpuAvg(),
     // resourceUsage: process.resourceUsage?.(),
@@ -50,8 +39,8 @@ export function statusHandlerData(
   })
 }
 
-function getStartedStr(serverStarted?: number): string {
-  if (!serverStarted) return 'not started yet'
+function getStartedStr(): string {
+  const serverStarted = dayjs.utc().subtract(process.uptime(), 's')
 
   const s1 = dayjs(serverStarted).toPretty()
   const s2 = dayjs(serverStarted).fromNow()

package/src/server/startServer.model.ts

@@ -1,5 +1,5 @@
-import { Application } from 'express'
 import { Server } from 'http'
+import { Application } from 'express'
 
 export interface StartServerCfg {
   /**

package/src/server/startServer.ts

@@ -1,6 +1,6 @@
+import { Server } from 'http'
 import { _Memo, _ms } from '@naturalcycles/js-lib'
 import { boldGrey, dimGrey, white } from '@naturalcycles/nodejs-lib/dist/colors'
-import { Server } from 'http'
 import { log } from '../log'
 import { StartServerCfg, StartServerData } from './startServer.model'
 
@@ -27,7 +27,7 @@ export class BackendServer {
     // sentryService.install()
 
     // 2. Start Express Server
-    const port = Number(process.env.PORT) || cfgPort || 8080
+    const port = Number(process.env['PORT']) || cfgPort || 8080
 
     this.server = await new Promise<Server>((resolve, reject) => {
       const server = expressApp.listen(port, (err?: Error) => {

package/src/testing/express.test.service.ts

@@ -1,6 +1,6 @@
-import { getGot, Got } from '@naturalcycles/nodejs-lib'
 import { Server } from 'http'
 import { AddressInfo } from 'net'
+import { getGot, Got } from '@naturalcycles/nodejs-lib'
 import { createDefaultApp, RequestHandlerCfg } from '..'
 
 interface DestroyableServer extends Server {