@naturalcycles/backend-lib 2.60.1 → 2.61.0

package/CHANGELOG.md

@@ -1,3 +1,31 @@
+# [2.61.0](https://github.com/NaturalCycles/backend-lib/compare/v2.60.4...v2.61.0) (2021-10-23)
+
+
+### Features
+
+* clarify startServer cfg, use process.uptime() ([9185603](https://github.com/NaturalCycles/backend-lib/commit/9185603bec23f5bcccfe764125d8af1efcfc3c11))
+
+## [2.60.4](https://github.com/NaturalCycles/backend-lib/compare/v2.60.3...v2.60.4) (2021-10-21)
+
+
+### Bug Fixes
+
+* deps, use process.uptime in statusHandler ([8d3389d](https://github.com/NaturalCycles/backend-lib/commit/8d3389d8908954af9a375a6d7fb95aefc1b08e5f))
+
+## [2.60.3](https://github.com/NaturalCycles/backend-lib/compare/v2.60.2...v2.60.3) (2021-10-15)
+
+
+### Bug Fixes
+
+* deps (firebase-admin@10) ([50fe05b](https://github.com/NaturalCycles/backend-lib/commit/50fe05be92cb4345b809096d3b45b1b099bc2ea5))
+
+## [2.60.2](https://github.com/NaturalCycles/backend-lib/compare/v2.60.1...v2.60.2) (2021-10-09)
+
+
+### Bug Fixes
+
+* login.html by inroducing an `/admin/login` endpoint ([6e16d0f](https://github.com/NaturalCycles/backend-lib/commit/6e16d0fd8f26d35dd562687a29a120b32d9f2717))
+
 ## [2.60.1](https://github.com/NaturalCycles/backend-lib/compare/v2.60.0...v2.60.1) (2021-10-04)
 
 

package/dist/admin/admin.mw.d.ts

@@ -12,6 +12,11 @@ export interface RequireAdminCfg {
      */
     apiHost?: string;
     urlStartsWith?: string;
+    /**
+     * Defaults to `true`.
+     * Set to `false` to debug login issues.
+     */
+    autoLogin?: boolean;
 }
 export declare type AdminMiddleware = (reqPermissions?: string[], cfg?: RequireAdminCfg) => RequestHandler;
 export declare function createAdminMiddleware(adminService: BaseAdminService, cfgDefaults?: RequireAdminCfg): AdminMiddleware;

package/dist/admin/admin.mw.js

@@ -20,7 +20,7 @@ exports.createAdminMiddleware = createAdminMiddleware;
  * Otherwise will just pass.
  */
 function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
-    const { loginHtmlPath = '/login.html', urlStartsWith, apiHost } = cfg;
+    const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg;
     return async (req, res, next) => {
         if (urlStartsWith && !req.url.startsWith(urlStartsWith))
             return next();
@@ -31,7 +31,7 @@ function requireAdminPermissions(adminService, reqPermissions = [], cfg = {}) {
         catch (err) {
             if (err instanceof js_lib_1.HttpError && err.data.adminAuthRequired) {
                 // Redirect to login.html
-                const href = `${loginHtmlPath}?autoLogin=1&returnUrl=\${encodeURIComponent(location.href)}${apiHost ? '&apiHost=' + apiHost : ''}`;
+                const href = `${loginHtmlPath}?${autoLogin ? 'autoLogin=1&' : ''}returnUrl=\${encodeURIComponent(location.href)}${apiHost ? '&apiHost=' + apiHost : ''}`;
                 res.status(401).send(getLoginHtmlRedirect(href));
             }
             else {

package/dist/admin/base.admin.service.d.ts

@@ -1,4 +1,4 @@
-import { Request } from 'express';
+import { Request, RequestHandler } from 'express';
 import type * as FirebaseAdmin from 'firebase-admin';
 export interface AdminServiceCfg {
     /**
@@ -52,4 +52,14 @@ export declare class BaseAdminService {
     requirePermissions(req: Request, reqPermissions?: string[], meta?: Record<string, any>, andComparison?: boolean): Promise<AdminInfo>;
     hasPermission(req: Request, reqPermission: string, meta?: Record<string, any>): Promise<boolean>;
     requirePermission(req: Request, reqPermission: string, meta?: Record<string, any>): Promise<AdminInfo>;
+    /**
+     * Install it on POST /admin/login url
+     *
+     * It takes a POST request with `Authentication` header, that contains `accessToken` from Firebase Auth.
+     * Backend doesn't validate the token, but only does `setCookie` (secure, httpOnly), returns http 204 (ok, empty response).
+     * Frontend (login.html page) will then proceed with redirecting to `returnUrl`.
+     *
+     * Same endpoint is used to logout, but the `Authentication` header should contain `logout` magic string.
+     */
+    getFirebaseAuthLoginHandler(): RequestHandler;
 }

package/dist/admin/base.admin.service.js

@@ -153,5 +153,39 @@ class BaseAdminService {
     async requirePermission(req, reqPermission, meta) {
         return await this.requirePermissions(req, [reqPermission], meta);
     }
+    /**
+     * Install it on POST /admin/login url
+     *
+     * It takes a POST request with `Authentication` header, that contains `accessToken` from Firebase Auth.
+     * Backend doesn't validate the token, but only does `setCookie` (secure, httpOnly), returns http 204 (ok, empty response).
+     * Frontend (login.html page) will then proceed with redirecting to `returnUrl`.
+     *
+     * Same endpoint is used to logout, but the `Authentication` header should contain `logout` magic string.
+     */
+    getFirebaseAuthLoginHandler() {
+        return async (req, res) => {
+            const token = req.header('authentication');
+            (0, js_lib_1._assert)(token, `401 Unauthenticated`, {
+                userFriendly: true,
+                httpStatusCode: 401,
+            });
+            let maxAge = 1000 * 60 * 60 * 24 * 30; // 30 days
+            // Special case
+            if (token === 'logout') {
+                // delete the cookie
+                maxAge = 0;
+            }
+            res
+                .cookie(this.cfg.adminTokenKey, token, {
+                maxAge,
+                sameSite: 'lax',
+                // comment these 2 lines to debug on localhost
+                httpOnly: true,
+                secure: true,
+            })
+                .status(204)
+                .end();
+        };
+    }
 }
 exports.BaseAdminService = BaseAdminService;

package/dist/admin/login.html

@@ -6,11 +6,12 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
 
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-app.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-auth.js"></script>
-    <script src="https://unpkg.com/vue@2.6.10/dist/vue.min.js"></script>
-
-    <link href="https://unpkg.com/bootstrap@4.1.3/dist/css/bootstrap.min.css" rel="stylesheet" />
+    <!-- CSS only -->
+    <link
+      href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.2/dist/css/bootstrap.min.css"
+      rel="stylesheet"
+      crossorigin="anonymous"
+    />
   </head>
   <body>
     <div id="app" style="padding: 40px 50px">
@@ -28,33 +29,54 @@
       </div>
     </div>
 
-    <script>
+    <script type="module">
+      import { createApp } from 'https://cdn.jsdelivr.net/npm/vue@3.2.20/dist/vue.esm-browser.prod.js'
+      import { initializeApp } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-app.js'
+      import {
+        getAuth,
+        GoogleAuthProvider,
+        onAuthStateChanged,
+        signInWithRedirect,
+      } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-auth.js'
+
       const apiKey = '<%= firebaseApiKey %>'
       const authDomain = '<%= firebaseAuthDomain %>'
-      const authProvider = '<%= firebaseAuthProvider %>'
+      // const authProvider = '<%= firebaseAuthProvider %>'
 
       if (!apiKey || !authDomain) {
         alert(`Error: 'apiKey' or 'authDomain' is missing!`)
       }
 
-      const qs = parseQuery(location.search)
-      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
-      console.log(qs)
+      // Initialize Firebase
+      initializeApp({
+        apiKey,
+        authDomain,
+      })
 
-      const provider = new firebase.auth[authProvider]()
+      const auth = getAuth()
+      const provider = new GoogleAuthProvider()
 
-      const app = new Vue({
-        el: '#app',
+      onAuthStateChanged(auth, user => {
+        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
+        console.log('onAuthStateChanged, user: ', user)
+        onUser(user)
+      })
 
-        data: {
-          loading: 'Loading...',
-          user: undefined,
-        },
+      const qs = Object.fromEntries(new URLSearchParams(location.search))
+      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
+      console.log(qs)
 
+      const app = createApp({
+        data() {
+          return {
+            loading: 'Loading...',
+            user: undefined,
+          }
+        },
         methods: {
           login: async function () {
             try {
-              await firebase.auth().signInWithRedirect(provider)
+              await signInWithRedirect(auth, provider)
             } catch (err) {
               logError(err)
             }
@@ -62,7 +84,9 @@
 
           logout: async function () {
             try {
-              await firebase.auth().signOut()
+              await auth.signOut()
+
+              await postToken('logout') // magic string
 
               if (logout && returnUrl) {
                 alert('Logged out, redurecting back...')
@@ -73,20 +97,7 @@
             }
           },
         },
-      })
-
-      // Initialize Firebase
-      const config = {
-        apiKey,
-        authDomain,
-      }
-      firebase.initializeApp(config)
-
-      firebase.auth().onAuthStateChanged(user => {
-        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
-        console.log('onAuthStateChanged, user: ', user)
-        onUser(user)
-      })
+      }).mount('#app')
 
       if (logout) app.logout()
 
@@ -100,13 +111,16 @@
           if (!user) {
             if (autoLogin) app.login()
           } else {
-            const token = await firebase.auth().currentUser.getIdToken(true)
+            const token = await auth.currentUser.getIdToken()
+
             // alert('idToken')
             // console.log(idToken)
             app.user = Object.assign({}, app.user, {
               token,
             })
 
+            await postToken(token)
+
             // Redirect if needed
             if (returnUrl) {
               // alert(`Logged in as ${app.user.email}, redirecting back...`)
@@ -118,20 +132,19 @@
         }
       }
 
-      function parseQuery(queryString) {
-        const query = {}
-        const pairs = (queryString[0] === '?' ? queryString.substr(1) : queryString).split('&')
-        for (let i = 0; i < pairs.length; i++) {
-          const pair = pairs[i].split('=')
-          query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] || '')
-        }
-        return query
-      }
-
       function logError(err) {
         console.error(err)
         alert('Error\n ' + JSON.stringify(err, null, 2))
       }
+
+      async function postToken(token) {
+        await fetch(`/admin/login`, {
+          method: 'post',
+          headers: {
+            Authentication: token,
+          },
+        })
+      }
     </script>
   </body>
 </html>

package/dist/db/httpDB.d.ts

@@ -1,5 +1,5 @@
-import { JsonSchemaRootObject } from '@naturalcycles/js-lib';
-import { BaseCommonDB, CommonDB, CommonDBOptions, CommonDBSaveOptions, CommonDBStreamOptions, DBQuery, ObjectWithId, RunQueryResult } from '@naturalcycles/db-lib';
+import { JsonSchemaRootObject, ObjectWithId } from '@naturalcycles/js-lib';
+import { BaseCommonDB, CommonDB, CommonDBOptions, CommonDBSaveOptions, CommonDBStreamOptions, DBQuery, RunQueryResult } from '@naturalcycles/db-lib';
 import { GetGotOptions, ReadableTyped } from '@naturalcycles/nodejs-lib';
 export interface HttpDBCfg extends GetGotOptions {
     prefixUrl: string;

package/dist/db/httpDBRequestHandler.d.ts

@@ -1,4 +1,5 @@
-import { CommonDB, CommonDBOptions, CommonDBSaveOptions, DBQuery, ObjectWithId } from '@naturalcycles/db-lib';
+import { CommonDB, CommonDBOptions, CommonDBSaveOptions, DBQuery } from '@naturalcycles/db-lib';
+import { ObjectWithId } from '@naturalcycles/js-lib';
 import { Router } from 'express';
 export interface GetByIdsInput {
     table: string;

package/dist/index.d.ts

@@ -32,13 +32,3 @@ import { BackendServer, startServer } from './server/startServer';
 import { StartServerCfg, StartServerData } from './server/startServer.model';
 export type { MethodOverrideCfg, SentrySharedServiceCfg, RequestHandlerWithPath, RequestHandlerCfg, DefaultAppCfg, StartServerCfg, StartServerData, EnvSharedServiceCfg, BaseEnv, AdminMiddleware, AdminServiceCfg, AdminInfo, RequireAdminCfg, SecureHeaderMiddlewareCfg, BodyParserTimeoutCfg, RequestTimeoutCfg, SimpleRequestLoggerCfg, ReqValidationOptions, };
 export { BackendServer, SentrySharedService, EnvSharedService, reqValidation, notFoundHandler, genericErrorHandler, methodOverride, sentryErrorHandler, createDefaultApp, startServer, catchWrapper, getDefaultRouter, isGAE, statusHandler, statusHandlerData, okHandler, getDeployInfo, onFinished, respondWithError, logRequest, FirebaseSharedService, createAdminMiddleware, BaseAdminService, loginHtml, createSecureHeaderMiddleware, bodyParserTimeout, clearBodyParserTimeout, requestTimeout, simpleRequestLogger, coloredHttpCode, getRequestContextProperty, setRequestContextProperty, requestContextMiddleware, requestIdMiddleware, REQUEST_ID_KEY, validateBody, validateParams, validateQuery, };
-declare global {
-    namespace NodeJS {
-        interface ProcessEnv {
-            PORT?: string;
-            GAE_APPLICATION?: string;
-            GAE_SERVICE?: string;
-            GAE_VERSION?: string;
-        }
-    }
-}

package/dist/server/handlers/reqValidation.mw.js

@@ -11,6 +11,7 @@ function reqValidation(reqProperty, schema, opt = {}) {
             if (opt.redactPaths) {
                 redact(opt.redactPaths, req[reqProperty], error);
                 error.data.joiValidationErrorItems.length = 0; // clears the array
+                delete error.data.annotation;
             }
             return next(new js_lib_1.HttpError(error.message, {
                 httpStatusCode: 400,

package/dist/server/handlers/statusHandler.d.ts

@@ -1,8 +1,3 @@
 import { RequestHandler } from 'express';
-/**
- * @returns unix timestamp in millis
- */
-declare type ServerStartedCallback = () => number | undefined;
-export declare function statusHandler(serverStartedCallback?: ServerStartedCallback, projectDir?: string, extra?: any): RequestHandler;
-export declare function statusHandlerData(serverStartedCallback?: ServerStartedCallback, projectDir?: string, extra?: any): Record<string, any>;
-export {};
+export declare function statusHandler(projectDir?: string, extra?: any): RequestHandler;
+export declare function statusHandlerData(projectDir?: string, extra?: any): Record<string, any>;

package/dist/server/handlers/statusHandler.js

@@ -5,29 +5,28 @@ const js_lib_1 = require("@naturalcycles/js-lib");
 const nodejs_lib_1 = require("@naturalcycles/nodejs-lib");
 const time_lib_1 = require("@naturalcycles/time-lib");
 const deployInfo_util_1 = require("../deployInfo.util");
-const now = Date.now();
-const defaultServerStartedCallback = () => now;
 const { versions } = process;
-function statusHandler(serverStartedCallback, projectDir, extra) {
+const { GAE_APPLICATION, GAE_SERVICE, GAE_VERSION } = process.env;
+function statusHandler(projectDir, extra) {
     return async (req, res) => {
-        res.json(statusHandlerData(serverStartedCallback, projectDir, extra));
+        res.json(statusHandlerData(projectDir, extra));
     };
 }
 exports.statusHandler = statusHandler;
-function statusHandlerData(serverStartedCallback = defaultServerStartedCallback, projectDir = process.cwd(), extra) {
+function statusHandlerData(projectDir = process.cwd(), extra) {
     const { APP_ENV } = process.env;
     const { gitRev, gitBranch, prod, ts } = (0, deployInfo_util_1.getDeployInfo)(projectDir);
     const deployBuildTimeUTC = time_lib_1.dayjs.unix(ts).toPretty();
     const buildInfo = [time_lib_1.dayjs.unix(ts).toCompactTime(), gitBranch, gitRev].filter(Boolean).join('_');
     return (0, js_lib_1._filterFalsyValues)({
-        started: getStartedStr(serverStartedCallback()),
+        started: getStartedStr(),
         deployBuildTimeUTC,
         APP_ENV,
         prod,
         buildInfo,
-        GAE_APPLICATION: process.env.GAE_APPLICATION,
-        GAE_SERVICE: process.env.GAE_SERVICE,
-        GAE_VERSION: process.env.GAE_VERSION,
+        GAE_APPLICATION,
+        GAE_SERVICE,
+        GAE_VERSION,
         mem: (0, nodejs_lib_1.memoryUsageFull)(),
         cpuAvg: nodejs_lib_1.processSharedUtil.cpuAvg(),
         // resourceUsage: process.resourceUsage?.(),
@@ -36,9 +35,8 @@ function statusHandlerData(serverStartedCallback = defaultServerStartedCallback,
     });
 }
 exports.statusHandlerData = statusHandlerData;
-function getStartedStr(serverStarted) {
-    if (!serverStarted)
-        return 'not started yet';
+function getStartedStr() {
+    const serverStarted = time_lib_1.dayjs.utc().subtract(process.uptime(), 's');
     const s1 = (0, time_lib_1.dayjs)(serverStarted).toPretty();
     const s2 = (0, time_lib_1.dayjs)(serverStarted).fromNow();
     return `${s1} UTC (${s2})`;

package/dist/server/startServer.js

@@ -10,7 +10,7 @@ class BackendServer {
         this.cfg = cfg;
     }
     async start() {
-        const { bootstrapStartedAt = Date.now(), port: cfgPort, expressApp } = this.cfg;
+        const { port: cfgPort, expressApp } = this.cfg;
         // 1. Register error handlers, etc.
         process.on('uncaughtException', err => {
             log_1.log.error('uncaughtException:', err);
@@ -22,7 +22,7 @@ class BackendServer {
         process.once('SIGTERM', () => this.stop());
         // sentryService.install()
         // 2. Start Express Server
-        const port = Number(process.env.PORT) || cfgPort || 8080;
+        const port = Number(process.env['PORT']) || cfgPort || 8080;
         this.server = await new Promise((resolve, reject) => {
             const server = expressApp.listen(port, (err) => {
                 if (err)
@@ -32,15 +32,21 @@ class BackendServer {
         });
         // This is to fix GCP LoadBalancer race condition
         this.server.keepAliveTimeout = 600 * 1000; // 10 minutes
-        const serverStartedAt = Date.now();
-        const bootstrapMillis = serverStartedAt - bootstrapStartedAt;
-        (0, log_1.log)(`serverStarted on port ${(0, colors_1.white)(String(port))}, bootstrapTime ${(0, colors_1.dimGrey)((0, js_lib_1._ms)(bootstrapMillis))}`);
+        let address = `http://localhost:${port}`; // default
+        const addr = this.server.address();
+        if (addr) {
+            if (typeof addr === 'string') {
+                address = addr;
+            }
+            else if (addr.address !== '::') {
+                address = `http://${addr.address}:${port}`;
+            }
+        }
+        (0, log_1.log)(`serverStarted on ${(0, colors_1.white)(address)} in ${(0, colors_1.dimGrey)((0, js_lib_1._ms)(process.uptime() * 1000))}`);
         return {
             port,
-            bootstrapStartedAt,
-            serverStartedAt,
-            bootstrapMillis,
             server: this.server,
+            address,
         };
     }
     /**
@@ -53,9 +59,7 @@ class BackendServer {
             (0, log_1.log)((0, colors_1.boldGrey)('Forceful shutdown after timeout'));
             process.exit(1);
         }, this.cfg.forceShutdownTimeout || 3000);
-        if (this.cfg.onShutdown) {
-            void this.cfg.onShutdown();
-        }
+        void this.cfg.onShutdown?.();
         try {
             if (this.server) {
                 await new Promise(r => this.server.close(r));
@@ -64,7 +68,7 @@ class BackendServer {
             process.exit(0);
         }
         catch (err) {
-            log_1.log.error(err);
+            console.error(err);
             process.exit(1);
         }
     }

package/dist/server/startServer.model.d.ts

@@ -6,12 +6,6 @@ export interface StartServerCfg {
      * @default process.env.PORT || 8080
      */
     port?: number;
-    /**
-     * Unix millisecond timestamp of when bootstrap has started.
-     *
-     * @default to Date.now()
-     */
-    bootstrapStartedAt?: number;
     expressApp: Application;
     /**
      * Server will wait for promise to resolve until shutting down.
@@ -25,8 +19,9 @@ export interface StartServerCfg {
 }
 export interface StartServerData {
     port: number;
-    bootstrapStartedAt: number;
-    serverStartedAt: number;
-    bootstrapMillis: number;
     server: Server;
+    /**
+     * "Processed" server.address() as a string, ready to Cmd+click in MacOS Terminal
+     */
+    address: string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/backend-lib",
-  "version": "2.60.1",
+  "version": "2.61.0",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",
@@ -31,7 +31,7 @@
     "ejs": "^3.0.1",
     "express": "^4.16.4",
     "express-promise-router": "^4.0.0",
-    "firebase-admin": "^9.0.0",
+    "firebase-admin": "^10.0.0",
     "fs-extra": "^10.0.0",
     "helmet": "^4.0.0",
     "js-yaml": "^4.0.0",

package/src/admin/admin.mw.ts

@@ -21,6 +21,12 @@ export interface RequireAdminCfg {
   apiHost?: string
 
   urlStartsWith?: string
+
+  /**
+   * Defaults to `true`.
+   * Set to `false` to debug login issues.
+   */
+  autoLogin?: boolean
 }
 
 export type AdminMiddleware = (reqPermissions?: string[], cfg?: RequireAdminCfg) => RequestHandler
@@ -47,7 +53,7 @@ export function requireAdminPermissions(
   reqPermissions: string[] = [],
   cfg: RequireAdminCfg = {},
 ): RequestHandler {
-  const { loginHtmlPath = '/login.html', urlStartsWith, apiHost } = cfg
+  const { loginHtmlPath = '/login.html', urlStartsWith, apiHost, autoLogin = true } = cfg
 
   return async (req, res, next) => {
     if (urlStartsWith && !req.url.startsWith(urlStartsWith)) return next()
@@ -58,9 +64,9 @@ export function requireAdminPermissions(
     } catch (err) {
       if (err instanceof HttpError && (err.data as Admin401ErrorData).adminAuthRequired) {
         // Redirect to login.html
-        const href = `${loginHtmlPath}?autoLogin=1&returnUrl=\${encodeURIComponent(location.href)}${
-          apiHost ? '&apiHost=' + apiHost : ''
-        }`
+        const href = `${loginHtmlPath}?${
+          autoLogin ? 'autoLogin=1&' : ''
+        }returnUrl=\${encodeURIComponent(location.href)}${apiHost ? '&apiHost=' + apiHost : ''}`
         res.status(401).send(getLoginHtmlRedirect(href))
       } else {
         return next(err)

package/src/admin/base.admin.service.ts

@@ -1,7 +1,7 @@
-import { Admin401ErrorData, Admin403ErrorData, HttpError } from '@naturalcycles/js-lib'
+import { _assert, Admin401ErrorData, Admin403ErrorData, HttpError } from '@naturalcycles/js-lib'
 import { Debug, inspectAny } from '@naturalcycles/nodejs-lib'
 import { dimGrey, green, red } from '@naturalcycles/nodejs-lib/dist/colors'
-import { Request } from 'express'
+import { Request, RequestHandler } from 'express'
 import type * as FirebaseAdmin from 'firebase-admin'
 
 const log = Debug('nc:backend-lib:admin')
@@ -228,4 +228,42 @@ export class BaseAdminService {
   ): Promise<AdminInfo> {
     return await this.requirePermissions(req, [reqPermission], meta)
   }
+
+  /**
+   * Install it on POST /admin/login url
+   *
+   * It takes a POST request with `Authentication` header, that contains `accessToken` from Firebase Auth.
+   * Backend doesn't validate the token, but only does `setCookie` (secure, httpOnly), returns http 204 (ok, empty response).
+   * Frontend (login.html page) will then proceed with redirecting to `returnUrl`.
+   *
+   * Same endpoint is used to logout, but the `Authentication` header should contain `logout` magic string.
+   */
+  getFirebaseAuthLoginHandler(): RequestHandler {
+    return async (req, res) => {
+      const token = req.header('authentication')
+      _assert(token, `401 Unauthenticated`, {
+        userFriendly: true,
+        httpStatusCode: 401,
+      })
+
+      let maxAge = 1000 * 60 * 60 * 24 * 30 // 30 days
+
+      // Special case
+      if (token === 'logout') {
+        // delete the cookie
+        maxAge = 0
+      }
+
+      res
+        .cookie(this.cfg.adminTokenKey, token, {
+          maxAge,
+          sameSite: 'lax', // can be: none, lax, strict
+          // comment these 2 lines to debug on localhost
+          httpOnly: true,
+          secure: true,
+        })
+        .status(204)
+        .end()
+    }
+  }
 }

package/src/admin/login.html

@@ -6,11 +6,12 @@
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
 
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-app.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/6.3.5/firebase-auth.js"></script>
-    <script src="https://unpkg.com/vue@2.6.10/dist/vue.min.js"></script>
-
-    <link href="https://unpkg.com/bootstrap@4.1.3/dist/css/bootstrap.min.css" rel="stylesheet" />
+    <!-- CSS only -->
+    <link
+      href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.2/dist/css/bootstrap.min.css"
+      rel="stylesheet"
+      crossorigin="anonymous"
+    />
   </head>
   <body>
     <div id="app" style="padding: 40px 50px">
@@ -28,33 +29,54 @@
       </div>
     </div>
 
-    <script>
+    <script type="module">
+      import { createApp } from 'https://cdn.jsdelivr.net/npm/vue@3.2.20/dist/vue.esm-browser.prod.js'
+      import { initializeApp } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-app.js'
+      import {
+        getAuth,
+        GoogleAuthProvider,
+        onAuthStateChanged,
+        signInWithRedirect,
+      } from 'https://www.gstatic.com/firebasejs/9.1.2/firebase-auth.js'
+
       const apiKey = '<%= firebaseApiKey %>'
       const authDomain = '<%= firebaseAuthDomain %>'
-      const authProvider = '<%= firebaseAuthProvider %>'
+      // const authProvider = '<%= firebaseAuthProvider %>'
 
       if (!apiKey || !authDomain) {
         alert(`Error: 'apiKey' or 'authDomain' is missing!`)
       }
 
-      const qs = parseQuery(location.search)
-      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
-      console.log(qs)
+      // Initialize Firebase
+      initializeApp({
+        apiKey,
+        authDomain,
+      })
 
-      const provider = new firebase.auth[authProvider]()
+      const auth = getAuth()
+      const provider = new GoogleAuthProvider()
 
-      const app = new Vue({
-        el: '#app',
+      onAuthStateChanged(auth, user => {
+        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
+        console.log('onAuthStateChanged, user: ', user)
+        onUser(user)
+      })
 
-        data: {
-          loading: 'Loading...',
-          user: undefined,
-        },
+      const qs = Object.fromEntries(new URLSearchParams(location.search))
+      const { autoLogin, logout, returnUrl, adminTokenKey = 'admin_token' } = qs
+      console.log(qs)
 
+      const app = createApp({
+        data() {
+          return {
+            loading: 'Loading...',
+            user: undefined,
+          }
+        },
         methods: {
           login: async function () {
             try {
-              await firebase.auth().signInWithRedirect(provider)
+              await signInWithRedirect(auth, provider)
             } catch (err) {
               logError(err)
             }
@@ -62,7 +84,9 @@
 
           logout: async function () {
             try {
-              await firebase.auth().signOut()
+              await auth.signOut()
+
+              await postToken('logout') // magic string
 
               if (logout && returnUrl) {
                 alert('Logged out, redurecting back...')
@@ -73,20 +97,7 @@
             }
           },
         },
-      })
-
-      // Initialize Firebase
-      const config = {
-        apiKey,
-        authDomain,
-      }
-      firebase.initializeApp(config)
-
-      firebase.auth().onAuthStateChanged(user => {
-        // console.log('onAuthStateChanged, user: ', JSON.stringify(user, null, 2))
-        console.log('onAuthStateChanged, user: ', user)
-        onUser(user)
-      })
+      }).mount('#app')
 
       if (logout) app.logout()
 
@@ -100,13 +111,16 @@
           if (!user) {
             if (autoLogin) app.login()
           } else {
-            const token = await firebase.auth().currentUser.getIdToken(true)
+            const token = await auth.currentUser.getIdToken()
+
             // alert('idToken')
             // console.log(idToken)
             app.user = Object.assign({}, app.user, {
               token,
             })
 
+            await postToken(token)
+
             // Redirect if needed
             if (returnUrl) {
               // alert(`Logged in as ${app.user.email}, redirecting back...`)
@@ -118,20 +132,19 @@
         }
       }
 
-      function parseQuery(queryString) {
-        const query = {}
-        const pairs = (queryString[0] === '?' ? queryString.substr(1) : queryString).split('&')
-        for (let i = 0; i < pairs.length; i++) {
-          const pair = pairs[i].split('=')
-          query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] || '')
-        }
-        return query
-      }
-
       function logError(err) {
         console.error(err)
         alert('Error\n ' + JSON.stringify(err, null, 2))
       }
+
+      async function postToken(token) {
+        await fetch(`/admin/login`, {
+          method: 'post',
+          headers: {
+            Authentication: token,
+          },
+        })
+      }
     </script>
   </body>
 </html>

package/src/db/httpDB.ts

@@ -1,5 +1,5 @@
 import { Readable } from 'stream'
-import { JsonSchemaRootObject } from '@naturalcycles/js-lib'
+import { JsonSchemaRootObject, ObjectWithId } from '@naturalcycles/js-lib'
 import {
   BaseCommonDB,
   CommonDB,
@@ -7,7 +7,6 @@ import {
   CommonDBSaveOptions,
   CommonDBStreamOptions,
   DBQuery,
-  ObjectWithId,
   RunQueryResult,
 } from '@naturalcycles/db-lib'
 import { getGot, GetGotOptions, Got, ReadableTyped } from '@naturalcycles/nodejs-lib'

package/src/db/httpDBRequestHandler.ts

@@ -4,13 +4,13 @@ import {
   CommonDBSaveOptions,
   DBQuery,
   InMemoryDB,
-  ObjectWithId,
 } from '@naturalcycles/db-lib'
 import {
   commonDBOptionsSchema,
   commonDBSaveOptionsSchema,
   dbQuerySchema,
 } from '@naturalcycles/db-lib/dist/validation'
+import { ObjectWithId } from '@naturalcycles/js-lib'
 import { anyObjectSchema, arraySchema, objectSchema, stringSchema } from '@naturalcycles/nodejs-lib'
 import { Router } from 'express'
 import { getDefaultRouter, reqValidation } from '..'

package/src/index.ts

@@ -112,14 +112,3 @@ export {
   validateParams,
   validateQuery,
 }
-
-declare global {
-  namespace NodeJS {
-    interface ProcessEnv {
-      PORT?: string
-      GAE_APPLICATION?: string
-      GAE_SERVICE?: string
-      GAE_VERSION?: string
-    }
-  }
-}

package/src/server/handlers/reqValidation.mw.ts

@@ -23,6 +23,7 @@ export function reqValidation(
       if (opt.redactPaths) {
         redact(opt.redactPaths, req[reqProperty], error)
         error.data.joiValidationErrorItems.length = 0 // clears the array
+        delete error.data.annotation
       }
 
       return next(

package/src/server/handlers/statusHandler.ts

@@ -4,27 +4,16 @@ import { dayjs } from '@naturalcycles/time-lib'
 import { RequestHandler } from 'express'
 import { getDeployInfo } from '../deployInfo.util'
 
-/**
- * @returns unix timestamp in millis
- */
-type ServerStartedCallback = () => number | undefined
-
-const now = Date.now()
-const defaultServerStartedCallback = () => now
 const { versions } = process
+const { GAE_APPLICATION, GAE_SERVICE, GAE_VERSION } = process.env
 
-export function statusHandler(
-  serverStartedCallback?: ServerStartedCallback,
-  projectDir?: string,
-  extra?: any,
-): RequestHandler {
+export function statusHandler(projectDir?: string, extra?: any): RequestHandler {
   return async (req, res) => {
-    res.json(statusHandlerData(serverStartedCallback, projectDir, extra))
+    res.json(statusHandlerData(projectDir, extra))
   }
 }
 
 export function statusHandlerData(
-  serverStartedCallback: ServerStartedCallback = defaultServerStartedCallback,
   projectDir: string = process.cwd(),
   extra?: any,
 ): Record<string, any> {
@@ -34,14 +23,14 @@ export function statusHandlerData(
   const buildInfo = [dayjs.unix(ts).toCompactTime(), gitBranch, gitRev].filter(Boolean).join('_')
 
   return _filterFalsyValues({
-    started: getStartedStr(serverStartedCallback()),
+    started: getStartedStr(),
     deployBuildTimeUTC,
     APP_ENV,
     prod,
     buildInfo,
-    GAE_APPLICATION: process.env.GAE_APPLICATION,
-    GAE_SERVICE: process.env.GAE_SERVICE,
-    GAE_VERSION: process.env.GAE_VERSION,
+    GAE_APPLICATION,
+    GAE_SERVICE,
+    GAE_VERSION,
     mem: memoryUsageFull(),
     cpuAvg: processSharedUtil.cpuAvg(),
     // resourceUsage: process.resourceUsage?.(),
@@ -50,8 +39,8 @@ export function statusHandlerData(
   })
 }
 
-function getStartedStr(serverStarted?: number): string {
-  if (!serverStarted) return 'not started yet'
+function getStartedStr(): string {
+  const serverStarted = dayjs.utc().subtract(process.uptime(), 's')
 
   const s1 = dayjs(serverStarted).toPretty()
   const s2 = dayjs(serverStarted).fromNow()

package/src/server/startServer.model.ts

@@ -7,13 +7,6 @@ export interface StartServerCfg {
    */
   port?: number
 
-  /**
-   * Unix millisecond timestamp of when bootstrap has started.
-   *
-   * @default to Date.now()
-   */
-  bootstrapStartedAt?: number
-
   expressApp: Application
 
   /**
@@ -30,8 +23,9 @@ export interface StartServerCfg {
 
 export interface StartServerData {
   port: number
-  bootstrapStartedAt: number
-  serverStartedAt: number
-  bootstrapMillis: number
   server: Server
+  /**
+   * "Processed" server.address() as a string, ready to Cmd+click in MacOS Terminal
+   */
+  address: string
 }

package/src/server/startServer.ts

@@ -10,7 +10,7 @@ export class BackendServer {
   server?: Server
 
   async start(): Promise<StartServerData> {
-    const { bootstrapStartedAt = Date.now(), port: cfgPort, expressApp } = this.cfg
+    const { port: cfgPort, expressApp } = this.cfg
 
     // 1. Register error handlers, etc.
     process.on('uncaughtException', err => {
@@ -27,7 +27,7 @@ export class BackendServer {
     // sentryService.install()
 
     // 2. Start Express Server
-    const port = Number(process.env.PORT) || cfgPort || 8080
+    const port = Number(process.env['PORT']) || cfgPort || 8080
 
     this.server = await new Promise<Server>((resolve, reject) => {
       const server = expressApp.listen(port, (err?: Error) => {
@@ -39,21 +39,23 @@ export class BackendServer {
     // This is to fix GCP LoadBalancer race condition
     this.server.keepAliveTimeout = 600 * 1000 // 10 minutes
 
-    const serverStartedAt = Date.now()
+    let address = `http://localhost:${port}` // default
 
-    const bootstrapMillis = serverStartedAt - bootstrapStartedAt
-    log(
-      `serverStarted on port ${white(String(port))}, bootstrapTime ${dimGrey(
-        _ms(bootstrapMillis),
-      )}`,
-    )
+    const addr = this.server.address()
+    if (addr) {
+      if (typeof addr === 'string') {
+        address = addr
+      } else if (addr.address !== '::') {
+        address = `http://${addr.address}:${port}`
+      }
+    }
+
+    log(`serverStarted on ${white(address)} in ${dimGrey(_ms(process.uptime() * 1000))}`)
 
     return {
       port,
-      bootstrapStartedAt,
-      serverStartedAt,
-      bootstrapMillis,
       server: this.server,
+      address,
     }
   }
 
@@ -70,9 +72,7 @@ export class BackendServer {
       process.exit(1)
     }, this.cfg.forceShutdownTimeout || 3000)
 
-    if (this.cfg.onShutdown) {
-      void this.cfg.onShutdown()
-    }
+    void this.cfg.onShutdown?.()
 
     try {
       if (this.server) {
@@ -81,7 +81,7 @@ export class BackendServer {
       log(dimGrey('Shutdown completed.'))
       process.exit(0)
     } catch (err) {
-      log.error(err)
+      console.error(err)
       process.exit(1)
     }
   }