npm - @node-c/api-http - Versions diffs - 1.0.0-alpha38 → 1.0.0-alpha39 - Mend

@node-c/api-http 1.0.0-alpha38 → 1.0.0-alpha39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/package.json +3 -3
package/src/common/definitions/common.constants.ts +0 -16
package/src/common/definitions/common.definitions.ts +0 -10
package/src/common/definitions/common.errors.ts +0 -13
package/src/common/definitions/index.ts +0 -2
package/src/common/utils/index.ts +0 -1
package/src/common/utils/utils.checkRoutes.ts +0 -31
package/src/exceptionFilters/http.exceptionFilters.httpException.ts +0 -16
package/src/exceptionFilters/index.ts +0 -1
package/src/index.ts +0 -5
package/src/interceptors/http.interceptors.authorization.ts +0 -82
package/src/interceptors/http.interceptors.error.ts +0 -55
package/src/interceptors/index.ts +0 -2
package/src/middlewares/http.middlewares.authentication.ts +0 -158
package/src/middlewares/http.middlewares.cors.ts +0 -37
package/src/middlewares/index.ts +0 -2
package/src/module/http.api.module.definitions.ts +0 -16
package/src/module/http.api.module.ts +0 -83
package/src/module/index.ts +0 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@node-c/api-http",
-  "version": "1.0.0-alpha38",
+  "version": "1.0.0-alpha39",
   "license": "MIT",
   "main": "dist/index.js",
   "scripts": {
@@ -25,7 +25,7 @@
     "@types/lodash": "^4.17.19"
   },
   "peerDependencies": {
-    "@node-c/core": "^1.0.0-alpha38",
-    "@node-c/domain-iam": "^1.0.0-alpha38"
+    "@node-c/core": "^1.0.0-alpha39",
+    "@node-c/domain-iam": "^1.0.0-alpha39"
   }
 }

package/src/common/definitions/common.constants.ts DELETED Viewed

@@ -1,16 +0,0 @@
-export enum Constants {
-  // eslint-disable-next-line no-unused-vars
-  API_MODULE_AUTHORIZATION_SERVICE = 'API_MODULE_AUTHORIZATION_SERVICE',
-  // eslint-disable-next-line no-unused-vars
-  API_MODULE_NAME = 'API_MODULE_NAME',
-  // eslint-disable-next-line no-unused-vars
-  AUTHENTICATION_MIDDLEWARE_TOKEN_MANAGER_SERVICE = 'AUTHENTICATION_MIDDLEWARE_TOKEN_MANAGER_SERVICE',
-  // eslint-disable-next-line no-unused-vars
-  AUTHENTICATION_MIDDLEWARE_USERS_SERVICE = 'AUTHENTICATION_MIDDLEWARE_USERS_SERVICE',
-  // eslint-disable-next-line no-unused-vars
-  AUTHORIZATION_INTERCEPTOR = 'AUTHORIZATION_INTERCEPTOR',
-  // eslint-disable-next-line no-unused-vars
-  ERROR_INTERCEPTOR = 'ERROR_INTERCEPTOR',
-  // eslint-disable-next-line no-unused-vars
-  HTTP_EXCEPTION_FILTER = 'HTTP_EXCEPTION_FILTER'
-}

package/src/common/definitions/common.definitions.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import { Request } from 'express';
-export interface RequestWithLocals<User> extends Request {
-  locals?: {
-    isAnonymous?: boolean;
-    user?: User;
-    [fieldName: string]: unknown;
-  };
-  rawBody?: string;
-}

package/src/common/definitions/common.errors.ts DELETED Viewed

@@ -1,13 +0,0 @@
-import { GenericObject } from '@node-c/core';
-export class ServerError implements Error {
-  data: { statusCode: number } | GenericObject;
-  message: string;
-  name: string;
-  constructor(message: string, data?: GenericObject) {
-    this.message = message;
-    this.name = 'ServerError';
-    this.data = data || {};
-  }
-}

package/src/common/definitions/index.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './common.constants';
2	- export * from './common.definitions';

package/src/common/utils/index.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export * from './utils.checkRoutes';

package/src/common/utils/utils.checkRoutes.ts DELETED Viewed

@@ -1,31 +0,0 @@
-/**
- * Checks whether a route exists in a list of HTTP routes. Supports ExpressJS-style route parameters, i.e. /users/item/:id.
- * @param route (required) - The route to be checked.
- * @param routes (required) - The array of routes to check in.
- * @returns A boolean, which is the result of the check.
- */
-export function checkRoutes(route: string, routes: string[]): boolean {
-  const splitRoute = route.split('/');
-  for (const i in routes) {
-    const item = routes[i],
-      splitItem = item.split('/');
-    if (item === '*' || route === item) {
-      return true;
-    }
-    if (item.indexOf(':') !== -1 && splitItem.length === splitRoute.length) {
-      let valid = true;
-      for (const j in splitItem) {
-        const innerItem = splitItem[j],
-          routeItem = splitRoute[j];
-        if (routeItem !== innerItem && innerItem.indexOf(':') === -1) {
-          valid = false;
-          break;
-        }
-      }
-      if (valid) {
-        return true;
-      }
-    }
-  }
-  return false;
-}

package/src/exceptionFilters/http.exceptionFilters.httpException.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import { ArgumentsHost, Catch, ExceptionFilter, HttpException } from '@nestjs/common';
-import { Response } from 'express';
-// The purpose of the class is to handle HttpExceptions that are not caught by the HTTPErrorInterceptor.
-@Catch(HttpException)
-export class HttpExceptionFilter implements ExceptionFilter {
-  catch(exception: HttpException, host: ArgumentsHost): void {
-    const ctx = host.switchToHttp();
-    const response = ctx.getResponse<Response>();
-    const status = exception.getStatus();
-    response.status(status).json({
-      statusCode: status,
-      message: exception.message
-    });
-  }
-}

package/src/exceptionFilters/index.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export * from './http.exceptionFilters.httpException';

package/src/index.ts DELETED Viewed

@@ -1,5 +0,0 @@
-export * from './common/definitions';
-export * from './exceptionFilters';
-export * from './interceptors';
-export * from './middlewares';
-export * from './module';

package/src/interceptors/http.interceptors.authorization.ts DELETED Viewed

@@ -1,82 +0,0 @@
-import {
-  CallHandler,
-  ExecutionContext,
-  HttpException,
-  HttpStatus,
-  Inject,
-  Injectable,
-  NestInterceptor
-} from '@nestjs/common';
-import { ConfigProviderService, EndpointSecurityMode } from '@node-c/core';
-import { AuthorizationPoint, IAMAuthorizationService, UserWithPermissionsData } from '@node-c/domain-iam';
-import ld from 'lodash';
-import { Observable } from 'rxjs';
-import { Constants, RequestWithLocals } from '../common/definitions';
-@Injectable()
-export class HTTPAuthorizationInterceptor<User extends UserWithPermissionsData<unknown, unknown>>
-  implements NestInterceptor
-{
-  constructor(
-    @Inject(Constants.API_MODULE_AUTHORIZATION_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected authorizationService: IAMAuthorizationService<AuthorizationPoint<unknown>>,
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string
-  ) {}
-  async intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<unknown>> {
-    const [req]: [RequestWithLocals<User>, unknown] = context.getArgs();
-    const locals = req.locals!;
-    if (!locals) {
-      throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-    } else if (locals.isAnonymous) {
-      return next.handle();
-    }
-    const { moduleName } = this;
-    const controllerName = context.getClass().name;
-    const handlerName = context.getHandler().name;
-    // TODO: cache this in-memory
-    const authorizationData = await this.authorizationService.mapAuthorizationPoints(moduleName);
-    let controllerData = authorizationData![controllerName];
-    if (!controllerData) {
-      controllerData = authorizationData.__all;
-    }
-    const user = locals.user!; // we'll always have this, otherwise the system has not been configured properly
-    let handlerData = controllerData[handlerName];
-    if (!handlerData) {
-      handlerData = controllerData.__all;
-      if (!Object.keys(handlerData).length) {
-        const { endpointSecurityMode } = this.configProvider.config.api[moduleName];
-        if (!endpointSecurityMode || endpointSecurityMode === EndpointSecurityMode.Strict) {
-          console.info(
-            `[${moduleName}][HTTPAuthorizationInterceptor]: No authorization point data for handler ${controllerName}.${handlerName}.`
-          );
-          throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-        }
-        return next.handle();
-      }
-    }
-    const { hasAccess, inputDataToBeMutated } = IAMAuthorizationService.checkAccess(
-      handlerData,
-      { body: req.body, headers: req.headers, params: req.params, query: req.query },
-      user
-    );
-    if (!hasAccess) {
-      console.info(
-        `[${moduleName}][HTTPAuthorizationInterceptor]: No user access to handler ${controllerName}.${handlerName}.`
-      );
-      throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-    }
-    for (const key in inputDataToBeMutated) {
-      ld.set(req, key, inputDataToBeMutated[key]);
-    }
-    return next.handle();
-  }
-}

package/src/interceptors/http.interceptors.error.ts DELETED Viewed

@@ -1,55 +0,0 @@
-import { CallHandler, ExecutionContext, Injectable, NestInterceptor } from '@nestjs/common';
-import { ApplicationError } from '@node-c/core';
-import { Observable } from 'rxjs';
-import { catchError } from 'rxjs/operators';
-import { ServerError } from '../common/definitions/common.errors';
-@Injectable()
-export class HTTPErrorInterceptor implements NestInterceptor {
-  intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
-    return next.handle().pipe(
-      catchError(error => {
-        console.error(error);
-        let message: string | string[] = 'An error has occurred.';
-        let status = 500;
-        if (error instanceof ApplicationError || error instanceof ServerError) {
-          if (error.message) {
-            message = error.message;
-          }
-          if (error.data) {
-            if ('errorCode' in error.data) {
-              status = error.data.errorCode as number;
-            } else if ('statusCode' in error.data) {
-              status = error.data.statusCode as number;
-            } else {
-              status = 400;
-            }
-          } else {
-            status = 400;
-          }
-        } else if (error.response) {
-          const { response } = error;
-          if (response.statusCode) {
-            status = response.statusCode;
-          }
-          if (response.message) {
-            message = response.message;
-          }
-        } else if (error instanceof Error) {
-          if (error.message) {
-            message = error.message;
-          }
-        }
-        context
-          .switchToHttp()
-          .getResponse()
-          .status(status)
-          .json({ error: message instanceof Array ? message.join('\n') : message });
-        return new Observable();
-      })
-    );
-  }
-}

package/src/interceptors/index.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './http.interceptors.authorization';
2	- export * from './http.interceptors.error';

package/src/middlewares/http.middlewares.authentication.ts DELETED Viewed

@@ -1,158 +0,0 @@
-import crypto from 'crypto';
-import { HttpException, HttpStatus, Inject, Injectable, NestMiddleware } from '@nestjs/common';
-import { AppConfigAPIHTTP, ConfigProviderService } from '@node-c/core';
-import { DecodedTokenContent, IAMTokenManagerService, IAMUsersService, UserTokenEnityFields } from '@node-c/domain-iam';
-import { NextFunction, Response } from 'express';
-import { Constants, RequestWithLocals } from '../common/definitions';
-import { checkRoutes } from '../common/utils';
-@Injectable()
-export class HTTPAuthenticationMiddleware<User extends object> implements NestMiddleware {
-  constructor(
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string,
-    @Inject(Constants.AUTHENTICATION_MIDDLEWARE_TOKEN_MANAGER_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected tokenManager?: IAMTokenManagerService<UserTokenEnityFields>,
-    @Inject(Constants.AUTHENTICATION_MIDDLEWARE_USERS_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected usersService?: IAMUsersService<User>
-  ) {}
-  use(req: RequestWithLocals<unknown>, res: Response, next: NextFunction): void {
-    (async () => {
-      const { anonymousAccessRoutes, apiKey, apiSecret, apiSecretAlgorithm } = this.configProvider.config.api![
-        this.moduleName
-      ] as AppConfigAPIHTTP;
-      const requestMethod = req.method.toLowerCase();
-      if (!req.locals) {
-        req.locals = {};
-      }
-      if (anonymousAccessRoutes && Object.keys(anonymousAccessRoutes).length) {
-        const originalUrl = req.originalUrl.split('?')[0];
-        let isAnonymous = false;
-        for (const route in anonymousAccessRoutes) {
-          if (
-            checkRoutes(originalUrl, [route]) &&
-            anonymousAccessRoutes[route].find(method => method === requestMethod)
-          ) {
-            isAnonymous = true;
-            break;
-          }
-        }
-        if (isAnonymous) {
-          req.locals.isAnonymous = true;
-          next();
-          return;
-        }
-      }
-      const { tokenManager, usersService } = this;
-      if (apiKey) {
-        const [apiKeyFromHeader, requestSignature] =
-          req.headers.authorization?.replace(/^ApiKey\s/, '')?.split(' ') || [];
-        if (apiKey !== apiKeyFromHeader) {
-          console.error(`${apiKeyFromHeader?.length ? 'Invalid' : 'Missing'} api key in the authorization header.`);
-          throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-        }
-        if (apiSecret && apiSecretAlgorithm) {
-          if (!requestSignature) {
-            console.error('Missing request signature in the authorization header.');
-            throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-          }
-          let signatureContent = '';
-          if (requestMethod === 'get' && req.query && Object.keys(req.query).length) {
-            signatureContent = JSON.stringify(req.query);
-          } else if (
-            (requestMethod === 'patch' || requestMethod === 'post' || requestMethod === 'put') &&
-            req.body &&
-            Object.keys(req.body).length
-          ) {
-            signatureContent = JSON.stringify(req.body);
-          } else {
-            signatureContent = req.originalUrl.split('?')[0];
-          }
-          const calcualtedSignature = crypto
-            .createHmac(apiSecretAlgorithm, apiSecret)
-            .update(signatureContent)
-            .digest('hex');
-          if (calcualtedSignature !== requestSignature) {
-            console.error(
-              `Invalid request signature in the authorization header. Expected: ${calcualtedSignature}. Provided: ${requestSignature}`
-            );
-            throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-          }
-        }
-        next();
-        return;
-      } else if (!tokenManager) {
-        console.error('Missing api key in the configuration and no tokenManager set up.');
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      let tokens: string[] = [];
-      let authToken = req.headers.authorization;
-      let authTokenIsNew = false;
-      let refreshToken: string | undefined;
-      let tokenContent: DecodedTokenContent<UserTokenEnityFields> | undefined;
-      let useCookie = false;
-      if (typeof authToken === 'string' && authToken.length && authToken.match(/^Bearer\s/)) {
-        tokens = authToken.split(' ');
-        if (tokens.length) {
-          authToken = tokens[1];
-          refreshToken = tokens[2];
-        }
-      } else {
-        authToken = req.cookies['sid'];
-        useCookie = true;
-      }
-      if (!authToken) {
-        console.error('Missing auth token.');
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      try {
-        const tokenRes = await tokenManager.verifyAccessToken(authToken, {
-          deleteFromStoreIfExpired: true,
-          identifierDataField: usersService ? 'userId' : undefined,
-          persistNewToken: true,
-          purgeStoreOnRenew: true,
-          refreshToken,
-          refreshTokenAccessTokenIdentifierDataField: 'accessToken'
-        });
-        tokenContent = tokenRes.content!;
-        if (tokenRes.newToken) {
-          authTokenIsNew = true;
-        }
-      } catch (e) {
-        console.error('Failed to parse the access or refresh token:', e);
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      if (authTokenIsNew) {
-        res.setHeader('Authorization', `Bearer ${authToken}${refreshToken ? ` ${refreshToken}` : ''}`);
-        if (useCookie) {
-          res.cookie('sid', authToken);
-        }
-      }
-      if (usersService) {
-        const userId = tokenContent?.data?.userId;
-        if (!userId) {
-          console.error('Missing userId in the tokenContent data.');
-          throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-        }
-        req.locals!.user = await usersService.getUserWithPermissionsData({ filters: { id: userId } });
-      }
-      next();
-    })().then(
-      () => true,
-      err => {
-        console.error(err);
-        res.status((err && err.status) || HttpStatus.INTERNAL_SERVER_ERROR).end();
-      }
-    );
-  }
-}

package/src/middlewares/http.middlewares.cors.ts DELETED Viewed

@@ -1,37 +0,0 @@
-import { HttpStatus, Inject, Injectable, NestMiddleware } from '@nestjs/common';
-import { AppConfigAPIHTTP, ConfigProviderService } from '@node-c/core';
-import { NextFunction, Response } from 'express';
-import { Constants, RequestWithLocals } from '../common/definitions';
-@Injectable()
-export class HTTPCORSMiddleware implements NestMiddleware {
-  constructor(
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string
-  ) {}
-  use(req: RequestWithLocals<unknown>, res: Response, next: NextFunction): void {
-    const allowedOrigins = (this.configProvider.config.api![this.moduleName] as AppConfigAPIHTTP).allowedOrigins;
-    const origin = req.headers.origin as string;
-    if (allowedOrigins?.includes(origin)) {
-      res.set('Access-Control-Allow-Origin', origin);
-    }
-    res.set(
-      'Access-Control-Allow-Headers',
-      'accept,accept-encoding,accept-language,authorization,connection,content-type,host,origin,referer,user-agent'
-    );
-    res.set('Access-Control-Allow-Methods', 'OPTIONS,GET,POST,PUT,PATCH,DELETE');
-    res.set('Access-Control-Allow-Credentials', 'true');
-    res.set('Access-Control-Expose-Headers', 'Authorization');
-    if (req.method.toLowerCase() === 'options') {
-      res.status(HttpStatus.OK).end();
-      return;
-    }
-    next();
-  }
-}

package/src/middlewares/index.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './http.middlewares.authentication';
2	- export * from './http.middlewares.cors';

package/src/module/http.api.module.definitions.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import { ModuleMetadata } from '@nestjs/common';
-import { GenericObject } from '@node-c/core';
-export interface HTTPAPIModuleOptions {
-  controllers?: ModuleMetadata['controllers'];
-  exports?: ModuleMetadata['exports'];
-  folderData: GenericObject<unknown>;
-  imports?: {
-    atEnd?: ModuleMetadata['imports'];
-    atStart?: ModuleMetadata['imports'];
-  };
-  moduleClass: unknown;
-  moduleName: string;
-  providers?: ModuleMetadata['providers'];
-}

package/src/module/http.api.module.ts DELETED Viewed

@@ -1,83 +0,0 @@
-import { DynamicModule, Inject, MiddlewareConsumer, ModuleMetadata, ValidationPipe } from '@nestjs/common';
-import { APP_PIPE } from '@nestjs/core';
-import { ConfigProviderService, loadDynamicModules } from '@node-c/core';
-import cookieParser from 'cookie-parser';
-import express, { Response } from 'express';
-import morgan from 'morgan';
-import { HTTPAPIModuleOptions } from './http.api.module.definitions';
-import { Constants, RequestWithLocals } from '../common/definitions';
-import { HttpExceptionFilter } from '../exceptionFilters';
-import { HTTPAuthorizationInterceptor, HTTPErrorInterceptor } from '../interceptors';
-import { HTTPAuthenticationMiddleware, HTTPCORSMiddleware } from '../middlewares';
-export class HTTPAPIModule {
-  constructor(
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string
-  ) {}
-  configure(consumer: MiddlewareConsumer): void {
-    consumer.apply(express.urlencoded({ verify: HTTPAPIModule.rawBodyBuffer, extended: true })).forRoutes('*');
-    consumer.apply(express.json({ verify: HTTPAPIModule.rawBodyBuffer })).forRoutes('*');
-    consumer.apply(cookieParser()).forRoutes('*');
-    // configure logging
-    consumer
-      .apply(morgan(`[${this.moduleName}]: :method :url :status :res[content-length] - :response-time ms`))
-      .forRoutes('*');
-    consumer.apply(HTTPCORSMiddleware).forRoutes('*');
-    consumer.apply(HTTPAuthenticationMiddleware).forRoutes('*');
-  }
-  static rawBodyBuffer(req: RequestWithLocals<unknown>, _res: Response, buffer: Buffer): void {
-    if (buffer && buffer.length) {
-      req.rawBody = buffer.toString();
-    }
-  }
-  static register(options: HTTPAPIModuleOptions): DynamicModule {
-    const { folderData, imports: additionalImports, moduleClass } = options;
-    const { atEnd: importsAtEnd, atStart: importsAtStart } = additionalImports || {};
-    const { controllers, services } = loadDynamicModules(folderData);
-    return {
-      module: moduleClass as DynamicModule['module'],
-      imports: [...(importsAtStart || []), ...(importsAtEnd || [])],
-      providers: [
-        // configure DTO validation
-        {
-          provide: APP_PIPE,
-          // useClass: ValidationPipe
-          useValue: new ValidationPipe({
-            whitelist: true
-          })
-        },
-        {
-          provide: Constants.API_MODULE_NAME,
-          useValue: options.moduleName
-        },
-        {
-          provide: Constants.AUTHORIZATION_INTERCEPTOR,
-          useClass: HTTPAuthorizationInterceptor
-        },
-        {
-          provide: Constants.ERROR_INTERCEPTOR,
-          useClass: HTTPErrorInterceptor
-        },
-        {
-          provide: Constants.HTTP_EXCEPTION_FILTER,
-          useClass: HttpExceptionFilter
-        },
-        ...(options.providers || []),
-        ...(services || [])
-      ],
-      controllers: [...(controllers || []), ...(options.controllers || [])] as unknown as ModuleMetadata['controllers'],
-      exports: [...(services || []), ...(options.exports || [])]
-    };
-  }
-}

package/src/module/index.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './http.api.module';
2	- export * from './http.api.module.definitions';