@node-c/api-http 1.0.0-alpha9 → 1.0.0-beta1

package/src/module/http.api.module.ts

@@ -1,4 +1,5 @@
-import { DynamicModule, Inject, MiddlewareConsumer, ModuleMetadata } from '@nestjs/common';
+import { DynamicModule, Inject, MiddlewareConsumer, ModuleMetadata, ValidationPipe } from '@nestjs/common';
+import { APP_PIPE } from '@nestjs/core';
 
 import { ConfigProviderService, loadDynamicModules } from '@node-c/core';
 
@@ -8,9 +9,9 @@ import express, { Response } from 'express';
 import { HTTPAPIModuleOptions } from './http.api.module.definitions';
 
 import { Constants, RequestWithLocals } from '../common/definitions';
-import { HttpExceptionFilter } from '../exceptionFilters';
-import { HTTPAuthorizationInterceptor, HTTPErrorInterceptor } from '../interceptors';
-import { HTTPAuthenticationMiddleware, HTTPCORSMiddleware } from '../middlewares';
+import { HttpExceptionFilter } from '../filters';
+import { HTTPAccessControlInterceptor, HTTPErrorInterceptor } from '../interceptors';
+import { HTTPAuthorizationMiddleware, HTTPCORSMiddleware, HTTPRequestLoggingMiddleware } from '../middlewares';
 
 export class HTTPAPIModule {
   constructor(
@@ -25,8 +26,10 @@ export class HTTPAPIModule {
     consumer.apply(express.urlencoded({ verify: HTTPAPIModule.rawBodyBuffer, extended: true })).forRoutes('*');
     consumer.apply(express.json({ verify: HTTPAPIModule.rawBodyBuffer })).forRoutes('*');
     consumer.apply(cookieParser()).forRoutes('*');
+    // configure logging
+    consumer.apply(HTTPRequestLoggingMiddleware).forRoutes('*');
     consumer.apply(HTTPCORSMiddleware).forRoutes('*');
-    consumer.apply(HTTPAuthenticationMiddleware).forRoutes('*');
+    consumer.apply(HTTPAuthorizationMiddleware).forRoutes('*');
   }
 
   static rawBodyBuffer(req: RequestWithLocals<unknown>, _res: Response, buffer: Buffer): void {
@@ -43,13 +46,21 @@ export class HTTPAPIModule {
       module: moduleClass as DynamicModule['module'],
       imports: [...(importsAtStart || []), ...(importsAtEnd || [])],
       providers: [
+        // configure DTO validation
+        {
+          provide: APP_PIPE,
+          // useClass: ValidationPipe
+          useValue: new ValidationPipe({
+            whitelist: true
+          })
+        },
         {
           provide: Constants.API_MODULE_NAME,
           useValue: options.moduleName
         },
         {
           provide: Constants.AUTHORIZATION_INTERCEPTOR,
-          useClass: HTTPAuthorizationInterceptor
+          useClass: HTTPAccessControlInterceptor
         },
         {
           provide: Constants.ERROR_INTERCEPTOR,

package/dist/exceptionFilters/http.exceptionFilters.httpException.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http.exceptionFilters.httpException.js","sourceRoot":"","sources":["../../src/exceptionFilters/http.exceptionFilters.httpException.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAsF;AAK/E,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAC9B,KAAK,CAAC,SAAwB,EAAE,IAAmB;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAY,CAAC;QAC7C,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;QACrC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;YAC3B,UAAU,EAAE,MAAM;YAClB,OAAO,EAAE,SAAS,CAAC,OAAO;SAC3B,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AAVY,kDAAmB;8BAAnB,mBAAmB;IAD/B,IAAA,cAAK,EAAC,sBAAa,CAAC;GACR,mBAAmB,CAU/B"}

package/dist/exceptionFilters/index.d.ts

@@ -1 +0,0 @@
-export * from './http.exceptionFilters.httpException';

package/dist/exceptionFilters/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/exceptionFilters/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,wEAAsD"}

package/dist/interceptors/http.interceptors.authorization.d.ts

@@ -1,11 +0,0 @@
-import { CallHandler, ExecutionContext, NestInterceptor } from '@nestjs/common';
-import { ConfigProviderService } from '@node-c/core';
-import { AuthorizationPoint, IAMAuthorizationService, UserWithPermissionsData } from '@node-c/domain-iam';
-import { Observable } from 'rxjs';
-export declare class HTTPAuthorizationInterceptor<User extends UserWithPermissionsData<unknown, unknown>> implements NestInterceptor {
-    protected authorizationService: IAMAuthorizationService<AuthorizationPoint<unknown>>;
-    protected configProvider: ConfigProviderService;
-    protected moduleName: string;
-    constructor(authorizationService: IAMAuthorizationService<AuthorizationPoint<unknown>>, configProvider: ConfigProviderService, moduleName: string);
-    intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<unknown>>;
-}

package/dist/interceptors/http.interceptors.authorization.js

@@ -1,87 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.HTTPAuthorizationInterceptor = void 0;
-const common_1 = require("@nestjs/common");
-const core_1 = require("@node-c/core");
-const domain_iam_1 = require("@node-c/domain-iam");
-const general_tools_1 = require("@ramster/general-tools");
-const definitions_1 = require("../common/definitions");
-let HTTPAuthorizationInterceptor = class HTTPAuthorizationInterceptor {
-    constructor(authorizationService, configProvider, moduleName) {
-        this.authorizationService = authorizationService;
-        this.configProvider = configProvider;
-        this.moduleName = moduleName;
-    }
-    intercept(context, next) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const [req] = context.getArgs();
-            const locals = req.locals;
-            if (!locals) {
-                throw new common_1.HttpException('Forbidden', common_1.HttpStatus.FORBIDDEN);
-            }
-            else if (locals.isAnonymous) {
-                return next.handle();
-            }
-            const { moduleName } = this;
-            const controllerName = context.getClass().name;
-            const handlerName = context.getHandler().name;
-            const authorizationData = yield this.authorizationService.mapAuthorizationPoints(moduleName);
-            let controllerData = authorizationData[controllerName];
-            if (!controllerData) {
-                controllerData = authorizationData.__all;
-            }
-            const user = locals.user;
-            let handlerData = controllerData[handlerName];
-            if (!handlerData) {
-                handlerData = controllerData.__all;
-                if (!Object.keys(handlerData).length) {
-                    const { endpointSecurityMode } = this.configProvider.config.api[moduleName];
-                    if (!endpointSecurityMode || endpointSecurityMode === core_1.EndpointSecurityMode.Strict) {
-                        console.info(`[${moduleName}][HTTPAuthorizationInterceptor]: No authorization point data for handler ${controllerName}.${handlerName}.`);
-                        throw new common_1.HttpException('Forbidden', common_1.HttpStatus.FORBIDDEN);
-                    }
-                    return next.handle();
-                }
-            }
-            const { hasAccess, inputDataToBeMutated } = domain_iam_1.IAMAuthorizationService.checkAccess(handlerData, { body: req.body, headers: req.headers, params: req.params, query: req.query }, user);
-            if (!hasAccess) {
-                console.info(`[${moduleName}][HTTPAuthorizationInterceptor]: No user access to handler ${controllerName}.${handlerName}.`);
-                throw new common_1.HttpException('Forbidden', common_1.HttpStatus.FORBIDDEN);
-            }
-            for (const key in inputDataToBeMutated) {
-                (0, general_tools_1.setNested)(req, key, inputDataToBeMutated[key]);
-            }
-            return next.handle();
-        });
-    }
-};
-exports.HTTPAuthorizationInterceptor = HTTPAuthorizationInterceptor;
-exports.HTTPAuthorizationInterceptor = HTTPAuthorizationInterceptor = __decorate([
-    (0, common_1.Injectable)(),
-    __param(0, (0, common_1.Inject)(definitions_1.Constants.API_MODULE_AUTHORIZATION_SERVICE)),
-    __param(2, (0, common_1.Inject)(definitions_1.Constants.API_MODULE_NAME)),
-    __metadata("design:paramtypes", [domain_iam_1.IAMAuthorizationService,
-        core_1.ConfigProviderService, String])
-], HTTPAuthorizationInterceptor);
-//# sourceMappingURL=http.interceptors.authorization.js.map

package/dist/interceptors/http.interceptors.authorization.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http.interceptors.authorization.js","sourceRoot":"","sources":["../../src/interceptors/http.interceptors.authorization.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAQwB;AAExB,uCAA2E;AAC3E,mDAA0G;AAE1G,0DAAmD;AAGnD,uDAAqE;AAG9D,IAAM,4BAA4B,GAAlC,MAAM,4BAA4B;IAGvC,YAGY,oBAA0E,EAE1E,cAAqC,EAGrC,UAAkB;QALlB,yBAAoB,GAApB,oBAAoB,CAAsD;QAE1E,mBAAc,GAAd,cAAc,CAAuB;QAGrC,eAAU,GAAV,UAAU,CAAQ;IAC3B,CAAC;IAEE,SAAS,CAAC,OAAyB,EAAE,IAAiB;;YAC1D,MAAM,CAAC,GAAG,CAAC,GAAuC,OAAO,CAAC,OAAO,EAAE,CAAC;YACpE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAO,CAAC;YAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,sBAAa,CAAC,WAAW,EAAE,mBAAU,CAAC,SAAS,CAAC,CAAC;YAC7D,CAAC;iBAAM,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;YACvB,CAAC;YACD,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;YAC5B,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC;YAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,CAAC;YAE9C,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;YAC7F,IAAI,cAAc,GAAG,iBAAkB,CAAC,cAAc,CAAC,CAAC;YACxD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,cAAc,GAAG,iBAAiB,CAAC,KAAK,CAAC;YAC3C,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAK,CAAC;YAC1B,IAAI,WAAW,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;YAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC;gBACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAC;oBACrC,MAAM,EAAE,oBAAoB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;oBAC5E,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,KAAK,2BAAoB,CAAC,MAAM,EAAE,CAAC;wBAClF,OAAO,CAAC,IAAI,CACV,IAAI,UAAU,4EAA4E,cAAc,IAAI,WAAW,GAAG,CAC3H,CAAC;wBACF,MAAM,IAAI,sBAAa,CAAC,WAAW,EAAE,mBAAU,CAAC,SAAS,CAAC,CAAC;oBAC7D,CAAC;oBACD,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,oBAAoB,EAAE,GAAG,oCAAuB,CAAC,WAAW,CAC7E,WAAW,EACX,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,EAC9E,IAAI,CACL,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CACV,IAAI,UAAU,8DAA8D,cAAc,IAAI,WAAW,GAAG,CAC7G,CAAC;gBACF,MAAM,IAAI,sBAAa,CAAC,WAAW,EAAE,mBAAU,CAAC,SAAS,CAAC,CAAC;YAC7D,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,oBAAoB,EAAE,CAAC;gBACvC,IAAA,yBAAS,EAAC,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;KAAA;CACF,CAAA;AA9DY,oEAA4B;uCAA5B,4BAA4B;IADxC,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,uBAAS,CAAC,gCAAgC,CAAC,CAAA;IAKlD,WAAA,IAAA,eAAM,EAAC,uBAAS,CAAC,eAAe,CAAC,CAAA;qCAHF,oCAAuB;QAE7B,4BAAqB;GARtC,4BAA4B,CA8DxC"}

package/dist/middlewares/http.middlewares.authentication.d.ts

@@ -1,13 +0,0 @@
-import { NestMiddleware } from '@nestjs/common';
-import { ConfigProviderService } from '@node-c/core';
-import { IAMTokenManagerService, IAMUsersService, UserTokenEnityFields } from '@node-c/domain-iam';
-import { NextFunction, Response } from 'express';
-import { RequestWithLocals } from '../common/definitions';
-export declare class HTTPAuthenticationMiddleware<User extends object> implements NestMiddleware {
-    protected configProvider: ConfigProviderService;
-    protected moduleName: string;
-    protected tokenManager: IAMTokenManagerService<UserTokenEnityFields>;
-    protected usersService: IAMUsersService<User>;
-    constructor(configProvider: ConfigProviderService, moduleName: string, tokenManager: IAMTokenManagerService<UserTokenEnityFields>, usersService: IAMUsersService<User>);
-    use(req: RequestWithLocals<unknown>, res: Response, next: NextFunction): void;
-}

package/dist/middlewares/http.middlewares.authentication.js

@@ -1,128 +0,0 @@
-"use strict";
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-var __metadata = (this && this.__metadata) || function (k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-};
-var __param = (this && this.__param) || function (paramIndex, decorator) {
-    return function (target, key) { decorator(target, key, paramIndex); }
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.HTTPAuthenticationMiddleware = void 0;
-const common_1 = require("@nestjs/common");
-const core_1 = require("@node-c/core");
-const domain_iam_1 = require("@node-c/domain-iam");
-const general_tools_1 = require("@ramster/general-tools");
-const definitions_1 = require("../common/definitions");
-let HTTPAuthenticationMiddleware = class HTTPAuthenticationMiddleware {
-    constructor(configProvider, moduleName, tokenManager, usersService) {
-        this.configProvider = configProvider;
-        this.moduleName = moduleName;
-        this.tokenManager = tokenManager;
-        this.usersService = usersService;
-    }
-    use(req, res, next) {
-        (() => __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const { anonymousAccessRoutes } = this.configProvider.config.api[this.moduleName];
-            if (!req.locals) {
-                req.locals = {};
-            }
-            if (anonymousAccessRoutes && Object.keys(anonymousAccessRoutes).length) {
-                const originalUrl = req.originalUrl.split('?')[0];
-                let isAnonymous = false;
-                for (const route in anonymousAccessRoutes) {
-                    if ((0, general_tools_1.checkRoutes)(originalUrl, [route]) &&
-                        anonymousAccessRoutes[route].find(method => method === req.method.toLowerCase())) {
-                        isAnonymous = true;
-                        break;
-                    }
-                }
-                if (isAnonymous) {
-                    req.locals.isAnonymous = true;
-                    next();
-                    return;
-                }
-            }
-            const { tokenManager, usersService } = this;
-            let tokens = [];
-            let authToken = req.headers.authorization;
-            let authTokenIsNew = false;
-            let refreshToken;
-            let tokenContent;
-            let useCookie = false;
-            if (typeof authToken === 'string' && authToken.length && authToken.match(/^Bearer\s/)) {
-                tokens = authToken.split(' ');
-                if (tokens.length) {
-                    authToken = tokens[1];
-                    refreshToken = tokens[2];
-                }
-            }
-            else {
-                authToken = req.cookies['sid'];
-                useCookie = true;
-            }
-            if (!authToken) {
-                console.error('Missing auth token.');
-                throw new common_1.HttpException('Unauthorized', common_1.HttpStatus.UNAUTHORIZED);
-            }
-            try {
-                const tokenRes = yield tokenManager.verifyAccessToken(authToken, {
-                    deleteFromStoreIfExpired: true,
-                    identifierDataField: 'userId',
-                    persistNewToken: true,
-                    purgeStoreOnRenew: true,
-                    refreshToken,
-                    refreshTokenAccessTokenIdentifierDataField: 'accessToken'
-                });
-                tokenContent = tokenRes.content;
-                if (tokenRes.newToken) {
-                    authTokenIsNew = true;
-                }
-            }
-            catch (e) {
-                console.error('Failed to parse the access or refresh token:', e);
-                throw new common_1.HttpException('Unauthorized', common_1.HttpStatus.UNAUTHORIZED);
-            }
-            if (authTokenIsNew) {
-                res.setHeader('Authorization', `Bearer ${authToken}${refreshToken ? ` ${refreshToken}` : ''}`);
-                if (useCookie) {
-                    res.cookie('sid', authToken);
-                }
-            }
-            const userId = (_a = tokenContent === null || tokenContent === void 0 ? void 0 : tokenContent.data) === null || _a === void 0 ? void 0 : _a.userId;
-            if (!userId) {
-                console.error('Missing userId in the tokenContent data.');
-                throw new common_1.HttpException('Unauthorized', common_1.HttpStatus.UNAUTHORIZED);
-            }
-            req.locals.user = yield usersService.getUserWithPermissionsData({ filters: { id: userId } });
-            next();
-        }))().then(() => true, err => {
-            console.error(err);
-            res.status((err && err.status) || common_1.HttpStatus.INTERNAL_SERVER_ERROR).end();
-        });
-    }
-};
-exports.HTTPAuthenticationMiddleware = HTTPAuthenticationMiddleware;
-exports.HTTPAuthenticationMiddleware = HTTPAuthenticationMiddleware = __decorate([
-    (0, common_1.Injectable)(),
-    __param(1, (0, common_1.Inject)(definitions_1.Constants.API_MODULE_NAME)),
-    __param(2, (0, common_1.Inject)(definitions_1.Constants.AUTHENTICATION_MIDDLEWARE_TOKEN_MANAGER_SERVICE)),
-    __param(3, (0, common_1.Inject)(definitions_1.Constants.AUTHENTICATION_MIDDLEWARE_USERS_SERVICE)),
-    __metadata("design:paramtypes", [core_1.ConfigProviderService, String, domain_iam_1.IAMTokenManagerService,
-        domain_iam_1.IAMUsersService])
-], HTTPAuthenticationMiddleware);
-//# sourceMappingURL=http.middlewares.authentication.js.map

package/dist/middlewares/http.middlewares.authentication.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"http.middlewares.authentication.js","sourceRoot":"","sources":["../../src/middlewares/http.middlewares.authentication.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA+F;AAE/F,uCAAuE;AACvE,mDAAwH;AAExH,0DAAqD;AAIrD,uDAAqE;AAG9D,IAAM,4BAA4B,GAAlC,MAAM,4BAA4B;IACvC,YAEY,cAAqC,EAGrC,UAAkB,EAGlB,YAA0D,EAG1D,YAAmC;QATnC,mBAAc,GAAd,cAAc,CAAuB;QAGrC,eAAU,GAAV,UAAU,CAAQ;QAGlB,iBAAY,GAAZ,YAAY,CAA8C;QAG1D,iBAAY,GAAZ,YAAY,CAAuB;IAC5C,CAAC;IAEJ,GAAG,CAAC,GAA+B,EAAE,GAAa,EAAE,IAAkB;QACpE,CAAC,GAAS,EAAE;;YACV,MAAM,EAAE,qBAAqB,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,GAAI,CAAC,IAAI,CAAC,UAAU,CAAqB,CAAC;YACvG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;YAClB,CAAC;YACD,IAAI,qBAAqB,IAAI,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,MAAM,EAAE,CAAC;gBACvE,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,IAAI,WAAW,GAAG,KAAK,CAAC;gBACxB,KAAK,MAAM,KAAK,IAAI,qBAAqB,EAAE,CAAC;oBAC1C,IACE,IAAA,2BAAW,EAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC;wBACjC,qBAAqB,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAChF,CAAC;wBACD,WAAW,GAAG,IAAI,CAAC;wBACnB,MAAM;oBACR,CAAC;gBACH,CAAC;gBACD,IAAI,WAAW,EAAE,CAAC;oBAChB,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;oBAC9B,IAAI,EAAE,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;YACD,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;YAC5C,IAAI,MAAM,GAAa,EAAE,CAAC;YAC1B,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;YAC1C,IAAI,cAAc,GAAG,KAAK,CAAC;YAC3B,IAAI,YAAgC,CAAC;YACrC,IAAI,YAAmE,CAAC;YACxE,IAAI,SAAS,GAAG,KAAK,CAAC;YACtB,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtF,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAClB,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;oBACtB,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC3B,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC/B,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;gBACrC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;YACnE,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,iBAAiB,CAAC,SAAS,EAAE;oBAC/D,wBAAwB,EAAE,IAAI;oBAC9B,mBAAmB,EAAE,QAAQ;oBAC7B,eAAe,EAAE,IAAI;oBACrB,iBAAiB,EAAE,IAAI;oBACvB,YAAY;oBACZ,0CAA0C,EAAE,aAAa;iBAC1D,CAAC,CAAC;gBACH,YAAY,GAAG,QAAQ,CAAC,OAAQ,CAAC;gBACjC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACtB,cAAc,GAAG,IAAI,CAAC;gBACxB,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;gBACjE,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;YACnE,CAAC;YACD,IAAI,cAAc,EAAE,CAAC;gBACnB,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,SAAS,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/F,IAAI,SAAS,EAAE,CAAC;oBACd,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YACD,MAAM,MAAM,GAAG,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,IAAI,0CAAE,MAAM,CAAC;YAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC1D,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;YACnE,CAAC;YACD,GAAG,CAAC,MAAO,CAAC,IAAI,GAAG,MAAM,YAAY,CAAC,0BAA0B,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;YAC9F,IAAI,EAAE,CAAC;QACT,CAAC,CAAA,CAAC,EAAE,CAAC,IAAI,CACP,GAAG,EAAE,CAAC,IAAI,EACV,GAAG,CAAC,EAAE;YACJ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,mBAAU,CAAC,qBAAqB,CAAC,CAAC,GAAG,EAAE,CAAC;QAC5E,CAAC,CACF,CAAC;IACJ,CAAC;CACF,CAAA;AAlGY,oEAA4B;uCAA5B,4BAA4B;IADxC,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,uBAAS,CAAC,eAAe,CAAC,CAAA;IAGjC,WAAA,IAAA,eAAM,EAAC,uBAAS,CAAC,+CAA+C,CAAC,CAAA;IAGjE,WAAA,IAAA,eAAM,EAAC,uBAAS,CAAC,uCAAuC,CAAC,CAAA;qCAPhC,4BAAqB,UAMvB,mCAAsB;QAGtB,4BAAe;GAZ9B,4BAA4B,CAkGxC"}

package/src/exceptionFilters/index.ts

@@ -1 +0,0 @@
-export * from './http.exceptionFilters.httpException';

package/src/interceptors/http.interceptors.authorization.ts

@@ -1,82 +0,0 @@
-import {
-  CallHandler,
-  ExecutionContext,
-  HttpException,
-  HttpStatus,
-  Inject,
-  Injectable,
-  NestInterceptor
-} from '@nestjs/common';
-
-import { ConfigProviderService, EndpointSecurityMode } from '@node-c/core';
-import { AuthorizationPoint, IAMAuthorizationService, UserWithPermissionsData } from '@node-c/domain-iam';
-
-import { setNested } from '@ramster/general-tools';
-import { Observable } from 'rxjs';
-
-import { Constants, RequestWithLocals } from '../common/definitions';
-
-@Injectable()
-export class HTTPAuthorizationInterceptor<User extends UserWithPermissionsData<unknown, unknown>>
-  implements NestInterceptor
-{
-  constructor(
-    @Inject(Constants.API_MODULE_AUTHORIZATION_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected authorizationService: IAMAuthorizationService<AuthorizationPoint<unknown>>,
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string
-  ) {}
-
-  async intercept(context: ExecutionContext, next: CallHandler): Promise<Observable<unknown>> {
-    const [req]: [RequestWithLocals<User>, unknown] = context.getArgs();
-    const locals = req.locals!;
-    if (!locals) {
-      throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-    } else if (locals.isAnonymous) {
-      return next.handle();
-    }
-    const { moduleName } = this;
-    const controllerName = context.getClass().name;
-    const handlerName = context.getHandler().name;
-    // TODO: cache this in-memory
-    const authorizationData = await this.authorizationService.mapAuthorizationPoints(moduleName);
-    let controllerData = authorizationData![controllerName];
-    if (!controllerData) {
-      controllerData = authorizationData.__all;
-    }
-    const user = locals.user!; // we'll always have this, otherwise the system has not been configured properly
-    let handlerData = controllerData[handlerName];
-    if (!handlerData) {
-      handlerData = controllerData.__all;
-      if (!Object.keys(handlerData).length) {
-        const { endpointSecurityMode } = this.configProvider.config.api[moduleName];
-        if (!endpointSecurityMode || endpointSecurityMode === EndpointSecurityMode.Strict) {
-          console.info(
-            `[${moduleName}][HTTPAuthorizationInterceptor]: No authorization point data for handler ${controllerName}.${handlerName}.`
-          );
-          throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-        }
-        return next.handle();
-      }
-    }
-    const { hasAccess, inputDataToBeMutated } = IAMAuthorizationService.checkAccess(
-      handlerData,
-      { body: req.body, headers: req.headers, params: req.params, query: req.query },
-      user
-    );
-    if (!hasAccess) {
-      console.info(
-        `[${moduleName}][HTTPAuthorizationInterceptor]: No user access to handler ${controllerName}.${handlerName}.`
-      );
-      throw new HttpException('Forbidden', HttpStatus.FORBIDDEN);
-    }
-    for (const key in inputDataToBeMutated) {
-      setNested(req, key, inputDataToBeMutated[key]);
-    }
-    return next.handle();
-  }
-}

package/src/middlewares/http.middlewares.authentication.ts

@@ -1,111 +0,0 @@
-import { HttpException, HttpStatus, Inject, Injectable, NestMiddleware } from '@nestjs/common';
-
-import { AppConfigAPIHTTP, ConfigProviderService } from '@node-c/core';
-import { DecodedTokenContent, IAMTokenManagerService, IAMUsersService, UserTokenEnityFields } from '@node-c/domain-iam';
-
-import { checkRoutes } from '@ramster/general-tools';
-
-import { NextFunction, Response } from 'express';
-
-import { Constants, RequestWithLocals } from '../common/definitions';
-
-@Injectable()
-export class HTTPAuthenticationMiddleware<User extends object> implements NestMiddleware {
-  constructor(
-    // eslint-disable-next-line no-unused-vars
-    protected configProvider: ConfigProviderService,
-    @Inject(Constants.API_MODULE_NAME)
-    // eslint-disable-next-line no-unused-vars
-    protected moduleName: string,
-    @Inject(Constants.AUTHENTICATION_MIDDLEWARE_TOKEN_MANAGER_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected tokenManager: IAMTokenManagerService<UserTokenEnityFields>,
-    @Inject(Constants.AUTHENTICATION_MIDDLEWARE_USERS_SERVICE)
-    // eslint-disable-next-line no-unused-vars
-    protected usersService: IAMUsersService<User>
-  ) {}
-
-  use(req: RequestWithLocals<unknown>, res: Response, next: NextFunction): void {
-    (async () => {
-      const { anonymousAccessRoutes } = this.configProvider.config.api![this.moduleName] as AppConfigAPIHTTP;
-      if (!req.locals) {
-        req.locals = {};
-      }
-      if (anonymousAccessRoutes && Object.keys(anonymousAccessRoutes).length) {
-        const originalUrl = req.originalUrl.split('?')[0];
-        let isAnonymous = false;
-        for (const route in anonymousAccessRoutes) {
-          if (
-            checkRoutes(originalUrl, [route]) &&
-            anonymousAccessRoutes[route].find(method => method === req.method.toLowerCase())
-          ) {
-            isAnonymous = true;
-            break;
-          }
-        }
-        if (isAnonymous) {
-          req.locals.isAnonymous = true;
-          next();
-          return;
-        }
-      }
-      const { tokenManager, usersService } = this;
-      let tokens: string[] = [];
-      let authToken = req.headers.authorization;
-      let authTokenIsNew = false;
-      let refreshToken: string | undefined;
-      let tokenContent: DecodedTokenContent<UserTokenEnityFields> | undefined;
-      let useCookie = false;
-      if (typeof authToken === 'string' && authToken.length && authToken.match(/^Bearer\s/)) {
-        tokens = authToken.split(' ');
-        if (tokens.length) {
-          authToken = tokens[1];
-          refreshToken = tokens[2];
-        }
-      } else {
-        authToken = req.cookies['sid'];
-        useCookie = true;
-      }
-      if (!authToken) {
-        console.error('Missing auth token.');
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      try {
-        const tokenRes = await tokenManager.verifyAccessToken(authToken, {
-          deleteFromStoreIfExpired: true,
-          identifierDataField: 'userId',
-          persistNewToken: true,
-          purgeStoreOnRenew: true,
-          refreshToken,
-          refreshTokenAccessTokenIdentifierDataField: 'accessToken'
-        });
-        tokenContent = tokenRes.content!;
-        if (tokenRes.newToken) {
-          authTokenIsNew = true;
-        }
-      } catch (e) {
-        console.error('Failed to parse the access or refresh token:', e);
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      if (authTokenIsNew) {
-        res.setHeader('Authorization', `Bearer ${authToken}${refreshToken ? ` ${refreshToken}` : ''}`);
-        if (useCookie) {
-          res.cookie('sid', authToken);
-        }
-      }
-      const userId = tokenContent?.data?.userId;
-      if (!userId) {
-        console.error('Missing userId in the tokenContent data.');
-        throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
-      }
-      req.locals!.user = await usersService.getUserWithPermissionsData({ filters: { id: userId } });
-      next();
-    })().then(
-      () => true,
-      err => {
-        console.error(err);
-        res.status((err && err.status) || HttpStatus.INTERNAL_SERVER_ERROR).end();
-      }
-    );
-  }
-}