@noony-serverless/core 0.3.3 → 0.4.0

package/build/middlewares/openTelemetryMiddleware.js

@@ -0,0 +1,359 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.openTelemetry = exports.OpenTelemetryMiddleware = void 0;
+const providers_1 = require("../core/telemetry/providers");
+const pubsub_trace_utils_1 = require("../utils/pubsub-trace.utils");
+/**
+ * OpenTelemetry Middleware
+ *
+ * Provides distributed tracing and metrics collection with:
+ * - Auto-detection of telemetry provider from environment
+ * - Graceful degradation when configuration is missing
+ * - Zero-configuration local development support
+ * - Type-safe generics to preserve middleware chain
+ *
+ * Provider Auto-Detection Priority:
+ * 1. Explicit provider via options.provider
+ * 2. New Relic (if NEW_RELIC_LICENSE_KEY set)
+ * 3. Datadog (if DD_API_KEY or DD_SERVICE set)
+ * 4. Standard OTEL (if OTEL_EXPORTER_OTLP_ENDPOINT set)
+ * 5. Console (if NODE_ENV=development and no OTEL endpoint)
+ * 6. Noop (if NODE_ENV=test or no configuration)
+ *
+ * @template TBody - Request body type
+ * @template TUser - Authenticated user type
+ *
+ * @example
+ * // Zero configuration (auto-detects provider)
+ * const handler = new Handler()
+ *   .use(new OpenTelemetryMiddleware())
+ *   .handle(async (context) => {
+ *     // Your business logic
+ *   });
+ *
+ * @example
+ * // With custom filtering
+ * const handler = new Handler()
+ *   .use(new OpenTelemetryMiddleware({
+ *     shouldTrace: (context) => context.req.path !== '/health'
+ *   }))
+ *   .handle(async (context) => {
+ *     // Your business logic
+ *   });
+ */
+class OpenTelemetryMiddleware {
+    provider;
+    enabled;
+    failSilently;
+    propagatePubSubTraces;
+    extractAttributes;
+    shouldTrace;
+    customErrorHandler;
+    initialized = false;
+    constructor(options = {}) {
+        this.enabled = options.enabled ?? process.env.NODE_ENV !== 'test';
+        this.failSilently = options.failSilently ?? true;
+        this.propagatePubSubTraces = options.propagatePubSubTraces ?? true;
+        this.extractAttributes =
+            options.extractAttributes || this.defaultExtractAttributes;
+        this.shouldTrace = options.shouldTrace || (() => true);
+        this.customErrorHandler = options.onError || this.defaultOnError;
+        // Use NoopProvider if disabled
+        if (!this.enabled) {
+            this.provider = new providers_1.NoopProvider();
+            return;
+        }
+        // Use provided provider or auto-detect
+        this.provider = options.provider || this.autoDetectProvider();
+    }
+    /**
+     * Auto-detect telemetry provider based on environment
+     */
+    autoDetectProvider() {
+        // Priority 1: New Relic (check for license key and package)
+        if (process.env.NEW_RELIC_LICENSE_KEY) {
+            try {
+                require.resolve('newrelic');
+                console.log('[Telemetry] Detected New Relic configuration');
+                // Note: NewRelicProvider would be imported here when implemented
+                // const { NewRelicProvider } = require('../core/telemetry/providers/newrelic-provider');
+                // return new NewRelicProvider();
+            }
+            catch {
+                console.warn('[Telemetry] NEW_RELIC_LICENSE_KEY set but newrelic package not installed');
+            }
+        }
+        // Priority 2: Datadog (check for API key or service name and package)
+        if (process.env.DD_API_KEY || process.env.DD_SERVICE) {
+            try {
+                require.resolve('dd-trace');
+                console.log('[Telemetry] Detected Datadog configuration');
+                // Note: DatadogProvider would be imported here when implemented
+                // const { DatadogProvider } = require('../core/telemetry/providers/datadog-provider');
+                // return new DatadogProvider();
+            }
+            catch {
+                console.warn('[Telemetry] Datadog config detected but dd-trace package not installed');
+            }
+        }
+        // Priority 3: Standard OTEL (check for OTLP endpoint)
+        if (process.env.OTEL_EXPORTER_OTLP_ENDPOINT) {
+            console.log('[Telemetry] Using standard OpenTelemetry provider');
+            return new providers_1.OpenTelemetryProvider();
+        }
+        // Priority 4: Console (development mode without OTEL endpoint)
+        if (process.env.NODE_ENV === 'development' &&
+            !process.env.OTEL_EXPORTER_OTLP_ENDPOINT) {
+            console.log('[Telemetry] Using console provider for local development');
+            return new providers_1.ConsoleProvider();
+        }
+        // Priority 5: Noop (no configuration found)
+        console.log('[Telemetry] No telemetry configuration detected, using Noop provider');
+        return new providers_1.NoopProvider();
+    }
+    /**
+     * Initialize provider with configuration
+     *
+     * This should be called once at application startup.
+     * If not called explicitly, it will be initialized on first request.
+     *
+     * @param config Telemetry configuration
+     */
+    async initialize(config) {
+        if (this.initialized)
+            return;
+        if (!this.enabled) {
+            this.initialized = true;
+            return;
+        }
+        try {
+            // Validate provider before initialization
+            const validation = await this.provider.validate();
+            if (!validation.valid) {
+                console.warn(`[Telemetry] Provider '${this.provider.name}' validation failed: ${validation.reason}`);
+                console.warn('[Telemetry] Falling back to Noop provider');
+                this.provider = new providers_1.NoopProvider();
+                this.initialized = true;
+                return;
+            }
+            // Initialize provider
+            await this.provider.initialize(config);
+            // Check if provider is ready
+            if (!this.provider.isReady()) {
+                console.warn(`[Telemetry] Provider '${this.provider.name}' initialization failed, falling back to Noop`);
+                this.provider = new providers_1.NoopProvider();
+            }
+            else {
+                console.log(`[Telemetry] Provider '${this.provider.name}' initialized successfully`);
+            }
+            this.initialized = true;
+        }
+        catch (error) {
+            console.error('[Telemetry] Failed to initialize provider:', error);
+            this.provider = new providers_1.NoopProvider();
+            this.initialized = true;
+        }
+    }
+    /**
+     * Before hook - Create span and store in context
+     *
+     * If propagatePubSubTraces is enabled and the request is a Pub/Sub message:
+     * 1. Extracts W3C Trace Context from message attributes
+     * 2. Creates a child span linked to the publisher's trace
+     * 3. Enables end-to-end distributed tracing across Pub/Sub
+     */
+    async before(context) {
+        if (!this.enabled)
+            return;
+        // Auto-initialize with minimal config if not initialized
+        if (!this.initialized) {
+            await this.initialize({
+                serviceName: process.env.SERVICE_NAME || 'noony-service',
+                serviceVersion: process.env.SERVICE_VERSION || '1.0.0',
+                environment: process.env.NODE_ENV || 'production',
+            });
+        }
+        // Check if should trace
+        if (!this.shouldTrace(context)) {
+            return;
+        }
+        try {
+            // Extract trace context from Pub/Sub message if enabled
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            let parentContext = undefined;
+            if (this.propagatePubSubTraces && (0, pubsub_trace_utils_1.isPubSubMessage)(context.req.body)) {
+                const traceContext = (0, pubsub_trace_utils_1.extractTraceContext)(context.req.body);
+                if (traceContext.traceparent) {
+                    // Store trace context for span creation
+                    const carrier = (0, pubsub_trace_utils_1.createParentContext)(traceContext);
+                    // Try to extract parent context using OpenTelemetry API
+                    try {
+                        // eslint-disable-next-line @typescript-eslint/no-var-requires
+                        const otelApi = require('@opentelemetry/api');
+                        const { propagation, context: otelContext } = otelApi;
+                        // Extract parent context from carrier
+                        parentContext = propagation.extract(otelContext.active(), carrier);
+                        console.log('[Telemetry] Extracted Pub/Sub trace context:', {
+                            traceparent: traceContext.traceparent,
+                            tracestate: traceContext.tracestate,
+                        });
+                    }
+                    catch (err) {
+                        // OpenTelemetry API not available, continue without parent context
+                        console.warn('[Telemetry] Failed to extract Pub/Sub trace context:', err);
+                    }
+                }
+            }
+            // Create span (with parent context if available)
+            const span = this.provider.createSpan(context);
+            if (!span)
+                return;
+            // If we have a parent context from Pub/Sub, link the span
+            if (parentContext) {
+                span.setAttributes({
+                    'messaging.system': 'pubsub',
+                    'messaging.operation': 'process',
+                    'pubsub.message_id': 
+                    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                    context.req.body?.message?.messageId || 'unknown',
+                });
+            }
+            // Add custom attributes
+            const customAttributes = this.extractAttributes(context);
+            span.setAttributes(customAttributes);
+            // Store span and provider name in businessData
+            context.businessData.set('otel_span', span);
+            context.businessData.set('otel_provider', this.provider.name);
+        }
+        catch (error) {
+            if (!this.failSilently)
+                throw error;
+            console.error('[Telemetry] Error in before hook:', error);
+        }
+    }
+    /**
+     * After hook - End span with success status and add X-Trace-Id header
+     */
+    async after(context) {
+        if (!this.enabled)
+            return;
+        try {
+            const span = context.businessData.get('otel_span');
+            if (span) {
+                // Add response attributes
+                span.setAttributes({
+                    'http.status_code': context.res.statusCode || 200,
+                    'request.duration_ms': Date.now() - context.startTime,
+                });
+                // Add X-Trace-Id header with clean trace ID
+                try {
+                    // eslint-disable-next-line @typescript-eslint/no-var-requires
+                    const otelApi = require('@opentelemetry/api');
+                    const { context: otelContext, trace } = otelApi;
+                    // Get span from active context
+                    const activeContext = otelContext.active();
+                    const activeSpan = trace.getSpan(activeContext);
+                    if (activeSpan) {
+                        const spanContext = activeSpan.spanContext();
+                        if (spanContext.traceId) {
+                            // Add custom header with clean trace ID (32 hex chars)
+                            context.res.header('X-Trace-Id', spanContext.traceId);
+                        }
+                    }
+                }
+                catch (headerError) {
+                    // Non-critical error - don't fail the request
+                    console.warn('[Telemetry] Failed to add X-Trace-Id header:', headerError);
+                }
+                // Set success status (code 0 = OK in OTEL)
+                span.setStatus({ code: 0 });
+                // End span
+                span.end();
+            }
+        }
+        catch (error) {
+            if (!this.failSilently)
+                throw error;
+            console.error('[Telemetry] Error in after hook:', error);
+        }
+    }
+    /**
+     * Error hook - Record exception and end span
+     */
+    async onError(error, context) {
+        if (!this.enabled)
+            return;
+        try {
+            const span = context.businessData.get('otel_span');
+            if (span) {
+                // Record exception
+                span.recordException(error);
+                // Set error status (code 1 = ERROR in OTEL, code 2 = ERROR in some systems)
+                span.setStatus({
+                    code: 1,
+                    message: error.message,
+                });
+                // End span
+                span.end();
+            }
+            // Call custom error handler
+            this.customErrorHandler(error, context);
+        }
+        catch (err) {
+            if (!this.failSilently)
+                throw err;
+            console.error('[Telemetry] Error in onError hook:', err);
+        }
+    }
+    /**
+     * Default attribute extractor
+     */
+    defaultExtractAttributes(context) {
+        return {
+            'http.method': context.req.method,
+            'http.url': context.req.url || context.req.path,
+            'http.target': context.req.path || '/',
+            'request.id': context.requestId,
+            'http.user_agent': context.req.headers?.['user-agent'] || '',
+        };
+    }
+    /**
+     * Default error handler
+     */
+    defaultOnError(error, _context) {
+        console.error('[Telemetry] Request error:', {
+            name: error.name,
+            message: error.message,
+        });
+    }
+    /**
+     * Get current provider (useful for testing)
+     */
+    getProvider() {
+        return this.provider;
+    }
+    /**
+     * Shutdown telemetry provider
+     *
+     * Should be called during application shutdown to flush pending data.
+     */
+    async shutdown() {
+        if (this.provider) {
+            await this.provider.shutdown();
+        }
+    }
+}
+exports.OpenTelemetryMiddleware = OpenTelemetryMiddleware;
+/**
+ * Factory function for OpenTelemetry middleware
+ *
+ * @example
+ * const handler = new Handler()
+ *   .use(openTelemetry({ shouldTrace: ctx => ctx.req.path !== '/health' }))
+ *   .handle(async (context) => { });
+ */
+const openTelemetry = (options = {}) => {
+    return new OpenTelemetryMiddleware(options);
+};
+exports.openTelemetry = openTelemetry;
+//# sourceMappingURL=openTelemetryMiddleware.js.map

package/build/middlewares/rateLimitingMiddleware.d.ts

@@ -14,7 +14,7 @@ export interface RateLimitOptions {
      * Function to generate rate limiting key
      * @default Uses IP address
      */
-    keyGenerator?: (context: Context) => string;
+    keyGenerator?: <TBody, TUser>(context: Context<TBody, TUser>) => string;
     /**
      * Custom error message
      * @default 'Too many requests, please try again later'
@@ -28,7 +28,7 @@ export interface RateLimitOptions {
     /**
      * Skip rate limiting for certain requests
      */
-    skip?: (context: Context) => boolean;
+    skip?: <TBody, TUser>(context: Context<TBody, TUser>) => boolean;
     /**
      * Headers to include in response
      */
@@ -40,7 +40,7 @@ export interface RateLimitOptions {
         [key: string]: {
             maxRequests: number;
             windowMs: number;
-            matcher: (context: Context) => boolean;
+            matcher: <TBody, TUser>(context: Context<TBody, TUser>) => boolean;
         };
     };
     /**
@@ -120,7 +120,9 @@ declare class MemoryStore implements RateLimitStore {
  * - Implement multiple protection layers within middleware
  * - Critical for security in simple deployments
  *
- * @implements {BaseMiddleware}
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
+ * @implements {BaseMiddleware<TBody, TUser>}
  *
  * @example
  * Basic API rate limiting:
@@ -274,11 +276,11 @@ declare class MemoryStore implements RateLimitStore {
  *   });
  * ```
  */
-export declare class RateLimitingMiddleware implements BaseMiddleware {
+export declare class RateLimitingMiddleware<TBody = unknown, TUser = unknown> implements BaseMiddleware<TBody, TUser> {
     private store;
     private options;
     constructor(options?: RateLimitOptions);
-    before(context: Context): Promise<void>;
+    before(context: Context<TBody, TUser>): Promise<void>;
 }
 /**
  * Factory function that creates a rate limiting middleware.

package/build/middlewares/rateLimitingMiddleware.js

@@ -138,7 +138,9 @@ const getRateLimit = (context, options) => {
  * - Implement multiple protection layers within middleware
  * - Critical for security in simple deployments
  *
- * @implements {BaseMiddleware}
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
+ * @implements {BaseMiddleware<TBody, TUser>}
  *
  * @example
  * Basic API rate limiting:
@@ -616,6 +618,7 @@ exports.RateLimitPresets = {
         keyGenerator: (context) => {
             // Rate limit per IP + email combination for better security
             const ip = context.req.ip || 'unknown';
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
             const email = context.req.parsedBody?.email;
             return email ? `auth:${email}:${ip}` : `auth:${ip}`;
         },
@@ -668,28 +671,38 @@ exports.RateLimitPresets = {
             free: {
                 maxRequests: 100,
                 windowMs: 60000,
-                matcher: (context) => !context.user || context.user?.plan === 'free',
+                matcher: (context) => 
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                !context.user || context.user?.plan === 'free',
             },
             premium: {
                 maxRequests: 1000,
                 windowMs: 60000,
-                matcher: (context) => context.user?.plan === 'premium',
+                matcher: (context) => 
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                context.user?.plan === 'premium',
             },
             enterprise: {
                 maxRequests: 5000,
                 windowMs: 60000,
-                matcher: (context) => context.user?.plan === 'enterprise',
+                matcher: (context) => 
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                context.user?.plan === 'enterprise',
             },
             admin: {
                 maxRequests: 10000,
                 windowMs: 60000,
-                matcher: (context) => context.user?.role === 'admin',
+                matcher: (context) => 
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                context.user?.role === 'admin',
             },
         },
         keyGenerator: (context) => {
             // Use user ID for authenticated, IP for anonymous
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
             return context.user?.id
-                ? `user:${context.user.id}`
+                ? // eslint-disable-next-line @typescript-eslint/no-explicit-any
+                    `user:${context.user.id}`
                 : `ip:${context.req.ip}`;
         },
     },

package/build/middlewares/securityAuditMiddleware.d.ts

@@ -72,12 +72,15 @@ declare const securityEventTracker: SecurityEventTracker;
 /**
  * Security Audit Middleware
  * Provides comprehensive security event logging and monitoring
+ *
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
  */
-export declare class SecurityAuditMiddleware implements BaseMiddleware {
+export declare class SecurityAuditMiddleware<TBody = unknown, TUser = unknown> implements BaseMiddleware<TBody, TUser> {
     private options;
     constructor(options?: SecurityAuditOptions);
-    before(context: Context): Promise<void>;
-    after(context: Context): Promise<void>;
+    before(context: Context<TBody, TUser>): Promise<void>;
+    after(context: Context<TBody, TUser>): Promise<void>;
     onError(error: Error, context: Context): Promise<void>;
     private logSecurityEvent;
     private sanitizeHeaders;

package/build/middlewares/securityAuditMiddleware.js

@@ -156,6 +156,9 @@ const extractClientInfo = (context) => ({
 /**
  * Security Audit Middleware
  * Provides comprehensive security event logging and monitoring
+ *
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
  */
 class SecurityAuditMiddleware {
     options;

package/build/middlewares/securityHeadersMiddleware.d.ts

@@ -75,11 +75,14 @@ export interface SecurityHeadersOptions {
 /**
  * Security Headers Middleware
  * Implements comprehensive security headers following OWASP recommendations
+ *
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
  */
-export declare class SecurityHeadersMiddleware implements BaseMiddleware {
+export declare class SecurityHeadersMiddleware<TBody = unknown, TUser = unknown> implements BaseMiddleware<TBody, TUser> {
     private options;
     constructor(options?: SecurityHeadersOptions);
-    before(context: Context): Promise<void>;
+    before(context: Context<TBody, TUser>): Promise<void>;
 }
 /**
  * Security Headers Middleware Factory

package/build/middlewares/securityHeadersMiddleware.js

@@ -40,6 +40,9 @@ const isOriginAllowed = (origin, allowedOrigins) => {
 /**
  * Security Headers Middleware
  * Implements comprehensive security headers following OWASP recommendations
+ *
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
  */
 class SecurityHeadersMiddleware {
     options;

package/build/middlewares/validationMiddleware.d.ts

@@ -4,7 +4,9 @@ import { z } from 'zod';
  * Middleware class that validates request data (body or query parameters) using Zod schemas.
  * Automatically detects GET requests and validates query parameters, or validates body for other methods.
  *
- * @implements {BaseMiddleware}
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
+ * @implements {BaseMiddleware<TBody, TUser>}
  *
  * @example
  * User registration validation:
@@ -76,15 +78,17 @@ import { z } from 'zod';
  *   });
  * ```
  */
-export declare class ValidationMiddleware implements BaseMiddleware {
+export declare class ValidationMiddleware<TBody = unknown, TUser = unknown> implements BaseMiddleware<TBody, TUser> {
     private readonly schema;
     constructor(schema: z.ZodSchema);
-    before(context: Context): Promise<void>;
+    before(context: Context<TBody, TUser>): Promise<void>;
 }
 /**
  * Factory function that creates a validation middleware using Zod schema.
  * Automatically validates request body for non-GET requests or query parameters for GET requests.
  *
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
  * @param schema - Zod schema to validate against
  * @returns BaseMiddleware object with validation logic
  *
@@ -150,5 +154,5 @@ export declare class ValidationMiddleware implements BaseMiddleware {
  *   });
  * ```
  */
-export declare const validationMiddleware: (schema: z.ZodSchema) => BaseMiddleware;
+export declare const validationMiddleware: <TBody = unknown, TUser = unknown>(schema: z.ZodSchema) => BaseMiddleware<TBody, TUser>;
 //# sourceMappingURL=validationMiddleware.d.ts.map

package/build/middlewares/validationMiddleware.js

@@ -25,7 +25,9 @@ const validate = async (schema, context) => {
  * Middleware class that validates request data (body or query parameters) using Zod schemas.
  * Automatically detects GET requests and validates query parameters, or validates body for other methods.
  *
- * @implements {BaseMiddleware}
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
+ * @implements {BaseMiddleware<TBody, TUser>}
  *
  * @example
  * User registration validation:
@@ -111,6 +113,8 @@ exports.ValidationMiddleware = ValidationMiddleware;
  * Factory function that creates a validation middleware using Zod schema.
  * Automatically validates request body for non-GET requests or query parameters for GET requests.
  *
+ * @template TBody - The type of the request body payload (preserves type chain)
+ * @template TUser - The type of the authenticated user (preserves type chain)
  * @param schema - Zod schema to validate against
  * @returns BaseMiddleware object with validation logic
  *

package/build/utils/container.utils.js

@@ -39,10 +39,13 @@ exports.getService = getService;
  * }
  * ```
  */
-function getService(context, serviceIdentifier) {
+function getService(context, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+serviceIdentifier) {
     if (!context.container) {
         throw new Error('Container not initialized. Did you forget to add DependencyInjectionMiddleware?');
     }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
     return context.container.get(serviceIdentifier);
 }
 //# sourceMappingURL=container.utils.js.map