@nsshunt/stsdatamanagement 1.10.4 → 1.11.1

package/blcauth.js

@@ -1,5 +1,6 @@
 const { status: { status } } = require('@nsshunt/stsutils');
 const bcrypt = require('bcryptjs');
+const { STSResourceNotFoundError, STSDatabaseAccessError, STSResourceMalformedError } = require('./dberrors');
 
 class BLCAuth
 {
@@ -24,32 +25,35 @@ class BLCAuth
 		try 
 		{
 			let userid = BLCAuth.USER_ID_PREFIX + email;
-			let existingUser = await this.#accessLayer.getLatestResource(userid);
-			if (existingUser.status === 200) {
-				return { status: status.conflict, error: 'User already exists.', detail: { message: 'User already exists.' }};
-			}
-			
-			const hashedPassword = await bcrypt.hash(password, saltRounds);
-
-			let user = {
-				id: userid
-				,name: name
-				,email: email
-				,hash: hashedPassword
-				,roles: roles
-			};
-
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, user.id, user);
-
-			let payload = 
-			{
-				id: userid
-				,name: name
-				,email: email
-				,roles: roles
-			}
+			if (this.#ResourceExists('User', userid)) {
+				return { 
+					status: status.conflict, 
+					error: 'User already exists.', 
+					detail: { message: `User already exists: [${userid}]` }
+				};
+			} else {
+				const hashedPassword = await bcrypt.hash(password, saltRounds);
+
+				let user = {
+					id: userid
+					,name: name
+					,email: email
+					,hash: hashedPassword
+					,roles: roles
+				};
 
-			return { status: status.success, detail: payload };
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, user.id, user);
+
+				let payload = 
+				{
+					id: userid
+					,name: name
+					,email: email
+					,roles: roles
+				}
+
+				return { status: status.success, detail: payload };
+			}
 		} catch (error)
 		{
 			console.error(error);
@@ -63,20 +67,23 @@ class BLCAuth
 		{
 			const { name, permissions } = rolePermissions;
 			let roleId = BLCAuth.ROLE_ID_PREFIX + name;
-			let existingRole = await this.#accessLayer.getLatestResource(roleId);
-			if (existingRole.status === 200) {
-				return { status: status.conflict, error: 'Role already exists.', detail: { message: 'Role already exists.' }};
-			}
-
-			let roleResource = {
-				id: roleId,
-				name: name,
-				permissions: permissions
-			}
+			if (this.#ResourceExists('Role', roleId)) {
+				return { 
+					status: status.conflict, 
+					error: 'Role already exists.', 
+					detail: { message: `Role already exists: [${roleId}]` }
+				};
+			} else {
+				let roleResource = {
+					id: roleId,
+					name: name,
+					permissions: permissions
+				}
 
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, roleId, roleResource);
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, roleId, roleResource);
 
-			return { status: status.success, detail: roleResource };
+				return { status: status.success, detail: roleResource };
+			}
 		} catch (error)
 		{
 			console.error(error);
@@ -84,28 +91,65 @@ class BLCAuth
 		}
 	}
 
+	async #GetResource(resource, resourceId) {
+		let resourceRaw = null;
+		try {
+			resourceRaw = await this.#accessLayer.getLatestResource(resourceId);
+		} catch (error) {
+			throw new STSDatabaseAccessError(resource, resourceId, error);
+		}
+		if (resourceRaw.status !== 200) {
+			throw new STSResourceNotFoundError(resource, resourceId);
+		}
+		try {
+			let resource = JSON.parse(resourceRaw.detail.resdesc);
+			return { status: status.success, detail: resource };
+		} catch (error) {
+			throw new STSResourceMalformedError(resource, resourceId, resourceRaw.detail.resdesc, error);
+		}
+	}
+
+	async #ResourceExists(resource, resourceId) {
+		try {
+			this.#GetResource(resource, resourceId);
+			return true;
+		} catch (error) {
+			if (error instanceof STSResourceNotFoundError) {
+				return false;
+			} else {
+				throw error;
+			}
+		}
+	}
+
+	async GetUser(email) {
+		return this.#GetResource('User', BLCAuth.USER_ID_PREFIX + email);
+	}
+
+	async GetRole(role) {
+		return this.#GetResource('Role', BLCAuth.ROLE_ID_PREFIX + role);
+	}
+
+	async GetApplication(application) {
+		return this.#GetResource('Application', BLCAuth.APPLICATION_ID_PREFIX + application);
+	}
+
+	async GetAPI(identifier) {
+		return this.#GetResource('API', BLCAuth.API_ID_PREFIX + identifier);
+	}
+
 	async GetUserPermissions(email)
 	{
 		try 
 		{
-			let userid = BLCAuth.USER_ID_PREFIX + email;
-			let existingUser = await this.#accessLayer.getLatestResource(userid);
-			if (existingUser.status !== 200) {
-				return { status: status.notfound, error: 'User not found.', detail: { message: 'User not found.' }};
-			}
-
-			let userResource = JSON.parse(existingUser.detail.resdesc);
-
+			let userResourceRaw = await this.GetUser(email);
+			let userResource = userResourceRaw.detail;
 			let permissions = [ ];
 
 			for (let i=0; i < userResource.roles.length; i++) {
 				let role = userResource.roles[i];
-				let roleId = BLCAuth.ROLE_ID_PREFIX + role;
-				let existingRole = await this.#accessLayer.getLatestResource(roleId);
-				if (existingRole.status !== 200) {
-					return { status: status.notfound, error: 'Role not found.', detail: { message: 'Role not found.' }};
-				}
-				let roleResource = JSON.parse(existingRole.detail.resdesc);
+				let roleResourceRaw = await this.GetRole(role);
+				let roleResource = roleResourceRaw.detail;
 				for (let j=0; j < roleResource.permissions.length; j++) {
 					let permission = roleResource.permissions[j];
 					if (!permissions.includes(permission)) {
@@ -128,23 +172,25 @@ class BLCAuth
 		{
 			const { clientId } = application;
 			let applicationId = BLCAuth.APPLICATION_ID_PREFIX + clientId;
-			let existingApplication = await this.#accessLayer.getLatestResource(applicationId);
-			if (existingApplication.status === 200) {
-				return { status: status.conflict, error: 'Application already exists.', detail: { message: `Application already exists: [${applicationId}]` }};
-			}
-
-			let payload = 
-			{
-				applicationId: applicationId,
-				...application
+			if (this.#ResourceExists('Application', applicationId)) {
+				return { 
+					status: status.conflict, 
+					error: 'Application already exists.', 
+					detail: { message: `Application already exists: [${applicationId}]` }
+				};
+			} else {
+				let payload = {
+					applicationId,
+					...application
+				}
+	
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, applicationId, payload);
+	
+				// Client Secret is not returned. Seperate function used to display this field.
+				delete payload.clientSecret;
+	
+				return { status: status.success, detail: payload };
 			}
-
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, applicationId, payload);
-
-			// Client Secret is not returned. Seperate function used to display this field.
-			delete payload.clientSecret;
-
-			return { status: status.success, detail: payload };
 		} catch (error)
 		{
 			console.error(error);
@@ -152,47 +198,72 @@ class BLCAuth
 		}
 	}
 
+	#ValidateApplication = async (apiPermissions, app) => {
+		const { clientId, clientName, permissions } = app;
+
+		let applicationResource = null;
+		try {
+			applicationResource = await this.GetApplication(clientId)
+		} catch (error) {
+			return { status: status.notfound , error: 'Cannot find client application.', detail: { message: error.message }};
+		}
+		if (applicationResource.clientName.localeCompare(clientName) !== 0) {
+			return { status: status.error, error: 'clientName mismatch.', detail: { message: `clientName mismatch: Value: [${clientName}], Expecting: [${applicationResource.clientName}]` }};
+		}
+		for (let j=0; j < permissions.length; j++) {
+			const permission = permissions[j];
+			if (!apiPermissions.includes(permission)) {
+				return { status: status.error, error: 'M2M permission not found within API available permission list.', detail: { message: `Permission not found within API available permission list: [${permission}]` }};
+			}
+		}
+		return null;
+	}
+
 	async AddAPI(api)
 	{
 		try 
 		{
-			const { M2MApplications, permissions, identifier } = api;
+			const { M2MApplications, apiPermissions, identifier, SPA } = api;
 			let APIidentifier = BLCAuth.API_ID_PREFIX + identifier;
-			let existingAPI = await this.#accessLayer.getLatestResource(APIidentifier);
-			if (existingAPI.status === 200) {
-				return { status: status.conflict, error: 'API already exists.', detail: { message: `API already exists: [${APIidentifier}]` }};
-			}
 
-			// Validate M2MApplications
-			for (let i=0; i < M2MApplications.length; i++) {
-				const m2mapplication = M2MApplications[i];
-				let appid = BLCAuth.APPLICATION_ID_PREFIX + m2mapplication.clientId;
-				let retVal = await this.#accessLayer.getLatestResource(appid);
-				if (retVal.status !== 200) {
-					return { status: status.notfound , error: 'Cannot find client application.', detail: { message: `Cannot find client application: [${appid}].` }};
-				}
-				let applicationResource = JSON.parse(retVal.detail.resdesc);
-				if (applicationResource.clientName.localeCompare(m2mapplication.clientName) !== 0) {
-					return { status: status.error, error: 'clientName mismatch.', detail: { message: `clientName mismatch: Value: [${m2mapplication.clientName}], Expecting: [${applicationResource.clientName}]` }};
+			if (this.#ResourceExists('API', APIidentifier)) {
+				return { 
+					status: status.conflict, 
+					error: 'API already exists.', 
+					detail: { message: `API already exists: [${APIidentifier}]` }
+				};
+			} else {
+				// Validate M2MApplications
+				if (M2MApplications) {
+					for (let i=0; i < M2MApplications.length; i++) {
+						let retVal = await this.#ValidateApplication(apiPermissions, M2MApplications[i]);
+						if (retVal !== null) {
+							return retVal;
+						}
+					}
 				}
-				for (let j=0; j < m2mapplication.permissions.length; j++) {
-					const permission = m2mapplication.permissions[j];
-					if (!permissions.includes(permission)) {
-						return { status: status.error, error: 'M2M permission not found within API available permission list.', detail: { message: `M2M permission not found within API available permission list: [${permission}]` }};
+
+				// Validate SPA
+				if (SPA) {
+					for (let i=0; i < SPA.length; i++) {
+						let retVal = await this.#ValidateApplication(apiPermissions, SPA[i]);
+						if (retVal !== null) {
+							return retVal;
+						}
 					}
 				}
-			}
-	
-			// Client Secret is not returned. Seperate function used to display this field.
-			let payload = 
-			{
-				APIidentifier: APIidentifier,
-				...api
-			}
+				
+				// Client Secret is not returned. Separate function used to display this field.
+				let payload = 
+				{
+					APIidentifier,
+					...api
+				}
 
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, APIidentifier, payload);
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, APIidentifier, payload);
 
-			return { status: status.success, detail: payload };
+				return { status: status.success, detail: payload };
+			}
 		} catch (error)
 		{
 			console.error(error);
@@ -200,23 +271,23 @@ class BLCAuth
 		}
 	}
 
-	async GetApplication(clientId) {
-		let clientIdentifier = BLCAuth.APPLICATION_ID_PREFIX + clientId;
-		let application = await this.#accessLayer.getLatestResource(clientIdentifier);
-		if (application.status !== 200) {
-			return { status: status.notfound, error: 'Application not found.', detail: { message: `Application not found: [${clientId}]` }};
-		}
-		return application;
+	/*
+	// Get all the scopes (permissions) defined for this application (client_id) using this API (audience).
+	// client_secret required for M2M applications. Not required for SPA.
+	async GetScopes(client_id, client_secret, audience) {
+
 	}
 
-	async GetAPI(identifier) {
-		let APIidentifier = BLCAuth.API_ID_PREFIX + identifier;
-		let api = await this.#accessLayer.getLatestResource(APIidentifier);
-		if (api.status !== 200) {
-			return { status: status.notfound, error: 'API not found.', detail: { message: `API not found: [${identifier}]` }};
-		}
-		return api;
+	// Get all the scopes that the user (user_id) has previously consented for this application (client_id) using this API (audience).
+	async GetConsentedScopes(user_id, client_id, audience) {
+
+	}
+
+	// Update scopes that the user (user_id) has consented for this application (client_id) using this API (audience).
+	async UpdateConsentedScopes(user_id, client_id, audience, scopes) {
+
 	}
+	*/
 }
 
 module.exports = { BLCAuth };

package/dbaccess.js

@@ -5,5 +5,11 @@ const { PGUtils } = require('./pgutils');
 const { BLCAuth } = require('./blcauth');
 const { DatabaseUtils } = require('./databaseutils');
 const { DataGenerator } = require('./datagenerator');
+const { STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, STSDatabaseAccessError } = require('./dberrors');
 
-module.exports = { PGPoolManager, L1Cache, PGAccessLayer, PGUtils, BLCAuth, DatabaseUtils, DataGenerator };
+module.exports = { 
+	// Utilities and Helpers
+	PGPoolManager, L1Cache, PGAccessLayer, PGUtils, BLCAuth, DatabaseUtils, DataGenerator,
+	// Errors
+	STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, STSDatabaseAccessError
+};

package/dberrors.js

@@ -0,0 +1,57 @@
+const { status: { status } } = require('@nsshunt/stsutils');
+
+// https://rclayton.silvrback.com/custom-errors-in-node-js
+class STSDataManagementError extends Error {
+	constructor(message) {
+		super(message);
+
+		// Ensure the name of this error is the same as the class name
+		this.name = this.constructor.name;
+
+		// This clips the constructor invocation from the stack trace.
+		// It's not absolutely essential, but it does make the stack trace a little nicer.
+		//  @see Node.js reference (bottom)
+		Error.captureStackTrace(this, this.constructor);
+
+		this.detail = null;
+		this.status = status.error;
+	}
+}
+
+class STSResourceNotFoundError extends STSDataManagementError {
+	constructor(resource, resourceId) {
+		super(`Resource [${resource}] not found using ID: [${resourceId}]`);
+		this.detail = { 
+			resourceId,
+			resource
+		}
+		this.status = status.notfound;
+	}
+}
+
+class STSResourceMalformedError extends STSDataManagementError {
+	constructor(resource, resourceId, resourceRaw, error) {
+		super(`Resource [${resource}:{resourceId}] is malformed.`);
+		this.detail = { 
+			resourceId,
+			resource,
+			resourceRaw,
+			error
+		}
+		this.status = status.error;
+	}
+}
+
+class STSDatabaseAccessError extends STSDataManagementError {
+	constructor(resource, resourceId, error) {
+		super(`Database access error reading resource: [${resource}:{resourceId}]`);
+		this.detail = { 
+			resourceId,
+			resource,
+			error
+		}
+		this.status = status.error;
+	}
+}
+
+module.exports = { STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, STSDatabaseAccessError }

package/package.json

@@ -1,18 +1,18 @@
 {
   "name": "@nsshunt/stsdatamanagement",
-  "version": "1.10.4",
+  "version": "1.11.1",
   "description": "STS Data Management Modules, Utilities and Services",
   "main": "dbaccess.js",
   "dependencies": {
     "@nsshunt/stsconfig": "^1.20.0",
     "@nsshunt/stsinstrumentation": "^6.4.3",
-    "@nsshunt/stsutils": "^1.7.6",
+    "@nsshunt/stsutils": "^1.8.5",
     "axios": "^0.26.0",
     "bcryptjs": "^2.4.3",
     "cli-progress": "^3.10.0",
     "colors": "^1.4.0",
     "debug": "^4.3.4",
-    "ioredis": "^4.28.5",
+    "ioredis": "^5.0.3",
     "pg": "^8.7.3",
     "pg-copy-streams": "^6.0.2",
     "prompts": "^2.4.2",
@@ -31,7 +31,7 @@
     "@babel/eslint-parser": "^7.17.0",
     "@babel/plugin-proposal-class-properties": "^7.16.7",
     "@babel/plugin-proposal-private-methods": "^7.16.11",
-    "eslint": "^8.11.0",
+    "eslint": "^8.12.0",
     "jest": "^27.5.1"
   },
   "scripts": {

package/pgaccesslayer.js

@@ -332,6 +332,19 @@ class PGAccessLayer
     	}
 	}
 
+	async deleteLatestResource(userid, resid)
+	{
+		const fname = 'deleteLatestResource';
+    	let retVal = await this.getLatestResource(resid);
+    	if (retVal.status !== status.success)
+    	{
+			return { status: retVal.status, error: `[${fname}]: Operation was not successful: [${resid}]`, detail: retVal };
+    	} else {
+    		let vnum = retVal.detail.vnum;
+    		await this.deleteResource(userid, resid, vnum);
+    	}
+	}
+
 	async deleteResource(userid, resourceid, resourcevnum)
 	{
     	const fname = 'deleteResource';