@nu-art/google-services-backend 0.400.5

package/index.d.ts

@@ -0,0 +1,4 @@
+export * from './modules/ModuleBE_GcpManager.js';
+export * from './modules/ModuleBE_GoogleContacts.js';
+export * from './modules/ModuleBE_Auth.js';
+export * from './modules/ModuleBE_GooglePubSub.js';

package/index.js

@@ -0,0 +1,22 @@
+/*
+ * Permissions management system, define access level for each of
+ * your server apis, and restrict users by giving them access levels
+ *
+ * Copyright (C) 2020 Yair bcm
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export * from './modules/ModuleBE_GcpManager.js';
+export * from './modules/ModuleBE_GoogleContacts.js';
+export * from './modules/ModuleBE_Auth.js';
+export * from './modules/ModuleBE_GooglePubSub.js';

package/modules/ModuleBE_Auth.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Created by tacb0ss on 07/05/2018.
+ */
+import { Module } from '@nu-art/ts-common';
+import { google } from 'googleapis';
+import { GoogleAuth, JWTInput } from 'google-auth-library';
+type AuthClient_ = typeof google.auth.getClient;
+type ClientOptions = NonNullable<Parameters<AuthClient_>[0]>['clientOptions'];
+type AuthModuleConfig = {
+    auth: {
+        [k: string]: JWT_Input | string;
+    };
+};
+export type JWT_Input = JWTInput;
+export declare class ModuleBE_Auth_Class extends Module<AuthModuleConfig> {
+    constructor();
+    getAuth(authKey: string, scopes: string[], clientOptions?: ClientOptions): ({
+        auth: GoogleAuth;
+    });
+    getAuthConfig(authKey: string): string | JWTInput;
+    getJWT(authKey: string, scopes: string[]): Promise<import("google-auth-library").Credentials>;
+}
+export declare const ModuleBE_Auth: ModuleBE_Auth_Class;
+export {};

package/modules/ModuleBE_Auth.js

@@ -0,0 +1,33 @@
+/**
+ * Created by tacb0ss on 07/05/2018.
+ */
+import { ImplementationMissingException, Module, NotImplementedYetException } from '@nu-art/ts-common';
+import { GoogleAuth, JWT, } from 'google-auth-library';
+export class ModuleBE_Auth_Class extends Module {
+    constructor() {
+        super();
+        this.setDefaultConfig({ auth: {} });
+    }
+    getAuth(authKey, scopes, clientOptions) {
+        const conf = this.getAuthConfig(authKey);
+        const base = typeof conf === 'string'
+            ? { keyFile: conf }
+            : { credentials: conf }; // JWTInput
+        const auth = new GoogleAuth({ ...base, scopes, clientOptions });
+        return { auth };
+    }
+    getAuthConfig(authKey) {
+        const projectAuth = this.config.auth[authKey];
+        if (!projectAuth)
+            throw new ImplementationMissingException(`Config of authKey: ${authKey} was not found`);
+        return projectAuth;
+    }
+    async getJWT(authKey, scopes) {
+        const authConfig = this.getAuthConfig(authKey);
+        if (typeof authConfig === 'string') {
+            return new JWT({ keyFile: authConfig, scopes }).authorize();
+        }
+        throw new NotImplementedYetException('cannot create a JWT from a raw credentials.. need path to file');
+    }
+}
+export const ModuleBE_Auth = new ModuleBE_Auth_Class();

package/modules/ModuleBE_GcpManager.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Created by tacb0ss on 07/05/2018.
+ */
+import { Module } from '@nu-art/ts-common';
+import { cloudresourcemanager_v1, cloudresourcemanager_v2, serviceusage_v1 } from 'googleapis';
+import { ServiceKey } from './consts.js';
+import Schema$Folder = cloudresourcemanager_v2.Schema$Folder;
+import Schema$Project = cloudresourcemanager_v1.Schema$Project;
+type CreateFolder = {
+    parentId: string;
+    folderName: string;
+};
+type QueryFolder = {
+    parentId: string;
+    folderName: string;
+};
+type GoogleCloudManagerConfig = {
+    authKey: string;
+    scopes: string[];
+};
+export declare class ModuleBE_GcpManager_Class extends Module<GoogleCloudManagerConfig> {
+    private cloudServicesManagerAPI;
+    private cloudResourcesManagerAPI;
+    private cloudResourcesManagerAPIv1;
+    constructor();
+    protected init(): Promise<void>;
+    getOrCreateFolder(parentFolderId: string, folderName: string): Promise<string>;
+    createFolder(_request: CreateFolder): Promise<{
+        [key: string]: any;
+    } | null | undefined>;
+    queryFolders(_query: QueryFolder): Promise<cloudresourcemanager_v2.Schema$Folder[]>;
+    getFolderId(folder: Schema$Folder): string;
+    private _waitForFolderOperation;
+    listProjects(filter?: ((project: Schema$Project) => boolean)): Promise<cloudresourcemanager_v1.Schema$Project[]>;
+    getOrCreateProjects(parentId: string, ...projects: {
+        projectId: string;
+        name: string;
+    }[]): Promise<(cloudresourcemanager_v1.Schema$Project | {
+        [key: string]: any;
+    } | undefined)[]>;
+    createProject(parentId: string, projectId: string, name?: string): Promise<{
+        [key: string]: any;
+    } | null | undefined>;
+    _waitForProjectOperation(name: string): Promise<{
+        [key: string]: any;
+    } | null | undefined>;
+    getService(serviceKey: ServiceKey, projectId: string): Promise<serviceusage_v1.Schema$GoogleApiServiceusageV1Service>;
+    enableService(serviceKey: ServiceKey, enable: boolean, ...projectIds: string[]): Promise<(void | serviceusage_v1.Schema$GoogleApiServiceusageV1Service)[]>;
+    private _enableService;
+    private _waitForServiceOperation;
+    isEnabled(serviceKey: ServiceKey, projectId: string): Promise<boolean>;
+    private _isEnabled;
+}
+export declare const ModuleBE_GcpManager: ModuleBE_GcpManager_Class;
+export {};

package/modules/ModuleBE_GcpManager.js

@@ -0,0 +1,175 @@
+/*
+ * Permissions management system, define access level for each of
+ * your server apis, and restrict users by giving them access levels
+ *
+ * Copyright (C) 2020 Adam van der Kruk aka TacB0sS
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Created by tacb0ss on 07/05/2018.
+ */
+import { __stringify, BadImplementationException, filterInstances, ImplementationMissingException, Module, ThisShouldNotHappenException, timeout } from '@nu-art/ts-common';
+import { cloudresourcemanager_v1, cloudresourcemanager_v2, serviceusage_v1 } from 'googleapis';
+import { ModuleBE_Auth } from './ModuleBE_Auth.js';
+import { GCPScope } from './consts.js';
+var Serviceusage = serviceusage_v1.Serviceusage;
+var Cloudresourcemanager = cloudresourcemanager_v2.Cloudresourcemanager;
+var CloudresourcemanagerV1 = cloudresourcemanager_v1.Cloudresourcemanager;
+export class ModuleBE_GcpManager_Class extends Module {
+    cloudServicesManagerAPI;
+    cloudResourcesManagerAPI;
+    cloudResourcesManagerAPIv1;
+    constructor() {
+        super();
+        this.setDefaultConfig({ scopes: [GCPScope.CloudPlatform] });
+    }
+    async init() {
+        const auth = ModuleBE_Auth.getAuth(this.config.authKey, this.config.scopes);
+        this.cloudServicesManagerAPI = new Serviceusage(auth);
+        this.cloudResourcesManagerAPI = new Cloudresourcemanager(auth);
+        this.cloudResourcesManagerAPIv1 = new CloudresourcemanagerV1(auth);
+    }
+    // FOLDERS
+    async getOrCreateFolder(parentFolderId, folderName) {
+        if (parentFolderId === undefined)
+            throw new BadImplementationException('MUST provide a parentFolderId');
+        if (folderName === undefined)
+            throw new BadImplementationException('MUST provide a folderName');
+        const folders = await this.queryFolders({ parentId: parentFolderId, folderName });
+        let parentFolder;
+        if (folders.length > 1)
+            throw new ThisShouldNotHappenException('too many folders for query...');
+        else if (folders.length === 1)
+            parentFolder = folders[0];
+        else
+            parentFolder = await this.createFolder({ parentId: parentFolderId, folderName });
+        if (!parentFolder)
+            throw new BadImplementationException('MUST be parentFolder');
+        return this.getFolderId(parentFolder);
+    }
+    async createFolder(_request) {
+        const request = {
+            parent: `folders/${_request.parentId}`,
+            requestBody: {
+                displayName: _request.folderName
+            }
+        };
+        this.logInfo(`Creating GCP folder "${_request.parentId}/${_request.folderName}"`);
+        const res = await this.cloudResourcesManagerAPI.folders.create(request);
+        return await this._waitForFolderOperation(res.data.name);
+    }
+    async queryFolders(_query) {
+        const query = { query: `parent=folders/${_query.parentId} AND displayName=${_query.folderName}` };
+        const res = await this.cloudResourcesManagerAPI.folders.search({ requestBody: query });
+        return res.data.folders || [];
+    }
+    getFolderId(folder) {
+        return folder.name.replace('folders/', '');
+    }
+    async _waitForFolderOperation(name) {
+        let retry = 5;
+        while (retry >= 0) {
+            await timeout(2000);
+            const res = await this.cloudResourcesManagerAPI.operations.get({ name });
+            if (res.data.done)
+                return res.data.response;
+            retry--;
+        }
+        throw new ImplementationMissingException('need better handling here..');
+    }
+    // PROJECTS
+    async listProjects(filter = () => true) {
+        const results = await this.cloudResourcesManagerAPIv1.projects.list();
+        const projects = results.data.projects || [];
+        return projects.filter(filter);
+    }
+    async getOrCreateProjects(parentId, ...projects) {
+        const existingProjects = await this.listProjects(gcproject => !!projects.find(project => project.name === gcproject.name));
+        const projectsToCreate = projects
+            .filter((project) => !existingProjects.find((gcproject) => gcproject.name === project.name));
+        const newProjects = await Promise.all(projectsToCreate.map(project => this.createProject(parentId, project.projectId, project.name)));
+        const allProjects = filterInstances([...existingProjects, ...newProjects]);
+        return projects.map(project => allProjects.find(gcpProject => gcpProject.name === project.name));
+    }
+    async createProject(parentId, projectId, name = projectId) {
+        const options = {
+            projectId,
+            name,
+            parent: {
+                type: 'folder',
+                id: parentId
+            }
+        };
+        this.logInfo(`Creating GCP Project "${parentId}/${projectId}/${name}"`);
+        const response = await this.cloudResourcesManagerAPIv1.projects.create({ requestBody: options });
+        return this._waitForProjectOperation(response.data.name);
+    }
+    async _waitForProjectOperation(name) {
+        let retry = 5;
+        while (retry >= 0) {
+            await timeout(2000);
+            const res = await this.cloudResourcesManagerAPIv1.operations.get({ name });
+            if (res.data.done)
+                return res.data.response;
+            retry--;
+        }
+        throw new ImplementationMissingException('need better handling here..');
+    }
+    // SERVICES
+    async getService(serviceKey, projectId) {
+        const res = await this.cloudServicesManagerAPI.services.get({ name: `projects/${projectId}/services/${serviceKey}` });
+        return res.data;
+    }
+    async enableService(serviceKey, enable, ...projectIds) {
+        this.logInfo(`Enabling Service "${serviceKey}" for projects: ${__stringify(projectIds)}`);
+        return Promise.all(projectIds.map(projectId => this._enableService(serviceKey, projectId, enable)));
+    }
+    // @ts-ignore
+    async _enableService(serviceKey, projectId, enable = true) {
+        let service = await this.getService(serviceKey, projectId);
+        if (this._isEnabled(service) === enable)
+            return this.logVerbose(`Service "${serviceKey}" was already enabled for project: ${projectId}`);
+        const name = service.name;
+        let res;
+        if (enable)
+            res = await this.cloudServicesManagerAPI.services.enable({ name });
+        else
+            res = await this.cloudServicesManagerAPI.services.disable({ name });
+        service = await this._waitForServiceOperation(res.data.name);
+        if (this._isEnabled(service))
+            this.logVerbose(`Service "${serviceKey}" is now enabled for project: ${projectId}`);
+        else
+            this.logError(`Service "${serviceKey}" is now disabled for project: ${projectId}`);
+        return service;
+    }
+    async _waitForServiceOperation(name) {
+        let retry = 5;
+        while (retry >= 0) {
+            await timeout(2000);
+            const res = await this.cloudServicesManagerAPI.operations.get({ name });
+            if (res.data.done)
+                return res.data.response?.service;
+            retry--;
+        }
+        throw new ImplementationMissingException('need better handling here..');
+    }
+    async isEnabled(serviceKey, projectId) {
+        const service = await this.getService(serviceKey, projectId);
+        return this._isEnabled(service);
+    }
+    _isEnabled(service) {
+        return service.state === 'ENABLED';
+    }
+}
+export const ModuleBE_GcpManager = new ModuleBE_GcpManager_Class();

package/modules/ModuleBE_GoogleContacts.d.ts

@@ -0,0 +1,21 @@
+import { Module } from '@nu-art/ts-common';
+import { people_v1 } from 'googleapis';
+export declare const standardProperties: string[];
+export declare const standardPhotoProperties: string[];
+export type GoogleContact = people_v1.Schema$Person;
+type Config = {
+    authKey?: string;
+};
+export declare class ModuleBE_GoogleContacts_Class extends Module<Config> {
+    constructor();
+    protected init(): void;
+    getContactById: (userEmail: string, contactId: string, authKey?: string) => Promise<people_v1.Schema$Person>;
+    delete: (userEmail: string, resource: string, authKey?: string) => Promise<people_v1.Schema$Empty>;
+    list: (userEmail: string, pageToken?: string, authKey?: string) => Promise<people_v1.Schema$ListConnectionsResponse>;
+    create: (userEmail: string, record: GoogleContact, authKey?: string) => Promise<people_v1.Schema$Person>;
+    update: (userEmail: string, record: GoogleContact, authKey?: string) => Promise<people_v1.Schema$Person>;
+    updatePhoto: (userEmail: string, person: GoogleContact, contactImageBase64: string, authKey?: string) => Promise<people_v1.Schema$UpdateContactPhotoResponse>;
+    private createContactApi;
+}
+export declare const ModuleBE_GoogleContacts: ModuleBE_GoogleContacts_Class;
+export {};

package/modules/ModuleBE_GoogleContacts.js

@@ -0,0 +1,97 @@
+/*
+ * Permissions management system, define access level for each of
+ * your server apis, and restrict users by giving them access levels
+ *
+ * Copyright (C) 2020 Adam van der Kruk aka TacB0sS
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { ImplementationMissingException, Module } from '@nu-art/ts-common';
+import { people_v1 } from 'googleapis';
+import { ModuleBE_Auth } from './ModuleBE_Auth.js';
+export const standardProperties = [
+    'addresses',
+    'birthdays',
+    'emailAddresses',
+    'genders',
+    'names',
+    'phoneNumbers',
+    'userDefined'
+];
+export const standardPhotoProperties = [
+    'addresses',
+    'birthdays',
+    'emailAddresses',
+    'genders',
+    'names',
+    'phoneNumbers',
+    'userDefined',
+    'photos'
+];
+export class ModuleBE_GoogleContacts_Class extends Module {
+    constructor() {
+        super('ModuleBE_GoogleContacts');
+    }
+    init() {
+    }
+    getContactById = async (userEmail, contactId, authKey) => {
+        const query = {
+            resourceName: contactId,
+            personFields: `${standardProperties.join(',')},metadata`
+        };
+        return (await this.createContactApi(userEmail, authKey).people.get(query)).data;
+    };
+    delete = async (userEmail, resource, authKey) => {
+        const contactsApi = await this.createContactApi(userEmail, authKey);
+        return (await contactsApi.people.deleteContact({ resourceName: resource })).data;
+    };
+    list = async (userEmail, pageToken, authKey) => {
+        const query = {
+            // Only valid resourceName according to https://developers.google.com/people/api/restv1/people.connections/list
+            pageToken,
+            resourceName: 'people/me',
+            pageSize: 1000,
+            personFields: standardProperties.join(',')
+        };
+        return (await this.createContactApi(userEmail, authKey).people.connections.list(query)).data;
+    };
+    create = async (userEmail, record, authKey) => {
+        return (await this.createContactApi(userEmail, authKey).people.createContact({ requestBody: record })).data;
+    };
+    update = async (userEmail, record, authKey) => {
+        const updateRequest = {
+            resourceName: record.resourceName,
+            updatePersonFields: standardProperties.join(','),
+            requestBody: record
+        };
+        return (await this.createContactApi(userEmail, authKey).people.updateContact(updateRequest)).data;
+    };
+    updatePhoto = async (userEmail, person, contactImageBase64, authKey) => {
+        const updatePhoto = {
+            resourceName: person.resourceName,
+            requestBody: {
+                photoBytes: contactImageBase64,
+                personFields: standardPhotoProperties.join(',')
+            }
+        };
+        return (await this.createContactApi(userEmail, authKey).people.updateContactPhoto(updatePhoto)).data;
+    };
+    createContactApi = (userEmail, authKey) => {
+        const finalAuthKey = authKey || this.config.authKey;
+        if (!finalAuthKey)
+            throw new ImplementationMissingException('missing authkey for google contacts api');
+        const auth = ModuleBE_Auth.getAuth(finalAuthKey, ['https://www.googleapis.com/auth/contacts'], { subject: userEmail });
+        return new people_v1.People(auth);
+    };
+}
+export const ModuleBE_GoogleContacts = new ModuleBE_GoogleContacts_Class();

package/modules/ModuleBE_GooglePubSub.d.ts

@@ -0,0 +1,13 @@
+import { Module } from "@nu-art/ts-common";
+import { PublishOptions } from '@google-cloud/pubsub';
+declare class ModuleBE_GooglePubSub_Class extends Module {
+    project(projectId: string, authKey?: string): {
+        createTopic: (topicName: string) => Promise<import("@google-cloud/pubsub").Topic>;
+        topic: (topicName: string, options?: PublishOptions) => {
+            publishJson: (json: object) => Promise<string>;
+            publish: (buffer: Buffer) => Promise<string>;
+        };
+    };
+}
+export declare const ModuleBE_GooglePubSub: ModuleBE_GooglePubSub_Class;
+export {};

package/modules/ModuleBE_GooglePubSub.js

@@ -0,0 +1,24 @@
+import { Module } from "@nu-art/ts-common";
+import { PubSub } from '@google-cloud/pubsub';
+import { ModuleBE_Auth } from "./ModuleBE_Auth.js";
+class ModuleBE_GooglePubSub_Class extends Module {
+    project(projectId, authKey = projectId) {
+        const authObject = ModuleBE_Auth.getAuth(authKey, []);
+        const auth = authObject.auth;
+        const pubSub = new PubSub({ projectId, auth });
+        return {
+            createTopic: async (topicName) => {
+                const [topic] = await pubSub.createTopic(topicName);
+                return topic;
+            },
+            topic: (topicName, options) => {
+                const topic = pubSub.topic(topicName, options);
+                return {
+                    publishJson: async (json) => topic.publishJSON(json),
+                    publish: async (buffer) => topic.publish(buffer)
+                };
+            }
+        };
+    }
+}
+export const ModuleBE_GooglePubSub = new ModuleBE_GooglePubSub_Class();

package/modules/ModuleBE_SecretManager.d.ts

@@ -0,0 +1,31 @@
+import { AnyPrimitive, Module } from '@nu-art/ts-common';
+import { google } from '@google-cloud/secret-manager/build/protos/protos.js';
+import ISecret = google.cloud.secretmanager.v1.ISecret;
+export declare const printCallerIdentity: () => Promise<void>;
+type Secret = {
+    key: string;
+    projectId: string;
+    version?: string;
+};
+export declare class SecretKey<T extends AnyPrimitive> {
+    readonly secret: Secret;
+    constructor(name: string, parent?: string | undefined);
+    get(): Promise<T | undefined>;
+    get(fallbackValue: T): Promise<T>;
+    set(secret: T): Promise<string>;
+    previous(reverseIndex?: number): Promise<T | undefined>;
+    modifiedTimestamp(): Promise<number>;
+}
+export declare class ModuleBE_SecretManager_Class extends Module {
+    private client;
+    getSecretValue: (secret: Secret) => Promise<string | undefined>;
+    tryGetSecretValue: (secret: Secret) => Promise<string | undefined>;
+    getSecretValueImpl: (secretKey: string) => Promise<string | undefined>;
+    updateSecret: (_secret: Secret, data: string) => Promise<string>;
+    updateSecretImpl: (secret: ISecret, data: string) => Promise<void>;
+    listEnabledVersions: (secret: Secret) => Promise<google.cloud.secretmanager.v1.ISecretVersion[]>;
+    getSecretVersionMetadata: (versionName: string) => Promise<google.cloud.secretmanager.v1.ISecretVersion>;
+    getOrCreateSecret: (_secret: Secret) => Promise<ISecret>;
+}
+export declare const ModuleBE_SecretManager: ModuleBE_SecretManager_Class;
+export {};

package/modules/ModuleBE_SecretManager.js

@@ -0,0 +1,129 @@
+import { exists, Logger, Module, MUSTNeverHappenException, ThisShouldNotHappenException } from '@nu-art/ts-common';
+import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
+import { GoogleAuth } from 'google-auth-library';
+export const printCallerIdentity = async () => {
+    const logger = new Logger('GCP-Caller');
+    const auth = new GoogleAuth({ scopes: 'https://www.googleapis.com/auth/cloud-platform' });
+    const client = await auth.getClient();
+    const projectId = await auth.getProjectId();
+    const token = await client.getAccessToken();
+    const res = await fetch(`https://oauth2.googleapis.com/tokeninfo?access_token=${token.token}`);
+    const info = await res.json();
+    logger.logInfo(`🔐 GCP Caller Identity: ${info.email || info.sub}`);
+    logger.logInfo(`🏗️ GCP Project ID: ${projectId}`);
+};
+function composeSecretKey(secret) {
+    return `projects/${secret.projectId}/secrets/${secret.key}${secret.version ? `/versions/${secret.version}` : ''}`;
+}
+export class SecretKey {
+    secret;
+    constructor(name, parent = process.env.GCP_PROJECT_ID ?? process.env.GCLOUD_PROJECT) {
+        if (!parent)
+            throw new MUSTNeverHappenException(`Missing the secret parent project id for secret ${name}`);
+        this.secret = Object.freeze({ projectId: parent, key: name });
+    }
+    async get(fallbackValue, version = 'latest') {
+        let rawSecret = await ModuleBE_SecretManager.tryGetSecretValue({ ...this.secret, version });
+        if (exists(rawSecret))
+            return JSON.parse(rawSecret);
+        if (!exists(fallbackValue))
+            return undefined;
+        const secret = await ModuleBE_SecretManager.getOrCreateSecret(this.secret);
+        rawSecret = JSON.stringify(fallbackValue);
+        await ModuleBE_SecretManager.updateSecretImpl(secret, rawSecret);
+        return fallbackValue;
+    }
+    async set(secret) {
+        return ModuleBE_SecretManager.updateSecret(this.secret, JSON.stringify(secret));
+    }
+    async previous(reverseIndex = 1) {
+        const versions = await ModuleBE_SecretManager.listEnabledVersions(this.secret);
+        const version = versions[reverseIndex];
+        if (!version?.name)
+            throw new MUSTNeverHappenException(`Missing version name at index ${reverseIndex}`);
+        const rawSecret = await ModuleBE_SecretManager.getSecretValueImpl(version.name);
+        return rawSecret ? JSON.parse(rawSecret) : undefined;
+    }
+    async modifiedTimestamp() {
+        const versions = await ModuleBE_SecretManager.listEnabledVersions(this.secret);
+        if (!versions.length)
+            return 0;
+        const versionName = versions[0].name;
+        if (!versionName)
+            return 0;
+        const metadata = await ModuleBE_SecretManager.getSecretVersionMetadata(versionName);
+        return metadata.createTime ? Number(metadata.createTime.seconds) * 1000 : 0;
+    }
+}
+export class ModuleBE_SecretManager_Class extends Module {
+    client = new SecretManagerServiceClient();
+    getSecretValue = async (secret) => {
+        return this.getSecretValueImpl(composeSecretKey(secret));
+    };
+    tryGetSecretValue = async (secret) => {
+        try {
+            return await this.getSecretValue(secret);
+        }
+        catch (err) {
+            if (err.code === 5)
+                return undefined;
+            await printCallerIdentity();
+            throw new ThisShouldNotHappenException(`Failed to retrieve secret \n Secret: ${JSON.stringify(secret)}`, err);
+        }
+    };
+    getSecretValueImpl = async (secretKey) => {
+        const [version] = await this.client.accessSecretVersion({ name: secretKey });
+        return version.payload?.data?.toString();
+    };
+    updateSecret = async (_secret, data) => {
+        const secret = await this.getOrCreateSecret(_secret);
+        if (!secret.name)
+            throw new MUSTNeverHappenException(`Missing secret.name for ${composeSecretKey(_secret)}`);
+        await this.updateSecretImpl(secret, data);
+        return secret.name;
+    };
+    updateSecretImpl = async (secret, data) => {
+        try {
+            await this.client.addSecretVersion({
+                parent: secret.name,
+                payload: { data: Buffer.from(data, 'utf-8') }
+            });
+        }
+        catch (err) {
+            await printCallerIdentity();
+            throw new ThisShouldNotHappenException(`Failed to update secret version (${secret})`, err);
+        }
+    };
+    listEnabledVersions = async (secret) => {
+        const [versions] = await this.client.listSecretVersions({ parent: composeSecretKey(secret) });
+        return versions.filter(v => v.state === 'ENABLED').sort((a, b) => {
+            const aVer = Number(a.name?.split('/').pop());
+            const bVer = Number(b.name?.split('/').pop());
+            return isNaN(bVer - aVer) ? 0 : bVer - aVer;
+        });
+    };
+    getSecretVersionMetadata = async (versionName) => {
+        const [version] = await this.client.getSecretVersion({ name: versionName });
+        return version;
+    };
+    getOrCreateSecret = async (_secret) => {
+        const name = composeSecretKey(_secret);
+        try {
+            const [secret] = await this.client.getSecret({ name });
+            return secret;
+        }
+        catch (err) {
+            if (err.code !== 5) {
+                await printCallerIdentity();
+                throw new ThisShouldNotHappenException(`Failed to get secret (${_secret})`, err);
+            }
+            const [created] = await this.client.createSecret({
+                parent: `projects/${_secret.projectId}`,
+                secretId: _secret.key,
+                secret: { replication: { automatic: {} } }
+            });
+            return created;
+        }
+    };
+}
+export const ModuleBE_SecretManager = new ModuleBE_SecretManager_Class();

package/modules/consts.d.ts

@@ -0,0 +1,6 @@
+export declare enum ServiceKey {
+    DialogFlow = "dialogflow.googleapis.com"
+}
+export declare enum GCPScope {
+    CloudPlatform = "https://www.googleapis.com/auth/cloud-platform"
+}

package/modules/consts.js

@@ -0,0 +1,26 @@
+/*
+ * Permissions management system, define access level for each of
+ * your server apis, and restrict users by giving them access levels
+ *
+ * Copyright (C) 2020 Adam van der Kruk aka TacB0sS
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export var ServiceKey;
+(function (ServiceKey) {
+    ServiceKey["DialogFlow"] = "dialogflow.googleapis.com";
+})(ServiceKey || (ServiceKey = {}));
+export var GCPScope;
+(function (GCPScope) {
+    GCPScope["CloudPlatform"] = "https://www.googleapis.com/auth/cloud-platform";
+})(GCPScope || (GCPScope = {}));

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@nu-art/google-services-backend",
+  "version": "0.400.5",
+  "description": "google-services Backend",
+  "keywords": [
+    "TacB0sS",
+    "create account",
+    "express",
+    "infra",
+    "login",
+    "nu-art",
+    "permissions",
+    "saml",
+    "thunderstorm",
+    "typescript",
+    "user-account"
+  ],
+  "homepage": "https://github.com/nu-art-js/thunderstorm",
+  "bugs": {
+    "url": "https://github.com/nu-art-js/thunderstorm/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com:nu-art-js/thunderstorm.git"
+  },
+  "publishConfig": {
+    "directory": "dist",
+    "linkDirectory": true
+  },
+  "license": "Apache-2.0",
+  "author": "TacB0sS",
+  "scripts": {
+    "build": "tsc"
+  },
+  "dependencies": {
+    "@nu-art/ts-common": "0.400.5",
+    "@google-cloud/pubsub": "^4.0.0",
+    "@google-cloud/secret-manager": "^6.1.0",
+    "google-auth-library": "^10.0.0",
+    "googleapis": "^152.0.0"
+  },
+  "devDependencies": {
+    "@google-cloud/resource-manager": "^6.2.0"
+  },
+  "unitConfig": {
+    "type": "typescript-lib"
+  },
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    },
+    "./*": {
+      "types": "./*.d.ts",
+      "import": "./*.js"
+    }
+  }
+}