@oas-tools/oas-telemetry 0.7.0-alpha.3 → 0.7.0-alpha.5

package/.env.example

@@ -24,12 +24,14 @@ OASTLM_CONFIG_GENERAL_SPEC_FILE_NAME=
 
 # Enable authentication | Possible values: "true", "false" | Default: "false"
 OASTLM_CONFIG_AUTH_ENABLED=
-# Maximum age for API keys (ms) | Default: 3600000 (1 hour)
-OASTLM_CONFIG_AUTH_API_KEY_MAX_AGE=
 # Password for authentication | Default: "oas-telemetry-password"
 OASTLM_CONFIG_AUTH_PASSWORD=
 # JWT secret for authentication | Default: "oas-telemetry-secret"
 OASTLM_CONFIG_AUTH_JWT_SECRET=
+# Access token max age (ms) | Default: 300000 (5 minutes)
+OASTLM_CONFIG_AUTH_ACCESS_TOKEN_MAX_AGE=
+# Refresh token max age (ms) | Default: 604800000 (7 days)
+OASTLM_CONFIG_AUTH_REFRESH_TOKEN_MAX_AGE=
 
 
 # Enable memory exporter for traces | Possible values: "true", "false" | Default: "true"

package/README.md

@@ -1,6 +1,7 @@
 # OAS TELEMETRY
 
-**OAS Telemetry** is an Express middleware for collecting telemetry data using **OpenTelemetry** in **OpenAPI Specification (OAS)**-based applications. It exposes endpoints for managing and analyzing telemetry data—such as starting/stopping collection, resetting, listing, and searching records—making integration with **Express.js** straightforward.
+
+**OAS Telemetry** is a library that automatically configures telemetry in your Express application based on OpenAPI, with no extra code required. Simply use the middleware to instantly access endpoints for viewing recent requests, system logs, and metrics—all stored in memory. This allows you to analyze your API’s behavior and debug issues easily, without manual setup or complex integration. OpenTelemetry is used under the hood to collect traces, metrics, and logs.
 
 The middleware is highly configurable and supports both **ES Module (ESM)** and **CommonJS (CJS)** formats (ESM targeting **ES2020**). Its functionality can be extended via plugins; see [Telemetry Plugins](#telemetry-plugins) for details.
 
@@ -8,11 +9,13 @@ The middleware is highly configurable and supports both **ES Module (ESM)** and
 >
 > **OAS Telemetry** is a functional and working package, but it is currently at version 0 and remains under active development. Features, APIs, and behavior are subject to change at any time. Please review the following current status before use:
 >
-> - **Traces:** Semi-stable. Currently supports HTTP instrumentation.
+> - **Traces:** Semi-stable. Currently supports HTTP instrumentation. We are studying switching to auto-instrumentation, but we need to test memory usage and performance first.
 > - **Logs:** Semi-stable. Supports fast search by message content and Mongo-like search (similar to traces).
-> - **Metrics:** Semi=stable. Currently uses OpenTelemetry host metrics. This area is subject to change to improve memory usage and data handling.
+> - **Metrics:** Not stable. Currently uses OpenTelemetry host metrics. This area is subject to change to improve memory usage and data handling.
 > - **Configuration:** Semi-stable. All configuration options will be available as parameters at initialization and via environment variables (see the `.env.example` file). The configuration system is under active development and will change significantly in future releases.
-> - **UI:** Not stable. Migration to React is in progress. Most views are placeholders except for the AI agent, which is fully functional and can answer questions about metrics, traces, and logs.
+> - **UI:** Not stable. Migration to React is in progress. Most views are placeholders except for the AI agent, which is fully functional and can answer questions about traces, and logs (Not yet for metrics). Plugin management page is also functional. Next steps include logs page (almost done) and traces page (subject to change based on instrumentation approach). Metrics page will be the last to be implemented, as we want to support custom metrics in the future.
+>
+> Please if you want to use this package contact us via motero6@us.es
 
 ## Usage
 

package/dist/cjs/config/config.cjs

@@ -18,9 +18,10 @@ const loadEnv = () => {
     },
     auth: {
       enabled: getParsedEnvVar("OASTLM_CONFIG_AUTH_ENABLED", v => v === "true"),
-      apiKeyMaxAge: getParsedEnvVar("OASTLM_CONFIG_AUTH_API_KEY_MAX_AGE", v => parseInt(v, 10)),
       password: getParsedEnvVar("OASTLM_CONFIG_AUTH_PASSWORD"),
-      jwtSecret: getParsedEnvVar("OASTLM_CONFIG_AUTH_JWT_SECRET")
+      jwtSecret: getParsedEnvVar("OASTLM_CONFIG_AUTH_JWT_SECRET"),
+      accessTokenMaxAge: getParsedEnvVar("OASTLM_CONFIG_AUTH_ACCESS_TOKEN_MAX_AGE", v => parseInt(v, 10)),
+      refreshTokenMaxAge: getParsedEnvVar("OASTLM_CONFIG_AUTH_REFRESH_TOKEN_MAX_AGE", v => parseInt(v, 10))
     },
     traces: {
       memoryExporter: {
@@ -70,10 +71,11 @@ const defaultConfig = exports.defaultConfig = {
   },
   auth: {
     enabled: false,
-    apiKeyMaxAge: 1000 * 60 * 60,
-    // 1 hour
     password: "oas-telemetry-password",
-    jwtSecret: "oas-telemetry-secret"
+    jwtSecret: "oas-telemetry-secret",
+    accessTokenMaxAge: 1000 * 60 * 5,
+    // 5 minutes
+    refreshTokenMaxAge: 1000 * 60 * 60 * 24 * 7 // 7 days
   },
   ai: {
     openAIKey: null,

package/dist/cjs/routesManager.cjs

@@ -23,13 +23,21 @@ const configureRoutes = (router, oasTlmConfig) => {
   if (_bootConfig.bootEnvVariables.OASTLM_BOOT_ENV === 'development') {
     _logger.default.info("Running in development mode, enabling CORS for all origins");
     router.use((0, _cors.default)({
-      origin: '*',
-      // Permitir todas las solicitudes en desarrollo
-      methods: ['GET', 'POST', 'PUT', 'DELETE'],
-      allowedHeaders: ['Content-Type', 'Authorization']
+      origin: (origin, callback) => {
+        if (!origin || /^http:\/\/localhost:\d+$/.test(origin)) {
+          callback(null, true);
+        } else {
+          callback(new Error('Not allowed by CORS'));
+        }
+      },
+      credentials: true
     }));
   }
-  router.use((req, res, next) => {
+  const telemetryBaseUrl = oasTlmConfig.general.baseUrl;
+  // Sub-router for all telemetry endpoints
+  const telemetryRouter = (0, _express.Router)();
+  // Body parser for JSON requests
+  telemetryRouter.use((req, res, next) => {
     if (req.body !== undefined) {
       return next(); // Already parsed, no need to parse again.
     }
@@ -37,52 +45,32 @@ const configureRoutes = (router, oasTlmConfig) => {
       limit: '10mb'
     })(req, res, next);
   });
-  const allAuthMiddlewares = getWrappedMiddlewares(() => oasTlmConfig.auth.enabled, [(0, _cookieParser.default)(), (0, _authRoutes.getAuthRoutes)(oasTlmConfig), (0, _authMiddleware.getAuthMiddleware)(oasTlmConfig)]);
-  const baseUrl = oasTlmConfig.general.baseUrl;
-  router.use(baseUrl, allAuthMiddlewares);
-  router.use(baseUrl + "/traces", (0, _traceRoutes.getTraceRoutes)());
-  router.use(baseUrl + "/metrics", (0, _metricsRoutes.getMetricsRoutes)());
-  router.use(baseUrl + "/logs", (0, _logRoutes.getLogRoutes)());
-  router.use(baseUrl + "/ai", getWrappedMiddlewares(() => oasTlmConfig.ai.openAIKey !== null, [(0, _aiRoutes.getAIRoutes)(oasTlmConfig)]));
-  // WARNING: This path must be the same as the one used in the UI package App.tsx "oas-telemetry-ui"
-  router.use(baseUrl + "/oas-telemetry-ui", (0, _uiRoutes.getUIRoutes)());
-  router.use(baseUrl + "/utils", (0, _utilRoutes.getUtilsRoutes)(oasTlmConfig));
-  router.use(baseUrl + "/plugins", (0, _pluginRoutes.getPluginRoutes)());
-  router.get(baseUrl + '/health', (_req, res) => {
+  telemetryRouter.get('/health', (_req, res) => {
     res.status(200).send({
       status: 'OK'
     });
   });
-  //redirect to the UI when accessing the base URL
-  router.get(baseUrl, (req, res) => {
-    res.redirect(baseUrl + "/oas-telemetry-ui");
+  // Redirect to the UI when accessing the base URL
+  telemetryRouter.get('/', (req, res) => {
+    res.redirect(`${telemetryBaseUrl}/oas-telemetry-ui/`);
   });
+  // WARNING: This path must be the same as the one used in the UI package App.tsx "oas-telemetry-ui"
+  telemetryRouter.use("/oas-telemetry-ui", (0, _uiRoutes.getUIRoutes)());
+  // Auth routes must be registered. If authentication is not enabled, all requests will be allowed.
+  // Frontend will use these endpoints;
+  telemetryRouter.use((0, _cookieParser.default)());
+  // Refresh token uses /auth/refresh path, careful if you change it
+  telemetryRouter.use('/auth', (0, _authRoutes.getAuthRoutes)(oasTlmConfig));
+  telemetryRouter.use((0, _authMiddleware.getAuthMiddleware)(oasTlmConfig));
+  telemetryRouter.use("/traces", (0, _traceRoutes.getTraceRoutes)());
+  telemetryRouter.use("/metrics", (0, _metricsRoutes.getMetricsRoutes)());
+  telemetryRouter.use("/logs", (0, _logRoutes.getLogRoutes)());
+  if (oasTlmConfig.ai.openAIKey) {
+    telemetryRouter.use("/ai", (0, _aiRoutes.getAIRoutes)(oasTlmConfig));
+  }
+  telemetryRouter.use("/utils", (0, _utilRoutes.getUtilsRoutes)(oasTlmConfig));
+  telemetryRouter.use("/plugins", (0, _pluginRoutes.getPluginRoutes)());
+  // Mount the telemetryRouter under telemetryBaseUrl
+  router.use(telemetryBaseUrl, telemetryRouter);
 };
-/**
- * This function wraps the provided middleware functions with a condition callback.
- * If the condition callback returns true, the middleware/router will be executed.
- * If the condition callback returns false, the middleware/router will be skipped.
- *
- * @callback {function} conditionCallback A callback function that returns a boolean to determine if the middleware should be used.
- * @param {Array} middlewares An array of middleware or routers to be wrapped.
- * @returns {Array} An array of wrapped middleware functions.
- */
-exports.configureRoutes = configureRoutes;
-function getWrappedMiddlewares(conditionCallback, middlewares) {
-  return middlewares.map(middleware => {
-    return function (req, res, next) {
-      if (conditionCallback()) {
-        if (typeof middleware === 'function') {
-          // look for handle property, if it exists, it's a router. If not call middleware
-          if (middleware.handle) {
-            middleware.handle(req, res, next);
-          } else {
-            middleware(req, res, next);
-          }
-        }
-      } else {
-        next();
-      }
-    };
-  });
-}
+exports.configureRoutes = configureRoutes;

package/dist/cjs/telemetry/custom-implementations/exporters/PluginLogExporter.cjs

@@ -24,15 +24,8 @@ class PluginLogExporter extends _wrappers.Enabler {
         });
       }
       const cleanLogs = logs.map(log => (0, _circular.removeCircularRefs)(log)).map(log => (0, _circular.applyNesting)(log));
-      _pluginService.pluginService.getPlugins().forEach((pluginResource, i) => {
-        if (typeof pluginResource.pluginImplementation.newLog === 'function') {
-          cleanLogs.forEach(log => {
-            _logger.default.debug(`Sending log to plugin (Plugin #${i}) <${pluginResource.name}>`);
-            pluginResource.pluginImplementation.newLog(log);
-          });
-        } else {
-          _logger.default.debug(`Plugin <${pluginResource.name}> does not implement newLog method. Skipping log export.`);
-        }
+      cleanLogs.forEach(log => {
+        _pluginService.pluginService.broadcastLog(log);
       });
       setTimeout(() => resultCallback({
         code: _core.ExportResultCode.SUCCESS

package/dist/cjs/telemetry/custom-implementations/exporters/PluginMetricExporter.cjs

@@ -24,14 +24,7 @@ class PluginMetricExporter extends _wrappers.Enabler {
         });
       }
       const cleanMetrics = (0, _circular.applyNesting)((0, _circular.removeCircularRefs)(metrics));
-      _pluginService.pluginService.getPlugins().forEach((pluginResource, i) => {
-        if (typeof pluginResource.pluginImplementation.newMetric === 'function') {
-          _logger.default.debug(`Sending metric to plugin (Plugin #${i}) <${pluginResource.name}>`);
-          pluginResource.pluginImplementation.newMetric(cleanMetrics);
-        } else {
-          _logger.default.debug(`Plugin <${pluginResource.name}> does not implement newMetric method. Skipping metric export.`);
-        }
-      });
+      _pluginService.pluginService.broadcastMetric(cleanMetrics);
       setTimeout(() => resultCallback({
         code: _core.ExportResultCode.SUCCESS
       }), 0);

package/dist/cjs/telemetry/custom-implementations/exporters/PluginSpanExporter.cjs

@@ -37,16 +37,8 @@ class PluginSpanExporter extends _wrappers.Enabler {
         }
         return true;
       });
-      _pluginService.pluginService.getPlugins().forEach((pluginResource, i) => {
-        if (typeof pluginResource.pluginImplementation.newTrace === 'function') {
-          cleanSpans.forEach(span => {
-            _logger.default.debug(`Sending span to plugin (Plugin #${i}) <${pluginResource.name}>`);
-            //TODO: This should be called newSpan instead of newTrace
-            pluginResource.pluginImplementation.newTrace(span);
-          });
-        } else {
-          _logger.default.debug(`Plugin <${pluginResource.name}> does not implement newTrace method. Skipping span export.`);
-        }
+      cleanSpans.forEach(span => {
+        _pluginService.pluginService.broadcastTrace(span);
       });
       setTimeout(() => resultCallback({
         code: _core.ExportResultCode.SUCCESS

package/dist/cjs/tlm-auth/authController.cjs

@@ -3,69 +3,134 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.getLogout = exports.getLogin = exports.getCheck = void 0;
+exports.getRefresh = exports.getLogout = exports.getLogin = exports.getAuthEnabled = void 0;
 var _jsonwebtoken = _interopRequireDefault(require("jsonwebtoken"));
 var _logger = _interopRequireDefault(require("../utils/logger.cjs"));
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+function generateAccessToken(secret, expiresIn) {
+  return _jsonwebtoken.default.sign({
+    type: "access"
+  }, secret, {
+    expiresIn: Math.floor(expiresIn / 1000)
+  });
+}
+function generateRefreshToken(secret, expiresIn) {
+  return _jsonwebtoken.default.sign({
+    type: "refresh"
+  }, secret, {
+    expiresIn: Math.floor(expiresIn / 1000)
+  });
+}
 const getLogin = oasTlmConfig => (req, res) => {
+  if (!oasTlmConfig.auth.enabled) {
+    res.status(200).json({
+      valid: true,
+      message: "Auth disabled"
+    });
+    return;
+  }
   try {
     const {
       password
     } = req.body;
     if (password === oasTlmConfig.auth.password) {
-      const options = {
-        maxAge: oasTlmConfig.auth.apiKeyMaxAge,
+      const accessToken = generateAccessToken(oasTlmConfig.auth.jwtSecret, oasTlmConfig.auth.accessTokenMaxAge);
+      const refreshToken = generateRefreshToken(oasTlmConfig.auth.jwtSecret, oasTlmConfig.auth.refreshTokenMaxAge);
+      res.cookie("accessToken", accessToken, {
+        maxAge: oasTlmConfig.auth.accessTokenMaxAge,
         httpOnly: true,
-        secure: true,
-        signed: false
-      };
-      const apiKey = _jsonwebtoken.default.sign({
-        password: oasTlmConfig.auth.password
-      }, oasTlmConfig.auth.jwtSecret);
-      res.cookie('apiKey', apiKey, options);
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: "/"
+      });
+      res.cookie("refreshToken", refreshToken, {
+        maxAge: oasTlmConfig.auth.refreshTokenMaxAge,
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        path: oasTlmConfig.general.baseUrl + "/auth/refresh" // <-- cambiado de "/auth/refresh" a oasTlmConfig.general.baseUrl + "/auth/refresh"
+      });
       res.status(200).json({
         valid: true,
-        message: 'API Key is valid'
+        message: "Login successful"
       });
       return;
     }
     res.status(400).json({
       valid: false,
-      message: 'Invalid API Key'
+      message: "Invalid password"
     });
   } catch (error) {
-    _logger.default.log("Error: ", error);
+    _logger.default.error("Login error: ", error);
     res.status(500).json({
       valid: false,
-      message: 'Internal server error'
+      message: "Internal server error"
     });
   }
 };
 exports.getLogin = getLogin;
 const getLogout = oasTlmConfig => (req, res) => {
-  res.clearCookie('apiKey');
-  res.redirect(oasTlmConfig.general.baseUrl + oasTlmConfig.general.uiPath + '/login');
+  if (!oasTlmConfig.auth.enabled) {
+    res.status(200).json({
+      valid: true,
+      message: "Auth disabled"
+    });
+    return;
+  }
+  res.clearCookie('accessToken', {
+    path: '/'
+  });
+  res.clearCookie('refreshToken', {
+    path: oasTlmConfig.general.baseUrl + '/auth/refresh'
+  }); // <-- cambiado de "/auth/refresh" a oasTlmConfig.general.baseUrl + "/auth/refresh"
+  res.status(200).json({
+    valid: true,
+    message: "Logged out"
+  });
 };
 exports.getLogout = getLogout;
-const getCheck = oasTlmConfig => (req, res) => {
-  if (!req.cookies.apiKey) {
+const getRefresh = oasTlmConfig => (req, res) => {
+  if (!oasTlmConfig.auth.enabled) {
     res.status(200).json({
+      valid: true,
+      message: "Auth disabled"
+    });
+    return;
+  }
+  const refreshToken = req.cookies.refreshToken;
+  if (!refreshToken) {
+    res.status(401).json({
       valid: false,
-      message: 'API Key is invalid'
+      message: "No refresh token"
     });
     return;
   }
-  const decoded = _jsonwebtoken.default.verify(req.cookies.apiKey, oasTlmConfig.auth.jwtSecret);
-  if (decoded.password === oasTlmConfig.auth.password) {
+  try {
+    const payload = _jsonwebtoken.default.verify(refreshToken, oasTlmConfig.auth.jwtSecret);
+    if (payload.type !== "refresh") throw new Error("Invalid token type");
+    const accessToken = generateAccessToken(oasTlmConfig.auth.jwtSecret, oasTlmConfig.auth.accessTokenMaxAge);
+    res.cookie("accessToken", accessToken, {
+      maxAge: oasTlmConfig.auth.accessTokenMaxAge,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      path: "/"
+    });
     res.status(200).json({
       valid: true,
-      message: 'API Key is valid'
+      message: "Refreshed"
+    });
+  } catch (err) {
+    res.status(401).json({
+      valid: false,
+      message: "Invalid refresh token"
     });
-    return;
   }
+};
+exports.getRefresh = getRefresh;
+const getAuthEnabled = oasTlmConfig => (req, res) => {
   res.status(200).json({
-    valid: false,
-    message: 'Invalid API Key'
+    enabled: !!oasTlmConfig.auth.enabled
   });
 };
-exports.getCheck = getCheck;
+exports.getAuthEnabled = getAuthEnabled;

package/dist/cjs/tlm-auth/authMiddleware.cjs

@@ -8,13 +8,26 @@ var _jsonwebtoken = _interopRequireDefault(require("jsonwebtoken"));
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function getAuthMiddleware(oasTlmConfig) {
   return function authMiddleware(req, res, next) {
-    const apiKey = req.cookies.apiKey;
-    if (apiKey) {
-      const decoded = _jsonwebtoken.default.verify(apiKey, oasTlmConfig.auth.jwtSecret);
-      if (decoded.password === oasTlmConfig.auth.password) {
-        return next();
-      }
+    if (!oasTlmConfig.auth.enabled) {
+      return next();
+    }
+    const token = req.cookies.accessToken;
+    if (!token) {
+      res.status(401).json({
+        valid: false,
+        message: "No access token"
+      });
+      return;
+    }
+    try {
+      const payload = _jsonwebtoken.default.verify(token, oasTlmConfig.auth.jwtSecret);
+      if (payload.type !== "access") throw new Error("Invalid token type");
+      return next();
+    } catch {
+      res.status(401).json({
+        valid: false,
+        message: "Invalid access token"
+      });
     }
-    res.status(401).redirect(oasTlmConfig.general.baseUrl + oasTlmConfig.general.uiPath + '/login');
   };
 }

package/dist/cjs/tlm-auth/authRoutes.cjs

@@ -9,8 +9,9 @@ var _authController = require("./authController.cjs");
 const getAuthRoutes = oasTlmConfig => {
   const router = (0, _express.Router)();
   router.post('/login', (0, _authController.getLogin)(oasTlmConfig));
-  router.get('/logout', (0, _authController.getLogout)(oasTlmConfig));
-  router.get('/check', (0, _authController.getCheck)(oasTlmConfig));
+  router.post('/refresh', (0, _authController.getRefresh)(oasTlmConfig));
+  router.post('/logout', (0, _authController.getLogout)(oasTlmConfig));
+  router.get('/enabled', (0, _authController.getAuthEnabled)(oasTlmConfig));
   return router;
 };
 exports.getAuthRoutes = getAuthRoutes;