npm - @oneuptime/common - Versions diffs - 7.0.4850 → 7.0.4868 - Mend

@oneuptime/common 7.0.4850 → 7.0.4868

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/Models/DatabaseModels/Index.ts CHANGED Viewed

@@ -179,6 +179,7 @@ import ProjectUser from "./ProjectUser";
 import OnCallDutyPolicyUserOverride from "./OnCallDutyPolicyUserOverride";
 import MonitorFeed from "./MonitorFeed";
 import MetricType from "./MetricType";
+import ProjectSCIM from "./ProjectSCIM";
 const AllModelTypes: Array<{
   new (): BaseModel;
@@ -380,6 +381,8 @@ const AllModelTypes: Array<{
   MetricType,
   OnCallDutyPolicyTimeLog,
+  ProjectSCIM,
 ];
 const modelTypeMap: { [key: string]: { new (): BaseModel } } = {};

package/Models/DatabaseModels/ProjectSCIM.ts ADDED Viewed

@@ -0,0 +1,451 @@
+import Project from "./Project";
+import Team from "./Team";
+import User from "./User";
+import BaseModel from "./DatabaseBaseModel/DatabaseBaseModel";
+import Route from "../../Types/API/Route";
+import { PlanType } from "../../Types/Billing/SubscriptionPlan";
+import ColumnAccessControl from "../../Types/Database/AccessControl/ColumnAccessControl";
+import TableAccessControl from "../../Types/Database/AccessControl/TableAccessControl";
+import TableBillingAccessControl from "../../Types/Database/AccessControl/TableBillingAccessControl";
+import ColumnLength from "../../Types/Database/ColumnLength";
+import ColumnType from "../../Types/Database/ColumnType";
+import CrudApiEndpoint from "../../Types/Database/CrudApiEndpoint";
+import TableColumn from "../../Types/Database/TableColumn";
+import TableColumnType from "../../Types/Database/TableColumnType";
+import TableMetadata from "../../Types/Database/TableMetadata";
+import TenantColumn from "../../Types/Database/TenantColumn";
+import UniqueColumnBy from "../../Types/Database/UniqueColumnBy";
+import IconProp from "../../Types/Icon/IconProp";
+import ObjectID from "../../Types/ObjectID";
+import Permission from "../../Types/Permission";
+import {
+  Column,
+  Entity,
+  Index,
+  JoinColumn,
+  JoinTable,
+  ManyToMany,
+  ManyToOne,
+} from "typeorm";
+@TableBillingAccessControl({
+  create: PlanType.Scale,
+  read: PlanType.Scale,
+  update: PlanType.Scale,
+  delete: PlanType.Scale,
+})
+@TenantColumn("projectId")
+@TableAccessControl({
+  create: [
+    Permission.ProjectOwner,
+    Permission.ProjectAdmin,
+    Permission.CreateProjectSSO,
+  ],
+  read: [
+    Permission.ProjectOwner,
+    Permission.ProjectAdmin,
+    Permission.ProjectMember,
+    Permission.ReadProjectSSO,
+  ],
+  delete: [
+    Permission.ProjectOwner,
+    Permission.ProjectAdmin,
+    Permission.DeleteProjectSSO,
+  ],
+  update: [
+    Permission.ProjectOwner,
+    Permission.ProjectAdmin,
+    Permission.EditProjectSSO,
+  ],
+})
+@CrudApiEndpoint(new Route("/project-scim"))
+@TableMetadata({
+  tableName: "ProjectSCIM",
+  singularName: "SCIM",
+  pluralName: "SCIM",
+  icon: IconProp.Lock,
+  tableDescription: "Manage SCIM auto-provisioning for your project",
+})
+@Entity({
+  name: "ProjectSCIM",
+})
+export default class ProjectSCIM extends BaseModel {
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [],
+  })
+  @TableColumn({
+    manyToOneRelationColumn: "projectId",
+    type: TableColumnType.Entity,
+    modelType: Project,
+    title: "Project",
+    description: "Relation to Project Resource in which this object belongs",
+  })
+  @ManyToOne(
+    () => {
+      return Project;
+    },
+    {
+      eager: false,
+      nullable: true,
+      onDelete: "CASCADE",
+      orphanedRowAction: "nullify",
+    },
+  )
+  @JoinColumn({ name: "projectId" })
+  public project?: Project = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [],
+  })
+  @Index()
+  @TableColumn({
+    type: TableColumnType.ObjectID,
+    required: true,
+    canReadOnRelationQuery: true,
+    title: "Project ID",
+    description: "ID of your OneUptime Project in which this object belongs",
+  })
+  @Column({
+    type: ColumnType.ObjectID,
+    nullable: false,
+    transformer: ObjectID.getDatabaseTransformer(),
+  })
+  public projectId?: ObjectID = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSSO,
+    ],
+  })
+  @TableColumn({
+    required: true,
+    type: TableColumnType.ShortText,
+    canReadOnRelationQuery: true,
+    title: "Name",
+    description: "Any friendly name for this SCIM configuration",
+  })
+  @Column({
+    nullable: false,
+    type: ColumnType.ShortText,
+    length: ColumnLength.ShortText,
+  })
+  @UniqueColumnBy("projectId")
+  public name?: string = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSSO,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.LongText,
+    title: "Description",
+    description: "Friendly description to help you remember",
+  })
+  @Column({
+    nullable: true,
+    type: ColumnType.LongText,
+    length: ColumnLength.LongText,
+  })
+  public description?: string = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ReadProjectSSO,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSSO,
+    ],
+  })
+  @TableColumn({
+    required: true,
+    type: TableColumnType.LongText,
+    title: "Bearer Token",
+    description: "Bearer token for SCIM authentication. Keep this secure.",
+  })
+  @Column({
+    nullable: false,
+    type: ColumnType.LongText,
+    length: ColumnLength.LongText,
+  })
+  public bearerToken?: string = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSSO,
+    ],
+  })
+  @TableColumn({
+    required: false,
+    type: TableColumnType.EntityArray,
+    modelType: Team,
+    title: "Default Teams",
+    description: "Default teams that new users will be added to via SCIM",
+  })
+  @ManyToMany(
+    () => {
+      return Team;
+    },
+    { eager: false },
+  )
+  @JoinTable({
+    name: "ProjectScimTeam",
+    inverseJoinColumn: {
+      name: "teamId",
+      referencedColumnName: "_id",
+    },
+    joinColumn: {
+      name: "projectScimId",
+      referencedColumnName: "_id",
+    },
+  })
+  public teams?: Array<Team> = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSSO,
+    ],
+  })
+  @TableColumn({
+    isDefaultValueColumn: true,
+    type: TableColumnType.Boolean,
+    title: "Auto Provision Users",
+    description: "Automatically create users when they are added via SCIM",
+    defaultValue: true,
+  })
+  @Column({
+    type: ColumnType.Boolean,
+    default: true,
+  })
+  public autoProvisionUsers?: boolean = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.EditProjectSSO,
+    ],
+  })
+  @TableColumn({
+    isDefaultValueColumn: true,
+    type: TableColumnType.Boolean,
+    title: "Auto Deprovision Users",
+    description: "Automatically remove users when they are removed via SCIM",
+    defaultValue: true,
+  })
+  @Column({
+    type: ColumnType.Boolean,
+    default: true,
+  })
+  public autoDeprovisionUsers?: boolean = undefined;
+  @ColumnAccessControl({
+    create: [],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [],
+  })
+  @TableColumn({
+    manyToOneRelationColumn: "createdByUserId",
+    type: TableColumnType.Entity,
+    modelType: User,
+    title: "Created by User",
+    description:
+      "Relation to User who created this object (if this object was created by a User)",
+  })
+  @ManyToOne(
+    () => {
+      return User;
+    },
+    {
+      eager: false,
+      nullable: true,
+      onDelete: "SET NULL",
+      orphanedRowAction: "nullify",
+    },
+  )
+  @JoinColumn({ name: "createdByUserId" })
+  public createdByUser?: User = undefined;
+  @ColumnAccessControl({
+    create: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.CreateProjectSSO,
+    ],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [],
+  })
+  @TableColumn({
+    type: TableColumnType.ObjectID,
+    title: "Created by User ID",
+    description:
+      "User ID who created this object (if this object was created by a User)",
+  })
+  @Column({
+    type: ColumnType.ObjectID,
+    nullable: true,
+    transformer: ObjectID.getDatabaseTransformer(),
+  })
+  public createdByUserId?: ObjectID = undefined;
+  @ColumnAccessControl({
+    create: [],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [],
+  })
+  @TableColumn({
+    manyToOneRelationColumn: "deletedByUserId",
+    type: TableColumnType.Entity,
+    modelType: User,
+    title: "Deleted by User",
+    description:
+      "Relation to User who deleted this object (if this object was deleted by a User)",
+  })
+  @ManyToOne(
+    () => {
+      return User;
+    },
+    {
+      cascade: false,
+      eager: false,
+      nullable: true,
+      onDelete: "SET NULL",
+      orphanedRowAction: "nullify",
+    },
+  )
+  @JoinColumn({ name: "deletedByUserId" })
+  public deletedByUser?: User = undefined;
+  @ColumnAccessControl({
+    create: [],
+    read: [
+      Permission.ProjectOwner,
+      Permission.ProjectAdmin,
+      Permission.ProjectMember,
+      Permission.ReadProjectSSO,
+    ],
+    update: [],
+  })
+  @TableColumn({
+    type: TableColumnType.ObjectID,
+    title: "Deleted by User ID",
+    description:
+      "User ID who deleted this object (if this object was deleted by a User)",
+  })
+  @Column({
+    type: ColumnType.ObjectID,
+    nullable: true,
+    transformer: ObjectID.getDatabaseTransformer(),
+  })
+  public deletedByUserId?: ObjectID = undefined;
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/1754304193228-MigrationName.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+export class MigrationName1754304193228 implements MigrationInterface {
+  public name = "MigrationName1754304193228";
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `CREATE TABLE "ProjectSCIM" ("_id" uuid NOT NULL DEFAULT uuid_generate_v4(), "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "updatedAt" TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT now(), "deletedAt" TIMESTAMP WITH TIME ZONE, "version" integer NOT NULL, "projectId" uuid NOT NULL, "name" character varying(100) NOT NULL, "description" character varying(500), "bearerToken" character varying(500) NOT NULL, "autoProvisionUsers" boolean NOT NULL DEFAULT true, "autoDeprovisionUsers" boolean NOT NULL DEFAULT true, "isEnabled" boolean NOT NULL DEFAULT false, "createdByUserId" uuid, "deletedByUserId" uuid, CONSTRAINT "PK_51e71d70211675a5c918aee4e68" PRIMARY KEY ("_id"))`,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_f916360335859c26c4d7051239" ON "ProjectSCIM" ("projectId") `,
+    );
+    await queryRunner.query(
+      `CREATE TABLE "ProjectScimTeam" ("projectScimId" uuid NOT NULL, "teamId" uuid NOT NULL, CONSTRAINT "PK_db724b66b4fa8c880ce5ccf820b" PRIMARY KEY ("projectScimId", "teamId"))`,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_b9a28efd66600267f0e9de0731" ON "ProjectScimTeam" ("projectScimId") `,
+    );
+    await queryRunner.query(
+      `CREATE INDEX "IDX_bb0eda2ef0c773f975e9ad8448" ON "ProjectScimTeam" ("teamId") `,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" ADD CONSTRAINT "FK_f916360335859c26c4d7051239b" FOREIGN KEY ("projectId") REFERENCES "Project"("_id") ON DELETE CASCADE ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" ADD CONSTRAINT "FK_5d5d587984f156e5215d51daff7" FOREIGN KEY ("createdByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" ADD CONSTRAINT "FK_9cadda4fc2af268b5670d02bf76" FOREIGN KEY ("deletedByUserId") REFERENCES "User"("_id") ON DELETE SET NULL ON UPDATE NO ACTION`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectScimTeam" ADD CONSTRAINT "FK_b9a28efd66600267f0e9de0731b" FOREIGN KEY ("projectScimId") REFERENCES "ProjectSCIM"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectScimTeam" ADD CONSTRAINT "FK_bb0eda2ef0c773f975e9ad8448a" FOREIGN KEY ("teamId") REFERENCES "Team"("_id") ON DELETE CASCADE ON UPDATE CASCADE`,
+    );
+  }
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "ProjectScimTeam" DROP CONSTRAINT "FK_bb0eda2ef0c773f975e9ad8448a"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectScimTeam" DROP CONSTRAINT "FK_b9a28efd66600267f0e9de0731b"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" DROP CONSTRAINT "FK_9cadda4fc2af268b5670d02bf76"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" DROP CONSTRAINT "FK_5d5d587984f156e5215d51daff7"`,
+    );
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" DROP CONSTRAINT "FK_f916360335859c26c4d7051239b"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_bb0eda2ef0c773f975e9ad8448"`,
+    );
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_b9a28efd66600267f0e9de0731"`,
+    );
+    await queryRunner.query(`DROP TABLE "ProjectScimTeam"`);
+    await queryRunner.query(
+      `DROP INDEX "public"."IDX_f916360335859c26c4d7051239"`,
+    );
+    await queryRunner.query(`DROP TABLE "ProjectSCIM"`);
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/1754315774827-MigrationName.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+export class MigrationName1754315774827 implements MigrationInterface {
+  public name = "MigrationName1754315774827";
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" DROP COLUMN "isEnabled"`,
+    );
+  }
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "ProjectSCIM" ADD "isEnabled" boolean NOT NULL DEFAULT false`,
+    );
+  }
+}

package/Server/Infrastructure/Postgres/SchemaMigrations/Index.ts CHANGED Viewed

@@ -146,6 +146,8 @@ import { MigrationName1753343522987 } from "./1753343522987-MigrationName";
 import { MigrationName1753377161288 } from "./1753377161288-MigrationName";
 import { AddPerformanceIndexes1753378524062 } from "./1753378524062-AddPerformanceIndexes";
 import { MigrationName1753383711511 } from "./1753383711511-MigrationName";
+import { MigrationName1754304193228 } from "./1754304193228-MigrationName";
+import { MigrationName1754315774827 } from "./1754315774827-MigrationName";
 export default [
   InitialMigration,
@@ -296,4 +298,6 @@ export default [
   MigrationName1753377161288,
   AddPerformanceIndexes1753378524062,
   MigrationName1753383711511,
+  MigrationName1754304193228,
+  MigrationName1754315774827,
 ];

package/Server/Infrastructure/Queue.ts CHANGED Viewed

@@ -225,7 +225,7 @@ export default class Queue {
       };
       if (job.stacktrace && job.stacktrace.length > 0) {
-        result.stackTrace = job.stacktrace.join('\n');
+        result.stackTrace = job.stacktrace.join("\n");
       }
       return result;

package/Server/Middleware/SCIMAuthorization.ts ADDED Viewed

@@ -0,0 +1,94 @@
+import ProjectSCIMService from "../Services/ProjectSCIMService";
+import {
+  ExpressRequest,
+  ExpressResponse,
+  NextFunction,
+  OneUptimeRequest,
+} from "../Utils/Express";
+import ObjectID from "../../Types/ObjectID";
+import ProjectSCIM from "../../Models/DatabaseModels/ProjectSCIM";
+import NotAuthorizedException from "../../Types/Exception/NotAuthorizedException";
+import BadRequestException from "../../Types/Exception/BadRequestException";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
+import logger from "../Utils/Logger";
+export default class SCIMMiddleware {
+  @CaptureSpan()
+  public static async isAuthorizedSCIMRequest(
+    req: ExpressRequest,
+    _res: ExpressResponse,
+    next: NextFunction,
+  ): Promise<void> {
+    try {
+      const oneuptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
+      // Extract project SCIM ID from URL path
+      const projectScimId: string | undefined = req.params["projectScimId"];
+      if (!projectScimId) {
+        throw new BadRequestException("Project SCIM ID is required");
+      }
+      // Extract bearer token from Authorization header
+      let bearerToken: string | undefined;
+      if (req.headers?.["authorization"]) {
+        const authHeader: string = req.headers["authorization"] as string;
+        if (authHeader.startsWith("Bearer ")) {
+          bearerToken = authHeader.substring(7);
+        }
+      }
+      logger.debug(
+        `SCIM Authorization: projectScimId=${projectScimId}, bearerToken=${
+          bearerToken
+        }`,
+      );
+      if (!bearerToken) {
+        throw new NotAuthorizedException(
+          "Bearer token is required for SCIM authentication",
+        );
+      }
+      // Find SCIM configuration by SCIM ID and bearer token
+      const scimConfig: ProjectSCIM | null = await ProjectSCIMService.findOneBy(
+        {
+          query: {
+            _id: new ObjectID(projectScimId),
+            bearerToken: bearerToken,
+          },
+          select: {
+            _id: true,
+            projectId: true,
+            autoProvisionUsers: true,
+            autoDeprovisionUsers: true,
+            teams: {
+              _id: true,
+              name: true,
+            },
+          },
+          props: {
+            isRoot: true,
+          },
+        },
+      );
+      if (!scimConfig) {
+        throw new NotAuthorizedException(
+          "Invalid bearer token or SCIM configuration not found",
+        );
+      }
+      // Store SCIM configuration and project ID in bearerTokenData for use in handlers
+      oneuptimeRequest.bearerTokenData = {
+        scimConfig: scimConfig,
+        projectId: scimConfig.projectId,
+        projectScimId: new ObjectID(projectScimId),
+        type: "scim",
+      };
+      return next();
+    } catch (err) {
+      return next(err);
+    }
+  }
+}

package/Server/Services/ProjectSCIMService.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import CreateBy from "../Types/Database/CreateBy";
+import { OnCreate } from "../Types/Database/Hooks";
+import DatabaseService from "./DatabaseService";
+import Model from "../../Models/DatabaseModels/ProjectSCIM";
+import ObjectID from "../../Types/ObjectID";
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+  }
+  protected override async onBeforeCreate(
+    createBy: CreateBy<Model>,
+  ): Promise<OnCreate<Model>> {
+    if (!createBy.data.bearerToken) {
+      // Generate a secure bearer token if not provided
+      createBy.data.bearerToken = ObjectID.generate().toString();
+    }
+    return {
+      createBy: createBy,
+      carryForward: {},
+    };
+  }
+}
+export default new Service();