npm - @onlineapps/service-wrapper - Versions diffs - 2.1.58 → 2.1.60 - Mend

@onlineapps/service-wrapper 2.1.58 → 2.1.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/config/runtime-defaults.json +6 -0
package/package.json +1 -1
package/src/ConfigLoader.js +15 -1
package/src/createAccountContextMiddleware.js +88 -0
package/src/index.js +9 -0

package/config/runtime-defaults.json CHANGED Viewed

@@ -45,6 +45,12 @@
       },
       "validation": {
         "enabled": true
+      },
+      "accountContext": {
+        "enabled": true,
+        "headerName": "account-id",
+        "requirePathPrefixes": ["/api/"],
+        "excludePathPrefixes": ["/api/v1/specification"]
       }
     }
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@onlineapps/service-wrapper",
-  "version": "2.1.58",
+  "version": "2.1.60",
   "description": "Thin orchestration layer for microservices - delegates all infrastructure concerns to specialized connectors",
   "main": "src/index.js",
   "scripts": {

package/src/ConfigLoader.js CHANGED Viewed

@@ -303,6 +303,20 @@ class ConfigLoader {
     const validationProof = this.loadValidationProof(basePath);
     const nodeEnv = runtimeCfg.get('nodeEnv');
+    // Load service-wrapper runtime defaults (wrapper config only)
+    const runtimeDefaultsPath = path.join(__dirname, '..', 'config', 'runtime-defaults.json');
+    let runtimeDefaults = {};
+    try {
+      const runtimeDefaultsRaw = fs.readFileSync(runtimeDefaultsPath, 'utf8');
+      const parsed = JSON.parse(runtimeDefaultsRaw);
+      runtimeDefaults = parsed && typeof parsed === 'object' && parsed.defaults ? parsed.defaults : {};
+    } catch (error) {
+      throw new Error(`[ConfigLoader] Failed to load runtime defaults - Expected readable JSON at ${runtimeDefaultsPath}. ${error.message}`);
+    }
+    // Deep-merge defaults into wrapper config (service overrides win)
+    const mergedWrapper = this.deepMerge(runtimeDefaults.wrapper || {}, serviceConfig.wrapper || {});
     // Include any custom top-level sections from config.json (e.g., storage, smtp, etc.)
     // Keep service-wrapper owned sections (service, wrapper) explicit and stable.
     const customSections = {};
@@ -321,7 +335,7 @@ class ConfigLoader {
         url: serviceConfig.service.url,
         env: nodeEnv
       },
-      wrapper: serviceConfig.wrapper || {},
+      wrapper: mergedWrapper,
       operations,
       validationProof,
       ...customSections

package/src/createAccountContextMiddleware.js ADDED Viewed

@@ -0,0 +1,88 @@
+'use strict';
+/**
+ * Create an Express middleware that enforces required account context for business APIs.
+ *
+ * Rules:
+ * - Applies only for paths that match `requirePathPrefixes` and do NOT match `excludePathPrefixes`.
+ * - Requires header `headerName` to be a positive integer.
+ * - Sets `req.account_id` as integer.
+ *
+ * @param {Object} options
+ * @param {string} options.serviceName
+ * @param {Object} options.accountContext
+ * @param {boolean} options.accountContext.enabled
+ * @param {string} options.accountContext.headerName
+ * @param {string[]} options.accountContext.requirePathPrefixes
+ * @param {string[]} options.accountContext.excludePathPrefixes
+ * @returns {Function} Express middleware
+ */
+function createAccountContextMiddleware(options = {}) {
+  const serviceName = options.serviceName;
+  const accountContext = options.accountContext || {};
+  if (!serviceName || typeof serviceName !== 'string') {
+    throw new Error('[service-wrapper][AccountContext] Missing dependency - Expected serviceName (string)');
+  }
+  if (typeof accountContext !== 'object' || Array.isArray(accountContext)) {
+    throw new Error('[service-wrapper][AccountContext] Invalid configuration - Expected accountContext to be an object');
+  }
+  const {
+    enabled,
+    headerName,
+    requirePathPrefixes,
+    excludePathPrefixes
+  } = accountContext;
+  if (typeof enabled !== 'boolean') {
+    throw new Error(`[service-wrapper][AccountContext] Invalid configuration - wrapper.accountContext.enabled must be boolean, got: ${typeof enabled}`);
+  }
+  if (typeof headerName !== 'string' || headerName.trim() === '') {
+    throw new Error(`[service-wrapper][AccountContext] Invalid configuration - wrapper.accountContext.headerName must be non-empty string, got: ${headerName}`);
+  }
+  if (!Array.isArray(requirePathPrefixes) || requirePathPrefixes.some(p => typeof p !== 'string')) {
+    throw new Error('[service-wrapper][AccountContext] Invalid configuration - wrapper.accountContext.requirePathPrefixes must be string[]');
+  }
+  if (!Array.isArray(excludePathPrefixes) || excludePathPrefixes.some(p => typeof p !== 'string')) {
+    throw new Error('[service-wrapper][AccountContext] Invalid configuration - wrapper.accountContext.excludePathPrefixes must be string[]');
+  }
+  const requirePrefixes = requirePathPrefixes;
+  const excludePrefixes = excludePathPrefixes;
+  return function accountContextMiddleware(req, res, next) {
+    if (!enabled) {
+      return next();
+    }
+    const path = req && typeof req.path === 'string' ? req.path : '';
+    if (!requirePrefixes.some(prefix => path.startsWith(prefix))) {
+      return next();
+    }
+    if (excludePrefixes.some(prefix => path.startsWith(prefix))) {
+      return next();
+    }
+    const rawAccountId = req.headers ? req.headers[headerName] : undefined;
+    if (!rawAccountId) {
+      return res.status(400).json({
+        error: `[${serviceName}][Multitenancy] Missing account context - Expected request header '${headerName}' (INT)`
+      });
+    }
+    const accountId = Number.parseInt(String(rawAccountId), 10);
+    if (!Number.isInteger(accountId) || accountId <= 0) {
+      return res.status(400).json({
+        error: `[${serviceName}][Multitenancy] Invalid account context - Expected '${headerName}' to be a positive integer`
+      });
+    }
+    req.account_id = accountId;
+    return next();
+  };
+}
+module.exports = { createAccountContextMiddleware };

package/src/index.js CHANGED Viewed

@@ -16,6 +16,7 @@ const ServiceWrapper = require('./ServiceWrapper');
 const { ConfigLoader } = require('./ConfigLoader');
 const runtimeCfg = require('./config');
 const pkg = require('../package.json');
+const { createAccountContextMiddleware } = require('./createAccountContextMiddleware');
 // Note: WorkflowProcessor and ApiCaller functionality has been moved to connectors:
 // - WorkflowProcessor -> @onlineapps/conn-orch-orchestrator
@@ -58,6 +59,14 @@ async function bootstrap(serviceRoot, options = {}) {
   console.log(`Starting ${config.service.name} v${config.service.version}...`);
+  // 0. Apply shared request context middleware (account context for multitenancy)
+  // Enforced centrally for all business services: /api/** must have account-id (except /api/v1/specification).
+  const accountContextMw = createAccountContextMiddleware({
+    serviceName: config.service.name,
+    accountContext: config.wrapper?.accountContext
+  });
+  app.use(accountContextMw);
   // 1. Start HTTP server
   const PORT = config.service.port;
   const server = app.listen(PORT, () => {