@privateaim/server-http-kit 0.7.0

package/src/middlewares/force-logged-in.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2021-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { UnauthorizedError } from '@ebec/http';
+import type { HandlerInterface } from '@routup/decorators';
+import type {
+    Next, Request, Response,
+} from 'routup';
+import { useRequestEnv } from '../request';
+
+export class ForceLoggedInMiddleware implements HandlerInterface {
+    public run(request: Request, response: Response, next: Next) {
+        if (
+            typeof useRequestEnv(request, 'userId') === 'undefined' &&
+            typeof useRequestEnv(request, 'robotId') === 'undefined'
+        ) {
+            throw new UnauthorizedError();
+        }
+
+        next();
+    }
+}

package/src/middlewares/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2022-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './cors';
+export * from './error';
+export * from './force-logged-in';
+export * from './module';
+export * from './prometheus';
+export * from './rate-limit';
+export * from './swagger';
+export * from './types';

package/src/middlewares/module.ts

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Router } from 'routup';
+import { mountAuthupMiddleware } from '../services';
+import { boolableToObject } from '../utils';
+import { mountBasicMiddleware } from './basic';
+import { mountCorsMiddleware } from './cors';
+import { mountDecoratorsMiddleware } from './decorators';
+import { mountPrometheusMiddleware } from './prometheus';
+import { mountRateLimiterMiddleware } from './rate-limit';
+import { mountSwaggerMiddleware } from './swagger';
+import type { MiddlewareRegistrationContext } from './types';
+
+export function mountMiddlewares(router: Router, ctx: MiddlewareRegistrationContext) {
+    ctx.basic ??= true;
+    ctx.cors ??= true;
+    ctx.prometheus ??= true;
+    ctx.rateLimit ??= true;
+    ctx.swagger ??= true;
+
+    if (ctx.cors) {
+        mountCorsMiddleware(router);
+    }
+
+    if (ctx.basic) {
+        mountBasicMiddleware(router);
+    }
+
+    if (ctx.authup) {
+        mountAuthupMiddleware(router, ctx.authup);
+    }
+
+    if (ctx.prometheus) {
+        mountPrometheusMiddleware(router);
+    }
+
+    if (ctx.rateLimit) {
+        mountRateLimiterMiddleware(router);
+    }
+
+    if (ctx.swagger) {
+        mountSwaggerMiddleware(router, boolableToObject(ctx.swagger));
+    }
+
+    if (ctx.decorators) {
+        mountDecoratorsMiddleware(router, ctx.decorators);
+    }
+}

package/src/middlewares/prometheus.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2023-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { prometheus } from '@routup/prometheus';
+import type { Router } from 'routup';
+
+export function mountPrometheusMiddleware(router: Router) {
+    router.use(prometheus());
+}

package/src/middlewares/rate-limit.ts

@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2023-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { REALM_MASTER_NAME } from '@authup/core-kit';
+import type { OptionsInput } from '@routup/rate-limit';
+import { rateLimit } from '@routup/rate-limit';
+import type { Request, Router } from 'routup';
+import { useRequestEnv } from '../request';
+
+export function mountRateLimiterMiddleware(router: Router) {
+    const options : OptionsInput = {
+        skip(req: Request) {
+            const robot = useRequestEnv(req, 'robotId');
+            if (robot) {
+                const { name } = useRequestEnv(req, 'realm');
+
+                if (
+                    name === REALM_MASTER_NAME &&
+                    useRequestEnv(req, 'robotName') === 'system'
+                ) {
+                    return true;
+                }
+            }
+
+            return false;
+        },
+        max(req: Request) {
+            if (useRequestEnv(req, 'userId')) {
+                return 60 * 100; // 100 req p. sec
+            }
+
+            const robot = useRequestEnv(req, 'robotId');
+            if (robot) {
+                return 60 * 1000; // 1000 req p. sec
+            }
+
+            return 60 * 20; // 20 req p. sec
+        },
+        windowMs: 60 * 1000, // 60 sec
+    };
+
+    router.use(rateLimit(options));
+}

package/src/middlewares/swagger.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2023-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import path from 'node:path';
+import { swaggerUI } from '@routup/swagger';
+import { loadSync } from 'locter';
+import process from 'node:process';
+import type { Router } from 'routup';
+import type { MiddlewareSwaggerOptions } from './types';
+
+export function mountSwaggerMiddleware(router: Router, options: MiddlewareSwaggerOptions) {
+    let document : any;
+    if (options.cwd) {
+        document = loadSync(path.join(options.cwd, 'swagger.json'));
+    } else {
+        document = loadSync(path.join(process.cwd(), 'writable', 'swagger.json'));
+    }
+
+    router.use('/docs', swaggerUI(document, {
+        baseURL: options.baseURL,
+    }));
+}

package/src/middlewares/types.ts

@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { ClassType } from '@routup/decorators';
+import type { AuthupMiddlewareRegistrationOptions } from '../services';
+
+export type MiddlewareSwaggerOptions = {
+    cwd?: string,
+    baseURL?: string
+};
+
+export type MiddlewareDecoratorsOptions = {
+    controllers: (ClassType | Record<string, any>)[]
+};
+
+export type MiddlewareRegistrationContext = {
+    options?: MiddlewareSwaggerOptions,
+
+    authup?: AuthupMiddlewareRegistrationOptions,
+    basic?: boolean,
+    cors?: boolean,
+    decorators?: MiddlewareDecoratorsOptions,
+    prometheus?: boolean,
+    rateLimit?: boolean,
+    swagger?: MiddlewareSwaggerOptions | boolean,
+};

package/src/request/env.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { setRequestEnv as setEnv, useRequestEnv as useEnv } from 'routup';
+import type { Request } from 'routup';
+import type { RequestEnv } from './types';
+
+export function useRequestEnv(req: Request) : RequestEnv;
+export function useRequestEnv<T extends keyof RequestEnv>(req: Request, key: T) : RequestEnv[T];
+export function useRequestEnv<T extends keyof RequestEnv>(req: Request, key?: T) {
+    if (typeof key === 'string') {
+        return useEnv(req, key) as RequestEnv[T];
+    }
+
+    return useEnv(req);
+}
+
+export function setRequestEnv<T extends keyof RequestEnv>(
+    req: Request,
+    key: T,
+    value: RequestEnv[T],
+) {
+    return setEnv(req, key, value);
+}

package/src/request/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './env';
+export * from './types';

package/src/request/types.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Abilities } from '@authup/kit';
+
+export type RequestEnv = {
+    abilities?: Abilities,
+
+    realmId?: string,
+    realmName?: string,
+    realm?: { id?: string, name?: string },
+
+    userId?: string,
+    userName?: string,
+
+    robotId?: string,
+    robotName?: string
+};

package/src/services/authup/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './middleware';
+export * from './types';

package/src/services/authup/middleware.ts

@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { TokenCreatorOptions } from '@authup/core-http-kit';
+import type { TokenVerifierRedisCacheOptions } from '@authup/server-core-plugin-kit';
+import { createMiddleware } from '@authup/server-core-plugin-http';
+import { useRequestCookie } from '@routup/basic/cookie';
+import { parseAuthorizationHeader } from 'hapic';
+import type { Router } from 'routup';
+import { coreHandler, getRequestHeader } from 'routup';
+import type { AuthupMiddlewareRegistrationOptions } from './types';
+import { applyTokenVerificationData, createFakeTokenVerificationData } from './utils';
+
+export function mountAuthupMiddleware(
+    router: Router,
+    options: AuthupMiddlewareRegistrationOptions,
+) {
+    if (!options.client) {
+        const data = createFakeTokenVerificationData();
+
+        router.use(coreHandler((req, res, next) => {
+            applyTokenVerificationData(req, data, options.fakeAbilities);
+            next();
+        }));
+
+        return;
+    }
+
+    router.use(coreHandler(async (req, res, next) => {
+        const headerRaw = getRequestHeader(req, 'authorization');
+        if (typeof headerRaw !== 'string') {
+            next();
+        }
+
+        const cacheKey = `authorization-header:${headerRaw}`;
+
+        if (options.redisClient) {
+            const data = await options.redisClient.get(cacheKey);
+            if (data) {
+                req.headers.authorization = `Bearer ${data}`;
+                next();
+                return;
+            }
+        }
+
+        const header = parseAuthorizationHeader(headerRaw);
+
+        if (header.type === 'Basic') {
+            const token = await options.client.token.createWithPasswordGrant({
+                username: header.username,
+                password: header.password,
+            });
+
+            req.headers.authorization = `Bearer ${token.access_token}`;
+            if (options.redisClient) {
+                await options.redisClient.setex(cacheKey, token.expires_in, token.access_token);
+            }
+        }
+
+        next();
+    }));
+
+    let tokenCreator : TokenCreatorOptions;
+    if (options.vaultClient) {
+        tokenCreator = {
+            type: 'robotInVault',
+            name: 'system',
+            vault: options.vaultClient,
+            baseURL: options.client.getBaseURL(),
+        };
+    } else {
+        tokenCreator = {
+            type: 'user',
+            name: 'admin',
+            password: 'start123',
+            baseURL: options.client.getBaseURL(),
+        };
+    }
+
+    let tokenCache : TokenVerifierRedisCacheOptions | undefined;
+    if (options.redisClient) {
+        tokenCache = {
+            type: 'redis',
+            client: options.redisClient,
+        };
+    }
+
+    const middleware = createMiddleware({
+        tokenByCookie: (req, cookieName) => useRequestCookie(req, cookieName),
+        tokenVerifier: {
+            baseURL: options.client.getBaseURL(),
+            creator: tokenCreator,
+            cache: tokenCache,
+        },
+        tokenVerifierHandler: (
+            req,
+            data,
+        ) => applyTokenVerificationData(req, data, options.fakeAbilities),
+    });
+
+    router.use(coreHandler((
+        req,
+        res,
+        next,
+    ) => middleware(req, res, next)));
+}

package/src/services/authup/types.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { VaultClient } from '@hapic/vault';
+import type { Client as RedisClient } from 'redis-extension';
+import type { Client as AuthupClient } from '@authup/core-http-kit';
+
+export type AuthupMiddlewareRegistrationOptions = {
+    client?: AuthupClient,
+    vaultClient?: VaultClient,
+    redisClient?: RedisClient,
+    fakeAbilities?: boolean
+};

package/src/services/authup/utils.ts

@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Ability } from '@authup/kit';
+import { Abilities } from '@authup/kit';
+import { REALM_MASTER_NAME } from '@authup/core-kit';
+import type { TokenVerificationData } from '@authup/server-core-plugin-kit';
+import { PermissionID } from '@privateaim/kit';
+import type { Request } from 'routup';
+import { setRequestEnv } from '../../request';
+
+type TokenVerificationDataMinimal = Pick<
+TokenVerificationData,
+'permissions' |
+'realm_id' |
+'realm_name' |
+'sub' |
+'sub_kind' |
+'sub_name'
+>;
+
+function generateAbilities(): Ability[] {
+    return Object.values(PermissionID).map((name) => ({
+        name,
+    } satisfies Ability));
+}
+
+export function createFakeTokenVerificationData(): TokenVerificationDataMinimal {
+    return {
+        realm_id: 'd94b2f28-29e3-4ced-b8f1-6923a01dc1ee',
+        realm_name: REALM_MASTER_NAME,
+
+        sub_kind: 'user',
+        sub: 'd94b2f28-29e3-4ced-b8f1-6923a01dc1ee',
+        sub_name: 'admin',
+
+        permissions: generateAbilities(),
+    };
+}
+
+export function applyTokenVerificationData(
+    req: Request,
+    data: TokenVerificationDataMinimal,
+    fakeAbilities?: boolean,
+) {
+    let abilities: Ability[];
+    if (fakeAbilities) {
+        abilities = generateAbilities();
+    } else {
+        abilities = data.permissions;
+    }
+
+    const ability = new Abilities(abilities);
+    setRequestEnv(req, 'abilities', ability);
+
+    setRequestEnv(req, 'realmId', data.realm_id);
+    setRequestEnv(req, 'realmName', data.realm_name);
+    setRequestEnv(req, 'realm', {
+        id: data.realm_id,
+        name: data.realm_name,
+    });
+
+    switch (data.sub_kind) {
+        case 'user': {
+            setRequestEnv(req, 'userId', data.sub);
+            setRequestEnv(req, 'userName', data.sub_name);
+            break;
+        }
+        case 'robot': {
+            setRequestEnv(req, 'robotId', data.sub);
+            setRequestEnv(req, 'robotName', data.sub_name);
+            break;
+        }
+    }
+}

package/src/services/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './authup';

package/src/swagger/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './module';

package/src/swagger/module.ts

@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2021-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import path from 'node:path';
+import type { GeneratorOptionsInput } from '@routup/swagger';
+import { Version, generate } from '@routup/swagger';
+import { load } from 'locter';
+import process from 'node:process';
+import type { SwaggerGenerateOptions } from './types';
+
+export async function generateSwagger(options: SwaggerGenerateOptions) {
+    const cwd = options.cwd || process.cwd();
+    const packageJson = await load(path.join(cwd, 'package.json')) as Record<string, any>;
+
+    const securityDefinitions : GeneratorOptionsInput['securityDefinitions'] = {
+        bearer: {
+            name: 'Bearer',
+            type: 'apiKey',
+            in: 'header',
+        },
+
+        basicAuth: {
+            type: 'http',
+            schema: 'basic',
+        },
+    };
+
+    if (options.authupURL) {
+        securityDefinitions.oauth2 = {
+            type: 'oauth2',
+            flows: {
+                password: {
+                    tokenUrl: new URL('token', options.authupURL).href,
+                },
+            },
+        };
+    }
+
+    return generate({
+        version: Version.V2,
+        options: {
+            metadata: {
+                cache: false,
+                entryPoint: [
+                    { pattern: '**/*.ts', cwd: options.controllerBasePath },
+                ],
+                ignore: ['**/node_modules/**'],
+                allow: ['**/@authup/**'],
+            },
+            yaml: false,
+            servers: [
+                options.baseURL,
+            ],
+            name: 'API Documentation',
+            description: 'Explore the REST Endpoints.',
+            version: packageJson.version,
+            outputDirectory: path.join(cwd, 'writable'),
+            securityDefinitions,
+            consumes: ['application/json'],
+            produces: ['application/json'],
+        },
+    });
+}

package/src/swagger/types.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export type SwaggerGenerateOptions = {
+    baseURL: string,
+    authupURL?: string,
+    cwd?: string,
+    controllerBasePath: string,
+};

package/src/utils/boolable-to-object.ts

@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export function boolableToObject<T extends Record<string, any>>(input: T | boolean) : T {
+    if (typeof input === 'boolean') {
+        return {} as T;
+    }
+
+    return input;
+}

package/src/utils/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './boolable-to-object';

package/src/validation/index.ts

@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2021-2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './message';
+export * from './module';
+export * from './type';
+export * from './result';

package/src/validation/message.ts

@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export function buildHTTPValidationErrorMessage<
+    T extends Record<string, any> = Record<string, any>,
+>(name: keyof T | (keyof T)[]) {
+    const names = Array.isArray(name) ? name : [name];
+
+    if (names.length > 1) {
+        return `The parameters ${names.join(', ')} is invalid.`;
+    }
+    return `The parameter ${String(names[0])} is invalid.`;
+}