@privateaim/server-http-kit 0.8.21 → 0.8.23

package/CHANGELOG.md

@@ -1,5 +1,43 @@
 # Changelog
 
+## [0.8.23](https://github.com/PrivateAIM/hub/compare/v0.8.22...v0.8.23) (2026-02-02)
+
+
+### Bug Fixes
+
+* **deps:** bump the minorandpatch group across 1 directory with 19 updates ([#1392](https://github.com/PrivateAIM/hub/issues/1392)) ([23060bf](https://github.com/PrivateAIM/hub/commit/23060bfce24100d17d4d83c7ee45ed6d85073c6b))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @privateaim/kit bumped from ^0.8.22 to ^0.8.23
+    * @privateaim/server-kit bumped from ^0.8.22 to ^0.8.23
+    * @privateaim/telemetry-kit bumped from ^0.8.22 to ^0.8.23
+
+## [0.8.22](https://github.com/PrivateAIM/hub/compare/v0.8.21...v0.8.22) (2026-01-27)
+
+
+### Features
+
+* check handlers for analysis building and distribution ([#1318](https://github.com/PrivateAIM/hub/issues/1318)) ([a43ba20](https://github.com/PrivateAIM/hub/commit/a43ba203223ee5ffc00e63c3ff1d8829970590b2))
+* migrate to esm & replace jest with vitest ([#1368](https://github.com/PrivateAIM/hub/issues/1368)) ([5a4d9d1](https://github.com/PrivateAIM/hub/commit/5a4d9d1ce118f65740aa49caf948208eac299032))
+
+
+### Bug Fixes
+
+* **deps:** bump the minorandpatch group across 1 directory with 16 updates ([#1329](https://github.com/PrivateAIM/hub/issues/1329)) ([7b394da](https://github.com/PrivateAIM/hub/commit/7b394da159d8e52cc37fe489832307a234f3ddb0))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @privateaim/kit bumped from ^0.8.21 to ^0.8.22
+    * @privateaim/server-kit bumped from ^0.8.21 to ^0.8.22
+    * @privateaim/telemetry-kit bumped from ^0.8.21 to ^0.8.22
+
 ## [0.8.21](https://github.com/PrivateAIM/hub/compare/v0.8.20...v0.8.21) (2025-11-04)
 
 

package/dist/index.mjs

@@ -0,0 +1,548 @@
+import { basic } from '@routup/basic';
+import cors from 'cors';
+import { coreHandler, errorHandler, setRequestEnv as setRequestEnv$1, useRequestEnv as useRequestEnv$1, getRequestHeader } from 'routup';
+import 'body-parser';
+import 'qs';
+import { decorators } from '@routup/decorators';
+import { PermissionError, BuiltInPolicyType, PermissionMemoryProvider, PermissionChecker } from '@authup/access';
+import { isObject, HubError } from '@privateaim/kit';
+import { LogChannel, LogFlag } from '@privateaim/telemetry-kit';
+import { useLogger } from '@privateaim/server-kit';
+import { EntityRelationLookupError } from 'typeorm-extension';
+import { ValidupNestedError, ValidupValidatorError } from 'validup';
+import { BadRequestError, UnauthorizedError } from '@ebec/http';
+import { REALM_MASTER_NAME, ScopeName } from '@authup/core-kit';
+import { RedisTokenVerifierCache, MemoryTokenVerifierCache, TokenVerifier } from '@authup/server-adapter-kit';
+import { createMiddleware } from '@authup/server-adapter-http';
+import { parseAuthorizationHeader } from 'hapic';
+import { unwrapOAuth2Scope } from '@authup/specs';
+import { prometheus } from '@routup/prometheus';
+import { rateLimit } from '@routup/rate-limit';
+import path from 'node:path';
+import { swaggerUI, generate, Version } from '@routup/swagger';
+import { loadSync, load } from 'locter';
+import process from 'node:process';
+
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ var HTTPHandlerOperation = /*#__PURE__*/ function(HTTPHandlerOperation) {
+    HTTPHandlerOperation["CREATE"] = "create";
+    HTTPHandlerOperation["UPDATE"] = "update";
+    return HTTPHandlerOperation;
+}({});
+
+function mountBasicMiddleware(router) {
+    router.use(basic());
+}
+
+function mountCorsMiddleware(router) {
+    router.use(coreHandler((req, res, next)=>cors({
+            origin (origin, callback) {
+                callback(null, true);
+            },
+            credentials: true
+        })(req, res, next)));
+}
+
+const BodySymbol = Symbol.for('ReqBody');
+function useRequestBody(req, key) {
+    let body;
+    /* istanbul ignore next */ if ('body' in req) {
+        body = req.body;
+    }
+    if (BodySymbol in req) {
+        if (body) {
+            body = {
+                ...req[BodySymbol],
+                ...body
+            };
+        } else {
+            body = req[BodySymbol];
+        }
+    }
+    if (body) {
+        if (typeof key === 'string') {
+            return body[key];
+        }
+        return body;
+    }
+    return typeof key === 'string' ? undefined : {};
+}
+
+const CookieSymbol = Symbol.for('ReqCookie');
+function useRequestCookies(req) {
+    if (CookieSymbol in req) {
+        return req[CookieSymbol];
+    }
+    return {};
+}
+function useRequestCookie(req, name) {
+    return useRequestCookies(req)[name];
+}
+
+const QuerySymbol = Symbol.for('ReqQuery');
+function useRequestQuery(req, key) {
+    /* istanbul ignore if  */ if ('query' in req) {
+        if (typeof key === 'string') {
+            return req.query[key];
+        }
+        return req.query;
+    }
+    if (QuerySymbol in req) {
+        if (typeof key === 'string') {
+            return req[QuerySymbol][key];
+        }
+        return req[QuerySymbol];
+    }
+    return typeof key === 'string' ? undefined : {};
+}
+
+function mountDecoratorsMiddleware(router, options) {
+    router.use(decorators({
+        controllers: options.controllers,
+        parameter: {
+            body: (context, name)=>{
+                if (name) {
+                    return useRequestBody(context.request, name);
+                }
+                return useRequestBody(context.request);
+            },
+            cookie: (context, name)=>{
+                if (name) {
+                    return useRequestCookie(context.request, name);
+                }
+                return useRequestCookies(context.request);
+            },
+            query: (context, name)=>{
+                if (name) {
+                    return useRequestQuery(context.request, name);
+                }
+                return useRequestQuery(context.request);
+            }
+        }
+    }));
+}
+
+function mountErrorMiddleware(router) {
+    router.use(errorHandler((error, req, res)=>{
+        const isServerError = error.statusCode >= 500 && error.statusCode < 600;
+        if (isServerError || error.logMessage) {
+            if (error.cause && isObject(error.cause)) {
+                useLogger().error({
+                    message: error.cause,
+                    [LogFlag.CHANNEL]: LogChannel.HTTP
+                });
+            } else {
+                useLogger().error({
+                    message: error,
+                    [LogFlag.CHANNEL]: LogChannel.HTTP
+                });
+            }
+        }
+        if (error.cause instanceof HubError) {
+            error.expose = true;
+            error.statusCode = 400;
+        }
+        if (error.cause instanceof PermissionError) {
+            error.expose = true;
+            if (error.cause.policy && error.cause.policy.type === BuiltInPolicyType.IDENTITY) {
+                error.statusCode = 401;
+            } else {
+                error.statusCode = 403;
+            }
+        }
+        if (error.cause instanceof EntityRelationLookupError) {
+            error.expose = true;
+            error.statusCode = 400;
+        }
+        if (error.cause instanceof ValidupNestedError) {
+            error.expose = true;
+            error.statusCode = 400;
+            error.data = {
+                children: error.cause.children,
+                attributes: error.cause.children.map((child)=>child.pathAbsolute)
+            };
+        }
+        if (error.cause instanceof ValidupValidatorError) {
+            error.expose = true;
+            error.statusCode = 400;
+        }
+        // catch and decorate some db errors :)
+        switch(error.code){
+            case 'ER_DUP_ENTRY':
+            case 'SQLITE_CONSTRAINT_UNIQUE':
+                {
+                    error.statusCode = 409;
+                    error.message = 'An entry with some unique attributes already exist.';
+                    error.expose = true;
+                    break;
+                }
+            case 'ER_DISK_FULL':
+                error.statusCode = 507;
+                error.message = 'No database operation possible, due the leak of free disk space.';
+                error.expose = true;
+                break;
+        }
+        const exposeError = typeof error.expose === 'boolean' ? error.expose : !isServerError;
+        if (!exposeError) {
+            error.message = 'An internal server error occurred.';
+        }
+        res.statusCode = error.statusCode;
+        return {
+            statusCode: error.statusCode,
+            code: `${error.code}`,
+            message: error.message,
+            ...exposeError && isObject(error.data) ? error.data : {}
+        };
+    }));
+}
+
+function useRequestEnv(req, key) {
+    if (typeof key === 'string') {
+        return useRequestEnv$1(req, key);
+    }
+    return useRequestEnv$1(req);
+}
+function setRequestEnv(req, key, value) {
+    return setRequestEnv$1(req, key, value);
+}
+
+function setRequestPermissionChecker(req, checker) {
+    setRequestEnv(req, 'permissionChecker', checker);
+}
+function useRequestPermissionChecker(req) {
+    const checker = useRequestEnv(req, 'permissionChecker');
+    if (!checker) {
+        throw new BadRequestError('The request permission checker is not initialized.');
+    }
+    return checker;
+}
+
+function useRequestIdentity(req) {
+    return useRequestEnv(req, 'identity');
+}
+function setRequestIdentity(req, identity) {
+    setRequestEnv(req, 'identity', identity);
+}
+function useRequestIdentityOrFail(req) {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        throw new UnauthorizedError();
+    }
+    return identity;
+}
+function isRequestIdentityMasterRealmMember(input) {
+    return input.realmName === REALM_MASTER_NAME;
+}
+
+class RequestPermissionChecker {
+    req;
+    checker;
+    constructor(req, checker){
+        this.req = req;
+        this.checker = checker;
+    }
+    // --------------------------------------------------------------
+    async check(ctx) {
+        return this.checker.check(this.extendCheckContext(ctx));
+    }
+    async preCheck(ctx) {
+        return this.checker.preCheck(this.extendCheckContext(ctx));
+    }
+    // --------------------------------------------------------------
+    async preCheckOneOf(ctx) {
+        return this.checker.preCheckOneOf(this.extendCheckContext(ctx));
+    }
+    async checkOneOf(ctx) {
+        return this.checker.checkOneOf(this.extendCheckContext(ctx));
+    }
+    // --------------------------------------------------------------
+    extendCheckContext(ctx) {
+        const scopes = useRequestEnv(this.req, 'scopes') || [];
+        if (scopes.indexOf(ScopeName.GLOBAL) !== -1) {
+            ctx.input = {
+                ...ctx.input || {},
+                identity: useRequestIdentity(this.req)
+            };
+        }
+        return ctx;
+    }
+}
+
+function useRequestIdentityRealm(req) {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        return undefined;
+    }
+    return {
+        id: identity.realmId,
+        name: identity.realmName
+    };
+}
+
+class ForceLoggedInMiddleware {
+    run(request, response, next) {
+        useRequestIdentityOrFail(request);
+        next();
+    }
+}
+
+/*
+ * Copyright (c) 2025.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ class FakePermissionProvider {
+    async get(criteria) {
+        return {
+            name: criteria.name,
+            realmId: criteria.realmId,
+            policy: null
+        };
+    }
+}
+
+function createFakeTokenVerificationData() {
+    return {
+        realm_id: 'd94b2f28-29e3-4ced-b8f1-6923a01dc1ee',
+        realm_name: REALM_MASTER_NAME,
+        sub_kind: 'user',
+        sub: 'd94b2f28-29e3-4ced-b8f1-6923a01dc1ee',
+        sub_name: 'admin',
+        permissions: []
+    };
+}
+function applyTokenVerificationData(req, data, fakeAbilities) {
+    let provider;
+    if (fakeAbilities) {
+        provider = new FakePermissionProvider();
+    } else {
+        provider = new PermissionMemoryProvider(data.permissions);
+    }
+    const permissionChecker = new PermissionChecker({
+        provider
+    });
+    const requestPermissionChecker = new RequestPermissionChecker(req, permissionChecker);
+    setRequestEnv(req, 'permissionChecker', requestPermissionChecker);
+    setRequestEnv(req, 'identity', {
+        id: data.sub,
+        type: data.sub_kind,
+        realmId: data.realm_id,
+        realmName: data.realm_name,
+        attributes: {
+            id: data.sub,
+            name: data.sub_name
+        }
+    });
+    setRequestEnv(req, 'scopes', unwrapOAuth2Scope(data.scope || []));
+}
+
+function mountAuthupMiddleware(router, options) {
+    if (!options.client) {
+        const data = createFakeTokenVerificationData();
+        router.use(coreHandler((req, res, next)=>{
+            applyTokenVerificationData(req, data, options.fakeAbilities);
+            next();
+        }));
+        return;
+    }
+    router.use(coreHandler(async (req, res, next)=>{
+        const headerRaw = getRequestHeader(req, 'authorization');
+        if (typeof headerRaw !== 'string') {
+            next();
+        }
+        const cacheKey = `authorization-header:${headerRaw}`;
+        if (options.redisClient) {
+            const data = await options.redisClient.get(cacheKey);
+            if (data) {
+                req.headers.authorization = `Bearer ${data}`;
+                next();
+                return;
+            }
+        }
+        const header = parseAuthorizationHeader(headerRaw);
+        if (header.type === 'Basic') {
+            const token = await options.client.token.createWithPassword({
+                username: header.username,
+                password: header.password
+            });
+            req.headers.authorization = `Bearer ${token.access_token}`;
+            if (options.redisClient) {
+                await options.redisClient.setex(cacheKey, token.expires_in, token.access_token);
+            }
+        }
+        next();
+    }));
+    let tokenCreator;
+    if (options.vaultClient) {
+        tokenCreator = {
+            type: 'robotInVault',
+            name: 'system',
+            vault: options.vaultClient,
+            baseURL: options.client.getBaseURL()
+        };
+    } else {
+        tokenCreator = {
+            type: 'user',
+            name: 'admin',
+            password: 'start123',
+            baseURL: options.client.getBaseURL()
+        };
+    }
+    let cache;
+    if (options.redisClient) {
+        cache = new RedisTokenVerifierCache(options.redisClient);
+    } else {
+        cache = new MemoryTokenVerifierCache();
+    }
+    const middleware = createMiddleware({
+        tokenByCookie: (req, cookieName)=>useRequestCookie(req, cookieName),
+        tokenVerifier: new TokenVerifier({
+            baseURL: options.client.getBaseURL(),
+            creator: tokenCreator,
+            cache
+        }),
+        tokenVerifierHandler: (req, data)=>applyTokenVerificationData(req, data, options.fakeAbilities)
+    });
+    router.use(coreHandler((req, res, next)=>middleware(req, res, next)));
+}
+
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */ function boolableToObject(input) {
+    if (typeof input === 'boolean') {
+        return {};
+    }
+    return input;
+}
+
+function mountPrometheusMiddleware(router) {
+    router.use(prometheus());
+}
+
+function mountRateLimiterMiddleware(router) {
+    const options = {
+        skip (req) {
+            const identity = useRequestIdentity(req);
+            return identity && identity.type === 'robot' && identity.realmName === REALM_MASTER_NAME;
+        },
+        max (req) {
+            const identity = useRequestIdentity(req);
+            if (identity && identity.type === 'user') {
+                return 60 * 100; // 100 req p. sec
+            }
+            if (identity && (identity.type === 'robot' || identity.type === 'client')) {
+                return 60 * 1000; // 1000 req p. sec
+            }
+            return 60 * 20; // 20 req p. sec
+        },
+        windowMs: 60 * 1000
+    };
+    router.use(rateLimit(options));
+}
+
+function mountSwaggerMiddleware(router, options = {}) {
+    let document;
+    if (options.cwd) {
+        document = loadSync(path.join(options.cwd, 'swagger.json'));
+    } else {
+        document = loadSync(path.join(process.cwd(), 'writable', 'swagger.json'));
+    }
+    router.use('/docs', swaggerUI(document, {
+        baseURL: options.baseURL
+    }));
+}
+
+function mountMiddlewares(router, options = {}) {
+    if (options.cors) {
+        mountCorsMiddleware(router);
+    }
+    if (options.basic) {
+        mountBasicMiddleware(router);
+    }
+    if (options.authup) {
+        mountAuthupMiddleware(router, options.authup);
+    }
+    if (options.prometheus) {
+        mountPrometheusMiddleware(router);
+    }
+    if (options.rateLimit) {
+        mountRateLimiterMiddleware(router);
+    }
+    if (options.swagger) {
+        mountSwaggerMiddleware(router, boolableToObject(options.swagger));
+    }
+    if (options.decorators) {
+        mountDecoratorsMiddleware(router, options.decorators);
+    }
+}
+
+async function generateSwagger(options) {
+    const cwd = options.cwd || process.cwd();
+    const packageJson = await load(path.join(cwd, 'package.json'));
+    const securityDefinitions = {
+        bearer: {
+            name: 'Bearer',
+            type: 'apiKey',
+            in: 'header'
+        },
+        basicAuth: {
+            type: 'http',
+            schema: 'basic'
+        }
+    };
+    if (options.authupURL) {
+        securityDefinitions.oauth2 = {
+            type: 'oauth2',
+            flows: {
+                password: {
+                    tokenUrl: new URL('token', options.authupURL).href
+                }
+            }
+        };
+    }
+    return generate({
+        version: Version.V2,
+        options: {
+            metadata: {
+                cache: false,
+                entryPoint: [
+                    {
+                        pattern: '**/*.ts',
+                        cwd: options.controllerBasePath
+                    }
+                ],
+                ignore: [
+                    '**/node_modules/**'
+                ],
+                allow: [
+                    '**/@authup/**'
+                ]
+            },
+            yaml: false,
+            servers: [
+                options.baseURL
+            ],
+            name: 'API Documentation',
+            description: 'Explore the REST Endpoints.',
+            version: packageJson.version,
+            outputDirectory: path.join(cwd, 'writable'),
+            securityDefinitions,
+            consumes: [
+                'application/json'
+            ],
+            produces: [
+                'application/json'
+            ]
+        }
+    });
+}
+
+export { ForceLoggedInMiddleware, HTTPHandlerOperation, RequestPermissionChecker, generateSwagger, isRequestIdentityMasterRealmMember, mountAuthupMiddleware, mountBasicMiddleware, mountCorsMiddleware, mountDecoratorsMiddleware, mountErrorMiddleware, mountMiddlewares, mountPrometheusMiddleware, mountRateLimiterMiddleware, mountSwaggerMiddleware, setRequestEnv, setRequestIdentity, setRequestPermissionChecker, useRequestEnv, useRequestIdentity, useRequestIdentityOrFail, useRequestIdentityRealm, useRequestPermissionChecker };
+//# sourceMappingURL=index.mjs.map