@rodit/rodit-auth-be 9.11.14

package/lib/middleware/environcredentialstoremw.js

@@ -0,0 +1,176 @@
+/**
+ * Environment-based credential storage system
+ * Mirrors filecredentialstoremw.js but reads credentials JSON from an environment variable
+ *
+ * Copyright (c) 2026 Discernible IO. All rights reserved.
+ */
+
+const { ulid } = require("ulid");
+const config = require("../../services/configsdk");
+const logger = require("../../services/logger");
+const { createLogContext, logErrorWithMetrics } = logger;
+const { validateAndExtractCredentials } = require("../../services/utils");
+
+class EnvManager {
+  constructor() {
+    this.envVarName = "NEAR_CREDENTIALS_JSON_B64";
+    this.initialized = false;
+    this.credentials = {};
+  }
+
+  async initialize(source = {}) {
+    const context = createLogContext("EnvCredentialStore", "initialize", {
+      requestId: ulid(),
+      hasSourceValue: source && (typeof source.envCredentialsJson !== "undefined"),
+    });
+
+    logger.debugWithContext("Initializing env credential store", context);
+
+    if (this.initialized) {
+      logger.debugWithContext("Env credential store already initialized", context);
+      return this;
+    }
+
+    try {
+      // Prefer explicit source override, then config/env
+      let rawValue =
+        typeof source.envCredentialsJson !== "undefined"
+          ? source.envCredentialsJson
+          : config.get(this.envVarName, process.env[this.envVarName] || null);
+
+      if (rawValue == null || (typeof rawValue === "string" && rawValue.trim() === "")) {
+        // Keep empty object credentials; downstream may handle missing credentials
+        logger.infoWithContext("Credentials env var is empty or not set", {
+          ...context,
+          envVarName: this.envVarName,
+        });
+        this.credentials = {};
+        this.initialized = true;
+        return this;
+      }
+
+      let parsed;
+      if (typeof rawValue === "string") {
+        // Primary: base64-encoded JSON
+        const decoded = Buffer.from(rawValue, "base64").toString("utf8");
+        parsed = JSON.parse(decoded);
+      } else {
+        parsed = rawValue;
+      }
+
+      const validated = validateAndExtractCredentials(parsed, logger);
+      this.credentials = validated || {};
+      this.initialized = true;
+
+      logger.debugWithContext("Env credential store initialized successfully", {
+        ...context,
+        hasCredentials: !!this.credentials && Object.keys(this.credentials).length > 0,
+      });
+
+      return this;
+    } catch (error) {
+      logErrorWithMetrics(
+        "Failed to initialize env credential store",
+        {
+          ...context,
+          error: error.message,
+          stack: error.stack,
+          envVarName: this.envVarName,
+        },
+        error,
+        error.name === "SyntaxError" ? "env_parse_error" : "env_credential_init_error",
+        { error_type: error.name === "SyntaxError" ? "parse_failure" : "init_failure" }
+      );
+      throw error;
+    }
+  }
+
+  async getCredentials(_source) {
+    const context = createLogContext("EnvCredentialStore", "getCredentials", {
+      requestId: ulid(),
+      envVarName: this.envVarName,
+    });
+    const startTime = Date.now();
+
+    try {
+      // Use cached if available
+      if (this.credentials && Object.keys(this.credentials).length > 0) {
+        logger.debugWithContext("Using cached env credentials", context);
+        return this.credentials;
+      }
+
+      // Fallback to reading again if not cached yet
+      let rawValue = config.get(this.envVarName, process.env[this.envVarName] || null);
+      if (rawValue == null || (typeof rawValue === "string" && rawValue.trim() === "")) {
+        logger.infoWithContext("No credentials found in environment", context);
+        return {};
+      }
+
+      let parsed;
+      if (typeof rawValue === "string") {
+        try {
+          const decoded = Buffer.from(rawValue, "base64").toString("utf8");
+          parsed = JSON.parse(decoded);
+        } catch (e) {
+          logger.infoWithContext("Falling back to raw JSON parsing for credentials env var", {
+            ...context,
+            envVarName: this.envVarName,
+            reason: "b64_decode_or_parse_failed",
+          });
+          parsed = JSON.parse(rawValue);
+        }
+      } else {
+        parsed = rawValue;
+      }
+      const result = validateAndExtractCredentials(parsed, logger);
+
+      logger.debugWithContext("Successfully processed env credentials", {
+        ...context,
+        hasRequiredFields: true,
+        duration: Date.now() - startTime,
+      });
+
+      // Cache for future calls
+      this.credentials = result || {};
+      return result;
+    } catch (error) {
+      logErrorWithMetrics(
+        "Error retrieving credentials from environment",
+        {
+          ...context,
+          duration: Date.now() - startTime,
+          errorDetails: error.message,
+          errorType: error.name,
+        },
+        error,
+        error.name === "SyntaxError" ? "env_parse_error" : "env_credential_retrieval_error",
+        { error_type: error.name === "SyntaxError" ? "parse_failure" : "retrieval_failure" }
+      );
+      throw error;
+    }
+  }
+
+  // No-op to maintain interface compatibility with vaultcredentialstoremw.js
+  async setupSecretStorageTokenRenewal() {
+    const context = createLogContext("EnvCredentialStore", "setupSecretStorageTokenRenewal", {
+      requestId: ulid(),
+    });
+    logger.debugWithContext(
+      "Skipping secret storage token renewal setup (not applicable for env-based credentials)",
+      context
+    );
+    return Promise.resolve();
+  }
+}
+
+// Create and export a singleton instance
+const envManager = new EnvManager();
+
+module.exports = {
+  initializeCredentialStore: (source) => envManager.initialize(source),
+  setupSecretStorageTokenRenewal: () => envManager.setupSecretStorageTokenRenewal(),
+  getCredentials: (source) => envManager.getCredentials(source),
+  vault: null,
+  // For testing purposes
+  _envManager: envManager,
+};

package/lib/middleware/filecredentialstoremw.js

@@ -0,0 +1,158 @@
+/**
+ * File-based credential storage system
+ * Alternative to Vault for storing RODiT credentials
+ * 
+ * Copyright (c) 2026 Discernible IO. All rights reserved.
+ */
+
+const fs = require('fs').promises;
+const { ulid } = require("ulid");
+const config = require('../../services/configsdk');
+const logger = require("../../services/logger");
+const { createLogContext, logErrorWithMetrics } = logger;
+const { validateAndExtractCredentials } = require("../../services/utils");
+class FileManager {
+  constructor() {
+    this.credentialsFilePath = config.get("NEAR_CREDENTIALS_FILE_PATH");
+    this.initialized = false;
+    this.credentials = {};
+  }
+
+  async initialize(source = {}) {
+    const context = createLogContext("FileCredentialStore", "initialize", {
+      requestId: ulid(),
+      hasConfigPath: !!source.credentialsFilePath
+    });
+  
+    logger.debugWithContext("Initializing file credential store", context);
+  
+    if (this.initialized) {
+      logger.debugWithContext("File credential store already initialized", context);
+      return this;
+    }
+  
+    try {
+      this.credentialsFilePath = source.credentialsFilePath || config.get('NEAR_CREDENTIALS_FILE_PATH');
+      if (!this.credentialsFilePath) {
+        throw new Error('NEAR_CREDENTIALS_FILE_PATH is not set in config or source');
+      }
+  
+      // Ensure the directory exists
+      try {
+        await fs.mkdir(require('path').dirname(this.credentialsFilePath), { recursive: true });
+      } catch (err) {
+        if (err.code !== 'EEXIST') throw err;
+      }
+
+      const credentials = await this.getCredentials();
+      this.credentials = credentials || {}; // Ensure we always have an object
+      this.initialized = true;
+      
+      logger.debugWithContext("File credential store initialized successfully", {
+        ...context,
+        credentialsFilePath: this.credentialsFilePath,
+        credentialCount: this.credentials ? Object.keys(this.credentials).length : 0
+      });
+  
+      return this;
+    } catch (error) {
+      logger.errorWithContext("Failed to initialize file credential store", {
+        ...context,
+        error: error.message,
+        stack: error.stack
+      });
+      throw error;
+    }
+  }
+
+  async checkReadFileAccess(filePath) {
+    try {
+      const stats = await fs.stat(filePath);
+      await fs.access(filePath, fs.constants.R_OK);
+      return { exists: true, isReadable: true, stats };
+    } catch (error) {
+      if (error.code === 'ENOENT') {
+        return { exists: false, isReadable: false };
+      }
+      return { 
+        exists: false, 
+        isReadable: false, 
+        error: error.message,
+        code: error.code
+      };
+    }
+  }
+
+  async getCredentials(source) {
+    const context = createLogContext("FileCredentialStore", "getCredentials", {
+      requestId: ulid(),
+      source: source || 'all'
+    });
+    const startTime = Date.now();
+    let result = {};
+
+    try {
+      // Check file access and read content
+      const { exists } = await this.checkReadFileAccess(this.credentialsFilePath);
+      if (!exists) {
+        logger.infoWithContext("Credentials file does not exist", { ...context, credentialsFilePath: this.credentialsFilePath });
+        return result;
+      }
+
+      // Read and parse file content
+      const fileContent = await fs.readFile(this.credentialsFilePath, 'utf8');
+      if (!fileContent.trim()) {
+        logger.infoWithContext("Credentials file is empty", { ...context, credentialsFilePath: this.credentialsFilePath });
+        return result;
+      }
+
+      // Parse and validate credentials using the utility function
+      result = validateAndExtractCredentials(JSON.parse(fileContent), logger);
+
+      logger.debugWithContext("Successfully processed credentials", {
+        ...context,
+        hasRequiredFields: true,
+        duration: Date.now() - startTime
+      });
+
+      return result;
+    } catch (error) {
+      logErrorWithMetrics(
+        "Error retrieving credentials from file",
+        {
+          ...context,
+          duration: Date.now() - startTime,
+          errorDetails: error.message,
+          errorType: error.name,
+          credentialsFilePath: this.credentialsFilePath,
+          stack: error.stack
+        },
+        error,
+        error.name === 'SyntaxError' ? "file_parse_error" : "file_credential_retrieval_error",
+        { error_type: error.name === 'SyntaxError' ? "parse_failure" : "retrieval_failure" }
+      );
+      throw error;
+    }
+  }
+
+  // No-op to maintain interface compatibility with vaultcredentialstoremw.js
+  async setupSecretStorageTokenRenewal() {
+    const context = createLogContext("FileCredentialStore", "setupSecretStorageTokenRenewal", {
+      requestId: ulid()
+    });
+    logger.debugWithContext("Skipping secret storage token renewal setup (not applicable for file-based credentials)", context);
+    return Promise.resolve();
+  }
+}
+
+// Create and export a singleton instance
+const fileManager = new FileManager();
+
+module.exports = {
+  initializeCredentialStore: (source) => fileManager.initialize(source),
+  setupSecretStorageTokenRenewal: () => fileManager.setupSecretStorageTokenRenewal(),
+  getCredentials: (source) => fileManager.getCredentials(source),
+  vault: null,
+  // For testing purposes
+  _fileManager: fileManager
+};

package/lib/middleware/loggingmw.js

@@ -0,0 +1,82 @@
+/**
+ * Request logging middleware
+ * Provides standardized request/response logging
+ * Copyright (c) 2026 Discernible IO. All rights reserved.
+ */
+
+const logger = require("../../services/logger");
+const config = require('../../services/configsdk');
+
+/**
+ * Middleware for logging requests and responses
+ * This middleware should be applied after the performance middleware
+ * to leverage the request ID and timing information.
+ * 
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ * @param {Function} next - Next middleware function
+ */
+const loggingmw = (req, res, next) => {
+  // Ensure we have a request ID (should be set by performance middleware)
+  if (!req.requestId) {
+    const { ulid } = require("ulid");
+    req.requestId = ulid();
+  }
+
+  // Capture the original end function
+  const originalEnd = res.end;
+
+  // Override the end function
+  res.end = function (chunk, encoding) {
+    // Call the original end function
+    originalEnd.call(this, chunk, encoding);
+
+    // Now log after the response has been sent
+    // Use duration from performance middleware if available
+    const duration = req.duration || (req.startTime ? Date.now() - req.startTime : null);
+    
+    // Standard request result log entry
+    const result = (res.statusCode >= 200 && res.statusCode < 300) ? 'success' : 'failure';
+    const reason = res.statusMessage || (result === 'success' ? 'Request completed successfully' : 'Request failed');
+    logger.infoWithContext("Request completed", {
+      component: "API",
+      method: req.method,
+      url: req.originalUrl,
+      status: res.statusCode,
+      requestId: req.requestId,
+      userId: req.user ? req.user.id : undefined,
+      authenticated: !!req.user,
+      clientIP: req.ip,
+      duration,
+      result,
+      reason
+    });
+    // Emit a metric for request completion
+    logger.metric("api_request_duration_ms", duration, {
+      component: "API",
+      method: req.method,
+      url: req.originalUrl,
+      status: res.statusCode,
+      requestId: req.requestId,
+      userId: req.user ? req.user.id : undefined,
+      result,
+      reason
+    });
+  };
+
+  // Log the incoming request (function call)
+  logger.info("Request received", {
+    component: "API",
+    method: req.method,
+    url: req.originalUrl,
+    clientIP: req.ip,
+    requestId: req.requestId,
+    timestamp: new Date().toISOString(),
+    result: 'call',
+    reason: 'Request received'
+  });
+
+  next();
+};
+
+module.exports = loggingmw;

package/lib/middleware/performanceexamplemw.js

@@ -0,0 +1,58 @@
+/**
+ * Example usage of the performance middleware
+ * This file demonstrates how to configure the middleware for your specific API
+ */
+
+const performanceMw = require('./performancemw');
+
+// Example 1: Use with default classifier (generic patterns)
+// app.use(performanceMw());
+
+// Example 2: Custom classifier for your API structure
+const customClassifier = (req) => {
+  const path = req.path || req.originalUrl;
+  
+  // Match your specific API routes
+  if (path.startsWith('/api/auth') || path.startsWith('/login') || path.startsWith('/token')) {
+    return 'authentication';
+  } else if (path.startsWith('/api/blockchain') || path.startsWith('/smart-contract')) {
+    return 'blockchain';
+  } else if (path.startsWith('/api/rodit')) {
+    return 'rodit';
+  } else if (path.startsWith('/api/identity')) {
+    return 'identity';
+  } else if (path.startsWith('/api/user') || path.startsWith('/profile')) {
+    return 'user';
+  } else if (path.startsWith('/api/mcp')) {
+    return 'mcp';
+  } else if (path === '/health' || path === '/status') {
+    return 'system';
+  }
+  
+  return 'general';
+};
+
+// Example 3: Configure with custom classifier and type-specific metrics
+const performanceMiddleware = performanceMw({
+  classifier: customClassifier,
+  metricsByType: {
+    'authentication': 'authentication_duration_ms',
+    'blockchain': 'blockchain_duration_ms',
+    'rodit': 'rodit_operation_duration_ms',
+    'identity': 'identity_operation_duration_ms',
+    'mcp': 'mcp_operation_duration_ms'
+  }
+});
+
+// app.use(performanceMiddleware);
+
+// Example 4: Using the exported default classifier
+// const { defaultClassifier } = require('./performancemw');
+// const myClassifier = (req) => {
+//   // Add custom logic first
+//   if (req.path.startsWith('/api/custom')) return 'custom';
+//   // Fall back to default
+//   return defaultClassifier(req);
+// };
+
+module.exports = performanceMiddleware;

package/lib/middleware/performancemw.js

@@ -0,0 +1,172 @@
+/**
+ * Performance monitoring middleware
+ * Provides request tracing and performance metrics collection
+ * Copyright (c) 2026 Discernible IO. All rights reserved.
+ */
+
+const { ulid } = require("ulid");
+const logger = require("../../services/logger");
+const performanceService = require('../../services/performanceservice');
+
+/**
+ * Default request classifier - can be overridden by consumer
+ * 
+ * @param {Object} req - Express request object
+ * @returns {string} Request classification
+ */
+function defaultClassifier(req) {
+  const path = req.path || req.originalUrl;
+  
+  // Generic classification based on common patterns
+  if (path.startsWith('/auth') || path.includes('/login') || path.includes('/token')) {
+    return 'authentication';
+  } else if (path.includes('/health') || path.includes('/status') || path.includes('/metrics')) {
+    return 'system';
+  }
+  
+  return 'general';
+}
+
+/**
+ * Middleware factory for monitoring request performance
+ * This middleware should be applied before the logging middleware
+ * to ensure request IDs and timing are properly set up.
+ * 
+ * @param {Object} options - Configuration options
+ * @param {Function} options.classifier - Custom function to classify requests (optional)
+ * @param {Object} options.metricsByType - Map of request types to metric names (optional)
+ * @returns {Function} Express middleware function
+ */
+const performanceMw = (options = {}) => {
+  const { 
+    classifier = defaultClassifier,
+    metricsByType = {}
+  } = options;
+  
+  return (req, res, next) => {
+  // Generate request ID if not already present and make it available for other middleware
+  req.requestId = req.requestId || ulid();
+  
+  // Record the start time and make it available for other middleware
+  req.startTime = Date.now();
+  
+  // Log function call for performance monitoring
+  logger.infoWithContext("Performance middleware engaged", {
+    component: "PerformanceMiddleware",
+    method: req.method,
+    path: req.originalUrl,
+    requestId: req.requestId,
+    clientIP: req.ip,
+    result: 'call',
+    reason: 'Performance monitoring started'
+  });
+
+  // Record the request in the performance monitoring service
+  performanceService.recordRequest(req);
+  
+  // Start a trace for this request
+  const traceId = performanceService.startTrace('HTTP Request', {
+    method: req.method,
+    path: req.originalUrl,
+    requestId: req.requestId,
+    userAgent: req.get('User-Agent'),
+    clientIP: req.ip
+  });
+  
+  // Store the trace ID on the request object for other middleware to use
+  req.traceId = traceId;
+  
+  // Capture the original end function
+  const originalEnd = res.end;
+  
+  // Override the end function
+  res.end = function(chunk, encoding) {
+    // Call the original end function
+    originalEnd.call(this, chunk, encoding);
+    
+    // Calculate request duration
+    const duration = Date.now() - req.startTime;
+    
+    // Store duration for other middleware to use
+    req.duration = duration;
+    
+    // Classify request only when needed for metrics (performance optimization)
+    const requestType = classifier(req);
+    req.requestType = requestType;
+    
+    // Record standard metrics using the logger.metric function
+    const result = (res.statusCode >= 200 && res.statusCode < 300) ? 'success' : 'failure';
+    const reason = (result === 'success') ? 'Request completed successfully' : (res.statusMessage || 'Request failed');
+    logger.metric('http_request_duration_ms', duration, {
+      method: req.method,
+      path: req.originalUrl,
+      status: res.statusCode,
+      request_type: requestType,
+      result,
+      reason
+    });
+    
+    // Record error metrics if applicable
+    if (res.statusCode >= 400) {
+      logger.metric('http_errors_total', 1, {
+        method: req.method,
+        status: res.statusCode,
+        error_type: res.statusCode >= 500 ? 'server_error' : 'client_error',
+        request_type: requestType,
+        result: 'failure',
+        reason: res.statusMessage || 'Request failed'
+      });
+    }
+    
+    // Complete the trace with request results
+    performanceService.completeTrace(traceId, {
+      statusCode: res.statusCode,
+      success: res.statusCode < 400,
+      error: res.statusCode >= 400 ? (res.statusMessage || 'HTTP Error') : null,
+      duration,
+      responseSize: res._contentLength || 0
+    });
+    
+    // Record specialized metrics based on the request type (if configured)
+    const metricName = metricsByType[requestType];
+    if (metricName) {
+      logger.metric(metricName, duration, {
+        result,
+        reason,
+        method: req.method,
+        request_type: requestType
+      });
+    }
+    
+    // Always log errors regardless of load level
+    if (res.statusCode >= 500) {
+      logger.error("Server error occurred", {
+        component: "API",
+        method: req.method,
+        path: req.originalUrl,
+        statusCode: res.statusCode,
+        statusMessage: res.statusMessage,
+        duration,
+        requestId: req.requestId,
+        traceId
+      });
+    } else if (res.statusCode >= 400) {
+      logger.warn("Client error occurred", {
+        component: "API",
+        method: req.method,
+        path: req.originalUrl,
+        statusCode: res.statusCode,
+        statusMessage: res.statusMessage,
+        duration,
+        requestId: req.requestId,
+        traceId
+      });
+    }
+  };
+  
+    next();
+  };
+};
+
+module.exports = performanceMw;
+module.exports.defaultClassifier = defaultClassifier;