npm - @rpcbase/server - Versions diffs - 0.209.0 → 0.210.0 - Mend

@rpcbase/server 0.209.0 → 0.210.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/bin.js +20 -6
package/boot/index.js +25 -1
package/cli/check_args.js +17 -0
package/cli/run_docker.js +14 -2
package/cli/run_native.js +12 -2
package/express/index.js +3 -2
package/package.json +2 -1
package/rts/index.js +54 -44
package/src/auth/check_session.js +5 -2
package/src/auth/index.js +6 -6
package/src/auth/sign_in.js +13 -8
package/src/rpc/rpc_router.js +2 -1
package/src/sessions/index.js +26 -0
package/src/sessions/session_proxy_middleware.js +18 -0
package/{express/session_middleware.js → src/sessions/session_store_middleware.js} +2 -3
package/src/sessions/warning_proxy_middleware.js +16 -0

package/bin.js CHANGED Viewed

@@ -9,11 +9,25 @@ const {hideBin} = require("yargs/helpers")
 const pack = require("./package.json")
 const start_server_infrastructure = require("./cli/start_server_infrastructure")
 const build_server = require("./cli/build_server")
+const check_args = require("./cli/check_args")
 const run_agent = require("./cli/run_agent")
 let is_command = false
 const args = yargs(hideBin(process.argv))
+  .option("verbose", {
+    type: "boolean",
+    default: false,
+    description: "Run with verbose logging"
+  })
+  .option("sessions", {
+    type: "boolean",
+    default: false,
+    description: "Run with the sessions store enabled"
+  })
+  .option("session", {
+    hidden: true,
+  })
   .command("start", "runs server/infrastructure", () => {}, (args) => {
     is_command = true
     start_server_infrastructure(args)
@@ -26,19 +40,19 @@ const args = yargs(hideBin(process.argv))
     is_command = true
     build_server()
   })
-  .option("verbose", {
-    type: "boolean",
-    default: false,
-    description: "Run with verbose logging"
-  })
+  .check(check_args)
   .parse()
 if (!is_command) {
-  console.log("server default com22mand")
+  console.log("server default command exiting.")
+  process.exit(0)
 }
 // TODO: why was this needed
+// -> was this for when running in docker ? I think yes
 // // add helpers to ensure proper process termination
 // const exit_clean = () => {
 //   process.exit()

package/boot/index.js CHANGED Viewed

@@ -1,3 +1,27 @@
 /* @flow */
 require("./setup_env")
+//
+const http = require("http")
+const {rpc_router, client_router, express, database} = require("../")
+const mongoose = require("../mongoose")
+//
+require("@rpcbase/access-control")(mongoose)
+const realtime_state = require("../rts")
+const {SERVER_PORT} = process.env
+const app = express()
+const server = http.createServer(app)
+realtime_state(server)
+server.listen(SERVER_PORT, "0.0.0.0", () => {
+  console.log(`listening on 0.0.0.0:${SERVER_PORT}`)
+})
+module.exports = app

package/cli/check_args.js ADDED Viewed

@@ -0,0 +1,17 @@
+/* @flow */
+const check_args = (args) => {
+  if (typeof args.session !== "undefined") {
+    throw new Error("Did you mean --sessions?")
+  }
+  const raw_args = JSON.parse(process.env.npm_config_argv).original
+  if (raw_args.indexOf("--no-session") > -1) {
+    throw new Error("Did you mean --no-sessions?")
+  }
+  return true
+}
+module.exports = check_args

package/cli/run_docker.js CHANGED Viewed

@@ -5,7 +5,7 @@ const fs = require("fs")
 const is_production = "yes" === process.env.INFRASTRUCTURE_IS_PRODUCTION
-const run_docker = async(infrastructure_dir, proj_prefix) => {
+const run_docker = async(infrastructure_dir, proj_prefix, args) => {
   // env
   const env_path = path.relative(infrastructure_dir, path.join(process.cwd(), "./.env"))
   const base_env_path = path.relative(infrastructure_dir, path.join(process.cwd(), "./.env.base"))
@@ -34,9 +34,21 @@ const run_docker = async(infrastructure_dir, proj_prefix) => {
   console.log(cmd_args.join(" "))
+  const ps_env = {
+    ...process.env,
+  }
+  if (args.sessions) {
+    ps_env.RB_SESSION_STORE = "yes"
+  }
   // WARNING: blocks the process
   // this is the only way to have docker-compose shut down gracefully
-  execSync(`${cmd} ${cmd_args.join(" ")}`, {cwd: infrastructure_dir, stdio: "inherit"})
+  execSync(`${cmd} ${cmd_args.join(" ")}`, {
+    cwd: infrastructure_dir,
+    stdio: "inherit",
+    env: ps_env
+  })
 }

package/cli/run_native.js CHANGED Viewed

@@ -167,9 +167,19 @@ const run_native = (infrastructure_dir, proj_prefix, args) => {
   const processes = get_processes(args)
   const run_process = (item) => {
-    // console.log("run_native:run_process:item", item)
-    const ps = spawn(item.cmd[0], item.cmd[1], {env: {...process.env, CONTAINER_MODE: "native"}})
+    const ps_env = {
+      ...process.env,
+      CONTAINER_MODE: "native",
+    }
+    if (args.sessions) {
+      ps_env.RB_SESSION_STORE = "yes"
+    }
+    const ps = spawn(item.cmd[0], item.cmd[1], {env: ps_env})
     // TODO: add flag to force print
     if (!NO_PRINT_LIST.includes(item.name)) {

package/express/index.js CHANGED Viewed

@@ -7,9 +7,9 @@ const request_ip = require("request-ip")
 // functionality middlewares
 const auth = require("../src/auth")
+const sessions = require("../src/sessions")
 const dev_save_coverage = require("./dev_save_coverage")
-const session_middleware = require("./session_middleware")
 const log = debug("rb:server")
@@ -90,7 +90,8 @@ module.exports = () => {
     credentials: true // IMPORTANT: required to enable set-cookie
   }))
-  app.use(session_middleware)
+  sessions(app)
   app.get("/__/ping", (req, res) => res.json({message: "pong"}))
   app.post("/__/ping", (req, res) => res.json({message: "pong"}))

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rpcbase/server",
-  "version": "0.209.0",
+  "version": "0.210.0",
   "license": "SSPL-1.0",
   "main": "./index.js",
   "bin": {
@@ -10,6 +10,7 @@
     "test": "echo \"Error: no test specified\" && exit 0"
   },
   "dependencies": {
+    "@rpcbase/access-control": "0.25.0",
     "@rpcbase/agent": "0.30.0",
     "@rpcbase/std": "0.6.0",
     "bluebird": "3.7.2",

package/rts/index.js CHANGED Viewed

@@ -8,6 +8,9 @@ const sift = require("sift")
 const debug = require("debug")
 const colors = require("picocolors")
+const mongoose = require("../mongoose")
 const log = debug("rb:rts:server")
 const is_production = process.env.IS_PRODUCTION === "yes"
@@ -360,65 +363,72 @@ const disconnect_handler = (socket_id, reason) => {
 }
-const rts_server = (mongoose, session_middleware) => {
+const rts_server = (server) => {
   // register the delete plugin
   mongoose.plugin(mongoose_delete_plugin)
   // txn plugin
   mongoose.plugin(mongoose_txn_plugin)
+  //
+  const io = new Server(server, {
+    transports: is_production ? ["websocket", "polling"] : ["websocket"],
+    allowUpgrades: true,
+    cors: {
+      // TODO: dynamic client ports
+      // TODO: check if is production
+      origin: `http://localhost:${process.env.CLIENT_PORT}`,
+      methods: ["GET", "POST"],
+      credentials: true,
+    },
+  })
-  return async(server) => {
-    //
-    const io = new Server(server, {
-      transports: is_production ? ["websocket", "polling"] : ["websocket"],
-      allowUpgrades: true,
-      cors: {
-        // TODO: dynamic client ports
-        // TODO: check if is production
-        origin: `http://localhost:${process.env.CLIENT_PORT}`,
-        methods: ["GET", "POST"],
-        credentials: true,
-      },
-    })
+  //
+  const has_session_store = process.env.RB_SESSION_STORE === "yes"
+  if (has_session_store) {
+    const session_store_middleware = require("../src/sessions/session_store_middleware")
     // socket io session middleware
     io.use((socket, next) => {
-      session_middleware(socket.request, {}, next)
+      session_store_middleware(socket.request, {}, next)
     })
+  } else {
+    const session_proxy_middleware = require("../src/sessions/session_proxy_middleware")
+    // proxy middleware that checks the rb-tenant-id header
+    io.use((socket, next) => {
+      session_proxy_middleware(socket.request, {}, next)
+    })
+  }
-    // WARNING: TODO: socket session tmp disabled
-    // io.on('connection', (socket) => {
-    //   const session = socket.request.session;
-    //   session.connections++;
-    //   session.save();
-    // });
-    io.on("connection", (socket) => {
-      _sockets[socket.id] = socket
-      console.log("socket connected", socket.id)
-      //
-      socket.on("register_query", (payload) => {
-        add_change_stream(mongoose, socket.id, payload)
-      })
+  // io.on('connection', (socket) => {
+  //   const session = socket.request.session;
+  //   session.connections++;
+  //   session.save();
+  // });
-      socket.on("remove_query", (payload) => {
-        remove_query(socket.id, payload)
-      })
+  io.on("connection", (socket) => {
+    _sockets[socket.id] = socket
+    console.log("socket connected", socket.id)
+    //
+    socket.on("register_query", (payload) => {
+      add_change_stream(mongoose, socket.id, payload)
+    })
-      socket.on("run_query", (payload) => {
-        try {
-          run_query(mongoose, socket.id, payload)
-        } catch (err) {
-          console.log("run_query caught error", err)
-        }
-      })
+    socket.on("remove_query", (payload) => {
+      remove_query(socket.id, payload)
+    })
-      socket.on("disconnect", (reason) => {
-        disconnect_handler(socket.id, reason)
-      })
+    socket.on("run_query", (payload) => {
+      try {
+        run_query(mongoose, socket.id, payload)
+      } catch (err) {
+        console.log("run_query caught error", err)
+      }
     })
-  }
+    socket.on("disconnect", (reason) => {
+      disconnect_handler(socket.id, reason)
+    })
+  })
 }

package/src/auth/check_session.js CHANGED Viewed

@@ -3,10 +3,13 @@ const debug = require("debug")
 const User = require("../models/User")
-const log = debug("rb:auth:check_session")
+const log = debug("rb:auth")
 log.useColors = true
+const has_session_store = process.env.RB_SESSION_STORE === "yes"
+// TODO: we must separate the check session from the check user exists
 const check_session = async(payload, ctx) => {
   const {req} = ctx
@@ -25,7 +28,7 @@ const check_session = async(payload, ctx) => {
   }
   if (!user) {
     is_signed_in = false
-    req.session.destroy(/* TODO: this should take callback */)
+    req.session.destroy?.(/* TODO: this should take callback */)
   }
   // TODO: check if user is disabled or blocked

package/src/auth/index.js CHANGED Viewed

@@ -10,32 +10,32 @@ const check_session = require("./check_session")
 const sign_up_handler = async(req, res) => {
-  const result = await sign_up(req.body, {req})
+  const result = await sign_up(req.body, {req, res})
   res.json(result)
 }
 const sign_in_handler = async(req, res) => {
-  const result = await sign_in(req.body, {req})
+  const result = await sign_in(req.body, {req, res})
   res.json(result)
 }
 const sign_out_handler = async(req, res) => {
-  const result = await sign_out(req.body, {req})
+  const result = await sign_out(req.body, {req, res})
   res.json(result)
 }
 const reset_password_handler = async(req, res) => {
-  const result = await reset_password(req.body, {req})
+  const result = await reset_password(req.body, {req, res})
   res.json(result)
 }
 const set_new_password_handler = async(req, res) => {
-  const result = await set_new_password(req.body, {req})
+  const result = await set_new_password(req.body, {req, res})
   res.json(result)
 }
 const check_session_handler = async(req, res) => {
-  const result = await check_session(req.body, {req})
+  const result = await check_session(req.body, {req, res})
   res.json(result)
 }

package/src/auth/sign_in.js CHANGED Viewed

@@ -4,8 +4,13 @@ const debug = require("debug")
 const mongoose = require("../../mongoose")
 const log = debug("rb:auth:signin")
+const has_session_store = process.env.RB_SESSION_STORE === "yes"
+const USER_ID_HEADER = "rb-user-id"
 const fail = () => ({
   errors: {form: "Invalid email or password"}
 })
@@ -13,7 +18,7 @@ const fail = () => ({
 const sign_in = async({email, password}, ctx) => {
   const User = mongoose.model("User")
-  const {req} = ctx
+  const {req, res} = ctx
   // find matching user
   const user = await User.findOne({email}, null)
@@ -29,14 +34,14 @@ const sign_in = async({email, password}, ctx) => {
   if (is_match) {
     log("compare_hash is match")
     const user_id = user._id.toString()
-    req.session.user_id = user_id
-    // add email to an array so that in the future
-    // we can support multiple accounts on the same session
-    if (!req.session.user_emails) {
-      req.session.user_emails = []
+    if (has_session_store) {
+      req.session.user_id = user_id
+      await req.session.save()
+    } else {
+      // On sign in success, we set this header to tell the reverse-proxy sign in was OK
+      res.setHeader(USER_ID_HEADER, user_id)
     }
-    req.session.user_emails.push(email)
-    await req.session.save()
     log("session saved, user is signed in")

package/src/rpc/rpc_router.js CHANGED Viewed

@@ -30,8 +30,9 @@ const rpc_router = (app) => {
     app.post(`/rpc/${route_path}`, async_wrapper(async(req, res) => {
       console.log(`POST /rpc/${route_path}`)
       // TODO: add jaegerclient / opentelemetry
-      const result = await rpc_fn(req.body, {req})
+      const result = await rpc_fn(req.body, {req, res})
       res.json(result)
     }))
   })

package/src/sessions/index.js ADDED Viewed

@@ -0,0 +1,26 @@
+/* @flow */
+const is_development = process.env.NODE_ENV === "development"
+module.exports = (app) => {
+  const has_session_store = process.env.RB_SESSION_STORE === "yes"
+  if (has_session_store) {
+    console.log("using session store")
+    const session_store_middleware = require("./session_store_middleware")
+    app.use(session_store_middleware)
+  } else {
+    console.log("using reverse-proxy sessions")
+    // warn the user
+    if (is_development) {
+      app.use(require("./warning_proxy_middleware"))
+    }
+    const session_proxy_middleware = require("./session_proxy_middleware")
+    app.use(session_proxy_middleware)
+  }
+}

package/src/sessions/session_proxy_middleware.js ADDED Viewed

@@ -0,0 +1,18 @@
+/* @flow */
+const USER_ID_HEADER = "rb-user-id"
+// Production middleware used to retrieve session from the proxy
+const session_proxy_middleware = (req, res, next) => {
+  req.session = {}
+  const user_id = req.headers[USER_ID_HEADER]
+  if (user_id) {
+    req.session.user_id = user_id
+  }
+  next()
+}
+module.exports = session_proxy_middleware

package/{express/session_middleware.js → src/sessions/session_store_middleware.js} RENAMED Viewed

@@ -62,9 +62,8 @@ setTimeout(async() => {
     store: new redis_store({client: redis_client}),
     proxy: true,
     saveUninitialized: false,
-    // WARNING
-    // TODO: use session secret from env
-    secret: "session secret wowow",
+    // WARNING DO NOT USE IN PROD
+    secret: "not so secret",
     resave: false,
     cookie: {
       // TODO: set to secure in production

package/src/sessions/warning_proxy_middleware.js ADDED Viewed

@@ -0,0 +1,16 @@
+/* @flow */
+const warning_proxy_middleware = (req, res, next) => {
+  const {host} = req.headers
+  if (host.startsWith("localhost:")) {
+    res.status(500)
+    res.json({status: "error", message: "are you running with the proxy address ? you shouldn't be using localhost when you are running the app with the reverse proxyy"})
+    return
+  } else {
+    next()
+  }
+}
+module.exports = warning_proxy_middleware