@rpcbase/server 0.209.0 → 0.211.0

package/bin.js

@@ -9,11 +9,25 @@ const {hideBin} = require("yargs/helpers")
 const pack = require("./package.json")
 const start_server_infrastructure = require("./cli/start_server_infrastructure")
 const build_server = require("./cli/build_server")
+const check_args = require("./cli/check_args")
 const run_agent = require("./cli/run_agent")
 
 let is_command = false
 
 const args = yargs(hideBin(process.argv))
+  .option("verbose", {
+    type: "boolean",
+    default: false,
+    description: "Run with verbose logging"
+  })
+  .option("sessions", {
+    type: "boolean",
+    default: false,
+    description: "Run with the sessions store enabled"
+  })
+  .option("session", {
+    hidden: true,
+  })
   .command("start", "runs server/infrastructure", () => {}, (args) => {
     is_command = true
     start_server_infrastructure(args)
@@ -26,19 +40,19 @@ const args = yargs(hideBin(process.argv))
     is_command = true
     build_server()
   })
-  .option("verbose", {
-    type: "boolean",
-    default: false,
-    description: "Run with verbose logging"
-  })
+  .check(check_args)
   .parse()
 
+
 if (!is_command) {
-  console.log("server default com22mand")
+  console.log("server default command exiting.")
+  process.exit(0)
 }
 
 
 // TODO: why was this needed
+// -> was this for when running in docker ? I think yes
+
 // // add helpers to ensure proper process termination
 // const exit_clean = () => {
 //   process.exit()

package/boot/index.js

@@ -1,3 +1,27 @@
 /* @flow */
-
 require("./setup_env")
+//
+const http = require("http")
+
+const {rpc_router, client_router, express, database} = require("../")
+const mongoose = require("../mongoose")
+//
+require("@rpcbase/access-control")(mongoose)
+const realtime_state = require("../rts")
+
+const {SERVER_PORT} = process.env
+
+const app = express()
+const server = http.createServer(app)
+
+
+realtime_state(server)
+
+
+
+server.listen(SERVER_PORT, "0.0.0.0", () => {
+  console.log(`listening on 0.0.0.0:${SERVER_PORT}`)
+})
+
+
+module.exports = app

package/cli/check_args.js

@@ -0,0 +1,17 @@
+/* @flow */
+
+const check_args = (args) => {
+  if (typeof args.session !== "undefined") {
+    throw new Error("Did you mean --sessions?")
+  }
+
+  const raw_args = JSON.parse(process.env.npm_config_argv).original
+  if (raw_args.indexOf("--no-session") > -1) {
+    throw new Error("Did you mean --no-sessions?")
+  }
+
+  return true
+}
+
+
+module.exports = check_args

package/cli/run_docker.js

@@ -5,7 +5,7 @@ const fs = require("fs")
 
 const is_production = "yes" === process.env.INFRASTRUCTURE_IS_PRODUCTION
 
-const run_docker = async(infrastructure_dir, proj_prefix) => {
+const run_docker = async(infrastructure_dir, proj_prefix, args) => {
   // env
   const env_path = path.relative(infrastructure_dir, path.join(process.cwd(), "./.env"))
   const base_env_path = path.relative(infrastructure_dir, path.join(process.cwd(), "./.env.base"))
@@ -34,9 +34,21 @@ const run_docker = async(infrastructure_dir, proj_prefix) => {
 
   console.log(cmd_args.join(" "))
 
+  const ps_env = {
+    ...process.env,
+  }
+
+  if (args.sessions) {
+    ps_env.RB_SESSION_STORE = "yes"
+  }
+
   // WARNING: blocks the process
   // this is the only way to have docker-compose shut down gracefully
-  execSync(`${cmd} ${cmd_args.join(" ")}`, {cwd: infrastructure_dir, stdio: "inherit"})
+  execSync(`${cmd} ${cmd_args.join(" ")}`, {
+    cwd: infrastructure_dir,
+    stdio: "inherit",
+    env: ps_env
+  })
 
 }
 

package/cli/run_native.js

@@ -167,9 +167,19 @@ const run_native = (infrastructure_dir, proj_prefix, args) => {
 
   const processes = get_processes(args)
 
+
   const run_process = (item) => {
-    // console.log("run_native:run_process:item", item)
-    const ps = spawn(item.cmd[0], item.cmd[1], {env: {...process.env, CONTAINER_MODE: "native"}})
+    const ps_env = {
+      ...process.env,
+      CONTAINER_MODE: "native",
+    }
+
+    if (args.sessions) {
+      ps_env.RB_SESSION_STORE = "yes"
+    }
+
+
+    const ps = spawn(item.cmd[0], item.cmd[1], {env: ps_env})
 
     // TODO: add flag to force print
     if (!NO_PRINT_LIST.includes(item.name)) {

package/express/index.js

@@ -7,9 +7,9 @@ const request_ip = require("request-ip")
 
 // functionality middlewares
 const auth = require("../src/auth")
+const sessions = require("../src/sessions")
 
 const dev_save_coverage = require("./dev_save_coverage")
-const session_middleware = require("./session_middleware")
 
 
 const log = debug("rb:server")
@@ -90,7 +90,8 @@ module.exports = () => {
     credentials: true // IMPORTANT: required to enable set-cookie
   }))
 
-  app.use(session_middleware)
+
+  sessions(app)
 
   app.get("/__/ping", (req, res) => res.json({message: "pong"}))
   app.post("/__/ping", (req, res) => res.json({message: "pong"}))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rpcbase/server",
-  "version": "0.209.0",
+  "version": "0.211.0",
   "license": "SSPL-1.0",
   "main": "./index.js",
   "bin": {
@@ -10,6 +10,7 @@
     "test": "echo \"Error: no test specified\" && exit 0"
   },
   "dependencies": {
+    "@rpcbase/access-control": "0.25.0",
     "@rpcbase/agent": "0.30.0",
     "@rpcbase/std": "0.6.0",
     "bluebird": "3.7.2",

package/rts/index.js

@@ -8,6 +8,9 @@ const sift = require("sift")
 const debug = require("debug")
 const colors = require("picocolors")
 
+const mongoose = require("../mongoose")
+
+
 const log = debug("rb:rts:server")
 
 const is_production = process.env.IS_PRODUCTION === "yes"
@@ -360,65 +363,72 @@ const disconnect_handler = (socket_id, reason) => {
 }
 
 
-const rts_server = (mongoose, session_middleware) => {
-
+const rts_server = (server) => {
   // register the delete plugin
   mongoose.plugin(mongoose_delete_plugin)
   // txn plugin
   mongoose.plugin(mongoose_txn_plugin)
 
+  //
+  const io = new Server(server, {
+    transports: is_production ? ["websocket", "polling"] : ["websocket"],
+    allowUpgrades: true,
+    cors: {
+      // TODO: dynamic client ports
+      // TODO: check if is production
+      origin: `http://localhost:${process.env.CLIENT_PORT}`,
+      methods: ["GET", "POST"],
+      credentials: true,
+    },
+  })
 
-  return async(server) => {
-    //
-    const io = new Server(server, {
-      transports: is_production ? ["websocket", "polling"] : ["websocket"],
-      allowUpgrades: true,
-      cors: {
-        // TODO: dynamic client ports
-        // TODO: check if is production
-        origin: `http://localhost:${process.env.CLIENT_PORT}`,
-        methods: ["GET", "POST"],
-        credentials: true,
-      },
-    })
+  //
+  const has_session_store = process.env.RB_SESSION_STORE === "yes"
 
+  if (has_session_store) {
+    const session_store_middleware = require("../src/sessions/session_store_middleware")
     // socket io session middleware
     io.use((socket, next) => {
-      session_middleware(socket.request, {}, next)
+      session_store_middleware(socket.request, {}, next)
     })
+  } else {
+    const session_proxy_middleware = require("../src/sessions/session_proxy_middleware")
+    // proxy middleware that checks the rb-tenant-id header
+    io.use((socket, next) => {
+      session_proxy_middleware(socket.request, {}, next)
+    })
+  }
 
-    // WARNING: TODO: socket session tmp disabled
-    // io.on('connection', (socket) => {
-    //   const session = socket.request.session;
-    //   session.connections++;
-    //   session.save();
-    // });
-
-    io.on("connection", (socket) => {
-      _sockets[socket.id] = socket
-      console.log("socket connected", socket.id)
-      //
-      socket.on("register_query", (payload) => {
-        add_change_stream(mongoose, socket.id, payload)
-      })
+  // io.on('connection', (socket) => {
+  //   const session = socket.request.session;
+  //   session.connections++;
+  //   session.save();
+  // });
 
-      socket.on("remove_query", (payload) => {
-        remove_query(socket.id, payload)
-      })
+  io.on("connection", (socket) => {
+    _sockets[socket.id] = socket
+    console.log("socket connected", socket.id)
+    //
+    socket.on("register_query", (payload) => {
+      add_change_stream(mongoose, socket.id, payload)
+    })
 
-      socket.on("run_query", (payload) => {
-        try {
-          run_query(mongoose, socket.id, payload)
-        } catch (err) {
-          console.log("run_query caught error", err)
-        }
-      })
+    socket.on("remove_query", (payload) => {
+      remove_query(socket.id, payload)
+    })
 
-      socket.on("disconnect", (reason) => {
-        disconnect_handler(socket.id, reason)
-      })
+    socket.on("run_query", (payload) => {
+      try {
+        run_query(mongoose, socket.id, payload)
+      } catch (err) {
+        console.log("run_query caught error", err)
+      }
     })
-  }
+
+    socket.on("disconnect", (reason) => {
+      disconnect_handler(socket.id, reason)
+    })
+  })
 }
 
 

package/src/auth/check_session.js

@@ -3,10 +3,13 @@ const debug = require("debug")
 
 const User = require("../models/User")
 
-const log = debug("rb:auth:check_session")
+const log = debug("rb:auth")
 log.useColors = true
 
 
+const has_session_store = process.env.RB_SESSION_STORE === "yes"
+
+// TODO: we must separate the check session from the check user exists
 const check_session = async(payload, ctx) => {
   const {req} = ctx
 
@@ -25,7 +28,7 @@ const check_session = async(payload, ctx) => {
   }
   if (!user) {
     is_signed_in = false
-    req.session.destroy(/* TODO: this should take callback */)
+    req.session.destroy?.(/* TODO: this should take callback */)
   }
 
   // TODO: check if user is disabled or blocked

package/src/auth/index.js

@@ -10,32 +10,32 @@ const check_session = require("./check_session")
 
 
 const sign_up_handler = async(req, res) => {
-  const result = await sign_up(req.body, {req})
+  const result = await sign_up(req.body, {req, res})
   res.json(result)
 }
 
 const sign_in_handler = async(req, res) => {
-  const result = await sign_in(req.body, {req})
+  const result = await sign_in(req.body, {req, res})
   res.json(result)
 }
 
 const sign_out_handler = async(req, res) => {
-  const result = await sign_out(req.body, {req})
+  const result = await sign_out(req.body, {req, res})
   res.json(result)
 }
 
 const reset_password_handler = async(req, res) => {
-  const result = await reset_password(req.body, {req})
+  const result = await reset_password(req.body, {req, res})
   res.json(result)
 }
 
 const set_new_password_handler = async(req, res) => {
-  const result = await set_new_password(req.body, {req})
+  const result = await set_new_password(req.body, {req, res})
   res.json(result)
 }
 
 const check_session_handler = async(req, res) => {
-  const result = await check_session(req.body, {req})
+  const result = await check_session(req.body, {req, res})
   res.json(result)
 }
 

package/src/auth/sign_in.js

@@ -4,8 +4,13 @@ const debug = require("debug")
 
 const mongoose = require("../../mongoose")
 
+
 const log = debug("rb:auth:signin")
 
+const has_session_store = process.env.RB_SESSION_STORE === "yes"
+
+const USER_ID_HEADER = "rb-user-id"
+
 const fail = () => ({
   errors: {form: "Invalid email or password"}
 })
@@ -13,7 +18,7 @@ const fail = () => ({
 const sign_in = async({email, password}, ctx) => {
   const User = mongoose.model("User")
 
-  const {req} = ctx
+  const {req, res} = ctx
 
   // find matching user
   const user = await User.findOne({email}, null)
@@ -29,14 +34,14 @@ const sign_in = async({email, password}, ctx) => {
   if (is_match) {
     log("compare_hash is match")
     const user_id = user._id.toString()
-    req.session.user_id = user_id
-    // add email to an array so that in the future
-    // we can support multiple accounts on the same session
-    if (!req.session.user_emails) {
-      req.session.user_emails = []
+
+    if (has_session_store) {
+      req.session.user_id = user_id
+      await req.session.save()
+    } else {
+      // On sign in success, we set this header to tell the reverse-proxy sign in was OK
+      res.setHeader(USER_ID_HEADER, user_id)
     }
-    req.session.user_emails.push(email)
-    await req.session.save()
 
     log("session saved, user is signed in")
 

package/src/models/User.js

@@ -2,14 +2,25 @@
 const mongoose = require("../../mongoose")
 
 const UserSchema = new mongoose.Schema({
-  name: {
+  email: String,
+  first_name: {
     type: String,
     default: "",
   },
-  avatar_url: {
+  last_name: {
+    type: String,
+    default: "",
+  },
+  initials: {
+    type: String,
+    default: "",
+  },
+  avatar_image: {
+    type: String,
+  },
+  avatar_color: {
     type: String,
   },
-  email: String,
   is_email_verified: {
     type: Boolean,
     default: false,

package/src/rpc/rpc_router.js

@@ -30,8 +30,9 @@ const rpc_router = (app) => {
     app.post(`/rpc/${route_path}`, async_wrapper(async(req, res) => {
 
       console.log(`POST /rpc/${route_path}`)
+
       // TODO: add jaegerclient / opentelemetry
-      const result = await rpc_fn(req.body, {req})
+      const result = await rpc_fn(req.body, {req, res})
       res.json(result)
     }))
   })

package/src/sessions/index.js

@@ -0,0 +1,26 @@
+/* @flow */
+const is_development = process.env.NODE_ENV === "development"
+
+module.exports = (app) => {
+  const has_session_store = process.env.RB_SESSION_STORE === "yes"
+
+  if (has_session_store) {
+    console.log("using session store")
+
+    const session_store_middleware = require("./session_store_middleware")
+    app.use(session_store_middleware)
+  } else {
+    console.log("using reverse-proxy sessions")
+
+    // warn the user
+    if (is_development) {
+      app.use(require("./warning_proxy_middleware"))
+    }
+
+
+
+    const session_proxy_middleware = require("./session_proxy_middleware")
+    app.use(session_proxy_middleware)
+  }
+
+}

package/src/sessions/session_proxy_middleware.js

@@ -0,0 +1,18 @@
+/* @flow */
+
+const USER_ID_HEADER = "rb-user-id"
+
+// Production middleware used to retrieve session from the proxy
+const session_proxy_middleware = (req, res, next) => {
+  req.session = {}
+
+  const user_id = req.headers[USER_ID_HEADER]
+  if (user_id) {
+    req.session.user_id = user_id
+  }
+
+  next()
+}
+
+
+module.exports = session_proxy_middleware

package/{express/session_middleware.js → src/sessions/session_store_middleware.js}

@@ -62,9 +62,8 @@ setTimeout(async() => {
     store: new redis_store({client: redis_client}),
     proxy: true,
     saveUninitialized: false,
-    // WARNING
-    // TODO: use session secret from env
-    secret: "session secret wowow",
+    // WARNING DO NOT USE IN PROD
+    secret: "not so secret",
     resave: false,
     cookie: {
       // TODO: set to secure in production

package/src/sessions/warning_proxy_middleware.js

@@ -0,0 +1,16 @@
+/* @flow */
+
+
+const warning_proxy_middleware = (req, res, next) => {
+  const {host} = req.headers
+
+  if (host.startsWith("localhost:")) {
+    res.status(500)
+    res.json({status: "error", message: "are you running with the proxy address ? you shouldn't be using localhost when you are running the app with the reverse proxyy"})
+    return
+  } else {
+    next()
+  }
+}
+
+module.exports = warning_proxy_middleware