@rpcbase/server 0.380.0 → 0.381.0

package/package.json

@@ -1,88 +1,31 @@
 {
   "name": "@rpcbase/server",
-  "version": "0.380.0",
-  "license": "SSPL-1.0",
-  "main": "./index.js",
+  "version": "0.381.0",
+  "type": "module",
+  "main": "./src/index.ts",
   "scripts": {
-    "test": "../../node_modules/.bin/wireit"
-  },
-  "publishConfig": {
-    "registry": "https://registry.npmjs.org/"
+    "build": "tsc --watch",
+    "release": "wireit"
   },
   "wireit": {
-    "build-firebase": {
-      "command": "webpack -c firebase/webpack.config.js",
-      "files": [
-        "firebase/entry*.js",
-        "firebase/webpack.config.js"
-      ],
-      "output": [
-        "firebase/index.js",
-        "firebase/sw.js"
-      ]
-    },
-    "build": {
-      "dependencies": [
-        "build-firebase"
-      ]
-    },
-    "test": {
-      "command": "echo 'no tests specified, exiting'",
+    "release": {
+      "command": "../../scripts/publish.js",
+      "dependencies": [],
       "files": [
-        "**/*.js",
-        "!coverage/",
-        "!node_modules/"
+        "package.json"
       ],
-      "output": [
-        "coverage/"
-      ]
-    },
-    "apply-version": {
-      "command": "node ../../scripts/prflow/apply-prerelease-versions.js $BRANCH_NAME",
+      "output": [],
       "env": {
-        "BRANCH_NAME": {
+        "NPM_RELEASE_CHANNEL": {
           "external": true
         }
       }
-    },
-    "release": {
-      "command": "npm publish --tag $NPM_RELEASE_CHANNEL | tee publish-output.txt",
-      "dependencies": [
-        "test",
-        "apply-version"
-      ],
-      "files": [
-        "package.json"
-      ],
-      "output": [
-        "publish-output.txt"
-      ]
     }
   },
   "dependencies": {
-    "@elastic/elasticsearch": "8.15.1",
-    "@sentry/node": "8.36.0",
-    "bluebird": "3.7.2",
-    "body-parser": "1.20.3",
-    "bull": "4.16.3",
-    "connect-redis": "7.1.1",
-    "cors": "2.8.5",
-    "debug": "4.3.7",
-    "dotenv": "16.4.5",
-    "express": "4.21.1",
+    "connect-redis": "8.0.1",
     "express-session": "1.18.1",
-    "firebase-admin": "12.7.0",
-    "lodash": "4.17.21",
-    "mkdirp": "3.0.1",
-    "mongoose": "8.7.3",
-    "openai": "4.69.0",
-    "pdf2pic": "3.1.3",
-    "picocolors": "1.1.1",
-    "postmark": "4.0.5",
-    "redis": "4.7.0",
-    "request-ip": "3.3.0",
-    "sift": "17.1.3",
-    "socket.io": "4.8.1",
-    "validator": "13.12.0"
-  }
+    "redis": "4.7.0"
+  },
+  "devDependencies": {}
 }

package/src/getDerivedKey.ts

@@ -0,0 +1,20 @@
+import assert from "assert"
+import { hkdfSync } from "crypto"
+
+
+export const getDerivedKey = (
+  masterKey: string,
+  info: string,
+  length: number = 32, // Default to 256-bit keys
+  salt: string = "",
+): string => {
+  assert(masterKey?.length > 32, "MASTER_KEY must be longer than 32 chars.")
+
+  return Buffer.from(hkdfSync(
+    "sha256",
+    masterKey,
+    Buffer.from(salt),
+    Buffer.from(info),
+    length,
+  )).toString("hex")
+}

package/src/hashPassword.ts

@@ -0,0 +1,24 @@
+import { scrypt } from "crypto"
+
+
+export async function hashPassword(password: string, salt: string): Promise<Buffer> {
+  const keyLength = 64 // Length of the derived key
+  const options = {
+    N: 8192, // CPU/memory cost parameter
+    r: 8,    // Block size
+    p: 1     // Parallelization factor
+  }
+
+  // Return a Promise-wrapped scrypt call
+  const derivedKey = await new Promise<Buffer>((resolve, reject) => {
+    scrypt(password, salt, keyLength, options, (err, derivedKey) => {
+      if (err) {
+        reject(err)
+      } else {
+        resolve(derivedKey)
+      }
+    })
+  })
+
+  return derivedKey
+}

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from "./initServer"
+export * from "./getDerivedKey"
+export * from "./hashPassword"

package/src/initServer.ts

@@ -0,0 +1,68 @@
+import { Application } from "express"
+import session, { SessionOptions } from "express-session"
+import {RedisStore} from "connect-redis"
+import {createClient} from  "redis"
+
+import { getDerivedKey } from "./getDerivedKey"
+
+
+const SESSION_STORE_HOST = "localhost"
+const SESSION_STORE_PORT = "6379"
+
+const isProduction = process.env.NODE_ENV === "production"
+
+
+export const initServer =  async (app: Application, serverEnv: { [key: string]: string | undefined }) => {
+
+  const sessionSecret = getDerivedKey(serverEnv.MASTER_KEY!, "express_session_key")
+
+  const reconnectStrategy = (retries: number) => {
+    console.log("redis_client::reconnectStrategy::retrying with arg", retries)
+    if (retries < 5) {
+      console.log("retry count:", retries, "retrying in 1s")
+      return 4000
+    } else {
+      return new Error("max retries expiered")
+    }
+  }
+
+  const redisClient = createClient({
+    socket: {
+      host: SESSION_STORE_HOST,
+      port: Number(SESSION_STORE_PORT),
+      reconnectStrategy,
+      connectTimeout: 10000,
+      keepAlive: 0,
+    },
+  })
+
+  redisClient.on("ready", () => {
+    console.log("session-storage::redis_client connected")
+  })
+
+  redisClient.on("error", (error) => {
+    console.log("session-storage::redis_client ERROR", error)
+  })
+
+  redisClient.connect()
+
+  const sessionConfig: SessionOptions = {
+    name: "session",
+    store: new RedisStore({client: redisClient}),
+    proxy: true,
+    resave: false,
+    saveUninitialized: false,
+    secret: sessionSecret,
+    cookie: {
+      maxAge: 1000 * 3600 * 24 * 90 // 90 days
+    },
+  }
+
+  if (isProduction) {
+    sessionConfig.cookie!.secure = true
+    // sessionConfig.cookie.domain = ""
+  }
+
+  app.use(session(sessionConfig))
+
+}

package/src/types/index.ts

@@ -0,0 +1,7 @@
+
+
+export type SessionUser = {
+  id: string;
+  current_tenant_id: string;
+  signed_in_tenants: string[];
+}

package/src/types/session.d.ts

@@ -0,0 +1,10 @@
+// types/session.d.ts
+import "express-session"
+
+import { SessionUser } from "./index";
+
+declare module "express-session" {
+  interface SessionData {
+    user?: SessionUser;
+  }
+}

package/boot/server.js

@@ -1,36 +0,0 @@
-/* @flow */
-// MUST COME FIRST!
-require("./shared")
-//
-const rb_server_plugin = require("rb-plugin-server")
-
-const http = require("http")
-
-const {client_router, express} = require("../")
-
-const {init_rts} = require("../rts")
-
-
-const {SERVER_PORT} = process.env
-
-const app = express()
-const server = http.createServer(app)
-
-init_rts(server)
-
-rb_server_plugin.default(app)
-
-client_router(app)
-
-server.listen(SERVER_PORT, "0.0.0.0", () => {
-  console.log(`listening on 0.0.0.0:${SERVER_PORT}`)
-})
-
-// graceful exit handler
-process.on("SIGTERM", () => {
-  server.close(() => {
-    process.exit(0)
-  })
-})
-
-module.exports = app

package/boot/shared.js

@@ -1,17 +0,0 @@
-/* @flow */
-if (typeof __RB_IS_WEBPACK__ === "undefined") {
-  throw new Error("cannot run without webpack bundling")
-}
-
-require("@rpcbase/std/extend-expect")
-
-const mongoose = require("../mongoose")
-
-require("../src/models")
-
-require("../src/access-control")(mongoose)
-
-const {database, firebase} = require("../")
-
-database()
-firebase.setup()

package/boot/worker.js

@@ -1,37 +0,0 @@
-/* @flow */
-require("./shared")
-
-require("rb-plugin-worker")
-require("../src/tasks")
-
-const register_queue_listener = require("../queue/register_queue_listener")
-
-const queue = require("../queue")
-
-
-queue.start()
-
-let _queue_listener
-
-register_queue_listener()
-  .then((arg) => {
-    _queue_listener = arg
-  })
-
-
-const handle_graceful_exit = async() => {
-  const close_fns = [
-    queue.instance().close,
-  ]
-
-  if (_queue_listener) {
-    close_fns.push(_queue_listener.close)
-  }
-
-  await Promise.allSettled(close_fns.map(fn => fn()))
-
-  process.exit(0)
-}
-
-process.on("SIGTERM", handle_graceful_exit)
-// process.on("SIGINT", handle_graceful_exit)

package/constants/keys.ts

@@ -1 +0,0 @@
-export const SEARCH_INDEX_PREFIX = "rb-indexer"

package/database.js

@@ -1,96 +0,0 @@
-/* @flow */
-const isPort = require("validator/lib/isPort")
-
-// const {is_docker} = require("@rpcbase/std")
-const is_docker = () => true
-
-const mongoose = require("./mongoose")
-
-const pack = require("./package.json")
-
-// load internal models
-require("./src/models/User")
-require("./src/models/Invite")
-require("./src/models/ResetPasswordToken")
-
-
-const {RB_APP_NAME, DATABASE_PORT} = process.env
-
-
-// database can be set by env variable or passed as paramaters to
-
-if (typeof DATABASE_PORT !== "string" || !isPort(DATABASE_PORT)) {
-  throw new Error("expected DATABASE_PORT to be a valid port number")
-}
-
-if (typeof RB_APP_NAME !== "string") {
-  throw new Error("expected RB_APP_NAME in env to be a string")
-}
-
-
-const get_mongo_url = () => {
-  const conn_suffix = `?directConnection=true&replicaSet=rs0`
-
-  let url
-
-  // connect via tcp in docker
-  if (is_docker()) {
-    const hostname = "database" // "127.0.0.1"
-    url = `mongodb://${hostname}:${DATABASE_PORT}/${conn_suffix}`
-  }
-  // when running natively, prefer the unix socket
-  else {
-    const uds_root_path = `/tmp/sockets-${RB_APP_NAME}/`
-    url = `mongodb://${encodeURIComponent(uds_root_path)}mongodb-${DATABASE_PORT}.sock`
-  }
-
-  return url
-}
-
-
-module.exports = async() => {
-  // set listeners before attempting to connect
-  mongoose.connection.on("connected", () => {
-    console.log("mongoose connected")
-  })
-
-  mongoose.connection.on("disconnected", (arg) => {
-    // TODO: add tracing
-    console.log("Mongoose disconnected", arg)
-  })
-
-  // TODO: should we be retrying in dev only
-  mongoose.connection.on("error", (err) => {
-    // replicaSet has no primary, retry connecting in a moment
-    console.log("mongoose connection error", err)
-  })
-
-  const mongo_url = get_mongo_url()
-  console.log("connect mongo_url", mongo_url)
-
-  const connect_opts = {
-    dbName: RB_APP_NAME,
-    minPoolSize: 8,
-    // maxPoolSize: 1024 * 1024,
-    // TODO: setting this to a low value adds ~3s delay to requests... WHY
-    maxPoolSize: 512,
-    family: 4, // force ipv4
-    driverInfo: {
-      name: `${pack.name}/database`,
-      version: pack.version,
-    }
-  }
-
-  // INFO: on reconnects
-  // https://jira.mongodb.org/browse/NODE-834?focusedCommentId=1412582&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1412582
-  // The driver will fail on first connect if it cannot connect to the host. This is by design to ensure quick failure on unreachable hosts. Reconnect behavior only kicks in once the driver has performed the initial connect.
-  try {
-    await mongoose.connect(mongo_url, connect_opts)
-  } catch (err) {
-    // TODO: handle error ?
-    console.log("mongoose connect SERVER GOT ERROR")
-    console.log(err)
-    console.log("JSON:", JSON.stringify(err, null, 2))
-    console.log("resaon", err.reason)
-  }
-}

package/express/custom_cors.js

@@ -1,80 +0,0 @@
-/* @flow */
-const debug = require("debug")
-const cors = require("cors")
-
-
-const log = debug("rb:cors")
-
-
-const {RB_SKIP_CORS_PATHS, NODE_ENV, APP_DOMAIN, CLIENT_PORT} = process.env
-
-const is_production = NODE_ENV === "production"
-
-const custom_cors = (app) => {
-
-  const skip_paths = (RB_SKIP_CORS_PATHS || "").split(",").filter((p) => !!p)
-
-  // CORS
-  const cors_origins = is_production ?
-    // https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard-subdomains-ports-and-protocols
-    // production
-    [
-      `https://www.${APP_DOMAIN}`,
-      `https://${APP_DOMAIN}`,
-      `https://admin.${APP_DOMAIN}`,
-      // This is used for the posthog player to retrieve the css and assets files
-      `https://app.posthog.com`,
-      `https://eu.posthog.com`,
-    ] :
-    // local dev origins
-    // TODO: fixme, make this dynamic!
-    [
-      `http://127.0.0.1:${CLIENT_PORT}`,
-      `http://localhost:${CLIENT_PORT}`,
-      // `http://192.168.1.83:${CLIENT_PORT}`,
-      // `http://192.168.1.140:${CLIENT_PORT}`,
-      `http://admin.localhost:${CLIENT_PORT}`,
-      // TODO: WARNING: TMP hardcoded port
-      "http://127.0.0.1:8090", // TMP: used by inspected app from admin
-      "http://127.0.0.1:8091", // TMP: used by inspected app from admin
-      "http://127.0.0.1:9292", // TMP
-      // disgusting, sort this out
-      "http://localhost:8090", // TMP: used by inspected app from admin
-      "http://localhost:8091", // TMP: used by inspected app from admin
-      "http://localhost:9292", // TMP
-      // posthog
-      `https://app.posthog.com`,
-      `https://eu.posthog.com`,
-    ]
-
-    if (APP_DOMAIN) {
-      cors_origins.push(`http://${APP_DOMAIN}`)
-      cors_origins.push(`https://${APP_DOMAIN}`)
-    }
-
-  log("cors origins", JSON.stringify(cors_origins, null, 2))
-
-  const cors_middleware = cors({
-    origin: cors_origins,
-    methods: ["GET", "POST"],
-    credentials: true, // IMPORTANT: required to enable set-cookie
-    preflightContinue: false,
-    maxAge: 3600, // 1h, (TODO: set to 24h in prod when stable)
-  })
-
-  // TODO: can this be removed ??
-  app.use((req, res, next) => {
-    for (const skip_path of skip_paths) {
-      if (req.url.startsWith(skip_path)) {
-        log("skip path", req.url)
-        next()
-        return
-      }
-    }
-
-    cors_middleware(req, res, next)
-  })
-
-}
-
-module.exports = custom_cors

package/express/dev_save_coverage.js

@@ -1,18 +0,0 @@
-/* @flow */
-const debug = require("debug")
-
-const log = debug("rb:coverage")
-
-
-const is_production = process.env.NODE_ENV === "production"
-
-module.exports = (app) => {
-  app.post("/api/__dev_save_coverage", (req, res) => {
-    if (is_production) {
-      console.warn("refusing to save coverage in production")
-      return res.status(500).end()
-    }
-    // log("sending coverage for", req.body.path_key)
-    res.json(global.__coverage__)
-  })
-}

package/express/index.js

@@ -1,93 +0,0 @@
-/* @flow */
-const debug = require("debug")
-const express = require("express")
-const body_parser = require("body-parser")
-const request_ip = require("request-ip")
-const Sentry = require("@sentry/node")
-
-// functional middlewares
-const auth = require("../src/auth")
-const api = require("../src/api")
-const files = require("../src/files")
-const sessions = require("../src/sessions")
-
-const dev_save_coverage = require("./dev_save_coverage")
-const custom_cors = require("./custom_cors")
-const setup_handlers = require("./setup_handlers")
-
-
-const log = debug("rb:server")
-
-const {APP_DOMAIN, NODE_ENV, SENTRY_DSN, CLIENT_PORT} = process.env
-
-const is_production = NODE_ENV === "production"
-
-const has_sentry = !!SENTRY_DSN
-
-// TODO: document this
-// we could have a larger size, but it's good practice to keep it small to prevent body upload ddos attacks
-const BODY_MAX_SIZE_MB = 16
-
-
-log("server is production:", JSON.stringify(is_production))
-
-module.exports = () => {
-
-  const app = express()
-
-  setup_handlers(app)
-
-  if (has_sentry && is_production) {
-    Sentry.init({
-      dsn: SENTRY_DSN,
-      integrations: [
-        // enable HTTP calls tracing
-        new Sentry.Integrations.Http({
-          tracing: true
-        }),
-        // enable Express.js middleware tracing
-        new Sentry.Integrations.Express({
-          app
-        }),
-      ],
-      // Performance Monitoring
-      tracesSampleRate: 0.5, // Capture 100% of the transactions, reduce in production!,
-    })
-
-    // Trace incoming requests
-    app.use(Sentry.Handlers.requestHandler())
-    app.use(Sentry.Handlers.tracingHandler())
-  }
-
-  app.use(request_ip.mw())
-
-  app.use(body_parser.json({limit: `${BODY_MAX_SIZE_MB}mb`}))
-
-  app.set("trust proxy", 1)
-
-  app.disable("x-powered-by")
-
-  // tmp disable aggressive caching
-  app.set("etag", false)
-
-  app.use((req, res, next) => {
-    res.set("Cache-Control", "no-store")
-    next()
-  })
-
-  custom_cors(app)
-
-  const pong_res = {app: `app_name:${JSON.stringify(process.env.RB_APP_NAME)}`, message: "pong"}
-  app.get("/__ping", (req, res) => res.json(pong_res))
-  app.post("/__ping", (req, res) => res.json(pong_res))
-
-  sessions(app)
-
-  auth(app)
-  api(app)
-  files(app)
-
-  dev_save_coverage(app)
-
-  return app
-}

package/express/setup_handlers.js

@@ -1,49 +0,0 @@
-/* @flow */
-
-const setup_handlers = (app) => {
-  const original_get = app.get.bind(app)
-  const original_post = app.post.bind(app)
-
-  // function to sequentially execute handlers
-  function apply_handlers(handlers, req, res, next) {
-    const handler = handlers.shift()
-    if (handler) {
-      Promise.resolve(handler(req, res, function(err) {
-        if (err) {
-          return next(err)
-        }
-        apply_handlers(handlers, req, res, next)
-      })).catch(next)
-    } else {
-      next()
-    }
-  }
-
-  // app.get
-  app.get = function (path, ...handlers) {
-    original_get(path, (req, res, next) => apply_handlers([...handlers], req, res, next))
-  }
-
-  // app.post
-  app.post = function (path, ...handlers) {
-    original_post(path, (req, res, next) => apply_handlers([...handlers], req, res, next))
-  }
-
-  // app.handler
-  app.handler = (path, fn) => {
-
-    const resolved_fn = typeof fn === "function" ? fn : fn.default
-
-    app.post(path, async (req, res, next) => {
-      try {
-        const result = await resolved_fn(req.body, {req, res})
-        res.json(result)
-      } catch (err) {
-        next(err)
-      }
-    })
-  }
-
-}
-
-module.exports = setup_handlers

package/files.ts

@@ -1 +0,0 @@
-export * from "./src/files/finalize_file_upload"