@simitgroup/simpleapp-generator 1.6.4-f-alpha → 1.6.4-g-alpha

package/ReleaseNote.md

@@ -1,3 +1,16 @@
+[1.6.5g]
+1. change simpleapp document controller use document name instead of document type
+2. allow use header x-apikey(match env X_APIKEY), x-apisecret (match env X_APISECRET), to by pass access token. which will use robotuser in user context
+3. add support of x-guest-accesstoken (submit by external user source, like parent/student app), it store into usercontext as guestinfo, since appuser = robotuser
+4. Fix document search properties to restrict (required field and sorts)
+
+
+[1.6.5f]
+1. added webhook db
+2. support audit trail
+3. support upload avatar to cloudapi
+4. added html input for simpleapp
+
 [1.2.0]
 1. lot of house keeping
 2. frontend more stable login using keycloak

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simitgroup/simpleapp-generator",
-  "version": "1.6.4f-alpha",
+  "version": "1.6.4g-alpha",
   "description": "frontend nuxtjs and backend nests code generator using jsonschema",
   "main": "dist/index.js",
   "scripts": {

package/templates/basic/nest/controller.ts.eta

@@ -56,9 +56,9 @@ import {UserContext} from '../commons/user.context'
 }
 %>
 <% let superadmindoctype = ['tenant','globaluser'] %>
-const doctype = '<%= it.doctype %>'.toUpperCase();
-@ApiTags(doctype)
-@Controller(doctype.toLowerCase())
+const apiname = '<%= it.typename %>'.toUpperCase();
+@ApiTags(apiname)
+@Controller(apiname.toLowerCase())
 export class <%= it.typename %>Controller extends SimpleAppAbstractController<
   <%= it.typename %>Service,  
   schemas.<%= it.typename%>,

package/templates/nest/.env._eta

@@ -13,6 +13,8 @@ HTTP_PORT=<%=it.configs.backendPort%>
 
 BPMN_PATH=./src/simpleapp/workflows/bpmn/
 
+X_APIKEY=
+X_APISECRET=
 
 OAUTH2_BASEURL=<%=it.configs.oauthSetting ? it.configs.oauthSetting.oauthBaseUrl : ''%>
 

package/templates/nest/src/app.module.ts.eta

@@ -25,6 +25,7 @@ import {
   RoleGuard,
   PolicyEnforcementMode,
 } from 'nest-keycloak-connect';
+import { CustomKeycloakGuard } from './simpleapp/generate/commons/customkeycloak.guard';
 import {RolesGuard} from './simpleapp/generate/commons/roles/roles.guard'
 import { ConfigModule } from '@nestjs/config';
 import { ServeStaticModule } from '@nestjs/serve-static';
@@ -92,11 +93,17 @@ import { EventEmitterModule } from '@nestjs/event-emitter';
     ]),    
       ],
   controllers: [AppController],
-  providers: [AppService,AppResolver,  {
-    provide: APP_INTERCEPTOR,
-    useClass: ResponseInterceptor,  
-  },
-    {provide: APP_GUARD,useClass: AuthGuard,},
+  providers: [
+    AppService,
+    CustomKeycloakGuard,
+    ResourceGuard,
+    AppResolver,  
+    {
+      provide: APP_INTERCEPTOR,
+      useClass: ResponseInterceptor,  
+    },
+  {provide: APP_GUARD,useClass: CustomKeycloakGuard,},
+    // {provide: APP_GUARD,useClass: AuthGuard,},
     {provide: APP_GUARD,useClass: ResourceGuard,},
     {provide: APP_GUARD,useClass: RolesGuard,}
   ],       

package/templates/nest/src/main.ts.eta

@@ -49,9 +49,39 @@ async function bootstrap() {
         },
       },
       'oauth2',
+    ).
+    addApiKey(
+      {
+        in: 'header',
+        name: 'x-apikey',
+        type: 'apiKey',
+        description: 'optional only use for specal case',
+      },
+      'x-apikey',
+    ).addApiKey(
+      {
+        in: 'header',
+        name: 'x-apisecret',
+        type: 'apiKey',
+        description: 'optional only use for specal case',
+      },
+      'x-apisecret',
+    )
+    .addApiKey(
+      {
+        in: 'header',
+        name: 'x-guest-accesstoken',
+        type: 'apiKey',
+        description: 'optional only use for specal case',
+      },
+      'x-guest-accesstoken',
     )
+    
     .addSecurityRequirements('x-org')
     .addSecurityRequirements('oauth2')
+    .addSecurityRequirements('x-apikey')
+    .addSecurityRequirements('x-apisecret')    
+    .addSecurityRequirements('x-guest-accesstoken')    
     .build();
   const document = SwaggerModule.createDocument(app, config);
   SwaggerModule.setup('api', app, document, {

package/templates/nest/src/simpleapp/generate/apischemas/simpleapp.apischema.ts.eta

@@ -7,16 +7,36 @@
 
 import { ApiProperty } from '@nestjs/swagger';
 export class ApiKeyValuePair {
-    @ApiProperty({"type":Object,"required":false,"examples":['{"field1":"1"}'],"default":""} )
-    field1: any
+  @ApiProperty({
+    type: Object,
+    required: false,
+    examples: ['{"field1":"1"}'],
+    default: '',
+  })
+  field1: any;
+}
+export class ApiSearchBody {
+  @ApiProperty({
+    type: Object,
+    required: false,
+    examples: ['{"field1":"1"}'],
+    default: { field1: 'ok', field2: true },
+  })
+  filter?: Object;
+  @ApiProperty({
+    type: [String],
+    required: false,
+    examples: ['["field1","field2"]'],
+    default: ['field1', 'field2'],
+  })
+  fields?: string[];
+  @ApiProperty({
+    type: () => [[String]],
+    required: false,
+    examples: ['[[ "field1", "asc" ]]'],
+    default: [['field1', 'asc']],
+  })
+  sorts?: string[][];
+  @ApiProperty({ type: () => Object, required: false })
+  lookup: Object;
 }
-export class ApiSearchBody{            
-    @ApiProperty({ "type":Object, "required":false, "examples":['{"field1":"1"}'] ,"default":{"field1":"ok","field2":true,}} )
-    filter:  Object;
-    @ApiProperty({"type":[Object],"required":true,"examples":['["field1","field2"]'],"default":["field1","field2"]} )
-    fields:  [Object];
-    @ApiProperty({"type":()=>[Object],"required":true,"examples":['[[ "field1", "asc" ]]'],"default":[[ 'field1', 'asc' ]]} )
-    sorts:  [Object];
-    @ApiProperty({type: () => Object,required: false,})
-    lookup: Object
-}

package/templates/nest/src/simpleapp/generate/commons/customkeycloa.guard.ts.eta

@@ -0,0 +1,43 @@
+/**
+ * This file was automatically generated by simpleapp generator. Every
+ * MODIFICATION OVERRIDE BY GENERATEOR
+ * last change 2024-04-17
+ * Author: Ks Tan
+ */
+import { Injectable, CanActivate, ExecutionContext, UnauthorizedException } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { ResourceGuard } from 'nest-keycloak-connect';
+
+@Injectable()
+export class CustomKeycloakGuard implements CanActivate {
+  constructor(private reflector: Reflector, private resourceGuard: ResourceGuard) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    
+
+    //graphql no http request, exclude from capability of x-apikey
+    if(request?.headers){
+        const apiKey = request.headers['x-apikey'];
+        const apiSecret = request.headers['x-apisecret'];
+        // validate apikey and apisecret at middleware level, reach here mean approved as robot
+        if (apiKey && apiSecret ) {
+          return true;
+        }
+    }
+
+    // If API key is not present, fall back to Keycloak authentication
+    try {
+      const canActivate = await this.resourceGuard.canActivate(context);
+      return canActivate as boolean;
+    } catch (error) {
+      throw new UnauthorizedException('Invalid API key or Keycloak token');
+    }
+  }
+
+  private validateApiKey(apiKey: string, apiSecret: string): boolean {    
+    // Implement your API key and secret validation logic here
+    // This is just a simple example
+    return apiKey === 'your-valid-api-key' && apiSecret === 'your-valid-api-secret';
+  }
+}

package/templates/nest/src/simpleapp/generate/commons/middlewares/tenant.middleware.ts.eta

@@ -56,9 +56,9 @@ export class TenantMiddleware implements NestMiddleware {
 
     if (req.baseUrl == '/graphql') {
       let tokenstr: string = req.headers['authorization'] ?? '';
-      tokenstr = tokenstr.replace('Bearer ', '');      
-      const xorg = req.headers['x-org'] ?? this.defaultxorg;      
-      if (tokenstr) {
+      tokenstr = tokenstr.replace('Bearer ', '');
+      const xorg = req.headers['x-org'] ?? this.defaultxorg;
+      if (tokenstr) {        
         await u.setCurrentUserInfo(tokenstr, xorg);
       }
       req['sessionuser'] = u;
@@ -66,6 +66,33 @@ export class TenantMiddleware implements NestMiddleware {
       return;
     }
     this.logger.debug(`running TenantMiddleware for ${req.baseUrl}`);
+
+    
+    //if APIKEY defined, and there is api key and secret supplied. use robot user
+    if(process.env.X_APIKEY &&req.headers['x-apikey'] && req.headers['x-apisecret']){
+    
+      if(req.headers['x-apikey']==process.env.X_APIKEY &&
+        req.headers['x-apisecret']==process.env.X_APISECRET){        
+
+         u.setAsStaticUser(
+            '00000000-0000-0000-0000-000000000000',
+            'robot',
+            'Robot',
+            'robot@a.org',
+            req.headers['x-org']?? this.defaultxorg
+          );
+        if(req.headers['x-guest-accesstoken']) {
+          u.setGuestToken(<string>req.headers['x-guest-accesstoken']);
+        }
+        req['sessionuser'] = u;
+        next();
+        return;
+      }else{
+        this.logger.log('invalid api key/scret');
+        throw new BadRequestException('invalid api key/scret');
+      }
+    }
+
     if (!req.headers['authorization']) {
       this.logger.log('undefine bearer token');
       return res.status(401).send('Undefine bearer token');
@@ -84,8 +111,7 @@ export class TenantMiddleware implements NestMiddleware {
       let tokenstr: string = req.headers['authorization'];
       tokenstr = tokenstr.replace('Bearer ', '');
 
-      const xorg = req.headers['x-org'] ?? this.defaultxorg;
-
+      const xorg = req.headers['x-org'] ?? this.defaultxorg;      
       await u.setCurrentUserInfo(tokenstr, xorg);
       if (u.getId() == '' && this.requireXorg(req.baseUrl)) {
         this.logger.log('access deny of no user:', req.baseUrl);

package/templates/nest/src/simpleapp/generate/commons/robotuser.service.ts.eta

@@ -11,12 +11,12 @@ import { Model } from 'mongoose';
 import { UserContext } from 'src/simpleapp/generate/commons/user.context';
 import { User } from 'src/simpleapp/services/user.service';
 import { Permission } from 'src/simpleapp/services/perm.service';
-
+const Base64URL = require('@darkwolf/base64url');
 @Injectable()
 export class SimpleAppRobotUserService {
   private systemAccessToken: string;
-  private setToken = (token:string) =>  this.systemAccessToken = token
-  private getToken = ()=>this.systemAccessToken
+  private setToken = (token: string) => (this.systemAccessToken = token);
+  private getToken = () => this.systemAccessToken;
   private expired: string;
   logger = new Logger();
   @InjectModel('User') private readonly usermodel: Model<User>;
@@ -28,7 +28,7 @@ export class SimpleAppRobotUserService {
   }
 
   async init() {
-    await this.refreshSystemToken();
+    // await this.refreshSystemToken();
   }
   async refreshSystemToken() {
     enum GrantType {
@@ -76,25 +76,27 @@ export class SimpleAppRobotUserService {
         return data;
       });
 
-    this.setToken(tokens.access_token)
-    // console.log("access token ",this.getToken())
+    this.setToken(tokens.access_token);
+    console.log("access token ",this.getToken())
     const nextrefresh = tokens.expires_in * 0.8;
     const appuser = this.prepareAppUser(undefined);
-    
-    if(tokens.access_token){
-      setTimeout(async () => {
-        await this.refreshSystemToken();
-      }, nextrefresh * 1000);
-    }
+
+    // if (tokens.access_token) {
+    //   setTimeout(async () => {
+    //     await this.refreshSystemToken();
+    //   }, nextrefresh * 1000);
+    // }
   }
 
   prepareAppUser(data: any) {
+    console.log("prepareAppUserprepareAppUser");
     const appuser = new UserContext(this.usermodel, this.permmodel);
     appuser.setAsStaticUser(
       '00000000-0000-0000-0000-000000000000',
       'robot',
       'Robot',
       'robot@a.org',
+      Base64URL.encodeText('0-0-0')
     );
 
     const tenantId = data?.tenantId ?? 0;
@@ -103,11 +105,7 @@ export class SimpleAppRobotUserService {
 
     appuser.setXorg(appuser.generateXorg(tenantId, orgId, branchId));
     appuser.setUserToken(this.getToken());
-    // console.log(
-    //   'return user ' + appuser.getUname(),
-    //   appuser.getXorg(),
-    //   appuser.getUserToken().length,
-    // );
+  
     return appuser;
   }
 }

package/templates/nest/src/simpleapp/generate/commons/user.context.ts.eta

@@ -58,6 +58,9 @@ export class UserContext {
   protected ssoACL: any = {};
   protected token: string = '';
   protected refreshtoken: string = '';
+  //guest access token obtain from header 'x-guest-accesstoken', during use x-apikey/x-apisecret
+  protected guestToken?: string='';  
+  protected guestInfo:{uid:string,uname:string,fullname:string,email:string} = {uid:'',uname:'',fullname:'',email:''}
   protected groups: string[] = [];
   protected branchCode: string = '';
   protected branchName: string = '';
@@ -110,6 +113,7 @@ export class UserContext {
   getOffsetMinute = () => this.offsetMinute;
   getGroups = () => this.groups;
   getCurrency = () => this.currency;
+  getGuestInfo = () => this.guestInfo;
   getMoreProps = () => this.moreProps;
   getRoles = () => this.roles;
   getModifieds = () => this.modifiedRecords;
@@ -282,10 +286,11 @@ export class UserContext {
     this.uid = tokeninfo?.sub ?? '';
     this.email = tokeninfo?.email ?? '';
     this.uname = tokeninfo?.preferred_username ?? '';
-    this.fullname = tokeninfo?.name ?? [];
+    this.fullname = tokeninfo?.name ?? '';
     this.ssoACL = tokeninfo?.resource_access ?? [];
     this.logger.verbose(`set token ${this.uid}`);
     //read current user from db
+    // console.log("Set User token")
     // console.log("await this.obtainProfileFromDb()")
     const userinfo = await this.obtainProfileFromDb();
     this.logger.verbose(userinfo, 'obtainProfileFromDb result');
@@ -696,6 +701,7 @@ export class UserContext {
     uname: string,
     name: string,
     email: string,
+    xorg:string
   ) => {
     //define token info
     this.token = '';
@@ -704,9 +710,18 @@ export class UserContext {
     this.uname = uname;
     this.fullname = name;
     this.ssoACL = '';
-    this.roles = [Role.Everyone, Role.User];
+    this.roles = [Role.Everyone, Role.User,Role.SuperUser];
+    this.setXorg(xorg);
   };
 
+  setGuestToken(tokenstr:string){
+    const tokeninfo = jwt.decode(tokenstr);   
+    this.guestInfo.uid = tokeninfo?.sub ?? '';
+    this.guestInfo.email = tokeninfo?.email ?? '';
+    this.guestInfo.uname = tokeninfo?.preferred_username ?? '';
+    this.guestInfo.fullname = tokeninfo?.name ?? '';
+      
+  }
   /**
    * define additional properties from user into moreProps
    */