@sustaina/iam-middleware 1.0.1

package/README.md

@@ -0,0 +1,61 @@
+# @sustaina/iam-middleware
+
+## For CD
+add these line in ```kustomization.yaml``` file in ```*-deploy``` repository
+```
+  patch: |-
+    - op: add
+      path: ...
+      value:
+        - secretRef:
+            name: your-secret
+        - secretRef:
+            name: iam-middleware-dev-secret # <--- add this
+            # change dev to -> sit / uat
+```
+now you good to go.
+## Example Usage
+```
+import "dotenv/config";
+import fastify from "fastify";
+import pino from "pino";
+import { AuthMiddleware } from "./auth/AuthMiddleware";
+import { ImplementModeMiddleware } from "./auth/ImplementModeMiddleware";
+
+const logger = pino({
+  level: process.env.LOG_LEVEL || "info",
+  transport: { target: "pino-pretty", options: { colorize: true } },
+});
+
+async function createApp() {
+  const app = fastify();
+
+  const authMiddleware = new AuthMiddleware();
+  const implementMode = new ImplementModeMiddleware();
+
+  // Register standardized routes
+  await app.register(
+    async (appInstance) => {
+      appInstance.get(
+        "/test",
+        {
+          preHandler: [
+            authMiddleware.authenticate.bind(authMiddleware), // required for implementMode.authorise and authMiddleware.permissionGuard
+            implementMode.authorise.bind(implementMode),
+            authMiddleware.permissionGuard([{ access: "canRead", subProgram: "test" }]).bind(authMiddleware),
+          ],
+        },
+        async (request, reply) => {
+          return reply.send({
+            success: true,
+          });
+        }
+      );
+    },
+    { prefix: "/api/v1" }
+  );
+
+  return app;
+}
+
+```

package/dist/auth/AuthMiddleware.d.ts

@@ -0,0 +1,51 @@
+import { FastifyRequest, FastifyReply } from "fastify";
+import { AuthMiddlewareOptions, JwtPayload, UserInfo, PermissionGuardParams } from "../types/AuthTypes";
+import { BaseMiddleware } from "../base/BaseMiddleware";
+declare module "fastify" {
+    interface FastifyRequest {
+        user?: UserInfo;
+        payload?: JwtPayload;
+    }
+}
+export declare class AuthMiddleware extends BaseMiddleware {
+    private readonly jwtSecret;
+    /**
+     * It allows providing the Redis connection through these options
+     * 1. a URL string
+     * 2. a pre-configured Redis client instance.
+     * 3. IAM_REDIS_URL env **(recommended)**
+     *
+     * And provide jwt secret via IAM_JWT_SECRET env **(recommended)**
+     *
+     * @param {AuthMiddlewareOptions} [options.serviceName] - An optional unique name for the service using this middleware.
+     * @param {AuthMiddlewareOptions} [options.redisUrl] - A optional connection URL for the Redis server (e.g., 'redis://localhost:6379').
+     * @param {AuthMiddlewareOptions} [options.redisClient] - A optional pre-configured Redis client instance.
+     * @param {AuthMiddlewareOptions} [options.jwtSecret] - A optional jwt secret.
+     */
+    constructor(options?: AuthMiddlewareOptions);
+    private verifyJwt;
+    private checkAllowList;
+    /**
+     * A middleware to check if jwt token is valid and **populate request object with user and payload info**.
+     * @example
+     * const authMiddleware = new AuthMiddleware()
+     * const prehandler = [authMiddleware.authenticate.bind(authMiddleware)]
+     */
+    authenticate: (request: FastifyRequest, reply: FastifyReply) => Promise<undefined>;
+    private checkPermission;
+    /**
+     * A middleware to check if user has permissions.
+     * @example
+     * const authMiddleware = new AuthMiddleware()
+     * const prehandler = [
+     *    authMiddleware.authenticate.bind(authMiddleware), // required
+     *    authMiddleware.permissionGuard([
+     *      { access: "canRead", subProgram: "sub1" },
+     *      { access: "canRead", subProgram: "sub2" }
+     *     ]).bind(authMiddleware)
+     *    ]
+     */
+    permissionGuard: (params: PermissionGuardParams) => (request: FastifyRequest, reply: FastifyReply) => Promise<undefined>;
+    optionalAuth: (request: FastifyRequest) => Promise<void>;
+}
+//# sourceMappingURL=AuthMiddleware.d.ts.map

package/dist/auth/AuthMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthMiddleware.d.ts","sourceRoot":"","sources":["../../src/auth/AuthMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAIvD,OAAO,EACL,qBAAqB,EACrB,UAAU,EACV,QAAQ,EAER,qBAAqB,EAEtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAKxD,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,CAAC,EAAE,QAAQ,CAAC;QAChB,OAAO,CAAC,EAAE,UAAU,CAAC;KACtB;CACF;AAED,qBAAa,cAAe,SAAQ,cAAc;IAChD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IAEnC;;;;;;;;;;;;OAYG;gBACS,OAAO,CAAC,EAAE,qBAAqB;IAK3C,OAAO,CAAC,SAAS,CAEf;IAEF,OAAO,CAAC,cAAc,CAqBpB;IAEF;;;;;OAKG;IACH,YAAY,GAAU,SAAS,cAAc,EAAE,OAAO,YAAY,wBA8HhE;IAEF,OAAO,CAAC,eAAe,CA2ErB;IAEF;;;;;;;;;;;OAWG;IACH,eAAe,GAAI,QAAQ,qBAAqB,MAAY,SAAS,cAAc,EAAE,OAAO,YAAY,wBAwBtG;IAEF,YAAY,GAAU,SAAS,cAAc,mBAqD3C;CACH"}

package/dist/auth/AuthMiddleware.js

@@ -0,0 +1,312 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthMiddleware = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const api_1 = require("@opentelemetry/api");
+const pino_1 = __importDefault(require("pino"));
+const BaseMiddleware_1 = require("../base/BaseMiddleware");
+const logger = (0, pino_1.default)({ name: "AuthMiddleware" });
+class AuthMiddleware extends BaseMiddleware_1.BaseMiddleware {
+    /**
+     * It allows providing the Redis connection through these options
+     * 1. a URL string
+     * 2. a pre-configured Redis client instance.
+     * 3. IAM_REDIS_URL env **(recommended)**
+     *
+     * And provide jwt secret via IAM_JWT_SECRET env **(recommended)**
+     *
+     * @param {AuthMiddlewareOptions} [options.serviceName] - An optional unique name for the service using this middleware.
+     * @param {AuthMiddlewareOptions} [options.redisUrl] - A optional connection URL for the Redis server (e.g., 'redis://localhost:6379').
+     * @param {AuthMiddlewareOptions} [options.redisClient] - A optional pre-configured Redis client instance.
+     * @param {AuthMiddlewareOptions} [options.jwtSecret] - A optional jwt secret.
+     */
+    constructor(options) {
+        super({ ...options, name: "AuthMiddleware" });
+        this.verifyJwt = (token) => {
+            return jsonwebtoken_1.default.verify(token, this.jwtSecret);
+        };
+        this.checkAllowList = async (payload, token) => {
+            const allowlistKey = `auth:session:${payload.id}`;
+            const tokenJti = payload.jti;
+            if (!tokenJti) {
+                logger.warn({ token }, "Missing jti in token");
+                return false;
+            }
+            try {
+                const jtiInRedis = await this.redisClient.get(allowlistKey);
+                const isAllowlisted = jtiInRedis === tokenJti;
+                logger.debug({ allowlistKey, tokenJti, jtiInRedis, isAllowlisted }, "Checked Token allowlist in Redis");
+                return isAllowlisted;
+            }
+            catch (err) {
+                logger.error({ err, allowlistKey }, "Redis allowlist check failed");
+                throw err;
+            }
+        };
+        /**
+         * A middleware to check if jwt token is valid and **populate request object with user and payload info**.
+         * @example
+         * const authMiddleware = new AuthMiddleware()
+         * const prehandler = [authMiddleware.authenticate.bind(authMiddleware)]
+         */
+        this.authenticate = async (request, reply) => {
+            const tracer = api_1.trace.getTracer(this.serviceName);
+            const span = tracer.startSpan("AuthMiddleware.authenticate");
+            try {
+                const authHeader = request.headers.authorization;
+                if (!authHeader || !authHeader.startsWith("Bearer ")) {
+                    span.setAttributes({
+                        "error.type": "missing_token",
+                        "error.message": "No authorization token provided",
+                    });
+                    logger.warn({ url: request.url }, "Authentication failed: No token provided");
+                    return reply.status(401).send({
+                        error: "Authentication Error",
+                        message: "Authorization token is required",
+                    });
+                }
+                const token = authHeader.substring(7);
+                // Verify JWT token
+                let payload;
+                try {
+                    payload = this.verifyJwt(token);
+                    request.payload = payload;
+                }
+                catch (jwtError) {
+                    span.setAttributes({
+                        "error.type": "invalid_token",
+                        "error.message": "Token verification failed",
+                    });
+                    logger.warn({
+                        url: request.url,
+                        error: jwtError instanceof Error ? jwtError.message : "Unknown JWT error",
+                    }, "Authentication failed: Invalid token");
+                    return reply.status(401).send({
+                        error: "Authentication Error",
+                        message: "Invalid or expired token",
+                    });
+                }
+                // Validate payload structure
+                if (!payload.id ||
+                    !payload.name ||
+                    !payload.email ||
+                    !payload.tenantId ||
+                    !payload.type ||
+                    !payload.tenantLocale ||
+                    !payload.passwordPolicy ||
+                    payload.isDenyPasswordChange === undefined ||
+                    payload.isPasswordSendEmail === undefined) {
+                    span.setAttributes({
+                        "error.type": "invalid_payload",
+                        "error.message": "Token payload is incomplete",
+                    });
+                    logger.warn({ url: request.url, payload }, "Authentication failed: Invalid token payload");
+                    return reply.status(401).send({
+                        error: "Authentication Error",
+                        message: "Invalid token payload",
+                    });
+                }
+                // Check allowlist (Redis)
+                try {
+                    const result = await this.checkAllowList(payload, token);
+                    if (!result) {
+                        return reply.status(401).send({
+                            error: "Authentication Error",
+                            message: "Token is not in allow list",
+                        });
+                    }
+                }
+                catch (error) {
+                    logger.error({ error: error.message, url: request.url }, "Token validation failed in AuthMiddleware");
+                    return reply.status(500).send({
+                        error: "Internal Server Error",
+                        message: "Error while checking token validity",
+                    });
+                }
+                // Attach user info to request
+                request.user = {
+                    id: payload.id,
+                    name: payload.name,
+                    email: payload.email,
+                    type: payload.type,
+                };
+                span.setAttributes({
+                    "user.id": payload.id,
+                    "user.email": payload.email,
+                    "user.name": payload.name,
+                    "user.username": payload.username,
+                    "auth.success": true,
+                });
+                logger.debug({
+                    userId: payload.id,
+                    email: payload.email,
+                    url: request.url,
+                }, "User authenticated successfully");
+            }
+            catch (error) {
+                span.recordException(error);
+                span.setAttributes({
+                    "error.type": "middleware_error",
+                });
+                logger.error({ error, url: request.url }, "Error in authentication middleware");
+                return reply.status(500).send({
+                    error: "Internal Server Error",
+                    message: "Authentication service error",
+                });
+            }
+            finally {
+                span.end();
+            }
+        };
+        this.checkPermission = async ({ userId, access, subProgram }, reply, payload) => {
+            // skip if user is admin
+            if (payload.type === "administrator") {
+                return;
+            }
+            try {
+                const redis = this.redisClient;
+                const pipeline = redis.multi();
+                const cacheKey = `auth:permission:${subProgram.replace(/\s+/g, "")}:${userId}`;
+                const get = await redis.get(cacheKey);
+                const accessKey = get ? JSON.parse(get) : null;
+                if (!accessKey) {
+                    return reply.status(403).send({
+                        error: "PermissionNotFound",
+                        message: `Permission not found for subprogram ${subProgram}`,
+                    });
+                }
+                await pipeline.exec();
+                const ErrorCustom = (message) => reply.status(403).send({
+                    error: "PermissionDenied",
+                    message,
+                });
+                switch (access) {
+                    case "canCreate":
+                        if (!accessKey.canCreate) {
+                            return ErrorCustom("Permission denied: cannot create");
+                        }
+                        break;
+                    case "canRead":
+                        if (!accessKey.canRead) {
+                            return ErrorCustom("Permission denied: cannot read");
+                        }
+                        break;
+                    case "canEdit":
+                        if (!accessKey.canEdit) {
+                            return ErrorCustom("Permission denied: cannot edit");
+                        }
+                        break;
+                    case "canDelete":
+                        if (!accessKey.canDelete) {
+                            return ErrorCustom("Permission denied: cannot delete");
+                        }
+                        break;
+                    case "canNotify":
+                        if (!accessKey.canNotify) {
+                            return ErrorCustom("Permission denied: cannot notify");
+                        }
+                        break;
+                    case "canCreateDraft":
+                        if (!accessKey.canCreateDraft) {
+                            return ErrorCustom("Permission denied: cannot create draft");
+                        }
+                        break;
+                    default:
+                        return ErrorCustom(`Unknown access type: ${access}`);
+                }
+            }
+            catch (err) {
+                logger.error({ err, userId }, "Failed to check user tenant permissions");
+                return reply.status(500).send({
+                    error: "Internal Server Error",
+                    message: "Redis error while checking permissions",
+                });
+            }
+        };
+        /**
+         * A middleware to check if user has permissions.
+         * @example
+         * const authMiddleware = new AuthMiddleware()
+         * const prehandler = [
+         *    authMiddleware.authenticate.bind(authMiddleware), // required
+         *    authMiddleware.permissionGuard([
+         *      { access: "canRead", subProgram: "sub1" },
+         *      { access: "canRead", subProgram: "sub2" }
+         *     ]).bind(authMiddleware)
+         *    ]
+         */
+        this.permissionGuard = (params) => async (request, reply) => {
+            let pool = [];
+            if (!Array.isArray(params)) {
+                pool = [params];
+            }
+            else {
+                pool = params;
+            }
+            if (!request.user) {
+                logger.error("permissionGuard: no user info from AuthMiddleware.authenticate");
+                return reply.status(401).send({ error: "Authentication Error", message: "User not authenticated" });
+            }
+            await Promise.all(pool.map((v) => this.checkPermission({
+                userId: request.user.id,
+                subProgram: v.subProgram,
+                access: v.access,
+            }, reply, request.payload)));
+        };
+        this.optionalAuth = async (request) => {
+            const tracer = api_1.trace.getTracer(this.serviceName);
+            const span = tracer.startSpan("AuthMiddleware.optionalAuth");
+            try {
+                const authHeader = request.headers.authorization;
+                if (!authHeader || !authHeader.startsWith("Bearer ")) {
+                    span.setAttributes({
+                        "auth.optional": true,
+                        "auth.token_present": false,
+                    });
+                    return;
+                }
+                const token = authHeader.substring(7);
+                try {
+                    const payload = this.verifyJwt(token);
+                    if (payload.id &&
+                        payload.name &&
+                        payload.email &&
+                        payload.tenantId &&
+                        payload.type &&
+                        payload.tenantLocale &&
+                        payload.passwordPolicy &&
+                        payload.isDenyPasswordChange !== undefined &&
+                        payload.isPasswordSendEmail !== undefined) {
+                        request.user = { id: payload.id, name: payload.name, email: payload.email, type: payload.type };
+                        span.setAttributes({
+                            "auth.optional": true,
+                            "auth.token_present": true,
+                            "user.id": payload.id,
+                        });
+                    }
+                }
+                catch (jwtError) {
+                    logger.debug({ error: jwtError }, "Optional auth: Invalid token provided");
+                    span.setAttributes({
+                        "auth.optional": true,
+                        "auth.token_present": true,
+                        "auth.token_valid": false,
+                    });
+                }
+            }
+            catch (error) {
+                span.recordException(error);
+                logger.error({ error: error.message || error }, "Error in optional authentication middleware");
+            }
+            finally {
+                span.end();
+            }
+        };
+        this.jwtSecret = options?.jwtSecret ?? process.env.IAM_JWT_SECRET ?? "your_secret";
+    }
+}
+exports.AuthMiddleware = AuthMiddleware;
+//# sourceMappingURL=AuthMiddleware.js.map

package/dist/auth/AuthMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthMiddleware.js","sourceRoot":"","sources":["../../src/auth/AuthMiddleware.ts"],"names":[],"mappings":";;;;;;AACA,gEAA+B;AAC/B,4CAA2C;AAC3C,gDAAwB;AASxB,2DAAwD;AAExD,MAAM,MAAM,GAAG,IAAA,cAAI,EAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;AAUhD,MAAa,cAAe,SAAQ,+BAAc;IAGhD;;;;;;;;;;;;OAYG;IACH,YAAY,OAA+B;QACzC,KAAK,CAAC,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAIxC,cAAS,GAAG,CAAC,KAAa,EAAc,EAAE;YAChD,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAe,CAAC;QACzD,CAAC,CAAC;QAEM,mBAAc,GAAG,KAAK,EAAE,OAAmB,EAAE,KAAc,EAAoB,EAAE;YACvF,MAAM,YAAY,GAAG,gBAAgB,OAAO,CAAC,EAAE,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC;YAE7B,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,sBAAsB,CAAC,CAAC;gBAC/C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAE5D,MAAM,aAAa,GAAG,UAAU,KAAK,QAAQ,CAAC;gBAE9C,MAAM,CAAC,KAAK,CAAC,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,EAAE,kCAAkC,CAAC,CAAC;gBAExG,OAAO,aAAa,CAAC;YACvB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,EAAE,8BAA8B,CAAC,CAAC;gBACpE,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC,CAAC;QAEF;;;;;WAKG;QACH,iBAAY,GAAG,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;YACpE,MAAM,MAAM,GAAG,WAAK,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;YAE7D,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;gBAEjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACrD,IAAI,CAAC,aAAa,CAAC;wBACjB,YAAY,EAAE,eAAe;wBAC7B,eAAe,EAAE,iCAAiC;qBACnD,CAAC,CAAC;oBACH,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,0CAA0C,CAAC,CAAC;oBAC9E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC5B,KAAK,EAAE,sBAAsB;wBAC7B,OAAO,EAAE,iCAAiC;qBAC3C,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAEtC,mBAAmB;gBACnB,IAAI,OAAmB,CAAC;gBACxB,IAAI,CAAC;oBACH,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAChC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBAC5B,CAAC;gBAAC,OAAO,QAAQ,EAAE,CAAC;oBAClB,IAAI,CAAC,aAAa,CAAC;wBACjB,YAAY,EAAE,eAAe;wBAC7B,eAAe,EAAE,2BAA2B;qBAC7C,CAAC,CAAC;oBACH,MAAM,CAAC,IAAI,CACT;wBACE,GAAG,EAAE,OAAO,CAAC,GAAG;wBAChB,KAAK,EAAE,QAAQ,YAAY,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB;qBAC1E,EACD,sCAAsC,CACvC,CAAC;oBACF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC5B,KAAK,EAAE,sBAAsB;wBAC7B,OAAO,EAAE,0BAA0B;qBACpC,CAAC,CAAC;gBACL,CAAC;gBAED,6BAA6B;gBAC7B,IACE,CAAC,OAAO,CAAC,EAAE;oBACX,CAAC,OAAO,CAAC,IAAI;oBACb,CAAC,OAAO,CAAC,KAAK;oBACd,CAAC,OAAO,CAAC,QAAQ;oBACjB,CAAC,OAAO,CAAC,IAAI;oBACb,CAAC,OAAO,CAAC,YAAY;oBACrB,CAAC,OAAO,CAAC,cAAc;oBACvB,OAAO,CAAC,oBAAoB,KAAK,SAAS;oBAC1C,OAAO,CAAC,mBAAmB,KAAK,SAAS,EACzC,CAAC;oBACD,IAAI,CAAC,aAAa,CAAC;wBACjB,YAAY,EAAE,iBAAiB;wBAC/B,eAAe,EAAE,6BAA6B;qBAC/C,CAAC,CAAC;oBACH,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE,8CAA8C,CAAC,CAAC;oBAC3F,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC5B,KAAK,EAAE,sBAAsB;wBAC7B,OAAO,EAAE,uBAAuB;qBACjC,CAAC,CAAC;gBACL,CAAC;gBAED,0BAA0B;gBAC1B,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACzD,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BAC5B,KAAK,EAAE,sBAAsB;4BAC7B,OAAO,EAAE,4BAA4B;yBACtC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EACrD,2CAA2C,CAC5C,CAAC;oBACF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC5B,KAAK,EAAE,uBAAuB;wBAC9B,OAAO,EAAE,qCAAqC;qBAC/C,CAAC,CAAC;gBACL,CAAC;gBAED,8BAA8B;gBAC9B,OAAO,CAAC,IAAI,GAAG;oBACb,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC;gBAEF,IAAI,CAAC,aAAa,CAAC;oBACjB,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,YAAY,EAAE,OAAO,CAAC,KAAK;oBAC3B,WAAW,EAAE,OAAO,CAAC,IAAI;oBACzB,eAAe,EAAE,OAAO,CAAC,QAAQ;oBACjC,cAAc,EAAE,IAAI;iBACrB,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,CACV;oBACE,MAAM,EAAE,OAAO,CAAC,EAAE;oBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,GAAG,EAAE,OAAO,CAAC,GAAG;iBACjB,EACD,iCAAiC,CAClC,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,eAAe,CAAC,KAAc,CAAC,CAAC;gBACrC,IAAI,CAAC,aAAa,CAAC;oBACjB,YAAY,EAAE,kBAAkB;iBACjC,CAAC,CAAC;gBAEH,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,oCAAoC,CAAC,CAAC;gBAEhF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,uBAAuB;oBAC9B,OAAO,EAAE,8BAA8B;iBACxC,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,CAAC;QACH,CAAC,CAAC;QAEM,oBAAe,GAAG,KAAK,EAC7B,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAyB,EACrD,KAAmB,EACnB,OAAmB,EACnB,EAAE;YACF,wBAAwB;YACxB,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBACrC,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC;gBAC/B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;gBAE/B,MAAM,QAAQ,GAAG,mBAAmB,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC;gBAE/E,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACtC,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAE/C,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC5B,KAAK,EAAE,oBAAoB;wBAC3B,OAAO,EAAE,uCAAuC,UAAU,EAAE;qBAC7D,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEtB,MAAM,WAAW,GAAG,CAAC,OAAe,EAAE,EAAE,CACtC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACrB,KAAK,EAAE,kBAAkB;oBACzB,OAAO;iBACR,CAAC,CAAC;gBAEL,QAAQ,MAAM,EAAE,CAAC;oBACf,KAAK,WAAW;wBACd,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;4BACzB,OAAO,WAAW,CAAC,kCAAkC,CAAC,CAAC;wBACzD,CAAC;wBACD,MAAM;oBACR,KAAK,SAAS;wBACZ,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;4BACvB,OAAO,WAAW,CAAC,gCAAgC,CAAC,CAAC;wBACvD,CAAC;wBACD,MAAM;oBACR,KAAK,SAAS;wBACZ,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;4BACvB,OAAO,WAAW,CAAC,gCAAgC,CAAC,CAAC;wBACvD,CAAC;wBACD,MAAM;oBACR,KAAK,WAAW;wBACd,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;4BACzB,OAAO,WAAW,CAAC,kCAAkC,CAAC,CAAC;wBACzD,CAAC;wBACD,MAAM;oBACR,KAAK,WAAW;wBACd,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;4BACzB,OAAO,WAAW,CAAC,kCAAkC,CAAC,CAAC;wBACzD,CAAC;wBACD,MAAM;oBACR,KAAK,gBAAgB;wBACnB,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;4BAC9B,OAAO,WAAW,CAAC,wCAAwC,CAAC,CAAC;wBAC/D,CAAC;wBACD,MAAM;oBACR;wBACE,OAAO,WAAW,CAAC,wBAAwB,MAAM,EAAE,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,yCAAyC,CAAC,CAAC;gBACzE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,uBAAuB;oBAC9B,OAAO,EAAE,wCAAwC;iBAClD,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC;QAEF;;;;;;;;;;;WAWG;QACH,oBAAe,GAAG,CAAC,MAA6B,EAAE,EAAE,CAAC,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;YAC1G,IAAI,IAAI,GAAyB,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,IAAI,GAAG,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAClB,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBAC/E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;YACtG,CAAC;YACD,MAAM,OAAO,CAAC,GAAG,CACf,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACb,IAAI,CAAC,eAAe,CAClB;gBACE,MAAM,EAAE,OAAO,CAAC,IAAK,CAAC,EAAE;gBACxB,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,MAAM,EAAE,CAAC,CAAC,MAAM;aACjB,EACD,KAAK,EACL,OAAO,CAAC,OAAqB,CAC9B,CACF,CACF,CAAC;QACJ,CAAC,CAAC;QAEF,iBAAY,GAAG,KAAK,EAAE,OAAuB,EAAE,EAAE;YAC/C,MAAM,MAAM,GAAG,WAAK,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;YAE7D,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;gBAEjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACrD,IAAI,CAAC,aAAa,CAAC;wBACjB,eAAe,EAAE,IAAI;wBACrB,oBAAoB,EAAE,KAAK;qBAC5B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAEtC,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAEtC,IACE,OAAO,CAAC,EAAE;wBACV,OAAO,CAAC,IAAI;wBACZ,OAAO,CAAC,KAAK;wBACb,OAAO,CAAC,QAAQ;wBAChB,OAAO,CAAC,IAAI;wBACZ,OAAO,CAAC,YAAY;wBACpB,OAAO,CAAC,cAAc;wBACtB,OAAO,CAAC,oBAAoB,KAAK,SAAS;wBAC1C,OAAO,CAAC,mBAAmB,KAAK,SAAS,EACzC,CAAC;wBACD,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;wBAEhG,IAAI,CAAC,aAAa,CAAC;4BACjB,eAAe,EAAE,IAAI;4BACrB,oBAAoB,EAAE,IAAI;4BAC1B,SAAS,EAAE,OAAO,CAAC,EAAE;yBACtB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,OAAO,QAAQ,EAAE,CAAC;oBAClB,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,uCAAuC,CAAC,CAAC;oBAC3E,IAAI,CAAC,aAAa,CAAC;wBACjB,eAAe,EAAE,IAAI;wBACrB,oBAAoB,EAAE,IAAI;wBAC1B,kBAAkB,EAAE,KAAK;qBAC1B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,eAAe,CAAC,KAAc,CAAC,CAAC;gBACrC,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,IAAI,KAAK,EAAE,EAAE,6CAA6C,CAAC,CAAC;YAC5G,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,GAAG,EAAE,CAAC;YACb,CAAC;QACH,CAAC,CAAC;QA5UA,IAAI,CAAC,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,aAAa,CAAC;IACrF,CAAC;CA4UF;AA/VD,wCA+VC"}

package/dist/auth/ImplementModeMiddleware.d.ts

@@ -0,0 +1,26 @@
+import { FastifyRequest, FastifyReply } from "fastify";
+import { BaseMiddleware } from "../base/BaseMiddleware";
+import { ImplementModeMiddlewareOptions } from "../types/AuthTypes";
+export declare class ImplementModeMiddleware extends BaseMiddleware {
+    /**
+     * It allows providing the Redis connection through these options
+     * 1. a URL string
+     * 2. a pre-configured Redis client instance.
+     * 3. IAM_REDIS_URL env **(recommended)**
+     *
+     * @param {AuthMiddlewareOptions} [options.serviceName] - An optional unique name for the service using this middleware.
+     * @param {AuthMiddlewareOptions} [options.redisUrl] - A optional connection URL for the Redis server (e.g., 'redis://localhost:6379').
+     * @param {AuthMiddlewareOptions} [options.redisClient] - A optional pre-configured Redis client instance.
+     */
+    constructor(options?: ImplementModeMiddlewareOptions);
+    private generateTenantImplementModeKey;
+    /**
+     * A middleware to check if server is in implement mode.
+     * Only admin can access resources in implement mode.
+     * @example
+     * const implModeMiddleware = new ImplementModeMiddleware()
+     * const prehandler = [implModeMiddleware.authorise.bind(implModeMiddleware)]
+     */
+    authorise(request: FastifyRequest, reply: FastifyReply): Promise<FastifyReply | undefined>;
+}
+//# sourceMappingURL=ImplementModeMiddleware.d.ts.map

package/dist/auth/ImplementModeMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ImplementModeMiddleware.d.ts","sourceRoot":"","sources":["../../src/auth/ImplementModeMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAKvD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAKpE,qBAAa,uBAAwB,SAAQ,cAAc;IACzD;;;;;;;;;OASG;gBACS,OAAO,CAAC,EAAE,8BAA8B;IAIpD,OAAO,CAAC,8BAA8B;IAItC;;;;;;OAMG;IACG,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;CAuDjG"}

package/dist/auth/ImplementModeMiddleware.js

@@ -0,0 +1,77 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ImplementModeMiddleware = void 0;
+const api_1 = require("@opentelemetry/api");
+const pino_1 = __importDefault(require("pino"));
+const config_1 = require("../shared/config");
+const errors_1 = require("../errors");
+const BaseMiddleware_1 = require("../base/BaseMiddleware");
+const RedisClient_1 = require("../infrastructure/RedisClient");
+const logger = (0, pino_1.default)({ name: "ImplementModeMiddleware" });
+class ImplementModeMiddleware extends BaseMiddleware_1.BaseMiddleware {
+    /**
+     * It allows providing the Redis connection through these options
+     * 1. a URL string
+     * 2. a pre-configured Redis client instance.
+     * 3. IAM_REDIS_URL env **(recommended)**
+     *
+     * @param {AuthMiddlewareOptions} [options.serviceName] - An optional unique name for the service using this middleware.
+     * @param {AuthMiddlewareOptions} [options.redisUrl] - A optional connection URL for the Redis server (e.g., 'redis://localhost:6379').
+     * @param {AuthMiddlewareOptions} [options.redisClient] - A optional pre-configured Redis client instance.
+     */
+    constructor(options) {
+        super({ ...options, name: "ImplementModeMiddleware" });
+    }
+    generateTenantImplementModeKey(tenantId) {
+        return RedisClient_1.RedisClient.generateKey("tenant", "implement-mode", `${tenantId}`);
+    }
+    /**
+     * A middleware to check if server is in implement mode.
+     * Only admin can access resources in implement mode.
+     * @example
+     * const implModeMiddleware = new ImplementModeMiddleware()
+     * const prehandler = [implModeMiddleware.authorise.bind(implModeMiddleware)]
+     */
+    async authorise(request, reply) {
+        const tracer = api_1.trace.getTracer(config_1.SERVICE_NAME);
+        const span = tracer.startSpan("ImplementModeMiddleware.authorise");
+        try {
+            if (!request.payload?.tenantId) {
+                throw new errors_1.CustomError("ImplementModeMiddleware: Missing tenant info from AuthMiddleware.authenticate", 401, "ImplementModeMiddlewareMissingTenantIdError", "middleware_error", "User not authenticated");
+            }
+            if (!request.user) {
+                throw new errors_1.CustomError("ImplementModeMiddleware: Missing user info from AuthMiddleware.authenticate", 401, "ImplementModeMiddlewareMissingUserError", "middleware_error", "User not authenticated");
+            }
+            // check if user is admin
+            if (request.user.type === "administrator") {
+                return; // do nothing and progress to next handler
+            }
+            // check cache
+            let implementMode = false;
+            // this key is set by authentication-service or authentication-system-settings-consumer-services
+            const key = this.generateTenantImplementModeKey(request.payload.tenantId);
+            let raw = await this.redisClient.get(key);
+            if (raw === null) {
+                logger.info(`cache miss on ${key}`);
+                raw = "false"; // force to false by default
+            }
+            const cached = JSON.parse(raw);
+            if (!(typeof cached === "boolean")) {
+                throw new Error(`Invalid value type for key: ${key}`);
+            }
+            implementMode = cached;
+            // if implementMode is on
+            if (implementMode) {
+                throw new errors_1.CustomError("ImplementModeMiddleware: Permission Denied, Application is on implement mode", 403, "ImplementModeMiddlewarePermissionDeniedError", "middleware_error", "Application is on implement mode");
+            }
+        }
+        catch (error) {
+            return (0, errors_1.ErrorResponse)(error, reply, span, logger);
+        }
+    }
+}
+exports.ImplementModeMiddleware = ImplementModeMiddleware;
+//# sourceMappingURL=ImplementModeMiddleware.js.map

package/dist/auth/ImplementModeMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ImplementModeMiddleware.js","sourceRoot":"","sources":["../../src/auth/ImplementModeMiddleware.ts"],"names":[],"mappings":";;;;;;AACA,4CAA2C;AAC3C,gDAAwB;AACxB,6CAAgD;AAChD,sCAAuD;AACvD,2DAAwD;AAExD,+DAA4D;AAE5D,MAAM,MAAM,GAAG,IAAA,cAAI,EAAC,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC,CAAC;AAEzD,MAAa,uBAAwB,SAAQ,+BAAc;IACzD;;;;;;;;;OASG;IACH,YAAY,OAAwC;QAClD,KAAK,CAAC,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC,CAAC;IACzD,CAAC;IAEO,8BAA8B,CAAC,QAAgB;QACrD,OAAO,yBAAW,CAAC,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,GAAG,QAAQ,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,SAAS,CAAC,OAAuB,EAAE,KAAmB;QAC1D,MAAM,MAAM,GAAG,WAAK,CAAC,SAAS,CAAC,qBAAY,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;gBAC/B,MAAM,IAAI,oBAAW,CACnB,+EAA+E,EAC/E,GAAG,EACH,6CAA6C,EAC7C,kBAAkB,EAClB,wBAAwB,CACzB,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAClB,MAAM,IAAI,oBAAW,CACnB,6EAA6E,EAC7E,GAAG,EACH,yCAAyC,EACzC,kBAAkB,EAClB,wBAAwB,CACzB,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBAC1C,OAAO,CAAC,0CAA0C;YACpD,CAAC;YACD,cAAc;YACd,IAAI,aAAa,GAAG,KAAK,CAAC;YAC1B,gGAAgG;YAChG,MAAM,GAAG,GAAG,IAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC1E,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC;gBACpC,GAAG,GAAG,OAAO,CAAC,CAAC,4BAA4B;YAC7C,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,CAAC,CAAC,OAAO,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,aAAa,GAAG,MAAM,CAAC;YACvB,yBAAyB;YACzB,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,oBAAW,CACnB,8EAA8E,EAC9E,GAAG,EACH,8CAA8C,EAC9C,kBAAkB,EAClB,kCAAkC,CACnC,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAA,sBAAa,EAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;CACF;AAjFD,0DAiFC"}

package/dist/base/BaseMiddleware.d.ts

@@ -0,0 +1,15 @@
+import "dotenv/config";
+import { RedisClientType } from "redis";
+import { BaseOptions } from "../types/AuthTypes";
+import { Logger } from "pino";
+export declare class BaseMiddleware {
+    readonly logger: Logger;
+    protected redisClient: RedisClientType;
+    protected serviceName: string;
+    constructor(options: BaseOptions & {
+        name: string;
+    });
+    private setupRedisClient;
+    private useSingletonClient;
+}
+//# sourceMappingURL=BaseMiddleware.d.ts.map

package/dist/base/BaseMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseMiddleware.d.ts","sourceRoot":"","sources":["../../src/base/BaseMiddleware.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAC;AACvB,OAAO,EAAgB,eAAe,EAAE,MAAM,OAAO,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAa,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAIpC,qBAAa,cAAc;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,WAAW,EAAG,eAAe,CAAC;IACxC,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC;gBAElB,OAAO,EAAE,WAAW,GAAG;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE;YAerC,gBAAgB;YAqBhB,kBAAkB;CAGjC"}

package/dist/base/BaseMiddleware.js

@@ -0,0 +1,50 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseMiddleware = void 0;
+require("dotenv/config");
+const redis_1 = require("redis");
+const pino_1 = __importDefault(require("pino"));
+const config_1 = require("../shared/config");
+const RedisClient_1 = require("../infrastructure/RedisClient");
+class BaseMiddleware {
+    constructor(options) {
+        this.logger = (0, pino_1.default)({ name: options.name });
+        this.serviceName = options.serviceName ?? config_1.SERVICE_NAME;
+        if ("redisUrl" in options && options.redisUrl) {
+            this.setupRedisClient(options.redisUrl);
+        }
+        else if ("redisClient" in options && options.redisClient) {
+            if (!options.redisClient.isOpen) {
+                options.redisClient.connect();
+            }
+            this.redisClient = options.redisClient;
+        }
+        else {
+            this.useSingletonClient();
+        }
+    }
+    async setupRedisClient(redisUrl) {
+        this.redisClient = (0, redis_1.createClient)({
+            url: redisUrl,
+            socket: process.env.NODE_ENV !== "local" ? { tls: true, rejectUnauthorized: false } : undefined,
+        });
+        this.redisClient.on("error", (err) => {
+            this.logger.error(err, "Redis client error");
+        });
+        this.redisClient.on("connect", () => {
+            this.logger.info("Redis client connected");
+        });
+        this.redisClient.on("disconnect", () => {
+            this.logger.info("Redis client disconnected");
+        });
+        await this.redisClient.connect();
+    }
+    async useSingletonClient() {
+        this.redisClient = await RedisClient_1.RedisClient.getInstance();
+    }
+}
+exports.BaseMiddleware = BaseMiddleware;
+//# sourceMappingURL=BaseMiddleware.js.map

package/dist/base/BaseMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseMiddleware.js","sourceRoot":"","sources":["../../src/base/BaseMiddleware.ts"],"names":[],"mappings":";;;;;;AAAA,yBAAuB;AACvB,iCAAsD;AAEtD,gDAAoC;AACpC,6CAAgD;AAChD,+DAA4D;AAE5D,MAAa,cAAc;IAKzB,YAAY,OAAuC;QACjD,IAAI,CAAC,MAAM,GAAG,IAAA,cAAI,EAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,qBAAY,CAAC;QACvD,IAAI,UAAU,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC9C,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,aAAa,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YAC3D,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAChC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAA8B,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QAC7C,IAAI,CAAC,WAAW,GAAG,IAAA,oBAAY,EAAC;YAC9B,GAAG,EAAE,QAAQ;YACb,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS;SAChG,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,YAAY,EAAE,GAAG,EAAE;YACrC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,IAAI,CAAC,WAAW,GAAG,MAAM,yBAAW,CAAC,WAAW,EAAE,CAAC;IACrD,CAAC;CACF;AA5CD,wCA4CC"}

package/dist/domain/entities/AggregateRoot.d.ts

@@ -0,0 +1,17 @@
+import { DomainEvent } from "../event/DomainEvent";
+export declare abstract class AggregateRoot {
+    readonly id: string;
+    readonly createdAt: Date;
+    updatedAt: Date;
+    private _domainEvents;
+    private _version;
+    constructor(id: string, createdAt?: Date, updatedAt?: Date);
+    get version(): number;
+    get domainEvents(): ReadonlyArray<DomainEvent>;
+    protected addDomainEvent(event: DomainEvent): void;
+    clearDomainEvents(): void;
+    protected applyEvent(event: DomainEvent): void;
+    static replayEvents<T extends AggregateRoot>(aggregateClass: new (...args: any[]) => T, events: DomainEvent[]): T;
+    protected abstract when(event: DomainEvent): void;
+}
+//# sourceMappingURL=AggregateRoot.d.ts.map