@takaro/http 0.0.1

package/dist/middleware/rateLimit.js

@@ -0,0 +1,65 @@
+import { Redis } from '@takaro/db';
+import { logger, errors, ctx } from '@takaro/util';
+import { RateLimiterRes, RateLimiterRedis, RateLimiterMemory } from 'rate-limiter-flexible';
+export async function createRateLimitMiddleware(opts) {
+    const log = logger('http:rateLimit');
+    const redis = await Redis.getClient('http:rateLimit', {
+        // Legacy mode is required for rate-limiter-flexible which isn't updated
+        // to use the new v4 redis API.
+        // See: https://github.com/animir/node-rate-limiter-flexible/wiki/Redis#usage
+        legacyMode: true,
+    });
+    // We create a randomHash to use in Redis keys
+    // This makes sure that each endpoint can get different rate limits without too much hassle
+    const randomHash = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+    let rateLimiter;
+    if (opts.useInMemory) {
+        rateLimiter = new RateLimiterMemory({
+            points: opts.max,
+            duration: opts.windowSeconds,
+            keyPrefix: `http:rateLimit:${opts.keyPrefix ? opts.keyPrefix : randomHash}`,
+        });
+    }
+    else {
+        rateLimiter = new RateLimiterRedis({
+            points: opts.max,
+            duration: opts.windowSeconds,
+            storeClient: redis,
+            keyPrefix: `http:rateLimit:${opts.keyPrefix ? opts.keyPrefix : randomHash}`,
+        });
+    }
+    return async (req, res, next) => {
+        const ctxData = ctx.data;
+        let limitedKey = null;
+        if (ctxData.user) {
+            limitedKey = ctxData.user;
+        }
+        else {
+            // TODO: should handle case ip is undefined
+            limitedKey = req.ip;
+        }
+        let rateLimiterRes = null;
+        try {
+            rateLimiterRes = await rateLimiter.consume(limitedKey);
+        }
+        catch (err) {
+            if (err instanceof RateLimiterRes) {
+                rateLimiterRes = err;
+                log.warn(`rate limited, try again in ${err.msBeforeNext}ms`);
+            }
+            else {
+                throw err;
+            }
+        }
+        if (rateLimiterRes) {
+            res.set('X-RateLimit-Limit', opts.max.toString());
+            res.set('X-RateLimit-Remaining', rateLimiterRes.remainingPoints.toString());
+            res.set('X-RateLimit-Reset', rateLimiterRes.msBeforeNext.toString());
+            if (rateLimiterRes.remainingPoints === 0) {
+                next(new errors.TooManyRequestsError());
+            }
+        }
+        return next();
+    };
+}
+//# sourceMappingURL=rateLimit.js.map

package/dist/middleware/rateLimit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rateLimit.js","sourceRoot":"","sources":["../../src/middleware/rateLimit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAS5F,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAAiC;IAC/E,MAAM,GAAG,GAAG,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,gBAAgB,EAAE;QACpD,wEAAwE;QACxE,+BAA+B;QAC/B,6EAA6E;QAC7E,UAAU,EAAE,IAAI;KACjB,CAAC,CAAC;IAEH,8CAA8C;IAC9C,2FAA2F;IAC3F,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE7G,IAAI,WAAiD,CAAC;IAEtD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,WAAW,GAAG,IAAI,iBAAiB,CAAC;YAClC,MAAM,EAAE,IAAI,CAAC,GAAG;YAChB,QAAQ,EAAE,IAAI,CAAC,aAAa;YAC5B,SAAS,EAAE,kBAAkB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE;SAC5E,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,IAAI,gBAAgB,CAAC;YACjC,MAAM,EAAE,IAAI,CAAC,GAAG;YAChB,QAAQ,EAAE,IAAI,CAAC,aAAa;YAC5B,WAAW,EAAE,KAAK;YAClB,SAAS,EAAE,kBAAkB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,EAAE;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,UAAU,GAAG,IAAI,CAAC;QACtB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,2CAA2C;YAC3C,UAAU,GAAG,GAAG,CAAC,EAAG,CAAC;QACvB,CAAC;QAED,IAAI,cAAc,GAA0B,IAAI,CAAC;QAEjD,IAAI,CAAC;YACH,cAAc,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;gBAClC,cAAc,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,IAAI,CAAC,8BAA8B,GAAG,CAAC,YAAY,IAAI,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,cAAc,EAAE,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClD,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,cAAc,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC5E,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;YAErE,IAAI,cAAc,CAAC,eAAe,KAAK,CAAC,EAAE,CAAC;gBACzC,IAAI,CAAC,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/util/apiResponse.d.ts

@@ -0,0 +1,36 @@
+import { TakaroDTO } from '@takaro/util';
+import { ValidationError as ClassValidatorError } from 'class-validator';
+import { Request, Response } from 'express';
+declare class ErrorOutput {
+    code?: string;
+    message?: string;
+    details?: string | ClassValidatorError[];
+}
+declare class MetadataOutput {
+    serverTime: string;
+    error?: ErrorOutput;
+    /**
+     * The page number of the response
+     */
+    page?: number;
+    /**
+     * The number of items returned in the response (aka page size)
+     */
+    limit?: number;
+    /**
+     * The total number of items in the collection
+     */
+    total?: number;
+}
+export declare class APIOutput<T> extends TakaroDTO<APIOutput<T>> {
+    meta: MetadataOutput;
+    data: T;
+}
+interface IApiResponseOptions {
+    error?: Error;
+    meta?: Record<string, string | number>;
+    req: Request;
+    res: Response;
+}
+export declare function apiResponse(data?: unknown, opts?: IApiResponseOptions): APIOutput<unknown>;
+export {};

package/dist/util/apiResponse.js

@@ -0,0 +1,100 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { errors, isTakaroDTO, TakaroDTO } from '@takaro/util';
+import { Type } from 'class-transformer';
+import { IsISO8601, IsNumber, IsOptional, ValidateNested } from 'class-validator';
+import { IsString } from 'class-validator';
+class ErrorOutput {
+}
+__decorate([
+    IsString(),
+    __metadata("design:type", String)
+], ErrorOutput.prototype, "code", void 0);
+__decorate([
+    IsString(),
+    __metadata("design:type", String)
+], ErrorOutput.prototype, "message", void 0);
+__decorate([
+    IsString(),
+    __metadata("design:type", Object)
+], ErrorOutput.prototype, "details", void 0);
+class MetadataOutput {
+}
+__decorate([
+    IsString(),
+    IsISO8601(),
+    __metadata("design:type", String)
+], MetadataOutput.prototype, "serverTime", void 0);
+__decorate([
+    Type(() => ErrorOutput),
+    ValidateNested(),
+    __metadata("design:type", ErrorOutput)
+], MetadataOutput.prototype, "error", void 0);
+__decorate([
+    IsNumber(),
+    IsOptional(),
+    __metadata("design:type", Number)
+], MetadataOutput.prototype, "page", void 0);
+__decorate([
+    IsNumber(),
+    IsOptional(),
+    __metadata("design:type", Number)
+], MetadataOutput.prototype, "limit", void 0);
+__decorate([
+    IsNumber(),
+    IsOptional(),
+    __metadata("design:type", Number)
+], MetadataOutput.prototype, "total", void 0);
+export class APIOutput extends TakaroDTO {
+}
+__decorate([
+    Type(() => MetadataOutput),
+    ValidateNested(),
+    __metadata("design:type", MetadataOutput)
+], APIOutput.prototype, "meta", void 0);
+export function apiResponse(data = {}, opts) {
+    const returnVal = new APIOutput();
+    returnVal.meta = new MetadataOutput();
+    returnVal.data = {};
+    if (opts?.error) {
+        returnVal.meta.error = new ErrorOutput();
+        returnVal.meta.error.code = String(opts.error.name);
+        if ('details' in opts.error) {
+            if (opts.error instanceof errors.ValidationError) {
+                returnVal.meta.error.details = opts.error.details;
+            }
+            else {
+                returnVal.meta.error.details = opts.error.details;
+            }
+        }
+        returnVal.meta.error.message = String(opts.error.message);
+    }
+    if (opts?.meta) {
+        returnVal.meta.page = opts?.res.locals.page;
+        returnVal.meta.limit = opts?.res.locals.limit;
+        returnVal.meta.total = opts?.meta.total;
+    }
+    if (isTakaroDTO(data)) {
+        returnVal.data = data.toJSON();
+    }
+    else if (Array.isArray(data)) {
+        returnVal.data = data.map((item) => {
+            if (isTakaroDTO(item)) {
+                return item.toJSON();
+            }
+            return item;
+        });
+    }
+    else {
+        returnVal.data = data;
+    }
+    return returnVal;
+}
+//# sourceMappingURL=apiResponse.js.map

package/dist/util/apiResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apiResponse.js","sourceRoot":"","sources":["../../src/util/apiResponse.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAClF,OAAO,EAAE,QAAQ,EAA0C,MAAM,iBAAiB,CAAC;AAGnF,MAAM,WAAW;CAShB;AAPC;IADC,QAAQ,EAAE;;yCACG;AAGd;IADC,QAAQ,EAAE;;4CACM;AAGjB;IADC,QAAQ,EAAE;;4CAC8B;AAG3C,MAAM,cAAc;CA6BnB;AA1BC;IAFC,QAAQ,EAAE;IACV,SAAS,EAAE;;kDACQ;AAIpB;IAFC,IAAI,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC;IACvB,cAAc,EAAE;8BACT,WAAW;6CAAC;AAOpB;IAFC,QAAQ,EAAE;IACV,UAAU,EAAE;;4CACC;AAOd;IAFC,QAAQ,EAAE;IACV,UAAU,EAAE;;6CACE;AAOf;IAFC,QAAQ,EAAE;IACV,UAAU,EAAE;;6CACE;AAEjB,MAAM,OAAO,SAAa,SAAQ,SAAuB;CAMxD;AAHC;IAFC,IAAI,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC;IAC1B,cAAc,EAAE;8BACV,cAAc;uCAAC;AAYxB,MAAM,UAAU,WAAW,CAAC,OAAgB,EAAE,EAAE,IAA0B;IACxE,MAAM,SAAS,GAAG,IAAI,SAAS,EAAW,CAAC;IAE3C,SAAS,CAAC,IAAI,GAAG,IAAI,cAAc,EAAE,CAAC;IACtC,SAAS,CAAC,IAAI,GAAG,EAAE,CAAC;IAEpB,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;QAChB,SAAS,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC;QAEzC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,SAAS,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,IAAI,CAAC,KAAK,YAAY,MAAM,CAAC,eAAe,EAAE,CAAC;gBACjD,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAgC,CAAC;YAC7E,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAiB,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;QACf,SAAS,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;QAC5C,SAAS,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC;QAC9C,SAAS,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,EAAE,IAAI,CAAC,KAAe,CAAC;IACpD,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IACjC,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACjC,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;YACvB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,SAAS,CAAC,IAAI,GAAG,IAAI,CAAC;IACxB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@takaro/http",
+  "version": "0.0.1",
+  "description": "An opinionated http server",
+  "main": "dist/main.js",
+  "types": "dist/main.d.ts",
+  "type": "module",
+  "scripts": {
+    "start:dev": "tsc --watch --preserveWatchOutput -p ./tsconfig.build.json",
+    "build": "tsc -p ./tsconfig.build.json",
+    "test": "npm run test:unit --if-present && npm run test:integration --if-present",
+    "test:unit": "mocha --config ../../.mocharc.js src/**/*.unit.test.ts --exit",
+    "test:integration": "mocha --config ../../.mocharc.js src/**/*.integration.test.ts --exit"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@takaro/config": "0.0.1",
+    "@takaro/util": "0.0.1",
+    "body-parser": "^1.20.0",
+    "class-validator-jsonschema": "^3.1.1",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "express": "^4.18.1",
+    "i": "^0.3.7",
+    "rate-limiter-flexible": "^2.4.1",
+    "zod": "^3.17.10"
+  },
+  "devDependencies": {
+    "@takaro/test": "0.0.1",
+    "@types/cookie-parser": "^1.4.3",
+    "@types/cors": "^2.8.12",
+    "@types/express": "^4.17.13",
+    "supertest": "6.3.4"
+  }
+}

package/src/app.ts

@@ -0,0 +1,104 @@
+import 'reflect-metadata';
+import express, { Application } from 'express';
+import { logger, errors, Sentry } from '@takaro/util';
+import { getBullBoard } from '@takaro/queues';
+import { Server, createServer } from 'http';
+import { RoutingControllersOptions, useExpressServer } from 'routing-controllers';
+import { Meta } from './controllers/meta.js';
+import { LoggingMiddleware } from './middleware/logger.js';
+import { ErrorHandler } from './middleware/errorHandler.js';
+import bodyParser from 'body-parser';
+import cors from 'cors';
+import cookieParser from 'cookie-parser';
+import { metricsMiddleware } from './main.js';
+import { paginationMiddleware } from './middleware/paginationMiddleware.js';
+
+interface IHTTPOptions {
+  port?: number;
+  allowedOrigins?: string[];
+}
+
+export class HTTP {
+  private app: Application;
+  private httpServer: Server;
+  private logger;
+
+  constructor(options: RoutingControllersOptions = {}, private httpOptions: IHTTPOptions = {}) {
+    this.logger = logger('http');
+    this.app = express();
+    this.httpServer = createServer(this.app);
+    this.app.use(Sentry.Handlers.requestHandler());
+    this.app.use(
+      bodyParser.json({
+        verify: (req, res, buf) => {
+          (req as any).rawBody = buf.toString();
+        },
+      })
+    );
+    this.app.use(LoggingMiddleware);
+    this.app.use(metricsMiddleware);
+    this.app.use(paginationMiddleware);
+    this.app.set('x-powered-by', false);
+    this.app.use(
+      cors({
+        credentials: true,
+        exposedHeaders: ['X-Trace-Id'],
+        origin: (origin: string | undefined, callback: CallableFunction) => {
+          if (!origin) return callback(null, true);
+          const allowedOrigins = this.httpOptions.allowedOrigins ?? [];
+          if (!origin || allowedOrigins.includes(origin)) {
+            callback(null, true);
+          } else {
+            this.logger.warn(`Origin ${origin} not allowed by CORS`);
+            callback(new errors.BadRequestError('Not allowed by CORS'));
+          }
+        },
+      })
+    );
+    this.app.use(cookieParser());
+
+    if (options.controllers) {
+      useExpressServer(this.app, {
+        ...options,
+        defaultErrorHandler: false,
+        validation: { whitelist: true, forbidNonWhitelisted: true },
+        // eslint-disable-next-line @typescript-eslint/ban-types
+        controllers: [Meta, ...(options.controllers as Function[])],
+      });
+    } else {
+      useExpressServer(this.app, {
+        ...options,
+        defaultErrorHandler: false,
+        controllers: [Meta],
+        validation: { whitelist: true, forbidNonWhitelisted: true },
+      });
+    }
+
+    this.app.use('/queues', getBullBoard());
+
+    this.app.use(Sentry.Handlers.errorHandler());
+
+    this.app.use(ErrorHandler);
+  }
+
+  get expressInstance() {
+    return this.app;
+  }
+
+  get server() {
+    return this.httpServer;
+  }
+
+  async start() {
+    this.httpServer = this.httpServer.listen(this.httpOptions.port, () => {
+      this.logger.info(`HTTP server listening on port ${this.httpOptions.port}`);
+    });
+  }
+
+  async stop() {
+    if (this.httpServer) {
+      this.httpServer.close();
+      this.logger.info('HTTP server stopped');
+    }
+  }
+}

package/src/controllers/__tests__/meta.integration.test.ts

@@ -0,0 +1,29 @@
+import { HTTP } from '../../app.js';
+import supertest from 'supertest';
+import { expect } from '@takaro/test';
+
+describe('app', () => {
+  let http: HTTP;
+  before(async () => {
+    http = new HTTP({}, { port: undefined });
+    await http.start();
+  });
+
+  after(async () => {
+    await http.stop();
+  });
+
+  it('Serves a health status', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    const response = await supertest(http.expressInstance).get('/healthz');
+    expect(response.status).to.be.equal(200);
+  });
+
+  it('Serves a open api spec', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    const response = await supertest(http.expressInstance).get('/openapi.json');
+    expect(response.status).to.be.equal(200);
+  });
+});

package/src/controllers/defaultMetadatastorage.d.ts

@@ -0,0 +1,5 @@
+declare module 'class-transformer/cjs/storage.js' {
+  import type { MetadataStorage } from 'class-transformer/types/MetadataStorage';
+
+  export const defaultMetadataStorage: MetadataStorage;
+}

package/src/controllers/meta.ts

@@ -0,0 +1,170 @@
+import { Controller, Get } from 'routing-controllers';
+import { getMetadataArgsStorage } from 'routing-controllers';
+import { routingControllersToSpec } from 'routing-controllers-openapi';
+import { validationMetadatasToSchemas } from 'class-validator-jsonschema';
+import { ResponseSchema } from 'routing-controllers-openapi';
+import { IsBoolean } from 'class-validator';
+import { getMetrics, health } from '@takaro/util';
+import { OpenAPIObject } from 'openapi3-ts';
+import { PERMISSIONS } from '@takaro/auth';
+import { EventMapping } from '@takaro/modules';
+
+let spec: OpenAPIObject | undefined;
+
+export class HealthOutputDTO {
+  @IsBoolean()
+  healthy!: boolean;
+}
+@Controller()
+export class Meta {
+  @Get('/healthz')
+  @ResponseSchema(HealthOutputDTO)
+  async getHealth() {
+    return { healthy: true };
+  }
+
+  @Get('/readyz')
+  @ResponseSchema(HealthOutputDTO)
+  async getReadiness() {
+    const healthy = await health.check();
+    return { healthy };
+  }
+
+  @Get('/openapi.json')
+  async getOpenApi() {
+    if (spec) return spec;
+
+    const { getMetadataStorage } = await import('class-validator');
+    const classTransformerStorage = await import(
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore were doing an import of internal code and ts doesnt like that
+      // But this does work, trust me bro...
+      'class-transformer/cjs/storage.js'
+    );
+
+    const storage = getMetadataArgsStorage();
+    const schemas = validationMetadatasToSchemas({
+      refPointerPrefix: '#/components/schemas/',
+      classTransformerMetadataStorage: classTransformerStorage.defaultMetadataStorage,
+      classValidatorMetadataStorage: getMetadataStorage(),
+      forbidNonWhitelisted: true,
+    });
+
+    spec = routingControllersToSpec(
+      storage,
+      {},
+      {
+        components: {
+          schemas,
+          securitySchemes: {
+            adminAuth: {
+              description: 'Used for system administration, like creating or deleting domains',
+              type: 'http',
+              scheme: 'bearer',
+              bearerFormat: 'JWT',
+            },
+            domainAuth: {
+              description: 'Used for anything inside a domain. Players, GameServers, etc.',
+              type: 'apiKey',
+              in: 'cookie',
+              name: 'takaro-token',
+            },
+          },
+        },
+      }
+    );
+
+    // Add required permissions to operation descriptions
+
+    const requiredPermsRegex = /authMiddleware\((.+)\)/;
+
+    storage.uses.forEach((use) => {
+      const requiredPerms =
+        use.middleware.name
+          .match(requiredPermsRegex)?.[1]
+          .split(',')
+          .map((p) => `\`${p}\``)
+          .join(', ') || [];
+
+      const operationId = `${use.target.name}.${use.method}`;
+
+      if (!requiredPerms.length) return;
+
+      // Find the corresponding path and method in spec
+      Object.keys(spec?.paths ?? []).forEach((pathKey) => {
+        const pathItem = spec?.paths[pathKey];
+        Object.keys(pathItem).forEach((method) => {
+          const operation = pathItem[method];
+          if (operation.operationId === operationId) {
+            // Update the description with required permissions
+            operation.description = (operation.description || '') + ` Required permissions: ${requiredPerms}`;
+          }
+        });
+      });
+    });
+
+    if (spec.components?.schemas) {
+      spec.components.schemas.PERMISSIONS = {
+        enum: Object.values(PERMISSIONS),
+      };
+    }
+
+    // Force event meta to be the correct types
+    // TODO: figure out how to do this 'properly' with class-validator
+    const allEvents = Object.values(EventMapping).map((e) => e.name);
+
+    const eventOutputMetaSchema = spec.components?.schemas?.EventOutputDTO;
+    if (eventOutputMetaSchema && 'properties' in eventOutputMetaSchema && eventOutputMetaSchema.properties) {
+      eventOutputMetaSchema.properties.meta = {
+        oneOf: [...allEvents.map((e) => ({ $ref: `#/components/schemas/${e}` }))],
+      };
+    }
+
+    return spec;
+  }
+
+  @Get('/api.html')
+  getOpenApiHtml() {
+    return `<!DOCTYPE html>
+    <html>
+      <head>
+        <meta charset="utf-8" />
+        <script
+          type="module"
+          src="https://unpkg.com/rapidoc/dist/rapidoc-min.js"
+        ></script>
+      </head>
+      <body>
+        <rapi-doc
+          spec-url="/openapi.json"
+          render-style="read"
+          fill-request-fields-with-example="false"
+          persist-auth="true"
+
+          sort-tags="true"
+          sort-endpoints-by="method"
+
+          show-method-in-nav-bar="as-colored-block"
+          show-header="false"
+          allow-authentication="false"
+          allow-server-selection="false"
+
+          schema-style="table"
+          schema-expand-level="1"
+          default-schema-tab="schema"
+
+          primary-color="#664de5"
+          bg-color="#151515"
+          text-color="#c2c2c2"
+          header-color="#353535"
+        />
+      </body>
+    </html>
+    `;
+  }
+
+  @Get('/metrics')
+  getMetrics() {
+    return getMetrics();
+  }
+}

package/src/main.ts

@@ -0,0 +1,7 @@
+export { HTTP } from './app.js';
+
+export * from './middleware/metrics.js';
+export { createRateLimitMiddleware } from './middleware/rateLimit.js';
+export { adminAuthMiddleware } from './middleware/adminAuth.js';
+export { paginationMiddleware } from './middleware/paginationMiddleware.js';
+export { apiResponse, APIOutput } from './util/apiResponse.js';

package/src/middleware/__tests__/adminAuth.unit.test.ts

@@ -0,0 +1,65 @@
+import { HTTP } from '../../app.js';
+import supertest from 'supertest';
+import { expect } from '@takaro/test';
+import { ory } from '@takaro/auth';
+import { AdminClient } from '@takaro/apiclient';
+import { adminAuthMiddleware } from '../adminAuth.js';
+import { ErrorHandler } from '../errorHandler.js';
+import { Request, Response } from 'express';
+
+describe('adminAuth', () => {
+  let http: HTTP;
+  before(async () => {
+    http = new HTTP({}, { port: undefined });
+    http.expressInstance.use(
+      '/test',
+      adminAuthMiddleware,
+      (_req: Request, res: Response) => {
+        res.json({ ok: true });
+      },
+      ErrorHandler
+    );
+    await http.start();
+  });
+
+  after(async () => {
+    await http.stop();
+  });
+
+  it('Rejects requests with no credentials', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    const response = await supertest(http.expressInstance).get('/test');
+    expect(response.status).to.be.equal(401);
+  });
+
+  it('Rejects requests with invalid credentials', async () => {
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    const response = await supertest(http.expressInstance).get('/test').set('Authorization', 'Bearer foobar');
+    expect(response.status).to.be.equal(403);
+  });
+
+  it('Accepts requests with valid credentials', async () => {
+    const { clientId, clientSecret } = await ory.createOIDCClient();
+
+    const adminClient = new AdminClient({
+      url: 'http://localhost:3000',
+      auth: {
+        clientId,
+        clientSecret,
+      },
+      OAuth2URL: ory.OAuth2URL,
+    });
+
+    const token = await adminClient.getOidcToken();
+
+    const response = await supertest(http.expressInstance)
+      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+      // @ts-ignore
+      .get('/test')
+      .set('Authorization', `Bearer ${token.access_token}`);
+
+    expect(response.status).to.be.equal(200);
+  });
+});