@terreno/api 0.0.1

package/dist/errors.d.ts

@@ -0,0 +1,75 @@
+import type { NextFunction, Request, Response } from "express";
+import { Schema } from "mongoose";
+export interface APIErrorConstructor {
+    title: string;
+    fields?: {
+        [id: string]: string;
+    };
+    id?: string;
+    links?: {
+        about?: string;
+        type?: string;
+    } | undefined;
+    status?: number;
+    code?: string;
+    detail?: string;
+    source?: {
+        pointer?: string;
+        parameter?: string;
+        header?: string;
+    };
+    meta?: {
+        [id: string]: string;
+    };
+    error?: Error;
+    disableExternalErrorTracking?: boolean;
+}
+/**
+ * APIError is a simple way to throw an error in an API route and control what is shown and the
+ * HTTP code displayed. It follows the JSONAPI spec to standardize the fields,
+ * allowing the UI to show more consistent, better error messages.
+ *
+ * ```ts
+ *  throw new APIError({
+ *    title: "Only an admin can update that!",
+ *    status: 403,
+ *    code: "update-admin-error",
+ *    detail: "You must be an admin to change that field"
+ *  });
+ * ```
+ */
+export declare class APIError extends Error {
+    title: string;
+    id: string | undefined;
+    links: {
+        about?: string;
+        type?: string;
+    } | undefined;
+    status: number;
+    code: string | undefined;
+    detail: string | undefined;
+    source: {
+        pointer?: string;
+        parameter?: string;
+        header?: string;
+    } | undefined;
+    meta: {
+        [id: string]: any;
+    } | undefined;
+    error?: Error;
+    disableExternalErrorTracking?: boolean;
+    constructor(data: APIErrorConstructor);
+}
+export declare function errorsPlugin(schema: Schema): void;
+export declare function isAPIError(error: Error): error is APIError;
+/**
+ * Safely extracts the disableExternalErrorTracking property from an error.
+ * Works with both APIError instances and regular Error objects that may have
+ * this property attached.
+ */
+export declare function getDisableExternalErrorTracking(error: unknown): boolean | undefined;
+export declare function getAPIErrorBody(error: APIError): {
+    [id: string]: any;
+};
+export declare function apiUnauthorizedMiddleware(err: Error, _req: Request, res: Response, next: NextFunction): void;
+export declare function apiErrorMiddleware(err: Error, _req: Request, res: Response, next: NextFunction): void;

package/dist/errors.js

@@ -0,0 +1,216 @@
+"use strict";
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.APIError = void 0;
+exports.errorsPlugin = errorsPlugin;
+exports.isAPIError = isAPIError;
+exports.getDisableExternalErrorTracking = getDisableExternalErrorTracking;
+exports.getAPIErrorBody = getAPIErrorBody;
+exports.apiUnauthorizedMiddleware = apiUnauthorizedMiddleware;
+exports.apiErrorMiddleware = apiErrorMiddleware;
+// https://jsonapi.org/format/#errors
+var Sentry = __importStar(require("@sentry/node"));
+var mongoose_1 = require("mongoose");
+var logger_1 = require("./logger");
+/**
+ * APIError is a simple way to throw an error in an API route and control what is shown and the
+ * HTTP code displayed. It follows the JSONAPI spec to standardize the fields,
+ * allowing the UI to show more consistent, better error messages.
+ *
+ * ```ts
+ *  throw new APIError({
+ *    title: "Only an admin can update that!",
+ *    status: 403,
+ *    code: "update-admin-error",
+ *    detail: "You must be an admin to change that field"
+ *  });
+ * ```
+ */
+var APIError = /** @class */ (function (_super) {
+    __extends(APIError, _super);
+    function APIError(data) {
+        var _a, _b;
+        // Include details in when the error is printed to the console or sent to Sentry.
+        var _this = _super.call(this, "".concat(data.title).concat(data.detail ? ": ".concat(data.detail) : "").concat(data.error ? "\n".concat(data.error.stack) : "")) || this;
+        _this.name = "APIError";
+        var title = data.title, id = data.id, links = data.links, status = data.status, code = data.code, detail = data.detail, source = data.source, meta = data.meta, fields = data.fields, error = data.error;
+        if (!status) {
+            status = 500;
+        }
+        else if (status && (status < 400 || status > 599)) {
+            logger_1.logger.error("Invalid ApiError status code: ".concat(status, ", using 500"));
+            status = 500;
+        }
+        _this.status = status;
+        _this.title = title;
+        _this.id = id;
+        _this.links = links;
+        _this.code = code;
+        _this.detail = detail;
+        _this.source = source;
+        _this.meta = meta !== null && meta !== void 0 ? meta : {};
+        _this.disableExternalErrorTracking = data.disableExternalErrorTracking;
+        if (fields) {
+            _this.meta.fields = fields;
+        }
+        _this.error = error;
+        logger_1.logger.error("APIError(".concat(status, "): ").concat(title, " ").concat(detail ? detail : "").concat(((_a = data.error) === null || _a === void 0 ? void 0 : _a.stack) ? "\n".concat((_b = data.error) === null || _b === void 0 ? void 0 : _b.stack) : ""));
+        return _this;
+    }
+    return APIError;
+}(Error));
+exports.APIError = APIError;
+// This can be attached to any schema to store errors compatible with the JSONAPI spec.
+// Lazily initialize to avoid module loading order issues with Bun where mongoose
+// may not be fully initialized when this module loads.
+// Create an errors field for storing error information in a JSONAPI compatible form directly on a
+// model.
+function errorsPlugin(schema) {
+    var errorSchema = new mongoose_1.Schema({
+        code: String,
+        detail: String,
+        id: String,
+        links: {
+            about: String,
+            type: String,
+        },
+        meta: mongoose_1.Schema.Types.Mixed,
+        source: {
+            header: String,
+            parameter: String,
+            pointer: String,
+        },
+        status: Number,
+        title: { required: true, type: String },
+    });
+    schema.add({ apiErrors: errorSchema });
+}
+function isAPIError(error) {
+    return error.name === "APIError";
+}
+/**
+ * Safely extracts the disableExternalErrorTracking property from an error.
+ * Works with both APIError instances and regular Error objects that may have
+ * this property attached.
+ */
+function getDisableExternalErrorTracking(error) {
+    if (error instanceof Error) {
+        if (isAPIError(error)) {
+            return error.disableExternalErrorTracking;
+        }
+    }
+    if (error && typeof error === "object" && "disableExternalErrorTracking" in error) {
+        return error.disableExternalErrorTracking;
+    }
+    return undefined;
+}
+// Creates an APIError body to send to clients as JSON. Errors don't have a toJSON defined,
+// and we want to strip out things like message, name, and stack for the client.
+// There is almost certainly a more elegant solution to this.
+function getAPIErrorBody(error) {
+    var e_1, _a;
+    var errorData = { status: error.status, title: error.title };
+    try {
+        for (var _b = __values([
+            "id",
+            "links",
+            "status",
+            "code",
+            "detail",
+            "source",
+            "meta",
+            "disableExternalErrorTracking",
+        ]), _c = _b.next(); !_c.done; _c = _b.next()) {
+            var key = _c.value;
+            if (error[key]) {
+                errorData[key] = error[key];
+            }
+        }
+    }
+    catch (e_1_1) { e_1 = { error: e_1_1 }; }
+    finally {
+        try {
+            if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
+        }
+        finally { if (e_1) throw e_1.error; }
+    }
+    return errorData;
+}
+function apiUnauthorizedMiddleware(err, _req, res, next) {
+    if (err.message === "Unauthorized") {
+        // not using the actual APIError class here because we don't want to log it as an error.
+        res.status(401).json({ status: 401, title: "Unauthorized" }).send();
+    }
+    else {
+        next(err);
+    }
+}
+function apiErrorMiddleware(err, _req, res, next) {
+    if (isAPIError(err)) {
+        if (!err.disableExternalErrorTracking) {
+            Sentry.captureException(err);
+        }
+        res.status(err.status).json(getAPIErrorBody(err)).send();
+    }
+    else {
+        next(err);
+    }
+}

package/dist/example.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/example.js

@@ -0,0 +1,118 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = __importDefault(require("express"));
+var mongoose_1 = __importStar(require("mongoose"));
+var passport_local_mongoose_1 = __importDefault(require("passport-local-mongoose"));
+var api_1 = require("./api");
+var auth_1 = require("./auth");
+var expressServer_1 = require("./expressServer");
+var logger_1 = require("./logger");
+var permissions_1 = require("./permissions");
+var plugins_1 = require("./plugins");
+mongoose_1.default
+    .connect("mongodb://localhost:27017/example")
+    .then(function () {
+    logger_1.logger.debug("Connected to mongo");
+})
+    .catch(function (err) {
+    logger_1.logger.error("Error connecting to mongo ".concat(err));
+});
+var userSchema = new mongoose_1.Schema({
+    admin: { default: false, type: Boolean },
+    username: String,
+});
+userSchema.plugin(passport_local_mongoose_1.default, { usernameField: "email" });
+userSchema.plugin(plugins_1.createdUpdatedPlugin);
+userSchema.plugin(plugins_1.baseUserPlugin);
+var UserModel = (0, mongoose_1.model)("User", userSchema);
+var schema = new mongoose_1.Schema({
+    calories: Number,
+    created: Date,
+    hidden: { default: false, type: Boolean },
+    name: String,
+    ownerId: { ref: "User", type: "ObjectId" },
+});
+var FoodModel = (0, mongoose_1.model)("Food", schema);
+function getBaseServer() {
+    var app = (0, express_1.default)();
+    app.all("/*", function (req, res, next) {
+        res.header("Access-Control-Allow-Origin", "*");
+        res.header("Access-Control-Allow-Headers", "*");
+        // intercepts OPTIONS method
+        if (req.method === "OPTIONS") {
+            res.send(200);
+        }
+        else {
+            next();
+        }
+    });
+    app.use(express_1.default.json());
+    (0, auth_1.setupAuth)(app, UserModel);
+    (0, auth_1.addAuthRoutes)(app, UserModel);
+    function addRoutes(router, options) {
+        router.use("/food", (0, api_1.modelRouter)(FoodModel, __assign(__assign({}, options), { openApiOverwrite: {
+                get: { responses: { 200: { description: "Get all the food" } } },
+            }, permissions: {
+                create: [permissions_1.Permissions.IsAuthenticated],
+                delete: [permissions_1.Permissions.IsAdmin],
+                list: [permissions_1.Permissions.IsAny],
+                read: [permissions_1.Permissions.IsAny],
+                update: [permissions_1.Permissions.IsOwner],
+            }, queryFields: ["name", "calories", "created", "ownerId", "hidden"] })));
+    }
+    return (0, expressServer_1.setupServer)({
+        addRoutes: addRoutes,
+        loggingOptions: {
+            level: "debug",
+        },
+        userModel: UserModel,
+    });
+}
+getBaseServer();

package/dist/expressServer.d.ts

@@ -0,0 +1,35 @@
+import * as Sentry from "@sentry/node";
+import express, { type Router } from "express";
+import type jwt from "jsonwebtoken";
+import type { modelRouterOptions } from "./api";
+import { type UserModel as UserMongooseModel } from "./auth";
+import { type LoggingOptions } from "./logger";
+export declare function setupEnvironment(): void;
+export type AddRoutes = (router: Router, options?: Partial<modelRouterOptions<any>>) => void;
+export declare function logRequests(req: any, res: any, next: any): void;
+export declare function createRouter(rootPath: string, addRoutes: AddRoutes, middleware?: any[]): any[];
+export declare function createRouterWithAuth(rootPath: string, addRoutes: (router: Router) => void, middleware?: any[]): any[];
+export interface AuthOptions {
+    generateJWTPayload?: (user: any) => Record<string, any>;
+    generateTokenExpiration?: (user: any) => number | jwt.SignOptions["expiresIn"];
+    generateRefreshTokenExpiration?: (user: any) => number | jwt.SignOptions["expiresIn"];
+}
+export interface SetupServerOptions {
+    userModel: UserMongooseModel;
+    addRoutes: AddRoutes;
+    loggingOptions?: LoggingOptions;
+    authOptions?: AuthOptions;
+    skipListen?: boolean;
+    corsOrigin?: string | boolean | RegExp | Array<boolean | string | RegExp> | ((requestOrigin: string | undefined, callback: (err: Error | null, origin?: boolean | string | RegExp | Array<boolean | string | RegExp>) => void) => void);
+    addMiddleware?: AddRoutes;
+    ignoreTraces?: string[];
+    sentryOptions?: Sentry.NodeOptions;
+}
+export declare function setupServer(options: SetupServerOptions): express.Application;
+export declare function cronjob(name: string, schedule: "hourly" | "minutely" | string, callback: () => void): void;
+export interface WrapScriptOptions {
+    onFinish?: (result?: any) => void | Promise<void>;
+    terminateTimeout?: number;
+    slackChannel?: string;
+}
+export declare function wrapScript(func: () => Promise<any>, options?: WrapScriptOptions): Promise<void>;