@thzero/library_server_koa 0.15.32

package/README.md

@@ -0,0 +1,15 @@
+![GitHub package.json version](https://img.shields.io/github/package-json/v/thzero/library_server_koa)
+![David](https://img.shields.io/david/thzero/library_server_koa)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+# library_server_koa
+
+An opinionated library of common functionality to bootstrap a Koa based API application.
+
+### Installation
+
+[![NPM](https://nodei.co/npm/@thzero/library_server.png?compact=true)](https://npmjs.org/package/@thzero/library_server_koa)
+
+### Requirements
+
+#### library_server

package/boot/index.js

@@ -0,0 +1,182 @@
+import http from 'http';
+
+import Koa from 'koa';
+import koaCors from '@koa/cors';
+import koaHelmet from 'koa-helmet';
+import koaStatic from 'koa-static';
+
+import LibraryConstants from '@thzero/library_server/constants';
+import Utility from '@thzero/library_common/utility';
+
+import TokenExpiredError from '@thzero/library_server/errors/tokenExpired';
+
+import injector from '@thzero/library_common/utility/injector';
+
+import BootMain from '@thzero/library_server/boot';
+
+const ResponseTime = 'X-Response-Time';
+
+class KoaBootMain extends BootMain {
+	async _initApp(args, plugins) {
+		const app = new Koa();
+
+		// https://github.com/koajs/cors
+		app.use(koaCors({
+			allowMethods: 'GET,POST,DELETE',
+			maxAge : 7200,
+			allowHeaders: `${LibraryConstants.Headers.AuthKeys.API}, ${LibraryConstants.Headers.AuthKeys.AUTH}, ${LibraryConstants.Headers.CorrelationId}, Content-Type`,
+			credentials: true,
+			origin: '*'
+		}));
+		// https://www.npmjs.com/package/koa-helmet
+		app.use(koaHelmet());
+
+		// error
+		app.use(async (ctx, next) => {
+			try {
+				await next();
+			}
+			catch (err) {
+				ctx.status = err.status || 500;
+				if (err instanceof TokenExpiredError) {
+					ctx.status = 401;
+					ctx.response.header['WWW-Authenticate'] = 'Bearer error="invalid_token", error_description="The access token expired"'
+				}
+				ctx.app.emit('error', err, ctx);
+				await this.usageMetricsServiceI.register(ctx, err).catch(() => {
+					this.loggerServiceI.exception('KoaBootMain', 'start', err);
+				});
+			}
+		});
+
+		app.on('error', (err, ctx) => {
+			this.loggerServiceI.error('KoaBootMain', 'start', 'Uncaught Exception', err);
+		});
+
+		// config
+		app.use(async (ctx, next) => {
+			ctx.config = this._appConfig;
+			await next();
+		});
+
+		// correlationId
+		app.use(async (ctx, next) => {
+			ctx.correlationId = ctx.request.header[LibraryConstants.Headers.CorrelationId]
+			await next();
+		});
+
+		// logger
+		app.use(async (ctx, next) => {
+			await next();
+			const rt = ctx.response.get(ResponseTime);
+			this.loggerServiceI.info2(`${ctx.method} ${ctx.url} - ${rt}`);
+		});
+
+		// x-response-time
+		app.use(async (ctx, next) => {
+			const start = Utility.timerStart();
+			await next();
+			const delta = Utility.timerStop(start, true);
+			ctx.set(ResponseTime, delta);
+		});
+
+		app.use(koaStatic('./public'));
+
+		this._initPreAuth(app);
+
+		// auth-api-token
+		app.use(async (ctx, next) => {
+			if (ctx.originalUrl === '/favicon.ico') {
+				await next();
+				return;
+			}
+
+			const key = ctx.get(LibraryConstants.Headers.AuthKeys.API);
+			// this.loggerServiceI.debug('KoaBootMain', 'start', 'auth-api-token.key', key);
+			if (!String.isNullOrEmpty(key)) {
+				const auth = ctx.config.get('auth');
+				if (auth) {
+					const apiKey = auth.apiKey;
+					// this.loggerServiceI.debug('KoaBootMain', 'start', 'auth-api-token.apiKey', apiKey);
+					// this.loggerServiceI.debug('KoaBootMain', 'start', 'auth-api-token.key===apiKey', (key === apiKey));
+					if (key === apiKey) {
+						ctx.state.apiKey = key;
+						await next();
+						return;
+					}
+				}
+			}
+
+			(async () => {
+				const usageMetrics = {};
+				usageMetrics.url = ctx.request.path;
+				usageMetrics.correlationId = ctx.correlationId;
+				usageMetrics.href = ctx.request.href;
+				usageMetrics.headers = ctx.request.headers;
+				usageMetrics.host = ctx.request.host;
+				usageMetrics.hostname = ctx.request.hostname;
+				usageMetrics.querystring = ctx.request.querystring;
+				usageMetrics.type = ctx.request.type;
+				usageMetrics.token = ctx.request.token;
+				await this.usageMetricsServiceI.register(usageMetrics).catch((err) => {
+					this.loggerServiceI.error('KoaBootMain', 'start', 'usageMetrics', err);
+				});
+			})();
+
+			console.log('Unauthorized... auth-api-token failure');
+			ctx.throw(401);
+		});
+
+		this._initPostAuth(app);
+
+		// usage metrics
+		app.use(async (ctx, next) => {
+			await next();
+			await this.usageMetricsServiceI.register(ctx).catch((err) => {
+				this.loggerServiceI.error('KoaBootMain', 'start', 'usageMetrics', err);
+			});
+		});
+
+		this._routes = [];
+
+		this._initPreRoutes(app);
+
+		for (const pluginRoute of plugins)
+			await pluginRoute.initRoutes(this._routes);
+
+		await this._initRoutes();
+				
+		console.log();
+
+		for (const route of this._routes) {
+			await route.init(injector, app, this._appConfig);
+			app
+				.use(route.router.routes())
+				.use(route.router.allowedMethods());
+
+			console.log([ route.id ]);
+
+			for (let i = 0; i < route.router.stack.length; i++)
+				console.log([ route.router.stack[i].path, route.router.stack[i].methods ]);
+
+			console.log();
+		}
+
+		const serverHttp = http.createServer(app.callback());
+		return { app: app, server: serverHttp, listen: serverHttp.listen };
+    }
+
+	_initAppListen(app, server, port, err) {
+		server.listen(port, err);
+	}
+
+	async _initAppPost(app, args) {
+		this._initPostRoutes(app);
+	}
+
+	_initRoute(route) {
+		this._routes.push(route);
+	}
+}
+
+export default KoaBootMain;

package/boot/plugins/admin/news.js

@@ -0,0 +1,11 @@
+import BaseNewsAdminBootPlugin from '@thzero/library_server/boot/plugins/admin/news';
+
+import adminNewsRoute from '../../../routes/admin/news';
+
+class NewsAdminBootPlugin extends BaseNewsAdminBootPlugin {
+	_initRoutesAdminNews() {
+		return new adminNewsRoute();
+	}
+}
+
+export default NewsAdminBootPlugin;

package/boot/plugins/admin/users.js

@@ -0,0 +1,11 @@
+import BaseUsersAdminBootPlugin from '@thzero/library_server/boot/plugins/admin/users';
+
+import adminUsersRoute from '../../../routes/admin/users'
+
+class UsersAdminBootPlugin extends BaseUsersAdminBootPlugin {
+	_initRoutesAdminUsers() {
+		return new adminUsersRoute();
+	}
+}
+
+export default UsersAdminBootPlugin;

package/boot/plugins/api.js

@@ -0,0 +1,16 @@
+import BaseApiBootPlugin from '@thzero/library_server/boot/plugins/api';
+
+import homeRoute from '../../routes/home';
+import versionRoute from '../../routes/version';
+
+class ApiBootPlugin extends BaseApiBootPlugin {
+	_initRoutesHome() {
+		return new homeRoute();
+	}
+
+	_initRoutesVersion() {
+		return new versionRoute();
+	}
+}
+
+export default ApiBootPlugin;

package/boot/plugins/apiFront.js

@@ -0,0 +1,11 @@
+import BaseApiFrontBootPlugin from '@thzero/library_server/boot/plugins/apiFront';
+
+import utilityRoute from '../../routes/utility';
+
+class FrontApiBootPlugin extends BaseApiFrontBootPlugin {
+	_initRoutesUtility() {
+		return new utilityRoute();
+	}
+}
+
+export default FrontApiBootPlugin;

package/boot/plugins/news.js

@@ -0,0 +1,11 @@
+import BaseNewsApiBootPlugin from '@thzero/library_server/boot/plugins/news';
+
+import newsRoute from '../../routes/news';
+
+class NewsApiBootPlugin extends BaseNewsApiBootPlugin {
+	_initRoutesNews() {
+		return new newsRoute();
+	}
+}
+
+export default NewsApiBootPlugin;

package/boot/plugins/users.js

@@ -0,0 +1,11 @@
+import BaseUsersApiBootPlugin from '@thzero/library_server/boot/plugins/users';
+
+import usersRoute from '../../routes/users';
+
+class UsersApiBootPlugin extends BaseUsersApiBootPlugin {
+	_initRoutesUsers() {
+		return new usersRoute();
+	}
+}
+
+export default UsersApiBootPlugin;

package/boot/plugins/usersExtended.js

@@ -0,0 +1,11 @@
+import BaseExtendedUsersApiBootPlugin from '@thzero/library_server/boot/plugins/usersExtended';
+
+import plansService from '../../service/plans';
+
+class ExtendedUsersApiBootPlugin extends BaseExtendedUsersApiBootPlugin {
+	_initServicesPlans() {
+		return new plansService();
+	}
+}
+
+export default ExtendedUsersApiBootPlugin;

package/license.md

@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2020-2022 thZero.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/middleware/authentication.js

@@ -0,0 +1,78 @@
+import LibraryConstants from '@thzero/library_server/constants';
+import LibraryCommonServiceConstants from '@thzero/library_common_service/constants';
+
+import injector from '@thzero/library_common/utility/injector';
+
+const separator = ': ';
+
+function getAuthToken(context) {
+	if (!context)
+		return null;
+
+	const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
+	const token = context.get(LibraryConstants.Headers.AuthKeys.AUTH);
+	logger.debug('middleware', 'getAuthToken', 'token', token, context.correlationId);
+	const split = token.split(LibraryConstants.Headers.AuthKeys.AUTH_BEARER + separator);
+	logger.debug('middleware', 'getAuthToken', 'split', split, context.correlationId);
+	logger.debug('middleware', 'getAuthToken', 'split.length', split.length, context.correlationId);
+	if (split.length > 1)
+		return split[1];
+
+	logger.debug('middleware', 'getAuthToken', 'fail', null, context.correlationId);
+	return null;
+}
+
+const authentication = (required) => {
+	return async (ctx, next) => {
+		const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
+
+		const token = getAuthToken(ctx);
+		logger.debug('middleware', 'authentication', 'token', token, ctx.correlationId);
+		logger.debug('middleware', 'authentication', 'required', required, ctx.correlationId);
+		const valid = ((required && !String.isNullOrEmpty(token)) || !required);
+		logger.debug('middleware', 'authentication', 'valid', valid, ctx.correlationId);
+		if (valid) {
+			if (!String.isNullOrEmpty(token)) {
+				const service = injector.getService(LibraryConstants.InjectorKeys.SERVICE_AUTH);
+				const results = await service.verifyToken(ctx.correlationId, token);
+				logger.debug('middleware', 'authentication', 'results', results, ctx.correlationId);
+				if (!results || !results.success) {
+					logger.warn('middleware', 'authentication', 'Unauthenticated... invalid token', null, ctx.correlationId);
+					ctx.throw(401);
+					return;
+				}
+
+				ctx.state.token = token;
+				ctx.state.user = results.user;
+				ctx.state.claims = results.claims;
+			}
+
+			await next();
+			return;
+		}
+
+		(async () => {
+			const usageMetrics = {
+				url: ctx.request.path,
+				correlationId: ctx.correlationId,
+				href: ctx.request.href,
+				headers: ctx.request.headers,
+				host: ctx.request.host,
+				hostname: ctx.request.hostname,
+				querystring: ctx.request.querystring,
+				type: ctx.request.type,
+				token: ctx.request.token
+			};
+			const serviceUsageMetrics = injector.getService(LibraryConstants.InjectorKeys.SERVICE_USAGE_METRIC);
+			await serviceUsageMetrics.register(usageMetrics).catch((err) => {
+				const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
+				logger.error('middleware', 'authentication', err, null, ctx.correlationId);
+			});
+		})();
+
+		logger.warn('middleware', 'authentication', 'Unauthorized... authentication unknown', null, ctx.correlationId);
+		ctx.throw(401);
+	}
+}
+
+export default authentication;

package/middleware/authorization.js

@@ -0,0 +1,191 @@
+import LibraryConstants from '@thzero/library_server/constants';
+import LibraryCommonServiceConstants from '@thzero/library_common_service/constants';
+
+import injector from '@thzero/library_common/utility/injector';
+
+// require('../utility/string.cjs');
+String.isNullOrEmpty = function(value) {
+	//return !(typeof value === 'string' && value.length > 0)
+	return !value;
+}
+
+String.isString = function(value) {
+	return (typeof value === "string" || value instanceof String);
+}
+
+String.trim = function(value) {
+	if (!value || !String.isString(value))
+		return value;
+	return value.trim();
+}
+
+const logicalAnd = 'and';
+const logicalOr = 'or';
+
+const authorizationCheckClaims = async (ctx, success, logical, security, logger) => {
+	if (!ctx)
+		return false;
+	if (!(ctx.state.claims && Array.isArray(ctx.state.claims)))
+		return false;
+
+	let result;
+	let roleAct;
+	let roleObj;
+	let roleParts;
+	for (const claim of ctx.state.claims) {
+		logger.debug('middleware', 'authorization', 'authorization.claim', claim, ctx.correlationId);
+
+		for (const role of ctx.state.roles) {
+			logger.debug('middleware', 'authorization', 'role', role, ctx.correlationId);
+
+			roleParts = role.split('.');
+			if (roleParts && roleParts.length < 1)
+				success = false;
+
+			roleObj = roleParts[0];
+			roleAct = roleParts.length >= 2 ? roleParts[1] : null
+
+			result = await security.validate(claim, null, roleObj, roleAct);
+			logger.debug('middleware', 'authorization', 'result', result, ctx.correlationId);
+			if (logical === logicalOr)
+				success = success || result;
+			else
+				success = success && result;
+		}
+	}
+
+	return success;
+}
+
+const authorizationCheckRoles = async (ctx, success, logical, security, logger) => {
+	if (!ctx)
+		return false;
+
+	logger.debug('middleware', 'authorizationCheckRoles', 'user', ctx.state.user, ctx.correlationId);
+	if (!(ctx.state.user && ctx.state.user.roles && Array.isArray(ctx.state.user.roles)))
+		return false;
+
+	logger.debug('middleware', 'authorizationCheckRoles', 'logical', logical, ctx.correlationId);
+
+	let result;
+	let roleAct;
+	let roleObj;
+	let roleParts;
+	for (const userRole of ctx.state.user.roles) {
+		logger.debug('middleware', 'authorizationCheckRoles', 'userRole', userRole, ctx.correlationId);
+
+		for (const role of ctx.state.roles) {
+			logger.debug('middleware', 'authorizationCheckRoles', 'role', role, ctx.correlationId);
+
+			roleParts = role.split('.');
+			if (roleParts && roleParts.length < 1)
+				success = false;
+
+			roleObj = roleParts[0];
+			roleAct = roleParts.length >= 2 ? roleParts[1] : null
+
+			result = await security.validate(userRole, null, roleObj, roleAct);
+			logger.debug('middleware', 'authorizationCheckRoles', 'result', result, ctx.correlationId);
+			if (logical === logicalOr) {
+				if (result)
+					return result;
+
+				success = false;
+			}
+			else
+				success = success && result;
+		}
+	}
+
+	return success;
+}
+
+const initalizeRoles = (ctx, roles, logger) => {
+	if (Array.isArray(roles)) {
+		// logger.debug('middleware', 'initalizeRoles', 'roles1a', roles);
+		ctx.state.roles = roles;
+	}
+	else if ((typeof(roles) === 'string') || (roles instanceof String)) {
+		// logger.debug('middleware', 'initalizeRoles', 'roles1b', roles);
+		ctx.state.roles = roles.split(',');
+		ctx.state.roles.map(item => item ? item.trim() : item);
+	}
+}
+
+const authorization = (roles, logical) => {
+	if (String.isNullOrEmpty(logical) || (logical !== logicalAnd) || (logical !== logicalOr))
+		logical = logicalOr;
+
+	return async (ctx, next) => {
+		const config = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_CONFIG);
+		const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
+		const security = injector.getService(LibraryConstants.InjectorKeys.SERVICE_SECURITY);
+
+		// logger.debug('token', ctx.state.token);
+		logger.debug('middleware', 'authorization', 'user', ctx.state.user, ctx.correlationId);
+		logger.debug('middleware', 'authorization', 'claims', ctx.state.claims, ctx.correlationId);
+		logger.debug('middleware', 'authorization', 'roles1', roles, ctx.correlationId);
+		ctx.state.roles = [];
+		if (roles) {
+			// logger.debug('authorization.roles1', roles);
+			// logger.debug('authorization.roles1', (typeof roles));
+			// logger.debug('authorization.roles1', Array.isArray(roles));
+			// logger.debug('authorization.roles1', ((typeof(roles) === 'string') || (roles instanceof String)));
+			// if (Array.isArray(roles)) {
+			// 	// logger.debug('authorization.roles1a', roles);
+			// 	ctx.state.roles = roles;
+			// }
+			// else if ((typeof(roles) === 'string') || (roles instanceof String)) {
+			// 	// logger.debug('authorization.roles1b', roles);
+			// 	ctx.state.roles = roles.split(',');
+			// 	ctx.state.roles.map(item => item ? item.trim() : item);
+			// }
+			initalizeRoles(ctx, roles, logger);
+		}
+		logger.debug('middleware', 'authorization', 'roles2', ctx.state.roles, ctx.correlationId);
+
+		let success = false; //(logical === logicalOr ? false : true);
+		if (ctx.state.roles && Array.isArray(ctx.state.roles) && (ctx.state.roles.length > 0)) {
+			const auth = config.get('auth');
+			if (auth) {
+				logger.debug('middleware', 'authorization', 'auth.claims', auth.claims, ctx.correlationId);
+				logger.debug('middleware', 'authorization', 'auth.claims.check', auth.claims.check, ctx.correlationId);
+			}
+			if (auth && auth.claims && auth.claims.check)
+				success = await authorizationCheckClaims(ctx, (logical === logicalOr ? false : true), logical, security, logger);
+
+			if (!success)
+				success = await authorizationCheckRoles(ctx, (logical === logicalOr ? false : true), logical, security, logger);
+		}
+
+		logger.debug('middleware', 'authorization', 'success', null, ctx.state.success, ctx.correlationId);
+		if (success) {
+			await next();
+			return;
+		}
+
+		(async () => {
+			const serviceUsageMetrics = injector.getService(LibraryConstants.InjectorKeys.SERVICE_USAGE_METRIC);
+			const usageMetrics = {
+				url: ctx.request.path,
+				correlationId: ctx.correlationId,
+				href: ctx.request.href,
+				headers: ctx.request.headers,
+				host: ctx.request.host,
+				hostname: ctx.request.hostname,
+				querystring: ctx.request.querystring,
+				type: ctx.request.type,
+				token: ctx.request.token
+			};
+			await serviceUsageMetrics.register(usageMetrics).catch((err) => {
+				const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
+				logger.error(null, err);
+			});
+		})();
+
+		logger.warn('middleware', 'authorization', 'Unauthorized... authorization unknown', null, ctx.correlationId);
+		ctx.throw(401);
+	}
+}
+
+export default authorization;

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@thzero/library_server_koa",
+  "type": "module",
+  "version": "0.15.32",
+  "version_major": 0,
+  "version_minor": 15,
+  "version_patch": 32,
+  "version_date": "04/18/2022",
+  "description": "An opinionated library of common functionality to bootstrap a Koa based API application.",
+  "author": "thZero",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/thzero/library_server_koa.git"
+  },
+  "bugs": {
+    "url": "https://github.com/thzero/library_server_koa/issues"
+  },
+  "homepage": "https://github.com/thzero/library_server_koa#readme",
+  "engines": {
+    "node": ">=12.8.3"
+  },
+  "scripts": {
+    "cli-update": "./node_modules/.bin/library-cli --updateversion --pi",
+    "cli-update-w": ".\\node_modules\\.bin\\library-cli --updateversion --pi",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "dependencies": {
+    "@koa/cors": "^3.3.0",
+    "@koa/router": "^10.1.1",
+    "koa": "^2.13.4",
+    "koa-body": "^4.2.0",
+    "koa-helmet": "^6.1.0",
+    "koa-static": "^5.0.0"
+  },
+  "devDependencies": {
+    "@thzero/library_cli": "^0.15"
+  },
+  "peerDependencies": {
+    "@thzero/library_common": "^0.15",
+    "@thzero/library_common_service": "^0.15"
+  }
+}

package/routes/admin/index.js

@@ -0,0 +1,123 @@
+import koaBody from 'koa-body';
+
+import Utility from '@thzero/library_common/utility';
+
+import BaseRoute from '@thzero/library_server/routes/index';
+
+import authentication from '../../middleware/authentication';
+import authorization from '../../middleware/authorization';
+
+class AdminBaseRoute extends BaseRoute {
+	constructor(urlFragment, role, serviceKey) {
+		if (!urlFragment)
+			throw Error('Invalid url fragment');
+
+		super(`/admin/${urlFragment}`);
+
+		this._options = {
+			role: role,
+			serviceKey: serviceKey
+		}
+
+		// this._service = null;
+	}
+
+	async init(injector, config) {
+		const router = await super.init(injector, config);
+		router.service = injector.getService(this._options.serviceKey);
+		// this._service = injector.getService(this._options.serviceKey);
+	}
+
+	_allowsCreate() {
+		return true;
+	}
+
+	_allowsDelete() {
+		return true;
+	}
+
+	_allowsUpdate() {
+		return true;
+	}
+
+	_initializeRoutesCreate(router) {
+		const self = this;
+		router.post('/',
+			authentication(true),
+			authorization([ `${self._options.role}.create` ]),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(this._options.serviceKey);
+				// const response = (await router.service.create(ctx.correlationId, ctx.state.user, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.service.create(ctx.correlationId, ctx.state.user, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutesDelete(router) {
+		const self = this;
+		router.delete('/:id',
+			authentication(true),
+			authorization([ `${self._options.role}.delete` ]),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(this._options.serviceKey);
+				// const response = (await service.delete(ctx.correlationId, ctx.state.user, ctx.params.id)).check(ctx);
+				const response = (await ctx.router.service.delete(ctx.correlationId, ctx.state.user, ctx.params.id)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutesUpdate(router) {
+		const self = this;
+		router.post('/:id',
+			authentication(true),
+			authorization([ `${self._options.role}.update` ]),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(this._options.serviceKey);
+				// const response = (await service.update(ctx.correlationId, ctx.state.user, ctx.params.id, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.service.update(ctx.correlationId, ctx.state.user, ctx.params.id, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutes(router) {
+		if (this._allowsDelete)
+			this._initializeRoutesDelete(router);
+
+		router.post('/search',
+			authentication(true),
+			authorization([ `${this._options.role}.search` ]),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(this._options.serviceKey);
+				// const response = (await service.search(ctx.correlationId, ctx.state.user, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.service.search(ctx.correlationId, ctx.state.user, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+
+		if (this._allowsUpdate())
+			this._initializeRoutesUpdate(router);
+
+		if (this._allowsCreate())
+			this._initializeRoutesCreate(router);
+
+		return router;
+	}
+}
+
+export default AdminBaseRoute;

package/routes/admin/news.js

@@ -0,0 +1,22 @@
+import LibraryConstants from '@thzero/library_server/constants';
+
+import AdminRoute from './index'
+
+class NewsAdminRoute extends AdminRoute {
+	constructor(urlFragment, role, serviceKey) {
+		urlFragment = urlFragment ? urlFragment : 'news';
+		role = role ? role : 'news';
+		serviceKey = serviceKey ? serviceKey : LibraryConstants.InjectorKeys.SERVICE_ADMIN_NEWS;
+		super(urlFragment, role, serviceKey);
+	}
+
+	get id() {
+		return 'admin-news';
+	}
+
+	get _version() {
+		return 'v1';
+	}
+}
+
+export default NewsAdminRoute;

package/routes/admin/users.js

@@ -0,0 +1,26 @@
+import LibraryConstants from '@thzero/library_server/constants';
+
+import AdminRoute from './index'
+
+class UsersAdminRoute extends AdminRoute {
+	constructor(urlFragment, role, serviceKey) {
+		urlFragment = urlFragment ? urlFragment : 'users';
+		role = role ? role : 'users';
+		serviceKey = serviceKey ? serviceKey : LibraryConstants.InjectorKeys.SERVICE_ADMIN_USERS;
+		super(urlFragment, role, serviceKey);
+	}
+
+	get id() {
+		return 'admin-users';
+	}
+
+	_allowsCreate() {
+		return false;
+	}
+
+	get _version() {
+		return 'v1';
+	}
+}
+
+export default UsersAdminRoute;

package/routes/baseNews.js

@@ -0,0 +1,40 @@
+import LibraryConstants from '@thzero/library_server/constants';
+
+import Utility from '@thzero/library_common/utility';
+
+import BaseRoute from './index';
+
+import authentication from '../middleware/authentication';
+
+class BaseNewsRoute extends BaseRoute {
+	constructor(prefix, version) {
+		super(prefix ? prefix : '/news');
+
+		// this._serviceNews = null;
+	}
+
+	async init(injector, config) {
+		const router = await super.init(injector, app, config);
+		router.serviceNews = injector.getService(LibraryConstants.InjectorKeys.SERVICE_NEWS);
+		// this._serviceNews = injector.getService(LibraryConstants.InjectorKeys.SERVICE_NEWS);
+	}
+
+	get id() {
+		return 'news';
+	}
+
+	_initializeRoutes(router) {
+		router.get('/latest/:date',
+			authentication(false),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_NEWS);
+				// const response = (await service.latest(ctx.correlationId, ctx.state.user, parseInt(ctx.params.date))).check(ctx);
+				const response = (await ctx.router.serviceNews.latest(ctx.correlationId, ctx.state.user, parseInt(ctx.params.date))).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+}
+
+export default BaseNewsRoute;

package/routes/baseUsers.js

@@ -0,0 +1,123 @@
+import koaBody from 'koa-body';
+
+import LibraryConstants from '@thzero/library_server/constants';
+
+import Utility from '@thzero/library_common/utility';
+
+import BaseRoute from './index';
+
+import authentication from '../middleware/authentication';
+import authorization from '../middleware/authorization';
+
+class BaseUsersRoute extends BaseRoute {
+	constructor(prefix, version) {
+		super(prefix ? prefix : '/users');
+
+		// this._serviceUsers = null;
+	}
+
+	async init(injector, app, config) {
+		const router = await super.init(injector, app, config);
+		router.serviceUsers = injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+		// this._serviceUsers = injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+	}
+
+	get id() {
+		return 'users';
+	}
+
+	_initializeRoutes(router) {
+		this._initializeRoutesGamerById(router);
+		this._initializeRoutesGamerByTag(router);
+		this._initializeRoutesRefreshSettings(router);
+		this._initializeRoutesUpdate(router);
+		this._initializeRoutesUpdateSettings(router);
+	}
+
+	_initializeRoutesGamerById(router) {
+		return router.get('/gamerId/:gamerId',
+			authentication(false),
+			// authorization('user'),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+				// const response = (await service.fetchByGamerId(ctx.correlationId, ctx.params.gamerId)).check(ctx);
+				const response = (await ctx.router.serviceUsers.fetchByGamerId(ctx.correlationId, ctx.params.gamerId)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutesGamerByTag(router) {
+		return router.get('/gamerTag/:gamerTag',
+			authentication(false),
+			// authorization('user'),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+				// const response = (await service.fetchByGamerTag(ctx.correlationId, ctx.params.gamerTag)).check(ctx);
+				const response = (await ctx.router.serviceUsers.fetchByGamerTag(ctx.correlationId, ctx.params.gamerTag)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutesRefreshSettings(router) {
+		return router.post('/refresh/settings',
+			authentication(true),
+			authorization('user'),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+				// const response = (await service.refreshSettings(ctx.correlationId, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.serviceUsers.refreshSettings(ctx.correlationId, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutesUpdate(router) {
+		return router.post('/update',
+			authentication(true),
+			authorization('user'),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+				// const response = (await service.update(ctx.correlationId, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.serviceUsers.update(ctx.correlationId, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	_initializeRoutesUpdateSettings(router) {
+		return router.post('/update/settings',
+			authentication(true),
+			authorization('user'),
+			koaBody({
+				text: false,
+			}),
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
+				// const response = (await service.updateSettings(ctx.correlationId, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.serviceUsers.updateSettings(ctx.correlationId, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+}
+
+export default BaseUsersRoute;

package/routes/home.js

@@ -0,0 +1,28 @@
+import BaseRoute from './index';
+
+class HomeRoute extends BaseRoute {
+	constructor(prefix) {
+		super(prefix ? prefix : '');
+	}
+
+	get id() {
+		return 'home';
+	}
+
+	_initializeRoutes(router) {
+		// eslint-disable-next-line
+		router.get('/', (ctx, next) => {
+			ctx.status = 404;
+		});
+	}
+
+	get _ignoreApi() {
+		return true;
+	}
+
+	get _version() {
+		return '';
+	}
+}
+
+export default HomeRoute;

package/routes/index.js

@@ -0,0 +1,21 @@
+import koaRouter from '@koa/router';
+
+import BaseRoute from'@thzero/library_server/routes/index';
+
+class KoaBaseRoute extends BaseRoute {
+	_initializeRouter(app, config) {
+		return new koaRouter({
+			prefix: this._prefix
+		});
+	}
+
+	_jsonResponse(ctx, json) {
+		if (!ctx)
+			throw Error('Invalid context for response.');
+			
+		ctx.type = 'application/json; charset=utf-8';
+		ctx.body = json;
+	}
+}
+
+export default KoaBaseRoute;

package/routes/news.js

@@ -0,0 +1,6 @@
+import BaseNewsRoute from './baseNews';
+
+class NewsRoute extends BaseNewsRoute {
+}
+
+export default NewsRoute;

package/routes/plans.js

@@ -0,0 +1,41 @@
+import LibraryConstants from '.@thzero/library_server/constants';
+
+import Utility from '@thzero/library_common/utility';
+
+import BaseRoute from './index';
+
+class PlansRoute extends BaseRoute {
+	constructor(prefix) {
+		super(prefix ? prefix : '/plans');
+
+		// this._servicePlans = null;
+	}
+
+	async init(injector, app, config) {
+		const router = await super.init(injector, app, config);
+		router.servicePlans = injector.getService(LibraryConstants.InjectorKeys.SERVICE_PLANS);
+		// this._servicePlans = injector.getService(LibraryConstants.InjectorKeys.SERVICE_PLANS);
+	}
+
+	get id() {
+		return 'plans';
+	}
+
+	_initializeRoutes(router) {
+		router.get('/',
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_PLANS);
+				// const response = (await service.servicePlans.listing(ctx.correlationId)).check(ctx);
+				const response = (await ctx.router.servicePlans.listing(ctx.correlationId)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	get _version() {
+		return 'v1';
+	}
+}
+
+export default PlansRoute;

package/routes/users.js

@@ -0,0 +1,6 @@
+import BaseUsersRoute from './baseUsers';
+
+class UsersRoute extends BaseUsersRoute {
+}
+
+export default UsersRoute;

package/routes/utility.js

@@ -0,0 +1,51 @@
+import koaBody from 'koa-body';
+
+import LibraryConstants from '@thzero/library_server/constants';
+
+import Utility from '@thzero/library_common/utility';
+
+import BaseRoute from './index';
+
+import authentication from '../middleware/authentication';
+// import authorization from '../middleware/authorization';
+
+class UtilityRoute extends BaseRoute {
+	constructor(prefix) {
+		super(prefix ? prefix : '/utility');
+
+		// this._serviceUtility = null;
+	}
+
+	async init(injector, app, config) {
+		const router = await super.init(injector, app, config);
+		router.serviceUtility = injector.getService(LibraryConstants.InjectorKeys.SERVICE_UTILITY);
+		// this._serviceUtility = injector.getService(LibraryConstants.InjectorKeys.SERVICE_UTILITY);
+	}
+
+	get id() {
+		return 'utility';
+	}
+
+	_initializeRoutes(router) {
+		router.post('/logger',
+			authentication(false),
+			// authorization('utility'),
+			// eslint-disable-next-line,
+			koaBody({
+				text: false,
+			}),
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_UTILITY);
+				// const response = (await service.logger(ctx.correlationId, ctx.request.body)).check(ctx);
+				const response = (await ctx.router.serviceUtility.logger(ctx.correlationId, ctx.request.body)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	get _version() {
+		return 'v1';
+	}
+}
+
+export default UtilityRoute;

package/routes/version.js

@@ -0,0 +1,41 @@
+import LibraryConstants from '@thzero/library_server/constants';
+
+import Utility from '@thzero/library_common/utility';
+
+import BaseRoute from './index';
+
+class VersionRoute extends BaseRoute {
+	constructor(prefix) {
+		super(prefix ? prefix : '');
+
+		// this._serviceVersion = null;
+	}
+
+	async init(injector, app, config) {
+		const router = await super.init(injector, app, config);
+		router.serviceVersion = injector.getService(LibraryConstants.InjectorKeys.SERVICE_VERSION);
+		// this._serviceVersion = injector.getService(LibraryConstants.InjectorKeys.SERVICE_VERSION);
+	}
+
+	get id() {
+		return 'version';
+	}
+
+	_initializeRoutes(router) {
+		router.get('/version',
+			// eslint-disable-next-line
+			async (ctx, next) => {
+				// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_VERSION);
+				// const response = (await service.version(ctx.correlationId)).check(ctx);
+				const response = (await ctx.router.serviceVersion.version(ctx.correlationId)).check(ctx);
+				this._jsonResponse(ctx, Utility.stringify(response));
+			}
+		);
+	}
+
+	get _version() {
+		return 'v1';
+	}
+}
+
+export default VersionRoute;