@tiledesk/tiledesk-server 2.17.4 → 2.18.3

package/middleware/passport.js

@@ -81,13 +81,20 @@ winston.info('Authentication Oauth2 Signin enabled : ' + enableOauth2Signin);
 
 var jwthistory = undefined;
 try {
-    jwthistory = require('@tiledesk-ent/tiledesk-server-jwthistory');
-} catch (err) {
-    winston.debug("jwthistory not present");
+  jwthistory = require('@tiledesk-ent/tiledesk-server-jwthistory');
+} catch(err) {
+  winston.info("jwthistory not present", err);
 }
 
-module.exports = function (passport) {
+let JWT_HISTORY_ENABLED = false;
+if (process.env.JWT_HISTORY_ENABLED==true || process.env.JWT_HISTORY_ENABLED=="true") {
+  JWT_HISTORY_ENABLED = true;
+}
+winston.debug("JWT_HISTORY_ENABLED: " + JWT_HISTORY_ENABLED);
+
+
 
+module.exports = function(passport) {
     // passport.serializeUser(function(user, done) {
     //     console.log("serializeUser");
 
@@ -231,218 +238,212 @@ module.exports = function (passport) {
                 done(null, configSecret); //pub_jwt pp_jwt
             }
         }
-    }
+    };
 
 
-    winston.debug("passport opts: ", opts);
+  winston.debug("passport opts: ", opts);
 
-    passport.use(new JwtStrategy(opts, async (req, jwt_payload, done) => {
-        // passport.use(new JwtStrategy(opts, function(req, jwt_payload, done) {
-        winston.debug("jwt_payload", jwt_payload);
-        // console.log("req",req);
+  passport.use(new JwtStrategy(opts, async(req, jwt_payload, done)  => {
+  // passport.use(new JwtStrategy(opts, function(req, jwt_payload, done) {
+    winston.debug("jwt_payload",jwt_payload);
+    // console.log("req",req);
+    
 
+    // console.log("jwt_payload._doc._id",jwt_payload._doc._id);
 
-        // console.log("jwt_payload._doc._id",jwt_payload._doc._id);
 
+    if (jwt_payload._id == undefined  && (jwt_payload._doc == undefined || (jwt_payload._doc && jwt_payload._doc._id==undefined))) {
+      var err = "jwt_payload._id or jwt_payload._doc._id can t be undefined" ;
+      winston.error(err);
+      return done(null, false);
+    }
+                                                            //JWT OLD format
+     const identifier = jwt_payload._id || jwt_payload._doc._id;
+    
+    // const subject = jwt_payload.sub || jwt_payload._id || jwt_payload._doc._id;
+    winston.debug("passport identifier: " + identifier);
 
-        if (jwt_payload._id == undefined && (jwt_payload._doc == undefined || (jwt_payload._doc && jwt_payload._doc._id == undefined))) {
-            var err = "jwt_payload._id or jwt_payload._doc._id can t be undefined";
-            winston.error(err);
-            return done(null, false);
-        }
-        //JWT OLD format
-        const identifier = jwt_payload._id || jwt_payload._doc._id;
+    const subject = jwt_payload.sub;
+    winston.debug("passport subject: " + subject);
 
-        // const subject = jwt_payload.sub || jwt_payload._id || jwt_payload._doc._id;
-        winston.debug("passport identifier: " + identifier);
+    winston.debug("passport identifier: " + identifier + " subject " + subject);
 
-        const subject = jwt_payload.sub;
-        winston.debug("passport subject: " + subject);
+    var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
+    winston.debug("fullUrl:"+ fullUrl);
 
-        winston.debug("passport identifier: " + identifier + " subject " + subject);
+    winston.debug("req.disablePassportEntityCheck:"+req.disablePassportEntityCheck);
 
-        var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
-        winston.debug("fullUrl:" + fullUrl);
+    if (req && req.disablePassportEntityCheck) { //req can be null
+      // jwt_payload.id = jwt_payload._id; //often req.user.id is used inside code. req.user.id  is a mongoose getter of _id
+      // is better to rename req.user.id to req.user._id in all files
+      winston.debug("req.disablePassportEntityCheck enabled");
+      return done(null, jwt_payload);
+    }
+    winston.debug("jwthistory passport",jwthistory);
+
+    //TODO check into DB if JWT is revoked 
+    if (jwthistory && JWT_HISTORY_ENABLED==true) {
+      var jwtRevoked = await jwthistory.isJWTRevoked(jwt_payload.jti);
+      winston.debug("passport jwt jwtRevoked: "+ jwtRevoked);
+      if (jwtRevoked) {
+        winston.warn("passport jwt is revoked with jti: "+ jwt_payload.jti);
+        return done(null, false);
+      }
+    }
 
-        winston.debug("req.disablePassportEntityCheck:" + req.disablePassportEntityCheck);
+    if (subject == "bot") {
+      winston.debug("Passport JWT bot");
 
-        if (req && req.disablePassportEntityCheck) { //req can be null
-            // jwt_payload.id = jwt_payload._id; //often req.user.id is used inside code. req.user.id  is a mongoose getter of _id
-            // is better to rename req.user.id to req.user._id in all files
-            winston.debug("req.disablePassportEntityCheck enabled");
-            return done(null, jwt_payload);
-        }
+        let qbot = Faq_kb.findOne({_id: identifier}); //TODO add cache_bot_here
 
-        //TODO check into DB if JWT is revoked 
-        if (jwthistory) {
-            var jwtRevoked = await jwthistory.isJWTRevoked(jwt_payload.jti);
-            winston.debug("passport jwt jwtRevoked: " + jwtRevoked);
-            if (jwtRevoked) {
-                winston.warn("passport jwt is revoked with jti: " + jwt_payload.jti);
-                return done(null, false);
-            }
+          if (cacheEnabler.faq_kb) {
+            let id_project = jwt_payload.id_project;
+            winston.debug("jwt_payload.id_project:"+jwt_payload.id_project);
+            qbot.cache(cacheUtil.defaultTTL, id_project+":faq_kbs:id:"+identifier)
+            winston.debug('faq_kb cache enabled');
+          }
+  
+          qbot.exec(function(err, faq_kb) {
+
+          if (err) {
+            winston.error("Passport JWT bot err", err);
+            return done(err, false);
+          }
+          if (faq_kb) {
+            winston.debug("Passport JWT bot user", faq_kb);
+            return done(null, faq_kb);
+          } else {
+            winston.warn("Passport JWT bot not user");
+            return done(null, false);
+          }
+      });
+    // } else if (subject=="projects") {      
+
+    } else if (subject=="subscription") {
+    
+      Subscription.findOne({_id: identifier}, function(err, subscription) {
+        if (err) {
+          winston.error("Passport JWT subscription err", err);
+          return done(err, false);
+        }
+        if (subscription) {
+          winston.debug("Passport JWT subscription user", subscription);
+          return done(null, subscription);
+        } else {
+          winston.warn("Passport JWT subscription not user", subscription);
+          return done(null, false);
         }
+      });              
 
-        if (subject == "bot") {
-            winston.debug("Passport JWT bot");
+    } else if (subject=="userexternal") {
+    
+     
+        if (jwt_payload) {
 
-            let qbot = Faq_kb.findOne({_id: identifier}); //TODO add cache_bot_here
+          // const audUrl  = new URL(jwt_payload.aud);
+          // winston.info("audUrl: "+ audUrl );
 
-            if (cacheEnabler.faq_kb) {
-                let id_project = jwt_payload.id_project;
-                winston.debug("jwt_payload.id_project:" + jwt_payload.id_project);
-                qbot.cache(cacheUtil.defaultTTL, id_project + ":faq_kbs:id:" + identifier)
-                winston.debug('faq_kb cache enabled');
-            }
+          // const path = audUrl.pathname;
+          // winston.info("audUrl path: " + path );
+          
+          // const AudienceType = path.split("/")[1];
+          // winston.info("audUrl AudienceType: " + AudienceType );
 
-            qbot.exec(function (err, faq_kb) {
+          // const AudienceId = path.split("/")[2];
+          // winston.info("audUrl AudienceId: " + AudienceId );
 
-                if (err) {
-                    winston.error("Passport JWT bot err", err);
-                    return done(err, false);
-                }
-                if (faq_kb) {
-                    winston.debug("Passport JWT bot user", faq_kb);
-                    return done(null, faq_kb);
-                } else {
-                    winston.warn("Passport JWT bot not user");
-                    return done(null, false);
-                }
-            });
-            // } else if (subject=="projects") {      
+          // jwt_payload._id = AudienceId + "-" + jwt_payload._id;
+          
 
-        } else if (subject == "subscription") {
 
-            Subscription.findOne({_id: identifier}, function (err, subscription) {
-                if (err) {
-                    winston.error("Passport JWT subscription err", err);
-                    return done(err, false);
-                }
-                if (subscription) {
-                    winston.debug("Passport JWT subscription user", subscription);
-                    return done(null, subscription);
-                } else {
-                    winston.warn("Passport JWT subscription not user", subscription);
-                    return done(null, false);
-                }
-            });
+          winston.debug("Passport JWT userexternal", jwt_payload);
+          var userM = UserUtil.decorateUser(jwt_payload);
+          winston.debug("Passport JWT userexternal userM", userM);
 
-        } else if (subject == "userexternal") {
+          return done(null, userM );
+        }  else {
+          var err = {msg: "No jwt_payload passed. Its required"};
+          winston.error("Passport JWT userexternal err", err);
+          return done(err, false);
+        }                
 
+     } else if (subject=="guest") {
+    
+     
+        if (jwt_payload) {
+          winston.debug("Passport JWT guest", jwt_payload);
+          var userM = UserUtil.decorateUser(jwt_payload);
+          winston.debug("Passport JWT guest userM", userM);
+          return done(null, userM );
+        }  else {
+          var err = {msg: "No jwt_payload passed. Its required"};
+          winston.error("Passport JWT guest err", err);
+          return done(err, false);
+        }                   
+
+    } else {
+      winston.debug("Passport JWT generic user");
+      let quser = User.findOne({_id: identifier, status: 100})   //TODO user_cache_here
+        //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:id:"+identifier)
+
+        if (cacheEnabler.user) {
+          quser.cache(cacheUtil.defaultTTL, "users:id:"+identifier)
+          winston.debug('user cache enabled');
+        }
 
-            if (jwt_payload) {
+        quser.exec(function(err, user) {
+          if (err) {
+            winston.error("Passport JWT generic err ", err);
+            return done(err, false);
+          }
+          if (user) {
+            winston.debug("Passport JWT generic user ", user);
+            return done(null, user);
+          } else {
+            winston.debug("Passport JWT generic not user");
+            return done(null, false);
+          }
+      });
 
-                // const audUrl  = new URL(jwt_payload.aud);
-                // winston.info("audUrl: "+ audUrl );
+    }
+   
 
-                // const path = audUrl.pathname;
-                // winston.info("audUrl path: " + path );
 
-                // const AudienceType = path.split("/")[1];
-                // winston.info("audUrl AudienceType: " + AudienceType );
+  }));
 
-                // const AudienceId = path.split("/")[2];
-                // winston.info("audUrl AudienceId: " + AudienceId );
 
-                // jwt_payload._id = AudienceId + "-" + jwt_payload._id;
 
+  passport.use(new BasicStrategy(function(userid, password, done) {
+      
+      winston.debug("BasicStrategy: " + userid);
+      
 
-                winston.debug("Passport JWT userexternal", jwt_payload);
-                var userM = UserUtil.decorateUser(jwt_payload);
-                winston.debug("Passport JWT userexternal userM", userM);
+      var email = userid.toLowerCase();
+      winston.debug("email lowercase: " + email);
 
-                return done(null, userM);
-            } else {
-                var err = {msg: "No jwt_payload passed. Its required"};
-                winston.error("Passport JWT userexternal err", err);
-                return done(err, false);
-            }
-
-        } else if (subject == "guest") {
+      User.findOne({ email: email, status: 100}, 'email firstname lastname password emailverified id') //TODO user_cache_here. NOT used frequently. ma attento select. ATTENTO QUI NN USEREI LA SELECT altrimenti con JWT ho tuttto USER mentre con basich auth solo aluni campi
+      //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:email:"+email)
+      .exec(function (err, user) {
+       
+        if (err) {
+            // console.log("BasicStrategy err.stop");
+            return done(err); 
+        }
+        if (!user) { return done(null, false); }
+        
+        user.comparePassword(password, function (err, isMatch) {
+            if (isMatch && !err) {
 
+              // if user is found and password is right create a token
+              // console.log("BasicStrategy ok");
+              return done(null, user);
 
-            if (jwt_payload) {
-                winston.debug("Passport JWT guest", jwt_payload);
-                var userM = UserUtil.decorateUser(jwt_payload);
-                winston.debug("Passport JWT guest userM", userM);
-                return done(null, userM);
             } else {
-                var err = {msg: "No jwt_payload passed. Its required"};
-                winston.error("Passport JWT guest err", err);
-                return done(err, false);
+                return done(err);
             }
-
-        } else {
-            winston.debug("Passport JWT generic user");
-            let quser = User.findOne({_id: identifier, status: 100})   //TODO user_cache_here
-            //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:id:"+identifier)
-
-            if (cacheEnabler.user) {
-                quser.cache(cacheUtil.defaultTTL, "users:id:" + identifier)
-                winston.debug('user cache enabled');
-            }
-
-            quser.exec(function (err, user) {
-                if (err) {
-                    winston.error("Passport JWT generic err ", err);
-                    return done(err, false);
-                }
-                if (user) {
-                    winston.debug("Passport JWT generic user ", user);
-                    return done(null, user);
-                } else {
-                    winston.debug("Passport JWT generic not user");
-                    return done(null, false);
-                }
-            });
-
-        }
-
-
-    }));
-
-
-    passport.use(new BasicStrategy(function (userid, password, done) {
-
-        winston.debug("BasicStrategy: " + userid);
-
-
-        var email = userid.toLowerCase();
-        winston.debug("email lowercase: " + email);
-
-        User.findOne({
-            email: email,
-            status: 100
-        }, 'email firstname lastname password emailverified id') //TODO user_cache_here. NOT used frequently. ma attento select. ATTENTO QUI NN USEREI LA SELECT altrimenti con JWT ho tuttto USER mentre con basich auth solo aluni campi
-            //@DISABLED_CACHE .cache(cacheUtil.defaultTTL, "users:email:"+email)
-            .exec(function (err, user) {
-
-                if (err) {
-                    // console.log("BasicStrategy err.stop");
-                    return done(err);
-                }
-                if (!user) {
-                    return done(null, false);
-                }
-
-                user.comparePassword(password, function (err, isMatch) {
-                    if (isMatch && !err) {
-
-                        // if user is found and password is right create a token
-                        // console.log("BasicStrategy ok");
-                        return done(null, user);
-
-                    } else {
-                        return done(err);
-                    }
-                });
-
-
-                // if (user) { return done(null, user); }
-                // if (!user) { return done(null, false); }
-                // if (!user.verifyPassword(password)) { return done(null, false); }
-            });
-    }));
+        });
+      });
+  }));
 
 
     if (enableGoogleSignin == true) {

package/migrations/1757601159298-project_user_role_type.js

@@ -0,0 +1,104 @@
+var Project_user = require("../models/project_user");
+var winston = require('../config/winston');
+
+const BATCH_SIZE = 100;
+/** Log a progress line every this many bulkWrite rounds (plus always after the 1st). */
+const PROGRESS_LOG_EVERY_BATCHES = 10;
+
+/** Only documents that still need roleType (idempotent re-runs). */
+const WITHOUT_ROLE_TYPE = {
+  $or: [{ roleType: { $exists: false } }, { roleType: null }]
+};
+
+const AGENT_ROLES_FILTER = {
+  $and: [
+    {
+      $or: [
+        { role: 'agent' },
+        { role: 'supervisor' },
+        { role: 'admin' },
+        { role: 'owner' }
+      ]
+    },
+    WITHOUT_ROLE_TYPE
+  ]
+};
+
+const USER_ROLES_FILTER = {
+  $and: [{ $or: [{ role: 'user' }, { role: 'guest' }] }, WITHOUT_ROLE_TYPE]
+};
+
+async function batchSetRoleType(filter, roleType, phaseLabel) {
+  const totalMatching = await Project_user.countDocuments(filter);
+  const started = Date.now();
+  winston.info(
+    `[project_user_role_type] ${phaseLabel}: ${totalMatching} documents match filter; streaming _id + bulkWrite in chunks of ${BATCH_SIZE}`
+  );
+
+  let modified = 0;
+  let scanned = 0;
+  let bulkRounds = 0;
+  const cursor = Project_user.find(filter).select('_id').lean().cursor();
+  let batch = [];
+
+  function logProgress(reason) {
+    const elapsedSec = ((Date.now() - started) / 1000).toFixed(1);
+    winston.info(
+      `[project_user_role_type] ${phaseLabel} ${reason}: scanned=${scanned}/${totalMatching}, modifiedThisPhase=${modified}, ${elapsedSec}s elapsed`
+    );
+  }
+
+  for await (const doc of cursor) {
+    scanned++;
+    batch.push({
+      updateOne: {
+        filter: { _id: doc._id, ...WITHOUT_ROLE_TYPE },
+        update: { $set: { roleType } }
+      }
+    });
+    if (batch.length >= BATCH_SIZE) {
+      const result = await Project_user.bulkWrite(batch);
+      modified += result.modifiedCount;
+      batch = [];
+      bulkRounds++;
+      if (bulkRounds === 1 || bulkRounds % PROGRESS_LOG_EVERY_BATCHES === 0) {
+        logProgress(`progress (bulk round ${bulkRounds})`);
+      }
+    }
+  }
+  if (batch.length > 0) {
+    const result = await Project_user.bulkWrite(batch);
+    modified += result.modifiedCount;
+    bulkRounds++;
+    logProgress(`final partial batch (bulk round ${bulkRounds})`);
+  }
+
+  logProgress('phase complete');
+  return modified;
+}
+
+/**
+ * Make any changes you need to make to the database here
+ */
+async function up() {
+  try {
+    const agentsModified = await batchSetRoleType(AGENT_ROLES_FILTER, 1, 'agents roleType=1');
+    winston.info(`[project_user_role_type] Agents phase done: ${agentsModified} documents modified`);
+
+    const usersModified = await batchSetRoleType(USER_ROLES_FILTER, 2, 'users/guest roleType=2');
+    winston.info(`[project_user_role_type] Users/guest phase done: ${usersModified} documents modified`);
+  } catch (err) {
+    winston.error('[project_user_role_type] Error applying migration:', err);
+    throw err;
+  }
+}
+
+/**
+ * Make any changes that UNDO the up function side effects here (if possible)
+ */
+async function down() {
+  // Write migration here
+  // console.log("down*********");
+}
+
+module.exports = { up, down };

package/models/department.js

@@ -3,6 +3,8 @@ var Schema = mongoose.Schema;
 var routingConstants = require('../models/routingConstants');
 var winston = require('../config/winston');
 var TagSchema = require("../models/tag");
+var GroupMemberSchema = require("../models/groupMemberSchama");
+
 
 var DepartmentSchema = new Schema({
   id_bot: {
@@ -34,6 +36,7 @@ var DepartmentSchema = new Schema({
   id_group: {
     type: String,
   },
+  groups: [GroupMemberSchema],
   // used??
   online_msg: {
     type: String,

package/models/groupMemberSchama.js

@@ -0,0 +1,19 @@
+var mongoose = require('mongoose');
+var Schema = mongoose.Schema;
+var winston = require('../config/winston');
+
+var GroupMemberSchema = new Schema({
+  
+  group_id: {
+    type: String,
+    required: true
+  },  
+  percentage: {
+    type: Number,
+    required: true,
+  }
+}
+);
+
+
+module.exports = GroupMemberSchema;

package/models/kb_setting.js

@@ -1,7 +1,25 @@
 let mongoose = require('mongoose');
 let Schema = mongoose.Schema;
 let winston = require('../config/winston');
-let expireAfterSeconds = process.env.UNANSWERED_QUESTION_EXPIRATION_TIME || 7 * 24 * 60 * 60; // 7 days
+
+const DEFAULT_UNANSWERED_TTL_SEC = 7 * 24 * 60 * 60; // 7 days
+const DEFAULT_ANSWERED_TTL_SEC = 7 * 24 * 60 * 60; // 7 days
+
+function ttlSecondsFromEnv(raw, fallbackSec) {
+  if (raw == null || String(raw).trim() === '') return fallbackSec;
+  const n = Number(raw);
+  return Number.isFinite(n) && n >= 0 ? n : fallbackSec;
+}
+
+let expireAfterSeconds = ttlSecondsFromEnv(
+  process.env.UNANSWERED_QUESTION_EXPIRATION_TIME,
+  DEFAULT_UNANSWERED_TTL_SEC
+);
+let expireAnsweredAfterSeconds = ttlSecondsFromEnv(
+  process.env.ANSWERED_QUESTION_EXPIRATION_TIME,
+  DEFAULT_ANSWERED_TTL_SEC
+);
+
 
 const EngineSchema = new Schema({
   name: {
@@ -199,13 +217,63 @@ const UnansweredQuestionSchema = new Schema({
   question: {
     type: String,
     required: true
+  },
+  request_id: {
+    type: String,
+    required: false,
+  },
+  sender: {
+    type: String,
+    required: false,
   }
 },{
   timestamps: true
 });
 
-// Add TTL index to automatically delete documents after 30 days
-UnansweredQuestionSchema.index({ created_at: 1 }, { expireAfterSeconds: expireAfterSeconds }); // 30 days
+const AnsweredQuestionSchema = new Schema({
+  id_project: {
+    type: String,
+    required: true,
+    index: true
+  },
+  namespace: {
+    type: String,
+    required: true,
+    index: true
+  },
+  question: {
+    type: String,
+    required: true
+  },
+  answer: {
+    type: String,
+    required: true
+  },
+  tokens: {
+    type: Number,
+    required: false
+  },
+  request_id: {
+    type: String,
+    required: false
+  }
+}, {
+  timestamps: true
+});
+
+// Add TTL index to automatically delete documents
+UnansweredQuestionSchema.index({ createdAt: 1 }, { expireAfterSeconds: expireAfterSeconds }); 
+UnansweredQuestionSchema.index({ id_project: 1, namespace: 1, createdAt: -1 });
+UnansweredQuestionSchema.index({ question: "text" });
+
+AnsweredQuestionSchema.index({ createdAt: 1 }, { expireAfterSeconds: expireAnsweredAfterSeconds });
+AnsweredQuestionSchema.index({ id_project: 1, namespace: 1, createdAt: -1 });
+AnsweredQuestionSchema.index(
+  { question: "text", answer: "text" },
+  { weights: { question: 3, answer: 1 } }
+);
+
+
 
 // DEPRECATED !! - Start
 const KBSettingSchema = new Schema({
@@ -242,6 +310,7 @@ const Engine = mongoose.model('Engine', EngineSchema)
 const Namespace = mongoose.model('Namespace', NamespaceSchema)
 const KB = mongoose.model('KB', KBSchema)
 const UnansweredQuestion = mongoose.model('UnansweredQuestion', UnansweredQuestionSchema)
+const AnsweredQuestion = mongoose.model('AnsweredQuestion', AnsweredQuestionSchema)
 
 
 module.exports = {
@@ -249,5 +318,6 @@ module.exports = {
   Namespace: Namespace,
   Engine: Engine,
   KB: KB,
-  UnansweredQuestion: UnansweredQuestion
+  UnansweredQuestion: UnansweredQuestion,
+  AnsweredQuestion: AnsweredQuestion
 }

package/models/permissionConstants.js

@@ -0,0 +1,19 @@
+const OWNER_ROLE = [                                
+        ];
+
+const ADMIN_ROLE = [                               
+                "request_read_all"
+        ];
+const AGENT_ROLE= [
+                "request_read_group"
+        ];
+
+// console.log("ADMIN_ROLE", ADMIN_ROLE.concat(AGENT_ROLE));
+module.exports = {
+        "agent": AGENT_ROLE,
+        "admin": ADMIN_ROLE.concat(AGENT_ROLE),
+        "owner": OWNER_ROLE.concat(ADMIN_ROLE).concat(AGENT_ROLE) 
+
+}
+// const ADMIN_ROLE = Object.assign({}, ADMIN_ROLE, AGENT_ROLE)  
+// const ADMIN_ROLE = { ...ADMIN_ROLE, ...AGENT_ROLE }