@universis/janitor 1.9.0 → 1.11.0

package/dist/index.esm.js

@@ -3,6 +3,7 @@ import { ApplicationService, TraceUtils, ConfigurationStrategy, Args, HttpForbid
 import { rateLimit } from 'express-rate-limit';
 import express from 'express';
 import path from 'path';
+import { BehaviorSubject } from 'rxjs';
 import slowDown from 'express-slow-down';
 import { RedisStore } from 'rate-limit-redis';
 import { Redis } from 'ioredis';
@@ -10,6 +11,8 @@ import '@themost/promise-sequence';
 import url, { URL } from 'url';
 import { Request } from 'superagent';
 import jwt from 'jsonwebtoken';
+import BearerStrategy from 'passport-http-bearer';
+import passport from 'passport';
 
 class RateLimitService extends ApplicationService {
   /**
@@ -17,87 +20,71 @@ class RateLimitService extends ApplicationService {
    */
   constructor(app) {
     super(app);
-    app.serviceRouter.subscribe((serviceRouter) => {
-      if (serviceRouter == null) {
+
+    // get proxy address forwarding option
+    const proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
+    this.proxyAddressForwarding = typeof proxyAddressForwarding !== 'boolean' ? false : proxyAddressForwarding;
+
+    /**
+     * @type {BehaviorSubject<{ target: RateLimitService }>}
+     */
+    this.loaded = new BehaviorSubject(null);
+
+    const serviceContainer = this.getServiceContainer();
+    if (serviceContainer == null) {
+      TraceUtils.warn(`${this.getServiceName()} is being started but the parent router seems to be unavailable.`);
+      return;
+    }
+    serviceContainer.subscribe((router) => {
+      if (router == null) {
         return;
       }
       try {
-        const addRouter = express.Router();
-        let serviceConfiguration = app.getConfiguration().getSourceAt('settings/universis/janitor/rateLimit') || {
-          profiles: [],
-          paths: []
-        };
-        if (serviceConfiguration.extends) {
-          // get additional configuration
-          const configurationPath = app.getConfiguration().getConfigurationPath();
-          const extendsPath = path.resolve(configurationPath, serviceConfiguration.extends);
-          TraceUtils.log(`@universis/janitor#RateLimitService will try to extend service configuration from ${extendsPath}`);
-          serviceConfiguration = require(extendsPath);
-        }
-        const pathsArray = serviceConfiguration.paths || [];
-        const profilesArray = serviceConfiguration.profiles || [];
+        // set router for further processing
+        Object.defineProperty(this, 'router', {
+          value: express.Router(),
+          writable: false,
+          enumerable: false,
+          configurable: true
+        });
+        const serviceConfiguration = this.getServiceConfiguration();
         // create maps
-        const paths = new Map(pathsArray);
-        const profiles = new Map(profilesArray);
+        const paths = serviceConfiguration.paths;
         if (paths.size === 0) {
-          TraceUtils.warn('@universis/janitor#RateLimitService is being started but the collection of paths is empty.');
-        }
-        // get proxy address forwarding option
-        let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
-        if (typeof proxyAddressForwarding !== 'boolean') {
-          proxyAddressForwarding = false;
+          TraceUtils.warn(`${this.getServiceName()} is being started but the collection of paths is empty.`);
         }
         paths.forEach((value, path) => {
-          let profile;
-          // get profile
-          if (value.profile) {
-            profile = profiles.get(value.profile);
-          } else {
-            // or options defined inline
-            profile = value;
-          }
-          if (profile != null) {
-            const rateLimitOptions = Object.assign({
-              windowMs: 5 * 60 * 1000, // 5 minutes
-              limit: 50, // 50 requests
-              legacyHeaders: true // send headers
-            }, profile, {
-              keyGenerator: (req) => {
-                let remoteAddress;
-                if (proxyAddressForwarding) {
-                  // get proxy headers or remote address
-                  remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
-                } else {
-                  // get remote address
-                  remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
-                }
-                return `${path}:${remoteAddress}`;
-              }
+          this.set(path, value);
+        });
+        if (router.stack) {
+          router.stack.unshift.apply(router.stack, this.router.stack);
+        } else {
+          // use router
+          router.use(this.router);
+          // get router stack (use a workaround for express 4.x)
+          const stack = router._router && router._router.stack;
+          if (Array.isArray(stack)) {
+            // stage #1 find logger middleware (for supporting request logging)
+            let index = stack.findIndex((item) => {
+              return item.name === 'logger';
             });
-            if (typeof rateLimitOptions.store === 'string') {
-              // load store
-              const store = rateLimitOptions.store.split('#');
-              let StoreClass;
-              if (store.length === 2) {
-                const storeModule = require(store[0]);
-                if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
-                  StoreClass = storeModule[store[1]];
-                  rateLimitOptions.store = new StoreClass(this, rateLimitOptions);
-                } else {
-                  throw new Error(`${store} cannot be found or is inaccessible`);
-                }
-              } else {
-                StoreClass = require(store[0]);
-                // create store
-                rateLimitOptions.store = new StoreClass(this, rateLimitOptions);
-              }
+            if (index === -1) {
+              // stage #2 find expressInit middleware
+              index = stack.findIndex((item) => {
+                return item.name === 'expressInit';
+              });
             }
-            addRouter.use(path, rateLimit(rateLimitOptions));
+            // if found, move the last middleware to be after expressInit
+            if (index > -1) {
+              // move the last middleware to be after expressInit
+              stack.splice(index + 1, 0, stack.pop());
+            }
+          } else {
+            TraceUtils.warn(`${this.getServiceName()} is being started but the container stack is not available.`);
           }
-        });
-        if (addRouter.stack.length) {
-          serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);
         }
+        // notify that the service is loaded
+        this.loaded.next({ target: this });
       } catch (err) {
         TraceUtils.error('An error occurred while validating rate limit configuration.');
         TraceUtils.error(err);
@@ -106,106 +93,218 @@ class RateLimitService extends ApplicationService {
     });
   }
 
+  /**
+   * Returns the service router that is used to register rate limit middleware.
+   * @returns {import('rxjs').BehaviorSubject<import('express').Router | import('express').Application>} The service router.
+   */
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().serviceRouter;
+  }
+
+  /**
+   * Returns the service name.
+   * @returns {string} The service name.
+   */
+  getServiceName() {
+    return '@universis/janitor#RateLimitService';
+  }
+  /**
+   * Returns the service configuration.
+   * @returns {{extends?: string, profiles?: Array, paths?: Array}} The service configuration.
+   */
+  getServiceConfiguration() {
+    if (this.serviceConfiguration) {
+      return this.serviceConfiguration;
+    }
+    let serviceConfiguration = {
+      profiles: [],
+      paths: []
+    };
+    // get service configuration
+    const serviceConfigurationSource = this.getApplication().getConfiguration().getSourceAt('settings/universis/janitor/rateLimit');
+    if (serviceConfigurationSource) {
+      if (typeof serviceConfigurationSource.extends === 'string') {
+        // get additional configuration
+        const configurationPath = this.getApplication().getConfiguration().getConfigurationPath();
+        const extendsPath = path.resolve(configurationPath, serviceConfigurationSource.extends);
+        TraceUtils.log(`${this.getServiceName()} will try to extend service configuration using ${extendsPath}`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, require(extendsPath));
+      } else {
+        TraceUtils.log(`${this.getServiceName()} will use service configuration from settings/universis/janitor/rateLimit`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, serviceConfigurationSource);
+      }
+    }
+    const pathsArray = serviceConfiguration.paths || [];
+    const profilesArray = serviceConfiguration.profiles || [];
+    // create maps
+    serviceConfiguration.paths = new Map(pathsArray);
+    serviceConfiguration.profiles = new Map(profilesArray);
+    // set service configuration
+    Object.defineProperty(this, 'serviceConfiguration', {
+      value: serviceConfiguration,
+      writable: false,
+      enumerable: false,
+      configurable: true
+    });
+    return this.serviceConfiguration;
+  }
+
+  /**
+   * Sets the rate limit configuration for a specific path.
+   * @param {string} path 
+   * @param {{ profile: string } | import('express-rate-limit').Options} options 
+   * @returns {RateLimitService} The service instance for chaining.
+   */
+  set(path, options) {
+    let opts;
+    // get profile
+    if (options.profile) {
+      opts = this.serviceConfiguration.profiles.get(options.profile);
+    } else {
+      // or options defined inline
+      opts = options;
+    }
+    /**
+     * @type { import('express-rate-limit').Options }
+     */
+    const rateLimitOptions = Object.assign({
+      windowMs: 5 * 60 * 1000, // 5 minutes
+      limit: 50, // 50 requests
+      legacyHeaders: true // send headers
+    }, opts, {
+      keyGenerator: (req) => {
+        let remoteAddress;
+        if (this.proxyAddressForwarding) {
+          // get proxy headers or remote address
+          remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
+        } else {
+          // get remote address
+          remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
+        }
+        return `${path}:${remoteAddress}`;
+      }
+    });
+    if (typeof rateLimitOptions.store === 'undefined') {
+      const StoreClass = this.getStoreType();
+      if (typeof StoreClass === 'function') {
+        rateLimitOptions.store = new StoreClass(this, rateLimitOptions);
+      }
+    }
+    this.router.use(path, rateLimit(rateLimitOptions));
+    return this;
+  }
+
+  /**
+   * @returns {function} The type of store used for rate limiting.
+   */
+  getStoreType() {
+    const serviceConfiguration = this.getServiceConfiguration();
+    if (typeof serviceConfiguration.storeType !== 'string') {
+      return;
+    }
+    let StoreClass;
+    const store = serviceConfiguration.storeType.split('#');
+    if (store.length === 2) {
+      const storeModule = require(store[0]);
+      if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
+        StoreClass = storeModule[store[1]];
+        return StoreClass;
+      } else {
+        throw new Error(`${store} cannot be found or is inaccessible`);
+      }
+    } else {
+      StoreClass = require(store[0]);
+      return StoreClass;
+    }
+  }
+
+  /**
+   * Unsets the rate limit configuration for a specific path.
+   * @param {string} path 
+   * @returns {RateLimitService} The service instance for chaining.
+   */
+  unset(path) {
+    const index = this.router.stack.findIndex((layer) => {
+      return layer.route && layer.route.path === path;
+    });
+    if (index !== -1) {
+      this.router.stack.splice(index, 1);
+    }
+    return this;
+  }
+
 }
 
 class SpeedLimitService extends ApplicationService {
   constructor(app) {
     super(app);
 
-    app.serviceRouter.subscribe((serviceRouter) => {
-      if (serviceRouter == null) {
+    // get proxy address forwarding option
+    const proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
+    this.proxyAddressForwarding = typeof proxyAddressForwarding !== 'boolean' ? false : proxyAddressForwarding;
+
+    /**
+     * @type {BehaviorSubject<{ target: SpeedLimitService }>}
+     */
+    this.loaded = new BehaviorSubject(null);
+
+    const serviceContainer = this.getServiceContainer();
+    if (serviceContainer == null) {
+      TraceUtils.warn(`${this.getServiceName()} is being started but the parent router seems to be unavailable.`);
+      return;
+    }
+
+    serviceContainer.subscribe((router) => {
+      if (router == null) {
         return;
       }
       try {
-        const addRouter = express.Router();
-        let serviceConfiguration = app.getConfiguration().getSourceAt('settings/universis/janitor/speedLimit') || {
-          profiles: [],
-          paths: []
-        };
-        if (serviceConfiguration.extends) {
-          // get additional configuration
-          const configurationPath = app.getConfiguration().getConfigurationPath();
-          const extendsPath = path.resolve(configurationPath, serviceConfiguration.extends);
-          TraceUtils.log(`@universis/janitor#SpeedLimitService will try to extend service configuration from ${extendsPath}`);
-          serviceConfiguration = require(extendsPath);
-        }
-        const pathsArray = serviceConfiguration.paths || [];
-        const profilesArray = serviceConfiguration.profiles || [];
+        // set router for further processing
+        Object.defineProperty(this, 'router', {
+          value: express.Router(),
+          writable: false,
+          enumerable: false,
+          configurable: true
+        });
+        const serviceConfiguration = this.getServiceConfiguration();
         // create maps
-        const paths = new Map(pathsArray);
-        const profiles = new Map(profilesArray);
+        const paths = serviceConfiguration.paths;
         if (paths.size === 0) {
-          TraceUtils.warn('@universis/janitor#SpeedLimitService is being started but the collection of paths is empty.');
-        }
-        // get proxy address forwarding option
-        let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
-        if (typeof proxyAddressForwarding !== 'boolean') {
-          proxyAddressForwarding = false;
+          TraceUtils.warn(`${this.getServiceName()} is being started but the collection of paths is empty.`);
         }
         paths.forEach((value, path) => {
-          let profile;
-          // get profile
-          if (value.profile) {
-            profile = profiles.get(value.profile);
-          } else {
-            // or options defined inline
-            profile = value;
-          }
-          if (profile != null) {
-            const slowDownOptions = Object.assign({
-              windowMs: 5 * 60 * 1000, // 5 minutes
-              delayAfter: 20, // 20 requests
-              delayMs: 500, // 500 ms
-              maxDelayMs: 10000 // 10 seconds
-            }, profile, {
-              keyGenerator: (req) => {
-                let remoteAddress;
-                if (proxyAddressForwarding) {
-                  // get proxy headers or remote address
-                  remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
-                } else {
-                  // get remote address
-                  remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
-                }
-                return `${path}:${remoteAddress}`;
-              }
+          this.set(path, value);
+        });
+        if (router.stack) {
+          router.stack.unshift.apply(router.stack, this.router.stack);
+        } else {
+          // use router
+          router.use(this.router);
+          // get router stack (use a workaround for express 4.x)
+          const stack = router._router && router._router.stack;
+          if (Array.isArray(stack)) {
+            // stage #1 find logger middleware (for supporting request logging)
+            let index = stack.findIndex((item) => {
+              return item.name === 'logger';
             });
-            if (Array.isArray(slowDownOptions.randomDelayMs)) {
-              slowDownOptions.delayMs = () => {
-                const delayMs = Math.floor(Math.random() * (slowDownOptions.randomDelayMs[1] - slowDownOptions.randomDelayMs[0] + 1) + slowDownOptions.randomDelayMs[0]);
-                return delayMs;
-              };
-            }
-            if (Array.isArray(slowDownOptions.randomMaxDelayMs)) {
-              slowDownOptions.maxDelayMs = () => {
-                const maxDelayMs = Math.floor(Math.random() * (slowDownOptions.randomMaxDelayMs[1] - slowDownOptions.randomMaxDelayMs[0] + 1) + slowDownOptions.randomMaxDelayMs[0]);
-                return maxDelayMs;
-              };
-            }
-            if (typeof slowDownOptions.store === 'string') {
-              // load store
-              const store = slowDownOptions.store.split('#');
-              let StoreClass;
-              if (store.length === 2) {
-                const storeModule = require(store[0]);
-                if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
-                  StoreClass = storeModule[store[1]];
-                  slowDownOptions.store = new StoreClass(this, slowDownOptions);
-                } else {
-                  throw new Error(`${store} cannot be found or is inaccessible`);
-                }
-              } else {
-                StoreClass = require(store[0]);
-                // create store
-                slowDownOptions.store = new StoreClass(this, slowDownOptions);
-              }
+            if (index === -1) {
+              // stage #2 find expressInit middleware
+              index = stack.findIndex((item) => {
+                return item.name === 'expressInit';
+              });
             }
-            addRouter.use(path, slowDown(slowDownOptions));
+          } else {
+            TraceUtils.warn(`${this.getServiceName()} is being started but the container stack is not available.`);
           }
-        });
-        if (addRouter.stack.length) {
-          serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);
         }
+        // notify that the service is loaded
+        this.loaded.next({ target: this });
       } catch (err) {
         TraceUtils.error('An error occurred while validating speed limit configuration.');
         TraceUtils.error(err);
@@ -214,6 +313,163 @@ class SpeedLimitService extends ApplicationService {
     });
   }
 
+  /**
+   * @returns {function} The type of store used for rate limiting.
+   */
+  getStoreType() {
+    const serviceConfiguration = this.getServiceConfiguration();
+    if (typeof serviceConfiguration.storeType !== 'string') {
+      return;
+    }
+    let StoreClass;
+    const store = serviceConfiguration.storeType.split('#');
+    if (store.length === 2) {
+      const storeModule = require(store[0]);
+      if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
+        StoreClass = storeModule[store[1]];
+        return StoreClass;
+      } else {
+        throw new Error(`${store} cannot be found or is inaccessible`);
+      }
+    } else {
+      StoreClass = require(store[0]);
+      return StoreClass;
+    }
+  }
+
+  /**
+   * Returns the service name.
+   * @returns {string} The service name.
+   */
+  getServiceName() {
+    return '@universis/janitor#SpeedLimitService';
+  }
+
+  /**
+  * Returns the service router that is used to register speed limit middleware.
+  * @returns {import('express').Router | import('express').Application} The service router.
+  */
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().serviceRouter;
+  }
+
+  /**
+   * Sets the speed limit configuration for a specific path.
+   * @param {string} path 
+   * @param {{ profile: string } | import('express-slow-down').Options} options 
+   * @returns {SpeedLimitService} The service instance for chaining.
+   */
+  set(path, options) {
+    let opts;
+    // get profile
+    if (options.profile) {
+      opts = this.serviceConfiguration.profiles.get(options.profile);
+    } else {
+      // or options defined inline
+      opts = options;
+    }
+    const slowDownOptions = Object.assign({
+      windowMs: 5 * 60 * 1000, // 5 minutes
+      delayAfter: 20, // 20 requests
+      delayMs: 500, // 500 ms
+      maxDelayMs: 10000 // 10 seconds
+    }, opts, {
+      keyGenerator: (req) => {
+        let remoteAddress;
+        if (this.proxyAddressForwarding) {
+          // get proxy headers or remote address
+          remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
+        } else {
+          // get remote address
+          remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
+        }
+        return `${path}:${remoteAddress}`;
+      }
+    });
+    if (Array.isArray(slowDownOptions.randomDelayMs)) {
+      slowDownOptions.delayMs = () => {
+        const delayMs = Math.floor(Math.random() * (slowDownOptions.randomDelayMs[1] - slowDownOptions.randomDelayMs[0] + 1) + slowDownOptions.randomDelayMs[0]);
+        return delayMs;
+      };
+    }
+    if (Array.isArray(slowDownOptions.randomMaxDelayMs)) {
+      slowDownOptions.maxDelayMs = () => {
+        const maxDelayMs = Math.floor(Math.random() * (slowDownOptions.randomMaxDelayMs[1] - slowDownOptions.randomMaxDelayMs[0] + 1) + slowDownOptions.randomMaxDelayMs[0]);
+        return maxDelayMs;
+      };
+    }
+    if (typeof slowDownOptions.store === 'undefined') {
+      const StoreClass = this.getStoreType();
+      if (typeof StoreClass === 'function') {
+        slowDownOptions.store = new StoreClass(this, slowDownOptions);
+      }
+    }
+    this.router.use(path, slowDown(slowDownOptions));
+    return this;
+  }
+
+
+  /**
+   * Unsets the speed limit configuration for a specific path.
+   * @param {string} path 
+   * @return {SpeedLimitService} The service instance for chaining.
+   */
+  unset(path) {
+    const index = this.router.stack.findIndex((layer) => {
+      return layer.route && layer.route.path === path;
+    });
+    if (index !== -1) {
+      this.router.stack.splice(index, 1);
+    }
+    return this;
+  }
+
+  /**
+   * 
+   * @returns {{extends?: string, profiles?: Array, paths?: Array}} The service configuration.
+   */
+  getServiceConfiguration() {
+    if (this.serviceConfiguration) {
+      return this.serviceConfiguration;
+    }
+    let serviceConfiguration = {
+      profiles: [],
+      paths: []
+    };
+    // get service configuration
+    const serviceConfigurationSource = this.getApplication().getConfiguration().getSourceAt('settings/universis/janitor/speedLimit');
+    if (serviceConfigurationSource) {
+      if (typeof serviceConfigurationSource.extends === 'string') {
+        // get additional configuration
+        const configurationPath = this.getApplication().getConfiguration().getConfigurationPath();
+        const extendsPath = path.resolve(configurationPath, serviceConfigurationSource.extends);
+        TraceUtils.log(`${this.getServiceName()} will try to extend service configuration using ${extendsPath}`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, require(extendsPath));
+      } else {
+        TraceUtils.log(`${this.getServiceName()} will use service configuration from settings/universis/janitor/speedLimit`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, serviceConfigurationSource);
+      }
+    }
+    const profilesArray = serviceConfiguration.profiles || [];
+    serviceConfiguration.profiles = new Map(profilesArray);
+    const pathsArray = serviceConfiguration.paths || [];
+    serviceConfiguration.paths = new Map(pathsArray);
+
+    Object.defineProperty(this, 'serviceConfiguration', {
+      value: serviceConfiguration,
+      writable: false,
+      enumerable: false,
+      configurable: true
+    });
+    return this.serviceConfiguration;
+  }
+
 }
 
 function _defineProperty(e, r, t) {
@@ -892,5 +1148,186 @@ class RemoteAddressValidator extends ApplicationService {
 
 }
 
-export { DefaultScopeAccessConfiguration, EnableScopeAccessConfiguration, ExtendScopeAccessConfiguration, HttpRemoteAddrForbiddenError, OAuth2ClientService, RateLimitService, RedisClientStore, RemoteAddressValidator, ScopeAccessConfiguration, ScopeString, SpeedLimitService, validateScope };
+class AppRateLimitService extends RateLimitService {
+  /**
+   * 
+   * @param {import('@themost/common').ApplicationBase} app 
+   */
+  constructor(app) {
+    super(app);
+  }
+
+  getServiceName() {
+    return '@universis/janitor#AppRateLimitService';
+  }
+
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().container;
+  }
+}
+
+class AppSpeedLimitService extends SpeedLimitService {
+  /**
+   * 
+   * @param {import('@themost/common').ApplicationBase} app 
+   */
+  constructor(app) {
+    super(app);
+  }
+
+  getServiceName() {
+    return '@universis/janitor#AppSpeedLimitService';
+  }
+
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().container;
+  }
+}
+
+class HttpBearerTokenRequired extends HttpError {
+  constructor() {
+    super(499, 'A token is required to fulfill the request.');
+    this.code = 'E_TOKEN_REQUIRED';
+    this.title = 'Token Required';
+  }
+}
+
+class HttpBearerTokenNotFound extends HttpError {
+  constructor() {
+    super(498, 'Token was not found.');
+    this.code = 'E_TOKEN_NOT_FOUND';
+    this.title = 'Invalid token';
+  }
+}
+
+class HttpBearerTokenExpired extends HttpError {
+  constructor() {
+    super(498, 'Token was expired or is in invalid state.');
+    this.code = 'E_TOKEN_EXPIRED';
+    this.title = 'Invalid token';
+  }
+}
+
+class HttpAccountDisabled extends HttpForbiddenError {
+  constructor() {
+    super('Access is denied. User account is disabled.');
+    this.code = 'E_ACCOUNT_DISABLED';
+    this.statusCode = 403.2;
+    this.title = 'Disabled account';
+  }
+}
+
+class HttpBearerStrategy extends BearerStrategy {
+  constructor() {
+    super({
+      passReqToCallback: true
+    },
+    /**
+     * @param {Request} req
+     * @param {string} token
+     * @param {Function} done
+     */
+    function (req, token, done) {
+      /**
+       * Gets OAuth2 client services
+       * @type {import('./OAuth2ClientService').OAuth2ClientService}
+       */
+      let client = req.context.getApplication().getStrategy(function OAuth2ClientService() {});
+      // if client cannot be found
+      if (client == null) {
+        // throw configuration error
+        return done(new Error('Invalid application configuration. OAuth2 client service cannot be found.'));
+      }
+      if (token == null) {
+        // throw 499 Token Required error
+        return done(new HttpBearerTokenRequired());
+      }
+      // get token info
+      client.getTokenInfo(req.context, token).then((info) => {
+        if (info == null) {
+          // the specified token cannot be found - 498 invalid token with specific code
+          return done(new HttpBearerTokenNotFound());
+        }
+        // if the given token is not active throw token expired - 498 invalid token with specific code
+        if (!info.active) {
+          return done(new HttpBearerTokenExpired());
+        }
+        // find user from token info
+        return function () {
+          /**
+           * @type {import('./services/user-provisioning-mapper-service').UserProvisioningMapperService}
+           */
+          const mapper = req.context.getApplication().getService(function UserProvisioningMapperService() {});
+          if (mapper == null) {
+            return req.context.model('User').where('name').equal(info.username).silent().getItem();
+          }
+          return mapper.getUser(req.context, info);
+        }().then((user) => {
+          // check if userProvisioning service is installed and try to find related user only if user not found
+          if (user == null) {
+            /**
+             * @type {import('./services/user-provisioning-service').UserProvisioningService}
+             */
+            const service = req.context.getApplication().getService(function UserProvisioningService() {});
+            if (service == null) {
+              return user;
+            }
+            return service.validateUser(req.context, info);
+          }
+          return user;
+        }).then((user) => {
+          // user cannot be found and of course cannot be authenticated (throw forbidden error)
+          if (user == null) {
+            // write access log for forbidden
+            return done(new HttpForbiddenError());
+          }
+          // check if user has enabled attribute
+          if (Object.prototype.hasOwnProperty.call(user, 'enabled') && !user.enabled) {
+            //if user.enabled is off throw forbidden error
+            return done(new HttpAccountDisabled('Access is denied. User account is disabled.'));
+          }
+          // otherwise return user data
+          return done(null, {
+            'name': user.name,
+            'authenticationProviderKey': user.id,
+            'authenticationType': 'Bearer',
+            'authenticationToken': token,
+            'authenticationScope': info.scope
+          });
+        });
+      }).catch((err) => {
+        // end log token info request with error
+        if (err && err.statusCode === 404) {
+          // revert 404 not found returned by auth server to 498 invalid token
+          return done(new HttpBearerTokenNotFound());
+        }
+        // otherwise continue with error
+        return done(err);
+      });
+    });
+  }
+}
+
+class PassportService extends ApplicationService {
+  constructor(app) {
+    super(app);
+    const authenticator = new passport.Authenticator();
+    Object.defineProperty(this, 'authenticator', {
+      configurable: true,
+      enumerable: false,
+      writable: false,
+      value: authenticator
+    });
+  }
+
+  /**
+   * @returns {import('passport').Authenticator}
+   */
+  getInstance() {
+    return this.authenticator;
+  }
+
+}
+
+export { AppRateLimitService, AppSpeedLimitService, DefaultScopeAccessConfiguration, EnableScopeAccessConfiguration, ExtendScopeAccessConfiguration, HttpAccountDisabled, HttpBearerStrategy, HttpBearerTokenExpired, HttpBearerTokenNotFound, HttpBearerTokenRequired, HttpRemoteAddrForbiddenError, OAuth2ClientService, PassportService, RateLimitService, RedisClientStore, RemoteAddressValidator, ScopeAccessConfiguration, ScopeString, SpeedLimitService, validateScope };
 //# sourceMappingURL=index.esm.js.map