npm - @universis/janitor - Versions diffs - 1.9.0 → 1.11.0 - Mend

@universis/janitor 1.9.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +106 -0
package/dist/index.d.ts +176 -5
package/dist/index.esm.js +591 -154
package/dist/index.esm.js.map +1 -1
package/dist/index.js +598 -153
package/dist/index.js.map +1 -1
package/package.json +6 -3
package/public/schemas/v1/rate-limit-service.json +4 -4
package/public/schemas/v1/speed-limit-service.json +4 -4
package/src/AppRateLimitService.d.ts +5 -0
package/src/AppRateLimitService.js +21 -0
package/src/AppSpeedLimitService.d.ts +5 -0
package/src/AppSpeedLimitService.js +21 -0
package/src/HttpBearerStategy.js +1 -1
package/src/PassportService.d.ts +6 -0
package/src/PassportService.js +27 -0
package/src/RateLimitService.d.ts +20 -1
package/src/RateLimitService.js +201 -70
package/src/SpeedLimitService.d.ts +20 -2
package/src/SpeedLimitService.js +207 -83
package/src/index.d.ts +4 -0
package/src/index.js +4 -0

package/dist/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ var common = require('@themost/common');
 var expressRateLimit = require('express-rate-limit');
 var express = require('express');
 var path = require('path');
+var rxjs = require('rxjs');
 var slowDown = require('express-slow-down');
 var rateLimitRedis = require('rate-limit-redis');
 var ioredis = require('ioredis');
@@ -12,6 +13,8 @@ require('@themost/promise-sequence');
 var url = require('url');
 var superagent = require('superagent');
 var jwt = require('jsonwebtoken');
+var BearerStrategy = require('passport-http-bearer');
+var passport = require('passport');
 class RateLimitService extends common.ApplicationService {
   /**
@@ -19,87 +22,71 @@ class RateLimitService extends common.ApplicationService {
    */
   constructor(app) {
     super(app);
-    app.serviceRouter.subscribe((serviceRouter) => {
-      if (serviceRouter == null) {
+    // get proxy address forwarding option
+    const proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
+    this.proxyAddressForwarding = typeof proxyAddressForwarding !== 'boolean' ? false : proxyAddressForwarding;
+    /**
+     * @type {BehaviorSubject<{ target: RateLimitService }>}
+     */
+    this.loaded = new rxjs.BehaviorSubject(null);
+    const serviceContainer = this.getServiceContainer();
+    if (serviceContainer == null) {
+      common.TraceUtils.warn(`${this.getServiceName()} is being started but the parent router seems to be unavailable.`);
+      return;
+    }
+    serviceContainer.subscribe((router) => {
+      if (router == null) {
         return;
       }
       try {
-        const addRouter = express.Router();
-        let serviceConfiguration = app.getConfiguration().getSourceAt('settings/universis/janitor/rateLimit') || {
-          profiles: [],
-          paths: []
-        };
-        if (serviceConfiguration.extends) {
-          // get additional configuration
-          const configurationPath = app.getConfiguration().getConfigurationPath();
-          const extendsPath = path.resolve(configurationPath, serviceConfiguration.extends);
-          common.TraceUtils.log(`@universis/janitor#RateLimitService will try to extend service configuration from ${extendsPath}`);
-          serviceConfiguration = require(extendsPath);
-        }
-        const pathsArray = serviceConfiguration.paths || [];
-        const profilesArray = serviceConfiguration.profiles || [];
+        // set router for further processing
+        Object.defineProperty(this, 'router', {
+          value: express.Router(),
+          writable: false,
+          enumerable: false,
+          configurable: true
+        });
+        const serviceConfiguration = this.getServiceConfiguration();
         // create maps
-        const paths = new Map(pathsArray);
-        const profiles = new Map(profilesArray);
+        const paths = serviceConfiguration.paths;
         if (paths.size === 0) {
-          common.TraceUtils.warn('@universis/janitor#RateLimitService is being started but the collection of paths is empty.');
-        }
-        // get proxy address forwarding option
-        let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
-        if (typeof proxyAddressForwarding !== 'boolean') {
-          proxyAddressForwarding = false;
+          common.TraceUtils.warn(`${this.getServiceName()} is being started but the collection of paths is empty.`);
         }
         paths.forEach((value, path) => {
-          let profile;
-          // get profile
-          if (value.profile) {
-            profile = profiles.get(value.profile);
-          } else {
-            // or options defined inline
-            profile = value;
-          }
-          if (profile != null) {
-            const rateLimitOptions = Object.assign({
-              windowMs: 5 * 60 * 1000, // 5 minutes
-              limit: 50, // 50 requests
-              legacyHeaders: true // send headers
-            }, profile, {
-              keyGenerator: (req) => {
-                let remoteAddress;
-                if (proxyAddressForwarding) {
-                  // get proxy headers or remote address
-                  remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
-                } else {
-                  // get remote address
-                  remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
-                }
-                return `${path}:${remoteAddress}`;
-              }
+          this.set(path, value);
+        });
+        if (router.stack) {
+          router.stack.unshift.apply(router.stack, this.router.stack);
+        } else {
+          // use router
+          router.use(this.router);
+          // get router stack (use a workaround for express 4.x)
+          const stack = router._router && router._router.stack;
+          if (Array.isArray(stack)) {
+            // stage #1 find logger middleware (for supporting request logging)
+            let index = stack.findIndex((item) => {
+              return item.name === 'logger';
             });
-            if (typeof rateLimitOptions.store === 'string') {
-              // load store
-              const store = rateLimitOptions.store.split('#');
-              let StoreClass;
-              if (store.length === 2) {
-                const storeModule = require(store[0]);
-                if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
-                  StoreClass = storeModule[store[1]];
-                  rateLimitOptions.store = new StoreClass(this, rateLimitOptions);
-                } else {
-                  throw new Error(`${store} cannot be found or is inaccessible`);
-                }
-              } else {
-                StoreClass = require(store[0]);
-                // create store
-                rateLimitOptions.store = new StoreClass(this, rateLimitOptions);
-              }
+            if (index === -1) {
+              // stage #2 find expressInit middleware
+              index = stack.findIndex((item) => {
+                return item.name === 'expressInit';
+              });
             }
-            addRouter.use(path, expressRateLimit.rateLimit(rateLimitOptions));
+            // if found, move the last middleware to be after expressInit
+            if (index > -1) {
+              // move the last middleware to be after expressInit
+              stack.splice(index + 1, 0, stack.pop());
+            }
+          } else {
+            common.TraceUtils.warn(`${this.getServiceName()} is being started but the container stack is not available.`);
           }
-        });
-        if (addRouter.stack.length) {
-          serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);
         }
+        // notify that the service is loaded
+        this.loaded.next({ target: this });
       } catch (err) {
         common.TraceUtils.error('An error occurred while validating rate limit configuration.');
         common.TraceUtils.error(err);
@@ -108,106 +95,218 @@ class RateLimitService extends common.ApplicationService {
     });
   }
+  /**
+   * Returns the service router that is used to register rate limit middleware.
+   * @returns {import('rxjs').BehaviorSubject<import('express').Router | import('express').Application>} The service router.
+   */
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().serviceRouter;
+  }
+  /**
+   * Returns the service name.
+   * @returns {string} The service name.
+   */
+  getServiceName() {
+    return '@universis/janitor#RateLimitService';
+  }
+  /**
+   * Returns the service configuration.
+   * @returns {{extends?: string, profiles?: Array, paths?: Array}} The service configuration.
+   */
+  getServiceConfiguration() {
+    if (this.serviceConfiguration) {
+      return this.serviceConfiguration;
+    }
+    let serviceConfiguration = {
+      profiles: [],
+      paths: []
+    };
+    // get service configuration
+    const serviceConfigurationSource = this.getApplication().getConfiguration().getSourceAt('settings/universis/janitor/rateLimit');
+    if (serviceConfigurationSource) {
+      if (typeof serviceConfigurationSource.extends === 'string') {
+        // get additional configuration
+        const configurationPath = this.getApplication().getConfiguration().getConfigurationPath();
+        const extendsPath = path.resolve(configurationPath, serviceConfigurationSource.extends);
+        common.TraceUtils.log(`${this.getServiceName()} will try to extend service configuration using ${extendsPath}`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, require(extendsPath));
+      } else {
+        common.TraceUtils.log(`${this.getServiceName()} will use service configuration from settings/universis/janitor/rateLimit`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, serviceConfigurationSource);
+      }
+    }
+    const pathsArray = serviceConfiguration.paths || [];
+    const profilesArray = serviceConfiguration.profiles || [];
+    // create maps
+    serviceConfiguration.paths = new Map(pathsArray);
+    serviceConfiguration.profiles = new Map(profilesArray);
+    // set service configuration
+    Object.defineProperty(this, 'serviceConfiguration', {
+      value: serviceConfiguration,
+      writable: false,
+      enumerable: false,
+      configurable: true
+    });
+    return this.serviceConfiguration;
+  }
+  /**
+   * Sets the rate limit configuration for a specific path.
+   * @param {string} path
+   * @param {{ profile: string } | import('express-rate-limit').Options} options
+   * @returns {RateLimitService} The service instance for chaining.
+   */
+  set(path, options) {
+    let opts;
+    // get profile
+    if (options.profile) {
+      opts = this.serviceConfiguration.profiles.get(options.profile);
+    } else {
+      // or options defined inline
+      opts = options;
+    }
+    /**
+     * @type { import('express-rate-limit').Options }
+     */
+    const rateLimitOptions = Object.assign({
+      windowMs: 5 * 60 * 1000, // 5 minutes
+      limit: 50, // 50 requests
+      legacyHeaders: true // send headers
+    }, opts, {
+      keyGenerator: (req) => {
+        let remoteAddress;
+        if (this.proxyAddressForwarding) {
+          // get proxy headers or remote address
+          remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
+        } else {
+          // get remote address
+          remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
+        }
+        return `${path}:${remoteAddress}`;
+      }
+    });
+    if (typeof rateLimitOptions.store === 'undefined') {
+      const StoreClass = this.getStoreType();
+      if (typeof StoreClass === 'function') {
+        rateLimitOptions.store = new StoreClass(this, rateLimitOptions);
+      }
+    }
+    this.router.use(path, expressRateLimit.rateLimit(rateLimitOptions));
+    return this;
+  }
+  /**
+   * @returns {function} The type of store used for rate limiting.
+   */
+  getStoreType() {
+    const serviceConfiguration = this.getServiceConfiguration();
+    if (typeof serviceConfiguration.storeType !== 'string') {
+      return;
+    }
+    let StoreClass;
+    const store = serviceConfiguration.storeType.split('#');
+    if (store.length === 2) {
+      const storeModule = require(store[0]);
+      if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
+        StoreClass = storeModule[store[1]];
+        return StoreClass;
+      } else {
+        throw new Error(`${store} cannot be found or is inaccessible`);
+      }
+    } else {
+      StoreClass = require(store[0]);
+      return StoreClass;
+    }
+  }
+  /**
+   * Unsets the rate limit configuration for a specific path.
+   * @param {string} path
+   * @returns {RateLimitService} The service instance for chaining.
+   */
+  unset(path) {
+    const index = this.router.stack.findIndex((layer) => {
+      return layer.route && layer.route.path === path;
+    });
+    if (index !== -1) {
+      this.router.stack.splice(index, 1);
+    }
+    return this;
+  }
 }
 class SpeedLimitService extends common.ApplicationService {
   constructor(app) {
     super(app);
-    app.serviceRouter.subscribe((serviceRouter) => {
-      if (serviceRouter == null) {
+    // get proxy address forwarding option
+    const proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
+    this.proxyAddressForwarding = typeof proxyAddressForwarding !== 'boolean' ? false : proxyAddressForwarding;
+    /**
+     * @type {BehaviorSubject<{ target: SpeedLimitService }>}
+     */
+    this.loaded = new rxjs.BehaviorSubject(null);
+    const serviceContainer = this.getServiceContainer();
+    if (serviceContainer == null) {
+      common.TraceUtils.warn(`${this.getServiceName()} is being started but the parent router seems to be unavailable.`);
+      return;
+    }
+    serviceContainer.subscribe((router) => {
+      if (router == null) {
         return;
       }
       try {
-        const addRouter = express.Router();
-        let serviceConfiguration = app.getConfiguration().getSourceAt('settings/universis/janitor/speedLimit') || {
-          profiles: [],
-          paths: []
-        };
-        if (serviceConfiguration.extends) {
-          // get additional configuration
-          const configurationPath = app.getConfiguration().getConfigurationPath();
-          const extendsPath = path.resolve(configurationPath, serviceConfiguration.extends);
-          common.TraceUtils.log(`@universis/janitor#SpeedLimitService will try to extend service configuration from ${extendsPath}`);
-          serviceConfiguration = require(extendsPath);
-        }
-        const pathsArray = serviceConfiguration.paths || [];
-        const profilesArray = serviceConfiguration.profiles || [];
+        // set router for further processing
+        Object.defineProperty(this, 'router', {
+          value: express.Router(),
+          writable: false,
+          enumerable: false,
+          configurable: true
+        });
+        const serviceConfiguration = this.getServiceConfiguration();
         // create maps
-        const paths = new Map(pathsArray);
-        const profiles = new Map(profilesArray);
+        const paths = serviceConfiguration.paths;
         if (paths.size === 0) {
-          common.TraceUtils.warn('@universis/janitor#SpeedLimitService is being started but the collection of paths is empty.');
-        }
-        // get proxy address forwarding option
-        let proxyAddressForwarding = app.getConfiguration().getSourceAt('settings/universis/api/proxyAddressForwarding');
-        if (typeof proxyAddressForwarding !== 'boolean') {
-          proxyAddressForwarding = false;
+          common.TraceUtils.warn(`${this.getServiceName()} is being started but the collection of paths is empty.`);
         }
         paths.forEach((value, path) => {
-          let profile;
-          // get profile
-          if (value.profile) {
-            profile = profiles.get(value.profile);
-          } else {
-            // or options defined inline
-            profile = value;
-          }
-          if (profile != null) {
-            const slowDownOptions = Object.assign({
-              windowMs: 5 * 60 * 1000, // 5 minutes
-              delayAfter: 20, // 20 requests
-              delayMs: 500, // 500 ms
-              maxDelayMs: 10000 // 10 seconds
-            }, profile, {
-              keyGenerator: (req) => {
-                let remoteAddress;
-                if (proxyAddressForwarding) {
-                  // get proxy headers or remote address
-                  remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
-                } else {
-                  // get remote address
-                  remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
-                }
-                return `${path}:${remoteAddress}`;
-              }
+          this.set(path, value);
+        });
+        if (router.stack) {
+          router.stack.unshift.apply(router.stack, this.router.stack);
+        } else {
+          // use router
+          router.use(this.router);
+          // get router stack (use a workaround for express 4.x)
+          const stack = router._router && router._router.stack;
+          if (Array.isArray(stack)) {
+            // stage #1 find logger middleware (for supporting request logging)
+            let index = stack.findIndex((item) => {
+              return item.name === 'logger';
             });
-            if (Array.isArray(slowDownOptions.randomDelayMs)) {
-              slowDownOptions.delayMs = () => {
-                const delayMs = Math.floor(Math.random() * (slowDownOptions.randomDelayMs[1] - slowDownOptions.randomDelayMs[0] + 1) + slowDownOptions.randomDelayMs[0]);
-                return delayMs;
-              };
-            }
-            if (Array.isArray(slowDownOptions.randomMaxDelayMs)) {
-              slowDownOptions.maxDelayMs = () => {
-                const maxDelayMs = Math.floor(Math.random() * (slowDownOptions.randomMaxDelayMs[1] - slowDownOptions.randomMaxDelayMs[0] + 1) + slowDownOptions.randomMaxDelayMs[0]);
-                return maxDelayMs;
-              };
-            }
-            if (typeof slowDownOptions.store === 'string') {
-              // load store
-              const store = slowDownOptions.store.split('#');
-              let StoreClass;
-              if (store.length === 2) {
-                const storeModule = require(store[0]);
-                if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
-                  StoreClass = storeModule[store[1]];
-                  slowDownOptions.store = new StoreClass(this, slowDownOptions);
-                } else {
-                  throw new Error(`${store} cannot be found or is inaccessible`);
-                }
-              } else {
-                StoreClass = require(store[0]);
-                // create store
-                slowDownOptions.store = new StoreClass(this, slowDownOptions);
-              }
+            if (index === -1) {
+              // stage #2 find expressInit middleware
+              index = stack.findIndex((item) => {
+                return item.name === 'expressInit';
+              });
             }
-            addRouter.use(path, slowDown(slowDownOptions));
+          } else {
+            common.TraceUtils.warn(`${this.getServiceName()} is being started but the container stack is not available.`);
           }
-        });
-        if (addRouter.stack.length) {
-          serviceRouter.stack.unshift.apply(serviceRouter.stack, addRouter.stack);
         }
+        // notify that the service is loaded
+        this.loaded.next({ target: this });
       } catch (err) {
         common.TraceUtils.error('An error occurred while validating speed limit configuration.');
         common.TraceUtils.error(err);
@@ -216,6 +315,163 @@ class SpeedLimitService extends common.ApplicationService {
     });
   }
+  /**
+   * @returns {function} The type of store used for rate limiting.
+   */
+  getStoreType() {
+    const serviceConfiguration = this.getServiceConfiguration();
+    if (typeof serviceConfiguration.storeType !== 'string') {
+      return;
+    }
+    let StoreClass;
+    const store = serviceConfiguration.storeType.split('#');
+    if (store.length === 2) {
+      const storeModule = require(store[0]);
+      if (Object.prototype.hasOwnProperty.call(storeModule, store[1])) {
+        StoreClass = storeModule[store[1]];
+        return StoreClass;
+      } else {
+        throw new Error(`${store} cannot be found or is inaccessible`);
+      }
+    } else {
+      StoreClass = require(store[0]);
+      return StoreClass;
+    }
+  }
+  /**
+   * Returns the service name.
+   * @returns {string} The service name.
+   */
+  getServiceName() {
+    return '@universis/janitor#SpeedLimitService';
+  }
+  /**
+  * Returns the service router that is used to register speed limit middleware.
+  * @returns {import('express').Router | import('express').Application} The service router.
+  */
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().serviceRouter;
+  }
+  /**
+   * Sets the speed limit configuration for a specific path.
+   * @param {string} path
+   * @param {{ profile: string } | import('express-slow-down').Options} options
+   * @returns {SpeedLimitService} The service instance for chaining.
+   */
+  set(path, options) {
+    let opts;
+    // get profile
+    if (options.profile) {
+      opts = this.serviceConfiguration.profiles.get(options.profile);
+    } else {
+      // or options defined inline
+      opts = options;
+    }
+    const slowDownOptions = Object.assign({
+      windowMs: 5 * 60 * 1000, // 5 minutes
+      delayAfter: 20, // 20 requests
+      delayMs: 500, // 500 ms
+      maxDelayMs: 10000 // 10 seconds
+    }, opts, {
+      keyGenerator: (req) => {
+        let remoteAddress;
+        if (this.proxyAddressForwarding) {
+          // get proxy headers or remote address
+          remoteAddress = req.headers['x-real-ip'] || req.headers['x-forwarded-for'] || (req.connection ? req.connection.remoteAddress : req.socket.remoteAddress);
+        } else {
+          // get remote address
+          remoteAddress = req.connection ? req.connection.remoteAddress : req.socket.remoteAddress;
+        }
+        return `${path}:${remoteAddress}`;
+      }
+    });
+    if (Array.isArray(slowDownOptions.randomDelayMs)) {
+      slowDownOptions.delayMs = () => {
+        const delayMs = Math.floor(Math.random() * (slowDownOptions.randomDelayMs[1] - slowDownOptions.randomDelayMs[0] + 1) + slowDownOptions.randomDelayMs[0]);
+        return delayMs;
+      };
+    }
+    if (Array.isArray(slowDownOptions.randomMaxDelayMs)) {
+      slowDownOptions.maxDelayMs = () => {
+        const maxDelayMs = Math.floor(Math.random() * (slowDownOptions.randomMaxDelayMs[1] - slowDownOptions.randomMaxDelayMs[0] + 1) + slowDownOptions.randomMaxDelayMs[0]);
+        return maxDelayMs;
+      };
+    }
+    if (typeof slowDownOptions.store === 'undefined') {
+      const StoreClass = this.getStoreType();
+      if (typeof StoreClass === 'function') {
+        slowDownOptions.store = new StoreClass(this, slowDownOptions);
+      }
+    }
+    this.router.use(path, slowDown(slowDownOptions));
+    return this;
+  }
+  /**
+   * Unsets the speed limit configuration for a specific path.
+   * @param {string} path
+   * @return {SpeedLimitService} The service instance for chaining.
+   */
+  unset(path) {
+    const index = this.router.stack.findIndex((layer) => {
+      return layer.route && layer.route.path === path;
+    });
+    if (index !== -1) {
+      this.router.stack.splice(index, 1);
+    }
+    return this;
+  }
+  /**
+   *
+   * @returns {{extends?: string, profiles?: Array, paths?: Array}} The service configuration.
+   */
+  getServiceConfiguration() {
+    if (this.serviceConfiguration) {
+      return this.serviceConfiguration;
+    }
+    let serviceConfiguration = {
+      profiles: [],
+      paths: []
+    };
+    // get service configuration
+    const serviceConfigurationSource = this.getApplication().getConfiguration().getSourceAt('settings/universis/janitor/speedLimit');
+    if (serviceConfigurationSource) {
+      if (typeof serviceConfigurationSource.extends === 'string') {
+        // get additional configuration
+        const configurationPath = this.getApplication().getConfiguration().getConfigurationPath();
+        const extendsPath = path.resolve(configurationPath, serviceConfigurationSource.extends);
+        common.TraceUtils.log(`${this.getServiceName()} will try to extend service configuration using ${extendsPath}`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, require(extendsPath));
+      } else {
+        common.TraceUtils.log(`${this.getServiceName()} will use service configuration from settings/universis/janitor/speedLimit`);
+        serviceConfiguration = Object.assign({}, {
+          profiles: [],
+          paths: []
+        }, serviceConfigurationSource);
+      }
+    }
+    const profilesArray = serviceConfiguration.profiles || [];
+    serviceConfiguration.profiles = new Map(profilesArray);
+    const pathsArray = serviceConfiguration.paths || [];
+    serviceConfiguration.paths = new Map(pathsArray);
+    Object.defineProperty(this, 'serviceConfiguration', {
+      value: serviceConfiguration,
+      writable: false,
+      enumerable: false,
+      configurable: true
+    });
+    return this.serviceConfiguration;
+  }
 }
 function _defineProperty(e, r, t) {
@@ -894,11 +1150,200 @@ class RemoteAddressValidator extends common.ApplicationService {
 }
+class AppRateLimitService extends RateLimitService {
+  /**
+   *
+   * @param {import('@themost/common').ApplicationBase} app
+   */
+  constructor(app) {
+    super(app);
+  }
+  getServiceName() {
+    return '@universis/janitor#AppRateLimitService';
+  }
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().container;
+  }
+}
+class AppSpeedLimitService extends SpeedLimitService {
+  /**
+   *
+   * @param {import('@themost/common').ApplicationBase} app
+   */
+  constructor(app) {
+    super(app);
+  }
+  getServiceName() {
+    return '@universis/janitor#AppSpeedLimitService';
+  }
+  getServiceContainer() {
+    return this.getApplication() && this.getApplication().container;
+  }
+}
+class HttpBearerTokenRequired extends common.HttpError {
+  constructor() {
+    super(499, 'A token is required to fulfill the request.');
+    this.code = 'E_TOKEN_REQUIRED';
+    this.title = 'Token Required';
+  }
+}
+class HttpBearerTokenNotFound extends common.HttpError {
+  constructor() {
+    super(498, 'Token was not found.');
+    this.code = 'E_TOKEN_NOT_FOUND';
+    this.title = 'Invalid token';
+  }
+}
+class HttpBearerTokenExpired extends common.HttpError {
+  constructor() {
+    super(498, 'Token was expired or is in invalid state.');
+    this.code = 'E_TOKEN_EXPIRED';
+    this.title = 'Invalid token';
+  }
+}
+class HttpAccountDisabled extends common.HttpForbiddenError {
+  constructor() {
+    super('Access is denied. User account is disabled.');
+    this.code = 'E_ACCOUNT_DISABLED';
+    this.statusCode = 403.2;
+    this.title = 'Disabled account';
+  }
+}
+class HttpBearerStrategy extends BearerStrategy {
+  constructor() {
+    super({
+      passReqToCallback: true
+    },
+    /**
+     * @param {Request} req
+     * @param {string} token
+     * @param {Function} done
+     */
+    function (req, token, done) {
+      /**
+       * Gets OAuth2 client services
+       * @type {import('./OAuth2ClientService').OAuth2ClientService}
+       */
+      let client = req.context.getApplication().getStrategy(function OAuth2ClientService() {});
+      // if client cannot be found
+      if (client == null) {
+        // throw configuration error
+        return done(new Error('Invalid application configuration. OAuth2 client service cannot be found.'));
+      }
+      if (token == null) {
+        // throw 499 Token Required error
+        return done(new HttpBearerTokenRequired());
+      }
+      // get token info
+      client.getTokenInfo(req.context, token).then((info) => {
+        if (info == null) {
+          // the specified token cannot be found - 498 invalid token with specific code
+          return done(new HttpBearerTokenNotFound());
+        }
+        // if the given token is not active throw token expired - 498 invalid token with specific code
+        if (!info.active) {
+          return done(new HttpBearerTokenExpired());
+        }
+        // find user from token info
+        return function () {
+          /**
+           * @type {import('./services/user-provisioning-mapper-service').UserProvisioningMapperService}
+           */
+          const mapper = req.context.getApplication().getService(function UserProvisioningMapperService() {});
+          if (mapper == null) {
+            return req.context.model('User').where('name').equal(info.username).silent().getItem();
+          }
+          return mapper.getUser(req.context, info);
+        }().then((user) => {
+          // check if userProvisioning service is installed and try to find related user only if user not found
+          if (user == null) {
+            /**
+             * @type {import('./services/user-provisioning-service').UserProvisioningService}
+             */
+            const service = req.context.getApplication().getService(function UserProvisioningService() {});
+            if (service == null) {
+              return user;
+            }
+            return service.validateUser(req.context, info);
+          }
+          return user;
+        }).then((user) => {
+          // user cannot be found and of course cannot be authenticated (throw forbidden error)
+          if (user == null) {
+            // write access log for forbidden
+            return done(new common.HttpForbiddenError());
+          }
+          // check if user has enabled attribute
+          if (Object.prototype.hasOwnProperty.call(user, 'enabled') && !user.enabled) {
+            //if user.enabled is off throw forbidden error
+            return done(new HttpAccountDisabled('Access is denied. User account is disabled.'));
+          }
+          // otherwise return user data
+          return done(null, {
+            'name': user.name,
+            'authenticationProviderKey': user.id,
+            'authenticationType': 'Bearer',
+            'authenticationToken': token,
+            'authenticationScope': info.scope
+          });
+        });
+      }).catch((err) => {
+        // end log token info request with error
+        if (err && err.statusCode === 404) {
+          // revert 404 not found returned by auth server to 498 invalid token
+          return done(new HttpBearerTokenNotFound());
+        }
+        // otherwise continue with error
+        return done(err);
+      });
+    });
+  }
+}
+class PassportService extends common.ApplicationService {
+  constructor(app) {
+    super(app);
+    const authenticator = new passport.Authenticator();
+    Object.defineProperty(this, 'authenticator', {
+      configurable: true,
+      enumerable: false,
+      writable: false,
+      value: authenticator
+    });
+  }
+  /**
+   * @returns {import('passport').Authenticator}
+   */
+  getInstance() {
+    return this.authenticator;
+  }
+}
+exports.AppRateLimitService = AppRateLimitService;
+exports.AppSpeedLimitService = AppSpeedLimitService;
 exports.DefaultScopeAccessConfiguration = DefaultScopeAccessConfiguration;
 exports.EnableScopeAccessConfiguration = EnableScopeAccessConfiguration;
 exports.ExtendScopeAccessConfiguration = ExtendScopeAccessConfiguration;
+exports.HttpAccountDisabled = HttpAccountDisabled;
+exports.HttpBearerStrategy = HttpBearerStrategy;
+exports.HttpBearerTokenExpired = HttpBearerTokenExpired;
+exports.HttpBearerTokenNotFound = HttpBearerTokenNotFound;
+exports.HttpBearerTokenRequired = HttpBearerTokenRequired;
 exports.HttpRemoteAddrForbiddenError = HttpRemoteAddrForbiddenError;
 exports.OAuth2ClientService = OAuth2ClientService;
+exports.PassportService = PassportService;
 exports.RateLimitService = RateLimitService;
 exports.RedisClientStore = RedisClientStore;
 exports.RemoteAddressValidator = RemoteAddressValidator;