@valentine-efagene/qshelter-common 2.0.135 → 2.0.137

package/dist/src/middleware/auth-context.d.ts

@@ -7,7 +7,7 @@ import { Request, Response, NextFunction } from 'express';
  * - API Gateway calls Lambda Authorizer with JWT
  * - Authorizer validates token and returns context
  * - Gateway injects context into event.requestContext.authorizer
- * - serverless-http makes this available as req.requestContext.authorizer
+ * - @codegenie/serverless-express exposes this via getCurrentInvoke()
  *
  * In tests:
  * - We simulate the authorizer by setting x-authorizer-* headers
@@ -23,9 +23,10 @@ export interface AuthContext {
  * Extracts auth context from API Gateway authorizer or JWT token.
  *
  * Priority:
- * 1. HTTP API v2 simple response: requestContext.authorizer.lambda (enableSimpleResponses=true)
- * 2. REST API / HTTP API: requestContext.authorizer (enableSimpleResponses=false)
- * 3. Fallback: Decode JWT from Authorization header (LocalStack/dev/tests)
+ * 1. getCurrentInvoke() from @codegenie/serverless-express (preferred for Lambda)
+ * 2. HTTP API v2 simple response: requestContext.authorizer.lambda (enableSimpleResponses=true)
+ * 3. REST API / HTTP API: requestContext.authorizer (enableSimpleResponses=false)
+ * 4. Fallback: Decode JWT from Authorization header (LocalStack/dev/tests)
  *
  * In production, the Lambda Authorizer validates the JWT and injects context.
  * In LocalStack (no authorizer), we decode the JWT directly since it contains

package/dist/src/middleware/auth-context.js

@@ -1,3 +1,14 @@
+// Try to import getCurrentInvoke from @codegenie/serverless-express
+// This is optional - will fallback to other methods if not available
+let getCurrentInvoke = null;
+try {
+    // Dynamic import to avoid hard dependency
+    const serverlessExpress = require('@codegenie/serverless-express');
+    getCurrentInvoke = serverlessExpress.getCurrentInvoke;
+}
+catch {
+    // Package not available - will use fallback methods
+}
 /**
  * Safely decode JWT payload without verification.
  * Used to extract claims like roles when authorizer context isn't available.
@@ -19,9 +30,10 @@ function decodeJwtPayload(token) {
  * Extracts auth context from API Gateway authorizer or JWT token.
  *
  * Priority:
- * 1. HTTP API v2 simple response: requestContext.authorizer.lambda (enableSimpleResponses=true)
- * 2. REST API / HTTP API: requestContext.authorizer (enableSimpleResponses=false)
- * 3. Fallback: Decode JWT from Authorization header (LocalStack/dev/tests)
+ * 1. getCurrentInvoke() from @codegenie/serverless-express (preferred for Lambda)
+ * 2. HTTP API v2 simple response: requestContext.authorizer.lambda (enableSimpleResponses=true)
+ * 3. REST API / HTTP API: requestContext.authorizer (enableSimpleResponses=false)
+ * 4. Fallback: Decode JWT from Authorization header (LocalStack/dev/tests)
  *
  * In production, the Lambda Authorizer validates the JWT and injects context.
  * In LocalStack (no authorizer), we decode the JWT directly since it contains
@@ -31,6 +43,34 @@ function decodeJwtPayload(token) {
  * @returns AuthContext or null if not authenticated
  */
 export function extractAuthContext(req) {
+    // Method 1: Use getCurrentInvoke() from @codegenie/serverless-express
+    // This is the most reliable method when running in Lambda with this package
+    if (getCurrentInvoke) {
+        const { event } = getCurrentInvoke();
+        if (event?.requestContext?.authorizer) {
+            const authorizer = event.requestContext.authorizer;
+            // HTTP API v2 with enableSimpleResponses=true: context is under authorizer.lambda
+            const lambdaContext = authorizer.lambda;
+            if (lambdaContext?.userId && lambdaContext?.tenantId) {
+                return {
+                    userId: lambdaContext.userId,
+                    tenantId: lambdaContext.tenantId,
+                    email: lambdaContext.email,
+                    roles: lambdaContext.roles ? JSON.parse(lambdaContext.roles) : [],
+                };
+            }
+            // REST API / HTTP API with enableSimpleResponses=false: context is directly on authorizer
+            if (authorizer.userId && authorizer.tenantId) {
+                return {
+                    userId: authorizer.userId,
+                    tenantId: authorizer.tenantId,
+                    email: authorizer.email,
+                    roles: authorizer.roles ? JSON.parse(authorizer.roles) : [],
+                };
+            }
+        }
+    }
+    // Method 2: Try req.requestContext (for packages that populate this)
     const lambdaReq = req;
     const authorizer = lambdaReq.requestContext?.authorizer;
     // HTTP API v2 with enableSimpleResponses=true: context is under authorizer.lambda

package/dist/src/middleware/request-logger.js

@@ -1,3 +1,12 @@
+// Try to import getCurrentInvoke from @codegenie/serverless-express
+let getCurrentInvoke = null;
+try {
+    const serverlessExpress = require('@codegenie/serverless-express');
+    getCurrentInvoke = serverlessExpress.getCurrentInvoke;
+}
+catch {
+    // Package not available
+}
 /**
  * Request logging middleware that logs method, path, status code, and duration.
  * Logs in JSON format for easy parsing by log aggregation tools.
@@ -7,16 +16,30 @@
 export function requestLogger(req, res, next) {
     const start = Date.now();
     // Debug: Log authorizer context structure
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const lambdaReq = req;
-    const authorizer = lambdaReq.apiGateway?.event?.requestContext?.authorizer;
     if (process.env.DEBUG_AUTH === 'true' || process.env.NODE_ENV !== 'production') {
+        let authorizer = null;
+        let source = 'none';
+        // Try getCurrentInvoke first (preferred for @codegenie/serverless-express)
+        if (getCurrentInvoke) {
+            const { event } = getCurrentInvoke();
+            if (event?.requestContext?.authorizer) {
+                authorizer = event.requestContext.authorizer;
+                source = 'getCurrentInvoke';
+            }
+        }
+        // Fallback to req.apiGateway (for other packages)
+        if (!authorizer) {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const lambdaReq = req;
+            if (lambdaReq.apiGateway?.event?.requestContext?.authorizer) {
+                authorizer = lambdaReq.apiGateway.event.requestContext.authorizer;
+                source = 'req.apiGateway';
+            }
+        }
         console.log(JSON.stringify({
             type: 'auth_debug',
             path: req.path,
-            hasApiGateway: !!lambdaReq.apiGateway,
-            hasEvent: !!lambdaReq.apiGateway?.event,
-            hasRequestContext: !!lambdaReq.apiGateway?.event?.requestContext,
+            source,
             hasAuthorizer: !!authorizer,
             authorizerKeys: authorizer ? Object.keys(authorizer) : [],
             authorizer: authorizer,

package/dist/src/middleware/tenant.js

@@ -1,5 +1,14 @@
 import { AppError } from '../utils/errors';
 import { createTenantPrisma, } from '../prisma/tenant';
+// Try to import getCurrentInvoke from @codegenie/serverless-express
+let getCurrentInvoke = null;
+try {
+    const serverlessExpress = require('@codegenie/serverless-express');
+    getCurrentInvoke = serverlessExpress.getCurrentInvoke;
+}
+catch {
+    // Package not available - will use fallback methods
+}
 /**
  * Creates a tenant middleware that extracts tenant context from the request
  * and optionally creates a tenant-scoped Prisma client.
@@ -20,12 +29,25 @@ export function createTenantMiddleware(options) {
     const { prisma, createScopedClient = true } = options;
     return function tenantMiddleware(req, res, next) {
         try {
-            // 1. Try Lambda authorizer context first (production)
-            // HTTP API v2 with enableSimpleResponses=true nests context under authorizer.lambda
-            const authorizer = req.apiGateway?.event?.requestContext?.authorizer;
-            const lambdaContext = authorizer?.lambda;
-            const authorizerContext = lambdaContext || authorizer;
-            // 2. Fall back to x-authorizer-* headers (test/development)
+            let authorizerContext = null;
+            // 1. Try getCurrentInvoke() from @codegenie/serverless-express (preferred)
+            if (getCurrentInvoke) {
+                const { event } = getCurrentInvoke();
+                if (event?.requestContext?.authorizer) {
+                    const authorizer = event.requestContext.authorizer;
+                    // HTTP API v2 with enableSimpleResponses=true nests context under authorizer.lambda
+                    authorizerContext = authorizer.lambda || authorizer;
+                }
+            }
+            // 2. Fall back to req.apiGateway (for packages that populate this)
+            if (!authorizerContext) {
+                const authorizer = req.apiGateway?.event?.requestContext?.authorizer;
+                if (authorizer) {
+                    const lambdaContext = authorizer.lambda;
+                    authorizerContext = lambdaContext || authorizer;
+                }
+            }
+            // 3. Fall back to x-authorizer-* headers (test/development)
             const headers = req.headers;
             const tenantId = authorizerContext?.tenantId || headers['x-authorizer-tenant-id'];
             const userId = authorizerContext?.userId || headers['x-authorizer-user-id'];

package/dist/src/prisma/tenant.js

@@ -40,10 +40,14 @@ const OPTIONAL_TENANT_MODELS = [
     "permission",
 ];
 function isGlobalModel(model) {
-    return GLOBAL_MODELS.includes(model);
+    // Prisma extensions pass model name in camelCase
+    const normalizedModel = model.toLowerCase();
+    return GLOBAL_MODELS.includes(normalizedModel);
 }
 function isOptionalTenantModel(model) {
-    return OPTIONAL_TENANT_MODELS.includes(model);
+    // Prisma extensions pass model name in camelCase
+    const normalizedModel = model.toLowerCase();
+    return OPTIONAL_TENANT_MODELS.includes(normalizedModel);
 }
 /**
  * Check if model is tenant-scoped (required tenantId)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@valentine-efagene/qshelter-common",
-  "version": "2.0.135",
+  "version": "2.0.137",
   "description": "Shared database schemas and utilities for QShelter services",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",