@vario-software/vario-app-framework-backend 2025.37.0

package/api/modules/eav.js

@@ -0,0 +1,83 @@
+const Eav = class
+{
+  constructor(ApiAdapter)
+  {
+    this.ApiAdapter = ApiAdapter;
+  }
+
+  getGroup = async function(groupKey)
+  {
+    const { data: eavGroup } = await this.ApiAdapter.fetch(`/cmn/eav-groups/by-key/${groupKey}`, {
+      method: 'GET',
+    });
+
+    return eavGroup;
+  };
+
+  setGroup = async function(eavGroup)
+  {
+    const existingGroup = await this.getGroupIdByKey(eavGroup.key);
+
+    if (existingGroup)
+    {
+      eavGroup.id = existingGroup;
+
+      return eavGroup;
+    }
+
+    eavGroup = await this.ApiAdapter.fetch('/cmn/eav-groups', {
+      method: 'POST',
+      body: JSON.stringify(eavGroup),
+    });
+
+    return eavGroup.data;
+  };
+
+  changeGroup = async function (groupKey, callback)
+  {
+    let { data: eavGroup } = await this.ApiAdapter.fetch(`/cmn/eav-groups/by-key/${groupKey}`, {
+      method: 'GET',
+    });
+
+    eavGroup = callback(eavGroup);
+
+    eavGroup = await this.ApiAdapter.fetch(`/cmn/eav-groups/${eavGroup.id}`, {
+      method: 'PUT',
+      body: JSON.stringify(eavGroup),
+    });
+
+    return eavGroup.data;
+  };
+
+  deleteGroup = async function (groupKey)
+  {
+    const { data: eavGroup } = await this.ApiAdapter.fetch(`/cmn/eav-groups/by-key/${groupKey}`);
+
+    await this.ApiAdapter.fetch(`/cmn/eav-groups/${eavGroup.id}/remove-data`, {
+      method: 'POST',
+      body: JSON.stringify({ entities: eavGroup.entities }),
+    });
+
+    await this.ApiAdapter.fetch(`/cmn/eav-groups/${eavGroup.id}`, {
+      method: 'DELETE',
+    });
+
+    return true;
+  };
+
+  getGroupIdByKey = async function(groupKey)
+  {
+    try
+    {
+      const { data: eavGroup } = await this.ApiAdapter.fetch(`/cmn/eav-groups/by-key/${groupKey}`);
+
+      return eavGroup.id;
+    }
+    catch
+    {
+      return null;
+    }
+  };
+};
+
+module.exports = Eav;

package/api/modules/migration.js

@@ -0,0 +1,95 @@
+const { getApp } = require('#backend/utils/context.js');
+
+const Migration = class
+{
+  constructor(ApiAdapter)
+  {
+    this.ApiAdapter = ApiAdapter;
+  }
+
+  get = async function(identifier)
+  {
+    const { data } = await this.getAll({ limit: 1, identifier });
+
+    return data[0];
+  };
+
+  getAll = async function({ offset = 0, limit = 10, identifier })
+  {
+    const app = getApp();
+
+    const { data, moreElements, nextOffset } = await this.ApiAdapter.vql({
+      statement: `
+             SELECT id,
+                    identifier
+               FROM system.queryAppMigrations
+              WHERE id NOTNULL
+                AND appIdentifier = '${app.client.appIdentifier}'
+${identifier ? `AND identifier = '${identifier}'` : ''}
+    `,
+      offset,
+      limit,
+    });
+
+    return {
+      data,
+      moreElements,
+      nextOffset,
+    };
+  };
+
+  async getNote(key)
+  {
+    const app = getApp();
+
+    const { data } = await this.ApiAdapter.vql({
+      statement: `
+              SELECT note
+                FROM system.queryAppMigrations
+               WHERE appIdentifier = '${app.client.appIdentifier}'
+                 AND identifier = '${key}'
+    `,
+    });
+
+    let note;
+
+    try
+    {
+      note = JSON.parse(data[0]?.note);
+    }
+    catch (error)
+    {
+      note = null;
+    }
+
+    return note;
+  }
+
+  set = async function(identifier, note)
+  {
+    const app = getApp();
+
+    const { data: response } = await this.ApiAdapter.fetch('/cmn/system/app-migration', {
+      body: {
+        appIdentifier: app.client.appIdentifier,
+        identifier,
+        executedAt: new Date().toISOString(),
+        note,
+      },
+      method: 'post',
+    });
+
+    return response;
+  };
+
+  delete = async function(id)
+  {
+    const { data: response } = await this.ApiAdapter.fetch(`/cmn/system/app-migration/${id}`, {
+      method: 'delete',
+    });
+
+    return response;
+  };
+};
+
+module.exports = Migration;

package/api/modules/textEnum.js

@@ -0,0 +1,149 @@
+const TextEnum = class
+{
+  constructor(ApiAdapter)
+  {
+    this.ApiAdapter = ApiAdapter;
+  }
+
+  get = async function(key)
+  {
+    const { data } = await this.getAll({ limit: 1, key });
+
+    return data[0];
+  };
+
+  getAll = async function({ offset = 0, limit = 10, key })
+  {
+    const { data, moreElements, nextOffset } = await this.ApiAdapter.vql({
+      statement: `
+            SELECT
+              id,
+              label,
+              key,
+              textEnums.id,
+              textEnums.label
+            FROM masterdata.query-textenum-group
+  ${key ? `WHERE key = '${key}'` : ''}
+    `,
+      offset,
+      limit,
+    });
+
+    return {
+      data,
+      moreElements,
+      nextOffset,
+    };
+  };
+
+  setGroup = async function(textEnumGroupTemplate)
+  {
+    let textEnumGroup = await this.getEnumGroup(textEnumGroupTemplate.key);
+
+    if (textEnumGroup)
+    {
+      await this.removeEnums(textEnumGroup);
+    }
+    else
+    {
+      textEnumGroup = await this.createGroup(textEnumGroupTemplate);
+    }
+
+    return textEnumGroup;
+  };
+
+  setEnums = async function(textEnumGroupKey, textEnums)
+  {
+    await this.createEnums(
+      textEnumGroupKey,
+      textEnums,
+    );
+  };
+
+  createGroup = async function(textEnumGroup)
+  {
+    const response = await this.ApiAdapter.fetch(
+      '/cmn/masterdata/text-enum-groups',
+      {
+        body: JSON.stringify(textEnumGroup),
+        method: 'POST',
+      });
+
+    return response.data;
+  };
+
+  getAllEnums = async function({ offset = 0, limit = 10, groupId })
+  {
+    const { data, moreElements, nextOffset } = await this.ApiAdapter.vql({
+      statement: `
+            SELECT
+              id,
+              entry
+            FROM masterdata.query-textenum
+  ${groupId ? `WHERE group.id = '${groupId}'` : ''}
+    `,
+      offset,
+      limit,
+    });
+
+    return {
+      data,
+      moreElements,
+      nextOffset,
+    };
+  };
+
+  removeEnums = async function(textEnumGroup)
+  {
+    const textEnums = await this.getEnumsByGroup(textEnumGroup);
+
+    if (!textEnums)
+    {
+      return true;
+    }
+
+    await textEnums.reduce(async (previousPromise, textEnum) =>
+    {
+      await previousPromise;
+
+      return this.removeEnum(textEnum);
+    }, Promise.resolve());
+
+    return true;
+  };
+
+  removeEnum = async function(textEnum)
+  {
+    return this.ApiAdapter.fetch(
+      `/cmn/masterdata/text-enums/${textEnum.id}`,
+      {
+        method: 'DELETE',
+      },
+    );
+  };
+
+  createEnums = async function(customGroupKey, textEnums)
+  {
+    await textEnums.reduce(async (previousPromise, textEnum) =>
+    {
+      await previousPromise;
+
+      return this.createEnum(textEnum);
+    }, Promise.resolve());
+
+    return true;
+  };
+
+  createEnum = async function(textEnum)
+  {
+    await this.ApiAdapter.fetch(
+      '/cmn/masterdata/text-enums',
+      {
+        body: JSON.stringify(textEnum),
+        method: 'POST',
+      },
+    );
+  };
+};
+
+module.exports = TextEnum;

package/api/modules/webhook.js

@@ -0,0 +1,44 @@
+const { getRequest } = require('#backend/utils/context.js');
+const { getApp } = require('#backend/utils/context.js');
+
+const TextEnum = class
+{
+  constructor(ApiAdapter)
+  {
+    this.ApiAdapter = ApiAdapter;
+  }
+
+  register = async function(destinationQueue, url)
+  {
+    const apiUrl = `${process.env.WEBHOOK_HOST ?? `https://${getRequest().get('host')}`}`;
+
+    const app = getApp();
+
+    await this.ApiAdapter.fetch('/cmn/system/app-message-webhook/register', {
+      method: 'POST',
+      body: JSON.stringify({
+        url: `${apiUrl}${url}`,
+        destinationQueue,
+        appIdentifier: app.client.appIdentifier,
+      }),
+    });
+  };
+
+  deregister = async function(destinationQueue, url)
+  {
+    const apiUrl = `${process.env.WEBHOOK_HOST ?? `https://${getRequest().get('host')}`}`;
+
+    const app = getApp();
+
+    await this.ApiAdapter.fetch('/cmn/system/app-message-webhook/deregister', {
+      method: 'POST',
+      body: JSON.stringify({
+        url: `${apiUrl}${url}`,
+        destinationQueue,
+        appIdentifier: app.client.appIdentifier,
+      }),
+    });
+  };
+};
+
+module.exports = TextEnum;

package/app.js

@@ -0,0 +1,115 @@
+const express = require('express');
+const bodyParser = require('body-parser');
+const cors = require('cors');
+const { createProxyMiddleware } = require('http-proxy-middleware');
+const path = require('path');
+const ErpApi = require('#backend/api/ErpApi.js');
+const appAuthentication = require('#backend/setup/appAuthentication.js');
+const setupContext = require('#backend/setup/context.js');
+const setupException = require('#backend/setup/exception.js');
+const { log } = require('#backend/utils/logger.js');
+const OfflineToken = require('#backend/modules/offlineToken.js');
+const AccessToken = require('#backend/modules/accessToken.js');
+const BaseUrlCache = require('#backend/modules/baseUrlCache.js');
+
+const VarioCloudApp = class
+{
+  constructor(client, options = {})
+  {
+    this.express = express();
+    this.port = '8080';
+    this.uiPath = null;
+    this.uiPrefix = '/ui';
+
+    this.version = 'latest';
+
+    this.client = client;
+
+    this.log = options.log ?? log;
+    this.offlineToken = options.offlineToken ?? new OfflineToken(this);
+    this.accessToken = options.accessToken ?? new AccessToken(this);
+    this.baseUrlCache = options.baseUrlCache ?? new BaseUrlCache(this);
+
+    this.erp = ErpApi;
+
+    this.express.disable('x-powered-by');
+
+    this.express.use(cors());
+
+    this.express.use(bodyParser.json(options.bodyParser));
+    this.express.use(bodyParser.raw({ type: 'application/octet-stream', limit: 100 * 1024 * 1024 }));
+
+    this.apiServer = express.Router();
+
+    this.apiServer.use(setupContext(this));
+    this.apiServer.use(appAuthentication);
+
+    this.express.use(options.apiPrefix ?? '/api', this.apiServer);
+  }
+
+  start()
+  {
+    validateClient(this.client);
+
+    if (this.uiPath)
+    {
+      this.uiServer = express.Router();
+
+      if (this.uiPath.startsWith('http'))
+      {
+        this.uiServer.use(
+          createProxyMiddleware({
+            target: `${this.uiPath}/ui`,
+            changeOrigin: true,
+          }),
+        );
+      }
+      else
+      {
+        this.uiServer.use(express.static(this.uiPath));
+
+        // For SPA-Routing
+        this.uiServer.get('/*', (req, res) =>
+        {
+          res.sendFile(path.resolve(this.uiPath, 'index.html'));
+        });
+      }
+
+      this.express.use(this.uiPrefix, this.uiServer);
+    }
+
+    this.express.use(setupException(this));
+
+    return new Promise((resolve, reject) =>
+    {
+      this.express.listen(this.port, error =>
+      {
+        if (error)
+        {
+          reject(error);
+          return;
+        }
+
+        resolve(this);
+      });
+    });
+  }
+};
+
+function validateClient(client)
+{
+  if (!client)
+  {
+    throw new Error('client config missing');
+  }
+
+  const missingProps = ['clientId', 'clientSecret', 'appIdentifier']
+    .filter(prop => !client[prop]);
+
+  if (missingProps.length)
+  {
+    throw new Error(`client config is missing: ${missingProps.join()}`);
+  }
+}
+
+module.exports = VarioCloudApp;

package/modules/accessToken.js

@@ -0,0 +1,43 @@
+class AccessToken
+{
+  #cache = {};
+
+  async init()
+  {
+    return Promise.resolve();
+  }
+
+  async get(tenant)
+  {
+    const tokenData = this.#cache[tenant];
+
+    if (!tokenData)
+    {
+      return null;
+    }
+
+    if (Date.now() >= tokenData.expiresAt)
+    {
+      await this.delete(tenant);
+
+      return null;
+    }
+
+    return tokenData.accessToken;
+  }
+
+  async set(tenant, accessToken, expiresAt)
+  {
+    this.#cache[tenant] = {
+      accessToken,
+      expiresAt,
+    };
+  }
+
+  async delete(tenant)
+  {
+    delete this.#cache[tenant];
+  }
+}
+
+module.exports = AccessToken;

package/modules/baseUrlCache.js

@@ -0,0 +1,53 @@
+const { getTenant } = require('#backend/utils/context.js');
+const { validateOfflineToken } = require('#backend/utils/token.js');
+
+class BaseUrlCache
+{
+  #cache = {};
+
+  constructor(app)
+  {
+    this.app = app;
+  }
+
+  async init()
+  {
+    return Promise.resolve();
+  }
+
+  async get()
+  {
+    const tenant = getTenant();
+
+    if (this.#cache[tenant])
+    {
+      return this.#cache[tenant];
+    }
+
+    const offlineToken = await this.app.offlineToken.get(tenant);
+    const { iss } = await validateOfflineToken(offlineToken);
+
+    const domain = iss.replace('https://sso.', '').split('/')[0];
+    const baseUrl = `https://${tenant}.${domain}`;
+
+    await this.set(baseUrl);
+
+    return baseUrl;
+  }
+
+  async set(value)
+  {
+    const tenant = getTenant();
+
+    this.#cache[tenant] = value;
+  }
+
+  async delete()
+  {
+    const tenant = getTenant();
+
+    delete this.#cache[tenant];
+  }
+}
+
+module.exports = BaseUrlCache;

package/modules/offlineToken.js

@@ -0,0 +1,44 @@
+class OfflineToken
+{
+  constructor(app, filename = 'offlineToken.db')
+  {
+    this.app = app;
+    this.filename = filename;
+    this.database = {};
+  }
+
+  async init()
+  {
+  // eslint-disable-next-line v-custom-rules/no-await-on-import
+    const { JSONFilePreset } = await import('lowdb/node');
+
+    this.database = await JSONFilePreset(this.filename, {});
+  }
+
+  async get(tenant)
+  {
+    return this.database.data[tenant];
+  }
+
+  async set(tenant, offlineToken)
+  {
+    this.app.accessToken.delete(tenant);
+
+    return this.database.update(tokens =>
+    {
+      tokens[tenant] = offlineToken;
+    });
+  }
+
+  async delete(tenant)
+  {
+    this.app.accessToken.delete(tenant);
+
+    return this.database.update(tokens =>
+    {
+      delete tokens[tenant];
+    });
+  }
+}
+
+module.exports = OfflineToken;

package/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@vario-software/vario-app-framework-backend",
+  "version": "2025.37.0",
+  "repository": "https://github.com/vario-software/vario-app-framework",
+  "author": "VARIO Software AG",
+  "homepage": "https://www.vario.ag",
+  "description": "The VARIO App Framework makes it easy and quick to set up a VARIO Cloud App in Node.js by handling API communication, authentication and providing useful built-in utilities.",
+  "license": "MIT",
+  "publishConfig": { "access": "public" },
+  "dependencies": {
+    "body-parser": "2.2.0",
+    "cors": "^2.8.5",
+    "express": "4.21.2",
+    "follow-redirects": "1.15.11",
+    "http-proxy-middleware": "3.0.5",
+    "jose": "6.1.0",
+    "lodash": "4.17.21",
+    "lowdb": "^7.0.1"
+  },
+  "imports": {
+    "#backend/*": "./*"
+  }
+}

package/setup/appAuthentication.js

@@ -0,0 +1,45 @@
+const { getContext, getRequestId } = require('#backend/utils/context.js');
+const { validateAppToken } = require('#backend/utils/token.js');
+
+function appAuthentication(req, res, next)
+{
+  const authorizationHeader = req.get('Authorization');
+
+  // Read appToken from Authorization-Header
+  let token = authorizationHeader?.replace('Bearer ', '');
+
+  if (['/api/install', '/api/uninstall'].includes(req.path))
+  {
+    /* if the app has no ui we need to
+         extract the appToken from the query */
+    if (req.method === 'GET')
+    {
+      token = req.query.appToken;
+    }
+  }
+
+  validateAppToken(token)
+    .then(accessToken =>
+    {
+      const context = getContext();
+
+      context.appToken = token;
+      context.accessToken = accessToken;
+
+      next();
+    })
+    .catch(error =>
+    {
+      console.log({
+        message: 'Auth failed',
+        requestId: getRequestId(),
+        token,
+        error,
+        requestPath: req.path,
+      });
+
+      res.status(401).end();
+    });
+}
+
+module.exports = appAuthentication;