@vario-software/vario-app-framework-backend 2025.37.0

package/setup/context.js

@@ -0,0 +1,37 @@
+const { runInContext } = require('#backend/utils/context.js');
+
+function setupContext(app)
+{
+  return (req, res, next) =>
+  {
+    // Identifier to this context
+    const requestId = `${Date.now().toString(36)}-${Math.random().toString(36).substr(2, 8)}`;
+    const startTime = performance.now();
+
+    res.setHeader('x-request-id', requestId);
+
+    const specificContext = {
+      req,
+      res,
+      app,
+      requestId,
+      startTime,
+    };
+
+    res.on('finish', async () =>
+    {
+      await app.log(
+        `${(performance.now() - specificContext.startTime).toFixed(2)}ms`,
+        'setup/context/finish',
+        'DEBUG',
+      );
+    });
+
+    runInContext(specificContext, () =>
+    {
+      next();
+    });
+  };
+}
+
+module.exports = setupContext;

package/setup/exception.js

@@ -0,0 +1,49 @@
+const { getResponse, getApp } = require('#backend/utils/context.js');
+const HttpError = require('#backend/utils/httpError.js');
+
+function setupException()
+{
+  process.on('unhandledRejection', reason => errorHandling(reason));
+
+  // eslint-disable-next-line no-unused-vars
+  return (error, req, res, next) =>
+  {
+    errorHandling(error);
+  };
+}
+
+async function errorHandling(error)
+{
+  const response = getResponse();
+  const statusCode = error.statusCode ?? 500;
+  const message = error.message ?? 'UNKNOWN_ERROR';
+  const logLevel = error.logLevel ?? 'ERROR';
+  const logService = error.logService ?? 'setup/exception';
+  const stackTrace = error.stack?.split('\n').map(line => line.trim());
+  const { logInfo, data } = error;
+
+  if (error instanceof HttpError)
+  {
+    await getApp()?.log(
+      {
+        statusCode,
+        message,
+        logInfo,
+        stackTrace,
+      },
+      logService,
+      logLevel,
+    );
+  }
+  else
+  {
+    console.warn(error);
+  }
+
+  if (response && !response.headersSent)
+  {
+    response.status(statusCode).send({ error: message, data }).end();
+  }
+}
+
+module.exports = setupException;

package/utils/context.js

@@ -0,0 +1,82 @@
+const { AsyncLocalStorage } = require('async_hooks');
+
+const asyncLocalStorage = new AsyncLocalStorage();
+
+function runInContext(context, callback)
+{
+  asyncLocalStorage.run(context, callback);
+}
+
+function getContext()
+{
+  return asyncLocalStorage.getStore();
+}
+
+function getAccessToken()
+{
+  const accessToken = getContext()?.accessToken;
+
+  return accessToken;
+}
+
+function getAppToken()
+{
+  const appToken = getContext()?.appToken;
+
+  return appToken;
+}
+
+function getTenant()
+{
+  const tenant = getAccessToken()?.tenantSubdomain;
+
+  return tenant;
+}
+
+function getExternalUserId()
+{
+  const externalUserId = getAccessToken()?.sub;
+
+  return externalUserId;
+}
+
+function getRequest()
+{
+  const request = getContext()?.req;
+
+  return request;
+}
+
+function getResponse()
+{
+  const response = getContext()?.res;
+
+  return response;
+}
+
+function getApp()
+{
+  const app = getContext()?.app;
+
+  return app;
+}
+
+function getRequestId()
+{
+  const requestId = getContext()?.requestId;
+
+  return requestId;
+}
+
+module.exports = {
+  getContext,
+  getAppToken,
+  getAccessToken,
+  getTenant,
+  getExternalUserId,
+  getRequest,
+  getResponse,
+  getApp,
+  getRequestId,
+  runInContext,
+};

package/utils/httpError.js

@@ -0,0 +1,16 @@
+class CustomError extends Error
+{
+  constructor(message, statusCode, logService, logInfo, logId, logLevel, errorData)
+  {
+    super(message);
+
+    this.statusCode = statusCode;
+    this.logLevel = logLevel;
+    this.logService = logService;
+    this.logId = logId;
+    this.logInfo = logInfo;
+    this.data = errorData;
+  }
+}
+
+module.exports = CustomError;

package/utils/keycloak.js

@@ -0,0 +1,57 @@
+const VarioApi = require('#backend/api/Api.js');
+const { getApp } = require('#backend/utils/context.js');
+
+async function refreshAccessToken(offlineToken, refreshUrl)
+{
+  const app = getApp();
+
+  const { clientId, clientSecret, appIdentifier } = app.client;
+
+  const body = new URLSearchParams({
+    grant_type: 'refresh_token',
+    refresh_token: offlineToken,
+    client_id: clientId,
+    client_secret: clientSecret,
+  }).toString();
+
+  const refreshOptions = {
+    method: 'POST',
+    headers: {
+      'user-agent': appIdentifier,
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+    body,
+    suppressLogs: true,
+  };
+
+  const timer = performance.now();
+
+  const { data } = await VarioApi.fetch(refreshUrl, refreshOptions).catch(async error =>
+  {
+    await app.log(
+      {
+        request: { refreshUrl, refreshOptions, body },
+        response: { ...error?.data },
+        duration: `${(performance.now() - timer).toFixed(2)}ms`,
+      },
+      'utils/keycloak',
+      'DEBUG',
+    );
+
+    throw error;
+  });
+
+  await app.log(
+    {
+      request: { url: refreshUrl, body: '[secret]' },
+      response: `[secret(${Object.keys(typeof data === 'object' ? data : {})})]`,
+      duration: `${(performance.now() - timer).toFixed(2)}ms`,
+    },
+    'utils/keycloak',
+    'DEBUG',
+  );
+
+  return data;
+}
+
+module.exports = refreshAccessToken;

package/utils/licenses.js

@@ -0,0 +1,59 @@
+const { getApp, getContext } = require('#backend/utils/context.js');
+const HttpError = require('#backend/utils/httpError.js');
+
+async function checkLicense(licenseKey, silent)
+{
+  const licenses = await getLicenses();
+
+  if (!licenses.includes(licenseKey))
+  {
+    if (silent)
+    {
+      return false;
+    }
+
+    throw new HttpError(
+      'ERP_LICENSE_MISSING',
+      402,
+      'utils/licenses',
+      { key: licenseKey },
+      null,
+      'ERROR',
+    );
+  }
+
+  return true;
+}
+
+function checkLicenseMiddleware(licenseKey)
+{
+  return async (req, res, next) =>
+  {
+    await checkLicense(licenseKey);
+
+    next();
+  };
+}
+
+async function getLicenses()
+{
+  const context = getContext();
+
+  if (context.licenses)
+  {
+    return context.licenses;
+  }
+
+  const app = getApp();
+
+  const { data } = await app.erp.fetch('/cmn/systems/licenses/', {
+    useInternalApi: true,
+  });
+
+  return data.map(({ licenseKey }) => licenseKey);
+}
+
+module.exports = {
+  checkLicense,
+  checkLicenseMiddleware,
+};

package/utils/logger.js

@@ -0,0 +1,29 @@
+const { getTenant, getRequestId, getRequest } = require('#backend/utils/context.js');
+
+async function log(message, loggerName, level = 'DEBUG')
+{
+  const tenant = getTenant();
+  const requestId = getRequestId();
+
+  switch (level)
+  {
+    case 'WARNING':
+      console.warn({ tenant, message, requestId, loggerName });
+      break;
+    case 'ERROR':
+      console.error({ tenant, message, requestId, loggerName });
+      break;
+    case 'INFO':
+      console.info({ tenant, message, requestId, loggerName });
+      break;
+    case 'DEBUG':
+      console.debug({ tenant, message, requestId, loggerName, requestPath: getRequest().path });
+      break;
+    default:
+      console.log({ tenant, message, requestId, loggerName });
+  }
+}
+
+module.exports = {
+  log,
+};

package/utils/migrator.js

@@ -0,0 +1,320 @@
+const { getApp, getContext, getRequest } = require('#backend/utils/context.js');
+const ErpApi = require('#backend/api/ErpApi.js');
+
+const Migrator = class
+{
+  migrationResults = {};
+
+  ApiAdapter = ErpApi;
+
+  constructor(key)
+  {
+    this.key = key;
+
+    this.req = getRequest();
+    this.app = getApp();
+  }
+
+  setMigration = async function (key, callback)
+  {
+    const migration = `${this.key}.${key}`;
+
+    if (await this.ApiAdapter.migration.get(migration))
+    {
+      return;
+    }
+
+    const context = getContext();
+
+    context.migration = migration;
+
+    try
+    {
+      this.migrationResults[key] = await callback(this.methods, this.migrationResults);
+
+      let note;
+
+      try
+      {
+        note = JSON.stringify(this.migrationResults[key]);
+      }
+      catch (error)
+      {
+        note = null;
+      }
+
+      await this.ApiAdapter.migration.set(migration, note);
+    }
+    catch (error)
+    {
+      await this.methods.log(`Migration "${migration}" failed\n\n${error.message}`, 'ERROR', error.message);
+    }
+  };
+
+  methods = {
+    log: async (message, level = 'INFO') =>
+    {
+      const context = getContext();
+
+      await this.app.log(
+        message,
+        `services/maintenance/install/migrations/${context.migration}`,
+        level,
+      );
+    },
+
+    getEavGroup: async groupKey =>
+    {
+      const eavGroup = await this.ApiAdapter.eav.getGroup(groupKey);
+
+      await this.methods.log(`EAV-Group "${eavGroup.label}" with id "${eavGroup.id}" successfully read\n`);
+
+      return eavGroup;
+    },
+
+    createEavGroup: async eavGroup =>
+    {
+      eavGroup = await this.ApiAdapter.eav.setGroup(eavGroup);
+
+      await this.methods.log(`EAV-Group "${eavGroup.label}" with id "${eavGroup.id}" successfully created\n`);
+
+      return eavGroup;
+    },
+
+    changeEavGroup: async (groupKey, callback) =>
+    {
+      const eavGroup = await this.ApiAdapter.eav.changeGroup(groupKey, callback);
+
+      await this.methods.log(`EAV-Group "${eavGroup.label}" with id "${eavGroup.id}" successfully changed\n`);
+
+      return eavGroup;
+    },
+
+    deleteEavGroup: async groupKey =>
+    {
+      const eavGroup = await this.ApiAdapter.eav.deleteGroup(groupKey);
+
+      await this.methods.log(`EAV-Group "${groupKey}" successfully deleted\n`);
+
+      return eavGroup;
+    },
+
+    createTextEnumGroup: async textEnumGroup =>
+    {
+      textEnumGroup = await this.ApiAdapter.textenum.setGroup(textEnumGroup);
+
+      await this.methods.log(`Text-Enum-Group "${textEnumGroup.label}" with id "${textEnumGroup.id}" successfully created\n`);
+
+      return textEnumGroup;
+    },
+
+    registerWebhook: async (destinationQueue, url) =>
+    {
+      await this.ApiAdapter.webhook.register(destinationQueue, url);
+
+      await this.methods.log(`Webhook for destination "${destinationQueue}" registered\n`);
+    },
+
+    deregisterWebhook: async (destinationQueue, url) =>
+    {
+      await this.ApiAdapter.webhook.deregister(destinationQueue, url);
+
+      await this.methods.log(`Webhook for destination "${destinationQueue}" deregistered\n`);
+    },
+
+    createSalesChannelBackend: async label =>
+    {
+      const { data: salesChannelBackend } = await this.ApiAdapter.fetch('/erp/sales-channels/backend', {
+        method: 'POST',
+        body: JSON.stringify({
+          appId: this.app.client.appIdentifier,
+          label,
+          type: 'APP',
+          active: true,
+        }),
+      });
+
+      await this.methods.log(`Sales-Channel-Backend with id "${salesChannelBackend.id}" successfully created\n`);
+
+      return salesChannelBackend;
+    },
+
+    createSalesChannel: async (salesChannelBackend, label, description, channelType = 'ECOMMERCE') =>
+    {
+      const { data: salesChannel } = await this.ApiAdapter.fetch('/erp/sales-channels', {
+        method: 'POST',
+        body: JSON.stringify({
+          label,
+          description,
+          active: true,
+          channelType,
+          channelBackend: { id: salesChannelBackend.id },
+          externalRef: '',
+        }),
+      });
+
+      await this.methods.log(`Sales-Channel with id "${salesChannel.id}" successfully created\n`);
+
+      return salesChannel;
+    },
+
+    getSalesChannels: async () =>
+    {
+      const { data: salesChannels } = await this.ApiAdapter.vql({
+        statement: `
+          SELECT id,
+                 label
+            FROM sales-channel.salesChannels 
+            WHERE channelBackend.appId = '${this.app.client.appIdentifier}'
+              AND channelBackend.type = 'APP'
+        `,
+      });
+
+      return salesChannels;
+    },
+
+    findSalesChannelBackend: async () =>
+    {
+      const { data: salesChannelBackends } = await this.ApiAdapter.vql({
+        statement: `
+          SELECT id
+            FROM sales-channel.salesChannelBackends 
+            WHERE appId = '${this.app.client.appIdentifier}'
+              AND type = 'APP'
+        `,
+      });
+
+      return salesChannelBackends?.[0];
+    },
+
+    getSalesChannelBackend: async salesChannelBackendId =>
+    {
+      const { data: salesChannelBackend } = await this.ApiAdapter.fetch(`/erp/sales-channels/backend/${salesChannelBackendId}`);
+
+      if (salesChannelBackend)
+      {
+        await this.methods.log(`Use existing Sales-Channel-Backend with id "${salesChannelBackend.id}"\n`);
+      }
+
+      return salesChannelBackend;
+    },
+
+    activateSalesChannelBackend: async salesChannelBackend =>
+    {
+      await this.ApiAdapter.fetch(`/erp/sales-channels/backend/${salesChannelBackend.id}/activate`, {
+        method: 'PUT',
+        body: '{}',
+      });
+    },
+
+    createMultipartImportPreset: async importMultipartPresetTemplate =>
+    {
+      const { data: importMultipartPreset } = await this.ApiAdapter.fetch(
+        '/cmn/data-import/runs/multi-part',
+        {
+          useInternalApi: true,
+          method: 'POST',
+          body: JSON.stringify(importMultipartPresetTemplate),
+        });
+
+      await this.methods.log(`Import-Multipart-Preset with id "${importMultipartPreset.id}" successfully created\n`);
+
+      return importMultipartPreset;
+    },
+
+    createFinanceBackend: async label =>
+    {
+      const { data: finance } = await this.ApiAdapter.fetch('/erp/finance/backend', {
+        method: 'POST',
+        body: JSON.stringify({
+          label,
+          usePerformanceDate: false,
+          appId: this.app.client.appIdentifier,
+        }),
+      });
+
+      await this.methods.log(`Finance Backend with id "${finance.id}" successfully created\n`);
+
+      return finance;
+    },
+
+    changeFinanceBackend: async (label, description) =>
+    {
+      const body = {
+        adhocPreset: {
+          queryPredicate: {
+            type: 'JUNCTION',
+            operator: 'AND',
+            children: [
+              {
+                type: 'FILTER',
+                property: 'label',
+                operator: 'EQUALS',
+                values: [
+                  label,
+                ],
+              },
+            ],
+          },
+        },
+      };
+
+      const { data: financeBackend } = await this.ApiAdapter.fetch(
+        '/cmn/computed-queries/finance-export/backends',
+        {
+          method: 'POST',
+          useInternalApi: true,
+          body,
+        },
+      );
+
+      const { data: finance } = await this.ApiAdapter.fetch(`/erp/finance/backend/${financeBackend?.data?.[0].id}`, {
+        method: 'PUT',
+        body: JSON.stringify({
+          label,
+          description,
+          usePerformanceDate: false,
+          appId: this.app.client.appIdentifier,
+        }),
+      });
+
+      await this.methods.log(`Finance Backend with id "${finance.id}" successfully created\n`);
+
+      return finance;
+    },
+
+    updateMultipartImportPreset: async (id, importMultipartPresetTemplate) =>
+    {
+      const { data: importMultipartPreset } = await this.app.erp.fetch(
+        `/cmn/data-import/runs/multi-part/${id}`,
+        {
+          useInternalApi: true,
+          method: 'PUT',
+          body: JSON.stringify(importMultipartPresetTemplate),
+        });
+
+      await this.methods.log(`Import-Multipart-Preset with id "${importMultipartPreset.id}" successfully updated\n`);
+
+      return importMultipartPreset;
+    },
+
+    addAppScriptingTrigger: async (triggerId, script) =>
+    {
+      await this.ApiAdapter.fetch(
+        '/community/latest/cmn/system/app-scripting-proxy',
+        {
+          useInternalApi: true,
+          method: 'POST',
+          body: JSON.stringify({
+            appIdentifier: this.app.client.appIdentifier,
+            triggerId,
+            script,
+          }),
+        });
+
+      await this.methods.log(`App-Script-Trigger with id "${triggerId}" successfully updated\n`);
+    },
+  };
+};
+
+module.exports = Migrator;

package/utils/permission.js

@@ -0,0 +1,34 @@
+const { getAccessToken } = require('#backend/utils/context.js');
+const HttpError = require('#backend/utils/httpError.js');
+
+async function checkPermission(verb)
+{
+  const { isSuperUser, permissions } = await getAccessToken();
+
+  if (!(isSuperUser || permissions?.includes(verb)))
+  {
+    throw new HttpError(
+      'APP_AUTHORIZATION_FAILED',
+      403,
+      'utils/permission',
+      { missingVerb: verb },
+      null,
+      'ERROR',
+    );
+  }
+}
+
+function checkPermissionMiddleware(verb)
+{
+  return async (req, res, next) =>
+  {
+    await checkPermission(verb);
+
+    next();
+  };
+}
+
+module.exports = {
+  checkPermission,
+  checkPermissionMiddleware,
+};