npm - @volcanicminds/backend - Versions diffs - 0.8.2 → 0.9.0 - Mend

@volcanicminds/backend 0.8.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +129 -0
package/dist/index.js +11 -1
package/dist/index.js.map +1 -1
package/dist/lib/config/general.js +2 -1
package/dist/lib/config/general.js.map +1 -1
package/dist/lib/hooks/onRequest.js +48 -44
package/dist/lib/hooks/onRequest.js.map +1 -1
package/dist/lib/hooks/onResponse.js +2 -2
package/dist/lib/hooks/onResponse.js.map +1 -1
package/dist/lib/loader/general.js +2 -1
package/dist/lib/loader/general.js.map +1 -1
package/dist/lib/loader/router.js +40 -11
package/dist/lib/loader/router.js.map +1 -1
package/dist/package-lock.json +7687 -0
package/dist/package.json +21 -21
package/index.ts +16 -1
package/lib/config/general.ts +2 -1
package/lib/hooks/onRequest.ts +55 -49
package/lib/hooks/onResponse.ts +2 -2
package/lib/loader/general.ts +2 -1
package/lib/loader/router.ts +12 -6
package/package.json +21 -21
package/types/global.d.ts +4 -1

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@volcanicminds/backend",
-    "version": "0.8.2",
+    "version": "0.9.0",
     "codename": "turin",
     "license": "MIT",
     "description": "The volcanic (minds) backend",
@@ -51,43 +51,43 @@
         "upgrade-pkg": "yarn npm-upgrade"
     },
     "dependencies": {
-        "@apollo/server": "^4.10.0",
+        "@apollo/server": "^4.11.0",
         "@as-integrations/fastify": "^2.1.1",
-        "@fastify/compress": "^7.0.0",
+        "@fastify/compress": "^7.0.3",
         "@fastify/cors": "^9.0.1",
         "@fastify/helmet": "^11.1.1",
-        "@fastify/jwt": "^8.0.0",
-        "@fastify/multipart": "^8.1.0",
+        "@fastify/jwt": "^8.0.1",
+        "@fastify/multipart": "^8.3.0",
         "@fastify/rate-limit": "^9.1.0",
         "@fastify/schedule": "^4.1.1",
-        "@fastify/swagger": "^8.14.0",
-        "@fastify/swagger-ui": "^3.0.0",
-        "@types/node": "^20.11.20",
-        "dayjs": "^1.11.10",
+        "@fastify/swagger": "^8.15.0",
+        "@fastify/swagger-ui": "^3.1.0",
+        "@types/node": "^20.16.2",
+        "dayjs": "^1.11.13",
         "dotenv": "^16.4.5",
-        "fastify": "^4.26.1",
+        "fastify": "^4.28.1",
         "fastify-raw-body": "^4.3.0",
-        "glob": "^10.3.10",
-        "graphql": "^16.8.1",
+        "glob": "^10.4.5",
+        "graphql": "^16.9.0",
         "i18n": "^0.15.1",
         "lodash": "^4.17.21",
-        "nanoid": "^5.0.6",
-        "object-sizeof": "^2.6.4",
-        "pino": "^8.19.0",
-        "pino-pretty": "^10.3.1",
+        "nanoid": "^5.0.7",
+        "object-sizeof": "^2.6.5",
+        "pino": "^9.3.2",
+        "pino-pretty": "^11.2.2",
         "root-require": "^0.3.1",
-        "semver": "^7.6.0",
+        "semver": "^7.6.3",
         "toad-scheduler": "^3.0.1"
     },
     "devDependencies": {
-        "@types/mocha": "^10.0.6",
+        "@types/mocha": "^10.0.7",
         "cross-env": "^7.0.3",
         "expect": "^29.7.0",
-        "mocha": "^10.3.0",
-        "nodemon": "^3.1.0",
+        "mocha": "^10.7.3",
+        "nodemon": "^3.1.4",
         "npm-upgrade": "^3.1.0",
         "ts-node": "^10.9.2",
-        "typescript": "^5.3.3"
+        "typescript": "^5.5.4"
     },
     "repository": {
         "type": "git",

package/index.ts CHANGED Viewed

@@ -181,7 +181,22 @@ const start = async (decorators) => {
   // Helmet is not usable with Apollo Server
   plugins?.rawBody && (await server.register(rawBody, plugins.rawBody || {}))
   !loadApollo && plugins?.helmet && (await server.register(helmet, plugins.helmet || {}))
-  plugins?.rateLimit && (await server.register(rateLimit, plugins.rateLimit || {}))
+  if (plugins?.rateLimit) {
+    await server.register(rateLimit, plugins.rateLimit || {})
+    server.setNotFoundHandler(
+      {
+        preHandler: server.rateLimit({
+          max: 30,
+          timeWindow: 30000
+        })
+      },
+      function (req, reply) {
+        reply.code(404).send()
+      }
+    )
+  }
   plugins?.multipart && (await server.register(multipart, plugins.multipart || {}))
   plugins?.cors && (await server.register(cors, plugins.cors || {}))
   plugins?.compress && (await server.register(compress, plugins.compress || {}))

package/lib/config/general.ts CHANGED Viewed

@@ -5,6 +5,7 @@ module.exports = {
   enable: true,
   options: {
     reset_external_id_on_login: false,
-    scheduler: false
+    scheduler: false,
+    embedded_auth: true
   }
 }

package/lib/hooks/onRequest.ts CHANGED Viewed

@@ -1,68 +1,74 @@
 import { getParams, getData } from '../util/common'
 import { AuthenticatedUser, AuthenticatedToken, Role } from '../../types/global'
+const { embedded_auth = true } = global.config?.options || {}
 module.exports = async (req, reply) => {
-  // request enrichment
   log.i && (req.startedAt = new Date())
+  // request enrichment
   req.data = () => getData(req)
   req.parameters = () => getParams(req)
-  req.roles = () => (req.user ? req.user.roles : [roles.public])
-  req.hasRole = (r: Role) => (req.user ? req.user.roles : [roles.public]).some((role) => role === r?.code)
-  // authorization check
-  const auth = req.headers?.authorization || ''
-  const cfg = req.routeOptions?.config || req.routeConfig || {}
-  const [prefix, bearerToken] = auth.split(' ')
-  const isRoutePublic = (cfg.requiredRoles || []).some((role: Role) => role.code === roles.public.code)
+  if (embedded_auth) {
+    req.roles = () => (req.user ? req.user.roles : [roles.public])
+    req.hasRole = (r: Role) => (req.user ? req.user.roles : [roles.public]).some((role) => role === r?.code)
-  if (prefix === 'Bearer' && bearerToken != null) {
-    let user: null | AuthenticatedUser = null
-    let token: null | AuthenticatedToken = null
+    // authorization check
+    const auth = req.headers?.authorization || ''
+    const cfg = req.routeOptions?.config || req.routeConfig || {}
+    const [prefix, bearerToken] = auth.split(' ')
-    try {
-      const tokenData = reply.server.jwt.verify(bearerToken)
-      user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
-      if (!user && req.server['tokenManager'].isImplemented()) {
-        token = await req.server['tokenManager'].retrieveTokenByExternalId(tokenData?.sub)
-      }
-      if (!user && !token) {
-        return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_FOUND', message: 'User not found' })
-      }
-      if (user) {
-        const isValid = await req.server['userManager'].isValidUser(user)
-        if (!isValid) {
-          return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+    if (prefix === 'Bearer' && bearerToken != null) {
+      let user: null | AuthenticatedUser = null
+      let token: null | AuthenticatedToken = null
+      try {
+        const tokenData = reply.server.jwt.verify(bearerToken)
+        user = await req.server['userManager'].retrieveUserByExternalId(tokenData?.sub)
+        if (!user && req.server['tokenManager'].isImplemented()) {
+          token = await req.server['tokenManager'].retrieveTokenByExternalId(tokenData?.sub)
         }
-        // ok, we have the full user here
-        req.user = user
-      }
-      if (token) {
-        const isValid = await req.server['tokenManager'].isValidToken(token)
-        if (!isValid) {
-          return reply.status(404).send({ statusCode: 404, code: 'TOKEN_NOT_VALID', message: 'Token not valid' })
+        if (!user && !token) {
+          return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_FOUND', message: 'User not found' })
+        }
+        if (user) {
+          const isValid = await req.server['userManager'].isValidUser(user)
+          if (!isValid) {
+            return reply.status(404).send({ statusCode: 404, code: 'USER_NOT_VALID', message: 'User not valid' })
+          }
+          // ok, we have the full user here
+          req.user = user
+        }
+        if (token) {
+          const isValid = await req.server['tokenManager'].isValidToken(token)
+          if (!isValid) {
+            return reply.status(404).send({ statusCode: 404, code: 'TOKEN_NOT_VALID', message: 'Token not valid' })
+          }
+          // ok, we have the full user here
+          req.token = token
+        }
+      } catch (error) {
+        const isRoutePublic = (cfg.requiredRoles || []).some((role: Role) => role.code === roles.public.code)
+        if (!isRoutePublic) {
+          throw error
         }
-        // ok, we have the full user here
-        req.token = token
-      }
-    } catch (error) {
-      if (!isRoutePublic) {
-        throw error
       }
     }
-  }
-  if (cfg.requiredRoles?.length > 0) {
-    const { method = '', url = '', requiredRoles } = cfg
-    const authRoles: string[] = ((req.user?.roles || req.token?.roles)?.map((code) => code) as string[]) || [
-      roles.public?.code || 'public'
-    ]
-    const resolvedRoles = authRoles.length > 0 ? requiredRoles.filter((r) => authRoles.includes(r.code)) : []
+    if (cfg.requiredRoles?.length > 0) {
+      const { method = '', url = '', requiredRoles } = cfg
+      const authRoles: string[] = ((req.user?.roles || req.token?.roles)?.map((code) => code) as string[]) || [
+        roles.public?.code || 'public'
+      ]
+      const resolvedRoles = authRoles.length > 0 ? requiredRoles.filter((r) => authRoles.includes(r.code)) : []
-    if (!resolvedRoles.length) {
-      log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)
-      return reply
-        .status(403)
-        .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to call this route' })
+      if (!resolvedRoles.length) {
+        log.w && log.warn(`Not allowed to call ${method.toUpperCase()} ${url}`)
+        return reply
+          .status(403)
+          .send({ statusCode: 403, code: 'ROLE_NOT_ALLOWED', message: 'Not allowed to call this route' })
+      }
     }
   }
 }

package/lib/hooks/onResponse.ts CHANGED Viewed

@@ -10,6 +10,6 @@ module.exports = async (req, reply) => {
     extraMessage += `[${reqSize}${replySize} bytes]`
   }
-  const message: string = `${req.method} ${req.url} ${reply.statusCode} ${extraMessage}`
-  reply.statusCode < 300 ? log.info(message) : reply.statusCode < 400 ? log.warn(message) : log.error(message)
+  const message = () => `${req.method} ${req.url} ${reply.statusCode} ${extraMessage}`.trim()
+  reply.statusCode < 300 ? log.info(message()) : reply.statusCode < 400 ? log.warn(message()) : log.error(message())
 }

package/lib/loader/general.ts CHANGED Viewed

@@ -8,7 +8,8 @@ export function load() {
     enable: true,
     options: {
       reset_external_id_on_login: false,
-      scheduler: false
+      scheduler: false,
+      embedded_auth: true
     }
   }

package/lib/loader/router.ts CHANGED Viewed

@@ -31,9 +31,10 @@ export function load(): ConfiguredRoute[] {
           method: methodCase,
           path: pathName = '/',
           handler,
+          roles: rs = [],
           config = {} as RouteConfig,
           middlewares = [],
-          roles: rs = []
+          rateLimit
         } = route
         const rsp = !rs.length ? [roles.public] : rs
@@ -147,6 +148,7 @@ export function load(): ConfiguredRoute[] {
             roles: requiredRoles,
             enable,
             rawBody,
+            rateLimit,
             base,
             file: path.join(base, defaultConfig.controller || 'controller', handlerParts[0]),
             func: handlerParts[1],
@@ -210,8 +212,10 @@ async function loadMiddlewares(base: string, middlewares: string[] = []) {
 export function apply(server: any, routes: ConfiguredRoute[]): void {
   log.t && log.trace(`Apply ${routes.length} routes to server with pid ${process.pid}`)
-  routes.forEach(async ({ handler, method, path, middlewares, roles, enable, rawBody, base, file, func, doc }) => {
-    if (enable) {
+  routes.forEach(async (route) => {
+    if (route?.enable) {
+      const { handler, method, path, middlewares, roles, rawBody, rateLimit, base, file, func, doc } = route
       log.t && log.trace(`* Add path ${method} ${path} on handle ${handler}`)
       const midds = await loadMiddlewares(base, middlewares)
@@ -222,11 +226,13 @@ export function apply(server: any, routes: ConfiguredRoute[]): void {
         ...midds,
         config: {
           requiredRoles: roles || [],
-          rawBody: rawBody || false
+          rawBody: rawBody || false,
+          rateLimit: rateLimit || undefined
         },
-        handler: function (req: FastifyRequest, reply: FastifyReply) {
+        handler: async function (req: FastifyRequest, reply: FastifyReply) {
           try {
-            return require(file)[func](req, reply)
+            const module = await import(file)
+            return await module[func](req, reply)
           } catch (err) {
             log.e && log.error(`Cannot find ${file} or method ${func}: ${err}`)
             return reply.code(500).send(`Invalid handler ${handler}`)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@volcanicminds/backend",
-  "version": "0.8.2",
+  "version": "0.9.0",
   "codename": "turin",
   "license": "MIT",
   "description": "The volcanic (minds) backend",
@@ -51,43 +51,43 @@
     "upgrade-pkg": "yarn npm-upgrade"
   },
   "dependencies": {
-    "@apollo/server": "^4.10.0",
+    "@apollo/server": "^4.11.0",
     "@as-integrations/fastify": "^2.1.1",
-    "@fastify/compress": "^7.0.0",
+    "@fastify/compress": "^7.0.3",
     "@fastify/cors": "^9.0.1",
     "@fastify/helmet": "^11.1.1",
-    "@fastify/jwt": "^8.0.0",
-    "@fastify/multipart": "^8.1.0",
+    "@fastify/jwt": "^8.0.1",
+    "@fastify/multipart": "^8.3.0",
     "@fastify/rate-limit": "^9.1.0",
     "@fastify/schedule": "^4.1.1",
-    "@fastify/swagger": "^8.14.0",
-    "@fastify/swagger-ui": "^3.0.0",
-    "@types/node": "^20.11.20",
-    "dayjs": "^1.11.10",
+    "@fastify/swagger": "^8.15.0",
+    "@fastify/swagger-ui": "^3.1.0",
+    "@types/node": "^20.16.2",
+    "dayjs": "^1.11.13",
     "dotenv": "^16.4.5",
-    "fastify": "^4.26.1",
+    "fastify": "^4.28.1",
     "fastify-raw-body": "^4.3.0",
-    "glob": "^10.3.10",
-    "graphql": "^16.8.1",
+    "glob": "^10.4.5",
+    "graphql": "^16.9.0",
     "i18n": "^0.15.1",
     "lodash": "^4.17.21",
-    "nanoid": "^5.0.6",
-    "object-sizeof": "^2.6.4",
-    "pino": "^8.19.0",
-    "pino-pretty": "^10.3.1",
+    "nanoid": "^5.0.7",
+    "object-sizeof": "^2.6.5",
+    "pino": "^9.3.2",
+    "pino-pretty": "^11.2.2",
     "root-require": "^0.3.1",
-    "semver": "^7.6.0",
+    "semver": "^7.6.3",
     "toad-scheduler": "^3.0.1"
   },
   "devDependencies": {
-    "@types/mocha": "^10.0.6",
+    "@types/mocha": "^10.0.7",
     "cross-env": "^7.0.3",
     "expect": "^29.7.0",
-    "mocha": "^10.3.0",
-    "nodemon": "^3.1.0",
+    "mocha": "^10.7.3",
+    "nodemon": "^3.1.4",
     "npm-upgrade": "^3.1.0",
     "ts-node": "^10.9.2",
-    "typescript": "^5.3.3"
+    "typescript": "^5.5.4"
   },
   "repository": {
     "type": "git",

package/types/global.d.ts CHANGED Viewed

@@ -48,8 +48,9 @@ export interface Route {
   path: string
   handler: string
   roles: Role[]
-  config?: RouteConfig
   middlewares: string[]
+  config?: RouteConfig
+  rateLimit?: any
 }
 export interface GeneralConfig {
@@ -58,6 +59,7 @@ export interface GeneralConfig {
   options: {
     reset_external_id_on_login: boolean
     scheduler: boolean
+    embedded_auth: boolean
   }
 }
@@ -88,6 +90,7 @@ export interface ConfiguredRoute {
   path: string
   handler: any
   rawBody: boolean
+  rateLimit: any
   file: string
   func: any
   base: string