npm - backend-manager - Versions diffs - 5.0.49 → 5.0.51 - Mend

backend-manager 5.0.49 → 5.0.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "backend-manager",
-  "version": "5.0.49",
+  "version": "5.0.51",
   "description": "Quick tools for developing Firebase functions",
   "main": "src/manager/index.js",
   "bin": {

package/src/cli/commands/setup-tests/hosting-rewrites.js CHANGED Viewed

@@ -14,10 +14,10 @@ class HostingRewritesTest extends BaseTest {
     // Check first rule is correct
     const firstIsCorrect = firstRewrite?.source === '{/backend-manager,/backend-manager/**}' && firstRewrite?.function === 'bm_api';
-    // Check no duplicates exist (only one backend-manager rule allowed)
-    const backendManagerCount = rewrites.filter(r => r.source?.startsWith('/backend-manager')).length;
+    // Check no duplicates exist (only one bm_api rule allowed)
+    const bmApiCount = rewrites.filter(r => r.function === 'bm_api').length;
-    return firstIsCorrect && backendManagerCount === 1;
+    return firstIsCorrect && bmApiCount === 1;
   }
   async fix() {
@@ -26,8 +26,8 @@ class HostingRewritesTest extends BaseTest {
     // Set default
     hosting.rewrites = hosting.rewrites || [];
-    // Remove any existing backend-manager rewrites (with or without wildcards)
-    hosting.rewrites = hosting.rewrites.filter(rewrite => !rewrite.source?.startsWith('/backend-manager'));
+    // Remove any existing bm_api rewrites
+    hosting.rewrites = hosting.rewrites.filter(rewrite => rewrite.function !== 'bm_api');
     // Add to top
     hosting.rewrites.unshift({

package/src/manager/functions/core/actions/api/admin/backup.js CHANGED Viewed

@@ -19,7 +19,7 @@ Module.prototype.main = function () {
     payload.data.payload.deletionRegex = payload.data.payload.deletionRegex ? powertools.regexify(payload.data.payload.deletionRegex) : payload.data.payload.deletionRegex;
     if (!payload.user.roles.admin && assistant.isProduction()) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // https://googleapis.dev/nodejs/firestore/latest/v1.FirestoreAdminClient.html#exportDocuments

package/src/manager/functions/core/actions/api/admin/create-post.js CHANGED Viewed

@@ -27,7 +27,7 @@ Module.prototype.main = function () {
     try {
       // Perform checks
       if (!payload.user.roles.admin && !payload.user.roles.blogger) {
-        return reject(assistant.errorify(`Admin required.`, {code: 401}));
+        return reject(assistant.errorify(`Admin required.`, {code: 403}));
       }
       // Log payload

package/src/manager/functions/core/actions/api/admin/cron.js CHANGED Viewed

@@ -13,7 +13,7 @@ Module.prototype.main = function () {
     // Check if the user is an admin
     if (!payload.user.roles.admin && assistant.isProduction()) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Check if the ID is set

package/src/manager/functions/core/actions/api/admin/database-read.js CHANGED Viewed

@@ -15,8 +15,10 @@ Module.prototype.main = function () {
     payload.data.payload.options = payload.data.payload.options || {};
     // Perform checks
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     } else if (!payload.data.payload.path) {
       return reject(assistant.errorify(`<path> parameter required`, {code: 400}));
     }

package/src/manager/functions/core/actions/api/admin/database-write.js CHANGED Viewed

@@ -16,8 +16,10 @@ Module.prototype.main = function () {
     payload.data.payload.options = payload.data.payload.options || {};
     // Perform checks
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     } else if (!payload.data.payload.path) {
       return reject(assistant.errorify(`<path> parameter required`, {code: 400}));
     }

package/src/manager/functions/core/actions/api/admin/edit-post.js CHANGED Viewed

@@ -21,7 +21,7 @@ Module.prototype.main = function () {
     try {
       // Perform checks
       if (!payload.user.roles.admin && !payload.user.roles.blogger) {
-        return reject(assistant.errorify(`Admin required.`, {code: 401}));
+        return reject(assistant.errorify(`Admin required.`, {code: 403}));
       }
       // Check for GitHub configuration

package/src/manager/functions/core/actions/api/admin/firestore-query.js CHANGED Viewed

@@ -14,8 +14,10 @@ Module.prototype.main = function () {
   return new Promise(async function(resolve, reject) {
     // Perform checks
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Run queries

package/src/manager/functions/core/actions/api/admin/firestore-read.js CHANGED Viewed

@@ -15,8 +15,10 @@ Module.prototype.main = function () {
     payload.data.payload.options = payload.data.payload.options || {};
     // Perform checks
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     } else if (!payload.data.payload.path) {
       return reject(assistant.errorify(`<path> parameter required`, {code: 400}));
     }

package/src/manager/functions/core/actions/api/admin/firestore-write.js CHANGED Viewed

@@ -18,8 +18,10 @@ Module.prototype.main = function () {
     payload.data.payload.options.metadataTag = typeof payload.data.payload.options.metadataTag === 'undefined' ? 'admin:firestore-write' : payload.data.payload.options.metadataTag;
     // Perform checks
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     } else if (!payload.data.payload.path) {
       return reject(assistant.errorify(`Path parameter required.`, {code: 400}));
     }

package/src/manager/functions/core/actions/api/admin/get-stats.js CHANGED Viewed

@@ -19,8 +19,10 @@ Module.prototype.main = function () {
     payload.data.payload.update = payload.data.payload.update || false;
     // Perform checks
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Get stats ref

package/src/manager/functions/core/actions/api/admin/payment-processor.js CHANGED Viewed

@@ -16,8 +16,10 @@ Module.prototype.main = function () {
   return new Promise(async function(resolve, reject) {
     // Check for admin
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     const productId = payload?.data?.payload?.payload?.details?.productIdGlobal;

package/src/manager/functions/core/actions/api/admin/run-hook.js CHANGED Viewed

@@ -17,7 +17,7 @@ Module.prototype.main = function () {
   return new Promise(async function(resolve, reject) {
     // Perform checks
     if (!payload.user.roles.admin && assistant.isProduction()) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Check for required options

package/src/manager/functions/core/actions/api/admin/send-email.js CHANGED Viewed

@@ -25,8 +25,10 @@ Module.prototype.main = function () {
     self.sendgrid = sendgrid;
     // Check if user is admin
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, { code: 401 }));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, { code: 403 }));
     }
     // Check for SendGrid key

package/src/manager/functions/core/actions/api/admin/send-notification copy.js CHANGED Viewed

@@ -55,7 +55,7 @@ Module.prototype.main = function () {
     // Check if user is admin
     if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Check if title and body are set

package/src/manager/functions/core/actions/api/admin/send-notification.js CHANGED Viewed

@@ -71,8 +71,10 @@ Module.prototype.main = function () {
     assistant.log('Resolved notification payload', notification)
     // Check if user is admin
-    if (!payload.user.roles.admin) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+    if (!payload.user.authenticated) {
+      return reject(assistant.errorify(`Authentication required.`, {code: 401}));
+    } else if (!payload.user.roles.admin) {
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Check if title and body are set

package/src/manager/functions/core/actions/api/admin/sync-users.js CHANGED Viewed

@@ -15,7 +15,7 @@ Module.prototype.main = function () {
     // If the user is not an admin, reject
     if (!payload.user.roles.admin && assistant.isProduction()) {
-      return reject(assistant.errorify(`Admin required.`, {code: 401}));
+      return reject(assistant.errorify(`Admin required.`, {code: 403}));
     }
     // Get lastPageToken from meta/stats

package/src/manager/functions/core/actions/api/admin/write-repo-content.js CHANGED Viewed

@@ -21,7 +21,7 @@ Module.prototype.main = function () {
     try {
       // Perform checks
       if (!payload.user.roles.admin && !payload.user.roles.blogger) {
-        return reject(assistant.errorify(`Admin required.`, {code: 401}));
+        return reject(assistant.errorify(`Admin required.`, {code: 403}));
       }
       // Check for GitHub configuration

package/src/manager/functions/core/actions/api.js CHANGED Viewed

@@ -48,28 +48,7 @@ Module.prototype.main = function() {
   return new Promise(async function(resolve, reject) {
     return libraries.cors(req, res, async () => {
-      // Detect new-style RESTful request vs legacy command-based request
-      // New style: command with '/' (e.g., 'general/uuid') or URL path without command
-      // Legacy: command with ':' (e.g., 'general:generate-uuid')
-      const urlPath = req.path || '';
-      const command = assistant.request.data.command || '';
-      // Strip prefix: /backend-manager/ (hosting rewrite) or /bm_api/ (direct function URL) or just leading slash
-      const pathAfterBm = urlPath
-        .replace(/^\/(backend-manager|bm_api)\/?/, '')
-        .replace(/^\//, '');
-      // New style if: command contains '/' OR (URL has path AND no command)
-      const isNewStyleCommand = command.includes('/') && !command.includes(':');
-      const isNewStyleUrl = pathAfterBm.length > 0 && !command;
-      const isNewStyleRequest = isNewStyleCommand || isNewStyleUrl;
-      if (isNewStyleRequest) {
-        // Route path is either from command or URL
-        const routePath = isNewStyleCommand ? command : pathAfterBm;
-        return self.routeToMiddleware(routePath);
-      }
+      // Legacy command-based API only - new-style requests are routed via RequestRouter
       // Set properties
       self.payload.data = assistant.request.data;
       self.payload.user = await assistant.authenticate();
@@ -401,24 +380,6 @@ Module.prototype.resolveApiPath = function (command) {
   }
 };
-Module.prototype.routeToMiddleware = function (routePath) {
-  const self = this;
-  const Manager = self.Manager;
-  const req = self.req;
-  const res = self.res;
-  // Set paths for BEM internal routes/schemas
-  // __dirname is src/manager/functions/core/actions, so we need to go up to src/manager
-  const bemRoutesDir = path.resolve(__dirname, '../../../routes');
-  const bemSchemasDir = path.resolve(__dirname, '../../../schemas');
-  return Manager.Middleware(req, res).run(routePath, {
-    routesDir: bemRoutesDir,
-    schemasDir: bemSchemasDir,
-    schema: routePath,
-  });
-};
 function stripUrl(url) {
   const newUrl = new URL(url);

package/src/manager/helpers/bem-router.js ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * BemRouter
+ * Routes incoming requests to either the legacy command-based API
+ * or the new RESTful middleware system.
+ *
+ * Detection rules:
+ * - Legacy: command with ':' AND no meaningful route path
+ *   - Direct function call: /us-central1/bm_api (no path after prefix)
+ *   - Hosting rewrite: /backend-manager (no path after prefix)
+ * - New: URL path like /backend-manager/user/sign-up (has path after prefix)
+ */
+function BemRouter(Manager, req, res) {
+  const self = this;
+  self.Manager = Manager;
+  self.req = req;
+  self.res = res;
+}
+BemRouter.prototype.resolve = function () {
+  const self = this;
+  const req = self.req;
+  // Extract command from body/query (legacy format)
+  const body = req.body || {};
+  const query = req.query || {};
+  const command = body.command || query.command || '';
+  // Extract URL path
+  const urlPath = req.path || '';
+  // Strip prefix: /backend-manager/ or /bm_api/ or leading slash
+  const routePath = urlPath
+    .replace(/^\/(backend-manager|bm_api)\/?/, '')
+    .replace(/^\//, '');
+  // Legacy if: command contains ':' AND routePath is empty
+  // (called via direct function URL or hosting rewrite without a sub-path)
+  const isLegacy = command.includes(':') && !routePath;
+  return {
+    type: isLegacy ? 'legacy' : 'middleware',
+    command: command,
+    routePath: routePath,
+    isLegacy: isLegacy,
+    isNewStyle: !isLegacy,
+  };
+};
+module.exports = BemRouter;

package/src/manager/index.js CHANGED Viewed

@@ -396,6 +396,21 @@ Manager.prototype._preProcess = function (mod) {
   });
 };
+Manager.prototype._processMiddleware = function (req, res, routePath) {
+  const self = this;
+  // Set paths for BEM internal routes/schemas
+  const bemRoutesDir = path.resolve(__dirname, './routes');
+  const bemSchemasDir = path.resolve(__dirname, './schemas');
+  // Route directly through middleware (no hooks for new system)
+  return self.Middleware(req, res).run(routePath, {
+    routesDir: bemRoutesDir,
+    schemasDir: bemSchemasDir,
+    schema: routePath,
+  });
+};
 // Manager.prototype.Assistant = function(ref, options) {
 //   const self = this;
 //   ref = ref || {};
@@ -469,6 +484,12 @@ Manager.prototype.Middleware = function () {
   return new self.libraries.Middleware(self, ...arguments);
 };
+Manager.prototype.BemRouter = function (req, res) {
+  const self = this;
+  self.libraries.BemRouter = self.libraries.BemRouter || require('./helpers/bem-router.js');
+  return new self.libraries.BemRouter(self, req, res);
+};
 Manager.prototype.EventMiddleware = function (payload) {
   const self = this;
   self.libraries.EventMiddleware = self.libraries.EventMiddleware || require('./helpers/event-middleware.js');
@@ -707,8 +728,17 @@ Manager.prototype.setupFunctions = function (exporter, options) {
   exporter.bm_api =
   self.libraries.functions
   .runWith({memory: '256MB', timeoutSeconds: 60 * 5})
-  // TODO: Replace this with new API
-  .https.onRequest(async (req, res) => self._process((new (require(`${core}/actions/api.js`))()).init(self, { req: req, res: res, })));
+  .https.onRequest(async (req, res) => {
+    const route = self.BemRouter(req, res).resolve();
+    if (route.isLegacy) {
+      // Legacy command-based API -> goes through api.js + _process() for hooks
+      return self._process((new (require(`${core}/actions/api.js`))()).init(self, { req, res }));
+    } else {
+      // New RESTful middleware system -> direct to middleware (no hooks)
+      return self._processMiddleware(req, res, route.routePath);
+    }
+  });
   // Setup legacy functions
   if (options.setupFunctionsLegacy) {

package/test/functions/admin/firestore-query.js CHANGED Viewed

@@ -195,7 +195,7 @@ module.exports = {
     {
       name: 'non-admin-rejected',
       async run({ http, assert }) {
-        const queryResponse = await http.as('user').command('admin:firestore-query', {
+        const queryResponse = await http.as('basic').command('admin:firestore-query', {
           queries: [{ collection: TEST_COLLECTION }],
         });

package/test/functions/general/add-marketing-contact.js CHANGED Viewed

@@ -225,12 +225,12 @@ module.exports = {
         assert.isSuccess(response, 'Add marketing contact with specific providers should succeed');
-        // Should only have sendgrid result
-        if (response.data?.providers) {
-          assert.hasProperty(response.data.providers, 'sendgrid', 'Should have SendGrid result');
-        }
+        // Only check providers if TEST_EXTENDED_MODE is set (external APIs are called)
         if (process.env.TEST_EXTENDED_MODE) {
+          // Should only have sendgrid result
+          if (response.data?.providers) {
+            assert.hasProperty(response.data.providers, 'sendgrid', 'Should have SendGrid result');
+          }
           state.sendgridAdded = response.data?.providers?.sendgrid?.success;
           // Beehiiv not called since we only specified sendgrid
         }