c8y-nitro 0.3.0 → 0.4.1

package/dist/utils/middleware.mjs

@@ -1,62 +0,0 @@
-import { useUserClient } from "./client.mjs";
-import { useUserRoles } from "./resources.mjs";
-import process from "node:process";
-import { HTTPError, defineHandler } from "nitro/h3";
-
-//#region src/utils/middleware.ts
-function hasUserRequiredRole(roleOrRoles) {
-	return defineHandler(async (event) => {
-		const requiredRoles = Array.isArray(roleOrRoles) ? roleOrRoles : [roleOrRoles];
-		const userRoles = await useUserRoles(event);
-		if (!requiredRoles.some((role) => userRoles.includes(role))) throw new HTTPError({
-			status: 403,
-			statusText: "Forbidden",
-			message: `User does not have required role(s) to access this resource: ${requiredRoles.join(", ")}`
-		});
-	});
-}
-function isUserFromAllowedTenant(tenantIdOrIds) {
-	return defineHandler(async (event) => {
-		const allowedTenants = Array.isArray(tenantIdOrIds) ? tenantIdOrIds : [tenantIdOrIds];
-		const userTenantId = useUserClient(event).core.tenant;
-		if (!allowedTenants.includes(userTenantId)) throw new HTTPError({
-			status: 403,
-			statusText: "Forbidden",
-			message: `User's tenant '${userTenantId}' is not allowed to access this resource. Allowed tenants: ${allowedTenants.join(", ")}`
-		});
-	});
-}
-/**
-* Middleware to check if the current user belongs to the deployed tenant.\
-* The deployed tenant is where this microservice is hosted (C8Y_BOOTSTRAP_TENANT).\
-* If the user's tenant doesn't match the deployed tenant, throws a 403 Forbidden error.\
-* Must be used within a request handler context.\
-* @returns Event handler that validates user is from deployed tenant
-* @example
-* // Only allow users from the deployed tenant:
-* export default defineHandler({
-*  middleware: [isUserFromDeployedTenant()],
-*  handler: async () => {
-*   return { message: 'You have access' }
-*  }
-* })
-*/
-function isUserFromDeployedTenant() {
-	return defineHandler(async (event) => {
-		const userTenantId = useUserClient(event).core.tenant;
-		const deployedTenantId = process.env.C8Y_BOOTSTRAP_TENANT;
-		if (!deployedTenantId) throw new HTTPError({
-			status: 500,
-			statusText: "Internal Server Error",
-			message: "C8Y_BOOTSTRAP_TENANT environment variable is not set"
-		});
-		if (userTenantId !== deployedTenantId) throw new HTTPError({
-			status: 403,
-			statusText: "Forbidden",
-			message: `Only users from tenant '${deployedTenantId}' can access this resource.`
-		});
-	});
-}
-
-//#endregion
-export { hasUserRequiredRole, isUserFromAllowedTenant, isUserFromDeployedTenant };

package/dist/utils/resources.d.mts

@@ -1,30 +0,0 @@
-import { ICurrentUser } from "@c8y/client";
-import { H3Event } from "nitro/h3";
-import { ServerRequest } from "nitro/types";
-
-//#region src/utils/resources.d.ts
-/**
- * Fetches the current user from Cumulocity using credentials extracted from the current request's headers.
- * This is a non-cached version - fetches fresh data on every call.
- * @param requestOrEvent - The H3Event or ServerRequest from the current request
- * @returns The current user object from Cumulocity
- * @example
- * // In a request handler:
- * const user = await useUser(event)
- * console.log(user.userName, user.email)
- */
-declare function useUser(requestOrEvent: ServerRequest | H3Event): Promise<ICurrentUser>;
-/**
- * Fetches the roles of the current user from Cumulocity.
- * Internally calls `useUser()` and extracts role IDs from the user object.
- * This is a non-cached version - fetches fresh data on every call.
- * @param requestOrEvent - The H3Event or ServerRequest from the current request
- * @returns Array of role ID strings assigned to the current user
- * @example
- * // In a request handler:
- * const roles = await useUserRoles(event)
- * console.log(roles) // ['ROLE_INVENTORY_READ', 'ROLE_INVENTORY_ADMIN']
- */
-declare function useUserRoles(requestOrEvent: ServerRequest | H3Event): Promise<string[]>;
-//#endregion
-export { useUser, useUserRoles };

package/dist/utils/resources.mjs

@@ -1,49 +0,0 @@
-import { useUserClient } from "./client.mjs";
-import { HTTPError } from "nitro/h3";
-
-//#region src/utils/resources.ts
-/**
-* Fetches the current user from Cumulocity using credentials extracted from the current request's headers.
-* This is a non-cached version - fetches fresh data on every call.
-* @param requestOrEvent - The H3Event or ServerRequest from the current request
-* @returns The current user object from Cumulocity
-* @example
-* // In a request handler:
-* const user = await useUser(event)
-* console.log(user.userName, user.email)
-*/
-async function useUser(requestOrEvent) {
-	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
-	if (request.context?.["c8y_user"]) return request.context["c8y_user"];
-	const { res, data: user } = await useUserClient(requestOrEvent).user.currentWithEffectiveRoles();
-	if (!res.ok) throw new HTTPError({
-		message: `Failed to fetch current user`,
-		status: res.status,
-		statusText: res.statusText
-	});
-	request.context ??= {};
-	request.context["c8y_user"] = user;
-	return user;
-}
-/**
-* Fetches the roles of the current user from Cumulocity.
-* Internally calls `useUser()` and extracts role IDs from the user object.
-* This is a non-cached version - fetches fresh data on every call.
-* @param requestOrEvent - The H3Event or ServerRequest from the current request
-* @returns Array of role ID strings assigned to the current user
-* @example
-* // In a request handler:
-* const roles = await useUserRoles(event)
-* console.log(roles) // ['ROLE_INVENTORY_READ', 'ROLE_INVENTORY_ADMIN']
-*/
-async function useUserRoles(requestOrEvent) {
-	const request = "req" in requestOrEvent ? requestOrEvent.req : requestOrEvent;
-	if (request.context?.["c8y_user_roles"]) return request.context["c8y_user_roles"];
-	const userRoles = (await useUser(requestOrEvent)).effectiveRoles?.map((role) => role.name) ?? [];
-	request.context ??= {};
-	request.context["c8y_user_roles"] = userRoles;
-	return userRoles;
-}
-
-//#endregion
-export { useUser, useUserRoles };

package/dist/utils/tenantOptions.d.mts

@@ -1,65 +0,0 @@
-import { C8YTenantOptionKey } from "c8y-nitro/types";
-
-//#region src/utils/tenantOptions.d.ts
-/**
- * Fetches a tenant option value by key.\
- * Uses the deployed tenant's service user credentials to access the Options API.\
- * Results are cached based on the configured TTL (default: 10 minutes).
- *
- * @param key - The tenant option key to fetch (as defined in `manifest.settings`)
- * @returns The option value as a string
- *
- * @config Cache TTL can be configured via:
- * - `c8y.cache.defaultTenantOptionsTTL` — Default TTL for all keys (in seconds)
- * - `c8y.cache.tenantOptions` — Per-key TTL overrides
- * - `NITRO_C8Y_DEFAULT_TENANT_OPTIONS_TTL` — Environment variable for default TTL
- *
- * @note For encrypted options (keys starting with `credentials.`), the value is automatically
- * decrypted by Cumulocity if this microservice is the owner of the option (category matches
- * the microservice's settingsCategory/contextPath/name). The `credentials.` prefix is
- * automatically stripped when calling the API.
- *
- * @example
- * // Fetch a tenant option:
- * const value = await useTenantOption('myOption')
- *
- * // Fetch an encrypted secret:
- * const secret = await useTenantOption('credentials.apiKey')
- *
- * // Invalidate cache for a specific key:
- * await useTenantOption.invalidate('myOption')
- *
- * // Force refresh a specific key:
- * const fresh = await useTenantOption.refresh('myOption')
- *
- * // Invalidate all tenant option caches:
- * await useTenantOption.invalidateAll()
- *
- * // Refresh all tenant options:
- * const all = await useTenantOption.refreshAll()
- */
-declare const useTenantOption: ((key: C8YTenantOptionKey) => Promise<string | undefined>) & {
-  /**
-   * Invalidate the cache for a specific tenant option key.
-   * @param key - The tenant option key to invalidate
-   */
-  invalidate: (key: C8YTenantOptionKey) => Promise<void>;
-  /**
-   * Force refresh a specific tenant option key (invalidates and re-fetches).
-   * @param key - The tenant option key to refresh
-   */
-  refresh: (key: C8YTenantOptionKey) => Promise<string | undefined>;
-  /**
-   * Invalidate all tenant option caches that have been accessed.
-   * Only invalidates keys that have been fetched at least once.
-   */
-  invalidateAll: () => Promise<void>;
-  /**
-   * Refresh all tenant options that have been accessed.
-   * Only refreshes keys that have been fetched at least once.
-   * @returns Object mapping keys to their refreshed values
-   */
-  refreshAll: () => Promise<Record<string, string | undefined>>;
-};
-//#endregion
-export { useTenantOption };

package/dist/utils/tenantOptions.mjs

@@ -1,127 +0,0 @@
-import { useDeployedTenantClient } from "./client.mjs";
-import { defineCachedFunction } from "nitro/cache";
-import { useStorage } from "nitro/storage";
-import { useRuntimeConfig } from "nitro/runtime-config";
-
-//#region src/utils/tenantOptions.ts
-/**
-* Gets the cache TTL for a specific tenant option key.
-* Uses per-key override if defined, otherwise falls back to default TTL.
-* @param key - The tenant option key
-*/
-function getTenantOptionCacheTTL(key) {
-	const config = useRuntimeConfig();
-	return config.c8yTenantOptionsPerKeyTTL?.[key] ?? config.c8yDefaultTenantOptionsTTL ?? 600;
-}
-/**
-* Internal storage for cached functions per key
-*/
-const tenantOptionFetchers = {};
-/**
-* Factory function that creates a cached fetcher for a specific tenant option key.
-* @param key - The tenant option key
-*/
-function createCachedTenantOptionFetcher(key) {
-	const cacheName = `_c8y_nitro_tenant_option_${key.replace(/\./g, "_")}`;
-	const fetcher = defineCachedFunction(async () => {
-		const client = await useDeployedTenantClient();
-		const category = useRuntimeConfig().c8ySettingsCategory;
-		const apiKey = key.replace(/^credentials\./, "");
-		try {
-			return (await client.options.tenant.detail({
-				key: apiKey,
-				category
-			})).data.value;
-		} catch (error) {
-			if (error?.res?.status === 404 || error?.status === 404) return;
-			throw error;
-		}
-	}, {
-		maxAge: getTenantOptionCacheTTL(key),
-		name: cacheName,
-		group: "c8y_nitro",
-		swr: false
-	});
-	return Object.assign(fetcher, {
-		invalidate: async () => {
-			const completeKey = `c8y_nitro:functions:${cacheName}.json`;
-			await useStorage("cache").removeItem(completeKey);
-		},
-		refresh: async () => {
-			const completeKey = `c8y_nitro:functions:${cacheName}.json`;
-			await useStorage("cache").removeItem(completeKey);
-			return await fetcher();
-		}
-	});
-}
-/**
-* Gets or creates a cached fetcher for a specific tenant option key.
-* @param key - The tenant option key
-*/
-function getOrCreateFetcher(key) {
-	let fetcher = tenantOptionFetchers[key];
-	if (!fetcher) {
-		fetcher = createCachedTenantOptionFetcher(key);
-		tenantOptionFetchers[key] = fetcher;
-	}
-	return fetcher;
-}
-/**
-* Fetches a tenant option value by key.\
-* Uses the deployed tenant's service user credentials to access the Options API.\
-* Results are cached based on the configured TTL (default: 10 minutes).
-*
-* @param key - The tenant option key to fetch (as defined in `manifest.settings`)
-* @returns The option value as a string
-*
-* @config Cache TTL can be configured via:
-* - `c8y.cache.defaultTenantOptionsTTL` — Default TTL for all keys (in seconds)
-* - `c8y.cache.tenantOptions` — Per-key TTL overrides
-* - `NITRO_C8Y_DEFAULT_TENANT_OPTIONS_TTL` — Environment variable for default TTL
-*
-* @note For encrypted options (keys starting with `credentials.`), the value is automatically
-* decrypted by Cumulocity if this microservice is the owner of the option (category matches
-* the microservice's settingsCategory/contextPath/name). The `credentials.` prefix is
-* automatically stripped when calling the API.
-*
-* @example
-* // Fetch a tenant option:
-* const value = await useTenantOption('myOption')
-*
-* // Fetch an encrypted secret:
-* const secret = await useTenantOption('credentials.apiKey')
-*
-* // Invalidate cache for a specific key:
-* await useTenantOption.invalidate('myOption')
-*
-* // Force refresh a specific key:
-* const fresh = await useTenantOption.refresh('myOption')
-*
-* // Invalidate all tenant option caches:
-* await useTenantOption.invalidateAll()
-*
-* // Refresh all tenant options:
-* const all = await useTenantOption.refreshAll()
-*/
-const useTenantOption = Object.assign(async (key) => {
-	return await getOrCreateFetcher(key)();
-}, {
-	invalidate: async (key) => {
-		const fetcher = tenantOptionFetchers[key];
-		if (fetcher) await fetcher.invalidate();
-	},
-	refresh: async (key) => {
-		return await getOrCreateFetcher(key).refresh();
-	},
-	invalidateAll: async () => {
-		await Promise.all(Object.values(tenantOptionFetchers).map((fetcher) => fetcher?.invalidate()));
-	},
-	refreshAll: async () => {
-		const entries = Object.entries(tenantOptionFetchers);
-		const values = await Promise.all(entries.map(([, fetcher]) => fetcher?.refresh()));
-		return Object.fromEntries(entries.map(([key], i) => [key, values[i]]));
-	}
-});
-
-//#endregion
-export { useTenantOption };