corebasic 1.0.102 → 1.0.104

package/libs/auth.js

@@ -1,7 +1,7 @@
 import axios from 'axios'
 import otpGenerator from 'otp-generator'
 
-import * as Elabase from './elabase.js'
+import * as Dip from './dip.js'
 import * as Utils from './utils.js'
 import * as Session from './session.js'
 
@@ -34,6 +34,8 @@ export const start = (app, successCallback) => {
 }
 
 async function attemptLogin(req, res) {
+    let meta = {company: "GLOBAL", outlet: "GLOBAL"}
+
     let expiry = 300000
     let phone = req.body.phone.trim()
     let time = new Date().getTime()
@@ -45,9 +47,9 @@ async function attemptLogin(req, res) {
         throw { ...errMessage, mode: otpValid ? 'verify' : 'login', info: "Invalid Client ID" }
 
     if (otpValid) { // verify login
-        let res = await Elabase.query(collection, { _id: phone, otp: req.body.otp, clientId, time: { $gt: time - expiry } })
+        let res = await Dip.query(meta, collection, { _id: phone, otp: req.body.otp, clientId, time: { $gt: time - expiry } })
         if (res.length) {
-            try {await Elabase.update(collection, { _id: phone }, { $set: { otp: '', clientId: '' } }) } catch (err) { throw {...errMessage, mode: 'verify', info: 'Cleanup Failed'} }
+            try {await Dip.update(meta, collection, { _id: phone }, { $set: { otp: '', clientId: '' } }) } catch (err) { throw {...errMessage, mode: 'verify', info: 'Cleanup Failed'} }
             return {...res[0], mode: 'verify', success: true, userId: res[0].userId, phone: res[0]._id}
         }
         throw {...errMessage, mode: 'verify', info: "Invalid/Expired OTP"}
@@ -57,8 +59,9 @@ async function attemptLogin(req, res) {
             let userId = req.body.userId ?? Utils.uid()
             let now = Utils.now().toISOString()
             let data = req.body.data ?? {}
-            let meta = { clientId, created: now, updated: now, ...data}
-            await Elabase.update(collection, { _id: phone }, { $set: { otp, clientId, time, updated: now }, $setOnInsert: { _id: phone, otp, time, userId, ...meta } }, { upsert: true })
+            let info = { clientId, created: now, updated: now, ...data}
+            await Dip.update(meta, collection, { _id: phone }, { $set: { otp, clientId, time, updated: now }, $setOnInsert: { _id: phone, otp, time, userId, ...info } }, { upsert: true })
+
             return {mode: 'login', success: true, userId, expiry, phone}
         }
         throw {...errMessage, mode: 'login', info: 'Generating Info Failed'}
@@ -85,9 +88,10 @@ async function sendOtp(phone, otp, app) {
 
 // Usage
 // Auth.validate((req) => ["Phone1", "Phone2"].includes(req.body.phone.trim()))
-// Auth.start(app, async (req, res, data) => { 
+// Auth.start(app, async (req, res, data) => {
 //     try {
-//         await Elabase.insert("users", {  }, "asdsds")
+//         let meta = {company: "GLOBAL", outlet: "GLOBAL"}
+//         await Dip.insert(meta, "users", {  }, "asdsds")
 //         await Kafka.send("users", {event: "userLogin", ...data, time: Utils.now()})
 //         res.json(data)
 //     } catch {

package/libs/dip.js

@@ -18,28 +18,30 @@ export let config = Elabase.config
 export const IdempotentDip = () => {
     return {
         txn: '',
-        new: (async function (txn, blank) {
+        meta: undefined,
+        new: (async function (meta, txn, blank) {
             this.txn = txn
-            return blank ? this : (await Elabase.query("txns",{_id: this.txn}).length ? false : this)
+            this.meta = meta
+            return blank ? this : (await Elabase.query(this.meta, "txns",{_id: this.txn}).length ? false : this)
         }),
         insert: (async function (collection, query, data) {
-            await Elabase.update(collection, query, { $setOnInsert: data }, {upsert: true})
+            await Elabase.update(this.meta, collection, query, { $setOnInsert: data }, {upsert: true})
         }),
         update: (async function (collection, query, data, rollback) {
             let token = { [this.txn]: true }
             let idempotent = { [this.txn]: { $exists: rollback ?? false } }
-            let result = await Elabase.update(collection, {...query, ...idempotent}, {...data, $setOnInsert: undefined, $set: {...(data.$set ?? {}), ...token} })
-            return result.count ? true : await Elabase.query(collection, {...query, ...idempotent}).length
+            let result = await Elabase.update(this.meta, collection, {...query, ...idempotent}, {...data, $setOnInsert: undefined, $set: {...(data.$set ?? {}), ...token} })
+            return result.count ? true : await Elabase.query(this.meta, collection, {...query, ...idempotent}).length
         }),
         upsert: (async function (collection, query, data, rollback) {
             await this.insert(collection, query, data.$setOnInsert)
             return await this.update(collection, query, data, rollback)
         }),
         cleanup: (async function (collection, query) {
-            await Elabase.update(collection, query, { $unset: { [this.txn]: true } })
+            await Elabase.update(this.meta, collection, query, { $unset: { [this.txn]: true } })
         }),
         finish: (async function () {
-            return await Elabase.update("txns",{_id: this.txn}, {}, {upsert: true})
+            return await Elabase.update(this.meta, "txns",{_id: this.txn}, {}, {upsert: true})
         })
     }
 }

package/libs/elabase.js

@@ -83,7 +83,15 @@ export function transactionCommit(arg) {
     })
 }
 
-export const insert = async (collection, value, _id) => {
+export const insert = async (meta, collection, value, _id) => {
+    // Multi Company Support
+    collection = `${meta.company}.${collection}`
+    if (meta.company !== "GLOBAL") {
+        if (typeof value === "object" && !Array.isArray(value))
+            value.company = meta.company
+    }
+    // ---------------------
+
     var arg = {
         collection: collection,
         insert: value
@@ -104,7 +112,14 @@ export const insert = async (collection, value, _id) => {
     })
 }
 
-export const query = async (collection, query, options) => {
+export const query = async (meta, collection, query, options) => {
+    // Multi Company Support
+    collection = `${meta.company}.${collection}`
+    if (meta.company !== "GLOBAL")
+        query.company = meta.company
+    // ---------------------
+
+
     var arg = {
         collection: collection,
         query: query,
@@ -137,7 +152,16 @@ function collectionArray(col) {
 }
 
 
-export const update = async (collection, query, update, options) => {
+export const update = async (meta, collection, query, update, options) => {
+    // Multi Company Support
+    collection = `${meta.company}.${collection}`
+    if (meta.company !== "GLOBAL") {
+        query.company = meta.company
+        if (update?.$setOnInsert)
+            update.$setOnInsert.company = meta.company
+    }
+    // ---------------------
+
     var arg = {
         collection: collection,
         query: query,
@@ -157,7 +181,13 @@ export const update = async (collection, query, update, options) => {
     })
 }
 
-export const remove = async (collection, query) => {
+export const remove = async (meta, collection, query) => {
+    // Multi Company Support
+    collection = `${meta.company}.${collection}`
+    if (meta.company !== "GLOBAL")
+        query.company = meta.company
+    // ---------------------
+
     var arg = {
         collection: collection,
         query: query,

package/libs/features.js

@@ -39,7 +39,7 @@ let appId = Utils.uid()
 let SERVICE_ADDRESS = process.env.APP_ENDPOINT || 'http://127.0.0.1:3000'
 
 
-export const send = async (feature, params, payload, headers) => {
+export const send = async (meta, feature, data, params) => {
     const throwError = () => {throw {message: `Feature ${feature} not found in internal or external list during inter feature call`}}
     let {api, service = SERVICE_ADDRESS} = getFeature(feature) ?? SLYP_FEATURES_LIST[feature] ?? throwError()
     let method = getFeatureMethod(api)
@@ -52,10 +52,10 @@ export const send = async (feature, params, payload, headers) => {
             throw {feature, when: 'api/params/substitution', message: "Internal Feature Call" }
     }
 
-    payload = { ...payload, feature, txn: Utils.uid() }
+    let payload = { ...meta, data, feature, txn: Utils.uid() }
 
     // return  (await axios[method](`${service}${url}`, { data: payload, headers: {jwt: headers.jwt}, timeout: 1000 })).data
-    return  (await axios[method](`${service}${url}`, { data: payload, headers: {jwt: SERVICE_ACCESS_TOKEN, service: true}, timeout: 1000 })).data
+    return  (await axios[method](`${service}${url}`, payload, {headers: {jwt: SERVICE_ACCESS_TOKEN, service: true}, timeout: 1000 })).data
 }
 
 let appids = {}
@@ -123,6 +123,8 @@ export const start = async (app, url, file) => {
                     if (!req.params[param])
                         throw { status: 404, message: "Resource not found. One or more url parameter not specified." }
 
+                let meta = {...req.body, data: undefined}
+                req.meta = meta
 
                 if (method === "get") {
                     try {
@@ -164,9 +166,9 @@ export const start = async (app, url, file) => {
             topic = topic.replace(/^.*Features./,'')
             while (true) {
                 try {
-                    await Dip.update(`users.txns.${message.user}`, {_id: message.txn}, { $setOnInsert: { user: message.user, feature: message.feature, date: message.date, created: message.date, updated: message.date, status: "Queued" } }, {upsert: true}) // Can always update the status later
+                    await Dip.update(message.meta, `users.txns.${message.user}`, {_id: message.txn}, { $setOnInsert: { user: message.user, feature: message.feature, date: message.date, created: message.date, updated: message.date, status: "Queued" } }, {upsert: true}) // Can always update the status later
                     await features[message.feature].handler(topic, message)
-                    await Dip.insert("Features.txns", {_id: message.txn, status: "Processed"})
+                    await Dip.insert(message.meta, "Features.txns", {_id: message.txn, status: "Processed"})
                     break
                 } catch {
                     console.warn(`Feature: ${message.feature}, error in executing handler during Kafka.receive(topic: ${topic})`)
@@ -177,9 +179,9 @@ export const start = async (app, url, file) => {
     }
 
     // Transaction status api
-    app.get('/transactions/:id', async (req, res) => {
+    app.get('/transactions/:id', async (req, res) => { // Front end calls this as a regular feature call. so `req.meta` exists
         try {
-            let items = await Dip.query("Features.txns", {_id: req.params.id})
+            let items = await Dip.query(req.meta, "Features.txns", {_id: req.params.id})
             if (items.length)
                 res.json({ data: { ...items[0], txn: items._id } })
             else
@@ -190,7 +192,7 @@ export const start = async (app, url, file) => {
     })
     app.get('/users/:id/transactions', async (req, res) => {
         try {
-            res.json({ data: await Dip.query(`users.txns.${req.params.id}`, {}, { $orderby: { date: -1 } }) })
+            res.json({ data: await Dip.query(req.meta, `users.txns.${req.params.id}`, {}, { $orderby: { date: -1 } }) })
         } catch {
             res.status(500).json({ message: "Failed to retreive data" })
         }
@@ -201,10 +203,11 @@ export const start = async (app, url, file) => {
 
 function prepareMessage(req) {
     let txn = req.body.txn ?? Utils.uid()
-    let _id = req.body.data._id ?? txn
+    let _id = req.body.data?._id ?? txn
     let {data, feature, app, user, outlet, company, client, version} = req.body
+    let meta = req.meta
     let params = req.params
-    return { data, params, feature, app, user, outlet, company, client, version, txn, id: _id, date: new Date().getTime() }
+    return { data, params, meta, feature, app, user, outlet, company, client, version, txn, id: _id, date: new Date().getTime() }
 }
 const commandAction = async (req, res, topic) => {
     let message = prepareMessage(req)

package/libs/messaging.js

@@ -74,8 +74,13 @@ export async function start(app) {
 
 
 export async function publish(channel, message) {
-    if (publisher)
-        await publisher.publish(channel, typeof message === "object" ? JSON.stringify(message) : message);
+    if (publisher && !Utils.isEmpty(channel)) {
+        try {
+            await publisher.publish(channel, typeof message === "object" ? JSON.stringify(message) : message)
+        } catch {
+            console.log('Error: Publishing on redis channel', channel)
+        }
+    }
 }
 
 

package/libs/privileges.js

@@ -0,0 +1,93 @@
+
+
+import * as Dip from './dip.js'
+
+
+let PRIVILEGES_CACHE = {
+
+    // "<company>": {
+    //     "Sales Man": {
+    //         "products.query.list": { type: "Feature"  }
+    //     },
+    //     "Accountant": {
+    //         "Sales Man": { type: "Role" },
+    //         "accounts.query.list": { type: "Feature" },
+    //     },
+    //     "Cashier": {
+    //         "Sales Man": { type: "Role" },
+    //         "cash.query.list": { type: "Feature" },
+    //     },
+    // }
+}
+
+
+const get = async (company) => {
+    PRIVILEGES_CACHE[company] = {}
+    let meta = {company, outlet: "GLOBAL"}
+    let privileges = await Dip.query(meta, "privileges", { })
+    privileges.forEach(privilege => PRIVILEGES_CACHE[company][privilege.name] = privilege)
+
+    // Format
+    for (let role in PRIVILEGES_CACHE[company])
+        PRIVILEGES_CACHE[company][role] = PRIVILEGES_CACHE[company][role].items.reduce( (obj, item) =>   ({...obj, [item.name]: {type: item.type} }), {})
+
+    return PRIVILEGES_CACHE[company]
+}
+
+export const start = async () => {
+    let meta = {company: "GLOBAL", outlet: "GLOBAL"}
+    let companies = await Dip.query(meta, "companies", { })
+    for (let company of companies)
+         await get(company._id)
+}
+
+
+function rolesToFeatures(company, roles) {
+    let features = []
+
+    let privileges = PRIVILEGES_CACHE[company]
+
+    roles.forEach(role => {
+        for (let key in privileges[role]) {
+            let isFeature = privileges[role][key].type === "Feature"
+            let isRole = privileges[role][key].type === "Role"
+            if (isFeature)
+                features.push(key)
+            else if (isRole)
+                features.push(...(rolesToFeatures(company, [key])))
+        }
+    })
+    return features
+}
+
+
+
+
+
+
+const getAllowedFeatures = (company, roles) => {
+    return [...new Set(rolesToFeatures(company, roles))]
+}
+
+const check = async (company, user, feature, req) => {
+    let roles = await getRoles(company, user, req)
+    return roles.includes(feature)
+}
+
+export const checkRequest = async (req) => {
+    return await check(req.body.company, req.body.user, req.body.feature, req)
+}
+
+
+
+
+const getRoles = async (company, user, req) => {
+    let staff = (await Dip.query(req.meta, "staff", { user: user }))[0]
+    let roles = (await Dip.query(req.meta, "privileges.staff", { _id: staff._id }))[0].items.map(item => item._id)
+    return getAllowedFeatures(company, roles)
+}
+
+
+
+
+

package/libs/session.js

@@ -1,4 +1,5 @@
 import jwt from 'jsonwebtoken'
+import * as Privilege from './privileges.js'
 let app
 
 
@@ -15,8 +16,9 @@ export const start = (expressApp, allowedUrls) => {
     urlsAllowed = ["/refreshToken", "/login"].concat(allowedUrls ?? [])
     app = expressApp
 
+    Privilege.start()
 
-    app.use((req, res, next) => {
+    app.use(async (req, res, next) => {
 
         // return next()    // Disable session
 
@@ -28,7 +30,7 @@ export const start = (expressApp, allowedUrls) => {
             const service = req.header('SERVICE');  // Case insensitive search
             if (service && jwt.verify(token, DEPLOY_TOKEN_SECRET))
                 return next()
-            else if (jwt.verify(token, ACCESS_TOKEN_SECRET))
+            else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && (process.env.GRANT_FULL_ACCESS || await Privilege.checkRequest(req)))
                 return next()
             throw null;
         } catch (error) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "corebasic",
   "type": "module",
-  "version": "1.0.102",
+  "version": "1.0.104",
   "description": "",
   "main": "index.js",
   "scripts": {