meadow-endpoints 2.0.14 → 3.0.2

package/Dockerfile

@@ -0,0 +1,48 @@
+# Use the codercom/code-server image
+FROM codercom/code-server:latest
+MAINTAINER steven velozo
+
+VOLUME /home/coder/.config
+VOLUME /home/coder/.vscode
+
+RUN echo "...installing debian dependencies..."
+RUN sudo apt update
+RUN sudo apt install vim curl tmux -y
+RUN sudo apt install default-mysql-server default-mysql-client -y
+
+
+RUN echo "Building RETOLD development image..."
+
+RUN echo "...configuring mariadb (mysql) server..."
+RUN sudo sed -i "s|bind-address|#bind-address|g" /etc/mysql/mariadb.conf.d/50-server.cnf
+ADD ./.config/luxury-extras/MySQL/MySQL-Security.sql /home/coder/MySQL-Configure-Security.sql
+ADD ./.config/luxury-extras/MySQL/MySQL-Laden-Entry.sh /usr/bin/MySQL-Laden-Entry.sh
+RUN ( sudo mysqld_safe --skip-grant-tables --skip-networking & ) && sleep 5 &&  mysql -u root < /home/coder/MySQL-Configure-Security.sql
+
+# Import the initial database
+COPY ./.config/luxury-extras/model/sql_create/BookStore-CreateDatabase.mysql.sql /home/coder/MySQL-Create-Databases.sql
+RUN sudo service mariadb restart && sleep 5 && mysql -u root -p"123456789" -e "CREATE DATABASE bookstore;"
+RUN sudo service mariadb restart && sleep 5 && mysql -u root -p"123456789" bookstore < /home/coder/MySQL-Create-Databases.sql
+RUN sudo service mariadb restart && sleep 5 && mysql -u root -p"123456789" -e "CREATE DATABASE FableTest;"
+
+
+RUN echo "...mapping library specific volumes..."
+# Volume mappings for RETOLD:Meadow Endpoints library
+VOLUME /home/coder/meadow-endpoints
+# VOLUME /home/coder/meadow-endpoints/node_modules
+
+SHELL ["/bin/bash", "-c"]
+USER coder
+
+RUN echo "...installing node version manager..."
+# Because there is a .bashrc chicken/egg problem, we will create one here to simulate logging in.  This is not great.
+RUN touch ~/.bashrc && chmod +x ~/.bashrc
+RUN curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
+
+RUN echo "...installing node version 14 as the default..."
+RUN . ~/.nvm/nvm.sh && source ~/.bashrc && nvm install 14
+RUN . ~/.nvm/nvm.sh && source ~/.bashrc && nvm alias default 14
+
+WORKDIR /home/coder/meadow-endpoints
+
+ENTRYPOINT ["/usr/bin/MySQL-Laden-Entry.sh"]

package/README.md

@@ -16,4 +16,33 @@ The design philosophy is not to cover every possible use case, but to cover the
 
 To best use this library, it should be in conjunction with [stricture](https://github.com/stevenvelozo/stricture) and [orator](https://github.com/stevenvelozo/orator).
 
-Multiple organizations have been using these libraries in medium to high load production environments for over a year.
+
+### Docker Development Environment
+
+1. Run this command to build this image:
+```
+docker build ./ -t retold/meadow-endpoints:local
+```
+
+alternatively you can use npm to run this
+
+```
+npm run docker-dev-build-image
+```
+
+2. Run this command to build the local container:
+```
+docker run -it --name meadow-endpoints-dev -p 127.0.0.1:12343:8080 -v "$PWD/.config:/home/coder/.config"  -v "$PWD:/home/coder/meadow-endpoints" -u "$(id -u):$(id -g)" -e "DOCKER_USER=$USER" retold/meadow-endpoints:local
+```
+
+alternatively you can use npm to run this
+
+```
+npm run docker-dev-run
+```
+
+3. Go to http://localhost:12343/ in a web browser
+
+4. The password is "retold"
+
+5. Right now you (may) need to delete the `node_modules` folders and regenerate it for Linux.

package/package.json

@@ -1,12 +1,32 @@
 {
   "name": "meadow-endpoints",
-  "version": "2.0.14",
+  "version": "3.0.2",
   "description": "Automatic API endpoints for Meadow data.",
   "main": "source/Meadow-Endpoints.js",
   "scripts": {
     "start": "node source/Meadow-Endpoints.js",
     "coverage": "nyc npm run test && nyc report --reporter=lcov",
-    "test": "./node_modules/.bin/mocha --exit -u tdd -R spec"
+    "test": "./node_modules/.bin/mocha --exit -u tdd -R spec",
+    "docker-dev-build-image": "docker build ./ -t retold/meadow-endpoints:local",
+    "docker-dev-run": "docker run -it -d --name meadow-endpoints-dev -p 127.0.0.1:12343:8080 -p 12305:3306 -v \"$PWD/.config:/home/coder/.config\"  -v \"$PWD:/home/coder/meadow-endpoints\" -u \"$(id -u):$(id -g)\" -e \"DOCKER_USER=$USER\" retold/meadow-endpoints:local"
+  },
+  "mocha": {
+    "diff": true,
+    "extension": [
+      "js"
+    ],
+    "package": "./package.json",
+    "reporter": "spec",
+    "slow": "75",
+    "timeout": "5000",
+    "ui": "tdd",
+    "watch-files": [
+      "source/**/*.js",
+      "test/**/*.js"
+    ],
+    "watch-ignore": [
+      "lib/vendor"
+    ]
   },
   "repository": {
     "type": "git",
@@ -24,20 +44,19 @@
   "homepage": "https://github.com/stevenvelozo/meadow-endpoints",
   "devDependencies": {
     "chai": "4.1.2",
-    "codeclimate-test-reporter": "0.5.0",
-    "coveralls": "3.0.2",
+    "chance": "^1.1.8",
     "fable": "^2.0.1",
-    "mocha": "5.2.0",
+    "mocha": "9.2.2",
+    "mysql2": "1.6.1",
     "nyc": "^15.1.0",
     "supertest": "3.1.0"
   },
   "dependencies": {
     "async": "2.6.1",
     "JSONStream": "^1.3.5",
-    "meadow": "~1.0.32",
+    "meadow": "~1.0.34",
     "meadow-filter": "^1.0.1",
-    "mysql2": "1.6.1",
     "orator": "~2.0.2",
-    "underscore": "1.9.1"
+    "underscore": "1.12.1"
   }
 }

package/source/Meadow-Authenticator.js

@@ -1,21 +1,31 @@
 /**
- * Check that a user is logged in
+ * Check that a user is logged in, if enabled
  *
- * @method checkAuthentication
+ * @method getAuthenticator
  */
-var checkAuthentication = function(pRequest, pResponse, fNext)
+const getAuthenticator = (pAuthenticatorMode) =>
 {
-	if (!pRequest.UserSession.LoggedIn)
+	if (pAuthenticatorMode === 'Disabled')
 	{
-		pRequest.EndpointAuthenticated = false;
+		return (pRequest, pResponse, fNext) =>
+		{
+			pRequest.EndpointAuthenticated = true;
+			fNext();
+		};
 	}
-	else
+	return (pRequest, pResponse, fNext) =>
 	{
-		pRequest.EndpointAuthenticated = true;
-	}
+		if (!pRequest.UserSession.LoggedIn)
+		{
+			pRequest.EndpointAuthenticated = false;
+		}
+		else
+		{
+			pRequest.EndpointAuthenticated = true;
+		}
 
-	// This doesn't call next in chain because SendError does that for us.
-	fNext();
+		fNext();
+	}
 };
 
-module.exports = checkAuthentication;
+module.exports = getAuthenticator;

package/source/Meadow-Authorizers.js

@@ -19,6 +19,8 @@ var MeadowAuthorizers = function()
 			return {new: createNew};
 		}
 
+		const _AuthorizationMode = pMeadow.fable.settings.MeadowAuthorizationMode || 'Disabled';
+
 		// An object to hold modifications to specific authorizers.
 		var _AuthorizerFunctions = {};
 
@@ -44,12 +46,14 @@ var MeadowAuthorizers = function()
 			_AuthorizerFunctions[pAuthorizerHash] = fAuthorizer;
 		};
 
-
-		// Map in the default authorizers
-		setAuthorizer('Allow', require(__dirname+'/authorizers/Meadow-Authorizer-Allow.js'));
-		setAuthorizer('Deny', require(__dirname+'/authorizers/Meadow-Authorizer-Deny.js'));
-		setAuthorizer('Mine', require(__dirname+'/authorizers/Meadow-Authorizer-Mine.js'));
-		setAuthorizer('MyCustomer', require(__dirname+'/authorizers/Meadow-Authorizer-MyCustomer.js'));
+		if (_AuthorizationMode === 'SimpleOwnership')
+		{
+			// Map in the authorizers for simple ownership mode
+			setAuthorizer('Allow', require(__dirname+'/authorizers/Meadow-Authorizer-Allow.js'));
+			setAuthorizer('Deny', require(__dirname+'/authorizers/Meadow-Authorizer-Deny.js'));
+			setAuthorizer('Mine', require(__dirname+'/authorizers/Meadow-Authorizer-Mine.js'));
+			setAuthorizer('MyCustomer', require(__dirname+'/authorizers/Meadow-Authorizer-MyCustomer.js'));
+		}
 
 
 		/**
@@ -65,6 +69,13 @@ var MeadowAuthorizers = function()
 				pRequest.MeadowAuthorization = true;
 			}
 
+			// authorize all behaviors if authorization is disabled
+			if (_AuthorizationMode === 'Disabled')
+			{
+				return fComplete();
+			}
+
+			//FIXME: Get rid of this...
 			if (pRequest.Satchel &&
 				pRequest.Satchel.AuthorizeOverride)
 				return fComplete(false);
@@ -125,10 +136,15 @@ var MeadowAuthorizers = function()
 				pRequest.MeadowAuthorization = true;
 			}
 
+			// authorize all behaviors if authorization is disabled
+			if (_AuthorizationMode === 'Disabled')
+			{
+				return fComplete();
+			}
+
 			// Attach authorizer hash in case the invoked authorizer needs the endpoint context
 			pRequest.EndpointHash = pRequestHash;
 
-
 			// See if there is an authorizer collection for the role of the user
 			var tmpRoleAuthorizer = pRequest.DAL.schemaFull.authorizer[pRequest.DAL.getRoleName(pRequest.UserSession.UserRoleIndex)];
 			if (!tmpRoleAuthorizer)

package/source/Meadow-CommonServices.js

@@ -8,7 +8,7 @@
 */
 var MeadowCommonServices = function()
 {
-	function createNew(pMeadow)
+	function createNew(pMeadow, pAuthenticationMode)
 	{
 		// If a valid fable object isn't passed in, return a constructor
 		if ((typeof(pMeadow) !== 'object') || !('fable' in pMeadow))
@@ -17,6 +17,7 @@ var MeadowCommonServices = function()
 		}
 
 		var _Meadow = pMeadow;
+		const _AuthenticationMode = pAuthenticationMode;
 		var _Log = _Meadow.fable.log;
 
 		var libRestify = require('restify');
@@ -106,21 +107,25 @@ var MeadowCommonServices = function()
 			}
 
 			// Check that the user has a valid ID.
-			var tmpIDUser = pRequest.UserSession.UserID;
-			if (tmpIDUser < 1)
+			if (_AuthenticationMode !== 'Disabled')
 			{
-				_Log.warn('Invalid session when attempting to get a secured resource - IDUser is not valid.', {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:'APISecurity'}, pRequest);
-				sendNotAuthorized('You must be authenticated to access this resource.', pRequest, pResponse, fNext);
-				return false;
-			}
-
-			// Check that the authentication level is valid.
-			if (pRequest.UserSession.UserRoleIndex < pRequest.EndpointAuthorizationRequirement)
-			{
-				_Log.warn('Invalid permission level when attempting to get a secured resource.', {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:'APISecurity', RequiredUserLevel:pRequest.EndpointAuthorizationRequirement, 				ActualUserLevel:pRequest.UserSession.UserRoleIndex}, pRequest);
-				// TODO: Send the proper http status code
-				sendNotAuthorized('You must be appropriately authenticated to access this resource.', pRequest, pResponse, fNext);
-				return false;
+				//TODO: do we need this code anymore?
+				const tmpIDUser = pRequest.UserSession.UserID;
+				if (tmpIDUser < 1)
+				{
+					_Log.warn('Invalid session when attempting to get a secured resource - IDUser is not valid.', {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:'APISecurity'}, pRequest);
+					sendNotAuthorized('You must be authenticated to access this resource.', pRequest, pResponse, fNext);
+					return false;
+				}
+
+				// Check that the authentication level is valid.
+				if (pRequest.UserSession.UserRoleIndex < pRequest.EndpointAuthorizationRequirement)
+				{
+					_Log.warn('Invalid permission level when attempting to get a secured resource.', {SessionID:pRequest.UserSession.SessionID, RequestID:pRequest.RequestUUID, RequestURL:pRequest.url, Action:'APISecurity', RequiredUserLevel:pRequest.EndpointAuthorizationRequirement, 				ActualUserLevel:pRequest.UserSession.UserRoleIndex}, pRequest);
+					// TODO: Send the proper http status code
+					sendNotAuthorized('You must be appropriately authenticated to access this resource.', pRequest, pResponse, fNext);
+					return false;
+				}
 			}
 
 			return true;

package/source/Meadow-Endpoints.js

@@ -7,9 +7,6 @@
 * @module Meadow
 */
 
-//Meadow needs to connect some general route handlers, this ensures it is done lazily, and only once.
-var _AttachedRequestHandlers = false;
-
 /**
 * Meadow Data Broker Library
 *
@@ -31,7 +28,9 @@ var MeadowEndpoints = function()
 		var libAsync = require('async');
 		var libRestRouteParse = require('./Restify-RouteParser.js');
 
-		var _CommonServices = require('./Meadow-CommonServices.js').new(pMeadow);
+		const _AuthenticationMode = _Fable.settings.MeadowAuthenticationMode || 'Disabled';
+
+		var _CommonServices = require('./Meadow-CommonServices.js').new(pMeadow, _AuthenticationMode);
 
 		// This holds any changed behaviors.
 		var _BehaviorModifications = require('./Meadow-BehaviorModifications.js').new(pMeadow);
@@ -40,7 +39,7 @@ var MeadowEndpoints = function()
 		var _Authorizers = require('./Meadow-Authorizers.js').new(pMeadow);
 
 		// This checks that the user is authenticated.  In the future, it will be overloadable.
-		var _Authenticator = require('./Meadow-Authenticator.js');
+		var _Authenticator = require('./Meadow-Authenticator.js')(_AuthenticationMode);
 
 		// The default endpoints
 		var _Endpoints = (
@@ -303,14 +302,17 @@ var MeadowEndpoints = function()
 
 			const tmpEndpointPrefix = `/${tmpEndpointVersion}/${tmpEndpointName}`;
 
-			if (!_AttachedRequestHandlers)
+			if (!pRestServer._AttachedMeadowEndpointsRequestHandlers)
 			{
-				_AttachedRequestHandlers = true;
+				pRestServer._AttachedMeadowEndpointsRequestHandlers = true;
 				// Connect the common services to the route
 				pRestServer.use(wireCommonServices);
 
 				// Build formattedParams route parameters
 				pRestServer.use(formatRouteParams);
+
+				// Marshall session data in, if needed / configured
+				pRestServer.use(require('./Meadow-MarshallSessionData')(_Fable));
 			}
 
 			// These special schema services must come in the route table before the READ because they

package/source/Meadow-MarshallSessionData.js

@@ -0,0 +1,64 @@
+/**
+* Meadow Session Marshaller - Extract session data based on configuration.
+*
+* @license MIT
+*
+* @author Alex Decker <alex.decker@headlight.com>
+* @module Meadow
+*/
+
+module.exports = (pFable) =>
+{
+	const _Fable = pFable;
+	const _SessionDataSource = _Fable.settings.MeadowEndpointsSessionDataSource || 'Request';
+
+	return (pRequest, pResponse, fNext) =>
+	{
+		let session;
+
+		switch (_SessionDataSource)
+		{
+		default:
+			_Fable.log.warn(`Unknown session source configured: ${_SessionDataSource} - defaulting to Request for backward compatibility`);
+		case 'Request':
+			// noop - already set by orator-session
+			session = pRequest.UserSession;
+			break;
+		case 'None':
+			break;
+		case 'Header':
+			try
+			{
+				const sessionStr = pRequest.headers['x-trusted-session'];
+				if (!sessionStr)
+				{
+					break;
+				}
+				session = JSON.parse(sessionStr);
+			}
+			catch (pError)
+			{
+				_Fable.log.error('Error marshalling session data from header.', { Error: pError.message, Stack: pError.stack });
+			}
+			break;
+		}
+
+		if (!session)
+		{
+			// blank session so things don't break, for now
+			session =
+			{
+				SessionID: '',
+				UserID: 0,
+				UserRole: '',
+				UserRoleIndex: 0,
+				LoggedIn: false,
+				DeviceID: '',
+				CustomerID: 0,
+			};
+		}
+
+		pRequest.UserSession = session;
+		fNext();
+	}
+};

package/test/MeadowEndpoints_basic_tests.js

@@ -22,6 +22,9 @@ var tmpFableSettings = 	(
 
 	"UnauthorizedRequestDelay": 10,
 
+	MeadowAuthenticationMode: 'LoggedIn',
+	MeadowAuthorizationMode: 'SimpleOwnership',
+
 	APIServerPort: 9080,
 
 	MySQL:
@@ -30,7 +33,7 @@ var tmpFableSettings = 	(
 			Server: "localhost",
 			Port: 3306,
 			User: process.env.DEV_MYSQL_USER || "root",
-			Password: process.env.DEV_MYSQL_PASS || "",
+			Password: process.env.DEV_MYSQL_PASS || "123456789",
 			Database: "FableTest",
 			ConnectionPoolLimit: 20
 		},
@@ -40,7 +43,6 @@ var tmpFableSettings = 	(
 var libFable = require('fable').new(tmpFableSettings);
 tmpFableSettings = libFable.settings;
 
-var libMySQL = require('mysql2');
 libFable.MeadowMySQLConnectionPool = libMySQL.createPool
 	(
 		{