npm - wingbot - Versions diffs - 3.73.0 → 3.73.1 - Mend

wingbot 3.73.0 → 3.73.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "wingbot",
-  "version": "3.73.0",
+  "version": "3.73.1",
   "description": "Enterprise Messaging Bot Conversation Engine",
   "main": "index.js",
   "type": "commonjs",
@@ -58,7 +58,9 @@
     "compress-json": "^3.0.0",
     "deep-extend": "^0.6.0",
     "form-data": "^4.0.0",
-    "graphql": "^16.8.1",
+    "graphql": "^16.11.0",
+    "graphql-depth-limit": "^1.1.0",
+    "graphql-query-complexity": "^1.1.0",
     "jsonwebtoken": "^9.0.2",
     "node-fetch": "^2.6.7",
     "path-to-regexp": "^6.3.0",

package/src/BotAppSender.js CHANGED Viewed

@@ -41,12 +41,12 @@ class BotAppSender extends ReturnSender {
     /**
      *
      * @param {SenderOptions} options
-     * @param {string} userId
+     * @param {string} senderId
      * @param {object} incommingMessage
      * @param {ChatLogStorage} logger - console like logger
      */
-    constructor (options, userId, incommingMessage, logger = null) {
-        super(options, userId, incommingMessage, logger);
+    constructor (options, senderId, incommingMessage, logger = null) {
+        super(options, senderId, incommingMessage, logger);
         this.waits = true;
@@ -98,14 +98,16 @@ class BotAppSender extends ReturnSender {
      * @param {Buffer} data
      * @param {string} contentType
      * @param {string} fileName
+     * @param {string} [senderId]
      * @returns {Promise<UploadResult>}
      */
-    async upload (data, contentType, fileName) {
+    async upload (data, contentType, fileName, senderId = this._senderId) {
         const formData = new FormData();
         const nonce = Math.floor(Math.random() * Number.MAX_SAFE_INTEGER).toString(36).padEnd(11, '0');
         formData.append('nonce', nonce);
+        formData.append('senderId', senderId || '');
         formData.append('f0', data, { filename: fileName, contentType });
         const [token, agent] = await Promise.all([

package/src/LLM.js CHANGED Viewed

@@ -82,6 +82,11 @@ const Ai = require('./Ai');
  * @prop {string} [model]
  */
+/**
+ * @typedef {object} LLMLogOptions
+ * @prop {VectorSearchResult} [vectorSearchResult]
+ */
 /**
  * @typedef {object} LLMChatProvider
  * @prop {LLMChatProviderPrompt} requestChat
@@ -237,9 +242,10 @@ class LLM {
      *
      * @param {LLMSession} session
      * @param {LLMProviderOptions} [options={}]
+     * @param {LLMLogOptions} [logOptions]
      * @returns {Promise<LLMMessage>}
      */
-    async generate (session, options = {}) {
+    async generate (session, options = {}, logOptions = {}) {
         /** @type {LLMProviderOptions} */
         const opts = {
             ...(this._configuration.model && { model: this._configuration.model }),
@@ -248,7 +254,7 @@ class LLM {
         const prompt = session.toArray(true);
         const result = await this._provider.requestChat(prompt, opts);
-        this.logPrompt(prompt, result);
+        this.logPrompt(prompt, result, logOptions.vectorSearchResult);
         return result;
     }

package/src/LLMSession.js CHANGED Viewed

@@ -7,6 +7,7 @@ const LLM = require('./LLM');
 /** @typedef {import('./Responder').QuickReply} QuickReply */
 /** @typedef {import('./LLM').LLMProviderOptions} LLMProviderOptions */
+/** @typedef {import('./LLM').LLMLogOptions} LLMLogOptions */
 /** @typedef {'user'|'assistant'} LLMChatRole */
 /** @typedef {'system'} LLMSystemRole */
@@ -272,11 +273,12 @@ class LLMSession {
     /**
      *
-     * @param {LLMProviderOptions} [options={}]
+     * @param {LLMProviderOptions} [providerOptions={}]
+     * @param {LLMLogOptions} [logOptions]
      * @returns {Promise<LLMMessage<any>>}
      */
-    async generate (options = {}) {
-        const result = await this._llm.generate(this, options);
+    async generate (providerOptions = {}, logOptions = {}) {
+        const result = await this._llm.generate(this, providerOptions, logOptions);
         this._generatedIndex = this._chat.length;
         this._chat.push(result);

package/src/graphApi/GraphApi.js CHANGED Viewed

@@ -8,6 +8,7 @@ const WingbotApiConnector = require('./WingbotApiConnector');
 // @ts-ignore
 const packageJson = require('../../package.json');
 const headersToAuditMeta = require('../utils/headersToAuditMeta');
+const gqlRules = require('./gqlRules');
 const DEFAULT_GROUPS = ['botEditor', 'botAdmin', 'appToken'];
 const KEYS_URL = 'https://api.wingbot.ai/keys';
@@ -27,6 +28,12 @@ const DEFAULT_CACHE = 86400000; // 24 hours
 /** @typedef {import('../CallbackAuditLog')} AuditLog */
 /** @typedef {import('graphql')} GqlLib */
+/**
+ * @typedef {object} Logger
+ * @prop {Function} log
+ * @prop {Function} error
+ */
 class GraphApi {
     /**
@@ -38,8 +45,11 @@ class GraphApi {
      * @param {string[]} [options.groups] - list of allowed bot groups
      * @param {boolean} [options.useBundledGql] - uses library bundled graphql definition
      * @param {AuditLog} [options.auditLog]
+     * @param {boolean} [options.isProduction]
+     * @param {boolean} [options.hideVerboseErrors]
+     * @param {Logger} [log=console]
      */
-    constructor (apis, options) {
+    constructor (apis, options, log = console) {
         this._root = {
             version () {
                 return packageJson.version;
@@ -62,6 +72,13 @@ class GraphApi {
             }
         };
+        this._log = log;
+        this._options = {
+            hideVerboseErrors: true,
+            isProduction: true,
+            ...options
+        };
         Object.assign(opts, options);
         apis.forEach((api) => Object.assign(this._root, api));
@@ -149,6 +166,19 @@ class GraphApi {
         const schema = await this._schema();
+        const { isProduction = true, hideVerboseErrors } = this._options;
+        const ast = this._gql.parse(body.query);
+        const errors = this._gql.validate(
+            schema,
+            ast,
+            gqlRules(body.variables, isProduction, hideVerboseErrors, this._log)
+        );
+        if (errors.length > 0) {
+            this._log.error('GQL failed', errors);
+            return { errors };
+        }
         const ctx = {
             token,
             groups: this._defaultGroups,

package/src/graphApi/gqlRules.js ADDED Viewed

@@ -0,0 +1,87 @@
+/* eslint-disable global-require */
+/**
+ * @author David Menger
+ */
+'use strict';
+/** @typedef {import('graphql').ValidationRule} ValidationRule */
+/**
+ * @typedef {object} Logger
+ * @prop {Function} log
+ * @prop {Function} error
+ */
+/**
+ *
+ * @param {object} variables
+ * @param {boolean} isProduction
+ * @param {boolean} hideVerboseErrors
+ * @param {Logger} [log=console]
+ * @returns {ValidationRule[]}
+ */
+function gqlRules (variables, isProduction, hideVerboseErrors, log = console) {
+    // OPTIMIZATION FOR LAMBDA PERFORMANCE
+    const { GraphQLError, NoSchemaIntrospectionCustomRule } = require('graphql');
+    const { createComplexityRule, simpleEstimator } = require('graphql-query-complexity');
+    const depthLimit = require('graphql-depth-limit');
+    return [
+        ...(hideVerboseErrors ? [NoSchemaIntrospectionCustomRule] : []),
+        depthLimit(10),
+        createComplexityRule({
+            // The maximum allowed query complexity, queries above this threshold will be rejected
+            maximumComplexity: 1000,
+            // The query variables. This is needed because the variables are not available
+            // in the visitor of the graphql-js library
+            variables,
+            // The context object for the request (optional)
+            context: {},
+            // The maximum number of query nodes to evaluate (fields, fragments, composite types).
+            // If a query contains more than the specified number of nodes, the complexity rule will
+            // throw an error, regardless of the complexity of the query.
+            //
+            // Default: 10_000
+            maxQueryNodes: 10000,
+            // Optional callback function to retrieve the determined query complexity
+            // Will be invoked whether the query is rejected or not
+            // This can be used for logging or to implement rate limiting
+            onComplete: (complexity) => {
+                if (!isProduction) {
+                    log.log('Determined query complexity: ', complexity);
+                }
+            },
+            // Optional function to create a custom error
+            createError: (max, actual) => {
+                const msg = `GQL Query too complex: ${actual}. Maximum allowed: ${max}`;
+                if (hideVerboseErrors) {
+                    log.error(msg);
+                    return new GraphQLError('');
+                }
+                log.log(msg);
+                return new GraphQLError(`Query is too complex: ${actual}. Maximum allowed complexity: ${max}`);
+            },
+            // Add any number of estimators. The estimators are invoked in order, the first
+            // numeric value that is being returned by an estimator is used as the field complexity.
+            // If no estimator returns a value, an exception is raised.
+            estimators: [
+                // Add more estimators here...
+                // This will assign each field a complexity of 1 if no other estimator
+                // returned a value.
+                simpleEstimator({
+                    defaultComplexity: 1
+                })
+            ]
+        })
+    ];
+}
+module.exports = gqlRules;