Release/0.2.0 (#12)

* feat: ✨ Prepare release 0.2.0

Add example how to use constants.*.js, Add example how to implement Hasura Custom Action protector middleware, Add example how to parse cookies, Add ACL to non-public Swagger UI, fix Hlambda List of protected env names

* feat: 🎨 Update Console UI

* docs: 📝 Update CHANGELOG.md

* fix: 📝 Update comment, update CHANGELOG.md

* fix: 🐛 Update ACL to check for access value, and increase expiration time of the Swagger Console UI token.

Author: gnekich

.env.example

@@ -34,6 +34,18 @@ PRIVATE_KEY_CONFIGURATION="__INSERT_YOUR_PRIVATE_KEY_CONFIGURATION__"
 # Server max allowed body size from client that express app will support. (Main usecase is Apple Subscription Notifications)
 SERVER_BODY_SIZE="2mb"
 
+# Constant reference in code: ENV_DISABLE_EXPRESS_BODY_PARSER | Default value: false
+# The Express body parser will be disabled for all routes except the ones required for Console.
+DISABLE_EXPRESS_BODY_PARSER="false"
+
+# Constant reference in code: ENV_EXPRESS_BODY_PARSER_INCLUDE_RAW_BODY | Default value: false
+# In all requests you will have req.rawBody buffer available.
+EXPRESS_BODY_PARSER_INCLUDE_RAW_BODY="false"
+
+# Constant reference in code: ENV_DISABLE_EXPRESS_COOKIE_PARSER | Default value: false
+# The Express cookie parser will be disabled for all routes except the ones required for Console.
+DISABLE_EXPRESS_COOKIE_PARSER="false"
+
 # Constant reference in code: ENV_HLAMBDA_CORS_DOMAIN | Default value: *
 # By default, all CORS requests to the Hlambda server are allowed. To run with more restrictive CORS settings, use this env variable. Example: `https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com`
 HLAMBDA_CORS_DOMAIN="*"
@@ -110,7 +122,7 @@ HLAMBDA_ENVIRONMENT_BANNER_MESSAGE=""
 # Selects color of the environment banner.
 HLAMBDA_ENABLE_ENVIRONMENT_BANNER_COLOR="#fea300"
 
-# Constant reference in code: ENV_HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES | Default value: ENV_HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES,HLAMBDA_DISABLE_CONSOLE,HLAMBDA_ADMIN_SECRET
+# Constant reference in code: ENV_HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES | Default value: HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES,HLAMBDA_DISABLE_CONSOLE,HLAMBDA_ADMIN_SECRET,SERVER_PORT
 # List of the env variable names that are protected from hlambda config override.
-HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES="ENV_HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES,HLAMBDA_DISABLE_CONSOLE,HLAMBDA_ADMIN_SECRET"
+HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES="HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES,HLAMBDA_DISABLE_CONSOLE,HLAMBDA_ADMIN_SECRET,SERVER_PORT"
 

CHANGELOG.md

@@ -1,3 +1,14 @@
+# Release 0.2.0
+
+- Updated Console UI (Logs: Auto scroll snap, Metadata: Action history dates)
+- Added example for use of constants in default metadata.
+- Added support for parsing cookies.
+- Added example to get and set cookies in default metadata.
+- Added ACL for Non-public Swagger UI in Console.
+- Fix HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES, also add SERVER_PORT to HLAMBDA_LIST_OF_PROTECTED_ENV_VARIABLES.
+- Added support to get request raw body via new env variable `EXPRESS_BODY_PARSER_INCLUDE_RAW_BODY` default:false
+- Added Hasura Custom Action Middleware that checks for Hasura Web Hook Secret in request header to the example metadata.
+
 # Release 0.1.0
 
 - Added support for JSON output to stdout, new env variable `JSON_STDOUT` default:false

data/self-update-history/.gitkeep

@@ -0,0 +1,29 @@
+import express from 'express';
+import asyncHandler from 'express-async-handler';
+
+import cookieParser from 'cookie-parser';
+
+import errors from './../errors.demo.js';
+
+// Create express router
+const router = express.Router();
+
+// router.use(cookieParser()); // Use this if you have set ENV_DISABLE_EXPRESS_COOKIE_PARSER to true.
+
+router.get(
+  '/cookie/set',
+  asyncHandler((req, res) => {
+    res.cookie('demo-jwt-token', 'token ey...', { maxAge: 10800 });
+    res.send(`Demo token set!`);
+  })
+);
+
+router.get(
+  '/cookie/get',
+  asyncHandler((req, res) => {
+    console.log('Cookies: ', req.cookies);
+    res.send(JSON.stringify(req.cookies, null, 2));
+  })
+);
+
+export default router;

metadata/apps/auth/routes/router.cookies.js

@@ -0,0 +1,32 @@
+import { createConstantsDescriptor } from 'hlambda';
+
+export { isEnvTrue, getEnvValue } from 'hlambda';
+
+// --- START SAFE TO EDIT ---
+
+export const constantsGroupName = 'example-hasura-app';
+
+export const constants = {
+  ENV_HOOK_SECRET_HEADER_NAME: {
+    name: 'HOOK_SECRET_HEADER_NAME',
+    default: 'x-hook-secret', // Default value
+    description: 'Name of the header where hook secret will be found.',
+  },
+  ENV_HOOK_SECRET: {
+    name: 'HOOK_SECRET',
+    default: 'you-must-change-me', // Default value
+    description: 'Secret used to protect hooks.',
+  },
+  ENV_DANGEROUS_DISABLE_HOOK_SECRET_AND_CONTINUE: {
+    name: 'DANGEROUS_DISABLE_HOOK_SECRET_AND_CONTINUE',
+    default: 'false', // Default value
+    description:
+      'If set to true, HOOK_SECRET check will be disabled and anyone without hook secret can trigger the hook. (Default: false)',
+  },
+};
+
+// --- STOP SAFE TO EDIT ---
+
+export const cd = createConstantsDescriptor(constants, constantsGroupName);
+
+export default constants;

metadata/apps/example-hasura/constants.demo.js

@@ -12,6 +12,9 @@ export const errors = {
   SOMETHING_WENT_TERRIBLY_WRONG: {
     message: 'Description of an error message...',
   },
+  ERROR_INVALID_HOOK_SECRET: {
+    message: 'Invalid hook secret.',
+  },
 };
 
 // --- STOP SAFE TO EDIT ---

metadata/apps/example-hasura/errors.demo.js

@@ -2,3 +2,5 @@ env:
   APP_VERSION: "v1.0.0"
 envForce:
   APP_VERSION: "v1.0.0"
+  HOOK_SECRET_HEADER_NAME: "x-hook-secret"
+  HOOK_SECRET: "hasura-hook-secret-SuPperSecr3t112"

metadata/apps/example-hasura/hlambda-config.yaml

@@ -0,0 +1,28 @@
+import express from 'express';
+import asyncHandler from 'express-async-handler';
+
+// Define errors
+import errors from './errors.demo.js';
+import { constants, isEnvTrue, getEnvValue } from './constants.demo.js';
+
+// Create express router
+const router = express.Router();
+
+// Middleware to handle authorization for the web hook.
+router.use(
+  asyncHandler((req, res, next) => {
+    const secret = req?.headers?.[getEnvValue(constants.ENV_HOOK_SECRET_HEADER_NAME)];
+    // Check if protector is disabled. !!! Dangerous !!! But useful when testing in demo env.
+    if (isEnvTrue(constants.ENV_DANGEROUS_DISABLE_HOOK_SECRET_AND_CONTINUE)) {
+      next();
+      return;
+    }
+    // Check if secret matches.
+    if (secret !== getEnvValue(constants.ENV_HOOK_SECRET)) {
+      throw new Error(errors.ERROR_INVALID_HOOK_SECRET);
+    }
+    next();
+  })
+);
+
+export default router;

metadata/apps/example-hasura/protector.js

@@ -4,6 +4,9 @@ import asyncHandler from 'express-async-handler';
 // Import our custom request logger
 import hasuraRequestLogger from './hasura-request-logger.js';
 
+// Import protector for web hooks
+import hasuraWebHookProtector from './protector.js';
+
 // Import our errors definition
 import errors from './errors.demo.js';
 
@@ -12,10 +15,21 @@ const router = express.Router();
 
 router.use('/hasura-*', hasuraRequestLogger);
 
+router.use('/hasura-*', hasuraWebHookProtector);
+
 router.post(
   '/hasura-version',
   asyncHandler((req, res) => {
     console.log(`${process.env.APP_VERSION}`);
+    res.json({
+      version: `${process.env.APP_VERSION}`,
+    });
+  })
+);
+
+router.post(
+  '/hasura-version-error',
+  asyncHandler((req, res) => {
     throw new Error(errors.SOMETHING_WENT_TERRIBLY_WRONG);
     // res.json({
     //   version: `${process.env.APP_VERSION}`,