New Feature - Authentication Middleware Injection

.env.schema

@@ -12,3 +12,4 @@ LOG_LEVEL=
 PORT=3030
 UPLOAD_LIMIT=''
 PLURALIZE_SCHEMAS_ENABLED=
+ALLOWED_ORIGINS=

README.md

@@ -88,6 +88,7 @@ The Environment Variables used for this application are listed in the table bell
 | `PLURALIZE_SCHEMAS_ENABLED` | This feature automatically convert schema names to their plural forms when handling compound documents. Pluralization assumes the words are in English                                                                                                                                               | true                                   |
 | `PORT`                      | Server Port.                                                                                                                                                                                                                                                                                         | 3030                                   |
 | `UPLOAD_LIMIT`              | Limit upload file size in string or number. <br>Supported units and abbreviations are as follows and are case-insensitive: <br> - b for bytes<br> - kb for kilobytes<br>- mb for megabytes<br>- gb for gigabytes<br>- tb for terabytes<br>- pb for petabytes<br>Any other text is considered as byte | '10mb'                                 |
+| `ALLOWED_ORIGINS`           | Specifies a list of permitted origins for Cross-Origin Resource Sharing (CORS). These origins, separated by commas, are allowed to make requests to the server, ensuring only trusted domains can access resources. (Example: https://www.example.com,https://subdomain.example.com)                 |                                        |
 
 ## Script commands (Workspace)
 

apps/server/package.json

@@ -23,6 +23,7 @@
 	"private": true,
 	"dependencies": {
 		"@overture-stack/lyric": "workspace:^",
+		"cors": "^2.8.5",
 		"dotenv": "^16.4.5",
 		"express": "^4.19.2",
 		"helmet": "^7.1.0",
@@ -31,6 +32,7 @@
 		"winston": "^3.13.1"
 	},
 	"devDependencies": {
+		"@types/cors": "^2.8.17",
 		"@types/express": "^4.17.21",
 		"@types/express-serve-static-core": "^4.19.5",
 		"@types/qs": "^6.9.15",

apps/server/src/auth/handler.ts

@@ -0,0 +1,20 @@
+import { Request } from 'express';
+
+import { type UserSessionResult } from '@overture-stack/lyric';
+
+/**
+ * Function to implement authentication logic.
+ * This function is called by the authMiddleware to verify the user's authentication.
+ * It returns the authentication result, which includes the authentication status and user information.
+ *
+ * @param req - Express request object
+ * @returns User session result
+ */
+export const authHandler = (_req: Request) => {
+	// Guest User Session
+	const authResult: UserSessionResult = {
+		user: { username: 'Guest' },
+	};
+
+	return authResult;
+};

apps/server/src/config/server.ts → apps/server/src/config/app.ts

@@ -2,9 +2,12 @@ import 'dotenv/config';
 
 import { AppConfig } from '@overture-stack/lyric';
 
+import { authHandler } from '../auth/handler.js';
+
 export const getServerConfig = () => {
 	return {
 		port: process.env.PORT || 3030,
+		allowedOrigins: process.env.ALLOWED_ORIGINS,
 	};
 };
 
@@ -27,7 +30,7 @@ const getRequiredConfig = (name: string) => {
 	return value;
 };
 
-export const defaultAppConfig: AppConfig = {
+export const appConfig: AppConfig = {
 	db: {
 		host: getRequiredConfig('DB_HOST'),
 		port: Number(getRequiredConfig('DB_PORT')),
@@ -57,4 +60,8 @@ export const defaultAppConfig: AppConfig = {
 	logger: {
 		level: process.env.LOG_LEVEL || 'info',
 	},
+	auth: {
+		enabled: getBoolean(process.env.AUTH_ENABLED, true),
+		customAuthHandler: authHandler,
+	},
 };

apps/server/src/server.ts

@@ -1,23 +1,40 @@
+import cors from 'cors';
 import express from 'express';
 import helmet from 'helmet';
 import { serve, setup } from 'swagger-ui-express';
 
 import { errorHandler, provider } from '@overture-stack/lyric';
 
-import { defaultAppConfig, getServerConfig } from './config/server.js';
+import { appConfig, getServerConfig } from './config/app.js';
 import swaggerDoc from './config/swagger.js';
 import healthRouter from './routes/health.js';
 import pingRouter from './routes/ping.js';
 
-const serverConfig = getServerConfig();
+const { allowedOrigins, port } = getServerConfig();
 
-const lyricProvider = provider(defaultAppConfig);
+const lyricProvider = provider(appConfig);
 
 // Create Express server
 const app = express();
 
 app.use(helmet());
 
+app.use(
+	cors({
+		origin: function (origin, callback) {
+			if (!origin) {
+				// allow requests with no origin
+				// (like mobile apps or curl requests)
+				return callback(null, true);
+			} else if (allowedOrigins && allowedOrigins.split(',').indexOf(origin) !== -1) {
+				return callback(null, true);
+			}
+			const msg = 'The CORS policy for this site does not allow access from the specified Origin.';
+			return callback(new Error(msg), false);
+		},
+	}),
+);
+
 // Ping Route
 app.use('/ping', pingRouter);
 
@@ -35,6 +52,6 @@ app.use('/health', healthRouter);
 
 app.use(errorHandler);
 // running the server
-app.listen(serverConfig.port, () => {
-	console.log(`Starting Express server on http://localhost:${serverConfig.port}`);
+app.listen(port, () => {
+	console.log(`Starting ExpressJS server on port ${port}`);
 });

packages/data-provider/README.md

@@ -8,53 +8,146 @@
 npm i @overture-stack/lyric
 ```
 
-## Usage
+## Configuration
+
+### Provider
 
 Import `AppConfig` and `provider` from `@overture-stack/lyric` module to initialize the provider with custom configuration:
 
-```
+```javascript
 import { AppConfig, provider } from '@overture-stack/lyric';
 
 const appConfig: AppConfig = {
 	db: {
-		host: [INSERT_DB_HOST],
-		port: [INSERT_DB_PORT],
-		database: [INSERT_DB_NAME],
-		user:[INSERT_DB_USER],
-		password: [INSERT_DB_PASSWORD],
+		host: 'localhost', // Database hostname or IP address
+		port: 5432, // Database port
+		database: 'my_database', // Name of the database
+		user: 'db_user', // Username for database authentication
+		password: 'secure_password', // Password for database authentication
 	},
 	features: {
 		audit: {
-			enabled: [INSERT_AUDIT_ENABLED]
-		}
+			enabled: true, // Enable audit functionality (true/false)
+		},
+		recordHierarchy: {
+			pluralizeSchemasName: false, // Enable or disable automatic schema name pluralization (true/false)
+		},
 	},
-	schemaService: {
-		url: [INSERT_LECTERN_URL],
+	idService: {
+		useLocal: true, // Use local ID generation (true/false)
+		customAlphabet: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890', // Custom alphabet for ID generation
+		customSize: 12, // Size of the generated ID
 	},
 	limits: {
-		fileSize: [INSERT_UPLOAD_LIMIT],
+		fileSize: 10485760, // Maximum file size in bytes (e.g., 10MB = 10 * 1024 * 1024)
 	},
 	logger: {
-		level: [INSERT_LOG_LEVEL],
+		level: 'info', // Logging level (e.g., 'debug', 'info', 'warn', 'error')
+	},
+	schemaService: {
+		url: 'https://api.lectern-service.com', // URL of the schema service
 	},
 };
 
 
 const lyricProvider = provider(appConfig);
 ```
 
-Use any of the resources available on provider on a Express server:
+### Auth Custom Handler
+
+The **authentication custom handler** is a customized function that can be used to verify and manage user authentication within the application. It is used by the auth middleware to process incoming requests.
 
-- Import a router:
+The handler returns a `UserSessionResult` response type, which provides information about the user's session or any errors encountered during the process.
 
+This result object can include:
+
+- `user` (optional): A UserSession object containing details of the authenticated user, if available.
+- `errorCode` (optional): A numeric code representing an error that occurred while processing the session request.
+- `errorMessage` (optional): A descriptive message detailing the specific error, if an errorCode is provided.
+
+Example how to implement a custom auth handler:
+
+```javascript
+import { Request } from 'express';
+import { UserSessionResult } from '@overture-stack/lyric';
+import jwt from 'jsonwebtoken';
+
+const authHandler = (req: Request): UserSessionResult => {
+    // Extract the token from the request header
+    const authHeader = req.headers['authorization'];
+
+    // Check if the Authorization header exists and starts with "Bearer"
+	if (!authHeader || !authHeader.startsWith('Bearer ')) {
+		return {
+			errorCode: 401,
+			errorMessage: 'Unauthorized: No token provided'
+		}
+	}
+
+	// Extract the token by removing the "Bearer " prefix
+	const token = authHeader.split(' ')[1];
+
+    try {
+		// Verify the token using a public key
+		const publicKey = process.env.JWT_PUBLIC_KEY!;
+		const decodedToken = jwt.verify(token, publicKey);
+
+		return {
+			user: { username:  decodedToken.username }, // Example: Adjust fields as per your `UserSession` type
+		};
+	} catch (err) {
+		return {
+			errorCode: 403,
+			errorMessage: 'Forbidden: Invalid token'
+		}
+	}
+};
 ```
+
+Add the handler to your `AppConfig` object.
+
+```javascript
+import { AppConfig, provider, UserSession } from '@overture-stack/lyric';
+
+const appConfig: AppConfig = {
+	...// Other configuration
+	auth: {
+		enabled: true,
+		customAuthHandler: authHandler,
+	};
+}
+```
+
+## Usage
+
+### Express Routers
+
+Use any of the resources available on provider on a Express server:
+
+```javascript
 import express from 'express';
 
 const app = express();
 
 app.use('/submission', lyricProvider.routers.submission);
 ```
 
+### Database Migrations
+
+Import `migrate` function from `@overture-stack/lyric` module to run Database migrations
+
+```javascript
+import { migrate } from '@overture-stack/lyric';
+
+migrate({
+	host: 'localhost', // Database hostname or IP address
+	port: 5432, // Database port
+	database: 'my_database', // Name of the database
+	user: 'db_user', // Username for database authentication
+	password: 'secure_password', // Password for database authentication
+});
+```
+
 ## Support & Contributions
 
 - Developer documentation [docs](https://github.com/overture-stack/lyric/blob/main/packages/data-provider/docs/add-new-resources.md)

packages/data-provider/index.ts

@@ -1,6 +1,7 @@
 // config
 export { type AppConfig } from './src/config/config.js';
 export { default as provider } from './src/core/provider.js';
+export { type UserSession, type UserSessionResult } from './src/middleware/auth.js';
 export { errorHandler } from './src/middleware/errorHandler.js';
 export { type DbConfig, migrate } from '@overture-stack/lyric-data-model';
 

packages/data-provider/src/config/config.ts

@@ -3,6 +3,7 @@ import { NodePgDatabase } from 'drizzle-orm/node-postgres';
 import type { DbConfig } from '@overture-stack/lyric-data-model';
 import * as schema from '@overture-stack/lyric-data-model/models';
 
+import type { AuthConfig } from '../middleware/auth.js';
 import { Logger } from './logger.js';
 
 export type AuditConfig = {
@@ -48,6 +49,7 @@ export type AppConfig = {
 	limits: LimitsConfig;
 	logger: LoggerConfig;
 	schemaService: SchemaServiceConfig;
+	auth: AuthConfig;
 };
 
 /**