.dockerignore

 node_modules
 .git
 .gitignore
+data
+kong.yml
+coverage
+.env*

.eslintignore

 node_modules
 bin
+data

.eslintrc.json

@@ -21,12 +21,12 @@
   },
   "rules": {
     // "no-console": "off",
-    "func-names": "off",
-    "no-underscore-dangle": "off",
-    "consistent-return": "off",
-    "jest/expect-expect": "off",
-    "security/detect-object-injection": "off",
-    "camelcase": "off",
+    "func-names": "warn",
+    "no-underscore-dangle": "warn",
+    "consistent-return": "warn",
+    "jest/expect-expect": "warn",
+    "security/detect-object-injection": "warn",
+    "camelcase": "warn",
     "import/no-unresolved": [
       "error",
       {
@@ -36,4 +36,4 @@
       }
     ]
   }
-}
+}
\ No newline at end of file

.gitignore

@@ -13,3 +13,8 @@ coverage
 
 # Local Netlify folder
 .netlify
+
+kong.yml
+
+
+data

.prettierignore

 node_modules
 coverage
-
+data

Dockerfile

@@ -4,12 +4,13 @@ RUN mkdir -p /usr/src/playground-be && chown -R node:node /usr/src/playground-be
 
 WORKDIR /usr/src/playground-be
 
-COPY package.json yarn.lock ./
+COPY package.json ./
 
 USER node
 
-RUN yarn install --pure-lockfile
-
 COPY --chown=node:node . .
 
+RUN yarn install
+
 EXPOSE 8080
+

README.md

-# RESTful API Node Server Boilerplate
+# RESTful API Node Server Boilerplate - te
 
 [![Build Status](https://travis-ci.org/hagopj13/node-express-boilerplate.svg?branch=master)](https://travis-ci.org/hagopj13/node-express-boilerplate)
 [![Coverage Status](https://coveralls.io/repos/github/hagopj13/node-express-boilerplate/badge.svg?branch=master)](https://coveralls.io/github/hagopj13/node-express-boilerplate?branch=master)

docker-compose.dev.yml

-version: '3'
-
 services:
   playground-be:
     command: yarn dev -L
+    volumes:
+      - .:/usr/src/playground-be
+    restart: no
+
   upload:
     command: npm start
+    restart: no
+
+  playground-db:
+    ports:
+      - "27017:27017"
+    restart: no
+
+  kong:
+    restart: no

docker-compose.prod.yml

-version: '3'
-
 services:
   playground-be:
-    command: yarn dev -L
+    command: yarn start
   upload:
     command: npm run prod

docker-compose.test.yml

-version: '3'
-
 services:
   playground-be:
-    container_name: playground-be-test
     command: yarn test
+    volumes:
+      - .:/usr/src/playground-be

docker-compose.yml

-# upload/Dockerfile
-version: '3'
-
 services:
+
+  kong:
+    platform: linux/amd64
+    image: kong:3.7.1-ubuntu
+    container_name: ${ENV:-dev}-kong
+    environment:
+      KONG_ADMIN_ACCESS_LOG: /dev/stdout
+      KONG_ADMIN_ERROR_LOG: /dev/stderr
+      KONG_PROXY_ACCESS_LOG: /dev/stdout
+      KONG_PROXY_ERROR_LOG: /dev/stderr
+      KONG_DATABASE: "off"
+      KONG_DECLARATIVE_CONFIG: /kong/declarative/kong.yml
+    ports:
+      - "${KONG_PROXY_PORT}:8000"
+
+    restart: always
+    networks:
+      - node-network
+    volumes:
+      - "./:/kong/declarative/"
+    depends_on:
+      - playground-be
+
   playground-be:
+    platform: linux/amd64
+    container_name: ${ENV:-dev}-playground-be
     build: .
-    image: playground-be
-    ports:
-      - '${PORT}:${PORT}'
+    image: boschvn/playground-be:${IMAGE_TAG:-latest}
+    env_file:
+      - .env
     depends_on:
       - playground-db
       - upload
-    volumes:
-      - .:/usr/src/playground-be
     networks:
       - node-network
+    restart: always
+    command: yarn start
 
   playground-db:
+    container_name: ${DB_CONTAINER_NAME:-playground-db}
     image: mongo:4.4.6-bionic
-    ports:
-      - '${MONGO_EXPOSE_PORT}:27017'
     volumes:
       - dbdata:/data/db
     networks:
       - node-network
+    restart: always
 
   upload:
-    build: ./upload/
-    image: upload
-    ports:
-      - '${UPLOAD_PORT}:${UPLOAD_PORT}'
+    platform: linux/amd64
+    container_name: ${ENV:-dev}-upload
+    image: boschvn/upload:dcdc95a
+    env_file:
+      - .env
     volumes:
-      - ./upload:/usr/src/upload
-      - /usr/src/upload/node_modules/
       - '${UPLOAD_PATH}:/usr/src/upload/data'
     networks:
       - node-network
-
+    restart: always
+    command: npm run prod
 
 volumes:
   dbdata:

kong.yml.template

+_format_version: '3.0'
+_transform: true
+
+services:
+  - host: ${ENV}-playground-be
+    name: main
+    port: ${PORT}
+    protocol: http
+    routes:
+      - name: main_route
+        methods:
+          - GET
+          - PUT
+          - POST
+          - PATCH
+          - DELETE
+          - OPTIONS
+          - HEAD
+          - CONNECT
+          - TRACE
+    read_timeout: 180000
+plugins:
+  - name: rate-limiting
+    enabled: true
+    protocols:
+      - grpc
+      - grpcs
+      - http
+      - https
+    config:
+      fault_tolerant: true
+      hide_client_headers: false
+      minute: 120
+      limit_by: header
+      header_name: x-forwarded-for
+      policy: local
+      sync_rate: -1

package.json

@@ -11,7 +11,7 @@
   },
   "scripts": {
     "start": "pm2 start ecosystem.config.json --no-daemon",
-    "dev": "cross-env NODE_ENV=development nodemon src/index.js",
+    "dev": "cross-env NODE_ENV=development nodemon --ignore 'data/*' src/index.js",
     "test": "jest -i --colors --verbose --detectOpenHandles",
     "test:watch": "jest -i --watchAll",
     "coverage": "jest -i --coverage",
@@ -66,8 +66,10 @@
     "helmet": "^4.1.0",
     "http-proxy-middleware": "^3.0.0",
     "http-status": "^1.7.4",
+    "jimp": "^0.22.12",
     "joi": "^17.3.0",
     "jsonwebtoken": "^8.5.1",
+    "lodash": "^4.17.21",
     "moment": "^2.24.0",
     "mongoose": "^5.7.7",
     "morgan": "^1.9.1",
@@ -75,15 +77,17 @@
     "passport": "^0.4.0",
     "passport-jwt": "^4.0.0",
     "pm2": "^5.1.0",
-    "socket.io": "^4.7.5",
+    "socket.io": "^4.8.0",
     "swagger-jsdoc": "^6.0.8",
     "swagger-ui-express": "^4.1.6",
     "utf-8-validate": "^6.0.4",
     "validator": "^13.0.0",
-    "winston": "^3.2.1",
-    "xss-clean": "^0.1.1"
+    "websocket": "^1.0.35",
+    "winston": "^3.2.1"
   },
   "devDependencies": {
+    "@types/lodash": "^4.17.12",
+    "@types/mongoose": "^5.11.97",
     "coveralls": "^3.0.7",
     "eslint": "^7.0.0",
     "eslint-config-airbnb-base": "^14.0.0",

src/app.js

 const express = require('express');
 const helmet = require('helmet');
-const xss = require('xss-clean');
 const cookies = require('cookie-parser');
 const mongoSanitize = require('express-mongo-sanitize');
 const compression = require('compression');
@@ -16,7 +15,7 @@ const routesV2 = require('./routes/v2');
 const { errorConverter, errorHandler } = require('./middlewares/error');
 const ApiError = require('./utils/ApiError');
 const setupProxy = require('./config/proxyHandler');
-const LLMServices = require('./services/llm.service');
+const { init: initSocketIO } = require('./config/socket');
 
 const app = express();
 
@@ -38,7 +37,6 @@ app.use(express.json({ limit: '50mb', strict: false }));
 app.use(express.urlencoded({ extended: true, limit: '50mb', parameterLimit: 10000 }));
 
 // sanitize request data
-app.use(xss());
 app.use(mongoSanitize());
 
 // gzip compression
@@ -47,14 +45,7 @@ app.use(compression());
 // enable cors
 app.use(
   cors({
-    origin: [
-      /localhost:\d+/,
-      /\.digitalauto\.tech$/,
-      /\.digitalauto\.asia$/,
-      /\.digital\.auto$/,
-      'https://digitalauto.netlify.app',
-      /127\.0\.0\.1:\d+/,
-    ],
+    origin: config.cors.regex,
     credentials: true,
   })
 );
@@ -64,18 +55,14 @@ app.options('*', cors());
 app.use(passport.initialize());
 passport.use('jwt', jwtStrategy);
 
-// limit repeated failed requests to auth endpoints
-// if (config.env === 'production') {
-//  app.use('/v1/auth', authLimiter);
-//  app.use('/v2/auth', authLimiter);
-// }
-
 // v1 api routes
 app.use('/v1', routes);
 app.use('/v2', routesV2);
 
 // Setup proxy to other services
 setupProxy(app);
+const server = require('http').createServer(app);
+initSocketIO(server);
 
 // send back a 404 error for any unknown api request
 app.use((req, res, next) => {
@@ -88,4 +75,12 @@ app.use(errorConverter);
 // handle error
 app.use(errorHandler);
 
+// Test function
+// (async () => {
+//   try {
+//   } catch (error) {
+//     console.log(error);
+//   }
+// })();
+
 module.exports = app;

src/config/config.js

@@ -9,6 +9,9 @@ const envVarsSchema = Joi.object()
     NODE_ENV: Joi.string().valid('production', 'development', 'test').required(),
     PORT: Joi.number().default(3000),
     MONGODB_URL: Joi.string().required().description('Mongo DB url'),
+    // CORS Settings
+    CORS_ORIGIN: Joi.string().description('CORS regex'),
+    // JWT
     JWT_SECRET: Joi.string().required().description('JWT secret key'),
     JWT_ACCESS_EXPIRATION_MINUTES: Joi.number().default(30).description('minutes after which access tokens expire'),
     JWT_REFRESH_EXPIRATION_DAYS: Joi.number().default(30).description('days after which refresh tokens expire'),
@@ -18,33 +21,46 @@ const envVarsSchema = Joi.object()
     JWT_VERIFY_EMAIL_EXPIRATION_MINUTES: Joi.number()
       .default(10)
       .description('minutes after which verify email token expires'),
+    JWT_COOKIE_NAME: Joi.string().default('token').description('JWT cookie name'),
+    JWT_COOKIE_DOMAIN: Joi.string().default('').description('JWT cookie domain'),
     SMTP_HOST: Joi.string().description('server that will send the emails'),
     SMTP_PORT: Joi.number().description('port to connect to the email server'),
     SMTP_USERNAME: Joi.string().description('username for email server'),
     SMTP_PASSWORD: Joi.string().description('password for email server'),
     EMAIL_FROM: Joi.string().description('the from field in the emails sent by the app'),
-    CACHE_BASE_URL: Joi.string().required().description('Cache base url'),
-    LOG_BASE_URL: Joi.string().required().description('Log base url'),
+    CACHE_BASE_URL: Joi.string().description('Cache base url'),
+    LOG_BASE_URL: Joi.string().description('Log base url'),
     CLIENT_BASE_URL: Joi.string().description('Client base url').default('http://localhost:3000'),
-    BREVO_API_KEY: Joi.string().required().description('Brevo API key'),
-    BREVO_BASE_URL: Joi.string().required().description('Brevo base url'),
-    GITHUB_CLIENT_ID: Joi.string().required().description('Github client id'),
-    GITHUB_CLIENT_SECRET: Joi.string().required().description('Github client secret'),
+    BREVO_API_KEY: Joi.string().description('Brevo API key'),
+    BREVO_BASE_URL: Joi.string().description('Brevo base url'),
+    GITHUB_CLIENT_ID: Joi.string().description('Github client id'),
+    GITHUB_CLIENT_SECRET: Joi.string().description('Github client secret'),
     UPLOAD_PORT: Joi.number().required().description('Upload port'),
+    UPLOAD_DOMAIN: Joi.string().required().description('Upload domain'),
     // AWS,
-    AWS_PUBLIC_KEY: Joi.string().required().description('AWS public key'),
-    AWS_SECRET_KEY: Joi.string().required().description('AWS secret key'),
+    AWS_PUBLIC_KEY: Joi.string().description('AWS public key'),
+    AWS_SECRET_KEY: Joi.string().description('AWS secret key'),
     // OpenAI,
-    OPENAI_API_KEY: Joi.string().required().description('OpenAI API key'),
-    OPENAI_ENDPOINT_URL: Joi.string().required().description('OpenAI endpoint url'),
+    OPENAI_API_KEY: Joi.string().description('OpenAI API key'),
+    OPENAI_ENDPOINT_URL: Joi.string().description('OpenAI endpoint url'),
     // GenAI
-    GENAI_ALLOWED_EMAILS: Joi.string().required().description('GenAI allowed emails'),
+    GENAI_ALLOWED_EMAILS: Joi.string().description('GenAI allowed emails'),
     // ETAS
     ETAS_ENABLED: Joi.boolean().description('ETAS enabled'),
     ETAS_CLIENT_ID: Joi.string().description('ETAS client id'),
     ETAS_CLIENT_SECRET: Joi.string().description('ETAS client secret'),
     ETAS_SCOPE: Joi.string().description('ETAS scope'),
     ETAS_INSTANCE_ENDPOINT: Joi.string().description('ETAS instance endpoint'),
+    ETAS_DEV_INSTANCE_ENDPOINT: Joi.string().description('ETAS dev instance endpoint'),
+    // Certivity
+    CERTIVITY_CLIENT_ID: Joi.string().description('Certivity client id'),
+    CERTIVITY_CLIENT_SECRET: Joi.string().description('Certivity client secret'),
+    STRICT_AUTH: Joi.boolean().description('Strict auth'),
+    // Admin emails
+    ADMIN_EMAILS: Joi.string().description('Admin emails'),
+    ADMIN_PASSWORD: Joi.string().description('Admin password'),
+    // Change Logs max size
+    LOGS_MAX_SIZE: Joi.number().default(100).description('Max size of change logs in megabytes'),
   })
   .unknown();
 
@@ -57,6 +73,14 @@ if (error) {
 const config = {
   env: envVars.NODE_ENV,
   port: envVars.PORT,
+  strictAuth: envVars.STRICT_AUTH,
+  cors: {
+    regex: (envVars.CORS_ORIGIN || 'localhost:\\d+,127\\.0\\.0\\.1:\\d+')
+      .split(',')
+      .map((i) => i.trim())
+      .filter(Boolean)
+      .map((i) => new RegExp(i)),
+  },
   mongoose: {
     url: envVars.MONGODB_URL + (envVars.NODE_ENV === 'test' ? '-test' : ''),
     options: {
@@ -72,11 +96,14 @@ const config = {
     refreshExpirationDays: envVars.JWT_REFRESH_EXPIRATION_DAYS,
     resetPasswordExpirationMinutes: envVars.JWT_RESET_PASSWORD_EXPIRATION_MINUTES,
     verifyEmailExpirationMinutes: envVars.JWT_VERIFY_EMAIL_EXPIRATION_MINUTES,
-    cookieRefreshOptions: {
-      // TODO: change this to true when deploy
-      secure: true,
-      httpOnly: true,
-      sameSite: 'None',
+    cookie: {
+      name: envVars.JWT_COOKIE_NAME,
+      options: {
+        secure: true,
+        httpOnly: true,
+        sameSite: 'None',
+        ...(envVars.NODE_ENV === 'production' && { domain: envVars.JWT_COOKIE_DOMAIN }),
+      },
     },
   },
   email: {
@@ -111,6 +138,7 @@ const config = {
   services: {
     upload: {
       port: envVars.UPLOAD_PORT,
+      domain: envVars.UPLOAD_DOMAIN,
     },
     log: {
       port: envVars.LOG_PORT || 9600,
@@ -128,7 +156,7 @@ const config = {
     secretKey: envVars.AWS_SECRET_KEY,
   },
   genAI: {
-    allowedEmails: envVars.GENAI_ALLOWED_EMAILS.split(','),
+    allowedEmails: envVars.GENAI_ALLOWED_EMAILS?.split(',') || [],
   },
   etas: {
     enabled: envVars.ETAS_ENABLED,
@@ -136,7 +164,23 @@ const config = {
     clientSecret: envVars.ETAS_CLIENT_SECRET,
     scope: envVars.ETAS_SCOPE,
     instanceEndpoint: envVars.ETAS_INSTANCE_ENDPOINT,
+    developmentEndpoint: envVars.ETAS_DEV_INSTANCE_ENDPOINT,
+  },
+  githubIssueSubmitUrl: 'https://api.github.com/repos/digital-auto/vehicle_signal_specification/issues',
+  certivity: {
+    authBaseUrl: 'https://certivity-dev.eu.auth0.com/oauth/token',
+    authAudience: 'https://service-api-dev.certivity.io',
+    authGrantType: 'client_credentials',
+    clientId: envVars.CERTIVITY_CLIENT_ID,
+    clientSecret: envVars.CERTIVITY_CLIENT_SECRET,
+    regulationBaseUrl: 'https://ctvt-service-api.azurewebsites.net/api/v1/protected/regulation',
+  },
+  sso: {
+    msGraphMeEndpoint: 'https://graph.microsoft.com/v1.0/me',
   },
+  adminEmails: envVars.ADMIN_EMAILS?.split(',') || [],
+  adminPassword: envVars.ADMIN_PASSWORD,
+  logsMaxSize: envVars.LOGS_MAX_SIZE,
 };
 
 if (config.env === 'development') {

src/config/firebase.js

@@ -4,47 +4,56 @@ const { getFirestore } = require('firebase-admin/firestore');
 const { getStorage } = require('firebase-admin/storage');
 require('dotenv').config();
 
-const { privateKey } = JSON.parse(process.env.FIREBASE_PRIVATE_KEY);
+const { privateKey } = JSON.parse(process.env.FIREBASE_PRIVATE_KEY || '{}');
 
-const app = initializeApp({
-  credential: cert({
-    projectId: process.env.FIREBASE_PROJECT_ID,
-    privateKey,
-    clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
-  }),
-});
+const exportsObject = {
+  db: null,
+  auth: null,
+  getStorageRef: null,
+  REFS: null,
+};
 
-const storage = getStorage();
+if (privateKey) {
+  const app = initializeApp({
+    credential: cert({
+      projectId: process.env.FIREBASE_PROJECT_ID,
+      privateKey,
+      clientEmail: process.env.FIREBASE_CLIENT_EMAIL,
+    }),
+  });
 
-const getStorageRef = (filename) => {
-  const bucket = storage.bucket(); // Gets the default bucket
-  return bucket.file(filename); // Creates a reference to the file in the bucket
-};
+  const storage = getStorage();
 
-const db = getFirestore(app);
-const auth = getAuth(app);
-
-const REFS = {
-  tenant: db.collection('tenant'),
-  model: db.collection('model'),
-  tags: db.collection('tags'),
-  prototype: db.collection('project'),
-  plugin: db.collection('plugin'),
-  media: db.collection('media'),
-  user: db.collection('user'),
-  feedback: db.collection('feedback'),
-  discussion: db.collection('discussion'),
-  activity_log: db.collection('activity_log'),
-  issue: db.collection('issue'),
-  survey: db.collection('survey'),
-  feature: db.collection('feature'),
-  api: db.collection('api'),
-  addOns: db.collection('addOns'),
-};
+  const getStorageRef = (filename) => {
+    const bucket = storage.bucket(); // Gets the default bucket
+    return bucket.file(filename); // Creates a reference to the file in the bucket
+  };
 
-module.exports = {
-  db,
-  auth,
-  getStorageRef,
-  REFS,
-};
+  const db = getFirestore(app);
+  const auth = getAuth(app);
+
+  const REFS = {
+    tenant: db.collection('tenant'),
+    model: db.collection('model'),
+    tags: db.collection('tags'),
+    prototype: db.collection('project'),
+    plugin: db.collection('plugin'),
+    media: db.collection('media'),
+    user: db.collection('user'),
+    feedback: db.collection('feedback'),
+    discussion: db.collection('discussion'),
+    activity_log: db.collection('activity_log'),
+    issue: db.collection('issue'),
+    survey: db.collection('survey'),
+    feature: db.collection('feature'),
+    api: db.collection('api'),
+    addOns: db.collection('addOns'),
+  };
+
+  exportsObject.db = db;
+  exportsObject.auth = auth;
+  exportsObject.getStorageRef = getStorageRef;
+  exportsObject.REFS = REFS;
+}
+
+module.exports = exportsObject;

src/config/passport.js

 const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt');
 const config = require('./config');
 const { tokenTypes } = require('./tokens');
-const { User } = require('../models');
+const { User, Asset } = require('../models');
 
 const jwtOptions = {
   secretOrKey: config.jwt.secret,
@@ -14,10 +14,14 @@ const jwtVerify = async (payload, done) => {
       throw new Error('Invalid token type');
     }
     const user = await User.findById(payload.sub);
-    if (!user) {
-      return done(null, false);
+    if (user) {
+      return done(null, user);
     }
-    done(null, user);
+    const asset = await Asset.findById(payload.sub);
+    if (asset) {
+      return done(null, asset);
+    }
+    return done(null, false);
   } catch (error) {
     done(error, false);
   }
@@ -27,4 +31,5 @@ const jwtStrategy = new JwtStrategy(jwtOptions, jwtVerify);
 
 module.exports = {
   jwtStrategy,
+  jwtVerify,
 };

src/config/roles.js

@@ -9,7 +9,7 @@ const roleRights = new Map(Object.entries(allRoles));
 const PERMISSIONS = {
   // *
   UNLIMITED_MODEL: 'unlimitedModel',
-  MANAGE_USERS: 'manageUsers',
+  ADMIN: 'manageUsers',
 
   // model_id
   READ_MODEL: 'readModel',
@@ -17,14 +17,22 @@ const PERMISSIONS = {
 
   // genai,
   GENERATIVE_AI: 'generativeAI',
+
+  // read assets,
+  READ_ASSET: 'readAsset',
+  WRITE_ASSET: 'writeAsset',
+
+  // deploy hardware
+  DEPLOY_HARDWARE: 'deployHardware',
 };
 
 const PERMISSIONS_DESCRIPTION = {
   [PERMISSIONS.UNLIMITED_MODEL]: 'Unlimited access',
-  [PERMISSIONS.MANAGE_USERS]: 'Manage users',
+  [PERMISSIONS.ADMIN]: 'Manage users',
   [PERMISSIONS.READ_MODEL]: 'Read model',
   [PERMISSIONS.WRITE_MODEL]: 'Write model',
   [PERMISSIONS.GENERATIVE_AI]: 'Generative AI',
+  [PERMISSIONS.DEPLOY_HARDWARE]: 'Deploy hardware',
 };
 
 // The role here is applied for the resources that the user is not the owner of
@@ -55,13 +63,37 @@ const ROLES = {
     permissions: [
       PERMISSIONS.READ_MODEL,
       PERMISSIONS.WRITE_MODEL,
-      PERMISSIONS.MANAGE_USERS,
+      PERMISSIONS.ADMIN,
       PERMISSIONS.UNLIMITED_MODEL,
       PERMISSIONS.GENERATIVE_AI,
+      PERMISSIONS.READ_ASSET,
+      PERMISSIONS.WRITE_ASSET,
+      PERMISSIONS.DEPLOY_HARDWARE,
     ],
     ref: 'admin',
     name: 'Admin',
   },
+  read_asset: {
+    permissions: [PERMISSIONS.READ_ASSET],
+    ref: 'read_asset',
+    name: 'Read asset',
+  },
+  write_asset: {
+    permissions: [PERMISSIONS.READ_ASSET, PERMISSIONS.WRITE_ASSET],
+    ref: 'write_asset',
+    name: 'Write asset',
+  },
+  deploy_hardware: {
+    permissions: [PERMISSIONS.DEPLOY_HARDWARE],
+    ref: 'deploy_hardware',
+    name: 'Deploy hardware',
+  },
+};
+
+const RESOURCES = {
+  MODEL: 'model',
+  PROTOTYPE: 'prototype',
+  ASSET: 'asset',
 };
 
 module.exports = {
@@ -70,4 +102,5 @@ module.exports = {
   ROLES,
   PERMISSIONS,
   PERMISSIONS_DESCRIPTION,
+  RESOURCES,
 };

src/config/socket.js

 const { Server } = require('socket.io');
 const logger = require('./logger');
+const ApiError = require('../utils/ApiError');
+const httpStatus = require('http-status');
+const jwt = require('jsonwebtoken');
+const config = require('./config');
+const { jwtVerify } = require('./passport');
+const { tokenTypes } = require('./tokens');
+const permissionService = require('../services/permission.service');
+const { PERMISSIONS } = require('./roles');
 
 let io = null;
 
 const init = (server) => {
   io = new Server(server, {
     cors: {
-      origin: [
-        /localhost:\d+/,
-        /\.digitalauto\.tech$/,
-        /\.digitalauto\.asia$/,
-        /\.digital\.auto$/,
-        'https://digitalauto.netlify.app',
-      ],
+      origin: config.cors.regex,
       credentials: true,
     },
   });
 
+  io.use(function (socket, next) {
+    if (socket.handshake.query && socket.handshake.query.access_token) {
+      jwt.verify(socket.handshake.query.access_token, config.jwt.secret, async function (err, decoded) {
+        if (err) return next(new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate'));
+        await jwtVerify(
+          {
+            type: tokenTypes.ACCESS,
+            sub: decoded.sub,
+          },
+          async (error, user) => {
+            if (error || !user) {
+              return next(new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate'));
+            }
+            // if (!(await permissionService.hasPermission(user.id, PERMISSIONS.GENERATIVE_AI)))
+            //   return next(new ApiError(httpStatus.UNAUTHORIZED, 'You are not authorized to access this'));
+            // }
+            socket.user = user;
+            next();
+          }
+        );
+      });
+    } else {
+      next(new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate'));
+    }
+  });
+
   io.on('connection', () => {
     logger.info('a user connected');
   });

src/controllers/api.controller.js

@@ -31,10 +31,22 @@ const deleteApi = catchAsync(async (req, res) => {
   res.status(httpStatus.NO_CONTENT).send();
 });
 
+const listVSSVersions = catchAsync(async (req, res) => {
+  const versions = await apiService.listVSSVersions();
+  res.send(versions);
+});
+
+const getVSSVersion = catchAsync(async (req, res) => {
+  const version = await apiService.getVSSVersion(req.params.name);
+  res.send(version);
+});
+
 module.exports = {
   createApi,
   getApiByModelId,
   getApi,
   updateApi,
   deleteApi,
+  listVSSVersions,
+  getVSSVersion,
 };