refactor: service module to TS + ESM (v2)

package.json

@@ -67,7 +67,6 @@
     "lusca": "^1.7.0",
     "moment": "^2.30.1",
     "mongodb": "^5.9.2",
-    "nodemailer": "^6.10.1",
     "openid-client": "^6.8.0",
     "parse-diff": "^0.11.1",
     "passport": "^0.7.0",
@@ -92,12 +91,20 @@
     "@eslint/compat": "^1.4.0",
     "@eslint/js": "^9.36.0",
     "@eslint/json": "^0.13.2",
+    "@types/activedirectory2": "^1.2.6",
+    "@types/cors": "^2.8.19",
     "@types/domutils": "^1.7.8",
     "@types/express": "^5.0.3",
     "@types/express-http-proxy": "^1.6.7",
+    "@types/express-session": "^1.18.2",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/jwk-to-pem": "^2.0.3",
     "@types/lodash": "^4.17.20",
+    "@types/lusca": "^1.7.5",
     "@types/mocha": "^10.0.10",
     "@types/node": "^22.18.6",
+    "@types/passport": "^1.0.17",
+    "@types/passport-local": "^1.0.38",
     "@types/react-dom": "^17.0.26",
     "@types/react-html-parser": "^2.0.7",
     "@types/validator": "^13.15.3",

packages/git-proxy-cli/test/testCli.test.js

@@ -8,7 +8,7 @@ require('../../../src/config/file').configFile = path.join(
   'test',
   'testCli.proxy.config.json',
 );
-const service = require('../../../src/service');
+const service = require('../../../src/service').default;
 
 /* test constants */
 // push ID which does not exist
@@ -566,7 +566,7 @@ describe('test git-proxy-cli', function () {
         await helper.startServer(service);
         await helper.runCli(`npx -- @finos/git-proxy-cli login --username admin --password admin`);
 
-        const cli = `npx -- @finos/git-proxy-cli create-user --username ${uniqueUsername} --password newpass --email new@email.com --gitAccount newgit`;
+        const cli = `npx -- @finos/git-proxy-cli create-user --username ${uniqueUsername} --password newpass --email ${uniqueUsername}@email.com --gitAccount newgit`;
         const expectedExitCode = 0;
         const expectedMessages = [`User '${uniqueUsername}' created successfully`];
         const expectedErrorMessages = null;
@@ -576,7 +576,7 @@ describe('test git-proxy-cli', function () {
         await helper.runCli(
           `npx -- @finos/git-proxy-cli login --username ${uniqueUsername} --password newpass`,
           0,
-          [`Login "${uniqueUsername}" <new@email.com>: OK`],
+          [`Login "${uniqueUsername}" <${uniqueUsername}@email.com>: OK`],
           null,
         );
       } finally {

src/config/types.ts

@@ -8,7 +8,7 @@ export interface UserSettings {
   apiAuthentication: Authentication[];
   tempPassword?: TempPasswordConfig;
   proxyUrl: string;
-  api: Record<string, any>;
+  api: ThirdPartyApiConfig;
   cookieSecret: string;
   sessionMaxAgeHours: number;
   tls?: TLSConfig;
@@ -49,6 +49,39 @@ export interface Authentication {
   type: string;
   enabled: boolean;
   options?: Record<string, unknown>;
+  oidcConfig?: OidcConfig;
+  adConfig?: AdConfig;
+  jwtConfig?: JwtConfig;
+
+  // Deprecated fields for backwards compatibility
+  // TODO: remove in future release and keep the ones in adConfig
+  userGroup?: string;
+  adminGroup?: string;
+  domain?: string;
+}
+
+export interface OidcConfig {
+  issuer: string;
+  clientID: string;
+  clientSecret: string;
+  callbackURL: string;
+  scope: string;
+}
+
+export interface AdConfig {
+  url: string;
+  baseDN: string;
+  searchBase: string;
+  userGroup?: string;
+  adminGroup?: string;
+  domain?: string;
+}
+
+export interface JwtConfig {
+  clientID: string;
+  authorityURL: string;
+  roleMapping: Record<string, unknown>;
+  expectedAudience?: string;
 }
 
 export interface TempPasswordConfig {
@@ -59,3 +92,24 @@ export interface TempPasswordConfig {
 export type RateLimitConfig = Partial<
   Pick<RateLimitOptions, 'windowMs' | 'limit' | 'message' | 'statusCode'>
 >;
+
+export interface ThirdPartyApiConfig {
+  ls?: ThirdPartyApiConfigLs;
+  github?: ThirdPartyApiConfigGithub;
+  gitleaks?: ThirdPartyApiConfigGitleaks;
+}
+
+export interface ThirdPartyApiConfigLs {
+  userInADGroup: string;
+}
+
+export interface ThirdPartyApiConfigGithub {
+  baseUrl: string;
+}
+
+export interface ThirdPartyApiConfigGitleaks {
+  configPath: string;
+  enabled: boolean;
+  ignoreGitleaksAllow: boolean;
+  noColor: boolean;
+}

src/db/file/helper.ts

@@ -0,0 +1 @@
+export const getSessionStore = (): undefined => undefined;

src/db/file/index.ts

@@ -1,6 +1,9 @@
 import * as users from './users';
 import * as repo from './repo';
 import * as pushes from './pushes';
+import * as helper from './helper';
+
+export const { getSessionStore } = helper;
 
 export const { getPushes, writeAudit, getPush, deletePush, authorise, cancel, reject } = pushes;
 

src/db/file/pushes.ts

@@ -29,9 +29,10 @@ const defaultPushQuery: PushQuery = {
   blocked: true,
   allowPush: false,
   authorised: false,
+  type: 'push',
 };
 
-export const getPushes = (query: PushQuery): Promise<Action[]> => {
+export const getPushes = (query: Partial<PushQuery>): Promise<Action[]> => {
   if (!query) query = defaultPushQuery;
   return new Promise((resolve, reject) => {
     db.find(query, (err: Error, docs: Action[]) => {

src/db/file/repo.ts

@@ -1,9 +1,10 @@
 import fs from 'fs';
 import Datastore from '@seald-io/nedb';
-import { Repo } from '../types';
-import { toClass } from '../helper';
 import _ from 'lodash';
 
+import { Repo, RepoQuery } from '../types';
+import { toClass } from '../helper';
+
 const COMPACTION_INTERVAL = 1000 * 60 * 60 * 24; // once per day
 
 // these don't get coverage in tests as they have already been run once before the test
@@ -27,7 +28,7 @@ try {
 db.ensureIndex({ fieldName: 'name', unique: false });
 db.setAutocompactionInterval(COMPACTION_INTERVAL);
 
-export const getRepos = async (query: any = {}): Promise<Repo[]> => {
+export const getRepos = async (query: Partial<RepoQuery> = {}): Promise<Repo[]> => {
   if (query?.name) {
     query.name = query.name.toLowerCase();
   }