Use @nmshd/typescript-ioc and @nmshd/typescript-rest to get rid o…

…f vulnerabilities (#283)

* chore: bump libs

* refactor: use new libs

* refactor: update tests

* chore: remove audit excludes

* fix: add typescript-rest package

.ci/runChecks.sh

@@ -11,4 +11,4 @@ npm run lint:prettier
 
 # auditing
 npx license-check --ignoreRegex @nmshd/connector
-npx better-npm-audit audit --exclude 1096302,1093639
+npx better-npm-audit audit

package.json

@@ -84,7 +84,9 @@
         "@js-soft/docdb-access-mongo": "1.1.9",
         "@js-soft/node-logger": "1.2.0",
         "@js-soft/ts-utils": "^2.3.3",
-        "@nmshd/runtime": "6.3.0",
+        "@nmshd/runtime": "6.3.1",
+        "@nmshd/typescript-ioc": "^3.2.4",
+        "@nmshd/typescript-rest": "^3.0.5",
         "agentkeepalive": "4.5.0",
         "amqplib": "^0.10.4",
         "axios": "^1.7.7",
@@ -97,25 +99,22 @@
         "json-stringify-safe": "5.0.1",
         "jsonschema": "1.4.1",
         "mqtt": "^5.10.1",
-        "multer": "^1.4.5-lts.1",
         "nconf": "0.12.1",
         "on-headers": "1.0.2",
         "rapidoc": "9.3.8",
         "redis": "^4.7.0",
         "reflect-metadata": "0.2.2",
         "swagger-ui-express": "5.0.1",
-        "typescript-ioc": "3.2.2",
-        "typescript-rest": "3.0.4",
-        "typescript-rest-ioc": "1.0.1",
         "yamljs": "0.3.0"
     },
     "devDependencies": {
         "@apidevtools/swagger-parser": "^10.1.0",
         "@js-soft/eslint-config-ts": "1.6.12",
         "@js-soft/license-check": "1.0.9",
         "@nmshd/connector-sdk": "*",
-        "@nmshd/content": "6.3.0",
-        "@nmshd/core-types": "6.3.0",
+        "@nmshd/content": "6.3.1",
+        "@nmshd/core-types": "6.3.1",
+        "@nmshd/typescript-rest-swagger": "^1.4.1",
         "@types/amqplib": "^0.10.5",
         "@types/compression": "^1.7.5",
         "@types/cors": "^2.8.17",
@@ -144,12 +143,6 @@
         "prettier": "^3.3.3",
         "ts-jest": "^29.2.5",
         "ts-node": "^10.9.2",
-        "typescript": "^5.6.3",
-        "typescript-rest-swagger": "github:nmshd/typescript-rest-swagger#1.4.0"
-    },
-    "overrides": {
-        "typescript-rest": {
-            "multer": "$multer"
-        }
+        "typescript": "^5.6.3"
     }
 }

packages/sdk/package.json

@@ -30,7 +30,7 @@
         "build:schemas:watch": "npx nodemon -e ts -w 'src/types' --exec 'npm run build:schemas'"
     },
     "dependencies": {
-        "@nmshd/content": "6.3.0",
+        "@nmshd/content": "6.3.1",
         "axios": "^1.7.7",
         "form-data": "^4.0.1",
         "qs": "^6.13.0"

src/infrastructure/httpServer/HttpServer.ts

@@ -1,12 +1,12 @@
 import { sleep } from "@js-soft/ts-utils";
+import { Container } from "@nmshd/typescript-ioc";
+import { Server } from "@nmshd/typescript-rest";
 import compression from "compression";
 import correlator from "correlation-id";
 import cors, { CorsOptions } from "cors";
 import express, { Application, RequestHandler } from "express";
 import helmet, { HelmetOptions } from "helmet";
 import http from "http";
-import { Server } from "typescript-rest";
-import typescriptRestIOC from "typescript-rest-ioc";
 import { buildInformation } from "../../buildInformation";
 import { ConnectorInfrastructure, InfrastructureConfiguration } from "../ConnectorInfastructure";
 import { HttpMethod } from "./HttpMethod";
@@ -230,7 +230,27 @@ export class HttpServer extends ConnectorInfrastructure<HttpServerConfiguration>
     }
 
     private useCustomControllers() {
-        Server.registerServiceFactory(typescriptRestIOC);
+        Server.registerServiceFactory({
+            create: (serviceClass: any) => {
+                return Container.get(serviceClass);
+            },
+            getTargetClass: (serviceClass: Function) => {
+                let typeConstructor: any = serviceClass;
+                if (typeConstructor["name"] && typeConstructor["name"] !== "ioc_wrapper") {
+                    return typeConstructor as FunctionConstructor;
+                }
+                typeConstructor = typeConstructor["__parent"];
+                while (typeConstructor) {
+                    if (typeConstructor["name"] && typeConstructor["name"] !== "ioc_wrapper") {
+                        return typeConstructor as FunctionConstructor;
+                    }
+                    typeConstructor = typeConstructor["__parent"];
+                }
+
+                this.logger.error("Can not identify the base Type for requested target: %o", serviceClass);
+                throw new TypeError("Can not identify the base Type for requested target");
+            }
+        });
 
         for (const controller of this.controllers) {
             Server.loadControllers(this.app, controller.globs, controller.baseDirectory);

src/infrastructure/httpServer/middlewares/genericErrorHandler.ts

@@ -1,9 +1,9 @@
 import { ApplicationError } from "@js-soft/ts-utils";
 import { RuntimeErrors } from "@nmshd/runtime";
 import { RequestError, TransportCoreErrors } from "@nmshd/transport";
+import { Errors } from "@nmshd/typescript-rest";
 import express from "express";
 import stringify from "json-stringify-safe";
-import { Errors } from "typescript-rest";
 import { ConnectorMode } from "../../../ConnectorMode";
 import { ConnectorLoggerFactory } from "../../../logging/ConnectorLoggerFactory";
 import { Envelope, HttpError, HttpErrors } from "../common";

src/modules/coreHttpApi/common/BaseController.ts

@@ -1,6 +1,6 @@
 import { Result } from "@js-soft/ts-utils";
+import { Return } from "@nmshd/typescript-rest";
 import express from "express";
-import { Return } from "typescript-rest";
 import { Envelope } from "../../../infrastructure";
 
 export abstract class BaseController {

src/modules/coreHttpApi/controllers/AccountController.ts

@@ -1,6 +1,6 @@
 import { TransportServices } from "@nmshd/runtime";
-import { Inject } from "typescript-ioc";
-import { Accept, GET, Path, POST } from "typescript-rest";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, GET, Path, POST } from "@nmshd/typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/AttributesController.ts

@@ -1,6 +1,6 @@
 import { ConsumptionServices, RuntimeErrors, TransportServices } from "@nmshd/runtime";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, DELETE, GET, POST, Path, PathParam, QueryParam, Return, ServiceContext } from "typescript-rest";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, DELETE, GET, POST, Path, PathParam, QueryParam, Return, ServiceContext } from "@nmshd/typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/ChallengesController.ts

@@ -1,6 +1,6 @@
 import { TransportServices } from "@nmshd/runtime";
-import { Inject } from "typescript-ioc";
-import { Accept, Path, POST, Return } from "typescript-rest";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Path, POST, Return } from "@nmshd/typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/FilesController.ts

@@ -1,8 +1,8 @@
 import { OwnerRestriction, TransportServices } from "@nmshd/runtime";
 import { Reference } from "@nmshd/transport";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, ContextAccept, ContextResponse, Errors, FileParam, FormParam, GET, POST, Path, PathParam, Return, ServiceContext } from "@nmshd/typescript-rest";
 import express from "express";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, ContextAccept, ContextResponse, Errors, FileParam, FormParam, GET, POST, Path, PathParam, Return, ServiceContext } from "typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController, Mimetype } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/IncomingRequestsController.ts

@@ -1,6 +1,6 @@
 import { ConsumptionServices } from "@nmshd/runtime";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, GET, Path, PathParam, PUT, ServiceContext } from "typescript-rest";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, GET, Path, PathParam, PUT, ServiceContext } from "@nmshd/typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/MessagesController.ts

@@ -1,7 +1,7 @@
 import { TransportServices } from "@nmshd/runtime";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, ContextResponse, GET, Path, PathParam, POST, Return, ServiceContext } from "@nmshd/typescript-rest";
 import express from "express";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, ContextResponse, GET, Path, PathParam, POST, Return, ServiceContext } from "typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController, Mimetype } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/OutgoingRequestsController.ts

@@ -1,6 +1,6 @@
 import { ConsumptionServices } from "@nmshd/runtime";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, GET, Path, PathParam, POST, Return, ServiceContext } from "typescript-rest";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, GET, Path, PathParam, POST, Return, ServiceContext } from "@nmshd/typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/RelationshipTemplatesController.ts

@@ -1,7 +1,7 @@
 import { OwnerRestriction, TransportServices } from "@nmshd/runtime";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, ContextAccept, ContextResponse, Errors, GET, POST, Path, PathParam, Return, ServiceContext } from "@nmshd/typescript-rest";
 import express from "express";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, ContextAccept, ContextResponse, Errors, GET, POST, Path, PathParam, Return, ServiceContext } from "typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController, Mimetype } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/RelationshipsController.ts

@@ -1,6 +1,6 @@
 import { TransportServices } from "@nmshd/runtime";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, DELETE, GET, Path, PathParam, POST, PUT, Return, ServiceContext } from "typescript-rest";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, DELETE, GET, Path, PathParam, POST, PUT, Return, ServiceContext } from "@nmshd/typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController } from "../common/BaseController";
 

src/modules/coreHttpApi/controllers/TokensController.ts

@@ -1,7 +1,7 @@
 import { OwnerRestriction, TransportServices } from "@nmshd/runtime";
+import { Inject } from "@nmshd/typescript-ioc";
+import { Accept, Context, ContextAccept, ContextResponse, Errors, GET, Path, PathParam, POST, Return, ServiceContext } from "@nmshd/typescript-rest";
 import express from "express";
-import { Inject } from "typescript-ioc";
-import { Accept, Context, ContextAccept, ContextResponse, Errors, GET, Path, PathParam, POST, Return, ServiceContext } from "typescript-rest";
 import { Envelope } from "../../../infrastructure";
 import { BaseController, Mimetype } from "../common/BaseController";
 

test/spec.test.ts

@@ -1,7 +1,7 @@
 /* eslint-disable jest/no-conditional-in-test */
 import swaggerParser from "@apidevtools/swagger-parser";
+import { MetadataGenerator, SpecGenerator, Swagger } from "@nmshd/typescript-rest-swagger";
 import { OpenAPIV3 } from "openapi-types";
-import { MetadataGenerator, SpecGenerator, Swagger } from "typescript-rest-swagger";
 import yamljs from "yamljs";
 
 describe("test openapi spec against routes", () => {