Describe the bug
Unit test case coverage missing and not up to the mark

Expected behavior
We should have at least 75% unit test case coverage in all micro services

Screenshots

Additional context
We can divide this into separate tasks for each microservice and then implement the same.

Describe the bug
Installation of @sourceloop/core package completes successfully, but running the application after installtion says 'prom-client' is missing.

To Reproduce
Steps to reproduce the behavior:

1. Create a Loopback4 Application
2. Install @sourceloop/core
3. Run the application
4. See error - 'prom client' missing

Expected behavior
The application should not raise an error after installing the package.

Describe the solution you'd like
Convert k8s yaml to HCL

User need to always install db-migrate/db-migrate-pg packages even if user doesn't want to use automatic migration service.

Describe the feature
Add Unit Tests for Notification Service

Expected behavior
We should have at least 75% unit test case coverage in all micro services

Is your feature request related to a problem? Please describe.
General stripe payment gateway service

Describe the solution you'd like

Should have ability to
1 - Add customer
2 - Add credit card/debit card to the customer
3 - Add bank accounts to customer
4 - Charge customer creditcard
5 - Make bank transfer to customer
6 - Validate payment methods
6 - Refunds
7 - Transaction history
8 - Support DB transactions with rollback feature in the event of error

Describe the bug

To Reproduce
Steps to reproduce the behavior:

1. Stop the camunda engine.
2. Hit the execute endpoint, it should fail
3. Restart the camunda engine.
4. The API gives success response, but none of the workers start their work.

Expected behavior
After executing a process, workers should start their task.

Is your feature request related to a problem? Please describe.
Https proxy setup is not possible for keycloak auth currently

Describe the solution you'd like
Some config or env var needed to enable this

Describe alternatives you've considered
None

Additional context
jaredhanson/passport-oauth2#59 (comment)

Describe the bug
As of now, the sourceloop/core readme only provides an overall idea of the module, lacking any of the specific details.

Expected behavior
The readme should provide details of all the components, sequences, etc the module provides.

Add a basic CI pipeline using a declarative Jenkinsfile for the sandbox Docker images.

Migration script that creates Database tables needed for payment-service

While deploying video-service code on lambda, error comes in api execution, since i18n library is not able to write temporary files. The cause of error is that the directory is hardcoded in the config. In case of lamda, that directory structure doesn't exist.

So, the proposed solution is that we should make the configure object for i18n library configurable, via binding from application using in the core package.

Describe the bug

export const rateLimitKeyGen = (req: Request) => {
  return req.headers?.authorization?.replace(/bearer /i, '') ?? req.ip;
};

This code is problematic in case of micro services architecture where same token is actually utilized by multiple microservices and redis is common for all. In that case the counter will be split up between microservices and actual rate limit per microservice becomes lesser than we configure in env vars. This function need to support a prefix.

Expected behavior
Rate limiting for secure APIs should happen per token per microservice.

Describe the solution you'd like
CI/CD build for the example images, so that use of local registry is optional.

Describe the bug

The RegisterWorker provider provides a function that can only bind commands for a single workflow name.

Expected behavior
RegisterWorker Function should be able to register workers for multiple different workflows.

Additional context
Looks like the register function is keeping only one value in the map at most, fixing this should resolve the issue.

Describe the bug
Sonar issues

https://sonarcloud.io/project/issues?id=sourcefuse_loopback4-microservice-catalog&resolved=false

Expected behavior
Sonar needs to be green

Sandbox: Make postgres_orchestrator always return 0
The script is a temporary solution for local development and causes a deployment failure when deployed to k8s locally. Modify the script to exit 0 and complete all DB creation commands.

Describe the feature
Add Unit Tests for BPMN Service

Expected behavior
We should have at least 75% unit test case coverage in all micro services

How about we create an extensions folder within this monorepo, where we can keep all our experimental extensions or related POC implementation before they can be published over npm separately ?

Some conditions for extensions here

• They all will be private here
• They will have sample MVP implementation with complete documentation and list of pending items
• Basic TCs and examples, wherever possible.

This is taking inspiration from LB4 experimental extensions package here -> https://github.com/strongloop/loopback-next/tree/master/extensions

Describe the bug
Create new workflow by BPMN service created by and created on, is missing

To Reproduce
Steps to reproduce the behavior:

1. Implement BPMN service
2. Create workflow
3. created_by and created_on is missing

Expected behavior
created_by and created_on should present

Additional context
Need to add delete workflow call in the controller as of now able to delete workflow from camunda but at database is still there

Is your feature request related to a problem? Please describe.
Currently there is no way to provide the database migrations to consumers whenever a micro service is upgraded

Describe the solution you'd like
We need to have some kind of automaton here . A pre-install hook or a simple cli command which can be triggered whenever needed.

Describe alternatives you've considered
None as of now. Only way is to use loopback migrate.

Additional context
We need to do a Spike first for the approach. We can figure out the acceptance criteria after that.

Is your feature request related to a problem? Please describe.
There is always a need for a reusable user onboarding or user guide feature in every application. It will be a very good addition to this catalog.

Describe the solution you'd like
@kabir-chandhoke to add.

Is your feature request related to a problem? Please describe.
/notification-users get api is not working for userTenantId because we are using user tenant id for our socket connection which is "to" parameter in request and currently it is comparing userId column value with token userId

Describe the solution you'd like
We can check userTenantId for userId column or we should introduce a provider for checking column value

Describe alternatives you've considered
currently using a new controller for handling /notification-users get api

Is your feature request related to a problem? Please describe.
There needs to be some way of configuring some APIs to be hidden or not required. If configured so, then, they should not show up in open api spec for the same.

Describe the solution you'd like
Some configuration needed. Not sure what's the best way. Is there a way to make an api hidden in open api spec ?

Describe alternatives you've considered
None as of now

Additional context
Might be related -> OAI/OpenAPI-Specification#433

Describe the bug
FacadesBearerTokenVerifyProvider - This is tight coupling auth service to all other facades which are using this verify bearer token. This is an anti pattern.

Expected behavior
Facades should be self sufficient enough to verify bearer token without depending on another service. This way they can also be completely independent.

Additional context
We need to ensure revoked tokens checking still works here.

I went through the examples and found that we presently do not have pubnub as a provider in any of our examples.
therefore, it would be resourceful to have an example with pubnub as a provider.

While creating the implementation I would request you to consider, Access management for channel subscriptions. posting messages to channels/channel groups.
for permission flow please consider https://www.pubnub.com/docs/security/access-control#initialize-with-secretkey

it would be an added advatage if we can also have a built in capability of monitoring presence at the service end where we use the pubnub webhooks to monitor users presence,
This might be a SRP breach but putting it here would kind of wrap the pubnub implementation at one place and accelerate the development.

The interface EventDTO was imported from @sourceloop/scheduler-service and used in request body. But when i add any property to extMetadata like meeting_info. Because of the following error shown below.

import { EventDTO } from '@sourceloop/scheduler-service';

const eventData: EventDTO = {....//  object key values }

eventData.extMetadata.meeting_info.id = 'xxx--xxxx';

This line was showing error Property meeting_info doesn't exist on type 'object'.

Screenshot given here

Describe the bug
docker-compose build --up fails for examples.

To Reproduce
Steps to reproduce the behavior:

1. Clone the repo
2. `cd examples'
3. docker-compose up --build
4. Error is below

Pulling video-conferencing-ms-migration (sourceloop/workflow-helloworld:latest)...
ERROR: pull access denied for sourceloop/workflow-helloworld, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

Expected behavior
All services build and run via docker-compose build --up

Describe the solution you'd like
Terraform based solution for deploying the sandbox to k8s.

Is your feature request related to a problem? Please describe.
Need a micro service for chat messaging

Describe the solution you'd like
We should have a simplistic, reusable and scalable chat microservice which may or may not be real time. The idea is that this microservice provides us messaging feature and replies feature and read/unread feature. But real time updates and notifications can be separate as that may not be needed everywhere.

Describe alternatives you've considered
None available right now.

Additional context
We have done similar works in the past. Let's see if we can make something reusable using the same concept.

Is your feature request related to a problem? Please describe.
Update all the packages to the latest versions, as was done for Loopback packages. Also fix audit issues if any.

Describe the bug
Security specifications are missing or incomplete in some of the API specifications.

A Payment Service that supports configurable multiple gateways.

Features:-

• Configurable Multiple Gateways
• Enable/Disable From the list of Predefined Gateways
• Create orders
• Charge the Credit/Debit Card
• Maintains Transactions History
• Current Implementation With Stripe And Razorpay

Is your feature request related to a problem? Please describe.
Distributed tracing not available yet, out of the box.

Describe the solution you'd like
Need an out of the box and configurable solution for this.

Describe alternatives you've considered
Custome can be done but outside sourceloop right now

Additional context
Some of our works in the past can help us here. Let's try if some of those can be followed here.

Is your feature request related to a problem? Please describe.
Right now we dont have any complete example of casbin provider of authorization

Describe the solution you'd like
Add example, documentation and blog

Describe alternatives you've considered
None.

Additional context
None

Describe the feature
Add Unit Tests for Authentication Service

Expected behavior
We should have at least 75% unit test case coverage in all micro services

Describe the bug
A user does not logout when using /logout API of Authentication Service

To Reproduce
Steps to reproduce the behavior:

1. Hit /logout API with a valid access token and refresh token
2. If the user logged in via keycloak, and keycloak access token was still valid, he would directly login with no prompt to enter credentials again.

Expected behavior
Although this is how SSO works, but for some applications, it might be a security issue and it may be a requirement to logout from keycloak as well.

Additional context
Authentication Service. Keycloak

GA Milestone

List of items to achieve before we can make Sourceloop GA

• Automate database migration when a micro service is installed or updated (#124)
• Need examples for each microservice (#146)

Above is bare minimum list before we go for GA. We need opinions on what else is needed. @sourcefuse/sourceloop

Is your feature request related to a problem? Please describe.

Sometimes, a project is not in multi-tenant structure so it would be good to have a way to get rid of any models related to tenant.

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
Basic set of k8s manifests and documentation to run the sandbox applications in k8s.

Describe the bug
The 'deleted_on', 'deleted_by' fields are not available in tables in schedular migrations. Without these the the repository fetch is showing error.

Describe the bug
The documentation is not clear and complete in the current state.

Expected behavior
The documentation should be clear and easy to understand, for all the services and examples.

Services

• Audit Service - @sumiter92
• Authentication Service - @akshatdubeysf
• BPMN Service - @akshatdubeysf
• In-mail Service - @sumiter92
• Notification Service - @yeshamavani
• Scheduler Service - @ashutosh-bansal-2136
• Video Conferencing Service - @ashutosh-bansal-2136

Examples

• Audit Example
• Auth Basic MS Example
• Auth Multitenant Example
• In-mail Example
• Notification Socket Example
• Scheduler Example
• Video-conferencing Example
• Workflow Example

Is your feature request related to a problem? Please describe.
Need a micro service for bpmn flows

Describe the solution you'd like
We should have a simplistic, reusable and scalable bpmn microservice that is agnostic of bpmn engine to be used. It should be able to integrate with camunda, zeebe, jbpm etc. using the same interface and without any coupling with bpmn engine.

Describe alternatives you've considered
None available right now.

Additional context
We need to first draft an implementation plan for the same.

Add Refund functionality in payment-service

Is your feature request related to a problem? Please describe.
We dont have clear segregation and ownership of individual microservices

Describe the solution you'd like
Implement github code owners

Describe alternatives you've considered
None

Additional context
https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners

How about we extend our microservice catalog to support Grpc protocol?

gRPC can use protocol buffer for data serialization. This makes payloads faster, smaller and simpler.

Just like REST, gRPC can be used cross-language which means that if you have written a web service in Golang, a Java written application can still use that web service, which makes gRPC web services very scalable.

gRPC uses HTTP/2 to support highly performant and scalable API’s and makes use of binary data rather than just text which makes the communication more compact and more efficient. gRPC makes better use of HTTP/2 then REST. gRPC for example makes it possible to turn-off message compression. This might be useful if you want to send an image that is already compressed. Compressing it again just takes up more time.

It is also type-safe. This basically means that you can’t give an apple while a banana is expected. When the server expects an integer, gRPC won’t allow you to send a string because these are two different types.

https://grpc.io/

Describe the bug
Almost all the services provide routes that need certain permissions to access. Description for these permissions is not provided for any of these services -

• Audit Service
• Authentication Service
• BPMN Service
• In-mail Service
• Notificaiton Service
• Scheduler Service
• Video Conferencing Service

Is your feature request related to a problem? Please describe.
The authentication-service is missing many of the features of an OIDC provider.

Describe the solution you'd like
Find and integrate a library that will expose the features needed for the authentication-service to become a full OIDC provider.

Describe the feature
Add Unit Tests for Audit Service

Expected behavior
We should have at least 75% unit test case coverage in all micro services

Is your feature request related to a problem? Please describe.
We need to have separate examples for each microservice.

Describe the solution you'd like
use the sandbox folder for creating samples

Additional context
Refer to auth example