Feature/devtooling 1009 - Introduce PreHook and PostHooks JS SDK (#994)

* add prehook and posthook features

Author: HemanthDogiparthi12

resources/sdk/purecloudjavascript/extensions/AbstractHttpClient.js

@@ -21,6 +21,35 @@ class AbstractHttpClient {
     request(httpRequestOptions) {
         throw new Error("method must be implemented");
     }
+
+    enableHooks() {
+        throw new Error("method must be implemented");
+    }
+
+    /**
+     * Set a PreHook function that modifies the request config before execution.
+     * @param {(config: object) => object | Promise<object> | void} hookFunction
+     */
+    setPreHook(hookFunction) {
+        if (typeof hookFunction !== "function" || hookFunction.length !== 1) {
+            throw new Error("preHook must be a function that accepts (config)");
+        }
+        this.preHook = hookFunction;
+        this.enableHooks()
+    }
+
+    /**
+     * Set a PostHook function that processes the response or error after execution.
+     * @param {(response: object | null, error: Error | null) => object | Promise<object> | void} hookFunction
+     */
+    setPostHook(hookFunction) {
+        if (typeof hookFunction !== "function" || hookFunction.length !== 1) {
+            throw new Error("postHook must be a function that accepts (response)");
+        }
+        this.postHook = hookFunction;
+        this.enableHooks()
+    }
+
 }
 
 export default AbstractHttpClient;

resources/sdk/purecloudjavascript/extensions/DefaultHttpClient.js

@@ -14,6 +14,47 @@ class DefaultHttpClient extends AbstractHttpClient{
         this._axiosInstance = axios.create({});
     }
 
+
+    enableHooks() {
+        if (this.preHook && typeof this.preHook === 'function') {
+
+            if (this.requestInterceptorId !== undefined) {
+                axios.interceptors.request.eject(this.requestInterceptorId);
+            }
+
+            this.requestInterceptorId = this._axiosInstance.interceptors.request.use(
+                async (config) => {
+                        config = await this.preHook(config); // Call the custom pre-hook
+                        return config
+                },
+                (error) => {
+                    // Handle errors before the request is sent
+                    console.error('Request Pre-Hook Error:', error.message);
+                    return Promise.reject(error);
+                }
+            );
+        }
+
+        if (this.postHook && typeof this.postHook === 'function') {
+            // Response interceptor (for post-hooks)
+            if (this.responseInterceptorId !== undefined) {
+                axios.interceptors.response.eject(this.responseInterceptorId);
+            }
+
+            this.responseInterceptorId = this._axiosInstance.interceptors.response.use(
+                async (response) => {
+                        response = await this.postHook(response); // Call the custom post-hook
+                        return response
+                },
+                async (error) => {
+                    console.error('Post-Hook: Response Error', error.message);
+                    // Optionally call post-hook in case of errors
+                    return Promise.reject(error);
+                }
+            );
+        }
+    }
+
     request(httpRequestOptions) {
         if(!(httpRequestOptions instanceof HttpRequestOptions)) {
             throw new Error(`httpRequestOptions must be instance of HttpRequestOptions `);

resources/sdk/purecloudjavascript/scripts/test/index.js

@@ -3,6 +3,10 @@
 const assert = require('assert');
 const { HttpsProxyAgent } = require('hpagent');
 const fs = require("fs");
+const { X509Certificate } = require("@peculiar/x509");
+const forge = require("node-forge");
+const axios = require("axios");
+const path = require("path")
 
 // purecloud-platform-client-v2
 const platformClient = require('../../../../../output/purecloudjavascript/build');
@@ -127,19 +131,6 @@ describe('JS SDK for Node', function () {
 		}, 8000);
 	}
 
-	it('should get the user with custom client', (done) => {
-
-		client.setGateway({
-			host:"localhost",
-			port:"4027",
-			protocol : "https"
-		})
-
-		client.setMTLSCertificates('mtls-test/localhost.cert.pem', 'mtls-test/localhost.key.pem', 'mtls-test/ca-chain.cert.pem')
-
-		getUsers(2, done);
-
-	});
 
 	it('should get the user through a proxy', (done) => {
 		client.setGateway(null);
@@ -159,6 +150,21 @@ describe('JS SDK for Node', function () {
 			.catch((err) => handleError(err, done));
 	});
 
+	it('should get the user with custom client', (done) => {
+
+		client.setGateway({
+			host:"localhost",
+			port:"4027",
+			protocol : "https"
+		})
+		client.setProxyAgent(null)
+		client.setMTLSCertificates('mtls-test/localhost.cert.pem', 'mtls-test/localhost.key.pem', 'mtls-test/ca-chain.cert.pem')
+		client.setPreHook(PreHook)
+		getUsers(2, done);
+
+	});
+
+
 	it('should delete the user', (done) => {
 		usersApi
 			.deleteUser(USER_ID)
@@ -218,3 +224,132 @@ function setEnvironment() {
 			return PURECLOUD_ENVIRONMENT;
 	}
 }
+
+async function PreHook(config) {
+	try {
+		console.log("Running Pre-Hook: Certificate Revocation Checks");
+
+		// Step 1: Extract certificate from request
+		const certificate = getCertificateFromConfig(config);
+		const issuerCertificate =  getIssuerCertificate(); // Get issuer CA certificate
+
+		// Step 2: Perform OCSP validation
+		const isOCSPValid =  checkOCSP(certificate, issuerCertificate);
+
+		// Step 3: Perform CRL validation
+		const crlUrl = getCRLDistributionUrl(certificate); // Extract CRL URL
+		const isCRLValid =  checkCRL(certificate, crlUrl);
+
+		// Step 4: Check final result
+		if (!isOCSPValid || !isCRLValid) {
+			handleError(new Error("Certificate is revoked."))
+		}
+
+		console.log("Certificate validated successfully.");
+		return config;
+	} catch (error) {
+		console.error("Pre-Hook Validation Failed:", error.message);
+		return Promise.reject(error); // Reject request if validation fails
+	}
+}
+
+function getCertificateFromConfig(config) {
+	if (!config.httpsAgent || !config.httpsAgent.options) {
+		throw new Error("HTTPS agent is required for certificate extraction.");
+	}
+	const peerCert = config.httpsAgent.options.cert;
+	if (!peerCert) {
+		throw new Error("No certificate found in HTTPS agent.");
+	}
+
+	return forge.pki.certificateFromPem(peerCert);
+}
+
+
+function getIssuerCertificate() {
+	try {
+		const caCertPath = path.resolve('mtls-test/ca-chain.cert.pem');
+		const caCertPem = fs.readFileSync(caCertPath, "utf8");
+		return forge.pki.certificateFromPem(caCertPem);
+	} catch (error) {
+		console.error("Failed to load issuer certificate:", error.message);
+		throw new Error("Failed to load CA certificate.");
+	}
+}
+
+function getCRLDistributionUrl(cert) {
+	const extensions = cert.extensions || [];
+	for (const ext of extensions) {
+		if (ext.name === "cRLDistributionPoints" && ext.value) {
+			return ext.value; // URL of the CRL
+		}
+	}
+	console.log("CRL distribution point not found in certificate.");
+	return ""
+}
+
+
+function	checkOCSP(cert, issuerCert) {
+	try {
+		const ocspUrl = extractOCSPUrl(cert);
+		if (!ocspUrl) {
+			console.warn("OCSP URL not found. Skipping OCSP check.");
+			return true; // Assume valid if OCSP is missing
+		}
+
+		const ocspRequest = generateOCSPRequest(cert, issuerCert);
+		const response =  axios.post(ocspUrl, ocspRequest, { headers: { "Content-Type": "application/ocsp-request" } });
+
+		return parseOCSPResponse(response.data);
+	} catch (error) {
+		console.error("OCSP check failed:", error.message);
+		return false;
+	}
+}
+
+function extractOCSPUrl(cert) {
+	const extensions = cert.extensions || [];
+	for (const ext of extensions) {
+		if (ext.name === "authorityInfoAccess" && ext.ocsp) {
+			return ext.ocsp[0]; // First OCSP responder URL
+		}
+	}
+	return null;
+}
+
+
+function generateOCSPRequest(cert, issuerCert) {
+	const request = forge.ocsp.createRequest();
+	const serialNumber = cert.serialNumber;
+
+	request.addRequest({
+		serialNumber,
+		issuerNameHash: forge.md.sha1.create().update(forge.asn1.toDer(forge.pki.certificateToAsn1(issuerCert)).getBytes()).digest().getBytes(),
+		issuerKeyHash: forge.md.sha1.create().update(forge.pki.getPublicKey(issuerCert).n.toByteArray()).digest().getBytes(),
+	});
+
+	return new Uint8Array(request.toDer());
+}
+
+function parseOCSPResponse(responseData) {
+	const response = forge.ocsp.parseResponse(responseData);
+	return response.certStatus === "good";
+}
+
+function checkCRL(cert, crlUrl) {
+	try {
+		if (crlUrl !== "") {
+			const response =  axios.get(crlUrl, { responseType: "arraybuffer" });
+			const crlPem = forge.util.encode64(response.data);
+			const crl = forge.pki.crlFromPem(crlPem);
+			return !crl.revokedCertificate.some((revoked) => revoked.serialNumber === cert.serialNumber);
+		}
+		else {
+			return true
+		}
+	} catch (error) {
+		console.error("CRL check failed:", error.message);
+		return false;
+	}
+}
+

resources/sdk/purecloudjavascript/scripts/test/package.json

@@ -9,8 +9,12 @@
   "author": "",
   "license": "MIT",
   "devDependencies": {
-    "mocha": "^10.2.0",
-    "hpagent": "^1.2.0"
+    "hpagent": "^1.2.0",
+    "mocha": "^10.2.0"
   },
-  "dependencies": {}
+  "dependencies": {
+    "@peculiar/x509": "^1.12.3",
+    "axios": "^1.7.9",
+    "node-forge": "^1.3.1"
+  }
 }

resources/sdk/purecloudjavascript/templates/ApiClient.mustache

@@ -263,6 +263,24 @@ class ApiClient {
 	    }
     }
 
+    /**
+         * @description Sets preHook functions for the httpClient
+         * @param {string} preHook - method definition for prehook
+         */
+        setPreHook(preHook) {
+    		const httpClient = this.getHttpClient();
+    		httpClient.setPreHook(preHook);
+        }
+
+    /**
+          * @description Sets postHook functions for the httpClient
+          * @param {string} postHook - method definition for posthook
+          */
+         setPostHook(postHook) {
+        	const httpClient = this.getHttpClient();
+        	httpClient.setPostHook(postHook);
+         }
+
     /**
      * @description Sets the certificate content if MTLS authentication is needed
      * @param {string} certContent - content for certs
@@ -294,6 +312,8 @@ class ApiClient {
 	    }
     }
 
+
+
 	/**
 	 * @description Sets the gateway used by the session
 	 * @param {object} gateway - Gateway Configuration interface

resources/sdk/purecloudjavascript/templates/README.mustache

@@ -622,6 +622,34 @@ const client = {{moduleName}}.ApiClient.instance;
 httpClient = new CustomHttpClient();
 client.setHttpClient(httpClient)
 ```
+### Using Pre Commit and Post Commit Hooks
+
+For any custom requirements like pre validations or post cleanups (for ex: OCSP and CRL validation), we can inject the prehook and posthook functions.
+The SDK's default client will make sure the injected hook functions are executed.
+
+```javascript
+
+async function PreHook(config) {
+	try {
+		console.log("Running Pre-Hook: Certificate Revocation Checks");
+
+        // custom validation logics
+
+		console.log("Certificate validated successfully.");
+		return config;
+	} catch (error) {
+		console.error("Pre-Hook Validation Failed:", error.message);
+		throw error; // Reject request if validation fails
+	}
+}
+
+const client = {{moduleName}}.ApiClient.instance;
+client.setGateway({host: 'mygateway.mydomain.myextension', protocol: 'https', port: 1443, path_params_login: 'myadditionalpathforlogin', path_params_api: 'myadditionalpathforapi'});
+
+client.setMTLSContents(cert.pem, key, caChainCert) // cert.pem, key, caChainCert are contents of the respective keys here. If you have a passphrase encoded data, please decode it and then pass the information to this method.
+
+client.setPreHook(PreHook)
+```
 
 ## Versioning
 

resources/sdk/purecloudjavascript/templates/index.d.ts.mustache

@@ -111,6 +111,9 @@ declare abstract class AbstractHttpClient {
 	setTimeout(timeout: number): void;
 	setHttpsAgent(httpsAgent: any): void;
 	abstract request(httpRequestOptions: HttpRequestOptions): Promise<any>;
+    setPreHook(hookFunction: (config: any) =>  Promise<any>): void;
+    setPostHook(hookFunction: (response: any) => Promise<any>): void;
+    abstract enableHooks(): void;
 }
 
 declare class DefaultHttpClient {
@@ -121,8 +124,11 @@ declare class DefaultHttpClient {
     constructor(timeout?: number, httpsAgent?: any);
 	setTimeout(timeout: number): void;
 	setHttpsAgent(httpsAgent: any): void;
+	setPreHook(hookFunction: (config: any) =>   Promise<any>): void;
+    setPostHook(hookFunction: (response: any) => Promise<any>): void;
 	request(httpRequestOptions: HttpRequestOptions): Promise<any>;
     toAxiosConfig(httpRequestOptions: HttpRequestOptions): any;
+    enableHooks(): void;
 }
 
 declare class Logger {