Delivr/mock server

api/Dockerfile

@@ -0,0 +1,8 @@
+FROM node:lts-alpine
+WORKDIR /app
+COPY api ./api
+COPY pm2 ./pm2
+WORKDIR /app/api
+RUN npm install -g pm2
+RUN npm install
+EXPOSE 3010

api/ENVIRONMENT.md

@@ -32,8 +32,20 @@ To emulate Azure Blob Storage locally. Azurite needs to be installed and running
 - `MICROSOFT_CLIENT_SECRET`
 - `MICROSOFT_TENANT_ID`: Required if application registration is single tenant.
 
+#### Google OAuth
+
+- `GOOGLE_CLIENT_ID`: The client ID from Google Developer Console
+
 ## Optional parameters
 
+### Authorization
+
+- `LOGIN_AUTHORIZED_DOMAINS`: Comma-separated list of additional email domains authorized to access the service via Google OAuth. 
+
+### Terms and Conditions
+
+- `CURRENT_TERMS_VERSION`: Version string for the current terms and conditions that users must accept. Example: `v1.0`, `v2.1`. Defaults to `v1.0` if not set.
+
 ### HTTPS
 - `HTTPS`: Set to 'true' to enable HTTPS for local deployment
 

api/docker-compose.yml

@@ -1,13 +1,10 @@
-version: '3.8'
 services:
   db:
     image: mysql:5.7
     platform: linux/amd64
     environment:
       MYSQL_ROOT_PASSWORD: root
       MYSQL_DATABASE: codepushdb
-      MYSQL_USER: root
-      MYSQL_PASSWORD: root
     ports:
       - "3306:3306"  # MySQL running on localhost:3306
     volumes:
@@ -18,12 +15,49 @@ services:
     ports:
       - "6379:6379"  # Redis running on localhost:6379
 
+  memcached:
+    image: memcached:alpine
+    ports:
+      - "11211:11211"  # Memcached running on localhost:11211
+
   localstack:
     image: localstack/localstack
     environment:
       - SERVICES=s3
     ports:
       - "4566:4566"  # LocalStack running on localhost:4566
 
+  app:
+    build:
+      context: ..
+      dockerfile: api/Dockerfile
+    ports:
+      - "3010:3010"
+    env_file:
+      - .env
+    volumes:
+      - ../api:/app/api
+      - ../pm2:/app/pm2
+    depends_on:
+      - redis
+      - db
+      - memcached
+      - localstack
+    working_dir: /app/api
+    command: >
+            /bin/sh -c "
+              sleep 10 && 
+              npm run build && 
+              if [ \"$$NODE_ENV\" = \"production\" ]; then 
+                echo 'Starting in PRODUCTION mode...' && 
+                pm2-runtime start /app/pm2/pm2-prod.json; 
+              else 
+                echo 'Starting in DEVELOPMENT mode...' && 
+                echo 'Running database seeding...' && 
+                npx ts-node script/storage/seedData.ts && 
+                echo 'Starting PM2 with dev configuration...' && 
+                pm2-runtime start /app/pm2/pm2-dev.json; 
+              fi
+            "
 volumes:
   db_data:

api/package.json

@@ -44,6 +44,7 @@
     "google-auth-library": "9.9.0",
     "ioredis": "5.4.0",
     "lusca": "^1.7.0",
+    "memcached": "2.2.2",
     "moment": "^2.30.1",
     "multer": "^1.4.5-lts.1",
     "mysql2": "3.11.3",

api/script/default-server.ts

@@ -9,9 +9,9 @@ import { AzureStorage } from "./storage/azure-storage";
 import { fileUploadMiddleware } from "./file-upload-manager";
 import { JsonStorage } from "./storage/json-storage";
 import { RedisManager } from "./redis-manager";
+import { MemcachedManager } from "./memcached-manager";
 import { Storage } from "./storage/storage";
 import { Response } from "express";
-import rateLimit from "express-rate-limit";
 const S3_BUCKET_NAME = process.env.S3_BUCKET_NAME || "<your-s3-bucket-name>";
 const RDS_DB_INSTANCE_IDENTIFIER = process.env.RDS_DB_INSTANCE_IDENTIFIER || "<your-rds-instance>";
 const SECRETS_MANAGER_SECRET_ID = process.env.SECRETS_MANAGER_SECRET_ID || "<your-secret-id>";
@@ -59,8 +59,14 @@ export function start(done: (err?: any, server?: express.Express, storage?: Stor
     })
     .then(() => {
       const app = express();
+      // Trust a specific number of proxy hops (safer than boolean true).
+      // Configure via TRUST_PROXY_HOPS; default to 1 when sitting behind a single proxy/ELB.
+      const trustProxyHops = parseInt(process.env.TRUST_PROXY_HOPS || "1", 10);
+      app.set("trust proxy", trustProxyHops);
+      console.log(`Trust proxy hops: ${trustProxyHops}`);
       const auth = api.auth({ storage: storage });
       const redisManager = new RedisManager();
+      const memcachedManager = new MemcachedManager();
 
       // First, to wrap all requests and catch all exceptions.
       app.use(domain);
@@ -135,16 +141,12 @@ export function start(done: (err?: any, server?: express.Express, storage?: Stor
       app.set("view engine", "ejs");
       app.use("/auth/images/", express.static(__dirname + "/views/images"));
       app.use(api.headers({ origin: process.env.CORS_ORIGIN || "http://localhost:4000" }));
-      app.use(api.health({ storage: storage, redisManager: redisManager }));
+      app.use(api.health({ storage: storage, redisManager: redisManager, memcachedManager: memcachedManager }));
 
-      const limiter = rateLimit({
-        windowMs: 1000, // 1 minute
-        max: 2000, // limit each IP to 100 requests per windowMs
-        validate: { xForwardedForHeader: false }
-      });
+      // Rate limiting removed: relying on CloudFront + WAF for request throttling
 
       if (process.env.DISABLE_ACQUISITION !== "true") {
-        app.use(api.acquisition({ storage: storage, redisManager: redisManager }));
+        app.use(api.acquisition({ storage: storage, redisManager: redisManager, memcachedManager: memcachedManager }));
       }
 
       if (process.env.DISABLE_MANAGEMENT !== "true") {
@@ -166,11 +168,15 @@ export function start(done: (err?: any, server?: express.Express, storage?: Stor
         } else {
           app.use(auth.router());
         }
-        app.use(auth.authenticate, fileUploadMiddleware, limiter, api.management({ storage: storage, redisManager: redisManager }));
+        app.use(auth.authenticate, fileUploadMiddleware, api.management({ storage: storage, redisManager: redisManager }));
       } else {
         app.use(auth.router());
       }
 
       done(null, app, storage);
     })
+    .catch((error) => {
+      console.error("Error starting server:", error);
+      done(error);
+    });
 }

api/script/memcached-manager.ts

@@ -0,0 +1,127 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+import * as crypto from "crypto";
+
+// Using memcached library for Node.js
+const Memcached = require('memcached');
+
+export interface CacheableResponse {
+  statusCode: number;
+  body: any;
+}
+
+/**
+ * Minimal Memcached Manager for updateCheck API caching only
+ * Replaces Redis for updateCheck API responses
+ */
+export class MemcachedManager {
+  private client: any;
+  private setupPromise: Promise<void>;
+  private keyPrefix: string;
+
+  constructor() {
+    const memcachedServers = process.env.MEMCACHED_SERVERS || 'localhost:11211';
+    this.keyPrefix = process.env.MEMCACHED_KEY_PREFIX || 'codepush:';
+
+    // Initialize Memcached client
+    this.client = new Memcached(memcachedServers, {
+      timeout: parseInt(process.env.MEMCACHED_TIMEOUT || '5000'),
+      retries: parseInt(process.env.MEMCACHED_RETRIES || '3'),
+      retry: parseInt(process.env.MEMCACHED_RETRY_DELAY || '1000'),
+      failures: parseInt(process.env.MEMCACHED_MAX_FAILURES || '5'),
+      keyCompression: false,
+      maxKeySize: 250, // Memcached limit
+      maxValue: 1048576 // 1MB limit
+    });
+
+    this.setupPromise = this.setup();
+  }
+
+  private async setup(): Promise<void> {
+    return new Promise((resolve, reject) => {
+      // Test connection
+      this.client.version((err: any, version: any) => {
+        if (err) {
+          console.warn('Memcached connection failed, will operate without cache:', err.message);
+          resolve(); // Don't fail, just operate without cache
+        } else {
+          console.log('✅ Memcached connected successfully, version:', version);
+          resolve();
+        }
+      });
+    });
+  }
+
+  /**
+   * Health check for Memcached connectivity
+   */
+  public async checkHealth(): Promise<void> {
+    return this.setupPromise;
+  }
+
+  /**
+   * Get cached response for updateCheck API
+   */
+  public async getCachedResponse(deploymentKey: string, urlKey: string): Promise<CacheableResponse | null> {
+    await this.setupPromise;
+
+    return new Promise((resolve) => {
+      const key = this.createKey('cache', this.getDeploymentKeyHash(deploymentKey), this.hashString(urlKey, 16));
+
+      this.client.get(key, (err: any, data: any) => {
+        if (err || !data) {
+          resolve(null);
+          return;
+        }
+
+        try {
+          resolve(JSON.parse(data));
+        } catch (parseErr) {
+          console.error('Failed to parse cached response:', parseErr);
+          resolve(null);
+        }
+      });
+    });
+  }
+
+  /**
+   * Set cached response for updateCheck API
+   */
+  public async setCachedResponse(deploymentKey: string, urlKey: string, response: CacheableResponse, ttlSeconds?: number): Promise<void> {
+    await this.setupPromise;
+
+    const ttl = ttlSeconds || parseInt(process.env.CACHE_TTL_SECONDS || '3600'); // 1 hour default
+    const key = this.createKey('cache', this.getDeploymentKeyHash(deploymentKey), this.hashString(urlKey, 16));
+    const data = JSON.stringify(response);
+
+    return new Promise((resolve) => {
+      this.client.set(key, data, ttl, (err: any) => {
+        if (err) {
+          console.error('Failed to set cache:', err);
+        }
+        resolve(); // Don't fail the request if cache set fails
+      });
+    });
+  }
+
+  // ===== UTILITY METHODS =====
+
+  private createKey(...parts: string[]): string {
+    return this.keyPrefix + parts.filter(p => p).join(':');
+  }
+
+  /**
+   * Get deployment key hash for consistent key generation
+   */
+  private getDeploymentKeyHash(deploymentKey: string): string {
+    return crypto.createHash('sha256').update(deploymentKey).digest('hex').substring(0, 16);
+  }
+
+  /**
+   * Hash any string to specified length
+   */
+  private hashString(input: string, length: number = 8): string {
+    return crypto.createHash('sha256').update(input).digest('hex').substring(0, length);
+  }
+}