chore(deps): bump actions/setup-node from 3 to 4

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/common-docker-image.yml

@@ -42,7 +42,7 @@ jobs:
         key: ${{ runner.os }}-${{ inputs.service_name }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'

.github/workflows/e2e-home-server.yml

@@ -46,7 +46,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'

.github/workflows/e2e-self-hosted.yml

@@ -29,7 +29,7 @@ jobs:
     - uses: actions/checkout@v4
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'

.github/workflows/pr.yml

@@ -20,7 +20,7 @@ jobs:
         key: ${{ runner.os }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'
@@ -48,7 +48,7 @@ jobs:
         key: ${{ runner.os }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'
@@ -80,7 +80,7 @@ jobs:
         key: ${{ runner.os }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'

.github/workflows/publish.yml

@@ -20,7 +20,7 @@ jobs:
         key: ${{ runner.os }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'
@@ -48,7 +48,7 @@ jobs:
         key: ${{ runner.os }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'
@@ -80,7 +80,7 @@ jobs:
         key: ${{ runner.os }}-build-${{ github.sha }}
 
     - name: Set up Node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         registry-url: 'https://registry.npmjs.org'
         node-version-file: '.nvmrc'
@@ -151,7 +151,7 @@ jobs:
           git_commit_gpgsign: true
 
       - name: Set up Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           registry-url: 'https://registry.npmjs.org'
           node-version-file: '.nvmrc'

packages/api-gateway/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.81.8](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.81.7...@standardnotes/api-gateway@1.81.8) (2023-11-03)
+
+### Bug Fixes
+
+* retry attempts on session validation and more verbose logs ([#898](https://github.com/standardnotes/api-gateway/issues/898)) ([3e376c4](https://github.com/standardnotes/api-gateway/commit/3e376c44e3a6c336dcff3d8ef5eb3ab040d9a561))
+
 ## [1.81.7](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.81.6...@standardnotes/api-gateway@1.81.7) (2023-10-31)
 
 ### Bug Fixes

packages/api-gateway/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/api-gateway",
-  "version": "1.81.7",
+  "version": "1.81.8",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },

packages/api-gateway/src/Controller/AuthMiddleware.ts

@@ -74,13 +74,16 @@ export abstract class AuthMiddleware extends BaseMiddleware {
       response.locals.sharedVaultOwnerContext = decodedToken.shared_vault_owner_context
       response.locals.belongsToSharedVaults = decodedToken.belongs_to_shared_vaults ?? []
     } catch (error) {
-      const errorMessage = (error as AxiosError).isAxiosError
-        ? JSON.stringify((error as AxiosError).response?.data)
-        : (error as Error).message
+      let detailedErrorMessage = (error as Error).message
+      if (error instanceof AxiosError) {
+        detailedErrorMessage = `Status: ${error.status}, code: ${error.code}, message: ${error.message}`
+      }
 
-      this.logger.error(`Could not pass the request to sessions/validate on underlying service: ${errorMessage}`)
+      this.logger.error(
+        `Could not pass the request to sessions/validate on underlying service: ${detailedErrorMessage}`,
+      )
 
-      this.logger.debug('Response error: %O', (error as AxiosError).response ?? error)
+      this.logger.debug(`Response error: ${JSON.stringify(error)}`)
 
       if ((error as AxiosError).response?.headers['content-type']) {
         response.setHeader('content-type', (error as AxiosError).response?.headers['content-type'] as string)
@@ -91,7 +94,14 @@ export abstract class AuthMiddleware extends BaseMiddleware {
           ? +((error as AxiosError).code as string)
           : 500
 
-      response.status(errorCode).send(errorMessage)
+      const responseErrorMessage = (error as AxiosError).response?.data
+
+      response
+        .status(errorCode)
+        .send(
+          responseErrorMessage ??
+            "Unfortunately, we couldn't handle your request. Please try again or contact our support if the error persists.",
+        )
 
       return
     }

packages/api-gateway/src/Service/Http/HttpServiceProxy.ts

@@ -55,10 +55,9 @@ export class HttpServiceProxy implements ServiceProxyInterface {
         },
       }
     } catch (error) {
-      const requestTimedOut =
-        'code' in (error as Record<string, unknown>) && (error as Record<string, unknown>).code === 'ETIMEDOUT'
+      const requestDidNotMakeIt = this.requestTimedOutOrDidNotReachDestination(error as Record<string, unknown>)
       const tooManyRetryAttempts = retryAttempt && retryAttempt > 2
-      if (!tooManyRetryAttempts && requestTimedOut) {
+      if (!tooManyRetryAttempts && requestDidNotMakeIt) {
         await this.timer.sleep(50)
 
         const nextRetryAttempt = retryAttempt ? retryAttempt + 1 : 1

packages/api-gateway/src/Service/Http/ServiceProxyInterface.ts

@@ -50,7 +50,13 @@ export interface ServiceProxyInterface {
     endpointOrMethodIdentifier: string,
     payload?: Record<string, unknown> | string,
   ): Promise<void>
-  validateSession(headers: { authorization: string; sharedVaultOwnerContext?: string }): Promise<{
+  validateSession(
+    headers: {
+      authorization: string
+      sharedVaultOwnerContext?: string
+    },
+    retryAttempt?: number,
+  ): Promise<{
     status: number
     data: unknown
     headers: {

packages/api-gateway/src/Service/Proxy/DirectCallServiceProxy.ts

@@ -9,10 +9,13 @@ export class DirectCallServiceProxy implements ServiceProxyInterface {
     private filesServerUrl: string,
   ) {}
 
-  async validateSession(headers: {
-    authorization: string
-    sharedVaultOwnerContext?: string
-  }): Promise<{ status: number; data: unknown; headers: { contentType: string } }> {
+  async validateSession(
+    headers: {
+      authorization: string
+      sharedVaultOwnerContext?: string
+    },
+    _retryAttempt?: number,
+  ): Promise<{ status: number; data: unknown; headers: { contentType: string } }> {
     const authService = this.serviceContainer.get(ServiceIdentifier.create(ServiceIdentifier.NAMES.Auth).getValue())
     if (!authService) {
       throw new Error('Auth service not found')

packages/auth/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.165.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.165.1...@standardnotes/auth-server@1.165.2) (2023-11-03)
+
+### Bug Fixes
+
+* **auth:** change log severity on user authentication ([7f16232](https://github.com/standardnotes/server/commit/7f16232f8b13e3736801b6dc0af799e0559a3cfa))
+
+## [1.165.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.165.0...@standardnotes/auth-server@1.165.1) (2023-11-03)
+
+### Bug Fixes
+
+* retry attempts on session validation and more verbose logs ([#898](https://github.com/standardnotes/server/issues/898)) ([3e376c4](https://github.com/standardnotes/server/commit/3e376c44e3a6c336dcff3d8ef5eb3ab040d9a561))
+
 # [1.165.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.164.2...@standardnotes/auth-server@1.165.0) (2023-11-02)
 
 ### Features

packages/auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/auth-server",
-  "version": "1.165.0",
+  "version": "1.165.2",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },

packages/auth/src/Domain/UseCase/AuthenticateRequest.ts

@@ -16,7 +16,7 @@ export class AuthenticateRequest implements UseCaseInterface {
 
   async execute(dto: AuthenticateRequestDTO): Promise<AuthenticateRequestResponse> {
     if (!dto.authorizationHeader) {
-      this.logger.debug('Authorization header not provided.')
+      this.logger.debug('[authenticate-request] Authorization header not provided.')
 
       return {
         success: false,
@@ -32,7 +32,9 @@ export class AuthenticateRequest implements UseCaseInterface {
         token: dto.authorizationHeader.replace('Bearer ', ''),
       })
     } catch (error) {
-      this.logger.error('Error occurred during authentication of a user %o', error)
+      this.logger.error(
+        `[authenticate-request] Error occurred during authentication of a user ${(error as Error).message}`,
+      )
 
       return {
         success: false,

packages/auth/src/Domain/UseCase/AuthenticateUser.spec.ts

@@ -23,6 +23,8 @@ describe('AuthenticateUser', () => {
   beforeEach(() => {
     logger = {} as jest.Mocked<Logger>
     logger.debug = jest.fn()
+    logger.error = jest.fn()
+    logger.warn = jest.fn()
 
     user = {} as jest.Mocked<User>
     user.supportsSessions = jest.fn().mockReturnValue(false)

packages/auth/src/Domain/UseCase/AuthenticateUser.ts

@@ -24,7 +24,7 @@ export class AuthenticateUser implements UseCaseInterface {
   async execute(dto: AuthenticateUserDTO): Promise<AuthenticateUserResponse> {
     const authenticationMethod = await this.authenticationMethodResolver.resolve(dto.token)
     if (!authenticationMethod) {
-      this.logger.debug('No authentication method found for token.')
+      this.logger.debug(`[authenticate-user] No authentication method found for token: ${dto.token}`)
 
       return {
         success: false,
@@ -33,6 +33,8 @@ export class AuthenticateUser implements UseCaseInterface {
     }
 
     if (authenticationMethod.type === 'revoked') {
+      this.logger.debug(`[authenticate-user] Session has been revoked: ${dto.token}`)
+
       return {
         success: false,
         failureType: 'REVOKED_SESSION',
@@ -41,7 +43,7 @@ export class AuthenticateUser implements UseCaseInterface {
 
     const user = authenticationMethod.user
     if (!user) {
-      this.logger.debug('No user found for authentication method.')
+      this.logger.debug(`[authenticate-user] No user found for authentication method. Token: ${dto.token}`)
 
       return {
         success: false,
@@ -50,7 +52,9 @@ export class AuthenticateUser implements UseCaseInterface {
     }
 
     if (authenticationMethod.type == 'jwt' && user.supportsSessions()) {
-      this.logger.debug('User supports sessions but is trying to authenticate with a JWT.')
+      this.logger.debug(
+        `[authenticate-user][${user.uuid}] User supports sessions but is trying to authenticate with a JWT.`,
+      )
 
       return {
         success: false,
@@ -64,7 +68,7 @@ export class AuthenticateUser implements UseCaseInterface {
         const encryptedPasswordDigest = crypto.createHash('sha256').update(user.encryptedPassword).digest('hex')
 
         if (!pwHash || !crypto.timingSafeEqual(Buffer.from(pwHash), Buffer.from(encryptedPasswordDigest))) {
-          this.logger.debug('Password hash does not match.')
+          this.logger.debug(`[authenticate-user][${user.uuid}] Password hash does not match.`)
 
           return {
             success: false,
@@ -76,7 +80,7 @@ export class AuthenticateUser implements UseCaseInterface {
       case 'session_token': {
         const session = authenticationMethod.session
         if (!session) {
-          this.logger.debug('No session found for authentication method.')
+          this.logger.debug(`[authenticate-user][${user.uuid}] No session found for authentication method.`)
 
           return {
             success: false,
@@ -85,7 +89,7 @@ export class AuthenticateUser implements UseCaseInterface {
         }
 
         if (session.refreshExpiration < this.timer.getUTCDate()) {
-          this.logger.debug('Session refresh token has expired.')
+          this.logger.debug(`[authenticate-user][${user.uuid}] Session refresh token has expired.`)
 
           return {
             success: false,
@@ -94,6 +98,8 @@ export class AuthenticateUser implements UseCaseInterface {
         }
 
         if (this.sessionIsExpired(session)) {
+          this.logger.debug(`[authenticate-user][${user.uuid}] Session access token has expired.`)
+
           return {
             success: false,
             failureType: 'EXPIRED_TOKEN',

packages/home-server/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.18.20](https://github.com/standardnotes/server/compare/@standardnotes/home-server@1.18.19...@standardnotes/home-server@1.18.20) (2023-11-03)
+
+**Note:** Version bump only for package @standardnotes/home-server
+
+## [1.18.19](https://github.com/standardnotes/server/compare/@standardnotes/home-server@1.18.18...@standardnotes/home-server@1.18.19) (2023-11-03)
+
+**Note:** Version bump only for package @standardnotes/home-server
+
 ## [1.18.18](https://github.com/standardnotes/server/compare/@standardnotes/home-server@1.18.17...@standardnotes/home-server@1.18.18) (2023-11-02)
 
 **Note:** Version bump only for package @standardnotes/home-server

packages/home-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@standardnotes/home-server",
-  "version": "1.18.18",
+  "version": "1.18.20",
   "engines": {
     "node": ">=18.0.0 <21.0.0"
   },