chore(vendor): update @lightbasenl/backend

_This PR is created by sync and will be force-pushed daily. Overwriting any manual changes done to this PR._

- feat(backend): support `oneOfRequiredPermissions` (lightbasenl/platform-components@f78adcc)
- feat(feature-flag,multitenant): report cache events as Sentry metric (lightbasenl/platform-components@22ebc13)- Failed to execute `npx compas lint`. Sync is not able to correct this, so human checks and fixes are necessary for this PR.

vendor/backend/package.json

@@ -13,7 +13,7 @@
   ],
   "scripts": {},
   "dependencies": {
-    "@lightbase/pull-through-cache": "0.1.2",
+    "@lightbase/pull-through-cache": "0.2.0",
     "@xmldom/xmldom": "0.8.10",
     "bcrypt": "5.1.1",
     "rate-limiter-flexible": "5.0.3",
@@ -30,5 +30,5 @@
     "url": "https://github.com/lightbasenl/platform-components.git",
     "directory": "packages/backend"
   },
-  "gitHead": "b335a6c8aa6f5e14489b582b02b6fa45beda00b6"
+  "gitHead": "f78adcc36cb69030ffdd5d59d77ba3dc5a0ed272"
 }

vendor/backend/src/auth/user.events.js

@@ -89,7 +89,10 @@ const authQueries = {
  * @property {boolean|undefined} [requireDigidBased]
  * @property {boolean|undefined} [requireKeycloakBased]
  * @property {boolean|undefined} [requirePasswordBased]
- * @property {AuthPermissionIdentifier[]|undefined} [requiredPermissions]
+ * @property {AuthPermissionIdentifier[]|undefined} [requiredPermissions] Require all
+ *   provided permissions
+ * @property {AuthPermissionIdentifier[]|undefined} [oneOfRequiredPermissions] Require
+ *   one of the provided permissions
  */
 
 /**
@@ -632,6 +635,49 @@ export async function authRequireUser(
     });
   }
 
+  if (
+    Array.isArray(options.requiredPermissions) ||
+    Array.isArray(options.oneOfRequiredPermissions)
+  ) {
+    const permissionSet = new Set();
+    // @ts-expect-error
+    for (const role of user.roles) {
+      // @ts-expect-error
+      for (const rolePermission of role.role.permissions) {
+        permissionSet.add(rolePermission.permission.identifier);
+      }
+    }
+
+    if (options.requiredPermissions) {
+      const missingPermissions = [];
+      for (const requiredPermission of options.requiredPermissions) {
+        if (!permissionSet.has(requiredPermission)) {
+          missingPermissions.push(requiredPermission);
+        }
+      }
+
+      if (missingPermissions.length > 0) {
+        throw AppError.validationError(`${eventKey}.missingPermissions`, {
+          missingPermissions,
+        });
+      }
+    } else if (options.oneOfRequiredPermissions) {
+      let hasOnePermission = false;
+      for (const requiredPermission of options.oneOfRequiredPermissions) {
+        if (permissionSet.has(requiredPermission)) {
+          hasOnePermission = true;
+          break;
+        }
+      }
+
+      if (!hasOnePermission) {
+        throw AppError.validationError(`${eventKey}.missingPermissions`, {
+          missingPermissions: options.oneOfRequiredPermissions,
+        });
+      }
+    }
+  }
+
   if (
     Array.isArray(options.requiredPermissions) &&
     options.requiredPermissions.length > 0

vendor/backend/src/feature-flag/cache.js

@@ -1,6 +1,7 @@
 import { AppError } from "@compas/stdlib";
 import { PullThroughCache } from "@lightbase/pull-through-cache";
 import { queryFeatureFlag, sql } from "../services.js";
+import { cacheEventToSentryMetric } from "../util.js";
 
 /**
  * Short TTL feature flag cache. Keeps all flags for 5 seconds in memory,
@@ -16,6 +17,9 @@ export const featureFlagCache = new PullThroughCache()
   })
   .withFetcher({
     fetcher: featureFlagFetcher,
+  })
+  .withEventCallback({
+    callback: cacheEventToSentryMetric("featureFlag"),
   });
 
 /**

vendor/backend/src/feature-flag/events.js

@@ -158,8 +158,7 @@ export async function featureFlagSetDynamic(
 
   if (featureFlagCache.isEnabled()) {
     // Clear the cache if enabled. This method function is often only used in test code, which most likely disables the cache anyways.
-    featureFlagCache.disable();
-    featureFlagCache.enable();
+    featureFlagCache.clearAll();
   }
 
   eventStop(event);

vendor/backend/src/multitenant/cache.js

@@ -1,6 +1,7 @@
 import { isNil, uuid } from "@compas/stdlib";
 import { PullThroughCache } from "@lightbase/pull-through-cache";
 import { queryTenant, sql, tenantBuilder } from "../services.js";
+import { cacheEventToSentryMetric } from "../util.js";
 
 /**
  * Frequently sampled tenant cache.
@@ -19,6 +20,9 @@ export const tenantCache = new PullThroughCache()
   })
   .withFetcher({
     fetcher: tenantFetcher,
+  })
+  .withEventCallback({
+    callback: cacheEventToSentryMetric("tenant"),
   });
 
 /**

vendor/backend/src/util.js

@@ -1,5 +1,24 @@
 import { existsSync } from "node:fs";
-import { AppError, isNil, pathJoin } from "@compas/stdlib";
+import { _compasSentryExport, AppError, isNil, pathJoin } from "@compas/stdlib";
+
+/**
+ * Count the different PullThroughCache events as their own metric
+ *
+ * @param {string} cacheName
+ * @returns {(function(string): void)}
+ */
+export function cacheEventToSentryMetric(cacheName) {
+  return (event) => {
+    if (_compasSentryExport?.metrics?.increment) {
+      _compasSentryExport.metrics.increment(`cache.${event}`, 1, {
+        tags: {
+          cacheName,
+        },
+        unit: "none",
+      });
+    }
+  };
+}
 
 /**
  * Takes an AppError and normalizes it to a 401, to simplify frontend error handling on