@ecopex/ecopex-framework 1.0.0

package/routes/admin/spec/auth.js

@@ -0,0 +1,626 @@
+const JWT = require('@root/libraries/jwt');
+const BCRYPT = require('@root/libraries/bcrypt');
+const { getUtcFormated } = require('@root/libraries/date');
+const fs = require('fs');
+const QRCode = require('qrcode')
+const { generate_2fa_secret, verify_2fa_token } = require('@root/libraries/2fa');
+const DeviceDetector = require('node-device-detector');
+const detector = new DeviceDetector({
+    clientIndexes: true,
+    deviceIndexes: true,
+    deviceAliasCode: false
+});
+
+const db = require('@root/libraries/knex');
+const jwt = new JWT();
+const bcrypt = new BCRYPT();
+
+const userdata_schema = {
+    id: { type: 'integer' },
+    role: { type: 'string', enum: ['admin', 'manager'] },
+    firstname: { type: 'string', default: null },
+    lastname: { type: 'string', default: null },
+    username: { type: 'string' },
+    email: { type: 'string', default: null },
+    two_factor_enabled: { type: 'boolean', default: false },
+    phone_number: { type: 'string', default: null },
+    phone_verified: { type: 'boolean', default: false },
+    email_verified: { type: 'boolean', default: false },
+    is_active: { type: 'boolean', default: true },
+    address: { type: 'string', default: null },
+    city: { type: 'string', default: null },
+    state: { type: 'string', default: null },
+    zip: { type: 'string', default: null },
+    country_id: { type: 'integer', default: null },
+    country_name: { type: 'string', default: null },
+    last_login_ip: { type: 'string', default: null },
+    last_login_at: { type: 'string', format: 'date-time', default: null },
+    login_attempts: { type: 'integer', default: 0 },
+    locked_until: { type: 'string', format: 'date-time', default: null },
+    created_at: { type: 'string', format: 'date-time', default: null },
+    updated_at: { type: 'string', format: 'date-time', default: null }
+}
+
+const login = {
+    method: 'POST',
+    path: 'login',
+    schema: {
+        description: 'Login to the system',
+        summary: 'Login to the system',
+        body: {
+            type: 'object',
+            required: ['username', 'password', 'type'],
+            properties: {
+                username: { type: 'string', default: 'admin' },
+                password: { type: 'string', default: 'password' },
+                type: { type: 'string', enum: ['admin', 'manager'], default: 'admin' }
+            },
+            additionalProperties: false
+        },
+        headers: {
+            type: 'object',
+            properties: {
+                locale: { type: 'string', default: 'en' }
+            }
+        },
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                data: {
+                    type: 'object',
+                    properties: {
+                        token: { type: 'string', format: 'jwt', description: 'JWT token', example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiZGV2aWNlIjoidW5rbm93biIsInR5cGUiOiJhZG1pbiIsImlhdCI6MTc2NzA5NjM5NCwiZXhwIjoxNzY3MTgyNzk0fQ.6DTKLdJ7tEE3ttqY1eN9lCcnhCTK8TdOPhChlAtlJjE" }
+                    },
+                    additionalProperties: false
+                }
+            }
+        }
+    },
+    handler: async (request, reply) => {
+
+        const { username, password, type } = request.body;
+        const device = request.headers['device'] || 'unknown';
+
+        let user = null;
+
+        if(type === 'admin') {
+            user = await db('admins').where('username', username).first();
+            if(!user) {
+                return reply.status(401).send({
+                    status: false,
+                    message: 'Invalid credentials',
+                    code: 401
+                });
+            }
+        } else if(type === 'manager') {
+            user = await db('managers').where('username', username).first();
+            if(!user) {
+                return reply.status(401).send({
+                    status: false,
+                    message: 'Invalid credentials',
+                    code: 401
+                });
+            }
+        }
+
+        if(user.locked_until && user.locked_until > new Date()) {
+            return reply.status(401).send({
+                status: false,
+                message: 'Account is locked',
+                code: 401
+            });
+        }
+
+        if(user.login_attempts >= 5) {
+            return reply.status(401).send({
+                status: false,
+                message: 'Too many login attempts',
+                code: 401
+            });
+        }
+
+        const isPasswordValid = await bcrypt.compare(password, user.password);
+        if(!isPasswordValid) {
+            await db('admins').where('admin_id', user.admin_id).update({
+                login_attempts: user.login_attempts + 1
+            });
+            return reply.status(401).send({
+                status: false,
+                message: 'Invalid credentials',
+                code: 401
+            });
+        }
+
+        if(!device) {
+            return reply.status(401).send({
+                status: false,
+                message: 'Device not found',
+                code: 401
+            });
+        }
+
+        const personal_id = user.admin_id || user.manager_id;
+
+        const token = jwt.sign({
+            id: personal_id,
+            device: device,
+            type: type
+        });
+        
+        const device_info = detector.detect(request.headers['user-agent']);
+        const client_ip = request.headers['x-real-ip'] || request.ip
+
+        const device_informations = {
+            os: device_info.os?.name || 'unknown',
+            os_version: device_info.os?.version || 'unknown',
+            client: device_info.client?.name || 'unknown',
+            client_version: device_info.client?.version || 'unknown',
+            device: device_info.device?.brand || 'unknown'
+        }
+
+        await db('devices').insert({
+            personal_id: personal_id,
+            personal_type: type,
+            unique_id: device || '--',
+            ip_address: client_ip,
+            two_factor_approved: false,
+            last_login_at: getUtcFormated(),
+            last_login_ip: client_ip,
+            token: token,
+            device_information: JSON.stringify(device_informations)
+        }).onConflict().merge(['last_login_at', 'last_login_ip', 'token', 'device_information']);
+
+        // if(!user.two_factor_enabled) {
+        //     return reply.status(303).send({
+        //         status: false,
+        //         message: 'Two-factor authentication is not enabled',
+        //         details: {
+                    
+        //             two_factor_enabled: user.two_factor_enabled
+        //         },
+        //         code: 303
+        //     });
+        // }
+
+        if(user.two_factor_enabled) {
+            let check_device = await db('devices').where({ personal_id: personal_id, personal_type: type, unique_id: device }).first()
+            
+            if(!check_device.two_factor_approved) {
+                return reply.status(303).send({
+                    status: false,
+                    message: 'Device is not approved',
+                    details: {
+                        token: token,
+                        two_factor_approved: check_device.two_factor_approved
+                    },
+                    code: 303
+                });
+            }
+        }
+
+        await db('admins').where('admin_id', user.admin_id).update({
+            login_attempts: 0
+        });
+
+        reply.send({
+            status: true,
+            data: {
+                token: token
+            }
+        })
+    }
+}
+
+const login_2fa = {
+    method: 'POST',
+    path: 'login-2fa',
+    schema: {
+        description: 'Login with 2FA',
+        summary: 'After successful login, you will be redirected to the 2FA page to enter the code if 2FA is enabled',
+        body: {
+            type: 'object',
+            required: ['code'],
+            properties: {
+                code: { type: 'string' }
+            }
+        },
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                data: { 
+                    type: 'object', 
+                    properties: userdata_schema,
+                    additionalProperties: false
+                }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+        const user = request.user;
+        const { code } = request.body;
+        const { device } = request.headers;
+        
+        if(!user.two_factor_enabled) {
+            return reply.status(303).send({
+                status: false,
+                message: 'Two-factor authentication is not enabled',
+                code: 303
+            });
+        }
+        
+        const isValid = verify_2fa_token(user.two_factor_secret, code);
+
+        if(!isValid) {
+            return reply.status(400).send({
+                status: false,
+                message: 'Invalid code',
+                code: 400
+            });
+        }
+
+        await db('devices').where({ personal_id: user.id, personal_type: user.type, unique_id: device }).update({
+            two_factor_approved: true,
+            last_login_at: getUtcFormated(),
+            last_login_ip: request.headers['x-real-ip'] || request.ip
+        })
+
+        await db(user.type == 'admin' ? 'admins' : 'managers').where({ admin_id: user.id }).update({
+            login_attempts: 0
+        })
+
+        user.last_login_at = getUtcFormated();
+        user.last_login_ip = request.headers['x-real-ip'] || request.ip;
+
+        reply.send({
+            status: true,
+            data: user
+        });
+    }
+}
+
+const userdata = {
+    method: 'GET',
+    path: 'userdata',
+    schema: {
+        description: 'Get user data',
+        summary: 'Get user data',
+        headers: {
+            type: 'object',
+            properties: {
+                locale: { type: 'string', default: 'en' }
+            }
+        },
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                data: { 
+                    type: 'object', 
+                    properties: userdata_schema,
+                    additionalProperties: false
+                }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+        const user = request.user;
+        reply.send({
+            status: true,
+            data: user
+        })
+    }
+}
+
+const update_userdata = {
+    method: 'PUT',
+    path: 'update-userdata',
+    schema: {
+        description: 'Update user data',
+        summary: 'Update user data',
+        body: {
+            type: 'object',
+            properties: {
+                firstname: { type: 'string' },
+                lastname: { type: 'string' },
+                phone_number: { type: 'string' },
+                country_id: { type: 'integer' },
+                address: { type: 'string' },
+                city: { type: 'string' },
+                state: { type: 'string' },
+                zip: { type: 'string' }
+            }
+        },
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                data: { 
+                    type: 'object', 
+                    properties: userdata_schema,
+                    additionalProperties: false
+                }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+
+        const user = request.user;
+        const { firstname, lastname, phone_number, country_id, address, city, state, zip } = request.body;
+
+        const country = await db('countries').where('country_id', country_id).first();
+        if(!country) {
+            return reply.status(400).send({
+                status: false,
+                message: 'Country not found',
+                code: 400
+            });
+        }
+
+        const update_data = {}
+
+        if(firstname) {
+            update_data.firstname = firstname;
+        }
+        if(lastname) {
+            update_data.lastname = lastname;
+        }
+        if(phone_number) {
+            update_data.phone_number = phone_number;
+        }
+        if(country_id) {
+            update_data.country_id = country_id;
+        }
+        if(address) {
+            update_data.address = address;
+        }
+        if(city) {
+            update_data.city = city;
+        }
+        if(state) {
+            update_data.state = state;
+        }
+        if(zip) {
+            update_data.zip = zip;
+        }
+
+        if(Object.keys(update_data).length > 0) {
+            await db('admins').where('admin_id', user.id).update(update_data);
+        }
+
+        const updated_user = await db('admins').where('admin_id', user.id).first();
+
+        reply.send({
+            status: true,
+            data: updated_user
+        })
+    }
+}
+
+const change_password = {
+    method: 'PUT',
+    path: 'change-password',
+    schema: {
+        description: 'Change password',
+        summary: 'Change password',
+        body: {
+            type: 'object',
+            required: ['old_password', 'new_password', 'new_password_again'],
+            properties: {
+                old_password: { type: 'string' },
+                new_password: { type: 'string' },
+                new_password_again: { type: 'string' }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+
+        const user = request.user;
+        const { old_password, new_password, new_password_again } = request.body;
+        
+        const isPasswordValid = await bcrypt.compare(old_password, user.password);
+        if(!isPasswordValid) {
+            return reply.status(400).send({
+                status: false,
+                message: request.t('messages.invalid_old_password'),
+                code: 400
+            });
+        }
+
+        if(new_password !== new_password_again) {
+            return reply.status(400).send({
+                status: false,
+                message: request.t('messages.new_password_not_match'),
+                code: 400
+            });
+        }
+
+        const hashedPassword = await bcrypt.hash(new_password, 10);
+        await db(user.type == 'admin' ? 'admins' : 'managers').where({ admin_id: user.id }).update({
+            password: hashedPassword
+        });
+
+        reply.send({
+            status: true,
+            message: request.t('messages.password_changed_successfully')
+        })
+    }
+}
+
+const activate_2fa = {
+    method: 'GET',
+    path: 'activate-2fa',
+    schema: {
+        description: 'Create QR Code for 2FA',
+        summary: 'Create QR Code for 2FA',
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                data: { type: 'object', properties: { qr: { type: 'string' }, secret: { type: 'string' }, uri: { type: 'string' } } }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+        const user = request.user;
+
+        if(user.two_factor_enabled) {
+            return reply.status(303).send({
+                status: false,
+                message: 'Two-factor authentication is already enabled',
+                code: 303
+            });
+        }
+
+        const generate_data = generate_2fa_secret(user.username, request.headers.origin)
+    
+        await db(user.type == 'admin' ? 'admins' : 'managers').where({ admin_id: user.id }).update({
+            two_factor_secret: generate_data.secret
+        })
+
+        generate_data.qr = await QRCode.toDataURL(generate_data.uri);
+
+        reply.send({
+            status: true,
+            data: generate_data
+        })
+    }
+}
+
+const activation_2fa = {
+    method: 'POST',
+    path: 'activation-2fa',
+    schema: {
+        description: 'Activation 2FA',
+        summary: 'Activation 2FA',
+        body: {
+            type: 'object',
+            required: ['code'],
+            properties: {
+                code: { type: 'string' }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+        const user = request.user;
+        const { code } = request.body;
+        const { device } = request.headers;
+
+        if(user.two_factor_enabled) {
+            return reply.status(303).send({
+                status: false,
+                message: 'Two-factor authentication is not enabled',
+                code: 303
+            });
+        }
+        
+        const isValid = verify_2fa_token(user.two_factor_secret, code);
+        
+        if(!isValid) {
+            return reply.status(400).send({
+                status: false,
+                message: 'Invalid code',
+                code: 400
+            });
+        }
+
+        await db(user.type == 'admin' ? 'admins' : 'managers').where({ admin_id: user.id }).update({
+            two_factor_enabled: true
+        })
+
+        await db('devices').where({ personal_id: user.id, personal_type: user.type, unique_id: device }).update({
+            two_factor_approved: true
+        })
+
+        reply.send({
+            status: true,
+            message: 'Two-factor authentication activated'
+        })
+    }
+}
+
+const upload_avatar = {
+    method: 'POST',
+    path: 'upload-avatar',
+    schema: {
+        description: 'Upload avatar',
+        summary: 'Upload avatar',
+        body: {
+            type: 'object',
+            properties: {
+                avatar: { type: 'string' }
+            }
+        },
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                data: { type: 'object', properties: { avatar: { type: 'string' } } }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+        const user = request.user;
+        const { avatar } = request.body;
+
+        const upload_result = await uploadFile(avatar, 'avatar', 'users');
+        if(!upload_result.status) {
+            return reply.status(400).send({
+                status: false,
+                message: 'Failed to upload avatar',
+                code: 400
+            });
+        }
+        
+        await db('admins').where('admin_id', user.id).update({
+            avatar: upload_result.data.file.fileUrl
+        });
+
+        reply.send({
+            status: true,
+            data: { avatar: upload_result.data.file.fileUrl }
+        })
+    }
+}
+
+const delete_avatar = {
+    method: 'DELETE',
+    path: 'delete-avatar',
+    schema: {
+        description: 'Delete avatar',
+        summary: 'Delete avatar',
+        success_response: {
+            type: 'object',
+            properties: {
+                status: { type: 'boolean', default: true },
+                message: { type: 'string' }
+            }
+        }
+    },
+    security: 'auth',
+    handler: async (request, reply) => {
+        const user = request.user;
+        await db('admins').where('admin_id', user.id).update({
+            avatar: null
+        });
+
+        if(user.avatar && fs.existsSync(user.avatar)) {
+            fs.unlinkSync(user.avatar);
+        }
+
+        reply.send({
+            status: true,
+            message: 'Avatar deleted successfully'
+        })
+    }
+}
+
+module.exports = [login, login_2fa, userdata, change_password, update_userdata, upload_avatar, delete_avatar, activate_2fa, activation_2fa,]

package/routes/admin/spec/users.js

@@ -0,0 +1,3 @@
+const db = require('@root/libraries/knex');
+
+module.exports = []