@entity-access/server-pages 1.0.29 → 1.0.31

package/src/core/Wrapped.ts

@@ -0,0 +1,359 @@
+import busboy from "busboy";
+import { IncomingMessage, OutgoingMessage, ServerResponse } from "http";
+import { Http2ServerRequest, Http2ServerResponse } from "http2";
+import SessionUser from "./SessionUser.js";
+import { parse, serialize } from "cookie";
+import TempFolder from "./TempFolder.js";
+import { LocalFile } from "./LocalFile.js";
+import { Writable } from "stream";
+import { ServiceProvider } from "@entity-access/entity-access/dist/di/di.js";
+import CookieService from "../services/CookieService.js";
+import { stat } from "fs/promises";
+
+
+type UnwrappedRequest = IncomingMessage | Http2ServerRequest;
+
+export interface IFormData {
+    fields: { [key: string]: string};
+    files: LocalFile[];
+}
+
+export interface IWrappedRequest {
+
+    get host(): string;
+
+    get path(): string;
+
+    get asyncSessionUser(): Promise<SessionUser>;
+
+    get asyncJsonBody(): Promise<any>;
+
+    get asyncForm(): Promise<IFormData>;
+
+    get query(): { [key: string]: string};
+
+    get cookies(): { [key: string]: string};
+
+    get URL(): URL;
+
+    get remoteIPAddress(): string;
+
+    accepts(): string[];
+    accepts(... types: string[]): boolean;
+}
+
+export interface IWrappedResponse {
+
+    asyncEnd();
+
+    asyncWrite(buffer: Buffer): Promise<void>;
+
+    send(data: Buffer | string | Blob, status?: number): Promise<void>;
+
+    sendRedirect(url: string, permanent?: boolean): void;
+
+    cookie(name: string, value: string, options?: { secure?: boolean, httpOnly?: boolean, maxAge?: number });
+
+    // https://github.com/phoenixinfotech1984/node-content-range
+    sendFile(filePath: string, options?: {
+        acceptRanges?: boolean,
+        cacheControl?: boolean,
+        maxAge?: number,
+        etag?: boolean,
+        immutable?: boolean,
+        headers?: { [key: string]: string},
+        lastModified?: boolean
+    }): Promise<void>;
+
+}
+
+export type WrappedRequest = UnwrappedRequest & IWrappedRequest & {
+    scope: ServiceProvider;
+    response: WrappedResponse;
+    disposables: Disposable[];
+};
+
+type UnwrappedResponse = ServerResponse | Http2ServerResponse;
+
+export type WrappedResponse = UnwrappedResponse & IWrappedResponse & {
+    request: WrappedRequest
+};
+
+const requestMethods: { [P in keyof IWrappedRequest]: (this: WrappedRequest) => any} = {
+    remoteIPAddress(this: UnwrappedRequest) {
+        return this.socket?.remoteAddress;
+    },
+
+    accepts(this: UnwrappedRequest) {
+        const accepts = (this.headers.accept ?? "").split(";");
+        return (...types: string[]) => {
+            if (types.length > 0) {
+                for (const type of types) {
+                    for (const iterator of accepts) {
+                        if (iterator.includes(type)) {
+                            return true;
+                        }
+                    }
+                }
+                return false;
+            }
+            return accepts;
+        };
+    },
+
+    URL(this: UnwrappedRequest) {
+        const w = this as WrappedRequest;
+        return new URL(this.url, `http://${w.host}`);
+    },
+
+    path(this: WrappedRequest) {
+        return this.URL.pathname;
+    },
+
+    host(this: UnwrappedRequest) {
+        return this.headers[":authority"] ?? this.headers["host"];
+    },
+    query(this: WrappedRequest) {
+        const u = this.URL;
+        const items = {};
+        for (const [key, value] of u.searchParams.entries()) {
+            items[key] = value;
+        }
+        return items;
+    },
+    cookies(this: UnwrappedRequest) {
+        const cookie = this.headers.cookie;
+        const cookies = parse(cookie);
+        return cookies;
+    },
+
+    async asyncJsonBody(this: WrappedRequest) {
+        const req = this;
+        let buffer = null as Buffer;
+        let encoding = this.headers["content-encoding"] ?? "utf-8";
+        const contentType = this.headers["content-type"];
+        if (!/\/json/i.test(contentType)) {
+            throw new Error(`Content Type ${contentType} isn't json `);
+        }
+        await new Promise<void>((resolve, reject) => {
+            req.pipe(new Writable({
+                write(chunk, enc, callback) {
+                    encoding ||= enc;
+                    let b = typeof chunk === "string"
+                        ? Buffer.from(chunk)
+                        : chunk as Buffer;
+                    buffer = buffer
+                        ? Buffer.concat([buffer, b])
+                        : b;
+                    callback();
+                },
+                final(callback) {
+                    resolve();
+                    callback();
+                },
+            }), { end: true });
+        });
+        const text = buffer.toString(encoding as any);
+        return JSON.parse(text);
+    },
+
+    async asyncSessionUser(this: WrappedRequest) {
+        try {
+            const cookieService = this.scope.resolve(CookieService);
+            const cookie = this.cookies[cookieService.cookieName];
+            const sessionUser = await cookieService.createSessionUserFromCookie(cookie, this.remoteIPAddress, this.response);
+            return sessionUser;
+        } catch (error) {
+            console.error(error);
+            return new SessionUser(null, null, null);
+        }
+    },
+
+    async asyncForm(this: WrappedRequest) {
+        let tempFolder: TempFolder;
+        const result: IFormData = {
+            fields: {},
+            files: []
+        };
+        const req = this;
+        const bb = busboy({ headers: req.headers, defParamCharset: "utf8" });
+        const tasks = [];
+        await new Promise((resolve, reject) => {
+
+            bb.on("field", (name, value) => {
+                result.fields[name] = value;
+            });
+
+            bb.on("file", (name, file, info) => {
+                if (!tempFolder) {
+                    tempFolder = new TempFolder();
+                    this.disposables.push(tempFolder);
+                }
+                const tf = tempFolder.get(info.filename, info.mimeType);
+                tasks.push(tf.writeAll(file).then(() => {
+                    result.files.push(tf);
+                }));
+            });
+            bb.on("error", reject);
+            bb.on("close", resolve);
+            req.pipe(bb);
+        });
+        await Promise.all(tasks);
+        return result;
+    }
+};
+
+const responseMethods: { [P in keyof IWrappedResponse]: (this: WrappedResponse) => any} = {
+
+    asyncEnd() {
+        return () => new Promise<void>((resolve) => this.end(resolve));
+    },
+
+    asyncWrite() {
+        return (buffer: Buffer, start?: number, length?: number) => {
+            return new Promise((resolve) => 
+                this.write(buffer, resolve)
+            );
+        };
+    },
+
+    cookie() {
+        return (name: string, value: string, options = {}) => {
+            const cv = this.getHeaders()["set-cookie"];
+            const cookies = Array.isArray(cv) ? cv : [cv];
+            const nk = cookies.filter((x) => x.startsWith(name + "="));
+            nk.push(serialize(name, value, options));
+            this.setHeader("set-cookie", nk);
+        }
+    },
+
+    send(this: WrappedResponse) {
+        return async (data: Buffer | string, status: number = 200) => {
+            try {
+                this.statusCode = status;
+                this.writeHead(this.statusCode, this.getHeaders());
+                await new Promise<void>((resolve, reject) => {
+                    this.write(data, (error) => error ? reject(error) : resolve());
+                });
+                return this.asyncEnd();
+            } catch (error) {
+                console.error(error);
+            }
+        };
+    },
+    sendRedirect() {
+        return (location: string, permanent = false) => {
+            this.statusCode = 301;
+            this.writeHead(this.statusCode, {
+                location
+            });
+            return this.asyncEnd();
+        }
+    },
+    sendFile() {
+        return async (filePath: string, options?: {
+            acceptRanges?: boolean,
+            cacheControl?: boolean,
+            maxAge?: number,
+            etag?: boolean,
+            immutable?: boolean,
+            headers?: { [key: string]: string},
+            lastModified?: boolean
+        }) => {
+             /** Calculate Size of file */
+            const { size } = await stat(filePath);
+            const range = this.request.headers.range;
+
+            const lf = new LocalFile(filePath);
+
+            /** Check for Range header */
+            if (!range) {
+                this.writeHead(200, {
+                    "Content-Length": size,
+                    "Content-Type": "video/mp4"
+                });
+
+                await lf.writeTo(this);
+
+                return this.asyncEnd();
+            }
+
+            /** Extracting Start and End value from Range Header */
+            let [start, end] = range.replace(/bytes=/, "").split("-") as any[];
+            start = parseInt(start, 10);
+            end = end ? parseInt(end, 10) : size - 1;
+
+            if (!isNaN(start) && isNaN(end)) {
+                start = start;
+                end = size - 1;
+            }
+            if (isNaN(start) && !isNaN(end)) {
+                start = size - end;
+                end = size - 1;
+            }
+
+            // Handle unavailable range request
+            if (start >= size || end >= size) {
+                // Return the 416 Range Not Satisfiable.
+                this.writeHead(416, {
+                    "Content-Range": `bytes */${size}`
+                });
+                return this.asyncEnd();
+            }
+
+            /** Sending Partial Content With HTTP Code 206 */
+            this.writeHead(206, {
+                "Content-Range": `bytes ${start}-${end}/${size}`,
+                "Accept-Ranges": "bytes",
+                "Content-Length": end - start + 1,
+                "Content-Type": "video/mp4"
+            });
+
+            await lf.writeTo(this, start, end);
+
+        }
+    },
+};
+
+export const Wrapped = {
+    request: (req: UnwrappedRequest) => {
+        for (const key in requestMethods) {
+            if (Object.prototype.hasOwnProperty.call(requestMethods, key)) {
+                const element = requestMethods[key];
+                Object.defineProperty(req, key, {
+                    get() {
+                        const value = element.call(this);
+                        Object.defineProperty(this, key, { value, enumerable: true, writable: false });
+                        return value;
+                    },
+                    enumerable: true,
+                    configurable: true
+                });
+            }
+        }
+        const wr = req as WrappedRequest;
+        wr.disposables = [];
+        return wr;
+    },
+
+    response: (req: WrappedRequest, res: UnwrappedResponse) => {
+        for (const key in responseMethods) {
+            if (Object.prototype.hasOwnProperty.call(responseMethods, key)) {
+                const element = responseMethods[key];
+                Object.defineProperty(res, key, {
+                    get() {
+                        const value = element.call(this);
+                        Object.defineProperty(this, key, { value, enumerable: true, writable: false });
+                        return value;
+                    },
+                    enumerable: true,
+                    configurable: true
+                });
+            }
+        }
+        const wr = res as WrappedResponse;
+        wr.request = req;
+        req.response = wr;
+        return wr;
+    }
+}

package/src/core/cached.ts

@@ -0,0 +1,3 @@
+export function cached() {
+    
+}

package/src/decorators/Authorize.ts

@@ -0,0 +1,3 @@
+export function Authorize() {
+    
+}

package/src/parsers/json/jsonParser.ts

@@ -0,0 +1,3 @@
+export default function jsonParser() {
+    
+}

package/src/services/CookieService.ts

@@ -2,10 +2,10 @@ import Inject, { RegisterScoped, RegisterSingleton, ServiceProvider } from "@ent
 import TokenService, { IAuthCookie } from "./TokenService.js";
 import TimedCache from "@entity-access/entity-access/dist/common/cache/TimedCache.js";
 import { BaseDriver } from "@entity-access/entity-access/dist/drivers/base/BaseDriver.js";
-import { Request, Response } from "express";
 import cluster from "cluster";
 import SessionUser from "../core/SessionUser.js";
 import UserSessionProvider from "./UserSessionProvider.js";
+import { WrappedResponse } from "../core/Wrapped.js";
 
 /**
  * This will track userID,cookie pair so we can
@@ -65,13 +65,11 @@ export default class CookieService {
 
     public clearCache = clearCache;
 
-    async createSessionUser(req: Request, resp: Response) {
-        cookieName ??= this.tokenService.authCookieName;
-        const sessionCookie = req.cookies[cookieName];
-        return req.user = await this.createSessionUserFromCookie(sessionCookie, req.ip, resp);
+    public get cookieName() {
+        return cookieName ??= this.tokenService.authCookieName;
     }
 
-    async createSessionUserFromCookie(cookie: string, ip: string, resp?: Response) {
+    async createSessionUserFromCookie(cookie: string, ip: string, resp?: WrappedResponse) {
         const user = new SessionUser(resp, cookieName, this.tokenService);
         try {
             user.ipAddress = ip;

package/src/ssl/ACME.ts

@@ -0,0 +1,247 @@
+import * as forge from "node-forge";
+import * as crypto from "crypto";
+import * as acme from "acme-client";
+import DateTime from "@entity-access/entity-access/dist/types/DateTime.js";
+import cluster from "cluster";
+import { existsSync, writeFileSync, readFileSync, unlinkSync, mkdirSync } from "fs";
+import { join } from "path"
+import ensureDir, { deleteIfExists } from "../core/FileApi.js";
+import Inject, { RegisterSingleton } from "@entity-access/entity-access/dist/di/di.js";
+import ChallengeStore from "./ChallengeStore.js";
+import * as tls from "node:tls";
+
+export interface IAcmeOptions {
+    sslMode?: string,
+    accountPrivateKeyPath?: string,
+    emailAddress?: string,
+    mode?:  "production" | "self-signed" | "staging",
+    endPoint?: string,
+    eabKid?: string,
+    eabHmac?: string   
+}
+
+export interface ICertOptions extends IAcmeOptions {
+    host: string,
+};
+
+@RegisterSingleton
+export default class ACME {
+
+    @Inject
+    private challengeStore: ChallengeStore;
+
+    private map = new Map<string, tls.SecureContext>();
+
+    public async getSecureContext(options: ICertOptions) {
+        const { host } = options;
+        let sc = this.map.get(host);
+        if (sc) {
+            return sc;
+        }
+        
+        const { key , cert } = await this.setup(options)
+        sc = tls.createSecureContext({ cert, key });
+        this.map.set(host, sc);
+        return sc;
+    }
+
+    public async setup({
+        host,
+        sslMode = "./",
+        accountPrivateKeyPath = "./",
+        emailAddress = "",
+        mode = "production" as "production" | "self-signed" | "staging",
+        endPoint = "",
+        eabKid = "",
+        eabHmac = ""
+    }) {
+
+        if (mode === "self-signed") {
+            return this.setupSelfSigned(sslMode);
+        }
+
+        const hostRoot = join(sslMode, host);
+
+        ensureDir(hostRoot);
+
+        const keyPath = join(hostRoot, "cert.key");
+        const certPath = join(hostRoot, "cert.crt");
+
+        const logs = [];
+
+        try {
+
+            const maintainerEmail = emailAddress;
+
+            let externalAccountBinding;
+
+            if (eabKid) {
+                externalAccountBinding = {
+                    kid: eabKid,
+                    hmacKey: eabHmac
+                };
+            }
+
+            let cert:string;
+            let key:string;
+
+            if (!existsSync(keyPath)) {
+                deleteIfExists(certPath);
+                key = (await acme.crypto.createPrivateRsaKey()).toString();
+                writeFileSync(keyPath, key);
+                console.log(`Creating key at ${keyPath}`);
+            } else {
+                key = readFileSync(keyPath, "utf8");
+            }
+
+            // load cert...
+            if (existsSync(certPath)) {
+                cert = readFileSync(certPath, "utf8");
+                const certificate = new crypto.X509Certificate(cert);
+                const validTo = DateTime.parse(certificate.validTo).diff(DateTime.now);
+                if (validTo.totalDays > 30) {
+                    console.log(`Reusing certificate, valid for ${validTo.totalDays}`);
+                    return { cert , key };
+                }
+                console.log(`Deleting old certificates`);
+                unlinkSync(certPath);
+            }
+
+            if (!cluster.isPrimary) {
+                console.log(`Generating Self Signed SSL Certificate for ${host} in cluster worker. Contact administrator.`);
+                return this.setupSelfSigned();
+            }
+
+            let accountKey;
+            if( existsSync(accountPrivateKeyPath) ) {
+                console.log("Reusing the account private key.");
+                accountKey = readFileSync(accountPrivateKeyPath);
+            } else {
+                console.log("Creating new private key.");
+                accountKey = await acme.crypto.createPrivateKey();
+                writeFileSync(accountPrivateKeyPath, accountKey);
+            }
+
+            acme.setLogger((message) => {
+                // console.log(message);
+                logs.push(message);
+            });
+
+            let altNames;
+
+            // auto renew...
+            const client = new acme.Client({
+                directoryUrl: endPoint || acme.directory.letsencrypt[mode],
+                accountKey,
+                externalAccountBinding,
+            });
+
+            /* Create CSR */
+            const [csrKey, csr] = await acme.crypto.createCsr({
+                commonName: host,
+                altNames
+            }, key);
+
+
+
+            /* Certificate */
+            cert = await client.auto({
+                csr,
+                email: maintainerEmail,
+                termsOfServiceAgreed: true,
+                skipChallengeVerification: true,
+                challengePriority: ["http-01"],
+                challengeCreateFn: (authz, challenge, keyAuthorization) => {
+                    if (challenge.type !== "http-01") {
+                        return;
+                    }
+                    return this.challengeStore.save(challenge.token, keyAuthorization);
+                },
+                challengeRemoveFn: (authz, challenge, keyAuthorization) => {
+                    return this.challengeStore.remove(challenge.token);
+                },
+            });
+
+            writeFileSync(certPath, cert);
+
+            return { cert, key };
+        } catch (error) {
+            console.log(logs.join("\n"));
+            console.error(error);
+            throw error;
+        }
+    }
+
+    public setupSelfSigned(sslMode = "./") {
+
+        const selfSigned = `${sslMode}/self-signed/`;
+
+        ensureDir(selfSigned);
+
+        const certPath  = `${selfSigned}/cert.crt`;
+        const keyPath  = `${selfSigned}/key.pem`;
+
+        let key;
+        let cert;
+
+        if (existsSync(certPath) && existsSync(keyPath)) {
+            key = readFileSync(keyPath);
+            cert = readFileSync(certPath);
+            return { key, cert };
+        }
+
+        const pki = forge.default.pki;
+
+        // generate a key pair or use one you have already
+        const keys = pki.rsa.generateKeyPair(2048);
+
+        // create a new certificate
+        const crt = pki.createCertificate();
+
+        // fill the required fields
+        crt.publicKey = keys.publicKey;
+        crt.serialNumber = '01';
+        crt.validity.notBefore = new Date();
+        crt.validity.notAfter = new Date();
+        crt.validity.notAfter.setFullYear(crt.validity.notBefore.getFullYear() + 40);
+
+        // use your own attributes here, or supply a csr (check the docs)
+        const attrs = [
+            {
+                name: 'commonName',
+                value: 'dev.socialmail.in'
+            }, {
+                name: 'countryName',
+                value: 'IN'
+            }, {
+                shortName: 'ST',
+                value: 'Maharashtra'
+            }, {
+                name: 'localityName',
+                value: 'Navi Mumbai'
+            }, {
+                name: 'organizationName',
+                value: 'NeuroSpeech Technologies Pvt Ltd'
+            }, {
+                shortName: 'OU',
+                value: 'Test'
+            }
+        ];
+
+        // here we set subject and issuer as the same one
+        crt.setSubject(attrs);
+        crt.setIssuer(attrs);
+
+        // the actual certificate signing
+        crt.sign(keys.privateKey);
+
+        // now convert the Forge certificate to PEM format
+        cert = pki.certificateToPem(crt);
+        key = pki.privateKeyToPem(keys.privateKey);
+
+        writeFileSync(certPath, cert);
+        writeFileSync(keyPath, key);
+
+        return { key, cert };
+    }
+}

package/src/ssl/ChallengeStore.ts

@@ -0,0 +1,26 @@
+import { RegisterSingleton } from "@entity-access/entity-access/dist/di/di.js";
+import ensureDir from "../core/FileApi.js";
+import { readFileSync, unlinkSync, writeFileSync } from "fs";
+import { join } from "node:path";
+
+const path = "./challenges";
+
+@RegisterSingleton
+export default class ChallengeStore {
+
+    constructor() {
+        ensureDir(path);
+    }
+
+    async get(name: string) {
+        return readFileSync(join(path, name));
+    }
+
+    async save(name: string, value: string) {
+        writeFileSync(join(path, name), value, "utf8");
+    }
+
+    async remove(name: string) {
+        unlinkSync(join(path, name));
+    }
+}

package/test.js

@@ -7,6 +7,4 @@ import { fileURLToPath } from "node:url";
 const sp = ServerPages.create();
 sp.registerRoutes(join(dirname( fileURLToPath(import.meta.url)), "./dist/tests/logger"));
 
-const app = sp.build();
-
-app.listen(8080);
+const app = sp.build({ createSocketService: false, protocol: "https2" });