@entity-access/server-pages 1.0.5

package/src/html/XNode.ts

@@ -0,0 +1,52 @@
+export default class XNode {
+
+    public static create(
+        // eslint-disable-next-line @typescript-eslint/ban-types
+        name: string | Function,
+        attribs: Record<string, any>,
+        ... nodes: (XNode | string)[]) {
+        if (typeof name === "function") {
+            return name(attribs ?? {}, ... nodes);
+        }
+        return new XNode(name, attribs, nodes);
+    }
+
+    private constructor(
+        public readonly name: string,
+        public readonly attributes: Record<string, any>,
+        public readonly children: (XNode | string)[]
+    ) {
+
+    }
+
+    public render(nest = "") {
+        const { name, attributes } = this;
+        const children = [];
+        let a = "";
+        if (attributes) {
+            for (const key in attributes) {
+                if (Object.prototype.hasOwnProperty.call(attributes, key)) {
+                    const element = attributes[key];
+                    a += ` ${key}=${JSON.stringify(element)}`;
+                }
+            }
+        }
+        if (this.children) {
+            for (const child of this.children) {
+                if (typeof child === "string") {
+                    children.push(child);
+                    continue;
+                }
+                if (!child) {
+                    continue;
+                }
+                children.push(child.render(nest + "\t"));
+            }
+        }
+        if (!name) {
+            return `\n${nest}\t${children.join("\n\t")}`;
+        }
+        return `${nest}<${name}${a}>\n${nest}\t${children.join("\n\t")}\n${nest}</${name}>`;
+    }
+
+}

package/src/index.d.ts

@@ -0,0 +1,16 @@
+import type SessionUser from "./core/SessionUser.ts";
+
+export {};
+
+declare global {
+    namespace Express {
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        export interface Request {
+            /**
+             * user will always be set, even in case if it is an anonymous request.
+             * This is to track actual views.
+             */
+            user: SessionUser;
+        }
+    }
+}

package/src/services/CookieService.ts

@@ -0,0 +1,137 @@
+import Inject, { RegisterSingleton, ServiceProvider } from "@entity-access/entity-access/dist/di/di.js";
+import TokenService, { IAuthCookie } from "./TokenService.js";
+import TimedCache from "@entity-access/entity-access/dist/common/cache/TimedCache.js";
+import { BaseDriver } from "@entity-access/entity-access/dist/drivers/base/BaseDriver.js";
+import { Request, Response } from "express";
+import cluster from "cluster";
+import SessionUser from "../core/SessionUser.js";
+import UserSessionProvider from "./UserSessionProvider.js";
+
+/**
+ * This will track userID,cookie pair so we can
+ * clear the logged in user's file permissions
+ */
+const userCookies = new Map<number,string>();
+const sessionCache = new TimedCache<string, Partial<SessionUser>>();
+
+let cookieName = null;
+
+const tagForCache = Symbol("tagForCache");
+
+const cacheFR = new FinalizationRegistry<number>((heldValue) => {
+    userCookies.delete(heldValue);
+});
+
+@RegisterSingleton
+export default class CookieService {
+
+    @Inject
+    private tokenService: TokenService;
+
+    @Inject
+    private userSessionProvider: UserSessionProvider;
+
+    constructor() {
+        process.on("message", (msg: any) => {
+            if (msg.type === "cookie-service-clear-cache") {
+                this.clearCache(msg.userID, false);
+            }
+        });
+    }
+
+    public clearCache(userID: number, broadcast = true) {
+        const cookie = userCookies.get(userID);
+        if (cookie) {
+            sessionCache.delete(cookie);
+        }
+        if (!broadcast) {
+            return;
+        }
+        const clearMessage = {
+            type: "cookie-service-clear-cache",
+            userID
+        };
+        if (cluster.isWorker) {
+            process.send(clearMessage);
+        } else {
+            if(cluster.workers) {
+                for (const key in cluster.workers) {
+                    if (Object.prototype.hasOwnProperty.call(cluster.workers, key)) {
+                        const element = cluster.workers[key];
+                        element.send(clearMessage);
+                    }
+                }
+            }
+        }
+}
+
+    async createSessionUser(req: Request, resp: Response) {
+        cookieName ??= this.tokenService.authCookieName;
+        const sessionCookie = req.cookies[cookieName];
+        req.user = await this.createSessionUserFromCookie(sessionCookie, req.ip, resp);
+    }
+
+    async createSessionUserFromCookie(cookie: string, ip: string, resp?: Response) {
+        const user = new SessionUser(resp, cookieName, this.tokenService);
+        try {
+            user.ipAddress = ip;
+            if (cookie) {
+                const userInfo = await this.getVerifiedUser(cookie);
+                if (userInfo?.sessionID) {
+                    user.sessionID = userInfo.sessionID;
+                }
+                if (userInfo?.userID) {
+                    user[tagForCache] = userInfo;
+                    for (const key in userInfo) {
+                        if (Object.prototype.hasOwnProperty.call(userInfo, key)) {
+                            const element = userInfo[key];
+                            user[key] = element;
+                        }
+                    }
+                }
+            }
+            return user;
+        } catch (error) {
+            console.error(error);
+            return user;
+        }
+    }
+
+    private getVerifiedUser(cookie: string): Promise<Partial<SessionUser>> {
+
+        return sessionCache.getOrCreateAsync(cookie, async (k) => {
+
+            const parsedCookie = JSON.parse(cookie) as IAuthCookie;
+            if (!parsedCookie.id) {
+                return {};
+            }
+
+            if(!await this.tokenService.verifyContent(parsedCookie, false)) {
+                return {};
+            }
+
+            if (!parsedCookie.active) {
+                return {
+                    sessionID: parsedCookie.id
+                };
+            }
+
+            const r = await this.createUserInfo(parsedCookie.id, cookie);
+            return r;
+        });
+    }
+
+    private async createUserInfo(id: number, cookie: string) {
+        const r = await this.userSessionProvider.getUserSession(id);
+        if (r === null) {
+            return {};
+        }
+        if (r.expiry.getTime() < Date.now() || r.invalid) {
+            return {};
+        }
+        cacheFR.register(r, r.userID);
+        userCookies.set(r.userID, cookie);
+        return r;
+    }
+
+}

package/src/services/KeyProvider.ts

@@ -0,0 +1,62 @@
+import { RegisterSingleton } from "@entity-access/entity-access/dist/di/di.js";
+import DateTime from "@entity-access/entity-access/dist/types/DateTime.js";
+import { generateKeyPair } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+
+export interface IAuthKey {
+    publicKey: string,
+    privateKey: string,
+    expires: DateTime
+}
+
+
+@RegisterSingleton
+export default class KeyProvider {
+
+    public keyPath: string = "/data/keys";
+
+    private key: IAuthKey;
+
+    public async getKeys() {
+        if (this.key) {
+            return [this.key];
+        }
+        // check if we have key stored
+        const keyPath = this.keyPath;
+        if (!existsSync(keyPath)) {
+            mkdirSync(keyPath, { recursive: true});
+        }
+        const file = join(keyPath, "cookie-key.json");
+        if (existsSync(file)) {
+            this.key = JSON.parse(readFileSync(file, "utf-8"));
+            return [this.key];
+        }
+        this.key = await this.generateKey(null);
+        writeFileSync(file, JSON.stringify(this.key, undefined, 2));
+        return [this.key];
+    }
+
+    private generateKey(expires: DateTime) {
+        return new Promise<IAuthKey>((resolve, reject) => {
+            generateKeyPair('rsa', {
+                modulusLength: 2048,
+                publicKeyEncoding: {
+                  type: 'spki',
+                  format: 'pem'
+                },
+                privateKeyEncoding: {
+                  type: 'pkcs8',
+                  format: 'pem'
+                }
+            },
+               (error, publicKey, privateKey) => {
+                resolve({
+                    publicKey,
+                    privateKey,
+                    expires
+                });
+            });
+        });
+    }
+}

package/src/services/TokenService.ts

@@ -0,0 +1,80 @@
+import Inject, { RegisterSingleton } from "@entity-access/entity-access/dist/di/di.js";
+import DateTime from "@entity-access/entity-access/dist/types/DateTime.js";
+import { createSign, createVerify, generateKeyPair } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import KeyProvider from "./KeyProvider.js";
+
+export interface IAuthCookie {
+    id: number;
+    expiry: Date;
+    sign: string;
+    version: string;
+    active?: boolean;
+}
+
+export interface IAuthKey {
+    publicKey: string,
+    privateKey: string,
+    expires: DateTime
+}
+
+export type ISignedContent<T> = T & {
+    sign: string;
+};
+
+@RegisterSingleton
+export default class TokenService {
+
+    public authCookieName = "ea-c1";
+
+    public shareCookieName = "ea-ca1";
+
+    @Inject
+    private keyProvider: KeyProvider;
+
+    public async getAuthToken(authCookie: Omit<IAuthCookie, "sign">): Promise<{ cookieName: string, cookie: string}> {
+        const cookie = await this.signContent(authCookie);
+        return { cookieName: this.authCookieName, cookie: JSON.stringify(cookie) };
+    }
+
+    public async signContent<T>(content: T): Promise<ISignedContent<T>> {
+        const [key] = await this.keyProvider.getKeys();
+        const sign = this.sign(JSON.stringify(content), key);
+        return { ... content, sign};
+    }
+
+    public async verifyContent<T>(content: ISignedContent<T>, fail = true) {
+        const { sign , ... c } = content;
+        const keys = await this.keyProvider.getKeys();
+        for (const iterator of keys) {            
+            if(this.verify(JSON.stringify(c), sign, iterator, false)) {
+                return true;
+            }
+        }
+        if (fail) {
+            throw new Error("Signature verification failed");
+        }
+    }
+
+    private sign(content: string, key: IAuthKey) {
+        const sign = createSign("SHA256");
+        sign.write(content);
+        sign.end();
+        return sign.sign(key.privateKey, "hex");
+    }
+
+    private verify(content: string | Buffer, signature: string, key: IAuthKey, fail = true) {
+        const verify = createVerify("SHA256");
+        verify.write(content);
+        verify.end();
+        if(verify.verify(key.publicKey, signature, "hex")) {
+            return true;
+        }
+        if (fail) {
+            throw new Error("Invalid signature");
+        }
+    }
+
+
+}

package/src/services/UserSessionProvider.ts

@@ -0,0 +1,13 @@
+import { RegisterSingleton } from "@entity-access/entity-access/dist/di/di.js";
+import SessionUser from "../core/SessionUser.js";
+
+@RegisterSingleton
+export default class UserSessionProvider {
+
+    async getUserSession(id: number): Promise<Partial<SessionUser>> {
+        return {
+            userID: 1,
+        }
+    }
+
+}

package/src/tests/logger/api/log/post.ts

@@ -0,0 +1,6 @@
+import Page from "../../../../Page.js";
+
+export default function(this: Page) {
+    console.log(this.childPath);
+    return this.json({ childPath: this.childPath });
+}

package/src/tests/logger/index.tsx

@@ -0,0 +1,20 @@
+import Content from "../../Content.js";
+import Page from "../../Page.js";
+import HtmlDocument from "../../html/HtmlDocument.js";
+import XNode from "../../html/XNode.js";
+
+export default function(this: Page) {
+
+    const [child] = this.childPath;
+    if (child) {
+        if (!/^index\.htm/i.test(child)) {
+            return this.notFound();
+        }
+    }
+
+    return Content.html(<HtmlDocument>
+        <body>
+            Test 1
+        </body>
+    </HtmlDocument>);
+}

package/test.js

@@ -0,0 +1,12 @@
+import { ServiceProvider } from "@entity-access/entity-access/dist/di/di.js";
+import ServerPages from "./dist/ServerPages.js";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+
+
+const sp = ServerPages.create();
+sp.registerRoutes(join(dirname( fileURLToPath(import.meta.url)), "./dist/tests/logger"));
+
+const app = sp.build();
+
+app.listen(8080);

package/tsconfig.json

@@ -0,0 +1,31 @@
+{
+    "compilerOptions": {
+        "jsx": "react",
+        "target": "ES2021",
+        "module":"NodeNext",
+        "incremental": true,
+        "sourceMap": true,
+        "declaration": true,
+        "declarationMap": true,
+        "outDir": "dist",
+        "skipDefaultLibCheck": true,
+        "skipLibCheck": true,
+        "experimentalDecorators": true,
+        "emitDecoratorMetadata": true,
+        "jsxFactory": "XNode.create",
+        "lib": [
+            "ES2018",
+            "ES2021.WeakRef",
+            "esnext.disposable",
+            "ES2021.String",
+            "ES2022.Object"
+        ]
+    },
+    "include": [
+        "src/**/*"
+    ],
+    "exclude": [
+		"node_modules",
+		"tests"
+    ]
+}