@es-labs/jslib 0.0.1

package/CHANGELOG.md

@@ -0,0 +1,4 @@
+### 0.0.1
+
+- merging of `@es-labs/node` and `@es-labs/esm` packages
+

package/README.md

@@ -0,0 +1,42 @@
+## Description
+
+Shared Javascript ES Module library for Javascript applications (node, express, web, isomorphic)
+
+- web
+- node
+- iso
+- express
+- auth: authorization
+- comms:  for communications
+- express: for express JS
+- services: various services
+  - db:
+    - mysql
+    - postgres
+  - mq: TODO
+  - others:
+    - keyv
+    - redis/valkey
+    - webpush
+    - websocket
+  - cloud:
+    - aliyun:
+      - bucket (oss)
+    - aws:
+      - bucket (s3)
+- t4t: table editor
+- utils: various utilities
+  - aes: encrypt & decrypt
+- config.js: config loader
+- package.json
+- packageInfo.js: some package information for now
+- README.md
+- traps.js: error trapping
+
+Refer to [https://github.com/es-labs/express-template]() project for usage
+
+## TODO
+
+- setup github actions to auto increment package json version for `libs/node` & `libs/esm` when deploying to npm
+  - https://aboutbits.it/blog/2021-03-11-using-github-actions-to-perfom-npm-version-increment
+- setup unit tests

package/__test__/services.test.js

@@ -0,0 +1,32 @@
+import '@express-template/common/env' // setup env vars
+import { describe, it, before, after } from 'node:test';
+import assert from 'node:assert';
+import StoreKnex from '@es-labs/node/services/db/knex.js';
+
+let sqldb;
+
+const RUN_TEST = false;
+if (RUN_TEST) {
+  before(async () => {
+    sqldb = new StoreKnex();
+    await sqldb.open();
+  });
+
+  after(async () => {
+    await sqldb.close();
+  });
+
+  describe('Test Services', () => {
+    it.skip('Test Knex', async () => {
+      let knex = sqldb.get();
+      const rv = (await knex('users').where({ username: 'ais-one' }).first()).githubId;
+      assert.strictEqual(rv, 4284574);
+    });
+  });
+
+  describe('Services Test', () => {
+    it.skip('should pass', () => {
+      assert.strictEqual(true, true);
+    });
+  });
+}

package/auth/index.js

@@ -0,0 +1,226 @@
+import bcrypt from 'bcryptjs'
+import jwt from 'jsonwebtoken'
+import * as keyv from './keyv.js'
+import * as knex from './knex.js'
+import * as redis from './redis.js'
+
+//NOSONAR import uuid from 'uuid/v4'
+//NOSONAR import qrcode from 'qrcode'
+
+let setRefreshToken, getRefreshToken, revokeRefreshToken,
+  setRefreshTokenStoreName, setTokenService, setUserService,
+  findUser, updateUser,
+  setAuthUserStoreName
+
+const {
+  COOKIE_HTTPONLY, COOKIE_SAMESITE, COOKIE_SECURE, COOKIE_MAXAGE, COOKIE_DOMAIN,
+  AUTH_REFRESH_URL, AUTH_USER_FIELD_LOGIN, AUTH_USER_FIELD_PASSWORD, AUTH_USER_FIELD_GAKEY, AUTH_USER_FIELD_ID_FOR_JWT, AUTH_USER_FIELDS_JWT_PAYLOAD = '',
+  JWT_REFRESH_STORE='keyv',
+  AUTH_USER_STORE,
+  AUTH_USER_STORE_NAME,
+  JWT_REFRESH_STORE_NAME,
+
+  USE_OTP,
+  JWT_ALG, JWT_EXPIRY, JWT_REFRESH_EXPIRY,
+  JWT_PRIVATE_KEY, JWT_CERTIFICATE, JWT_REFRESH_PRIVATE_KEY, JWT_REFRESH_CERTIFICATE, JWT_SECRET, JWT_REFRESH_SECRET,
+  JWT_ALLOW_INSECURE_KEY_SIZES
+} = process.env
+
+const authFns = { // rename to authFns
+  findUser: null,
+  updateUser: null,
+  revokeRefreshToken: null
+}
+
+// const services = (await import('@es-labs/node/services')).default;
+// const authService = (await import('@es-labs/node/auth')).default;
+
+const store = {
+  keyv,
+  knex,
+  redis
+}
+
+const setup = (tokenService, userService) => {
+  //NOSONAR ({ } = process.env);
+  // ({ setRefreshToken, getRefreshToken, revokeRefreshToken, setRefreshTokenStoreName, setTokenService } = require('./' + JWT_REFRESH_STORE)); // keyv, redis, knex
+  // ({ findUser, updateUser, setAuthUserStoreName, setUserService } = require('./' + AUTH_USER_STORE)); // knex
+  ({ setRefreshToken, getRefreshToken, revokeRefreshToken, setRefreshTokenStoreName, setTokenService } = store[JWT_REFRESH_STORE]); // keyv, redis, knex
+  ({ findUser, updateUser, setAuthUserStoreName, setUserService } = store[AUTH_USER_STORE]); // knex
+  authFns.findUser = findUser
+  authFns.updateUser = updateUser
+  authFns.revokeRefreshToken = revokeRefreshToken
+  if (setTokenService) setTokenService(tokenService)
+  if (setUserService) setUserService(userService)
+  if (setRefreshTokenStoreName) setRefreshTokenStoreName(JWT_REFRESH_STORE_NAME)
+  if (setAuthUserStoreName) setAuthUserStoreName(AUTH_USER_STORE_NAME)
+}
+
+// SameSite=None; must use with Secure;
+// may need to restart browser, TODO set Max-Age, ALTERNATE use res.cookie, Signed?
+const httpOnlyCookie = () => `HttpOnly;SameSite=${COOKIE_SAMESITE};`
+  + (COOKIE_SECURE ? 'Secure;':'')
+  + (COOKIE_MAXAGE ? 'MaxAge='+COOKIE_MAXAGE+';':'')
+  + (COOKIE_DOMAIN ? 'domain='+COOKIE_DOMAIN+';':'')
+
+//NOSONAR algorithm
+// expiresIn
+// issuer  = 'Mysoft corp' 
+// subject  = 'some@user.com'
+// audience  = 'http://mysoftcorp.in'
+// ip
+// We implement stateful refresh_token not stateless
+
+//NOSONAR
+// mode: sign, verify
+// type: access, refresh
+const getSecret = (mode, type) => {
+  if (JWT_ALG.substring(0,2) === 'RS') {
+    if (mode === 'sign') {
+      return type === 'refresh' ? JWT_REFRESH_PRIVATE_KEY : JWT_PRIVATE_KEY
+    } else {
+      return type === 'refresh' ? JWT_REFRESH_CERTIFICATE : JWT_CERTIFICATE
+    }
+  }
+  return type === 'refresh' ? JWT_REFRESH_SECRET : JWT_SECRET
+}
+
+// should use:
+// sub - for user id (access_token & refresh_token)
+// groups - for user groups (access_token only)
+// all other user related information sent on initial login and stored using local storage
+// do not catch exception here, let functions above handle
+const createToken = async (user) => { // Create a tokens & data from user
+  const user_meta = { }
+  const options = { }
+
+  const id = user[AUTH_USER_FIELD_ID_FOR_JWT]
+
+  if (!id) throw Error('User ID Not Found')
+  if (user.revoked) throw Error('User Revoked')
+
+  const groups = user.groups
+
+  const keys = AUTH_USER_FIELDS_JWT_PAYLOAD.split(',')
+  for (const key of keys) {
+    if (key && user[key] !== undefined) user_meta[key] = user[key]
+  }
+
+  options.allowInsecureKeySizes = !!JWT_ALLOW_INSECURE_KEY_SIZES
+  options.algorithm = JWT_ALG
+  options.expiresIn = JWT_EXPIRY
+  const access_token = jwt.sign({ id, groups }, getSecret('sign', 'access'), options)
+
+  options.expiresIn = JWT_REFRESH_EXPIRY
+  const refresh_token = jwt.sign({ id }, getSecret('sign', 'refresh'), options) // store only ID in refresh token?
+  await setRefreshToken(id, refresh_token) // store in DB or Cache
+  return {
+    access_token,
+    refresh_token,
+    user_meta
+  }
+}
+
+const setTokensToHeader = (res, {access_token, refresh_token}) => {
+  const _access_token = `Bearer ${access_token}`
+  if (COOKIE_HTTPONLY) {
+    res.setHeader('Set-Cookie', [
+      `Authorization=${_access_token};Path=/;`+ httpOnlyCookie(),
+      `refresh_token=${refresh_token};Path=${AUTH_REFRESH_URL};`+ httpOnlyCookie() // send only if path contains refresh
+    ])
+  } else {
+    res.setHeader('Authorization', `${_access_token}`)
+    res.setHeader('refresh_token', `${refresh_token}`)
+  }
+}
+
+const authUser = async (req, res, next) => {
+  // console.log('auth express', req.baseUrl, req.path, req.cookies, req.signedCookies)
+  let access_token = null
+  try {
+    let tmp = req.cookies?.Authorization || req.header('Authorization') || req.query?.Authorization
+    access_token = tmp.split(' ')[1]
+  } catch (e) {
+    return res.status(401).json({ message: 'Token Format Error' })
+  }
+  if (access_token) {
+    try {
+      let access_result = jwt.verify(access_token, getSecret('verify', 'access'), { algorithm: [JWT_ALG] }) // and options
+      if (access_result) {
+        req.decoded = access_result
+        return next()
+      } else {
+        return res.status(401).json({ message: 'Access Error' })
+      }  
+    } catch (e) {
+      if (e.name === 'TokenExpiredError') {
+        return res.status(401).json({ message: 'Token Expired Error' })
+      } else {
+        console.log('auth err', e.name)
+        return res.status(401).json({ message: 'Token Error' })
+      }
+    }
+  } else {
+    return res.status(401).json({ message: 'Token Missing' })
+  }
+}
+
+const authRefresh = async (req, res) => { // get refresh token
+  try {
+    const refresh_token = req.cookies?.refresh_token || req.header('refresh_token') || req.query?.refresh_token // check refresh token & user - always stateful          
+    const refresh_result = jwt.verify(refresh_token, getSecret('verify', 'refresh'), { algorithm: [JWT_ALG] }) // throw if expired or invalid
+    const { id } = refresh_result
+    let refreshToken = await getRefreshToken(id)
+    if (String(refreshToken) === String(refresh_token)) { // ok... generate new access token & refresh token?
+      const user = await findUser({ id })
+      const tokens = await createToken(user) // 5 minute expire for login
+      setTokensToHeader(res, tokens)
+      return res.status(200).json(tokens)
+    } else {
+      return res.status(401).json({ message: 'Refresh Token Error: Uncaught' })              
+    }
+  } catch (err) { // use err instead of e (fix no-catch-shadow issue)
+    console.log('authRefresh', err)
+    return res.status(401).json({ message: 'Refresh Token Error' })
+  }
+}
+
+export {
+  setup,
+  authFns,
+  // findUser, updateUser,
+  getSecret,
+  createToken,
+  setTokensToHeader,
+  authUser,
+  authRefresh,
+  bcrypt
+}
+
+// do refresh token check from backend ?
+/*
+Signout across tabs
+window.addEventListener('storage', this.syncLogout) 
+//....
+syncLogout (event) {
+  if (event.key === 'logout') {
+    console.log('logged out from storage!')
+    Router.push('/login')
+  }
+}
+async function logout () {
+  inMemoryToken = null;
+  const url = 'http://localhost:3010/auth/logout'
+  const response = await fetch(url, { method: 'POST', credentials: 'include', })
+  // to support logging out from all windows
+  window.localStorage.setItem('logout', Date.now())
+}
+*/
+
+// The user logs in with a login API call.
+// Server generates JWT Token and refresh_token
+// Server sets a HttpOnly cookie with refresh_token. jwt_token and jwt_token_expiry are returned back to the client as a JSON payload.
+// The jwt_token is stored in memory.
+// A countdown to a future silent refresh is started based on jwt_token_expiry
+
+// https://hasura.io/blog/best-practices-of-using-jwt-with-graphql/

package/auth/keyv.js

@@ -0,0 +1,23 @@
+let keyv
+const setTokenService = (service) => keyv = service
+const setRefreshToken = async (id, refresh_token) => keyv.set(id, refresh_token)
+const getRefreshToken = async (id) => keyv.get(id)
+const revokeRefreshToken = async(id) => keyv.delete(id)
+
+const setUserService = () => {}
+const setRefreshTokenStoreName = () => {}
+const setAuthUserStoreName = () => {}
+const findUser = () => {}
+const updateUser = () => {}
+
+export {
+  setTokenService,
+  setUserService,
+  setRefreshTokenStoreName,
+  setAuthUserStoreName,
+  setRefreshToken,
+  getRefreshToken,
+  revokeRefreshToken,
+  findUser,
+  updateUser
+}

package/auth/knex.js

@@ -0,0 +1,29 @@
+let knex
+let JWT_REFRESH_STORE_NAME
+let AUTH_USER_STORE_NAME
+
+
+const setTokenService = (service) => knex = service 
+const setUserService = (service) => knex = service 
+const setRefreshTokenStoreName = (name) => JWT_REFRESH_STORE_NAME = name
+const setAuthUserStoreName = (name) => AUTH_USER_STORE_NAME = name
+
+// id field must be unique, upsert for PostgreSQL, MySQL, and SQLite only
+const setRefreshToken = async (id, refresh_token) => knex(JWT_REFRESH_STORE_NAME).insert({ id, refresh_token }).onConflict('id').merge()
+const getRefreshToken = async (id) => ( await knex(JWT_REFRESH_STORE_NAME).where({ id: id }).first() ).refresh_token
+const revokeRefreshToken = async(id) => knex(JWT_REFRESH_STORE_NAME).where({ id: id }).delete()
+
+const findUser = async (where) => knex(AUTH_USER_STORE_NAME).where(where).first()
+const updateUser = async (where, payload) => knex(AUTH_USER_STORE_NAME).where(where).first().update(payload)
+
+export {
+  setTokenService,
+  setUserService,
+  setRefreshTokenStoreName,
+  setAuthUserStoreName,
+  setRefreshToken,
+  getRefreshToken,
+  revokeRefreshToken,
+  findUser,
+  updateUser
+}

package/auth/redis.js

@@ -0,0 +1,23 @@
+let redis
+const setTokenService = (service) => redis = service
+const setRefreshToken = async (id, refresh_token) => redis.set(id, refresh_token)
+const getRefreshToken = async (id) => redis.get(id)
+const revokeRefreshToken = async(id) => redis.del(id)
+
+const setUserService = () => {}
+const setRefreshTokenStoreName = () => {}
+const setAuthUserStoreName = () => {}
+const findUser = () => {}
+const updateUser = () => {}
+
+export {
+  setTokenService,
+  setUserService,
+  setRefreshTokenStoreName,
+  setAuthUserStoreName,
+  setRefreshToken,
+  getRefreshToken,
+  revokeRefreshToken,
+  findUser,
+  updateUser
+}

package/comms/email.js

@@ -0,0 +1,123 @@
+import crypto from 'crypto'
+
+const { SENDGRID_KEY, SENDGRID_SENDER_NAME, SENDGRID_SENDER_EMAIL, SENDGRID_TEMPLATE_ID, SENDGRID_URL = 'https://api.sendgrid.com/v3/mail/send' } = process.env
+
+// generate random hash to prevent duplicate emails
+const generateRandomHash = () => {
+  return crypto.createHash('sha256').update(new Date().toString()).digest('hex').slice(0, 15)
+}
+
+/**
+ * Hit SendGrid API to send email
+ * 
+ * Full documentation: https://docs.sendgrid.com/api-reference/mail-send/mail-send#body
+ * 
+ * @param {Object} body needed parameters to send email
+ */
+const sendMail = async (body) => {
+  try {
+    const headers = {
+      Authorization: `Bearer ${SENDGRID_KEY}`,
+      'Content-Type': 'application/json'
+    }
+
+    const response = await fetch(SENDGRID_URL, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(body)
+    })
+
+    return response
+  } catch (error) {
+    throw error
+  }
+}
+
+/**
+ * Send html email using SendGrid
+ *
+ * @param {String} to a recepient email address
+ * @param {String} subject the subject of the email
+ * @param {String} content concatenated of the email content in html format
+ *
+ * @example sendDynamicEmail('user@mail.com', 'Test Email', '<p>Hello world!</p>')
+ */
+export const sendEmail = async (to, subject, content) => {
+  try {
+    if (!SENDGRID_KEY) throw new Error('SENDGRID_KEY is not defined')
+    if (!SENDGRID_SENDER_NAME) throw new Error('SENDGRID_SENDER_NAME is not defined')
+    if (!SENDGRID_SENDER_EMAIL) throw new Error('SENDGRID_SENDER_EMAIL is not defined')
+
+    // generate random hash to prevent duplicate emails
+    const hash = generateRandomHash()
+
+    // request body
+    const body = {
+      personalizations: [{ to: [{ email: to }] }],
+      from: {
+        name: SENDGRID_SENDER_NAME,
+        email: SENDGRID_SENDER_EMAIL
+      },
+      subject,
+      content: [
+        {
+          type: 'text/html',
+          value: content
+        }
+      ],
+      headers: {
+        'X-Entity-Ref-ID': hash
+      }
+    }
+
+    const response = await sendMail(body)
+    return response
+  } catch (error) {
+    throw error
+  }
+}
+
+/**
+ * @param {String} to a recepient email address
+ * @param {String} subject the subject of the email
+ * @param {String} content concatenated of the email content in html format
+ *
+ * @example sendDynamicEmail('user@mail.com', 'Test Email', '<p>Hello world!</p>')
+ */
+export const sendDynamicEmail = async (to, subject, content) => {
+  try {
+    if (!SENDGRID_KEY) throw new Error('SENDGRID_KEY is not defined')
+    if (!SENDGRID_SENDER_NAME) throw new Error('SENDGRID_SENDER_NAME is not defined')
+    if (!SENDGRID_SENDER_EMAIL) throw new Error('SENDGRID_SENDER_EMAIL is not defined')
+    if (!SENDGRID_TEMPLATE_ID) throw new Error('SENDGRID_TEMPLATE_ID is not defined')
+
+    // generate random hash to prevent duplicate emails
+    const hash = generateRandomHash()
+
+    // request body
+    const body = {
+      personalizations: [
+        {
+          to: [{ email: to }],
+          dynamic_template_data: {
+            subject: subject,
+            content: content
+          }
+        }
+      ],
+      from: {
+        name: SENDGRID_SENDER_NAME,
+        email: SENDGRID_SENDER_EMAIL
+      },
+      template_id: SENDGRID_TEMPLATE_ID,
+      headers: {
+        'X-Entity-Ref-ID': hash
+      }
+    }
+
+    const response = await sendMail(body)
+    return response
+  } catch (error) {
+    throw error
+  }
+}

package/comms/nexmo.js

@@ -0,0 +1,44 @@
+import crypto from 'crypto'
+
+//NOSONAR
+// nexmo.isms('6596935500', 'Blah ' + new Date())
+// nexmo.ismsSend('6596935500', 'Blah ' + new Date())
+const { NEXMO_KEY, NEXMO_SECRET, NEXMO_SENDER = 'SMSnotice' } = process.env
+
+// sms = 6511112222
+// one at a time...
+export const send = async (sms, message, from) => {
+  try {
+    if (!from) from = NEXMO_SENDER
+    if (sms && message) {
+      return await fetch(`https://rest.nexmo.com/sms/json?api_key=${NEXMO_KEY}&api_secret=${NEXMO_SECRET}&to=${sms}&from=${from}&text=${message}`)
+    }
+  } catch (e) {
+    console.log('send', e.toString())      
+  }
+  return null
+}
+
+// sms = 6511112222
+// one at a time...
+export const ismsSend = async (sms, message, from) => {
+  const url = 'https://sms.era.sg/isms_mt.php?'
+  try {
+    if (sms && message) {
+      const options = { 
+        params: {
+          uid: NEXMO_KEY,
+          pwd: crypto.createHash('md5').update( NEXMO_SECRET ).digest('hex'),
+          dnr: sms,
+          snr: from || NEXMO_SENDER,
+          msg: message,
+          split: 5
+        }
+      }
+      return await fetch(url, options)
+    }
+  } catch (e) {
+    console.log('ismsSend', e.toString())      
+  }
+  return null
+}

package/comms/telegram.js

@@ -0,0 +1,43 @@
+// Setting up webhook: https://api.telegram.org/bot{my_bot_token}/setWebhook?url={url_to_send_updates_to}
+// Querying webhook: https://api.telegram.org/bot{my_bot_token}/getWebhookInfo
+/*
+{
+  update_id: 165679876,
+  message: {
+    message_id: 3,
+    from: {
+      id: 123456789,
+      is_bot: false,
+      first_name: 'A',
+      last_name: 'G',
+      username: 'aaronjxz',
+      language_code: 'en'
+    },
+    chat: {
+      id: 123456789,
+      first_name: 'A',
+      last_name: 'G',
+      username: 'aaronjxz',
+      type: 'private'
+    },
+    date: 1694045266,
+    text: 'test'
+  }
+}
+*/
+
+
+const { TELEGRAM_API_KEY, TELEGRAM_CHANNEL_ID } = process.env
+
+export const sendMsg = async (text, chatId = '') => {
+  try {
+    // console.log('text, chatId', text, chatId)
+    //NOSONAR { id, date, pts, seq }
+    if (!chatId) chatId = TELEGRAM_CHANNEL_ID // channel message
+    return await fetch(`https://api.telegram.org/bot${TELEGRAM_API_KEY}/sendMessage?chat_id=${chatId}&text=${text}`)
+  } catch (e) {
+    return { err: e.toString() }
+  }
+}
+
+export const sendChannelMsg = async (text) => await sendMsg(text) // TODEPRECATE