@feardread/fear 1.1.6 → 1.1.8

package/FEAR.js

@@ -1,10 +1,13 @@
 const path = require("path");
 const fs = require("fs");
 const express = require("express");
+const session = require('express-session');
 const compression = require("compression");
 const cookieParser = require("cookie-parser");
 const fileUpload = require("express-fileupload");
 const cors = require("cors");
+const MongoStore = require('connect-mongo');
+const passport = require('passport');
 
 module.exports = FEAR = (() => {
   // Private constants
@@ -14,7 +17,7 @@ module.exports = FEAR = (() => {
   const AGENT_ROUTE_PATH = '/fear/api/agent';
 
   // Constructor function
-  const FEAR = function() {
+  const FEAR = function (config) {
     this.app = express();
     this.Router = express.Router;
     this.server = null;
@@ -29,100 +32,67 @@ module.exports = FEAR = (() => {
     this.logo = null;
     this.origins = [];
     this.corsConfig = null;
+    this.stripe = null;
+    this.paypal = null;
+    this.passport = null;
+    this.mailer = null;
+
 
-    // Initialize
     this.setupEnvironment();
     this.setupDependencies();
+    if (this.env.ADD_PAYMENTS) this.setupProcessors();
+    this.setupMailer();
     this.setupMiddleware();
     this.corsConfig = this.getCorsConfig();
     this.setupRoutes();
   };
 
-  // Consolidated prototype
+
   FEAR.prototype = {
     constructor: FEAR,
-
-    /**
-     * Get AI Agent service instance
-     */
-    getAiAgent() {
-      return this.agentService;
+    getStripe() {
+      return this.stripe;
+    },
+    getPassport() {
+      return this.passport;
     },
-
-    /**
-     * Clear global FearRouter
-     */
     clearGlobal() {
       delete global.FearRouter;
       return this;
     },
-
-    /**
-     * Get Express app instance
-     */
     getApp() {
       return this.app;
     },
-
-    /**
-     * Get logger instance
-     */
     getLogger() {
       return this.logger;
     },
-
-    /**
-     * Get database instance
-     */
     getDatabase() {
       return this.db;
     },
-
-    /**
-     * Get environment configuration
-     */
     getEnvironment() {
       return this.env;
     },
-
-    /**
-     * Get cloud service instance
-     */
     getCloud() {
       return this.cloud;
     },
-
-    /**
-     * Get Express Router
-     */
     getRouter() {
       return this.Router;
     },
-
-    /**
-     * Get validator instance
-     */
     getValidator() {
       return this.validator;
     },
-
-    /**
-     * Get handler instance
-     */
     getHandler() {
       return this.handler;
     },
-
-    /**
-     * Get CORS configuration
-     */
+    getPaypal() {
+      return this.paypal;
+    },
+    getMailer() {
+      return this.mailer;
+    },
     getCorsConfigValue() {
       return this.corsConfig;
     },
-
-    /**
-     * Setup environment variables from .env file
-     */
     setupEnvironment() {
       const envResult = require("dotenv").config({ path: ".env" });
 
@@ -138,6 +108,7 @@ module.exports = FEAR = (() => {
      */
     setupDependencies() {
       this.logger = require("./libs/logger");
+      this.passport = require('./libs/passport');
       this.morgan = require("./libs/logger/morgan");
       this.cloud = require("./libs/cloud");
       this.db = require("./libs/db");
@@ -147,26 +118,66 @@ module.exports = FEAR = (() => {
       this.origins = this.getAllowedOrigins();
     },
 
+    setupProcessors() {
+      const StripeHandler = require("./libs/stripe");
+      const PayPal = require('./libs/paypal');
+
+      if ( !this.env.PAYPAL_CLIENT_ID|| !this.env.STRIPE_API_KEY ) {
+        this.logger.warn('Missing environment values in .env file')
+      }
+
+      this.stripe = new StripeHandler(this);
+      this.paypal = new PayPal(this);
+    },
+
     /**
      * Setup Express middleware
      */
     setupMiddleware() {
       this.app.set("PORT", this.env.NODE_PORT || DEFAULT_PORT);
-
-      this.app.use(this.morgan);
       this.app.use(express.json({ limit: DEFAULT_JSON_LIMIT }));
+      this.app.use(express.urlencoded({ extended: true }));
+      this.app.use(session({
+        secret: process.env.SESSION_SECRET,
+        resave: false,
+        saveUninitialized: false,
+        //store: MongoStore.create({
+          //mongoUrl: process.env.DB_LINK,
+          //touchAfter: 24 * 3600 // lazy session update (24 hours)
+        //}),
+        cookie: {
+          maxAge: 1000 * 60 * 60 * 24 * 7, // 1 week
+          httpOnly: true,
+          secure: process.env.NODE_ENV === 'production' // HTTPS only in production
+        }
+      }));
+      this.app.use(this.morgan);
       this.app.use(compression());
       this.app.use(fileUpload());
       this.app.use(cookieParser());
+      this.app.use(passport.initialize());
+      this.app.use(passport.session()); 
 
-      // Request logging middleware
+      require('./libs/passport');
       this.app.use((req, res, next) => {
         this.logger.info(`FEAR API Query :: ${req.url}`);
-        res.locals.user = req.user;
+        res.locals.user = req.user || null;
         next();
       });
     },
 
+    setupMailer() {
+      const mailService = (this.env.NODE_ENV === 'production') ? 'mailgun' : 'google';
+      const mailinfo = require('./libs/emailer/info');
+      const smtp = require('./libs/emailer/smtp')
+
+      mailinfo.service = mailService;
+      this.mailinfo = mailinfo;
+
+      if ( !this.mailer ) {
+        this.mailer = new smtp(this);
+      }
+    },
     /**
      * Parse allowed origins from environment
      */
@@ -287,6 +298,8 @@ module.exports = FEAR = (() => {
       router.getHandler = () => this.handler;
       router.getValidator = () => this.validator;
       router.getAiAgent = () => this.agentService;
+      router.getStripe = () => this.stripe;
+      router.getPaypal = () => this.paypal;
       //router.getAgentWebInterface = () => this.agentWebInterface;
 
       return router;
@@ -314,14 +327,14 @@ module.exports = FEAR = (() => {
             this.logger.error(`Failed to start server on port ${serverPort}:`, err);
             return reject(err);
           }
-          
+
           this.logger.info(`FEAR server started on port ${serverPort}`);
-          
+
           // Log agent interface status
           if (this.agentWebInterface) {
             this.logger.info(`Agent Web Interface available at ${AGENT_ROUTE_PATH}`);
           }
-          
+
           resolve(this.server);
         });
       });
@@ -347,7 +360,7 @@ module.exports = FEAR = (() => {
           }
 
           // Shutdown agent web interface
-          const agentShutdown = this.agentWebInterface && 
+          const agentShutdown = this.agentWebInterface &&
             typeof this.agentWebInterface.shutdown === 'function' ?
             this.agentWebInterface.shutdown() :
             Promise.resolve();
@@ -397,8 +410,8 @@ module.exports = FEAR = (() => {
         getDatabase: () => this.db,
         getEnvironment: () => this.env,
         getCloud: () => this.cloud,
-        getAiAgent: () => this.agentService,
-        getAgentWebInterface: () => this.agentWebInterface
+        getStripe: () => this.stripe,
+        initProcessors: this.setupProcessors
       };
       return this;
     }

package/FEARServer.js

@@ -8,7 +8,7 @@ const FearServer = (function () {
   // Private constants
   const DEFAULT_PATHS = {
     root: path.resolve(),
-    app: '/backend/dashboard/build',
+    app: '/backend/dashboard/build', 
     build: 'backend/dashboard/build'
   };
 
@@ -184,11 +184,11 @@ const FearServer = (function () {
     /**
      * Initialize FEAR application
      */
-    initialize(paths = DEFAULT_PATHS) {
+    initialize(paths = DEFAULT_PATHS, ADD_PAYMENTS = false) {
       try {
         // Import FEAR after dotenv is configured
         const FearFactory = require("./FEAR");
-        this.fear = new FearFactory();
+        this.fear = new FearFactory({ADD_PAYMENTS});
         this.Router = this.fear.Router;
 
         this.setupStaticFiles(paths.root, paths.app, paths.build, paths.basePath);
@@ -212,7 +212,6 @@ const FearServer = (function () {
       if (this.fear.logo) {
         logger.warn(this.fear.logo);
       }
-
       // Initialize database connection
       return this.initializeDatabase()
         .then(() => {

package/controllers/auth/index.js

@@ -1,6 +1,5 @@
 const User = require("../../models/user");
 const TokenService = require('./token');
-const handler = require('../../libs/handler');
 const validator = require('../../libs/validator');
 const logger = require('../../libs/logger');
 
@@ -361,7 +360,7 @@ exports.isAuthorized = (req, res, next) => {
   let token;
 
   // Check for token in cookies first, then Authorization header
-  if (req.cookies?.jwt) {
+  if (req && req.cookies?.jwt) {
     token = req.cookies.jwt;
   } else if (req.headers.authorization?.startsWith('Bearer ')) {
     token = req.headers.authorization.split(' ')[1];
@@ -505,12 +504,248 @@ exports.optionalAuth = (req, res, next) => {
     next();
   }
 };
+/**
+ * POST /fear/api/auth/google
+ * @summary Authenticate or register user via Google OAuth
+ * @description Handles Google OAuth login/registration. Creates new user if doesn't exist, or logs in existing user
+ * @tags authentication, oauth
+ */
+exports.googleAuth = (req, res) => {
+  const { googleToken, googleId, email, firstName, lastName, avatar } = req.body;
+
+  // Validate required fields
+  if (!email || !googleId) {
+    return response.error(res, 400, "Google ID and email are required");
+  }
+
+  // Validate email format (assuming validator has email method)
+  const emailValidation = validator.input.email ? validator.input.email(email) : { isValid: true };
+  if (!emailValidation.isValid) {
+    return response.error(res, 400, "Invalid email format");
+  }
+
+  logger.info('Google authentication attempt for:', email);
+
+  // Find user by email or googleId
+  User.findOne({
+    $or: [
+      { email: email.toLowerCase() },
+      { 'oauth.google.id': googleId }
+    ],
+    status: { $ne: 'deleted' }
+  })
+    .then(user => {
+      // If user exists - login flow
+      if (user) {
+        // Check account status
+        if (user.status === 'suspended') {
+          return response.error(res, 403, "Your account has been suspended. Please contact support.");
+        }
+
+        if (user.status === 'inactive') {
+          return response.error(res, 403, "Your account is inactive. Please contact support to reactivate.");
+        }
+
+        // Update Google OAuth info if not already set
+        if (!user.oauth || !user.oauth.google || !user.oauth.google.id) {
+          user.oauth = user.oauth || {};
+          user.oauth.google = {
+            id: googleId,
+            email: email.toLowerCase(),
+            connectedAt: new Date()
+          };
+        }
+
+        // Update last login info
+        user.lastLoginAt = new Date();
+        user.lastLoginIP = req.ip || req.connection.remoteAddress;
+
+        // Update avatar if provided and user doesn't have one
+        if (avatar && !user.avatar) {
+          user.avatar = avatar;
+        }
+
+        return user.save()
+          .then(savedUser => {
+            logger.info('Google login successful for:', savedUser.email);
+            
+            // Generate token and send response
+            const token = TokenService.generateToken(savedUser);
+            return response.success(res, savedUser, token, 200, "Google login successful");
+          });
+      }
+
+      // User doesn't exist - registration flow
+      const userData = {
+        email: email.toLowerCase(),
+        firstName: firstName?.trim() || 'User',
+        lastName: lastName?.trim() || '',
+        displayName: firstName && lastName ? `${firstName} ${lastName}`.trim() : email.split('@')[0],
+        avatar: avatar || undefined,
+        role: 'user',
+        status: 'active',
+        oauth: {
+          google: {
+            id: googleId,
+            email: email.toLowerCase(),
+            connectedAt: new Date()
+          }
+        },
+        isEmailVerified: true, // Google emails are already verified
+        lastLoginAt: new Date(),
+        lastLoginIP: req.ip || req.connection.remoteAddress
+      };
+
+      // Create new user (no password required for OAuth users)
+      return User.create(userData)
+        .then(newUser => {
+          logger.info('New user registered via Google:', newUser.email);
+
+          // Generate token and send response
+          const token = TokenService.generateToken(newUser);
+          return response.success(res, newUser, token, 201, "Google registration successful");
+        });
+    })
+    .catch(error => {
+      logger.error('Google authentication error:', error);
+
+      // Handle duplicate key error
+      if (error.code === 11000) {
+        return response.error(res, 409, "User with this email already exists");
+      }
+
+      // Handle validation errors
+      if (error.name === 'ValidationError') {
+        const messages = Object.values(error.errors).map(err => err.message);
+        return response.error(res, 400, messages.join(', '));
+      }
+
+      return response.error(res, 500, "Google authentication failed", error.message);
+    });
+};
+
+/**
+ * POST /fear/api/auth/google/link
+ * @summary Link Google account to existing authenticated user
+ * @description Connects a Google OAuth account to the currently logged-in user
+ * @tags authentication, oauth
+ */
+exports.linkGoogleAccount = (req, res) => {
+  const { googleId, email } = req.body;
+  const userId = req.user._id; // Set by isAuthorized middleware
+
+  if (!googleId || !email) {
+    return response.error(res, 400, "Google ID and email are required");
+  }
+
+  // Check if Google account is already linked to another user
+  User.findOne({
+    'oauth.google.id': googleId,
+    _id: { $ne: userId }
+  })
+    .then(existingUser => {
+      if (existingUser) {
+        return response.error(res, 409, "This Google account is already linked to another user");
+      }
 
+      // Get current user
+      return User.findById(userId);
+    })
+    .then(user => {
+      if (!user) {
+        return response.error(res, 404, "User not found");
+      }
+
+      // Update user with Google OAuth info
+      user.oauth = user.oauth || {};
+      user.oauth.google = {
+        id: googleId,
+        email: email.toLowerCase(),
+        connectedAt: new Date()
+      };
+
+      // Verify email if it matches
+      if (!user.isEmailVerified && email.toLowerCase() === user.email) {
+        user.isEmailVerified = true;
+      }
+
+      return user.save();
+    })
+    .then(user => {
+      if (!user) return; // Already handled
+
+      logger.info('Google account linked for user:', user.email);
+
+      return res.status(200).json({
+        success: true,
+        message: "Google account linked successfully",
+        data: { user: user.toJSON() }
+      });
+    })
+    .catch(error => {
+      logger.error('Google account linking error:', error);
+      return response.error(res, 500, "Failed to link Google account", error.message);
+    });
+};
+
+/**
+ * DELETE /fear/api/auth/google/unlink
+ * @summary Unlink Google account from authenticated user
+ * @description Removes Google OAuth connection from the user's account
+ * @tags authentication, oauth
+ */
+exports.unlinkGoogleAccount = (req, res) => {
+  const userId = req.user._id;
+
+  User.findById(userId)
+    .select('+password')
+    .then(user => {
+      if (!user) {
+        return response.error(res, 404, "User not found");
+      }
+
+      // Check if user has a password set (don't allow unlinking if it's their only auth method)
+      if (!user.password && user.oauth?.google) {
+        return response.error(
+          res,
+          400,
+          "Cannot unlink Google account. Please set a password first to maintain access to your account."
+        );
+      }
+
+      // Check if Google account is linked
+      if (!user.oauth || !user.oauth.google) {
+        return response.error(res, 400, "No Google account is linked to this user");
+      }
+
+      // Remove Google OAuth info
+      user.oauth.google = undefined;
+
+      return user.save();
+    })
+    .then(user => {
+      if (!user) return; // Already handled
+
+      logger.info('Google account unlinked for user:', user.email);
+
+      return res.status(200).json({
+        success: true,
+        message: "Google account unlinked successfully",
+        data: { user: user.toJSON() }
+      });
+    })
+    .catch(error => {
+      logger.error('Google account unlinking error:', error);
+      return response.error(res, 500, "Failed to unlink Google account", error.message);
+    });
+};
 // Export TokenService and other utilities for use in other modules
 exports.AuthResponse = response;
 
 module.exports = {
   login: exports.login,
   register: exports.register,
-  logout: exports.logout
+  logout: exports.logout,
+  isAuthorized: exports.isAuthorized,
+  googleAuth: exports.googleAuth,
 }