@intlayer/backend 3.0.0

package/dist/cjs/controllers/sessionAuth.controller.cjs

@@ -0,0 +1,616 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sessionAuth_controller_exports = {};
+__export(sessionAuth_controller_exports, {
+  askResetPassword: () => askResetPassword,
+  getSessionInformation: () => getSessionInformation,
+  githubCallback: () => githubCallback,
+  githubLoginQuery: () => githubLoginQuery,
+  googleCallback: () => googleCallback,
+  googleLoginQuery: () => googleLoginQuery,
+  logOut: () => logOut,
+  loginEmailPassword: () => loginEmailPassword,
+  registerEmailPassword: () => registerEmailPassword,
+  resetPassword: () => resetPassword,
+  setCSRFToken: () => setCSRFToken,
+  updatePassword: () => updatePassword,
+  validEmail: () => validEmail
+});
+module.exports = __toCommonJS(sessionAuth_controller_exports);
+var import_logger = require('./../logger/index.cjs');
+var import_sessionAuth = require('./../routes/sessionAuth.routes.cjs');
+var import_email = require('./../services/email.service.cjs');
+var sessionAuthService = __toESM(require('./../services/sessionAuth.service.cjs'), 1);
+var userService = __toESM(require('./../services/user.service.cjs'), 1);
+var import_CSRF = require('./../utils/CSRF.cjs');
+var import_errors = require('./../utils/errors/index.cjs');
+var import_httpStatusCodes = require('./../utils/httpStatusCodes.cjs');
+var import_user = require('./../utils/mapper/user.cjs');
+var import_responseData = require('./../utils/responseData.cjs');
+var import_mongoose = require("mongoose");
+var import_uuid = require("uuid");
+const setCSRFToken = (req, res, _next) => {
+  const csrf_token = (0, import_CSRF.generateToken)(req, res);
+  const responseData = (0, import_responseData.formatResponse)({
+    data: { csrf_token }
+  });
+  res.locals.csrf_token = csrf_token;
+  res.json(responseData);
+};
+const registerEmailPassword = async (req, res, _next) => {
+  const { user } = res.locals;
+  if (user) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
+    return;
+  }
+  const userData = req.body;
+  try {
+    let user2 = await userService.getUserByEmail(userData.email);
+    if (user2) {
+      const emailProvider = user2.provider?.find(
+        (provider) => provider.provider === "email"
+      );
+      if (emailProvider) {
+        if (emailProvider.emailValidated) {
+          import_errors.ErrorHandler.handleGenericErrorResponse(
+            res,
+            "EMAIL_ALREADY_VALIDATED"
+          );
+          return;
+        } else {
+          user2 = await sessionAuthService.updateUserProvider(
+            user2._id,
+            "email",
+            {
+              secret: (0, import_uuid.v4)()
+            }
+          );
+        }
+      } else {
+        user2 = await sessionAuthService.addUserProvider(user2._id, {
+          provider: "email",
+          emailValidated: void 0,
+          secret: (0, import_uuid.v4)()
+        });
+      }
+    } else {
+      user2 = await userService.createUser(userData);
+      import_logger.logger.info(`New registration: ${user2.name} - ${user2.email}`);
+    }
+    if (!user2) {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_CREATION_FAILED", {
+        email: userData.email
+      });
+      return;
+    }
+    await sessionAuthService.setUserAuth(res, user2);
+    const formattedUser = (0, import_user.mapUserToAPI)(user2);
+    const responseData = (0, import_responseData.formatResponse)({ data: formattedUser });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const loginEmailPassword = async (req, res, _next) => {
+  const { user } = res.locals;
+  if (user) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
+    return;
+  }
+  const { email, password } = req.body;
+  try {
+    const { user: loggedInUser, error } = await sessionAuthService.testUserPassword(email, password);
+    if (error) {
+      if (!user) {
+        import_errors.ErrorHandler.handleGenericErrorResponse(res, "LOGIN_FAILED");
+        return;
+      }
+    }
+    if (!loggedInUser) {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+      return;
+    }
+    await sessionAuthService.setUserAuth(res, loggedInUser);
+    const formattedUser = (0, import_user.mapUserToAPI)(loggedInUser);
+    const responseData = (0, import_responseData.formatResponse)({ data: formattedUser });
+    import_logger.logger.info(`Login: ${loggedInUser.email}`);
+    res.json(responseData);
+    return;
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const logOut = async (_req, res, _next) => {
+  const { user } = res.locals;
+  if (!user) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+    return;
+  }
+  await sessionAuthService.clearUserAuth(res);
+  sessionAuthService.clearOrganizationAuth(res);
+  sessionAuthService.clearProjectAuth(res);
+  import_logger.logger.info(`Logout: ${user.name} - ${user.email}`);
+  const responseData = (0, import_responseData.formatResponse)({ data: void 0 });
+  res.json(responseData);
+};
+const updatePassword = async (req, res, _next) => {
+  const { oldPassword, newPassword } = req.body;
+  let { user } = res.locals;
+  if (!user) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+    return;
+  }
+  try {
+    const { error } = await sessionAuthService.testUserPassword(
+      user.email,
+      oldPassword
+    );
+    if (error) {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "LOGIN_FAILED");
+      return;
+    }
+    user = await sessionAuthService.changeUserPassword(
+      user._id,
+      oldPassword,
+      newPassword
+    );
+    if (!user || typeof user !== "object") {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_DATA_NOT_FOUND");
+      return;
+    }
+    import_logger.logger.info(
+      `Password changed - User : Name : ${user.name}, id : ${String(user._id)}`
+    );
+    const formattedUser = (0, import_user.mapUserToAPI)(user);
+    const responseData = (0, import_responseData.formatResponse)({ data: formattedUser });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const validEmail = async (req, res, _next) => {
+  const { userId, secret } = req.params;
+  const { organization } = res.locals;
+  if (!import_mongoose.Types.ObjectId.isValid(userId.toString())) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "INVALID_USER_ID");
+    return;
+  }
+  if (!organization) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "ORGANIZATION_NOT_FOUND");
+    return;
+  }
+  const user = await userService.getUserById(userId);
+  if (!user) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND", { userId });
+    return;
+  }
+  await sessionAuthService.activateUser(user._id, secret);
+  import_logger.logger.info(
+    `User activated - User: Name: ${user.name}, id: ${String(user._id)}`
+  );
+  await (0, import_email.sendEmail)({
+    type: "welcome",
+    to: user.email,
+    username: user.name,
+    loginLink: import_sessionAuth.sessionAuthRoutes.loginEmailPassword.url
+  });
+  const formattedUser = (0, import_user.mapUserToAPI)(user);
+  const responseData = (0, import_responseData.formatResponse)({ data: formattedUser });
+  res.json(responseData);
+};
+const askResetPassword = async (req, res, _next) => {
+  const { email } = req.body;
+  if (!email) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "EMAIL_NOT_PROVIDED");
+    return;
+  }
+  try {
+    const updatedUser = await sessionAuthService.requestPasswordReset(email);
+    if (!updatedUser) {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND", { email });
+      return;
+    }
+    import_logger.logger.info(
+      `Ask changing password - User: Name: ${updatedUser.name}, id: ${String(updatedUser._id)}`
+    );
+    await (0, import_email.sendEmail)({
+      type: "resetPassword",
+      to: updatedUser.email,
+      username: updatedUser.name,
+      resetLink: import_sessionAuth.sessionAuthRoutes.resetPassword.url({
+        userId: String(updatedUser._id),
+        secret: updatedUser.provider?.find(
+          (provider) => provider.provider === "email"
+        )?.secret ?? ""
+      })
+    });
+    const responseData = (0, import_responseData.formatResponse)({ data: void 0 });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const resetPassword = async (req, res, _next) => {
+  const { secret, userId } = req.params;
+  const password = req.body.password;
+  const userIdString = String(userId);
+  if (!userId || !userIdString || !import_mongoose.Types.ObjectId.isValid(userIdString)) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "INVALID_USER_ID", { userId });
+    return;
+  }
+  if (!secret) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "SECRET_NOT_PROVIDED");
+    return;
+  }
+  try {
+    const updatedUser = await sessionAuthService.resetUserPassword(
+      userId,
+      secret,
+      password
+    );
+    import_logger.logger.info(
+      `Password changed - User: Name: ${updatedUser.name}, id: ${String(updatedUser._id)}`
+    );
+    await (0, import_email.sendEmail)({
+      type: "passwordChangeConfirmation",
+      to: updatedUser.email,
+      username: updatedUser.name
+    });
+    const formattedUser = (0, import_user.mapUserToAPI)(updatedUser);
+    const responseData = (0, import_responseData.formatResponse)({ data: formattedUser });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const getSessionInformation = async (req, res, _next) => {
+  const { session_token: sessionToken } = req.query;
+  let { user } = res.locals;
+  const { organization, project } = res.locals;
+  try {
+    if (sessionToken) {
+      user = await userService.getUserBySession(sessionToken);
+    }
+    if (!user) {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+      return;
+    }
+    const session = user.session;
+    if (!session) {
+      import_errors.ErrorHandler.handleGenericErrorResponse(res, "SESSION_NOT_FOUND");
+      return;
+    }
+    const formattedUser = {
+      ...(0, import_user.mapUserToAPI)(user),
+      role: "user"
+    };
+    const responseData = (0, import_responseData.formatResponse)({
+      data: { session, user: formattedUser, organization, project }
+    });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const githubLoginQuery = (req, res, _next) => {
+  const { origin } = req.query;
+  const { user } = res.locals;
+  if (user) {
+    import_errors.ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
+    return;
+  }
+  const encodedOrigin = encodeURIComponent(origin);
+  const redirectURI = `${process.env.BACKEND_URL}/api/auth/callback/github?redirect_uri=${encodedOrigin}`;
+  const encodedRedirectURI = encodeURIComponent(redirectURI);
+  res.redirect(
+    `https://github.com/login/oauth/authorize?client_id=${process.env.GITHUB_CLIENT_ID}&redirect_uri=${encodedRedirectURI}`
+  );
+};
+const githubCallback = async (req, res, _next) => {
+  const { code, redirect_uri } = req.query;
+  if (!code) {
+    const errorMessage = "Code not provided";
+    import_logger.logger.error(errorMessage);
+    res.redirect(redirect_uri);
+    return;
+  }
+  if (!redirect_uri) {
+    const errorMessage = "Redirect URI not provided";
+    import_logger.logger.error(errorMessage);
+    res.redirect(redirect_uri);
+    return;
+  }
+  try {
+    const tokenResponse = await fetch(
+      "https://github.com/login/oauth/access_token",
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json"
+        },
+        body: JSON.stringify({
+          client_id: process.env.GITHUB_CLIENT_ID,
+          client_secret: process.env.GITHUB_CLIENT_SECRET,
+          code
+        })
+      }
+    );
+    const tokenData = await tokenResponse.json();
+    const userResponse = await fetch("https://api.github.com/user", {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${tokenData.access_token}`,
+        Accept: "application/vnd.github.v3+json"
+      }
+    });
+    if (!userResponse.ok) {
+      throw new import_errors.GenericError("GITHUB_FETCH_USER_DATA_FAILED", { userResponse });
+    }
+    const userData = await userResponse.json();
+    const emailResponse = await fetch("https://api.github.com/user/emails", {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${tokenData.access_token}`,
+        Accept: "application/vnd.github.v3+json"
+      }
+    });
+    if (!emailResponse.ok) {
+      throw new import_errors.GenericError("GIT_HUB_FETCH_USER_EMAIL_FAILED", {
+        emailResponse
+      });
+    }
+    const emails = await emailResponse.json();
+    const primaryEmail = emails.find((email) => email.primary)?.email;
+    if (!primaryEmail) {
+      const errorMessage = "Primary email not found";
+      import_logger.logger.error(errorMessage);
+      const responseCode = import_httpStatusCodes.HttpStatusCodes.NOT_FOUND_404;
+      res.redirect(responseCode, redirect_uri);
+      return;
+    }
+    let existingUser = await userService.getUserByEmail(primaryEmail);
+    if (existingUser) {
+      const existingProvider = await sessionAuthService.getUserProvider(
+        existingUser._id,
+        "github"
+      );
+      if (existingProvider?.providerAccountId !== userData.id) {
+        const updatedUser2 = await sessionAuthService.updateUserProvider(
+          existingUser._id,
+          "github",
+          {
+            providerAccountId: userData.id
+          }
+        );
+        import_logger.logger.info(
+          `GitHub login provider updated - User: Name: ${updatedUser2.name}, id: ${String(updatedUser2._id)}`
+        );
+        if (updatedUser2) {
+          existingUser = updatedUser2;
+        }
+      }
+      const updatedUser = await userService.updateUserById(existingUser._id, {
+        name: existingUser.name ?? userData.name
+      });
+      await sessionAuthService.setUserAuth(res, updatedUser);
+      res.redirect(redirect_uri);
+      return;
+    }
+    const userInformation = {
+      name: userData.name,
+      email: primaryEmail
+    };
+    const userProvider = {
+      provider: "github",
+      providerAccountId: userData.id
+    };
+    const user = await userService.createUser({
+      ...userInformation,
+      provider: [userProvider]
+    });
+    await sessionAuthService.setUserAuth(res, user);
+    import_logger.logger.info(
+      `GitHub login - User: Name: ${user.name}, id: ${String(user._id)}`
+    );
+    await (0, import_email.sendEmail)({
+      type: "welcome",
+      to: user.email,
+      username: user.name,
+      loginLink: import_sessionAuth.sessionAuthRoutes.loginEmailPassword.url
+    });
+    res.redirect(redirect_uri);
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+const googleLoginQuery = (req, res, _next) => {
+  const { origin } = req.query;
+  const { user } = res.locals;
+  if (user) {
+    const errorMessage = `User already logged in - ${user?.email}`;
+    import_logger.logger.error(errorMessage);
+    res.redirect(origin);
+    return;
+  }
+  const responseType = "code";
+  const scope = [
+    "https%3A//www.googleapis.com/auth/userinfo.email",
+    "https%3A//www.googleapis.com/auth/userinfo.profile"
+  ].join(" ");
+  const includeGrantedScopes = "false";
+  const encodedOrigin = encodeURIComponent(origin);
+  const state = JSON.stringify({ redirect_uri: encodedOrigin });
+  const redirectURI = `${process.env.BACKEND_URL}/api/auth/callback/google`;
+  res.redirect(
+    `https://accounts.google.com/o/oauth2/v2/auth?client_id=${process.env.GOOGLE_CLIENT_ID}&redirect_uri=${redirectURI}&response_type=${responseType}&scope=${scope}&include_granted_scopes=${includeGrantedScopes}&state=${state}`
+  );
+};
+const googleCallback = async (req, res, _next) => {
+  const { code, state } = req.query;
+  const decodedState = decodeURIComponent(state);
+  const { redirect_uri } = JSON.parse(decodedState);
+  if (!code) {
+    const errorMessage = "code not provided";
+    import_logger.logger.error(errorMessage);
+    const responseCode = import_httpStatusCodes.HttpStatusCodes.BAD_REQUEST_400;
+    res.redirect(responseCode, redirect_uri);
+    return;
+  }
+  if (!redirect_uri) {
+    const errorMessage = "Redirect URI not provided";
+    import_logger.logger.error(errorMessage);
+    const responseCode = import_httpStatusCodes.HttpStatusCodes.BAD_REQUEST_400;
+    res.redirect(responseCode, redirect_uri);
+    return;
+  }
+  try {
+    const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        code,
+        redirect_uri: `${process.env.BACKEND_URL}/api/auth/callback/google`,
+        client_id: process.env.GOOGLE_CLIENT_ID,
+        client_secret: process.env.GOOGLE_CLIENT_SECRET,
+        grant_type: "authorization_code"
+      })
+    });
+    const responseData = await tokenResponse.json();
+    const { access_token: accessToken } = responseData;
+    if (!accessToken) {
+      const errorMessage = "Failed to fetch access_token";
+      import_logger.logger.error(errorMessage);
+      const responseCode = import_httpStatusCodes.HttpStatusCodes.INTERNAL_SERVER_ERROR_500;
+      res.redirect(responseCode, redirect_uri);
+      return;
+    }
+    const userResponse = await fetch(
+      "https://www.googleapis.com/oauth2/v3/userinfo",
+      {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${accessToken}`
+        }
+      }
+    );
+    const userData = await userResponse.json();
+    if (!userData.email) {
+      const errorMessage = "Failed to fetch user data from Google";
+      import_logger.logger.error(errorMessage);
+      const responseCode = import_httpStatusCodes.HttpStatusCodes.INTERNAL_SERVER_ERROR_500;
+      res.redirect(responseCode, redirect_uri);
+      return;
+    }
+    let existingUser = await userService.getUserByEmail(userData.email);
+    if (existingUser) {
+      const existingProvider = await sessionAuthService.getUserProvider(
+        existingUser._id,
+        "google"
+      );
+      if (existingProvider?.providerAccountId !== userData.sub) {
+        const updatedUser2 = await sessionAuthService.updateUserProvider(
+          existingUser._id,
+          "google",
+          {
+            providerAccountId: userData.id
+          }
+        );
+        import_logger.logger.info(
+          `Google login provider updated - User: Name: ${updatedUser2.name}, id: ${String(updatedUser2._id)}`
+        );
+        if (updatedUser2) {
+          existingUser = updatedUser2;
+        }
+      }
+      const updatedUser = await userService.updateUserById(existingUser._id, {
+        name: existingUser.name ?? userData.name
+      });
+      await sessionAuthService.setUserAuth(res, updatedUser);
+      res.redirect(redirect_uri);
+      return;
+    }
+    const userInformation = {
+      name: userData.name,
+      email: userData.email
+    };
+    const userProvider = {
+      provider: "google",
+      providerAccountId: userData.id
+    };
+    const user = await userService.createUser({
+      ...userInformation,
+      provider: [userProvider]
+    });
+    await sessionAuthService.setUserAuth(res, user);
+    import_logger.logger.info(
+      `Google login - User: Name: ${user.name}, id: ${String(user._id)}`
+    );
+    await (0, import_email.sendEmail)({
+      type: "welcome",
+      to: user.email,
+      username: user.name,
+      loginLink: import_sessionAuth.sessionAuthRoutes.loginEmailPassword.url
+    });
+  } catch (error) {
+    import_errors.ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  askResetPassword,
+  getSessionInformation,
+  githubCallback,
+  githubLoginQuery,
+  googleCallback,
+  googleLoginQuery,
+  logOut,
+  loginEmailPassword,
+  registerEmailPassword,
+  resetPassword,
+  setCSRFToken,
+  updatePassword,
+  validEmail
+});
+//# sourceMappingURL=sessionAuth.controller.cjs.map