@intlayer/backend 3.0.3 → 3.2.0

package/dist/esm/controllers/sessionAuth.controller.mjs

@@ -1,3 +1,4 @@
+import crypto from "crypto";
 import { logger } from './../logger/index.mjs';
 import { sessionAuthRoutes } from './../routes/sessionAuth.routes.mjs';
 import { sendEmail } from './../services/email.service.mjs';
@@ -6,8 +7,11 @@ import * as userService from './../services/user.service.mjs';
 import { generateToken } from './../utils/CSRF.mjs';
 import { ErrorHandler, GenericError } from './../utils/errors/index.mjs';
 import { HttpStatusCodes } from './../utils/httpStatusCodes.mjs';
+import { mapOrganizationToAPI } from './../utils/mapper/organization.mjs';
+import { mapProjectToAPI } from './../utils/mapper/project.mjs';
 import { mapUserToAPI } from './../utils/mapper/user.mjs';
 import { formatResponse } from './../utils/responseData.mjs';
+import { t } from "express-intlayer";
 import { Types } from "mongoose";
 import { v4 as uuidv4 } from "uuid";
 const setCSRFToken = (req, res, _next) => {
@@ -20,10 +24,15 @@ const setCSRFToken = (req, res, _next) => {
 };
 const registerEmailPassword = async (req, res, _next) => {
   const { user } = res.locals;
+  const { callBack_url } = req.query;
   if (user) {
     ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
     return;
   }
+  if (callBack_url && !callBack_url.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   const userData = req.body;
   try {
     let user2 = await userService.getUserByEmail(userData.email);
@@ -31,22 +40,18 @@ const registerEmailPassword = async (req, res, _next) => {
       const emailProvider = user2.provider?.find(
         (provider) => provider.provider === "email"
       );
-      if (emailProvider) {
-        if (emailProvider.emailValidated) {
-          ErrorHandler.handleGenericErrorResponse(
-            res,
-            "EMAIL_ALREADY_VALIDATED"
-          );
-          return;
-        } else {
-          user2 = await sessionAuthService.updateUserProvider(
-            user2._id,
-            "email",
-            {
-              secret: uuidv4()
-            }
-          );
-        }
+      if (emailProvider?.emailValidated) {
+        ErrorHandler.handleGenericErrorResponse(
+          res,
+          "EMAIL_ALREADY_REGISTERED"
+        );
+        return;
+      } else if (emailProvider) {
+        user2 = await sessionAuthService.updateUserProvider(user2._id, "email", {
+          provider: "email",
+          emailValidated: void 0,
+          secret: uuidv4()
+        });
       } else {
         user2 = await sessionAuthService.addUserProvider(user2._id, {
           provider: "email",
@@ -55,7 +60,16 @@ const registerEmailPassword = async (req, res, _next) => {
         });
       }
     } else {
-      user2 = await userService.createUser(userData);
+      user2 = await userService.createUser({
+        ...userData,
+        provider: [
+          {
+            provider: "email",
+            emailValidated: void 0,
+            secret: uuidv4()
+          }
+        ]
+      });
       logger.info(`New registration: ${user2.name} - ${user2.email}`);
     }
     if (!user2) {
@@ -64,9 +78,30 @@ const registerEmailPassword = async (req, res, _next) => {
       });
       return;
     }
-    await sessionAuthService.setUserAuth(res, user2);
+    await sendEmail({
+      type: "validate",
+      to: user2.email,
+      username: user2.name ?? user2.email.split("@")[0],
+      validationLink: sessionAuthRoutes.validEmail.url({
+        userId: String(user2._id),
+        secret: user2.provider?.find((provider) => provider.provider === "email")?.secret ?? "",
+        callBack_url
+      })
+    });
     const formattedUser = mapUserToAPI(user2);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "User registered successfully",
+        fr: "Utilisateur enregistr\xE9 avec succ\xE8s",
+        es: "Usuario registrado con \xE9xito"
+      }),
+      description: t({
+        en: "Your user has been registered successfully. Please check your email to validate your account.",
+        fr: "Votre utilisateur a \xE9t\xE9 enregistr\xE9 avec succ\xE8s. Veuillez v\xE9rifier votre e-mail pour valider votre compte.",
+        es: "Su usuario ha sido registrado con \xE9xito. Por favor, revise su correo electr\xF3nico para validar su cuenta."
+      }),
+      data: formattedUser
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -95,7 +130,19 @@ const loginEmailPassword = async (req, res, _next) => {
     }
     await sessionAuthService.setUserAuth(res, loggedInUser);
     const formattedUser = mapUserToAPI(loggedInUser);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "User logged in successfully",
+        fr: "Utilisateur connect\xE9 avec succ\xE8s",
+        es: "Usuario conectado con \xE9xito"
+      }),
+      description: t({
+        en: "Your user has been logged in successfully",
+        fr: "Votre utilisateur a \xE9t\xE9 connect\xE9 avec succ\xE8s",
+        es: "Su usuario ha sido conectado con \xE9xito"
+      }),
+      data: formattedUser
+    });
     logger.info(`Login: ${loggedInUser.email}`);
     res.json(responseData);
     return;
@@ -107,37 +154,63 @@ const loginEmailPassword = async (req, res, _next) => {
 const logOut = async (_req, res, _next) => {
   const { user } = res.locals;
   if (!user) {
-    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED");
     return;
   }
   await sessionAuthService.clearUserAuth(res);
   sessionAuthService.clearOrganizationAuth(res);
   sessionAuthService.clearProjectAuth(res);
   logger.info(`Logout: ${user.name} - ${user.email}`);
-  const responseData = formatResponse({ data: void 0 });
+  const responseData = formatResponse({
+    message: t({
+      en: "User logged out successfully",
+      fr: "Utilisateur d\xE9connect\xE9 avec succ\xE8s",
+      es: "Usuario desconectado con \xE9xito"
+    }),
+    description: t({
+      en: "Your user has been logged out successfully",
+      fr: "Votre utilisateur a \xE9t\xE9 d\xE9connect\xE9 avec succ\xE8s",
+      es: "Su usuario ha sido desconectado con \xE9xito"
+    }),
+    data: void 0
+  });
   res.json(responseData);
 };
 const updatePassword = async (req, res, _next) => {
   const { oldPassword, newPassword } = req.body;
   let { user } = res.locals;
   if (!user) {
-    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED");
     return;
   }
-  try {
-    const { error } = await sessionAuthService.testUserPassword(
-      user.email,
-      oldPassword
+  const userEmailProvider = user.provider?.find(
+    (provider) => provider.provider === "email"
+  );
+  if (!userEmailProvider) {
+    ErrorHandler.handleGenericErrorResponse(res, "USER_PROVIDER_NOT_FOUND", {
+      provider: "email"
+    });
+    return;
+  }
+  if (userEmailProvider.passwordHash && !oldPassword) {
+    ErrorHandler.handleGenericErrorResponse(
+      res,
+      "USER_PREVIOUS_PASSWORD_NOT_PROVIDED"
     );
-    if (error) {
-      ErrorHandler.handleGenericErrorResponse(res, "LOGIN_FAILED");
-      return;
+    return;
+  }
+  try {
+    if (oldPassword) {
+      const { error } = await sessionAuthService.testUserPassword(
+        user.email,
+        oldPassword
+      );
+      if (error) {
+        ErrorHandler.handleGenericErrorResponse(res, "LOGIN_FAILED");
+        return;
+      }
     }
-    user = await sessionAuthService.changeUserPassword(
-      user._id,
-      oldPassword,
-      newPassword
-    );
+    user = await sessionAuthService.changeUserPassword(user._id, newPassword);
     if (!user || typeof user !== "object") {
       ErrorHandler.handleGenericErrorResponse(res, "USER_DATA_NOT_FOUND");
       return;
@@ -146,7 +219,65 @@ const updatePassword = async (req, res, _next) => {
       `Password changed - User : Name : ${user.name}, id : ${String(user._id)}`
     );
     const formattedUser = mapUserToAPI(user);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "Password changed successfully",
+        fr: "Mot de passe modifi\xE9 avec succ\xE8s",
+        es: "Contrase\xF1a cambiada con \xE9xito"
+      }),
+      description: t({
+        en: "Your password has been changed successfully",
+        fr: "Votre mot de passe a \xE9t\xE9 modifi\xE9 avec succ\xE8s",
+        es: "Su contrase\xF1a ha sido cambiada con \xE9xito"
+      }),
+      data: formattedUser
+    });
+    res.json(responseData);
+    return;
+  } catch (error) {
+    ErrorHandler.handleAppErrorResponse(res, error);
+    return;
+  }
+};
+let clients = [];
+const sendVerificationUpdate = (user) => {
+  const filteredClients = clients.filter(
+    (client) => String(client.userId) === String(user._id)
+  );
+  for (const client of filteredClients) {
+    const provider = user.provider?.find(
+      (provider2) => provider2.provider === "email"
+    );
+    if (provider?.emailValidated) {
+      client.res.write(
+        `data: ${JSON.stringify({ userId: user._id, status: "verified" })}
+
+`
+      );
+      continue;
+    }
+    client.res.write(
+      `data: ${JSON.stringify({ userId: user._id, status: "waiting" })}
+
+`
+    );
+  }
+};
+const checkIfUserHasPassword = async (_req, res, _next) => {
+  const { user } = res.locals;
+  if (!user) {
+    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED");
+    return;
+  }
+  try {
+    const userProvider = user.provider?.find(
+      (provider) => provider.provider === "email"
+    );
+    const responseData = formatResponse({
+      data: {
+        hasPassword: Boolean(userProvider?.passwordHash)
+      }
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -156,33 +287,75 @@ const updatePassword = async (req, res, _next) => {
 };
 const validEmail = async (req, res, _next) => {
   const { userId, secret } = req.params;
-  const { organization } = res.locals;
+  const callBack_url = `${req.query.callBack_url ?? `${process.env.CLIENT_URL}/auth/login`}?userId=${userId}`;
   if (!Types.ObjectId.isValid(userId.toString())) {
     ErrorHandler.handleGenericErrorResponse(res, "INVALID_USER_ID");
     return;
   }
-  if (!organization) {
-    ErrorHandler.handleGenericErrorResponse(res, "ORGANIZATION_NOT_FOUND");
-    return;
-  }
   const user = await userService.getUserById(userId);
   if (!user) {
-    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND", { userId });
+    ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_DEFINED", {
+      userId
+    });
     return;
   }
-  await sessionAuthService.activateUser(user._id, secret);
+  if (callBack_url && !callBack_url.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
+  const provider = user.provider?.find(
+    (provider2) => provider2.provider === "email"
+  );
+  if (provider?.emailValidated) {
+    res.redirect(callBack_url);
+  }
+  if (!provider?.secret) {
+    throw new GenericError("USER_PROVIDER_SECRET_NOT_DEFINED", { userId });
+  }
+  if (!crypto.timingSafeEqual(Buffer.from(provider.secret), Buffer.from(secret))) {
+    throw new GenericError("USER_PROVIDER_SECRET_NOT_VALID", { userId });
+  }
+  await sessionAuthService.updateUserProvider(userId, "email", {
+    secret: void 0,
+    emailValidated: /* @__PURE__ */ new Date()
+  });
   logger.info(
     `User activated - User: Name: ${user.name}, id: ${String(user._id)}`
   );
+  sendVerificationUpdate(user);
+  await sessionAuthService.setUserAuth(res, user);
   await sendEmail({
     type: "welcome",
     to: user.email,
     username: user.name,
-    loginLink: sessionAuthRoutes.loginEmailPassword.url
+    loginLink: callBack_url
+  });
+  res.redirect(callBack_url);
+};
+const verifyEmailStatusSSE = async (req, res) => {
+  res.setHeader("Content-Type", "text/event-stream;charset=utf-8");
+  res.setHeader("Cache-Control", "no-cache, no-transform");
+  res.setHeader("Connection", "keep-alive");
+  res.setHeader("X-Accel-Buffering", "no");
+  res.write(":\n\n");
+  res.flushHeaders();
+  const { userId } = req.params;
+  const clientId = Date.now();
+  const user = await userService.getUserById(userId);
+  if (!user) {
+    logger.error(`User not found - User ID: ${userId}`);
+    res.write(`data: ${JSON.stringify({ userId, status: "error" })}
+
+`);
+    res.end();
+    return;
+  }
+  const newClient = { id: clientId, userId, res };
+  clients.push(newClient);
+  sendVerificationUpdate(user);
+  req.on("close", () => {
+    clients = clients.filter((client) => client.id !== clientId);
   });
-  const formattedUser = mapUserToAPI(user);
-  const responseData = formatResponse({ data: formattedUser });
-  res.json(responseData);
 };
 const askResetPassword = async (req, res, _next) => {
   const { email } = req.body;
@@ -210,7 +383,19 @@ const askResetPassword = async (req, res, _next) => {
         )?.secret ?? ""
       })
     });
-    const responseData = formatResponse({ data: void 0 });
+    const responseData = formatResponse({
+      message: t({
+        en: "Password reset request sent successfully",
+        fr: "Demande de r\xE9initialisation de mot de passe envoy\xE9e avec succ\xE8s",
+        es: "Solicitud de restablecimiento de contrase\xF1a enviada con \xE9xito"
+      }),
+      description: t({
+        en: "Your password reset request has been sent successfully. Please check your email to reset your password.",
+        fr: "Votre demande de r\xE9initialisation de mot de passe a \xE9t\xE9 envoy\xE9e avec succ\xE8s. Veuillez v\xE9rifier votre e-mail pour r\xE9initialiser votre mot de passe.",
+        es: "Su solicitud de restablecimiento de contrase\xF1a ha sido enviada con \xE9xito. Por favor, revise su correo electr\xF3nico para restablecer su contrase\xF1a."
+      }),
+      data: void 0
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -245,7 +430,19 @@ const resetPassword = async (req, res, _next) => {
       username: updatedUser.name
     });
     const formattedUser = mapUserToAPI(updatedUser);
-    const responseData = formatResponse({ data: formattedUser });
+    const responseData = formatResponse({
+      message: t({
+        en: "Password reset successfully",
+        fr: "R\xE9initialisation du mot de passe r\xE9ussie",
+        es: "Restablecimiento de contrase\xF1a exitoso"
+      }),
+      description: t({
+        en: "Your password has been reset successfully. You can now log in with your new password",
+        fr: "Votre mot de passe a \xE9t\xE9 r\xE9initialis\xE9 avec succ\xE8s. Vous pouvez maintenant vous connecter avec votre nouveau mot de passe",
+        es: "Su contrase\xF1a ha sido restablecida con \xE9xito. Ahora puede iniciar sesi\xF3n con su nueva contrase\xF1a"
+      }),
+      data: formattedUser
+    });
     res.json(responseData);
     return;
   } catch (error) {
@@ -256,26 +453,35 @@ const resetPassword = async (req, res, _next) => {
 const getSessionInformation = async (req, res, _next) => {
   const { session_token: sessionToken } = req.query;
   let { user } = res.locals;
-  const { organization, project } = res.locals;
+  const { organization, project, isOrganizationAdmin, isProjectAdmin } = res.locals;
   try {
     if (sessionToken) {
       user = await userService.getUserBySession(sessionToken);
     }
-    if (!user) {
-      ErrorHandler.handleGenericErrorResponse(res, "USER_NOT_FOUND");
+    if (!user || !user?.session) {
+      const responseData2 = formatResponse({
+        data: {
+          session: null,
+          user: null,
+          organization: organization?._id ? mapOrganizationToAPI(organization, isOrganizationAdmin) : null,
+          project: project?._id ? mapProjectToAPI(project, user, isProjectAdmin) : null
+        }
+      });
+      res.json(responseData2);
       return;
     }
     const session = user.session;
-    if (!session) {
-      ErrorHandler.handleGenericErrorResponse(res, "SESSION_NOT_FOUND");
-      return;
-    }
     const formattedUser = {
       ...mapUserToAPI(user),
       role: "user"
     };
     const responseData = formatResponse({
-      data: { session, user: formattedUser, organization, project }
+      data: {
+        session,
+        user: formattedUser,
+        organization: organization?._id ? mapOrganizationToAPI(organization, isOrganizationAdmin) : null,
+        project: project?._id ? mapProjectToAPI(project, user, isProjectAdmin) : null
+      }
     });
     res.json(responseData);
     return;
@@ -291,11 +497,15 @@ const githubLoginQuery = (req, res, _next) => {
     ErrorHandler.handleGenericErrorResponse(res, "USER_ALREADY_LOGGED_IN");
     return;
   }
+  if (origin && !origin.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   const encodedOrigin = encodeURIComponent(origin);
   const redirectURI = `${process.env.BACKEND_URL}/api/auth/callback/github?redirect_uri=${encodedOrigin}`;
   const encodedRedirectURI = encodeURIComponent(redirectURI);
   res.redirect(
-    `https://github.com/login/oauth/authorize?client_id=${process.env.GITHUB_CLIENT_ID}&redirect_uri=${encodedRedirectURI}`
+    `https://github.com/login/oauth/authorize?client_id=${process.env.GITHUB_CLIENT_ID}&redirect_uri=${encodedRedirectURI}&scope=user:email`
   );
 };
 const githubCallback = async (req, res, _next) => {
@@ -312,6 +522,10 @@ const githubCallback = async (req, res, _next) => {
     res.redirect(redirect_uri);
     return;
   }
+  if (redirect_uri && !redirect_uri.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   try {
     const tokenResponse = await fetch(
       "https://github.com/login/oauth/access_token",
@@ -409,7 +623,7 @@ const githubCallback = async (req, res, _next) => {
       type: "welcome",
       to: user.email,
       username: user.name,
-      loginLink: sessionAuthRoutes.loginEmailPassword.url
+      loginLink: `${process.env.CLIENT_URL}/auth/login`
     });
     res.redirect(redirect_uri);
   } catch (error) {
@@ -426,6 +640,10 @@ const googleLoginQuery = (req, res, _next) => {
     res.redirect(origin);
     return;
   }
+  if (origin && !origin.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   const responseType = "code";
   const scope = [
     "https%3A//www.googleapis.com/auth/userinfo.email",
@@ -457,6 +675,10 @@ const googleCallback = async (req, res, _next) => {
     res.redirect(responseCode, redirect_uri);
     return;
   }
+  if (redirect_uri && !redirect_uri.startsWith(process.env.CLIENT_URL ?? "")) {
+    ErrorHandler.handleGenericErrorResponse(res, "CALLBACK_URL_NOT_VALID");
+    return;
+  }
   try {
     const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
       method: "POST",
@@ -545,8 +767,9 @@ const googleCallback = async (req, res, _next) => {
       type: "welcome",
       to: user.email,
       username: user.name,
-      loginLink: sessionAuthRoutes.loginEmailPassword.url
+      loginLink: `${process.env.CLIENT_URL}/auth/login`
     });
+    res.redirect(redirect_uri);
   } catch (error) {
     ErrorHandler.handleAppErrorResponse(res, error);
     return;
@@ -554,6 +777,7 @@ const googleCallback = async (req, res, _next) => {
 };
 export {
   askResetPassword,
+  checkIfUserHasPassword,
   getSessionInformation,
   githubCallback,
   githubLoginQuery,
@@ -563,8 +787,10 @@ export {
   loginEmailPassword,
   registerEmailPassword,
   resetPassword,
+  sendVerificationUpdate,
   setCSRFToken,
   updatePassword,
-  validEmail
+  validEmail,
+  verifyEmailStatusSSE
 };
 //# sourceMappingURL=sessionAuth.controller.mjs.map