npm - @intranefr/superbackend - Versions diffs - 1.5.2 → 1.6.3 - Mend

@intranefr/superbackend 1.5.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/cookies.txt +6 -0
package/cookies1.txt +6 -0
package/cookies2.txt +6 -0
package/cookies3.txt +6 -0
package/cookies4.txt +5 -0
package/cookies_old.txt +5 -0
package/cookies_old_test.txt +6 -0
package/cookies_super.txt +5 -0
package/cookies_super_test.txt +6 -0
package/cookies_test.txt +6 -0
package/index.js +9 -0
package/manage.js +745 -0
package/package.json +6 -2
package/plugins/core-waiting-list-migration/README.md +118 -0
package/plugins/core-waiting-list-migration/index.js +438 -0
package/plugins/global-settings-presets/index.js +20 -0
package/plugins/hello-cli/index.js +17 -0
package/plugins/ui-components-seeder/components/suiAlert.js +212 -0
package/plugins/ui-components-seeder/components/suiToast.js +186 -0
package/plugins/ui-components-seeder/index.js +31 -0
package/public/js/admin-ui-components-preview.js +281 -0
package/public/js/admin-ui-components.js +408 -0
package/public/js/llm-provider-model-picker.js +193 -0
package/public/test-iframe-fix.html +63 -0
package/public/test-iframe.html +14 -0
package/src/admin/endpointRegistry.js +68 -0
package/src/controllers/admin.controller.js +36 -10
package/src/controllers/adminAgents.controller.js +37 -0
package/src/controllers/adminDataCleanup.controller.js +45 -0
package/src/controllers/adminLlm.controller.js +19 -8
package/src/controllers/adminLogin.controller.js +269 -0
package/src/controllers/adminMarkdowns.controller.js +157 -0
package/src/controllers/adminPlugins.controller.js +55 -0
package/src/controllers/adminRegistry.controller.js +106 -0
package/src/controllers/adminScripts.controller.js +138 -0
package/src/controllers/adminStats.controller.js +4 -4
package/src/controllers/adminTelegram.controller.js +72 -0
package/src/controllers/markdowns.controller.js +42 -0
package/src/controllers/registry.controller.js +32 -0
package/src/controllers/waitingList.controller.js +52 -74
package/src/helpers/mongooseHelper.js +6 -6
package/src/helpers/scriptBase.js +2 -2
package/src/middleware/auth.js +71 -1
package/src/middleware/rbac.js +62 -0
package/src/middleware.js +584 -176
package/src/models/Agent.js +105 -0
package/src/models/AgentMessage.js +82 -0
package/src/models/GlobalSetting.js +11 -1
package/src/models/Markdown.js +75 -0
package/src/models/ScriptRun.js +8 -0
package/src/models/TelegramBot.js +42 -0
package/src/models/UiComponent.js +2 -0
package/src/models/User.js +1 -1
package/src/routes/admin.routes.js +3 -3
package/src/routes/adminAgents.routes.js +13 -0
package/src/routes/adminAssets.routes.js +11 -11
package/src/routes/adminBlog.routes.js +2 -2
package/src/routes/adminBlogAi.routes.js +2 -2
package/src/routes/adminBlogAutomation.routes.js +2 -2
package/src/routes/adminCache.routes.js +2 -2
package/src/routes/adminConsoleManager.routes.js +2 -2
package/src/routes/adminCrons.routes.js +2 -2
package/src/routes/adminDataCleanup.routes.js +26 -0
package/src/routes/adminDbBrowser.routes.js +2 -2
package/src/routes/adminEjsVirtual.routes.js +2 -2
package/src/routes/adminFeatureFlags.routes.js +6 -6
package/src/routes/adminHeadless.routes.js +2 -2
package/src/routes/adminHealthChecks.routes.js +2 -2
package/src/routes/adminI18n.routes.js +2 -2
package/src/routes/adminJsonConfigs.routes.js +8 -8
package/src/routes/adminLlm.routes.js +8 -7
package/src/routes/adminLogin.routes.js +23 -0
package/src/routes/adminMarkdowns.routes.js +10 -0
package/src/routes/adminMigration.routes.js +12 -12
package/src/routes/adminPages.routes.js +2 -2
package/src/routes/adminPlugins.routes.js +15 -0
package/src/routes/adminProxy.routes.js +2 -2
package/src/routes/adminRateLimits.routes.js +8 -8
package/src/routes/adminRbac.routes.js +2 -2
package/src/routes/adminRegistry.routes.js +24 -0
package/src/routes/adminScripts.routes.js +6 -3
package/src/routes/adminSeoConfig.routes.js +10 -10
package/src/routes/adminTelegram.routes.js +14 -0
package/src/routes/adminTerminals.routes.js +2 -2
package/src/routes/adminUiComponents.routes.js +2 -2
package/src/routes/adminUploadNamespaces.routes.js +7 -7
package/src/routes/blogInternal.routes.js +2 -2
package/src/routes/experiments.routes.js +2 -2
package/src/routes/formsAdmin.routes.js +6 -6
package/src/routes/globalSettings.routes.js +8 -8
package/src/routes/internalExperiments.routes.js +2 -2
package/src/routes/markdowns.routes.js +16 -0
package/src/routes/notificationAdmin.routes.js +7 -7
package/src/routes/orgAdmin.routes.js +16 -16
package/src/routes/pages.routes.js +3 -3
package/src/routes/registry.routes.js +11 -0
package/src/routes/stripeAdmin.routes.js +12 -12
package/src/routes/userAdmin.routes.js +7 -7
package/src/routes/waitingListAdmin.routes.js +2 -2
package/src/routes/workflows.routes.js +3 -3
package/src/services/agent.service.js +546 -0
package/src/services/agentHistory.service.js +345 -0
package/src/services/agentTools.service.js +578 -0
package/src/services/dataCleanup.service.js +286 -0
package/src/services/jsonConfigs.service.js +284 -10
package/src/services/llm.service.js +219 -6
package/src/services/markdowns.service.js +522 -0
package/src/services/plugins.service.js +348 -0
package/src/services/registry.service.js +452 -0
package/src/services/scriptsRunner.service.js +328 -37
package/src/services/telegram.service.js +130 -0
package/src/services/uiComponents.service.js +180 -0
package/src/services/waitingListJson.service.js +401 -0
package/src/utils/rbac/rightsRegistry.js +118 -0
package/test-access.js +63 -0
package/test-iframe-fix.html +63 -0
package/test-iframe.html +14 -0
package/views/admin-403.ejs +92 -0
package/views/admin-agents.ejs +273 -0
package/views/admin-coolify-deploy.ejs +8 -8
package/views/admin-dashboard-home.ejs +52 -2
package/views/admin-dashboard.ejs +179 -7
package/views/admin-data-cleanup.ejs +357 -0
package/views/admin-experiments.ejs +1 -1
package/views/admin-login.ejs +286 -0
package/views/admin-markdowns.ejs +905 -0
package/views/admin-plugins-system.ejs +223 -0
package/views/admin-scripts.ejs +221 -4
package/views/admin-telegram.ejs +269 -0
package/views/admin-ui-components.ejs +82 -402
package/views/admin-users.ejs +207 -11
package/views/partials/dashboard/nav-items.ejs +5 -0
package/views/partials/llm-provider-model-picker.ejs +0 -161
package/analysis-only.skill +0 -0

package/src/admin/endpointRegistry.js CHANGED Viewed

@@ -415,6 +415,74 @@ const endpointRegistry = [
       },
     ],
   },
+  {
+    id: "open-registry",
+    title: "Open Registry",
+    endpoints: [
+      {
+        id: "registry-auth",
+        method: "GET",
+        path: "/registry/plugins/auth",
+        auth: "none|bearer",
+      },
+      {
+        id: "registry-list",
+        method: "GET",
+        path: "/registry/plugins/list?category=plugins&minimal=true",
+        auth: "none|bearer",
+      },
+      {
+        id: "admin-registries-list",
+        method: "GET",
+        path: "/api/admin/registries",
+        auth: "basic",
+      },
+      {
+        id: "admin-registries-create",
+        method: "POST",
+        path: "/api/admin/registries",
+        auth: "basic",
+        bodyExample: { id: "plugins", name: "Plugins Registry", public: true, categories: ["plugins"] },
+      },
+      {
+        id: "admin-registry-item-upsert",
+        method: "POST",
+        path: "/api/admin/registries/plugins/items",
+        auth: "basic",
+        bodyExample: { id: "hello-cli", name: "hello-cli", category: "plugins", version: 1, versions: [1], description: "Sample" },
+      },
+    ],
+  },
+  {
+    id: "plugins-system",
+    title: "Plugins System",
+    endpoints: [
+      {
+        id: "plugins-list",
+        method: "GET",
+        path: "/api/admin/plugins",
+        auth: "basic",
+      },
+      {
+        id: "plugins-enable",
+        method: "POST",
+        path: "/api/admin/plugins/:id/enable",
+        auth: "basic",
+      },
+      {
+        id: "plugins-disable",
+        method: "POST",
+        path: "/api/admin/plugins/:id/disable",
+        auth: "basic",
+      },
+      {
+        id: "plugins-install",
+        method: "POST",
+        path: "/api/admin/plugins/:id/install",
+        auth: "basic",
+      },
+    ],
+  },
 ];
 module.exports = endpointRegistry;

package/src/controllers/admin.controller.js CHANGED Viewed

@@ -7,6 +7,8 @@ const Notification = require('../models/Notification');
 const Invite = require('../models/Invite');
 const EmailLog = require('../models/EmailLog');
 const FormSubmission = require('../models/FormSubmission');
+const RbacRole = require('../models/RbacRole');
+const RbacUserRole = require('../models/RbacUserRole');
 const asyncHandler = require('../utils/asyncHandler');
 const fs = require('fs');
 const path = require('path');
@@ -56,10 +58,6 @@ const registerUser = asyncHandler(async (req, res) => {
     return res.status(400).json({ error: 'Password must be at least 6 characters' });
   }
-  if (!['user', 'admin'].includes(role)) {
-    return res.status(400).json({ error: 'Role must be either "user" or "admin"' });
-  }
   const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
   if (!emailRegex.test(email)) {
     return res.status(400).json({ error: 'Invalid email format' });
@@ -76,11 +74,33 @@ const registerUser = asyncHandler(async (req, res) => {
     email: email.toLowerCase(),
     passwordHash: password, // Will be hashed by pre-save hook
     name: name || '',
-    role: role
+    role: role // Keep for backward compatibility
   });
   await user.save();
+  // Assign RBAC role if it's not 'user'
+  if (role !== 'user') {
+    try {
+      // Find the RBAC role
+      const rbacRole = await RbacRole.findOne({ key: role, status: 'active' });
+      if (rbacRole) {
+        // Create user-role assignment
+        const userRoleAssignment = new RbacUserRole({
+          userId: user._id,
+          roleId: rbacRole._id
+        });
+        await userRoleAssignment.save();
+        console.log(`Assigned RBAC role '${role}' to user ${user.email}`);
+      } else {
+        console.warn(`RBAC role '${role}' not found, user created without RBAC role assignment`);
+      }
+    } catch (error) {
+      console.error('Error assigning RBAC role:', error);
+      // Don't fail the user creation if RBAC assignment fails
+    }
+  }
   // Log the admin action
   console.log(`Admin registered new user: ${user.email} with role: ${user.role}`);
@@ -352,7 +372,7 @@ const getWebhookStats = asyncHandler(async (req, res) => {
 const provisionCoolifyDeploy = asyncHandler(async (req, res) => {
   try {
     const { overwrite } = req.body;
-    const managePath = path.join(process.cwd(), "manage.sh");
+    const managePath = path.join(process.cwd(), "manage.js");
     const exists = fs.existsSync(managePath);
     if (exists && !overwrite) {
@@ -363,13 +383,19 @@ const provisionCoolifyDeploy = asyncHandler(async (req, res) => {
       });
     }
-    // In ref-superbackend, manage.sh already exists in the root of the repository
-    // If it didn't, we would write it here. For this case, we'll just success.
+    // Copy the improved manage.js from polybot
+    const sourceManageJs = path.join(__dirname, "../../../manage.js");
+    if (fs.existsSync(sourceManageJs)) {
+      fs.copyFileSync(sourceManageJs, managePath);
+      // Make it executable
+      fs.chmodSync(managePath, '755');
+    }
     res.json({
       success: true,
       message: exists
-        ? "Coolify Headless Deploy script (manage.sh) was already there."
-        : "Coolify Headless Deploy script (manage.sh) is ready in the root directory.",
+        ? "Coolify Headless Deploy script (manage.js) was updated."
+        : "Coolify Headless Deploy script (manage.js) is ready in the root directory.",
       path: managePath,
     });
   } catch (error) {

package/src/controllers/adminAgents.controller.js ADDED Viewed

@@ -0,0 +1,37 @@
+const Agent = require('../models/Agent');
+exports.listAgents = async (req, res) => {
+  try {
+    const agents = await Agent.find().lean();
+    return res.json({ items: agents });
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};
+exports.createAgent = async (req, res) => {
+  try {
+    const agent = await Agent.create(req.body);
+    return res.json(agent);
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};
+exports.updateAgent = async (req, res) => {
+  try {
+    const agent = await Agent.findByIdAndUpdate(req.params.id, req.body, { new: true });
+    return res.json(agent);
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};
+exports.deleteAgent = async (req, res) => {
+  try {
+    await Agent.findByIdAndDelete(req.params.id);
+    return res.json({ success: true });
+  } catch (error) {
+    return res.status(500).json({ error: error.message });
+  }
+};

package/src/controllers/adminDataCleanup.controller.js ADDED Viewed

@@ -0,0 +1,45 @@
+const dataCleanup = require('../services/dataCleanup.service');
+exports.getOverview = async (req, res) => {
+  try {
+    const data = await dataCleanup.getOverviewStats();
+    return res.json(data);
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+exports.dryRun = async (req, res) => {
+  try {
+    const out = await dataCleanup.dryRunCollectionCleanup(req.body || {});
+    return res.json(out);
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+exports.execute = async (req, res) => {
+  try {
+    const out = await dataCleanup.executeCollectionCleanup(req.body || {});
+    return res.json(out);
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};
+exports.inferFields = async (req, res) => {
+  try {
+    const { collection } = req.query;
+    if (!collection) {
+      return res.status(400).json({ error: 'collection query parameter is required' });
+    }
+    const fields = await dataCleanup.inferCollectionFields(collection);
+    return res.json({ fields });
+  } catch (err) {
+    const safe = dataCleanup.toSafeJsonError(err);
+    return res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/adminLlm.controller.js CHANGED Viewed

@@ -43,10 +43,6 @@ async function setStringSetting(key, value, description) {
     await existing.save();
     return existing;
   }
-  // Ensure we never create a document with an undefined value
-  if (stringValue === undefined) {
-    throw new Error(`Cannot save GlobalSetting with undefined value for key: ${key}`);
-  }
   const created = new GlobalSetting({
     key,
     value: stringValue,
@@ -79,10 +75,6 @@ async function setJsonSetting(key, value) {
     await existing.save();
     return existing;
   }
-  // Ensure we never create a document with an empty value
-  if (!stringValue) {
-    throw new Error(`Cannot save GlobalSetting with empty value for key: ${key}`);
-  }
   const created = new GlobalSetting({
     key,
     value: stringValue,
@@ -387,6 +379,24 @@ async function listCosts(req, res) {
   }
 }
+async function listProviders(req, res) {
+  try {
+    const providers = await getJsonSetting(PROVIDERS_KEY, {});
+    const safeProviders = {};
+    if (providers && typeof providers === "object") {
+      for (const [key, value] of Object.entries(providers)) {
+        if (!value || typeof value !== "object") continue;
+        const { apiKey, ...rest } = value;
+        safeProviders[key] = rest;
+      }
+    }
+    res.json({ providers: safeProviders });
+  } catch (error) {
+    console.error("[adminLlm] listProviders error", error);
+    res.status(500).json({ error: "Failed to load providers" });
+  }
+}
 module.exports = {
   getConfig,
   saveConfig,
@@ -394,4 +404,5 @@ module.exports = {
   listAudit,
   listCosts,
   listOpenRouterModels,
+  listProviders,
 };

package/src/controllers/adminLogin.controller.js ADDED Viewed

@@ -0,0 +1,269 @@
+const User = require('../models/User');
+const asyncHandler = require('../utils/asyncHandler');
+const rbacService = require('../services/rbac.service');
+/**
+ * Auto-detect authentication type based on identifier format
+ * @param {string} identifier - Email or username
+ * @returns {string} 'iam' for email format, 'basic' for username format
+ */
+function detectAuthType(identifier) {
+  return identifier.includes('@') ? 'iam' : 'basic';
+}
+/**
+ * Validate basic auth credentials against environment variables
+ * @param {string} username
+ * @param {string} password
+ * @returns {boolean} true if credentials are valid
+ */
+function validateBasicAuth(username, password) {
+  const adminUsername = process.env.ADMIN_USERNAME || "admin";
+  const adminPassword = process.env.ADMIN_PASSWORD || "admin";
+  return username === adminUsername && password === adminPassword;
+}
+/**
+ * Serve the admin login page
+ */
+const getLogin = asyncHandler(async (req, res) => {
+  // If already authenticated, redirect to admin dashboard
+  if (req.session && req.session.authenticated) {
+    return res.redirect(req.adminPath || '/admin');
+  }
+  const templatePath = require('path').join(__dirname, '..', '..', 'views', 'admin-login.ejs');
+  const fs = require('fs');
+  const ejs = require('ejs');
+  fs.readFile(templatePath, 'utf8', (err, template) => {
+    if (err) {
+      console.error('Error reading login template:', err);
+      return res.status(500).send('Error loading login page');
+    }
+    try {
+      const html = ejs.render(template, {
+        baseUrl: req.baseUrl,
+        adminPath: req.adminPath || '/admin',
+        error: req.query.error || null,
+        success: req.query.success || null
+      }, {
+        filename: templatePath
+      });
+      res.send(html);
+    } catch (renderErr) {
+      console.error('Error rendering login template:', renderErr);
+      res.status(500).send('Error rendering login page');
+    }
+  });
+});
+/**
+ * Process login credentials (supports both basic auth and IAM)
+ */
+const postLogin = asyncHandler(async (req, res) => {
+  const { identifier, password } = req.body;
+  if (!identifier || !password) {
+    return res.redirect(`${req.adminPath || '/admin'}/login?error=Email/username and password are required`);
+  }
+  const authType = detectAuthType(identifier);
+  let user = null;
+  let authData = {};
+  try {
+    if (authType === 'iam') {
+      // IAM authentication - validate against User model
+      user = await User.findOne({ email: identifier.toLowerCase() });
+      if (!user) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Invalid credentials`);
+      }
+      // Check RBAC permissions for admin panel access with backward compatibility
+      const RbacUserRole = require('../models/RbacUserRole');
+      const RbacRole = require('../models/RbacRole');
+      const RbacGrant = require('../models/RbacGrant');
+      const { matches } = require('../utils/rbac/engine');
+      let hasAdminAccess = false;
+      // Phase 1: Try RBAC assignment with pattern matching
+      const userRoleAssignment = await RbacUserRole.findOne({ userId: user._id });
+      if (userRoleAssignment) {
+        const userRole = await RbacRole.findById(userRoleAssignment.roleId);
+        if (userRole && userRole.status === 'active') {
+          // Get all grants for this role
+          const grants = await RbacGrant.find({
+            subjectType: 'role',
+            subjectId: userRole._id,
+            scopeType: 'global',
+            effect: 'allow'
+          });
+          // Check if any grant matches admin_panel__login using pattern matching
+          hasAdminAccess = grants.some(grant =>
+            matches('admin_panel__login', grant.right)
+          );
+          console.log(`RBAC check for user ${user.email}: role=${userRole.key}, grants=${grants.length}, hasAccess=${hasAdminAccess}`);
+        }
+      }
+      // Phase 2: Fallback to IAM role for backward compatibility
+      if (!hasAdminAccess && ['admin', 'superadmin'].includes(user.role)) {
+        console.log(`Fallback to IAM role for user ${user.email}: role=${user.role}`);
+        hasAdminAccess = true; // Admin and superadmin roles get panel access
+      }
+      if (!hasAdminAccess) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Insufficient permissions - Admin panel access required`);
+      }
+      // Validate password
+      const isMatch = await user.comparePassword(password);
+      if (!isMatch) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Invalid credentials`);
+      }
+      // Get user's RBAC roles for session data
+      let rbacRoles = [];
+      try {
+        // Get role information directly
+        if (userRoleAssignment) {
+          const userRole = await RbacRole.findById(userRoleAssignment.roleId);
+          if (userRole) {
+            rbacRoles = [{
+              roleId: userRole._id,
+              roleKey: userRole.key,
+              roleName: userRole.name,
+              grants: [] // We could populate this if needed
+            }];
+          }
+        }
+      } catch (error) {
+        console.error('Error fetching RBAC roles:', error);
+        // Continue without RBAC roles if there's an error
+      }
+      // Store IAM user session data with RBAC context
+      authData = {
+        authType: 'iam',
+        userId: user._id,
+        email: user.email,
+        name: user.name,
+        role: user.role, // Keep for backward compatibility
+        rbacRoles: rbacRoles, // New RBAC context
+        authenticated: true,
+        loginTime: new Date().toISOString()
+      };
+    } else {
+      // Basic auth authentication - validate against environment variables
+      const isValid = validateBasicAuth(identifier, password);
+      if (!isValid) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Invalid credentials`);
+      }
+      // Store basic auth session data
+      authData = {
+        authType: 'basic',
+        username: identifier,
+        role: 'admin', // Basic auth users have admin privileges
+        authenticated: true,
+        loginTime: new Date().toISOString()
+      };
+    }
+    // Create session
+    req.session = req.session || {};
+    Object.assign(req.session, authData);
+    // Regenerate session to prevent fixation
+    req.session.regenerate((err) => {
+      if (err) {
+        console.error('Error regenerating session:', err);
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Session error`);
+      }
+      // Store auth data in new session
+      Object.assign(req.session, authData);
+      // Save session and redirect
+      req.session.save((saveErr) => {
+        if (saveErr) {
+          console.error('Error saving session:', saveErr);
+          return res.redirect(`${req.adminPath || '/admin'}/login?error=Session save error`);
+        }
+        // Redirect to admin dashboard or originally requested URL
+        const redirectTo = req.session.returnTo || (req.adminPath || '/admin');
+        delete req.session.returnTo;
+        res.redirect(redirectTo);
+      });
+    });
+  } catch (error) {
+    console.error('Login error:', error);
+    res.redirect(`${req.adminPath || '/admin'}/login?error=Authentication failed`);
+  }
+});
+/**
+ * Logout user and clear session
+ */
+const postLogout = asyncHandler(async (req, res) => {
+  req.session.destroy((err) => {
+    if (err) {
+      console.error('Error destroying session:', err);
+    }
+    res.redirect(`${req.adminPath || '/admin'}/login?success=Logged out successfully`);
+  });
+});
+/**
+ * Check current authentication status (API endpoint)
+ */
+const getAuthStatus = asyncHandler(async (req, res) => {
+  if (!req.session || !req.session.authenticated) {
+    return res.json({
+      authenticated: false,
+      authType: null,
+      user: null
+    });
+  }
+  const authData = {
+    authenticated: req.session.authenticated,
+    authType: req.session.authType,
+    loginTime: req.session.loginTime
+  };
+  if (req.session.authType === 'iam') {
+    authData.user = {
+      id: req.session.userId,
+      email: req.session.email,
+      name: req.session.name,
+      role: req.session.role
+    };
+  } else {
+    authData.user = {
+      username: req.session.username,
+      role: req.session.role
+    };
+  }
+  res.json(authData);
+});
+module.exports = {
+  getLogin,
+  postLogin,
+  postLogout,
+  getAuthStatus
+};