@intranefr/superbackend 1.5.3 → 1.6.3

package/src/controllers/adminLogin.controller.js

@@ -0,0 +1,269 @@
+const User = require('../models/User');
+const asyncHandler = require('../utils/asyncHandler');
+const rbacService = require('../services/rbac.service');
+
+/**
+ * Auto-detect authentication type based on identifier format
+ * @param {string} identifier - Email or username
+ * @returns {string} 'iam' for email format, 'basic' for username format
+ */
+function detectAuthType(identifier) {
+  return identifier.includes('@') ? 'iam' : 'basic';
+}
+
+/**
+ * Validate basic auth credentials against environment variables
+ * @param {string} username 
+ * @param {string} password 
+ * @returns {boolean} true if credentials are valid
+ */
+function validateBasicAuth(username, password) {
+  const adminUsername = process.env.ADMIN_USERNAME || "admin";
+  const adminPassword = process.env.ADMIN_PASSWORD || "admin";
+  
+  return username === adminUsername && password === adminPassword;
+}
+
+/**
+ * Serve the admin login page
+ */
+const getLogin = asyncHandler(async (req, res) => {
+  // If already authenticated, redirect to admin dashboard
+  if (req.session && req.session.authenticated) {
+    return res.redirect(req.adminPath || '/admin');
+  }
+
+  const templatePath = require('path').join(__dirname, '..', '..', 'views', 'admin-login.ejs');
+  const fs = require('fs');
+  const ejs = require('ejs');
+
+  fs.readFile(templatePath, 'utf8', (err, template) => {
+    if (err) {
+      console.error('Error reading login template:', err);
+      return res.status(500).send('Error loading login page');
+    }
+
+    try {
+      const html = ejs.render(template, {
+        baseUrl: req.baseUrl,
+        adminPath: req.adminPath || '/admin',
+        error: req.query.error || null,
+        success: req.query.success || null
+      }, {
+        filename: templatePath
+      });
+      res.send(html);
+    } catch (renderErr) {
+      console.error('Error rendering login template:', renderErr);
+      res.status(500).send('Error rendering login page');
+    }
+  });
+});
+
+/**
+ * Process login credentials (supports both basic auth and IAM)
+ */
+const postLogin = asyncHandler(async (req, res) => {
+  const { identifier, password } = req.body;
+
+  if (!identifier || !password) {
+    return res.redirect(`${req.adminPath || '/admin'}/login?error=Email/username and password are required`);
+  }
+
+  const authType = detectAuthType(identifier);
+  let user = null;
+  let authData = {};
+
+  try {
+    if (authType === 'iam') {
+      // IAM authentication - validate against User model
+      user = await User.findOne({ email: identifier.toLowerCase() });
+      
+      if (!user) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Invalid credentials`);
+      }
+
+      // Check RBAC permissions for admin panel access with backward compatibility
+      const RbacUserRole = require('../models/RbacUserRole');
+      const RbacRole = require('../models/RbacRole');
+      const RbacGrant = require('../models/RbacGrant');
+      const { matches } = require('../utils/rbac/engine');
+      
+      let hasAdminAccess = false;
+      
+      // Phase 1: Try RBAC assignment with pattern matching
+      const userRoleAssignment = await RbacUserRole.findOne({ userId: user._id });
+      if (userRoleAssignment) {
+        const userRole = await RbacRole.findById(userRoleAssignment.roleId);
+        if (userRole && userRole.status === 'active') {
+          // Get all grants for this role
+          const grants = await RbacGrant.find({
+            subjectType: 'role',
+            subjectId: userRole._id,
+            scopeType: 'global',
+            effect: 'allow'
+          });
+          
+          // Check if any grant matches admin_panel__login using pattern matching
+          hasAdminAccess = grants.some(grant => 
+            matches('admin_panel__login', grant.right)
+          );
+          
+          console.log(`RBAC check for user ${user.email}: role=${userRole.key}, grants=${grants.length}, hasAccess=${hasAdminAccess}`);
+        }
+      }
+      
+      // Phase 2: Fallback to IAM role for backward compatibility
+      if (!hasAdminAccess && ['admin', 'superadmin'].includes(user.role)) {
+        console.log(`Fallback to IAM role for user ${user.email}: role=${user.role}`);
+        hasAdminAccess = true; // Admin and superadmin roles get panel access
+      }
+      
+      if (!hasAdminAccess) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Insufficient permissions - Admin panel access required`);
+      }
+
+      // Validate password
+      const isMatch = await user.comparePassword(password);
+      if (!isMatch) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Invalid credentials`);
+      }
+
+      // Get user's RBAC roles for session data
+      let rbacRoles = [];
+      try {
+        // Get role information directly
+        if (userRoleAssignment) {
+          const userRole = await RbacRole.findById(userRoleAssignment.roleId);
+          if (userRole) {
+            rbacRoles = [{
+              roleId: userRole._id,
+              roleKey: userRole.key,
+              roleName: userRole.name,
+              grants: [] // We could populate this if needed
+            }];
+          }
+        }
+      } catch (error) {
+        console.error('Error fetching RBAC roles:', error);
+        // Continue without RBAC roles if there's an error
+      }
+
+      // Store IAM user session data with RBAC context
+      authData = {
+        authType: 'iam',
+        userId: user._id,
+        email: user.email,
+        name: user.name,
+        role: user.role, // Keep for backward compatibility
+        rbacRoles: rbacRoles, // New RBAC context
+        authenticated: true,
+        loginTime: new Date().toISOString()
+      };
+
+    } else {
+      // Basic auth authentication - validate against environment variables
+      const isValid = validateBasicAuth(identifier, password);
+      
+      if (!isValid) {
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Invalid credentials`);
+      }
+
+      // Store basic auth session data
+      authData = {
+        authType: 'basic',
+        username: identifier,
+        role: 'admin', // Basic auth users have admin privileges
+        authenticated: true,
+        loginTime: new Date().toISOString()
+      };
+    }
+
+    // Create session
+    req.session = req.session || {};
+    Object.assign(req.session, authData);
+    
+    // Regenerate session to prevent fixation
+    req.session.regenerate((err) => {
+      if (err) {
+        console.error('Error regenerating session:', err);
+        return res.redirect(`${req.adminPath || '/admin'}/login?error=Session error`);
+      }
+
+      // Store auth data in new session
+      Object.assign(req.session, authData);
+      
+      // Save session and redirect
+      req.session.save((saveErr) => {
+        if (saveErr) {
+          console.error('Error saving session:', saveErr);
+          return res.redirect(`${req.adminPath || '/admin'}/login?error=Session save error`);
+        }
+
+        // Redirect to admin dashboard or originally requested URL
+        const redirectTo = req.session.returnTo || (req.adminPath || '/admin');
+        delete req.session.returnTo;
+        res.redirect(redirectTo);
+      });
+    });
+
+  } catch (error) {
+    console.error('Login error:', error);
+    res.redirect(`${req.adminPath || '/admin'}/login?error=Authentication failed`);
+  }
+});
+
+/**
+ * Logout user and clear session
+ */
+const postLogout = asyncHandler(async (req, res) => {
+  req.session.destroy((err) => {
+    if (err) {
+      console.error('Error destroying session:', err);
+    }
+    
+    res.redirect(`${req.adminPath || '/admin'}/login?success=Logged out successfully`);
+  });
+});
+
+/**
+ * Check current authentication status (API endpoint)
+ */
+const getAuthStatus = asyncHandler(async (req, res) => {
+  if (!req.session || !req.session.authenticated) {
+    return res.json({ 
+      authenticated: false, 
+      authType: null,
+      user: null 
+    });
+  }
+
+  const authData = {
+    authenticated: req.session.authenticated,
+    authType: req.session.authType,
+    loginTime: req.session.loginTime
+  };
+
+  if (req.session.authType === 'iam') {
+    authData.user = {
+      id: req.session.userId,
+      email: req.session.email,
+      name: req.session.name,
+      role: req.session.role
+    };
+  } else {
+    authData.user = {
+      username: req.session.username,
+      role: req.session.role
+    };
+  }
+
+  res.json(authData);
+});
+
+module.exports = {
+  getLogin,
+  postLogin,
+  postLogout,
+  getAuthStatus
+};

package/src/controllers/adminPlugins.controller.js

@@ -0,0 +1,55 @@
+const pluginsService = require('../services/plugins.service');
+
+function handleError(res, error) {
+  const code = error?.code;
+  const message = error?.message || 'Operation failed';
+
+  if (code === 'NOT_FOUND') return res.status(404).json({ error: message });
+  if (code === 'VALIDATION') return res.status(400).json({ error: message });
+  return res.status(500).json({ error: message });
+}
+
+function runtimeContext(req) {
+  const superbackend = globalThis.superbackend || globalThis.saasbackend || {};
+  return {
+    services: superbackend.services || {},
+    helpers: superbackend.helpers || {},
+    request: req,
+  };
+}
+
+exports.list = async (req, res) => {
+  try {
+    const items = await pluginsService.listPlugins();
+    return res.json({ items });
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.enable = async (req, res) => {
+  try {
+    const result = await pluginsService.enablePlugin(req.params.id, { context: runtimeContext(req) });
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.disable = async (req, res) => {
+  try {
+    const result = await pluginsService.disablePlugin(req.params.id);
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.install = async (req, res) => {
+  try {
+    const result = await pluginsService.installPlugin(req.params.id, { context: runtimeContext(req) });
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};

package/src/controllers/adminRegistry.controller.js

@@ -0,0 +1,106 @@
+const registryService = require('../services/registry.service');
+
+function handleError(res, error) {
+  const code = error?.code;
+  const message = error?.message || 'Operation failed';
+
+  if (code === 'VALIDATION') return res.status(400).json({ error: message });
+  if (code === 'NOT_FOUND') return res.status(404).json({ error: message });
+  if (code === 'CONFLICT') return res.status(409).json({ error: message });
+  return res.status(500).json({ error: message });
+}
+
+exports.listRegistries = async (req, res) => {
+  try {
+    const items = await registryService.listRegistries();
+    return res.json({ items });
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.createRegistry = async (req, res) => {
+  try {
+    const item = await registryService.createRegistry(req.body || {});
+    return res.status(201).json({ item });
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.getRegistry = async (req, res) => {
+  try {
+    const item = await registryService.getRegistry(req.params.id);
+    if (!item) return res.status(404).json({ error: 'registry not found' });
+    return res.json({ item });
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.updateRegistry = async (req, res) => {
+  try {
+    const item = await registryService.updateRegistry(req.params.id, req.body || {});
+    return res.json({ item });
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.deleteRegistry = async (req, res) => {
+  try {
+    const result = await registryService.deleteRegistry(req.params.id);
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.createToken = async (req, res) => {
+  try {
+    const result = await registryService.createToken(req.params.id, req.body || {});
+    return res.status(201).json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.deleteToken = async (req, res) => {
+  try {
+    const result = await registryService.deleteToken(req.params.id, req.params.tokenId);
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.listItems = async (req, res) => {
+  try {
+    const result = await registryService.listItemsForRegistry(
+      req.params.id,
+      req.query,
+      req.headers.authorization,
+    );
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.upsertItem = async (req, res) => {
+  try {
+    const item = await registryService.upsertItem(req.params.id, req.body || {});
+    return res.json({ item });
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.deleteItem = async (req, res) => {
+  try {
+    const result = await registryService.deleteItem(req.params.id, req.params.itemId);
+    return res.json(result);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};

package/src/controllers/adminStats.controller.js

@@ -4,7 +4,7 @@ const AuditEvent = require('../models/AuditEvent');
 const ErrorAggregate = require('../models/ErrorAggregate');
 const Asset = require('../models/Asset');
 const FormSubmission = require('../models/FormSubmission');
-const WaitingList = require('../models/WaitingList');
+const waitingListService = require('../services/waitingListJson.service');
 const EmailLog = require('../models/EmailLog');
 const VirtualEjsFile = require('../models/VirtualEjsFile');
 const JsonConfig = require('../models/JsonConfig');
@@ -35,7 +35,7 @@ exports.getOverviewStats = async (req, res) => {
       totalJsonConfigs,
       // SaaS & Billing
       totalForms,
-      totalWaiting,
+      waitingListStats,
       totalPlans,
       totalWorkflows
     ] = await Promise.all([
@@ -51,7 +51,7 @@ exports.getOverviewStats = async (req, res) => {
       VirtualEjsFile.countDocuments(),
       JsonConfig.countDocuments(),
       FormSubmission.countDocuments(),
-      WaitingList.countDocuments(),
+      waitingListService.getWaitingListStats().catch(() => ({ totalSubscribers: 0 })), // Fallback to 0 if service fails
       StripeCatalogItem.countDocuments({ active: true }),
       Workflow.countDocuments()
     ]);
@@ -106,7 +106,7 @@ exports.getOverviewStats = async (req, res) => {
         },
         saas: {
           forms: totalForms,
-          waiting: totalWaiting,
+          waiting: waitingListStats.totalSubscribers || 0,
           plans: totalPlans,
           workflows: totalWorkflows
         }

package/src/controllers/registry.controller.js

@@ -0,0 +1,32 @@
+const registryService = require('../services/registry.service');
+
+function handleError(res, error) {
+  const code = error?.code;
+  const message = error?.message || 'Operation failed';
+
+  if (code === 'VALIDATION') return res.status(400).json({ error: { code: 'INVALID_REQUEST', message } });
+  if (code === 'NOT_FOUND') return res.status(404).json({ error: { code: 'NOT_FOUND', message } });
+  return res.status(500).json({ error: { code: 'INTERNAL_ERROR', message } });
+}
+
+exports.auth = async (req, res) => {
+  try {
+    const payload = await registryService.getAuthStatus(req.params.id, req.headers.authorization);
+    return res.json(payload);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};
+
+exports.list = async (req, res) => {
+  try {
+    const payload = await registryService.listItemsForRegistry(
+      req.params.id,
+      req.query,
+      req.headers.authorization,
+    );
+    return res.json(payload);
+  } catch (error) {
+    return handleError(res, error);
+  }
+};

package/src/controllers/waitingList.controller.js

@@ -1,4 +1,4 @@
-const WaitingList = require('../models/WaitingList');
+const waitingListService = require('../services/waitingListJson.service');
 const { validateEmail, sanitizeString } = require('../utils/validation');
 
 // Subscribe to waiting list
@@ -31,36 +31,51 @@ exports.subscribe = async (req, res) => {
       });
     }
 
-    // Check if email already exists
-    const existingEntry = await WaitingList.findOne({ email: sanitizedEmail.toLowerCase() });
-    if (existingEntry) {
-      return res.status(409).json({ 
-        error: 'This email is already on our waiting list',
-        field: 'email'
+    // Check if email already exists and create new entry using JSON Configs service
+    try {
+      const waitingListEntry = await waitingListService.addWaitingListEntry({
+        email: sanitizedEmail.toLowerCase(),
+        type: sanitizedType.trim(),
+        referralSource: sanitizeString(referralSource) || 'website'
       });
-    }
-
-    // Create new waiting list entry
-    const waitingListEntry = new WaitingList({
-      email: sanitizedEmail.toLowerCase(),
-      type: sanitizedType.trim(),
-      referralSource: sanitizeString(referralSource) || 'website'
-    });
 
-    await waitingListEntry.save();
+      // Return success response without sensitive data
+      const response = { ...waitingListEntry };
+      delete response.email; // Don't return email in response for privacy
 
-    // Return success response without sensitive data
-    const response = waitingListEntry.toJSON();
-    delete response.email; // Don't return email in response for privacy
-
-    res.status(201).json({
-      message: 'Successfully joined the waiting list!',
-      data: response
-    });
+      res.status(201).json({
+        message: 'Successfully joined the waiting list!',
+        data: response
+      });
+    } catch (serviceError) {
+      // Handle validation and duplicate errors from service
+      if (serviceError.code === 'VALIDATION') {
+        return res.status(400).json({ 
+          error: serviceError.message,
+          field: 'general'
+        });
+      }
+      
+      if (serviceError.code === 'DUPLICATE_EMAIL' || serviceError.code === 'DUPLICATE' || serviceError.message.includes('already exists')) {
+        return res.status(409).json({ 
+          error: 'This email is already on our waiting list',
+          field: 'email'
+        });
+      }
+
+      if (serviceError.code === 'INITIALIZATION_FAILED') {
+        return res.status(500).json({ 
+          error: 'Service temporarily unavailable - please try again',
+          field: 'general'
+        });
+      }
+      
+      throw serviceError; // Re-throw for general error handling
+    }
   } catch (error) {
     console.error('Waiting list subscription error:', error);
     
-    // Handle specific MongoDB errors
+    // Handle specific errors
     if (error.code === 11000) {
       return res.status(409).json({ 
         error: 'This email is already on our waiting list',
@@ -86,35 +101,10 @@ exports.subscribe = async (req, res) => {
 // Get waiting list stats (public)
 exports.getStats = async (req, res) => {
   try {
-    const totalSubscribers = await WaitingList.countDocuments({ status: 'active' });
-
-    const typeAgg = await WaitingList.aggregate([
-      { $match: { status: 'active' } },
-      { $group: { _id: '$type', count: { $sum: 1 } } },
-      { $sort: { count: -1, _id: 1 } },
-    ]);
-
-    const typeCounts = (typeAgg || []).reduce((acc, row) => {
-      if (!row?._id) return acc;
-      acc[String(row._id)] = row.count || 0;
-      return acc;
-    }, {});
-
-    // Backward compatibility fields (legacy UI/tests)
-    const buyerCount = (typeCounts.buyer || 0) + (typeCounts.both || 0);
-    const sellerCount = (typeCounts.seller || 0) + (typeCounts.both || 0);
-
-    // Add some mock growth data for demonstration
-    const growthThisWeek = Math.floor(totalSubscribers * 0.05); // 5% growth
+    // Use JSON Configs service for cached statistics
+    const stats = await waitingListService.getWaitingListStats();
     
-    res.json({
-      totalSubscribers,
-      buyerCount,
-      sellerCount,
-      typeCounts,
-      growthThisWeek,
-      lastUpdated: new Date().toISOString()
-    });
+    res.json(stats);
   } catch (error) {
     console.error('Waiting list stats error:', error);
     res.status(500).json({ 
@@ -135,31 +125,19 @@ exports.adminList = async (req, res) => {
       offset = 0,
     } = req.query;
 
-    const query = {};
-    if (status) query.status = String(status);
-    if (type) query.type = String(type);
-    if (email) query.email = String(email).trim().toLowerCase();
-
     const parsedLimit = Math.min(500, Math.max(1, parseInt(limit, 10) || 50));
     const parsedOffset = Math.max(0, parseInt(offset, 10) || 0);
 
-    const entries = await WaitingList.find(query)
-      .sort({ createdAt: -1 })
-      .limit(parsedLimit)
-      .skip(parsedOffset)
-      .select('email type status referralSource createdAt updatedAt')
-      .lean();
-
-    const total = await WaitingList.countDocuments(query);
-
-    return res.json({
-      entries,
-      pagination: {
-        total,
-        limit: parsedLimit,
-        offset: parsedOffset,
-      },
+    // Use JSON Configs service for admin data with filtering and pagination
+    const result = await waitingListService.getWaitingListEntriesAdmin({
+      status,
+      type,
+      email,
+      limit: parsedLimit,
+      offset: parsedOffset
     });
+
+    return res.json(result);
   } catch (error) {
     console.error('Waiting list admin list error:', error);
     return res.status(500).json({ error: 'Failed to list entries' });