@intranefr/superbackend 1.7.7 → 1.7.9

package/src/controllers/auth.controller.js

@@ -1,6 +1,7 @@
 const User = require('../models/User');
 const { generateAccessToken, generateRefreshToken, verifyRefreshToken } = require('../utils/jwt');
 const asyncHandler = require('../utils/asyncHandler');
+const githubService = require('../services/github.service');
 
 // Register new user
 const register = asyncHandler(async (req, res) => {
@@ -85,9 +86,155 @@ const me = asyncHandler(async (req, res) => {
   res.json({ user: req.user.toJSON() });
 });
 
+// Initiate GitHub OAuth flow
+const githubLogin = asyncHandler(async (req, res) => {
+  const state = githubService.generateState();
+  
+  // Store state in session for CSRF protection (if sessions are enabled)
+  if (req.session) {
+    req.session.githubOAuthState = state;
+  }
+  
+  const authUrl = githubService.getAuthURL(state);
+  
+  // Return URL for frontend to redirect, or redirect directly
+  if (req.query.json === 'true' || req.headers.accept?.includes('application/json')) {
+    res.json({ 
+      success: true, 
+      authUrl: authUrl,
+      state: state 
+    });
+  } else {
+    res.redirect(authUrl);
+  }
+});
+
+// Handle GitHub OAuth callback
+const githubCallback = asyncHandler(async (req, res) => {
+  const { code, state } = req.query;
+
+  if (!code) {
+    return res.status(400).json({ error: 'Authorization code missing' });
+  }
+
+  // Verify state parameter for CSRF protection
+  if (req.session?.githubOAuthState) {
+    if (!state || state !== req.session.githubOAuthState) {
+      return res.status(400).json({ error: 'Invalid state parameter' });
+    }
+    // Clear used state
+    delete req.session.githubOAuthState;
+  }
+
+  // Exchange code for access token
+  const tokenResponse = await githubService.getAccessToken(code, state);
+  
+  if (!tokenResponse.accessToken) {
+    return res.status(400).json({ error: 'Failed to get access token' });
+  }
+
+  // Get user info from GitHub
+  const githubUser = await githubService.getFullUserInfo(tokenResponse.accessToken);
+
+  // Check if user exists with this GitHub ID
+  let user = await User.findOne({ githubId: githubUser.id });
+
+  if (!user) {
+    // Check if user exists with this email
+    const emailToCheck = githubUser.email || `${githubUser.login}@users.noreply.github.com`;
+    user = await User.findOne({ email: emailToCheck.toLowerCase() });
+
+    if (user) {
+      // Link GitHub account to existing user
+      user.githubId = githubUser.id;
+      user.githubUsername = githubUser.login;
+      user.githubAccessToken = tokenResponse.accessToken;
+      if (tokenResponse.refreshToken) {
+        user.githubRefreshToken = tokenResponse.refreshToken;
+      }
+      user.githubEmail = githubUser.email;
+      user.avatar = githubUser.avatarUrl;
+      if (githubUser.name) user.name = githubUser.name;
+      user.emailVerified = githubUser.emailVerified || user.emailVerified;
+      await user.save();
+    } else {
+      // Create new user
+      user = new User({
+        email: emailToCheck.toLowerCase(),
+        name: githubUser.name || githubUser.login,
+        githubId: githubUser.id,
+        githubUsername: githubUser.login,
+        githubAccessToken: tokenResponse.accessToken,
+        githubRefreshToken: tokenResponse.refreshToken,
+        githubEmail: githubUser.email,
+        avatar: githubUser.avatarUrl,
+        emailVerified: githubUser.emailVerified,
+        role: 'user'
+      });
+      await user.save();
+    }
+  } else {
+    // Update existing user's tokens and info
+    user.githubAccessToken = tokenResponse.accessToken;
+    if (tokenResponse.refreshToken) {
+      user.githubRefreshToken = tokenResponse.refreshToken;
+    }
+    user.avatar = githubUser.avatarUrl;
+    if (githubUser.name) user.name = githubUser.name;
+    user.githubUsername = githubUser.login;
+    await user.save();
+  }
+
+  // Generate JWT tokens
+  const token = generateAccessToken(user._id, user.role);
+  const refreshToken = generateRefreshToken(user._id);
+
+  // Update last login
+  user.lastLogin = new Date();
+  await user.save();
+
+  // Redirect to frontend with token in URL hash or return JSON
+  const frontendUrl = process.env.FRONTEND_URL || 'http://localhost:3000';
+  
+  if (req.query.json === 'true' || req.headers.accept?.includes('application/json')) {
+    res.json({
+      success: true,
+      token,
+      refreshToken,
+      user: user.toJSON()
+    });
+  } else {
+    res.redirect(`${frontendUrl}/dashboard#token=${token}`);
+  }
+});
+
+// Refresh GitHub access token
+const githubRefreshToken = asyncHandler(async (req, res) => {
+  const { refreshToken } = req.body;
+
+  if (!refreshToken) {
+    return res.status(400).json({ error: 'Refresh token required' });
+  }
+
+  try {
+    const tokenResponse = await githubService.refreshAccessToken(refreshToken);
+    
+    res.json({
+      success: true,
+      accessToken: tokenResponse.accessToken,
+      refreshToken: tokenResponse.refreshToken
+    });
+  } catch (error) {
+    res.status(400).json({ error: error.message });
+  }
+});
+
 module.exports = {
   register,
   login,
   refresh,
-  me
+  me,
+  githubLogin,
+  githubCallback,
+  githubRefreshToken
 };

package/src/controllers/waitingList.controller.js

@@ -129,12 +129,14 @@ exports.adminList = async (req, res) => {
     const parsedOffset = Math.max(0, parseInt(offset, 10) || 0);
 
     // Use JSON Configs service for admin data with filtering and pagination
+    // Always bypass cache for admin list to ensure fresh data
     const result = await waitingListService.getWaitingListEntriesAdmin({
       status,
       type,
       email,
       limit: parsedLimit,
-      offset: parsedOffset
+      offset: parsedOffset,
+      bypassCache: true
     });
 
     return res.json(result);
@@ -143,3 +145,130 @@ exports.adminList = async (req, res) => {
     return res.status(500).json({ error: 'Failed to list entries' });
   }
 };
+
+// Get available types (for admin UI filters)
+exports.getTypes = async (req, res) => {
+  try {
+    const result = await waitingListService.getAvailableTypes();
+    res.json(result);
+  } catch (error) {
+    console.error('Waiting list get types error:', error);
+    return res.status(500).json({ error: 'Failed to get types' });
+  }
+};
+
+// Export waiting list entries as CSV (server-side, respects filters)
+exports.exportCsv = async (req, res) => {
+  try {
+    const {
+      status,
+      type,
+      email,
+    } = req.query;
+
+    // Get ALL filtered entries (no pagination)
+    const result = await waitingListService.getWaitingListEntriesAdmin({
+      status,
+      type,
+      email,
+      limit: 100000, // Large limit to get all entries
+      offset: 0
+    });
+
+    const entries = result.entries || [];
+
+    // Set CSV headers
+    res.setHeader('Content-Type', 'text/csv');
+    res.setHeader('Content-Disposition', `attachment; filename="waiting-list-${new Date().toISOString().split('T')[0]}.csv"`);
+
+    // CSV header row
+    const csvRows = [
+      ['Email', 'Type', 'Status', 'Referral Source', 'Created At', 'Updated At']
+    ];
+
+    // Data rows
+    entries.forEach(entry => {
+      csvRows.push([
+        entry.email || '',
+        entry.type || '',
+        entry.status || '',
+        entry.referralSource || '',
+        entry.createdAt ? new Date(entry.createdAt).toISOString() : '',
+        entry.updatedAt ? new Date(entry.updatedAt).toISOString() : ''
+      ]);
+    });
+
+    // Convert to CSV string with proper escaping
+    const csvContent = csvRows.map(row => 
+      row.map(cell => {
+        const str = String(cell || '');
+        // Escape quotes and wrap in quotes if contains comma, quote, or newline
+        if (str.includes(',') || str.includes('"') || str.includes('\n')) {
+          return `"${str.replace(/"/g, '""')}"`;
+        }
+        return str;
+      }).join(',')
+    ).join('\n');
+
+    res.send(csvContent);
+  } catch (error) {
+    console.error('Waiting list export CSV error:', error);
+    return res.status(500).json({ error: 'Failed to export CSV' });
+  }
+};
+
+// Bulk remove waiting list entries
+exports.bulkRemove = async (req, res) => {
+  try {
+    const { entryIds } = req.body;
+
+    if (!Array.isArray(entryIds) || entryIds.length === 0) {
+      return res.status(400).json({ error: 'entryIds must be a non-empty array' });
+    }
+
+    const { removeWaitingListEntry, getWaitingListEntries, clearWaitingListCache } = require('../services/waitingListJson.service');
+
+    // Get all entries to verify IDs exist (bypass cache)
+    const { entries } = await getWaitingListEntries({ bypassCache: true });
+    const validIds = new Set(entries.map(e => e.id));
+    
+    const removed = [];
+    const notFound = [];
+
+    // Remove each entry
+    for (const entryId of entryIds) {
+      if (!validIds.has(entryId)) {
+        notFound.push(entryId);
+        continue;
+      }
+
+      try {
+        await removeWaitingListEntry(entryId);
+        removed.push(entryId);
+      } catch (error) {
+        console.error(`Failed to remove entry ${entryId}:`, error.message);
+        notFound.push(entryId);
+      }
+    }
+
+    // Force clear cache after all removals
+    await clearWaitingListCache();
+
+    console.log(`[BulkRemove] Removed ${removed.length} entries, ${notFound.length} not found`);
+
+    res.json({
+      message: `Successfully removed ${removed.length} entr${removed.length === 1 ? 'y' : 'ies'}`,
+      removed: {
+        count: removed.length,
+        ids: removed
+      },
+      notFound: {
+        count: notFound.length,
+        ids: notFound
+      }
+    });
+  } catch (error) {
+    console.error('Waiting list bulk remove error:', error);
+    return res.status(500).json({ error: 'Failed to bulk remove entries' });
+  }
+};

package/src/models/RbacRole.js

@@ -2,7 +2,7 @@ const mongoose = require('mongoose');
 
 const rbacRoleSchema = new mongoose.Schema(
   {
-    key: { type: String, required: true, trim: true, lowercase: true, index: true },
+    key: { type: String, required: true, trim: true, lowercase: true },
     name: { type: String, required: true, trim: true },
     description: { type: String, default: '', trim: true },
     status: { type: String, enum: ['active', 'disabled'], default: 'active', index: true },

package/src/models/User.js

@@ -7,24 +7,53 @@ const userSchema = new mongoose.Schema({
     required: true,
     unique: true,
     lowercase: true,
-    trim: true,
-    index: true
+    trim: true
   },
   clerkUserId: {
     type: String,
-    index: true,
     sparse: true
   },
   passwordHash: {
     type: String,
     required: function () {
-      return !this.clerkUserId;
+      // Password is optional for OAuth users (GitHub, Clerk)
+      return !this.clerkUserId && !this.githubId;
     }
   },
   name: {
     type: String,
     trim: true
   },
+
+  // GitHub OAuth Integration
+  githubId: {
+    type: String,
+    sparse: true
+  },
+  githubUsername: {
+    type: String,
+    sparse: true
+  },
+  githubAccessToken: {
+    type: String,
+    select: false // Don't return by default
+  },
+  githubRefreshToken: {
+    type: String,
+    select: false // Don't return by default
+  },
+  githubEmail: {
+    type: String,
+    sparse: true
+  },
+  avatar: {
+    type: String
+  },
+  emailVerified: {
+    type: Boolean,
+    default: false
+  },
+
   subscriptionStatus: {
     type: String,
     enum: ['none', 'active', 'cancelled', 'past_due', 'incomplete', 'incomplete_expired', 'trialing', 'unpaid'],
@@ -63,7 +92,10 @@ const userSchema = new mongoose.Schema({
   timestamps: true
 });
 
-// userSchema.index({ email: 1 }); // Removed duplicate index
+// Indexes
+userSchema.index({ email: 1 });
+userSchema.index({ githubId: 1 });
+userSchema.index({ clerkUserId: 1 });
 
 // Hash password before saving
 userSchema.pre('save', async function(next) {
@@ -82,6 +114,8 @@ userSchema.methods.comparePassword = async function(candidatePassword) {
 userSchema.methods.toJSON = function() {
   const obj = this.toObject();
   delete obj.passwordHash;
+  delete obj.githubAccessToken;
+  delete obj.githubRefreshToken;
   delete obj.__v;
   return obj;
 };

package/src/routes/auth.routes.js

@@ -4,9 +4,15 @@ const authController = require('../controllers/auth.controller');
 const { authenticate } = require('../middleware/auth');
 const { auditMiddleware } = require('../services/auditLogger');
 
+// Email/Password Auth
 router.post('/register', auditMiddleware('public.auth.register', { entityType: 'User' }), authController.register);
 router.post('/login', auditMiddleware('public.auth.login', { entityType: 'User' }), authController.login);
 router.post('/refresh-token', auditMiddleware('public.auth.refresh', { entityType: 'User' }), authController.refresh);
 router.get('/me', authenticate, authController.me);
 
+// GitHub OAuth Auth
+router.get('/github', auditMiddleware('public.auth.github.init', { entityType: 'User' }), authController.githubLogin);
+router.get('/github/callback', auditMiddleware('public.auth.github.callback', { entityType: 'User' }), authController.githubCallback);
+router.post('/github/refresh-token', auditMiddleware('public.auth.github.refresh', { entityType: 'User' }), authController.githubRefreshToken);
+
 module.exports = router;

package/src/routes/waitingList.routes.js

@@ -3,11 +3,21 @@ const router = express.Router();
 const waitingListController = require('../controllers/waitingList.controller');
 const asyncHandler = require('../utils/asyncHandler');
 const { auditMiddleware } = require('../services/auditLogger');
+const rateLimiter = require('../services/rateLimiter.service');
 
 // POST /api/waiting-list/subscribe - Subscribe to waiting list
-router.post('/subscribe', auditMiddleware('public.waiting_list.subscribe', { entityType: 'WaitingList' }), asyncHandler(waitingListController.subscribe));
+// Rate limited by IP to prevent spam/abuse (1 request per minute)
+router.post('/subscribe', 
+  rateLimiter.limit('waitingListSubscribeLimiter'),
+  auditMiddleware('public.waiting_list.subscribe', { entityType: 'WaitingList' }), 
+  asyncHandler(waitingListController.subscribe)
+);
 
 // GET /api/waiting-list/stats - Get waiting list statistics (public)
-router.get('/stats', asyncHandler(waitingListController.getStats));
+// Light rate limiting to prevent abuse (60 requests per minute)
+router.get('/stats', 
+  rateLimiter.limit('waitingListStatsLimiter'),
+  asyncHandler(waitingListController.getStats)
+);
 
 module.exports = router;

package/src/routes/waitingListAdmin.routes.js

@@ -5,5 +5,8 @@ const waitingListController = require('../controllers/waitingList.controller');
 const asyncHandler = require('../utils/asyncHandler');
 
 router.get('/', adminSessionAuth, asyncHandler(waitingListController.adminList));
+router.get('/types', adminSessionAuth, asyncHandler(waitingListController.getTypes));
+router.get('/export-csv', adminSessionAuth, asyncHandler(waitingListController.exportCsv));
+router.post('/bulk-remove', adminSessionAuth, asyncHandler(waitingListController.bulkRemove));
 
 module.exports = router;

package/src/services/email.service.js

@@ -1,6 +1,7 @@
 // Email service wrapper using Resend
 // Note: Resend package needs to be installed: npm install resend
 
+const mongoose = require("mongoose");
 const GlobalSetting = require("../models/GlobalSetting");
 const EmailLog = require("../models/EmailLog");