@javagt/express-easy-auth 1.0.2 → 1.0.4

package/demo/public/js/components/FreshAuthModal.js

@@ -0,0 +1,110 @@
+/**
+ * FreshAuthModal - A reference UI component for handling "Sudo Mode" (requireFreshAuth).
+ * 
+ * This component listens for 403 FRESH_AUTH_REQUIRED errors and prompts the user
+ * to re-authenticate without leaving the current page.
+ */
+
+export class FreshAuthModal {
+  constructor(authClient) {
+    this.auth = authClient;
+    this.modal = null;
+    this._initStyles();
+  }
+
+  /**
+   * Shows the re-authentication modal.
+   * @returns {Promise<boolean>} - Resolves to true if re-auth succeeded, false otherwise.
+   */
+  async prompt() {
+    return new Promise((resolve) => {
+      this._createModal(resolve);
+    });
+  }
+
+  _initStyles() {
+    if (document.getElementById('fresh-auth-styles')) return;
+    const style = document.createElement('style');
+    style.id = 'fresh-auth-styles';
+    style.textContent = `
+      .fa-modal-overlay {
+        position: fixed; top: 0; left: 0; width: 100%; height: 100%;
+        background: rgba(0,0,0,0.5); display: flex; align-items: center;
+        justify-content: center; z-index: 9999; font-family: sans-serif;
+      }
+      .fa-modal {
+        background: white; padding: 2rem; border-radius: 8px; width: 100%; max-width: 400px;
+        box-shadow: 0 4px 20px rgba(0,0,0,0.2);
+      }
+      .fa-modal h2 { margin-top: 0; color: #333; }
+      .fa-modal p { color: #666; font-size: 0.9rem; margin-bottom: 1.5rem; }
+      .fa-modal input {
+        width: 100%; padding: 0.8rem; margin-bottom: 1rem; border: 1px solid #ddd;
+        border-radius: 4px; box-sizing: border-box;
+      }
+      .fa-modal button {
+        width: 100%; padding: 0.8rem; background: #007bff; color: white;
+        border: none; border-radius: 4px; cursor: pointer; font-weight: bold;
+      }
+      .fa-modal button:hover { background: #0056b3; }
+      .fa-modal .cancel {
+        background: none; color: #888; margin-top: 0.5rem; font-weight: normal;
+      }
+      .fa-error { color: #dc3545; font-size: 0.8rem; margin-bottom: 1rem; display: none; }
+    `;
+    document.head.appendChild(style);
+  }
+
+  _createModal(resolve) {
+    const overlay = document.createElement('div');
+    overlay.className = 'fa-modal-overlay';
+    overlay.innerHTML = `
+      <div class="fa-modal">
+        <h2>Confirm Identity</h2>
+        <p>This action requires recent authentication. Please enter your password to continue.</p>
+        <div class="fa-error" id="fa-error-msg"></div>
+        <input type="password" id="fa-password" placeholder="Password" autofocus>
+        <button id="fa-confirm">Confirm</button>
+        <button id="fa-cancel" class="cancel">Cancel</button>
+      </div>
+    `;
+
+    document.body.appendChild(overlay);
+
+    const passwordInput = overlay.querySelector('#fa-password');
+    const confirmBtn = overlay.querySelector('#fa-confirm');
+    const cancelBtn = overlay.querySelector('#fa-cancel');
+    const errorMsg = overlay.querySelector('#fa-error-msg');
+
+    const handleConfirm = async () => {
+      confirmBtn.disabled = true;
+      confirmBtn.textContent = 'Verifying...';
+      errorMsg.style.display = 'none';
+
+      try {
+        const password = passwordInput.value;
+        if (!password) throw new Error('Password is required');
+        
+        await this.auth.request('/fresh-auth', {
+          method: 'POST',
+          body: { password }
+        });
+
+        document.body.removeChild(overlay);
+        resolve(true);
+      } catch (err) {
+        errorMsg.textContent = err.message || 'Verification failed';
+        errorMsg.style.display = 'block';
+        confirmBtn.disabled = false;
+        confirmBtn.textContent = 'Confirm';
+      }
+    };
+
+    confirmBtn.onclick = handleConfirm;
+    passwordInput.onkeypress = (e) => { if (e.key === 'Enter') handleConfirm(); };
+    cancelBtn.onclick = () => {
+      document.body.removeChild(overlay);
+      resolve(false);
+    };
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@javagt/express-easy-auth",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "",
   "type": "module",
   "main": "src/index.js",

package/src/client.js

@@ -59,7 +59,23 @@ export class AuthClient {
       body: options.body ? JSON.stringify(options.body) : undefined,
     });
 
-    const data = await res.json().catch(() => ({}));
+    let data = {};
+    const text = await res.text().catch(() => '');
+    
+    try {
+      data = JSON.parse(text);
+    } catch (e) {
+      // If it's not JSON, check if it's HTML
+      if (text.trim().toLowerCase().startsWith('<!doctype html') || text.trim().toLowerCase().startsWith('<html')) {
+        const titleMatch = text.match(/<title>(.*?)<\/title>/i);
+        const title = titleMatch ? titleMatch[1] : 'HTML Error Page';
+        const bodySnippet = text.replace(/<[^>]*>/g, '').substring(0, 100).trim();
+        data = { error: `Server returned HTML instead of JSON: "${title}". Snippet: ${bodySnippet}...` };
+      } else {
+        data = { error: text.substring(0, 100) || 'Unknown error' };
+      }
+    }
+
     if (!res.ok) {
       throw new AuthError(data.error || 'Request failed', res.status, data.code, data);
     }

package/src/db/init.js

@@ -3,7 +3,6 @@ import fs from 'fs';
 import path from 'path';
 
 let authDb;
-let userDb;
 
 export function initAuthDb(dataDir) {
   if (!authDb) {
@@ -96,6 +95,7 @@ export function initAuthDb(dataDir) {
       stack TEXT,
       context TEXT,
       user_id TEXT,
+      correlation_id TEXT,
       timestamp INTEGER NOT NULL
     );
     
@@ -143,6 +143,7 @@ export function initAuthDb(dataDir) {
     CREATE INDEX IF NOT EXISTS idx_fresh_auth_expires ON fresh_auth_tokens(expires_at);
     CREATE INDEX IF NOT EXISTS idx_logs_timestamp ON system_logs(timestamp);
     CREATE INDEX IF NOT EXISTS idx_logs_level ON system_logs(level);
+    CREATE INDEX IF NOT EXISTS idx_logs_correlation ON system_logs(correlation_id);
   `);
 
   // Migration: Rename old keys if they exist
@@ -182,18 +183,7 @@ export function initAuthDb(dataDir) {
     }
   }
 
-export function initUserDb(dataDir) {
-  if (!userDb) {
-    if (!fs.existsSync(dataDir)) {
-      fs.mkdirSync(dataDir, { recursive: true });
-    }
-    userDb = new DatabaseSync(path.join(dataDir, 'users.db'));
-  }
-
-  // Profile table removed from core library. Implement in demo if needed.
-}
-
-export { authDb, userDb };
+export { authDb };
 export function getAppSettings() {
   const rows = authDb.prepare('SELECT key, value FROM settings').all();
   return rows.reduce((acc, row) => {

package/src/index.js

@@ -1,4 +1,4 @@
-import { initAuthDb, initUserDb, authDb, userDb } from './db/init.js';
+import { initAuthDb, authDb } from './db/init.js';
 import SQLiteSessionStore from './db/sessionStore.js';
 import authRouter from './routes/auth.js';
 import { requireAuth, requireFreshAuth, requireApiKey, authErrorLogger } from './middleware/auth.js';
@@ -27,7 +27,6 @@ export function setupAuth(app, options = {}) {
   const logger = options.logger || new DefaultLogger();
 
   initAuthDb(dataDir);
-  initUserDb(dataDir);
 
   // Store for middleware access
   app.set('config', { ...config, exposeErrors });
@@ -48,7 +47,6 @@ export function setupAuth(app, options = {}) {
 
 export {
   authDb,
-  userDb,
   SQLiteSessionStore,
   authRouter,
   authRouter as auth,

package/src/middleware/auth.js

@@ -90,12 +90,12 @@ export function authErrorLogger(err, req, res, next) {
             err,
             source: 'server',
             userId: req.session?.userId || null,
+            correlationId: req.id,
             context: {
                 url: req.url,
                 method: req.method,
                 ip: req.ip,
-                userAgent: req.get('user-agent'),
-                requestId: req.get('x-request-id') // If available
+                userAgent: req.get('user-agent')
             }
         });
     } else {
@@ -106,6 +106,7 @@ export function authErrorLogger(err, req, res, next) {
     
     res.status(500).json({ 
         error: exposeErrors ? (err.message || 'Internal server error') : 'Internal server error',
+        correlationId: req.id,
         ...(exposeErrors && { stack: err.stack })
     });
 }

package/src/middleware/requestId.js

@@ -0,0 +1,16 @@
+import { randomUUID } from 'node:crypto';
+
+/**
+ * Middleware to generate and attach a correlation ID to each request.
+ * It also attaches it to the response header.
+ */
+export function requestId(req, res, next) {
+    const headerName = 'X-Correlation-ID';
+    const correlationId = req.get(headerName) || randomUUID();
+    
+    req.id = correlationId;
+    req.correlationId = correlationId; // Alias for clarity
+    
+    res.set(headerName, correlationId);
+    next();
+}

package/src/routes/auth.js

@@ -13,7 +13,10 @@ import { authDb, getAppSettings } from '../db/init.js';
 import { requireAuth, requireFreshAuth } from '../middleware/auth.js';
 import { generateRecoveryCodes, generateResetToken, getAuthResponse } from '../utils/authHelpers.js';
 
+import { requestId } from '../middleware/requestId.js';
+
 const router = Router();
+router.use(requestId);
 
 const SALT_ROUNDS = 12;
 
@@ -312,7 +315,7 @@ router.post('/2fa/verify-setup', requireAuth, (req, res) => {
 
   authDb.prepare('UPDATE users SET totp_secret=?, totp_enabled=1 WHERE id=?').run(secret, req.session.userId);
 
-  generateRecoveryCodes(10).then(({ plain: codes, hashes }) => {
+  generateRecoveryCodes(10).then(({ plain: codes, hashed: hashes }) => {
     const now = Date.now();
     const stmt = authDb.prepare('INSERT INTO recovery_codes (id, user_id, code_hash, created_at) VALUES (?, ?, ?, ?)');
     for (const hash of hashes) {

package/src/utils/logger.js

@@ -23,7 +23,7 @@ export class DefaultLogger extends Logger {
 
   error(message, metadata = {}) {
     if (this.console) {
-      console.error(`[error] ${message}`, metadata.err || '');
+      console.error(`[error]${metadata.correlationId ? ` [${metadata.correlationId}]` : ''} ${message}`, metadata.err || '');
     }
     if (this.db) {
       this._logToDb('error', message, metadata);
@@ -31,28 +31,28 @@ export class DefaultLogger extends Logger {
   }
 
   warn(message, metadata = {}) {
-    if (this.console) console.warn(`[warn] ${message}`, metadata);
+    if (this.console) console.warn(`[warn]${metadata.correlationId ? ` [${metadata.correlationId}]` : ''} ${message}`, metadata);
     if (this.db) this._logToDb('warn', message, metadata);
   }
 
   info(message, metadata = {}) {
-    if (this.console) console.info(`[info] ${message}`, metadata);
+    if (this.console) console.info(`[info]${metadata.correlationId ? ` [${metadata.correlationId}]` : ''} ${message}`, metadata);
     if (this.db) this._logToDb('info', message, metadata);
   }
 
   debug(message, metadata = {}) {
-    if (this.console) console.debug(`[debug] ${message}`, metadata);
+    if (this.console) console.debug(`[debug]${metadata.correlationId ? ` [${metadata.correlationId}]` : ''} ${message}`, metadata);
     // Usually don't log debug to DB unless specified, to save space
   }
 
   _logToDb(level, message, metadata) {
     try {
       if (authDb) {
-        const { err, source = 'server', context = {}, userId = null } = metadata;
+        const { err, source = 'server', context = {}, userId = null, correlationId = null } = metadata;
         
         authDb.prepare(`
-          INSERT INTO system_logs (id, level, source, message, stack, context, user_id, timestamp)
-          VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+          INSERT INTO system_logs (id, level, source, message, stack, context, user_id, correlation_id, timestamp)
+          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
         `).run(
           randomUUID(),
           level,
@@ -61,6 +61,7 @@ export class DefaultLogger extends Logger {
           err?.stack || null,
           JSON.stringify(context),
           userId,
+          correlationId,
           Date.now()
         );
       }