@manojkmfsi/monodog 1.1.18 → 1.1.19

package/.env.example

@@ -0,0 +1,19 @@
+# GitHub OAuth Configuration
+GITHUB_CLIENT_ID=your_client_id_here
+GITHUB_CLIENT_SECRET=your_client_secret_here
+OAUTH_REDIRECT_URI=http://localhost:3000/auth/callback
+
+# Database Configuration
+# DATABASE_URL=postgresql://user:password@localhost:5432/monodog
+
+# # Server Configuration
+# SERVER_HOST=localhost
+# SERVER_PORT=5000
+# DASHBOARD_HOST=localhost
+# DASHBOARD_PORT=3000
+
+# # Logging Level (debug, info, warn, error)
+# LOG_LEVEL=info
+
+# # Environment
+# NODE_ENV=development

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @manojkmfsi/monoapp
 
+## 1.1.19
+
+### Patch Changes
+
+- [#146](https://github.com/manojkmfsi/monodog/pull/146) [`5419367`](https://github.com/manojkmfsi/monodog/commit/54193676da5c07498a6dfbbc2bb62a53072648ca) Thanks [@manojkmfsi](https://github.com/manojkmfsi)! - km..,/.,/.
+
 ## 1.1.18
 
 ### Patch Changes

package/dist/middleware/auth-middleware.js

@@ -0,0 +1,186 @@
+"use strict";
+/**
+ * Authentication Middleware
+ * Handles session validation and permission checks
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSessionToken = generateSessionToken;
+exports.storeSession = storeSession;
+exports.getSession = getSession;
+exports.invalidateSession = invalidateSession;
+exports.authenticationMiddleware = authenticationMiddleware;
+exports.repositoryPermissionMiddleware = repositoryPermissionMiddleware;
+exports.getSessionFromRequest = getSessionFromRequest;
+exports.isAuthenticated = isAuthenticated;
+exports.clearExpiredSessions = clearExpiredSessions;
+exports.getSessionStats = getSessionStats;
+exports.initializeAuthentication = initializeAuthentication;
+const logger_1 = require("./logger");
+// Store sessions in memory (should be replaced with proper session store in production)
+const sessionStore = new Map();
+const sessionTimeout = 24 * 60 * 60 * 1000; // 24 hours
+/**
+ * Generate session token
+ */
+function generateSessionToken(length = 32) {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let token = '';
+    for (let i = 0; i < length; i++) {
+        token += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return token;
+}
+/**
+ * Store session
+ */
+function storeSession(session) {
+    const token = generateSessionToken();
+    sessionStore.set(token, session);
+    // Set expiration timeout
+    setTimeout(() => {
+        sessionStore.delete(token);
+        logger_1.AppLogger.debug(`Session expired: ${session.user.login}`);
+    }, sessionTimeout);
+    logger_1.AppLogger.debug(`Session stored for user: ${session.user.login}`);
+    return token;
+}
+/**
+ * Get session by token
+ */
+function getSession(token) {
+    const session = sessionStore.get(token);
+    if (!session) {
+        return null;
+    }
+    // Check if session has expired based on expiresAt
+    if (Date.now() > session.expiresAt) {
+        sessionStore.delete(token);
+        logger_1.AppLogger.warn(`Session token expired: ${token.substring(0, 10)}...`);
+        return null;
+    }
+    return session;
+}
+/**
+ * Invalidate session
+ */
+function invalidateSession(token) {
+    sessionStore.delete(token);
+    logger_1.AppLogger.debug(`Session invalidated: ${token.substring(0, 10)}...`);
+}
+/**
+ * Middleware to verify authentication
+ */
+function authenticationMiddleware(req, res, next) {
+    const token = req.headers.authorization?.replace('Bearer ', '') ||
+        req.cookies?.['auth-token'];
+    if (!token) {
+        logger_1.AppLogger.warn(`Unauthorized request to ${req.path}: no auth token`);
+        res.status(401).json({
+            error: 'Unauthorized',
+            message: 'Authentication token required',
+        });
+        return;
+    }
+    const session = getSession(token);
+    if (!session) {
+        logger_1.AppLogger.warn(`Unauthorized request to ${req.path}: invalid session`);
+        res.status(401).json({
+            error: 'Unauthorized',
+            message: 'Invalid or expired session',
+        });
+        return;
+    }
+    // Attach session to request
+    req.session = session;
+    logger_1.AppLogger.debug(`Authenticated request from user: ${session.user.login}`);
+    next();
+}
+/**
+ * Middleware to verify repository permission
+ */
+function repositoryPermissionMiddleware(requiredPermission) {
+    return (req, res, next) => {
+        const authReq = req;
+        const session = authReq.session;
+        if (!session) {
+            res.status(401).json({
+                error: 'Unauthorized',
+                message: 'Session not found',
+            });
+            return;
+        }
+        const permission = authReq.permission;
+        if (!permission) {
+            res.status(403).json({
+                error: 'Forbidden',
+                message: 'Permission not resolved for repository',
+            });
+            return;
+        }
+        const permissionHierarchy = {
+            admin: 4,
+            maintain: 3,
+            write: 2,
+            read: 1,
+            none: 0,
+        };
+        const userLevel = permissionHierarchy[permission.permission] || 0;
+        const requiredLevel = permissionHierarchy[requiredPermission] || 0;
+        if (userLevel < requiredLevel) {
+            logger_1.AppLogger.warn(`User ${session.user.login} lacks permission for action requiring ${requiredPermission}`);
+            res.status(403).json({
+                error: 'Forbidden',
+                message: `This action requires ${requiredPermission} permission`,
+            });
+            return;
+        }
+        next();
+    };
+}
+/**
+ * Get session from request
+ */
+function getSessionFromRequest(req) {
+    return req.session || null;
+}
+/**
+ * Check if user is authenticated
+ */
+function isAuthenticated(req) {
+    return !!getSessionFromRequest(req);
+}
+/**
+ * Clear expired sessions (should be called periodically)
+ */
+function clearExpiredSessions() {
+    const now = Date.now();
+    let clearedCount = 0;
+    for (const [token, session] of sessionStore.entries()) {
+        if (now > session.expiresAt) {
+            sessionStore.delete(token);
+            clearedCount++;
+        }
+    }
+    if (clearedCount > 0) {
+        logger_1.AppLogger.debug(`Cleared ${clearedCount} expired sessions`);
+    }
+}
+/**
+ * Get session statistics
+ */
+function getSessionStats() {
+    return {
+        activeSessions: sessionStore.size,
+        maxSessions: 10000,
+    };
+}
+/**
+ * Initialize authentication (call on server startup)
+ */
+function initializeAuthentication() {
+    // Periodically clear expired sessions
+    setInterval(() => {
+        clearExpiredSessions();
+    }, 60 * 1000); // Every minute
+    logger_1.AppLogger.info('Authentication system initialized');
+}

package/dist/middleware/server-startup.js

@@ -18,7 +18,11 @@ const package_routes_1 = __importDefault(require("../routes/package-routes"));
 const commit_routes_1 = __importDefault(require("../routes/commit-routes"));
 const health_routes_1 = __importDefault(require("../routes/health-routes"));
 const config_routes_1 = __importDefault(require("../routes/config-routes"));
+const auth_routes_1 = __importDefault(require("../routes/auth-routes"));
+const permission_routes_1 = __importDefault(require("../routes/permission-routes"));
 const constants_1 = require("../constants");
+const auth_middleware_1 = require("./auth-middleware");
+const permission_service_1 = require("../services/permission-service");
 /**
  * Validate port number
  */
@@ -49,7 +53,13 @@ function createApp(rootPath) {
     app.use(logger_1.httpLogger);
     // Setup Swagger documentation
     (0, swagger_middleware_1.setupSwaggerDocs)(app);
+    // Initialize authentication system
+    (0, auth_middleware_1.initializeAuthentication)();
+    // Start permission cache cleanup
+    (0, permission_service_1.startCacheCleanup)();
     // Routes
+    app.use('/api/auth', auth_routes_1.default);
+    app.use('/api/permissions', permission_routes_1.default);
     app.use('/api/packages', package_routes_1.default);
     app.use('/api/commits/', commit_routes_1.default);
     app.use('/api/health/', health_routes_1.default);
@@ -75,13 +85,28 @@ function startServer(rootPath) {
             console.log((0, constants_1.SUCCESS_SERVER_START)(host, validatedPort));
             logger_1.AppLogger.info('API endpoints available:', {
                 endpoints: [
+                    // Auth endpoints
+                    'GET  /api/auth/login',
+                    'GET  /api/auth/callback',
+                    'GET  /api/auth/me',
+                    'POST /api/auth/validate',
+                    'POST /api/auth/logout',
+                    'POST /api/auth/refresh',
+                    // Permission endpoints
+                    'GET  /api/permissions/:owner/:repo',
+                    'POST /api/permissions/:owner/:repo/can-action',
+                    'POST /api/permissions/:owner/:repo/invalidate',
+                    // Package endpoints
                     'POST /api/packages/refresh',
                     'GET  /api/packages',
                     'GET  /api/packages/:name',
                     'PUT  /api/packages/update-config',
+                    // Commit endpoints
                     'GET  /api/commits/:packagePath',
+                    // Health endpoints
                     'GET  /api/health/packages',
                     'POST /api/health/refresh',
+                    // Config endpoints
                     'PUT  /api/config/files/:id',
                     'GET  /api/config/files',
                 ],

package/dist/routes/auth-routes.js

@@ -0,0 +1,342 @@
+"use strict";
+/**
+ * Authentication Routes
+ * Handles GitHub OAuth and session management
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = require("express");
+const github_oauth_service_1 = require("../services/github-oauth-service");
+const auth_middleware_1 = require("../middleware/auth-middleware");
+const logger_1 = require("../middleware/logger");
+const router = (0, express_1.Router)();
+// OAuth configuration (should come from environment variables)
+// const GITHUB_CLIENT_ID = process.env.GITHUB_CLIENT_ID || '';
+// const GITHUB_CLIENT_SECRET = process.env.GITHUB_CLIENT_SECRET || '';
+// const OAUTH_REDIRECT_URI = process.env.OAUTH_REDIRECT_URI || 'http://localhost:3000/auth/callback';
+// State store for CSRF protection
+const stateStore = new Map();
+const STATE_EXPIRY = 10 * 60 * 1000; // 10 minutes
+/**
+ * Generate random state for CSRF protection
+ */
+function generateState() {
+    return Math.random().toString(36).substring(2, 15) +
+        Math.random().toString(36).substring(2, 15);
+}
+/**
+ * Validate OAuth state
+ */
+function validateState(state) {
+    const entry = stateStore.get(state);
+    if (!entry) {
+        return false;
+    }
+    // Check if state has expired
+    if (Date.now() - entry.createdAt > STATE_EXPIRY) {
+        stateStore.delete(state);
+        return false;
+    }
+    return true;
+}
+/**
+ * Get redirect URL from state
+ */
+function getRedirectUrl(state) {
+    const entry = stateStore.get(state);
+    return entry?.redirectUrl;
+}
+/**
+ * Clear state after use
+ */
+function clearState(state) {
+    stateStore.delete(state);
+}
+/**
+ * Start OAuth login flow
+ * GET /auth/login
+ */
+router.get('/login', (req, res) => {
+    try {
+        if (!process.env.GITHUB_CLIENT_ID) {
+            logger_1.AppLogger.error('GitHub client ID not configured');
+            res.status(500).json({
+                error: 'OAuth not configured',
+                message: 'GitHub OAuth is not properly configured',
+            });
+            return;
+        }
+        const state = generateState();
+        const redirectUrl = req.query.redirect || '/';
+        // Store state for validation
+        stateStore.set(state, {
+            createdAt: Date.now(),
+            redirectUrl,
+        });
+        const authUrl = (0, github_oauth_service_1.generateAuthorizationUrl)(process.env.GITHUB_CLIENT_ID, process.env.OAUTH_REDIRECT_URI, state);
+        res.json({
+            success: true,
+            authUrl,
+            message: 'Redirect to this URL to authenticate with GitHub',
+        });
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`Login initiation failed: ${error}`);
+        res.status(500).json({
+            error: 'Login failed',
+            message: 'Failed to initiate GitHub OAuth flow',
+        });
+    }
+});
+/**
+ * OAuth callback handler
+ * GET /auth/callback?code=...&state=...
+ */
+router.get('/callback', async (req, res) => {
+    try {
+        const { code, state, error, error_description } = req.query;
+        // Handle OAuth errors
+        if (error) {
+            logger_1.AppLogger.warn(`OAuth error: ${error} - ${error_description}`);
+            res.status(400).json({
+                success: false,
+                error: error,
+                message: error_description,
+            });
+            return;
+        }
+        // Validate code and state
+        if (!code || !state) {
+            logger_1.AppLogger.warn('OAuth callback missing code or state');
+            res.status(400).json({
+                success: false,
+                error: 'Missing parameters',
+                message: 'OAuth code and state are required',
+            });
+            return;
+        }
+        // Validate state for CSRF protection
+        if (!validateState(state)) {
+            logger_1.AppLogger.warn(`Invalid or expired state in OAuth callback: ${state}`);
+            res.status(400).json({
+                success: false,
+                error: 'Invalid state',
+                message: 'CSRF validation failed',
+            });
+            return;
+        }
+        if (!process.env.GITHUB_CLIENT_SECRET) {
+            logger_1.AppLogger.error('GitHub client secret not configured');
+            res.status(500).json({
+                error: 'OAuth not configured',
+                message: 'GitHub OAuth is not properly configured',
+            });
+            return;
+        }
+        // Exchange code for access token
+        logger_1.AppLogger.debug('Exchanging OAuth code for access token');
+        const tokenResponse = await (0, github_oauth_service_1.exchangeCodeForToken)(code, process.env.GITHUB_CLIENT_ID, process.env.GITHUB_CLIENT_SECRET, process.env.OAUTH_REDIRECT_URI);
+        // Get user information
+        logger_1.AppLogger.debug('Retrieving authenticated user information');
+        const user = await (0, github_oauth_service_1.getAuthenticatedUser)(tokenResponse.access_token);
+        // Create session
+        const session = {
+            accessToken: tokenResponse.access_token,
+            expiresIn: 3600, // 1 hour default
+            expiresAt: Date.now() + 24 * 60 * 60 * 1000, // 24 hours
+            user,
+            scopes: tokenResponse.scope.split(','),
+        };
+        // Store session and get token
+        const sessionToken = (0, auth_middleware_1.storeSession)(session);
+        // Get redirect URL
+        const redirectUrl = getRedirectUrl(state) || '/';
+        // Clear state
+        clearState(state);
+        logger_1.AppLogger.info(`User authenticated: ${user.login}`);
+        res.json({
+            success: true,
+            message: 'Authentication successful',
+            sessionToken,
+            redirectUrl,
+            user: {
+                id: user.id,
+                login: user.login,
+                name: user.name,
+                avatar_url: user.avatar_url,
+            },
+        });
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`OAuth callback failed: ${error}`);
+        res.status(500).json({
+            success: false,
+            error: 'Authentication failed',
+            message: 'Failed to complete GitHub OAuth flow',
+        });
+    }
+});
+/**
+ * Get current user session
+ * GET /auth/me
+ */
+router.get('/me', auth_middleware_1.authenticationMiddleware, (req, res) => {
+    try {
+        const session = (0, auth_middleware_1.getSessionFromRequest)(req);
+        if (!session) {
+            res.status(401).json({
+                error: 'Unauthorized',
+                message: 'No active session',
+            });
+            return;
+        }
+        res.json({
+            success: true,
+            user: {
+                id: session.user.id,
+                login: session.user.login,
+                name: session.user.name,
+                email: session.user.email,
+                avatar_url: session.user.avatar_url,
+                public_repos: session.user.public_repos,
+                followers: session.user.followers,
+                following: session.user.following,
+            },
+            scopes: session.scopes,
+            expiresAt: session.expiresAt,
+        });
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`Failed to get user session: ${error}`);
+        res.status(500).json({
+            error: 'Internal server error',
+            message: 'Failed to retrieve user information',
+        });
+    }
+});
+/**
+ * Validate session
+ * POST /auth/validate
+ */
+router.post('/validate', auth_middleware_1.authenticationMiddleware, async (req, res) => {
+    try {
+        const session = (0, auth_middleware_1.getSessionFromRequest)(req);
+        if (!session) {
+            res.status(401).json({
+                success: false,
+                valid: false,
+                message: 'No active session',
+            });
+            return;
+        }
+        // Validate token with GitHub
+        const isValid = await (0, github_oauth_service_1.validateToken)(session.accessToken);
+        if (!isValid) {
+            // Token is no longer valid, invalidate session
+            const token = req.headers.authorization?.replace('Bearer ', '') ||
+                req.cookies?.['auth-token'];
+            if (token) {
+                (0, auth_middleware_1.invalidateSession)(token);
+            }
+            res.status(401).json({
+                success: false,
+                valid: false,
+                message: 'Session token is no longer valid',
+            });
+            return;
+        }
+        res.json({
+            success: true,
+            valid: true,
+            message: 'Session is valid',
+            expiresAt: session.expiresAt,
+        });
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`Session validation failed: ${error}`);
+        res.status(500).json({
+            success: false,
+            valid: false,
+            error: 'Validation failed',
+            message: 'Failed to validate session',
+        });
+    }
+});
+/**
+ * Logout
+ * POST /auth/logout
+ */
+router.post('/logout', auth_middleware_1.authenticationMiddleware, (req, res) => {
+    try {
+        const token = req.headers.authorization?.replace('Bearer ', '') ||
+            req.cookies?.['auth-token'];
+        if (token) {
+            (0, auth_middleware_1.invalidateSession)(token);
+        }
+        res.json({
+            success: true,
+            message: 'Logout successful',
+        });
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`Logout failed: ${error}`);
+        res.status(500).json({
+            success: false,
+            error: 'Logout failed',
+            message: 'Failed to logout',
+        });
+    }
+});
+/**
+ * Refresh session (token)
+ * POST /auth/refresh
+ */
+router.post('/refresh', auth_middleware_1.authenticationMiddleware, async (req, res) => {
+    try {
+        const session = (0, auth_middleware_1.getSessionFromRequest)(req);
+        if (!session) {
+            res.status(401).json({
+                success: false,
+                error: 'Unauthorized',
+                message: 'No active session',
+            });
+            return;
+        }
+        // Validate token is still valid
+        const isValid = await (0, github_oauth_service_1.validateToken)(session.accessToken);
+        if (!isValid) {
+            res.status(401).json({
+                success: false,
+                error: 'Unauthorized',
+                message: 'Token is no longer valid with GitHub',
+            });
+            return;
+        }
+        // Create new session with updated expiry
+        const newSession = {
+            ...session,
+            expiresAt: Date.now() + 24 * 60 * 60 * 1000, // Extend 24 hours
+        };
+        const newToken = (0, auth_middleware_1.storeSession)(newSession);
+        // Invalidate old token
+        const oldToken = req.headers.authorization?.replace('Bearer ', '') ||
+            req.cookies?.['auth-token'];
+        if (oldToken) {
+            (0, auth_middleware_1.invalidateSession)(oldToken);
+        }
+        res.json({
+            success: true,
+            message: 'Session refreshed successfully',
+            sessionToken: newToken,
+            expiresAt: newSession.expiresAt,
+        });
+    }
+    catch (error) {
+        logger_1.AppLogger.error(`Session refresh failed: ${error}`);
+        res.status(500).json({
+            success: false,
+            error: 'Refresh failed',
+            message: 'Failed to refresh session',
+        });
+    }
+});
+exports.default = router;