npm - @opengis/fastify-table - Versions diffs - 1.5.9 → 2.0.0 - Mend

@opengis/fastify-table 1.5.9 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,6 @@
 import path from "node:path";
 import { existsSync, readdirSync, readFileSync } from "node:fs";
 import { fileURLToPath } from "node:url";
-import fp from "fastify-plugin";
 import proxy from "@fastify/http-proxy";
 import config from "./config.js";
 const { maxFileSize = 512 } = config;
@@ -16,6 +15,7 @@ import policyPlugin from "./server/plugins/policy/index.js";
 import metricPlugin from "./server/plugins/metric/index.js";
 import redisPlugin from "./server/plugins/redis/index.js";
 import loggerPlugin from "./server/plugins/logger/index.js";
+import authPlugin from "./server/plugins/auth/index.js";
 // routes
 import cronRoutes from "./server/routes/cron/index.js";
 import crudRoutes from "./server/routes/crud/index.js";
@@ -33,6 +33,7 @@ import dblistRoutes from "./server/routes/dblist/index.js";
 import menuRoutes from "./server/routes/menu/index.js";
 import templatesRoutes from "./server/routes/templates/index.js";
 import widgetRoutes from "./server/routes/widget/index.js";
+import authRoutes from "./server/routes/auth/index.js";
 // core templates && cls
 const filename = fileURLToPath(import.meta.url);
 const cwd = path.dirname(filename);
@@ -80,6 +81,7 @@ async function plugin(fastify, opt) {
     config.templates?.forEach((el) => addTemplateDir(el));
     addTemplateDir(path.join(cwd, "module/core"));
     // plugins / utils / funcs
+    await authPlugin(fastify, config); // fastify-auth api + hooks integrated to core
     policyPlugin(fastify);
     metricPlugin();
     redisPlugin(fastify);
@@ -96,6 +98,30 @@ async function plugin(fastify, opt) {
             keyGenerator: (req) => `${req.ip}-${req.raw.url.split("?")[0]}`,
         });
     }
+    if (config.dblist) {
+        dblistRoutes(fastify);
+    }
+    // routes / api
+    cronRoutes(fastify);
+    crudRoutes(fastify);
+    loggerRoutes(fastify);
+    propertiesRoutes(fastify);
+    tableRoutes(fastify, opt);
+    utilRoutes(fastify);
+    accessRoutes(fastify, opt);
+    widgetRoutes(fastify, opt);
+    menuRoutes(fastify, opt);
+    templatesRoutes(fastify, opt);
+    authRoutes(fastify, opt); // from fastify-auth
+    // fastify.register(import("./server/routes/auth/index.js"));
+    // from fastify-file
+    await fastify.register(import("@fastify/multipart"), {
+        limits: {
+            fileSize: maxFileSize * 1024 * 1024,
+        },
+    }); // content parser, await before adding upload routes
+    fastify.register(import("./server/routes/file/index.js"), opt);
+    fastify.register(import("./server/routes/grpc/index.js"), opt);
     config.proxy?.forEach?.((el) => {
         if (execName === "bun") {
             fastify.all(`${el.source}/*`, async (req, reply) => {
@@ -140,32 +166,5 @@ async function plugin(fastify, opt) {
             });
         }
     });
-    if (config.dblist) {
-        dblistRoutes(fastify);
-    }
-    // routes / api
-    cronRoutes(fastify);
-    crudRoutes(fastify);
-    loggerRoutes(fastify);
-    propertiesRoutes(fastify);
-    tableRoutes(fastify, opt);
-    utilRoutes(fastify);
-    accessRoutes(fastify, opt);
-    widgetRoutes(fastify, opt);
-    menuRoutes(fastify, opt);
-    templatesRoutes(fastify, opt);
-    // from fastify-file
-    await fastify.register(import("@fastify/multipart"), {
-        limits: {
-            fileSize: maxFileSize * 1024 * 1024,
-        },
-    }); // content parser, await before adding upload routes
-    fastify.register(import("./server/routes/file/index.js"), opt);
-    fastify.register(import("./server/routes/grpc/index.js"), opt);
-    fastify.get("/api/test-proxy", {}, (req) => ({
-        ...(req.headers || {}),
-        sessionId: req.session?.sessionId,
-    }));
-    fastify.get("/api/config", { config: { policy: ["admin", "site"] } }, () => config);
 }
-export default fp(plugin);
+export default plugin;

package/dist/server/migrations/oauth.sql.sql ADDED Viewed

@@ -0,0 +1,77 @@
+CREATE schema if not exists oauth;
+CREATE TABLE if not exists oauth.clients (
+  client_id              text PRIMARY KEY DEFAULT next_id(),   -- ID клієнта (публічний ідентифікатор)
+  client_secret_hash     text,                                 -- Хеш секрету (NULL для public-клієнтів)
+  name                   text NOT NULL,                        -- Назва застосунку
+  type                   text NOT NULL CHECK (type IN ('public','confidential')),
+  token_endpoint_auth_method text NOT NULL CHECK (token_endpoint_auth_method IN ('client_secret_basic','client_secret_post','private_key_jwt','none')),
+  owner_user_id          text,                                 -- Власник/адміністратор клієнта (посилання на users.id or other id)
+  redirect_uris          text[],         					   -- Дозволені redirect_uri
+  grant_types            text[]  CHECK (case when grant_types is not null then grant_types <@ ARRAY['authorization_code','refresh_token','client_credentials','device_code']::text[] else true end),
+  require_pkce           boolean NOT NULL DEFAULT true,
+  scopes         text[],
+  allowed_cors_origins   text[],
+  jwks                   jsonb,                                -- Вбудований JWK Set (опційно)
+  created_at             timestamptz NOT NULL DEFAULT now(),
+  updated_at             timestamptz NOT NULL DEFAULT now()
+);
+CREATE TABLE if not exists oauth.tokens (
+  id                     text PRIMARY KEY DEFAULT next_id(),
+  token_type             text NOT NULL CHECK (token_type IN ('access','refresh')),
+  token_hash             text NOT NULL UNIQUE,                  -- Argon2/bcrypt/SCrypt (хеш у застосунку)
+  token_hint             text,                                  -- останні 6-8 символів для діагностики (необов’язково)
+  jti                    text UNIQUE,                           -- JWT ID, якщо токен — JWT
+  client_id              text NOT NULL REFERENCES oauth.clients(client_id) ON DELETE CASCADE,
+  user_id                text,                                  -- NULL для client_credentials
+  issuer                 text,                                  -- iss
+  scopes                 text[],
+  claims                 jsonb,                                 -- додаткові клейми
+  issued_at              timestamptz NOT NULL DEFAULT now(),
+  expires_at             timestamptz NOT NULL,
+  revoked_at             timestamptz,
+  revocation_reason      text,
+  ip                     inet                                  -- IP видачі/використання (опційно)
+);
+COMMENT ON SCHEMA oauth IS 'Schema for OAuth2 / OpenID Connect clients and tokens';
+-- Comments for oauth.clients
+COMMENT ON TABLE oauth.clients IS 'OAuth 2.0 clients (applications) that can request tokens';
+COMMENT ON COLUMN oauth.clients.client_id IS 'Client identifier (public ID, generated by next_id())';
+COMMENT ON COLUMN oauth.clients.client_secret_hash IS 'Hashed client secret (NULL for public clients)';
+COMMENT ON COLUMN oauth.clients.name IS 'Name of the application/client';
+COMMENT ON COLUMN oauth.clients.type IS 'Client type: public or confidential';
+COMMENT ON COLUMN oauth.clients.token_endpoint_auth_method IS 'Authentication method at token endpoint (client_secret_basic, client_secret_post, private_key_jwt, none)';
+COMMENT ON COLUMN oauth.clients.owner_user_id IS 'Owner/administrator of the client (reference to users.id or external id)';
+COMMENT ON COLUMN oauth.clients.redirect_uris IS 'Allowed redirect URIs';
+COMMENT ON COLUMN oauth.clients.grant_types IS 'Allowed grant types (authorization_code, refresh_token, client_credentials, device_code)';
+COMMENT ON COLUMN oauth.clients.require_pkce IS 'Whether PKCE is required (default true)';
+COMMENT ON COLUMN oauth.clients.scopes IS 'Allowed OAuth2 scopes';
+COMMENT ON COLUMN oauth.clients.allowed_cors_origins IS 'Allowed CORS origins for browser-based apps';
+COMMENT ON COLUMN oauth.clients.jwks IS 'Embedded JSON Web Key Set (optional)';
+COMMENT ON COLUMN oauth.clients.created_at IS 'Creation timestamp';
+COMMENT ON COLUMN oauth.clients.updated_at IS 'Last update timestamp';
+-- Comments for oauth.tokens
+COMMENT ON TABLE oauth.tokens IS 'Issued OAuth 2.0 tokens (access or refresh)';
+COMMENT ON COLUMN oauth.tokens.id IS 'Internal token ID (generated by next_id())';
+COMMENT ON COLUMN oauth.tokens.token_type IS 'Type of token: access or refresh';
+COMMENT ON COLUMN oauth.tokens.token_hash IS 'Secure hash of the token (Argon2/bcrypt/SCrypt)';
+COMMENT ON COLUMN oauth.tokens.token_hint IS 'Optional hint (last 6–8 characters of token) for diagnostics';
+COMMENT ON COLUMN oauth.tokens.jti IS 'JWT ID if token is a JWT (unique)';
+COMMENT ON COLUMN oauth.tokens.client_id IS 'Reference to oauth.clients (issuing client)';
+COMMENT ON COLUMN oauth.tokens.user_id IS 'User ID if bound to user (NULL for client_credentials flow)';
+COMMENT ON COLUMN oauth.tokens.issuer IS 'Token issuer (iss claim)';
+COMMENT ON COLUMN oauth.tokens.scopes IS 'Granted OAuth2 scopes for this token';
+COMMENT ON COLUMN oauth.tokens.claims IS 'Additional claims (JSONB)';
+COMMENT ON COLUMN oauth.tokens.issued_at IS 'Timestamp when issued';
+COMMENT ON COLUMN oauth.tokens.expires_at IS 'Timestamp when token expires';
+COMMENT ON COLUMN oauth.tokens.revoked_at IS 'Timestamp when revoked';
+COMMENT ON COLUMN oauth.tokens.revocation_reason IS 'Reason for revocation (if any)';
+COMMENT ON COLUMN oauth.tokens.ip IS 'IP address of issuance/usage (optional)';

package/dist/server/plugins/auth/funcs/authorizeUser.js ADDED Viewed

@@ -0,0 +1,63 @@
+import config from "../../../../config.js";
+import logger from "../../logger/getLogger.js";
+import applyHook from "../../hook/funcs/applyHook.js";
+import logAuth from "./logAuth.js";
+/*
+session duration by default
+* 10 hours = 600 minutes w/o keep (remember me checkbox)
+* 30 days = 720 hours = 43200 minutes w/ keep
+*/
+const { sessionTimeout = 600, sessionTimeoutKeep = 43200 } = config.auth || {};
+const getIp = (req) => (req.headers?.["x-real-ip"] ||
+    req.headers?.["x-forwarded-for"] ||
+    req.ip ||
+    req.connection?.remoteAddress ||
+    "")
+    .split(":")
+    .pop();
+export default async function authorizeUser(user, req, loginType = "login", expire) {
+    if (!user?.uid)
+        return "/logout";
+    // fastify/passport
+    await req.login(user);
+    const st = (req.body?.keep || req.query?.keep) === "on"
+        ? sessionTimeoutKeep
+        : sessionTimeout;
+    const maxAge = expire || st * 1000 * 60;
+    if (req.session?.cookie) {
+        req.session.cookie.maxAge = maxAge;
+    }
+    logger.file("auth", {
+        level: "DEBUG",
+        name: loginType,
+        response: { uid: user?.uid, name: user.name },
+    }, req);
+    const ip = getIp(req);
+    if (loginType === "login") {
+        await logAuth({
+            uid: user?.uid,
+            type: loginType,
+            ip,
+        });
+    }
+    const { href } = (await applyHook("afterAuth", {
+        ip,
+        user,
+        name: loginType,
+        referer: req.headers?.referer,
+    })) ||
+        {};
+    await req.session?.save?.();
+    if (req.method === "POST") {
+        return { message: "ok", status: "200" };
+    }
+    if (href) {
+        return href;
+    }
+    if (config.auth?.redirectAfter) {
+        return config.auth?.redirectAfter;
+    }
+    const redirectUrl = req.headers?.referer?.match?.(/[?&]redirect=([^&]+)/)?.[1] || "/";
+    // logger.debug('login', { redirect, ref: headers?.referer, sid: req.sid });
+    return redirectUrl.startsWith("/") ? redirectUrl : "/";
+}

package/dist/server/plugins/auth/funcs/checkReferer.js ADDED Viewed

@@ -0,0 +1,24 @@
+import config from "../../../../config.js";
+import getRedis from "../../redis/funcs/getRedis.js";
+const rclient = getRedis();
+async function checkReferer({ req, referer, hostOauth, }) {
+    if (config.local || config.debug)
+        return false;
+    if (!referer && !hostOauth)
+        return true;
+    if (hostOauth?.includes(req.hostname)) {
+        const tokenData = config.redis
+            ? JSON.parse((await rclient.get(`auth_social:${req.query.data}`)) || "{}")
+            : null;
+        if (referer && tokenData?.provider === "google") {
+            return !referer.startsWith("https://accounts.google.com");
+        }
+        return false;
+    }
+    if (req?.session?.login_referer &&
+        !req.session?.login_referer?.includes(req.hostname)) {
+        return true;
+    }
+    return false;
+}
+export default checkReferer;

package/dist/server/plugins/auth/funcs/getQuery.js ADDED Viewed

@@ -0,0 +1,127 @@
+const insertSocialSQL = `insert into admin.users_social_auth(uid, phone, user_name, sur_name, email, social_auth_id,
+social_auth_type, social_auth_date, social_auth_obj, city, enabled)
+select $9, $1, $2, $3, $4, $5,
+$6, now(), $7, $8, true
+on conflict(social_auth_id,email) do update set
+  phone=excluded.phone, user_name=excluded.user_name,
+  sur_name=excluded.sur_name, email=excluded.email, social_auth_id=excluded.social_auth_id,
+  social_auth_type=excluded.social_auth_type, social_auth_date=excluded.social_auth_date,
+  social_auth_obj=excluded.social_auth_obj, city=excluded.city, enabled=excluded.enabled`;
+const insertUserSQL = `insert into admin.users (enabled, phone, user_name, sur_name, father_name, email, user_rnokpp)
+values(true, $1, $2, $3, $4, $5, $6)
+on conflict (user_rnokpp) do update set
+  phone=excluded.phone,
+  user_name=excluded.user_name,
+  sur_name=excluded.sur_name,
+  father_name=excluded.father_name,
+  email=excluded.email
+returning uid`;
+const updateUserSQL = `update admin.users set
+phone=$1, user_name=$2, sur_name=$3,
+father_name=coalesce($4, father_name), email=$5, social_auth_id=$6,
+social_auth_type=$7 where uid=$8 returning uid`;
+const deleteSocialIdSQL = `delete from admin.users_social_auth where social_auth_id=$1 or email=$2`;
+import config from "../../../../config.js";
+import logger from "../../logger/getLogger.js";
+export default async function getQuery({ pg, data, }) {
+    if (typeof data !== "object") {
+        throw new Error("invalid param data");
+    }
+    const { drfocode, // personal eusign code
+    edrpoucode, // organization eusign code
+    locality: city, middlename, email: emailOriginal, phone, sub, // google account ID
+     } = data?.user || data || {};
+    // google and id.gov.ua compatibility
+    const email = ["", "n/a"].includes(emailOriginal) ? null : emailOriginal;
+    const name = data?.user
+        ? data?.user?.given_name || data?.user?.givenname
+        : data?.givenname;
+    const surname = data?.user
+        ? data?.user?.family_name || data?.user?.lastname
+        : data?.lastname;
+    const id = drfocode || edrpoucode || sub;
+    if (!id && !email) {
+        throw new Error("invalid params: no id or email");
+    }
+    const authType = data?.type || "govid";
+    const isSocialPK = pg.pk?.["admin.users_social_auth"];
+    const userId = await pg
+        .query(`select uid from admin.users where ${id ? "user_rnokpp=$1" : "email=$1"}`, [id || email])
+        .then((el) => el.rows?.[0]?.uid);
+    const socialUserId = isSocialPK
+        ? await pg
+            .query(`select uid from admin.users_social_auth where $1 in (social_auth_id,email) limit 1`, [email || id])
+            .then((el) => el.rows?.[0]?.uid)
+        : null;
+    const client = await pg.connect();
+    try {
+        await client.query("BEGIN");
+        if (userId || socialUserId) {
+            // delete old user, prevent duplicates / access level issues
+            await client.query("delete from admin.users where $1 in (user_rnokpp, social_auth_id) and uid<>$2", [id, userId || socialUserId]);
+        }
+        const uid = userId || socialUserId
+            ? await client
+                .query(updateUserSQL, [
+                phone,
+                name,
+                surname,
+                middlename,
+                email,
+                id,
+                authType,
+                userId || socialUserId,
+            ])
+                .then((el) => el.rows?.[0]?.uid)
+            : await client
+                .query(insertUserSQL, [phone, name, surname, middlename, email, id])
+                .then((el) => el.rows?.[0]?.uid);
+        const args = [
+            phone,
+            name,
+            surname,
+            email,
+            id,
+            authType,
+            data?.user || data,
+            city,
+            uid,
+        ];
+        if (isSocialPK) {
+            await client.query(deleteSocialIdSQL, [id, email]);
+            await client.query(insertSocialSQL, args);
+        }
+        await client.query("COMMIT");
+        logger.file("auth/getQuery", {
+            data: config.debug ? data : undefined,
+            id,
+            email,
+            name,
+            surname,
+            authType,
+            uid,
+            socialUserId,
+        });
+    }
+    catch (err) {
+        await client.query("ROLLBACK");
+        logger.file("auth/getQuery/error", {
+            error: err.toString(),
+            data: config.debug ? data : undefined,
+            id,
+            email,
+            userId,
+            socialUserId,
+            stack: err.stack,
+        });
+        throw new Error("Помилка авторизації. Зверніться до адміністратора");
+    }
+    finally {
+        client.release();
+    }
+    const result = await pg
+        .query(`select * from admin.users where uid =(select uid from admin.users_social_auth
+  where ${id ? "social_auth_id=$1" : "email=$1"} limit 1)`, [id || email])
+        .then((el) => el.rows?.[0] || {});
+    return result;
+}

package/dist/server/plugins/auth/funcs/jwt.js ADDED Viewed

@@ -0,0 +1,63 @@
+import { createHmac, scrypt, randomBytes } from "node:crypto";
+import util from "node:util";
+import config from "../../../../config.js";
+const scryptAsync = util.promisify(scrypt);
+const { jwtSecret = "65450754381cfaf768eeb4bb33326529b48a40ffdb6e15d84dc224dff527166f", } = config.auth || {};
+const jwtHeader = Buffer.from(JSON.stringify({
+    alg: "HS256",
+    typ: "JWT",
+})).toString("base64");
+export async function scryptHash(code) {
+    const salt = randomBytes(16).toString("hex");
+    const derived = (await scryptAsync(code, salt, 64)); // 64 bytes
+    return `${salt}:${derived.toString("hex")}`;
+}
+export async function scryptVerify(stored, code) {
+    const [salt, keyHex] = stored.split(":");
+    const derived = (await scryptAsync(code, salt, 64));
+    return keyHex === derived.toString("hex");
+}
+export function sign(uid, secret = jwtSecret, exp = 90000) {
+    if (typeof uid !== "string")
+        throw new Error("uid must be a string");
+    if (secret && typeof secret !== "string")
+        throw new Error("secret must be a string");
+    if (typeof exp !== "number")
+        throw new Error("exp must be a number");
+    const jwtPayload = Buffer.from(JSON.stringify({
+        uid,
+        exp,
+        created: Date.now(),
+    })).toString("base64");
+    const jwtEncrypted = [jwtHeader, jwtPayload].join(".");
+    const signature = createHmac("sha256", secret)
+        .update(jwtEncrypted)
+        .digest("base64");
+    return `${jwtEncrypted}.${signature}`;
+}
+export function verify(token, secret = jwtSecret) {
+    if (!token)
+        throw new Error("not enough params: token");
+    if (!secret)
+        throw new Error("not enough params: secret");
+    const split = token.split(".");
+    const signature = split[2];
+    try {
+        const header = JSON.parse(Buffer.from(split[0], "base64").toString());
+        const payload = JSON.parse(Buffer.from(split[1], "base64").toString());
+        const jwtHeader = Buffer.from(JSON.stringify(header)).toString("base64");
+        const jwtPayload = Buffer.from(JSON.stringify(payload)).toString("base64");
+        const jwtEncryptedExpected = [jwtHeader, jwtPayload].join(".");
+        const expectedSignature = createHmac("sha256", secret)
+            .update(jwtEncryptedExpected)
+            .digest("base64");
+        if (signature === expectedSignature) {
+            return true;
+        }
+        return false;
+    }
+    catch (err) {
+        return false;
+    }
+}
+export default null;

package/dist/server/plugins/auth/funcs/logAuth.js ADDED Viewed

@@ -0,0 +1,17 @@
+import pgClients from "../../pg/pgClients.js";
+import dataInsert from "../../crud/funcs/dataInsert.js";
+export default async function logAuth({ uid, type = "login", data, ip, }, pg = pgClients.client) {
+    const res = await dataInsert({
+        pg,
+        table: "log.user_auth",
+        uid,
+        data: {
+            user_id: uid,
+            auth_date: new Date().toISOString(),
+            auth_type: type,
+            auth_data: data,
+            ip,
+        },
+    });
+    return res;
+}

package/dist/server/plugins/auth/funcs/loginFile.js ADDED Viewed

@@ -0,0 +1,41 @@
+import path from 'node:path';
+import { existsSync, readFileSync } from 'node:fs';
+import { createHash } from 'node:crypto';
+import config from '../../../../config.js';
+import users from './users.js';
+import authorizeUser from './authorizeUser.js';
+export default async function loginFile(req, reply) {
+    const { username, password } = req.method === 'POST' ? req.body : req.query;
+    const filepath = path.join(process.cwd(), 'passwd');
+    if (!users?.length) {
+        const fileExists = existsSync(filepath);
+        if (!fileExists) {
+            req.log.error(req, 'passwd file not exists');
+            return { error: 'login error', status: 500 };
+        }
+        // parse file on start up
+        const data = readFileSync(filepath, 'utf8');
+        const separator = data.indexOf('\\r\\n') !== -1 ? '\r\n' : '\n';
+        const rows = data.split(separator).map((row) => {
+            const [name, passwd, usertype = 'regular', uid] = row.split(':');
+            return { username: name, password: passwd, usertype, uid };
+        });
+        rows.forEach((row) => users.push(row));
+    }
+    // check user / password
+    const user = users.find((el) => el.username === username);
+    const hashPasswd = createHash('sha1').update(`${password}${user?.salt || ''}`).digest('hex');
+    if (!user?.password || user.password !== hashPasswd) {
+        const txt = 'Invalid user or password';
+        return req.method === 'GET'
+            ? reply.status(302).redirect(`/login?confirm=wrong_pass&message=${txt}`)
+            : reply.status(400).send({ message: txt });
+    }
+    const resultUser = {
+        uid: user?.uid || config?.auth?.uid || username,
+        user_name: username,
+        user_type: user.usertype || 'regular',
+    };
+    const href = await authorizeUser(resultUser, req, 'loginFile');
+    reply.redirect(href);
+}

package/dist/server/plugins/auth/funcs/loginUser.js ADDED Viewed

@@ -0,0 +1,45 @@
+import config from "../../../../config.js";
+import pgClients from "../../pg/pgClients.js";
+import logger from "../../logger/getLogger.js";
+import verifyPassword from "./verifyPassword.js";
+import authorizeUser from "./authorizeUser.js";
+export default async function loginUser(req, reply) {
+    const { username, password } = (req.method === "POST" ? req.body : req.query) || {};
+    const { pg = pgClients.client } = req;
+    if (!config.pg) {
+        return req.method === "GET"
+            ? reply.status(302).redirect("/login?confirm=wrong_pass&message=empty pg")
+            : reply.status(400).send({ message: "empty pg" });
+    }
+    if (!config.redis) {
+        return req.method === "GET"
+            ? reply
+                .status(302)
+                .redirect("/login?confirm=wrong_pass&message=empty redis")
+            : reply.status(400).send({ message: "empty redis" });
+    }
+    const { user, message = "invalid user" } = await verifyPassword({
+        pg,
+        username,
+        password,
+    }) || {};
+    if (!user) {
+        return req.method === "GET"
+            ? reply
+                .status(302)
+                .redirect(`/login?confirm=wrong_pass&message=${message}`)
+            : reply.status(400).send({ message });
+    }
+    if (!user && (req.query?.username || req.body?.username)) {
+        return req.method === "GET"
+            ? reply
+                .status(302)
+                .redirect(`/login?confirm=wrong_pass&message=${message}`)
+            : reply.status(400).send({ message });
+    }
+    logger.metrics("user.login");
+    const href = await authorizeUser(user, req, "login");
+    return req.method === "GET"
+        ? reply.status(302).redirect(href)
+        : reply.status(200).send(href);
+}

package/dist/server/plugins/auth/funcs/sendNotification.js ADDED Viewed

@@ -0,0 +1,96 @@
+import nodemailer from "nodemailer";
+import config from "../../../../config.js";
+import { handlebars } from "../../../helpers/index.js";
+import pgClients from "../../pg/pgClients.js";
+import getTemplate from "../../table/funcs/getTemplate.js";
+import getRedis from "../../redis/funcs/getRedis.js";
+import logger from "../../logger/getLogger.js";
+const rclient = getRedis();
+// eslint-disable-next-line max-len, no-control-regex
+const emailReg = /(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])/g;
+async function generateNotificationContent({ pg, table, template, id, message, data: data1, }) {
+    if (template) {
+        const data = table && id && config.pg
+            ? await pg
+                .query(`select * from ${table} where ${pg.pk[table]}=$1`, [id])
+                .then((el) => el.rows?.[0] || {})
+            : data1;
+        const body = await getTemplate("pt", template);
+        const html = handlebars.compile(body || template || "template not found")(data || {});
+        return html;
+    }
+    return message;
+}
+async function sendEmail({ to, from, subject, html, attachments }) {
+    if (!to?.length) {
+        throw new Error("empty to list");
+    }
+    const { mailSetting = {} } = config;
+    /*= == check service and setting === */
+    if (!mailSetting.service) {
+        logger.file("notification/warn", {
+            to,
+            from,
+            message: "service is not defined in config",
+        });
+        return null;
+    }
+    Object.assign(mailSetting, { rejectUnauthorized: false });
+    if (mailSetting.port === 465) {
+        Object.assign(mailSetting, { secure: true });
+    }
+    const transport = nodemailer.createTransport(mailSetting);
+    const result = await transport.sendMail({
+        from: from || mailSetting.from,
+        to,
+        subject,
+        html,
+        attachments,
+    });
+    return result;
+}
+export default async function notification({ pg = pgClients.client, provider = ["email"], from, to, template, table, message, title, data, id, nocache, }, unittest) {
+    if (pg?.readonly) {
+        return null;
+    }
+    const keyTo = `${pg?.options?.database}:mail:${provider[0]}:${to || ""}${id || ""}${table || ""}${title || ""}`;
+    const uniqueTo = config.redis ? await rclient.setnx(keyTo, 1) : true;
+    if (!uniqueTo && !nocache) {
+        logger.file("notification/sent", { keyTo, send: uniqueTo, nocache });
+        return `already sent: ${keyTo}`;
+    }
+    if (config.redis) {
+        await rclient.expire(keyTo, 1000 * 600);
+    }
+    if (!to.length) {
+        return null;
+    }
+    if (!(Array.isArray(provider) && provider.length)) {
+        return "notification provider - must be array and not empty";
+    }
+    const html = await generateNotificationContent({
+        pg,
+        table,
+        template,
+        id,
+        message,
+        data,
+    });
+    if (provider.includes("email")) {
+        const toEmail = Array.isArray(to)
+            ? to.map((emails) => emails.match(emailReg)?.join(","))
+            : to;
+        const result = await sendEmail({
+            attachments: [],
+            html,
+            subject: title,
+            from,
+            to: unittest && config.mailSetting?.to ? config.mailSetting?.to : toEmail,
+        });
+        if (config.debug) {
+            console.log(result);
+        }
+        return result;
+    }
+    return null;
+}

package/dist/server/plugins/auth/funcs/users.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ const users = [];
2	+ export default users;