@oxyhq/services 5.8.1 → 5.8.3

package/lib/module/node/createAuth.js

@@ -2,423 +2,10 @@
 
 import express from 'express';
 import { OxyServices } from '../core';
-import { jwtDecode } from 'jwt-decode';
-
-// Types for enhanced authentication
-
-// User cache for performance
-class UserCache {
-  cache = new Map();
-  constructor(ttl = 300) {
-    // 5 minutes default
-    this.ttl = ttl * 1000;
-  }
-  set(userId, user) {
-    this.cache.set(userId, {
-      user,
-      expiresAt: Date.now() + this.ttl
-    });
-  }
-  get(userId) {
-    const item = this.cache.get(userId);
-    if (!item || Date.now() > item.expiresAt) {
-      this.cache.delete(userId);
-      return null;
-    }
-    return item.user;
-  }
-  clear() {
-    this.cache.clear();
-  }
-}
-
-/**
- * Enhanced OxyAuth class for backend authentication
- */
-export class OxyAuth {
-  userCache = null;
-  constructor(options) {
-    this.options = {
-      loadFullUser: true,
-      enableSessionAuth: true,
-      enableDeviceAuth: true,
-      cacheUserData: true,
-      userCacheTTL: 300,
-      ...options
-    };
-    this.oxy = new OxyServices({
-      baseURL: options.baseURL
-    });
-    if (this.options.cacheUserData) {
-      this.userCache = new UserCache(this.options.userCacheTTL);
-    }
-  }
-
-  /**
-   * Create authentication middleware
-   */
-  createAuthMiddleware(options = {}) {
-    return async (req, res, next) => {
-      try {
-        const result = await this.authenticateRequest(req);
-        if (!result.valid && options.required !== false) {
-          const error = {
-            message: 'Authentication required',
-            code: 'AUTH_REQUIRED'
-          };
-          if (options.onError) {
-            options.onError(error, req, res);
-          } else {
-            res.status(401).json(error);
-          }
-          return;
-        }
-
-        // Check roles if specified
-        if (result.valid && options.roles && result.user) {
-          const hasRole = options.roles.some(role => result.user.roles?.includes(role) || result.user.role === role);
-          if (!hasRole) {
-            const error = {
-              message: 'Insufficient permissions',
-              code: 'INSUFFICIENT_ROLES'
-            };
-            if (options.onError) {
-              options.onError(error, req, res);
-            } else {
-              res.status(403).json(error);
-            }
-            return;
-          }
-        }
-
-        // Check permissions if specified
-        if (result.valid && options.permissions && result.userId) {
-          for (const permission of options.permissions) {
-            const hasPermission = await this.hasPermission(result.userId, permission);
-            if (!hasPermission) {
-              const error = {
-                message: 'Insufficient permissions',
-                code: 'INSUFFICIENT_PERMISSIONS'
-              };
-              if (options.onError) {
-                options.onError(error, req, res);
-              } else {
-                res.status(403).json(error);
-              }
-              return;
-            }
-          }
-        }
-        next();
-      } catch (error) {
-        if (options.onError) {
-          options.onError(error, req, res);
-        } else {
-          res.status(500).json({
-            message: 'Authentication error'
-          });
-        }
-      }
-    };
-  }
-
-  /**
-   * Authenticate request and populate user data
-   */
-  async authenticateRequest(req) {
-    // Try JWT token first
-    const authHeader = req.headers.authorization;
-    if (authHeader && authHeader.startsWith('Bearer ')) {
-      const token = authHeader.substring(7);
-      const result = await this.validateToken(token);
-      if (result.valid) {
-        req.user = result.user;
-        req.userId = result.userId;
-        req.accessToken = token;
-        return {
-          ...result,
-          accessToken: token
-        };
-      }
-    }
-
-    // Try session-based auth
-    if (this.options.enableSessionAuth) {
-      const sessionId = req.headers['x-session-id'];
-      if (sessionId) {
-        const result = await this.validateSession(sessionId);
-        if (result.valid) {
-          req.user = result.user;
-          req.userId = result.userId;
-          req.sessionId = sessionId;
-          return result;
-        }
-      }
-    }
-
-    // Try device-based auth
-    if (this.options.enableDeviceAuth) {
-      const deviceFingerprint = req.headers['x-device-fingerprint'];
-      const userId = req.headers['x-user-id'];
-      if (deviceFingerprint && userId) {
-        const result = await this.validateDevice(userId, deviceFingerprint);
-        if (result.valid) {
-          req.user = result.user;
-          req.userId = result.userId;
-          req.deviceFingerprint = deviceFingerprint;
-          return result;
-        }
-      }
-    }
-    return {
-      valid: false,
-      error: 'No valid authentication found'
-    };
-  }
-
-  /**
-   * Validate JWT token
-   */
-  async validateToken(token) {
-    try {
-      // Local JWT validation if secret is provided
-      if (this.options.jwtSecret) {
-        const decoded = jwtDecode(token);
-        const currentTime = Math.floor(Date.now() / 1000);
-        if (decoded.exp && decoded.exp < currentTime) {
-          return {
-            valid: false,
-            error: 'Token expired',
-            code: 'TOKEN_EXPIRED',
-            expiresAt: decoded.exp
-          };
-        }
-        const userId = decoded.userId || decoded.id;
-        if (!userId) {
-          return {
-            valid: false,
-            error: 'Invalid token payload',
-            code: 'INVALID_PAYLOAD'
-          };
-        }
-
-        // Get user data from cache or API
-        let user = this.userCache?.get(userId);
-        const cached = !!user;
-        if (!user && this.options.loadFullUser) {
-          try {
-            user = await this.oxy.getUserById(userId);
-            this.userCache?.set(userId, user);
-          } catch (error) {
-            user = {
-              id: userId
-            };
-          }
-        } else if (!user) {
-          user = {
-            id: userId
-          };
-        }
-        return {
-          valid: true,
-          userId,
-          user,
-          expiresAt: decoded.exp,
-          cached
-        };
-      }
-
-      // Remote validation using OxyServices
-      const tempOxy = new OxyServices({
-        baseURL: this.oxy.getBaseURL()
-      });
-      tempOxy.setTokens(token, '');
-      const isValid = await tempOxy.validate();
-      if (!isValid) {
-        return {
-          valid: false,
-          error: 'Invalid token',
-          code: 'INVALID_TOKEN'
-        };
-      }
-      const userId = tempOxy.getCurrentUserId();
-      if (!userId) {
-        return {
-          valid: false,
-          error: 'Invalid token payload',
-          code: 'INVALID_PAYLOAD'
-        };
-      }
-
-      // Get user data
-      let user = this.userCache?.get(userId);
-      const cached = !!user;
-      if (!user && this.options.loadFullUser) {
-        try {
-          user = await tempOxy.getUserById(userId);
-          this.userCache?.set(userId, user);
-        } catch (error) {
-          user = {
-            id: userId
-          };
-        }
-      } else if (!user) {
-        user = {
-          id: userId
-        };
-      }
-      return {
-        valid: true,
-        userId,
-        user,
-        cached
-      };
-    } catch (error) {
-      return {
-        valid: false,
-        error: 'Token validation failed',
-        code: 'VALIDATION_ERROR'
-      };
-    }
-  }
-
-  /**
-   * Validate session-based authentication
-   */
-  async validateSession(sessionId, deviceFingerprint) {
-    try {
-      // This would integrate with your session management system
-      // For now, it's a placeholder implementation
-      return {
-        valid: false,
-        error: 'Session validation not implemented',
-        code: 'NOT_IMPLEMENTED'
-      };
-    } catch (error) {
-      return {
-        valid: false,
-        error: 'Session validation failed',
-        code: 'VALIDATION_ERROR'
-      };
-    }
-  }
-
-  /**
-   * Validate device-based authentication
-   */
-  async validateDevice(userId, deviceFingerprint) {
-    try {
-      // This would validate device fingerprint against stored data
-      // For now, it's a placeholder implementation
-      return {
-        valid: false,
-        error: 'Device validation not implemented',
-        code: 'NOT_IMPLEMENTED'
-      };
-    } catch (error) {
-      return {
-        valid: false,
-        error: 'Device validation failed',
-        code: 'VALIDATION_ERROR'
-      };
-    }
-  }
-
-  /**
-   * Create role-based middleware
-   */
-  requireRole(roles) {
-    const roleArray = Array.isArray(roles) ? roles : [roles];
-    return this.createAuthMiddleware({
-      required: true,
-      roles: roleArray
-    });
-  }
-
-  /**
-   * Create permission-based middleware
-   */
-  requirePermission(permissions) {
-    const permissionArray = Array.isArray(permissions) ? permissions : [permissions];
-    return this.createAuthMiddleware({
-      required: true,
-      permissions: permissionArray
-    });
-  }
-
-  /**
-   * Create optional authentication middleware
-   */
-  optionalAuth() {
-    return this.createAuthMiddleware({
-      required: false,
-      onError: () => {} // No error thrown for optional auth
-    });
-  }
-
-  /**
-   * Clear user cache
-   */
-  clearCache() {
-    this.userCache?.clear();
-  }
-
-  /**
-   * Check if user data is cached for a given token
-   */
-  isUserCached(token) {
-    try {
-      const decoded = jwtDecode(token);
-      const userId = decoded.userId || decoded.id;
-      return userId ? this.userCache?.get(userId) !== null : false;
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * Check if user has a specific permission
-   */
-  async hasPermission(userId, permission) {
-    try {
-      // This is a placeholder implementation
-      // In a real implementation, you would check against user roles/permissions
-      const user = this.userCache?.get(userId) || (await this.oxy.getUserById(userId));
-      return user?.permissions?.includes(permission) || user?.role === 'admin' || false;
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * Get OxyServices instance
-   */
-  getOxyServices() {
-    return this.oxy;
-  }
-}
-/**
- * Enhanced createAuth function that provides both router and middleware capabilities
- * 
- * This is a unified authentication system that:
- * 1. Maintains backward compatibility with the old router-based approach
- * 2. Adds powerful new middleware capabilities
- * 3. Includes caching, role-based access, and performance optimizations
- * 4. Supports multiple authentication strategies
- */
 export function createAuth(options) {
-  // Create the enhanced OxyAuth instance
-  const authOptions = {
-    baseURL: options.baseURL,
-    jwtSecret: options.jwtSecret,
-    loadFullUser: options.loadFullUser ?? true,
-    enableSessionAuth: options.enableSessionAuth ?? true,
-    enableDeviceAuth: options.enableDeviceAuth ?? true,
-    cacheUserData: options.cacheUserData ?? true,
-    userCacheTTL: options.userCacheTTL ?? 300
-  };
-  const oxyAuth = new OxyAuth(authOptions);
-  const oxy = oxyAuth.getOxyServices();
+  const oxy = new OxyServices({
+    baseURL: options.baseURL
+  });
   const router = express.Router();
 
   // Helper to handle async route functions
@@ -431,237 +18,73 @@ export function createAuth(options) {
       });
     }
   };
-
-  // Enhanced signup with validation
   router.post('/signup', wrap(async (req, res) => {
     const {
       username,
       email,
       password
     } = req.body;
-
-    // Enhanced validation
-    if (!username || !email || !password) {
-      return res.status(400).json({
-        message: 'Username, email, and password are required'
-      });
-    }
     const result = await oxy.signUp(username, email, password);
     res.json(result);
   }));
-
-  // Enhanced login with device fingerprinting
   router.post('/login', wrap(async (req, res) => {
     const {
       username,
-      password,
-      deviceFingerprint
+      password
     } = req.body;
-    if (!username || !password) {
-      return res.status(400).json({
-        message: 'Username and password are required'
-      });
-    }
     const result = await oxy.login(username, password);
-
-    // Store device fingerprint if provided
-    if (deviceFingerprint && result.user?.id) {
-      // This could be stored in a database for device tracking
-      console.log(`Device login: ${deviceFingerprint} for user ${result.user.id}`);
-    }
     res.json(result);
   }));
-
-  // Enhanced logout with session management
   router.post('/logout', wrap(async (req, res) => {
     const token = req.headers.authorization?.split(' ')[1];
     const refreshToken = req.body.refreshToken;
-    const sessionId = req.body.sessionId;
     if (token) oxy.setTokens(token, refreshToken);
-
-    // Enhanced logout with session tracking
-    if (sessionId) {
-      await oxy.logoutSession(sessionId);
-    } else {
-      await oxy.logout();
-    }
+    await oxy.logout();
     res.json({
       success: true
     });
   }));
-
-  // Enhanced token refresh
   router.post('/refresh', wrap(async (req, res) => {
     const refreshToken = req.body.refreshToken;
     const accessToken = req.headers.authorization?.split(' ')[1] || '';
-    if (!refreshToken) {
-      return res.status(400).json({
-        message: 'Refresh token is required'
-      });
-    }
     oxy.setTokens(accessToken, refreshToken);
     const tokens = await oxy.refreshTokens();
     res.json(tokens);
   }));
-
-  // Enhanced token validation with caching
   router.get('/validate', wrap(async (req, res) => {
     const token = req.headers.authorization?.split(' ')[1] || '';
-    if (!token) {
-      return res.status(401).json({
-        valid: false,
-        message: 'No token provided'
-      });
-    }
     oxy.setTokens(token, '');
     const valid = await oxy.validate();
-
-    // Enhanced response with more details
     res.json({
-      valid,
-      timestamp: new Date().toISOString(),
-      cached: oxyAuth.isUserCached(token) // Check if user data is cached
+      valid
     });
   }));
-
-  // Enhanced sessions management
   router.get('/sessions', wrap(async (req, res) => {
     const token = req.headers.authorization?.split(' ')[1] || '';
-    if (!token) {
-      return res.status(401).json({
-        message: 'Authentication required'
-      });
-    }
     oxy.setTokens(token, '');
     const sessions = await oxy.getUserSessions();
     res.json(sessions);
   }));
-
-  // Enhanced session deletion
   router.delete('/sessions/:id', wrap(async (req, res) => {
     const token = req.headers.authorization?.split(' ')[1] || '';
-    if (!token) {
-      return res.status(401).json({
-        message: 'Authentication required'
-      });
-    }
     oxy.setTokens(token, '');
     const result = await oxy.logoutSession(req.params.id);
-
-    // Clear cache for this user if logout was successful
-    if (result.success) {
-      oxyAuth.clearCache();
-    }
     res.json(result);
   }));
-
-  // Enhanced logout other sessions
   router.post('/sessions/logout-others', wrap(async (req, res) => {
     const token = req.headers.authorization?.split(' ')[1] || '';
-    if (!token) {
-      return res.status(401).json({
-        message: 'Authentication required'
-      });
-    }
     oxy.setTokens(token, '');
     const result = await oxy.logoutOtherSessions();
-
-    // Clear cache for this user
-    if (result.success) {
-      oxyAuth.clearCache();
-    }
     res.json(result);
   }));
-
-  // Enhanced logout all sessions
   router.post('/sessions/logout-all', wrap(async (req, res) => {
     const token = req.headers.authorization?.split(' ')[1] || '';
-    if (!token) {
-      return res.status(401).json({
-        message: 'Authentication required'
-      });
-    }
     oxy.setTokens(token, '');
     const result = await oxy.logoutAllSessions();
-
-    // Clear all cache
-    if (result.success) {
-      oxyAuth.clearCache();
-    }
     res.json(result);
   }));
-
-  // NEW: Get current user profile with caching
-  router.get('/profile', wrap(async (req, res) => {
-    const token = req.headers.authorization?.split(' ')[1] || '';
-    if (!token) {
-      return res.status(401).json({
-        message: 'Authentication required'
-      });
-    }
-
-    // Use the enhanced auth system for better performance
-    const validation = await oxyAuth.validateToken(token);
-    if (!validation.valid) {
-      return res.status(401).json({
-        message: 'Invalid token'
-      });
-    }
-    res.json({
-      user: validation.user,
-      cached: validation.cached,
-      expiresAt: validation.expiresAt
-    });
-  }));
-
-  // NEW: Check user permissions
-  router.post('/check-permissions', wrap(async (req, res) => {
-    const token = req.headers.authorization?.split(' ')[1] || '';
-    const {
-      permissions
-    } = req.body;
-    if (!token) {
-      return res.status(401).json({
-        message: 'Authentication required'
-      });
-    }
-    if (!permissions || !Array.isArray(permissions)) {
-      return res.status(400).json({
-        message: 'Permissions array is required'
-      });
-    }
-    const validation = await oxyAuth.validateToken(token);
-    if (!validation.valid) {
-      return res.status(401).json({
-        message: 'Invalid token'
-      });
-    }
-
-    // Check each permission
-    const results = await Promise.all(permissions.map(async permission => {
-      const hasPermission = await oxyAuth.hasPermission(validation.userId, permission);
-      return {
-        permission,
-        granted: hasPermission
-      };
-    }));
-    res.json({
-      permissions: results
-    });
-  }));
   return {
-    middleware: router,
-    // NEW: Expose the enhanced auth system
-    auth: oxyAuth,
-    // NEW: Convenience methods for middleware
-    requireAuth: (roles, permissions) => oxyAuth.createAuthMiddleware({
-      required: true,
-      roles: Array.isArray(roles) ? roles : roles ? [roles] : undefined,
-      permissions: Array.isArray(permissions) ? permissions : permissions ? [permissions] : undefined
-    }),
-    optionalAuth: () => oxyAuth.optionalAuth(),
-    requireRole: roles => oxyAuth.requireRole(roles),
-    requirePermission: permissions => oxyAuth.requirePermission(permissions)
+    middleware: router
   };
 }
 //# sourceMappingURL=createAuth.js.map