@ozdao/martyrs 0.2.584 → 0.2.586

package/dist/auth.server.js

@@ -1,12 +1,13 @@
-import { a as applyProfileSchema, m as modelsFactory } from "./profile.schema-CjLOfG7b.js";
-import { m as middlewareIndexFactory } from "./index-_Edcmck_.js";
+import { m as middlewareIndexFactory, i as initOtpService } from "./index-kvBwwb0w.js";
 import bcrypt from "bcryptjs";
 import jwt from "jsonwebtoken";
 import { Types } from "mongoose";
 import jwkToPem from "jwk-to-pem";
-import { m as mailing } from "./mailing-DuEFRsa3.js";
+import { g as getSessionsService } from "./sessions.service-COcwjd0f.js";
+import { g as getVisitorsService } from "./visitors.service-B1dhhuSo.js";
 import { a as addUserStatusFields, b as addMembersQuantity } from "./addUserStatusFields-Cc-JpmPo.js";
 import { a as applyCredentialsSchema } from "./credentials.schema--2vvcu8c.js";
+import { a as applyProfileSchema } from "./profile.schema-C31Lynn3.js";
 import { a as applySocialsSchema } from "./socials.schema-DxnnaBgO.js";
 async function verifyAppleIdToken(id_token) {
   const decodedToken = jwt.decode(id_token, { complete: true });
@@ -43,7 +44,7 @@ async function verifyAppleIdToken(id_token) {
   return decodedToken.payload;
 }
 const ObjectId$1 = { Types }.Types.ObjectId;
-const controllerFactory$2 = (db) => {
+const controllerFactory$1 = (db) => {
   const User = db.user;
   const Membership = db.membership;
   db.department;
@@ -91,9 +92,24 @@ const controllerFactory$2 = (db) => {
           return res.status(401).send({ errorCode: "INCORRECT_PASSWORD_ENTERED", accessToken: null });
         }
       }
+      const sessionsService = getSessionsService();
+      const session = await sessionsService.createSession({
+        userId: user._id,
+        visitorId: req.visitorId || null,
+        req
+      });
+      if (req.visitorId) {
+        const visitorsService = getVisitorsService();
+        await visitorsService.linkVisitorToUser({
+          visitorId: req.visitorId,
+          userId: user._id,
+          sessionId: session._id
+        });
+      }
       const token = jwt.sign(
         {
-          _id: user._id
+          _id: user._id,
+          session_id: session._id
         },
         process.env.SECRET_KEY,
         {
@@ -167,9 +183,24 @@ const controllerFactory$2 = (db) => {
         console.log(err);
       }
     }
+    const sessionsService = getSessionsService();
+    const session = await sessionsService.createSession({
+      userId: user._id,
+      visitorId: req.visitorId || null,
+      req
+    });
+    if (req.visitorId) {
+      const visitorsService = getVisitorsService();
+      await visitorsService.linkVisitorToUser({
+        visitorId: req.visitorId,
+        userId: user._id,
+        sessionId: session._id
+      });
+    }
     const token = jwt.sign(
       {
         _id: user._id,
+        session_id: session._id,
         organization: invite ? invite.organization : null
       },
       process.env.SECRET_KEY,
@@ -189,17 +220,11 @@ const controllerFactory$2 = (db) => {
   };
   const updatePassword = async (req, res) => {
     try {
-      const { phone, email, password, type } = req.body;
-      let query;
-      if (type === "phone" && phone) {
-        query = { phone };
-      }
-      if (type === "email" && email) {
-        query = { email };
-      }
-      if (!query || !password) {
+      const { identifier, password, type } = req.body;
+      if (!identifier || !type || !password) {
         return res.status(400).send({ errorCode: "MISSING_REQUIRED_PARAMETERS" });
       }
+      const query = type === "phone" ? { phone: identifier } : { email: identifier };
       const salt = await bcrypt.genSalt(8);
       const hashedPassword = await bcrypt.hash(password, salt);
       const user = await User.findOneAndUpdate(query, {
@@ -208,7 +233,14 @@ const controllerFactory$2 = (db) => {
       if (!user) {
         return res.status(404).send({ errorCode: "ERROR_UPDATING_USER" });
       }
-      const token = jwt.sign({ _id: user._id }, process.env.SECRET_KEY, {
+      const sessionsService = getSessionsService();
+      await sessionsService.deactivateAllUserSessions(user._id);
+      const session = await sessionsService.createSession({
+        userId: user._id,
+        visitorId: req.visitorId || null,
+        req
+      });
+      const token = jwt.sign({ _id: user._id, session_id: session._id }, process.env.SECRET_KEY, {
         expiresIn: 86400
       });
       const authorities = user.roles.map((role) => `ROLE_${role.name.toUpperCase()}`);
@@ -231,54 +263,54 @@ const controllerFactory$2 = (db) => {
     updatePassword
   };
 };
-const { sendEmail, sendSms } = mailing;
-const controllerFactory$1 = (db) => {
-  const sendcode = async (req, res) => {
-    const code = Math.floor(1e3 + Math.random() * 9e3);
-    const type = req.body.type;
-    const method = req.body.method;
-    if (type === "email") {
-      const emailSent = await sendEmail(req.body.email, `${process.env.APP_NAME} Verification Code`, `Your ${process.env.APP_NAME} verification code is ${code}`);
-      if (emailSent) {
-        res.send({ code, type, method });
-      } else {
-        console.log(emailSent);
-        res.status(500).send("Failed to send email");
-      }
-    } else if (type === "phone") {
-      const smsSent = await sendSms(req.body.phone, `Your ${process.env.APP_NAME} verification code: ${code}`);
-      if (smsSent) {
-        res.send({ code, type, method });
-      } else {
-        res.status(500).send("Failed to send SMS");
-      }
-    }
-  };
-  return {
-    sendcode
-  };
-};
 const authRoutes = (function(app, db, origins) {
-  const controller = controllerFactory$2(db);
-  const controllerTwofa = controllerFactory$1();
-  const { verifySignUp, verifyUser } = middlewareIndexFactory(db);
+  const controller = controllerFactory$1(db);
+  const { verifySignUp, verifyUser, otp, authJwt } = middlewareIndexFactory(db);
   app.post(
     "/api/auth/signup",
     [
-      verifySignUp.checkDuplicateUsernameOrEmail
-      // verifySignUp.checkRolesExisted
+      verifySignUp.checkDuplicateUsernameOrEmail,
+      otp.stepUp("signup", (req) => ({
+        identifier: req.body.type === "email" ? req.body.email : req.body.phone,
+        type: req.body.type
+      }))
     ],
     controller.signup
   );
   app.post("/api/auth/signin", controller.signin);
-  app.post("/api/auth/reset-password", [verifyUser.checkUserExist], controllerTwofa.sendcode);
-  app.post("/api/auth/update-password", controller.updatePassword);
-});
-const twofaRoutes = (function(app, db) {
-  const controller = controllerFactory$1();
-  const { verifySignUp, verifyUser } = middlewareIndexFactory(db);
-  app.post("/api/twofa/sendcode", [verifySignUp.checkDuplicateUsernameOrEmail], controller.sendcode);
-  app.post("/api/twofa/sendcodereset", [verifyUser.checkUserExist], controller.sendcode);
+  app.post(
+    "/api/auth/reset-password",
+    [
+      verifyUser.checkUserExist,
+      otp.stepUp("reset-password", (req) => ({
+        identifier: req.body.identifier,
+        type: req.body.type
+      }))
+    ],
+    controller.updatePassword
+  );
+  app.post("/api/auth/logout", [authJwt.verifyToken()], async (req, res) => {
+    try {
+      if (req.sessionId) {
+        const sessionsService = getSessionsService();
+        await sessionsService.deactivateSession(req.sessionId);
+      }
+      res.status(200).send({ success: true });
+    } catch (err) {
+      res.status(500).send({ message: err.message });
+    }
+  });
+  app.post("/api/auth/logout-all", [authJwt.verifyToken()], async (req, res) => {
+    try {
+      if (req.userId) {
+        const sessionsService = getSessionsService();
+        await sessionsService.deactivateAllUserSessions(req.userId);
+      }
+      res.status(200).send({ success: true });
+    } catch (err) {
+      res.status(500).send({ message: err.message });
+    }
+  });
 });
 const ObjectId = { Types }.Types.ObjectId;
 const controllerFactory = (db) => {
@@ -343,6 +375,13 @@ const controllerFactory = (db) => {
     });
     query.push(addMembersQuantity());
     if (req.query.user) query.push(addUserStatusFields(req.query.user));
+    query.push({
+      $project: {
+        password: 0,
+        refreshToken: 0,
+        __v: 0
+      }
+    });
     query.push({
       $skip: skip
     });
@@ -371,14 +410,16 @@ const controllerFactory = (db) => {
       if (!user) {
         return res.status(404).send({ errorCode: "USER_NOT_CREATED", message: "User is not created." });
       }
-      res.status(200).send(user);
+      const { password, refreshToken, __v, ...safeUser } = user.toObject();
+      res.status(200).send(safeUser);
     } catch (err) {
       return res.status(500).send({ errorCode: "INTERNAL_SERVER_ERROR", message: err });
     }
   };
   const update = async (req, res) => {
     try {
-      const user = await User.findOneAndUpdate({ _id: req.params._id }, req.body, { new: true });
+      const { email, phone, ...safeData } = req.body;
+      const user = await User.findOneAndUpdate({ _id: req.params._id }, safeData, { new: true }).select("-password -refreshToken -__v");
       if (!user) {
         return res.status(404).send({ errorCode: "UPDATE_FAILED", message: "Something wrong when updating user." });
       }
@@ -387,11 +428,30 @@ const controllerFactory = (db) => {
       return res.status(500).send({ errorCode: "INTERNAL_SERVER_ERROR", message: err });
     }
   };
-  const remove = async (req, res) => {
+  const updateEmail = async (req, res) => {
     try {
-      const user = await User.findOneAndDelete({ phone: req.params.phone });
+      const user = await User.findOneAndUpdate(
+        { _id: req.params._id },
+        { email: req.body.email },
+        { new: true }
+      ).select("-password -refreshToken -__v");
       if (!user) {
-        return res.status(404).send({ errorCode: "DELETION_FAILED", message: "User is not deleted." });
+        return res.status(404).send({ errorCode: "UPDATE_FAILED", message: "Something wrong when updating email." });
+      }
+      res.status(200).send(user);
+    } catch (err) {
+      return res.status(500).send({ errorCode: "INTERNAL_SERVER_ERROR", message: err });
+    }
+  };
+  const updatePhone = async (req, res) => {
+    try {
+      const user = await User.findOneAndUpdate(
+        { _id: req.params._id },
+        { phone: req.body.phone },
+        { new: true }
+      ).select("-password -refreshToken -__v");
+      if (!user) {
+        return res.status(404).send({ errorCode: "UPDATE_FAILED", message: "Something wrong when updating phone." });
       }
       res.status(200).send(user);
     } catch (err) {
@@ -402,31 +462,35 @@ const controllerFactory = (db) => {
     read,
     create,
     update,
-    remove
+    updateEmail,
+    updatePhone
   };
 };
 const usersRoutes = (function(app, db, origins) {
   const controller = controllerFactory(db);
-  const { authJwt, verifyUser } = middlewareIndexFactory(db);
+  const { authJwt, verifyUser, otp } = middlewareIndexFactory(db);
   app.post("/api/users", [authJwt.verifyToken(), verifyUser.checkDuplicateUsername], controller.create);
   app.get("/api/users", controller.read);
-  app.put("/api/users/:_id", [authJwt.verifyToken(), verifyUser.checkDuplicateUsername], controller.update);
-  app.delete("/api/users/:_id", [authJwt.verifyToken()], controller.remove);
+  app.put("/api/users/:_id", [
+    authJwt.verifyToken(),
+    verifyUser.checkOwnership,
+    verifyUser.checkDuplicateUsername
+  ], controller.update);
+  app.put("/api/users/:_id/email", [
+    authJwt.verifyToken(),
+    authJwt.loadUser,
+    verifyUser.checkOwnership,
+    verifyUser.checkDuplicateEmail,
+    otp.dualVerify("email")
+  ], controller.updateEmail);
+  app.put("/api/users/:_id/phone", [
+    authJwt.verifyToken(),
+    authJwt.loadUser,
+    verifyUser.checkOwnership,
+    verifyUser.checkDuplicatePhone,
+    otp.dualVerify("phone")
+  ], controller.updatePhone);
 });
-const RequestModel = (db) => {
-  const RequestSchema = new db.mongoose.Schema({
-    visitor: {
-      type: db.mongoose.Schema.Types.ObjectId,
-      ref: "Visitor"
-    },
-    path: String,
-    method: String,
-    timestamp: { type: Date, default: Date.now }
-  });
-  RequestSchema.index({ visitor: 1 });
-  const Request = db.mongoose.model("Request", RequestSchema);
-  return Request;
-};
 const RoleModel = (db) => {
   const RoleSchema = new db.mongoose.Schema({
     name: String
@@ -476,42 +540,43 @@ const UserModel = (db) => {
   const User = db.mongoose.model("User", UserSchema);
   return User;
 };
-const VisitorModel = (db) => {
-  const VisitorSchema = new db.mongoose.Schema({
-    ip: String,
-    userAgent: String,
-    acceptLanguage: String,
-    fingerprint: { type: String, unique: true }
+const OtpModel = (db) => {
+  const OtpSchema = new db.mongoose.Schema({
+    challengeId: { type: String, required: true, unique: true },
+    identifier: { type: String, required: true },
+    target: { type: db.mongoose.Schema.Types.ObjectId, ref: "User", default: null },
+    code: { type: String, required: true },
+    type: { type: String, enum: ["email", "phone"], required: true },
+    purpose: { type: String, required: true },
+    attempts: { type: Number, default: 0 },
+    verifiedAt: { type: Date, default: null },
+    invalidatedAt: { type: Date, default: null },
+    createdAt: { type: Date, default: Date.now, expires: 600 }
   });
-  const Visitor = db.mongoose.model("Visitor", VisitorSchema);
-  return Visitor;
+  OtpSchema.index({ identifier: 1, purpose: 1 });
+  OtpSchema.index({ target: 1, purpose: 1 }, { sparse: true });
+  return db.mongoose.model("Otp", OtpSchema);
 };
 function initializeAuth(app, db, origins, publicPath) {
   db.role = RoleModel(db);
   db.user = UserModel(db);
-  db.visitor = VisitorModel(db);
-  db.request = RequestModel(db);
+  db.otp = OtpModel(db);
+  initOtpService(db);
   if (app) {
     authRoutes(app, db);
-    twofaRoutes(app, db);
     usersRoutes(app, db);
-    const visitorModule = modelsFactory(db);
-    app.use(visitorModule.visitorLogger);
   }
 }
 const models = {
   RoleModel,
-  UserModel,
-  VisitorModel
+  UserModel
 };
 const routes = {
   authRoutes,
-  twofaRoutes,
   usersRoutes
 };
 const controllers = {
-  AuthController: controllerFactory$2,
-  TwoFaController: controllerFactory$1,
+  AuthController: controllerFactory$1,
   UsersController: controllerFactory
 };
 const auth_server = {

package/dist/{authJwt-J1csaMWA.js → authJwt-DKbMMjw0.js}

@@ -1,4 +1,5 @@
 import jwt from "jsonwebtoken";
+import { g as getSessionsService } from "./sessions.service-COcwjd0f.js";
 const middlewareFactory = (db) => {
   const User = db.user;
   const Role = db.role;
@@ -28,6 +29,22 @@ const middlewareFactory = (db) => {
           }
         }
         const decoded = jwt.verify(token, process.env.SECRET_KEY);
+        if (decoded.session_id) {
+          const sessionsService = getSessionsService();
+          const session = await sessionsService.validateSession({
+            sessionId: decoded.session_id,
+            userId: decoded._id
+          });
+          if (!session) {
+            req.userId = null;
+            if (continueOnFail) {
+              return next();
+            } else {
+              return res.status(401).send({ message: "Unauthorized: Session expired or revoked" });
+            }
+          }
+          req.sessionId = decoded.session_id;
+        }
         req.userId = decoded._id;
         req.user = {
           _id: decoded._id
@@ -43,6 +60,21 @@ const middlewareFactory = (db) => {
       }
     };
   };
+  const loadUser = async (req, res, next) => {
+    try {
+      if (!req.userId) {
+        return res.status(401).json({ errorCode: "AUTH_REQUIRED" });
+      }
+      const user = await User.findById(req.userId).exec();
+      if (!user) {
+        return res.status(404).json({ errorCode: "USER_NOT_FOUND" });
+      }
+      req.user = user;
+      next();
+    } catch (err) {
+      res.status(500).send({ message: err.message });
+    }
+  };
   const checkRole = (roleToCheck) => async (req, res, next) => {
     try {
       const user = await User.findById(req.userId).exec();
@@ -66,6 +98,7 @@ const middlewareFactory = (db) => {
   const isModerator = checkRole("moderator");
   const authJwt = {
     verifyToken,
+    loadUser,
     isAdmin,
     isModerator
   };

package/dist/builder.js

@@ -502,6 +502,7 @@ function createSsrDevServer(projectRoot, configs, createServer) {
       performance.measure("loading-5", "loading-5-start", "loading-5-end");
       const measure5 = performance.getEntriesByName("loading-5")[0];
       console.log(`[LOADING 5] HTML rendering and Beasties completed in ${measure5?.duration?.toFixed(2)}ms`);
+      console.log("[SSR-404] dev renderer returning statusCode:", statusCode);
       return { html: completeHtml, statusCode };
     };
   };
@@ -586,6 +587,7 @@ function createSsrDevServer(projectRoot, configs, createServer) {
         res.locals.webpack.devMiddleware
         // Update to rspack middleware context
       );
+      console.log("[SSR-404] sending response with statusCode:", result.statusCode);
       res.status(result.statusCode).header("Content-Type", "text/html; charset=utf-8").send(result.html);
     });
     serverInstance = server;

package/dist/chats.server.js

@@ -1,5 +1,5 @@
-import "./mailing-DuEFRsa3.js";
-import { m as middlewareIndexFactory } from "./index-_Edcmck_.js";
+import "./mailing-DT7nbNjZ.js";
+import { m as middlewareIndexFactory } from "./index-kvBwwb0w.js";
 const controllerFactory = (db) => {
   const ChatMessage = db.chat;
   const Department = db.department;

package/dist/community.server.js

@@ -4,7 +4,7 @@ import { a as applyCommonSchema } from "./common.schema-DswiUXKB.js";
 import { a as applyEngagementSchema } from "./engagement.schema-fh6W1fb_.js";
 import { a as applyMetadataSchema } from "./metadata.schema-CIRR_WQ-.js";
 import { a as applyOwnershipSchema } from "./ownership.schema-fwwDf_e5.js";
-import { m as middlewareIndexFactory$1 } from "./index-_Edcmck_.js";
+import { m as middlewareIndexFactory$1 } from "./index-kvBwwb0w.js";
 import { c as coreabac } from "./abac-BPl9Bmf9.js";
 const ObjectId$2 = { Types }.Types.ObjectId;
 function getCommentsLookupStage() {