npm - @ozdao/martyrs - Versions diffs - 0.2.585 → 0.2.586 - Mend

@ozdao/martyrs 0.2.585 → 0.2.586

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (386) hide show

package/src/modules/core/controllers/classes/core.websocket.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import * as cookie from 'cookie';
 import jwt from 'jsonwebtoken';
 import uWS from 'uWebSockets.js';
+import { getSessionsService } from '../services/sessions.service.js';
 class WebSocketManager {
   constructor(options = {}) {
     // Создаем uWebSockets.js приложение внутри класса
@@ -25,10 +26,17 @@ class WebSocketManager {
       idleTimeout: 120,
       compression: uWS.SHARED_COMPRESSOR,
       maxBackpressure: 1024 * 1024,
-      // Обработчик аутентификации и апгрейда соединения
+      // Обработчик аутентификации и апгрейда соединения (синхронный - uWS требует)
       upgrade: (res, req, context) => {
         let userId = null;
-        // Получаем cookies и все необходимые заголовки из HTTP-запроса
+        let sessionId = null;
+        let aborted = false;
+        res.onAborted(() => {
+          aborted = true;
+        });
+        // Получаем cookies и все необходимые заголовки из HTTP-запроса (синхронно)
         const headers = {};
         req.forEach((key, value) => {
           headers[key.toLowerCase()] = value;
@@ -37,6 +45,8 @@ class WebSocketManager {
         const secWebSocketKey = headers['sec-websocket-key'] || '';
         const secWebSocketProtocol = headers['sec-websocket-protocol'] || '';
         const secWebSocketExtensions = headers['sec-websocket-extensions'] || '';
+        // Синхронный парсинг JWT (без await к Mongo)
         try {
           if (headers.cookie) {
             const cookies = cookie.parse(headers.cookie);
@@ -44,24 +54,59 @@ class WebSocketManager {
               const token = JSON.parse(decodeURIComponent(cookies.user));
               const decoded = jwt.verify(token.accessToken, process.env.SECRET_KEY);
               userId = decoded._id;
+              sessionId = decoded.session_id;
             }
           }
         } catch (err) {
           console.error('Invalid token:', err);
         }
+        if (aborted) return;
         // Если авторизация требуется, но userId не найден - отклоняем соединение
         if (process.env.REQUIRE_AUTH === 'true' && !userId) {
           res.writeStatus('401 Unauthorized').end('Authentication required');
           return;
         }
-        const userData = { userId };
+        // Передаём данные для валидации сессии в open (async безопасен там)
+        const userData = { userId, sessionId, needsSessionValidation: !!sessionId };
         res.upgrade(userData, secWebSocketKey, secWebSocketProtocol, secWebSocketExtensions, context);
       },
-      // Обработчик открытия соединения
-      open: ws => {
+      // Обработчик открытия соединения (async безопасен здесь)
+      open: async ws => {
         // Инициализация свойств клиента
-        ws.userId = ws.getUserData().userId;
+        const userData = ws.getUserData();
+        ws.userId = userData.userId;
+        ws.sessionId = userData.sessionId;
         ws.subscriptions = new Set();
+        ws.lastSeenAt = Date.now();
+        // Валидация сессии (async, перенесено из upgrade)
+        if (userData.needsSessionValidation) {
+          try {
+            const sessionsService = getSessionsService();
+            const session = await sessionsService.validateSession({
+              sessionId: userData.sessionId,
+              userId: userData.userId,
+            });
+            if (!session) {
+              ws.end(4001, 'Session expired or revoked');
+              return;
+            }
+            // Touch session
+            sessionsService.touchSession(userData.sessionId).catch(err => {
+              console.error('Error updating session lastSeenAt:', err);
+            });
+          } catch (err) {
+            console.error('Session validation error:', err);
+            ws.end(4002, 'Session validation failed');
+            return;
+          }
+        }
         // Отслеживаем соединение
         if (ws.userId) {
           this._trackUserConnection(ws.userId, ws);
@@ -92,6 +137,12 @@ class WebSocketManager {
               await this._handleRpcCall(ws, msg);
               return;
             }
+            // Обработка ping/pong
+            if (msg.type === 'ping') {
+              ws.lastSeenAt = Date.now();
+              ws.send(JSON.stringify({ type: 'pong' }), false);
+              return;
+            }
             // Маршрутизация сообщения к соответствующему обработчику модуля
             const moduleName = msg.module;
             console.log(`[WebSocket Server] Message from ${ws.userId || 'anonymous'}, module: ${moduleName}, type: ${msg.type}, subscriptions:`, Array.from(ws.subscriptions));

package/src/modules/core/controllers/middlewares/visitor.logger.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { getVisitorsService } from '../services/visitors.service.js';
+import { getRequestsService } from '../services/requests.service.js';
+const VISITOR_COOKIE_NAME = 'visitorId';
+const VISITOR_COOKIE_MAX_AGE = 365 * 24 * 60 * 60 * 1000; // 1 year
+const createVisitorLogger = () => {
+  const visitorLogger = async (req, res, next) => {
+    try {
+      const visitorsService = getVisitorsService();
+      const requestsService = getRequestsService();
+      const visitor = await visitorsService.findOrCreateVisitor(req);
+      // Set/update visitorId cookie if missing or different (handles "stale" cookie)
+      const cookieVisitorId = req.cookies?.visitorId;
+      if (!cookieVisitorId || cookieVisitorId !== visitor._id.toString()) {
+        res.cookie(VISITOR_COOKIE_NAME, visitor._id.toString(), {
+          maxAge: VISITOR_COOKIE_MAX_AGE,
+          httpOnly: true,
+          sameSite: 'lax',
+        });
+      }
+      // Attach visitor to request for downstream use
+      req.visitor = visitor;
+      req.visitorId = visitor._id;
+      // Log request AFTER response (userId/sessionId will be set by auth middleware by then)
+      res.on('finish', () => {
+        requestsService.logRequest({
+          visitorId: visitor._id,
+          req,
+          userId: req.userId || null,
+          sessionId: req.sessionId || null,
+        }).catch(err => console.error('Error logging request:', err));
+      });
+      next();
+    } catch (error) {
+      console.error('Error processing visitor:', error);
+      next();
+    }
+  };
+  return { visitorLogger };
+};
+export default createVisitorLogger;

package/src/modules/core/controllers/services/requests.service.js ADDED Viewed

@@ -0,0 +1,53 @@
+let instance = null;
+export function initRequestsService(db) {
+  const Request = db.request;
+  async function logRequest({ visitorId, req, userId = null, sessionId = null }) {
+    const request = await Request.create({
+      visitor: visitorId ? new db.mongoose.Types.ObjectId(visitorId) : null,
+      target: userId ? new db.mongoose.Types.ObjectId(userId) : null,
+      session: sessionId ? new db.mongoose.Types.ObjectId(sessionId) : null,
+      path: req.path,
+      method: req.method,
+      referer: req.headers['referer'] || null,
+      query: req.query ? JSON.stringify(req.query) : null,
+    });
+    return request;
+  }
+  async function getJourney(visitorId, { limit = 50, skip = 0 } = {}) {
+    const requests = await Request.find({ visitor: new db.mongoose.Types.ObjectId(visitorId) })
+      .sort({ timestamp: -1 })
+      .skip(skip)
+      .limit(limit)
+      .lean();
+    return requests;
+  }
+  async function getUserJourney(userId, { limit = 50, skip = 0 } = {}) {
+    const requests = await Request.find({ target: new db.mongoose.Types.ObjectId(userId) })
+      .sort({ timestamp: -1 })
+      .skip(skip)
+      .limit(limit)
+      .lean();
+    return requests;
+  }
+  instance = {
+    logRequest,
+    getJourney,
+    getUserJourney,
+  };
+  return instance;
+}
+export function getRequestsService() {
+  if (!instance) {
+    throw new Error('Requests service not initialized. Call initRequestsService(db) first.');
+  }
+  return instance;
+}
+export default { initRequestsService, getRequestsService };

package/src/modules/core/controllers/services/sessions.service.js ADDED Viewed

@@ -0,0 +1,98 @@
+const DEFAULT_SESSION_TTL = 864000; // 10 days in seconds
+let instance = null;
+export function initSessionsService(db) {
+  const Session = db.session;
+  async function createSession({ userId, visitorId = null, req, expiresIn = DEFAULT_SESSION_TTL }) {
+    const session = await Session.create({
+      target: new db.mongoose.Types.ObjectId(userId),
+      visitor: visitorId ? new db.mongoose.Types.ObjectId(visitorId) : null,
+      ip: req.ip,
+      userAgent: req.headers['user-agent'],
+      expiresAt: new Date(Date.now() + expiresIn * 1000),
+    });
+    return session;
+  }
+  async function validateSession({ sessionId, userId = null }) {
+    const query = {
+      _id: new db.mongoose.Types.ObjectId(sessionId),
+      isActive: true,
+      expiresAt: { $gt: new Date() },
+    };
+    if (userId) {
+      query.target = new db.mongoose.Types.ObjectId(userId);
+    }
+    const session = await Session.findOne(query).lean();
+    return session;
+  }
+  async function deactivateSession(sessionId) {
+    const session = await Session.findByIdAndUpdate(
+      sessionId,
+      {
+        isActive: false,
+        revokedAt: new Date(),
+      },
+      { new: true }
+    );
+    return session;
+  }
+  async function deactivateAllUserSessions(userId, reason = null) {
+    const result = await Session.updateMany(
+      {
+        target: new db.mongoose.Types.ObjectId(userId),
+        isActive: true,
+      },
+      {
+        isActive: false,
+        revokedAt: new Date(),
+      }
+    );
+    return result;
+  }
+  async function touchSession(sessionId) {
+    const session = await Session.findByIdAndUpdate(
+      sessionId,
+      { lastSeenAt: new Date() },
+      { new: true }
+    );
+    return session;
+  }
+  async function getActiveSessions(userId) {
+    const sessions = await Session.find({
+      target: new db.mongoose.Types.ObjectId(userId),
+      isActive: true,
+      expiresAt: { $gt: new Date() },
+    }).lean();
+    return sessions;
+  }
+  instance = {
+    createSession,
+    validateSession,
+    deactivateSession,
+    deactivateAllUserSessions,
+    touchSession,
+    getActiveSessions,
+  };
+  return instance;
+}
+export function getSessionsService() {
+  if (!instance) {
+    throw new Error('Sessions service not initialized. Call initSessionsService(db) first.');
+  }
+  return instance;
+}
+export default { initSessionsService, getSessionsService };

package/src/modules/core/controllers/services/visitors.service.js ADDED Viewed

@@ -0,0 +1,102 @@
+import crypto from 'crypto';
+const fingerprintCache = new Map();
+const generateFingerprint = req => {
+  const { ip, headers } = req;
+  const userAgent = headers['user-agent'] || '';
+  const acceptLanguage = headers['accept-language'] || '';
+  const key = `${ip}-${userAgent}-${acceptLanguage}`;
+  if (fingerprintCache.has(key)) {
+    return fingerprintCache.get(key);
+  }
+  const hash = crypto.createHash('sha256');
+  hash.update(key);
+  const digest = hash.digest('hex');
+  fingerprintCache.set(key, digest);
+  return digest;
+};
+const generateVisitorId = () => crypto.randomBytes(16).toString('hex');
+let instance = null;
+export function initVisitorsService(db) {
+  const Visitor = db.visitor;
+  async function findOrCreateVisitor(req) {
+    // Prefer cookie visitorId, fallback to fingerprint
+    let visitorId = req.cookies?.visitorId;
+    let visitor = null;
+    // Safe lookup by cookie ID (handle invalid ObjectId)
+    if (visitorId && db.mongoose.Types.ObjectId.isValid(visitorId)) {
+      try {
+        visitor = await Visitor.findById(visitorId);
+      } catch (err) {
+        // Invalid ObjectId format or DB error, ignore
+      }
+    }
+    if (!visitor) {
+      const fingerprint = generateFingerprint(req);
+      // Atomic upsert to avoid race condition E11000
+      visitor = await Visitor.findOneAndUpdate(
+        { fingerprint },
+        {
+          $setOnInsert: {
+            ip: req.ip,
+            userAgent: req.headers['user-agent'],
+            acceptLanguage: req.headers['accept-language'],
+            fingerprint,
+          },
+        },
+        { upsert: true, new: true }
+      );
+    }
+    return visitor;
+  }
+  async function linkVisitorToUser({ visitorId, userId, sessionId = null }) {
+    const visitor = await Visitor.findByIdAndUpdate(
+      visitorId,
+      {
+        target: new db.mongoose.Types.ObjectId(userId),
+        linkedAt: new Date(),
+      },
+      { new: true }
+    );
+    return visitor;
+  }
+  async function getVisitorByFingerprint(fingerprint) {
+    return Visitor.findOne({ fingerprint });
+  }
+  async function getVisitorById(visitorId) {
+    return Visitor.findById(visitorId);
+  }
+  instance = {
+    findOrCreateVisitor,
+    linkVisitorToUser,
+    getVisitorByFingerprint,
+    getVisitorById,
+    generateFingerprint,
+    generateVisitorId,
+  };
+  return instance;
+}
+export function getVisitorsService() {
+  if (!instance) {
+    throw new Error('Visitors service not initialized. Call initVisitorsService(db) first.');
+  }
+  return instance;
+}
+export default { initVisitorsService, getVisitorsService };

package/src/modules/core/controllers/utils/mailing.js CHANGED Viewed

@@ -38,12 +38,25 @@ async function sendEmail(to, subject, text, files = []) {
   }
 }
 async function sendSms(phone, message) {
-  const sessionUrl = `https://api.sms.to/sms/send?api_key=${process.env.SMS_API_KEY}&to=${phone}&message=${encodeURIComponent(message)}&sender_id=${encodeURIComponent(process.env.APP_NAME)}`;
   try {
-    const response = await axios.get(sessionUrl);
+    const response = await axios.post(
+      'https://api.brevo.com/v3/transactionalSMS/send',
+      {
+        recipient: phone,
+        sender: process.env.APP_NAME?.slice(0, 11) || 'App',
+        content: message,
+        type: 'transactional'
+      },
+      {
+        headers: {
+          'api-key': process.env.BREVO_API_KEY,
+          'Content-Type': 'application/json'
+        }
+      }
+    );
     return true;
   } catch (error) {
-    console.log(error);
+    console.error('SMS send failed');
     return false;
   }
 }

package/src/modules/core/core.server.js CHANGED Viewed

@@ -1,7 +1,16 @@
 import coreabac from './controllers/classes/abac/abac.js';
 import initCorePolicies from './controllers/policies/core.policies.js';
+import SessionModel from './models/session.model.js';
+import VisitorModel from './models/visitor.model.js';
+import RequestModel from './models/request.model.js';
+import { initSessionsService } from './controllers/services/sessions.service.js';
+import { initVisitorsService } from './controllers/services/visitors.service.js';
+import { initRequestsService } from './controllers/services/requests.service.js';
+import createVisitorLogger from './controllers/middlewares/visitor.logger.js';
 const { getInstance } = coreabac;
 // Ленивая загрузка WebSocketManager через асинхронную фабрику
@@ -19,8 +28,8 @@ async function createWebSocketManager(...args) {
 // Для обратной совместимости экспортируем как WebSocketManager
 const WebSocketManager = createWebSocketManager;
-function initializeCore(app, db, origins, publicPath) {
-  // Определяем модель Log только здесь
+function initializeCore(app, db, origins, publicPath, wss = null) {
+  // Log model
   db.log =
     db.mongoose.models.Log ||
     db.mongoose.model(
@@ -34,8 +43,41 @@ function initializeCore(app, db, origins, publicPath) {
         { versionKey: false }
       )
     );
+  // Session, Visitor, Request models
+  db.session = SessionModel(db);
+  db.visitor = VisitorModel(db);
+  db.request = RequestModel(db);
+  // Initialize services
+  initSessionsService(db);
+  initVisitorsService(db);
+  initRequestsService(db);
+  // ABAC
   const abac = getInstance(db);
   const corePolicies = initCorePolicies(abac);
+  // Visitor logger middleware
+  if (app) {
+    const { visitorLogger } = createVisitorLogger();
+    app.use(visitorLogger);
+  }
+  // WebSocket RPC methods
+  if (wss) {
+    wss.registerRpcMethod('core', 'getOnlineStatus', async ({ userId }) => {
+      if (!userId) return { isOnline: false, lastSeenAt: null };
+      const isOnline = wss.userConnections.has(userId.toString());
+      if (isOnline) return { isOnline: true, lastSeenAt: new Date() };
+      const session = await db.session.findOne(
+        { target: new db.mongoose.Types.ObjectId(userId), isActive: true },
+        { lastSeenAt: 1 },
+        { sort: { lastSeenAt: -1 } }
+      ).lean();
+      return { isOnline: false, lastSeenAt: session?.lastSeenAt || null };
+    }, { requireAuth: false });
+  }
 }
 export { WebSocketManager, initializeCore as initialize };
 export default {

package/src/modules/core/models/request.model.js ADDED Viewed

@@ -0,0 +1,30 @@
+export default db => {
+  const RequestSchema = new db.mongoose.Schema({
+    visitor: {
+      type: db.mongoose.Schema.Types.ObjectId,
+      ref: 'Visitor',
+    },
+    target: {
+      type: db.mongoose.Schema.Types.ObjectId,
+      ref: 'User',
+      default: null,
+    },
+    session: {
+      type: db.mongoose.Schema.Types.ObjectId,
+      ref: 'Session',
+      default: null,
+    },
+    path: String,
+    method: String,
+    referer: String,
+    query: String,
+    timestamp: { type: Date, default: Date.now },
+  });
+  RequestSchema.index({ visitor: 1 });
+  RequestSchema.index({ target: 1 }, { sparse: true });
+  RequestSchema.index({ timestamp: -1 });
+  const Request = db.mongoose.models.Request || db.mongoose.model('Request', RequestSchema);
+  return Request;
+};

package/src/modules/core/models/session.model.js ADDED Viewed

@@ -0,0 +1,43 @@
+export default db => {
+  const SessionSchema = new db.mongoose.Schema(
+    {
+      target: {
+        type: db.mongoose.Schema.Types.ObjectId,
+        ref: 'User',
+        required: true,
+      },
+      visitor: {
+        type: db.mongoose.Schema.Types.ObjectId,
+        ref: 'Visitor',
+        default: null,
+      },
+      isActive: {
+        type: Boolean,
+        default: true,
+      },
+      ip: String,
+      userAgent: String,
+      lastSeenAt: {
+        type: Date,
+        default: Date.now,
+      },
+      revokedAt: {
+        type: Date,
+        default: null,
+      },
+      expiresAt: {
+        type: Date,
+        required: true,
+      },
+    },
+    {
+      timestamps: true,
+    }
+  );
+  SessionSchema.index({ target: 1, isActive: 1 });
+  SessionSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+  const Session = db.mongoose.models.Session || db.mongoose.model('Session', SessionSchema);
+  return Session;
+};

package/src/modules/core/models/visitor.model.js ADDED Viewed

@@ -0,0 +1,28 @@
+export default db => {
+  const VisitorSchema = new db.mongoose.Schema(
+    {
+      ip: String,
+      userAgent: String,
+      acceptLanguage: String,
+      fingerprint: { type: String, unique: true },
+      target: {
+        type: db.mongoose.Schema.Types.ObjectId,
+        ref: 'User',
+        default: null,
+      },
+      linkedAt: {
+        type: Date,
+        default: null,
+      },
+    },
+    {
+      timestamps: true,
+    }
+  );
+  // fingerprint index created by unique: true
+  VisitorSchema.index({ target: 1 }, { sparse: true });
+  const Visitor = db.mongoose.models.Visitor || db.mongoose.model('Visitor', VisitorSchema);
+  return Visitor;
+};