@rpcbase/server 0.75.0 → 0.78.0

package/express/index.js

@@ -29,7 +29,7 @@ module.exports = () => {
     res.set("Cache-Control", "no-store")
     next()
   })
-
+  console.log("\nwowowowow\nwowowoowo\nlfdkfdskfjlkfjdskfjds\n\n")
   // CORS
   const cors_origins = is_production ?
     // https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard-subdomains-ports-and-protocols
@@ -43,6 +43,7 @@ module.exports = () => {
     // local dev origins
     [
       `http://localhost:${CLIENT_PORT}`,
+      `http://admin.localhost:${CLIENT_PORT}`,
       // WARNING: hardcoded port
       "http://localhost:8090", // TMP: used by inspected app from admin
       "http://localhost:9292", // TMP

package/mailer/index.js

@@ -3,11 +3,12 @@ const postmark = require("postmark")
 
 const {POSTMARK_API_KEY, IS_PRODUCTION} = process.env
 
-const is_production = IS_PRODUCTION === "yes"
+const is_production = true //IS_PRODUCTION === "yes"
+console.warn("email sender forcing is production")
 
 let client
 
-if (is_production) {
+if (is_production && typeof POSTMARK_API_KEY === "string" && POSTMARK_API_KEY.trim() !== "") {
   client = new postmark.ServerClient(POSTMARK_API_KEY)
 } else {
   client = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rpcbase/server",
-  "version": "0.75.0",
+  "version": "0.78.0",
   "license": "SSPL-1.0",
   "main": "./index.js",
   "bin": {
@@ -20,9 +20,10 @@
     "express": "4.18.1",
     "express-session": "1.17.3",
     "glob": "8.0.3",
+    "lodash": "4.17.21",
     "mongoose": "6.4.0",
     "picocolors": "1.0.0",
-    "postmark": "3.0.11",
+    "postmark": "3.0.12",
     "redis": "4.1.0",
     "validator": "13.7.0",
     "yargs": "17.5.1"

package/src/auth/forgot_password_email.html

@@ -0,0 +1,515 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="x-apple-disable-message-reformatting" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="color-scheme" content="light dark" />
+    <meta name="supported-color-schemes" content="light dark" />
+    <title></title>
+    <style type="text/css" rel="stylesheet" media="all">
+    /* Base ------------------------------ */
+
+    @import url("https://fonts.googleapis.com/css?family=Nunito+Sans:400,700&display=swap");
+    body {
+      width: 100% !important;
+      height: 100%;
+      margin: 0;
+      -webkit-text-size-adjust: none;
+    }
+
+    a {
+      color: #3869D4;
+    }
+
+    a img {
+      border: none;
+    }
+
+    td {
+      word-break: break-word;
+    }
+
+    .preheader {
+      display: none !important;
+      visibility: hidden;
+      mso-hide: all;
+      font-size: 1px;
+      line-height: 1px;
+      max-height: 0;
+      max-width: 0;
+      opacity: 0;
+      overflow: hidden;
+    }
+    /* Type ------------------------------ */
+
+    body,
+    td,
+    th {
+      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
+    }
+
+    h1 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 22px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    h2 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 16px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    h3 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 14px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    td,
+    th {
+      font-size: 16px;
+    }
+
+    p,
+    ul,
+    ol,
+    blockquote {
+      margin: .4em 0 1.1875em;
+      font-size: 16px;
+      line-height: 1.625;
+    }
+
+    p.sub {
+      font-size: 13px;
+    }
+    /* Utilities ------------------------------ */
+
+    .align-right {
+      text-align: right;
+    }
+
+    .align-left {
+      text-align: left;
+    }
+
+    .align-center {
+      text-align: center;
+    }
+    /* Buttons ------------------------------ */
+
+    .button {
+      background-color: #3869D4;
+      border-top: 10px solid #3869D4;
+      border-right: 18px solid #3869D4;
+      border-bottom: 10px solid #3869D4;
+      border-left: 18px solid #3869D4;
+      display: inline-block;
+      color: #FFF;
+      text-decoration: none;
+      border-radius: 3px;
+      box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16);
+      -webkit-text-size-adjust: none;
+      box-sizing: border-box;
+    }
+
+    .button--green {
+      background-color: #22BC66;
+      border-top: 10px solid #22BC66;
+      border-right: 18px solid #22BC66;
+      border-bottom: 10px solid #22BC66;
+      border-left: 18px solid #22BC66;
+    }
+
+    .button--red {
+      background-color: #FF6136;
+      border-top: 10px solid #FF6136;
+      border-right: 18px solid #FF6136;
+      border-bottom: 10px solid #FF6136;
+      border-left: 18px solid #FF6136;
+    }
+
+    @media only screen and (max-width: 500px) {
+      .button {
+        width: 100% !important;
+        text-align: center !important;
+      }
+    }
+    /* Attribute list ------------------------------ */
+
+    .attributes {
+      margin: 0 0 21px;
+    }
+
+    .attributes_content {
+      background-color: #F4F4F7;
+      padding: 16px;
+    }
+
+    .attributes_item {
+      padding: 0;
+    }
+    /* Related Items ------------------------------ */
+
+    .related {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .related_item {
+      padding: 10px 0;
+      color: #CBCCCF;
+      font-size: 15px;
+      line-height: 18px;
+    }
+
+    .related_item-title {
+      display: block;
+      margin: .5em 0 0;
+    }
+
+    .related_item-thumb {
+      display: block;
+      padding-bottom: 10px;
+    }
+
+    .related_heading {
+      border-top: 1px solid #CBCCCF;
+      text-align: center;
+      padding: 25px 0 10px;
+    }
+    /* Discount Code ------------------------------ */
+
+    .discount {
+      width: 100%;
+      margin: 0;
+      padding: 24px;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F4F4F7;
+      border: 2px dashed #CBCCCF;
+    }
+
+    .discount_heading {
+      text-align: center;
+    }
+
+    .discount_body {
+      text-align: center;
+      font-size: 15px;
+    }
+    /* Social Icons ------------------------------ */
+
+    .social {
+      width: auto;
+    }
+
+    .social td {
+      padding: 0;
+      width: auto;
+    }
+
+    .social_icon {
+      height: 20px;
+      margin: 0 8px 10px 8px;
+      padding: 0;
+    }
+    /* Data table ------------------------------ */
+
+    .purchase {
+      width: 100%;
+      margin: 0;
+      padding: 35px 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .purchase_content {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .purchase_item {
+      padding: 10px 0;
+      color: #51545E;
+      font-size: 15px;
+      line-height: 18px;
+    }
+
+    .purchase_heading {
+      padding-bottom: 8px;
+      border-bottom: 1px solid #EAEAEC;
+    }
+
+    .purchase_heading p {
+      margin: 0;
+      color: #85878E;
+      font-size: 12px;
+    }
+
+    .purchase_footer {
+      padding-top: 15px;
+      border-top: 1px solid #EAEAEC;
+    }
+
+    .purchase_total {
+      margin: 0;
+      text-align: right;
+      font-weight: bold;
+      color: #333333;
+    }
+
+    .purchase_total--label {
+      padding: 0 15px 0 0;
+    }
+
+    body {
+      background-color: #F4F4F7;
+      color: #51545E;
+    }
+
+    p {
+      color: #51545E;
+    }
+
+    p.sub {
+      color: #6B6E76;
+    }
+
+    .email-wrapper {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F4F4F7;
+    }
+
+    .email-content {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    /* Masthead ----------------------- */
+
+    .email-masthead {
+      padding: 25px 0;
+      text-align: center;
+    }
+
+    .email-masthead_logo {
+      width: 94px;
+    }
+
+    .email-masthead_name {
+      font-size: 16px;
+      font-weight: bold;
+      color: #A8AAAF;
+      text-decoration: none;
+      text-shadow: 0 1px 0 white;
+    }
+    /* Body ------------------------------ */
+
+    .email-body {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #FFFFFF;
+    }
+
+    .email-body_inner {
+      width: 570px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 570px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #FFFFFF;
+    }
+
+    .email-footer {
+      width: 570px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 570px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+
+    .email-footer p {
+      color: #6B6E76;
+    }
+
+    .body-action {
+      width: 100%;
+      margin: 30px auto;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+
+    .body-sub {
+      margin-top: 25px;
+      padding-top: 25px;
+      border-top: 1px solid #EAEAEC;
+    }
+
+    .content-cell {
+      padding: 35px;
+    }
+    /*Media Queries ------------------------------ */
+
+    @media only screen and (max-width: 600px) {
+      .email-body_inner,
+      .email-footer {
+        width: 100% !important;
+      }
+    }
+
+    @media (prefers-color-scheme: dark) {
+      body,
+      .email-body,
+      .email-body_inner,
+      .email-content,
+      .email-wrapper,
+      .email-masthead,
+      .email-footer {
+        background-color: #333333 !important;
+        color: #FFF !important;
+      }
+      p,
+      ul,
+      ol,
+      blockquote,
+      h1,
+      h2,
+      h3,
+      span,
+      .purchase_item {
+        color: #FFF !important;
+      }
+      .attributes_content,
+      .discount {
+        background-color: #222 !important;
+      }
+      .email-masthead_name {
+        text-shadow: none !important;
+      }
+    }
+
+    :root {
+      color-scheme: light dark;
+      supported-color-schemes: light dark;
+    }
+    </style>
+    <!--[if mso]>
+    <style type="text/css">
+      .f-fallback  {
+        font-family: Arial, sans-serif;
+      }
+    </style>
+  <![endif]-->
+  </head>
+  <body>
+    <span class="preheader">Your password reset link is ready</span>
+    <table class="email-wrapper" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+      <tr>
+        <td align="center">
+          <table class="email-content" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+            <tr>
+              <td class="email-masthead">
+                <a href="https://example.com" class="f-fallback email-masthead_name">
+                [Product Name]
+              </a>
+              </td>
+            </tr>
+            <!-- Email Body -->
+            <tr>
+              <td class="email-body" width="100%" cellpadding="0" cellspacing="0">
+                <table class="email-body_inner" align="center" width="570" cellpadding="0" cellspacing="0" role="presentation">
+                  <!-- Body content -->
+                  <tr>
+                    <td class="content-cell">
+                      <div class="f-fallback">
+                        <h1>Your password reset link</h1>
+                        <p>The password reset link you have requested is ready. If you did not request a password reset, ignore this email.</p>
+                        <!-- Action -->
+                        <table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+                          <tr>
+                            <td align="center">
+                              <!-- Border based button
+           https://litmus.com/blog/a-guide-to-bulletproof-buttons-in-email-design -->
+                              <table width="100%" border="0" cellspacing="0" cellpadding="0" role="presentation">
+                                <tr>
+                                  <td align="center">
+                                    <a href="<%= reset_url %>" class="f-fallback button" target="_blank">Reset My Password</a>
+                                  </td>
+                                </tr>
+                              </table>
+                            </td>
+                          </tr>
+                        </table>
+
+                        <table class="body-sub" role="presentation">
+                          <tr>
+                            <td>
+                              <p class="f-fallback sub">If you’re having trouble with the button above, copy and paste the URL below into your web browser.</p>
+                              <p class="f-fallback sub"><%= reset_url %></p>
+                            </td>
+                          </tr>
+                        </table>
+                      </div>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+            <tr>
+              <td>
+                <table class="email-footer" align="center" width="570" cellpadding="0" cellspacing="0" role="presentation">
+                  <tr>
+                    <td class="content-cell" align="center">
+                      <p class="f-fallback sub align-center">&copy; 2022 [Product Name]. All rights reserved.</p>
+                      <p class="f-fallback sub align-center">
+                        [Company Name, LLC]
+                        <br>1234 Street Rd.
+                        <br>Suite 1234
+                      </p>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </body>
+</html>

package/src/auth/index.js

@@ -4,6 +4,8 @@ const async_wrapper = require("../helpers/async_wrapper")
 const sign_up = require("./sign_up")
 const sign_in = require("./sign_in")
 const sign_out = require("./sign_out")
+const reset_password = require("./reset_password")
+const set_new_password = require("./set_new_password")
 const check_session = require("./check_session")
 
 const sign_up_handler = async(req, res) => {
@@ -21,6 +23,16 @@ const sign_out_handler = async(req, res) => {
   res.json(result)
 }
 
+const reset_password_handler = async(req, res) => {
+  const result = await reset_password(req.body, {req})
+  res.json(result)
+}
+
+const set_new_password_handler = async(req, res) => {
+  const result = await set_new_password(req.body, {req})
+  res.json(result)
+}
+
 const check_session_handler = async(req, res) => {
   const result = await check_session(req.body, {req})
   res.json(result)
@@ -31,5 +43,8 @@ module.exports = (app) => {
   app.post("/api/v1/auth/sign_in", async_wrapper(sign_in_handler))
   app.post("/api/v1/auth/sign_out", async_wrapper(sign_out_handler))
 
+  app.post("/api/v1/auth/reset_password", async_wrapper(reset_password_handler))
+  app.post("/api/v1/auth/set_new_password", async_wrapper(set_new_password_handler))
+
   app.post("/api/v1/auth/check_session", async_wrapper(check_session_handler))
 }

package/src/auth/reset_password.js

@@ -0,0 +1,70 @@
+/* @flow */
+const _template = require("lodash/template")
+const fs = require("fs")
+const path = require("path")
+const isEmail = require("validator/lib/isEmail")
+
+const {hash_password, compare_hash} = require("@rpcbase/std/crypto/hash")
+const get_random_str = require("@rpcbase/std/crypto/get_random_str")
+
+const mailer = require("../../mailer")
+const mongoose = require("../../mongoose")
+const ResetPasswordToken = require("../models/ResetPasswordToken")
+
+
+const {APP_DOMAIN} = process.env
+
+const email_tpl = _template(
+  fs.readFileSync(path.join(__dirname, "./forgot_password_email.html"), "utf8")
+)
+
+
+const reset_password = async({email}, ctx) => {
+  const User = mongoose.model("User")
+
+  if (!isEmail(email)) {
+    throw new Error("reset_password:: invalid email")
+  }
+
+  const user = await User.findOne({email}, null, {ctx})
+
+  if (!user) {
+    // TODO: add random delay to prevent detecting if account exists based on response time
+    return {status: "ok"}
+  }
+
+  const token = get_random_str(32)
+  const token_hash = await hash_password(token)
+
+  console.log("WOWOOWOWOW", await compare_hash(token, token_hash))
+
+  console.log("token", token)
+  console.log("token_hash", token_hash)
+
+  const reset_token = new ResetPasswordToken({
+    user_id: user._id,
+    token_hash,
+  })
+
+  await reset_token.save()
+
+  const reset_url = `https://${APP_DOMAIN}/set-new-password?id=${user._id}&token=${token}`
+
+  const res = await mailer.sendEmail({
+    From: "hello@commit-queue.com",
+    To: user.email,
+    Subject: "Your password reset link",
+    HtmlBody: email_tpl({
+      reset_url,
+    }),
+  })
+
+  // cleanup if email wasn't sent
+  if (res.Message !== "OK") {
+    await reset_token.delete()
+  }
+
+  return {status: "ok"}
+}
+
+module.exports = reset_password

package/src/auth/set_new_password.js

@@ -0,0 +1,63 @@
+/* @flow */
+const _template = require("lodash/template")
+const fs = require("fs")
+const path = require("path")
+const isEmail = require("validator/lib/isEmail")
+
+const {hash_password, compare_hash} = require("@rpcbase/std/crypto/hash")
+const get_random_str = require("@rpcbase/std/crypto/get_random_str")
+
+const mailer = require("../../mailer")
+const mongoose = require("../../mongoose")
+const ResetPasswordToken = require("../models/ResetPasswordToken")
+
+const {APP_DOMAIN} = process.env
+
+const email_tpl = _template(
+  fs.readFileSync(path.join(__dirname, "./set_new_password_email.html"), "utf8")
+)
+
+const set_new_password = async({user_id, token, password}, ctx) => {
+  const User = mongoose.model("User")
+
+  const reset_tokens = await ResetPasswordToken.find({user_id})
+    .limit(100)
+
+  if (reset_tokens.length === 0) {
+    return {
+      message: "Unable to validate reset token, please try again in a moment"
+    }
+  }
+
+  let is_match = false
+
+  for (let i = 0; i < reset_tokens.length; i++) {
+    const op = await compare_hash(token, reset_tokens[i].token_hash)
+    if (op) {
+      is_match = true
+      break
+    }
+  }
+
+  if (!is_match) {
+    return {
+      message: "Invalid or expired token, please try again in a moment"
+    }
+  }
+
+  // token is valid, update the user password
+  const user = await User.findOne({_id: user_id}, null, {ctx})
+  const hashed_password = await hash_password(password)
+  user.password_hash = hashed_password
+
+  await user.save()
+
+  // WARNING:
+  // TODO: important! notify the user that their password has been reset
+
+  return {
+    status: "ok"
+  }
+}
+
+module.exports = set_new_password

package/src/auth/set_new_password_email.html

@@ -0,0 +1,3 @@
+todo: implement notification email
+
+your password has been reset

package/src/auth/sign_in.js

@@ -17,7 +17,6 @@ const sign_in = async({email, password}, ctx) => {
   // const user = await User.findOne({email}, null, {ctx})
   const user = await User.findOne({email}, null)
 
-  // console.log("ICII2222", email, password, user)
 
   if (!user) {
     return fail()
@@ -25,9 +24,6 @@ const sign_in = async({email, password}, ctx) => {
 
   const hashed_pass = user.password_hash
 
-  // TODO: fix broken bcrypt bins in docker
-  // const is_match = await bcrypt.compare(password, hashed_pass)
-  console.warn("warning: skipping bcrypt hash check")
   const is_match = await compare_hash(password, hashed_pass)
 
   if (is_match) {

package/src/models/ResetPasswordToken.js

@@ -0,0 +1,14 @@
+/* @flow */
+const mongoose = require("../../mongoose")
+
+const ResetPasswordToken = mongoose.model("ResetPasswordToken", {
+  user_id: String,
+  token_hash: String,
+  created_at: {
+    type: Date,
+    expires: 360, // 6min
+    default: Date.now,
+  }
+})
+
+module.exports = ResetPasswordToken