@triophore/falconjs 1.0.0

package/FalconAuthPlugin.js

@@ -0,0 +1,473 @@
+'use strict';
+
+const Joi = require('joi');
+const Boom = require('@hapi/boom');
+const { jwtVerify, createRemoteJWKSet, SignJWT } = require('jose');
+const Cookie = require('@hapi/cookie');
+const Basic = require('@hapi/basic');
+
+/**
+ * Generalized Authentication Plugin for Falcon.js
+ * Supports custom auth, JWT, Cookie, JWKS with caching and logging
+ */
+
+class FalconAuth {
+  constructor(options = {}, context = {}) {
+    this.options = this.validateOptions(options);
+    this.context = context;
+    this.logger = context.logger || console;
+    this.redis = context.redis;
+    this.jwksCache = new Map();
+    this.remoteJWKSets = new Map();
+  }
+
+  validateOptions(options) {
+    const schema = Joi.object({
+      custom: Joi.object({
+        validate: Joi.func().required(),
+        extractToken: Joi.func().optional(),
+        name: Joi.string().default('custom')
+      }).optional(),
+
+      jwt: Joi.object({
+        secret: Joi.string().required(),
+        algorithms: Joi.array().items(Joi.string()).default(['HS256']),
+        validate: Joi.func().required(),
+        cache: Joi.object({
+          enabled: Joi.boolean().default(true),
+          ttl: Joi.number().default(300) // 5 minutes
+        }).default({ enabled: true, ttl: 300 })
+      }).optional(),
+
+      cookie: Joi.object({
+        password: Joi.string().min(32).required(),
+        name: Joi.string().default('falcon-session'),
+        ttl: Joi.number().default(24 * 60 * 60 * 1000),
+        isSecure: Joi.boolean().default(true),
+        isHttpOnly: Joi.boolean().default(true),
+        validate: Joi.func().required()
+      }).optional(),
+
+      jwks: Joi.object({
+        jwksUri: Joi.string().uri().required(),
+        issuer: Joi.string().optional(),
+        audience: Joi.string().optional(),
+        algorithms: Joi.array().items(Joi.string()).default(['RS256']),
+        validate: Joi.func().required(),
+        cache: Joi.object({
+          enabled: Joi.boolean().default(true),
+          ttl: Joi.number().default(3600) // 1 hour
+        }).default({ enabled: true, ttl: 3600 })
+      }).optional(),
+
+      socketio: Joi.object({
+        enabled: Joi.boolean().default(true),
+        timeout: Joi.number().default(5000)
+      }).default({ enabled: true, timeout: 5000 })
+    });
+
+    const { error, value } = schema.validate(options);
+    if (error) throw error;
+    return value;
+  }
+
+  // Hapi.js Plugin Registration
+  async registerHapi(server) {
+    await server.register([Cookie, Basic]);
+
+    // Custom Authentication
+    if (this.options.custom) {
+      await this.registerCustom(server);
+    }
+
+    // JWT Authentication
+    if (this.options.jwt) {
+      await this.registerJWT(server);
+    }
+
+    // Cookie Authentication
+    if (this.options.cookie) {
+      await this.registerCookie(server);
+    }
+
+    // JWKS Authentication
+    if (this.options.jwks) {
+      await this.registerJWKS(server);
+    }
+
+    // Set default strategy if only one is configured
+    const strategies = Object.keys(this.options).filter(k => k !== 'socketio');
+    if (strategies.length === 1) {
+      server.auth.default(strategies[0]);
+    }
+  }
+
+  async registerCustom(server) {
+    const customAuth = {
+      authenticate: async (request, h) => {
+        try {
+          const token = this.extractToken(request, this.options.custom.extractToken);
+          if (!token) {
+            throw Boom.unauthorized('Authentication required');
+          }
+
+          // Check cache first
+          const cacheKey = `auth:custom:${this.hashToken(token)}`;
+          let user = await this.getFromCache(cacheKey);
+
+          if (!user) {
+            user = await this.options.custom.validate(token, request, this.context);
+            if (user) {
+              await this.setCache(cacheKey, user, 300); // 5 minutes
+            }
+          }
+
+          if (!user) {
+            throw Boom.unauthorized('Invalid authentication');
+          }
+
+          return h.authenticated({ credentials: user });
+        } catch (error) {
+          this.logger.warn('Custom auth failed:', error.message);
+          throw Boom.unauthorized('Authentication failed');
+        }
+      }
+    };
+
+    server.auth.scheme('falcon-custom', () => customAuth);
+    server.auth.strategy(this.options.custom.name, 'falcon-custom');
+  }
+
+  async registerJWT(server) {
+    const jwtAuth = require('hapi-auth-jwt2');
+    await server.register(jwtAuth);
+
+    server.auth.strategy('jwt', 'jwt', {
+      key: this.options.jwt.secret,
+      validate: async (decoded, request) => {
+        try {
+          // Check cache first
+          const cacheKey = `auth:jwt:${decoded.sub || decoded.id}`;
+          let user = null;
+
+          if (this.options.jwt.cache.enabled) {
+            user = await this.getFromCache(cacheKey);
+          }
+
+          if (!user) {
+            user = await this.options.jwt.validate(decoded, request, this.context);
+            if (user && this.options.jwt.cache.enabled) {
+              await this.setCache(cacheKey, user, this.options.jwt.cache.ttl);
+            }
+          }
+
+          return { isValid: !!user, credentials: user };
+        } catch (error) {
+          this.logger.warn('JWT validation failed:', error.message);
+          return { isValid: false };
+        }
+      },
+      verifyOptions: {
+        algorithms: this.options.jwt.algorithms
+      }
+    });
+  }
+
+  async registerCookie(server) {
+    server.auth.strategy('cookie', 'cookie', {
+      cookie: {
+        name: this.options.cookie.name,
+        password: this.options.cookie.password,
+        ttl: this.options.cookie.ttl,
+        isSecure: this.options.cookie.isSecure,
+        isHttpOnly: this.options.cookie.isHttpOnly,
+        clearInvalid: true,
+        strictHeader: true
+      },
+      redirectTo: false,
+      validate: async (request, session) => {
+        try {
+          const result = await this.options.cookie.validate(request, session, this.context);
+          return { isValid: !!result, credentials: result };
+        } catch (error) {
+          this.logger.warn('Cookie validation failed:', error.message);
+          return { isValid: false };
+        }
+      }
+    });
+  }
+
+  async registerJWKS(server) {
+    const jwtAuth = require('hapi-auth-jwt2');
+    await server.register(jwtAuth);
+
+    // Create remote JWKS using JOSE
+    const JWKS = createRemoteJWKSet(new URL(this.options.jwks.jwksUri));
+    this.remoteJWKSets.set(this.options.jwks.jwksUri, JWKS);
+
+    server.auth.strategy('jwks', 'jwt', {
+      key: async (decoded) => {
+        try {
+          // Use JOSE for JWKS verification
+          const { payload } = await jwtVerify(decoded, JWKS, {
+            issuer: this.options.jwks.issuer,
+            audience: this.options.jwks.audience
+          });
+          return payload;
+        } catch (error) {
+          this.logger.warn('JWKS verification failed:', error.message);
+          throw error;
+        }
+      },
+      validate: async (decoded, request) => {
+        try {
+          // Check cache first
+          const cacheKey = `auth:jwks:${decoded.sub}`;
+          let user = null;
+
+          if (this.options.jwks.cache.enabled) {
+            user = await this.getFromCache(cacheKey);
+          }
+
+          if (!user) {
+            user = await this.options.jwks.validate(decoded, request, this.context);
+            if (user && this.options.jwks.cache.enabled) {
+              await this.setCache(cacheKey, user, this.options.jwks.cache.ttl);
+            }
+          }
+
+          return { isValid: !!user, credentials: user };
+        } catch (error) {
+          this.logger.warn('JWKS validation failed:', error.message);
+          return { isValid: false };
+        }
+      },
+      verifyOptions: {
+        algorithms: this.options.jwks.algorithms
+      }
+    });
+  }
+
+  // Socket.IO Authentication Middleware
+  createSocketIOMiddleware() {
+    if (!this.options.socketio.enabled) {
+      return (socket, next) => next();
+    }
+
+    return async (socket, next) => {
+      try {
+        const token = this.extractSocketToken(socket);
+        if (!token) {
+          return next(new Error('Authentication required'));
+        }
+
+        const user = await this.validateSocketToken(token);
+        if (!user) {
+          return next(new Error('Invalid authentication'));
+        }
+
+        socket.user = user;
+        socket.authenticated = true;
+        this.logger.info(`Socket.IO user authenticated: ${user.id || 'unknown'}`);
+        next();
+      } catch (error) {
+        this.logger.warn('Socket.IO auth failed:', error.message);
+        next(new Error('Authentication failed: ' + error.message));
+      }
+    };
+  }
+
+  extractSocketToken(socket) {
+    const { token, auth, authorization } = socket.handshake.auth || {};
+    
+    if (token) return token;
+    if (auth) return auth;
+    
+    const authHeader = socket.handshake.headers.authorization;
+    if (authHeader?.startsWith('Bearer ')) {
+      return authHeader.substring(7);
+    }
+    
+    return socket.handshake.query.token;
+  }
+
+  async validateSocketToken(token) {
+    // Try custom auth first
+    if (this.options.custom) {
+      try {
+        const cacheKey = `auth:custom:${this.hashToken(token)}`;
+        let user = await this.getFromCache(cacheKey);
+        
+        if (!user) {
+          user = await this.options.custom.validate(token, null, this.context);
+          if (user) {
+            await this.setCache(cacheKey, user, 300);
+          }
+        }
+        
+        if (user) return user;
+      } catch (error) {
+        this.logger.debug('Custom socket auth failed:', error.message);
+      }
+    }
+
+    // Try JWT
+    if (this.options.jwt) {
+      try {
+        const jwt = require('jsonwebtoken');
+        const decoded = jwt.verify(token, this.options.jwt.secret, {
+          algorithms: this.options.jwt.algorithms
+        });
+        
+        const cacheKey = `auth:jwt:${decoded.sub || decoded.id}`;
+        let user = null;
+        
+        if (this.options.jwt.cache.enabled) {
+          user = await this.getFromCache(cacheKey);
+        }
+        
+        if (!user) {
+          user = await this.options.jwt.validate(decoded, null, this.context);
+          if (user && this.options.jwt.cache.enabled) {
+            await this.setCache(cacheKey, user, this.options.jwt.cache.ttl);
+          }
+        }
+        
+        if (user) return user;
+      } catch (error) {
+        this.logger.debug('JWT socket auth failed:', error.message);
+      }
+    }
+
+    // Try JWKS
+    if (this.options.jwks) {
+      try {
+        const JWKS = this.remoteJWKSets.get(this.options.jwks.jwksUri);
+        if (JWKS) {
+          const { payload } = await jwtVerify(token, JWKS, {
+            issuer: this.options.jwks.issuer,
+            audience: this.options.jwks.audience
+          });
+          
+          const cacheKey = `auth:jwks:${payload.sub}`;
+          let user = null;
+          
+          if (this.options.jwks.cache.enabled) {
+            user = await this.getFromCache(cacheKey);
+          }
+          
+          if (!user) {
+            user = await this.options.jwks.validate(payload, null, this.context);
+            if (user && this.options.jwks.cache.enabled) {
+              await this.setCache(cacheKey, user, this.options.jwks.cache.ttl);
+            }
+          }
+          
+          if (user) return user;
+        }
+      } catch (error) {
+        this.logger.debug('JWKS socket auth failed:', error.message);
+      }
+    }
+
+    return null;
+  }
+
+  // Utility methods
+  extractToken(request, customExtractor) {
+    if (customExtractor) {
+      return customExtractor(request);
+    }
+    
+    const authHeader = request.headers.authorization;
+    if (authHeader?.startsWith('Bearer ')) {
+      return authHeader.substring(7);
+    }
+    
+    return request.query.token || request.payload?.token;
+  }
+
+  hashToken(token) {
+    const crypto = require('crypto');
+    return crypto.createHash('sha256').update(token).digest('hex').substring(0, 16);
+  }
+
+  async getFromCache(key) {
+    if (!this.redis) return null;
+    
+    try {
+      const cached = await this.redis.get(key);
+      return cached ? JSON.parse(cached) : null;
+    } catch (error) {
+      this.logger.warn('Cache get failed:', error.message);
+      return null;
+    }
+  }
+
+  async setCache(key, value, ttl) {
+    if (!this.redis) return;
+    
+    try {
+      await this.redis.setEx(key, ttl, JSON.stringify(value));
+    } catch (error) {
+      this.logger.warn('Cache set failed:', error.message);
+    }
+  }
+
+  // Manual token validation for custom middleware
+  async validateToken(token, type = 'auto') {
+    if (type === 'auto' || type === 'custom') {
+      if (this.options.custom) {
+        try {
+          return await this.options.custom.validate(token, null, this.context);
+        } catch (error) {
+          if (type === 'custom') throw error;
+        }
+      }
+    }
+
+    if (type === 'auto' || type === 'jwt') {
+      if (this.options.jwt) {
+        try {
+          const jwt = require('jsonwebtoken');
+          const decoded = jwt.verify(token, this.options.jwt.secret);
+          return await this.options.jwt.validate(decoded, null, this.context);
+        } catch (error) {
+          if (type === 'jwt') throw error;
+        }
+      }
+    }
+
+    if (type === 'auto' || type === 'jwks') {
+      if (this.options.jwks) {
+        try {
+          const JWKS = this.remoteJWKSets.get(this.options.jwks.jwksUri);
+          const { payload } = await jwtVerify(token, JWKS);
+          return await this.options.jwks.validate(payload, null, this.context);
+        } catch (error) {
+          if (type === 'jwks') throw error;
+        }
+      }
+    }
+
+    throw new Error('Invalid token or unsupported type');
+  }
+}
+
+// Hapi.js Plugin Export
+const plugin = {
+  name: 'falcon-auth',
+  version: '2.0.0',
+  register: async function (server, options) {
+    // Get context from server app (passed from Falcon.js)
+    const context = server.app.falconContext || {};
+    
+    const falconAuth = new FalconAuth(options, context);
+    await falconAuth.registerHapi(server);
+    
+    // Expose auth instance for Socket.IO use
+    server.app.falconAuth = falconAuth;
+  }
+};
+
+module.exports = { plugin, FalconAuth };

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Triophore Technologies
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,2 @@
+# falconjs
+simple server framework for nodejs

package/core/auth.js

@@ -0,0 +1,200 @@
+const FormData = require('form-data');
+const axios = require('axios');
+
+
+class AuthBuilder {
+
+    constructor(config) {
+        this.config = config;
+        this._state_got_json = false;
+        this.log = console.log
+        this.intervalID = null;
+        this.tick = 0
+        this.expires_seconds = 0
+        this.access_token = null;
+        this.scope = null;
+        this.api_domain = null;
+        this.token_type = null;
+        // this.grant_token = null;
+        // this.refresh_token = null;
+        this.run_timer_grant = false
+
+    }
+
+    async refreshGrantToken() {
+        try {
+            const _temp_access = await this.getAccessToken();
+            if (_temp_access.status == 200) {
+                if (_temp_access.data) {
+                    this.log("network is connected")
+                    this.log("waiting for token")
+                    // this.log(_temp_access.data)
+                    if (_temp_access.data.error) {
+                        this.log("error in request")
+                        this.log(_temp_access.data.error)
+                        this.log("error in request")
+                    } else {
+                        if (this.is_valid_token(_temp_access.data)) {
+                            this.log("valid token")
+                            this.log(_temp_access.data)
+                            this.log("valid token")
+                            
+                            if (this.run_timer_grant) {
+                                this.log("starting token watcher..")
+                                const self = this;
+                                if (this.intervalID) {
+                                    clearInterval(this.intervalID);
+                                }
+                                this.intervalID = setInterval(async function () {
+                                    await self.timer_tick();
+                                }, 1000);
+                                this.log("starting token watcher..")
+                            }
+                            this.expires_seconds = _temp_access.data.expires_in - 200;
+                            this.access_token = _temp_access.data.access_token;
+                            this.scope = _temp_access.data.scope;
+                            this.api_domain = _temp_access.data.api_domain;
+                            this.token_type = _temp_access.data.token_type;
+                            // await this.fileStore("./code.txt",JSON.stringify(_temp_access.data,null,2) + "\n")
+                            // await this.GetRefreshToken()
+                        } else {
+                            this.log("invalid token")
+                            this.log(_temp_access.data)
+                            this.log("invalid token")
+                        }
+                    }
+                }
+            } else {
+                this.log("network is connection failed")
+            }
+        } catch (error) {
+            this.log("network is connection failed")
+            this.log(error)
+            this.log("network is connection failed")
+        }
+    }
+
+    async fileStore(fpath,fdata){
+        await require("fs/promises").appendFile(fpath,fdata)
+    }
+
+    async timer_tick() {
+        this.log("Timer tick.. " + this.tick + " -- Exp -- " + this.expires_seconds)
+        this.tick = this.tick + 1;
+
+        if (this.tick === this.expires_seconds) {
+            this.log("Getting new refresh token..")
+            await this.refreshGrantToken();
+            this.tick = 0;
+        }
+    }
+
+    is_valid_token(token_schema) {
+        /*
+        {
+            access_token: '1000.7b8a17c59a012b163f9f2372059ef69d.ea44578a4cb4c0bb24808dea929917f3',
+            scope: 'ZohoCRM.modules.leads.ALL',
+            api_domain: 'https://www.zohoapis.com',
+            token_type: 'Bearer',
+            expires_in: 3600
+        }
+        */
+        if (
+            token_schema.hasOwnProperty('access_token') &&
+            token_schema.hasOwnProperty('scope') &&
+            token_schema.hasOwnProperty('api_domain') &&
+            token_schema.hasOwnProperty('token_type') &&
+            token_schema.hasOwnProperty('expires_in')
+        ) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    // is_valid_token_access_refresh(token_schema) {
+    //     /*
+    //     {
+    //         "access_token": "{access_token}",
+    //         "refresh_token": "{refresh_token}",
+    //         "api_domain": "https://www.zohoapis.com",
+    //         "token_type": "Bearer",
+    //         "expires_in": 3600
+    //     }
+    //     */
+    //     if (
+    //         token_schema.hasOwnProperty('access_token') &&
+    //         token_schema.hasOwnProperty('refresh_token') &&
+    //         token_schema.hasOwnProperty('api_domain') &&
+    //         token_schema.hasOwnProperty('token_type') &&
+    //         token_schema.hasOwnProperty('expires_in')
+    //     ) {
+    //         return true;
+    //     } else {
+    //         return false;
+    //     }
+    // }
+
+    // async GetAccessToken() { }
+    async GetRefreshToken() {
+        try {
+            var c = await this.getToken()
+            this.log("...TOKEN FROM SERVER...")
+            this.log(c.data)
+            this.log("...TOKEN FROM SERVER...")
+        } catch (error) {
+            this.log(error)
+        }
+    }
+
+    async init() {
+        this.log("init starting token ")
+        await this.refreshGrantToken()
+    }
+
+    // async reset() {
+
+    // }
+
+    // async getToken() {
+    //     const login_auth_url = `${this.config.regions.US}/oauth/v2/token`;
+    //     const form_data = new FormData();
+    //     form_data.append('client_id', this.config.zoho_client_id);
+    //     form_data.append('client_secret', this.config.zoho_client_secret);
+    //     form_data.append('grant_type', 'authorization_code');
+    //     form_data.append('redirect_uri', this.config.zoho_redirect_uri);
+    //     form_data.append('code', this.grant_token);
+    //     this.log(form_data)
+    //     return await axios.post(login_auth_url, form_data,{
+    //         headers: {
+    //             'Content-Type': 'multipart/form-data' // Important for file uploads
+    //         }
+    //     });
+
+    // }
+
+
+    // login() {
+    //     const login_url = this.getLoginUrl();
+    //     const form = new FormData();
+    //     form.append('client_id', this.config.zoho_client_id);
+    //     form.append('client_secret', this.config.zoho_client_secret);
+    //     form.append('code', this.config.zoho_client_code);
+    //     form.append('redirect_uri', this.config.zoho_redirect_uri);
+    //     form.append('grant_type', 'authorization_code');
+
+
+    // }
+
+    async getAccessToken() {
+        const login_auth_url = `${this.config.regions.US}/oauth/v2/token?client_id=${this.config.zoho_client_id}&client_secret=${this.config.zoho_client_secret}&grant_type=client_credentials&scope=${this.config.zoho_scope}&soid=${this.config.zoho_org_id}`;
+        this.log(login_auth_url)
+        return await axios.post(login_auth_url);
+    }
+
+    getLoginUrl() {
+        return `${this.config.regions.US}/oauth/v2/token`
+    }
+}
+
+module.exports.AuthBuilder = AuthBuilder;

package/core/cache/redis_cacher.js

@@ -0,0 +1,7 @@
+// module.exports.get = async function(){}
+// module.exports.set = async function(){}
+// module.exports.clear = async function(){}
+
+module.exports.redis_cache = function(CONTEXT){
+    CONTEXT["mongoose"]
+}