@xenterprises/fastify-xconfig 0.0.1 → 0.0.2

package/src/auth/admin.js

@@ -0,0 +1,241 @@
+import jwt from "@fastify/jwt";
+import bcrypt from "bcrypt";
+const isProduction = process.env.NODE_ENV === 'production';
+export async function setupAdminAuth(fastify, options) {
+  if (options.admin?.active !== false) {
+
+    // Ensure the admin JWT secret is provided
+    if (!options.admin.secret) {
+      throw new Error("Admin JWT secret must be provided.");
+    }
+
+    const adminAuthOptions = options.admin;
+    const adminCookieName =
+      adminAuthOptions.cookieOptions?.name || "adminToken";
+    const adminRefreshCookieName =
+      adminAuthOptions.cookieOptions?.refreshTokenName || "adminRefreshToken";
+    const adminCookieOptions = {
+      httpOnly: true,  // Ensures the cookie is not accessible via JavaScript
+      secure: isProduction,  // true in production (HTTPS), false in development (HTTP)
+      sameSite: isProduction ? 'None' : 'Lax',  // 'None' for cross-origin, 'Lax' for development
+      path: '/',  // Ensure cookies are valid for the entire site
+    };
+    const adminExcludedPaths = adminAuthOptions.excludedPaths || [
+      "/admin/auth/login",
+      "/admin/auth/logout",
+    ];
+
+    // Decorator to hash admin passwords
+    async function hashAdminPassword(password) {
+      const saltRounds = 10;  // Number of salt rounds for bcrypt (10 is generally a good default)
+      try {
+        const hashedPassword = await bcrypt.hash(password, saltRounds);
+        return hashedPassword;
+      } catch (error) {
+        throw new Error("Failed to hash password: " + error.message);
+      }
+    }
+
+    fastify.decorate("hashAdminPassword", hashAdminPassword);
+
+    // Register JWT for admin
+    await fastify.register(jwt, {
+      secret: adminAuthOptions.secret,
+      sign: { algorithm: 'HS256', expiresIn: adminAuthOptions.expiresIn || "15m" },
+      cookie: {
+        cookieName: adminCookieName,
+        signed: false,
+      },
+      namespace: "adminJwt",
+      jwtVerify: "adminJwtVerify",
+      jwtSign: "adminJwtSign",
+    });
+
+    // Common function to set tokens as cookies
+    const setAdminAuthCookies = (reply, accessToken, refreshToken) => {
+      reply.setCookie(adminCookieName, accessToken, adminCookieOptions);
+      reply.setCookie(adminRefreshCookieName, refreshToken, {
+        // ...adminCookieOptions,
+        httpOnly: true,  // Ensures the cookie is not accessible via JavaScript
+        secure: isProduction,  // true in production (HTTPS), false in development (HTTP)
+        sameSite: isProduction ? 'None' : 'Lax',  // 'None' for cross-origin, 'Lax' for development
+        path: '/',  // Ensure cookies are valid for the entire site
+      });
+    };
+
+    // Admin authentication hook
+    fastify.addHook("onRequest", async (request, reply) => {
+      const url = request.url;
+
+      // Skip authentication for excluded paths
+      if (adminExcludedPaths.some((path) => url.startsWith(path))) {
+        return;
+      }
+
+      if (url.startsWith("/admin")) {
+        try {
+          // Extract token from cookie or Authorization header
+          const authHeader = request.headers.authorization;
+          const authToken =
+            authHeader && authHeader.startsWith("Bearer ")
+              ? authHeader.slice(7)
+              : null;
+          const token = request.cookies[adminCookieName] || authToken;
+
+          if (!token) {
+            throw fastify.httpErrors.unauthorized(
+              "Admin access token not provided"
+            );
+          }
+
+          // Verify access token
+          const decoded = await request.adminJwtVerify(token);
+          request.adminAuth = decoded; // Attach admin auth context
+        } catch (err) {
+          // Use built-in HTTP error handling
+          reply.send(
+            fastify.httpErrors.unauthorized("Invalid or expired access token")
+          );
+        }
+      }
+    });
+
+    // Admin login route
+    fastify.post("/admin/auth/login", async (req, reply) => {
+      try {
+        const { email, password } = req.body;
+
+        // Validate input
+        if (!email || !password) {
+          throw fastify.httpErrors.badRequest(
+            "Email and password are required"
+          );
+        }
+
+        // Fetch admin from the database
+        const admin = await fastify.prisma.admins.findUnique({
+          where: { email },
+        });
+        if (!admin) {
+          throw fastify.httpErrors.unauthorized("Invalid credentials");
+        }
+
+        // Compare passwords using bcrypt
+        const isValidPassword = await bcrypt.compare(password, admin.password);
+        if (!isValidPassword) {
+          throw fastify.httpErrors.unauthorized("Invalid credentials");
+        }
+
+        // Issue access token
+        const accessToken = await reply.adminJwtSign({ id: admin.id });
+
+        // Generate refresh token
+        const refreshToken = randomUUID();
+        const hashedRefreshToken = await bcrypt.hash(refreshToken, 10);
+
+        // Store hashed refresh token in the database
+        await fastify.prisma.admins.update({
+          where: { id: admin.id },
+          data: { refreshToken: hashedRefreshToken },
+        });
+
+        // Set tokens as cookies
+        setAdminAuthCookies(reply, accessToken, refreshToken);
+
+        reply.send({ accessToken });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // Admin refresh token route
+    fastify.post("/admin/auth/refresh", async (req, reply) => {
+      try {
+        const adminAuth = req.adminAuth;
+        const refreshToken = req.cookies[adminRefreshCookieName];
+        if (!refreshToken) {
+          throw fastify.httpErrors.unauthorized("Refresh token not provided");
+        }
+
+        // Fetch admin from the database using the refresh token
+        const admin = await fastify.prisma.admins.findFirst({
+          where: { id: adminAuth.id, refreshToken: { not: null } },
+        });
+        if (!admin) {
+          throw fastify.httpErrors.unauthorized("Invalid refresh token");
+        }
+
+        // Verify the refresh token
+        const isValid = await bcrypt.compare(refreshToken, admin.refreshToken);
+        if (!isValid) {
+          throw fastify.httpErrors.unauthorized("Invalid refresh token");
+        }
+
+        // Issue new access token
+        const accessToken = await reply.adminJwtSign({ id: admin.id });
+
+        // Generate new refresh token
+        const newRefreshToken = randomUUID();
+        const hashedNewRefreshToken = await bcrypt.hash(newRefreshToken, 10);
+
+        // Update refresh token in the database
+        await fastify.prisma.admins.update({
+          where: { id: admin.id },
+          data: { refreshToken: hashedNewRefreshToken },
+        });
+
+        // Set new tokens as cookies
+        setAdminAuthCookies(reply, accessToken, newRefreshToken);
+
+        reply.send({ accessToken });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // Admin logout route
+    fastify.post("/admin/auth/logout", async (req, reply) => {
+      try {
+        const adminAuth = req.adminAuth;
+        if (adminAuth) {
+          // Delete refresh token from the database
+          await fastify.prisma.admins.update({
+            where: { id: adminAuth.id },
+            data: { refreshToken: null },
+          });
+        }
+
+        // Clear cookies
+        reply.clearCookie(adminCookieName, { path: "/" });
+        reply.clearCookie(adminRefreshCookieName, { path: "/" });
+
+        reply.send({ message: "Logged out successfully" });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // Admin authentication status route
+    fastify.get("/admin/auth/me", async (req, reply) => {
+      try {
+        const adminAuth = req.adminAuth;
+
+        // Fetch admin details from database
+        const admin = await fastify.prisma.admins.findUnique({
+          where: { id: adminAuth.id },
+          select: { id: true, firstName: true, lastName: true, email: true },
+        });
+
+        if (!admin) {
+          throw fastify.httpErrors.notFound("Admin not found");
+        }
+
+        reply.send(admin);
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    console.info("   ✅ Auth Admin Enabled");
+  }
+}

package/src/auth/portal.js

@@ -0,0 +1,280 @@
+import jwt from "@fastify/jwt";
+import bcrypt from "bcrypt";
+const isProduction = process.env.NODE_ENV === 'production';
+export async function setupAuth(fastify, options) {
+  if (options.user?.active !== false) {
+    // Ensure the user JWT secret is provided
+    if (!options.user.secret) {
+      throw new Error("User JWT secret must be provided.");
+    }
+
+    const userAuthOptions = options.user;
+    const userCookieName = userAuthOptions.cookieOptions?.name || "userToken";
+    const userRefreshCookieName =
+      userAuthOptions.cookieOptions?.refreshTokenName || "userRefreshToken";
+    const userCookieOptions = {
+      httpOnly: true,  // Ensures the cookie is not accessible via JavaScript
+      secure: isProduction,  // true in production (HTTPS), false in development (HTTP)
+      sameSite: isProduction ? 'None' : 'Lax',  // 'None' for cross-origin, 'Lax' for development
+      path: '/',  // Ensure cookies are valid for the entire site
+    };
+    const userExcludedPaths = userAuthOptions.excludedPaths || [
+      "/portal/auth/login",
+      "/portal/auth/logout",
+      "/portal/auth/register",
+    ];
+
+    // Register JWT for user
+    await fastify.register(jwt, {
+      secret: userAuthOptions.secret,
+      sign: { algorithm: 'HS256', expiresIn: userAuthOptions.expiresIn || "15m" },
+      cookie: { cookieName: userCookieName, signed: false },
+      namespace: "userJwt",
+      jwtVerify: "userJwtVerify",
+      jwtSign: "userJwtSign",
+    });
+
+    // Common function to set tokens as cookies
+    const setAuthCookies = (reply, accessToken, refreshToken) => {
+      reply.setCookie(userCookieName, accessToken, userCookieOptions);
+      reply.setCookie(userRefreshCookieName, refreshToken, {
+        // ...userCookieOptions,
+        httpOnly: true,  // Ensures the cookie is not accessible via JavaScript
+        secure: isProduction,  // true in production (HTTPS), false in development (HTTP)
+        sameSite: isProduction ? 'None' : 'Lax',  // 'None' for cross-origin, 'Lax' for development
+        path: '/',  // Ensure cookies are valid for the entire site
+      });
+    };
+
+    // User authentication hook
+    fastify.addHook("onRequest", async (request, reply) => {
+      const url = request.url;
+
+      // Skip authentication for excluded paths
+      if (userExcludedPaths.some((path) => url.startsWith(path))) {
+        return;
+      }
+
+      if (url.startsWith("/portal")) {
+        try {
+          // Extract token from cookie or Authorization header
+          const authHeader = request.headers.authorization;
+          const authToken =
+            authHeader && authHeader.startsWith("Bearer ")
+              ? authHeader.slice(7)
+              : null;
+          const token = request.cookies[userCookieName] || authToken;
+
+          if (!token) {
+            throw fastify.httpErrors.unauthorized(
+              "User access token not provided"
+            );
+          }
+
+          // Verify access token using the namespaced verify method
+          const decoded = await request.userJwtVerify(token);
+          request.userAuth = decoded; // Attach user auth context
+        } catch (err) {
+          // Use built-in HTTP error handling
+          reply.send(
+            fastify.httpErrors.unauthorized("Invalid or expired access token")
+          );
+        }
+      }
+    });
+
+    // User registration route
+    fastify.post("/portal/auth/register", async (req, reply) => {
+      try {
+        const { email, password, firstName, lastName } = req.body;
+
+        // Validate input
+        if (!email || !password || !firstName || !lastName) {
+          throw fastify.httpErrors.badRequest("Missing required fields");
+        }
+
+        // Check if user already exists
+        const existingUser = await fastify.prisma.users.findUnique({
+          where: { email },
+        });
+        if (existingUser) {
+          throw fastify.httpErrors.conflict("Email already in use");
+        }
+
+        // Hash the password
+        const hashedPassword = await bcrypt.hash(password, 10);
+
+        // Create the user
+        const user = await fastify.prisma.users.create({
+          data: {
+            email,
+            password: hashedPassword,
+            firstName,
+            lastName,
+          },
+        });
+
+        // Send welcome email
+        await fastify.sendGrid.sendEmail(email, auth?.user?.registerEmail?.subject, auth?.user?.registerEmail?.templateId, { name: firstName, email });
+
+        // Issue access token
+        const accessToken = await reply.userJwtSign({ id: user.id });
+
+        // Generate refresh token
+        const refreshToken = randomUUID();
+        const hashedRefreshToken = await bcrypt.hash(refreshToken, 10);
+
+        // Store hashed refresh token in the database
+        await fastify.prisma.users.update({
+          where: { id: user.id },
+          data: { refreshToken: hashedRefreshToken },
+        });
+
+        // Set tokens as cookies
+        setAuthCookies(reply, accessToken, refreshToken);
+
+        reply.send({ accessToken });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // User login route
+    fastify.post("/portal/auth/login", async (req, reply) => {
+      try {
+        const { email, password } = req.body;
+
+        if (!email || !password) {
+          throw fastify.httpErrors.badRequest(
+            "Email and password are required"
+          );
+        }
+
+        // Fetch user from the database
+        const user = await fastify.prisma.users.findUnique({
+          where: { email },
+        });
+        if (!user) {
+          throw fastify.httpErrors.unauthorized("Invalid credentials");
+        }
+
+        // Compare passwords using bcrypt
+        const isValidPassword = await bcrypt.compare(password, user.password);
+        if (!isValidPassword) {
+          throw fastify.httpErrors.unauthorized("Invalid credentials");
+        }
+
+        // Issue access token
+        const accessToken = await reply.userJwtSign({ id: user.id });
+
+        // Generate refresh token
+        const refreshToken = randomUUID();
+        const hashedRefreshToken = await bcrypt.hash(refreshToken, 10);
+
+        // Store hashed refresh token in the database
+        await fastify.prisma.users.update({
+          where: { id: user.id },
+          data: { refreshToken: hashedRefreshToken },
+        });
+
+        // Set tokens as cookies
+        setAuthCookies(reply, accessToken, refreshToken);
+
+        reply.send({ accessToken });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // User refresh token route
+    fastify.post("/portal/auth/refresh", async (req, reply) => {
+      try {
+        const userAuth = req.userAuth;
+        const refreshToken = req.cookies[userRefreshCookieName];
+        if (!refreshToken) {
+          throw fastify.httpErrors.unauthorized("Refresh token not provided");
+        }
+
+        // Fetch user from the database using the refresh token
+        const user = await fastify.prisma.users.findFirst({
+          where: { id: userAuth?.id, refreshToken: { not: null } },
+        });
+
+        if (!user) {
+          throw fastify.httpErrors.unauthorized("Invalid refresh token");
+        }
+
+        // Verify the refresh token
+        const isValid = await bcrypt.compare(refreshToken, user.refreshToken);
+        if (!isValid) {
+          throw fastify.httpErrors.unauthorized("Invalid refresh token");
+        }
+
+        // Issue new access token
+        const accessToken = await reply.userJwtSign({ id: user.id });
+
+        // Generate new refresh token
+        const newRefreshToken = randomUUID();
+        const hashedNewRefreshToken = await bcrypt.hash(newRefreshToken, 10);
+
+        // Update refresh token in the database
+        await fastify.prisma.users.update({
+          where: { id: user.id },
+          data: { refreshToken: hashedNewRefreshToken },
+        });
+
+        // Set new tokens as cookies
+        setAuthCookies(reply, accessToken, newRefreshToken);
+
+        reply.send({ accessToken });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // User logout route
+    fastify.post("/portal/auth/logout", async (req, reply) => {
+      try {
+        const userAuth = req.userAuth;
+        if (userAuth) {
+          // Delete refresh token from the database
+          await fastify.prisma.users.update({
+            where: { id: userAuth.id },
+            data: { refreshToken: null },
+          });
+        }
+
+        // Clear cookies
+        reply.clearCookie(userCookieName, { path: "/" });
+        reply.clearCookie(userRefreshCookieName, { path: "/" });
+
+        reply.send({ message: "Logged out successfully" });
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    // User authentication status route
+    fastify.get("/portal/auth/me", async (req, reply) => {
+      try {
+        const userAuth = req.userAuth;
+
+        // Fetch user details from database
+        const user = await fastify.prisma.users.findUnique({
+          where: { id: userAuth.id },
+          select: { id: true, email: true, firstName: true, lastName: true, ...authOptions.user.me },
+        });
+
+        if (!user) {
+          throw fastify.httpErrors.notFound("User not found");
+        }
+
+        reply.send(user);
+      } catch (err) {
+        reply.send(err);
+      }
+    });
+
+    console.info("   ✅ Auth User Enabled");
+  }
+}

package/src/integrations/cloudinary.js

@@ -0,0 +1,98 @@
+import { v2 as Cloudinary } from "cloudinary";
+
+export async function setupCloudinary(fastify, options) {
+
+  if (options.active !== false) {
+    if (
+      !options.cloudName ||
+      !options.apiKey ||
+      !options.apiSecret
+    ) {
+      throw new Error(
+        "Cloudinary cloudName, apiKey, and apiSecret must be provided."
+      );
+    }
+
+    Cloudinary.config({
+      cloud_name: options.cloudName,
+      api_key: options.apiKey,
+      api_secret: options.apiSecret,
+    },
+    );
+
+    fastify.decorate('cloudinary', {
+      upload: async (fileStream, options = {}) => {
+        return new Promise((resolve, reject) => {
+          if (options.folder) {
+            options.folder = options.folder || options.folder;
+          }
+          options.resource_type = options.resource_type || 'auto';
+          options.timestamp = Math.floor(Date.now() / 1000);  // Add timestamp to options
+          options.use_filename = options.use_filename !== undefined ? options.use_filename : true;
+          options.unique_filename = options.unique_filename !== undefined ? options.unique_filename : true;
+
+          const uploadStream = Cloudinary.uploader.upload_stream(options, (error, result) => {
+            if (error) {
+              fastify.log.error("Cloudinary upload failed:", error);
+              reject(new Error(`Failed to upload to Cloudinary: ${JSON.stringify(error)}`));
+            } else {
+              resolve(result);  // Resolve with the result from Cloudinary
+            }
+          });
+
+          fileStream.pipe(uploadStream)
+            .on('error', (streamError) => {
+              fastify.log.error("Stream error:", streamError);
+              reject(new Error(`Stream error during Cloudinary upload: ${streamError.message}`));
+            })
+            .on('end', () => {
+              fastify.log.info("Stream ended successfully.");
+            });
+        });
+      },
+
+      uploadLarge: async (fileStream, options = {}) => {
+        return new Promise((resolve, reject) => {
+          if (options.folder) {
+            options.folder = options.folder || options.folder;
+          }
+          options.resource_type = options.resource_type || 'auto';
+          options.timestamp = Math.floor(Date.now() / 1000);
+          options.use_filename = options.use_filename !== undefined ? options.use_filename : true;
+          options.unique_filename = options.unique_filename !== undefined ? options.unique_filename : true;
+          options.overwrite = options.overwrite !== undefined ? options.overwrite : false;
+
+          const uploadStream = Cloudinary.uploader.upload_stream(options, (error, result) => {
+            if (error) {
+              fastify.log.error("Cloudinary upload failed:", error);
+              reject(new Error(`Failed to upload to Cloudinary: ${JSON.stringify(error)}`));
+            } else {
+              resolve(result);
+            }
+          });
+
+          fileStream.pipe(uploadStream)
+            .on('error', (streamError) => {
+              fastify.log.error("Stream error:", streamError);
+              reject(new Error(`Stream error during Cloudinary upload: ${streamError.message}`));
+            })
+            .on('end', () => {
+              fastify.log.info("Stream ended successfully.");
+            });
+        });
+      },
+
+      delete: async (publicId) => {
+        try {
+          const response = await Cloudinary.uploader.destroy(publicId);
+          return response;
+        } catch (error) {
+          fastify.log.error("Cloudinary delete failed:", error);
+          throw new Error("Failed to delete from Cloudinary.");
+        }
+      }
+    });
+
+    console.info("   ✅ Cloudinary Enabled");
+  }
+}

package/src/integrations/geocode.js

@@ -0,0 +1,43 @@
+export async function setupGeocode(fastify, options) {
+  if (options.active !== false) {
+    if (!options.apiKey) {
+      throw new Error("Geocode API key must be provided.");
+    }
+    const geocodioEndpoint = 'https://api.geocod.io/v1.7/geocode';
+    const geocodioApiKey = options.apiKey;
+
+    fastify.decorate('geocode', {
+      // Method to get lat/long and county from a zip code
+      async getLatLongByZip(zipCode) {
+        try {
+          const url = `${geocodioEndpoint}?q=${zipCode}&fields=cd,stateleg&api_key=${geocodioApiKey}`;
+          const response = await fetch(url);
+          const result = await response.json();
+
+          if (result.results && result.results.length > 0) {
+            const location = result.results[0].location;
+            const addressComponents = result.results[0].address_components;
+
+            return {
+              zip: zipCode,
+              lat: location.lat,
+              lng: location.lng,
+              city: addressComponents.city,
+              county: addressComponents.county,
+              country: addressComponents.country,
+              state: addressComponents.state,
+              addressComponents: addressComponents
+            };
+          } else {
+            throw new Error('No results found for the provided zip code.');
+          }
+        } catch (error) {
+          fastify.log.error('Failed to fetch geolocation data:', error);
+          throw new Error('Failed to fetch geolocation data.');
+        }
+      }
+    });
+
+    console.info('   ✅ Geocodio Enabled');
+  }
+}

package/src/integrations/prisma.js

@@ -0,0 +1,30 @@
+
+import { PrismaClient } from "@prisma/client";
+export async function setupPrisma(fastify, options) {
+  if (options.active !== false) {
+    delete options.active;
+    const prisma = new PrismaClient(options);
+
+    // Connect to the database
+    await prisma.$connect();
+
+    // Decorate Fastify instance with Prisma Client
+    fastify.decorate("prisma", prisma);
+
+    // Disconnect Prisma Client when Fastify closes
+    fastify.addHook("onClose", async () => {
+      await fastify.prisma.$disconnect();
+    });
+
+    console.info("   ✅ Prisma Enabled");
+  }
+  /*
+  ===== Ensure Proper Cleanup on Server Shutdown =====
+  */
+  fastify.addHook("onClose", async () => {
+    if (fastify.prisma) {
+      await fastify.prisma.$disconnect();
+    }
+    // Add additional cleanup for other services if necessary
+  });
+}