@zakyyudha/node-authzkit 1.0.0

package/src/dashboard/web/tsconfig.app.json

@@ -0,0 +1,28 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
+    "target": "ES2022",
+    "useDefineForClassFields": true,
+    "lib": ["ES2022", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "types": ["vite/client"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["src"]
+}

package/src/dashboard/web/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" }
+  ]
+}

package/src/dashboard/web/tsconfig.node.json

@@ -0,0 +1,26 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "target": "ES2023",
+    "lib": ["ES2023"],
+    "module": "ESNext",
+    "types": ["node"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["vite.config.ts"]
+}

package/src/dashboard/web/vite.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from 'vite';
+import react from '@vitejs/plugin-react';
+
+// https://vite.dev/config/
+export default defineConfig({
+  plugins: [react()],
+  base: './', // Ensure relative paths for assets
+});

package/src/drivers/mongodb/mongo-connection.ts

@@ -0,0 +1,98 @@
+import { MongoClient, Db } from 'mongodb';
+import { IAuthzkitConfig } from '../../interfaces/IAuthzkitConfig';
+
+export class MongoConnection {
+  private static instance: MongoConnection | null = null;
+  private client: MongoClient | null = null;
+  private db: Db | null = null;
+  private config: IAuthzkitConfig;
+
+  private constructor(config: IAuthzkitConfig) {
+    this.config = config;
+  }
+
+  public static getInstance(config: IAuthzkitConfig, client?: MongoClient): MongoConnection {
+    // If an existing instance exists and same URI/DB, return it.
+    if (
+      MongoConnection.instance &&
+      MongoConnection.instance.config.connection.uri === config.connection.uri &&
+      MongoConnection.instance.config.connection.database === config.connection.database &&
+      !client
+    ) {
+      return MongoConnection.instance;
+    }
+
+    // Create a new instance
+    MongoConnection.instance = new MongoConnection(config);
+    if (client) {
+      MongoConnection.instance.client = client;
+      if (config.connection.database) {
+        MongoConnection.instance.db = client.db(config.connection.database);
+      }
+    }
+    return MongoConnection.instance;
+  }
+
+  public async connect(): Promise<void> {
+    const dbName = this.config.connection.database;
+    if (!dbName) {
+      throw new Error('Database name not provided in configuration.');
+    }
+
+    // If client is already set (e.g., from mongodb-memory-server), just ensure db is set
+    if (this.client) {
+      // Assuming client options might not directly expose dbName in a standard way across versions,
+      // relying on the configured dbName.
+      if (!this.db) {
+        this.db = this.client.db(dbName);
+      }
+      console.log('MongoDB client already provided/connected.');
+      return;
+    }
+
+    if (!this.config.connection.uri) {
+      throw new Error('MongoDB URI not provided in configuration.');
+    }
+
+    try {
+      this.client = await MongoClient.connect(this.config.connection.uri);
+      this.db = this.client.db(dbName);
+      console.log('Connected to MongoDB successfully.');
+    } catch (error) {
+      console.error('Failed to connect to MongoDB', error);
+      throw error;
+    }
+  }
+
+  public async disconnect(): Promise<void> {
+    if (this.client) {
+      await this.client.close();
+      this.client = null;
+      this.db = null;
+      console.log('Disconnected from MongoDB.');
+    }
+  }
+
+  public getDb(): Db {
+    if (!this.db) {
+      throw new Error('Database not connected. Call connect() first.');
+    }
+    return this.db;
+  }
+
+  public getConfig(): IAuthzkitConfig {
+    return this.config;
+  }
+
+  public getCollectionName(name: keyof NonNullable<IAuthzkitConfig['models']>): string {
+    const models = this.config.models || {};
+    const defaults: Record<string, string> = {
+      users: 'users',
+      roles: 'roles',
+      permissions: 'permissions',
+      user_roles: 'user_roles',
+      user_permissions: 'user_permissions',
+    };
+    return models[name] || defaults[name] || name;
+  }
+}

package/src/drivers/postgres/pg-connection.ts

@@ -0,0 +1,159 @@
+import { Pool, QueryResult, Client as PgClient } from 'pg';
+import { IMemoryDb } from 'pg-mem';
+import { IAuthzkitConfig } from '../../interfaces/IAuthzkitConfig';
+
+export class PgConnection {
+  private static instance: PgConnection | null = null;
+  private poolOrClient: Pool | PgClient | null = null;
+  private config: IAuthzkitConfig;
+
+  private constructor(config: IAuthzkitConfig) {
+    this.config = config;
+  }
+
+  public static getInstance(config: IAuthzkitConfig, inMemoryDb?: IMemoryDb): PgConnection {
+    // Check if instance exists and config matches (simplified)
+    if (
+      PgConnection.instance &&
+      PgConnection.instance.config.connection.uri === config.connection.uri &&
+      !inMemoryDb
+    ) {
+      return PgConnection.instance;
+    }
+
+    const instance = new PgConnection(config);
+    if (inMemoryDb) {
+      // Use pg-mem's adapter
+      instance.poolOrClient = new (inMemoryDb.adapters.createPg().Client)() as PgClient;
+    }
+    PgConnection.instance = instance;
+    return PgConnection.instance;
+  }
+
+  public async connect(): Promise<void> {
+    if (
+      this.poolOrClient &&
+      (this.poolOrClient instanceof Pool || this.poolOrClient instanceof PgClient)
+    ) {
+      console.log('Already connected to PostgreSQL.');
+      return;
+    }
+    if (this.poolOrClient) {
+      console.log('In-memory PostgreSQL client already provided.');
+      return;
+    }
+
+    try {
+      // Create pool using config
+      const poolConfig: any = {};
+      if (this.config.connection.uri) {
+        poolConfig.connectionString = this.config.connection.uri;
+      } else {
+        poolConfig.host = this.config.connection.host;
+        poolConfig.port = this.config.connection.port;
+        poolConfig.user = this.config.connection.user;
+        poolConfig.password = this.config.connection.password;
+        poolConfig.database = this.config.connection.database;
+      }
+
+      this.poolOrClient = new Pool(poolConfig);
+      await (this.poolOrClient as Pool).query('SELECT 1');
+      console.log('Connected to PostgreSQL successfully.');
+    } catch (error) {
+      console.error('Failed to connect to PostgreSQL', error);
+      throw error;
+    }
+  }
+
+  public async disconnect(): Promise<void> {
+    if (this.poolOrClient && this.poolOrClient instanceof Pool) {
+      await this.poolOrClient.end();
+      this.poolOrClient = null;
+      console.log('Disconnected from PostgreSQL.');
+    } else if (this.poolOrClient) {
+      console.log('In-memory PostgreSQL instance, no explicit disconnect needed for pool.');
+      this.poolOrClient = null;
+    }
+  }
+
+  public async query(text: string, params?: any[]): Promise<QueryResult> {
+    if (!this.poolOrClient) {
+      throw new Error('Database not connected. Call connect() first.');
+    }
+    return (this.poolOrClient as Pool | PgClient).query(text, params);
+  }
+
+  public getTableName(name: keyof NonNullable<IAuthzkitConfig['models']>): string {
+    const models = this.config.models || {};
+    const defaults: Record<string, string> = {
+      users: 'users',
+      roles: 'roles',
+      permissions: 'permissions',
+      user_roles: 'user_roles',
+      user_permissions: 'user_permissions',
+    };
+    return models[name] || defaults[name] || name;
+  }
+
+  public async initSchema(): Promise<void> {
+    const permissionsTable = this.getTableName('permissions');
+    const rolesTable = this.getTableName('roles');
+    const userRolesTable = this.getTableName('user_roles');
+    const userPermissionsTable = this.getTableName('user_permissions');
+
+    await this.query(`
+      CREATE TABLE IF NOT EXISTS ${permissionsTable} (
+        name VARCHAR(255) PRIMARY KEY,
+        guard_name VARCHAR(255)
+      );
+    `);
+    await this.query(`
+      CREATE TABLE IF NOT EXISTS ${rolesTable} (
+        name VARCHAR(255) PRIMARY KEY,
+        guard_name VARCHAR(255),
+        permissions TEXT[] DEFAULT '{}'
+      );
+    `);
+    await this.query(`
+      CREATE TABLE IF NOT EXISTS ${userRolesTable} (
+        user_id VARCHAR(255) NOT NULL,
+        role_name VARCHAR(255) REFERENCES ${rolesTable}(name) ON DELETE CASCADE,
+        PRIMARY KEY (user_id, role_name)
+      );
+    `);
+    await this.query(`
+      CREATE TABLE IF NOT EXISTS ${userPermissionsTable} (
+        user_id VARCHAR(255) NOT NULL,
+        permission_name VARCHAR(255) REFERENCES ${permissionsTable}(name) ON DELETE CASCADE,
+        PRIMARY KEY (user_id, permission_name)
+      );
+    `);
+    console.log('PostgreSQL schema initialized.');
+  }
+
+  public async truncateTables(): Promise<void> {
+    const permissionsTable = this.getTableName('permissions');
+    const rolesTable = this.getTableName('roles');
+    const userRolesTable = this.getTableName('user_roles');
+    const userPermissionsTable = this.getTableName('user_permissions');
+
+    await this.query(`TRUNCATE TABLE ${userPermissionsTable} CASCADE;`);
+    await this.query(`TRUNCATE TABLE ${userRolesTable} CASCADE;`);
+    await this.query(`TRUNCATE TABLE ${rolesTable} CASCADE;`);
+    await this.query(`TRUNCATE TABLE ${permissionsTable} CASCADE;`);
+    console.log('PostgreSQL tables truncated.');
+  }
+
+  public async dropSchema(): Promise<void> {
+    const permissionsTable = this.getTableName('permissions');
+    const rolesTable = this.getTableName('roles');
+    const userRolesTable = this.getTableName('user_roles');
+    const userPermissionsTable = this.getTableName('user_permissions');
+
+    await this.query(`DROP TABLE IF EXISTS ${userPermissionsTable} CASCADE;`);
+    await this.query(`DROP TABLE IF EXISTS ${userRolesTable} CASCADE;`);
+    await this.query(`DROP TABLE IF EXISTS ${rolesTable} CASCADE;`);
+    await this.query(`DROP TABLE IF EXISTS ${permissionsTable} CASCADE;`);
+    console.log('PostgreSQL schema dropped.');
+  }
+}

package/src/index.ts

@@ -0,0 +1,19 @@
+export { Authzkit } from './classes/Authzkit';
+export { Authorizable } from './interfaces/Authorizable';
+export { Permission } from './interfaces/Permission';
+export { Role } from './interfaces/Role';
+export { MongoConnection } from './drivers/mongodb/mongo-connection';
+export * from './interfaces/Authorizable';
+export * from './interfaces/Permission';
+export * from './interfaces/Role';
+export * from './interfaces/IAuthzkitConfig';
+export * from './stores/IAuthzkitStore';
+export * from './stores/InMemoryAuthzkitStore';
+export * from './stores/MongoAuthzkitStore';
+export * from './stores/PgAuthzkitStore';
+export * from './classes/Authzkit';
+export * from './drivers/mongodb/mongo-connection';
+export * from './drivers/postgres/pg-connection';
+export * from './middleware/authzMiddleware';
+export * from './dashboard/router';
+export * from './utils/envConfig';

package/src/interfaces/Authorizable.ts

@@ -0,0 +1,8 @@
+import { Role } from './Role';
+import { Permission } from './Permission';
+
+export interface Authorizable {
+  id: string | number;
+  roles: Role[];
+  permissions: Permission[];
+}

package/src/interfaces/IAuthzkitConfig.ts

@@ -0,0 +1,19 @@
+export interface IAuthzkitConfig {
+  connection: {
+    type: 'mongodb' | 'postgres' | 'memory';
+    uri?: string; // For MongoDB and Postgres
+    database?: string; // For MongoDB
+    // Postgres specific
+    host?: string;
+    port?: number;
+    user?: string;
+    password?: string;
+  };
+  models?: {
+    users?: string; // Table/Collection name for users (default: 'users')
+    roles?: string; // Table/Collection name for roles (default: 'roles')
+    permissions?: string; // Table/Collection name for permissions (default: 'permissions')
+    user_roles?: string; // Table/Collection name for user-role relation (default: 'user_roles')
+    user_permissions?: string; // Table/Collection name for user-permission relation (default: 'user_permissions')
+  };
+}

package/src/interfaces/Permission.ts

@@ -0,0 +1,4 @@
+export interface Permission {
+  name: string;
+  guard_name?: string;
+}

package/src/interfaces/Role.ts

@@ -0,0 +1,5 @@
+export interface Role {
+  name: string;
+  guard_name?: string;
+  permissions: string[]; // Names of permissions
+}

package/src/middleware/authzMiddleware.ts

@@ -0,0 +1,60 @@
+import { Request, Response, NextFunction } from 'express';
+import { Authzkit } from '../classes/Authzkit';
+import { Authorizable } from '../interfaces/Authorizable';
+
+// Extend the Express Request type to include a user property
+declare module 'express' {
+  interface Request {
+    user?: Authorizable;
+  }
+}
+
+/**
+ * Express middleware for role-based or permission-based authorization.
+ * Expects `req.user` to be an object conforming to `Authorizable` interface.
+ *
+ * @param requiredPermissionsAndRoles A single string or an array of strings representing
+ *                                    the required roles or permissions.
+ *                                    If multiple are provided, the user needs to have AT LEAST ONE of them.
+ * @returns An Express middleware function.
+ */
+export const authorize = (requiredPermissionsAndRoles: string | string[]) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      const authzkit = Authzkit.getInstance(); // Get the singleton instance
+
+      const user = req.user;
+
+      if (!user) {
+        return res.status(401).send('Authentication required.');
+      }
+
+      const requirements = Array.isArray(requiredPermissionsAndRoles)
+        ? requiredPermissionsAndRoles
+        : [requiredPermissionsAndRoles];
+
+      // Check if the user has at least one of the required roles or permissions
+      let hasAccess = false;
+      for (const requirement of requirements) {
+        // First, check if it's a role
+        if (await authzkit.hasRole(user, requirement)) {
+          hasAccess = true;
+          break;
+        }
+        // If not a role, check if it's a permission
+        if (await authzkit.hasPermission(user, requirement)) {
+          hasAccess = true;
+          break;
+        }
+      }
+
+      if (hasAccess) {
+        next();
+      } else {
+        res.status(403).send('Forbidden: Insufficient permissions.');
+      }
+    } catch (error) {
+      next(error);
+    }
+  };
+};

package/src/stores/IAuthzkitStore.ts

@@ -0,0 +1,33 @@
+import { Permission } from '../interfaces/Permission';
+import { Role } from '../interfaces/Role';
+
+export interface IAuthzkitStore {
+  // Permissions
+  getPermission(name: string): Promise<Permission | undefined>;
+  getPermissions(): Promise<Permission[]>; // Added for dashboard
+  setPermission(permission: Permission): Promise<void>;
+  hasPermission(name: string): Promise<boolean>;
+  deletePermission(name: string): Promise<void>;
+
+  // Roles
+  getRole(name: string): Promise<Role | undefined>;
+  getRoles(): Promise<Role[]>; // Added for dashboard
+  setRole(role: Role): Promise<void>;
+  hasRole(name: string): Promise<boolean>;
+  deleteRole(name: string): Promise<void>;
+
+  // User Roles
+  getUserRoles(userId: string | number): Promise<Set<string>>;
+  addUserRole(userId: string | number, roleName: string): Promise<void>;
+  removeUserRole(userId: string | number, roleName: string): Promise<void>;
+  hasUserRole(userId: string | number, roleName: string): Promise<boolean>;
+
+  // User Permissions
+  getUserPermissions(userId: string | number): Promise<Set<string>>;
+  addUserPermission(userId: string | number, permissionName: string): Promise<void>;
+  removeUserPermission(userId: string | number, permissionName: string): Promise<void>;
+  hasUserPermission(userId: string | number, permissionName: string): Promise<boolean>;
+
+  // Reset
+  reset(): Promise<void>;
+}

package/src/stores/InMemoryAuthzkitStore.ts

@@ -0,0 +1,101 @@
+import { IAuthzkitStore } from './IAuthzkitStore';
+import { Permission } from '../interfaces/Permission';
+import { Role } from '../interfaces/Role';
+
+export class InMemoryAuthzkitStore implements IAuthzkitStore {
+  private permissions: Map<string, Permission> = new Map();
+  private roles: Map<string, Role> = new Map();
+  private userRoles: Map<string | number, Set<string>> = new Map();
+  private userPermissions: Map<string | number, Set<string>> = new Map();
+
+  async getPermission(name: string): Promise<Permission | undefined> {
+    return this.permissions.get(name);
+  }
+
+  async getPermissions(): Promise<Permission[]> {
+    return Array.from(this.permissions.values());
+  }
+
+  async setPermission(permission: Permission): Promise<void> {
+    this.permissions.set(permission.name, permission);
+  }
+
+  async hasPermission(name: string): Promise<boolean> {
+    return this.permissions.has(name);
+  }
+
+  async deletePermission(name: string): Promise<void> {
+    this.permissions.delete(name);
+  }
+
+  async getRole(name: string): Promise<Role | undefined> {
+    return this.roles.get(name);
+  }
+
+  async getRoles(): Promise<Role[]> {
+    return Array.from(this.roles.values());
+  }
+
+  async setRole(role: Role): Promise<void> {
+    this.roles.set(role.name, role);
+  }
+
+  async hasRole(name: string): Promise<boolean> {
+    return this.roles.has(name);
+  }
+
+  async deleteRole(name: string): Promise<void> {
+    this.roles.delete(name);
+  }
+
+  async getUserRoles(userId: string | number): Promise<Set<string>> {
+    if (!this.userRoles.has(userId)) {
+      this.userRoles.set(userId, new Set());
+    }
+    return this.userRoles.get(userId)!;
+  }
+
+  async addUserRole(userId: string | number, roleName: string): Promise<void> {
+    (await this.getUserRoles(userId)).add(roleName);
+  }
+
+  async removeUserRole(userId: string | number, roleName: string): Promise<void> {
+    (await this.getUserRoles(userId)).delete(roleName);
+    if ((await this.getUserRoles(userId)).size === 0) {
+      this.userRoles.delete(userId);
+    }
+  }
+
+  async hasUserRole(userId: string | number, roleName: string): Promise<boolean> {
+    return (await this.getUserRoles(userId)).has(roleName);
+  }
+
+  async getUserPermissions(userId: string | number): Promise<Set<string>> {
+    if (!this.userPermissions.has(userId)) {
+      this.userPermissions.set(userId, new Set());
+    }
+    return this.userPermissions.get(userId)!;
+  }
+
+  async addUserPermission(userId: string | number, permissionName: string): Promise<void> {
+    (await this.getUserPermissions(userId)).add(permissionName);
+  }
+
+  async removeUserPermission(userId: string | number, permissionName: string): Promise<void> {
+    (await this.getUserPermissions(userId)).delete(permissionName);
+    if ((await this.getUserPermissions(userId)).size === 0) {
+      this.userPermissions.delete(userId);
+    }
+  }
+
+  async hasUserPermission(userId: string | number, permissionName: string): Promise<boolean> {
+    return (await this.getUserPermissions(userId)).has(permissionName);
+  }
+
+  async reset(): Promise<void> {
+    this.permissions.clear();
+    this.roles.clear();
+    this.userRoles.clear();
+    this.userPermissions.clear();
+  }
+}