beech-api 3.8.0 → 3.9.0-beta.9-rc

package/packages/cli/core/index.js

@@ -15,7 +15,6 @@ _app_.use(helmet());
 const cors = require("cors");
 global.endpoint = _express_.Router();
 const cookieParser = require("cookie-parser");
-const bodyParser = require("body-parser");
 const methodOverride = require("method-override");
 const expressSession = require("express-session");
 const expressValidator = require("express-validator");
@@ -27,10 +26,86 @@ const _beech_ = require(appRoot + "/beech.config.js").defineConfig;
 global._publicPath_ = _beech_.base;
 const mySqlDbConnect = require("./databases/mysql");
 const SequelizeDbConnect = require("./databases/sequelize");
-// Rate Request middleware
-const { Limiter, Duplicater } = require("./middleware/index");
-endpoint.use(Limiter);
-endpoint.use(Duplicater);
+// Set limit payload for request body & multipart/form-data (multer)
+const multer = require("multer");
+const uploadAllowMethod = _beech_?.payload?.file?.uploadAllowMethod || ["POST", "PATCH", "PUT"];
+const allowedTypes = _beech_?.payload?.file?.allowedTypes || []; // default: no allowed type
+const fileLimitSize = _beech_?.payload?.file?.limit || 5 * 1024 * 1024; // 5MB
+const uploadStrategy = multer({
+  limits: { fileSize:  fileLimitSize },
+  fileFilter: (req, file, cb) => {
+    if (allowedTypes.length === 0) {
+      cb(new Error("INVALID_FILE_TYPE_ALLOW"), false); // Allow all file types if no allowed types specified
+    } else if (allowedTypes.includes(file.mimetype)) {
+      cb(null, true);
+    } else {
+      cb(new Error("INVALID_FILE_TYPE"), false);
+    }
+  }
+}).any();
+const jsonLimitSize = _beech_?.payload.json?.limit || "100KB"; // json payload
+const urlencodedLimitSize = _beech_?.payload?.urlencoded?.limit || "100KB"; // urlencoded payload (multipart/form-data)
+const urlencodedExtended = !!(_beech_?.payload?.urlencoded?.extended ?? true);
+_app_.use(_express_.urlencoded({ limit: urlencodedLimitSize, extended: urlencodedExtended })); // application/x-www-form-urlencoded payload
+_app_.use(_express_.json({ limit: jsonLimitSize }));
+_app_.use((req, res, next) => {
+  const isUploadMethod = uploadAllowMethod.includes(req.method);
+  const isMultipart = req.headers["content-type"]?.includes("multipart/form-data");
+  // Handle file upload for allowed methods
+  if (isUploadMethod) {
+    return uploadStrategy(req, res, (err) => {
+      if (err) return next(err);
+      next();
+    });
+  }
+  // Handle method not allowed for file upload
+  if (!isUploadMethod && isMultipart) {
+    return res.status(405).json({
+      code: 405,
+      status: "METHOD_NOT_ALLOWED_FOR_UPLOAD",
+      message: _config_.main_config?.dev ? `File upload is not allowed for ${req.method} method.` : "Method Not Allowed for file upload.",
+    });
+  }
+  // next to next middleware
+  next();
+});
+_app_.use((err, req, res, next) => {
+  // Handle payload too large error for JSON and URL-encoded
+  if (err.type === "entity.too.large") {
+    const isJson = req.headers["content-type"]?.includes("application/json");
+    const limitUsed = isJson ? jsonLimitSize : urlencodedLimitSize;
+    return res.status(413).json({
+      code: 413,
+      status: "PAYLOAD_TOO_LARGE",
+      message:_config_.main_config?.dev ? `${isJson ? 'JSON' : 'Form data'} too large, Max limit is ${limitUsed}` : "Payload Too Large.",
+    });
+  }
+  if (err.message === "INVALID_FILE_TYPE_ALLOW") {
+    return res.status(400).json({
+      code: 400,
+      status: "INVALID_FILE_TYPE_ALLOW",
+      message: "Invalid file type, No file types allowed.",
+    });
+  }
+  // Handle invalid file type error from multer
+  if (err.message === "INVALID_FILE_TYPE") {
+    return res.status(400).json({
+      code: 400,
+      status: "INVALID_FILE_TYPE",
+      message: _config_.main_config?.dev ? `Invalid file type, Allowed: ${allowedTypes.join(', ')}` : "Invalid file type.",
+    });
+  }
+  // Handle multer file size limit error
+  if (err.code === "LIMIT_FILE_SIZE") {
+    return res.status(413).json({
+      code: 413,
+      status: "PAYLOAD_TOO_LARGE",
+      message: _config_.main_config?.dev ? `File size too large, Max limit is ${fileLimitSize / 1024 / 1024}MB` : "Payload Too Large.",
+    });
+  }
+  // next to general error handler
+  next(err);
+});
 // Database test
 const {
   testConnectInProcess,
@@ -57,8 +132,6 @@ _app_.use((req, res, next) => {
   });
 });
 // View engine
-_app_.use(bodyParser.json());
-_app_.use(bodyParser.urlencoded({ extended: true }));
 _app_.use(methodOverride());
 _app_.use(cookieParser());
 _app_.use(expressSession({
@@ -164,9 +237,11 @@ init = async (jsfiles) => {
     Promise.all([testConnectToDB]).then(async (x) => {
       if (x[0]) {
         await (pool_base == "basic" ? new Promise((resolve) => resolve(mySqlDbConnect.connect())) : new Promise((resolve) => resolve(SequelizeDbConnect.connect())));
-          await authPassport.init().then(async (x) => {
-            if (x[0]) {
-              throw x[0];
+          await authPassport.init().then(async (p) => {
+            if (p[0]) {
+              console.log("\n Init failed ", p[0]);
+              return;
+              //throw p[0];
             } else {
               await new Promise((resolve) => resolve(fileWalk.fileWalk(jsfiles)));
               await (pool_base == "basic" ? new Promise((resolve) => resolve()) : new Promise((resolve) => resolve(Base())));
@@ -176,6 +251,9 @@ init = async (jsfiles) => {
                 });
               });
             }
+          }).catch((err) => {
+            console.log(" Catch init failed ", err);
+            throw err;
           });
       }
     });

package/packages/cli/core/middleware/express/duplicateRequest.js

@@ -1,12 +1,16 @@
 const _beech_ = require(appRoot + "/beech.config.js");
 const { duplicateRequest } = require("express-duplicate-request");
-const nextDuplicater = (req, res, next) => {
-  next();
-};
-let configure = {
+const nextDuplicater = (req, res, next) => next();
+const defaultConfigure = {
   expiration: _beech_.defineConfig.server.duplicateRequest ? _beech_.defineConfig.server.duplicateRequest.expiration : 0,
 };
-configure = { ...configure, ..._beech_.defineConfig.server.duplicateRequest };
-const Duplicater = configure.expiration ? duplicateRequest(configure) : nextDuplicater;
+const baseConfigure = {
+  ..._beech_.defineConfig.server.duplicateRequest, // Override default configure with user configure.
+  ...defaultConfigure,
+};
+const Duplicater = (more_configure = {}) => {
+  const config = { ...baseConfigure, ...more_configure };
+  return config.expiration ? duplicateRequest(config) : nextDuplicater;
+};
 
 module.exports = { Duplicater, duplicateRequest };

package/packages/cli/core/middleware/express/jwtCheckAllow.js

@@ -1,8 +1,9 @@
 const passport = require("passport");
 
 const checkRoleMiddleware = (options) => {
-  return function (req, res, next) {
+  return (req, res, next) => {
     if(!Array.isArray(options)) {
+      // Perfectly with options is not type Array
       return next();
     } else {
       passport.authenticate("jwt", {
@@ -10,7 +11,7 @@ const checkRoleMiddleware = (options) => {
       }, (err, user, info) => {
         // error check
         if (err) {
-          console.log(err, info);
+          //console.log(err, info);
           return res.status(403).json({
             code: 403,
             status: "FORBIDDEN",
@@ -20,49 +21,66 @@ const checkRoleMiddleware = (options) => {
             },
           });
         } else {
-          let isPerfectly = true;
-          options.forEach((element, key) => {
-            let checkVal = Object.values(element).flat();
-            let checkKey = Object.keys(element);
-            if(user && user[checkKey]) {
-              if(checkVal.includes(user[checkKey])) {
-                if(options.length -1 === key) {
-                  if(isPerfectly) {
-                    // Perfectly
-                    return next();
-                  }
-                }
-              } else {
-                if(isPerfectly) {
-                  res.status(403).json({
-                    code: 403,
-                    status: "FORBIDDEN",
-                    message: "Forbidden: Insufficient role",
-                  });
-                }
-                isPerfectly = false;
-              }
+          if(!options.length) {
+            // Perfectly with no options
+            return next();
+          } else {
+            const allowed = options.some(rule => {
+              return Object.entries(rule).every(([key, condition]) => {
+                //console.log('----matchCondition(user?.[key], condition, user)-->>', matchCondition(user?.[key], condition, user));
+                return matchCondition(user?.[key], condition, user);
+              });
+            });
+            if (allowed) {
+              return next();
             } else {
-              if(isPerfectly) {
-                res.status(403).json({
-                  code: 403,
-                  status: "FORBIDDEN",
-                  message: `No ${checkKey} assigned to token.`,
-                });
-              }
-              isPerfectly = false;
+              res.status(403).json({
+                code: 403,
+                status: "FORBIDDEN",
+                message: "Forbidden: Insufficient role",
+                info: {
+                  status: "ROLE_NOT_ALLOWED",
+                  error: "Insufficient role or User token does not have sufficient role.",
+                },
+              });
             }
-          });
+          }
         }
       })(req, res, next);
     }
   }
 }
 
+const operators = {
+  $eq: (userValue, expected) => userValue === expected,
+  $ne: (userValue, expected) => userValue !== expected,
+  $in: (userValue, expected) => Array.isArray(expected) && expected.includes(userValue),
+  $not: (userValue, expected) => Array.isArray(expected) && !expected.includes(userValue),
+  $regex: (userValue, expected) =>
+    typeof userValue === 'string' && expected instanceof RegExp
+      ? expected.test(userValue)
+      : false,
+  $fn: (userValue, fn, user) => typeof fn === 'function' && fn(userValue, user),
+};
+
+const matchCondition = (userValue, condition, user) => {
+  if (typeof condition !== 'object' || condition instanceof RegExp || Array.isArray(condition)) {
+    return Array.isArray(condition)
+      ? operators.$in(userValue, condition)
+      : operators.$eq(userValue, condition);
+  }
+  // operator object
+  return Object.entries(condition).every(([op, expected]) => {
+    const handler = operators[op];
+    if (!handler) return false;
+    return handler(userValue, expected, user);
+  });
+};
+
 const checkRoleMiddlewareWithDefaultProject = (options) => {
   return function (req, res, next) {
     return checkRoleMiddleware(options)(req, res, next);
   }
 }
 
-module.exports = { checkRoleMiddleware, checkRoleMiddlewareWithDefaultProject }
+module.exports = { checkRoleMiddleware, checkRoleMiddlewareWithDefaultProject };

package/packages/cli/core/middleware/express/rateLimit.js

@@ -11,7 +11,19 @@ let configure = {
   legacyHeaders: (_beech_.defineConfig.server.rateLimit) ? (_beech_.defineConfig.server.rateLimit.legacyHeaders || false) : false,
   message: (_beech_.defineConfig.server.rateLimit) ? (_beech_.defineConfig.server.rateLimit.message || tooManyMsg) : tooManyMsg,
 };
-configure = { ...configure, ..._beech_.defineConfig.server.rateLimit };
-const Limiter = rateLimit(configure);
+configure = {
+  ..._beech_.defineConfig.server.rateLimit, // Override default configure with user configure.
+  ...configure,
+  keyGenerator: (req) => `${req.ip}:${req.params.hash}${req.params['0']}`,
+};
+const Limiter = (more_configure = {}) => {
+  const middleware = rateLimit({
+    ...configure,
+    ...more_configure,
+  });
+  return (req, res, next) => {
+    middleware(req, res, next);
+  };
+};
 
 module.exports = { Limiter, rateLimit };

package/packages/cli/core/middleware/origin/guard/advance.js

@@ -14,12 +14,13 @@ function avg(req, res, next) {
   });
   // promise all
   Promise.all([checkPassport]).then((final) => {
-    let item = final[0];
-    let passport_config = item[1];
     /**
      * item[0] : Boolean = passport file found.
-     * item[1] : Object  = passport object.
+     * item[1] : Object  = passport object. (for check on/off)
      */
+    let item = final[0];
+    let passport_config = item[1];
+    // check passport file exists ?, when not exists go to next
     if(item[0]) {
       if ((passport_config.model.guard.advanced_guard) ? passport_config.model.guard.advanced_guard.allow : false) {
         let advanced_guard_entity = req.headers[passport_config.model.guard.advanced_guard.entity || "timing"];
@@ -47,7 +48,7 @@ function avg(req, res, next) {
               message: "Bad request.",
               info: {
                 status: "BAD_VALUE",
-                message: "Bad with wrong Advance guard."
+                message: "Bad with wrong Advance guard key."
               },
             });
           }

package/packages/cli/core/services/http.express.js

@@ -3,8 +3,7 @@ const fs = require("fs");
 const passport_config_file = "/passport.config.js";
 const auth = require("../auth/Credentials");
 const { TwoFactor } = require("../helpers/2fa");
-const { avgDeHashIt } = require(__dirname + "/../helpers/math");
-const moment = require("moment");
+const { Limiter, Duplicater } = require("../middleware");
 
 module.exports = {
   expressStart() {
@@ -144,7 +143,7 @@ module.exports = {
                   // declare authentication endpoint name with publicPath
                   let auth_endpoint = (passport_config.auth_endpoint) ? (passport_config.auth_endpoint[ 0 ] === "/" ? passport_config.auth_endpoint : "/" + passport_config.auth_endpoint) : "/authentication";
                   // authentication endpoints
-                  endpoint.post(auth_endpoint, auth.credentialsGuard, (req, res, next) => {
+                  endpoint.post(auth_endpoint, Duplicater(), Limiter(), auth.credentialsGuard, (req, res, next) => {
                     passport.authenticate('local', { session: false }, (err, user, opt) => {
                       if (err) {
                         res.status(502).json({ code: 502, status: "BAD_GATEWAY", message: String(err) });
@@ -196,8 +195,49 @@ module.exports = {
                       }
                     })(req, res, next);
                   });
+                  // refresh token endpoints
+                  endpoint.post(auth_endpoint + '/refresh', Duplicater(), Limiter(), auth.credentials, (req, res) => {
+                    const refreshToken = req.headers.authorization.split("Bearer ")[1] || null;
+                    if (!refreshToken) {
+                      return res.status(400).json({
+                        code: 400,
+                        status: "BAD_REQUEST",
+                        message: "Bad request.",
+                        info: {
+                          status: "BAD_ENTITY",
+                          message: "Refresh token is required.",
+                        }
+                      });
+                    } else {
+                      jwt.verify(refreshToken, passport_config.secret, (err, user) => {
+                        if (err) {
+                          return res.status(401).json({
+                            code: 401,
+                            status: "UNAUTHORIZED",
+                            message: "Unauthorized user.",
+                            info: {
+                              status: "TOKEN_INVALID_ERR",
+                              message: "Invalid refresh token.",
+                            }
+                          });
+                        } else {
+                          delete user.iat;
+                          delete user.exp;
+                          const newAccessToken = jwt.sign(user, passport_config.secret, {
+                            expiresIn: passport_config.token_expired
+                          });
+                          res.status(200).json({
+                            code: 200,
+                            status: "TOKEN_REFRESHED",
+                            user: user,
+                            accessToken: newAccessToken,
+                          });
+                        }
+                      });
+                    }
+                  });
                   // create auth data endpoints
-                  endpoint.post(auth_endpoint + '/create', auth.credentialsGuard, (req, res) => {
+                  endpoint.post(auth_endpoint + '/create', Duplicater(), Limiter(), auth.credentialsGuard, (req, res) => {
                     const promise = new Promise((resolve) => {
                       /**
                        * 
@@ -251,7 +291,7 @@ module.exports = {
                     });
                   });
                   // patch auth data endpoints
-                  endpoint.patch(auth_endpoint + '/update/:id', auth.credentials, (req, res) => {
+                  endpoint.patch(auth_endpoint + '/update/:id', Duplicater(), Limiter(), auth.credentials, (req, res) => {
                     const promise = new Promise((resolve) => {
                       if (passport_config.app_key_allow) {
                         if (req.headers.app_key) {
@@ -305,7 +345,7 @@ module.exports = {
                    *  
                    */
                   if (passport_config.strategy.google.allow) {
-                    endpoint.get(auth_endpoint + '/google', passport.authenticate('google', {
+                    endpoint.get(auth_endpoint + '/google', Limiter(), passport.authenticate('google', {
                       scope: [
                         'https://www.googleapis.com/auth/userinfo.email',
                         'https://www.googleapis.com/auth/plus.login'
@@ -313,7 +353,7 @@ module.exports = {
                     }));
                     // google auth callback
                     const googleCallback = (passport_config.strategy.google.callbackURL) ? (passport_config.strategy.google.callbackURL[ 0 ] === "/" ? passport_config.strategy.google.callbackURL : "/" + passport_config.strategy.google.callbackURL) : "/google/callback";
-                    endpoint.get(auth_endpoint + googleCallback, passport.authenticate('google', { failureRedirect: passport_config.strategy.google.failureRedirect, failureMessage: true }), (req, res) => {
+                    endpoint.get(auth_endpoint + googleCallback, Limiter(), passport.authenticate('google', { failureRedirect: passport_config.strategy.google.failureRedirect, failureMessage: true }), (req, res) => {
                       if (typeof req.user.user !== 'undefined') {
                         // declare user for sign JWT
                         let user = JSON.parse(JSON.stringify(req.user.user));
@@ -362,10 +402,10 @@ module.exports = {
                    * 
                    */
                   if (passport_config.strategy.facebook.allow) {
-                    endpoint.get(auth_endpoint + '/facebook', passport.authenticate('facebook', { scope: [ 'email', 'public_profile' ] }));
+                    endpoint.get(auth_endpoint + '/facebook', Limiter(), passport.authenticate('facebook', { scope: [ 'email', 'public_profile' ] }));
                     // facebook callback
                     const facebookCallback = (passport_config.strategy.facebook.callbackURL) ? (passport_config.strategy.facebook.callbackURL[ 0 ] === "/" ? passport_config.strategy.facebook.callbackURL : "/" + passport_config.strategy.facebook.callbackURL) : "/facebook/callback";
-                    endpoint.get(auth_endpoint + facebookCallback, passport.authenticate('facebook', { failureRedirect: passport_config.strategy.facebook.failureRedirect, failureMessage: true }), (req, res) => {
+                    endpoint.get(auth_endpoint + facebookCallback, Limiter(), passport.authenticate('facebook', { failureRedirect: passport_config.strategy.facebook.failureRedirect, failureMessage: true }), (req, res) => {
                       if (typeof req.user.user !== 'undefined') {
                         // declare user for sign JWT
                         let user = JSON.parse(JSON.stringify(req.user.user));

package/packages/cli/core/test/check-node.js

@@ -0,0 +1,21 @@
+const current = process.versions.node;
+
+const required = {
+  min16: "16.20.0",
+  min22: "22.18.0",
+};
+
+const semver = (a, b) => {
+  const pa = a.split(".").map(Number);
+  const pb = b.split(".").map(Number);
+  for (let i = 0; i < 3; i++) {
+    if (pa[i] > pb[i]) return 1;
+    if (pa[i] < pb[i]) return -1;
+  }
+  return 0;
+};
+
+if (semver(current, required.min16) < 0 && semver(current, required.min22) < 0) {
+  console.error(`\n❌ You are using Node.js ${current}.\n` + `Beech requires Node.js version ${required.min16}+ or ${required.min22}+.\n` + `Please upgrade your Node.js version.\n`);
+  process.exit(1);
+}