beech-api 3.9.0-beta.8-rc → 3.9.0-beta.9-rc

package/packages/cli/core/index.js

@@ -15,7 +15,6 @@ _app_.use(helmet());
 const cors = require("cors");
 global.endpoint = _express_.Router();
 const cookieParser = require("cookie-parser");
-const bodyParser = require("body-parser");
 const methodOverride = require("method-override");
 const expressSession = require("express-session");
 const expressValidator = require("express-validator");
@@ -27,10 +26,86 @@ const _beech_ = require(appRoot + "/beech.config.js").defineConfig;
 global._publicPath_ = _beech_.base;
 const mySqlDbConnect = require("./databases/mysql");
 const SequelizeDbConnect = require("./databases/sequelize");
-// Rate Request middleware
-const { Limiter, Duplicater } = require("./middleware/index");
-endpoint.use(Limiter);
-endpoint.use(Duplicater);
+// Set limit payload for request body & multipart/form-data (multer)
+const multer = require("multer");
+const uploadAllowMethod = _beech_?.payload?.file?.uploadAllowMethod || ["POST", "PATCH", "PUT"];
+const allowedTypes = _beech_?.payload?.file?.allowedTypes || []; // default: no allowed type
+const fileLimitSize = _beech_?.payload?.file?.limit || 5 * 1024 * 1024; // 5MB
+const uploadStrategy = multer({
+  limits: { fileSize:  fileLimitSize },
+  fileFilter: (req, file, cb) => {
+    if (allowedTypes.length === 0) {
+      cb(new Error("INVALID_FILE_TYPE_ALLOW"), false); // Allow all file types if no allowed types specified
+    } else if (allowedTypes.includes(file.mimetype)) {
+      cb(null, true);
+    } else {
+      cb(new Error("INVALID_FILE_TYPE"), false);
+    }
+  }
+}).any();
+const jsonLimitSize = _beech_?.payload.json?.limit || "100KB"; // json payload
+const urlencodedLimitSize = _beech_?.payload?.urlencoded?.limit || "100KB"; // urlencoded payload (multipart/form-data)
+const urlencodedExtended = !!(_beech_?.payload?.urlencoded?.extended ?? true);
+_app_.use(_express_.urlencoded({ limit: urlencodedLimitSize, extended: urlencodedExtended })); // application/x-www-form-urlencoded payload
+_app_.use(_express_.json({ limit: jsonLimitSize }));
+_app_.use((req, res, next) => {
+  const isUploadMethod = uploadAllowMethod.includes(req.method);
+  const isMultipart = req.headers["content-type"]?.includes("multipart/form-data");
+  // Handle file upload for allowed methods
+  if (isUploadMethod) {
+    return uploadStrategy(req, res, (err) => {
+      if (err) return next(err);
+      next();
+    });
+  }
+  // Handle method not allowed for file upload
+  if (!isUploadMethod && isMultipart) {
+    return res.status(405).json({
+      code: 405,
+      status: "METHOD_NOT_ALLOWED_FOR_UPLOAD",
+      message: _config_.main_config?.dev ? `File upload is not allowed for ${req.method} method.` : "Method Not Allowed for file upload.",
+    });
+  }
+  // next to next middleware
+  next();
+});
+_app_.use((err, req, res, next) => {
+  // Handle payload too large error for JSON and URL-encoded
+  if (err.type === "entity.too.large") {
+    const isJson = req.headers["content-type"]?.includes("application/json");
+    const limitUsed = isJson ? jsonLimitSize : urlencodedLimitSize;
+    return res.status(413).json({
+      code: 413,
+      status: "PAYLOAD_TOO_LARGE",
+      message:_config_.main_config?.dev ? `${isJson ? 'JSON' : 'Form data'} too large, Max limit is ${limitUsed}` : "Payload Too Large.",
+    });
+  }
+  if (err.message === "INVALID_FILE_TYPE_ALLOW") {
+    return res.status(400).json({
+      code: 400,
+      status: "INVALID_FILE_TYPE_ALLOW",
+      message: "Invalid file type, No file types allowed.",
+    });
+  }
+  // Handle invalid file type error from multer
+  if (err.message === "INVALID_FILE_TYPE") {
+    return res.status(400).json({
+      code: 400,
+      status: "INVALID_FILE_TYPE",
+      message: _config_.main_config?.dev ? `Invalid file type, Allowed: ${allowedTypes.join(', ')}` : "Invalid file type.",
+    });
+  }
+  // Handle multer file size limit error
+  if (err.code === "LIMIT_FILE_SIZE") {
+    return res.status(413).json({
+      code: 413,
+      status: "PAYLOAD_TOO_LARGE",
+      message: _config_.main_config?.dev ? `File size too large, Max limit is ${fileLimitSize / 1024 / 1024}MB` : "Payload Too Large.",
+    });
+  }
+  // next to general error handler
+  next(err);
+});
 // Database test
 const {
   testConnectInProcess,
@@ -57,8 +132,6 @@ _app_.use((req, res, next) => {
   });
 });
 // View engine
-_app_.use(bodyParser.json());
-_app_.use(bodyParser.urlencoded({ extended: true }));
 _app_.use(methodOverride());
 _app_.use(cookieParser());
 _app_.use(expressSession({

package/packages/cli/core/middleware/express/duplicateRequest.js

@@ -1,12 +1,16 @@
 const _beech_ = require(appRoot + "/beech.config.js");
 const { duplicateRequest } = require("express-duplicate-request");
-const nextDuplicater = (req, res, next) => {
-  next();
-};
-let configure = {
+const nextDuplicater = (req, res, next) => next();
+const defaultConfigure = {
   expiration: _beech_.defineConfig.server.duplicateRequest ? _beech_.defineConfig.server.duplicateRequest.expiration : 0,
 };
-configure = { ...configure, ..._beech_.defineConfig.server.duplicateRequest };
-const Duplicater = configure.expiration ? duplicateRequest(configure) : nextDuplicater;
+const baseConfigure = {
+  ..._beech_.defineConfig.server.duplicateRequest, // Override default configure with user configure.
+  ...defaultConfigure,
+};
+const Duplicater = (more_configure = {}) => {
+  const config = { ...baseConfigure, ...more_configure };
+  return config.expiration ? duplicateRequest(config) : nextDuplicater;
+};
 
 module.exports = { Duplicater, duplicateRequest };

package/packages/cli/core/middleware/express/jwtCheckAllow.js

@@ -26,9 +26,10 @@ const checkRoleMiddleware = (options) => {
             return next();
           } else {
             const allowed = options.some(rule => {
-              Object.entries(rule).every(([key, condition]) => {
+              return Object.entries(rule).every(([key, condition]) => {
+                //console.log('----matchCondition(user?.[key], condition, user)-->>', matchCondition(user?.[key], condition, user));
                 return matchCondition(user?.[key], condition, user);
-              })
+              });
             });
             if (allowed) {
               return next();
@@ -63,7 +64,6 @@ const operators = {
 };
 
 const matchCondition = (userValue, condition, user) => {
-  // primitive -> eq
   if (typeof condition !== 'object' || condition instanceof RegExp || Array.isArray(condition)) {
     return Array.isArray(condition)
       ? operators.$in(userValue, condition)

package/packages/cli/core/middleware/express/rateLimit.js

@@ -11,7 +11,19 @@ let configure = {
   legacyHeaders: (_beech_.defineConfig.server.rateLimit) ? (_beech_.defineConfig.server.rateLimit.legacyHeaders || false) : false,
   message: (_beech_.defineConfig.server.rateLimit) ? (_beech_.defineConfig.server.rateLimit.message || tooManyMsg) : tooManyMsg,
 };
-configure = { ...configure, ..._beech_.defineConfig.server.rateLimit };
-const Limiter = rateLimit(configure);
+configure = {
+  ..._beech_.defineConfig.server.rateLimit, // Override default configure with user configure.
+  ...configure,
+  keyGenerator: (req) => `${req.ip}:${req.params.hash}${req.params['0']}`,
+};
+const Limiter = (more_configure = {}) => {
+  const middleware = rateLimit({
+    ...configure,
+    ...more_configure,
+  });
+  return (req, res, next) => {
+    middleware(req, res, next);
+  };
+};
 
 module.exports = { Limiter, rateLimit };

package/packages/cli/core/services/http.express.js

@@ -3,6 +3,7 @@ const fs = require("fs");
 const passport_config_file = "/passport.config.js";
 const auth = require("../auth/Credentials");
 const { TwoFactor } = require("../helpers/2fa");
+const { Limiter, Duplicater } = require("../middleware");
 
 module.exports = {
   expressStart() {
@@ -142,7 +143,7 @@ module.exports = {
                   // declare authentication endpoint name with publicPath
                   let auth_endpoint = (passport_config.auth_endpoint) ? (passport_config.auth_endpoint[ 0 ] === "/" ? passport_config.auth_endpoint : "/" + passport_config.auth_endpoint) : "/authentication";
                   // authentication endpoints
-                  endpoint.post(auth_endpoint, auth.credentialsGuard, (req, res, next) => {
+                  endpoint.post(auth_endpoint, Duplicater(), Limiter(), auth.credentialsGuard, (req, res, next) => {
                     passport.authenticate('local', { session: false }, (err, user, opt) => {
                       if (err) {
                         res.status(502).json({ code: 502, status: "BAD_GATEWAY", message: String(err) });
@@ -194,8 +195,49 @@ module.exports = {
                       }
                     })(req, res, next);
                   });
+                  // refresh token endpoints
+                  endpoint.post(auth_endpoint + '/refresh', Duplicater(), Limiter(), auth.credentials, (req, res) => {
+                    const refreshToken = req.headers.authorization.split("Bearer ")[1] || null;
+                    if (!refreshToken) {
+                      return res.status(400).json({
+                        code: 400,
+                        status: "BAD_REQUEST",
+                        message: "Bad request.",
+                        info: {
+                          status: "BAD_ENTITY",
+                          message: "Refresh token is required.",
+                        }
+                      });
+                    } else {
+                      jwt.verify(refreshToken, passport_config.secret, (err, user) => {
+                        if (err) {
+                          return res.status(401).json({
+                            code: 401,
+                            status: "UNAUTHORIZED",
+                            message: "Unauthorized user.",
+                            info: {
+                              status: "TOKEN_INVALID_ERR",
+                              message: "Invalid refresh token.",
+                            }
+                          });
+                        } else {
+                          delete user.iat;
+                          delete user.exp;
+                          const newAccessToken = jwt.sign(user, passport_config.secret, {
+                            expiresIn: passport_config.token_expired
+                          });
+                          res.status(200).json({
+                            code: 200,
+                            status: "TOKEN_REFRESHED",
+                            user: user,
+                            accessToken: newAccessToken,
+                          });
+                        }
+                      });
+                    }
+                  });
                   // create auth data endpoints
-                  endpoint.post(auth_endpoint + '/create', auth.credentialsGuard, (req, res) => {
+                  endpoint.post(auth_endpoint + '/create', Duplicater(), Limiter(), auth.credentialsGuard, (req, res) => {
                     const promise = new Promise((resolve) => {
                       /**
                        * 
@@ -249,7 +291,7 @@ module.exports = {
                     });
                   });
                   // patch auth data endpoints
-                  endpoint.patch(auth_endpoint + '/update/:id', auth.credentials, (req, res) => {
+                  endpoint.patch(auth_endpoint + '/update/:id', Duplicater(), Limiter(), auth.credentials, (req, res) => {
                     const promise = new Promise((resolve) => {
                       if (passport_config.app_key_allow) {
                         if (req.headers.app_key) {
@@ -303,7 +345,7 @@ module.exports = {
                    *  
                    */
                   if (passport_config.strategy.google.allow) {
-                    endpoint.get(auth_endpoint + '/google', passport.authenticate('google', {
+                    endpoint.get(auth_endpoint + '/google', Limiter(), passport.authenticate('google', {
                       scope: [
                         'https://www.googleapis.com/auth/userinfo.email',
                         'https://www.googleapis.com/auth/plus.login'
@@ -311,7 +353,7 @@ module.exports = {
                     }));
                     // google auth callback
                     const googleCallback = (passport_config.strategy.google.callbackURL) ? (passport_config.strategy.google.callbackURL[ 0 ] === "/" ? passport_config.strategy.google.callbackURL : "/" + passport_config.strategy.google.callbackURL) : "/google/callback";
-                    endpoint.get(auth_endpoint + googleCallback, passport.authenticate('google', { failureRedirect: passport_config.strategy.google.failureRedirect, failureMessage: true }), (req, res) => {
+                    endpoint.get(auth_endpoint + googleCallback, Limiter(), passport.authenticate('google', { failureRedirect: passport_config.strategy.google.failureRedirect, failureMessage: true }), (req, res) => {
                       if (typeof req.user.user !== 'undefined') {
                         // declare user for sign JWT
                         let user = JSON.parse(JSON.stringify(req.user.user));
@@ -360,10 +402,10 @@ module.exports = {
                    * 
                    */
                   if (passport_config.strategy.facebook.allow) {
-                    endpoint.get(auth_endpoint + '/facebook', passport.authenticate('facebook', { scope: [ 'email', 'public_profile' ] }));
+                    endpoint.get(auth_endpoint + '/facebook', Limiter(), passport.authenticate('facebook', { scope: [ 'email', 'public_profile' ] }));
                     // facebook callback
                     const facebookCallback = (passport_config.strategy.facebook.callbackURL) ? (passport_config.strategy.facebook.callbackURL[ 0 ] === "/" ? passport_config.strategy.facebook.callbackURL : "/" + passport_config.strategy.facebook.callbackURL) : "/facebook/callback";
-                    endpoint.get(auth_endpoint + facebookCallback, passport.authenticate('facebook', { failureRedirect: passport_config.strategy.facebook.failureRedirect, failureMessage: true }), (req, res) => {
+                    endpoint.get(auth_endpoint + facebookCallback, Limiter(), passport.authenticate('facebook', { failureRedirect: passport_config.strategy.facebook.failureRedirect, failureMessage: true }), (req, res) => {
                       if (typeof req.user.user !== 'undefined') {
                         // declare user for sign JWT
                         let user = JSON.parse(JSON.stringify(req.user.user));

package/packages/cli/core/test/check-node.js

@@ -0,0 +1,21 @@
+const current = process.versions.node;
+
+const required = {
+  min16: "16.20.0",
+  min22: "22.18.0",
+};
+
+const semver = (a, b) => {
+  const pa = a.split(".").map(Number);
+  const pb = b.split(".").map(Number);
+  for (let i = 0; i < 3; i++) {
+    if (pa[i] > pb[i]) return 1;
+    if (pa[i] < pb[i]) return -1;
+  }
+  return 0;
+};
+
+if (semver(current, required.min16) < 0 && semver(current, required.min22) < 0) {
+  console.error(`\n❌ You are using Node.js ${current}.\n` + `Beech requires Node.js version ${required.min16}+ or ${required.min22}+.\n` + `Please upgrade your Node.js version.\n`);
+  process.exit(1);
+}