npm - crazy-odds-bet-shared - Versions diffs - 1.0.26 → 1.0.28 - Mend

crazy-odds-bet-shared 1.0.26 → 1.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/models/index.js CHANGED Viewed

@@ -6,6 +6,8 @@ const { Team } = require('./team');
 const { Player } = require('./player');
 const { Fixture, FixtureStatus } = require('./fixture');
 const { User } = require('./user');
+const { Permission } = require('./permission');
+const { Role } = require('./role');
 const { MarketTemplate } = require('./marketTemplate');
 const { Market } = require('./market');
 const { Odd } = require('./odd');
@@ -23,6 +25,8 @@ module.exports = {
   Fixture,
   FixtureStatus,
   User,
+  Permission,
+  Role,
   MarketTemplate,
   Market,
   Odd,

package/models/permission.js ADDED Viewed

@@ -0,0 +1,21 @@
+const { Schema, model } = require('mongoose');
+const { createBaseSchema, baseSchemaOptions } = require('./base');
+/**
+ * Permission schema - granular permission codes (e.g. "users:read", "roles:write")
+ */
+const permissionSchema = new Schema(
+  {
+    ...createBaseSchema(),
+    code: { type: String, required: true, unique: true, trim: true },
+    name: { type: String, required: true, trim: true },
+    description: { type: String, default: '' }
+  },
+  baseSchemaOptions
+);
+permissionSchema.index({ code: 1 });
+const Permission = model('Permission', permissionSchema);
+module.exports = { Permission };

package/models/role.js ADDED Viewed

@@ -0,0 +1,21 @@
+const { Schema, model } = require('mongoose');
+const { createBaseSchema, baseSchemaOptions } = require('./base');
+/**
+ * Role schema - named roles with a set of permission IDs (inherited by users assigned this role)
+ */
+const roleSchema = new Schema(
+  {
+    ...createBaseSchema(),
+    name: { type: String, required: true, unique: true, trim: true },
+    description: { type: String, default: '' },
+    permissionIds: [{ type: String, ref: 'Permission' }]
+  },
+  baseSchemaOptions
+);
+roleSchema.index({ name: 1 });
+const Role = model('Role', roleSchema);
+module.exports = { Role };

package/models/user.js CHANGED Viewed

@@ -1,6 +1,10 @@
+const bcrypt = require('bcrypt');
 const { Schema, model } = require('mongoose');
 const { createBaseSchema, baseSchemaOptions } = require('./base');
+const BCRYPT_ROUNDS = 10;
+const BCRYPT_PREFIX = '$2';
 /**
  * User schema
  */
@@ -10,15 +14,32 @@ const userSchema = new Schema(
     email: { type: String, required: true, unique: true, lowercase: true, trim: true },
     password: { type: String, required: true },
     name: { type: String, required: true },
-    role: { type: String, enum: ['admin', 'user'], default: 'user' },
+    roleId: { type: String, ref: 'Role', default: null },
+    /** Custom permission IDs added on top of role permissions */
+    permissionIds: [{ type: String, ref: 'Permission' }],
+    config: { type: Schema.Types.Mixed, default: {} },
     isActive: { type: Boolean, default: true }
   },
   baseSchemaOptions
 );
+// Hash password before saving (only when password was modified and not already a hash)
+userSchema.pre('save', async function (next) {
+  if (!this.isModified('password')) return next();
+  if (typeof this.password !== 'string') return next();
+  if (this.password.startsWith(BCRYPT_PREFIX)) return next();
+  try {
+    this.password = await bcrypt.hash(this.password, BCRYPT_ROUNDS);
+    next();
+  } catch (err) {
+    next(err);
+  }
+});
 // Indexes
 userSchema.index({ isActive: 1 });
-userSchema.index({ role: 1 });
+userSchema.index({ roleId: 1 });
+userSchema.index({ email: 1, isActive: 1 });
 // Static methods
 userSchema.static('findByEmail', function (email) {
@@ -29,8 +50,11 @@ userSchema.static('getActive', function () {
   return this.find({ isActive: true }).select('-password');
 });
-userSchema.static('findAdmins', function () {
-  return this.find({ role: 'admin', isActive: true }).select('-password');
+userSchema.static('findAdmins', async function () {
+  const Role = this.db.model('Role');
+  const adminRole = await Role.findOne({ name: 'Admin' }).lean();
+  if (!adminRole) return this.find({ _id: { $in: [] } }).select('-password');
+  return this.find({ roleId: adminRole._id, isActive: true }).select('-password');
 });
 // Instance methods
@@ -45,8 +69,18 @@ userSchema.method('deactivate', async function () {
 });
 userSchema.method('comparePassword', async function (password) {
-  // For now, simple comparison. In production, use bcrypt
-  return this.password === password;
+  if (!this.password) return false;
+  if (this.password.startsWith(BCRYPT_PREFIX)) {
+    const match = await bcrypt.compare(password, this.password);
+    if (match) return true;
+    return false;
+  }
+  const plainMatch = this.password === password;
+  if (plainMatch) {
+    this.password = await bcrypt.hash(password, BCRYPT_ROUNDS);
+    await this.save({ validateBeforeSave: false });
+  }
+  return plainMatch;
 });
 // Middleware to exclude password from toJSON

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "crazy-odds-bet-shared",
-  "version": "1.0.26",
+  "version": "1.0.28",
   "description": "Shared MongoDB models and utilities for odds project",
   "main": "index.js",
   "exports": {
@@ -29,6 +29,7 @@
   "author": "",
   "license": "MIT",
   "dependencies": {
+    "bcrypt": "^5.1.1",
     "dotenv": "^16.3.1",
     "mongoose": "^8.0.0",
     "uuid": "^9.0.1"