frontend-hamroun 1.2.16 → 1.2.17

package/src/backend/auth.ts

@@ -1,544 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-const jwt =require('jsonwebtoken');
-const bcrypt=require('bcrypt');
-
-const  crypto=require('crypto');
-
-/**
- * Authentication configuration options
- */
-export interface AuthOptions {
-  /**
-   * Secret key for JWT signing
-   */
-  jwtSecret: string;
-  
-  /**
-   * Secret key for refresh token signing (defaults to jwtSecret if not provided)
-   */
-  refreshSecret?: string;
-  
-  /**
-   * JWT token expiration time (default: '15m')
-   */
-  tokenExpiration?: string;
-  
-  /**
-   * Refresh token expiration time (default: '7d')
-   */
-  refreshExpiration?: string;
-  
-  /**
-   * Number of bcrypt salt rounds (default: 10)
-   */
-  saltRounds?: number;
-  
-  /**
-   * Custom user finder function
-   */
-  findUser?: (username: string) => Promise<any>;
-  
-  /**
-   * Custom password verification (defaults to bcrypt compare)
-   */
-  verifyPassword?: (password: string, hashedPassword: string) => Promise<boolean>;
-  
-  /**
-   * Custom function to save refresh token
-   */
-  saveRefreshToken?: (userId: string, token: string, expires: Date) => Promise<void>;
-  
-  /**
-   * Custom function to verify refresh token
-   */
-  verifyRefreshToken?: (userId: string, token: string) => Promise<boolean>;
-  
-  /**
-   * Use secure cookies for tokens (default: process.env.NODE_ENV === 'production')
-   */
-  secureCookies?: boolean;
-  
-  /**
-   * Cookie domain
-   */
-  cookieDomain?: string;
-  
-  /**
-   * Use HTTP-only cookies (default: true)
-   */
-  httpOnlyCookies?: boolean;
-  
-  /**
-   * Implement rate limiting for login attempts (default: true)
-   */
-  rateLimit?: boolean;
-}
-
-/**
- * Token pair containing access and refresh tokens
- */
-export interface TokenPair {
-  accessToken: string;
-  refreshToken: string;
-  expiresIn: number;
-}
-
-/**
- * Authentication service
- */
-export class Auth {
-  private options: AuthOptions;
-  private loginAttempts: Map<string, { count: number, resetTime: number }> = new Map();
-  
-  constructor(options: AuthOptions) {
-    this.options = {
-      tokenExpiration: '15m',
-      refreshExpiration: '7d',
-      saltRounds: 10,
-      secureCookies: process.env.NODE_ENV === 'production',
-      httpOnlyCookies: true,
-      rateLimit: true,
-      ...options,
-      refreshSecret: options.refreshSecret || options.jwtSecret
-    };
-    
-    if (!options.jwtSecret) {
-      throw new Error('JWT secret is required for authentication');
-    }
-    
-    // Set default password verification if not provided
-    if (!this.options.verifyPassword) {
-      this.options.verifyPassword = this.verifyPasswordWithBcrypt;
-    }
-  }
-  
-  /**
-   * Hash a password using bcrypt
-   */
-  async hashPassword(password: string): Promise<string> {
-    return await bcrypt.hash(password, this.options.saltRounds || 10);
-  }
-  
-  /**
-   * Verify a password against a hash using bcrypt
-   */
-  private async verifyPasswordWithBcrypt(password: string, hashedPassword: string): Promise<boolean> {
-    return await bcrypt.compare(password, hashedPassword);
-  }
-  
-  /**
-   * Generate a cryptographically secure random token
-   */
-  generateSecureToken(length = 32): string {
-    return crypto.randomBytes(length).toString('hex');
-  }
-  
-  /**
-   * Generate token pair (access token + refresh token)
-   */
-  generateTokenPair(payload: any): TokenPair {
-    // Calculate expiration times
-    const expiresIn = this.getExpirationSeconds(this.options.tokenExpiration || '15m');
-    
-    // Generate the access token
-    const accessToken = jwt.sign(
-      { ...payload, type: 'access' }, 
-      this.options.jwtSecret, 
-      { expiresIn: this.options.tokenExpiration }
-    );
-    
-    // Generate the refresh token
-    const refreshToken = jwt.sign(
-      { id: payload.id, type: 'refresh' },
-      this.options.refreshSecret!,
-      { expiresIn: this.options.refreshExpiration }
-    );
-    
-    return {
-      accessToken,
-      refreshToken,
-      expiresIn
-    };
-  }
-  
-  /**
-   * Convert JWT expiration time to seconds
-   */
-  private getExpirationSeconds(expiration: string): number {
-    const unit = expiration.charAt(expiration.length - 1);
-    const value = parseInt(expiration.slice(0, -1));
-    
-    switch (unit) {
-      case 's': return value;
-      case 'm': return value * 60;
-      case 'h': return value * 60 * 60;
-      case 'd': return value * 60 * 60 * 24;
-      default: return 3600; // Default 1 hour
-    }
-  }
-  
-  /**
-   * Verify a JWT token
-   */
-  verifyToken(token: string, type: 'access' | 'refresh' = 'access'): any {
-    try {
-      const secret = type === 'access' ? this.options.jwtSecret : this.options.refreshSecret;
-      const decoded = jwt.verify(token, secret!);
-      
-      // Verify token type matches expected type
-      if (typeof decoded === 'object' && decoded.type !== type) {
-        throw new Error('Invalid token type');
-      }
-      
-      return decoded;
-    } catch (error) {
-      throw new Error('Invalid or expired token');
-    }
-  }
-  
-  /**
-   * Set authentication cookies
-   */
-  setAuthCookies(res: Response, tokens: TokenPair): void {
-    // Set access token cookie
-    res.cookie('accessToken', tokens.accessToken, {
-      httpOnly: this.options.httpOnlyCookies,
-      secure: this.options.secureCookies,
-      domain: this.options.cookieDomain,
-      sameSite: 'strict',
-      maxAge: tokens.expiresIn * 1000
-    });
-    
-    // Set refresh token cookie with longer expiration
-    const refreshExpiresIn = this.getExpirationSeconds(this.options.refreshExpiration || '7d');
-    res.cookie('refreshToken', tokens.refreshToken, {
-      httpOnly: true, // Always HTTP only for refresh tokens
-      secure: this.options.secureCookies,
-      domain: this.options.cookieDomain,
-      sameSite: 'strict',
-      maxAge: refreshExpiresIn * 1000,
-      path: '/api/auth/refresh' // Restrict to refresh endpoint
-    });
-  }
-  
-  /**
-   * Clear authentication cookies
-   */
-  clearAuthCookies(res: Response): void {
-    res.clearCookie('accessToken');
-    res.clearCookie('refreshToken', { path: '/api/auth/refresh' });
-  }
-  
-  /**
-   * Check and handle rate limiting
-   */
-  private checkRateLimit(ip: string): boolean {
-    if (!this.options.rateLimit) {
-      return true;
-    }
-    
-    const now = Date.now();
-    const attempt = this.loginAttempts.get(ip);
-    
-    if (!attempt) {
-      this.loginAttempts.set(ip, { count: 1, resetTime: now + 3600000 });
-      return true;
-    }
-    
-    // Reset if time expired
-    if (now > attempt.resetTime) {
-      this.loginAttempts.set(ip, { count: 1, resetTime: now + 3600000 });
-      return true;
-    }
-    
-    // Check attempts
-    if (attempt.count >= 5) {
-      return false;
-    }
-    
-    // Increment counter
-    attempt.count++;
-    this.loginAttempts.set(ip, attempt);
-    return true;
-  }
-  
-  /**
-   * Login middleware to authenticate users
-   */
-  login = async (req: Request, res: Response): Promise<void> => {
-    try {
-      const { username, password } = req.body;
-      const ip = req.ip || req.connection.remoteAddress || '';
-      
-      // Check rate limiting
-      if (!this.checkRateLimit(ip)) {
-        res.status(429).json({ 
-          success: false, 
-          message: 'Too many login attempts. Please try again later.' 
-        });
-        return;
-      }
-      
-      if (!username || !password) {
-        res.status(400).json({ 
-          success: false, 
-          message: 'Username and password are required' 
-        });
-        return;
-      }
-      
-      // Use custom find user function if provided
-      if (!this.options.findUser) {
-        res.status(500).json({ 
-          success: false, 
-          message: 'User finder function not configured' 
-        });
-        return;
-      }
-      
-      const user = await this.options.findUser(username);
-      
-      if (!user) {
-        res.status(401).json({ 
-          success: false, 
-          message: 'Invalid credentials' 
-        });
-        return;
-      }
-      
-      // Verify password
-      const isPasswordValid = await this.options.verifyPassword!(
-        password, 
-        user.password
-      );
-      
-      if (!isPasswordValid) {
-        res.status(401).json({ 
-          success: false, 
-          message: 'Invalid credentials' 
-        });
-        return;
-      }
-      
-      // Create a sanitized user object (without password)
-      const userWithoutPassword = { ...user };
-      delete userWithoutPassword.password;
-      
-      // Generate tokens
-      const tokenPair = this.generateTokenPair({
-        id: user.id || user._id,
-        username: user.username,
-        role: user.role || 'user'
-      });
-      
-      // Save refresh token if the function is provided
-      if (this.options.saveRefreshToken) {
-        const refreshExpiry = new Date();
-        refreshExpiry.setSeconds(refreshExpiry.getSeconds() + 
-          this.getExpirationSeconds(this.options.refreshExpiration || '7d'));
-          
-        await this.options.saveRefreshToken(
-          user.id || user._id,
-          tokenPair.refreshToken,
-          refreshExpiry
-        );
-      }
-      
-      // Set authentication cookies if using cookie-based auth
-      if (req.body.useCookies) {
-        this.setAuthCookies(res, tokenPair);
-      }
-      
-      res.json({
-        success: true,
-        message: 'Authentication successful',
-        tokens: tokenPair,
-        user: userWithoutPassword
-      });
-    } catch (error) {
-      console.error('Authentication error:', error);
-      res.status(500).json({ 
-        success: false, 
-        message: 'Authentication failed',
-        error: process.env.NODE_ENV !== 'production' ? (error as Error).message : undefined
-      });
-    }
-  };
-  
-  /**
-   * Refresh token handler
-   */
-  refreshToken = async (req: Request, res: Response): Promise<void> => {
-    try {
-      // Get refresh token from cookies or request body
-      const refreshToken = req.cookies?.refreshToken || req.body.refreshToken;
-      
-      if (!refreshToken) {
-        res.status(401).json({ 
-          success: false, 
-          message: 'Refresh token required' 
-        });
-        return;
-      }
-      
-      // Verify the refresh token
-      const decoded = this.verifyToken(refreshToken, 'refresh');
-      
-      // Check if token is still valid in database if verification function provided
-      if (this.options.verifyRefreshToken) {
-        const isValid = await this.options.verifyRefreshToken(decoded.id, refreshToken);
-        if (!isValid) {
-          this.clearAuthCookies(res);
-          res.status(401).json({ 
-            success: false, 
-            message: 'Invalid refresh token' 
-          });
-          return;
-        }
-      }
-      
-      // Generate new token pair
-      const tokenPair = this.generateTokenPair({
-        id: decoded.id,
-        // We need to fetch the user data again for complete payload
-        ...(this.options.findUser ? await this.options.findUser(decoded.id) : {})
-      });
-      
-      // Update refresh token in database if save function provided
-      if (this.options.saveRefreshToken) {
-        const refreshExpiry = new Date();
-        refreshExpiry.setSeconds(refreshExpiry.getSeconds() + 
-          this.getExpirationSeconds(this.options.refreshExpiration || '7d'));
-          
-        await this.options.saveRefreshToken(
-          decoded.id,
-          tokenPair.refreshToken,
-          refreshExpiry
-        );
-      }
-      
-      // Set cookies if cookie-based auth is used
-      const useCookies = req.cookies?.accessToken || req.body.useCookies;
-      if (useCookies) {
-        this.setAuthCookies(res, tokenPair);
-      }
-      
-      res.json({
-        success: true,
-        message: 'Token refreshed successfully',
-        tokens: tokenPair
-      });
-    } catch (error) {
-      this.clearAuthCookies(res);
-      res.status(401).json({ 
-        success: false, 
-        message: 'Invalid or expired refresh token',
-        error: process.env.NODE_ENV !== 'production' ? (error as Error).message : undefined
-      });
-    }
-  };
-  
-  /**
-   * Logout handler
-   */
-  logout = async (req: Request, res: Response): Promise<void> => {
-    try {
-      // Clear cookies
-      this.clearAuthCookies(res);
-      
-      // Invalidate refresh token if verification function provided
-      const refreshToken = req.cookies?.refreshToken || req.body.refreshToken;
-      if (refreshToken && this.options.saveRefreshToken) {
-        try {
-          const decoded = this.verifyToken(refreshToken, 'refresh');
-          
-          // Check if invalidateToken function exists, otherwise we just remove it from storage
-          if (typeof this.options.saveRefreshToken === 'function') {
-            // We pass null as the token to indicate deletion/invalidation
-            await this.options.saveRefreshToken(decoded.id, '', new Date());
-          }
-        } catch (e) {
-          // Token already invalid, nothing to do
-        }
-      }
-      
-      res.json({ success: true, message: 'Logged out successfully' });
-    } catch (error) {
-      console.error('Logout error:', error);
-      res.status(500).json({ success: false, message: 'Logout failed', error: (error as Error).message });
-    }
-  };
-  
-  /**
-   * Middleware to verify user is authenticated
-   */
-  authenticate = (req: Request, res: Response, next: NextFunction): void => {
-    try {
-      // Get token from Authorization header or cookies
-      let token = req.cookies?.accessToken;
-      
-      if (!token) {
-        const authHeader = req.headers.authorization;
-        if (authHeader && authHeader.startsWith('Bearer ')) {
-          token = authHeader.split(' ')[1];
-        }
-      }
-      
-      if (!token) {
-        res.status(401).json({ 
-          success: false, 
-          message: 'Authentication required' 
-        });
-        return;
-      }
-      
-      const decoded = this.verifyToken(token, 'access');
-      
-      // Add user info to request
-      (req as any).user = decoded;
-      
-      next();
-    } catch (error) {
-      res.status(401).json({ 
-        success: false, 
-        message: 'Invalid or expired token',
-        error: process.env.NODE_ENV !== 'production' ? (error as Error).message : undefined
-      });
-    }
-  };
-  
-  /**
-   * Middleware to check if user has required role
-   */
-  hasRole = (role: string | string[]) => {
-    return (req: Request, res: Response, next: NextFunction): void => {
-      const user = (req as any).user;
-      
-      if (!user) {
-        res.status(401).json({ 
-          success: false, 
-          message: 'Authentication required' 
-        });
-        return;
-      }
-      
-      const roles = Array.isArray(role) ? role : [role];
-      
-      if (roles.includes(user.role)) {
-        next();
-      } else {
-        res.status(403).json({ 
-          success: false, 
-          message: 'Insufficient permissions' 
-        });
-      }
-    };
-  };
-}
-
-/**
- * Create an authentication service
- */
-export function createAuth(options: AuthOptions): Auth {
-  return new Auth(options);
-}

package/src/backend/database.ts

@@ -1,104 +0,0 @@
-import mongoose from 'mongoose';
-import { DatabaseOptions } from './types';
-
-/**
- * Database connector for MongoDB using Mongoose
- */
-export  class DatabaseConnector {
-  private options: DatabaseOptions;
-  private connection: mongoose.Connection | null = null;
-  private _connected = false;  // Renamed from isConnected to _connected
-
-  constructor(options: DatabaseOptions) {
-    this.options = {
-      retryAttempts: 3,
-      retryDelay: 1000,
-      connectionTimeout: 10000,
-      autoIndex: true,
-      ...options
-    };
-  }
-
-  /**
-   * Connect to the database
-   */
-  async connect(): Promise<mongoose.Connection> {
-    try {
-      if (this._connected && this.connection) {
-        return this.connection;
-      }
-
-      // Set Mongoose options
-      mongoose.set('strictQuery', true);
-      
-      // Connect with retry logic
-      let attempts = 0;
-      while (attempts < (this.options.retryAttempts || 3)) {
-        try {
-          await mongoose.connect(this.options.uri, {
-            dbName: this.options.name,
-            connectTimeoutMS: this.options.connectionTimeout,
-            autoIndex: this.options.autoIndex,
-            ...this.options.options
-          });
-          break;
-        } catch (error) {
-          attempts++;
-          if (attempts >= (this.options.retryAttempts || 3)) {
-            throw error;
-          }
-          console.log(`Connection attempt ${attempts} failed. Retrying in ${this.options.retryDelay}ms...`);
-          await new Promise(resolve => setTimeout(resolve, this.options.retryDelay));
-        }
-      }
-
-      this.connection = mongoose.connection;
-      this._connected = true;
-
-      // Log successful connection
-      console.log(`Connected to MongoDB at ${this.options.uri}/${this.options.name}`);
-      
-      // Handle connection events
-      this.connection.on('error', (err) => {
-        console.error('MongoDB connection error:', err);
-        this._connected = false;
-      });
-
-      this.connection.on('disconnected', () => {
-        console.log('MongoDB disconnected');
-        this._connected = false;
-      });
-
-      return this.connection;
-    } catch (error) {
-      console.error('Failed to connect to MongoDB:', error);
-      throw error;
-    }
-  }
-
-  /**
-   * Disconnect from the database
-   */
-  async disconnect(): Promise<void> {
-    if (this.connection) {
-      await mongoose.disconnect();
-      this._connected = false;
-      this.connection = null;
-      console.log('Disconnected from MongoDB');
-    }
-  }
-
-  /**
-   * Check if connected to the database
-   */
-  isConnected(): boolean {
-    return this._connected;
-  }
-
-  /**
-   * Get the mongoose connection
-   */
-  getConnection(): mongoose.Connection | null {
-    return this.connection;
-  }
-}