lupine.api 1.1.45 → 1.1.46

package/admin/index.ts

@@ -1,6 +1,9 @@
 export * from './admin-css';
+export * from './admin-db';
+export * from './admin-frame';
+export * from './admin-frame-helper';
 export * from './admin-index';
 export * from './admin-login';
-// export * from './admin-users';
-export * from './admin-frame';
-export * from './admin-db';
+export * from './admin-release';
+export * from './admin-tokens';
+export * from './admin-performance';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lupine.api",
-  "version": "1.1.45",
+  "version": "1.1.46",
   "license": "MIT",
   "author": "uuware.com",
   "homepage": "https://github.com/uuware/lupine.js",

package/src/admin-api/admin-api-helper.ts

@@ -0,0 +1,205 @@
+import { ServerResponse } from 'http';
+import { ApiHelper } from '../api';
+import { CryptoUtils, Logger } from '../lib';
+import { ServerRequest } from '../models';
+
+/*
+dev-admin uses different authentication method from frontend.
+dev-admin only provides fixed username and password authentication, no user maintenance.
+saved cookie name: _token_dev
+*/
+
+// DEFAULT_ADMIN_PASS is DEFAULT_ADMIN_NAME + ':' + login password hash.
+// Use below command to generate hash:
+// node -e "console.log(require('crypto').createHash('md5').update('admin:F4AZ5O@2fPUjw%f$LmhZpJTQ^DoXnWPkH#hqE', 'utf8').digest('hex'))"
+export type DevAdminSessionProps = {
+  u: string; // username
+  t: string; // type: admin, user
+  ip: string;
+  h: string; // md5 of name+pass
+};
+
+/*
+dev admin has more permissions than app admin, and the dashboard also supports for app admin only users.
+app admin is supposed to manage the application, not the site, and may have different fields in cookie.
+This is a sample how to set login process for app admin.
+
+export const appAdminHookSetCookie: AppAdminHookSetCookieProps = async (
+  req: ServerRequest,
+  res: ServerResponse,
+  username: string
+) => {
+  const cryptoKey = process.env['CRYPTO_KEY'];
+  const u = process.env['ADMIN_USER'];
+  const p = process.env['ADMIN_PASS'];
+  if (!cryptoKey || !u || !p) {
+    return {};
+  }
+
+  const specialToken = CryptoUtils.hash((u + ':' + p) as string);
+  const loginJson: LoginJsonProps = {
+    ip: '',
+    id: 0,
+    u: u,
+    t: 'admin',
+    h: specialToken,
+  };
+
+  const token = JSON.stringify(loginJson);
+  const tokenCookie = CryptoUtils.encrypt(token, cryptoKey);
+  const response = {
+    status: 'ok',
+    message: langHelper.getLang('shared:login_success'),
+    result: tokenCookie,
+    user: {
+      u: loginJson.u,
+      t: loginJson.t,
+    },
+  };
+
+  // sameSite: 'none' needs secure=true
+  req.locals.setCookie('_token', tokenCookie, {
+    expireDays: 360,
+    path: '/',
+    httpOnly: false,
+    secure: true,
+    sameSite: 'none',
+  });
+  return response;
+};
+
+export const appAdminHookCheckLogin: AppAdminHookCheckLoginProps = async (
+  req: ServerRequest,
+  res: ServerResponse,
+  username: string,
+  password: string
+) => {
+  if (process.env['ADMIN_PASS'] && username === process.env['ADMIN_USER'] && password === process.env['ADMIN_PASS']) {
+    const appAdminResponse = await appAdminHookSetCookie(req, res, username);
+    ApiHelper.sendJson(req, res, appAdminResponse);
+    return true;
+  }
+  return false;
+};
+
+adminHelper.setAppAdminHookSetCookie(appAdminHookSetCookie);
+adminHelper.setAppAdminHookCheckLogin(appAdminHookCheckLogin);
+*/
+export type AppAdminHookSetCookieProps = (req: ServerRequest, res: ServerResponse, username: string) => Promise<any>;
+export type AppAdminHookCheckLoginProps = (req: ServerRequest, res: ServerResponse, username: string, password: string) => Promise<boolean>;
+export type AppAdminHookLogoutProps = (req: ServerRequest, res: ServerResponse) => Promise<void>;
+
+export const DEV_ADMIN_TYPE = 'dev-admin';
+export const DEV_ADMIN_CRYPTO_KEY_NAME = 'DEV_CRYPTO_KEY';
+export const DEV_ADMIN_SESSION_NAME = '_token_dev';
+export class AdminApiHelper {
+  private static instance: AdminApiHelper;
+  private logger = new Logger('admin-api');
+
+  private constructor() {}
+
+  public static getInstance(): AdminApiHelper {
+    if (!AdminApiHelper.instance) {
+      AdminApiHelper.instance = new AdminApiHelper();
+    }
+    return AdminApiHelper.instance;
+  }
+
+  private AppAdminHookSetCookie?: AppAdminHookSetCookieProps;
+  setAppAdminHookSetCookie(hook: AppAdminHookSetCookieProps) {
+    this.AppAdminHookSetCookie = hook;
+  }
+  getAppAdminHookSetCookie() {
+    return this.AppAdminHookSetCookie;
+  }
+
+  private AppAdminHookCheckLogin?: AppAdminHookCheckLoginProps;
+  setAppAdminHookCheckLogin(hook: AppAdminHookCheckLoginProps) {
+    this.AppAdminHookCheckLogin = hook;
+  }
+  getAppAdminHookCheckLogin() {
+    return this.AppAdminHookCheckLogin;
+  }
+
+  private AppAdminHookLogout?: AppAdminHookLogoutProps;
+  setAppAdminHookLogout(hook: AppAdminHookLogoutProps) {
+    this.AppAdminHookLogout = hook;
+  }
+  getAppAdminHookLogout() {
+    return this.AppAdminHookLogout;
+  }
+
+  decryptJson(text: string) {
+    const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
+    if (cryptoKey && text) {
+      try {
+        const deCrypto = CryptoUtils.decrypt(text, cryptoKey);
+        const json = JSON.parse(deCrypto);
+        return json;
+      } catch (error: any) {
+        this.logger.error(error.message);
+      }
+    }
+    return false;
+  }
+
+  encryptJson(jsonOrText: string | object) {
+    const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
+    if (cryptoKey && jsonOrText) {
+      try {
+        const text = typeof jsonOrText === 'string' ? jsonOrText : JSON.stringify(jsonOrText);
+        const encryptText = CryptoUtils.encrypt(text, cryptoKey);
+        return encryptText;
+      } catch (error: any) {
+        this.logger.error(error.message);
+      }
+    }
+    return false;
+  }
+
+  async getDevAdminFromCookie(
+    req: ServerRequest,
+    res: ServerResponse,
+    sendResponseWhenError = true
+  ): Promise<DevAdminSessionProps | false> {
+    try {
+      const cookies = req.locals.cookies();
+      const token = cookies.get(DEV_ADMIN_SESSION_NAME, '');
+      if (token) {
+        const json = this.decryptJson(token) as DevAdminSessionProps;
+        if (!json || json.t !== DEV_ADMIN_TYPE) {
+          if (sendResponseWhenError) {
+            const response = {
+              status: 'error',
+              message: 'Wrong session data, contact site admin please.',
+            };
+            ApiHelper.sendJson(req, res, response);
+          }
+          return false;
+        }
+
+        // if it's special admin
+        if (json.h && json.u === process.env['DEV_ADMIN_USER']) {
+          const hash = CryptoUtils.hash(process.env['DEV_ADMIN_USER'] + ':' + process.env['DEV_ADMIN_PASS']);
+          if (json.h === hash) {
+            return json;
+          }
+        }
+        return false;
+      }
+    } catch (error: any) {
+      this.logger.error(error.message);
+    }
+    if (sendResponseWhenError) {
+      const response = {
+        status: 'error',
+        message: 'Please login to use this system.',
+      };
+      ApiHelper.sendJson(req, res, response);
+    }
+    return false;
+  }
+}
+
+// add comment for tree shaking
+export const adminApiHelper = /* @__PURE__ */ AdminApiHelper.getInstance();

package/src/admin-api/admin-api.ts

@@ -2,7 +2,7 @@ import { ServerResponse } from 'http';
 // import { AdminUser } from './admin-user';
 import { AdminDb } from './admin-db';
 import { AdminMenu } from './admin-menu';
-import { devAdminAuth, needDevAdminSession } from './admin-auth';
+import { devAdminAuth, devAdminLogout, needDevAdminSession } from './admin-auth';
 import { AdminPerformance } from './admin-performance';
 import { AdminRelease } from './admin-release';
 import { AdminResources } from './admin-resources';
@@ -10,7 +10,7 @@ import { AdminTokens } from './admin-tokens';
 import { AdminConfig } from './admin-config';
 import { Logger } from '../lib';
 import { IApiBase, ServerRequest } from '../models';
-import {ApiRouter } from '../api';
+import { ApiRouter } from '../api';
 
 const logger = new Logger('admin-api');
 
@@ -55,5 +55,8 @@ export class AdminApi implements IApiBase {
     this.router.use('/auth', async (req: ServerRequest, res: ServerResponse) => {
       return devAdminAuth(req, res);
     });
+    this.router.use('/logout', async (req: ServerRequest, res: ServerResponse) => {
+      return devAdminLogout(req, res);
+    });
   }
 }

package/src/admin-api/admin-auth.ts

@@ -1,12 +1,13 @@
 import { ServerResponse } from 'http';
 import { Logger, ServerRequest, ApiHelper } from 'lupine.api';
 import { CryptoUtils } from '../lib/utils/crypto';
-import { adminHelper, DEV_ADMIN_CRYPTO_KEY_NAME, DEV_ADMIN_TYPE, DevAdminSessionProps } from './admin-helper';
+import { adminApiHelper, DEV_ADMIN_CRYPTO_KEY_NAME, DEV_ADMIN_TYPE, DevAdminSessionProps } from './admin-api-helper';
 import { langHelper } from '../lang';
 
 const logger = new Logger('admin-auth');
+
 export const needDevAdminSession = async (req: ServerRequest, res: ServerResponse) => {
-  const devAdminSession = await adminHelper.getDevAdminFromCookie(req, res, true);
+  const devAdminSession = await adminApiHelper.getDevAdminFromCookie(req, res, true);
   if (!devAdminSession) {
     // return true to skip the rest of the middleware
     return true;
@@ -18,8 +19,8 @@ export const needDevAdminSession = async (req: ServerRequest, res: ServerRespons
 export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
   const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
   if (!cryptoKey) {
-    const msg = langHelper.getLang('shared:crypto_key_not_set', {
-      cryptoKey: DEV_ADMIN_CRYPTO_KEY_NAME,
+    const msg = langHelper.getLang('shared:name_not_set', {
+      name: 'ENV ' + DEV_ADMIN_CRYPTO_KEY_NAME,
     });
     logger.error(msg);
     const response = {
@@ -31,7 +32,7 @@ export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
   }
   if (!process.env['DEV_ADMIN_PASS']) {
     const msg = langHelper.getLang('shared:name_not_set', {
-      name: 'DEV_ADMIN_PASS',
+      name: 'ENV DEV_ADMIN_PASS',
     });
     logger.error(msg);
     const response = {
@@ -46,14 +47,34 @@ export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
   const data = req.locals.json();
   if (!data || Array.isArray(data) || !data.u || !data.p) {
     // if session already exists, use session data login
-    const devAdminSession = await adminHelper.getDevAdminFromCookie(req, res, true);
+    const devAdminSession = await adminApiHelper.getDevAdminFromCookie(req, res, false);
     if (!devAdminSession) {
+      // check is app admin
+      const appAdminHookCheckLogin = adminApiHelper.getAppAdminHookCheckLogin();
+      if (appAdminHookCheckLogin) {
+        if (await appAdminHookCheckLogin(req, res, '', '')) {
+          return true;
+        }
+      }
+
+      const response = {
+        status: 'error',
+        message: 'Please login to use this system.',
+      };
+      ApiHelper.sendJson(req, res, response);
       return true;
     }
+    // if it's dev admin, then set app admin cookie as well
+    let addLoginResponse = {};
+    const appAdminHookSetCookie = adminApiHelper.getAppAdminHookSetCookie();
+    if (appAdminHookSetCookie) {
+      addLoginResponse = await appAdminHookSetCookie(req, res, devAdminSession.u);
+    }
     const response = {
+      ...addLoginResponse,
       status: 'ok',
       message: langHelper.getLang('shared:login_success'),
-      result: CryptoUtils.encrypt(JSON.stringify(devAdminSession), cryptoKey),
+      devLogin: CryptoUtils.encrypt(JSON.stringify(devAdminSession), cryptoKey),
     };
     ApiHelper.sendJson(req, res, response);
     return true;
@@ -68,15 +89,40 @@ export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
       h: CryptoUtils.hash(data.u + ':' + data.p),
     };
     const token = JSON.stringify(devSession);
+    const tokenCookie = CryptoUtils.encrypt(token, cryptoKey);
+
+    // if it's dev admin, then set app admin cookie as well
+    let addLoginResponse = {};
+    const appAdminHookSetCookie = adminApiHelper.getAppAdminHookSetCookie();
+    if (appAdminHookSetCookie) {
+      addLoginResponse = await appAdminHookSetCookie(req, res, data.u);
+    }
+
     const response = {
+      ...addLoginResponse,
       status: 'ok',
       message: langHelper.getLang('shared:login_success'),
-      result: CryptoUtils.encrypt(token, cryptoKey),
+      devLogin: tokenCookie,
     };
+    req.locals.setCookie('_token', tokenCookie, {
+      expireDays: 360,
+      path: '/',
+      httpOnly: false,
+      secure: true,
+      sameSite: 'none',
+    });
     ApiHelper.sendJson(req, res, response);
     return true;
   }
 
+  // check is app admin
+  const appAdminHookCheckLogin = adminApiHelper.getAppAdminHookCheckLogin();
+  if (appAdminHookCheckLogin) {
+    if (await appAdminHookCheckLogin(req, res, data.u as string, data.p as string)) {
+      return true;
+    }
+  }
+
   logger.info(`dev admin login failed: ${((data.u as string) || '').substring(0, 30)}`);
   const response = {
     status: 'error',
@@ -85,3 +131,10 @@ export const devAdminAuth = async (req: ServerRequest, res: ServerResponse) => {
   ApiHelper.sendJson(req, res, response);
   return true;
 };
+
+export const devAdminLogout = async (req: ServerRequest, res: ServerResponse) => {
+  req.locals.setCookie('_token_dev', '', { expireDays: 360, path: '/', httpOnly: false, secure: true, sameSite: 'none' });
+  await adminApiHelper.getAppAdminHookLogout()?.(req, res);
+  ApiHelper.sendJson(req, res, { status: 'ok', message: langHelper.getLang('shared:process_completed') });
+  return true;
+};

package/src/admin-api/admin-config.ts

@@ -1,18 +1,7 @@
 import { ServerResponse } from 'http';
 import * as fs from 'fs/promises';
-import {
-  IApiBase,
-  Logger,
-  apiCache,
-  ServerRequest,
-  ApiRouter,
-  ApiHelper,
-  langHelper,
-  FsUtils,
-  adminHelper,
-} from 'lupine.api';
+import { IApiBase, Logger, apiCache, ServerRequest, ApiRouter, ApiHelper, langHelper, FsUtils } from 'lupine.api';
 import path from 'path';
-import { needDevAdminSession } from './admin-auth';
 
 export class AdminConfig implements IApiBase {
   private logger = new Logger('config-api');

package/src/admin-api/admin-performance.ts

@@ -16,7 +16,7 @@ import {
   AppCacheGlobal,
   getAppCache,
 } from 'lupine.api';
-import { adminHelper } from './admin-helper';
+import { adminApiHelper } from './admin-api-helper';
 import { needDevAdminSession } from './admin-auth';
 
 // #https://github.com/sebhildebrandt/systeminformation
@@ -38,7 +38,7 @@ export class AdminPerformance implements IApiBase {
   }
 
   async performanceData(req: ServerRequest, res: ServerResponse) {
-    const json = adminHelper.getDevAdminFromCookie(req, res, true);
+    const json = adminApiHelper.getDevAdminFromCookie(req, res, true);
     if (!json) {
       return false;
     }

package/src/admin-api/admin-release.ts

@@ -8,7 +8,7 @@ import {
   ApiHelper,
   langHelper,
   FsUtils,
-  adminHelper,
+  adminApiHelper,
   processRefreshCache,
 } from 'lupine.api';
 import path from 'path';
@@ -86,7 +86,7 @@ export class AdminRelease implements IApiBase {
 
   async refreshCache(req: ServerRequest, res: ServerResponse) {
     // check whether it's from online admin
-    const json = await adminHelper.getDevAdminFromCookie(req, res, false);
+    const json = await adminApiHelper.getDevAdminFromCookie(req, res, false);
     const jsonData = req.locals.json();
     if (json && jsonData && !Array.isArray(jsonData) && jsonData.isLocal) {
       await processRefreshCache(req);

package/src/admin-api/admin-resources.ts

@@ -9,7 +9,7 @@ import {
   ApiHelper,
   langHelper,
   FsUtils,
-  adminHelper,
+  adminApiHelper,
 } from 'lupine.api';
 import path from 'path';
 
@@ -64,7 +64,7 @@ export class AdminResources implements IApiBase {
     const chunkNumberStr = req.locals.query.get('chunkNumber') as string;
     const chunkNumber = parseInt(chunkNumberStr);
     const totalChunks = parseInt(req.locals.query.get('totalChunks') as string);
-    const decryptedKey = key && adminHelper.decryptJson(key.replace(/ /g, '+'));
+    const decryptedKey = key && adminApiHelper.decryptJson(key.replace(/ /g, '+'));
     const keyNG =
       !chunkNumberStr ||
       !totalChunks ||
@@ -100,7 +100,7 @@ export class AdminResources implements IApiBase {
       chunkNumber,
       totalChunks,
       message: langHelper.getLang('shared:file_part_updated'),
-      key: adminHelper.encryptJson({ ind: chunkNumber + 1, cnt: totalChunks, t: new Date().getTime() }),
+      key: adminApiHelper.encryptJson({ ind: chunkNumber + 1, cnt: totalChunks, t: new Date().getTime() }),
     };
     ApiHelper.sendJson(req, res, response);
     return true;

package/src/admin-api/admin-token-helper.ts

@@ -1,6 +1,6 @@
 import { apiStorage } from '../api';
 import { CryptoUtils, Logger } from '../lib';
-import { adminHelper } from './admin-helper';
+import { adminApiHelper } from './admin-api-helper';
 
 export type TokenProps = {
   token: string;
@@ -64,7 +64,7 @@ export class AdminTokenHelper {
 
   generate() {
     const salt = 'Lupine:' + CryptoUtils.uuid() + ':' + new Date().getTime().toString();
-    return adminHelper.encryptJson(salt) as string;
+    return adminApiHelper.encryptJson(salt) as string;
   }
 
   async validateToken(token: string) {

package/src/admin-api/index.ts

@@ -1,2 +1,2 @@
 export * from './admin-api';
-export * from './admin-helper';
+export * from './admin-api-helper';

package/src/lang/api-lang-en.ts

@@ -22,6 +22,5 @@ export const apiLangEn: OneLangProps = {
     'shared:not_found_file': 'File {fileName} is not found.',
 
     'shared:wrong_hash': 'Wrong hash.',
-    'shared:crypto_key_not_set': 'Crypto key [{cryptoKey}] not set',
   },
 };

package/src/lang/api-lang-zh-cn.ts

@@ -23,6 +23,5 @@ export const apiLangZhCn: OneLangProps = {
     'shared:not_found_file': '文件 {fileName} 未找到',
 
     'shared:wrong_hash': '错误的hash',
-    'shared:crypto_key_not_set': 'Crypto key [{cryptoKey}] 未设置',
   },
 };

package/admin/admin-frame-props.tsx

@@ -1,9 +0,0 @@
-import { TabsHookProps } from 'lupine.components';
-
-const adminFrameProps = {
-  maxWidthMobileMenu: '800px',
-  maxTabsCount: 20,
-  tabsHook: {} as TabsHookProps,
-};
-
-export { adminFrameProps };

package/src/admin-api/admin-helper.ts

@@ -1,111 +0,0 @@
-import { ServerResponse } from 'http';
-import { ApiHelper } from '../api';
-import { CryptoUtils, Logger } from '../lib';
-import { ServerRequest } from '../models';
-
-/*
-dev-admin uses different authentication method from frontend.
-dev-admin only provides fixed username and password authentication, no user maintenance.
-saved cookie name: _token_dev
-*/
-
-// DEFAULT_ADMIN_PASS is DEFAULT_ADMIN_NAME + ':' + login password hash.
-// Use below command to generate hash:
-// node -e "console.log(require('crypto').createHash('md5').update('admin:F4AZ5O@2fPUjw%f$LmhZpJTQ^DoXnWPkH#hqE', 'utf8').digest('hex'))"
-export type DevAdminSessionProps = {
-  u: string; // username
-  t: string; // type: admin, user
-  ip: string;
-  h: string; // md5 of name+pass
-};
-
-export const DEV_ADMIN_TYPE = 'dev-admin';
-export const DEV_ADMIN_CRYPTO_KEY_NAME = 'DEV_CRYPTO_KEY';
-export const DEV_ADMIN_SESSION_NAME = '_token_dev';
-export class AdminHelper {
-  private static instance: AdminHelper;
-  private logger = new Logger('admin-api');
-
-  private constructor() {}
-
-  public static getInstance(): AdminHelper {
-    if (!AdminHelper.instance) {
-      AdminHelper.instance = new AdminHelper();
-    }
-    return AdminHelper.instance;
-  }
-
-  decryptJson(text: string) {
-    const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
-    if (cryptoKey && text) {
-      try {
-        const deCrypto = CryptoUtils.decrypt(text, cryptoKey);
-        const json = JSON.parse(deCrypto);
-        return json;
-      } catch (error: any) {
-        this.logger.error(error.message);
-      }
-    }
-    return false;
-  }
-
-  encryptJson(jsonOrText: string | object) {
-    const cryptoKey = process.env[DEV_ADMIN_CRYPTO_KEY_NAME];
-    if (cryptoKey && jsonOrText) {
-      try {
-        const text = typeof jsonOrText === 'string' ? jsonOrText : JSON.stringify(jsonOrText);
-        const encryptText = CryptoUtils.encrypt(text, cryptoKey);
-        return encryptText;
-      } catch (error: any) {
-        this.logger.error(error.message);
-      }
-    }
-    return false;
-  }
-
-  async getDevAdminFromCookie(
-    req: ServerRequest,
-    res: ServerResponse,
-    sendResponseWhenError = true
-  ): Promise<DevAdminSessionProps | false> {
-    try {
-      const cookies = req.locals.cookies();
-      const token = cookies.get(DEV_ADMIN_SESSION_NAME, '');
-      if (token) {
-        const json = this.decryptJson(token) as DevAdminSessionProps;
-        if (!json || json.t !== DEV_ADMIN_TYPE) {
-          if (sendResponseWhenError) {
-            const response = {
-              status: 'error',
-              message: 'Wrong session data, contact site admin please.',
-            };
-            ApiHelper.sendJson(req, res, response);
-          }
-          return false;
-        }
-
-        // if it's special admin
-        if (json.h && json.u === process.env['DEV_ADMIN_USER']) {
-          const hash = CryptoUtils.hash(process.env['DEV_ADMIN_USER'] + ':' + process.env['DEV_ADMIN_PASS']);
-          if (json.h === hash) {
-            return json;
-          }
-        }
-        return false;
-      }
-    } catch (error: any) {
-      this.logger.error(error.message);
-    }
-    if (sendResponseWhenError) {
-      const response = {
-        status: 'error',
-        message: 'Please login to use this system.',
-      };
-      ApiHelper.sendJson(req, res, response);
-    }
-    return false;
-  }
-}
-
-// add comment for tree shaking
-export const adminHelper = /* @__PURE__ */ AdminHelper.getInstance();