mbkauthe 1.0.10 → 1.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/main.js +11 -9
  2. package/lib/validateSessionAndRole.js +13 -15
  3. package/package.json +1 -1
package/lib/main.js CHANGED
@@ -76,6 +76,9 @@ router.use(async (req, res, next) => {
76
76
  req.session.user = {
77
77
  id: user.id,
78
78
  username: user.UserName,
79
+ UserName: user.UserName,
80
+ Role: user.Role,
81
+ role: user.Role,
79
82
  sessionId,
80
83
  };
81
84
  console.log(`Session restored for user: ${user.UserName}`);
@@ -128,7 +131,8 @@ router.post("/mbkauthe/api/login", async (req, res) => {
128
131
  const secretKey = mbkautheVar.RECAPTCHA_SECRET_KEY;
129
132
  const verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${recaptcha}`;
130
133
 
131
- let BypassUsers = [mbkautheVar.BypassUsers];
134
+ let BypassUsers = Array.isArray(mbkautheVar.BypassUsers) ? mbkautheVar.BypassUsers : JSON.parse(mbkautheVar.BypassUsers); // Ensure it's a flat array
135
+
132
136
  if (mbkautheVar.RECAPTCHA_Enabled === "true") {
133
137
  if (!BypassUsers.includes(username)) {
134
138
  if (!recaptcha) {
@@ -185,14 +189,12 @@ router.post("/mbkauthe/api/login", async (req, res) => {
185
189
  }
186
190
 
187
191
 
188
- if (mbkautheVar.test === "true") {
189
- // Check if the user is authorized to use the application
190
- if (user.Role !== "SuperAdmin") {
191
- const allowedApps = user.AllowedApps;
192
- if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
193
- console.warn(`User \"${user.UserName}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
194
- return res.status(403).json({ success: false, message: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"` });
195
- }
192
+ // Check if the user is authorized to use the application
193
+ if (user.Role !== "SuperAdmin") {
194
+ const allowedApps = user.AllowedApps;
195
+ if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
196
+ console.warn(`User \"${user.UserName}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
197
+ return res.status(403).json({ success: false, message: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"` });
196
198
  }
197
199
  }
198
200
 
package/lib/validateSessionAndRole.js CHANGED
@@ -8,7 +8,7 @@ async function validateSession(req, res, next) {
8
8
  const sessionId = req.cookies.sessionId;
9
9
  const query = `SELECT * FROM "Users" WHERE "SessionId" = $1`;
10
10
  const result = await dblogin.query(query, [sessionId]);
11
- const userResult= result.rows[0];
11
+ const userResult = result.rows[0];
12
12
 
13
13
  if (result.rows.length > 0) {
14
14
  const user = result.rows[0];
@@ -32,9 +32,9 @@ async function validateSession(req, res, next) {
32
32
 
33
33
  try {
34
34
  const { id, sessionId } = req.session.user;
35
- const query = `SELECT "SessionId", "Active", "AllowedApps" FROM "Users" WHERE "id" = $1`;
35
+ const query = `SELECT "SessionId", "Active", "Role", "AllowedApps" FROM "Users" WHERE "id" = $1`;
36
36
  const result = await dblogin.query(query, [id]);
37
- const userResult= result.rows[0];
37
+ const userResult = result.rows[0];
38
38
 
39
39
  if (result.rows.length === 0 || userResult.SessionId !== sessionId) {
40
40
  console.log(`Session invalidated for user "${req.session.user.username}"`);
@@ -56,18 +56,16 @@ async function validateSession(req, res, next) {
56
56
  });
57
57
  }
58
58
 
59
- if (mbkautheVar.test === "true") {
60
- if (userResult.Role !== "SuperAdmin") {
61
- const allowedApps = userResult.AllowedApps;
62
- if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
63
- console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
64
- req.session.destroy();
65
- res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
66
- res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
67
- return res.render("templates/Error/Error.handlebars", {
68
- error: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"`,
69
- });
70
- }
59
+ if (userResult.Role !== "SuperAdmin") {
60
+ const allowedApps = userResult.AllowedApps;
61
+ if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
62
+ console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
63
+ req.session.destroy();
64
+ res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
65
+ res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
66
+ return res.render("templates/Error/Error.handlebars", {
67
+ error: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"`,
68
+ });
71
69
  }
72
70
  }
73
71
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mbkauthe",
3
- "version": "1.0.10",
3
+ "version": "1.0.12",
4
4
  "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
5
5
  "main": "index.js",
6
6
  "type": "module",