npm - mbkauthe - Versions diffs - 1.0.15 → 1.0.17 - Mend

mbkauthe 1.0.15 → 1.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/main.js +52 -59
package/lib/validateSessionAndRole.js +25 -18
package/package.json +1 -1

package/lib/main.js CHANGED Viewed

@@ -25,6 +25,7 @@ try {
 } catch (error) {
   console.log("Error parsing COOKIE_EXPIRE_TIME:", error);
 }
 // Enable CORS for subdomains
 router.use((req, res, next) => {
   const origin = req.headers.origin;
@@ -41,46 +42,30 @@ router.use(express.json());
 router.use(express.urlencoded({ extended: true }));
 router.use(cookieParser());
-// Configure session with proper domain settings
+// Configure session with proper domain settings for cross-subdomain sharing
 const sessionConfig = {
   store: new PgSession({
     pool: dblogin,
     tableName: "session",
+    createTableIfMissing: true
   }),
   secret: mbkautheVar.SESSION_SECRET_KEY,
   resave: false,
   saveUninitialized: false,
+  proxy: true, // Trust the reverse proxy
   cookie: {
     maxAge: COOKIE_EXPIRE_TIME,
     domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
     httpOnly: true,
-    secure: mbkautheVar.IS_DEPLOYED === 'true',
+    secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false, // 'auto' respects X-Forwarded-Proto
     sameSite: 'lax',
+    path: '/'
   },
-  name: 'mbkauthe.sid' // Unique session cookie name
+  name: 'mbkauthe.sid'
 };
 router.use(session(sessionConfig));
-router.use(async (req, res, next) => {
-  if (req.session && req.session.user) {
-    res.cookie("username", req.session.user.username, {
-      maxAge: COOKIE_EXPIRE_TIME,
-      path: '/', // Ensure the cookie is available on all paths
-      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
-      secure: mbkautheVar.IS_DEPLOYED === 'true',
-    });
-    res.cookie("sessionId", req.session.user.sessionId, {
-      maxAge: COOKIE_EXPIRE_TIME,
-      path: '/',
-      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
-      secure: mbkautheVar.IS_DEPLOYED === 'true',
-    });
-  }
-  next();
-});
 // Middleware to handle session restoration from sessionId cookie
 router.use(async (req, res, next) => {
   if (!req.session.user && req.cookies.sessionId) {
@@ -108,23 +93,42 @@ router.use(async (req, res, next) => {
   next();
 });
-//Invoke-RestMethod -Uri http://localhost:3030/terminateAllSessions -Method POST
-// Terminate all sessions route
+// Set consistent cookie options for all cookies
+const getCookieOptions = () => ({
+  maxAge: COOKIE_EXPIRE_TIME,
+  domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+  secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
+  sameSite: 'lax',
+  path: '/',
+  httpOnly: true
+});
+router.use(async (req, res, next) => {
+  if (req.session && req.session.user) {
+    const cookieOptions = getCookieOptions();
+    res.cookie("username", req.session.user.username, cookieOptions);
+    res.cookie("sessionId", req.session.user.sessionId, cookieOptions);
+  }
+  next();
+});
 router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_SECRET_TOKEN), async (req, res) => {
   try {
     await dblogin.query(`UPDATE "Users" SET "SessionId" = NULL`);
-    // Clear the session table
     await dblogin.query('DELETE FROM "session"');
-    // Destroy all sessions on the server
     req.session.destroy((err) => {
       if (err) {
         console.log("Error destroying session:", err);
-        return res
-          .status(500)
-          .json({ success: false, message: "Failed to terminate sessions" });
+        return res.status(500).json({ success: false, message: "Failed to terminate sessions" });
       }
+      // Clear all cookies with proper domain
+      const cookieOptions = getCookieOptions();
+      res.clearCookie("mbkauthe.sid", cookieOptions);
+      res.clearCookie("sessionId", cookieOptions);
+      res.clearCookie("username", cookieOptions);
       console.log("All sessions terminated successfully");
       res.status(200).json({
         success: true,
@@ -133,23 +137,20 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
     });
   } catch (err) {
     console.log("Database query error during session termination:", err);
-    res
-      .status(500)
-      .json({ success: false, message: "Internal Server Error" });
+    res.status(500).json({ success: false, message: "Internal Server Error" });
   }
-}
-);
+});
 router.post("/mbkauthe/api/login", async (req, res) => {
-  console.log("Login request received"); // Log when login is initiated
+  console.log("Login request received");
   const { username, password, token, recaptcha } = req.body;
-  console.log(`Login attempt for username: ${username}`); // Log username
+  console.log(`Login attempt for username: ${username}`);
   const secretKey = mbkautheVar.RECAPTCHA_SECRET_KEY;
   const verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${recaptcha}`;
-  let BypassUsers = Array.isArray(mbkautheVar.BypassUsers) ? mbkautheVar.BypassUsers : JSON.parse(mbkautheVar.BypassUsers); // Ensure it's a flat array
+  let BypassUsers = Array.isArray(mbkautheVar.BypassUsers) ? mbkautheVar.BypassUsers : JSON.parse(mbkautheVar.BypassUsers);
   if (mbkautheVar.RECAPTCHA_Enabled === "true") {
     if (!BypassUsers.includes(username)) {
@@ -160,7 +161,7 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       try {
         const response = await fetch(verificationUrl, { method: 'POST' });
         const body = await response.json();
-        console.log("reCAPTCHA verification response:", body); // Log reCAPTCHA response
+        console.log("reCAPTCHA verification response:", body);
         if (!body.success) {
           console.log("Failed reCAPTCHA verification");
@@ -182,7 +183,6 @@ router.post("/mbkauthe/api/login", async (req, res) => {
   }
   try {
-    // Query to check if the username exists
     const userQuery = `SELECT * FROM "Users" WHERE "UserName" = $1`;
     const userResult = await dblogin.query(userQuery, [username]);
@@ -193,20 +193,16 @@ router.post("/mbkauthe/api/login", async (req, res) => {
     const user = userResult.rows[0];
-    // Check if the password matches
     if (user.Password !== password) {
       console.log(`Incorrect password for username: ${username}`);
       return res.status(401).json({ success: false, message: "Incorrect Username Or Password" });
     }
-    // Check if the account is inactive
     if (!user.Active) {
       console.log(`Inactive account for username: ${username}`);
       return res.status(403).json({ success: false, message: "Account is inactive" });
     }
-    // Check if the user is authorized to use the application
     if (user.Role !== "SuperAdmin") {
       const allowedApps = user.AllowedApps;
       if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
@@ -219,7 +215,7 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       let sharedSecret;
       const query = `SELECT "TwoFAStatus", "TwoFASecret" FROM "TwoFA" WHERE "UserName" = $1`;
       const twoFAResult = await dblogin.query(query, [username]);
-      console.log("TwoFA query result:", twoFAResult.rows); // Log TwoFA query result
+      console.log("TwoFA query result:", twoFAResult.rows);
       sharedSecret = twoFAResult.rows[0]?.TwoFASecret;
       if (twoFAResult.rows.length > 0 && twoFAResult.rows[0].TwoFAStatus && !token) {
@@ -232,7 +228,7 @@ router.post("/mbkauthe/api/login", async (req, res) => {
           secret: sharedSecret,
           encoding: "base32",
           token: token,
-          window: 1, // Allows a margin for clock drift, optional
+          window: 1,
         });
         if (!tokenValidates) {
@@ -242,16 +238,14 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       }
     }
-    // Generate session ID
     const sessionId = crypto.randomBytes(256).toString("hex");
-    console.log(`Generated session ID for username: ${username}`); // Log session ID
+    console.log(`Generated session ID for username: ${username}`);
     await dblogin.query(`UPDATE "Users" SET "SessionId" = $1 WHERE "id" = $2`, [
       sessionId,
       user.id,
     ]);
-    // Store session ID in session
     req.session.user = {
       id: user.id,
       username: user.UserName,
@@ -259,15 +253,10 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       sessionId,
     };
-    res.cookie("sessionId", sessionId, {
-      maxAge: COOKIE_EXPIRE_TIME,
-      path: '/',
-      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
-      secure: mbkautheVar.IS_DEPLOYED === 'true',
-    });
+    const cookieOptions = getCookieOptions();
+    res.cookie("sessionId", sessionId, cookieOptions);
     console.log(req.session.user);
     console.log(`User "${username}" logged in successfully`);
     res.status(200).json({
       success: true,
@@ -296,9 +285,13 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
           console.log("Error destroying session:", err);
           return res.status(500).json({ success: false, message: "Logout failed" });
         }
-        // Clear both session cookies
-        res.clearCookie("connect.sid");
-        res.clearCookie("sessionId"); // Clear the sessionId cookie used for restoration
+        // Clear all cookies with proper domain
+        const cookieOptions = getCookieOptions();
+        res.clearCookie("mbkauthe.sid", cookieOptions);
+        res.clearCookie("sessionId", cookieOptions);
+        res.clearCookie("username", cookieOptions);
         console.log(`User "${username}" logged out successfully`);
         res.status(200).json({ success: true, message: "Logout successful" });
       });

package/lib/validateSessionAndRole.js CHANGED Viewed

@@ -1,6 +1,15 @@
 import { dblogin } from "./pool.js";
 const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+// Get consistent cookie options
+const getCookieOptions = () => ({
+  domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+  secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
+  sameSite: 'lax',
+  path: '/',
+  httpOnly: true
+});
 async function validateSession(req, res, next) {
   // First check if we have a session cookie
   if (!req.session.user && req.cookies.sessionId) {
@@ -25,7 +34,6 @@ async function validateSession(req, res, next) {
   }
   if (!req.session.user) {
     console.log("User not authenticated");
     console.log(req.session.user);
     return res.render("templates/Error/NotLoggedIn.handlebars", {
@@ -42,8 +50,10 @@ async function validateSession(req, res, next) {
     if (result.rows.length === 0 || userResult.SessionId !== sessionId) {
       console.log(`Session invalidated for user "${req.session.user.username}"`);
       req.session.destroy();
-      res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
-      res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
+      const cookieOptions = getCookieOptions();
+      res.clearCookie("mbkauthe.sid", cookieOptions);
+      res.clearCookie("sessionId", cookieOptions);
+      res.clearCookie("username", cookieOptions);
       return res.render("templates/Error/SessionExpire.handlebars", {
         currentUrl: req.originalUrl,
       });
@@ -52,8 +62,10 @@ async function validateSession(req, res, next) {
     if (!userResult.Active) {
       console.log(`Account is inactive for user "${req.session.user.username}"`);
       req.session.destroy();
-      res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
-      res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
+      const cookieOptions = getCookieOptions();
+      res.clearCookie("mbkauthe.sid", cookieOptions);
+      res.clearCookie("sessionId", cookieOptions);
+      res.clearCookie("username", cookieOptions);
       return res.render("templates/Error/AccountInactive.handlebars", {
         currentUrl: req.originalUrl,
       });
@@ -64,8 +76,10 @@ async function validateSession(req, res, next) {
       if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
         console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
         req.session.destroy();
-        res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
-        res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
+        const cookieOptions = getCookieOptions();
+        res.clearCookie("mbkauthe.sid", cookieOptions);
+        res.clearCookie("sessionId", cookieOptions);
+        res.clearCookie("username", cookieOptions);
         return res.render("templates/Error/Error.handlebars", {
           error: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"`,
         });
@@ -100,9 +114,7 @@ const checkRolePermission = (requiredRole) => {
       const result = await dblogin.query(query, [userId]);
       if (result.rows.length === 0) {
-        return res
-          .status(401)
-          .json({ success: false, message: "User not found" });
+        return res.status(401).json({ success: false, message: "User not found" });
       }
       const userRole = result.rows[0].Role;
@@ -116,9 +128,7 @@ const checkRolePermission = (requiredRole) => {
       next();
     } catch (err) {
       console.error("Permission check error:", err);
-      res
-        .status(500)
-        .json({ success: false, message: "Internal Server Error" });
+      res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   };
 };
@@ -137,12 +147,11 @@ async function getUserData(UserName, parameters) {
       throw new Error("Parameters are required to fetch user data");
     }
-    // Dynamically select fields from Users table based on `parameters`
     const userFields = [
-      "Password", "UserName", "Role", "Active", "GuestRole", "HaveMailAccount",
+      "Password", "UserName", "Role", "Active", "GuestRole", "HaveMailAccount", "AllowedApps",
     ];
     const profileFields = [
-      "FullName", "email", "Image", "ProjectLinks", "SocialAccounts", "Bio",
+      "FullName", "email", "Image", "ProjectLinks", "SocialAccounts", "Bio", "Positions",
     ];
     let userParameters = [];
@@ -156,7 +165,6 @@ async function getUserData(UserName, parameters) {
       profileParameters = profileFields.filter(field => parameters.includes(field));
     }
-    // Prepare queries based on required fields
     let userResult = {};
     if (userParameters.length > 0) {
       const userQuery = `SELECT ${userParameters.map(field => `"${field}"`).join(", ")}
@@ -175,7 +183,6 @@ async function getUserData(UserName, parameters) {
       profileResult = profileQueryResult.rows[0];
     }
-    // Combine results
     const combinedResult = { ...userResult, ...profileResult };
     return combinedResult;
   } catch (err) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.0.15",
+  "version": "1.0.17",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",