mbkauthe 1.0.20 → 1.0.22

package/.github/workflows/apisec-scan.yml

@@ -0,0 +1,71 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# APIsec addresses the critical need to secure APIs before they reach production.
+# APIsec provides the industry’s only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
+# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
+
+# How to Get Started with APIsec.ai
+# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
+#
+# 2. Register your account at https://cloud.apisec.ai/#/signup .
+#
+# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
+#
+# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
+#
+# apisec-run-scan
+#
+# This action triggers the on-demand scans for projects registered in APIsec.
+# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
+# Else you can view the scan results from the project home page in APIsec Platform.
+# The link to view the scan results is also displayed on the console on successful completion of action.
+
+# This is a starter workflow to help you get started with APIsec-Scan Actions
+
+name: APIsec
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  # Customize trigger events based on your DevSecOps processes.
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '44 15 * * 0'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+
+permissions:
+  contents: read
+
+jobs:
+
+  Trigger_APIsec_scan:
+    permissions:
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    runs-on: ubuntu-latest
+
+    steps:
+       - name: APIsec scan
+         uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea
+         with:
+          # The APIsec username with which the scans will be executed
+          apisec-username: ${{ secrets.apisec_username }}
+          # The Password of the APIsec user with which the scans will be executed
+          apisec-password: ${{ secrets.apisec_password}}
+          # The name of the project for security scan
+          apisec-project: "VAmPI"
+          # The name of the sarif format result file The file is written only if this property is provided.
+          sarif-result-file: "apisec-results.sarif"
+       - name: Import results
+         uses: github/codeql-action/upload-sarif@v3
+         with:
+          sarif_file: ./apisec-results.sarif

package/README.md

@@ -21,6 +21,9 @@
     - [Login](#login)
     - [Logout](#logout)
     - [Terminate All Sessions](#terminate-all-sessions)
+    - [Package Information](#package-information)
+    - [Version Information](#version-information)
+    - [Package Lock Information](#package-lock-information)
   - [Database Structure](#database-structure)
   - [License](#license)
   - [Contact \& Support](#contact--support)
@@ -211,8 +214,38 @@ router.post(["/terminateAllSessions"], authenticate(mbkautheVar.Password), (req,
 - Response:
   - `200`: All sessions terminated successfully.
   - `500`: Internal server error.
-  - 
-  
+
+### Package Information
+
+**GET** `/mbkauthe/package`
+
+- **Description**: Retrieves the `package.json` file of the `mbkauthe` package, which contains metadata about the package, such as its name, version, dependencies, and more.
+- **Response**:
+  - `200`: Successfully retrieved the `package.json` file.
+    - **Body**: JSON object containing the contents of the `package.json` file.
+  - `500`: Internal server error.
+
+
+### Version Information
+
+**GET** `/mbkauthe/version` or `/mbkauthe/v`
+
+- **Description**: Retrieves the current version of the `mbkauthe` package from the `package.json` file.
+- **Response**:
+  - `200`: Successfully retrieved the version information.
+    - **Body**: JSON object containing the version, e.g., `{ "version": "1.0.0" }`.
+  - `500`: Internal server error.
+
+
+### Package Lock Information
+
+**GET** `/mbkauthe/package-lock`
+
+- **Description**: Retrieves the `package-lock.json` file from the project where the `mbkauthe` package is installed. Filters and returns only the dependency information related to `mbkauthe`, including resolved versions and integrity hashes.
+- **Response**:
+  - `200`: Successfully retrieved the filtered `package-lock.json` data for `mbkauthe`.
+    - **Body**: JSON object containing the filtered dependency information for `mbkauthe`.
+  - `500`: Internal server error.
 
 ## Database Structure
 

package/index.js

@@ -1,3 +1,4 @@
+import express from "express"; // Add this line
 import router from "./lib/main.js";
 
 import dotenv from "dotenv";
@@ -21,8 +22,7 @@ if (mbkautheVar.RECAPTCHA_Enabled === "true") {
     if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
         throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
     }
-}  console.log(mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined);
-
+}
 if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
     const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
     if (isNaN(expireTime) || expireTime <= 0) {
@@ -35,6 +35,14 @@ if (mbkautheVar.BypassUsers !== undefined) {
     }
 }
 
+if (process.env.test === "true") {
+    const app = express();
+    const port = 3000;
+    app.use(router);
+    app.listen(port, () => {
+        console.log(`Server running on http://localhost:${port}`);
+    });
+}
 
 export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate } from "./lib/validateSessionAndRole.js";
 export { dblogin } from "./lib/pool.js";

package/lib/main.js

@@ -7,6 +7,13 @@ import { dblogin } from "./pool.js";
 import { authenticate } from "./validateSessionAndRole.js";
 import fetch from 'node-fetch';
 import cookieParser from "cookie-parser";
+import bcrypt from 'bcrypt';
+
+import { createRequire } from "module";
+const require = createRequire(import.meta.url);
+const packageJson = require("../package.json");
+import fs from "fs";
+import path from "path";
 
 import dotenv from "dotenv";
 dotenv.config();
@@ -189,9 +196,24 @@ router.post("/mbkauthe/api/login", async (req, res) => {
 
     const user = userResult.rows[0];
 
-    if (user.Password !== password) {
-      console.log(`Incorrect password for username: ${username}`);
-      return res.status(401).json({ success: false, message: "Incorrect Username Or Password" });
+    if (mbkautheVar.EncryptedPassword === "true") {
+      try {
+        const result = await bcrypt.compare(password, user.Password);
+        if (!result) {
+          console.log("Incorrect password.");
+          return res.status(401).json({ success: false, errorCode: 603, message: "Incorrect Username Or Password." });
+        }
+        console.log("Password matches!");
+      } catch (err) {
+        console.error("Error comparing password:", err);
+        return res.status(500).json({ success: false, errorCode: 605, message: `Internal Server Error` });
+      }
+    } else {
+      // Check if the password matches
+      if (user.Password !== password) {
+        console.log(`Incorrect password for username: ${username}`);
+        return res.status(401).json({ success: false, errorCode: 603, message: "Incorrect Username Or Password" });
+      }
     }
 
     if (!user.Active) {
@@ -302,4 +324,44 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
   }
 });
 
+// Return package.json data of mbkauthe
+router.get("/mbkauthe/package", (_, res) => {
+  res.status(200).json({ version: packageJson });
+});
+
+// Return version number of mbkauthe
+router.get(["/mbkauthe/version", "/mbkauthe/v"], (_, res) => {
+  res.status(200).json({ version: packageJson.version });
+});
+
+// Return package-lock.json data of mbkauthe from project the package is installed in
+router.get("/mbkauthe/package-lock", (_, res) => {
+  console.log("Request for package-lock.json received");
+  const packageLockPath = path.resolve(process.cwd(), "package-lock.json");
+  fs.readFile(packageLockPath, "utf8", (err, data) => {
+    if (err) {
+      console.error("Error reading package-lock.json:", err);
+      return res.status(500).json({ success: false, message: "Failed to read package-lock.json" });
+    }
+    try {
+      const packageLock = JSON.parse(data);
+      const mbkautheData = {
+        name: 'mbkauthe',
+        version: packageLock.packages['node_modules/mbkauthe'].version,
+        resolved: packageLock.packages['node_modules/mbkauthe'].resolved,
+        integrity: packageLock.packages['node_modules/mbkauthe'].integrity,
+        license: packageLock.packages['node_modules/mbkauthe'].license,
+        dependencies: packageLock.packages['node_modules/mbkauthe'].dependencies
+      };
+      const rootDependency = packageLock.packages[''].dependencies.mbkauthe;
+      console.log('mbkauthe package data:', mbkautheData);
+      console.log('Root dependency version:', rootDependency);
+      res.status(200).json({ mbkautheData, rootDependency });
+    } catch (parseError) {
+      console.error("Error parsing package-lock.json:", parseError);
+      res.status(500).json({ success: false, message: "Failed to parse package-lock.json" });
+    }
+  });
+});
+
 export default router;

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "mbkauthe",
-  "version": "1.0.20",
+  "version": "1.0.22",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
   "scripts": {
-    "test": "node index.js"
+    "test": "set test=true&& node index.js"
   },
   "repository": {
     "type": "git",
@@ -26,6 +26,7 @@
   },
   "homepage": "https://github.com/MIbnEKhalid/mbkauthe#readme",
   "dependencies": {
+    "bcrypt": "^5.1.1",
     "connect-pg-simple": "^10.0.0",
     "cookie-parser": "^1.4.7",
     "dotenv": "^16.4.7",
@@ -34,4 +35,4 @@
     "node-fetch": "^3.3.2",
     "pg": "^8.14.1"
   }
-}
+}