mbkauthe 1.0.26 → 1.1.1

package/README.md

@@ -32,12 +32,18 @@
 
 ## Features
 
-- **Session Management**: Secure session handling using `express-session` and `connect-pg-simple`.
-- **Role-Based Access Control**: Validate user roles and permissions with ease.
-- **Two-Factor Authentication (2FA)**: Optional 2FA support for enhanced security.
-- **reCAPTCHA Integration**: Protect login endpoints with Google reCAPTCHA.
-- **Cookie Management**: Configurable cookie expiration and domain settings.
-- **PostgreSQL Integration**: Uses a connection pool for efficient database interactions.
+- **Session Management:** Simplifies session handling with secure session restoration and expiration mechanisms.
+- **User Authentication:** Provides robust authentication, including support for username/password and Two-Factor Authentication (2FA).
+- **Role-Based Access Control (RBAC):** Enables fine-grained access control by validating user roles and permissions.
+- **Integration with PostgreSQL:** Seamlessly integrates with PostgreSQL for user and session data storage.
+- **reCAPTCHA Verification:** Adds an extra layer of security with reCAPTCHA support to prevent automated attacks.
+- **Middleware Functions:** Includes reusable middleware for session validation, role checking, and user authentication.
+- **API Endpoints:** Offers a set of RESTful APIs for login, logout, session termination, and package information retrieval.
+- **Environment Configuration:** Supports flexible configuration through .env files for deployment-specific settings.
+- **Demo Account:** Provides a demo account for hands-on exploration of the authentication system.
+- **Database Schema:** Predefined database structure for user, session, and 2FA data management.
+- **Extensibility:** Designed to be easily integrated into existing Node.js applications.
+- **Secure Cookies:** Ensures secure session handling with cookie expiration and domain-specific settings
 
 ## Installation
 
@@ -87,7 +93,7 @@ mbkautheVar='{
     "IS_DEPLOYED": "true",
     "LOGIN_DB": "postgres://username:password@host:port/database",
     "MBKAUTH_TWO_FA_ENABLE": "false",
-    "COOKIE_EXPIRE_TIME": "1",
+    "COOKIE_EXPIRE_TIME": 2,
     "DOMAIN": "yourdomain.com"
 }'
 ```

package/docs/db.md

@@ -34,7 +34,6 @@
       "Active" BOOLEAN NOT NULL DEFAULT true,
       "HaveMailAccount" BOOLEAN NOT NULL DEFAULT false,
       "SessionId" TEXT,
-      "GuestRole" JSONB DEFAULT '{"allowPages": [""], "NotallowPages": [""]}'::jsonb
       "AllowedApps" JSONB DEFAULT '["mbkauthe"]'::jsonb
   );
   ```

package/lib/info.js

@@ -0,0 +1,185 @@
+import express from "express";
+import fetch from 'node-fetch';
+import { createRequire } from "module";
+import fs from "fs";
+import path from "path";
+
+const require = createRequire(import.meta.url);
+const packageJson = require("../package.json");
+
+import dotenv from "dotenv";
+dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+
+const router = express.Router();
+
+// Return package.json data of mbkauthe
+router.get("/mbkauthe/package", async (_, res) => {
+  try {
+    const response = await fetch("https://mbkauthe.mbktechstudio.com/mbkauthe/package");
+    const latestPackageData = await response.json();
+    res.status(200).send(`
+        <html>
+          <head>
+            <title>Package Information</title>
+          </head>
+          <body>
+            <h1>Package Information</h1>
+            <p><strong>Current Version:</strong> ${JSON.stringify(packageJson, null, 2)}</p>
+            <p><strong>Latest Version:</strong> ${JSON.stringify(latestPackageData, null, 2)}</p>
+          </body>
+        </html>
+      `);
+  } catch (err) {
+    res.status(200).send(`
+        <html>
+          <head>
+            <title>Package Information</title>
+          </head>
+          <body>
+            <h1>Package Information</h1>
+            <p><strong>Current Version:</strong>  ${JSON.stringify(packageJson, null, 2)}</p>
+            <p><strong>Latest Version:</strong> Failed to fetch latest package data, Erro:${err.message}</p>
+          </body>
+        </html>
+      `);
+  }
+});
+
+// Return version number of mbkauthe
+router.get(["/mbkauthe/version", "/mbkauthe/v"], async (_, res) => {
+  try {
+    const response = await fetch("https://raw.githubusercontent.com/MIbnEKhalid/mbkauthe/refs/heads/main/package.json");
+    const latestPackageData = await response.json();
+    res.status(200).send(`
+        <html>
+          <head>
+            <title>Version Information</title>
+          </head>
+          <body>
+            <h1>Package Information</h1>
+            <p><strong>Current Version:</strong> ${JSON.stringify(packageJson.version, null, 2)}</p>
+            <p><strong>Latest Version:</strong> ${JSON.stringify(latestPackageData.version, null, 2)}</p>
+          </body>
+        </html>
+      `);
+  } catch (err) {
+    res.status(200).send(`
+        <html>
+          <head>
+            <title>Package Information</title>
+          </head>
+          <body>
+            <h1>Package Information</h1>
+            <p><strong>Current Version:</strong>  ${JSON.stringify(packageJson.version, null, 2)}</p>
+            <p><strong>Latest Version:</strong> Failed to fetch latest package data, Erro:${err.message}</p>
+          </body>
+        </html>
+      `);
+  }
+});
+
+// Return package-lock.json data of mbkauthe from project the package is installed in
+router.get("/mbkauthe/package-lock", (_, res) => {
+  console.log("Request for package-lock.json received");
+  const packageLockPath = path.resolve(process.cwd(), "package-lock.json");
+  fs.readFile(packageLockPath, "utf8", (err, data) => {
+    if (err) {
+      console.error("Error reading package-lock.json:", err);
+      return res.status(500).json({ success: false, message: "Failed to read package-lock.json" });
+    }
+    try {
+      const packageLock = JSON.parse(data);
+      const mbkautheData = {
+        name: 'mbkauthe',
+        version: packageLock.packages['node_modules/mbkauthe'].version,
+        resolved: packageLock.packages['node_modules/mbkauthe'].resolved,
+        integrity: packageLock.packages['node_modules/mbkauthe'].integrity,
+        license: packageLock.packages['node_modules/mbkauthe'].license,
+        dependencies: packageLock.packages['node_modules/mbkauthe'].dependencies
+      };
+      const rootDependency = packageLock.packages[''].dependencies.mbkauthe;
+      console.log('mbkauthe package data:', mbkautheData);
+      console.log('Root dependency version:', rootDependency);
+      res.status(200).json({ mbkautheData, rootDependency });
+    } catch (parseError) {
+      console.error("Error parsing package-lock.json:", parseError);
+      res.status(500).json({ success: false, message: "Failed to parse package-lock.json" });
+    }
+  });
+});
+
+// Return version number of mbkauthe
+router.get(["/mbkauthe", "/mbkauthe/info", "/mbkauthe/i"], async (_, res) => {
+  try {
+    res.status(200).send(`
+        <html>
+        <head>
+          <title>Version and Configuration Information</title>
+          <style>
+          body {
+            font-family: Arial, sans-serif;
+            line-height: 1.6;
+            margin: 20px;
+          }
+          h1 {
+            color: #333;
+          }
+          p {
+            margin: 5px 0;
+          }
+          a {
+            display: block;
+            margin: 10px 0;
+            color: #007BFF;
+            text-decoration: none;
+          }
+          a:hover {
+            text-decoration: underline;
+          }
+          .info-section {
+            margin-bottom: 20px;
+          }
+          </style>
+        </head>
+        <body>
+          <h1>Version and Configuration Information</h1>
+          <div class="info-section">
+          <h2>Current Version</h2>
+          <p><strong>Version:</strong> ${JSON.stringify(packageJson.version, null, 2)}</p>
+          </div>
+          <div class="info-section">
+          <h2>Configuration Information</h2>
+          <p><strong>APP_NAME:</strong> ${mbkautheVar.APP_NAME}</p>
+          <p><strong>RECAPTCHA_Enabled:</strong> ${mbkautheVar.RECAPTCHA_Enabled}</p>
+          <p><strong>MBKAUTH_TWO_FA_ENABLE:</strong> ${mbkautheVar.MBKAUTH_TWO_FA_ENABLE}</p>
+          <p><strong>COOKIE_EXPIRE_TIME:</strong> ${mbkautheVar.COOKIE_EXPIRE_TIME} Days</p>
+          <p><strong>IS_DEPLOYED:</strong> ${mbkautheVar.IS_DEPLOYED}</p>
+          <p><strong>DOMAIN:</strong> ${mbkautheVar.DOMAIN}</p>
+          </div>
+          <div class="info-section">
+          <h2>Useful Links</h2>
+          <a href="/mbkauthe/package">View mbkauthe package.json</a>
+          <a href="/mbkauthe/package-lock">View mbkauthe version info from installed project package-lock.json</a>
+          <a href="/mbkauthe/version">View Current and Latest Package Version</a>
+          </div>
+        </body>
+        </html>
+      `);
+  } catch (err) {
+    console.error("Error fetching version information:", err);
+    res.status(500).send(`
+        <html>
+          <head>
+            <title>Error</title>
+          </head>
+          <body>
+            <h1>Error</h1>
+            <p>Failed to fetch version information. Please try again later.</p>
+          </body>
+        </html>
+      `);
+  }
+});
+
+export default router;

package/lib/main.js

@@ -1,4 +1,4 @@
-import express, { json } from "express";
+import express from "express";
 import crypto from "crypto";
 import session from "express-session";
 import pgSession from "connect-pg-simple";
@@ -9,12 +9,7 @@ import fetch from 'node-fetch';
 import cookieParser from "cookie-parser";
 import bcrypt from 'bcrypt';
 import rateLimit from 'express-rate-limit';
-
-import { createRequire } from "module";
-const require = createRequire(import.meta.url);
-const packageJson = require("../package.json");
-import fs from "fs";
-import path from "path";
+import mbkautheinfo from "./info.js";
 
 import dotenv from "dotenv";
 dotenv.config();
@@ -22,7 +17,6 @@ const mbkautheVar = JSON.parse(process.env.mbkautheVar);
 
 const router = express.Router();
 
-// Enable CORS for subdomains
 router.use((req, res, next) => {
   const origin = req.headers.origin;
   if (origin && origin.endsWith(`.${mbkautheVar.DOMAIN}`)) {
@@ -33,12 +27,11 @@ router.use((req, res, next) => {
   }
   next();
 });
-
+router.use(mbkautheinfo);
 router.use(express.json());
 router.use(express.urlencoded({ extended: true }));
 router.use(cookieParser());
 
-// Add rate limiting for sensitive operations
 const LoginLimit = rateLimit({
   windowMs: 1 * 60 * 1000,
   max: 8,
@@ -48,7 +41,6 @@ const LoginLimit = rateLimit({
   }
 });
 
-// Configure session with proper domain settings for cross-subdomain sharing
 const sessionConfig = {
   store: new PgSession({
     pool: dblogin,
@@ -58,12 +50,12 @@ const sessionConfig = {
   secret: mbkautheVar.SESSION_SECRET_KEY,
   resave: false,
   saveUninitialized: false,
-  proxy: true, // Trust the reverse proxy
+  proxy: true,
   cookie: {
     maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
     domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
     httpOnly: true,
-    secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false, // 'auto' respects X-Forwarded-Proto
+    secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
     sameSite: 'lax',
     path: '/'
   },
@@ -72,7 +64,6 @@ const sessionConfig = {
 
 router.use(session(sessionConfig));
 
-// Middleware to handle session restoration from sessionId cookie
 router.use(async (req, res, next) => {
   if (!req.session.user && req.cookies.sessionId) {
     try {
@@ -95,7 +86,6 @@ router.use(async (req, res, next) => {
   next();
 });
 
-// Set consistent cookie options for all cookies
 const getCookieOptions = () => ({
   maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
   domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
@@ -125,7 +115,6 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
         return res.status(500).json({ success: false, message: "Failed to terminate sessions" });
       }
 
-      // Clear all cookies with proper domain
       const cookieOptions = getCookieOptions();
       res.clearCookie("mbkauthe.sid", cookieOptions);
       res.clearCookie("sessionId", cookieOptions);
@@ -208,7 +197,6 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
         return res.status(500).json({ success: false, errorCode: 605, message: `Internal Server Error` });
       }
     } else {
-      // Check if the password matches
       if (user.Password !== password) {
         console.log(`Incorrect password for username: ${username}`);
         return res.status(401).json({ success: false, errorCode: 603, message: "Incorrect Username Or Password" });
@@ -291,10 +279,8 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
     try {
       const { id, username } = req.session.user;
 
-      // Clear the SessionId in the database first
       await dblogin.query(`UPDATE "Users" SET "SessionId" = NULL WHERE "id" = $1`, [id]);
 
-      // Remove the session from the session table
       if (req.sessionID) {
         await dblogin.query('DELETE FROM "session" WHERE sid = $1', [req.sessionID]);
       }
@@ -305,7 +291,6 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
           return res.status(500).json({ success: false, message: "Logout failed" });
         }
 
-        // Clear all cookies with proper domain
         const cookieOptions = getCookieOptions();
         res.clearCookie("mbkauthe.sid", cookieOptions);
         res.clearCookie("sessionId", cookieOptions);
@@ -323,100 +308,4 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
   }
 });
 
-// Return package.json data of mbkauthe
-router.get("/mbkauthe/package", async (_, res) => {
-  try {
-    const response = await fetch("https://mbkauthe.mbktechstudio.com/mbkauthe/package");
-    const latestPackageData = await response.json();
-    res.status(200).send(`
-      <html>
-        <head>
-          <title>Package Information</title>
-        </head>
-        <body>
-          <h1>Package Information</h1>
-          <p><strong>Current Version:</strong> ${JSON.stringify(packageJson, null, 2)}</p>
-          <p><strong>Latest Version:</strong> ${JSON.stringify(latestPackageData, null, 2)}</p>
-        </body>
-      </html>
-    `);
-  } catch (err) {
-    res.status(200).send(`
-      <html>
-        <head>
-          <title>Package Information</title>
-        </head>
-        <body>
-          <h1>Package Information</h1>
-          <p><strong>Current Version:</strong>  ${JSON.stringify(packageJson, null, 2)}</p>
-          <p><strong>Latest Version:</strong> Failed to fetch latest package data, Erro:${err.message}</p>
-        </body>
-      </html>
-    `);
-  }
-});
-
-// Return version number of mbkauthe
-router.get(["/mbkauthe/version", "/mbkauthe/v"], async(_, res) => {
-  try {
-    const response = await fetch("https://mbkauthe.mbktechstudio.com/mbkauthe/version");
-    const latestPackageData = await response.json();
-    res.status(200).send(`
-      <html>
-        <head>
-          <title>Version Information</title>
-        </head>
-        <body>
-          <h1>Package Information</h1>
-          <p><strong>Current Version:</strong> ${JSON.stringify(packageJson.version, null, 2)}</p>
-          <p><strong>Latest Version:</strong> ${JSON.stringify(latestPackageData, null, 2)}</p>
-        </body>
-      </html>
-    `);
-  } catch (err) {
-    res.status(200).send(`
-      <html>
-        <head>
-          <title>Package Information</title>
-        </head>
-        <body>
-          <h1>Package Information</h1>
-          <p><strong>Current Version:</strong>  ${JSON.stringify(packageJson.version, null, 2)}</p>
-          <p><strong>Latest Version:</strong> Failed to fetch latest package data, Erro:${err.message}</p>
-        </body>
-      </html>
-    `);
-  }
-});
-
-// Return package-lock.json data of mbkauthe from project the package is installed in
-router.get("/mbkauthe/package-lock", (_, res) => {
-  console.log("Request for package-lock.json received");
-  const packageLockPath = path.resolve(process.cwd(), "package-lock.json");
-  fs.readFile(packageLockPath, "utf8", (err, data) => {
-    if (err) {
-      console.error("Error reading package-lock.json:", err);
-      return res.status(500).json({ success: false, message: "Failed to read package-lock.json" });
-    }
-    try {
-      const packageLock = JSON.parse(data);
-      const mbkautheData = {
-        name: 'mbkauthe',
-        version: packageLock.packages['node_modules/mbkauthe'].version,
-        resolved: packageLock.packages['node_modules/mbkauthe'].resolved,
-        integrity: packageLock.packages['node_modules/mbkauthe'].integrity,
-        license: packageLock.packages['node_modules/mbkauthe'].license,
-        dependencies: packageLock.packages['node_modules/mbkauthe'].dependencies
-      };
-      const rootDependency = packageLock.packages[''].dependencies.mbkauthe;
-      console.log('mbkauthe package data:', mbkautheData);
-      console.log('Root dependency version:', rootDependency);
-      res.status(200).json({ mbkautheData, rootDependency });
-    } catch (parseError) {
-      console.error("Error parsing package-lock.json:", parseError);
-      res.status(500).json({ success: false, message: "Failed to parse package-lock.json" });
-    }
-  });
-});
-
 export default router;

package/lib/pool.js

@@ -15,28 +15,27 @@ if (!mbkautheVar) {
 }
 const requiredKeys = ["APP_NAME", "RECAPTCHA_Enabled", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
 requiredKeys.forEach(key => {
-  if (!mbkautheVar[key]) {
-    throw new Error(`mbkautheVar.${key} is required`);
-  }
+    if (!mbkautheVar[key]) {
+        throw new Error(`mbkautheVar.${key} is required`);
+    }
 });
 if (mbkautheVar.RECAPTCHA_Enabled === "true") {
-  if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
-    throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
-  }
+    if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
+        throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
+    }
 }
 if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
-  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
-  if (isNaN(expireTime) || expireTime <= 0) {
-    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
-  }
+    const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+    if (isNaN(expireTime) || expireTime <= 0) {
+        throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+    }
 }
 if (mbkautheVar.BypassUsers !== undefined) {
-  if (!Array.isArray(mbkautheVar.BypassUsers)) {
-    throw new Error("mbkautheVar.BypassUsers must be a valid array");
-  }
+    if (!Array.isArray(mbkautheVar.BypassUsers)) {
+        throw new Error("mbkautheVar.BypassUsers must be a valid array");
+    }
 }
 
-// PostgreSQL connection pool for pool
 const poolConfig = {
   connectionString: mbkautheVar.LOGIN_DB,
   ssl: {
@@ -47,7 +46,6 @@ const poolConfig = {
 
 export const dblogin = new Pool(poolConfig);
 
-// Test connection for pool
 (async () => {
   try {
     const client = await dblogin.connect();

package/lib/validateSessionAndRole.js

@@ -1,7 +1,6 @@
 import { dblogin } from "./pool.js";
 const mbkautheVar = JSON.parse(process.env.mbkautheVar);
 
-// Get consistent cookie options
 const getCookieOptions = () => ({
   maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
   domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
@@ -12,7 +11,6 @@ const getCookieOptions = () => ({
 });
 
 async function validateSession(req, res, next) {
-  // First check if we have a session cookie
   if (!req.session.user && req.cookies.sessionId) {
     try {
       const sessionId = req.cookies.sessionId;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.0.26",
+  "version": "1.1.1",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",