mbkauthe 1.0.4 → 1.0.6

package/.env.example

@@ -0,0 +1,11 @@
+mbkautheVar='{
+    "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
+    "SESSION_SECRET_KEY": "your-session-secret-key",
+    "IS_DEPLOYED": "true",
+    "LOGIN_DB": "postgres://username:password@host:port/database",
+    "MBKAUTH_TWO_FA_ENABLE": "false",
+    "COOKIE_EXPIRE_TIME": 2,
+    "DOMAIN": "yourdomain.com"
+}'
+
+# See env.md for more details

package/.github/workflows/publish.yml

@@ -4,9 +4,16 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

package/README.md

@@ -1 +1,123 @@
-# mbkauthe
+# mbkauthe
+
+[![Publish to npm](https://github.com/MIbnEKhalid/mbkauthe/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/MIbnEKhalid/mbkauthe/actions/workflows/publish.yml) [![CodeQL Advanced](https://github.com/MIbnEKhalid/mbkauthe/actions/workflows/codeql.yml/badge.svg?branch=main)](https://github.com/MIbnEKhalid/mbkauthe/actions/workflows/codeql.yml)
+
+## Table of Contents
+
+- [Introduction](#mbkauth)
+- [Features](#features)
+- [Installation](#installation)
+- [Usage](#usage)
+  - [Basic Setup](#basic-setup)
+- [API Endpoints](#api-endpoints)
+  - [Login](#login)
+  - [Logout](#logout)
+  - [Terminate All Sessions](#terminate-all-sessions)
+- [Database Structure](#database-structure)
+- [License](#license)
+- [Contact & Support](#contact--support)
+
+`mbkAuthe` is a reusable authentication system for Node.js applications, designed to simplify session management, user authentication, and role-based access control. It integrates seamlessly with PostgreSQL and supports features like Two-Factor Authentication (2FA), session restoration, and reCAPTCHA verification.
+
+## Features
+
+- **Session Management**: Secure session handling using `express-session` and `connect-pg-simple`.
+- **Role-Based Access Control**: Validate user roles and permissions with ease.
+- **Two-Factor Authentication (2FA)**: Optional 2FA support for enhanced security.
+- **reCAPTCHA Integration**: Protect login endpoints with Google reCAPTCHA.
+- **Cookie Management**: Configurable cookie expiration and domain settings.
+- **PostgreSQL Integration**: Uses a connection pool for efficient database interactions.
+
+## Installation
+
+Install the package via npm:
+
+```bash
+npm install mbkauthe
+```
+
+## Usage
+### Basic Setup
+1. Import and configure the router in your Express application:
+```javascript
+import express from "express";
+import mbkAuthRouter from "mbkauthe";
+
+const app = express();
+
+app.use(mbkAuthRouter);
+
+app.listen(3000, () => {
+  console.log("Server is running on port 3000");
+});
+```
+2. Ensure your ``.env` file is properly configured. Refer to the [Configuration Guide(env.md)](env.md) for details.
+
+Example `.env` file:
+```code
+mbkautheVar='{
+    "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
+    "SESSION_SECRET_KEY": "your-session-secret-key",
+    "IS_DEPLOYED": "true",
+    "LOGIN_DB": "postgres://username:password@host:port/database",
+    "MBKAUTH_TWO_FA_ENABLE": "false",
+    "COOKIE_EXPIRE_TIME": 2,
+    "DOMAIN": "yourdomain.com"
+}'
+```
+
+## API Endpoints
+
+### Login
+
+**POST** `/mbkauth/api/login`
+- Request Body:
+  - `username`: User's username.
+  - `password`: User's password.
+  - `token`: (Optional) 2FA token.
+  - `recaptcha`: reCAPTCHA response.
+
+- Response:
+  - `200`: Login successful.
+  - `400`: Missing or invalid input.
+  - `401`: Unauthorized (e.g., invalid credentials or 2FA token).
+  - `500`: Internal server error.
+
+### Logout
+
+**POST** `/mbkauth/api/logout`
+- Response:
+  - `200`: Login successful.
+  - `400`: User not logged in.
+  - `500`: Internal server error.
+
+### Terminate All Sessions
+
+**POST** `/mbkauth/api/terminateAllSessions`
+- Authentication: Requires a valid `Main_SECRET_TOKEN` in the `Authorization` header.
+- Response:
+  - `200`: All sessions terminated successfully.
+  - `500`: Internal server error.
+  - 
+  
+
+## Database Structure
+
+This project utilizes three primary tables:
+
+1. **User**: Stores the main user information.
+2. **sess**: Contains session-related data for users.
+3. **TwoFA**: Saves the Two-Factor Authentication (2FA) secrets for users.
+
+For detailed information about table columns, schema, and queries to create these tables, refer to the [Database Guide (docs/db.md)](docs/db.md).
+
+## License
+This project is licensed under the `Mozilla Public License 2.0`. See the [LICENSE](./LICENSE) file for details.
+
+
+
+## Contact & Support
+
+For questions or contributions, please contact Muhammad Bin Khalid at [mbktechstudio.com/Support](https://mbktechstudio.com/Support/), [support@mbktechstudio.com](mailto:support@mbktechstudio.com) or [chmuhammadbinkhalid28.com](mailto:chmuhammadbinkhalid28.com). 
+
+**Developed by [Muhammad Bin Khalid](https://github.com/MIbnEKhalid)**

package/docs/db.md

@@ -0,0 +1,90 @@
+## Database structure
+
+[<- Back](README.md)
+
+## Table of Contents
+
+1. [Users Table](#users-table)
+2. [Session Table](#session-table)
+3. [Two-Factor Authentication Table](#two-factor-authentication-table)
+4. [Query to Add a User](#query-to-add-a-user)
+
+
+### Users Table
+
+- **Columns:**
+
+  - `id` (INTEGER, auto-increment, primary key): Unique identifier for each user.
+  - `UserName` (TEXT): The username of the user.
+  - `Password` (TEXT): The hashed password of the user.
+  - `Role` (ENUM): The role of the user. Possible values: `SuperAdmin`, `NormalUser`, `Guest`.
+  - `Active` (BOOLEAN): Indicates whether the user account is active.
+  - `HaveMailAccount` (BOOLEAN)(optional): Indicates if the user has a linked mail account.
+  - `SessionId` (TEXT): The session ID associated with the user.
+  - `GuestRole` (JSONB): Stores additional guest-specific role information in binary JSON format.
+
+- **Schema:**
+  ```sql
+  CREATE TABLE "Users" (
+      id INTEGER PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
+      "UserName" TEXT NOT NULL,
+      "Password" TEXT NOT NULL,
+      "Role" TEXT CHECK("Role" IN ('SuperAdmin', 'NormalUser', 'Guest')) NOT NULL DEFAULT 'NormalUser'::text,
+      "Active" BOOLEAN NOT NULL DEFAULT true,
+      "HaveMailAccount" BOOLEAN NOT NULL DEFAULT false,
+      "SessionId" TEXT,
+      "GuestRole" JSONB DEFAULT '{"allowPages": [""], "NotallowPages": [""]}'::jsonb
+  );
+  ```
+
+### Session Table
+
+- **Columns:**
+
+  - `sid` (VARCHAR, primary key): Unique session identifier.
+  - `sess` (JSON): Session data stored in JSON format.
+  - `expire` (TIMESTAMP): Expiration timestamp for the session.
+
+- **Schema:**
+  ```sql
+  CREATE TABLE session (
+          sid VARCHAR PRIMARY KEY,
+          sess JSON NOT NULL,
+          expire TIMESTAMP NOT NULL
+  );
+  ```
+
+### Two-Factor Authentication Table
+
+- **Columns:**
+
+  - `UserName` (TEXT): The username of the user.
+  - `TwoFAStatus` (TEXT): The status of two-factor authentication (e.g., enabled, disabled).
+  - `TwoFASecret` (TEXT): The secret key used for two-factor authentication.
+
+- **Schema:**
+  ```sql
+  CREATE TABLE "TwoFA" (
+          "UserName" TEXT NOT NULL PRIMARY KEY,
+          "TwoFAStatus" TEXT NOT NULL DEFAULT false,
+          "TwoFASecret" TEXT NOT NULL
+  );
+  ```
+
+### Query to Add a User
+
+To add new users to the `Users` table, use the following SQL queries:
+
+```sql
+        INSERT INTO "Users" ("UserName", "Password", "Role", "Active", "HaveMailAccount", "SessionId", "GuestRole")
+        VALUES ('support', '12345678', 'SuperAdmin', true, false, NULL, '{"allowPages": [""], "NotallowPages": [""]}'::jsonb);
+
+        INSERT INTO "Users" ("UserName", "Password", "Role", "Active", "HaveMailAccount", "SessionId", "GuestRole")
+        VALUES ('test', '12345678', 'NormalUser', true, false, NULL, '{"allowPages": [""], "NotallowPages": [""]}'::jsonb);
+```
+
+- Replace `support` and `test` with the desired usernames.
+- Replace `12345678` with the actual passwords.
+- Adjust the `Role` values as needed (`SuperAdmin`, `NormalUser`, or `Guest`).
+- Modify the `Active` and `HaveMailAccount` values as required.
+- Update the `GuestRole` JSON object if specific permissions are required(this functionality is under construction).

package/env.md

@@ -0,0 +1,55 @@
+# Configuration Guide
+
+[<- Back](README.md)
+
+## reCAPTCHA Settings
+```properties
+RECAPTCHA_SECRET_KEY=123
+```
+> Note: Obtain your secret key from Google reCAPTCHA Admin Console.
+
+
+## Session Settings
+```properties
+SESSION_SECRET_KEY=123
+IS_DEPLOYED=true
+DOMAIN=mbktechstudio.com
+```
+> **SESSION_SECRET_KEY**: Generate a secure key using [Generate Secret](https://generate-secret.vercel.app/32).
+
+> **IS_DEPLOYED**:
+
+> - `true`: For deployed environments. Sessions are shared across all subDOMAINs of `.mbktechstudio.com` or the DOMAIN specified in `DOMAIN`.
+
+> - `false`: For local development.
+
+> - Important: If set to `true`, login functionality will not work on `localhost`. Use a valid DOMAIN for proper operation.
+
+> **DOMAIN**:
+
+> - Set `DOMAIN` to your DOMAIN
+
+> - If you don't have a DOMAIN, set `IS_DEPLOYED=false`.
+
+
+## Database Settings
+
+```properties
+LOGIN_DB=postgresql://username:password@server.DOMAIN/db_name
+```
+> Replace the placeholder with your PostgreSQL connection string.
+
+
+## Two-Factor Authentication (2FA)
+```properties
+MBKAUTH_TWO_FA_ENABLE=false
+```
+> MBKAUTH_TWO_FA_ENABLE: Set to `true` to enable Two-Factor Authentication.
+
+
+## Cookie Settings
+
+```properties
+COOKIE_EXPIRE_TIME=5
+```
+> Cookie expiration time in days. Default is `2 days`.

package/index.js

@@ -1,23 +1,25 @@
-import dotenv from "dotenv";
-import Joi from "joi";
 import router from "./lib/main.js";
+
+import dotenv from "dotenv";
 dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+if (!mbkautheVar) {
+    throw new Error("mbkautheVar is not defined");
+}
+const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+requiredKeys.forEach(key => {
+    if (!mbkautheVar[key]) {
+        throw new Error(`mbkautheVar.${key} is required`);
+    }
+});
+if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
+    const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+    if (isNaN(expireTime) || expireTime <= 0) {
+        throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+    }
+}
 
-const envSchema = Joi.object({
-    RECAPTCHA_SECRET_KEY: Joi.string().required(),
-    SESSION_SECRET_KEY: Joi.string().required(),
-    IS_DEPLOYED: Joi.string().valid("true", "false").required(),
-    LOGIN_DB: Joi.string().uri().required(),
-    MBKAUTH_TWO_FA_ENABLE: Joi.string().valid("true", "false").required(),
-    COOKIE_EXPIRE_TIME: Joi.number().integer().positive(),
-    DOMAIN: Joi.string().required(),
-}).unknown(true);
 
-const { error } = envSchema.validate(process.env);
-if (error) {
-    throw new Error(`Environment variable validation error: ${error.message}`);
-}
-export { validateSession, checkRolePermission, validateSessionAndRole, getUserData } from "./lib/validateSessionAndRole.js";
-export { authenticate } from "./lib/auth.js";
+export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate } from "./lib/validateSessionAndRole.js";
 export { dblogin } from "./lib/pool.js";
 export default router;

package/lib/main.js

@@ -3,42 +3,48 @@ import crypto from "crypto";
 import session from "express-session";
 import pgSession from "connect-pg-simple";
 const PgSession = pgSession(session);
-import dotenv from "dotenv";
 import { dblogin } from "./pool.js";
-import { authenticate } from "./auth.js";
+import { authenticate } from "./validateSessionAndRole.js";
 import fetch from 'node-fetch';
-import cookieParser from "cookie-parser"; // Import cookie-parser
+import cookieParser from "cookie-parser";
+
+
 
+import dotenv from "dotenv";
 dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+if (!mbkautheVar) {
+  throw new Error("mbkautheVar is not defined");
+}
+const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+requiredKeys.forEach(key => {
+  if (!mbkautheVar[key]) {
+    throw new Error(`mbkautheVar.${key} is required`);
+  }
+});
+if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
+  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+  if (isNaN(expireTime) || expireTime <= 0) {
+    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+  }
+}
+
+
 const router = express.Router();
 let COOKIE_EXPIRE_TIME = 2 * 24 * 60 * 60 * 1000; //2 days
 
 try {
-  const parsedExpireTime = parseInt(process.env.COOKIE_EXPIRE_TIME, 10);
+  const parsedExpireTime = parseInt(mbkautheVar.COOKIE_EXPIRE_TIME, 10);
   if (!isNaN(parsedExpireTime) && parsedExpireTime > 0) {
     COOKIE_EXPIRE_TIME = parsedExpireTime * 24 * 60 * 60 * 1000; // Convert days to milliseconds
   } else {
     console.warn("Invalid COOKIE_EXPIRE_TIME in environment variables, using default value");
   }
-  WriteConsoleLogs(`Cookie expiration time set to ${COOKIE_EXPIRE_TIME} days for deployed environment`);
+  console.log(`Cookie expiration time set to ${COOKIE_EXPIRE_TIME / (24 * 60 * 60 * 1000)} days for deployed environment`);
 } catch (error) {
-  WriteConsoleLogs("Error parsing COOKIE_EXPIRE_TIME:", error);
+  console.log("Error parsing COOKIE_EXPIRE_TIME:", error);
 }
 
-async function WriteConsoleLogs(message) {
-    const appName = process.env.AppName;
-    try {
-      const query = `
-        INSERT INTO mbkauthlogs (app_name, message)
-        VALUES ($1, $2)
-      `;
-      await dblogin.query(query, [appName, message]);
-      console.log(`Logged message: ${message}`);
-    } catch (error) {
-      console.error("Error logging message:", error.message);
-    }
-  }
-
 router.use(express.json());
 router.use(express.urlencoded({ extended: true }));
 
@@ -48,14 +54,14 @@ router.use(
       pool: dblogin, // Connection pool
       tableName: "session", // Use another table-name than the default "session" one
     }),
-    secret: process.env.SESSION_SECRET_KEY, // Replace with your secret key
+    secret: mbkautheVar.SESSION_SECRET_KEY, // Replace with your secret key
     resave: false,
     saveUninitialized: false,
     cookie: {
       maxAge: COOKIE_EXPIRE_TIME,
-      DOMAIN: process.env.IS_DEPLOYED === 'true' ? `.${process.env.DOMAIN}` : undefined, // Use root DOMAIN for subDOMAIN sharing
+      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined, // Use root DOMAIN for subDOMAIN sharing
       httpOnly: true,
-      secure: process.env.IS_DEPLOYED === 'true', // Use secure cookies in production
+      secure: mbkautheVar.IS_DEPLOYED === 'true', // Use secure cookies in production
     },
   })
 );
@@ -105,7 +111,7 @@ router.use(async (req, res, next) => {
         req.session.user.role = null;
       }
     } catch (error) {
-      WriteConsoleLogs("Error fetching user role:", error.message);
+      console.log("Error fetching user role:", error.message);
       req.session.user.role = null; // Fallback to null role
     }
   }
@@ -115,7 +121,7 @@ router.use(async (req, res, next) => {
 router.use(async (req, res, next) => {
   // Check for sessionId cookie if session is not initialized
   if (!req.session.user && req.cookies && req.cookies.sessionId) {
-    WriteConsoleLogs("Restoring session from sessionId cookie"); // Log session restoration
+    console.log("Restoring session from sessionId cookie"); // Log session restoration
     const sessionId = req.cookies.sessionId;
     const query = `SELECT * FROM "Users" WHERE "SessionId" = $1`;
     const result = await dblogin.query(query, [sessionId]);
@@ -127,7 +133,7 @@ router.use(async (req, res, next) => {
         username: user.UserName,
         sessionId,
       };
-      WriteConsoleLogs(`Session restored for user: ${user.UserName}`); // Log successful session restoration
+      console.log(`Session restored for user: ${user.UserName}`); // Log successful session restoration
     } else {
       console.warn("No matching session found for sessionId"); // Log if no session is found
     }
@@ -137,7 +143,7 @@ router.use(async (req, res, next) => {
 
 //Invoke-RestMethod -Uri http://localhost:3030/terminateAllSessions -Method POST
 // Terminate all sessions route
-router.post("/mbkauthe/api/terminateAllSessions", authenticate(process.env.Main_SECRET_TOKEN), async (req, res) => {
+router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_SECRET_TOKEN), async (req, res) => {
   try {
     await dblogin.query(`UPDATE "Users" SET "SessionId" = NULL`);
 
@@ -147,19 +153,19 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(process.env.Main_
     // Destroy all sessions on the server
     req.session.destroy((err) => {
       if (err) {
-        WriteConsoleLogs("Error destroying session:", err);
+        console.log("Error destroying session:", err);
         return res
           .status(500)
           .json({ success: false, message: "Failed to terminate sessions" });
       }
-      WriteConsoleLogs("All sessions terminated successfully");
+      console.log("All sessions terminated successfully");
       res.status(200).json({
         success: true,
         message: "All sessions terminated successfully",
       });
     });
   } catch (err) {
-    WriteConsoleLogs("Database query error during session termination:", err);
+    console.log("Database query error during session termination:", err);
     res
       .status(500)
       .json({ success: false, message: "Internal Server Error" });
@@ -168,55 +174,53 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(process.env.Main_
 );
 
 router.post("/mbkauthe/api/login", async (req, res) => {
-  WriteConsoleLogs("Login request received"); // Log when login is initiated
+  console.log("Login request received"); // Log when login is initiated
 
   const { username, password, token, recaptcha } = req.body;
-  WriteConsoleLogs(`Login attempt for username: ${username}`); // Log username
+  console.log(`Login attempt for username: ${username}`); // Log username
 
-  const secretKey = process.env.RECAPTCHA_SECRET_KEY;
+  const secretKey = mbkautheVar.RECAPTCHA_SECRET_KEY;
   const verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${recaptcha}`;
 
+  let BypassUsers = ["ibnekhalid", "maaz.waheed", "support"];
+
   // Bypass recaptcha for specific users
-  if (username !== "ibnekhalid" && username !== "maaz.waheed" && username !== "support") {
+  if (!BypassUsers.includes(username)) {
+    if (!recaptcha) {
+      console.log("Missing reCAPTCHA token");
+      return res.status(400).json({ success: false, message: "Please complete the reCAPTCHA" });
+    }
     try {
       const response = await fetch(verificationUrl, { method: 'POST' });
       const body = await response.json();
-      WriteConsoleLogs("reCAPTCHA verification response:", body); // Log reCAPTCHA response
+      console.log("reCAPTCHA verification response:", body); // Log reCAPTCHA response
 
       if (!body.success) {
-        WriteConsoleLogs("Failed reCAPTCHA verification");
+        console.log("Failed reCAPTCHA verification");
         return res.status(400).json({ success: false, message: "Failed reCAPTCHA verification" });
       }
     } catch (err) {
-      WriteConsoleLogs("Error during reCAPTCHA verification:", err);
+      console.log("Error during reCAPTCHA verification:", err);
       return res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   }
 
   if (!username || !password) {
-    WriteConsoleLogs("Missing username or password");
+    console.log("Missing username or password");
     return res.status(400).json({
       success: false,
       message: "Username and password are required",
     });
   }
 
-  WriteConsoleLogs("RECAPTCHA_SECRET_KEY:", process.env.RECAPTCHA_SECRET_KEY); // Log reCAPTCHA secret key
-  WriteConsoleLogs("SESSION_SECRET_KEY:", process.env.SESSION_SECRET_KEY); // Log reCAPTCHA secret key
-  WriteConsoleLogs("LOGIN_DB:", process.env.LOGIN_DB); // Log reCAPTCHA secret key
-  WriteConsoleLogs("COOKIE_EXPIRE_TIME:", process.env.COOKIE_EXPIRE_TIME); // Log reCAPTCHA secret key
-  WriteConsoleLogs("DOMAIN:", process.env.DOMAIN); // Log reCAPTCHA secret key
-  WriteConsoleLogs("IS_DEPLOYED:", process.env.IS_DEPLOYED); // Log reCAPTCHA secret key
-  WriteConsoleLogs("MBKAUTH_TWO_FA_ENABLE:", process.env.MBKAUTH_TWO_FA_ENABLE); // Log reCAPTCHA secret key
-
   try {
     // Query to check if the username exists
     const userQuery = `SELECT * FROM "Users" WHERE "UserName" = $1`;
     const userResult = await dblogin.query(userQuery, [username]);
-    WriteConsoleLogs("User query result:", userResult.rows); // Log user query result
+    console.log("User query result:", userResult.rows); // Log user query result
 
     if (userResult.rows.length === 0) {
-      WriteConsoleLogs(`Username does not exist: ${username}`);
+      console.log(`Username does not exist: ${username}`);
       return res.status(404).json({ success: false, message: "Username does not exist" });
     }
 
@@ -224,25 +228,25 @@ router.post("/mbkauthe/api/login", async (req, res) => {
 
     // Check if the password matches
     if (user.Password !== password) {
-      WriteConsoleLogs(`Incorrect password for username: ${username}`);
+      console.log(`Incorrect password for username: ${username}`);
       return res.status(401).json({ success: false, message: "Incorrect password" });
     }
 
     // Check if the account is inactive
     if (!user.Active) {
-      WriteConsoleLogs(`Inactive account for username: ${username}`);
+      console.log(`Inactive account for username: ${username}`);
       return res.status(403).json({ success: false, message: "Account is inactive" });
     }
 
-    if ((process.env.MBKAUTH_TWO_FA_ENABLE || "").toLocaleLowerCase() === "true") {
+    if ((mbkautheVar.MBKAUTH_TWO_FA_ENABLE || "").toLocaleLowerCase() === "true") {
       let sharedSecret;
       const query = `SELECT "TwoFAStatus", "TwoFASecret" FROM "TwoFA" WHERE "UserName" = $1`;
       const twoFAResult = await dblogin.query(query, [username]);
-      WriteConsoleLogs("TwoFA query result:", twoFAResult.rows); // Log TwoFA query result
+      console.log("TwoFA query result:", twoFAResult.rows); // Log TwoFA query result
 
       sharedSecret = twoFAResult.rows[0]?.TwoFASecret;
       if (twoFAResult.rows.length > 0 && twoFAResult.rows[0].TwoFAStatus && !token) {
-        WriteConsoleLogs("2FA code required but not provided");
+        console.log("2FA code required but not provided");
         return res.status(401).json({ success: false, message: "Please Enter 2FA code" });
       }
 
@@ -255,7 +259,7 @@ router.post("/mbkauthe/api/login", async (req, res) => {
         });
 
         if (!tokenValidates) {
-          WriteConsoleLogs(`Invalid 2FA code for username: ${username}`);
+          console.log(`Invalid 2FA code for username: ${username}`);
           return res.status(401).json({ success: false, message: "Invalid 2FA code" });
         }
       }
@@ -263,7 +267,7 @@ router.post("/mbkauthe/api/login", async (req, res) => {
 
     // Generate session ID
     const sessionId = crypto.randomBytes(256).toString("hex");
-    WriteConsoleLogs(`Generated session ID for username: ${username}`); // Log session ID
+    console.log(`Generated session ID for username: ${username}`); // Log session ID
 
     await dblogin.query(`UPDATE "Users" SET "SessionId" = $1 WHERE "id" = $2`, [
       sessionId,
@@ -276,25 +280,25 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       username: user.UserName,
       sessionId,
     };
-    WriteConsoleLogs(`Session stored for user: ${user.UserName}, sessionId: ${sessionId}`); // Log session storage
+    console.log(`Session stored for user: ${user.UserName}, sessionId: ${sessionId}`); // Log session storage
 
     // Set a cookie accessible across subDOMAINs
     res.cookie("sessionId", sessionId, {
       maxAge: COOKIE_EXPIRE_TIME,
-      DOMAIN: process.env.IS_DEPLOYED === 'true' ? `.${process.env.DOMAIN}` : undefined, // Use DOMAIN only in production
+      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined, // Use DOMAIN only in production
       httpOnly: true,
-      secure: process.env.IS_DEPLOYED === 'true', // Use secure cookies in production
+      secure: mbkautheVar.IS_DEPLOYED === 'true', // Use secure cookies in production
     });
-    WriteConsoleLogs(`Cookie set for user: ${user.UserName}, sessionId: ${sessionId}`); // Log cookie setting
+    console.log(`Cookie set for user: ${user.UserName}, sessionId: ${sessionId}`); // Log cookie setting
 
-    WriteConsoleLogs(`User "${username}" logged in successfully`);
+    console.log(`User "${username}" logged in successfully`);
     res.status(200).json({
       success: true,
       message: "Login successful",
       sessionId,
     });
   } catch (err) {
-    WriteConsoleLogs("Error during login process:", err);
+    console.log("Error during login process:", err);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 });
@@ -307,22 +311,22 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
       const result = await dblogin.query(query, [id]);
 
       if (result.rows.length > 0 && !result.rows[0].Active) {
-        WriteConsoleLogs("Account is inactive during logout");
+        console.log("Account is inactive during logout");
       }
 
       req.session.destroy((err) => {
         if (err) {
-          WriteConsoleLogs("Error destroying session:", err);
+          console.log("Error destroying session:", err);
           return res.status(500).json({ success: false, message: "Logout failed" });
         }
         // Clear both session cookies
         res.clearCookie("connect.sid");
         res.clearCookie("sessionId"); // Clear the sessionId cookie used for restoration
-        WriteConsoleLogs(`User "${username}" logged out successfully`);
+        console.log(`User "${username}" logged out successfully`);
         res.status(200).json({ success: true, message: "Logout successful" });
       });
     } catch (err) {
-      WriteConsoleLogs("Database query error during logout:", err);
+      console.log("Database query error during logout:", err);
       res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   } else {

package/lib/pool.js

@@ -1,12 +1,29 @@
 import pkg from "pg";
 const { Pool } = pkg;
-import dotenv from "dotenv";
 
+
+import dotenv from "dotenv";
 dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+if (!mbkautheVar) {
+  throw new Error("mbkautheVar is not defined");
+}
+const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+requiredKeys.forEach(key => {
+  if (!mbkautheVar[key]) {
+    throw new Error(`mbkautheVar.${key} is required`);
+  }
+});
+if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
+  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+  if (isNaN(expireTime) || expireTime <= 0) {
+    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+  }
+}
 
 // PostgreSQL connection pool for pool
 const poolConfig = {
-  connectionString: process.env.LOGIN_DB,
+  connectionString: mbkautheVar.LOGIN_DB,
   ssl: {
     rejectUnauthorized: true,
   },

package/lib/validateSessionAndRole.js

@@ -149,4 +149,18 @@ async function getUserData(UserName, parameters) {
   }
 }
 
-export { validateSession, checkRolePermission, validateSessionAndRole, getUserData };
+const authenticate = (authentication) => {
+  return (req, res, next) => {
+    const token = req.headers["authorization"];
+    console.log(`Received token: ${token}`);
+    if (token === authentication) {
+      console.log("Authentication successful");
+      next();
+    } else {
+      console.log("Authentication failed");
+      res.status(401).send("Unauthorized");
+    }
+  };
+};
+
+export { validateSession, checkRolePermission, validateSessionAndRole, getUserData , authenticate};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
@@ -31,7 +31,6 @@
     "dotenv": "^16.4.7",
     "express": "^5.1.0",
     "express-session": "^1.18.1",
-    "joi": "^17.13.3",
     "node-fetch": "^3.3.2",
     "pg": "^8.14.1"
   }

package/lib/auth.js

@@ -1,13 +0,0 @@
-export const authenticate = (authentication) => {
-    return (req, res, next) => {
-      const token = req.headers["authorization"];
-      console.log(`Received token: ${token}`);
-      if (token === authentication) {
-        console.log("Authentication successful");
-        next();
-      } else {
-        console.log("Authentication failed");
-        res.status(401).send("Unauthorized");
-      }
-    };
-  };