mbkauthe 1.0.5 → 1.0.6

package/.env.example

@@ -0,0 +1,11 @@
+mbkautheVar='{
+    "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
+    "SESSION_SECRET_KEY": "your-session-secret-key",
+    "IS_DEPLOYED": "true",
+    "LOGIN_DB": "postgres://username:password@host:port/database",
+    "MBKAUTH_TWO_FA_ENABLE": "false",
+    "COOKIE_EXPIRE_TIME": 2,
+    "DOMAIN": "yourdomain.com"
+}'
+
+# See env.md for more details

package/.github/workflows/publish.yml

@@ -4,9 +4,16 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

package/README.md

@@ -55,13 +55,15 @@ app.listen(3000, () => {
 
 Example `.env` file:
 ```code
-RECAPTCHA_SECRET_KEY=your-recaptcha-secret-key
-SESSION_SECRET_KEY=your-session-secret-key
-LOGIN_DB=postgres://username:password@host:port/database
-DOMAIN=yourdomain.com
-IS_DEPLOYED=true
-MBKAUTH_TWO_FA_ENABLE=false
-COOKIE_EXPIRE_TIME=2
+mbkautheVar='{
+    "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
+    "SESSION_SECRET_KEY": "your-session-secret-key",
+    "IS_DEPLOYED": "true",
+    "LOGIN_DB": "postgres://username:password@host:port/database",
+    "MBKAUTH_TWO_FA_ENABLE": "false",
+    "COOKIE_EXPIRE_TIME": 2,
+    "DOMAIN": "yourdomain.com"
+}'
 ```
 
 ## API Endpoints

package/index.js

@@ -1,23 +1,25 @@
-import dotenv from "dotenv";
-import Joi from "joi";
 import router from "./lib/main.js";
+
+import dotenv from "dotenv";
 dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+if (!mbkautheVar) {
+    throw new Error("mbkautheVar is not defined");
+}
+const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+requiredKeys.forEach(key => {
+    if (!mbkautheVar[key]) {
+        throw new Error(`mbkautheVar.${key} is required`);
+    }
+});
+if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
+    const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+    if (isNaN(expireTime) || expireTime <= 0) {
+        throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+    }
+}
 
-const envSchema = Joi.object({
-    RECAPTCHA_SECRET_KEY: Joi.string().required(),
-    SESSION_SECRET_KEY: Joi.string().required(),
-    IS_DEPLOYED: Joi.string().valid("true", "false").required(),
-    LOGIN_DB: Joi.string().uri().required(),
-    MBKAUTH_TWO_FA_ENABLE: Joi.string().valid("true", "false").required(),
-    COOKIE_EXPIRE_TIME: Joi.number().integer().positive(),
-    DOMAIN: Joi.string().required(),
-}).unknown(true);
 
-const { error } = envSchema.validate(process.env);
-if (error) {
-    throw new Error(`Environment variable validation error: ${error.message}`);
-}
-export { validateSession, checkRolePermission, validateSessionAndRole, getUserData } from "./lib/validateSessionAndRole.js";
-export { authenticate } from "./lib/auth.js";
+export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate } from "./lib/validateSessionAndRole.js";
 export { dblogin } from "./lib/pool.js";
 export default router;

package/lib/main.js

@@ -3,24 +3,44 @@ import crypto from "crypto";
 import session from "express-session";
 import pgSession from "connect-pg-simple";
 const PgSession = pgSession(session);
-import dotenv from "dotenv";
 import { dblogin } from "./pool.js";
-import { authenticate } from "./auth.js";
+import { authenticate } from "./validateSessionAndRole.js";
 import fetch from 'node-fetch';
-import cookieParser from "cookie-parser"; // Import cookie-parser
+import cookieParser from "cookie-parser";
+
 
+
+import dotenv from "dotenv";
 dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+if (!mbkautheVar) {
+  throw new Error("mbkautheVar is not defined");
+}
+const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+requiredKeys.forEach(key => {
+  if (!mbkautheVar[key]) {
+    throw new Error(`mbkautheVar.${key} is required`);
+  }
+});
+if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
+  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+  if (isNaN(expireTime) || expireTime <= 0) {
+    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+  }
+}
+
+
 const router = express.Router();
 let COOKIE_EXPIRE_TIME = 2 * 24 * 60 * 60 * 1000; //2 days
 
 try {
-  const parsedExpireTime = parseInt(process.env.COOKIE_EXPIRE_TIME, 10);
+  const parsedExpireTime = parseInt(mbkautheVar.COOKIE_EXPIRE_TIME, 10);
   if (!isNaN(parsedExpireTime) && parsedExpireTime > 0) {
     COOKIE_EXPIRE_TIME = parsedExpireTime * 24 * 60 * 60 * 1000; // Convert days to milliseconds
   } else {
     console.warn("Invalid COOKIE_EXPIRE_TIME in environment variables, using default value");
   }
-  console.log(`Cookie expiration time set to ${COOKIE_EXPIRE_TIME} days for deployed environment`);
+  console.log(`Cookie expiration time set to ${COOKIE_EXPIRE_TIME / (24 * 60 * 60 * 1000)} days for deployed environment`);
 } catch (error) {
   console.log("Error parsing COOKIE_EXPIRE_TIME:", error);
 }
@@ -34,14 +54,14 @@ router.use(
       pool: dblogin, // Connection pool
       tableName: "session", // Use another table-name than the default "session" one
     }),
-    secret: process.env.SESSION_SECRET_KEY, // Replace with your secret key
+    secret: mbkautheVar.SESSION_SECRET_KEY, // Replace with your secret key
     resave: false,
     saveUninitialized: false,
     cookie: {
       maxAge: COOKIE_EXPIRE_TIME,
-      DOMAIN: process.env.IS_DEPLOYED === 'true' ? `.${process.env.DOMAIN}` : undefined, // Use root DOMAIN for subDOMAIN sharing
+      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined, // Use root DOMAIN for subDOMAIN sharing
       httpOnly: true,
-      secure: process.env.IS_DEPLOYED === 'true', // Use secure cookies in production
+      secure: mbkautheVar.IS_DEPLOYED === 'true', // Use secure cookies in production
     },
   })
 );
@@ -123,7 +143,7 @@ router.use(async (req, res, next) => {
 
 //Invoke-RestMethod -Uri http://localhost:3030/terminateAllSessions -Method POST
 // Terminate all sessions route
-router.post("/mbkauthe/api/terminateAllSessions", authenticate(process.env.Main_SECRET_TOKEN), async (req, res) => {
+router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_SECRET_TOKEN), async (req, res) => {
   try {
     await dblogin.query(`UPDATE "Users" SET "SessionId" = NULL`);
 
@@ -159,11 +179,17 @@ router.post("/mbkauthe/api/login", async (req, res) => {
   const { username, password, token, recaptcha } = req.body;
   console.log(`Login attempt for username: ${username}`); // Log username
 
-  const secretKey = process.env.RECAPTCHA_SECRET_KEY;
+  const secretKey = mbkautheVar.RECAPTCHA_SECRET_KEY;
   const verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${recaptcha}`;
 
+  let BypassUsers = ["ibnekhalid", "maaz.waheed", "support"];
+
   // Bypass recaptcha for specific users
-  if (username !== "ibnekhalid" && username !== "maaz.waheed" && username !== "support") {
+  if (!BypassUsers.includes(username)) {
+    if (!recaptcha) {
+      console.log("Missing reCAPTCHA token");
+      return res.status(400).json({ success: false, message: "Please complete the reCAPTCHA" });
+    }
     try {
       const response = await fetch(verificationUrl, { method: 'POST' });
       const body = await response.json();
@@ -187,14 +213,6 @@ router.post("/mbkauthe/api/login", async (req, res) => {
     });
   }
 
-  console.log("RECAPTCHA_SECRET_KEY:", process.env.RECAPTCHA_SECRET_KEY); // Log reCAPTCHA secret key
-  console.log("SESSION_SECRET_KEY:", process.env.SESSION_SECRET_KEY); // Log reCAPTCHA secret key
-  console.log("LOGIN_DB:", process.env.LOGIN_DB); // Log reCAPTCHA secret key
-  console.log("COOKIE_EXPIRE_TIME:", process.env.COOKIE_EXPIRE_TIME); // Log reCAPTCHA secret key
-  console.log("DOMAIN:", process.env.DOMAIN); // Log reCAPTCHA secret key
-  console.log("IS_DEPLOYED:", process.env.IS_DEPLOYED); // Log reCAPTCHA secret key
-  console.log("MBKAUTH_TWO_FA_ENABLE:", process.env.MBKAUTH_TWO_FA_ENABLE); // Log reCAPTCHA secret key
-
   try {
     // Query to check if the username exists
     const userQuery = `SELECT * FROM "Users" WHERE "UserName" = $1`;
@@ -220,7 +238,7 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       return res.status(403).json({ success: false, message: "Account is inactive" });
     }
 
-    if ((process.env.MBKAUTH_TWO_FA_ENABLE || "").toLocaleLowerCase() === "true") {
+    if ((mbkautheVar.MBKAUTH_TWO_FA_ENABLE || "").toLocaleLowerCase() === "true") {
       let sharedSecret;
       const query = `SELECT "TwoFAStatus", "TwoFASecret" FROM "TwoFA" WHERE "UserName" = $1`;
       const twoFAResult = await dblogin.query(query, [username]);
@@ -267,9 +285,9 @@ router.post("/mbkauthe/api/login", async (req, res) => {
     // Set a cookie accessible across subDOMAINs
     res.cookie("sessionId", sessionId, {
       maxAge: COOKIE_EXPIRE_TIME,
-      DOMAIN: process.env.IS_DEPLOYED === 'true' ? `.${process.env.DOMAIN}` : undefined, // Use DOMAIN only in production
+      DOMAIN: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined, // Use DOMAIN only in production
       httpOnly: true,
-      secure: process.env.IS_DEPLOYED === 'true', // Use secure cookies in production
+      secure: mbkautheVar.IS_DEPLOYED === 'true', // Use secure cookies in production
     });
     console.log(`Cookie set for user: ${user.UserName}, sessionId: ${sessionId}`); // Log cookie setting
 

package/lib/pool.js

@@ -1,12 +1,29 @@
 import pkg from "pg";
 const { Pool } = pkg;
-import dotenv from "dotenv";
 
+
+import dotenv from "dotenv";
 dotenv.config();
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
+if (!mbkautheVar) {
+  throw new Error("mbkautheVar is not defined");
+}
+const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+requiredKeys.forEach(key => {
+  if (!mbkautheVar[key]) {
+    throw new Error(`mbkautheVar.${key} is required`);
+  }
+});
+if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
+  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+  if (isNaN(expireTime) || expireTime <= 0) {
+    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+  }
+}
 
 // PostgreSQL connection pool for pool
 const poolConfig = {
-  connectionString: process.env.LOGIN_DB,
+  connectionString: mbkautheVar.LOGIN_DB,
   ssl: {
     rejectUnauthorized: true,
   },

package/lib/validateSessionAndRole.js

@@ -149,4 +149,18 @@ async function getUserData(UserName, parameters) {
   }
 }
 
-export { validateSession, checkRolePermission, validateSessionAndRole, getUserData };
+const authenticate = (authentication) => {
+  return (req, res, next) => {
+    const token = req.headers["authorization"];
+    console.log(`Received token: ${token}`);
+    if (token === authentication) {
+      console.log("Authentication successful");
+      next();
+    } else {
+      console.log("Authentication failed");
+      res.status(401).send("Unauthorized");
+    }
+  };
+};
+
+export { validateSession, checkRolePermission, validateSessionAndRole, getUserData , authenticate};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
@@ -31,7 +31,6 @@
     "dotenv": "^16.4.7",
     "express": "^5.1.0",
     "express-session": "^1.18.1",
-    "joi": "^17.13.3",
     "node-fetch": "^3.3.2",
     "pg": "^8.14.1"
   }

package/lib/auth.js

@@ -1,13 +0,0 @@
-export const authenticate = (authentication) => {
-    return (req, res, next) => {
-      const token = req.headers["authorization"];
-      console.log(`Received token: ${token}`);
-      if (token === authentication) {
-        console.log("Authentication successful");
-        next();
-      } else {
-        console.log("Authentication failed");
-        res.status(401).send("Unauthorized");
-      }
-    };
-  };