mbkauthe 1.0.7 → 1.0.8

package/.env.example

@@ -1,5 +1,8 @@
 mbkautheVar='{
+    "APP_NAME": "MBKAUTH",
     "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
+    "RECAPTCHA_Enabled": "f",
+    "BypassUsers": ["demo","user1"],
     "SESSION_SECRET_KEY": "your-session-secret-key",
     "IS_DEPLOYED": "true",
     "LOGIN_DB": "postgres://username:password@host:port/database",

package/README.md

@@ -8,6 +8,7 @@
 - [Features](#features)
 - [Installation](#installation)
 - [Usage](#usage)
+  - [Implementation in a Project](#implementation-in-a-project)
   - [Basic Setup](#basic-setup)
 - [API Endpoints](#api-endpoints)
   - [Login](#login)
@@ -37,6 +38,18 @@ npm install mbkauthe
 ```
 
 ## Usage
+
+### Implementation in a Project
+
+For a practical example of how to use this package, check out the [ProjectImplementation branch](https://github.com/MIbnEKhalid/mbkauthe/tree/ProjectImplementation) of the repository. This branch demonstrates the integration of the package, including a login page, a protected page, and logout functionality.
+
+You can explore the functionality of `mbkAuthe` using the following demo account on [mbkauthe.mbktechstudio.com](https://mbkauthe.mbktechstudio.com):
+
+- **Username**: `demo`
+- **Password**: `demo`
+
+This demo provides a hands-on experience with the authentication system, including login, session management, and other features.
+
 ### Basic Setup
 1. Import and configure the router in your Express application:
 ```javascript
@@ -51,17 +64,20 @@ app.listen(3000, () => {
   console.log("Server is running on port 3000");
 });
 ```
-2. Ensure your ``.env` file is properly configured. Refer to the [Configuration Guide(env.md)](env.md) for details.
+2. Ensure your `.env` file is properly configured. Refer to the [Configuration Guide(env.md)](env.md) for details.
 
 Example `.env` file:
 ```code
 mbkautheVar='{
+    "APP_NAME": "MBKAUTH",
     "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
+    "RECAPTCHA_Enabled": "false",
+    "BypassUsers": ["user1","user2"],
     "SESSION_SECRET_KEY": "your-session-secret-key",
     "IS_DEPLOYED": "true",
     "LOGIN_DB": "postgres://username:password@host:port/database",
     "MBKAUTH_TWO_FA_ENABLE": "false",
-    "COOKIE_EXPIRE_TIME": 2,
+    "COOKIE_EXPIRE_TIME": "1",
     "DOMAIN": "yourdomain.com"
 }'
 ```

package/docs/db.md

@@ -22,6 +22,7 @@
   - `HaveMailAccount` (BOOLEAN)(optional): Indicates if the user has a linked mail account.
   - `SessionId` (TEXT): The session ID associated with the user.
   - `GuestRole` (JSONB): Stores additional guest-specific role information in binary JSON format.
+  - `AllowedApps`(JSONB): 
 
 - **Schema:**
   ```sql
@@ -34,6 +35,7 @@
       "HaveMailAccount" BOOLEAN NOT NULL DEFAULT false,
       "SessionId" TEXT,
       "GuestRole" JSONB DEFAULT '{"allowPages": [""], "NotallowPages": [""]}'::jsonb
+      "AllowedApps" JSONB DEFAULT '{"allowPages": [""], "NotallowPages": [""]}'::jsonb
   );
   ```
 

package/env.md

@@ -2,11 +2,29 @@
 
 [<- Back](README.md)
 
+## Application Settings
+
+```properties
+APP_NAME=mbkauthe
+```
+
+> **APP_NAME**: Specifies the name of the application. This is used to distinguish one project from another and is critical for ensuring users are restricted to specific apps. It corresponds to the `AllowedApp` column in the Users table.
+
 ## reCAPTCHA Settings
+
 ```properties
-RECAPTCHA_SECRET_KEY=123
+RECAPTCHA_ENABLED=true
+RECAPTCHA_SECRET_KEY=your-secret-key
+BYPASS_USERS=["demo", "user1"]
 ```
-> Note: Obtain your secret key from Google reCAPTCHA Admin Console.
+
+> **RECAPTCHA_ENABLED**: Set to `true` to enable reCAPTCHA verification.
+
+> **RECAPTCHA_SECRET_KEY**: Provide the secret key obtained from the [Google reCAPTCHA Admin Console](https://www.google.com/recaptcha/admin).
+
+> **BYPASS_USERS**: Specify an array of usernames (e.g., `["demo", "user1"]`) that will bypass reCAPTCHA verification.
+
+> **Note**: Ensure `RECAPTCHA_SECRET_KEY` is set when `RECAPTCHA_ENABLED=true`.
 
 
 ## Session Settings

package/index.js

@@ -6,18 +6,29 @@ const mbkautheVar = JSON.parse(process.env.mbkautheVar);
 if (!mbkautheVar) {
     throw new Error("mbkautheVar is not defined");
 }
-const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+const requiredKeys = ["APP_NAME", "RECAPTCHA_Enabled", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
 requiredKeys.forEach(key => {
     if (!mbkautheVar[key]) {
         throw new Error(`mbkautheVar.${key} is required`);
     }
 });
+if (mbkautheVar.RECAPTCHA_Enabled === "true") {
+    if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
+        throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
+    }
+}
 if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
     const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
     if (isNaN(expireTime) || expireTime <= 0) {
         throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
     }
 }
+if (mbkautheVar.BypassUsers !== undefined) {
+    if (!Array.isArray(mbkautheVar.BypassUsers)) {
+        throw new Error("mbkautheVar.BypassUsers must be a valid array");
+    }
+    const BypassUsers = mbkautheVar.BypassUsers;
+}
 
 
 export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate } from "./lib/validateSessionAndRole.js";

package/lib/main.js

@@ -8,27 +8,9 @@ import { authenticate } from "./validateSessionAndRole.js";
 import fetch from 'node-fetch';
 import cookieParser from "cookie-parser";
 
-
-
 import dotenv from "dotenv";
 dotenv.config();
 const mbkautheVar = JSON.parse(process.env.mbkautheVar);
-if (!mbkautheVar) {
-  throw new Error("mbkautheVar is not defined");
-}
-const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
-requiredKeys.forEach(key => {
-  if (!mbkautheVar[key]) {
-    throw new Error(`mbkautheVar.${key} is required`);
-  }
-});
-if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
-  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
-  if (isNaN(expireTime) || expireTime <= 0) {
-    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
-  }
-}
-
 
 const router = express.Router();
 let COOKIE_EXPIRE_TIME = 2 * 24 * 60 * 60 * 1000; // 2 days
@@ -146,26 +128,26 @@ router.post("/mbkauthe/api/login", async (req, res) => {
   const secretKey = mbkautheVar.RECAPTCHA_SECRET_KEY;
   const verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${recaptcha}`;
 
-  let BypassUsers = ["ibnekhalid", "maaz.waheed", "support"];
-
-  // Bypass recaptcha for specific users
-  if (!BypassUsers.includes(username)) {
-    if (!recaptcha) {
-      console.log("Missing reCAPTCHA token");
-      return res.status(400).json({ success: false, message: "Please complete the reCAPTCHA" });
-    }
-    try {
-      const response = await fetch(verificationUrl, { method: 'POST' });
-      const body = await response.json();
-      console.log("reCAPTCHA verification response:", body); // Log reCAPTCHA response
-
-      if (!body.success) {
-        console.log("Failed reCAPTCHA verification");
-        return res.status(400).json({ success: false, message: "Failed reCAPTCHA verification" });
+  let BypassUsers = [mbkautheVar.BypassUsers];
+  if (mbkautheVar.RECAPTCHA_Enabled === "true") {
+    if (!BypassUsers.includes(username)) {
+      if (!recaptcha) {
+        console.log("Missing reCAPTCHA token");
+        return res.status(400).json({ success: false, message: "Please complete the reCAPTCHA" });
+      }
+      try {
+        const response = await fetch(verificationUrl, { method: 'POST' });
+        const body = await response.json();
+        console.log("reCAPTCHA verification response:", body); // Log reCAPTCHA response
+
+        if (!body.success) {
+          console.log("Failed reCAPTCHA verification");
+          return res.status(400).json({ success: false, message: "Failed reCAPTCHA verification" });
+        }
+      } catch (err) {
+        console.log("Error during reCAPTCHA verification:", err);
+        return res.status(500).json({ success: false, message: "Internal Server Error" });
       }
-    } catch (err) {
-      console.log("Error during reCAPTCHA verification:", err);
-      return res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   }
 
@@ -202,6 +184,18 @@ router.post("/mbkauthe/api/login", async (req, res) => {
       return res.status(403).json({ success: false, message: "Account is inactive" });
     }
 
+
+    if (mbkautheVar.test === "true") {
+      // Check if the user is authorized to use the application
+      if (result.rows[0].Role !== "SuperAdmin") {
+        const allowedApps = result.rows[0].AllowedApps;
+        if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
+          console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
+          return res.status(403).json({ success: false, message: `You are not authorized to use the application \"${mbkautheVar.APP_NAME}\"` });
+        }
+      }
+    }
+
     if ((mbkautheVar.MBKAUTH_TWO_FA_ENABLE || "").toLocaleLowerCase() === "true") {
       let sharedSecret;
       const query = `SELECT "TwoFAStatus", "TwoFASecret" FROM "TwoFA" WHERE "UserName" = $1`;

package/lib/pool.js

@@ -1,25 +1,9 @@
 import pkg from "pg";
 const { Pool } = pkg;
 
-
 import dotenv from "dotenv";
 dotenv.config();
 const mbkautheVar = JSON.parse(process.env.mbkautheVar);
-if (!mbkautheVar) {
-  throw new Error("mbkautheVar is not defined");
-}
-const requiredKeys = ["RECAPTCHA_SECRET_KEY", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
-requiredKeys.forEach(key => {
-  if (!mbkautheVar[key]) {
-    throw new Error(`mbkautheVar.${key} is required`);
-  }
-});
-if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
-  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
-  if (isNaN(expireTime) || expireTime <= 0) {
-    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
-  }
-}
 
 // PostgreSQL connection pool for pool
 const poolConfig = {

package/lib/validateSessionAndRole.js

@@ -1,4 +1,5 @@
 import { dblogin } from "./pool.js";
+const mbkautheVar = JSON.parse(process.env.mbkautheVar);
 
 async function validateSession(req, res, next) {
   // First check if we have a session cookie
@@ -53,6 +54,23 @@ async function validateSession(req, res, next) {
       });
     }
 
+    if (mbkautheVar.test === "true") {
+      if (result.rows[0].Role !== "SuperAdmin") {
+        const allowedApps = result.rows[0].AllowedApps;
+        if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
+          console.warn(
+            `User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`
+          );
+          req.session.destroy();
+          res.clearCookie("connect.sid");
+          return res.render("templates/Error/AccountInactive.handlebars", {
+            currentUrl: req.originalUrl,
+          });
+        }
+      }
+    }
+
+
     next();
   } catch (err) {
     console.error("Session validation error:", err);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",