mbkauthe 1.0.8 → 1.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +6 -2
- package/lib/main.js +4 -4
- package/lib/pool.js +32 -1
- package/lib/validateSessionAndRole.js +12 -12
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -2,7 +2,12 @@ import router from "./lib/main.js";
|
|
|
2
2
|
|
|
3
3
|
import dotenv from "dotenv";
|
|
4
4
|
dotenv.config();
|
|
5
|
-
|
|
5
|
+
let mbkautheVar;
|
|
6
|
+
try {
|
|
7
|
+
mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
8
|
+
} catch (error) {
|
|
9
|
+
throw new Error("Invalid JSON in process.env.mbkautheVar");
|
|
10
|
+
}
|
|
6
11
|
if (!mbkautheVar) {
|
|
7
12
|
throw new Error("mbkautheVar is not defined");
|
|
8
13
|
}
|
|
@@ -27,7 +32,6 @@ if (mbkautheVar.BypassUsers !== undefined) {
|
|
|
27
32
|
if (!Array.isArray(mbkautheVar.BypassUsers)) {
|
|
28
33
|
throw new Error("mbkautheVar.BypassUsers must be a valid array");
|
|
29
34
|
}
|
|
30
|
-
const BypassUsers = mbkautheVar.BypassUsers;
|
|
31
35
|
}
|
|
32
36
|
|
|
33
37
|
|
package/lib/main.js
CHANGED
|
@@ -187,11 +187,11 @@ router.post("/mbkauthe/api/login", async (req, res) => {
|
|
|
187
187
|
|
|
188
188
|
if (mbkautheVar.test === "true") {
|
|
189
189
|
// Check if the user is authorized to use the application
|
|
190
|
-
if (
|
|
191
|
-
const allowedApps =
|
|
190
|
+
if (user.Role !== "SuperAdmin") {
|
|
191
|
+
const allowedApps = user.AllowedApps;
|
|
192
192
|
if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
|
|
193
|
-
console.warn(`User \"${
|
|
194
|
-
return res.status(403).json({ success: false, message: `You
|
|
193
|
+
console.warn(`User \"${user.UserName}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
|
|
194
|
+
return res.status(403).json({ success: false, message: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"` });
|
|
195
195
|
}
|
|
196
196
|
}
|
|
197
197
|
}
|
package/lib/pool.js
CHANGED
|
@@ -3,7 +3,38 @@ const { Pool } = pkg;
|
|
|
3
3
|
|
|
4
4
|
import dotenv from "dotenv";
|
|
5
5
|
dotenv.config();
|
|
6
|
-
|
|
6
|
+
|
|
7
|
+
let mbkautheVar;
|
|
8
|
+
try {
|
|
9
|
+
mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
10
|
+
} catch (error) {
|
|
11
|
+
throw new Error("Invalid JSON in process.env.mbkautheVar");
|
|
12
|
+
}
|
|
13
|
+
if (!mbkautheVar) {
|
|
14
|
+
throw new Error("mbkautheVar is not defined");
|
|
15
|
+
}
|
|
16
|
+
const requiredKeys = ["APP_NAME", "RECAPTCHA_Enabled", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
|
|
17
|
+
requiredKeys.forEach(key => {
|
|
18
|
+
if (!mbkautheVar[key]) {
|
|
19
|
+
throw new Error(`mbkautheVar.${key} is required`);
|
|
20
|
+
}
|
|
21
|
+
});
|
|
22
|
+
if (mbkautheVar.RECAPTCHA_Enabled === "true") {
|
|
23
|
+
if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
|
|
24
|
+
throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
|
|
28
|
+
const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
|
|
29
|
+
if (isNaN(expireTime) || expireTime <= 0) {
|
|
30
|
+
throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
if (mbkautheVar.BypassUsers !== undefined) {
|
|
34
|
+
if (!Array.isArray(mbkautheVar.BypassUsers)) {
|
|
35
|
+
throw new Error("mbkautheVar.BypassUsers must be a valid array");
|
|
36
|
+
}
|
|
37
|
+
}
|
|
7
38
|
|
|
8
39
|
// PostgreSQL connection pool for pool
|
|
9
40
|
const poolConfig = {
|
|
@@ -8,6 +8,7 @@ async function validateSession(req, res, next) {
|
|
|
8
8
|
const sessionId = req.cookies.sessionId;
|
|
9
9
|
const query = `SELECT * FROM "Users" WHERE "SessionId" = $1`;
|
|
10
10
|
const result = await dblogin.query(query, [sessionId]);
|
|
11
|
+
const userResult= result.rows[0];
|
|
11
12
|
|
|
12
13
|
if (result.rows.length > 0) {
|
|
13
14
|
const user = result.rows[0];
|
|
@@ -31,10 +32,11 @@ async function validateSession(req, res, next) {
|
|
|
31
32
|
|
|
32
33
|
try {
|
|
33
34
|
const { id, sessionId } = req.session.user;
|
|
34
|
-
const query = `SELECT "SessionId", "Active" FROM "Users" WHERE "id" = $1`;
|
|
35
|
+
const query = `SELECT "SessionId", "Active", "AllowedApps" FROM "Users" WHERE "id" = $1`;
|
|
35
36
|
const result = await dblogin.query(query, [id]);
|
|
37
|
+
const userResult= result.rows[0];
|
|
36
38
|
|
|
37
|
-
if (result.rows.length === 0 ||
|
|
39
|
+
if (result.rows.length === 0 || userResult.SessionId !== sessionId) {
|
|
38
40
|
console.log(`Session invalidated for user "${req.session.user.username}"`);
|
|
39
41
|
req.session.destroy();
|
|
40
42
|
res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
|
|
@@ -44,7 +46,7 @@ async function validateSession(req, res, next) {
|
|
|
44
46
|
});
|
|
45
47
|
}
|
|
46
48
|
|
|
47
|
-
if (!
|
|
49
|
+
if (!userResult.Active) {
|
|
48
50
|
console.log(`Account is inactive for user "${req.session.user.username}"`);
|
|
49
51
|
req.session.destroy();
|
|
50
52
|
res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
|
|
@@ -55,22 +57,20 @@ async function validateSession(req, res, next) {
|
|
|
55
57
|
}
|
|
56
58
|
|
|
57
59
|
if (mbkautheVar.test === "true") {
|
|
58
|
-
if (
|
|
59
|
-
const allowedApps =
|
|
60
|
+
if (userResult.Role !== "SuperAdmin") {
|
|
61
|
+
const allowedApps = userResult.AllowedApps;
|
|
60
62
|
if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
|
|
61
|
-
console.warn(
|
|
62
|
-
`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`
|
|
63
|
-
);
|
|
63
|
+
console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
|
|
64
64
|
req.session.destroy();
|
|
65
|
-
res.clearCookie("
|
|
66
|
-
|
|
67
|
-
|
|
65
|
+
res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
|
|
66
|
+
res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
|
|
67
|
+
return res.render("templates/Error/Error.handlebars", {
|
|
68
|
+
error: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"`,
|
|
68
69
|
});
|
|
69
70
|
}
|
|
70
71
|
}
|
|
71
72
|
}
|
|
72
73
|
|
|
73
|
-
|
|
74
74
|
next();
|
|
75
75
|
} catch (err) {
|
|
76
76
|
console.error("Session validation error:", err);
|