mbkauthe 1.0.8 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/main.js +4 -4
  2. package/lib/validateSessionAndRole.js +12 -12
  3. package/package.json +1 -1
package/lib/main.js CHANGED
@@ -187,11 +187,11 @@ router.post("/mbkauthe/api/login", async (req, res) => {
187
187
 
188
188
  if (mbkautheVar.test === "true") {
189
189
  // Check if the user is authorized to use the application
190
- if (result.rows[0].Role !== "SuperAdmin") {
191
- const allowedApps = result.rows[0].AllowedApps;
190
+ if (user.Role !== "SuperAdmin") {
191
+ const allowedApps = user.AllowedApps;
192
192
  if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
193
- console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
194
- return res.status(403).json({ success: false, message: `You are not authorized to use the application \"${mbkautheVar.APP_NAME}\"` });
193
+ console.warn(`User \"${user.UserName}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
194
+ return res.status(403).json({ success: false, message: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"` });
195
195
  }
196
196
  }
197
197
  }
package/lib/validateSessionAndRole.js CHANGED
@@ -8,6 +8,7 @@ async function validateSession(req, res, next) {
8
8
  const sessionId = req.cookies.sessionId;
9
9
  const query = `SELECT * FROM "Users" WHERE "SessionId" = $1`;
10
10
  const result = await dblogin.query(query, [sessionId]);
11
+ const userResult= result.rows[0];
11
12
 
12
13
  if (result.rows.length > 0) {
13
14
  const user = result.rows[0];
@@ -31,10 +32,11 @@ async function validateSession(req, res, next) {
31
32
 
32
33
  try {
33
34
  const { id, sessionId } = req.session.user;
34
- const query = `SELECT "SessionId", "Active" FROM "Users" WHERE "id" = $1`;
35
+ const query = `SELECT "SessionId", "Active", "AllowedApps" FROM "Users" WHERE "id" = $1`;
35
36
  const result = await dblogin.query(query, [id]);
37
+ const userResult= result.rows[0];
36
38
 
37
- if (result.rows.length === 0 || result.rows[0].SessionId !== sessionId) {
39
+ if (result.rows.length === 0 || userResult.SessionId !== sessionId) {
38
40
  console.log(`Session invalidated for user "${req.session.user.username}"`);
39
41
  req.session.destroy();
40
42
  res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
@@ -44,7 +46,7 @@ async function validateSession(req, res, next) {
44
46
  });
45
47
  }
46
48
 
47
- if (!result.rows[0].Active) {
49
+ if (!userResult.Active) {
48
50
  console.log(`Account is inactive for user "${req.session.user.username}"`);
49
51
  req.session.destroy();
50
52
  res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
@@ -55,22 +57,20 @@ async function validateSession(req, res, next) {
55
57
  }
56
58
 
57
59
  if (mbkautheVar.test === "true") {
58
- if (result.rows[0].Role !== "SuperAdmin") {
59
- const allowedApps = result.rows[0].AllowedApps;
60
+ if (userResult.Role !== "SuperAdmin") {
61
+ const allowedApps = userResult.AllowedApps;
60
62
  if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
61
- console.warn(
62
- `User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`
63
- );
63
+ console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
64
64
  req.session.destroy();
65
- res.clearCookie("connect.sid");
66
- return res.render("templates/Error/AccountInactive.handlebars", {
67
- currentUrl: req.originalUrl,
65
+ res.clearCookie("mbkauthe.sid", { domain: `.${mbkautheVar.DOMAIN}` });
66
+ res.clearCookie("sessionId", { domain: `.${mbkautheVar.DOMAIN}` });
67
+ return res.render("templates/Error/Error.handlebars", {
68
+ error: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"`,
68
69
  });
69
70
  }
70
71
  }
71
72
  }
72
73
 
73
-
74
74
  next();
75
75
  } catch (err) {
76
76
  console.error("Session validation error:", err);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mbkauthe",
3
- "version": "1.0.8",
3
+ "version": "1.0.9",
4
4
  "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
5
5
  "main": "index.js",
6
6
  "type": "module",