mbkauthe 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/info.js +3 -3
- package/lib/main.js +2 -12
- package/lib/pool.js +13 -15
- package/lib/validateSessionAndRole.js +0 -2
- package/package.json +1 -1
package/lib/info.js
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import express from "express";
|
|
2
2
|
import fetch from 'node-fetch';
|
|
3
|
-
|
|
4
3
|
import { createRequire } from "module";
|
|
5
|
-
const require = createRequire(import.meta.url);
|
|
6
|
-
const packageJson = require("../package.json");
|
|
7
4
|
import fs from "fs";
|
|
8
5
|
import path from "path";
|
|
9
6
|
|
|
7
|
+
const require = createRequire(import.meta.url);
|
|
8
|
+
const packageJson = require("../package.json");
|
|
9
|
+
|
|
10
10
|
import dotenv from "dotenv";
|
|
11
11
|
dotenv.config();
|
|
12
12
|
const mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
package/lib/main.js
CHANGED
|
@@ -17,7 +17,6 @@ const mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
|
17
17
|
|
|
18
18
|
const router = express.Router();
|
|
19
19
|
|
|
20
|
-
// Enable CORS for subdomains
|
|
21
20
|
router.use((req, res, next) => {
|
|
22
21
|
const origin = req.headers.origin;
|
|
23
22
|
if (origin && origin.endsWith(`.${mbkautheVar.DOMAIN}`)) {
|
|
@@ -33,7 +32,6 @@ router.use(express.json());
|
|
|
33
32
|
router.use(express.urlencoded({ extended: true }));
|
|
34
33
|
router.use(cookieParser());
|
|
35
34
|
|
|
36
|
-
// Add rate limiting for sensitive operations
|
|
37
35
|
const LoginLimit = rateLimit({
|
|
38
36
|
windowMs: 1 * 60 * 1000,
|
|
39
37
|
max: 8,
|
|
@@ -43,7 +41,6 @@ const LoginLimit = rateLimit({
|
|
|
43
41
|
}
|
|
44
42
|
});
|
|
45
43
|
|
|
46
|
-
// Configure session with proper domain settings for cross-subdomain sharing
|
|
47
44
|
const sessionConfig = {
|
|
48
45
|
store: new PgSession({
|
|
49
46
|
pool: dblogin,
|
|
@@ -53,12 +50,12 @@ const sessionConfig = {
|
|
|
53
50
|
secret: mbkautheVar.SESSION_SECRET_KEY,
|
|
54
51
|
resave: false,
|
|
55
52
|
saveUninitialized: false,
|
|
56
|
-
proxy: true,
|
|
53
|
+
proxy: true,
|
|
57
54
|
cookie: {
|
|
58
55
|
maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
|
|
59
56
|
domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
|
|
60
57
|
httpOnly: true,
|
|
61
|
-
secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
|
|
58
|
+
secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
|
|
62
59
|
sameSite: 'lax',
|
|
63
60
|
path: '/'
|
|
64
61
|
},
|
|
@@ -67,7 +64,6 @@ const sessionConfig = {
|
|
|
67
64
|
|
|
68
65
|
router.use(session(sessionConfig));
|
|
69
66
|
|
|
70
|
-
// Middleware to handle session restoration from sessionId cookie
|
|
71
67
|
router.use(async (req, res, next) => {
|
|
72
68
|
if (!req.session.user && req.cookies.sessionId) {
|
|
73
69
|
try {
|
|
@@ -90,7 +86,6 @@ router.use(async (req, res, next) => {
|
|
|
90
86
|
next();
|
|
91
87
|
});
|
|
92
88
|
|
|
93
|
-
// Set consistent cookie options for all cookies
|
|
94
89
|
const getCookieOptions = () => ({
|
|
95
90
|
maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
|
|
96
91
|
domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
|
|
@@ -120,7 +115,6 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
|
|
|
120
115
|
return res.status(500).json({ success: false, message: "Failed to terminate sessions" });
|
|
121
116
|
}
|
|
122
117
|
|
|
123
|
-
// Clear all cookies with proper domain
|
|
124
118
|
const cookieOptions = getCookieOptions();
|
|
125
119
|
res.clearCookie("mbkauthe.sid", cookieOptions);
|
|
126
120
|
res.clearCookie("sessionId", cookieOptions);
|
|
@@ -203,7 +197,6 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
|
|
|
203
197
|
return res.status(500).json({ success: false, errorCode: 605, message: `Internal Server Error` });
|
|
204
198
|
}
|
|
205
199
|
} else {
|
|
206
|
-
// Check if the password matches
|
|
207
200
|
if (user.Password !== password) {
|
|
208
201
|
console.log(`Incorrect password for username: ${username}`);
|
|
209
202
|
return res.status(401).json({ success: false, errorCode: 603, message: "Incorrect Username Or Password" });
|
|
@@ -286,10 +279,8 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
|
|
|
286
279
|
try {
|
|
287
280
|
const { id, username } = req.session.user;
|
|
288
281
|
|
|
289
|
-
// Clear the SessionId in the database first
|
|
290
282
|
await dblogin.query(`UPDATE "Users" SET "SessionId" = NULL WHERE "id" = $1`, [id]);
|
|
291
283
|
|
|
292
|
-
// Remove the session from the session table
|
|
293
284
|
if (req.sessionID) {
|
|
294
285
|
await dblogin.query('DELETE FROM "session" WHERE sid = $1', [req.sessionID]);
|
|
295
286
|
}
|
|
@@ -300,7 +291,6 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
|
|
|
300
291
|
return res.status(500).json({ success: false, message: "Logout failed" });
|
|
301
292
|
}
|
|
302
293
|
|
|
303
|
-
// Clear all cookies with proper domain
|
|
304
294
|
const cookieOptions = getCookieOptions();
|
|
305
295
|
res.clearCookie("mbkauthe.sid", cookieOptions);
|
|
306
296
|
res.clearCookie("sessionId", cookieOptions);
|
package/lib/pool.js
CHANGED
|
@@ -15,28 +15,27 @@ if (!mbkautheVar) {
|
|
|
15
15
|
}
|
|
16
16
|
const requiredKeys = ["APP_NAME", "RECAPTCHA_Enabled", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
|
|
17
17
|
requiredKeys.forEach(key => {
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
18
|
+
if (!mbkautheVar[key]) {
|
|
19
|
+
throw new Error(`mbkautheVar.${key} is required`);
|
|
20
|
+
}
|
|
21
21
|
});
|
|
22
22
|
if (mbkautheVar.RECAPTCHA_Enabled === "true") {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
23
|
+
if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
|
|
24
|
+
throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
|
|
25
|
+
}
|
|
26
26
|
}
|
|
27
27
|
if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
28
|
+
const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
|
|
29
|
+
if (isNaN(expireTime) || expireTime <= 0) {
|
|
30
|
+
throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
|
|
31
|
+
}
|
|
32
32
|
}
|
|
33
33
|
if (mbkautheVar.BypassUsers !== undefined) {
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
34
|
+
if (!Array.isArray(mbkautheVar.BypassUsers)) {
|
|
35
|
+
throw new Error("mbkautheVar.BypassUsers must be a valid array");
|
|
36
|
+
}
|
|
37
37
|
}
|
|
38
38
|
|
|
39
|
-
// PostgreSQL connection pool for pool
|
|
40
39
|
const poolConfig = {
|
|
41
40
|
connectionString: mbkautheVar.LOGIN_DB,
|
|
42
41
|
ssl: {
|
|
@@ -47,7 +46,6 @@ const poolConfig = {
|
|
|
47
46
|
|
|
48
47
|
export const dblogin = new Pool(poolConfig);
|
|
49
48
|
|
|
50
|
-
// Test connection for pool
|
|
51
49
|
(async () => {
|
|
52
50
|
try {
|
|
53
51
|
const client = await dblogin.connect();
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import { dblogin } from "./pool.js";
|
|
2
2
|
const mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
3
3
|
|
|
4
|
-
// Get consistent cookie options
|
|
5
4
|
const getCookieOptions = () => ({
|
|
6
5
|
maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
|
|
7
6
|
domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
|
|
@@ -12,7 +11,6 @@ const getCookieOptions = () => ({
|
|
|
12
11
|
});
|
|
13
12
|
|
|
14
13
|
async function validateSession(req, res, next) {
|
|
15
|
-
// First check if we have a session cookie
|
|
16
14
|
if (!req.session.user && req.cookies.sessionId) {
|
|
17
15
|
try {
|
|
18
16
|
const sessionId = req.cookies.sessionId;
|