mbkauthe 1.1.10 → 1.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/main.js +1 -1
  2. package/lib/validateSessionAndRole.js +88 -88
  3. package/package.json +1 -1
package/lib/main.js CHANGED
@@ -211,7 +211,7 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
211
211
 
212
212
  if (user.Role !== "SuperAdmin") {
213
213
  const allowedApps = user.AllowedApps;
214
- if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
214
+ if (!allowedApps || !allowedApps.some(app => app.toLowerCase() === mbkautheVar.APP_NAME.toLowerCase())) {
215
215
  console.warn(`User \"${user.UserName}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
216
216
  return res.status(403).json({ success: false, message: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"` });
217
217
  }
package/lib/validateSessionAndRole.js CHANGED
@@ -76,7 +76,7 @@ async function validateSession(req, res, next) {
76
76
 
77
77
  if (userResult.Role !== "SuperAdmin") {
78
78
  const allowedApps = userResult.AllowedApps;
79
- if (!allowedApps || !allowedApps.includes(mbkautheVar.APP_NAME)) {
79
+ if (!allowedApps || !allowedApps.some(app => app.toLowerCase() === mbkautheVar.APP_NAME.toLowerCase())) {
80
80
  console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
81
81
  req.session.destroy();
82
82
  const cookieOptions = getCookieOptions();
@@ -212,100 +212,100 @@ const authenticate = (authentication) => {
212
212
  };
213
213
 
214
214
  const authapi = (requiredRole = []) => {
215
- return (req, res, next) => {
216
- const token = req.headers["authorization"];
215
+ return (req, res, next) => {
216
+ const token = req.headers["authorization"];
217
217
 
218
- if (typeof token === 'string') {
219
- console.log("[authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
220
- } else {
221
- console.log("[authapi] Token is not a valid string:", token);
222
- }
218
+ if (typeof token === 'string') {
219
+ console.log("[authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
220
+ } else {
221
+ console.log("[authapi] Token is not a valid string:", token);
222
+ }
223
223
 
224
- if (!token) {
225
- console.log("[authapi] No token provided in the request headers");
226
- return res.status(401).json({
227
- success: false,
228
- message: "Authorization token is required"
229
- });
230
- }
224
+ if (!token) {
225
+ console.log("[authapi] No token provided in the request headers");
226
+ return res.status(401).json({
227
+ success: false,
228
+ message: "Authorization token is required"
229
+ });
230
+ }
231
+
232
+ console.log("[authapi] Querying database to validate token");
233
+ const tokenQuery = 'SELECT * FROM "UserAuthApiKey" WHERE "key" = $1';
234
+ pool.query(tokenQuery, [token], (err, result) => {
235
+ if (err) {
236
+ console.error("[authapi] Database query error while validating token:", err);
237
+ return res.status(500).json({
238
+ success: false,
239
+ message: "Internal Server Error"
240
+ });
241
+ }
242
+
243
+ if (result.rows.length === 0) {
244
+ console.log("[authapi] Invalid token provided:", token);
245
+ return res.status(401).json({
246
+ success: false,
247
+ message: "The AuthApiToken Is Invalid"
248
+ });
249
+ }
250
+
251
+ const username = result.rows[0].username;
252
+ console.log("[authapi] Token is valid. Associated username:", username);
231
253
 
232
- console.log("[authapi] Querying database to validate token");
233
- const tokenQuery = 'SELECT * FROM "UserAuthApiKey" WHERE "key" = $1';
234
- pool.query(tokenQuery, [token], (err, result) => {
235
- if (err) {
236
- console.error("[authapi] Database query error while validating token:", err);
237
- return res.status(500).json({
238
- success: false,
239
- message: "Internal Server Error"
240
- });
241
- }
242
-
243
- if (result.rows.length === 0) {
244
- console.log("[authapi] Invalid token provided:", token);
245
- return res.status(401).json({
246
- success: false,
247
- message: "The AuthApiToken Is Invalid"
248
- });
249
- }
250
-
251
- const username = result.rows[0].username;
252
- console.log("[authapi] Token is valid. Associated username:", username);
253
-
254
- console.log("[authapi] Querying database to validate user and role");
255
- const userQuery = `
254
+ console.log("[authapi] Querying database to validate user and role");
255
+ const userQuery = `
256
256
  SELECT id, "UserName", "Active", "Role" FROM "Users"
257
257
  WHERE "UserName" = $1 AND "Active" = true
258
258
  `;
259
259
 
260
- pool.query(userQuery, [username], (err, userResult) => {
261
- if (err) {
262
- console.error("[authapi] Database query error while validating user:", err);
263
- return res.status(500).json({
264
- success: false,
265
- message: "Internal Server Error"
266
- });
267
- }
268
-
269
- if (userResult.rows.length === 0) {
270
- console.log("[authapi] User does not exist or is not active. Username:", username);
271
- return res.status(401).json({
272
- success: false,
273
- message: "User does not exist or is not active",
274
- });
275
- }
276
-
277
- if (username === "demo") {
278
- console.log("[authapi] Demo user attempted to access an endpoint. Access denied.");
279
- return res.status(401).json({
280
- success: false,
281
- message: "Demo user is not allowed to access endpoints",
282
- });
283
- }
284
-
285
- const user = userResult.rows[0];
286
- console.log("[authapi] User is valid. User details:", user);
287
-
288
- // Check if role is required and if user has it
289
- if ((requiredRole && user.Role !== requiredRole) && user.Role !== "SuperAdmin") {
290
- console.log(`[authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
291
- return res.status(403).json({
292
- success: false,
293
- message: `Access denied. Required role: ${requiredRole}`,
294
- });
295
- }
296
-
297
- console.log("[authapi] User has the required role or no specific role is required. Proceeding to next middleware.");
298
- req.user = {
299
- username: user.UserName,
300
- role: user.Role,
301
- // Add other user properties you might need
302
- };
303
-
304
- console.log("[authapi] Token and user validation successful. Passing control to next middleware.");
305
- next();
306
- });
307
- });
308
- };
260
+ pool.query(userQuery, [username], (err, userResult) => {
261
+ if (err) {
262
+ console.error("[authapi] Database query error while validating user:", err);
263
+ return res.status(500).json({
264
+ success: false,
265
+ message: "Internal Server Error"
266
+ });
267
+ }
268
+
269
+ if (userResult.rows.length === 0) {
270
+ console.log("[authapi] User does not exist or is not active. Username:", username);
271
+ return res.status(401).json({
272
+ success: false,
273
+ message: "User does not exist or is not active",
274
+ });
275
+ }
276
+
277
+ if (username === "demo") {
278
+ console.log("[authapi] Demo user attempted to access an endpoint. Access denied.");
279
+ return res.status(401).json({
280
+ success: false,
281
+ message: "Demo user is not allowed to access endpoints",
282
+ });
283
+ }
284
+
285
+ const user = userResult.rows[0];
286
+ console.log("[authapi] User is valid. User details:", user);
287
+
288
+ // Check if role is required and if user has it
289
+ if ((requiredRole && user.Role !== requiredRole) && user.Role !== "SuperAdmin") {
290
+ console.log(`[authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
291
+ return res.status(403).json({
292
+ success: false,
293
+ message: `Access denied. Required role: ${requiredRole}`,
294
+ });
295
+ }
296
+
297
+ console.log("[authapi] User has the required role or no specific role is required. Proceeding to next middleware.");
298
+ req.user = {
299
+ username: user.UserName,
300
+ role: user.Role,
301
+ // Add other user properties you might need
302
+ };
303
+
304
+ console.log("[authapi] Token and user validation successful. Passing control to next middleware.");
305
+ next();
306
+ });
307
+ });
308
+ };
309
309
  };
310
310
 
311
311
  export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate, authapi };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mbkauthe",
3
- "version": "1.1.10",
3
+ "version": "1.1.11",
4
4
  "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
5
5
  "main": "index.js",
6
6
  "type": "module",