mbkauthe 1.1.10 → 1.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/info.js +1 -1
- package/lib/main.js +7 -5
- package/lib/validateSessionAndRole.js +88 -88
- package/package.json +1 -1
- package/views/loginmbkauthe.handlebars +28 -5
package/lib/info.js
CHANGED
|
@@ -20,7 +20,7 @@ router.get("/mbkauthe/login", (req, res) => {
|
|
|
20
20
|
layout: false,
|
|
21
21
|
customURL: mbkautheVar.loginRedirectURL || '/home',
|
|
22
22
|
userLoggedIn: !!req.session?.user,
|
|
23
|
-
|
|
23
|
+
username: req.session?.user?.username || ''
|
|
24
24
|
});
|
|
25
25
|
});
|
|
26
26
|
|
package/lib/main.js
CHANGED
|
@@ -18,6 +18,10 @@ const mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
|
18
18
|
|
|
19
19
|
const router = express.Router();
|
|
20
20
|
|
|
21
|
+
router.use(express.json());
|
|
22
|
+
router.use(express.urlencoded({ extended: true }));
|
|
23
|
+
router.use(cookieParser());
|
|
24
|
+
|
|
21
25
|
router.use((req, res, next) => {
|
|
22
26
|
const origin = req.headers.origin;
|
|
23
27
|
if (origin && origin.endsWith(`.${mbkautheVar.DOMAIN}`)) {
|
|
@@ -28,10 +32,6 @@ router.use((req, res, next) => {
|
|
|
28
32
|
}
|
|
29
33
|
next();
|
|
30
34
|
});
|
|
31
|
-
router.use(mbkautheinfo);
|
|
32
|
-
router.use(express.json());
|
|
33
|
-
router.use(express.urlencoded({ extended: true }));
|
|
34
|
-
router.use(cookieParser());
|
|
35
35
|
|
|
36
36
|
const LoginLimit = rateLimit({
|
|
37
37
|
windowMs: 1 * 60 * 1000,
|
|
@@ -211,7 +211,7 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
|
|
|
211
211
|
|
|
212
212
|
if (user.Role !== "SuperAdmin") {
|
|
213
213
|
const allowedApps = user.AllowedApps;
|
|
214
|
-
if (!allowedApps || !allowedApps.
|
|
214
|
+
if (!allowedApps || !allowedApps.some(app => app.toLowerCase() === mbkautheVar.APP_NAME.toLowerCase())) {
|
|
215
215
|
console.warn(`User \"${user.UserName}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
|
|
216
216
|
return res.status(403).json({ success: false, message: `You Are Not Authorized To Use The Application \"${mbkautheVar.APP_NAME}\"` });
|
|
217
217
|
}
|
|
@@ -335,4 +335,6 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
|
|
|
335
335
|
}
|
|
336
336
|
});
|
|
337
337
|
|
|
338
|
+
router.use(mbkautheinfo);
|
|
339
|
+
|
|
338
340
|
export default router;
|
|
@@ -76,7 +76,7 @@ async function validateSession(req, res, next) {
|
|
|
76
76
|
|
|
77
77
|
if (userResult.Role !== "SuperAdmin") {
|
|
78
78
|
const allowedApps = userResult.AllowedApps;
|
|
79
|
-
if (!allowedApps || !allowedApps.
|
|
79
|
+
if (!allowedApps || !allowedApps.some(app => app.toLowerCase() === mbkautheVar.APP_NAME.toLowerCase())) {
|
|
80
80
|
console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
|
|
81
81
|
req.session.destroy();
|
|
82
82
|
const cookieOptions = getCookieOptions();
|
|
@@ -212,100 +212,100 @@ const authenticate = (authentication) => {
|
|
|
212
212
|
};
|
|
213
213
|
|
|
214
214
|
const authapi = (requiredRole = []) => {
|
|
215
|
-
|
|
216
|
-
|
|
215
|
+
return (req, res, next) => {
|
|
216
|
+
const token = req.headers["authorization"];
|
|
217
217
|
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
218
|
+
if (typeof token === 'string') {
|
|
219
|
+
console.log("[authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
|
|
220
|
+
} else {
|
|
221
|
+
console.log("[authapi] Token is not a valid string:", token);
|
|
222
|
+
}
|
|
223
223
|
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
224
|
+
if (!token) {
|
|
225
|
+
console.log("[authapi] No token provided in the request headers");
|
|
226
|
+
return res.status(401).json({
|
|
227
|
+
success: false,
|
|
228
|
+
message: "Authorization token is required"
|
|
229
|
+
});
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
console.log("[authapi] Querying database to validate token");
|
|
233
|
+
const tokenQuery = 'SELECT * FROM "UserAuthApiKey" WHERE "key" = $1';
|
|
234
|
+
pool.query(tokenQuery, [token], (err, result) => {
|
|
235
|
+
if (err) {
|
|
236
|
+
console.error("[authapi] Database query error while validating token:", err);
|
|
237
|
+
return res.status(500).json({
|
|
238
|
+
success: false,
|
|
239
|
+
message: "Internal Server Error"
|
|
240
|
+
});
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
if (result.rows.length === 0) {
|
|
244
|
+
console.log("[authapi] Invalid token provided:", token);
|
|
245
|
+
return res.status(401).json({
|
|
246
|
+
success: false,
|
|
247
|
+
message: "The AuthApiToken Is Invalid"
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
const username = result.rows[0].username;
|
|
252
|
+
console.log("[authapi] Token is valid. Associated username:", username);
|
|
231
253
|
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
pool.query(tokenQuery, [token], (err, result) => {
|
|
235
|
-
if (err) {
|
|
236
|
-
console.error("[authapi] Database query error while validating token:", err);
|
|
237
|
-
return res.status(500).json({
|
|
238
|
-
success: false,
|
|
239
|
-
message: "Internal Server Error"
|
|
240
|
-
});
|
|
241
|
-
}
|
|
242
|
-
|
|
243
|
-
if (result.rows.length === 0) {
|
|
244
|
-
console.log("[authapi] Invalid token provided:", token);
|
|
245
|
-
return res.status(401).json({
|
|
246
|
-
success: false,
|
|
247
|
-
message: "The AuthApiToken Is Invalid"
|
|
248
|
-
});
|
|
249
|
-
}
|
|
250
|
-
|
|
251
|
-
const username = result.rows[0].username;
|
|
252
|
-
console.log("[authapi] Token is valid. Associated username:", username);
|
|
253
|
-
|
|
254
|
-
console.log("[authapi] Querying database to validate user and role");
|
|
255
|
-
const userQuery = `
|
|
254
|
+
console.log("[authapi] Querying database to validate user and role");
|
|
255
|
+
const userQuery = `
|
|
256
256
|
SELECT id, "UserName", "Active", "Role" FROM "Users"
|
|
257
257
|
WHERE "UserName" = $1 AND "Active" = true
|
|
258
258
|
`;
|
|
259
259
|
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
260
|
+
pool.query(userQuery, [username], (err, userResult) => {
|
|
261
|
+
if (err) {
|
|
262
|
+
console.error("[authapi] Database query error while validating user:", err);
|
|
263
|
+
return res.status(500).json({
|
|
264
|
+
success: false,
|
|
265
|
+
message: "Internal Server Error"
|
|
266
|
+
});
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
if (userResult.rows.length === 0) {
|
|
270
|
+
console.log("[authapi] User does not exist or is not active. Username:", username);
|
|
271
|
+
return res.status(401).json({
|
|
272
|
+
success: false,
|
|
273
|
+
message: "User does not exist or is not active",
|
|
274
|
+
});
|
|
275
|
+
}
|
|
276
|
+
|
|
277
|
+
if (username === "demo") {
|
|
278
|
+
console.log("[authapi] Demo user attempted to access an endpoint. Access denied.");
|
|
279
|
+
return res.status(401).json({
|
|
280
|
+
success: false,
|
|
281
|
+
message: "Demo user is not allowed to access endpoints",
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
const user = userResult.rows[0];
|
|
286
|
+
console.log("[authapi] User is valid. User details:", user);
|
|
287
|
+
|
|
288
|
+
// Check if role is required and if user has it
|
|
289
|
+
if ((requiredRole && user.Role !== requiredRole) && user.Role !== "SuperAdmin") {
|
|
290
|
+
console.log(`[authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
|
|
291
|
+
return res.status(403).json({
|
|
292
|
+
success: false,
|
|
293
|
+
message: `Access denied. Required role: ${requiredRole}`,
|
|
294
|
+
});
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
console.log("[authapi] User has the required role or no specific role is required. Proceeding to next middleware.");
|
|
298
|
+
req.user = {
|
|
299
|
+
username: user.UserName,
|
|
300
|
+
role: user.Role,
|
|
301
|
+
// Add other user properties you might need
|
|
302
|
+
};
|
|
303
|
+
|
|
304
|
+
console.log("[authapi] Token and user validation successful. Passing control to next middleware.");
|
|
305
|
+
next();
|
|
306
|
+
});
|
|
307
|
+
});
|
|
308
|
+
};
|
|
309
309
|
};
|
|
310
310
|
|
|
311
311
|
export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate, authapi };
|
package/package.json
CHANGED
|
@@ -228,12 +228,10 @@
|
|
|
228
228
|
cursor: pointer;
|
|
229
229
|
transition: var(--transition);
|
|
230
230
|
box-shadow: var(--shadow-sm);
|
|
231
|
-
margin-top: 1rem;
|
|
232
231
|
}
|
|
233
232
|
|
|
234
233
|
.btn-login:hover {
|
|
235
234
|
background: var(--primary-dark);
|
|
236
|
-
transform: translateY(-3px);
|
|
237
235
|
box-shadow: var(--shadow-md);
|
|
238
236
|
}
|
|
239
237
|
|
|
@@ -420,6 +418,20 @@
|
|
|
420
418
|
.remember-me label:hover {
|
|
421
419
|
color: var(--light);
|
|
422
420
|
}
|
|
421
|
+
|
|
422
|
+
.WarningboxInfo {
|
|
423
|
+
background: var(--dark-light);
|
|
424
|
+
border: 0.5px solid var(--warning);
|
|
425
|
+
border-left: 4px solid var(--warning);
|
|
426
|
+
padding: 0.75rem 1rem;
|
|
427
|
+
border-radius: var(--radius-sm);
|
|
428
|
+
color: var(--warning);
|
|
429
|
+
font-size: 0.9rem;
|
|
430
|
+
font-weight: 500;
|
|
431
|
+
margin-top: 1rem;
|
|
432
|
+
text-align: center;
|
|
433
|
+
box-shadow: var(--shadow-sm);
|
|
434
|
+
}
|
|
423
435
|
</style>
|
|
424
436
|
</head>
|
|
425
437
|
|
|
@@ -485,6 +497,14 @@
|
|
|
485
497
|
<span id="loginButtonText">Login</span>
|
|
486
498
|
</button>
|
|
487
499
|
|
|
500
|
+
{{#if userLoggedIn }}
|
|
501
|
+
<div class="WarningboxInfo">
|
|
502
|
+
You Are Already Logged In With username
|
|
503
|
+
<span class="username">"<span id="headerProfileUserName">{{username}}</span>"</span>. Go To
|
|
504
|
+
<a class="terms-link" href="/home">Home Page</a>
|
|
505
|
+
</div>
|
|
506
|
+
{{/if }}
|
|
507
|
+
|
|
488
508
|
<div class="login-links">
|
|
489
509
|
<a onclick="fpass()" class="login-link">Forgot Password?</a>
|
|
490
510
|
<a href="https://www.mbktechstudio.com/Support" target="_blank" class="login-link">Need Help?</a>
|
|
@@ -492,9 +512,9 @@
|
|
|
492
512
|
|
|
493
513
|
<p class="terms-info">
|
|
494
514
|
By logging in, you agree to our
|
|
495
|
-
<a href="/info/Terms&Conditions" class="terms-link">Terms & Conditions</a>
|
|
515
|
+
<a href="/info/Terms&Conditions" target="_blank" class="terms-link">Terms & Conditions</a>
|
|
496
516
|
and
|
|
497
|
-
<a href="/info/PrivacyPolicy" class="terms-link">Privacy Policy</a>.
|
|
517
|
+
<a href="/info/PrivacyPolicy" target="_blank" class="terms-link">Privacy Policy</a>.
|
|
498
518
|
</p>
|
|
499
519
|
</form>
|
|
500
520
|
</div>
|
|
@@ -570,10 +590,13 @@
|
|
|
570
590
|
} else {
|
|
571
591
|
localStorage.removeItem('rememberedUsername');
|
|
572
592
|
}
|
|
573
|
-
|
|
593
|
+
|
|
574
594
|
// Redirect to the appropriate page
|
|
575
595
|
const redirectUrl = new URLSearchParams(window.location.search).get('redirect');
|
|
576
596
|
window.location.href = redirectUrl ? decodeURIComponent(redirectUrl) : '{{customURL}}';
|
|
597
|
+
|
|
598
|
+
loginButton.disabled = false;
|
|
599
|
+
loginButtonText.textContent = 'Login';
|
|
577
600
|
} else {
|
|
578
601
|
// Handle errors
|
|
579
602
|
grecaptcha.reset();
|