mbkauthe 1.1.13 → 1.1.14

package/.env.example

@@ -1,15 +1,13 @@
 mbkautheVar='{
     "APP_NAME": "MBKAUTH",
-    "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
-    "RECAPTCHA_Enabled": "f",
-    "BypassUsers": ["demo","user1"],
     "SESSION_SECRET_KEY": "your-session-secret-key",
     "IS_DEPLOYED": "true",
     "LOGIN_DB": "postgres://username:password@host:port/database",
     "MBKAUTH_TWO_FA_ENABLE": "false",
     "COOKIE_EXPIRE_TIME": 2,
     "DOMAIN": "yourdomain.com",
-    "layout": false
+    "layout": false,
+    "loginRedirectURL": "/admin"
 }'
 
 # See env.md for more details

package/README.md

@@ -28,7 +28,7 @@
   - [License](#license)
   - [Contact \& Support](#contact--support)
 
-`mbkAuthe` is a reusable authentication system for Node.js applications, designed to simplify session management, user authentication, and role-based access control. It integrates seamlessly with PostgreSQL and supports features like Two-Factor Authentication (2FA), session restoration, and reCAPTCHA verification.
+`mbkAuthe` is a reusable authentication system for Node.js applications, designed to simplify session management, user authentication, and role-based access control. It integrates seamlessly with PostgreSQL and supports features like Two-Factor Authentication (2FA) and session restoration.
 
 ## Features
 
@@ -36,7 +36,6 @@
 - **User Authentication:** Provides robust authentication, including support for username/password and Two-Factor Authentication (2FA).
 - **Role-Based Access Control (RBAC):** Enables fine-grained access control by validating user roles and permissions.
 - **Integration with PostgreSQL:** Seamlessly integrates with PostgreSQL for user and session data storage.
-- **reCAPTCHA Verification:** Adds an extra layer of security with reCAPTCHA support to prevent automated attacks.
 - **Middleware Functions:** Includes reusable middleware for session validation, role checking, and user authentication.
 - **API Endpoints:** Offers a set of RESTful APIs for login, logout, session termination, and package information retrieval.
 - **Environment Configuration:** Supports flexible configuration through .env files for deployment-specific settings.
@@ -86,16 +85,14 @@ Example `.env` file:
 ```code
 mbkautheVar='{
     "APP_NAME": "MBKAUTH",
-    "RECAPTCHA_SECRET_KEY": "your-recaptcha-secret-key",
-    "RECAPTCHA_Enabled": "false",
-    "BypassUsers": ["user1","user2"],
     "SESSION_SECRET_KEY": "your-session-secret-key",
     "IS_DEPLOYED": "true",
     "LOGIN_DB": "postgres://username:password@host:port/database",
     "MBKAUTH_TWO_FA_ENABLE": "false",
     "COOKIE_EXPIRE_TIME": 2,
     "DOMAIN": "yourdomain.com",
-    "layout": false
+    "layout": false,
+    "loginRedirectURL": "/admin"
 }'
 ```
 
@@ -198,7 +195,6 @@ router.post(["/terminateAllSessions"], authenticate(mbkautheVar.Password), (req,
   - `username`: User's username.
   - `password`: User's password.
   - `token`: (Optional) 2FA token.
-  - `recaptcha`: reCAPTCHA response.
 
 - Response:
   - `200`: Login successful.

package/env.md

@@ -1,75 +1,198 @@
-# Configuration Guide
+# Environment Configuration Guide
 
-[<- Back](README.md)
+[← Back to README](README.md)
 
-## Application Settings
+This guide explains how to configure your MBKAuth application using environment variables. Create a `.env` file in your project root and set the following variables according to your deployment needs.
 
-```properties
+---
+
+## 📱 Application Settings
+
+### App Name Configuration
+```env
 APP_NAME=mbkauthe
 ```
 
-> **APP_NAME**: Specifies the name of the application. This is used to distinguish one project from another and is critical for ensuring users are restricted to specific apps. It corresponds to the `AllowedApp` column in the Users table.
+**Description:** Defines the application identifier used for user access control.
+
+- **Purpose:** Distinguishes this application from others in your ecosystem
+- **Security:** Users are restricted to apps they're authorized for via the `AllowedApp` column in the Users table
+- **Required:** Yes
 
-## reCAPTCHA Settings
+---
 
-```properties
-RECAPTCHA_ENABLED=true
-RECAPTCHA_SECRET_KEY=your-secret-key
-BYPASS_USERS=["demo", "user1"]
+## 🔐 Session Management
+
+### Session Configuration
+```env
+SESSION_SECRET_KEY=your-secure-random-key-here
+IS_DEPLOYED=false
+DOMAIN=localhost
 ```
 
-> **RECAPTCHA_ENABLED**: Set to `true` to enable reCAPTCHA verification.
+#### SESSION_SECRET_KEY
+**Description:** Cryptographic key for session security.
+
+- **Security:** Use a strong, randomly generated key (minimum 32 characters)
+- **Generation:** Generate securely at [Generate Secret](https://generate-secret.vercel.app/32)
+- **Example:** `SESSION_SECRET_KEY=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6`
+- **Required:** Yes
 
-> **RECAPTCHA_SECRET_KEY**: Provide the secret key obtained from the [Google reCAPTCHA Admin Console](https://www.google.com/recaptcha/admin).
+#### IS_DEPLOYED
+**Description:** Deployment environment flag that affects session behavior.
 
-> **BYPASS_USERS**: Specify an array of usernames (e.g., `["demo", "user1"]`) that will bypass reCAPTCHA verification.
+**Values:**
+- `true` - Production/deployed environment
+  - Sessions work across all subdomains of your specified domain
+  - **Important:** Login will NOT work on `localhost` when set to `true`
+- `false` - Local development environment
+  - Sessions work on localhost for development
 
-> **Note**: Ensure `RECAPTCHA_SECRET_KEY` is set when `RECAPTCHA_ENABLED=true`.
+**Default:** `false`
 
+#### DOMAIN
+**Description:** Your application's domain name.
 
-## Session Settings
-```properties
-SESSION_SECRET_KEY=123
+**Configuration:**
+- **Production:** Set to your actual domain (e.g., `mbktechstudio.com`)
+- **Development:** Use `localhost` or set `IS_DEPLOYED=false`
+- **Subdomains:** When `IS_DEPLOYED=true`, sessions are shared across all subdomains
+
+**Examples:**
+```env
+# Production
+DOMAIN=yourdomain.com
 IS_DEPLOYED=true
-DOMAIN=mbktechstudio.com
+
+# Development
+DOMAIN=localhost
+IS_DEPLOYED=false
 ```
-> **SESSION_SECRET_KEY**: Generate a secure key using [Generate Secret](https://generate-secret.vercel.app/32).
 
-> **IS_DEPLOYED**:
+---
+
+## 🗄️ Database Configuration
+
+### PostgreSQL Connection
+```env
+LOGIN_DB=postgresql://username:password@host:port/database_name
+```
 
-> - `true`: For deployed environments. Sessions are shared across all subDOMAINs of `.mbktechstudio.com` or the DOMAIN specified in `DOMAIN`.
+**Description:** PostgreSQL database connection string for user authentication.
 
-> - `false`: For local development.
+**Format:** `postgresql://[username]:[password]@[host]:[port]/[database]`
 
-> - Important: If set to `true`, login functionality will not work on `localhost`. Use a valid DOMAIN for proper operation.
+**Examples:**
+```env
+# Local database
+LOGIN_DB=postgresql://admin:password123@localhost:5432/mbkauth_db
 
-> **DOMAIN**:
+# Remote database
+LOGIN_DB=postgresql://user:pass@db.example.com:5432/production_db
 
-> - Set `DOMAIN` to your DOMAIN
+# With SSL (recommended for production)
+LOGIN_DB=postgresql://user:pass@host:5432/db?sslmode=require
+```
 
-> - If you don't have a DOMAIN, set `IS_DEPLOYED=false`.
+**Required:** Yes
 
+---
 
-## Database Settings
+## 🔒 Two-Factor Authentication (2FA)
 
-```properties
-LOGIN_DB=postgresql://username:password@server.DOMAIN/db_name
+### 2FA Configuration
+```env
+MBKAUTH_TWO_FA_ENABLE=false
 ```
-> Replace the placeholder with your PostgreSQL connection string.
 
+**Description:** Enables or disables Two-Factor Authentication for enhanced security.
 
-## Two-Factor Authentication (2FA)
-```properties
-MBKAUTH_TWO_FA_ENABLE=false
+**Values:**
+- `true` - Enable 2FA (recommended for production)
+- `false` - Disable 2FA (default)
+
+**Note:** When enabled, users will need to configure an authenticator app (Google Authenticator, Authy, etc.) for login.
+
+---
+
+## 🍪 Cookie Settings
+
+### Cookie Expiration
+```env
+COOKIE_EXPIRE_TIME=2
+```
+
+**Description:** Sets how long authentication cookies remain valid.
+
+- **Unit:** Days
+- **Default:** `2` days
+- **Range:** 1-30 days (recommended)
+- **Security:** Shorter periods are more secure but require more frequent logins
+
+**Examples:**
+```env
+COOKIE_EXPIRE_TIME=1   # 1 day (high security)
+COOKIE_EXPIRE_TIME=7   # 1 week (balanced)
+COOKIE_EXPIRE_TIME=30  # 1 month (convenience)
 ```
-> MBKAUTH_TWO_FA_ENABLE: Set to `true` to enable Two-Factor Authentication.
 
+---
 
-## Cookie Settings
+## 🚀 Quick Setup Examples
 
-```properties
-COOKIE_EXPIRE_TIME=5
+### Development Environment
+```env
+# .env file for local development
+APP_NAME=mbkauthe
+SESSION_SECRET_KEY=dev-secret-key-change-in-production
+IS_DEPLOYED=false
+DOMAIN=localhost
+LOGIN_DB=postgresql://admin:password@localhost:5432/mbkauth_dev
+MBKAUTH_TWO_FA_ENABLE=false
+COOKIE_EXPIRE_TIME=7
+```
+
+### Production Environment
+```env
+# .env file for production deployment
+APP_NAME=mbkauthe
+SESSION_SECRET_KEY=your-super-secure-production-key-here
+IS_DEPLOYED=true
+DOMAIN=yourdomain.com
+LOGIN_DB=postgresql://dbuser:securepass@prod-db.example.com:5432/mbkauth_prod
+MBKAUTH_TWO_FA_ENABLE=true
+COOKIE_EXPIRE_TIME=2
 ```
-> Cookie expiration time in days. Default is `2 days`.
 
-"layout": false
+---
+
+## ⚠️ Important Security Notes
+
+1. **Never commit your `.env` file** to version control
+2. **Use strong, unique secrets** for production environments
+3. **Enable HTTPS** when `IS_DEPLOYED=true`
+4. **Regularly rotate** your `SESSION_SECRET_KEY`
+5. **Use environment-specific databases** (separate dev/prod databases)
+6. **Enable 2FA** for production environments
+
+---
+
+## 🔧 Troubleshooting
+
+### Common Issues
+
+**Login not working on localhost:**
+- Ensure `IS_DEPLOYED=false` for local development
+- Check that `DOMAIN=localhost`
+
+**Session not persisting:**
+- Verify `SESSION_SECRET_KEY` is set and consistent
+- Check cookie settings in your browser
+
+**Database connection errors:**
+- Verify database credentials and connection string format
+- Ensure database server is running and accessible
+
+**2FA issues:**
+- Confirm authenticator app time is synchronized
+- Verify `MBKAUTH_TWO_FA_ENABLE` setting matches your setup

package/index.js

@@ -20,28 +20,18 @@ try {
 if (!mbkautheVar) {
     throw new Error("mbkautheVar is not defined");
 }
-const requiredKeys = ["APP_NAME", "RECAPTCHA_Enabled", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+const requiredKeys = ["APP_NAME", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
 requiredKeys.forEach(key => {
     if (!mbkautheVar[key]) {
         throw new Error(`mbkautheVar.${key} is required`);
     }
 });
-if (mbkautheVar.RECAPTCHA_Enabled === "true") {
-    if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
-        throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
-    }
-}
 if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
     const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
     if (isNaN(expireTime) || expireTime <= 0) {
         throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
     }
 }
-if (mbkautheVar.BypassUsers !== undefined) {
-    if (!Array.isArray(mbkautheVar.BypassUsers)) {
-        throw new Error("mbkautheVar.BypassUsers must be a valid array");
-    }
-}
 
 const app = express();
 if (process.env.test === "true") {

package/lib/main.js

@@ -144,36 +144,9 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
 router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
   console.log("Login request received");
 
-  const { username, password, token, recaptcha } = req.body;
+  const { username, password, token } = req.body;
   console.log(`Login attempt for username: ${username}`);
 
-  const secretKey = mbkautheVar.RECAPTCHA_SECRET_KEY;
-  const verificationUrl = `https://www.google.com/recaptcha/api/siteverify?secret=${secretKey}&response=${recaptcha}`;
-
-  let BypassUsers = Array.isArray(mbkautheVar.BypassUsers) ? mbkautheVar.BypassUsers : JSON.parse(mbkautheVar.BypassUsers);
-
-  if (mbkautheVar.RECAPTCHA_Enabled === "true") {
-    if (!BypassUsers.includes(username)) {
-      if (!recaptcha) {
-        console.log("Missing reCAPTCHA token");
-        return res.status(400).json({ success: false, message: "Please complete the reCAPTCHA" });
-      }
-      try {
-        const response = await fetch(verificationUrl, { method: 'POST' });
-        const body = await response.json();
-        console.log("reCAPTCHA verification response:", body);
-
-        if (!body.success) {
-          console.log("Failed reCAPTCHA verification");
-          return res.status(400).json({ success: false, message: "Failed reCAPTCHA verification" });
-        }
-      } catch (err) {
-        console.log("Error during reCAPTCHA verification:", err);
-        return res.status(500).json({ success: false, message: "Internal Server Error" });
-      }
-    }
-  }
-
   if (!username || !password) {
     console.log("Missing username or password");
     return res.status(400).json({
@@ -728,10 +701,6 @@ router.get(["/mbkauthe/info", "/mbkauthe/i"], LoginLimit, async (_, res) => {
             <div class="info-label">APP_NAME:</div>
             <div class="info-value">${mbkautheVar.APP_NAME}</div>
           </div>
-          <div class="info-row">
-            <div class="info-label">RECAPTCHA_Enabled:</div>
-            <div class="info-value">${mbkautheVar.RECAPTCHA_Enabled}</div>
-          </div>
           <div class="info-row">
             <div class="info-label">MBKAUTH_TWO_FA_ENABLE:</div>
             <div class="info-value">${mbkautheVar.MBKAUTH_TWO_FA_ENABLE}</div>

package/lib/pool.js

@@ -13,28 +13,18 @@ try {
 if (!mbkautheVar) {
   throw new Error("mbkautheVar is not defined");
 }
-const requiredKeys = ["APP_NAME", "RECAPTCHA_Enabled", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
+const requiredKeys = ["APP_NAME", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
 requiredKeys.forEach(key => {
     if (!mbkautheVar[key]) {
         throw new Error(`mbkautheVar.${key} is required`);
     }
 });
-if (mbkautheVar.RECAPTCHA_Enabled === "true") {
-    if (mbkautheVar.RECAPTCHA_SECRET_KEY === undefined) {
-        throw new Error("mbkautheVar.RECAPTCHA_SECRET_KEY is required");
-    }
-}
 if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
     const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
     if (isNaN(expireTime) || expireTime <= 0) {
         throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
     }
 }
-if (mbkautheVar.BypassUsers !== undefined) {
-    if (!Array.isArray(mbkautheVar.BypassUsers)) {
-        throw new Error("mbkautheVar.BypassUsers must be a valid array");
-    }
-}
 
 const poolConfig = {
   connectionString: mbkautheVar.LOGIN_DB,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.1.13",
+  "version": "1.1.14",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",

package/views/loginmbkauthe.handlebars

@@ -5,7 +5,8 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <meta name="description" content="Log in to portal.mbktechstudio.com to access your resources and manage projects securely.">
+    <meta name="description"
+        content="Log in to portal.mbktechstudio.com to access your resources and manage projects securely.">
     <meta name="keywords" content="MBK Tech Studio, Web-Portal, Web, Portal, Admin-Panel, Admin, login">
     <meta property="og:title" content="Login | MBK Tech Studio" />
     <meta property="og:image" content="https://www.mbktechstudio.com/Assets/Images/Icon/logo.png" />
@@ -15,8 +16,8 @@
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css">
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swap" rel="stylesheet">
-    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
+    <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swap"
+        rel="stylesheet">
     <style>
         :root {
             --primary: #4361ee;
@@ -270,12 +271,6 @@
             font-weight: 500;
         }
 
-        .recaptcha-container {
-            margin: 1rem 0;
-            display: flex;
-            justify-content: center;
-        }
-
         .token-container {
             animation: fadeInUp 0.4s ease-out;
         }
@@ -418,7 +413,7 @@
         .remember-me label:hover {
             color: var(--light);
         }
-        
+
         .WarningboxInfo {
             background: var(--dark-light);
             border: 0.5px solid var(--warning);
@@ -483,11 +478,6 @@
                     <i class="fas fa-info-circle input-icon" onclick="tokeninfo()"></i>
                 </div>
 
-                <div class="recaptcha-container">
-                    <div class="g-recaptcha" data-theme="dark" data-sitekey="6LfhaPgqAAAAAPgOw7r3rNOHKKfh5d7K3MMJeUHo">
-                    </div>
-                </div>
-
                 <div class="form-group remember-me">
                     <input type="checkbox" id="rememberMe" name="rememberMe">
                     <label for="rememberMe">Remember me</label>
@@ -553,7 +543,6 @@
             const username = document.getElementById('loginUsername').value.trim();
             const password = document.getElementById('loginPassword').value.trim();
             const token = document.getElementById('token') ? document.getElementById('token').value.trim() : '';
-            const recaptchaResponse = grecaptcha.getResponse();
             const loginButton = document.getElementById('loginButton');
             const loginButtonText = document.getElementById('loginButtonText');
             const rememberMe = document.getElementById('rememberMe').checked;
@@ -575,8 +564,7 @@
                 body: JSON.stringify({
                     username,
                     password,
-                    token,
-                    recaptcha: recaptchaResponse
+                    token
                 })
             })
                 .then(response => response.json())
@@ -590,7 +578,7 @@
                         } else {
                             localStorage.removeItem('rememberedUsername');
                         }
-                        
+
                         // Redirect to the appropriate page
                         const redirectUrl = new URLSearchParams(window.location.search).get('redirect');
                         window.location.href = redirectUrl ? decodeURIComponent(redirectUrl) : '{{customURL}}';
@@ -599,7 +587,6 @@
                         loginButtonText.textContent = 'Login';
                     } else {
                         // Handle errors
-                        grecaptcha.reset();
                         loginButton.disabled = false;
                         loginButtonText.textContent = 'Login';
 
@@ -615,7 +602,6 @@
                     }
                 })
                 .catch(error => {
-                    grecaptcha.reset();
                     loginButton.disabled = false;
                     loginButtonText.textContent = 'Login';
                     console.error('Error:', error);