mbkauthe 1.1.17 → 1.2.0

package/lib/validateSessionAndRole.js

@@ -28,14 +28,14 @@ async function validateSession(req, res, next) {
         };
       }
     } catch (err) {
-      console.error("Session validation error:", err);
+      console.error("[mbkauthe] Session validation error:", err);
       return res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   }
 
   if (!req.session.user) {
-    console.log("User not authenticated");
-    console.log(req.session.user);
+    console.log("[mbkauthe] User not authenticated");
+    console.log("[mbkauthe]: ", req.session.user);
     return res.render("Error/dError.handlebars", {
       layout: false,
       code: 401,
@@ -53,7 +53,7 @@ async function validateSession(req, res, next) {
     const userResult = result.rows[0];
 
     if (result.rows.length === 0 || userResult.SessionId !== sessionId) {
-      console.log(`Session invalidated for user "${req.session.user.username}"`);
+      console.log(`[mbkauthe] Session invalidated for user "${req.session.user.username}"`);
       req.session.destroy();
       const cookieOptions = getCookieOptions();
       res.clearCookie("mbkauthe.sid", cookieOptions);
@@ -70,7 +70,7 @@ async function validateSession(req, res, next) {
     }
 
     if (!userResult.Active) {
-      console.log(`Account is inactive for user "${req.session.user.username}"`);
+      console.log(`[mbkauthe] Account is inactive for user "${req.session.user.username}"`);
       req.session.destroy();
       const cookieOptions = getCookieOptions();
       res.clearCookie("mbkauthe.sid", cookieOptions);
@@ -89,7 +89,7 @@ async function validateSession(req, res, next) {
     if (userResult.Role !== "SuperAdmin") {
       const allowedApps = userResult.AllowedApps;
       if (!allowedApps || !allowedApps.some(app => app.toLowerCase() === mbkautheVar.APP_NAME.toLowerCase())) {
-        console.warn(`User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
+        console.warn(`[mbkauthe] User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
         req.session.destroy();
         const cookieOptions = getCookieOptions();
         res.clearCookie("mbkauthe.sid", cookieOptions);
@@ -108,7 +108,7 @@ async function validateSession(req, res, next) {
 
     next();
   } catch (err) {
-    console.error("Session validation error:", err);
+    console.error("[mbkauthe] Session validation error:", err);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 }
@@ -117,8 +117,8 @@ const checkRolePermission = (requiredRole) => {
   return async (req, res, next) => {
     try {
       if (!req.session || !req.session.user || !req.session.user.id) {
-        console.log("User not authenticated");
-        console.log(req.session);
+        console.log("[mbkauthe] User not authenticated");
+        console.log("[mbkauthe]: ", req.session);
         return res.render("Error/dError.handlebars", {
           layout: false,
           code: 401,
@@ -156,7 +156,7 @@ const checkRolePermission = (requiredRole) => {
 
       next();
     } catch (err) {
-      console.error("Permission check error:", err);
+      console.error("[mbkauthe] Permission check error:", err);
       res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   };
@@ -215,7 +215,7 @@ async function getUserData(UserName, parameters) {
     const combinedResult = { ...userResult, ...profileResult };
     return combinedResult;
   } catch (err) {
-    console.error("Error fetching user data:", err.message);
+    console.error("[mbkauthe] Error fetching user data:", err.message);
     throw err;
   }
 }
@@ -223,12 +223,12 @@ async function getUserData(UserName, parameters) {
 const authenticate = (authentication) => {
   return (req, res, next) => {
     const token = req.headers["authorization"];
-    console.log(`Received token: ${token}`);
+    console.log(`[mbkauthe] Received token: ${token}`);
     if (token === authentication) {
-      console.log("Authentication successful");
+      console.log("[mbkauthe] Authentication successful");
       next();
     } else {
-      console.log("Authentication failed");
+      console.log("[mbkauthe] Authentication failed");
       res.status(401).send("Unauthorized");
     }
   };
@@ -239,24 +239,24 @@ const authapi = (requiredRole = []) => {
     const token = req.headers["authorization"];
 
     if (typeof token === 'string') {
-      console.log("[authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
+      console.log("[mbkauthe] [authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
     } else {
-      console.log("[authapi] Token is not a valid string:", token);
+      console.log("[mbkauthe] [authapi] Token is not a valid string:", token);
     }
 
     if (!token) {
-      console.log("[authapi] No token provided in the request headers");
+      console.log("[mbkauthe] [authapi] No token provided in the request headers");
       return res.status(401).json({
         success: false,
         message: "Authorization token is required"
       });
     }
 
-    console.log("[authapi] Querying database to validate token");
+    console.log("[mbkauthe] [authapi] Querying database to validate token");
     const tokenQuery = 'SELECT * FROM "UserAuthApiKey" WHERE "key" = $1';
     pool.query(tokenQuery, [token], (err, result) => {
       if (err) {
-        console.error("[authapi] Database query error while validating token:", err);
+        console.error("[mbkauthe] [authapi] Database query error while validating token:", err);
         return res.status(500).json({
           success: false,
           message: "Internal Server Error"
@@ -264,7 +264,7 @@ const authapi = (requiredRole = []) => {
       }
 
       if (result.rows.length === 0) {
-        console.log("[authapi] Invalid token provided:", token);
+        console.log("[mbkauthe] [authapi] Invalid token provided:", token);
         return res.status(401).json({
           success: false,
           message: "The AuthApiToken Is Invalid"
@@ -272,9 +272,9 @@ const authapi = (requiredRole = []) => {
       }
 
       const username = result.rows[0].username;
-      console.log("[authapi] Token is valid. Associated username:", username);
+      console.log("[mbkauthe] [authapi] Token is valid. Associated username:", username);
 
-      console.log("[authapi] Querying database to validate user and role");
+      console.log("[mbkauthe] [authapi] Querying database to validate user and role");
       const userQuery = `
                 SELECT id, "UserName", "Active", "Role" FROM "Users"
                 WHERE "UserName" = $1 AND "Active" = true
@@ -282,7 +282,7 @@ const authapi = (requiredRole = []) => {
 
       pool.query(userQuery, [username], (err, userResult) => {
         if (err) {
-          console.error("[authapi] Database query error while validating user:", err);
+          console.error("[mbkauthe] [authapi] Database query error while validating user:", err);
           return res.status(500).json({
             success: false,
             message: "Internal Server Error"
@@ -290,7 +290,7 @@ const authapi = (requiredRole = []) => {
         }
 
         if (userResult.rows.length === 0) {
-          console.log("[authapi] User does not exist or is not active. Username:", username);
+          console.log("[mbkauthe] [authapi] User does not exist or is not active. Username:", username);
           return res.status(401).json({
             success: false,
             message: "User does not exist or is not active",
@@ -298,7 +298,7 @@ const authapi = (requiredRole = []) => {
         }
 
         if (username === "demo") {
-          console.log("[authapi] Demo user attempted to access an endpoint. Access denied.");
+          console.log("[mbkauthe] [authapi] Demo user attempted to access an endpoint. Access denied.");
           return res.status(401).json({
             success: false,
             message: "Demo user is not allowed to access endpoints",
@@ -306,25 +306,25 @@ const authapi = (requiredRole = []) => {
         }
 
         const user = userResult.rows[0];
-        console.log("[authapi] User is valid. User details:", user);
+        console.log("[mbkauthe] [authapi] User is valid. User details:", user);
 
         // Check if role is required and if user has it
         if ((requiredRole && user.Role !== requiredRole) && user.Role !== "SuperAdmin") {
-          console.log(`[authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
+          console.log(`[mbkauthe] [authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
           return res.status(403).json({
             success: false,
             message: `Access denied. Required role: ${requiredRole}`,
           });
         }
 
-        console.log("[authapi] User has the required role or no specific role is required. Proceeding to next middleware.");
+        console.log("[mbkauthe] [authapi] User has the required role or no specific role is required. Proceeding to next middleware.");
         req.user = {
           username: user.UserName,
           role: user.Role,
           // Add other user properties you might need
         };
 
-        console.log("[authapi] Token and user validation successful. Passing control to next middleware.");
+        console.log("[mbkauthe] [authapi] Token and user validation successful. Passing control to next middleware.");
         next();
       });
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "1.1.17",
+  "version": "1.2.0",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
@@ -30,6 +30,7 @@
     "cheerio": "^1.0.0",
     "connect-pg-simple": "^10.0.0",
     "cookie-parser": "^1.4.7",
+    "csurf": "^1.11.0",
     "dotenv": "^16.4.7",
     "express": "^5.1.0",
     "express-handlebars": "^8.0.1",