mbkauthe 1.1.3 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +1 -1
- package/lib/validateSessionAndRole.js +99 -1
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -45,6 +45,6 @@ if (process.env.test === "true") {
|
|
|
45
45
|
});
|
|
46
46
|
}
|
|
47
47
|
|
|
48
|
-
export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate } from "./lib/validateSessionAndRole.js";
|
|
48
|
+
export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate, authapi } from "./lib/validateSessionAndRole.js";
|
|
49
49
|
export { dblogin } from "./lib/pool.js";
|
|
50
50
|
export default router;
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { dblogin } from "./pool.js";
|
|
2
2
|
const mbkautheVar = JSON.parse(process.env.mbkautheVar);
|
|
3
|
+
let pool = dblogin;
|
|
3
4
|
|
|
4
5
|
const getCookieOptions = () => ({
|
|
5
6
|
maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
|
|
@@ -210,4 +211,101 @@ const authenticate = (authentication) => {
|
|
|
210
211
|
};
|
|
211
212
|
};
|
|
212
213
|
|
|
213
|
-
|
|
214
|
+
const authapi = (requiredRole = []) => {
|
|
215
|
+
return (req, res, next) => {
|
|
216
|
+
const token = req.headers["authorization"];
|
|
217
|
+
|
|
218
|
+
if (typeof token === 'string') {
|
|
219
|
+
console.log("[authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
|
|
220
|
+
} else {
|
|
221
|
+
console.log("[authapi] Token is not a valid string:", token);
|
|
222
|
+
}
|
|
223
|
+
|
|
224
|
+
if (!token) {
|
|
225
|
+
console.log("[authapi] No token provided in the request headers");
|
|
226
|
+
return res.status(401).json({
|
|
227
|
+
success: false,
|
|
228
|
+
message: "Authorization token is required"
|
|
229
|
+
});
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
console.log("[authapi] Querying database to validate token");
|
|
233
|
+
const tokenQuery = 'SELECT * FROM "UserAuthApiKey" WHERE "key" = $1';
|
|
234
|
+
pool.query(tokenQuery, [token], (err, result) => {
|
|
235
|
+
if (err) {
|
|
236
|
+
console.error("[authapi] Database query error while validating token:", err);
|
|
237
|
+
return res.status(500).json({
|
|
238
|
+
success: false,
|
|
239
|
+
message: "Internal Server Error"
|
|
240
|
+
});
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
if (result.rows.length === 0) {
|
|
244
|
+
console.log("[authapi] Invalid token provided:", token);
|
|
245
|
+
return res.status(401).json({
|
|
246
|
+
success: false,
|
|
247
|
+
message: "The AuthApiToken Is Invalid"
|
|
248
|
+
});
|
|
249
|
+
}
|
|
250
|
+
|
|
251
|
+
const username = result.rows[0].username;
|
|
252
|
+
console.log("[authapi] Token is valid. Associated username:", username);
|
|
253
|
+
|
|
254
|
+
console.log("[authapi] Querying database to validate user and role");
|
|
255
|
+
const userQuery = `
|
|
256
|
+
SELECT id, "UserName", "Active", "Role" FROM "Users"
|
|
257
|
+
WHERE "UserName" = $1 AND "Active" = true
|
|
258
|
+
`;
|
|
259
|
+
|
|
260
|
+
pool.query(userQuery, [username], (err, userResult) => {
|
|
261
|
+
if (err) {
|
|
262
|
+
console.error("[authapi] Database query error while validating user:", err);
|
|
263
|
+
return res.status(500).json({
|
|
264
|
+
success: false,
|
|
265
|
+
message: "Internal Server Error"
|
|
266
|
+
});
|
|
267
|
+
}
|
|
268
|
+
|
|
269
|
+
if (userResult.rows.length === 0) {
|
|
270
|
+
console.log("[authapi] User does not exist or is not active. Username:", username);
|
|
271
|
+
return res.status(401).json({
|
|
272
|
+
success: false,
|
|
273
|
+
message: "User does not exist or is not active",
|
|
274
|
+
});
|
|
275
|
+
}
|
|
276
|
+
|
|
277
|
+
if (username === "demo") {
|
|
278
|
+
console.log("[authapi] Demo user attempted to access an endpoint. Access denied.");
|
|
279
|
+
return res.status(401).json({
|
|
280
|
+
success: false,
|
|
281
|
+
message: "Demo user is not allowed to access endpoints",
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
const user = userResult.rows[0];
|
|
286
|
+
console.log("[authapi] User is valid. User details:", user);
|
|
287
|
+
|
|
288
|
+
// Check if role is required and if user has it
|
|
289
|
+
if ((requiredRole && user.Role !== requiredRole) && user.Role !== "SuperAdmin") {
|
|
290
|
+
console.log(`[authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
|
|
291
|
+
return res.status(403).json({
|
|
292
|
+
success: false,
|
|
293
|
+
message: `Access denied. Required role: ${requiredRole}`,
|
|
294
|
+
});
|
|
295
|
+
}
|
|
296
|
+
|
|
297
|
+
console.log("[authapi] User has the required role or no specific role is required. Proceeding to next middleware.");
|
|
298
|
+
req.user = {
|
|
299
|
+
username: user.UserName,
|
|
300
|
+
role: user.Role,
|
|
301
|
+
// Add other user properties you might need
|
|
302
|
+
};
|
|
303
|
+
|
|
304
|
+
console.log("[authapi] Token and user validation successful. Passing control to next middleware.");
|
|
305
|
+
next();
|
|
306
|
+
});
|
|
307
|
+
});
|
|
308
|
+
};
|
|
309
|
+
};
|
|
310
|
+
|
|
311
|
+
export { validateSession, checkRolePermission, validateSessionAndRole, getUserData, authenticate, authapi };
|