mbkauthe 1.3.5 → 1.4.0

package/index.js

@@ -34,10 +34,21 @@ if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
 }
 
 const app = express();
-if (process.env.test === "true") {
-    console.log("[mbkauthe] Test mode is enabled. Starting server in test mode.");
+if (process.env.test === "dev") {
+    console.log("[mbkauthe] Dev mode is enabled. Starting server in dev mode.");
     const port = 5555;
     app.use(router);
+    app.use((req, res) => {
+        console.log(`Path not found: ${req.method} ${req.url}`);
+        return res.status(404).render("Error/dError.handlebars", {
+            layout: false,
+            code: 404,
+            error: "Not Found",
+            message: "The requested page was not found.",
+            pagename: "Home",
+            page: "/mbkauthe/login",
+        });
+    });
     app.listen(port, () => {
         console.log(`[mbkauthe] Server running on http://localhost:${port}`);
     });

package/lib/main.js

@@ -31,6 +31,10 @@ router.use(express.json());
 router.use(express.urlencoded({ extended: true }));
 router.use(cookieParser());
 
+router.get('/mbkauthe/main.js', (req, res) => {
+  res.sendFile(path.join(process.cwd(), 'public', 'main.js'));
+});
+
 // CSRF protection middleware
 const csrfProtection = csurf({ cookie: false });
 
@@ -55,6 +59,18 @@ const LoginLimit = rateLimit({
   }
 });
 
+const LogoutLimit = rateLimit({
+  windowMs: 1 * 60 * 1000,
+  max: 10,
+  message: { success: false, message: "Too many logout attempts, please try again later" }
+});
+
+const TwoFALimit = rateLimit({
+  windowMs: 1 * 60 * 1000,
+  max: 5,
+  message: { success: false, message: "Too many 2FA attempts, please try again later" }
+});
+
 const sessionConfig = {
   store: new PgSession({
     pool: dblogin,
@@ -79,11 +95,19 @@ const sessionConfig = {
 router.use(session(sessionConfig));
 
 router.use(async (req, res, next) => {
+  // Only restore session if not already present and sessionId cookie exists
   if (!req.session.user && req.cookies.sessionId) {
     try {
       const sessionId = req.cookies.sessionId;
-  const query = `SELECT id, "UserName", "Active", "Role", "SessionId" FROM "Users" WHERE "SessionId" = $1`;
-  const result = await dblogin.query({ name: 'get-user-by-sessionid', text: query, values: [sessionId] });
+
+      // Validate sessionId format (should be 64 hex characters)
+      if (typeof sessionId !== 'string' || !/^[a-f0-9]{64}$/i.test(sessionId)) {
+        console.warn("[mbkauthe] Invalid sessionId format detected");
+        return next();
+      }
+
+      const query = `SELECT id, "UserName", "Active", "Role", "SessionId", "AllowedApps" FROM "Users" WHERE "SessionId" = $1 AND "Active" = true`;
+      const result = await dblogin.query({ name: 'get-user-by-sessionid', text: query, values: [sessionId] });
 
       if (result.rows.length > 0) {
         const user = result.rows[0];
@@ -91,7 +115,10 @@ router.use(async (req, res, next) => {
           id: user.id,
           username: user.UserName,
           UserName: user.UserName,
+          role: user.Role,
+          Role: user.Role,
           sessionId,
+          allowedApps: user.AllowedApps,
         };
       }
     } catch (err) {
@@ -110,12 +137,20 @@ const getCookieOptions = () => ({
   httpOnly: true
 });
 
+const getClearCookieOptions = () => ({
+  domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+  secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
+  sameSite: 'lax',
+  path: '/',
+  httpOnly: true
+});
+
 async function completeLoginProcess(req, res, user, redirectUrl = null) {
   try {
     // smaller session id is sufficient and faster to generate/serialize
     const sessionId = crypto.randomBytes(32).toString("hex");
     console.log(`[mbkauthe] Generated session ID for username: ${user.username}`);
-    
+
     // Delete old session record for this user
     await dblogin.query('DELETE FROM "session" WHERE username = $1', [user.username]);
 
@@ -139,7 +174,7 @@ async function completeLoginProcess(req, res, user, redirectUrl = null) {
 
     req.session.save(async (err) => {
       if (err) {
-        console.log("[mbkauthe] Session save error:", err);
+        console.error("[mbkauthe] Session save error:", err);
         return res.status(500).json({ success: false, message: "Internal Server Error" });
       }
       // avoid writing back into the session table here to reduce DB writes;
@@ -162,7 +197,7 @@ async function completeLoginProcess(req, res, user, redirectUrl = null) {
       res.status(200).json(responsePayload);
     });
   } catch (err) {
-    console.log("[mbkauthe] Error during login completion:", err);
+    console.error("[mbkauthe] Error during login completion:", err);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 }
@@ -170,8 +205,11 @@ async function completeLoginProcess(req, res, user, redirectUrl = null) {
 router.use(async (req, res, next) => {
   if (req.session && req.session.user) {
     const cookieOptions = getCookieOptions();
-    res.cookie("username", req.session.user.username, { ...cookieOptions, httpOnly: false });
-    res.cookie("sessionId", req.session.user.sessionId, cookieOptions);
+    // Only set cookies if they're missing or different
+    if (req.cookies.sessionId !== req.session.user.sessionId) {
+      res.cookie("username", req.session.user.username, { ...cookieOptions, httpOnly: false });
+      res.cookie("sessionId", req.session.user.sessionId, cookieOptions);
+    }
   }
   next();
 });
@@ -187,7 +225,7 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
         return res.status(500).json({ success: false, message: "Failed to terminate sessions" });
       }
 
-      const cookieOptions = getCookieOptions();
+      const cookieOptions = getClearCookieOptions();
       res.clearCookie("mbkauthe.sid", cookieOptions);
       res.clearCookie("sessionId", cookieOptions);
       res.clearCookie("username", cookieOptions);
@@ -199,7 +237,7 @@ router.post("/mbkauthe/api/terminateAllSessions", authenticate(mbkautheVar.Main_
       });
     });
   } catch (err) {
-    console.log("[mbkauthe] Database query error during session termination:", err);
+    console.error("[mbkauthe] Database query error during session termination:", err);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 });
@@ -208,8 +246,8 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
   console.log("[mbkauthe] Login request received");
 
   const { username, password } = req.body;
-  console.log(`[mbkauthe] Login attempt for username: ${username}`);
 
+  // Input validation
   if (!username || !password) {
     console.log("[mbkauthe] Missing username or password");
     return res.status(400).json({
@@ -218,17 +256,45 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
     });
   }
 
+  // Validate username format and length
+  if (typeof username !== 'string' || username.trim().length === 0 || username.length > 255) {
+    console.warn("[mbkauthe] Invalid username format");
+    return res.status(400).json({
+      success: false,
+      message: "Invalid username format",
+    });
+  }
+
+  // Validate password length
+  if (typeof password !== 'string' || password.length < 8 || password.length > 255) {
+    console.warn("[mbkauthe] Invalid password length");
+    return res.status(400).json({
+      success: false,
+      message: "Password must be at least 8 characters long",
+    });
+  }
+
+  console.log(`[mbkauthe] Login attempt for username: ${username.trim()}`);
+
+  const trimmedUsername = username.trim();
+
   try {
-  const userQuery = `SELECT id, "UserName", "Password", "Active", "Role", "AllowedApps" FROM "Users" WHERE "UserName" = $1`;
-  const userResult = await dblogin.query({ name: 'get-user-by-username', text: userQuery, values: [username] });
+    const userQuery = `SELECT id, "UserName", "Password", "Active", "Role", "AllowedApps" FROM "Users" WHERE "UserName" = $1`;
+    const userResult = await dblogin.query({ name: 'get-user-by-username', text: userQuery, values: [trimmedUsername] });
 
     if (userResult.rows.length === 0) {
-      console.log(`[mbkauthe] Username does not exist: ${username}`);
+      console.log(`[mbkauthe] Username does not exist: ${trimmedUsername}`);
       return res.status(404).json({ success: false, message: "Incorrect Username Or Password" });
     }
 
     const user = userResult.rows[0];
 
+    // Validate user has password field
+    if (!user.Password) {
+      console.error("[mbkauthe] User account has no password set");
+      return res.status(500).json({ success: false, message: "Internal Server Error" });
+    }
+
     if (mbkautheVar.EncryptedPassword === "true") {
       try {
         const result = await bcrypt.compare(password, user.Password);
@@ -243,13 +309,13 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
       }
     } else {
       if (user.Password !== password) {
-        console.log(`[mbkauthe] Incorrect password for username: ${username}`);
+        console.log(`[mbkauthe] Incorrect password for username: ${trimmedUsername}`);
         return res.status(401).json({ success: false, errorCode: 603, message: "Incorrect Username Or Password" });
       }
     }
 
     if (!user.Active) {
-      console.log(`[mbkauthe] Inactive account for username: ${username}`);
+      console.log(`[mbkauthe] Inactive account for username: ${trimmedUsername}`);
       return res.status(403).json({ success: false, message: "Account is inactive" });
     }
 
@@ -262,8 +328,8 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
     }
 
     if ((mbkautheVar.MBKAUTH_TWO_FA_ENABLE || "").toLocaleLowerCase() === "true") {
-  const query = `SELECT "TwoFAStatus" FROM "TwoFA" WHERE "UserName" = $1`;
-  const twoFAResult = await dblogin.query({ name: 'get-2fa-status', text: query, values: [username] });
+      const query = `SELECT "TwoFAStatus" FROM "TwoFA" WHERE "UserName" = $1`;
+      const twoFAResult = await dblogin.query({ name: 'get-2fa-status', text: query, values: [trimmedUsername] });
 
       if (twoFAResult.rows.length > 0 && twoFAResult.rows[0].TwoFAStatus) {
         // 2FA is enabled, prompt for token on a separate page
@@ -271,9 +337,9 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
           id: user.id,
           username: user.UserName,
           role: user.Role,
-          Role: user.role,
+          Role: user.Role,
         };
-        console.log(`[mbkauthe] 2FA required for user: ${username}`);
+        console.log(`[mbkauthe] 2FA required for user: ${trimmedUsername}`);
         return res.json({ success: true, twoFactorRequired: true });
       }
     }
@@ -283,12 +349,12 @@ router.post("/mbkauthe/api/login", LoginLimit, async (req, res) => {
       id: user.id,
       username: user.UserName,
       role: user.Role,
-      Role: user.role,
+      Role: user.Role,
     };
     await completeLoginProcess(req, res, userForSession);
 
   } catch (err) {
-    console.log("[mbkauthe] Error during login process:", err);
+    console.error("[mbkauthe] Error during login process:", err);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 });
@@ -304,7 +370,7 @@ router.get("/mbkauthe/2fa", csrfProtection, (req, res) => {
   });
 });
 
-router.post("/mbkauthe/api/verify-2fa", async (req, res) => {
+router.post("/mbkauthe/api/verify-2fa", TwoFALimit, csrfProtection, async (req, res) => {
   if (!req.session.preAuthUser) {
     return res.status(401).json({ success: false, message: "Not authorized. Please login first." });
   }
@@ -312,10 +378,17 @@ router.post("/mbkauthe/api/verify-2fa", async (req, res) => {
   const { token } = req.body;
   const { username, id, role } = req.session.preAuthUser;
 
-  if (!token) {
+  // Validate 2FA token
+  if (!token || typeof token !== 'string') {
     return res.status(400).json({ success: false, message: "2FA token is required" });
   }
 
+  // Validate token format (should be 6 digits)
+  const sanitizedToken = token.trim();
+  if (!/^\d{6}$/.test(sanitizedToken)) {
+    return res.status(400).json({ success: false, message: "Invalid 2FA token format" });
+  }
+
   try {
     const query = `SELECT "TwoFASecret" FROM "TwoFA" WHERE "UserName" = $1`;
     const twoFAResult = await dblogin.query(query, [username]);
@@ -328,7 +401,7 @@ router.post("/mbkauthe/api/verify-2fa", async (req, res) => {
     const tokenValidates = speakeasy.totp.verify({
       secret: sharedSecret,
       encoding: "base32",
-      token: token,
+      token: sanitizedToken,
       window: 1,
     });
 
@@ -343,12 +416,12 @@ router.post("/mbkauthe/api/verify-2fa", async (req, res) => {
     await completeLoginProcess(req, res, userForSession, redirectUrl);
 
   } catch (err) {
-    console.log("[mbkauthe] Error during 2FA verification:", err);
+    console.error("[mbkauthe] Error during 2FA verification:", err);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 });
 
-router.post("/mbkauthe/api/logout", async (req, res) => {
+router.post("/mbkauthe/api/logout", LogoutLimit, csrfProtection, async (req, res) => {
   if (req.session.user) {
     try {
       const { id, username } = req.session.user;
@@ -361,11 +434,11 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
 
       req.session.destroy((err) => {
         if (err) {
-          console.log("[mbkauthe] Error destroying session:", err);
+          console.error("[mbkauthe] Error destroying session:", err);
           return res.status(500).json({ success: false, message: "Logout failed" });
         }
 
-        const cookieOptions = getCookieOptions();
+        const cookieOptions = getClearCookieOptions();
         res.clearCookie("mbkauthe.sid", cookieOptions);
         res.clearCookie("sessionId", cookieOptions);
         res.clearCookie("username", cookieOptions);
@@ -374,7 +447,7 @@ router.post("/mbkauthe/api/logout", async (req, res) => {
         res.status(200).json({ success: true, message: "Logout successful" });
       });
     } catch (err) {
-      console.log("[mbkauthe] Database query error during logout:", err);
+      console.error("[mbkauthe] Database query error during logout:", err);
       res.status(500).json({ success: false, message: "Internal Server Error" });
     }
   } else {
@@ -399,7 +472,7 @@ async function getLatestVersion() {
   try {
     const response = await fetch('https://raw.githubusercontent.com/MIbnEKhalid/mbkauthe/main/package.json');
     if (!response.ok) {
-      console.Error(`GitHub API responded with status ${response.status}`);
+      console.error(`GitHub API responded with status ${response.status}`);
       return "0.0.0";
     }
     const latestPackageJson = await response.json();
@@ -556,7 +629,7 @@ router.get('/mbkauthe/api/github/login/callback',
             };
 
             // Generate session and complete login
-            const sessionId = crypto.randomBytes(256).toString("hex");
+            const sessionId = crypto.randomBytes(32).toString("hex");
             console.log(`[mbkauthe] GitHub login: Generated session ID for username: ${user.UserName}`);
 
             // Delete old session record for this user

package/lib/pool.js

@@ -15,15 +15,15 @@ if (!mbkautheVar) {
 }
 const requiredKeys = ["APP_NAME", "SESSION_SECRET_KEY", "IS_DEPLOYED", "LOGIN_DB", "MBKAUTH_TWO_FA_ENABLE", "DOMAIN"];
 requiredKeys.forEach(key => {
-    if (!mbkautheVar[key]) {
-        throw new Error(`mbkautheVar.${key} is required`);
-    }
+  if (!mbkautheVar[key]) {
+    throw new Error(`mbkautheVar.${key} is required`);
+  }
 });
 if (mbkautheVar.COOKIE_EXPIRE_TIME !== undefined) {
-    const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
-    if (isNaN(expireTime) || expireTime <= 0) {
-        throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
-    }
+  const expireTime = parseFloat(mbkautheVar.COOKIE_EXPIRE_TIME);
+  if (isNaN(expireTime) || expireTime <= 0) {
+    throw new Error("mbkautheVar.COOKIE_EXPIRE_TIME must be a valid positive number");
+  }
 }
 
 const poolConfig = {
@@ -36,7 +36,7 @@ const poolConfig = {
   // - keep max small to avoid exhausting DB connections
   // - reduce idle time so connections are returned sooner
   // - set a short connection timeout to fail fast
-  max: 6,
+  max: 10,
   idleTimeoutMillis: 50000,
   connectionTimeoutMillis: 5000,
 };

package/lib/validateSessionAndRole.js

@@ -11,13 +11,27 @@ const getCookieOptions = () => ({
   httpOnly: true
 });
 
+const getClearCookieOptions = () => ({
+  domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+  secure: mbkautheVar.IS_DEPLOYED === 'true' ? 'auto' : false,
+  sameSite: 'lax',
+  path: '/',
+  httpOnly: true
+});
+
 async function validateSession(req, res, next) {
   if (!req.session.user && req.cookies.sessionId) {
     try {
       const sessionId = req.cookies.sessionId;
-  const query = `SELECT id, "UserName", "Active", "Role", "SessionId" FROM "Users" WHERE "SessionId" = $1`;
-  const result = await dblogin.query({ name: 'get-user-by-sessionid', text: query, values: [sessionId] });
-      const userResult = result.rows[0];
+
+      // Validate sessionId format (should be 64 hex characters)
+      if (typeof sessionId !== 'string' || !/^[a-f0-9]{64}$/i.test(sessionId)) {
+        console.warn("[mbkauthe] Invalid sessionId format detected");
+        return next();
+      }
+
+      const query = `SELECT id, "UserName", "Active", "Role", "SessionId", "AllowedApps" FROM "Users" WHERE "SessionId" = $1 AND "Active" = true`;
+      const result = await dblogin.query({ name: 'get-user-by-sessionid', text: query, values: [sessionId] });
 
       if (result.rows.length > 0) {
         const user = result.rows[0];
@@ -25,7 +39,10 @@ async function validateSession(req, res, next) {
           id: user.id,
           username: user.UserName,
           UserName: user.UserName,
+          role: user.Role,
+          Role: user.Role,
           sessionId,
+          allowedApps: user.AllowedApps,
         };
       }
     } catch (err) {
@@ -48,15 +65,16 @@ async function validateSession(req, res, next) {
   }
 
   try {
-    const { id, sessionId } = req.session.user;
-  const query = `SELECT "SessionId", "Active", "Role", "AllowedApps" FROM "Users" WHERE "id" = $1`;
-  const result = await dblogin.query({ name: 'get-user-by-id', text: query, values: [id] });
-    const userResult = result.rows[0];
+    const { id, sessionId, role, allowedApps } = req.session.user;
 
-    if (result.rows.length === 0 || userResult.SessionId !== sessionId) {
+    // Fetch only SessionId and Active status for validation (reduced query)
+    const query = `SELECT "SessionId", "Active" FROM "Users" WHERE "id" = $1`;
+    const result = await dblogin.query({ name: 'get-user-by-id', text: query, values: [id] });
+
+    if (result.rows.length === 0 || result.rows[0].SessionId !== sessionId) {
       console.log(`[mbkauthe] Session invalidated for user "${req.session.user.username}"`);
       req.session.destroy();
-      const cookieOptions = getCookieOptions();
+      const cookieOptions = getClearCookieOptions();
       res.clearCookie("mbkauthe.sid", cookieOptions);
       res.clearCookie("sessionId", cookieOptions);
       res.clearCookie("username", cookieOptions);
@@ -70,10 +88,10 @@ async function validateSession(req, res, next) {
       });
     }
 
-    if (!userResult.Active) {
+    if (!result.rows[0].Active) {
       console.log(`[mbkauthe] Account is inactive for user "${req.session.user.username}"`);
       req.session.destroy();
-      const cookieOptions = getCookieOptions();
+      const cookieOptions = getClearCookieOptions();
       res.clearCookie("mbkauthe.sid", cookieOptions);
       res.clearCookie("sessionId", cookieOptions);
       res.clearCookie("username", cookieOptions);
@@ -87,12 +105,11 @@ async function validateSession(req, res, next) {
       });
     }
 
-    if (userResult.Role !== "SuperAdmin") {
-      const allowedApps = userResult.AllowedApps;
+    if (role !== "SuperAdmin") {
       if (!allowedApps || !allowedApps.some(app => app.toLowerCase() === mbkautheVar.APP_NAME.toLowerCase())) {
         console.warn(`[mbkauthe] User \"${req.session.user.username}\" is not authorized to use the application \"${mbkautheVar.APP_NAME}\"`);
         req.session.destroy();
-        const cookieOptions = getCookieOptions();
+        const cookieOptions = getClearCookieOptions();
         res.clearCookie("mbkauthe.sid", cookieOptions);
         res.clearCookie("sessionId", cookieOptions);
         res.clearCookie("username", cookieOptions);
@@ -132,8 +149,8 @@ const checkRolePermission = (requiredRole, notAllowed) => {
 
       const userId = req.session.user.id;
 
-  const query = `SELECT "Role" FROM "Users" WHERE "id" = $1`;
-  const result = await dblogin.query({ name: 'get-role-by-id', text: query, values: [userId] });
+      const query = `SELECT "Role" FROM "Users" WHERE "id" = $1`;
+      const result = await dblogin.query({ name: 'get-role-by-id', text: query, values: [userId] });
 
       if (result.rows.length === 0) {
         return res.status(401).json({ success: false, message: "User not found" });
@@ -202,20 +219,29 @@ const authapi = (requiredRole = []) => {
   return (req, res, next) => {
     const token = req.headers["authorization"];
 
-    if (typeof token === 'string') {
-      console.log("[mbkauthe] [authapi] Received request with token:", token[0] + token[1] + token[2], ".....", token[63]);
-    } else {
-      console.log("[mbkauthe] [authapi] Token is not a valid string:", token);
-    }
-
+    // Validate token
     if (!token) {
-      console.log("[mbkauthe] [authapi] No token provided in the request headers");
+      console.warn("[mbkauthe] [authapi] No token provided in the request headers");
       return res.status(401).json({
         success: false,
         message: "Authorization token is required"
       });
     }
 
+    if (typeof token !== 'string' || token.length === 0 || token.length > 512) {
+      console.warn("[mbkauthe] [authapi] Invalid token format");
+      return res.status(401).json({
+        success: false,
+        message: "Invalid authorization token format"
+      });
+    }
+
+    if (typeof token === 'string' && token.length >= 64) {
+      console.log("[mbkauthe] [authapi] Received request with token:", token.substring(0, 3) + ".....", token.charAt(63));
+    } else {
+      console.log("[mbkauthe] [authapi] Received request with short token");
+    }
+
     // Single query to validate API key and fetch user in one DB round trip.
     (async () => {
       try {
@@ -223,27 +249,27 @@ const authapi = (requiredRole = []) => {
           SELECT u.id, u."UserName", u."Active", u."Role", k."key" as apikey
           FROM "UserAuthApiKey" k
           JOIN "Users" u ON u."UserName" = k.username
-+          WHERE k."key" = $1 AND u."Active" = true
-+          LIMIT 1
-+        `;
+          WHERE k."key" = $1 AND u."Active" = true
+          LIMIT 1
+        `;
 
         const result = await pool.query(jointQuery, [token]);
 
         if (result.rows.length === 0) {
-          console.log("[mbkauthe] [authapi] Invalid token or associated user inactive:", token);
+          console.warn("[mbkauthe] [authapi] Invalid token or associated user inactive");
           return res.status(401).json({ success: false, message: "The AuthApiToken Is Invalid or user inactive" });
         }
 
         const user = result.rows[0];
 
         if (user.UserName === "demo") {
-          console.log("[mbkauthe] [authapi] Demo user attempted to access an endpoint. Access denied.");
+          console.warn("[mbkauthe] [authapi] Demo user attempted to access an endpoint. Access denied.");
           return res.status(401).json({ success: false, message: "Demo user is not allowed to access endpoints" });
         }
 
         // role check
         if ((requiredRole && user.Role !== requiredRole) && user.Role !== "SuperAdmin") {
-          console.log(`[mbkauthe] [authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
+          console.warn(`[mbkauthe] [authapi] User does not have the required role. Required: ${requiredRole}, User's role: ${user.Role}`);
           return res.status(403).json({ success: false, message: `Access denied. Required role: ${requiredRole}` });
         }
 

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "mbkauthe",
-  "version": "1.3.5",
+  "version": "1.4.0",
   "description": "MBKTechStudio's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
   "scripts": {
-    "test": "set test=true&& nodemon index.js"
+    "dev": "set test=dev&& nodemon index.js"
   },
   "repository": {
     "type": "git",
@@ -26,11 +26,11 @@
   },
   "homepage": "https://github.com/MIbnEKhalid/mbkauthe#readme",
   "dependencies": {
-    "bcrypt": "^5.1.1",
+    "bcrypt": "^6.0.0",
     "cheerio": "^1.0.0",
     "connect-pg-simple": "^10.0.0",
     "cookie-parser": "^1.4.7",
-    "csurf": "^1.11.0",
+    "csurf": "^1.2.2",
     "dotenv": "^16.4.7",
     "express": "^5.1.0",
     "express-handlebars": "^8.0.1",
@@ -44,6 +44,6 @@
     "url": "^0.11.4"
   },
   "devDependencies": {
-    "nodemon": "^2.0.22"
+    "nodemon": "^3.1.11"
   }
 }