mbkauthe 2.4.0 → 3.0.0

package/index.d.ts

@@ -0,0 +1,233 @@
+// Type definitions for mbkauthe
+// Project: https://github.com/MIbnEKhalid/mbkauthe
+// Definitions by: Muhammad Bin Khalid <https://github.com/MIbnEKhalid>
+
+import { Request, Response, NextFunction, Router } from 'express';
+import { Pool } from 'pg';
+
+declare module 'mbkauthe' {
+  // Configuration Types
+  export interface MBKAuthConfig {
+    APP_NAME: string;
+    SESSION_SECRET_KEY: string;
+    Main_SECRET_TOKEN: string;
+    IS_DEPLOYED: 'true' | 'false' | 'f';
+    DOMAIN: string;
+    LOGIN_DB: string;
+    MBKAUTH_TWO_FA_ENABLE: 'true' | 'false' | 'f';
+    COOKIE_EXPIRE_TIME?: number;
+    DEVICE_TRUST_DURATION_DAYS?: number;
+    GITHUB_LOGIN_ENABLED?: 'true' | 'false' | 'f';
+    GITHUB_CLIENT_ID?: string;
+    GITHUB_CLIENT_SECRET?: string;
+    loginRedirectURL?: string;
+    EncPass?: 'true' | 'false' | 'f';
+  }
+
+  // User Types
+  export type UserRole = 'SuperAdmin' | 'NormalUser' | 'Guest';
+
+  export interface SessionUser {
+    id: number;
+    username: string;
+    UserName: string;
+    role: UserRole;
+    Role: UserRole;
+    sessionId: string;
+    allowedApps?: string[];
+  }
+
+  export interface PreAuthUser {
+    id: number;
+    username: string;
+    UserName?: string;
+    role: UserRole;
+    Role?: UserRole;
+    loginMethod?: 'password' | 'github';
+    redirectUrl?: string | null;
+  }
+
+  // Database Types
+  export interface DBUser {
+    id: number;
+    UserName: string;
+    Password?: string;
+    PasswordEnc?: string;
+    Role: UserRole;
+    Active: boolean;
+    AllowedApps: string[];
+    SessionId?: string;
+    created_at?: Date;
+    updated_at?: Date;
+    last_login?: Date;
+  }
+
+  export interface TwoFARecord {
+    UserName: string;
+    TwoFAStatus: boolean;
+    TwoFASecret?: string;
+  }
+
+  export interface TrustedDevice {
+    id: number;
+    UserName: string;
+    DeviceToken: string;
+    DeviceName?: string;
+    UserAgent?: string;
+    IpAddress?: string;
+    CreatedAt: Date;
+    ExpiresAt: Date;
+    LastUsed: Date;
+  }
+
+  export interface GitHubUser {
+    id: number;
+    user_name: string;
+    github_id: string;
+    github_username: string;
+    access_token: string;
+    created_at: Date;
+    updated_at: Date;
+  }
+
+  // Request Extensions
+  declare global {
+    namespace Express {
+      interface Request {
+        user?: {
+          username: string;
+          UserName: string;
+          role: UserRole;
+          Role: UserRole;
+        };
+      }
+
+      interface Session {
+        user?: SessionUser;
+        preAuthUser?: PreAuthUser;
+        oauthRedirect?: string;
+      }
+    }
+  }
+
+  // API Response Types
+  export interface LoginResponse {
+    success: boolean;
+    message: string;
+    sessionId?: string;
+    twoFactorRequired?: boolean;
+    redirectUrl?: string;
+    errorCode?: number;
+  }
+
+  export interface LogoutResponse {
+    success: boolean;
+    message: string;
+  }
+
+  export interface TwoFAVerifyResponse {
+    success: boolean;
+    message: string;
+    sessionId?: string;
+    redirectUrl?: string;
+  }
+
+  export interface ErrorResponse {
+    success: false;
+    message: string;
+    errorCode?: number;
+  }
+
+  // Error Render Options
+  export interface ErrorRenderOptions {
+    layout?: boolean;
+    code: number | string;
+    error: string;
+    message: string;
+    page?: string;
+    pagename?: string;
+    details?: string;
+    app?: string;
+    version?: string;
+  }
+
+  // Middleware Types
+  export type AuthMiddleware = (
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ) => void | Promise<void>;
+
+  // Middleware Functions
+  export function validateSession(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): void | Promise<void>;
+
+  export function checkRolePermission(
+    requiredRole: UserRole | 'Any' | 'any',
+    notAllowed?: UserRole
+  ): AuthMiddleware;
+
+  export function validateSessionAndRole(
+    requiredRole: UserRole | 'Any' | 'any',
+    notAllowed?: UserRole
+  ): AuthMiddleware;
+
+  export function authenticate(token: string): AuthMiddleware;
+
+  export function authapi(requiredRole?: UserRole[]): AuthMiddleware;
+
+  // Utility Functions
+  export function renderError(
+    res: Response,
+    options: ErrorRenderOptions
+  ): Response;
+
+  export function getCookieOptions(): {
+    maxAge: number;
+    domain?: string;
+    secure: boolean;
+    sameSite: 'lax';
+    path: string;
+    httpOnly: boolean;
+  };
+
+  export function getClearCookieOptions(): {
+    domain?: string;
+    secure: boolean;
+    sameSite: 'lax';
+    path: string;
+    httpOnly: boolean;
+  };
+
+  export function generateDeviceToken(): string;
+
+  export function getDeviceTokenCookieOptions(): {
+    maxAge: number;
+    domain?: string;
+    secure: boolean;
+    sameSite: 'lax';
+    path: string;
+    httpOnly: boolean;
+  };
+
+  export function hashPassword(password: string, username: string): string;
+
+  export function clearSessionCookies(res: Response): void;
+
+  // Exports
+  export const dblogin: Pool;
+  export const mbkautheVar: MBKAuthConfig;
+  export const cachedCookieOptions: ReturnType<typeof getCookieOptions>;
+  export const cachedClearCookieOptions: ReturnType<typeof getClearCookieOptions>;
+  export const packageJson: { version: string; [key: string]: any };
+  export const appVersion: string;
+  export const DEVICE_TRUST_DURATION_DAYS: number;
+  export const DEVICE_TRUST_DURATION_MS: number;
+
+  // Default Export (Express Router)
+  const router: Router;
+  export default router;
+}

package/index.js

@@ -1,34 +1,16 @@
-import express from "express"; // Add this line
+import express from "express";
 import router from "./lib/main.js";
 import { getLatestVersion } from "./lib/main.js";
 import { engine } from "express-handlebars";
 import path from "path";
 import { fileURLToPath } from "url";
-import { renderError, packageJson } from "./lib/config.js";
+import { packageJson } from "./lib/config/index.js";
+import { renderError } from "./lib/utils/response.js";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
 const app = express();
-if (process.env.test === "dev") {
-    console.log("[mbkauthe] Dev mode is enabled. Starting server in dev mode.");
-    const port = 5555;
-    app.use(router);
-    app.use((req, res) => {
-        console.log(`Path not found: ${req.method} ${req.url}`);
-        return renderError(res, {
-            layout: false,
-            code: 404,
-            error: "Not Found",
-            message: "The requested page was not found.",
-            pagename: "Home",
-            page: "/mbkauthe/login",
-        });
-    });
-    app.listen(port, () => {
-        console.log(`[mbkauthe] Server running on http://localhost:${port}`);
-    });
-}
 
 app.set("views", [
     path.join(__dirname, "views"),
@@ -44,11 +26,6 @@ app.engine("handlebars", engine({
         path.join(__dirname, "node_modules/mbkauthe/views/Error"),
     ],
     helpers: {
-        concat: function (...args) {
-            // Remove the handlebars options object from args
-            args.pop();
-            return args.join('');
-        },
         eq: function (a, b) {
             return a === b;
         },
@@ -74,12 +51,46 @@ app.engine("handlebars", engine({
 
 app.set("view engine", "handlebars");
 
-const latestVersion = await getLatestVersion();
-if (latestVersion !== packageJson.version) {
-    console.warn(`[mbkauthe] Warning: The current version (${packageJson.version}) is not the latest version (${latestVersion}). Please update mbkauthe.`);
+// Version check with error handling
+async function checkVersion() {
+    try {
+        const latestVersion = await getLatestVersion();
+        if (latestVersion && latestVersion !== packageJson.version) {
+            console.warn(`[mbkauthe] Current version (${packageJson.version}) is outdated. Latest version: ${latestVersion}. Consider updating mbkauthe.`);
+        } else if (latestVersion) {
+            console.info(`[mbkauthe] Running latest version (${packageJson.version}).`);
+        }
+    } catch (error) {
+        console.warn(`[mbkauthe] Failed to check for updates: ${error.message}`);
+    }
+}
+
+if (process.env.test === "dev") {
+    console.log("[mbkauthe] Dev mode is enabled. Starting server in dev mode.");
+    const port = 5555;
+    app.use(router);
+    app.use((req, res) => {
+        console.log(`[mbkauthe] Path not found: ${req.method} ${req.url}`);
+        return renderError(res, {
+            layout: false,
+            code: 404,
+            error: "Not Found",
+            message: "The requested page was not found.",
+            pagename: "Home",
+            page: "/mbkauthe/login",
+        });
+    });
+    app.listen(port, () => {
+        console.log(`[mbkauthe] Server running on http://localhost:${port}`);
+    });
+}
+
+if (process.env.test !== "dev") {
+    await checkVersion();
 }
 
-export { validateSession, checkRolePermission, validateSessionAndRole, authenticate } from "./lib/validateSessionAndRole.js";
-export { renderError } from "./lib/config.js";
-export { dblogin } from "./lib/pool.js";
+export { validateSession, checkRolePermission, validateSessionAndRole, authenticate } from "./lib/middleware/auth.js";
+export { renderError } from "./lib/utils/response.js";
+export { dblogin } from "./lib/database/pool.js";
+export { ErrorCodes, ErrorMessages, getErrorByCode, createErrorResponse, logError } from "./lib/utils/errors.js";
 export default router;

package/lib/config/cookies.js

@@ -0,0 +1,52 @@
+import crypto from "crypto";
+import { mbkautheVar } from "./index.js";
+
+// Shared cookie options functions
+const getCookieOptions = () => ({
+    maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
+    domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+    secure: mbkautheVar.IS_DEPLOYED === 'true',
+    sameSite: 'lax',
+    path: '/',
+    httpOnly: true
+});
+
+const getClearCookieOptions = () => ({
+    domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+    secure: mbkautheVar.IS_DEPLOYED === 'true',
+    sameSite: 'lax',
+    path: '/',
+    httpOnly: true
+});
+
+// Cache cookie options for performance
+export const cachedCookieOptions = getCookieOptions();
+export const cachedClearCookieOptions = getClearCookieOptions();
+
+// Constants for device trust feature
+export const DEVICE_TRUST_DURATION_DAYS = mbkautheVar.DEVICE_TRUST_DURATION_DAYS;
+export const DEVICE_TRUST_DURATION_MS = DEVICE_TRUST_DURATION_DAYS * 24 * 60 * 60 * 1000;
+
+// Device token utilities
+export const generateDeviceToken = () => {
+    return crypto.randomBytes(32).toString('hex');
+};
+
+export const getDeviceTokenCookieOptions = () => ({
+    maxAge: DEVICE_TRUST_DURATION_MS,
+    domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
+    secure: mbkautheVar.IS_DEPLOYED === 'true',
+    sameSite: 'lax',
+    path: '/',
+    httpOnly: true
+});
+
+// Helper to clear all session cookies
+export const clearSessionCookies = (res) => {
+    res.clearCookie("mbkauthe.sid", cachedClearCookieOptions);
+    res.clearCookie("sessionId", cachedClearCookieOptions);
+    res.clearCookie("username", cachedClearCookieOptions);
+    res.clearCookie("device_token", cachedClearCookieOptions);
+};
+
+export { getCookieOptions, getClearCookieOptions };

package/lib/{config.js → config/index.js}

@@ -1,5 +1,4 @@
 import dotenv from "dotenv";
-import crypto from "crypto";
 import { createRequire } from "module";
 
 dotenv.config();
@@ -56,6 +55,11 @@ function validateConfiguration() {
         errors.push("mbkautheVar.GITHUB_LOGIN_ENABLED must be either 'true' or 'false' or 'f'");
     }
 
+    // Validate EncPass value if provided
+    if (mbkautheVar.EncPass && !['true', 'false', 'f'].includes(mbkautheVar.EncPass.toLowerCase())) {
+        errors.push("mbkautheVar.EncPass must be either 'true' or 'false' or 'f'");
+    }
+
     // Validate GitHub login configuration
     if (mbkautheVar.GITHUB_LOGIN_ENABLED === "true") {
         if (!mbkautheVar.GITHUB_CLIENT_ID || mbkautheVar.GITHUB_CLIENT_ID.trim() === '') {
@@ -103,47 +107,7 @@ function validateConfiguration() {
 }
 
 // Parse and validate mbkautheVar once
-const mbkautheVar = validateConfiguration();
-
-// Shared cookie options functions
-const getCookieOptions = () => ({
-    maxAge: mbkautheVar.COOKIE_EXPIRE_TIME * 24 * 60 * 60 * 1000,
-    domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
-    secure: mbkautheVar.IS_DEPLOYED === 'true',
-    sameSite: 'lax',
-    path: '/',
-    httpOnly: true
-});
-
-const getClearCookieOptions = () => ({
-    domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
-    secure: mbkautheVar.IS_DEPLOYED === 'true',
-    sameSite: 'lax',
-    path: '/',
-    httpOnly: true
-});
-
-// Cache cookie options for performance
-const cachedCookieOptions = getCookieOptions();
-const cachedClearCookieOptions = getClearCookieOptions();
-
-// Constants for device trust feature
-const DEVICE_TRUST_DURATION_DAYS = mbkautheVar.DEVICE_TRUST_DURATION_DAYS;
-const DEVICE_TRUST_DURATION_MS = DEVICE_TRUST_DURATION_DAYS * 24 * 60 * 60 * 1000;
-
-// Device token utilities
-const generateDeviceToken = () => {
-    return crypto.randomBytes(32).toString('hex');
-};
-
-const getDeviceTokenCookieOptions = () => ({
-    maxAge: DEVICE_TRUST_DURATION_MS,
-    domain: mbkautheVar.IS_DEPLOYED === 'true' ? `.${mbkautheVar.DOMAIN}` : undefined,
-    secure: mbkautheVar.IS_DEPLOYED === 'true',
-    sameSite: 'lax',
-    path: '/',
-    httpOnly: true
-});
+export const mbkautheVar = validateConfiguration();
 
 // Load package.json from mbkauthe package (not parent project)
 const require = createRequire(import.meta.url);
@@ -153,48 +117,20 @@ try {
     packageJson = require("mbkauthe/package.json");
 } catch {
     // Fallback to relative path (for development/testing)
-    packageJson = require("../package.json");
+    packageJson = require("../../package.json");
+}
+
+// Parent project version
+let appVersion;
+try {
+    appVersion = require("../../../../package.json")?.version || "unknown";
+} catch {
+    // Fallback if path doesn't work
+    try {
+        appVersion = require(process.cwd() + "/package.json")?.version || "unknown";
+    } catch {
+        appVersion = "unknown";
+    }
 }
 
-// Helper function to render error pages consistently
-const renderError = (res, { code, error, message, page, pagename, details }) => {
-    res.status(code);
-    const renderData = {
-        layout: false,
-        code,
-        error,
-        message,
-        page,
-        pagename,
-        app: mbkautheVar.APP_NAME,
-        version: packageJson.version
-    };
-
-    // Add optional parameters if provided
-    if (details !== undefined) renderData.details = details;
-
-    return res.render("Error/dError.handlebars", renderData);
-};
-
-// Helper to clear all session cookies
-const clearSessionCookies = (res) => {
-    res.clearCookie("mbkauthe.sid", cachedClearCookieOptions);
-    res.clearCookie("sessionId", cachedClearCookieOptions);
-    res.clearCookie("username", cachedClearCookieOptions);
-    res.clearCookie("device_token", cachedClearCookieOptions);
-};
-
-export {
-    mbkautheVar,
-    getCookieOptions,
-    getClearCookieOptions,
-    cachedCookieOptions,
-    cachedClearCookieOptions,
-    renderError,
-    clearSessionCookies,
-    packageJson,
-    DEVICE_TRUST_DURATION_DAYS,
-    DEVICE_TRUST_DURATION_MS,
-    generateDeviceToken,
-    getDeviceTokenCookieOptions
-};
+export { packageJson, appVersion };

package/lib/config/security.js

@@ -0,0 +1,8 @@
+import crypto from "crypto";
+
+// Password hashing using PBKDF2
+export const hashPassword = (password, username) => {
+    const salt = username;
+    // 128 characters returned
+    return crypto.pbkdf2Sync(password, salt, 100000, 64, 'sha512').toString('hex');
+};

package/lib/{pool.js → database/pool.js}

@@ -1,6 +1,6 @@
 import pkg from "pg";
 const { Pool } = pkg;
-import { mbkautheVar } from "./config.js";
+import { mbkautheVar } from "../config/index.js";
 
 const poolConfig = {
   connectionString: mbkautheVar.LOGIN_DB,