npm - mbkauthe - Versions diffs - 3.2.0 → 3.3.0 - Mend

mbkauthe 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -119,24 +119,44 @@ app.get('/admin', validateSession, checkRolePermission(['SuperAdmin']), (req, re
 app.listen(3000);
 ```
-## 🧪 Testing
-MBKAuthe includes comprehensive test coverage for all authentication features:
+## 🧪 Testing & Git Hooks
+MBKAuthe includes comprehensive test coverage for all authentication features. **A pre-commit hook is provided to ensure code quality:**
+### Pre-commit Hook (Automatic Test Runner)
+- Located at `scripts/pre-commit` and `scripts/pre-commit` (Node.js, cross-platform)
+- Starts the dev server, runs all tests, and blocks commits if any test fails
+- The dev server is automatically stopped after tests complete
+- Ensures you never commit code that breaks tests
+### Git Hook Setup
+Hooks are auto-configured every time you run `npm run dev`, `npm test`, or `npm run test:watch` (see `scripts/setup-hooks.js`).
+If you ever need to manually set up hooks:
+```bash
+node scripts/setup-hooks.js
+```
+### Running Tests
 ```bash
-# Run all tests
+# Run all tests (auto-configures hooks)
 npm test
-# Run tests in watch mode (auto-rerun on changes)
+# Run tests in watch mode (auto-configures hooks)
 npm run test:watch
-# Run with development flags
+# Run with development flags (auto-configures hooks)
 npm run dev
 ```
 **Test Coverage:**
 - ✅ Authentication flows (login, 2FA, logout)
-- ✅ OAuth integration (GitHub)
+- ✅ OAuth integration (GitHub)
 - ✅ Session management and security
 - ✅ Role-based access control
 - ✅ API endpoints and error handling

package/docs/api.md CHANGED Viewed

@@ -764,9 +764,7 @@ app.get('/protected', validateSession, (req, res) => {
 req.session.user = {
   id: 1,                    // User ID
   username: "john.doe",     // Username
-  UserName: "john.doe",     // Username (alias)
   role: "NormalUser",       // User role
-  Role: "NormalUser",       // User role (alias)
   sessionId: "abc123...",   // 64-char hex session ID
 }
 ```

package/docs/db.md CHANGED Viewed

@@ -43,7 +43,7 @@ CREATE TABLE user_github (
     user_name VARCHAR(50) REFERENCES "Users"("UserName"),
     github_id VARCHAR(255) UNIQUE,
     github_username VARCHAR(255),
-    access_token VARCHAR(255),
+    access_token TEXT,
     created_at TimeStamp WITH TIME ZONE DEFAULT NOW(),
     updated_at TimeStamp WITH TIME ZONE DEFAULT NOW()
 );
@@ -58,7 +58,7 @@ CREATE TABLE user_google (
     user_name VARCHAR(50) REFERENCES "Users"("UserName"),
     google_id VARCHAR(255) UNIQUE,
     google_email VARCHAR(255),
-    access_token VARCHAR(255),
+    access_token TEXT,
     created_at TimeStamp WITH TIME ZONE DEFAULT NOW(),
     updated_at TimeStamp WITH TIME ZONE DEFAULT NOW()
 );

package/index.d.ts CHANGED Viewed

@@ -11,9 +11,7 @@ declare global {
     interface Request {
       user?: {
         username: string;
-        UserName: string;
         role: 'SuperAdmin' | 'NormalUser' | 'Guest';
-        Role: 'SuperAdmin' | 'NormalUser' | 'Guest';
       };
       userRole?: 'SuperAdmin' | 'NormalUser' | 'Guest';
     }
@@ -22,20 +20,17 @@ declare global {
       user?: {
         id: number;
         username: string;
-        UserName: string;
         role: 'SuperAdmin' | 'NormalUser' | 'Guest';
-        Role: 'SuperAdmin' | 'NormalUser' | 'Guest';
         sessionId: string;
         allowedApps?: string[];
       };
       preAuthUser?: {
         id: number;
         username: string;
-        UserName?: string;
         role: 'SuperAdmin' | 'NormalUser' | 'Guest';
-        Role?: 'SuperAdmin' | 'NormalUser' | 'Guest';
         loginMethod?: 'password' | 'github' | 'google';
         redirectUrl?: string | null;
+        allowedApps?: string[];
       };
       oauthRedirect?: string;
       oauthCsrfToken?: string;
@@ -80,9 +75,7 @@ declare module 'mbkauthe' {
   export interface SessionUser {
     id: number;
     username: string;
-    UserName: string;
     role: UserRole;
-    Role: UserRole;
     sessionId: string;
     allowedApps?: string[];
   }
@@ -90,9 +83,8 @@ declare module 'mbkauthe' {
   export interface PreAuthUser {
     id: number;
     username: string;
-    UserName?: string;
     role: UserRole;
-    Role?: UserRole;
+    allowedApps?: string[];
     loginMethod?: 'password' | 'github' | 'google';
     redirectUrl?: string | null;
   }

package/lib/middleware/index.js CHANGED Viewed

@@ -81,9 +81,7 @@ export async function sessionRestorationMiddleware(req, res, next) {
         req.session.user = {
           id: user.id,
           username: user.UserName,
-          UserName: user.UserName,
           role: user.Role,
-          Role: user.Role,
           sessionId: normalizedSessionId,
           allowedApps: user.AllowedApps,
         };

package/lib/routes/auth.js CHANGED Viewed

@@ -103,7 +103,6 @@ export async function checkTrustedDevice(req, username) {
         id: deviceUser.id,
         username: username,
         role: deviceUser.Role,
-        Role: deviceUser.Role,
         allowedApps: deviceUser.AllowedApps,
       };
     }
@@ -166,9 +165,7 @@ export async function completeLoginProcess(req, res, user, redirectUrl = null, t
     req.session.user = {
       id: user.id,
       username: username,
-      UserName: username,
       role: user.role || user.Role,
-      Role: user.role || user.Role,
       sessionId,
       allowedApps: user.allowedApps || user.AllowedApps,
     };
@@ -346,7 +343,6 @@ router.post("/api/login", LoginLimit, async (req, res) => {
         id: user.id,
         username: user.UserName,
         role: user.Role,
-        Role: user.Role,
         allowedApps: user.AllowedApps,
       };
       const requestedRedirect = typeof redirect === 'string' && redirect.startsWith('/') && !redirect.startsWith('//') ? redirect : null;
@@ -360,7 +356,7 @@ router.post("/api/login", LoginLimit, async (req, res) => {
         id: user.id,
         username: user.UserName,
         role: user.Role,
-        Role: user.Role,
+        allowedApps: user.AllowedApps,
         redirectUrl: requestedRedirect
       };
       console.log(`[mbkauthe] 2FA required for user: ${trimmedUsername}`);
@@ -372,7 +368,6 @@ router.post("/api/login", LoginLimit, async (req, res) => {
       id: user.id,
       username: user.UserName,
       role: user.Role,
-      Role: user.Role,
       allowedApps: user.AllowedApps,
     };
     const requestedRedirect = typeof redirect === 'string' && redirect.startsWith('/') && !redirect.startsWith('//') ? redirect : null;
@@ -443,7 +438,10 @@ router.post("/api/verify-2fa", TwoFALimit, csrfProtection, async (req, res) => {
   const shouldTrustDevice = trustDevice === true || trustDevice === 'true';
   try {
-    const query = `SELECT tfa."TwoFASecret", u."AllowedApps" FROM "TwoFA" tfa JOIN "Users" u ON tfa."UserName" = u."UserName" WHERE tfa."UserName" = $1`;
+    // Use cached allowedApps from preAuthUser to avoid extra database join
+    const cachedAllowedApps = req.session.preAuthUser?.allowedApps;
+    const query = `SELECT tfa."TwoFASecret" FROM "TwoFA" tfa WHERE tfa."UserName" = $1`;
     const twoFAResult = await dblogin.query({ name: 'verify-2fa-secret', text: query, values: [username] });
     if (twoFAResult.rows.length === 0 || !twoFAResult.rows[0].TwoFASecret) {
@@ -453,7 +451,7 @@ router.post("/api/verify-2fa", TwoFALimit, csrfProtection, async (req, res) => {
     }
     const sharedSecret = twoFAResult.rows[0].TwoFASecret;
-    const allowedApps = twoFAResult.rows[0].AllowedApps;
+    const allowedApps = cachedAllowedApps;
     const tokenValidates = speakeasy.totp.verify({
       secret: sharedSecret,
       encoding: "base32",

package/lib/routes/oauth.js CHANGED Viewed

@@ -355,9 +355,8 @@ const createOAuthCallback = (provider, strategy) => {
           req.session.preAuthUser = {
             id: user.id,
             username: user.UserName,
-            UserName: user.UserName,
             role: user.Role,
-            Role: user.Role,
+            allowedApps: user.AllowedApps,
             loginMethod: provider.toLowerCase(),
             redirectUrl: oauthRedirect || null
           };
@@ -387,9 +386,7 @@ const handleOAuthRedirect = async (req, res, user, type) => {
   const userForSession = {
     id: user.id,
     username: user.UserName,
-    UserName: user.UserName,
     role: user.Role,
-    Role: user.Role,
     allowedApps: user.AllowedApps,
   };

package/package.json CHANGED Viewed

@@ -1,14 +1,14 @@
 {
   "name": "mbkauthe",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "description": "MBKTech's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",
   "types": "index.d.ts",
   "scripts": {
-    "dev": "cross-env test=dev nodemon index.js",
-    "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
-    "test:watch": "node --experimental-vm-modules node_modules/jest/bin/jest.js --watch"
+    "dev": "node scripts/setup-hooks.js && cross-env test=dev nodemon index.js",
+    "test": "node scripts/setup-hooks.js && node --experimental-vm-modules node_modules/jest/bin/jest.js",
+    "test:watch": "node scripts/setup-hooks.js && node --experimental-vm-modules node_modules/jest/bin/jest.js --watch"
   },
   "repository": {
     "type": "git",