mbkauthe 4.6.2 → 4.7.0

package/README.md

@@ -30,6 +30,7 @@
 - Session fixation prevention
 - Dynamic profile picture routing with session caching
 - Modern responsive UI with desktop two-column layout
+- Dev-only DB Query Monitor with callsite, timing, and request context
 
 ## 📦 Installation
 
@@ -46,7 +47,7 @@ Copy-Item .env.example .env
 ```
 See [docs/env.md](docs/env.md).
 
-**2. Set Up Database**  
+**2. Set Up Database**
 Run [docs/db.sql](docs/db.sql) to create tables and a default SuperAdmin (`support` / `12345678`). Change the password immediately. See [docs/db.md](docs/db.md).
 
 **3. Integrate with Express**
@@ -81,6 +82,14 @@ npm run dev
 - **Combined:** `validateSessionAndRole(['SuperAdmin', 'NormalUser'])`
 - **API Token Auth:** `authenticate(process.env.API_TOKEN)`
 
+## 🧰 Diagnostics (dev only)
+
+These are only mounted when `process.env.env === "dev"`:
+
+- **DB Query Monitor (HTML):** `/mbkauthe/db`
+- **DB Query Monitor (JSON):** `/mbkauthe/db.json`
+- **SuperAdmin check:** `/mbkauthe/validate-superadmin`
+
 ## 🔐 Security
 
 - Rate limiting, CSRF protection, secure cookies
@@ -102,6 +111,18 @@ Enable via `MBKAUTH_TWO_FA_ENABLE=true`. Trusted devices can skip 2FA for a set
 - **Custom Views:** `views/loginmbkauthe.handlebars`, `2fa.handlebars`, `Error/dError.handlebars`
 - **Database Access:** `import { dblogin } from 'mbkauthe'; const result = await dblogin.query('SELECT * FROM "Users"');`
 
+## 📄 API Reference
+
+- Full endpoint list and details: [docs/api.md](docs/api.md)
+
+## 🧰 Diagnostics (dev only)
+
+- **DB Query Monitor (HTML):** `/mbkauthe/db`
+- **DB Query Monitor (JSON):** `/mbkauthe/db.json`
+- **SuperAdmin check:** `/mbkauthe/debug/validate-superadmin`
+
+These routes are only mounted when `process.env.env === "dev"`. They expose query timing, status/error, pool stats, request context, and callsite data for troubleshooting.
+
 ## 🚢 Deployment
 
 Checklist for production:

package/docs/api.md

@@ -15,6 +15,8 @@ This document provides comprehensive API documentation for MBKAuthe authenticati
   - [Protected Endpoints](#protected-endpoints)
   - [OAuth Endpoints](#oauth-endpoints)
   - [Information Endpoints](#information-endpoints)
+- [Diagnostics (Dev Only)](#diagnostics-dev-only)
+- [Additional Endpoints](#additional-endpoints)
 - [Middleware Reference](#middleware-reference)
 - [Code Examples](#code-examples)
 
@@ -195,6 +197,150 @@ GET /mbkauthe/login?redirect=/dashboard
 
 ---
 
+#### `GET /mbkauthe/2fa`
+
+Renders the 2FA challenge page after a login that requires TOTP.
+
+**Rate Limit:** 5 requests per minute
+
+---
+
+#### `GET /mbkauthe/accounts`
+
+Renders the account-switch page for remembered sessions on the device.
+
+**Rate Limit:** 8 requests per minute
+
+---
+
+#### `GET /mbkauthe/test`
+
+Renders a test page for the current session context.
+
+**Rate Limit:** 8 requests per minute
+
+---
+
+#### `POST /mbkauthe/test`
+
+Lightweight check to verify an authenticated session.
+
+**Response:** `{ "success": true, "message": "You are logged in" }`
+
+---
+
+## Diagnostics (Dev Only)
+
+These endpoints are only mounted when `process.env.env === "dev"`.
+
+#### `GET /mbkauthe/db`
+
+Renders the DB Query Monitor page. The UI fetches data from `/mbkauthe/db.json`.
+
+**Query Parameters:**
+- `limit` (optional) - number of most recent queries to show (default: 50)
+- `resetDone` (optional) - UI notification flag used after reset
+
+---
+
+#### `GET /mbkauthe/db.json`
+
+Returns recent DB query diagnostics.
+
+**Query Parameters:**
+- `limit` (optional) - number of most recent queries to return (default: 50)
+- `reset` (optional) - set to `1` to clear the query log and counter
+
+**Response Body:**
+```json
+{
+  "queryCount": 120,
+  "queryLimit": 50,
+  "resetDone": false,
+  "queryLog": [
+    {
+      "time": "2026-03-19T12:00:00.000Z",
+      "name": "login-get-user",
+      "query": "SELECT ...",
+      "values": ["user"],
+      "durationMs": 3.42,
+      "success": true,
+      "error": null,
+      "request": {
+        "method": "GET",
+        "url": "/mbkauthe/login",
+        "ip": "::1",
+        "userId": 1,
+        "username": "support"
+      },
+      "pool": {
+        "total": 2,
+        "idle": 1,
+        "waiting": 0
+      },
+      "callsite": {
+        "function": "validateSession",
+        "file": "lib/middleware/auth.js",
+        "line": 197,
+        "column": 30
+      }
+    }
+  ]
+}
+```
+
+---
+
+#### `GET /mbkauthe/validate-superadmin`
+
+Validates that the current session has `SuperAdmin` role and returns a JSON summary.
+
+---
+
+## Additional Endpoints
+
+The endpoints below are active in the router but are not fully expanded above. Use this list as a reference.
+
+**Auth & Session:**
+
+- `POST /mbkauthe/api/verify-2fa` - Verifies TOTP and completes login.
+- `POST /mbkauthe/api/logout` - Logs out the current session.
+- `GET /mbkauthe/api/account-sessions` - Lists remembered accounts for the current device.
+- `POST /mbkauthe/api/switch-session` - Switches active session to another remembered account.
+- `POST /mbkauthe/api/logout-all` - Logs out all remembered accounts on the device.
+
+**Session Validation:**
+
+- `GET /mbkauthe/api/checkSession` - Checks session validity (cookie-based).
+- `POST /mbkauthe/api/checkSession` - Checks session validity by sessionId (body).
+- `POST /mbkauthe/api/verifySession` - Returns session details by sessionId (body).
+
+**OAuth:**
+
+- `GET /mbkauthe/api/github/login` - Starts GitHub OAuth login flow.
+- `GET /mbkauthe/api/github/login/callback` - GitHub OAuth callback.
+- `GET /mbkauthe/api/google/login` - Starts Google OAuth login flow.
+- `GET /mbkauthe/api/google/login/callback` - Google OAuth callback.
+
+**Info & UI:**
+
+- `GET /mbkauthe/info` and `GET /mbkauthe/i` - Info page.
+- `GET /mbkauthe/info.json` and `GET /mbkauthe/i.json` - Info page JSON.
+- `GET /mbkauthe/ErrorCode` - Error codes page.
+- `GET /mbkauthe/user/profilepic` - User profile picture proxy.
+
+**Admin:**
+
+- `POST /mbkauthe/api/terminateAllSessions` - Terminates all sessions (requires `Main_SECRET_TOKEN`).
+
+**Static Assets:**
+
+- `GET /mbkauthe/main.js`
+- `GET /mbkauthe/main.css`
+- `GET /mbkauthe/bg.webp`
+
+---
+
 #### `POST /mbkauthe/api/login`
 
 Authenticates a user and creates a session.

package/docs/env.md

@@ -81,6 +81,12 @@ This document describes the environment variables MBKAuth expects and keeps brie
   - Example: `"loginRedirectURL":"/dashboard"`
   - Required: No
 
+- env
+  - Description: Development flag to enable diagnostics (DB query monitor, debug endpoints).
+  - Values: `dev` to enable; any other value disables.
+  - Example: `env=dev`
+  - Required: No
+
 - bucket
   - Description: Optional external storage bucket name or identifier used for static assets or third-party integrations.
   - Default: an empty string `""` (no bucket configured)

package/index.js

@@ -59,7 +59,7 @@ if (process.env.test === "dev") {
             return res.redirect("/mbkauthe/");
     });
     app.get("/dev/2fa", (req, res) => {
-            return renderPage(req, res, "2fa", {
+            return renderPage(req, res, "pages/2fa.handlebars", {
                 layout: false,
                 pagename: "Two-Factor Authentication",
                 page: "/home"
@@ -109,7 +109,8 @@ export {
     sessionConfig,
     corsMiddleware,
     sessionRestorationMiddleware,
-    sessionCookieSyncMiddleware
+    sessionCookieSyncMiddleware,
+    requestContextMiddleware
 } from "./lib/middleware/index.js";
 export { validateTokenScope } from "./lib/middleware/scopeValidator.js";
 export { renderError, getUserContext, renderPage, proxycall } from "#response.js";

package/lib/main.js

@@ -6,11 +6,13 @@ import {
   sessionConfig,
   corsMiddleware,
   sessionRestorationMiddleware,
-  sessionCookieSyncMiddleware
+  sessionCookieSyncMiddleware,
+  requestContextMiddleware
 } from "./middleware/index.js";
 import authRoutes from "./routes/auth.js";
 import oauthRoutes from "./routes/oauth.js";
 import miscRoutes from "./routes/misc.js";
+import dbLogsRoutes from "./routes/dbLogs.js";
 import { fileURLToPath } from "url";
 import path from "path";
 
@@ -45,6 +47,11 @@ router.use(session(sessionConfig));
 // Session restoration
 router.use(sessionRestorationMiddleware);
 
+// Attach request context for DB query logging (dev only)
+if (process.env.env === 'dev') {
+  router.use(requestContextMiddleware);
+}
+
 // Initialize passport
 router.use(passport.initialize());
 router.use(passport.session());
@@ -57,6 +64,10 @@ router.use('/mbkauthe', authRoutes);
 router.use('/mbkauthe', oauthRoutes);
 router.use('/mbkauthe', miscRoutes);
 
+if (process.env.env === 'dev') {
+  router.use('/mbkauthe', dbLogsRoutes);
+}
+
 // Redirect shortcuts for login
 router.get(["/login", "/signin"], async (req, res) => {
   const queryParams = new URLSearchParams(req.query).toString();
@@ -64,7 +75,7 @@ router.get(["/login", "/signin"], async (req, res) => {
   return res.redirect(redirectUrl);
 });
 
-router.get(['/icon.svg',"/favicon.ico", "/icon.png"], (req, res) => {
+router.get(['/icon.svg', "/favicon.ico", "/icon.png"], (req, res) => {
   res.setHeader('Cache-Control', 'public, max-age=31536000');
   res.sendFile(path.join(__dirname, '..', 'public', 'M.png'));
 });

package/lib/middleware/index.js

@@ -1,7 +1,7 @@
 import session from "express-session";
 import pgSession from "connect-pg-simple";
 const PgSession = pgSession(session);
-import { dblogin } from "#pool.js";
+import { dblogin, runWithRequestContext } from "#pool.js";
 import { mbkautheVar } from "#config.js";
 import { cachedCookieOptions, decryptSessionId, encryptSessionId } from "#cookies.js";
 
@@ -142,4 +142,9 @@ export function sessionCookieSyncMiddleware(req, res, next) {
     }
   }
   next();
+}
+
+// Request context middleware (used for DB query logging)
+export function requestContextMiddleware(req, res, next) {
+  return runWithRequestContext(req, () => next());
 }

package/lib/pool.js

@@ -21,7 +21,28 @@ const poolConfig = {
 
 export const dblogin = new Pool(poolConfig);
 
-if(process.env.env === 'dev') {
+
+
+// For logging and testing purposes, we can track query counts and logs in development mode.
+
+import path from "path";
+import { AsyncLocalStorage } from "async_hooks";
+
+const isDev = process.env.env === 'dev';
+const requestContext = isDev ? new AsyncLocalStorage() : null;
+
+export const runWithRequestContext = (req, fn) => {
+  if (!isDev || !requestContext) return fn();
+  return requestContext.run({ req }, fn);
+};
+
+export const getRequestContext = () => {
+  if (!isDev || !requestContext) return undefined;
+  return requestContext.getStore();
+};
+
+if (isDev) {
+
   // Simple counter for all DB requests made via this pool. This is intentionally
   // lightweight.
   let _dbQueryCount = 0;
@@ -36,29 +57,133 @@ if(process.env.env === 'dev') {
     // Track query text for debugging/metrics.
     // `pg` supports (text, values, callback) or (config, callback).
     let queryText = '';
+    let queryName = '';
+    let queryValues;
     try {
       if (typeof args[0] === 'string') {
         queryText = args[0];
+        queryValues = Array.isArray(args[1]) ? args[1] : undefined;
       } else if (args[0] && typeof args[0] === 'object') {
         queryText = args[0].text || '';
+        queryName = args[0].name || '';
+        queryValues = Array.isArray(args[0].values) ? args[0].values : undefined;
       }
     } catch {
       queryText = '';
     }
 
-    if (queryText) {
+    if (!queryText) {
+      return _origQuery(...args);
+    }
+
+    const startTime = process.hrtime.bigint();
+    const toWorkspacePath = (filePath) => {
+      const rel = path.relative(process.cwd(), filePath) || filePath;
+      return rel.replace(/\\/g, '/');
+    };
+
+    const buildCallsite = () => {
+      try {
+        const stack = new Error().stack || '';
+        const lines = stack.split('\n').map(l => l.trim());
+        // Skip frames from this wrapper and node internals; pick first app frame.
+        const frame = lines.find((line) =>
+          line.startsWith('at ') &&
+          !line.includes('/lib/pool.js') &&
+          !line.includes('node:internal') &&
+          !line.includes('internal/process')
+        );
+
+        if (!frame) return null;
+
+        const withFunc = /^at\s+([^\s(]+)\s+\((.+):([0-9]+):([0-9]+)\)$/.exec(frame);
+        const noFunc = /^at\s+(.+):([0-9]+):([0-9]+)$/.exec(frame);
+
+        if (withFunc) {
+          return {
+            function: withFunc[1],
+            file: toWorkspacePath(withFunc[2]),
+            line: Number(withFunc[3]),
+            column: Number(withFunc[4])
+          };
+        }
+        if (noFunc) {
+          return {
+            function: null,
+            file: toWorkspacePath(noFunc[1]),
+            line: Number(noFunc[2]),
+            column: Number(noFunc[3])
+          };
+        }
+      } catch {
+        return null;
+      }
+      return null;
+    };
+
+    const buildRequestContext = () => {
+      const store = getRequestContext();
+      const req = store?.req;
+      if (!req) return null;
+
+      const user = req.session?.user || null;
+      return {
+        method: req.method,
+        url: req.originalUrl || req.url,
+        ip: req.ip,
+        userId: user?.id || null,
+        username: user?.username || null
+      };
+    };
+
+    const callsiteSnapshot = buildCallsite();
+
+    const recordLog = (success, error) => {
+      const durationMs = Number(process.hrtime.bigint() - startTime) / 1_000_000;
+      const request = buildRequestContext();
+
       _dbQueryLog.push({
         time: new Date().toISOString(),
         query: queryText,
-        values: Array.isArray(args[1]) ? args[1] : undefined
+        name: queryName || undefined,
+        values: queryValues,
+        durationMs,
+        success,
+        error: error ? { message: error.message, code: error.code } : undefined,
+        request,
+        pool: {
+          total: dblogin.totalCount,
+          idle: dblogin.idleCount,
+          waiting: dblogin.waitingCount
+        },
+        callsite: callsiteSnapshot
       });
 
       if (_dbQueryLog.length > _MAX_QUERY_LOG_ENTRIES) {
         _dbQueryLog.shift();
       }
-    }
+    };
+
+    try {
+      const result = _origQuery(...args);
+      if (result && typeof result.then === 'function') {
+        return result
+          .then((res) => {
+            recordLog(true, null);
+            return res;
+          })
+          .catch((err) => {
+            recordLog(false, err);
+            throw err;
+          });
+      }
 
-    return _origQuery(...args);
+      recordLog(true, null);
+      return result;
+    } catch (err) {
+      recordLog(false, err);
+      throw err;
+    }
   };
 
   // Public helpers

package/lib/routes/auth.js

@@ -517,7 +517,7 @@ router.get("/2fa", csrfProtection, (req, res) => {
     redirectToUse = mbkautheVar.loginRedirectURL || '/dashboard';
   }
 
-  res.render("2fa.handlebars", {
+  res.render("pages/2fa.handlebars", {
     layout: false,
     customURL: redirectToUse,
     csrfToken: req.csrfToken(),
@@ -828,7 +828,7 @@ router.post("/api/logout-all", LoginLimit, async (req, res) => {
 // GET /mbkauthe/login
 router.get("/login", LoginLimit, csrfProtection, (req, res) => {
   const lastLogin = req.cookies && typeof req.cookies.lastLoginMethod === 'string' ? req.cookies.lastLoginMethod : null;
-  return res.render("loginmbkauthe.handlebars", {
+  return res.render("pages/loginmbkauthe.handlebars", {
     layout: false,
     githubLoginEnabled: mbkautheVar.GITHUB_LOGIN_ENABLED,
     googleLoginEnabled: mbkautheVar.GOOGLE_LOGIN_ENABLED,
@@ -853,7 +853,7 @@ router.get("/accounts", LoginLimit, csrfProtection, (req, res) => {
     ? redirectFromQuery
     : (mbkautheVar.loginRedirectURL || '/dashboard');
 
-  return res.render("accountSwitch.handlebars", {
+  return res.render("pages/accountSwitch.handlebars", {
     layout: false,
     customURL: safeRedirect,
     version: packageJson.version,

package/lib/routes/dbLogs.js

@@ -0,0 +1,67 @@
+import express from "express";
+import { renderError } from "#response.js";
+import { dblogin } from "#pool.js";
+import { mbkautheVar } from "#config.js";
+import rateLimit from 'express-rate-limit';
+
+const router = express.Router();
+
+// Rate limiter for info/test routes
+const LogLimit = rateLimit({
+  windowMs: 1 * 60 * 1000,
+  max: 50,
+  message: { success: false, message: "Too many attempts, please try again later" },
+  skip: (req) => {
+    return !!req.session.user;
+  },
+  validate: {
+    trustProxy: false,
+    xForwardedForHeader: false
+  }
+});
+
+// DB stats API (JSON)
+router.get(["/db.json"], LogLimit, async (req, res) => {
+  try {
+    const queryCount = typeof dblogin.getQueryCount === 'function' ? dblogin.getQueryCount() : null;
+    const queryLimit = Number(req.query.limit) || 50;
+    const queryLog = typeof dblogin.getQueryLog === 'function' ? dblogin.getQueryLog({ limit: queryLimit }) : [];
+    const resetRequested = req.query.reset === '1';
+
+    if (resetRequested) {
+      if (typeof dblogin.resetQueryCount === 'function') dblogin.resetQueryCount();
+      if (typeof dblogin.resetQueryLog === 'function') dblogin.resetQueryLog();
+    }
+
+    return res.json({ queryCount, queryLimit, queryLog, resetDone: resetRequested });
+  } catch (err) {
+    console.error('[mbkauthe] /db.json route error:', err);
+    return res.status(500).json({ success: false, message: 'Could not fetch DB stats.' });
+  }
+});
+
+// DB stats page (HTML)
+router.get(["/db"], LogLimit, async (req, res) => {
+  try {
+    const queryLimit = Number(req.query.limit) || 50;
+    const resetDone = req.query.resetDone === '1';
+    return res.render('pages/dbLogs.handlebars', {
+      layout: false,
+      appName: mbkautheVar.APP_NAME,
+      queryLimit,
+      resetDone
+    });
+  } catch (err) {
+    console.error('[mbkauthe] /db route error:', err);
+    return renderError(res, req, {
+      layout: false,
+      code: 500,
+      error: "Internal Server Error",
+      message: "Could not fetch DB stats.",
+      pagename: "DB Stats",
+      page: "/mbkauthe/info",
+    });
+  }
+});
+
+export default router;

package/lib/routes/misc.js

@@ -3,7 +3,7 @@ import fetch from 'node-fetch';
 import rateLimit from 'express-rate-limit';
 import { mbkautheVar, packageJson, appVersion } from "#config.js";
 import { renderError } from "#response.js";
-import { authenticate, validateSession, validateApiSession } from "../middleware/auth.js";
+import { authenticate, validateSession, validateSessionAndRole } from "../middleware/auth.js";
 import { ErrorCodes, ErrorMessages, createErrorResponse } from "../utils/errors.js";
 import { dblogin } from "#pool.js";
 import { clearSessionCookies, decryptSessionId } from "#cookies.js";
@@ -157,6 +157,28 @@ router.get('/user/profilepic', async (req, res) => {
   }
 });
 
+if (process.env.env === 'dev') {
+  // Dev-only diagnostic endpoint to verify SuperAdmin role enforcement
+  router.get(['/validate-superadmin'], validateSessionAndRole("SuperAdmin"), LoginLimit, async (req, res) => {
+    try {
+      const user = req.session?.user || null;
+      return res.json({
+        success: true,
+        message: 'SuperAdmin access granted',
+        user: user ? {
+          id: user.id,
+          username: user.username,
+          role: user.role,
+          sessionId: user.sessionId
+        } : null
+      });
+    } catch (err) {
+      console.error('[mbkauthe] debug validate-superadmin error:', err);
+      return res.status(500).json(createErrorResponse(500, ErrorCodes.INTERNAL_SERVER_ERROR));
+    }
+  });
+}
+
 // Test route
 router.get(['/test', '/'], validateSession, LoginLimit, async (req, res) => {
   const { username, fullname, role, id, sessionId, allowedApps } = req.session.user;
@@ -165,7 +187,7 @@ router.get(['/test', '/'], validateSession, LoginLimit, async (req, res) => {
     ? new Date(req.session.cookie.expires).toISOString()
     : null;
 
-  return res.render('test.handlebars', {
+  return res.render('pages/test.handlebars', {
     layout: false,
     username,
     fullname: fullname || 'N/A',
@@ -483,7 +505,7 @@ router.get(["/info", "/i"], LoginLimit, async (req, res) => {
   }
 
   try {
-    res.render("info_mbkauthe.handlebars", {
+    res.render("pages/info_mbkauthe.handlebars", {
       layout: false,
       mbkautheVar: safe_mbkautheVar,
       CurrentVersion: packageJson.version,
@@ -506,59 +528,6 @@ router.get(["/info", "/i"], LoginLimit, async (req, res) => {
   }
 });
 
-if(process.env.env === 'dev') {
-  // DB stats page
-  router.get(["/db", "/db.json"], LoginLimit, async (req, res) => {
-    try {
-      const queryCount = typeof dblogin.getQueryCount === 'function' ? dblogin.getQueryCount() : null;
-      const queryLimit = Number(req.query.limit) || 50;
-      const queryLog = typeof dblogin.getQueryLog === 'function' ? dblogin.getQueryLog({ limit: queryLimit }) : [];
-
-      // Allow a manual reset via query string (e.g., /mbkauthe/db?reset=1)
-      if (req.query.reset === '1') {
-        if (typeof dblogin.resetQueryCount === 'function') dblogin.resetQueryCount();
-        if (typeof dblogin.resetQueryLog === 'function') dblogin.resetQueryLog();
-      }
-
-      if (req.path.endsWith('.json')) {
-        return res.json({ queryCount, queryLog });
-      }
-
-      const formattedLog = queryLog
-        .map((entry, idx) => {
-          const values = Array.isArray(entry.values) ? ` -- values: ${JSON.stringify(entry.values)}` : '';
-          return `${idx + 1}. [${entry.time}] ${entry.query}${values}`;
-        })
-        .join('\n\n');
-
-      return res.send(`<!doctype html>
-        <html lang="en">
-          <head>
-            <meta charset="utf-8" />
-            <title>mbkauthe DB Stats</title>
-            <style>body{font-family:system-ui, sans-serif;margin:2rem;}h1{margin-bottom:1rem;}pre{background:#f7f7f7;padding:1rem;border-radius:6px;white-space:pre-wrap;word-break:break-word;}</style>
-          </head>
-          <body>
-            <h1>mbkauthe DB Stats</h1>
-            <p>Query count: <strong>${queryCount}</strong></p>
-            <p>Showing last <strong>${queryLimit}</strong> queries (<a href="/mbkauthe/db?reset=1">reset</a>)</p>
-            <pre>${formattedLog || '<i>No queries recorded yet.</i>'}</pre>
-          </body>
-        </html>`);
-    } catch (err) {
-      console.error('[mbkauthe] /db route error:', err);
-      return renderError(res, req, {
-        layout: false,
-        code: 500,
-        error: "Internal Server Error",
-        message: "Could not fetch DB stats.",
-        pagename: "DB Stats",
-        page: "/mbkauthe/info",
-      });
-    }
-  });
-}
-
 router.get(["/info.json", "/i.json"], LoginLimit, async (req, res) => {
   let latestVersion;
   try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "4.6.2",
+  "version": "4.7.0",
   "description": "MBKTech's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",

package/views/pages/dbLogs.handlebars

@@ -0,0 +1,476 @@
+<!DOCTYPE html>
+<html lang="en">
+
+{{> head pageTitle="DB Query Monitor" ogUrl="/mbkauthe/db" extraStyles="<style>
+  .db-container {
+    flex: 1;
+    display: flex;
+    align-items: flex-start;
+    justify-content: center;
+    padding: 120px 1.7rem 40px;
+    position: relative;
+    overflow: hidden;
+    background: radial-gradient(circle at top right, rgba(33, 150, 243, 0.25), transparent 55%),
+                radial-gradient(circle at 20% 20%, rgba(0, 184, 148, 0.18), transparent 50%),
+                linear-gradient(135deg, var(--darker), #0b1e25);
+  }
+
+  .db-panel {
+    background: rgba(10, 20, 20, 0.94);
+    border-radius: 18px;
+    padding: 2.25rem;
+    width: min(1200px, 100%);
+    box-shadow: 0 18px 48px rgba(0, 0, 0, 0.45);
+    border: 1px solid rgba(0, 184, 148, 0.18);
+    position: relative;
+    z-index: 2;
+    overflow: hidden;
+  }
+
+  .db-panel::after {
+    content: '';
+    position: absolute;
+    inset: 0;
+    background: linear-gradient(120deg, rgba(33, 150, 243, 0.06), transparent 55%);
+    pointer-events: none;
+  }
+
+  .db-header {
+    display: flex;
+    flex-wrap: wrap;
+    justify-content: space-between;
+    align-items: flex-start;
+    gap: 1.5rem;
+    margin-bottom: 1.5rem;
+  }
+
+  .db-title {
+    font-family: var(--font-display);
+    font-size: clamp(1.8rem, 2vw, 2.4rem);
+    color: var(--light);
+  }
+
+  .db-subtitle {
+    color: var(--text-light);
+    font-size: var(--text-size-sm);
+    margin-top: 0.3rem;
+  }
+
+  .db-actions {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 0.6rem;
+  }
+
+  .db-link {
+    padding: 0.45rem 0.85rem;
+    border-radius: 0.6rem;
+    border: 1px solid rgba(33, 150, 243, 0.4);
+    background: rgba(33, 150, 243, 0.12);
+    color: var(--light);
+    text-decoration: none;
+    transition: var(--transition);
+  }
+
+  .db-link:hover {
+    background: rgba(33, 150, 243, 0.25);
+  }
+
+  .db-card {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(180px, 1fr));
+    gap: 1rem;
+    margin-bottom: 1.5rem;
+  }
+
+  .stat-box {
+    padding: 1rem 1.2rem;
+    border-radius: 14px;
+    border: 1px solid rgba(0, 184, 148, 0.2);
+    background: rgba(0, 0, 0, 0.25);
+  }
+
+  .stat-label {
+    font-size: 0.85rem;
+    color: var(--text-light);
+    text-transform: uppercase;
+    letter-spacing: 0.08em;
+  }
+
+  .stat-value {
+    font-size: 1.4rem;
+    font-weight: 700;
+    color: var(--light);
+  }
+
+  .db-toolbar {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 0.75rem;
+    align-items: center;
+    margin-bottom: 1.2rem;
+  }
+
+  .db-toolbar label {
+    color: var(--text-light);
+  }
+
+  .db-toolbar input {
+    width: 5rem;
+    padding: 0.35rem 0.5rem;
+    border-radius: 0.5rem;
+    border: 1px solid rgba(255, 255, 255, 0.2);
+    background: rgba(0, 0, 0, 0.4);
+    color: var(--text);
+  }
+
+  .db-toolbar button {
+    padding: 0.45rem 0.85rem;
+    border-radius: 0.6rem;
+    border: 1px solid rgba(0, 184, 148, 0.4);
+    background: rgba(0, 184, 148, 0.12);
+    color: var(--light);
+    cursor: pointer;
+    transition: var(--transition);
+  }
+
+  .db-toolbar button:hover {
+    background: rgba(0, 184, 148, 0.25);
+  }
+
+  .db-table-wrapper {
+    border-radius: 16px;
+    border: 1px solid rgba(255, 255, 255, 0.08);
+    background: rgba(6, 12, 14, 0.7);
+    padding: 0.4rem;
+    overflow-x: auto;
+  }
+
+  .copy-row-btn {
+    padding: 0.25rem 0.6rem;
+    border-radius: 0.5rem;
+    border: 1px solid rgba(33, 150, 243, 0.5);
+    background: rgba(33, 150, 243, 0.12);
+    color: var(--light);
+    cursor: pointer;
+    font-size: 0.75rem;
+    transition: var(--transition);
+  }
+
+  .copy-row-btn:hover {
+    background: rgba(33, 150, 243, 0.25);
+  }
+
+  table {
+    width: 100%;
+    border-collapse: collapse;
+    color: var(--text);
+    font-size: 0.9rem;
+    min-width: 900px;
+  }
+
+  th, td {
+    padding: 0.6rem 0.8rem;
+    border-bottom: 1px solid rgba(255, 255, 255, 0.08);
+    vertical-align: top;
+  }
+
+  th {
+    text-align: left;
+    font-weight: 600;
+    color: var(--text-light);
+    text-transform: uppercase;
+    font-size: 0.75rem;
+    letter-spacing: 0.08em;
+  }
+
+  code {
+    font-family: var(--font-mono);
+    white-space: pre-wrap;
+    word-break: break-word;
+  }
+
+  .badge {
+    display: inline-flex;
+    align-items: center;
+    padding: 0.15rem 0.55rem;
+    border-radius: 999px;
+    font-size: 0.72rem;
+    font-weight: 700;
+    text-transform: uppercase;
+  }
+
+  .badge.ok {
+    background: rgba(67, 233, 123, 0.15);
+    color: var(--success);
+    border: 1px solid rgba(67, 233, 123, 0.4);
+  }
+
+  .badge.err {
+    background: rgba(255, 118, 117, 0.15);
+    color: var(--danger);
+    border: 1px solid rgba(255, 118, 117, 0.35);
+  }
+
+  .empty {
+    font-style: italic;
+    color: var(--text-light);
+    padding: 1.5rem;
+    text-align: center;
+  }
+
+  .notification {
+    margin-bottom: 1rem;
+    padding: 0.75rem 1rem;
+    border-radius: 0.7rem;
+    background: rgba(67, 233, 123, 0.12);
+    color: var(--success);
+    border: 1px solid rgba(67, 233, 123, 0.4);
+  }
+
+  @media (max-width: 900px) {
+    .db-panel {
+      padding: 1.5rem;
+    }
+
+    .db-actions {
+      width: 100%;
+    }
+
+    table {
+      min-width: 100%;
+      display: block;
+    }
+
+    thead {
+      display: none;
+    }
+
+    tbody,
+    tr,
+    td {
+      display: block;
+      width: 100%;
+    }
+
+    tr {
+      border: 1px solid rgba(255, 255, 255, 0.08);
+      border-radius: 12px;
+      margin-bottom: 0.9rem;
+      padding: 0.6rem 0.8rem;
+      background: rgba(0, 0, 0, 0.28);
+    }
+
+    td {
+      border: none;
+      padding: 0.5rem 0;
+    }
+
+    td::before {
+      content: attr(data-label);
+      display: block;
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.08em;
+      color: var(--text-light);
+      margin-bottom: 0.25rem;
+    }
+  }
+</style>"}}
+
+<body>
+  {{> header appName=appName}}
+
+  <section class="db-container">
+    {{> backgroundElements}}
+
+    <div class="db-panel">
+      <div class="db-header">
+        <div>
+          <div class="db-title">DB Query Monitor</div>
+          <div class="db-subtitle">Live view of recent database queries and diagnostics</div>
+        </div>
+        <div class="db-actions">
+          <a class="db-link" href="/mbkauthe/info">Back to info</a>
+        </div>
+      </div>
+
+      <div class="db-card">
+        <div class="stat-box">
+          <div class="stat-label">Query Count</div>
+          <div class="stat-value" id="query-count">-</div>
+        </div>
+        <div class="stat-box">
+          <div class="stat-label">Limit</div>
+          <div class="stat-value" id="query-limit">{{queryLimit}}</div>
+        </div>
+      </div>
+
+      <div class="db-toolbar">
+        <form id="limit-form" action="/mbkauthe/db" method="get">
+          <label for="limit">Limit</label>
+          <input id="limit" name="limit" type="number" min="1" max="500" value="{{queryLimit}}" />
+          <button type="submit">Update</button>
+        </form>
+        <button id="reset-btn" type="button">Reset</button>
+        <button id="copy-btn" type="button">Copy Log</button>
+      </div>
+
+      {{#if resetDone}}
+        <div class="notification">Query log and count have been reset.</div>
+      {{/if}}
+
+      <div id="query-log" class="db-table-wrapper">
+        <div class="empty">Loading query log...</div>
+      </div>
+    </div>
+  </section>
+
+  <script>
+      const limitInput = document.getElementById('limit');
+      const queryCountEl = document.getElementById('query-count');
+      const queryLimitEl = document.getElementById('query-limit');
+      const queryLogEl = document.getElementById('query-log');
+      const resetBtn = document.getElementById('reset-btn');
+      const copyBtn = document.getElementById('copy-btn');
+
+      const escapeHtml = (str) => String(str || '')
+        .replace(/[&<>"'`]/g, (s) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;', '`': '&#96;' })[s]);
+
+      const buildTable = (queryLog) => {
+        if (!Array.isArray(queryLog) || queryLog.length === 0) {
+          queryLogEl.innerHTML = '<div class="empty">No queries recorded yet.</div>';
+          return;
+        }
+
+        const rows = queryLog.map((entry, idx) => {
+          const values = Array.isArray(entry.values) ? escapeHtml(JSON.stringify(entry.values)) : '';
+          const callsite = entry.callsite || null;
+          const callsiteText = callsite
+            ? `${callsite.function || '(anonymous)'}\n${callsite.file}:${callsite.line}:${callsite.column}`
+            : '';
+          const durationText = typeof entry.durationMs === 'number'
+            ? `${entry.durationMs.toFixed(2)} ms`
+            : '';
+          const statusText = entry.success === true ? 'OK' : entry.success === false ? 'ERR' : '';
+          const statusBadge = statusText === 'OK'
+            ? '<span class="badge ok">OK</span>'
+            : statusText === 'ERR'
+            ? '<span class="badge err">ERR</span>'
+            : '';
+          const errorText = entry.error
+            ? `${entry.error.code ? `${entry.error.code}: ` : ''}${entry.error.message || ''}`
+            : '';
+          const requestText = entry.request
+            ? `${entry.request.method || ''} ${entry.request.url || ''}`.trim() +
+              `\nuser: ${entry.request.username || entry.request.userId || 'anonymous'}` +
+              `\nip: ${entry.request.ip || ''}`
+            : '';
+          const poolText = entry.pool
+            ? `total:${entry.pool.total} idle:${entry.pool.idle} waiting:${entry.pool.waiting}`
+            : '';
+
+          return `
+            <tr>
+              <td data-label="#">${idx + 1}</td>
+              <td data-label="Time">${escapeHtml(entry.time)}</td>
+              <td data-label="Name">${entry.name ? `<code>${escapeHtml(entry.name)}</code>` : ''}</td>
+              <td data-label="Duration">${durationText ? `<code>${escapeHtml(durationText)}</code>` : ''}</td>
+              <td data-label="Status">${statusBadge}</td>
+              <td data-label="Query"><code>${escapeHtml(entry.query)}</code></td>
+              <td data-label="Values">${values ? `<code>${values}</code>` : ''}</td>
+              <td data-label="Error">${errorText ? `<code>${escapeHtml(errorText)}</code>` : ''}</td>
+              <td data-label="Request">${requestText ? `<code>${escapeHtml(requestText)}</code>` : ''}</td>
+              <td data-label="Pool">${poolText ? `<code>${escapeHtml(poolText)}</code>` : ''}</td>
+              <td data-label="Callsite">${callsiteText ? `<code>${escapeHtml(callsiteText)}</code>` : ''}</td>
+              <td data-label="Copy"><button class="copy-row-btn" data-copy='${escapeHtml(JSON.stringify(entry))}'>Copy</button></td>
+            </tr>
+          `;
+        }).join('');
+
+        queryLogEl.innerHTML = `
+          <table>
+            <thead>
+              <tr>
+                <th>#</th>
+                <th>Time</th>
+                <th>Name</th>
+                <th>Duration</th>
+                <th>Status</th>
+                <th>Query</th>
+                <th>Values</th>
+                <th>Error</th>
+                <th>Request</th>
+                <th>Pool</th>
+                <th>Callsite</th>
+                <th>Copy</th>
+              </tr>
+            </thead>
+            <tbody>
+              ${rows}
+            </tbody>
+          </table>
+        `;
+      };
+
+      const loadLog = async (options = {}) => {
+        const limit = Number(limitInput.value) || 50;
+        queryLimitEl.textContent = String(limit);
+
+        const params = new URLSearchParams({ limit: String(limit) });
+        if (options.reset) params.set('reset', '1');
+
+        const response = await fetch(`/mbkauthe/db.json?${params.toString()}`);
+        if (!response.ok) {
+          queryLogEl.innerHTML = '<div class="empty">Failed to load query log.</div>';
+          return;
+        }
+
+        const data = await response.json();
+        queryCountEl.textContent = data.queryCount ?? '-';
+        buildTable(data.queryLog);
+
+        if (options.reset) {
+          const next = new URLSearchParams({ limit: String(limit), resetDone: '1' });
+          window.location.assign(`/mbkauthe/db?${next.toString()}`);
+        }
+      };
+
+      resetBtn.addEventListener('click', () => {
+        loadLog({ reset: true }).catch(() => {
+          queryLogEl.innerHTML = '<div class="empty">Failed to reset query log.</div>';
+        });
+      });
+
+      copyBtn.addEventListener('click', () => {
+        const text = queryLogEl.innerText;
+        navigator.clipboard.writeText(text).then(() => {
+          copyBtn.textContent = 'Copied!';
+          setTimeout(() => (copyBtn.textContent = 'Copy log'), 1200);
+        });
+      });
+
+      queryLogEl.addEventListener('click', (event) => {
+        const target = event.target;
+        if (!(target instanceof HTMLElement)) return;
+        if (!target.classList.contains('copy-row-btn')) return;
+
+        const payload = target.getAttribute('data-copy');
+        if (!payload) return;
+
+        navigator.clipboard.writeText(payload).then(() => {
+          const original = target.textContent;
+          target.textContent = 'Copied';
+          setTimeout(() => {
+            target.textContent = original || 'Copy';
+          }, 1200);
+        });
+      });
+
+      loadLog().catch(() => {
+        queryLogEl.innerHTML = '<div class="empty">Failed to load query log.</div>';
+      });
+    </script>
+  {{> versionInfo}}
+</body>
+</html>

package/views/{test.handlebars → pages/test.handlebars}

@@ -210,6 +210,9 @@
                     <a class="btn btn-outline" href="/mbkauthe/info">
                         <i class="fas fa-info-circle"></i> Info Page
                     </a>
+                    <a class="btn btn-outline" href="/mbkauthe/validate-superadmin">
+                        <i class="fas fa-user-shield"></i> Validate SuperAdmin
+                    </a>
                     <a class="btn btn-outline" href="/mbkauthe/login">
                         <i class="fas fa-sign-in-alt"></i> Login Page
                     </a>

package/views/sharedStyles.handlebars

@@ -1,5 +1,4 @@
 <style>
-    @import url('https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700;800&family=Space+Grotesk:wght@500;600;700&display=swap');
 
     :root {
         --primary: #2196f3;