mbkauthe 4.7.1 → 4.8.0

package/lib/utils/dbQueryLogger.js

@@ -0,0 +1,324 @@
+import path from "path";
+import { AsyncLocalStorage } from "async_hooks";
+
+const isDev = process.env.env === "dev" && process.env.dbLogs === "true";
+const requestContext = isDev ? new AsyncLocalStorage() : null;
+
+const GLOBAL_MAX_QUERY_LOG_ENTRIES = 1000;
+const globalQueryState = {
+  totalCount: 0,
+  log: [],
+};
+let autoPoolId = 0;
+
+const safeValue = (value, depth = 0, seen = new WeakSet()) => {
+  if (value == null) return value;
+  if (typeof value === "string") {
+    return value.length > 300 ? `${value.slice(0, 300)}...` : value;
+  }
+  if (typeof value === "number" || typeof value === "boolean") return value;
+  if (typeof value === "bigint") return value.toString();
+  if (value instanceof Date) return value.toISOString();
+  if (Buffer.isBuffer(value)) return `[buffer:${value.length}]`;
+
+  if (Array.isArray(value)) {
+    if (depth >= 4) return `[array:${value.length}]`;
+    const sample = value.slice(0, 8).map((v) => safeValue(v, depth + 1, seen));
+    if (value.length > 8) sample.push(`...(${value.length - 8} more)`);
+    return sample;
+  }
+
+  if (typeof value === "object") {
+    if (seen.has(value)) return "[circular]";
+    seen.add(value);
+
+    const keys = Object.keys(value);
+    if (depth >= 4) {
+      const head = keys.slice(0, 5).join(", ");
+      return keys.length > 5 ? `[object:${head}, ...]` : `[object:${head}]`;
+    }
+
+    const out = {};
+    const entries = Object.entries(value).slice(0, 20);
+    for (const [k, v] of entries) {
+      out[k] = safeValue(v, depth + 1, seen);
+    }
+    if (keys.length > 20) {
+      out.__truncated = `${keys.length - 20} more keys`;
+    }
+
+    seen.delete(value);
+    return out;
+  }
+
+  return String(value);
+};
+
+const toWorkspacePath = (filePath) => {
+  const rel = path.relative(process.cwd(), filePath) || filePath;
+  return rel.replace(/\\/g, "/");
+};
+
+const buildCallsite = () => {
+  try {
+    const stack = new Error().stack || "";
+    const lines = stack.split("\n").map((l) => l.trim());
+    const frame = lines.find(
+      (line) =>
+        line.startsWith("at ") &&
+        !line.includes("/lib/utils/dbQueryLogger.js") &&
+        !line.includes("node:internal") &&
+        !line.includes("internal/process")
+    );
+
+    if (!frame) return null;
+
+    const withFunc = /^at\s+([^\s(]+)\s+\((.+):([0-9]+):([0-9]+)\)$/.exec(frame);
+    const noFunc = /^at\s+(.+):([0-9]+):([0-9]+)$/.exec(frame);
+
+    if (withFunc) {
+      return {
+        function: withFunc[1],
+        file: toWorkspacePath(withFunc[2]),
+        line: Number(withFunc[3]),
+        column: Number(withFunc[4]),
+      };
+    }
+
+    if (noFunc) {
+      return {
+        function: null,
+        file: toWorkspacePath(noFunc[1]),
+        line: Number(noFunc[2]),
+        column: Number(noFunc[3]),
+      };
+    }
+  } catch {
+    return null;
+  }
+
+  return null;
+};
+
+const buildRequestContext = () => {
+  const store = getRequestContext();
+  const req = store?.req;
+  if (!req) return null;
+
+  const user = req.session?.user || null;
+  return {
+    method: req.method,
+    url: req.originalUrl || req.url,
+    ip: req.ip,
+    userId: user?.id || null,
+    username: user?.username || null,
+  };
+};
+
+const buildReturnValue = (result) => {
+  if (!result || typeof result !== "object") return undefined;
+
+  const returnValue = {
+    command: result.command || undefined,
+    rowCount: typeof result.rowCount === "number" ? result.rowCount : undefined,
+  };
+
+  if (Array.isArray(result.rows)) {
+    const previewSize = 3;
+    returnValue.returnedRows = result.rows.length;
+    returnValue.rowsPreview = result.rows.slice(0, previewSize).map((row) => safeValue(row));
+    if (result.rows.length > previewSize) {
+      returnValue.rowsTruncated = true;
+    }
+  }
+
+  return returnValue;
+};
+
+const recordGlobalLog = (entry) => {
+  globalQueryState.totalCount += 1;
+  globalQueryState.log.push(entry);
+  if (globalQueryState.log.length > GLOBAL_MAX_QUERY_LOG_ENTRIES) {
+    globalQueryState.log.shift();
+  }
+};
+
+export const getQueryCount = () => globalQueryState.totalCount;
+export const getQueryLog = (options = {}) => {
+  const { limit } = options;
+  if (typeof limit === "number") {
+    return globalQueryState.log.slice(-limit);
+  }
+  return [...globalQueryState.log];
+};
+
+export const resetQueryCount = () => {
+  globalQueryState.totalCount = 0;
+};
+
+export const resetQueryLog = () => {
+  globalQueryState.log.length = 0;
+};
+
+export const runWithRequestContext = (req, fn) => {
+  if (!isDev || !requestContext) return fn();
+  return requestContext.run({ req }, fn);
+};
+
+export const getRequestContext = () => {
+  if (!isDev || !requestContext) return undefined;
+  return requestContext.getStore();
+};
+
+const resolveLoggerPool = (item) => {
+  if (item && typeof item === 'object') {
+    if (item.pool && item.pool.query) {
+      return { pool: item.pool, name: item.name || item.pool.__mbkQueryLoggerName || item.pool.name };
+    }
+    if (item.query) {
+      // Don't force 'default' here; let getPoolName assign a non-default auto name.
+      return { pool: item, name: item.__mbkQueryLoggerName || item.name || item.options?.application_name || null };
+    }
+  }
+  return null;
+};
+
+const getPoolName = (pool, fallbackName) => {
+  if (fallbackName) return fallbackName;
+  if (pool.__mbkQueryLoggerName) return pool.__mbkQueryLoggerName;
+  if (pool.name) return pool.name;
+  if (pool.options && pool.options.application_name) return pool.options.application_name;
+  // never return "default"; always provide an actual pool name
+  autoPoolId += 1;
+  return `pool-${autoPoolId}`;
+};
+
+const attachSinglePool = (pool, poolName = null) => {
+  if (!pool) return;
+
+  if (pool.__mbkQueryLoggerInstalled) {
+    // Allow late explicit naming to override a previous auto name.
+    if (poolName && pool.__mbkQueryLoggerName !== poolName) {
+      pool.__mbkQueryLoggerName = poolName;
+    }
+    return;
+  }
+
+  pool.__mbkQueryLoggerInstalled = true;
+  pool.__mbkQueryLoggerName = getPoolName(pool, poolName);
+
+  let dbQueryCount = 0;
+  const dbQueryLog = [];
+  const originalQuery = pool.query.bind(pool);
+
+  const recordPoolLog = (entry) => {
+    dbQueryCount += 1;
+    dbQueryLog.push(entry);
+    if (dbQueryLog.length > GLOBAL_MAX_QUERY_LOG_ENTRIES) {
+      dbQueryLog.shift();
+    }
+    recordGlobalLog(entry);
+  };
+
+  pool.query = (...args) => {
+    let queryText = "";
+    let queryName = "";
+    let queryValues;
+
+    try {
+      if (typeof args[0] === "string") {
+        queryText = args[0];
+        queryValues = Array.isArray(args[1]) ? args[1] : undefined;
+      } else if (args[0] && typeof args[0] === "object") {
+        queryText = args[0].text || "";
+        queryName = args[0].name || "";
+        queryValues = Array.isArray(args[0].values) ? args[0].values : undefined;
+      }
+    } catch {
+      queryText = "";
+    }
+
+    if (!queryText) {
+      return originalQuery(...args);
+    }
+
+    const startTime = process.hrtime.bigint();
+    const callsiteSnapshot = buildCallsite();
+
+    const recordLog = (success, error, result) => {
+      const durationMs = Number(process.hrtime.bigint() - startTime) / 1_000_000;
+      const request = buildRequestContext();
+      const returnValue = buildReturnValue(result);
+
+      const entry = {
+        time: new Date().toISOString(),
+        query: queryText,
+        name: queryName || undefined,
+        values: queryValues,
+        durationMs,
+        success,
+        error: error ? { message: error.message, code: error.code } : undefined,
+        returnValue,
+        request,
+        pool: {
+          name: pool.__mbkQueryLoggerName,
+          total: pool.totalCount,
+          idle: pool.idleCount,
+          waiting: pool.waitingCount,
+        },
+        callsite: callsiteSnapshot,
+      };
+
+      recordPoolLog(entry);
+    };
+
+    try {
+      const result = originalQuery(...args);
+      if (result && typeof result.then === "function") {
+        return result
+          .then((res) => {
+            recordLog(true, null, res);
+            return res;
+          })
+          .catch((err) => {
+            recordLog(false, err);
+            throw err;
+          });
+      }
+
+      recordLog(true, null, result);
+      return result;
+    } catch (err) {
+      recordLog(false, err);
+      throw err;
+    }
+  };
+
+  pool.getQueryCount = () => dbQueryCount;
+  pool.resetQueryCount = () => {
+    dbQueryCount = 0;
+  };
+
+  pool.getQueryLog = (options = {}) => {
+    const { limit } = options;
+    if (typeof limit === "number") {
+      return dbQueryLog.slice(-limit);
+    }
+    return [...dbQueryLog];
+  };
+
+  pool.resetQueryLog = () => {
+    dbQueryLog.length = 0;
+  };
+};
+
+export const attachDevQueryLogger = (poolOrPools) => {
+  if (!isDev || !poolOrPools) return;
+
+  const inputs = Array.isArray(poolOrPools) ? poolOrPools : [poolOrPools];
+  for (const item of inputs) {
+    const resolved = resolveLoggerPool(item);
+    if (!resolved) continue;
+    attachSinglePool(resolved.pool, resolved.name);
+  }
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mbkauthe",
-  "version": "4.7.1",
+  "version": "4.8.0",
   "description": "MBKTech's reusable authentication system for Node.js applications.",
   "main": "index.js",
   "type": "module",

package/public/main.css

@@ -12,6 +12,18 @@
     --success: #43e97b;
     --warning: #ffd166;
     --danger: #ff7675;
+    --surface-1: #0a1414;
+    --surface-2: #101c1c;
+    --surface-soft: rgba(255, 255, 255, 0.05);
+    --surface-muted: rgba(0, 0, 0, 0.25);
+    --glass-bg: rgba(10, 20, 20, 0.95);
+    --glass-border: rgba(0, 184, 148, 0.2);
+    --input-bg: rgba(0, 0, 0, .3);
+    --input-bg-focus: rgba(0, 0, 0, .4);
+    --input-border: rgba(0, 184, 148, 0.3);
+    --muted-border: rgba(255, 255, 255, 0.12);
+    --hero-from: #0a1414;
+    --hero-to: #1769aa;
     --border-radius: 8px;
     --box-shadow: 0 4px 10px rgba(33, 150, 243, 0.15);
     --transition: all 0.3s cubic-bezier(.4, 0, .2, 1);
@@ -24,6 +36,29 @@
     --text-size-xl: 2rem;
 }
 
+[data-theme="light"] {
+    --dark: #f8fbfd;
+    --darker: #eef6fb;
+    --light: #06222f;
+    --text: #163041;
+    --text-light: #4a6475;
+    --text-dark: #0e2230;
+    --warning: #a66900;
+    --surface-1: rgba(255, 255, 255, 0.9);
+    --surface-2: #f8fbfd;
+    --surface-soft: rgba(255, 255, 255, 0.88);
+    --surface-muted: rgba(6, 34, 47, 0.06);
+    --glass-bg: rgba(255, 255, 255, 0.88);
+    --glass-border: rgba(0, 184, 148, 0.22);
+    --input-bg: rgba(255, 255, 255, 0.84);
+    --input-bg-focus: rgba(255, 255, 255, 1);
+    --input-border: rgba(22, 48, 65, 0.2);
+    --muted-border: rgba(22, 48, 65, 0.14);
+    --hero-from: #d7e9f6;
+    --hero-to: #a7cde4;
+    --box-shadow: 0 10px 28px rgba(8, 35, 51, 0.12);
+}
+
 * {
     margin: 0;
     padding: 0;
@@ -32,7 +67,7 @@
 }
 
 body {
-    background-color: var(--dark);
+    background: linear-gradient(180deg, var(--surface-2), var(--dark));
     color: var(--text);
     min-height: 100vh;
     display: flex;
@@ -41,13 +76,14 @@ body {
 }
 
 header {
-    background-color: var(--darker);
+    background-color: var(--surface-1);
     box-shadow: var(--box-shadow);
     position: fixed;
     width: 100%;
     z-index: 1000;
     transition: var(--transition);
-    border-bottom: .125rem solid rgba(255, 255, 255, .1);
+    border-bottom: .125rem solid var(--muted-border);
+    backdrop-filter: blur(8px);
 }
 
 .header-container {
@@ -100,7 +136,7 @@ header {
     padding: 120px 1.7rem 20px;
     position: relative;
     overflow: hidden;
-    background: linear-gradient(135deg, var(--darker), var(--primary-dark));
+    background: linear-gradient(135deg, var(--hero-from), var(--hero-to));
 }
 
 .login-container::before {
@@ -115,15 +151,22 @@ header {
     z-index: 0;
 }
 
+[data-theme="light"] .login-container {
+    background:
+        radial-gradient(circle at 12% 18%, color-mix(in srgb, var(--primary) 18%, transparent 82%), transparent 48%),
+        radial-gradient(circle at 86% 78%, color-mix(in srgb, var(--accent) 14%, transparent 86%), transparent 54%),
+        linear-gradient(135deg, var(--hero-from), var(--hero-to));
+}
+
 .login-box {
-    background: rgba(10, 20, 20, 0.95);
+    background: var(--glass-bg);
     backdrop-filter: blur(10px);
     border-radius: var(--border-radius);
     padding: 2.5rem;
     width: 100%;
     max-width: 450px;
     box-shadow: 0 8px 32px rgba(0, 0, 0, 0.4);
-    border: 1px solid rgba(0, 184, 148, 0.2);
+    border: 1px solid var(--glass-border);
     position: relative;
     z-index: 2;
     transition: var(--transition);
@@ -191,8 +234,8 @@ header {
 .form-input {
     width: 100%;
     padding: 14px 20px;
-    background: rgba(0, 0, 0, .3);
-    border: 2px solid rgba(0, 184, 148, 0.3);
+    background: var(--input-bg);
+    border: 2px solid var(--input-border);
     border-radius: var(--border-radius);
     color: var(--text);
     font-size: var(--text-size-md);
@@ -201,7 +244,7 @@ header {
 
 .form-input:focus {
     outline: none;
-    background: rgba(0, 0, 0, .4);
+    background: var(--input-bg-focus);
     border-color: var(--accent);
     box-shadow: 0 0 0 3px rgba(0, 184, 148, 0.2);
 }
@@ -228,7 +271,7 @@ header {
     top: -10px;
     left: 15px;
     font-size: 0.8rem;
-    background: rgba(10, 20, 20, 0.95);
+    background: var(--glass-bg);
     padding: 0 5px;
     color: var(--accent);
 }
@@ -276,9 +319,9 @@ header {
     position: relative;
     z-index: 1;
     overflow: hidden;
-    background: rgba(255, 255, 255, 0.05);
+    background: var(--surface-soft);
     color: var(--text);
-    border-color: rgba(255, 255, 255, 0.15);
+    border-color: var(--muted-border);
 }
 
 .swi:hover {
@@ -292,13 +335,13 @@ header {
 }
 
 .btn-login:hover {
-    background: var(--dark);
+    background: var(--surface-1);
     color: var(--accent);
     box-shadow: 0 6px 20px rgba(0, 184, 148, 0.3);
 }
 
 .btn-login:disabled {
-    background: var(--dark);
+    background: var(--surface-1);
     color: var(--accent);
     cursor: not-allowed;
     transform: none;
@@ -327,7 +370,7 @@ header {
 }
 
 .divider span {
-    background: rgba(10, 20, 20, 0.95);
+    background: var(--glass-bg);
     padding: 0 15px;
     color: var(--text-light);
     font-size: 0.9rem;
@@ -463,8 +506,8 @@ header {
     -webkit-appearance: none;
     width: 18px;
     height: 18px;
-    background: rgba(0, 0, 0, .3);
-    border: 2px solid rgba(0, 184, 148, 0.3);
+    background: var(--input-bg);
+    border: 2px solid var(--input-border);
     border-radius: var(--border-radius);
     margin-right: 10px;
     cursor: pointer;
@@ -507,7 +550,7 @@ header {
     width: 100%;
     margin: 1.5rem 0;
     padding: 1rem;
-    background: rgba(0, 184, 148, 0.05);
+    background: color-mix(in srgb, var(--accent) 7%, transparent 93%);
     border: 1px solid rgba(0, 184, 148, 0.2);
     border-radius: var(--border-radius);
     transition: var(--transition);
@@ -531,7 +574,7 @@ header {
     -webkit-appearance: none;
     width: 20px;
     height: 20px;
-    background: rgba(0, 0, 0, .3);
+    background: var(--input-bg);
     border: 2px solid rgba(0, 184, 148, 0.4);
     border-radius: 5px;
     cursor: pointer;
@@ -613,12 +656,12 @@ header {
     position: fixed;
     bottom: 20px;
     right: 20px;
-    background: rgba(255, 255, 255, .1);
+    background: var(--surface-soft);
     color: var(--text-light);
     padding: 8px 12px;
     border-radius: var(--border-radius);
     font-size: 0.75rem;
-    border: 1px solid rgba(255, 255, 255, .1);
+    border: 1px solid var(--muted-border);
     z-index: 999;
     transition: var(--transition);
     backdrop-filter: blur(5px);
@@ -649,7 +692,7 @@ header {
         width: 40%;
         background: linear-gradient(135deg, rgba(33, 150, 243, 0.08), rgba(0, 184, 148, 0.08));
         padding: 2.5rem 2rem;
-        border-right: 1px solid rgba(0, 184, 148, 0.3);
+        border-right: 1px solid color-mix(in srgb, var(--accent) 32%, transparent 68%);
         position: relative;
         overflow: hidden;
     }
@@ -740,9 +783,9 @@ header {
     }
 
     .btn-google-side {
-        background: rgba(255, 255, 255, 0.05);
+        background: var(--surface-soft);
         color: var(--text);
-        border-color: rgba(255, 255, 255, 0.15);
+        border-color: var(--muted-border);
     }
 
     .btn-google-side:hover {
@@ -756,9 +799,9 @@ header {
     }
 
     .btn-switch-side {
-        background: rgba(255, 255, 255, 0.05);
+        background: var(--surface-soft);
         color: var(--text);
-        border-color: rgba(255, 255, 255, 0.15);
+        border-color: var(--muted-border);
     }
 
     .btn-switch-side:hover {
@@ -773,7 +816,7 @@ header {
         gap: 0.75rem;
         margin-top: auto;
         padding-top: 2rem;
-        border-top: 1px solid rgba(255, 255, 255, 0.12);
+        border-top: 1px solid var(--muted-border);
         position: relative;
         z-index: 1;
     }
@@ -809,7 +852,7 @@ header {
         display: flex;
         flex-direction: column;
         justify-content: center;
-        background: rgba(0, 0, 0, 0.2);
+        background: var(--surface-muted);
     }
 
     .login-form {
@@ -843,6 +886,44 @@ header {
     }
 }
 
+.logo-centered {
+    justify-content: center;
+    margin-bottom: 1rem;
+}
+
+.form-row-split {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-bottom: 1rem;
+    gap: 0.75rem;
+}
+
+.remember-me-inline {
+    margin-bottom: 0;
+}
+
+.login-link-nowrap {
+    margin-bottom: 0;
+    white-space: nowrap;
+}
+
+.hidden-by-default {
+    display: none;
+}
+
+.btn-login-inline {
+    text-decoration: none;
+    display: inline-block;
+    margin-top: 10px;
+    text-align: center;
+    line-height: 40px;
+}
+
+.link-no-decoration {
+    text-decoration: none;
+}
+
 @media (max-width: 400px) {
 
     .logo svg,

package/public/main.js

@@ -37,14 +37,18 @@ async function selectiveCacheClear() {
       'sessionId',
       'mbkauthe.sid',
       'fullName',
-      '_csrf'
+      '_csrf',
+      'profileImageUser',
+      'profileImageUrl'
     ];
 
     const localStorageToClear = [
       'sessionId',
       'mbkauthe.sid',
       'fullName',
-      '_csrf'
+      '_csrf',
+      'profileImageUser',
+      'profileImageUrl'
     ];
 
     // 1. Clear selected localStorage keys

package/test.spec.js

@@ -107,10 +107,22 @@ describe('mbkauthe Routes', () => {
       const response = await request(BASE_URL).get('/mbkauthe/test');
       expect([200, 302, 401, 403, 429]).toContain(response.status);
     });
+
+    test('GET /mbkauthe/test with curl UA returns JSON 401', async () => {
+      const response = await request(BASE_URL)
+        .get('/mbkauthe/test')
+        .set('User-Agent', 'curl/8.0.1')
+        .set('Accept', '*/*');
+
+      expect(response.status).toBe(401);
+      expect(response.headers['content-type']).toContain('application/json');
+      expect(response.body).toHaveProperty('success', false);
+      expect(response.body).toHaveProperty('errorCode');
+    });
   });
 
   describe('OAuth Routes', () => {
-    test('GET /mbkauthe/api/github/login handles GitHub OAuth', async () => {
+    test('GET /mbkauthe/api/github/login handles GitHub App flow', async () => {
       const response = await request(BASE_URL)
         .get('/mbkauthe/api/github/login')
         .redirects(0);
@@ -123,7 +135,7 @@ describe('mbkauthe Routes', () => {
       }
     });
 
-    test('GET /mbkauthe/api/github/login/callback handles callback', async () => {
+    test('GET /mbkauthe/api/github/login/callback handles GitHub App callback', async () => {
       const response = await request(BASE_URL).get('/mbkauthe/api/github/login/callback');
       expect([200, 302, 400, 401, 403, 429]).toContain(response.status);
     });