npm - mbkauthe - Versions diffs - 4.8.4 → 5.0.0 - Mend

mbkauthe 4.8.4 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/README.md +1 -0
package/docs/api.md +29 -178
package/docs/db.md +1 -1
package/docs/db.sql +305 -253
package/index.js +6 -3
package/lib/config/cookies.js +84 -18
package/lib/config/index.js +3 -1
package/lib/config/tokenScopes.js +1 -1
package/lib/createTable.js +95 -8
package/lib/db/AuthRepository.js +336 -0
package/lib/db/BaseRepository.js +193 -0
package/lib/db/dialects/postgres.js +18 -0
package/lib/main.js +5 -5
package/lib/middleware/auth.js +213 -259
package/lib/middleware/index.js +18 -25
package/lib/middleware/scopeValidator.js +8 -3
package/lib/pool.js +5 -6
package/lib/routes/auth.js +95 -169
package/lib/routes/dbLogs.js +247 -29
package/lib/routes/misc.js +17 -50
package/lib/routes/oauth.js +23 -48
package/lib/utils/dbQueryLogger.js +485 -80
package/lib/utils/errors.js +1 -1
package/lib/utils/logger.js +12 -0
package/lib/utils/timingSafeToken.js +1 -1
package/package.json +1 -1
package/public/main.css +36 -3
package/test.spec.js +515 -48
package/views/header.handlebars +1 -1
package/views/pages/2fa.handlebars +9 -5
package/views/pages/dbLogs.handlebars +618 -420
package/views/pages/loginmbkauthe.handlebars +42 -25
package/views/showmessage.handlebars +2 -2

package/lib/db/BaseRepository.js ADDED Viewed

@@ -0,0 +1,193 @@
+import { postgresDialect } from "./dialects/postgres.js";
+const isPlainObject = (value) => !!value && typeof value === "object" && !Array.isArray(value);
+export class BaseRepository {
+  constructor({ db, dialect = postgresDialect } = {}) {
+    this.db = db;
+    this.dialect = dialect;
+  }
+  quoteIdentifier(name) {
+    if (name === "*") return "*";
+    return String(name)
+      .split(".")
+      .map((part) => (part === "*" ? "*" : this.dialect.quoteIdentifier(part)))
+      .join(".");
+  }
+  ident(name) {
+    return { kind: "ident", name };
+  }
+  value(val) {
+    return { kind: "param", value: val };
+  }
+  raw(text) {
+    return { kind: "raw", text: text ?? "" };
+  }
+  list(values) {
+    return { kind: "list", values };
+  }
+  table(name, alias = null) {
+    const tableSql = this.quoteIdentifier(name);
+    if (alias) {
+      return this.raw(`${tableSql} AS ${this.quoteIdentifier(alias)}`);
+    }
+    return this.raw(tableSql);
+  }
+  column(name, alias = null) {
+    const columnSql = this.quoteIdentifier(name);
+    if (alias) {
+      return `${columnSql} AS ${this.quoteIdentifier(alias)}`;
+    }
+    return columnSql;
+  }
+  columns(list) {
+    const items = (list || []).filter(Boolean).map((item) => {
+      if (isPlainObject(item) && item.kind) {
+        if (item.kind === "ident") return this.quoteIdentifier(item.name);
+        if (item.kind === "raw") return item.text;
+      }
+      return String(item);
+    });
+    return this.raw(items.join(", "));
+  }
+  star(alias = null) {
+    if (!alias) return this.raw("*");
+    return this.raw(`${this.quoteIdentifier(alias)}.*`);
+  }
+  now() {
+    return this.raw(this.dialect.now());
+  }
+  boolean(value) {
+    return this.raw(this.dialect.boolean(value));
+  }
+  returning(columns) {
+    if (!this.dialect.supportsReturning) return this.raw("");
+    if (!columns) return this.raw("");
+    let columnSql = "";
+    if (isPlainObject(columns) && columns.kind === "raw") {
+      columnSql = columns.text;
+    } else if (Array.isArray(columns)) {
+      columnSql = columns.join(", ");
+    } else {
+      columnSql = String(columns);
+    }
+    if (!columnSql) return this.raw("");
+    return this.raw(this.dialect.returningClause(columnSql));
+  }
+  limit(limit, offset) {
+    return this.raw(this.dialect.limitOffset({ limit, offset }));
+  }
+  sql(strings, ...exprs) {
+    const values = [];
+    let text = strings?.[0] ?? "";
+    for (let i = 0; i < exprs.length; i += 1) {
+      text += this.renderToken(exprs[i], values);
+      text += strings?.[i + 1] ?? "";
+    }
+    return { text, values };
+  }
+  renderToken(token, values) {
+    if (token == null) return "";
+    if (!isPlainObject(token) || !token.kind) {
+      return String(token);
+    }
+    switch (token.kind) {
+      case "raw":
+        return token.text;
+      case "ident":
+        return this.quoteIdentifier(token.name);
+      case "param":
+        values.push(token.value);
+        return this.dialect.param(values.length);
+      case "list":
+        if (!Array.isArray(token.values) || token.values.length === 0) {
+          return "(NULL)";
+        }
+        return `(${token.values.map((item) => {
+          values.push(item);
+          return this.dialect.param(values.length);
+        }).join(", ")})`;
+      default:
+        return "";
+    }
+  }
+  async execute(name, query) {
+    const { text, values } = query;
+    if (name) {
+      return this.db.query({ name, text, values });
+    }
+    return this.db.query({ text, values });
+  }
+  async executeRaw({ name, text, values }) {
+    if (name) {
+      return this.db.query({ name, text, values });
+    }
+    return this.db.query({ text, values });
+  }
+  cloneWithDb(db) {
+    return new this.constructor({ db, dialect: this.dialect });
+  }
+  async withTransaction(fn) {
+    if (!this.db || typeof this.db.connect !== "function") {
+      return fn(this);
+    }
+    const client = await this.db.connect();
+    const txRepo = this.cloneWithDb(client);
+    try {
+      await client.query("BEGIN");
+      const result = await fn(txRepo);
+      await client.query("COMMIT");
+      return result;
+    } catch (err) {
+      await client.query("ROLLBACK").catch(() => {});
+      throw err;
+    } finally {
+      client.release();
+    }
+  }
+  async lockTable(tableName, mode) {
+    if (!this.dialect.lockTable) return null;
+    const text = this.dialect.lockTable(this.quoteIdentifier(tableName), mode);
+    return this.executeRaw({
+      name: `lock-${tableName}`,
+      text,
+      values: []
+    });
+  }
+  async advisoryTransactionLock(lockKey, queryName = "advisory-transaction-lock") {
+    return this.executeRaw({
+      name: queryName,
+      text: "SELECT pg_advisory_xact_lock(hashtext($1))",
+      values: [String(lockKey ?? "")]
+    });
+  }
+}

package/lib/db/dialects/postgres.js ADDED Viewed

@@ -0,0 +1,18 @@
+const quoteIdentifier = (name) => `"${String(name).replace(/"/g, '""')}"`;
+export const postgresDialect = {
+  name: "postgres",
+  quoteIdentifier,
+  param: (index) => `$${index}`,
+  now: () => "NOW()",
+  boolean: (value) => (value ? "TRUE" : "FALSE"),
+  supportsReturning: true,
+  returningClause: (columns) => ` RETURNING ${columns}`,
+  limitOffset: ({ limit, offset } = {}) => {
+    const parts = [];
+    if (typeof limit === "number") parts.push(`LIMIT ${limit}`);
+    if (typeof offset === "number") parts.push(`OFFSET ${offset}`);
+    return parts.length ? ` ${parts.join(" ")}` : "";
+  },
+  lockTable: (tableSql, mode = "ROW EXCLUSIVE") => `LOCK TABLE ${tableSql} IN ${mode} MODE`
+};

package/lib/main.js CHANGED Viewed

@@ -41,17 +41,17 @@ router.use(cookieParser());
 // CORS and security headers
 router.use(corsMiddleware);
+// Attach request context as early as possible so session-store queries are tied to the request.
+if (process.env.env === 'dev') {
+  router.use(requestContextMiddleware);
+}
 // Session configuration
 router.use(session(sessionConfig));
 // Session restoration
 router.use(sessionRestorationMiddleware);
-// Attach request context for DB query logging (dev only)
-if (process.env.env === 'dev') {
-  router.use(requestContextMiddleware);
-}
 // Initialize passport
 router.use(passport.initialize());
 router.use(passport.session());