mbkauthe 4.9.0 → 5.0.0

package/lib/routes/oauth.js

@@ -9,9 +9,11 @@ import { mbkautheVar } from "#config.js";
 import { renderError } from "../utils/response.js";
 import { checkTrustedDevice, completeLoginProcess } from "./auth.js";
 import { AuthRepository } from "../db/AuthRepository.js";
+import { createLogger } from "../utils/logger.js";
 
 const router = express.Router();
 const authRepo = new AuthRepository({ db: dblogin });
+const logOAuth = createLogger("oauth");
 
 // CSRF protection middleware
 const csrfProtection = csurf({ cookie: true });
@@ -41,7 +43,7 @@ const githubClientSecret = mbkautheVar.GITHUB_APP_CLIENT_SECRET || mbkautheVar.G
 // Common OAuth strategy handler
 const createOAuthStrategy = async (provider, profile, done) => {
     try {
-        console.log(`[mbkauthe] ${provider} OAuth callback for user: ${profile.emails?.[0]?.value || profile.id}`);
+        logOAuth(`${provider} OAuth callback for user: ${profile.emails?.[0]?.value || profile.id}`);
 
         const isGitHub = provider === 'GitHub';
 
@@ -76,6 +78,8 @@ const createOAuthStrategy = async (provider, profile, done) => {
             id: user.id,
             username: user.UserName,
             role: user.Role,
+            allowedApps: user.AllowedApps,
+            TwoFAStatus: user.TwoFAStatus,
         };
 
         if (isGitHub) {
@@ -142,7 +146,7 @@ if ((mbkautheVar.GOOGLE_LOGIN_ENABLED || "").toLowerCase() === "true") {
 
 // Print consolidated OAuth summary
 if (enabledProviders.length > 0) {
-    console.log(`[mbkauthe] Social providers: ${enabledProviders.join(', ')}`);
+    logOAuth(`Social providers: ${enabledProviders.join(', ')}`);
 }
 
 // Serialize/Deserialize user for OAuth login
@@ -175,7 +179,7 @@ const createOAuthInitiation = (provider, enabledFlag, clientIdFlag, clientSecret
             // Store CSRF token for validation on callback
             const csrfToken = req.csrfToken();
             req.session.oauthCsrfToken = csrfToken;
-            console.log(`[mbkauthe] ${provider} OAuth initiation started`);
+            logOAuth(`${provider} OAuth initiation started`);
 
             // Store redirect parameter in session before OAuth flow
             const redirect = req.query.redirect;
@@ -200,7 +204,7 @@ const createOAuthInitiation = (provider, enabledFlag, clientIdFlag, clientSecret
                         pagename: 'Login'
                     });
                 }
-                console.log(`[mbkauthe] ${provider} OAuth session saved successfully`);
+                logOAuth(`${provider} OAuth session saved successfully`);
                 passport.authenticate(`${provider.toLowerCase()}-login`, { state: csrfToken })(req, res, next);
             });
         } else {
@@ -292,25 +296,11 @@ const validateOAuthCallback = (req, res) => {
     return true;
 };
 
-const finishProviderLogin = async (req, res, provider, username, detailValue = '') => {
-    const user = await authRepo.getUserWithTwoFA(username, `${provider.toLowerCase()}-callback-get-user`);
-
-    if (!user) {
-        console.error(`[mbkauthe] ${provider} login: User not found: ${username}`);
-        return renderError(res, req, {
-            code: 404,
-            error: 'User Not Found',
-            message: `Your ${provider} account is linked, but the user account no longer exists in our system.`,
-            page: '/mbkauthe/login',
-            pagename: 'Login',
-            details: `${provider} identifier: ${detailValue}\nPlease contact your administrator.`
-        });
-    }
-
+const finishProviderLogin = async (req, res, provider, user, detailValue = '') => {
     // Check for trusted device
     const trustedDeviceUser = await checkTrustedDevice(req, user.UserName);
     if (trustedDeviceUser && (mbkautheVar.MBKAUTH_TWO_FA_ENABLE || "").toLowerCase() === "true" && user.TwoFAStatus) {
-        console.log(`[mbkauthe] ${provider} trusted device login for user: ${user.UserName}, skipping 2FA only`);
+        logOAuth(`${provider} trusted device login for user: ${user.UserName}, skipping 2FA only`);
         return await handleOAuthRedirect(req, res, user, 'trusted', provider.toLowerCase());
     }
     
@@ -326,7 +316,7 @@ const finishProviderLogin = async (req, res, provider, username, detailValue = '
             loginMethod: provider.toLowerCase(),
             redirectUrl: oauthRedirect || null
         };
-        console.log(`[mbkauthe] ${provider} login: 2FA required for user: ${username}`);
+        logOAuth(`${provider} login: 2FA required for user: ${user.UserName}`);
         return res.redirect('/mbkauthe/2fa');
     }
 
@@ -373,7 +363,13 @@ const createOAuthCallback = (provider, strategy) => {
                     req,
                     res,
                     provider,
-                    oauthUser.username,
+                    {
+                        id: oauthUser.id,
+                        UserName: oauthUser.username,
+                        Role: oauthUser.role,
+                        AllowedApps: oauthUser.allowedApps,
+                        TwoFAStatus: oauthUser.TwoFAStatus
+                    },
                     provider === 'GitHub' ? (oauthUser.githubUsername || oauthUser.username) : (oauthUser.googleEmail || oauthUser.username)
                 );
             } catch (err) {
@@ -415,7 +411,7 @@ const handleOAuthRedirect = async (req, res, user, type, method = null) => {
     res.json = function (data) {
         if (data.success && statusCode === 200) {
             const redirectUrl = oauthRedirect || mbkautheVar.loginRedirectURL || '/dashboard';
-            console.log(`[mbkauthe] ${method || 'social'} ${type} login: Redirecting to ${redirectUrl}`);
+            logOAuth(`${method || 'social'} ${type} login: Redirecting to ${redirectUrl}`);
             res.json = originalJson;
             res.status = originalStatus;
             return res.redirect(redirectUrl);